cobaltstrike | 3158fa4e7c14e8ac5ba8175989d205406bc20f35a89de77114843ab2850a24a4

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
26-12-2024 00:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

9d82071fbe534e5e41befb89a4ace159
SHA1

6998408863a255eff1a902740115edf8f95f30bf
SHA256

3158fa4e7c14e8ac5ba8175989d205406bc20f35a89de77114843ab2850a24a4
SHA512

758a82436df47128023e7a1040aca6a06930ed8c5fa91387cc3d3bdb08700332f1994be7737b35de90f354e8d8158941ea3786d536bd6be9ab9677f668649d14
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUg:T+q56utgpPF8u/7g

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120fe-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018780-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b68-14.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018bf3-15.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019223-22.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000019230-25.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019240-30.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-45.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3e-53.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dbf-73.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a307-97.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-103.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48b-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a427-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a359-101.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09e-93.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07e-89.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a075-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f94-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f8a-77.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8e-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cca-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cba-61.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c57-57.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-50.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019926-41.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a1-37.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193b5-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2640-0-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fe-3.dat	xmrig
behavioral1/files/0x0007000000018780-10.dat	xmrig
behavioral1/files/0x0007000000018b68-14.dat	xmrig
behavioral1/files/0x0007000000018bf3-15.dat	xmrig
behavioral1/files/0x0006000000019223-22.dat	xmrig
behavioral1/files/0x0009000000019230-25.dat	xmrig
behavioral1/files/0x0008000000019240-30.dat	xmrig
behavioral1/files/0x0005000000019c34-45.dat	xmrig
behavioral1/files/0x0005000000019c3e-53.dat	xmrig
behavioral1/files/0x0005000000019dbf-73.dat	xmrig
behavioral1/files/0x000500000001a307-97.dat	xmrig
behavioral1/files/0x000500000001a41b-103.dat	xmrig
behavioral1/memory/3068-559-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2696-568-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2640-1556-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2560-1570-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/556-1576-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/3068-1573-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2640-1565-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2680-1563-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2776-1560-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/556-563-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2720-561-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2640-495-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2624-557-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2560-555-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2604-553-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2684-551-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2572-549-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2796-547-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2664-545-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2680-543-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2700-541-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2776-539-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/files/0x000500000001a48b-129.dat	xmrig
behavioral1/files/0x000500000001a46f-125.dat	xmrig
behavioral1/files/0x000500000001a42d-122.dat	xmrig
behavioral1/files/0x000500000001a41e-120.dat	xmrig
behavioral1/files/0x000500000001a427-115.dat	xmrig
behavioral1/files/0x000500000001a41d-109.dat	xmrig
behavioral1/files/0x000500000001a359-101.dat	xmrig
behavioral1/files/0x000500000001a09e-93.dat	xmrig
behavioral1/files/0x000500000001a07e-89.dat	xmrig
behavioral1/files/0x000500000001a075-85.dat	xmrig
behavioral1/files/0x0005000000019f94-81.dat	xmrig
behavioral1/files/0x0005000000019f8a-77.dat	xmrig
behavioral1/files/0x0005000000019d8e-69.dat	xmrig
behavioral1/files/0x0005000000019cca-65.dat	xmrig
behavioral1/files/0x0005000000019cba-61.dat	xmrig
behavioral1/files/0x0005000000019c57-57.dat	xmrig
behavioral1/files/0x0005000000019c3c-50.dat	xmrig
behavioral1/files/0x0005000000019926-41.dat	xmrig
behavioral1/files/0x00050000000196a1-37.dat	xmrig
behavioral1/files/0x00070000000193b5-33.dat	xmrig
behavioral1/memory/2696-3590-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2572-3589-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2700-3588-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2720-4082-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2664-4081-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2796-4083-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2604-4123-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2624-4124-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2684-4125-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2696	bAZTfcT.exe
2776	bsRLfZq.exe
2700	OiQnLcD.exe
2680	gPKKgsD.exe
2664	wTUUIMq.exe
2796	DcYrGBL.exe
2572	ROyUqOI.exe
2684	cuLorHm.exe
2604	DFuxeqz.exe
2560	DyJkgIr.exe
2624	WPkiJIX.exe
3068	MZVHeEZ.exe
2720	oYISIha.exe
556	YYQTxXb.exe
2916	auHxRtk.exe
1208	hYduGBm.exe
1124	HLcjSZT.exe
2960	hUzfODc.exe
2956	lEXpsjq.exe
2180	zyKChFA.exe
1928	WGWjJTO.exe
2356	xeJgBLH.exe
2140	VZKLwwk.exe
2880	XeOXmoA.exe
2832	HuTVpKd.exe
1148	wcPZzKR.exe
380	LbzvpTD.exe
292	oBGYKPB.exe
1152	lPDuGIC.exe
2344	WSBpyQY.exe
2072	sdgyRty.exe
2632	TaHVPsj.exe
2116	FWTcMqV.exe
2628	FRYqVwq.exe
1028	JNspXpB.exe
2224	CrHPMuL.exe
3044	XNSHJbc.exe
1360	sJSlNcO.exe
1488	UxcgmAd.exe
2436	zxthkAe.exe
308	kbXbHlk.exe
1076	qaxGBbK.exe
1644	vlNVCPm.exe
2176	VwvBYBj.exe
2320	mqXloyA.exe
1816	bygEVSg.exe
828	sYQTchl.exe
1092	kUDymal.exe
1672	HaRwHEB.exe
740	PWuUUVQ.exe
1696	VeYYgSX.exe
1732	PmcJCJS.exe
1812	ecxWpQm.exe
684	PHWdboi.exe
2308	EUWIDEM.exe
1308	PQOOkof.exe
544	psmwOcd.exe
2464	KNmDeIl.exe
2516	JVBKKGV.exe
2388	HBJLkAN.exe
1428	MmXxnjF.exe
2448	NcAyZIU.exe
1528	PTdcHKP.exe
664	rnEBWYA.exe

Loads dropped DLL 64 IoCs

pid	Process
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2640-0-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x00080000000120fe-3.dat	upx
behavioral1/files/0x0007000000018780-10.dat	upx
behavioral1/files/0x0007000000018b68-14.dat	upx
behavioral1/files/0x0007000000018bf3-15.dat	upx
behavioral1/files/0x0006000000019223-22.dat	upx
behavioral1/files/0x0009000000019230-25.dat	upx
behavioral1/files/0x0008000000019240-30.dat	upx
behavioral1/files/0x0005000000019c34-45.dat	upx
behavioral1/files/0x0005000000019c3e-53.dat	upx
behavioral1/files/0x0005000000019dbf-73.dat	upx
behavioral1/files/0x000500000001a307-97.dat	upx
behavioral1/files/0x000500000001a41b-103.dat	upx
behavioral1/memory/3068-559-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2696-568-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2640-1556-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2560-1570-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/556-1576-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/3068-1573-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2640-1565-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2680-1563-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2776-1560-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/556-563-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2720-561-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2624-557-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2560-555-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2604-553-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2684-551-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2572-549-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2796-547-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2664-545-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2680-543-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2700-541-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2776-539-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/files/0x000500000001a48b-129.dat	upx
behavioral1/files/0x000500000001a46f-125.dat	upx
behavioral1/files/0x000500000001a42d-122.dat	upx
behavioral1/files/0x000500000001a41e-120.dat	upx
behavioral1/files/0x000500000001a427-115.dat	upx
behavioral1/files/0x000500000001a41d-109.dat	upx
behavioral1/files/0x000500000001a359-101.dat	upx
behavioral1/files/0x000500000001a09e-93.dat	upx
behavioral1/files/0x000500000001a07e-89.dat	upx
behavioral1/files/0x000500000001a075-85.dat	upx
behavioral1/files/0x0005000000019f94-81.dat	upx
behavioral1/files/0x0005000000019f8a-77.dat	upx
behavioral1/files/0x0005000000019d8e-69.dat	upx
behavioral1/files/0x0005000000019cca-65.dat	upx
behavioral1/files/0x0005000000019cba-61.dat	upx
behavioral1/files/0x0005000000019c57-57.dat	upx
behavioral1/files/0x0005000000019c3c-50.dat	upx
behavioral1/files/0x0005000000019926-41.dat	upx
behavioral1/files/0x00050000000196a1-37.dat	upx
behavioral1/files/0x00070000000193b5-33.dat	upx
behavioral1/memory/2696-3590-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2572-3589-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2700-3588-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2720-4082-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2664-4081-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2796-4083-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2604-4123-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2624-4124-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2684-4125-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2560-4126-0x000000013F040000-0x000000013F394000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\lwbREqM.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wAMfOxU.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dfgwGGF.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Uqscffk.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hbDvzAG.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KHyFOCx.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QjTxOVw.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DRdsRna.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UJfkFCd.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cmoxiBo.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fBauXYR.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YlpAolf.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yFJlLAf.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VCjxGRj.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zfYqHJz.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lkLDHUi.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tQkODfy.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YYQTxXb.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JmBSHuC.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rULajqe.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LZRcetZ.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oxilYxY.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gFGFpRj.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lLnJtCE.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rWzWXCr.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HphIHFS.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lutBNXe.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wUOKoox.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JwnVeKx.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FRWtNNB.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zufWJpe.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UIKoWmx.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wtygXEi.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FEHwMvX.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YPtKsjL.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nJdJaYm.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pxbcKWJ.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GEqOUMW.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rCTeNOh.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kKtYhzk.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Nknvnny.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eigzChz.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mCIbqaO.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zOGwPOn.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZGsnLgk.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BgVzPOG.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XuIAZHT.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EqoovWz.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\siOxpvH.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dQeIDnc.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GQiNZXO.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NhjzIkw.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uIMgBjw.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SHBsbrX.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pTZjsst.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\STOzYuP.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YylbDFz.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LIGlRyT.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VKnMtdA.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kUDymal.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JRoIVjv.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XFiTlLe.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ctLSgMZ.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JSueDTW.exe	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2640 wrote to memory of 2696	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2640 wrote to memory of 2696	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2640 wrote to memory of 2696	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2640 wrote to memory of 2776	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2640 wrote to memory of 2776	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2640 wrote to memory of 2776	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2640 wrote to memory of 2700	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2640 wrote to memory of 2700	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2640 wrote to memory of 2700	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2640 wrote to memory of 2680	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2640 wrote to memory of 2680	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2640 wrote to memory of 2680	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2640 wrote to memory of 2664	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2640 wrote to memory of 2664	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2640 wrote to memory of 2664	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2640 wrote to memory of 2796	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2640 wrote to memory of 2796	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2640 wrote to memory of 2796	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2640 wrote to memory of 2572	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2640 wrote to memory of 2572	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2640 wrote to memory of 2572	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2640 wrote to memory of 2684	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2640 wrote to memory of 2684	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2640 wrote to memory of 2684	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2640 wrote to memory of 2604	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2640 wrote to memory of 2604	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2640 wrote to memory of 2604	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2640 wrote to memory of 2560	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2640 wrote to memory of 2560	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2640 wrote to memory of 2560	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2640 wrote to memory of 2624	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2640 wrote to memory of 2624	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2640 wrote to memory of 2624	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2640 wrote to memory of 3068	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2640 wrote to memory of 3068	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2640 wrote to memory of 3068	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2640 wrote to memory of 2720	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2640 wrote to memory of 2720	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2640 wrote to memory of 2720	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2640 wrote to memory of 556	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2640 wrote to memory of 556	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2640 wrote to memory of 556	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2640 wrote to memory of 2916	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2640 wrote to memory of 2916	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2640 wrote to memory of 2916	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2640 wrote to memory of 1208	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2640 wrote to memory of 1208	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2640 wrote to memory of 1208	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2640 wrote to memory of 1124	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2640 wrote to memory of 1124	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2640 wrote to memory of 1124	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2640 wrote to memory of 2960	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2640 wrote to memory of 2960	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2640 wrote to memory of 2960	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2640 wrote to memory of 2956	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2640 wrote to memory of 2956	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2640 wrote to memory of 2956	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2640 wrote to memory of 2180	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2640 wrote to memory of 2180	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2640 wrote to memory of 2180	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2640 wrote to memory of 1928	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2640 wrote to memory of 1928	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2640 wrote to memory of 1928	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2640 wrote to memory of 2356	2640	2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-26_9d82071fbe534e5e41befb89a4ace159_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2640
- C:\Windows\System\bAZTfcT.exe
  C:\Windows\System\bAZTfcT.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\bsRLfZq.exe
  C:\Windows\System\bsRLfZq.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\OiQnLcD.exe
  C:\Windows\System\OiQnLcD.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\gPKKgsD.exe
  C:\Windows\System\gPKKgsD.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\wTUUIMq.exe
  C:\Windows\System\wTUUIMq.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\DcYrGBL.exe
  C:\Windows\System\DcYrGBL.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\ROyUqOI.exe
  C:\Windows\System\ROyUqOI.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\cuLorHm.exe
  C:\Windows\System\cuLorHm.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\DFuxeqz.exe
  C:\Windows\System\DFuxeqz.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\DyJkgIr.exe
  C:\Windows\System\DyJkgIr.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\WPkiJIX.exe
  C:\Windows\System\WPkiJIX.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\MZVHeEZ.exe
  C:\Windows\System\MZVHeEZ.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\oYISIha.exe
  C:\Windows\System\oYISIha.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\YYQTxXb.exe
  C:\Windows\System\YYQTxXb.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\auHxRtk.exe
  C:\Windows\System\auHxRtk.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\hYduGBm.exe
  C:\Windows\System\hYduGBm.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\HLcjSZT.exe
  C:\Windows\System\HLcjSZT.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\hUzfODc.exe
  C:\Windows\System\hUzfODc.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\lEXpsjq.exe
  C:\Windows\System\lEXpsjq.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\zyKChFA.exe
  C:\Windows\System\zyKChFA.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\WGWjJTO.exe
  C:\Windows\System\WGWjJTO.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\xeJgBLH.exe
  C:\Windows\System\xeJgBLH.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\VZKLwwk.exe
  C:\Windows\System\VZKLwwk.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\XeOXmoA.exe
  C:\Windows\System\XeOXmoA.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\HuTVpKd.exe
  C:\Windows\System\HuTVpKd.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\oBGYKPB.exe
  C:\Windows\System\oBGYKPB.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\wcPZzKR.exe
  C:\Windows\System\wcPZzKR.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\lPDuGIC.exe
  C:\Windows\System\lPDuGIC.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\LbzvpTD.exe
  C:\Windows\System\LbzvpTD.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\WSBpyQY.exe
  C:\Windows\System\WSBpyQY.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\sdgyRty.exe
  C:\Windows\System\sdgyRty.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\TaHVPsj.exe
  C:\Windows\System\TaHVPsj.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\FWTcMqV.exe
  C:\Windows\System\FWTcMqV.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\JNspXpB.exe
  C:\Windows\System\JNspXpB.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\FRYqVwq.exe
  C:\Windows\System\FRYqVwq.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\CrHPMuL.exe
  C:\Windows\System\CrHPMuL.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\XNSHJbc.exe
  C:\Windows\System\XNSHJbc.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\sJSlNcO.exe
  C:\Windows\System\sJSlNcO.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\UxcgmAd.exe
  C:\Windows\System\UxcgmAd.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\kbXbHlk.exe
  C:\Windows\System\kbXbHlk.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\zxthkAe.exe
  C:\Windows\System\zxthkAe.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\qaxGBbK.exe
  C:\Windows\System\qaxGBbK.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\vlNVCPm.exe
  C:\Windows\System\vlNVCPm.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\VwvBYBj.exe
  C:\Windows\System\VwvBYBj.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\mqXloyA.exe
  C:\Windows\System\mqXloyA.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\bygEVSg.exe
  C:\Windows\System\bygEVSg.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\sYQTchl.exe
  C:\Windows\System\sYQTchl.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\kUDymal.exe
  C:\Windows\System\kUDymal.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\HaRwHEB.exe
  C:\Windows\System\HaRwHEB.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\PWuUUVQ.exe
  C:\Windows\System\PWuUUVQ.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\VeYYgSX.exe
  C:\Windows\System\VeYYgSX.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\PmcJCJS.exe
  C:\Windows\System\PmcJCJS.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\ecxWpQm.exe
  C:\Windows\System\ecxWpQm.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\PHWdboi.exe
  C:\Windows\System\PHWdboi.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\EUWIDEM.exe
  C:\Windows\System\EUWIDEM.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\PQOOkof.exe
  C:\Windows\System\PQOOkof.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\psmwOcd.exe
  C:\Windows\System\psmwOcd.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\KNmDeIl.exe
  C:\Windows\System\KNmDeIl.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\JVBKKGV.exe
  C:\Windows\System\JVBKKGV.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\HBJLkAN.exe
  C:\Windows\System\HBJLkAN.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\MmXxnjF.exe
  C:\Windows\System\MmXxnjF.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\NcAyZIU.exe
  C:\Windows\System\NcAyZIU.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\PTdcHKP.exe
  C:\Windows\System\PTdcHKP.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\rnEBWYA.exe
  C:\Windows\System\rnEBWYA.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\vudCuoE.exe
  C:\Windows\System\vudCuoE.exe
  2⤵
  PID:112
- C:\Windows\System\EJjHAmq.exe
  C:\Windows\System\EJjHAmq.exe
  2⤵
  PID:1988
- C:\Windows\System\sxFYjRQ.exe
  C:\Windows\System\sxFYjRQ.exe
  2⤵
  PID:2396
- C:\Windows\System\ULoaIfZ.exe
  C:\Windows\System\ULoaIfZ.exe
  2⤵
  PID:1036
- C:\Windows\System\ZkQJVwv.exe
  C:\Windows\System\ZkQJVwv.exe
  2⤵
  PID:1976
- C:\Windows\System\YgYDsrK.exe
  C:\Windows\System\YgYDsrK.exe
  2⤵
  PID:2292
- C:\Windows\System\toCpORv.exe
  C:\Windows\System\toCpORv.exe
  2⤵
  PID:1712
- C:\Windows\System\neLoSmP.exe
  C:\Windows\System\neLoSmP.exe
  2⤵
  PID:1592
- C:\Windows\System\PehEqqg.exe
  C:\Windows\System\PehEqqg.exe
  2⤵
  PID:2760
- C:\Windows\System\hHYgwGE.exe
  C:\Windows\System\hHYgwGE.exe
  2⤵
  PID:2652
- C:\Windows\System\HpXDeue.exe
  C:\Windows\System\HpXDeue.exe
  2⤵
  PID:2812
- C:\Windows\System\dPEgBHt.exe
  C:\Windows\System\dPEgBHt.exe
  2⤵
  PID:2728
- C:\Windows\System\vgIbZtg.exe
  C:\Windows\System\vgIbZtg.exe
  2⤵
  PID:2544
- C:\Windows\System\TdWTzxM.exe
  C:\Windows\System\TdWTzxM.exe
  2⤵
  PID:3020
- C:\Windows\System\IFkNBit.exe
  C:\Windows\System\IFkNBit.exe
  2⤵
  PID:3028
- C:\Windows\System\kUcfAuv.exe
  C:\Windows\System\kUcfAuv.exe
  2⤵
  PID:448
- C:\Windows\System\lnhsOiq.exe
  C:\Windows\System\lnhsOiq.exe
  2⤵
  PID:2964
- C:\Windows\System\XuIAZHT.exe
  C:\Windows\System\XuIAZHT.exe
  2⤵
  PID:1960
- C:\Windows\System\CdAtntU.exe
  C:\Windows\System\CdAtntU.exe
  2⤵
  PID:2824
- C:\Windows\System\WlNbkDr.exe
  C:\Windows\System\WlNbkDr.exe
  2⤵
  PID:1968
- C:\Windows\System\TLDJDZs.exe
  C:\Windows\System\TLDJDZs.exe
  2⤵
  PID:2876
- C:\Windows\System\TfXKUap.exe
  C:\Windows\System\TfXKUap.exe
  2⤵
  PID:2352
- C:\Windows\System\IeRfvYm.exe
  C:\Windows\System\IeRfvYm.exe
  2⤵
  PID:536
- C:\Windows\System\jCswHKc.exe
  C:\Windows\System\jCswHKc.exe
  2⤵
  PID:688
- C:\Windows\System\tSVTnwG.exe
  C:\Windows\System\tSVTnwG.exe
  2⤵
  PID:1800
- C:\Windows\System\cwfGKhl.exe
  C:\Windows\System\cwfGKhl.exe
  2⤵
  PID:2984
- C:\Windows\System\rsFnmgs.exe
  C:\Windows\System\rsFnmgs.exe
  2⤵
  PID:1340
- C:\Windows\System\XEtvHdu.exe
  C:\Windows\System\XEtvHdu.exe
  2⤵
  PID:1944
- C:\Windows\System\PHelIzv.exe
  C:\Windows\System\PHelIzv.exe
  2⤵
  PID:604
- C:\Windows\System\PCjMrqx.exe
  C:\Windows\System\PCjMrqx.exe
  2⤵
  PID:952
- C:\Windows\System\mCIbqaO.exe
  C:\Windows\System\mCIbqaO.exe
  2⤵
  PID:1752
- C:\Windows\System\uiMaSUu.exe
  C:\Windows\System\uiMaSUu.exe
  2⤵
  PID:2440
- C:\Windows\System\VHAVjOB.exe
  C:\Windows\System\VHAVjOB.exe
  2⤵
  PID:1368
- C:\Windows\System\zttRFRh.exe
  C:\Windows\System\zttRFRh.exe
  2⤵
  PID:2036
- C:\Windows\System\bfUyWRY.exe
  C:\Windows\System\bfUyWRY.exe
  2⤵
  PID:1620
- C:\Windows\System\WIPqQVZ.exe
  C:\Windows\System\WIPqQVZ.exe
  2⤵
  PID:2444
- C:\Windows\System\DrymlOf.exe
  C:\Windows\System\DrymlOf.exe
  2⤵
  PID:632
- C:\Windows\System\kjPDjCb.exe
  C:\Windows\System\kjPDjCb.exe
  2⤵
  PID:2052
- C:\Windows\System\GrkJlAJ.exe
  C:\Windows\System\GrkJlAJ.exe
  2⤵
  PID:560
- C:\Windows\System\fBauXYR.exe
  C:\Windows\System\fBauXYR.exe
  2⤵
  PID:1480
- C:\Windows\System\cmoxiBo.exe
  C:\Windows\System\cmoxiBo.exe
  2⤵
  PID:888
- C:\Windows\System\uIMgBjw.exe
  C:\Windows\System\uIMgBjw.exe
  2⤵
  PID:880
- C:\Windows\System\aIFDpXv.exe
  C:\Windows\System\aIFDpXv.exe
  2⤵
  PID:1236
- C:\Windows\System\LOiftpA.exe
  C:\Windows\System\LOiftpA.exe
  2⤵
  PID:1596
- C:\Windows\System\FNWVzKx.exe
  C:\Windows\System\FNWVzKx.exe
  2⤵
  PID:2668
- C:\Windows\System\oDrYZIj.exe
  C:\Windows\System\oDrYZIj.exe
  2⤵
  PID:1844
- C:\Windows\System\qRjJZMd.exe
  C:\Windows\System\qRjJZMd.exe
  2⤵
  PID:2548
- C:\Windows\System\ipcNzqc.exe
  C:\Windows\System\ipcNzqc.exe
  2⤵
  PID:1992
- C:\Windows\System\EgEvHMT.exe
  C:\Windows\System\EgEvHMT.exe
  2⤵
  PID:2264
- C:\Windows\System\JvNxotD.exe
  C:\Windows\System\JvNxotD.exe
  2⤵
  PID:2124
- C:\Windows\System\SCULplB.exe
  C:\Windows\System\SCULplB.exe
  2⤵
  PID:1836
- C:\Windows\System\lwwcFzA.exe
  C:\Windows\System\lwwcFzA.exe
  2⤵
  PID:2076
- C:\Windows\System\xirBeFe.exe
  C:\Windows\System\xirBeFe.exe
  2⤵
  PID:2216
- C:\Windows\System\BSWWamy.exe
  C:\Windows\System\BSWWamy.exe
  2⤵
  PID:1616
- C:\Windows\System\YlpAolf.exe
  C:\Windows\System\YlpAolf.exe
  2⤵
  PID:696
- C:\Windows\System\fjURKSb.exe
  C:\Windows\System\fjURKSb.exe
  2⤵
  PID:2268
- C:\Windows\System\UlgbzvG.exe
  C:\Windows\System\UlgbzvG.exe
  2⤵
  PID:1192
- C:\Windows\System\plhLNIP.exe
  C:\Windows\System\plhLNIP.exe
  2⤵
  PID:1728
- C:\Windows\System\OfAOhuO.exe
  C:\Windows\System\OfAOhuO.exe
  2⤵
  PID:1640
- C:\Windows\System\zSPYDyB.exe
  C:\Windows\System\zSPYDyB.exe
  2⤵
  PID:1764
- C:\Windows\System\JxseLbx.exe
  C:\Windows\System\JxseLbx.exe
  2⤵
  PID:3084
- C:\Windows\System\DYKCfoC.exe
  C:\Windows\System\DYKCfoC.exe
  2⤵
  PID:3100
- C:\Windows\System\xCHcpiW.exe
  C:\Windows\System\xCHcpiW.exe
  2⤵
  PID:3116
- C:\Windows\System\hoZbMpB.exe
  C:\Windows\System\hoZbMpB.exe
  2⤵
  PID:3132
- C:\Windows\System\DQkKZPf.exe
  C:\Windows\System\DQkKZPf.exe
  2⤵
  PID:3148
- C:\Windows\System\dEojEqa.exe
  C:\Windows\System\dEojEqa.exe
  2⤵
  PID:3164
- C:\Windows\System\LusEtDJ.exe
  C:\Windows\System\LusEtDJ.exe
  2⤵
  PID:3180
- C:\Windows\System\DDuUpxx.exe
  C:\Windows\System\DDuUpxx.exe
  2⤵
  PID:3196
- C:\Windows\System\zzFCNFP.exe
  C:\Windows\System\zzFCNFP.exe
  2⤵
  PID:3212
- C:\Windows\System\QznIiQK.exe
  C:\Windows\System\QznIiQK.exe
  2⤵
  PID:3228
- C:\Windows\System\ZmKCEdc.exe
  C:\Windows\System\ZmKCEdc.exe
  2⤵
  PID:3244
- C:\Windows\System\WTxjPVA.exe
  C:\Windows\System\WTxjPVA.exe
  2⤵
  PID:3260
- C:\Windows\System\uHkNTpL.exe
  C:\Windows\System\uHkNTpL.exe
  2⤵
  PID:3276
- C:\Windows\System\Uqscffk.exe
  C:\Windows\System\Uqscffk.exe
  2⤵
  PID:3292
- C:\Windows\System\siLalxN.exe
  C:\Windows\System\siLalxN.exe
  2⤵
  PID:3308
- C:\Windows\System\ARbCsdX.exe
  C:\Windows\System\ARbCsdX.exe
  2⤵
  PID:3324
- C:\Windows\System\TllWxis.exe
  C:\Windows\System\TllWxis.exe
  2⤵
  PID:3340
- C:\Windows\System\BWFDhUc.exe
  C:\Windows\System\BWFDhUc.exe
  2⤵
  PID:3356
- C:\Windows\System\xsKBGgM.exe
  C:\Windows\System\xsKBGgM.exe
  2⤵
  PID:3372
- C:\Windows\System\cjpPskE.exe
  C:\Windows\System\cjpPskE.exe
  2⤵
  PID:3388
- C:\Windows\System\BIKCHJv.exe
  C:\Windows\System\BIKCHJv.exe
  2⤵
  PID:3404
- C:\Windows\System\OFOgqSq.exe
  C:\Windows\System\OFOgqSq.exe
  2⤵
  PID:3420
- C:\Windows\System\QNcEpQq.exe
  C:\Windows\System\QNcEpQq.exe
  2⤵
  PID:3436
- C:\Windows\System\DdnZsUA.exe
  C:\Windows\System\DdnZsUA.exe
  2⤵
  PID:3452
- C:\Windows\System\puNZngW.exe
  C:\Windows\System\puNZngW.exe
  2⤵
  PID:3468
- C:\Windows\System\okotjPr.exe
  C:\Windows\System\okotjPr.exe
  2⤵
  PID:3484
- C:\Windows\System\FzrUTGr.exe
  C:\Windows\System\FzrUTGr.exe
  2⤵
  PID:3500
- C:\Windows\System\XrQbyHg.exe
  C:\Windows\System\XrQbyHg.exe
  2⤵
  PID:3516
- C:\Windows\System\tTKTKos.exe
  C:\Windows\System\tTKTKos.exe
  2⤵
  PID:3532
- C:\Windows\System\JoLLAPe.exe
  C:\Windows\System\JoLLAPe.exe
  2⤵
  PID:3548
- C:\Windows\System\OudJIvO.exe
  C:\Windows\System\OudJIvO.exe
  2⤵
  PID:3564
- C:\Windows\System\ItnEhEb.exe
  C:\Windows\System\ItnEhEb.exe
  2⤵
  PID:3580
- C:\Windows\System\wFSBmWb.exe
  C:\Windows\System\wFSBmWb.exe
  2⤵
  PID:3596
- C:\Windows\System\rXwcMTM.exe
  C:\Windows\System\rXwcMTM.exe
  2⤵
  PID:3612
- C:\Windows\System\vozuUdL.exe
  C:\Windows\System\vozuUdL.exe
  2⤵
  PID:3628
- C:\Windows\System\DgTfPcY.exe
  C:\Windows\System\DgTfPcY.exe
  2⤵
  PID:3644
- C:\Windows\System\IzcXrLX.exe
  C:\Windows\System\IzcXrLX.exe
  2⤵
  PID:3660
- C:\Windows\System\Mrssyap.exe
  C:\Windows\System\Mrssyap.exe
  2⤵
  PID:3676
- C:\Windows\System\GYlKFPU.exe
  C:\Windows\System\GYlKFPU.exe
  2⤵
  PID:3692
- C:\Windows\System\PGrrhFI.exe
  C:\Windows\System\PGrrhFI.exe
  2⤵
  PID:3708
- C:\Windows\System\rLYNNFg.exe
  C:\Windows\System\rLYNNFg.exe
  2⤵
  PID:3724
- C:\Windows\System\ooFHCdP.exe
  C:\Windows\System\ooFHCdP.exe
  2⤵
  PID:3740
- C:\Windows\System\WiIslVz.exe
  C:\Windows\System\WiIslVz.exe
  2⤵
  PID:3756
- C:\Windows\System\Tyyliyq.exe
  C:\Windows\System\Tyyliyq.exe
  2⤵
  PID:3772
- C:\Windows\System\UDirBZo.exe
  C:\Windows\System\UDirBZo.exe
  2⤵
  PID:3788
- C:\Windows\System\LEdxoni.exe
  C:\Windows\System\LEdxoni.exe
  2⤵
  PID:3804
- C:\Windows\System\xueYIIT.exe
  C:\Windows\System\xueYIIT.exe
  2⤵
  PID:3820
- C:\Windows\System\bppJSza.exe
  C:\Windows\System\bppJSza.exe
  2⤵
  PID:3836
- C:\Windows\System\BOqgIjW.exe
  C:\Windows\System\BOqgIjW.exe
  2⤵
  PID:3852
- C:\Windows\System\goFdSsT.exe
  C:\Windows\System\goFdSsT.exe
  2⤵
  PID:3868
- C:\Windows\System\NuzodSW.exe
  C:\Windows\System\NuzodSW.exe
  2⤵
  PID:3884
- C:\Windows\System\AhRbfFK.exe
  C:\Windows\System\AhRbfFK.exe
  2⤵
  PID:3900
- C:\Windows\System\rPywAPD.exe
  C:\Windows\System\rPywAPD.exe
  2⤵
  PID:3916
- C:\Windows\System\cdXoTQh.exe
  C:\Windows\System\cdXoTQh.exe
  2⤵
  PID:3932
- C:\Windows\System\kxausMq.exe
  C:\Windows\System\kxausMq.exe
  2⤵
  PID:3948
- C:\Windows\System\uyQtJWf.exe
  C:\Windows\System\uyQtJWf.exe
  2⤵
  PID:3964
- C:\Windows\System\WuCzGaK.exe
  C:\Windows\System\WuCzGaK.exe
  2⤵
  PID:3980
- C:\Windows\System\ZlpEmtA.exe
  C:\Windows\System\ZlpEmtA.exe
  2⤵
  PID:3996
- C:\Windows\System\mjreGoQ.exe
  C:\Windows\System\mjreGoQ.exe
  2⤵
  PID:4012
- C:\Windows\System\wQqcjTH.exe
  C:\Windows\System\wQqcjTH.exe
  2⤵
  PID:4028
- C:\Windows\System\ddhUowN.exe
  C:\Windows\System\ddhUowN.exe
  2⤵
  PID:4044
- C:\Windows\System\EyhKaXp.exe
  C:\Windows\System\EyhKaXp.exe
  2⤵
  PID:4060
- C:\Windows\System\zSslWbS.exe
  C:\Windows\System\zSslWbS.exe
  2⤵
  PID:4076
- C:\Windows\System\lfFezuH.exe
  C:\Windows\System\lfFezuH.exe
  2⤵
  PID:4092
- C:\Windows\System\GCbiaOF.exe
  C:\Windows\System\GCbiaOF.exe
  2⤵
  PID:2200
- C:\Windows\System\VReKTey.exe
  C:\Windows\System\VReKTey.exe
  2⤵
  PID:3064
- C:\Windows\System\OmwaDAW.exe
  C:\Windows\System\OmwaDAW.exe
  2⤵
  PID:2920
- C:\Windows\System\EbxdVPt.exe
  C:\Windows\System\EbxdVPt.exe
  2⤵
  PID:1632
- C:\Windows\System\pjibJDb.exe
  C:\Windows\System\pjibJDb.exe
  2⤵
  PID:2144
- C:\Windows\System\DFtBOja.exe
  C:\Windows\System\DFtBOja.exe
  2⤵
  PID:944
- C:\Windows\System\qRsjmZh.exe
  C:\Windows\System\qRsjmZh.exe
  2⤵
  PID:1268
- C:\Windows\System\YLgjipz.exe
  C:\Windows\System\YLgjipz.exe
  2⤵
  PID:980
- C:\Windows\System\CtkWgGf.exe
  C:\Windows\System\CtkWgGf.exe
  2⤵
  PID:2460
- C:\Windows\System\PqnixGA.exe
  C:\Windows\System\PqnixGA.exe
  2⤵
  PID:3092
- C:\Windows\System\nJdJaYm.exe
  C:\Windows\System\nJdJaYm.exe
  2⤵
  PID:3124
- C:\Windows\System\WWYoDgQ.exe
  C:\Windows\System\WWYoDgQ.exe
  2⤵
  PID:3140
- C:\Windows\System\jdKLcKD.exe
  C:\Windows\System\jdKLcKD.exe
  2⤵
  PID:3188
- C:\Windows\System\fzZiFNE.exe
  C:\Windows\System\fzZiFNE.exe
  2⤵
  PID:3204
- C:\Windows\System\yFJlLAf.exe
  C:\Windows\System\yFJlLAf.exe
  2⤵
  PID:3252
- C:\Windows\System\eoqtMYW.exe
  C:\Windows\System\eoqtMYW.exe
  2⤵
  PID:3268
- C:\Windows\System\fxZRQqB.exe
  C:\Windows\System\fxZRQqB.exe
  2⤵
  PID:3316
- C:\Windows\System\mPyellx.exe
  C:\Windows\System\mPyellx.exe
  2⤵
  PID:3332
- C:\Windows\System\QvOrDNw.exe
  C:\Windows\System\QvOrDNw.exe
  2⤵
  PID:3364
- C:\Windows\System\ZgYjMqg.exe
  C:\Windows\System\ZgYjMqg.exe
  2⤵
  PID:3396
- C:\Windows\System\fJmZkOC.exe
  C:\Windows\System\fJmZkOC.exe
  2⤵
  PID:3428
- C:\Windows\System\hDqfmSZ.exe
  C:\Windows\System\hDqfmSZ.exe
  2⤵
  PID:3476
- C:\Windows\System\qbUapHz.exe
  C:\Windows\System\qbUapHz.exe
  2⤵
  PID:3492
- C:\Windows\System\TNMMtGW.exe
  C:\Windows\System\TNMMtGW.exe
  2⤵
  PID:3540
- C:\Windows\System\IKWNubo.exe
  C:\Windows\System\IKWNubo.exe
  2⤵
  PID:3556
- C:\Windows\System\fKBqPqM.exe
  C:\Windows\System\fKBqPqM.exe
  2⤵
  PID:3608
- C:\Windows\System\MRZinCE.exe
  C:\Windows\System\MRZinCE.exe
  2⤵
  PID:3668
- C:\Windows\System\BHCmUSb.exe
  C:\Windows\System\BHCmUSb.exe
  2⤵
  PID:3672
- C:\Windows\System\kfMsxyX.exe
  C:\Windows\System\kfMsxyX.exe
  2⤵
  PID:3688
- C:\Windows\System\vbQjUhd.exe
  C:\Windows\System\vbQjUhd.exe
  2⤵
  PID:3748
- C:\Windows\System\mGOVRaU.exe
  C:\Windows\System\mGOVRaU.exe
  2⤵
  PID:4020
- C:\Windows\System\TCNiXZB.exe
  C:\Windows\System\TCNiXZB.exe
  2⤵
  PID:4052
- C:\Windows\System\FlcwKyS.exe
  C:\Windows\System\FlcwKyS.exe
  2⤵
  PID:4068
- C:\Windows\System\VDllVOA.exe
  C:\Windows\System\VDllVOA.exe
  2⤵
  PID:3524
- C:\Windows\System\fZGCaCq.exe
  C:\Windows\System\fZGCaCq.exe
  2⤵
  PID:3320
- C:\Windows\System\QRXaDjz.exe
  C:\Windows\System\QRXaDjz.exe
  2⤵
  PID:3432
- C:\Windows\System\FUNjnnq.exe
  C:\Windows\System\FUNjnnq.exe
  2⤵
  PID:3512
- C:\Windows\System\nboGWqM.exe
  C:\Windows\System\nboGWqM.exe
  2⤵
  PID:3604
- C:\Windows\System\SuQxPhh.exe
  C:\Windows\System\SuQxPhh.exe
  2⤵
  PID:4072
- C:\Windows\System\YcmIjIY.exe
  C:\Windows\System\YcmIjIY.exe
  2⤵
  PID:3336
- C:\Windows\System\stgaikG.exe
  C:\Windows\System\stgaikG.exe
  2⤵
  PID:3480
- C:\Windows\System\SWVXxrc.exe
  C:\Windows\System\SWVXxrc.exe
  2⤵
  PID:3640
- C:\Windows\System\SErjtBi.exe
  C:\Windows\System\SErjtBi.exe
  2⤵
  PID:3784
- C:\Windows\System\jMJeomL.exe
  C:\Windows\System\jMJeomL.exe
  2⤵
  PID:3812
- C:\Windows\System\KFcVFHZ.exe
  C:\Windows\System\KFcVFHZ.exe
  2⤵
  PID:3864
- C:\Windows\System\VTcFVrQ.exe
  C:\Windows\System\VTcFVrQ.exe
  2⤵
  PID:3876
- C:\Windows\System\mSBFlVA.exe
  C:\Windows\System\mSBFlVA.exe
  2⤵
  PID:3924
- C:\Windows\System\bzLJpUm.exe
  C:\Windows\System\bzLJpUm.exe
  2⤵
  PID:3940
- C:\Windows\System\pUMWcUi.exe
  C:\Windows\System\pUMWcUi.exe
  2⤵
  PID:3992
- C:\Windows\System\eBKAwjp.exe
  C:\Windows\System\eBKAwjp.exe
  2⤵
  PID:4040
- C:\Windows\System\QrJNrOG.exe
  C:\Windows\System\QrJNrOG.exe
  2⤵
  PID:3236
- C:\Windows\System\zbprqlY.exe
  C:\Windows\System\zbprqlY.exe
  2⤵
  PID:4088
- C:\Windows\System\JmJRJTl.exe
  C:\Windows\System\JmJRJTl.exe
  2⤵
  PID:4100
- C:\Windows\System\YeNLcgs.exe
  C:\Windows\System\YeNLcgs.exe
  2⤵
  PID:4116
- C:\Windows\System\uqCDejo.exe
  C:\Windows\System\uqCDejo.exe
  2⤵
  PID:4132
- C:\Windows\System\RgjmSko.exe
  C:\Windows\System\RgjmSko.exe
  2⤵
  PID:4148
- C:\Windows\System\vPjIUbd.exe
  C:\Windows\System\vPjIUbd.exe
  2⤵
  PID:4164
- C:\Windows\System\XlkjPHH.exe
  C:\Windows\System\XlkjPHH.exe
  2⤵
  PID:4180
- C:\Windows\System\HcVJRJv.exe
  C:\Windows\System\HcVJRJv.exe
  2⤵
  PID:4196
- C:\Windows\System\ZHDbuem.exe
  C:\Windows\System\ZHDbuem.exe
  2⤵
  PID:4212
- C:\Windows\System\lqyxlry.exe
  C:\Windows\System\lqyxlry.exe
  2⤵
  PID:4228
- C:\Windows\System\EuPkOvG.exe
  C:\Windows\System\EuPkOvG.exe
  2⤵
  PID:4244
- C:\Windows\System\mTijiwy.exe
  C:\Windows\System\mTijiwy.exe
  2⤵
  PID:4260
- C:\Windows\System\mcbBMIy.exe
  C:\Windows\System\mcbBMIy.exe
  2⤵
  PID:4276
- C:\Windows\System\vGYVECg.exe
  C:\Windows\System\vGYVECg.exe
  2⤵
  PID:4292
- C:\Windows\System\ApnAWaz.exe
  C:\Windows\System\ApnAWaz.exe
  2⤵
  PID:4308
- C:\Windows\System\FhNEyML.exe
  C:\Windows\System\FhNEyML.exe
  2⤵
  PID:4324
- C:\Windows\System\LFKJUNR.exe
  C:\Windows\System\LFKJUNR.exe
  2⤵
  PID:4340
- C:\Windows\System\FiolRmt.exe
  C:\Windows\System\FiolRmt.exe
  2⤵
  PID:4356
- C:\Windows\System\KhVrLgJ.exe
  C:\Windows\System\KhVrLgJ.exe
  2⤵
  PID:4372
- C:\Windows\System\VfieRjy.exe
  C:\Windows\System\VfieRjy.exe
  2⤵
  PID:4388
- C:\Windows\System\YPtKsjL.exe
  C:\Windows\System\YPtKsjL.exe
  2⤵
  PID:4404
- C:\Windows\System\ZYsVpnu.exe
  C:\Windows\System\ZYsVpnu.exe
  2⤵
  PID:4420
- C:\Windows\System\YixetbE.exe
  C:\Windows\System\YixetbE.exe
  2⤵
  PID:4436
- C:\Windows\System\TPkZIdu.exe
  C:\Windows\System\TPkZIdu.exe
  2⤵
  PID:4452
- C:\Windows\System\HgRJyjp.exe
  C:\Windows\System\HgRJyjp.exe
  2⤵
  PID:4468
- C:\Windows\System\iKACehN.exe
  C:\Windows\System\iKACehN.exe
  2⤵
  PID:4484
- C:\Windows\System\zzZYmfL.exe
  C:\Windows\System\zzZYmfL.exe
  2⤵
  PID:4500
- C:\Windows\System\syNvjTZ.exe
  C:\Windows\System\syNvjTZ.exe
  2⤵
  PID:4516
- C:\Windows\System\WydVdOH.exe
  C:\Windows\System\WydVdOH.exe
  2⤵
  PID:4532
- C:\Windows\System\gfGvlfp.exe
  C:\Windows\System\gfGvlfp.exe
  2⤵
  PID:4548
- C:\Windows\System\OVgVFFA.exe
  C:\Windows\System\OVgVFFA.exe
  2⤵
  PID:4564
- C:\Windows\System\RnLuFki.exe
  C:\Windows\System\RnLuFki.exe
  2⤵
  PID:4580
- C:\Windows\System\jrABCoc.exe
  C:\Windows\System\jrABCoc.exe
  2⤵
  PID:4596
- C:\Windows\System\oJKVVxD.exe
  C:\Windows\System\oJKVVxD.exe
  2⤵
  PID:4612
- C:\Windows\System\hvAFluX.exe
  C:\Windows\System\hvAFluX.exe
  2⤵
  PID:4628
- C:\Windows\System\VTDvwSI.exe
  C:\Windows\System\VTDvwSI.exe
  2⤵
  PID:4644
- C:\Windows\System\VVBwOPW.exe
  C:\Windows\System\VVBwOPW.exe
  2⤵
  PID:4660
- C:\Windows\System\PxnkAWV.exe
  C:\Windows\System\PxnkAWV.exe
  2⤵
  PID:4676
- C:\Windows\System\lHKXAjO.exe
  C:\Windows\System\lHKXAjO.exe
  2⤵
  PID:4692
- C:\Windows\System\DObpohU.exe
  C:\Windows\System\DObpohU.exe
  2⤵
  PID:4708
- C:\Windows\System\qNlzwou.exe
  C:\Windows\System\qNlzwou.exe
  2⤵
  PID:4724
- C:\Windows\System\tAYSBnJ.exe
  C:\Windows\System\tAYSBnJ.exe
  2⤵
  PID:4740
- C:\Windows\System\ZcXHzTt.exe
  C:\Windows\System\ZcXHzTt.exe
  2⤵
  PID:4756
- C:\Windows\System\rJFdQJe.exe
  C:\Windows\System\rJFdQJe.exe
  2⤵
  PID:4772
- C:\Windows\System\FwWuOom.exe
  C:\Windows\System\FwWuOom.exe
  2⤵
  PID:4788
- C:\Windows\System\wPbrZiR.exe
  C:\Windows\System\wPbrZiR.exe
  2⤵
  PID:4804
- C:\Windows\System\SHBsbrX.exe
  C:\Windows\System\SHBsbrX.exe
  2⤵
  PID:4820
- C:\Windows\System\qCcrBae.exe
  C:\Windows\System\qCcrBae.exe
  2⤵
  PID:4840
- C:\Windows\System\KjdcpLU.exe
  C:\Windows\System\KjdcpLU.exe
  2⤵
  PID:4856
- C:\Windows\System\ZpJXcBr.exe
  C:\Windows\System\ZpJXcBr.exe
  2⤵
  PID:4872
- C:\Windows\System\WqGHAHI.exe
  C:\Windows\System\WqGHAHI.exe
  2⤵
  PID:4888
- C:\Windows\System\pTZjsst.exe
  C:\Windows\System\pTZjsst.exe
  2⤵
  PID:4904
- C:\Windows\System\rTlaZym.exe
  C:\Windows\System\rTlaZym.exe
  2⤵
  PID:4920
- C:\Windows\System\dxRzzLv.exe
  C:\Windows\System\dxRzzLv.exe
  2⤵
  PID:4936
- C:\Windows\System\qnaJVOS.exe
  C:\Windows\System\qnaJVOS.exe
  2⤵
  PID:4952
- C:\Windows\System\wThTezP.exe
  C:\Windows\System\wThTezP.exe
  2⤵
  PID:4968
- C:\Windows\System\gNAKstn.exe
  C:\Windows\System\gNAKstn.exe
  2⤵
  PID:4984
- C:\Windows\System\feiclDg.exe
  C:\Windows\System\feiclDg.exe
  2⤵
  PID:5000
- C:\Windows\System\jbkYNHd.exe
  C:\Windows\System\jbkYNHd.exe
  2⤵
  PID:5016
- C:\Windows\System\WQxoxij.exe
  C:\Windows\System\WQxoxij.exe
  2⤵
  PID:5032
- C:\Windows\System\gRyiQSE.exe
  C:\Windows\System\gRyiQSE.exe
  2⤵
  PID:5048
- C:\Windows\System\HtsXLdC.exe
  C:\Windows\System\HtsXLdC.exe
  2⤵
  PID:5064
- C:\Windows\System\GfXUukZ.exe
  C:\Windows\System\GfXUukZ.exe
  2⤵
  PID:5080
- C:\Windows\System\hxcmBAS.exe
  C:\Windows\System\hxcmBAS.exe
  2⤵
  PID:5096
- C:\Windows\System\nvawvxO.exe
  C:\Windows\System\nvawvxO.exe
  2⤵
  PID:5112
- C:\Windows\System\awLEXtQ.exe
  C:\Windows\System\awLEXtQ.exe
  2⤵
  PID:4024
- C:\Windows\System\QNihcES.exe
  C:\Windows\System\QNihcES.exe
  2⤵
  PID:3572
- C:\Windows\System\pxbcKWJ.exe
  C:\Windows\System\pxbcKWJ.exe
  2⤵
  PID:3796
- C:\Windows\System\bOOJHXT.exe
  C:\Windows\System\bOOJHXT.exe
  2⤵
  PID:3892
- C:\Windows\System\ATeRqAA.exe
  C:\Windows\System\ATeRqAA.exe
  2⤵
  PID:3896
- C:\Windows\System\NhjzIkw.exe
  C:\Windows\System\NhjzIkw.exe
  2⤵
  PID:3960
- C:\Windows\System\jWLNMpb.exe
  C:\Windows\System\jWLNMpb.exe
  2⤵
  PID:3988
- C:\Windows\System\YctQkoV.exe
  C:\Windows\System\YctQkoV.exe
  2⤵
  PID:3496
- C:\Windows\System\sePgwZU.exe
  C:\Windows\System\sePgwZU.exe
  2⤵
  PID:4124
- C:\Windows\System\hUvhIcA.exe
  C:\Windows\System\hUvhIcA.exe
  2⤵
  PID:4156
- C:\Windows\System\BjmIEBB.exe
  C:\Windows\System\BjmIEBB.exe
  2⤵
  PID:4204
- C:\Windows\System\ZCINJwf.exe
  C:\Windows\System\ZCINJwf.exe
  2⤵
  PID:4220
- C:\Windows\System\STOzYuP.exe
  C:\Windows\System\STOzYuP.exe
  2⤵
  PID:4268
- C:\Windows\System\nhLPzoG.exe
  C:\Windows\System\nhLPzoG.exe
  2⤵
  PID:4284
- C:\Windows\System\echgdPP.exe
  C:\Windows\System\echgdPP.exe
  2⤵
  PID:4332
- C:\Windows\System\bVoVSzZ.exe
  C:\Windows\System\bVoVSzZ.exe
  2⤵
  PID:4320
- C:\Windows\System\QJGILjB.exe
  C:\Windows\System\QJGILjB.exe
  2⤵
  PID:4380
- C:\Windows\System\lqKvuQI.exe
  C:\Windows\System\lqKvuQI.exe
  2⤵
  PID:4412
- C:\Windows\System\aOGXgCZ.exe
  C:\Windows\System\aOGXgCZ.exe
  2⤵
  PID:4460
- C:\Windows\System\CjqbGbM.exe
  C:\Windows\System\CjqbGbM.exe
  2⤵
  PID:4492
- C:\Windows\System\UVqIhot.exe
  C:\Windows\System\UVqIhot.exe
  2⤵
  PID:4480
- C:\Windows\System\cOYKhFC.exe
  C:\Windows\System\cOYKhFC.exe
  2⤵
  PID:4556
- C:\Windows\System\jCXmngM.exe
  C:\Windows\System\jCXmngM.exe
  2⤵
  PID:4572
- C:\Windows\System\ATrtIeg.exe
  C:\Windows\System\ATrtIeg.exe
  2⤵
  PID:4620
- C:\Windows\System\RMtqlyU.exe
  C:\Windows\System\RMtqlyU.exe
  2⤵
  PID:4636
- C:\Windows\System\MUpFhBS.exe
  C:\Windows\System\MUpFhBS.exe
  2⤵
  PID:4684
- C:\Windows\System\ENOkfim.exe
  C:\Windows\System\ENOkfim.exe
  2⤵
  PID:4716
- C:\Windows\System\JofHmxd.exe
  C:\Windows\System\JofHmxd.exe
  2⤵
  PID:4700
- C:\Windows\System\pjQUtsd.exe
  C:\Windows\System\pjQUtsd.exe
  2⤵
  PID:4764
- C:\Windows\System\wmNdFDE.exe
  C:\Windows\System\wmNdFDE.exe
  2⤵
  PID:4796
- C:\Windows\System\KWTSUZy.exe
  C:\Windows\System\KWTSUZy.exe
  2⤵
  PID:4828
- C:\Windows\System\BganWir.exe
  C:\Windows\System\BganWir.exe
  2⤵
  PID:4864
- C:\Windows\System\AGuWcjp.exe
  C:\Windows\System\AGuWcjp.exe
  2⤵
  PID:4896
- C:\Windows\System\hNPDmal.exe
  C:\Windows\System\hNPDmal.exe
  2⤵
  PID:4948
- C:\Windows\System\MxDfuWF.exe
  C:\Windows\System\MxDfuWF.exe
  2⤵
  PID:4932
- C:\Windows\System\WaOlfZj.exe
  C:\Windows\System\WaOlfZj.exe
  2⤵
  PID:5008
- C:\Windows\System\zufWJpe.exe
  C:\Windows\System\zufWJpe.exe
  2⤵
  PID:5040
- C:\Windows\System\GRqmJee.exe
  C:\Windows\System\GRqmJee.exe
  2⤵
  PID:5072
- C:\Windows\System\boUytZV.exe
  C:\Windows\System\boUytZV.exe
  2⤵
  PID:5104
- C:\Windows\System\BuaQLyx.exe
  C:\Windows\System\BuaQLyx.exe
  2⤵
  PID:3652
- C:\Windows\System\tFRuClQ.exe
  C:\Windows\System\tFRuClQ.exe
  2⤵
  PID:3832
- C:\Windows\System\krbFVFA.exe
  C:\Windows\System\krbFVFA.exe
  2⤵
  PID:3828
- C:\Windows\System\kORoKQY.exe
  C:\Windows\System\kORoKQY.exe
  2⤵
  PID:4108
- C:\Windows\System\atXHllI.exe
  C:\Windows\System\atXHllI.exe
  2⤵
  PID:4836
- C:\Windows\System\OsQYCGs.exe
  C:\Windows\System\OsQYCGs.exe
  2⤵
  PID:4208
- C:\Windows\System\mYZjKXK.exe
  C:\Windows\System\mYZjKXK.exe
  2⤵
  PID:4176
- C:\Windows\System\PAGKNbU.exe
  C:\Windows\System\PAGKNbU.exe
  2⤵
  PID:4288
- C:\Windows\System\woMdCTu.exe
  C:\Windows\System\woMdCTu.exe
  2⤵
  PID:4368
- C:\Windows\System\seIRBFd.exe
  C:\Windows\System\seIRBFd.exe
  2⤵
  PID:4464
- C:\Windows\System\liOfhEO.exe
  C:\Windows\System\liOfhEO.exe
  2⤵
  PID:4528
- C:\Windows\System\qhEQoKE.exe
  C:\Windows\System\qhEQoKE.exe
  2⤵
  PID:4592
- C:\Windows\System\xNMWIRG.exe
  C:\Windows\System\xNMWIRG.exe
  2⤵
  PID:4624
- C:\Windows\System\HoQbWSE.exe
  C:\Windows\System\HoQbWSE.exe
  2⤵
  PID:4748
- C:\Windows\System\KhewtUW.exe
  C:\Windows\System\KhewtUW.exe
  2⤵
  PID:5132
- C:\Windows\System\sxMxArV.exe
  C:\Windows\System\sxMxArV.exe
  2⤵
  PID:5148
- C:\Windows\System\SoluiUO.exe
  C:\Windows\System\SoluiUO.exe
  2⤵
  PID:5164
- C:\Windows\System\TUnNalc.exe
  C:\Windows\System\TUnNalc.exe
  2⤵
  PID:5180
- C:\Windows\System\SOhSPbu.exe
  C:\Windows\System\SOhSPbu.exe
  2⤵
  PID:5196
- C:\Windows\System\EQbnYry.exe
  C:\Windows\System\EQbnYry.exe
  2⤵
  PID:5212
- C:\Windows\System\hcsIbjz.exe
  C:\Windows\System\hcsIbjz.exe
  2⤵
  PID:5228
- C:\Windows\System\wYlwImV.exe
  C:\Windows\System\wYlwImV.exe
  2⤵
  PID:5244
- C:\Windows\System\iQIFBCi.exe
  C:\Windows\System\iQIFBCi.exe
  2⤵
  PID:5260
- C:\Windows\System\kaOxcQh.exe
  C:\Windows\System\kaOxcQh.exe
  2⤵
  PID:5276
- C:\Windows\System\YylbDFz.exe
  C:\Windows\System\YylbDFz.exe
  2⤵
  PID:5292
- C:\Windows\System\hzQESGN.exe
  C:\Windows\System\hzQESGN.exe
  2⤵
  PID:5308
- C:\Windows\System\tSQOWAf.exe
  C:\Windows\System\tSQOWAf.exe
  2⤵
  PID:5324
- C:\Windows\System\NbCsRJp.exe
  C:\Windows\System\NbCsRJp.exe
  2⤵
  PID:5340
- C:\Windows\System\nclJVlf.exe
  C:\Windows\System\nclJVlf.exe
  2⤵
  PID:5356
- C:\Windows\System\WBuYFpP.exe
  C:\Windows\System\WBuYFpP.exe
  2⤵
  PID:5372
- C:\Windows\System\YkdwFCv.exe
  C:\Windows\System\YkdwFCv.exe
  2⤵
  PID:5388
- C:\Windows\System\lUEBfGd.exe
  C:\Windows\System\lUEBfGd.exe
  2⤵
  PID:5404
- C:\Windows\System\aHxUgSb.exe
  C:\Windows\System\aHxUgSb.exe
  2⤵
  PID:5420
- C:\Windows\System\VjjsLwg.exe
  C:\Windows\System\VjjsLwg.exe
  2⤵
  PID:5436
- C:\Windows\System\WMcpZgY.exe
  C:\Windows\System\WMcpZgY.exe
  2⤵
  PID:5452
- C:\Windows\System\oNzFpKl.exe
  C:\Windows\System\oNzFpKl.exe
  2⤵
  PID:5468
- C:\Windows\System\zjJGKeS.exe
  C:\Windows\System\zjJGKeS.exe
  2⤵
  PID:5484
- C:\Windows\System\tnBQneh.exe
  C:\Windows\System\tnBQneh.exe
  2⤵
  PID:5500
- C:\Windows\System\ECDTcwn.exe
  C:\Windows\System\ECDTcwn.exe
  2⤵
  PID:5516
- C:\Windows\System\HYFBVfT.exe
  C:\Windows\System\HYFBVfT.exe
  2⤵
  PID:5532
- C:\Windows\System\kCMQThs.exe
  C:\Windows\System\kCMQThs.exe
  2⤵
  PID:5548
- C:\Windows\System\KwwUgam.exe
  C:\Windows\System\KwwUgam.exe
  2⤵
  PID:5564
- C:\Windows\System\FqATYCi.exe
  C:\Windows\System\FqATYCi.exe
  2⤵
  PID:5580
- C:\Windows\System\TQHcQUB.exe
  C:\Windows\System\TQHcQUB.exe
  2⤵
  PID:5596
- C:\Windows\System\zMySRee.exe
  C:\Windows\System\zMySRee.exe
  2⤵
  PID:5612
- C:\Windows\System\dVWlLFM.exe
  C:\Windows\System\dVWlLFM.exe
  2⤵
  PID:5632
- C:\Windows\System\rOaAWWt.exe
  C:\Windows\System\rOaAWWt.exe
  2⤵
  PID:5648
- C:\Windows\System\tVhQvpz.exe
  C:\Windows\System\tVhQvpz.exe
  2⤵
  PID:5664
- C:\Windows\System\KFzosaA.exe
  C:\Windows\System\KFzosaA.exe
  2⤵
  PID:5680
- C:\Windows\System\BKXzoxi.exe
  C:\Windows\System\BKXzoxi.exe
  2⤵
  PID:5696
- C:\Windows\System\RQUpjsZ.exe
  C:\Windows\System\RQUpjsZ.exe
  2⤵
  PID:5712
- C:\Windows\System\bWAgUhX.exe
  C:\Windows\System\bWAgUhX.exe
  2⤵
  PID:5728
- C:\Windows\System\vHQtgXi.exe
  C:\Windows\System\vHQtgXi.exe
  2⤵
  PID:5744
- C:\Windows\System\gRwIUZY.exe
  C:\Windows\System\gRwIUZY.exe
  2⤵
  PID:5760
- C:\Windows\System\IsOKqaG.exe
  C:\Windows\System\IsOKqaG.exe
  2⤵
  PID:5776
- C:\Windows\System\FSHbHUL.exe
  C:\Windows\System\FSHbHUL.exe
  2⤵
  PID:5792
- C:\Windows\System\IQKsxsO.exe
  C:\Windows\System\IQKsxsO.exe
  2⤵
  PID:5808
- C:\Windows\System\LLppXXY.exe
  C:\Windows\System\LLppXXY.exe
  2⤵
  PID:5824
- C:\Windows\System\eBgbGma.exe
  C:\Windows\System\eBgbGma.exe
  2⤵
  PID:5840
- C:\Windows\System\AtNjbNJ.exe
  C:\Windows\System\AtNjbNJ.exe
  2⤵
  PID:5856
- C:\Windows\System\OGKgBWy.exe
  C:\Windows\System\OGKgBWy.exe
  2⤵
  PID:5872
- C:\Windows\System\HZoTsdX.exe
  C:\Windows\System\HZoTsdX.exe
  2⤵
  PID:5888
- C:\Windows\System\RLeCrnP.exe
  C:\Windows\System\RLeCrnP.exe
  2⤵
  PID:5904
- C:\Windows\System\rWlzPgs.exe
  C:\Windows\System\rWlzPgs.exe
  2⤵
  PID:5920
- C:\Windows\System\AAlIVIL.exe
  C:\Windows\System\AAlIVIL.exe
  2⤵
  PID:5936
- C:\Windows\System\ztlOnWs.exe
  C:\Windows\System\ztlOnWs.exe
  2⤵
  PID:5952
- C:\Windows\System\HMFHFHy.exe
  C:\Windows\System\HMFHFHy.exe
  2⤵
  PID:5968
- C:\Windows\System\awkCmPN.exe
  C:\Windows\System\awkCmPN.exe
  2⤵
  PID:5984
- C:\Windows\System\JvsYlsb.exe
  C:\Windows\System\JvsYlsb.exe
  2⤵
  PID:6000
- C:\Windows\System\BLmFWWO.exe
  C:\Windows\System\BLmFWWO.exe
  2⤵
  PID:6016
- C:\Windows\System\ckNgVcA.exe
  C:\Windows\System\ckNgVcA.exe
  2⤵
  PID:6032
- C:\Windows\System\uxclVXg.exe
  C:\Windows\System\uxclVXg.exe
  2⤵
  PID:6048
- C:\Windows\System\zDRemTL.exe
  C:\Windows\System\zDRemTL.exe
  2⤵
  PID:6064
- C:\Windows\System\RnEcLjR.exe
  C:\Windows\System\RnEcLjR.exe
  2⤵
  PID:6080
- C:\Windows\System\GljncVQ.exe
  C:\Windows\System\GljncVQ.exe
  2⤵
  PID:6096
- C:\Windows\System\jGUweob.exe
  C:\Windows\System\jGUweob.exe
  2⤵
  PID:6112
- C:\Windows\System\hzuXjSA.exe
  C:\Windows\System\hzuXjSA.exe
  2⤵
  PID:6128
- C:\Windows\System\qRNOoqc.exe
  C:\Windows\System\qRNOoqc.exe
  2⤵
  PID:4752
- C:\Windows\System\jjeQvkI.exe
  C:\Windows\System\jjeQvkI.exe
  2⤵
  PID:4784
- C:\Windows\System\EUCcChq.exe
  C:\Windows\System\EUCcChq.exe
  2⤵
  PID:4800
- C:\Windows\System\cksJEXh.exe
  C:\Windows\System\cksJEXh.exe
  2⤵
  PID:4884
- C:\Windows\System\VGAvjBC.exe
  C:\Windows\System\VGAvjBC.exe
  2⤵
  PID:4964
- C:\Windows\System\KuhEcPr.exe
  C:\Windows\System\KuhEcPr.exe
  2⤵
  PID:4996
- C:\Windows\System\yfyZVsh.exe
  C:\Windows\System\yfyZVsh.exe
  2⤵
  PID:5108
- C:\Windows\System\ouhXEWY.exe
  C:\Windows\System\ouhXEWY.exe
  2⤵
  PID:3780
- C:\Windows\System\bOErEHM.exe
  C:\Windows\System\bOErEHM.exe
  2⤵
  PID:3384
- C:\Windows\System\YWZTdfd.exe
  C:\Windows\System\YWZTdfd.exe
  2⤵
  PID:4256
- C:\Windows\System\DwfoIyd.exe
  C:\Windows\System\DwfoIyd.exe
  2⤵
  PID:4348
- C:\Windows\System\ZyxBZJY.exe
  C:\Windows\System\ZyxBZJY.exe
  2⤵
  PID:4400
- C:\Windows\System\PvpFVJX.exe
  C:\Windows\System\PvpFVJX.exe
  2⤵
  PID:4576
- C:\Windows\System\aycGYYA.exe
  C:\Windows\System\aycGYYA.exe
  2⤵
  PID:4608
- C:\Windows\System\xOHLfFZ.exe
  C:\Windows\System\xOHLfFZ.exe
  2⤵
  PID:5144
- C:\Windows\System\qrzeYlN.exe
  C:\Windows\System\qrzeYlN.exe
  2⤵
  PID:5172
- C:\Windows\System\NeEvQPh.exe
  C:\Windows\System\NeEvQPh.exe
  2⤵
  PID:5224
- C:\Windows\System\zsuCAGP.exe
  C:\Windows\System\zsuCAGP.exe
  2⤵
  PID:5256
- C:\Windows\System\yWNwQyt.exe
  C:\Windows\System\yWNwQyt.exe
  2⤵
  PID:5288
- C:\Windows\System\mAakfBh.exe
  C:\Windows\System\mAakfBh.exe
  2⤵
  PID:5320
- C:\Windows\System\JwnVeKx.exe
  C:\Windows\System\JwnVeKx.exe
  2⤵
  PID:5336
- C:\Windows\System\AjSAtEx.exe
  C:\Windows\System\AjSAtEx.exe
  2⤵
  PID:5384
- C:\Windows\System\NRGgdHX.exe
  C:\Windows\System\NRGgdHX.exe
  2⤵
  PID:5400
- C:\Windows\System\QBhxZHC.exe
  C:\Windows\System\QBhxZHC.exe
  2⤵
  PID:5444
- C:\Windows\System\AQPMUub.exe
  C:\Windows\System\AQPMUub.exe
  2⤵
  PID:5476
- C:\Windows\System\brSdGzl.exe
  C:\Windows\System\brSdGzl.exe
  2⤵
  PID:5496
- C:\Windows\System\CoATeKq.exe
  C:\Windows\System\CoATeKq.exe
  2⤵
  PID:5540
- C:\Windows\System\hqmfKTH.exe
  C:\Windows\System\hqmfKTH.exe
  2⤵
  PID:5576
- C:\Windows\System\rTRhvYt.exe
  C:\Windows\System\rTRhvYt.exe
  2⤵
  PID:5604
- C:\Windows\System\ycAOFnc.exe
  C:\Windows\System\ycAOFnc.exe
  2⤵
  PID:5672
- C:\Windows\System\AMuzwvw.exe
  C:\Windows\System\AMuzwvw.exe
  2⤵
  PID:5624
- C:\Windows\System\LIGlRyT.exe
  C:\Windows\System\LIGlRyT.exe
  2⤵
  PID:5708
- C:\Windows\System\ynbpsLO.exe
  C:\Windows\System\ynbpsLO.exe
  2⤵
  PID:5720
- C:\Windows\System\ABzKzJJ.exe
  C:\Windows\System\ABzKzJJ.exe
  2⤵
  PID:5772
- C:\Windows\System\FEaYAEE.exe
  C:\Windows\System\FEaYAEE.exe
  2⤵
  PID:5832
- C:\Windows\System\MxlfiVv.exe
  C:\Windows\System\MxlfiVv.exe
  2⤵
  PID:5896
- C:\Windows\System\lwbREqM.exe
  C:\Windows\System\lwbREqM.exe
  2⤵
  PID:5820
- C:\Windows\System\bGEIjCb.exe
  C:\Windows\System\bGEIjCb.exe
  2⤵
  PID:5848
- C:\Windows\System\YGBUNsw.exe
  C:\Windows\System\YGBUNsw.exe
  2⤵
  PID:5884
- C:\Windows\System\zuKhSXP.exe
  C:\Windows\System\zuKhSXP.exe
  2⤵
  PID:5964
- C:\Windows\System\KNmrluz.exe
  C:\Windows\System\KNmrluz.exe
  2⤵
  PID:5996
- C:\Windows\System\ryeNwwS.exe
  C:\Windows\System\ryeNwwS.exe
  2⤵
  PID:6056
- C:\Windows\System\mRetDdG.exe
  C:\Windows\System\mRetDdG.exe
  2⤵
  PID:6076
- C:\Windows\System\LtfUjGh.exe
  C:\Windows\System\LtfUjGh.exe
  2⤵
  PID:5976
- C:\Windows\System\QpkxqcN.exe
  C:\Windows\System\QpkxqcN.exe
  2⤵
  PID:6120
- C:\Windows\System\MfzDsmb.exe
  C:\Windows\System\MfzDsmb.exe
  2⤵
  PID:6108
- C:\Windows\System\VMABSFV.exe
  C:\Windows\System\VMABSFV.exe
  2⤵
  PID:4868
- C:\Windows\System\oHePIdn.exe
  C:\Windows\System\oHePIdn.exe
  2⤵
  PID:4960
- C:\Windows\System\ITLblAX.exe
  C:\Windows\System\ITLblAX.exe
  2⤵
  PID:3908
- C:\Windows\System\bBunKzm.exe
  C:\Windows\System\bBunKzm.exe
  2⤵
  PID:4976
- C:\Windows\System\ZwyqJsE.exe
  C:\Windows\System\ZwyqJsE.exe
  2⤵
  PID:3928
- C:\Windows\System\UQVDBLd.exe
  C:\Windows\System\UQVDBLd.exe
  2⤵
  PID:4240
- C:\Windows\System\JKgwdBu.exe
  C:\Windows\System\JKgwdBu.exe
  2⤵
  PID:4508
- C:\Windows\System\PcgcUes.exe
  C:\Windows\System\PcgcUes.exe
  2⤵
  PID:5156
- C:\Windows\System\MJPPlyF.exe
  C:\Windows\System\MJPPlyF.exe
  2⤵
  PID:5316
- C:\Windows\System\LxsrCqA.exe
  C:\Windows\System\LxsrCqA.exe
  2⤵
  PID:5300
- C:\Windows\System\lLnJtCE.exe
  C:\Windows\System\lLnJtCE.exe
  2⤵
  PID:5348
- C:\Windows\System\tVQqZoT.exe
  C:\Windows\System\tVQqZoT.exe
  2⤵
  PID:5428
- C:\Windows\System\FLRqipZ.exe
  C:\Windows\System\FLRqipZ.exe
  2⤵
  PID:5508
- C:\Windows\System\CIAyRIY.exe
  C:\Windows\System\CIAyRIY.exe
  2⤵
  PID:5572
- C:\Windows\System\wUaIerz.exe
  C:\Windows\System\wUaIerz.exe
  2⤵
  PID:5704
- C:\Windows\System\DCWdjCm.exe
  C:\Windows\System\DCWdjCm.exe
  2⤵
  PID:5688
- C:\Windows\System\dJqjyrC.exe
  C:\Windows\System\dJqjyrC.exe
  2⤵
  PID:5740
- C:\Windows\System\EqoovWz.exe
  C:\Windows\System\EqoovWz.exe
  2⤵
  PID:5880
- C:\Windows\System\JfXgYxt.exe
  C:\Windows\System\JfXgYxt.exe
  2⤵
  PID:5960
- C:\Windows\System\shVuoGQ.exe
  C:\Windows\System\shVuoGQ.exe
  2⤵
  PID:2820
- C:\Windows\System\FDbwltb.exe
  C:\Windows\System\FDbwltb.exe
  2⤵
  PID:6008
- C:\Windows\System\fjNCgnY.exe
  C:\Windows\System\fjNCgnY.exe
  2⤵
  PID:5948
- C:\Windows\System\OQxRRzF.exe
  C:\Windows\System\OQxRRzF.exe
  2⤵
  PID:6040
- C:\Windows\System\qJqBkEb.exe
  C:\Windows\System\qJqBkEb.exe
  2⤵
  PID:6148
- C:\Windows\System\xPYywVw.exe
  C:\Windows\System\xPYywVw.exe
  2⤵
  PID:6164
- C:\Windows\System\dZyXQDX.exe
  C:\Windows\System\dZyXQDX.exe
  2⤵
  PID:6180
- C:\Windows\System\mthWukr.exe
  C:\Windows\System\mthWukr.exe
  2⤵
  PID:6196
- C:\Windows\System\YkVKpyN.exe
  C:\Windows\System\YkVKpyN.exe
  2⤵
  PID:6212
- C:\Windows\System\AWYtwqX.exe
  C:\Windows\System\AWYtwqX.exe
  2⤵
  PID:6228
- C:\Windows\System\GxvLqKt.exe
  C:\Windows\System\GxvLqKt.exe
  2⤵
  PID:6244
- C:\Windows\System\LGanhCn.exe
  C:\Windows\System\LGanhCn.exe
  2⤵
  PID:6260
- C:\Windows\System\knBJbUB.exe
  C:\Windows\System\knBJbUB.exe
  2⤵
  PID:6276
- C:\Windows\System\ffNxXgt.exe
  C:\Windows\System\ffNxXgt.exe
  2⤵
  PID:6292
- C:\Windows\System\MFpMDXY.exe
  C:\Windows\System\MFpMDXY.exe
  2⤵
  PID:6308
- C:\Windows\System\MYoZFIn.exe
  C:\Windows\System\MYoZFIn.exe
  2⤵
  PID:6324
- C:\Windows\System\UMwKPFB.exe
  C:\Windows\System\UMwKPFB.exe
  2⤵
  PID:6340
- C:\Windows\System\ZMVfwYq.exe
  C:\Windows\System\ZMVfwYq.exe
  2⤵
  PID:6360
- C:\Windows\System\eglCxrv.exe
  C:\Windows\System\eglCxrv.exe
  2⤵
  PID:6376
- C:\Windows\System\vNCvTek.exe
  C:\Windows\System\vNCvTek.exe
  2⤵
  PID:6392
- C:\Windows\System\ebPSXBJ.exe
  C:\Windows\System\ebPSXBJ.exe
  2⤵
  PID:6408
- C:\Windows\System\hbDvzAG.exe
  C:\Windows\System\hbDvzAG.exe
  2⤵
  PID:6432
- C:\Windows\System\jbZMIho.exe
  C:\Windows\System\jbZMIho.exe
  2⤵
  PID:6448
- C:\Windows\System\BcWUEON.exe
  C:\Windows\System\BcWUEON.exe
  2⤵
  PID:6464
- C:\Windows\System\VoRLwTd.exe
  C:\Windows\System\VoRLwTd.exe
  2⤵
  PID:6828
- C:\Windows\System\TbLCXPm.exe
  C:\Windows\System\TbLCXPm.exe
  2⤵
  PID:6860
- C:\Windows\System\HIdArBh.exe
  C:\Windows\System\HIdArBh.exe
  2⤵
  PID:5524
- C:\Windows\System\uStsijG.exe
  C:\Windows\System\uStsijG.exe
  2⤵
  PID:6476
- C:\Windows\System\PDaQhEC.exe
  C:\Windows\System\PDaQhEC.exe
  2⤵
  PID:6272
- C:\Windows\System\umjyCtq.exe
  C:\Windows\System\umjyCtq.exe
  2⤵
  PID:6496
- C:\Windows\System\FRWtNNB.exe
  C:\Windows\System\FRWtNNB.exe
  2⤵
  PID:6504
- C:\Windows\System\zzeBkcw.exe
  C:\Windows\System\zzeBkcw.exe
  2⤵
  PID:6520
- C:\Windows\System\UitCKir.exe
  C:\Windows\System\UitCKir.exe
  2⤵
  PID:6540
- C:\Windows\System\grYIZNX.exe
  C:\Windows\System\grYIZNX.exe
  2⤵
  PID:6556
- C:\Windows\System\oXEEwtG.exe
  C:\Windows\System\oXEEwtG.exe
  2⤵
  PID:6580
- C:\Windows\System\DKMQwRx.exe
  C:\Windows\System\DKMQwRx.exe
  2⤵
  PID:6616
- C:\Windows\System\KiSailB.exe
  C:\Windows\System\KiSailB.exe
  2⤵
  PID:6632
- C:\Windows\System\pjfOQzx.exe
  C:\Windows\System\pjfOQzx.exe
  2⤵
  PID:6652
- C:\Windows\System\WhbOWlT.exe
  C:\Windows\System\WhbOWlT.exe
  2⤵
  PID:6668
- C:\Windows\System\yIRxUIt.exe
  C:\Windows\System\yIRxUIt.exe
  2⤵
  PID:6680
- C:\Windows\System\dEOpbtj.exe
  C:\Windows\System\dEOpbtj.exe
  2⤵
  PID:6700
- C:\Windows\System\DdhhLkf.exe
  C:\Windows\System\DdhhLkf.exe
  2⤵
  PID:6716
- C:\Windows\System\PZuDvcQ.exe
  C:\Windows\System\PZuDvcQ.exe
  2⤵
  PID:6732
- C:\Windows\System\QuLhGcI.exe
  C:\Windows\System\QuLhGcI.exe
  2⤵
  PID:6748
- C:\Windows\System\akXahqU.exe
  C:\Windows\System\akXahqU.exe
  2⤵
  PID:6764
- C:\Windows\System\yMBzngt.exe
  C:\Windows\System\yMBzngt.exe
  2⤵
  PID:6780
- C:\Windows\System\lHegoet.exe
  C:\Windows\System\lHegoet.exe
  2⤵
  PID:6800
- C:\Windows\System\eqrHKwT.exe
  C:\Windows\System\eqrHKwT.exe
  2⤵
  PID:6816
- C:\Windows\System\fjNBVxv.exe
  C:\Windows\System\fjNBVxv.exe
  2⤵
  PID:6368
- C:\Windows\System\qqeKpza.exe
  C:\Windows\System\qqeKpza.exe
  2⤵
  PID:6440
- C:\Windows\System\YbbRItH.exe
  C:\Windows\System\YbbRItH.exe
  2⤵
  PID:5756
- C:\Windows\System\ongSzeK.exe
  C:\Windows\System\ongSzeK.exe
  2⤵
  PID:2688
- C:\Windows\System\YRaIegq.exe
  C:\Windows\System\YRaIegq.exe
  2⤵
  PID:6192
- C:\Windows\System\wINzXqV.exe
  C:\Windows\System\wINzXqV.exe
  2⤵
  PID:6252
- C:\Windows\System\zHozbFn.exe
  C:\Windows\System\zHozbFn.exe
  2⤵
  PID:6320
- C:\Windows\System\qmEornO.exe
  C:\Windows\System\qmEornO.exe
  2⤵
  PID:6388
- C:\Windows\System\VCjxGRj.exe
  C:\Windows\System\VCjxGRj.exe
  2⤵
  PID:6420
- C:\Windows\System\VJCHwYU.exe
  C:\Windows\System\VJCHwYU.exe
  2⤵
  PID:6876
- C:\Windows\System\KbItaYs.exe
  C:\Windows\System\KbItaYs.exe
  2⤵
  PID:6892
- C:\Windows\System\fRNdmqm.exe
  C:\Windows\System\fRNdmqm.exe
  2⤵
  PID:6908
- C:\Windows\System\ktrvnsE.exe
  C:\Windows\System\ktrvnsE.exe
  2⤵
  PID:6936
- C:\Windows\System\YqRxKRV.exe
  C:\Windows\System\YqRxKRV.exe
  2⤵
  PID:6952
- C:\Windows\System\mQNbYfM.exe
  C:\Windows\System\mQNbYfM.exe
  2⤵
  PID:6968
- C:\Windows\System\NIalvRk.exe
  C:\Windows\System\NIalvRk.exe
  2⤵
  PID:6984
- C:\Windows\System\nvIsfyN.exe
  C:\Windows\System\nvIsfyN.exe
  2⤵
  PID:7000
- C:\Windows\System\OeIRgwb.exe
  C:\Windows\System\OeIRgwb.exe
  2⤵
  PID:7016
- C:\Windows\System\qJLnCHj.exe
  C:\Windows\System\qJLnCHj.exe
  2⤵
  PID:7036
- C:\Windows\System\FGRpQkP.exe
  C:\Windows\System\FGRpQkP.exe
  2⤵
  PID:7056
- C:\Windows\System\TmUoegS.exe
  C:\Windows\System\TmUoegS.exe
  2⤵
  PID:7068
- C:\Windows\System\suWeDTG.exe
  C:\Windows\System\suWeDTG.exe
  2⤵
  PID:7084
- C:\Windows\System\JYTxqqz.exe
  C:\Windows\System\JYTxqqz.exe
  2⤵
  PID:7100
- C:\Windows\System\iKTcDZe.exe
  C:\Windows\System\iKTcDZe.exe
  2⤵
  PID:7116
- C:\Windows\System\rxpuGnT.exe
  C:\Windows\System\rxpuGnT.exe
  2⤵
  PID:7132
- C:\Windows\System\vIFXQMO.exe
  C:\Windows\System\vIFXQMO.exe
  2⤵
  PID:7148
- C:\Windows\System\ltvzKyh.exe
  C:\Windows\System\ltvzKyh.exe
  2⤵
  PID:7160
- C:\Windows\System\uharKQl.exe
  C:\Windows\System\uharKQl.exe
  2⤵
  PID:6136
- C:\Windows\System\TWEMOYe.exe
  C:\Windows\System\TWEMOYe.exe
  2⤵
  PID:2788
- C:\Windows\System\kDpKSUQ.exe
  C:\Windows\System\kDpKSUQ.exe
  2⤵
  PID:2100
- C:\Windows\System\cYerHbh.exe
  C:\Windows\System\cYerHbh.exe
  2⤵
  PID:2896
- C:\Windows\System\EARSMqR.exe
  C:\Windows\System\EARSMqR.exe
  2⤵
  PID:320
- C:\Windows\System\wdtTSqR.exe
  C:\Windows\System\wdtTSqR.exe
  2⤵
  PID:2676
- C:\Windows\System\jWhTuPZ.exe
  C:\Windows\System\jWhTuPZ.exe
  2⤵
  PID:2412
- C:\Windows\System\uWCUJCp.exe
  C:\Windows\System\uWCUJCp.exe
  2⤵
  PID:2512
- C:\Windows\System\YKFafwp.exe
  C:\Windows\System\YKFafwp.exe
  2⤵
  PID:3112
- C:\Windows\System\lyBYcxM.exe
  C:\Windows\System\lyBYcxM.exe
  2⤵
  PID:908
- C:\Windows\System\XbZtcOI.exe
  C:\Windows\System\XbZtcOI.exe
  2⤵
  PID:3636
- C:\Windows\System\ZldJHys.exe
  C:\Windows\System\ZldJHys.exe
  2⤵
  PID:1768
- C:\Windows\System\JSueDTW.exe
  C:\Windows\System\JSueDTW.exe
  2⤵
  PID:2568
- C:\Windows\System\yQoXjWa.exe
  C:\Windows\System\yQoXjWa.exe
  2⤵
  PID:5464
- C:\Windows\System\rnymZSg.exe
  C:\Windows\System\rnymZSg.exe
  2⤵
  PID:2868
- C:\Windows\System\BUrocYH.exe
  C:\Windows\System\BUrocYH.exe
  2⤵
  PID:4992
- C:\Windows\System\EuiLpUM.exe
  C:\Windows\System\EuiLpUM.exe
  2⤵
  PID:2752
- C:\Windows\System\dpCBnZA.exe
  C:\Windows\System\dpCBnZA.exe
  2⤵
  PID:5284
- C:\Windows\System\lyRcycp.exe
  C:\Windows\System\lyRcycp.exe
  2⤵
  PID:760
- C:\Windows\System\aZlLuNE.exe
  C:\Windows\System\aZlLuNE.exe
  2⤵
  PID:2940
- C:\Windows\System\VFjUiWp.exe
  C:\Windows\System\VFjUiWp.exe
  2⤵
  PID:6268
- C:\Windows\System\CmlTgBz.exe
  C:\Windows\System\CmlTgBz.exe
  2⤵
  PID:6516
- C:\Windows\System\GqtmWxr.exe
  C:\Windows\System\GqtmWxr.exe
  2⤵
  PID:6588
- C:\Windows\System\vzhpskk.exe
  C:\Windows\System\vzhpskk.exe
  2⤵
  PID:6336
- C:\Windows\System\UIANNnD.exe
  C:\Windows\System\UIANNnD.exe
  2⤵
  PID:6608
- C:\Windows\System\twtDAnn.exe
  C:\Windows\System\twtDAnn.exe
  2⤵
  PID:6648
- C:\Windows\System\OrWYNDB.exe
  C:\Windows\System\OrWYNDB.exe
  2⤵
  PID:6712
- C:\Windows\System\DwjoNxw.exe
  C:\Windows\System\DwjoNxw.exe
  2⤵
  PID:6776
- C:\Windows\System\qkGqjJU.exe
  C:\Windows\System\qkGqjJU.exe
  2⤵
  PID:6568
- C:\Windows\System\eBNJyTC.exe
  C:\Windows\System\eBNJyTC.exe
  2⤵
  PID:6728
- C:\Windows\System\dhERAmJ.exe
  C:\Windows\System\dhERAmJ.exe
  2⤵
  PID:6792
- C:\Windows\System\Xqaxavy.exe
  C:\Windows\System\Xqaxavy.exe
  2⤵
  PID:6472
- C:\Windows\System\urBLjeV.exe
  C:\Windows\System\urBLjeV.exe
  2⤵
  PID:6692
- C:\Windows\System\tWdIJvo.exe
  C:\Windows\System\tWdIJvo.exe
  2⤵
  PID:6400
- C:\Windows\System\EnTvzss.exe
  C:\Windows\System\EnTvzss.exe
  2⤵
  PID:6660
- C:\Windows\System\lkdGEhd.exe
  C:\Windows\System\lkdGEhd.exe
  2⤵
  PID:6356
- C:\Windows\System\ArBttPG.exe
  C:\Windows\System\ArBttPG.exe
  2⤵
  PID:6900
- C:\Windows\System\eZfINQh.exe
  C:\Windows\System\eZfINQh.exe
  2⤵
  PID:6188
- C:\Windows\System\BUejhAi.exe
  C:\Windows\System\BUejhAi.exe
  2⤵
  PID:6428
- C:\Windows\System\hAuLqkc.exe
  C:\Windows\System\hAuLqkc.exe
  2⤵
  PID:6944
- C:\Windows\System\TpXyLFg.exe
  C:\Windows\System\TpXyLFg.exe
  2⤵
  PID:7008
- C:\Windows\System\FBsbqHg.exe
  C:\Windows\System\FBsbqHg.exe
  2⤵
  PID:6928
- C:\Windows\System\TZsHbVt.exe
  C:\Windows\System\TZsHbVt.exe
  2⤵
  PID:7048
- C:\Windows\System\DxPlBnj.exe
  C:\Windows\System\DxPlBnj.exe
  2⤵
  PID:7112
- C:\Windows\System\nzAuPjv.exe
  C:\Windows\System\nzAuPjv.exe
  2⤵
  PID:7024
- C:\Windows\System\nnBxfJK.exe
  C:\Windows\System\nnBxfJK.exe
  2⤵
  PID:7092
- C:\Windows\System\ZnnmSiV.exe
  C:\Windows\System\ZnnmSiV.exe
  2⤵
  PID:7144
- C:\Windows\System\LgWDRFM.exe
  C:\Windows\System\LgWDRFM.exe
  2⤵
  PID:876
- C:\Windows\System\MTbbCKD.exe
  C:\Windows\System\MTbbCKD.exe
  2⤵
  PID:2552
- C:\Windows\System\KuhrfZZ.exe
  C:\Windows\System\KuhrfZZ.exe
  2⤵
  PID:3080
- C:\Windows\System\TZCjfQP.exe
  C:\Windows\System\TZCjfQP.exe
  2⤵
  PID:2644
- C:\Windows\System\ifSvxzO.exe
  C:\Windows\System\ifSvxzO.exe
  2⤵
  PID:2112
- C:\Windows\System\lzUZtAU.exe
  C:\Windows\System\lzUZtAU.exe
  2⤵
  PID:7128
- C:\Windows\System\xtHTqwf.exe
  C:\Windows\System\xtHTqwf.exe
  2⤵
  PID:5252
- C:\Windows\System\FqxzQIM.exe
  C:\Windows\System\FqxzQIM.exe
  2⤵
  PID:5380
- C:\Windows\System\KobIUGJ.exe
  C:\Windows\System\KobIUGJ.exe
  2⤵
  PID:700
- C:\Windows\System\nERanaS.exe
  C:\Windows\System\nERanaS.exe
  2⤵
  PID:4656
- C:\Windows\System\IFFjfRK.exe
  C:\Windows\System\IFFjfRK.exe
  2⤵
  PID:6848
- C:\Windows\System\kGDpoAY.exe
  C:\Windows\System\kGDpoAY.exe
  2⤵
  PID:3368
- C:\Windows\System\wvDrsTp.exe
  C:\Windows\System\wvDrsTp.exe
  2⤵
  PID:5660
- C:\Windows\System\menpHfc.exe
  C:\Windows\System\menpHfc.exe
  2⤵
  PID:2804
- C:\Windows\System\ZggDbrj.exe
  C:\Windows\System\ZggDbrj.exe
  2⤵
  PID:2884
- C:\Windows\System\ZyySelT.exe
  C:\Windows\System\ZyySelT.exe
  2⤵
  PID:1652
- C:\Windows\System\fYcrILd.exe
  C:\Windows\System\fYcrILd.exe
  2⤵
  PID:2368
- C:\Windows\System\khWXPCU.exe
  C:\Windows\System\khWXPCU.exe
  2⤵
  PID:6124
- C:\Windows\System\yQptXtq.exe
  C:\Windows\System\yQptXtq.exe
  2⤵
  PID:6140
- C:\Windows\System\SRuuowX.exe
  C:\Windows\System\SRuuowX.exe
  2⤵
  PID:1504
- C:\Windows\System\nDjwTxc.exe
  C:\Windows\System\nDjwTxc.exe
  2⤵
  PID:2972
- C:\Windows\System\JTQmCQq.exe
  C:\Windows\System\JTQmCQq.exe
  2⤵
  PID:2864
- C:\Windows\System\SdFQbIq.exe
  C:\Windows\System\SdFQbIq.exe
  2⤵
  PID:5944
- C:\Windows\System\QgRloVN.exe
  C:\Windows\System\QgRloVN.exe
  2⤵
  PID:6236
- C:\Windows\System\wBENEtu.exe
  C:\Windows\System\wBENEtu.exe
  2⤵
  PID:6512
- C:\Windows\System\cLMiVkH.exe
  C:\Windows\System\cLMiVkH.exe
  2⤵
  PID:6600
- C:\Windows\System\hGIRIuo.exe
  C:\Windows\System\hGIRIuo.exe
  2⤵
  PID:6604
- C:\Windows\System\VJlGcry.exe
  C:\Windows\System\VJlGcry.exe
  2⤵
  PID:6532
- C:\Windows\System\lXczUlV.exe
  C:\Windows\System\lXczUlV.exe
  2⤵
  PID:6624
- C:\Windows\System\buJQFXz.exe
  C:\Windows\System\buJQFXz.exe
  2⤵
  PID:6868
- C:\Windows\System\KSWDWrh.exe
  C:\Windows\System\KSWDWrh.exe
  2⤵
  PID:6696
- C:\Windows\System\SzQDDbP.exe
  C:\Windows\System\SzQDDbP.exe
  2⤵
  PID:6960
- C:\Windows\System\UzVkTSV.exe
  C:\Windows\System\UzVkTSV.exe
  2⤵
  PID:6824
- C:\Windows\System\sJFkuQb.exe
  C:\Windows\System\sJFkuQb.exe
  2⤵
  PID:6224
- C:\Windows\System\fmTJHDJ.exe
  C:\Windows\System\fmTJHDJ.exe
  2⤵
  PID:6916
- C:\Windows\System\JMZRBHz.exe
  C:\Windows\System\JMZRBHz.exe
  2⤵
  PID:7124
- C:\Windows\System\WawhAEp.exe
  C:\Windows\System\WawhAEp.exe
  2⤵
  PID:6888
- C:\Windows\System\UhluTIf.exe
  C:\Windows\System\UhluTIf.exe
  2⤵
  PID:7080
- C:\Windows\System\zqSRsbJ.exe
  C:\Windows\System\zqSRsbJ.exe
  2⤵
  PID:2576
- C:\Windows\System\blpxBiB.exe
  C:\Windows\System\blpxBiB.exe
  2⤵
  PID:2536
- C:\Windows\System\MyMsSQC.exe
  C:\Windows\System\MyMsSQC.exe
  2⤵
  PID:7164
- C:\Windows\System\rWzWXCr.exe
  C:\Windows\System\rWzWXCr.exe
  2⤵
  PID:2712
- C:\Windows\System\ZkqoUuM.exe
  C:\Windows\System\ZkqoUuM.exe
  2⤵
  PID:1332
- C:\Windows\System\dEUJWbw.exe
  C:\Windows\System\dEUJWbw.exe
  2⤵
  PID:3004
- C:\Windows\System\jDPTeQC.exe
  C:\Windows\System\jDPTeQC.exe
  2⤵
  PID:2384
- C:\Windows\System\uPhjknB.exe
  C:\Windows\System\uPhjknB.exe
  2⤵
  PID:1560
- C:\Windows\System\ZEJHunu.exe
  C:\Windows\System\ZEJHunu.exe
  2⤵
  PID:5816
- C:\Windows\System\vRqbKpZ.exe
  C:\Windows\System\vRqbKpZ.exe
  2⤵
  PID:892
- C:\Windows\System\VmEOchn.exe
  C:\Windows\System\VmEOchn.exe
  2⤵
  PID:2592
- C:\Windows\System\bdjOdmP.exe
  C:\Windows\System\bdjOdmP.exe
  2⤵
  PID:2748
- C:\Windows\System\FHFZXDQ.exe
  C:\Windows\System\FHFZXDQ.exe
  2⤵
  PID:6500
- C:\Windows\System\zgYveEr.exe
  C:\Windows\System\zgYveEr.exe
  2⤵
  PID:6980
- C:\Windows\System\zFYRpjz.exe
  C:\Windows\System\zFYRpjz.exe
  2⤵
  PID:6528
- C:\Windows\System\PfZTWPN.exe
  C:\Windows\System\PfZTWPN.exe
  2⤵
  PID:6924
- C:\Windows\System\UIKoWmx.exe
  C:\Windows\System\UIKoWmx.exe
  2⤵
  PID:6564
- C:\Windows\System\siOxpvH.exe
  C:\Windows\System\siOxpvH.exe
  2⤵
  PID:1856
- C:\Windows\System\qyTzyXB.exe
  C:\Windows\System\qyTzyXB.exe
  2⤵
  PID:3016
- C:\Windows\System\EOdzKaj.exe
  C:\Windows\System\EOdzKaj.exe
  2⤵
  PID:6744
- C:\Windows\System\LOFNxOp.exe
  C:\Windows\System\LOFNxOp.exe
  2⤵
  PID:2608
- C:\Windows\System\ANtpWBN.exe
  C:\Windows\System\ANtpWBN.exe
  2⤵
  PID:7152
- C:\Windows\System\sDaXsHN.exe
  C:\Windows\System\sDaXsHN.exe
  2⤵
  PID:6208
- C:\Windows\System\FiRgRIv.exe
  C:\Windows\System\FiRgRIv.exe
  2⤵
  PID:7172
- C:\Windows\System\XELWJfN.exe
  C:\Windows\System\XELWJfN.exe
  2⤵
  PID:7188
- C:\Windows\System\LNzCdLX.exe
  C:\Windows\System\LNzCdLX.exe
  2⤵
  PID:7204
- C:\Windows\System\oYZkQhv.exe
  C:\Windows\System\oYZkQhv.exe
  2⤵
  PID:7220
- C:\Windows\System\UQlqudp.exe
  C:\Windows\System\UQlqudp.exe
  2⤵
  PID:7236
- C:\Windows\System\dxlzpHS.exe
  C:\Windows\System\dxlzpHS.exe
  2⤵
  PID:7252
- C:\Windows\System\rjxIYDQ.exe
  C:\Windows\System\rjxIYDQ.exe
  2⤵
  PID:7268
- C:\Windows\System\xivtvRm.exe
  C:\Windows\System\xivtvRm.exe
  2⤵
  PID:7284
- C:\Windows\System\SRfxpUS.exe
  C:\Windows\System\SRfxpUS.exe
  2⤵
  PID:7300
- C:\Windows\System\lsNoCFQ.exe
  C:\Windows\System\lsNoCFQ.exe
  2⤵
  PID:7316
- C:\Windows\System\nxtulDe.exe
  C:\Windows\System\nxtulDe.exe
  2⤵
  PID:7332
- C:\Windows\System\jpMHPGz.exe
  C:\Windows\System\jpMHPGz.exe
  2⤵
  PID:7348
- C:\Windows\System\AKotzLW.exe
  C:\Windows\System\AKotzLW.exe
  2⤵
  PID:7364
- C:\Windows\System\KHyFOCx.exe
  C:\Windows\System\KHyFOCx.exe
  2⤵
  PID:7380
- C:\Windows\System\AxxDvqF.exe
  C:\Windows\System\AxxDvqF.exe
  2⤵
  PID:7396
- C:\Windows\System\OSbXXiU.exe
  C:\Windows\System\OSbXXiU.exe
  2⤵
  PID:7412
- C:\Windows\System\rXdtRgl.exe
  C:\Windows\System\rXdtRgl.exe
  2⤵
  PID:7428
- C:\Windows\System\ymXqFEE.exe
  C:\Windows\System\ymXqFEE.exe
  2⤵
  PID:7444
- C:\Windows\System\GEqOUMW.exe
  C:\Windows\System\GEqOUMW.exe
  2⤵
  PID:7460
- C:\Windows\System\XVnqJXB.exe
  C:\Windows\System\XVnqJXB.exe
  2⤵
  PID:7476
- C:\Windows\System\IYGFlhx.exe
  C:\Windows\System\IYGFlhx.exe
  2⤵
  PID:7492
- C:\Windows\System\GQHyiua.exe
  C:\Windows\System\GQHyiua.exe
  2⤵
  PID:7508
- C:\Windows\System\FsxycYi.exe
  C:\Windows\System\FsxycYi.exe
  2⤵
  PID:7524
- C:\Windows\System\JaglQCR.exe
  C:\Windows\System\JaglQCR.exe
  2⤵
  PID:7540
- C:\Windows\System\GUkxDmr.exe
  C:\Windows\System\GUkxDmr.exe
  2⤵
  PID:7556
- C:\Windows\System\XtdzHpU.exe
  C:\Windows\System\XtdzHpU.exe
  2⤵
  PID:7572
- C:\Windows\System\wLMbTyL.exe
  C:\Windows\System\wLMbTyL.exe
  2⤵
  PID:7592
- C:\Windows\System\FfMNVwe.exe
  C:\Windows\System\FfMNVwe.exe
  2⤵
  PID:7608
- C:\Windows\System\OdWUPGn.exe
  C:\Windows\System\OdWUPGn.exe
  2⤵
  PID:7624
- C:\Windows\System\FFeYyzb.exe
  C:\Windows\System\FFeYyzb.exe
  2⤵
  PID:7640
- C:\Windows\System\YhGiWxj.exe
  C:\Windows\System\YhGiWxj.exe
  2⤵
  PID:7656
- C:\Windows\System\kxDadWc.exe
  C:\Windows\System\kxDadWc.exe
  2⤵
  PID:7672
- C:\Windows\System\FothksQ.exe
  C:\Windows\System\FothksQ.exe
  2⤵
  PID:7688
- C:\Windows\System\AnoFnaS.exe
  C:\Windows\System\AnoFnaS.exe
  2⤵
  PID:7704
- C:\Windows\System\gXqKSCg.exe
  C:\Windows\System\gXqKSCg.exe
  2⤵
  PID:7724
- C:\Windows\System\sDJqIFy.exe
  C:\Windows\System\sDJqIFy.exe
  2⤵
  PID:7740
- C:\Windows\System\jVpuPKV.exe
  C:\Windows\System\jVpuPKV.exe
  2⤵
  PID:7756
- C:\Windows\System\XAVxTQF.exe
  C:\Windows\System\XAVxTQF.exe
  2⤵
  PID:7772
- C:\Windows\System\VpCKLKY.exe
  C:\Windows\System\VpCKLKY.exe
  2⤵
  PID:7788
- C:\Windows\System\QjTxOVw.exe
  C:\Windows\System\QjTxOVw.exe
  2⤵
  PID:7804
- C:\Windows\System\YzNLGez.exe
  C:\Windows\System\YzNLGez.exe
  2⤵
  PID:7820
- C:\Windows\System\PPKcQKM.exe
  C:\Windows\System\PPKcQKM.exe
  2⤵
  PID:7836
- C:\Windows\System\ahJUIiQ.exe
  C:\Windows\System\ahJUIiQ.exe
  2⤵
  PID:7852
- C:\Windows\System\pmArfUs.exe
  C:\Windows\System\pmArfUs.exe
  2⤵
  PID:7868
- C:\Windows\System\ZVPBJQY.exe
  C:\Windows\System\ZVPBJQY.exe
  2⤵
  PID:7884
- C:\Windows\System\NmlvDph.exe
  C:\Windows\System\NmlvDph.exe
  2⤵
  PID:7900
- C:\Windows\System\LEjZJOD.exe
  C:\Windows\System\LEjZJOD.exe
  2⤵
  PID:7916
- C:\Windows\System\CWjnXQf.exe
  C:\Windows\System\CWjnXQf.exe
  2⤵
  PID:7932
- C:\Windows\System\oQlbPgr.exe
  C:\Windows\System\oQlbPgr.exe
  2⤵
  PID:7948
- C:\Windows\System\DSXGiKA.exe
  C:\Windows\System\DSXGiKA.exe
  2⤵
  PID:7964
- C:\Windows\System\XJQhIve.exe
  C:\Windows\System\XJQhIve.exe
  2⤵
  PID:7980
- C:\Windows\System\roAygUB.exe
  C:\Windows\System\roAygUB.exe
  2⤵
  PID:8000
- C:\Windows\System\zfYqHJz.exe
  C:\Windows\System\zfYqHJz.exe
  2⤵
  PID:8016
- C:\Windows\System\RmWtcsD.exe
  C:\Windows\System\RmWtcsD.exe
  2⤵
  PID:8032
- C:\Windows\System\CfCGQMp.exe
  C:\Windows\System\CfCGQMp.exe
  2⤵
  PID:8048
- C:\Windows\System\EmOZmGO.exe
  C:\Windows\System\EmOZmGO.exe
  2⤵
  PID:8064
- C:\Windows\System\jNaIOLg.exe
  C:\Windows\System\jNaIOLg.exe
  2⤵
  PID:8080
- C:\Windows\System\UewWjKL.exe
  C:\Windows\System\UewWjKL.exe
  2⤵
  PID:8096
- C:\Windows\System\QJZAqRS.exe
  C:\Windows\System\QJZAqRS.exe
  2⤵
  PID:8112
- C:\Windows\System\RrOXdCi.exe
  C:\Windows\System\RrOXdCi.exe
  2⤵
  PID:8128
- C:\Windows\System\MrbRDhr.exe
  C:\Windows\System\MrbRDhr.exe
  2⤵
  PID:8144
- C:\Windows\System\qyvKrRx.exe
  C:\Windows\System\qyvKrRx.exe
  2⤵
  PID:8160
- C:\Windows\System\hqzfAlU.exe
  C:\Windows\System\hqzfAlU.exe
  2⤵
  PID:8176
- C:\Windows\System\dFJiXFp.exe
  C:\Windows\System\dFJiXFp.exe
  2⤵
  PID:6996
- C:\Windows\System\XIMgmgA.exe
  C:\Windows\System\XIMgmgA.exe
  2⤵
  PID:2764
- C:\Windows\System\rhpwAPj.exe
  C:\Windows\System\rhpwAPj.exe
  2⤵
  PID:2840
- C:\Windows\System\wTbjEJX.exe
  C:\Windows\System\wTbjEJX.exe
  2⤵
  PID:6460
- C:\Windows\System\eJCMNmT.exe
  C:\Windows\System\eJCMNmT.exe
  2⤵
  PID:7228
- C:\Windows\System\CSyLXuR.exe
  C:\Windows\System\CSyLXuR.exe
  2⤵
  PID:7292
- C:\Windows\System\gqzChki.exe
  C:\Windows\System\gqzChki.exe
  2⤵
  PID:7356
- C:\Windows\System\jehDjiu.exe
  C:\Windows\System\jehDjiu.exe
  2⤵
  PID:7420
- C:\Windows\System\OdAzllE.exe
  C:\Windows\System\OdAzllE.exe
  2⤵
  PID:7484
- C:\Windows\System\IskrMMt.exe
  C:\Windows\System\IskrMMt.exe
  2⤵
  PID:7548
- C:\Windows\System\oijiODy.exe
  C:\Windows\System\oijiODy.exe
  2⤵
  PID:6484
- C:\Windows\System\XwFLmPv.exe
  C:\Windows\System\XwFLmPv.exe
  2⤵
  PID:7408
- C:\Windows\System\AVfVeag.exe
  C:\Windows\System\AVfVeag.exe
  2⤵
  PID:7532
- C:\Windows\System\DdXwwSM.exe
  C:\Windows\System\DdXwwSM.exe
  2⤵
  PID:6596
- C:\Windows\System\ZqmGBfX.exe
  C:\Windows\System\ZqmGBfX.exe
  2⤵
  PID:1824
- C:\Windows\System\KuZhuAi.exe
  C:\Windows\System\KuZhuAi.exe
  2⤵
  PID:6724
- C:\Windows\System\mufLacd.exe
  C:\Windows\System\mufLacd.exe
  2⤵
  PID:7180
- C:\Windows\System\QHAUyCz.exe
  C:\Windows\System\QHAUyCz.exe
  2⤵
  PID:7216
- C:\Windows\System\BIqRUAv.exe
  C:\Windows\System\BIqRUAv.exe
  2⤵
  PID:7312
- C:\Windows\System\SqOAiQe.exe
  C:\Windows\System\SqOAiQe.exe
  2⤵
  PID:7440
- C:\Windows\System\TMEglMc.exe
  C:\Windows\System\TMEglMc.exe
  2⤵
  PID:7568
- C:\Windows\System\HgpnHaw.exe
  C:\Windows\System\HgpnHaw.exe
  2⤵
  PID:7648
- C:\Windows\System\rCTeNOh.exe
  C:\Windows\System\rCTeNOh.exe
  2⤵
  PID:7716
- C:\Windows\System\BOiMrAo.exe
  C:\Windows\System\BOiMrAo.exe
  2⤵
  PID:7780
- C:\Windows\System\lZIoGgj.exe
  C:\Windows\System\lZIoGgj.exe
  2⤵
  PID:7844
- C:\Windows\System\EKqnLIX.exe
  C:\Windows\System\EKqnLIX.exe
  2⤵
  PID:7908
- C:\Windows\System\juJXFMd.exe
  C:\Windows\System\juJXFMd.exe
  2⤵
  PID:7604
- C:\Windows\System\iVPLOoH.exe
  C:\Windows\System\iVPLOoH.exe
  2⤵
  PID:7668
- C:\Windows\System\YPtwdXX.exe
  C:\Windows\System\YPtwdXX.exe
  2⤵
  PID:7764
- C:\Windows\System\PaMqGTA.exe
  C:\Windows\System\PaMqGTA.exe
  2⤵
  PID:7832
- C:\Windows\System\SyNjzAp.exe
  C:\Windows\System\SyNjzAp.exe
  2⤵
  PID:7896
- C:\Windows\System\fkCdDHk.exe
  C:\Windows\System\fkCdDHk.exe
  2⤵
  PID:7972
- C:\Windows\System\SDdyKlt.exe
  C:\Windows\System\SDdyKlt.exe
  2⤵
  PID:8040
- C:\Windows\System\kJiBXVw.exe
  C:\Windows\System\kJiBXVw.exe
  2⤵
  PID:7924
- C:\Windows\System\dQeIDnc.exe
  C:\Windows\System\dQeIDnc.exe
  2⤵
  PID:7988
- C:\Windows\System\MIEZejf.exe
  C:\Windows\System\MIEZejf.exe
  2⤵
  PID:8060
- C:\Windows\System\kSrQgMT.exe
  C:\Windows\System\kSrQgMT.exe
  2⤵
  PID:8140
- C:\Windows\System\oZwVYCw.exe
  C:\Windows\System\oZwVYCw.exe
  2⤵
  PID:768
- C:\Windows\System\uMSrpGN.exe
  C:\Windows\System\uMSrpGN.exe
  2⤵
  PID:7260
- C:\Windows\System\hjhhctF.exe
  C:\Windows\System\hjhhctF.exe
  2⤵
  PID:7516
- C:\Windows\System\xktuVAI.exe
  C:\Windows\System\xktuVAI.exe
  2⤵
  PID:7500
- C:\Windows\System\MjPTtsI.exe
  C:\Windows\System\MjPTtsI.exe
  2⤵
  PID:7520
- C:\Windows\System\pfWxMEt.exe
  C:\Windows\System\pfWxMEt.exe
  2⤵
  PID:8124
- C:\Windows\System\bsxpjkR.exe
  C:\Windows\System\bsxpjkR.exe
  2⤵
  PID:7196
- C:\Windows\System\uVmlHsN.exe
  C:\Windows\System\uVmlHsN.exe
  2⤵
  PID:2316
- C:\Windows\System\WrhtYcz.exe
  C:\Windows\System\WrhtYcz.exe
  2⤵
  PID:7328
- C:\Windows\System\qOlCMwR.exe
  C:\Windows\System\qOlCMwR.exe
  2⤵
  PID:7212
- C:\Windows\System\vOHMKWu.exe
  C:\Windows\System\vOHMKWu.exe
  2⤵
  PID:7376
- C:\Windows\System\cJaQIHE.exe
  C:\Windows\System\cJaQIHE.exe
  2⤵
  PID:7748
- C:\Windows\System\JyzNeGE.exe
  C:\Windows\System\JyzNeGE.exe
  2⤵
  PID:7632
- C:\Windows\System\fIuXfes.exe
  C:\Windows\System\fIuXfes.exe
  2⤵
  PID:7800
- C:\Windows\System\aWCJDzN.exe
  C:\Windows\System\aWCJDzN.exe
  2⤵
  PID:7504
- C:\Windows\System\hgpGPfi.exe
  C:\Windows\System\hgpGPfi.exe
  2⤵
  PID:7308
- C:\Windows\System\RkVAFps.exe
  C:\Windows\System\RkVAFps.exe
  2⤵
  PID:7816
- C:\Windows\System\CPAMANS.exe
  C:\Windows\System\CPAMANS.exe
  2⤵
  PID:7736
- C:\Windows\System\KYZUUML.exe
  C:\Windows\System\KYZUUML.exe
  2⤵
  PID:8012
- C:\Windows\System\znAqUgb.exe
  C:\Windows\System\znAqUgb.exe
  2⤵
  PID:8028
- C:\Windows\System\DRdsRna.exe
  C:\Windows\System\DRdsRna.exe
  2⤵
  PID:7392
- C:\Windows\System\LNdIVMO.exe
  C:\Windows\System\LNdIVMO.exe
  2⤵
  PID:7372
- C:\Windows\System\PTvYQAC.exe
  C:\Windows\System\PTvYQAC.exe
  2⤵
  PID:8120
- C:\Windows\System\jiSdvNO.exe
  C:\Windows\System\jiSdvNO.exe
  2⤵
  PID:3144
- C:\Windows\System\mRVEsye.exe
  C:\Windows\System\mRVEsye.exe
  2⤵
  PID:7324
- C:\Windows\System\lkLDHUi.exe
  C:\Windows\System\lkLDHUi.exe
  2⤵
  PID:7944
- C:\Windows\System\SCHkchv.exe
  C:\Windows\System\SCHkchv.exe
  2⤵
  PID:7388
- C:\Windows\System\UQHrDlK.exe
  C:\Windows\System\UQHrDlK.exe
  2⤵
  PID:7456
- C:\Windows\System\OTscShA.exe
  C:\Windows\System\OTscShA.exe
  2⤵
  PID:1136
- C:\Windows\System\NnGIHRS.exe
  C:\Windows\System\NnGIHRS.exe
  2⤵
  PID:7664
- C:\Windows\System\bBeBktA.exe
  C:\Windows\System\bBeBktA.exe
  2⤵
  PID:7828
- C:\Windows\System\xxFLMjZ.exe
  C:\Windows\System\xxFLMjZ.exe
  2⤵
  PID:7960
- C:\Windows\System\DIPQddP.exe
  C:\Windows\System\DIPQddP.exe
  2⤵
  PID:7876
- C:\Windows\System\EyqUgGS.exe
  C:\Windows\System\EyqUgGS.exe
  2⤵
  PID:8204
- C:\Windows\System\YgzSRJX.exe
  C:\Windows\System\YgzSRJX.exe
  2⤵
  PID:8220
- C:\Windows\System\yQwKMHr.exe
  C:\Windows\System\yQwKMHr.exe
  2⤵
  PID:8236
- C:\Windows\System\qhytNgz.exe
  C:\Windows\System\qhytNgz.exe
  2⤵
  PID:8252
- C:\Windows\System\OdlVPUJ.exe
  C:\Windows\System\OdlVPUJ.exe
  2⤵
  PID:8292
- C:\Windows\System\ugRcAGZ.exe
  C:\Windows\System\ugRcAGZ.exe
  2⤵
  PID:8308
- C:\Windows\System\SWgXbil.exe
  C:\Windows\System\SWgXbil.exe
  2⤵
  PID:8324
- C:\Windows\System\BsiYhDk.exe
  C:\Windows\System\BsiYhDk.exe
  2⤵
  PID:8340
- C:\Windows\System\sXrmlYa.exe
  C:\Windows\System\sXrmlYa.exe
  2⤵
  PID:8356
- C:\Windows\System\fxyNayP.exe
  C:\Windows\System\fxyNayP.exe
  2⤵
  PID:8372
- C:\Windows\System\UtaZGoQ.exe
  C:\Windows\System\UtaZGoQ.exe
  2⤵
  PID:8388
- C:\Windows\System\jpYmugD.exe
  C:\Windows\System\jpYmugD.exe
  2⤵
  PID:8404
- C:\Windows\System\CeEaXlX.exe
  C:\Windows\System\CeEaXlX.exe
  2⤵
  PID:8420
- C:\Windows\System\EIpqVfM.exe
  C:\Windows\System\EIpqVfM.exe
  2⤵
  PID:8436
- C:\Windows\System\EZuRPhO.exe
  C:\Windows\System\EZuRPhO.exe
  2⤵
  PID:8452
- C:\Windows\System\wAMfOxU.exe
  C:\Windows\System\wAMfOxU.exe
  2⤵
  PID:8468
- C:\Windows\System\kKtYhzk.exe
  C:\Windows\System\kKtYhzk.exe
  2⤵
  PID:8484
- C:\Windows\System\BaEyYIC.exe
  C:\Windows\System\BaEyYIC.exe
  2⤵
  PID:8500
- C:\Windows\System\XoozctS.exe
  C:\Windows\System\XoozctS.exe
  2⤵
  PID:8516
- C:\Windows\System\PTOJNaE.exe
  C:\Windows\System\PTOJNaE.exe
  2⤵
  PID:8532
- C:\Windows\System\xrdkXuD.exe
  C:\Windows\System\xrdkXuD.exe
  2⤵
  PID:8688
- C:\Windows\System\ecWYGow.exe
  C:\Windows\System\ecWYGow.exe
  2⤵
  PID:8744
- C:\Windows\System\TFsWomH.exe
  C:\Windows\System\TFsWomH.exe
  2⤵
  PID:8760
- C:\Windows\System\bQyqRZc.exe
  C:\Windows\System\bQyqRZc.exe
  2⤵
  PID:8776
- C:\Windows\System\HNthuBT.exe
  C:\Windows\System\HNthuBT.exe
  2⤵
  PID:8796
- C:\Windows\System\fwanfVt.exe
  C:\Windows\System\fwanfVt.exe
  2⤵
  PID:8812
- C:\Windows\System\OePfoqT.exe
  C:\Windows\System\OePfoqT.exe
  2⤵
  PID:8828
- C:\Windows\System\zLpkwOI.exe
  C:\Windows\System\zLpkwOI.exe
  2⤵
  PID:8844
- C:\Windows\System\IeHIFWs.exe
  C:\Windows\System\IeHIFWs.exe
  2⤵
  PID:8860
- C:\Windows\System\eEJuefn.exe
  C:\Windows\System\eEJuefn.exe
  2⤵
  PID:8876
- C:\Windows\System\tyjVjHo.exe
  C:\Windows\System\tyjVjHo.exe
  2⤵
  PID:8892
- C:\Windows\System\NUHlmIc.exe
  C:\Windows\System\NUHlmIc.exe
  2⤵
  PID:8908
- C:\Windows\System\bbUxhgJ.exe
  C:\Windows\System\bbUxhgJ.exe
  2⤵
  PID:8924
- C:\Windows\System\XgKHrYa.exe
  C:\Windows\System\XgKHrYa.exe
  2⤵
  PID:8940
- C:\Windows\System\sdbEUdv.exe
  C:\Windows\System\sdbEUdv.exe
  2⤵
  PID:8960
- C:\Windows\System\QqGehqc.exe
  C:\Windows\System\QqGehqc.exe
  2⤵
  PID:8976
- C:\Windows\System\OgheycX.exe
  C:\Windows\System\OgheycX.exe
  2⤵
  PID:8992
- C:\Windows\System\zEtALPM.exe
  C:\Windows\System\zEtALPM.exe
  2⤵
  PID:9008
- C:\Windows\System\xtaeCFC.exe
  C:\Windows\System\xtaeCFC.exe
  2⤵
  PID:9024
- C:\Windows\System\JiEGXaD.exe
  C:\Windows\System\JiEGXaD.exe
  2⤵
  PID:9040
- C:\Windows\System\MJXwAfR.exe
  C:\Windows\System\MJXwAfR.exe
  2⤵
  PID:9056
- C:\Windows\System\nutGuqh.exe
  C:\Windows\System\nutGuqh.exe
  2⤵
  PID:9072
- C:\Windows\System\kNVHvjY.exe
  C:\Windows\System\kNVHvjY.exe
  2⤵
  PID:9088
- C:\Windows\System\gTDvOAd.exe
  C:\Windows\System\gTDvOAd.exe
  2⤵
  PID:9112
- C:\Windows\System\CPgQpVd.exe
  C:\Windows\System\CPgQpVd.exe
  2⤵
  PID:9128
- C:\Windows\System\zqXCORG.exe
  C:\Windows\System\zqXCORG.exe
  2⤵
  PID:9144
- C:\Windows\System\kSIBFeu.exe
  C:\Windows\System\kSIBFeu.exe
  2⤵
  PID:9160
- C:\Windows\System\GeCiZPL.exe
  C:\Windows\System\GeCiZPL.exe
  2⤵
  PID:9176
- C:\Windows\System\EixnuWV.exe
  C:\Windows\System\EixnuWV.exe
  2⤵
  PID:9192
- C:\Windows\System\SXGqPoZ.exe
  C:\Windows\System\SXGqPoZ.exe
  2⤵
  PID:9208
- C:\Windows\System\JwOUaHh.exe
  C:\Windows\System\JwOUaHh.exe
  2⤵
  PID:5804
- C:\Windows\System\gjdbXnk.exe
  C:\Windows\System\gjdbXnk.exe
  2⤵
  PID:8212
- C:\Windows\System\VrDADoT.exe
  C:\Windows\System\VrDADoT.exe
  2⤵
  PID:8024
- C:\Windows\System\NeeFiRs.exe
  C:\Windows\System\NeeFiRs.exe
  2⤵
  PID:8056
- C:\Windows\System\zUkzrkB.exe
  C:\Windows\System\zUkzrkB.exe
  2⤵
  PID:8232
- C:\Windows\System\bDbAyKy.exe
  C:\Windows\System\bDbAyKy.exe
  2⤵
  PID:7992
- C:\Windows\System\hwseeTK.exe
  C:\Windows\System\hwseeTK.exe
  2⤵
  PID:8332
- C:\Windows\System\tDkIvpJ.exe
  C:\Windows\System\tDkIvpJ.exe
  2⤵
  PID:8400
- C:\Windows\System\OyRFDjN.exe
  C:\Windows\System\OyRFDjN.exe
  2⤵
  PID:8412
- C:\Windows\System\GdOudaT.exe
  C:\Windows\System\GdOudaT.exe
  2⤵
  PID:8384
- C:\Windows\System\mofoOtT.exe
  C:\Windows\System\mofoOtT.exe
  2⤵
  PID:8432
- C:\Windows\System\tchYhIv.exe
  C:\Windows\System\tchYhIv.exe
  2⤵
  PID:8492
- C:\Windows\System\AOVWCgk.exe
  C:\Windows\System\AOVWCgk.exe
  2⤵
  PID:8480
- C:\Windows\System\SCwXYOj.exe
  C:\Windows\System\SCwXYOj.exe
  2⤵
  PID:8528
- C:\Windows\System\ZvrZugO.exe
  C:\Windows\System\ZvrZugO.exe
  2⤵
  PID:8556
- C:\Windows\System\VXWYBRD.exe
  C:\Windows\System\VXWYBRD.exe
  2⤵
  PID:8576
- C:\Windows\System\JcjrEzw.exe
  C:\Windows\System\JcjrEzw.exe
  2⤵
  PID:8592
- C:\Windows\System\NFuaZJd.exe
  C:\Windows\System\NFuaZJd.exe
  2⤵
  PID:8608
- C:\Windows\System\GQiNZXO.exe
  C:\Windows\System\GQiNZXO.exe
  2⤵
  PID:8624
- C:\Windows\System\QcUjWPY.exe
  C:\Windows\System\QcUjWPY.exe
  2⤵
  PID:8644
- C:\Windows\System\pKWnjjC.exe
  C:\Windows\System\pKWnjjC.exe
  2⤵
  PID:8660
- C:\Windows\System\mGUOzuF.exe
  C:\Windows\System\mGUOzuF.exe
  2⤵
  PID:8684
- C:\Windows\System\IHiqhdX.exe
  C:\Windows\System\IHiqhdX.exe
  2⤵
  PID:8704
- C:\Windows\System\aOxNCUX.exe
  C:\Windows\System\aOxNCUX.exe
  2⤵
  PID:8720
- C:\Windows\System\OptUrdQ.exe
  C:\Windows\System\OptUrdQ.exe
  2⤵
  PID:8736
- C:\Windows\System\tVHEYao.exe
  C:\Windows\System\tVHEYao.exe
  2⤵
  PID:8804
- C:\Windows\System\bxigbJJ.exe
  C:\Windows\System\bxigbJJ.exe
  2⤵
  PID:8868
- C:\Windows\System\kLUOxUD.exe
  C:\Windows\System\kLUOxUD.exe
  2⤵
  PID:8932
- C:\Windows\System\RMZZsKd.exe
  C:\Windows\System\RMZZsKd.exe
  2⤵
  PID:9000
- C:\Windows\System\RgPYeTi.exe
  C:\Windows\System\RgPYeTi.exe
  2⤵
  PID:9064
- C:\Windows\System\VYkStsS.exe
  C:\Windows\System\VYkStsS.exe
  2⤵
  PID:8884
- C:\Windows\System\uNELINP.exe
  C:\Windows\System\uNELINP.exe
  2⤵
  PID:8784
- C:\Windows\System\xnzYTzr.exe
  C:\Windows\System\xnzYTzr.exe
  2⤵
  PID:8824
- C:\Windows\System\ifPxeUj.exe
  C:\Windows\System\ifPxeUj.exe
  2⤵
  PID:8916
- C:\Windows\System\yHYfCJu.exe
  C:\Windows\System\yHYfCJu.exe
  2⤵
  PID:8988
- C:\Windows\System\JPMGnfT.exe
  C:\Windows\System\JPMGnfT.exe
  2⤵
  PID:9052
- C:\Windows\System\XChAalO.exe
  C:\Windows\System\XChAalO.exe
  2⤵
  PID:9124
- C:\Windows\System\ZiDLlaw.exe
  C:\Windows\System\ZiDLlaw.exe
  2⤵
  PID:9152
- C:\Windows\System\xGPSxOx.exe
  C:\Windows\System\xGPSxOx.exe
  2⤵
  PID:9172
- C:\Windows\System\YvVFBTF.exe
  C:\Windows\System\YvVFBTF.exe
  2⤵
  PID:7344
- C:\Windows\System\RYhhvtO.exe
  C:\Windows\System\RYhhvtO.exe
  2⤵
  PID:7892
- C:\Windows\System\bwWSQPX.exe
  C:\Windows\System\bwWSQPX.exe
  2⤵
  PID:8228
- C:\Windows\System\iDgBrPK.exe
  C:\Windows\System\iDgBrPK.exe
  2⤵
  PID:7616
- C:\Windows\System\AJucPQh.exe
  C:\Windows\System\AJucPQh.exe
  2⤵
  PID:8200
- C:\Windows\System\XpohZug.exe
  C:\Windows\System\XpohZug.exe
  2⤵
  PID:6812
- C:\Windows\System\DhFWBwq.exe
  C:\Windows\System\DhFWBwq.exe
  2⤵
  PID:8568
- C:\Windows\System\sDTOIet.exe
  C:\Windows\System\sDTOIet.exe
  2⤵
  PID:8380
- C:\Windows\System\BWcBwnb.exe
  C:\Windows\System\BWcBwnb.exe
  2⤵
  PID:8588
- C:\Windows\System\WjoHsMm.exe
  C:\Windows\System\WjoHsMm.exe
  2⤵
  PID:8584
- C:\Windows\System\GWSsRAD.exe
  C:\Windows\System\GWSsRAD.exe
  2⤵
  PID:8668
- C:\Windows\System\ylkJMZT.exe
  C:\Windows\System\ylkJMZT.exe
  2⤵
  PID:8716
- C:\Windows\System\SccrQKQ.exe
  C:\Windows\System\SccrQKQ.exe
  2⤵
  PID:8904
- C:\Windows\System\QETOXJi.exe
  C:\Windows\System\QETOXJi.exe
  2⤵
  PID:8756
- C:\Windows\System\fRGILmp.exe
  C:\Windows\System\fRGILmp.exe
  2⤵
  PID:9020
- C:\Windows\System\yOLJfKd.exe
  C:\Windows\System\yOLJfKd.exe
  2⤵
  PID:9204
- C:\Windows\System\wRNnpGP.exe
  C:\Windows\System\wRNnpGP.exe
  2⤵
  PID:5460
- C:\Windows\System\ahsWWyl.exe
  C:\Windows\System\ahsWWyl.exe
  2⤵
  PID:8476
- C:\Windows\System\nXswGOB.exe
  C:\Windows\System\nXswGOB.exe
  2⤵
  PID:8772
- C:\Windows\System\EZGqLyY.exe
  C:\Windows\System\EZGqLyY.exe
  2⤵
  PID:8696
- C:\Windows\System\LvkgqFg.exe
  C:\Windows\System\LvkgqFg.exe
  2⤵
  PID:9232
- C:\Windows\System\ALVmhRG.exe
  C:\Windows\System\ALVmhRG.exe
  2⤵
  PID:9248
- C:\Windows\System\BcqylQc.exe
  C:\Windows\System\BcqylQc.exe
  2⤵
  PID:9264
- C:\Windows\System\mbjEfXv.exe
  C:\Windows\System\mbjEfXv.exe
  2⤵
  PID:9280
- C:\Windows\System\XEJaEdC.exe
  C:\Windows\System\XEJaEdC.exe
  2⤵
  PID:9296
- C:\Windows\System\GWcQKJJ.exe
  C:\Windows\System\GWcQKJJ.exe
  2⤵
  PID:9312
- C:\Windows\System\dznZHEq.exe
  C:\Windows\System\dznZHEq.exe
  2⤵
  PID:9328
- C:\Windows\System\NesNuzt.exe
  C:\Windows\System\NesNuzt.exe
  2⤵
  PID:9344
- C:\Windows\System\mJsIRlc.exe
  C:\Windows\System\mJsIRlc.exe
  2⤵
  PID:9360
- C:\Windows\System\bnrUdsV.exe
  C:\Windows\System\bnrUdsV.exe
  2⤵
  PID:9376
- C:\Windows\System\OkkuUgL.exe
  C:\Windows\System\OkkuUgL.exe
  2⤵
  PID:9392
- C:\Windows\System\NCPpbGp.exe
  C:\Windows\System\NCPpbGp.exe
  2⤵
  PID:9408
- C:\Windows\System\wLHDopb.exe
  C:\Windows\System\wLHDopb.exe
  2⤵
  PID:9424
- C:\Windows\System\CRrXIgG.exe
  C:\Windows\System\CRrXIgG.exe
  2⤵
  PID:9440
- C:\Windows\System\KYdQGnf.exe
  C:\Windows\System\KYdQGnf.exe
  2⤵
  PID:9456
- C:\Windows\System\ZyYmLEB.exe
  C:\Windows\System\ZyYmLEB.exe
  2⤵
  PID:9472
- C:\Windows\System\uuotKMY.exe
  C:\Windows\System\uuotKMY.exe
  2⤵
  PID:9488
- C:\Windows\System\QCfvblS.exe
  C:\Windows\System\QCfvblS.exe
  2⤵
  PID:9504
- C:\Windows\System\cwQvnxs.exe
  C:\Windows\System\cwQvnxs.exe
  2⤵
  PID:9520
- C:\Windows\System\avNSXKB.exe
  C:\Windows\System\avNSXKB.exe
  2⤵
  PID:9536
- C:\Windows\System\olTNkEo.exe
  C:\Windows\System\olTNkEo.exe
  2⤵
  PID:9552
- C:\Windows\System\qnKZlpi.exe
  C:\Windows\System\qnKZlpi.exe
  2⤵
  PID:9568
- C:\Windows\System\xGDGQhe.exe
  C:\Windows\System\xGDGQhe.exe
  2⤵
  PID:9584
- C:\Windows\System\hnjCfsV.exe
  C:\Windows\System\hnjCfsV.exe
  2⤵
  PID:9600
- C:\Windows\System\EYbPJaJ.exe
  C:\Windows\System\EYbPJaJ.exe
  2⤵
  PID:9616
- C:\Windows\System\MUirFHS.exe
  C:\Windows\System\MUirFHS.exe
  2⤵
  PID:9632
- C:\Windows\System\JheNpbA.exe
  C:\Windows\System\JheNpbA.exe
  2⤵
  PID:9648
- C:\Windows\System\pFiUrHx.exe
  C:\Windows\System\pFiUrHx.exe
  2⤵
  PID:9664
- C:\Windows\System\NaNAkWj.exe
  C:\Windows\System\NaNAkWj.exe
  2⤵
  PID:9680
- C:\Windows\System\aAbEgNa.exe
  C:\Windows\System\aAbEgNa.exe
  2⤵
  PID:9696
- C:\Windows\System\RzzYJIQ.exe
  C:\Windows\System\RzzYJIQ.exe
  2⤵
  PID:9712
- C:\Windows\System\iUfrUHF.exe
  C:\Windows\System\iUfrUHF.exe
  2⤵
  PID:9728
- C:\Windows\System\AdbeyLg.exe
  C:\Windows\System\AdbeyLg.exe
  2⤵
  PID:9744
- C:\Windows\System\fubkbrH.exe
  C:\Windows\System\fubkbrH.exe
  2⤵
  PID:9760
- C:\Windows\System\DUhKind.exe
  C:\Windows\System\DUhKind.exe
  2⤵
  PID:9776
- C:\Windows\System\IsFgvNp.exe
  C:\Windows\System\IsFgvNp.exe
  2⤵
  PID:9792
- C:\Windows\System\TBxjnhR.exe
  C:\Windows\System\TBxjnhR.exe
  2⤵
  PID:9808
- C:\Windows\System\BfvGrIq.exe
  C:\Windows\System\BfvGrIq.exe
  2⤵
  PID:9824
- C:\Windows\System\KUWhVeH.exe
  C:\Windows\System\KUWhVeH.exe
  2⤵
  PID:9840
- C:\Windows\System\acSeZyc.exe
  C:\Windows\System\acSeZyc.exe
  2⤵
  PID:9856
- C:\Windows\System\DBKpEwn.exe
  C:\Windows\System\DBKpEwn.exe
  2⤵
  PID:9872
- C:\Windows\System\rwrgedZ.exe
  C:\Windows\System\rwrgedZ.exe
  2⤵
  PID:9888
- C:\Windows\System\mnoVCIP.exe
  C:\Windows\System\mnoVCIP.exe
  2⤵
  PID:9904
- C:\Windows\System\kdvPxoO.exe
  C:\Windows\System\kdvPxoO.exe
  2⤵
  PID:9920
- C:\Windows\System\RQxFuRF.exe
  C:\Windows\System\RQxFuRF.exe
  2⤵
  PID:9936
- C:\Windows\System\DvXASGk.exe
  C:\Windows\System\DvXASGk.exe
  2⤵
  PID:9952
- C:\Windows\System\wOAwrAe.exe
  C:\Windows\System\wOAwrAe.exe
  2⤵
  PID:9968
- C:\Windows\System\aNIniHJ.exe
  C:\Windows\System\aNIniHJ.exe
  2⤵
  PID:9984
- C:\Windows\System\cljPVYo.exe
  C:\Windows\System\cljPVYo.exe
  2⤵
  PID:10000
- C:\Windows\System\VKnMtdA.exe
  C:\Windows\System\VKnMtdA.exe
  2⤵
  PID:10016
- C:\Windows\System\VtDldqy.exe
  C:\Windows\System\VtDldqy.exe
  2⤵
  PID:10032
- C:\Windows\System\VmEiGgk.exe
  C:\Windows\System\VmEiGgk.exe
  2⤵
  PID:10048
- C:\Windows\System\vfoqVHX.exe
  C:\Windows\System\vfoqVHX.exe
  2⤵
  PID:10064
- C:\Windows\System\rshLlej.exe
  C:\Windows\System\rshLlej.exe
  2⤵
  PID:10080
- C:\Windows\System\kpFqfzz.exe
  C:\Windows\System\kpFqfzz.exe
  2⤵
  PID:10096
- C:\Windows\System\gifAKVl.exe
  C:\Windows\System\gifAKVl.exe
  2⤵
  PID:10112
- C:\Windows\System\kkPDeiO.exe
  C:\Windows\System\kkPDeiO.exe
  2⤵
  PID:10128
- C:\Windows\System\zhJdKtq.exe
  C:\Windows\System\zhJdKtq.exe
  2⤵
  PID:10144
- C:\Windows\System\IoUjssZ.exe
  C:\Windows\System\IoUjssZ.exe
  2⤵
  PID:10160
- C:\Windows\System\hAgRoqI.exe
  C:\Windows\System\hAgRoqI.exe
  2⤵
  PID:10176
- C:\Windows\System\dVKnzrF.exe
  C:\Windows\System\dVKnzrF.exe
  2⤵
  PID:10192
- C:\Windows\System\fEaHhvc.exe
  C:\Windows\System\fEaHhvc.exe
  2⤵
  PID:10212
- C:\Windows\System\jELIQUR.exe
  C:\Windows\System\jELIQUR.exe
  2⤵
  PID:10228
- C:\Windows\System\gwDqyJd.exe
  C:\Windows\System\gwDqyJd.exe
  2⤵
  PID:9188
- C:\Windows\System\yTwYfTE.exe
  C:\Windows\System\yTwYfTE.exe
  2⤵
  PID:9228
- C:\Windows\System\QdXfnsa.exe
  C:\Windows\System\QdXfnsa.exe
  2⤵
  PID:9292
- C:\Windows\System\TzuWdbC.exe
  C:\Windows\System\TzuWdbC.exe
  2⤵
  PID:9356
- C:\Windows\System\saqJuwx.exe
  C:\Windows\System\saqJuwx.exe
  2⤵
  PID:9420
- C:\Windows\System\xThiEBP.exe
  C:\Windows\System\xThiEBP.exe
  2⤵
  PID:9484
- C:\Windows\System\JjZQqVz.exe
  C:\Windows\System\JjZQqVz.exe
  2⤵
  PID:8956
- C:\Windows\System\zZrqBwb.exe
  C:\Windows\System\zZrqBwb.exe
  2⤵
  PID:9580
- C:\Windows\System\kxMTCTB.exe
  C:\Windows\System\kxMTCTB.exe
  2⤵
  PID:9644
- C:\Windows\System\JwVYFfd.exe
  C:\Windows\System\JwVYFfd.exe
  2⤵
  PID:9736
- C:\Windows\System\QkZMfHQ.exe
  C:\Windows\System\QkZMfHQ.exe
  2⤵
  PID:9708
- C:\Windows\System\tOAQHPS.exe
  C:\Windows\System\tOAQHPS.exe
  2⤵
  PID:9836
- C:\Windows\System\OXDTTaY.exe
  C:\Windows\System\OXDTTaY.exe
  2⤵
  PID:9900
- C:\Windows\System\nlkFIdJ.exe
  C:\Windows\System\nlkFIdJ.exe
  2⤵
  PID:9964
- C:\Windows\System\lDYnaCI.exe
  C:\Windows\System\lDYnaCI.exe
  2⤵
  PID:10024
- C:\Windows\System\jKPtKMl.exe
  C:\Windows\System\jKPtKMl.exe
  2⤵
  PID:10060
- C:\Windows\System\TYgRgsF.exe
  C:\Windows\System\TYgRgsF.exe
  2⤵
  PID:8732
- C:\Windows\System\xJOiYXG.exe
  C:\Windows\System\xJOiYXG.exe
  2⤵
  PID:8620
- C:\Windows\System\ZoDAKqo.exe
  C:\Windows\System\ZoDAKqo.exe
  2⤵
  PID:9240
- C:\Windows\System\JyYAzem.exe
  C:\Windows\System\JyYAzem.exe
  2⤵
  PID:10220
- C:\Windows\System\MxNRWAI.exe
  C:\Windows\System\MxNRWAI.exe
  2⤵
  PID:9352
- C:\Windows\System\vdGqigX.exe
  C:\Windows\System\vdGqigX.exe
  2⤵
  PID:9400
- C:\Windows\System\GXVYKSu.exe
  C:\Windows\System\GXVYKSu.exe
  2⤵
  PID:9704
- C:\Windows\System\NiCBNZk.exe
  C:\Windows\System\NiCBNZk.exe
  2⤵
  PID:9500
- C:\Windows\System\WOPEuPu.exe
  C:\Windows\System\WOPEuPu.exe
  2⤵
  PID:10056
- C:\Windows\System\HcWgBYQ.exe
  C:\Windows\System\HcWgBYQ.exe
  2⤵
  PID:8656
- C:\Windows\System\kcEeGQS.exe
  C:\Windows\System\kcEeGQS.exe
  2⤵
  PID:10184
- C:\Windows\System\HQkkUSp.exe
  C:\Windows\System\HQkkUSp.exe
  2⤵
  PID:9480
- C:\Windows\System\OlEiwkC.exe
  C:\Windows\System\OlEiwkC.exe
  2⤵
  PID:9688
- C:\Windows\System\hjQmtkf.exe
  C:\Windows\System\hjQmtkf.exe
  2⤵
  PID:9752
- C:\Windows\System\ssBOaTC.exe
  C:\Windows\System\ssBOaTC.exe
  2⤵
  PID:8348
- C:\Windows\System\xMoMseU.exe
  C:\Windows\System\xMoMseU.exe
  2⤵
  PID:8840
- C:\Windows\System\XmALNnL.exe
  C:\Windows\System\XmALNnL.exe
  2⤵
  PID:9468
- C:\Windows\System\tUJonlz.exe
  C:\Windows\System\tUJonlz.exe
  2⤵
  PID:8952
- C:\Windows\System\OZebJhE.exe
  C:\Windows\System\OZebJhE.exe
  2⤵
  PID:9084
- C:\Windows\System\BInZXBC.exe
  C:\Windows\System\BInZXBC.exe
  2⤵
  PID:8300
- C:\Windows\System\nGrAwqa.exe
  C:\Windows\System\nGrAwqa.exe
  2⤵
  PID:8552
- C:\Windows\System\NHUSgep.exe
  C:\Windows\System\NHUSgep.exe
  2⤵
  PID:8512
- C:\Windows\System\AixtnHL.exe
  C:\Windows\System\AixtnHL.exe
  2⤵
  PID:9272
- C:\Windows\System\ePLsTVK.exe
  C:\Windows\System\ePLsTVK.exe
  2⤵
  PID:9340
- C:\Windows\System\EVlXRiG.exe
  C:\Windows\System\EVlXRiG.exe
  2⤵
  PID:9628
- C:\Windows\System\EMnNqGm.exe
  C:\Windows\System\EMnNqGm.exe
  2⤵
  PID:9852
- C:\Windows\System\wQLMMck.exe
  C:\Windows\System\wQLMMck.exe
  2⤵
  PID:9916
- C:\Windows\System\WBAMrRr.exe
  C:\Windows\System\WBAMrRr.exe
  2⤵
  PID:10008
- C:\Windows\System\TbMClRv.exe
  C:\Windows\System\TbMClRv.exe
  2⤵
  PID:10072
- C:\Windows\System\LPadtsg.exe
  C:\Windows\System\LPadtsg.exe
  2⤵
  PID:10136
- C:\Windows\System\vWshieP.exe
  C:\Windows\System\vWshieP.exe
  2⤵
  PID:10172
- C:\Windows\System\JrIMcNp.exe
  C:\Windows\System\JrIMcNp.exe
  2⤵
  PID:8396
- C:\Windows\System\qPwDVoO.exe
  C:\Windows\System\qPwDVoO.exe
  2⤵
  PID:9676
- C:\Windows\System\auPfTiN.exe
  C:\Windows\System\auPfTiN.exe
  2⤵
  PID:9868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DFuxeqz.exe

Filesize
6.0MB

MD5
06ec41a6f5d5155d23eef6e894778a36

SHA1
7e05ec3081fa3f5ae36be1f3ce15821943e4ce3d

SHA256
9eba38c9f8208963a1551c7d7fd9b7cda04029d6232f4477dadf645426f4f79e

SHA512
8013e631f77a6da8cac743cdbdaff62e732089ad7cf0e8fa1a63fc522008a4b611b69ac8ee0e81acb8cdc1b7096a0e53605715e25477279cba097ea2256d5595

Download Submit
C:\Windows\system\DcYrGBL.exe

Filesize
6.0MB

MD5
7cfd99cc0d9239b04c33eb0dbf04df30

SHA1
5e8767be72cfd97695ff78cc6657b4c840d271cd

SHA256
7c86d1aeecf5263b9e5287d663131e62c706890e0a033f7f4c38546ba1018aae

SHA512
be25fa09e49b9281a7cd229770cec3d792d87f2b0edcd65b19025aabec81dd52da2c23b0d61b8a4e543be2c26974f2def5bbc7f3d6523c1f2ea90f8d48b36a4e

Download Submit
C:\Windows\system\DyJkgIr.exe

Filesize
6.0MB

MD5
1b32690a829c71c39b6342910e496a4a

SHA1
89ac83adf88b7f42ae4a04f19041422fb7bc072a

SHA256
1cbed9c95c7b7fd6ac5273c872c54bab23d764dea42c55cc9e5a6951168b8e6e

SHA512
f0964ecd2990940845e79727b6d140b88985ae6002fa870e8b2870e4cd40dce2e91cd35184c49dd21935a9e55bd0bc8f6a9ddab024fcfaa9b80206fe017c335a

Download Submit
C:\Windows\system\HLcjSZT.exe

Filesize
6.0MB

MD5
0d6754d3aba39dfc22d708b1792f9774

SHA1
a1ee0986e19a7ee548a1c4685ba3ea5b3f14756a

SHA256
9f5ff0651888a912e6cd9baa274b9e9b68a39175db068759e8ba64319af8917c

SHA512
2cc318823ef96f85204a901eaff3afcdf0dfbde0b294f470cc613f3947dfe793342fb76d20cdeb224078312d9cbe13a4be0245a55cc3562e369ad50d32b7fc7b

Download Submit
C:\Windows\system\HuTVpKd.exe

Filesize
6.0MB

MD5
9dcfce541e4a0037d32eb50091ada68d

SHA1
94ddac798f6723fdb508a091dee8361627ead468

SHA256
05d55d6e9a9fcbbfc4523ef9e1614d988f959e2f3fd2f0307e9cc311ae70371d

SHA512
b79ea1a7fcfc1c0cc29a4a47707a03ddec8db41ec8d64fc7bec382434f1751746296c086f8ccb30a120fe0f03014b13e2dc615c5d04e088bbe933041a7fb1946

Download Submit
C:\Windows\system\LbzvpTD.exe

Filesize
6.0MB

MD5
a702a06698c8148044d912957322b48c

SHA1
d5669b6202a2542959141403bf8d55d0e61b1903

SHA256
2eefef9a2e7ae8f6387d60924c9084d50b8da74aa8452436bda9d06d8276d4fc

SHA512
a752a78b73894e3c822c2a0b4a3456cf67c56692c42ec198fd526dcc4447f6e9017e25146eb0b7e62c2ed8d6c9016157c5a1bfaf810f38ffcbf21b983ce22b02

Download Submit
C:\Windows\system\MZVHeEZ.exe

Filesize
6.0MB

MD5
2ce200aa764630559601d7529d95bca0

SHA1
fc2b04dafea465ea55b2b99de03d0e66e09112a0

SHA256
f5a759b39a67c29b6b090f0a2134a9061b5876943ef3bad81e4cd392e01cc5cb

SHA512
6051c02a88456871ceead29712082f1102986a8bca0504d652a7bbc78dd0bd7ac701fe8bb92092363104aeb064ad181927c58ce79542809ff04eae6ef1ad1cd1

Download Submit
C:\Windows\system\OiQnLcD.exe

Filesize
6.0MB

MD5
8f80ae5fa60471c667d221ff11b59c78

SHA1
222a8493fab37824d4cab4ff3f3143962f7024d4

SHA256
decc413415d2f868c235296997c7a364b56d674b608a804b87f51018c2bce4ae

SHA512
97215bfe074b4526f4bb92b0f6beb80cf3c9b1f580aa324db813ac371adce3138ad4386806a211d3604bcabcd919b5d8d85eb6f7a493a9105921575f40a2d33f

Download Submit
C:\Windows\system\ROyUqOI.exe

Filesize
6.0MB

MD5
3a96b12063c9346ecdfbbda8fc31ee57

SHA1
68a2f88cf30851738517aa3d36a624d668b1aa45

SHA256
3a5e5b6fb00ae8a3aa7388f202727919fb95359184e7e85aac1c316b0ea30ac2

SHA512
1cfa4e453ff0929ba9ee88854b2b100ede6de43a4959d9d997ff28a8f41f61c7013672a106533490bbe423a2df29e46da48a83ea4c70ac05a81e6ac09fad4868

Download Submit
C:\Windows\system\TaHVPsj.exe

Filesize
6.0MB

MD5
d1e9f00e17a39685eb0477a10ef90bde

SHA1
1039138d7cc452a8cf7e4cde7098c8aa2870473a

SHA256
a5f8bf827deb7265819ebf9ecc38f16c0d7a1496ea108342e8f8098a0c60b5e1

SHA512
11069553f761868950825212e6cfa8dd93f68634d48f9e402164290b69337d628e4bcfa5e5402624cc8f0de87861da1223f701f9ffc64a618760e361bdcf93bb

Download Submit
C:\Windows\system\VZKLwwk.exe

Filesize
6.0MB

MD5
e6dd6d63eb8cfe217444479f1b12d4e3

SHA1
1006fcabecefd8dcbb8213de21b46c5d748c55d9

SHA256
ba29f695af4d86abd2f29cace8a05ce75ffaf2c7652048a142a05ff95615648f

SHA512
81ad781f2ba0e1b554319df80b16d0f453062568ef39b1d13284990d570f8dc827352593b3517bc6518cd5b5d6915c3815ee2f6f2d9751c43c0e730c5d1e8dc8

Download Submit
C:\Windows\system\WGWjJTO.exe

Filesize
6.0MB

MD5
feb0e99bd67b389feb6c82df1e8d371f

SHA1
2b5bd2f90bac9bffeb3c947f061b3641b79cfffa

SHA256
189daf371f547340b635d5ff68010d2d3acdc98695c7d80a86768f4410625f16

SHA512
ec8f08ea0b52180d14709885aac40188ad87345ef8386045279cbd08f012ddb9fb033ae62466070aa3b9dfb1cfd18f16b465d0c348ed90614f592c0ef0dc813d

Download Submit
C:\Windows\system\WPkiJIX.exe

Filesize
6.0MB

MD5
a67dba75b243a687213fdb38c14b84e4

SHA1
227ad51086ef8aa0901fa8efb8c61ca8e59d27f7

SHA256
0ca56a882138feae4a5d9336a1320ee3fb77beb8d1a53991646ffc6e25dc8715

SHA512
b7262610e3602a154257bbf6b8a1044ebb5e7b4eb80d148a8d4062497d24847ccbdd2e1dab103ddab03216f55d764b17998a6554ceab25664c39f047253639fd

Download Submit
C:\Windows\system\WSBpyQY.exe

Filesize
6.0MB

MD5
bdc81544dfa00b78aa7590842d45b2d1

SHA1
7969c09f07459166b4be9e2c1dae3984b8d8c2b9

SHA256
4e387e7e272bbe5c3a17ea313ef6e578af4abd746e735cbb5155ba6f12c5ba4e

SHA512
4f656707ab08a6b2f7629af870b9831b26c8c59c60186da7bdb2ab629d88a0f909240f94a37912c88edaa3c3a8e82c279bfda9b4a314d495e51b4af4e0a40826

Download Submit
C:\Windows\system\XeOXmoA.exe

Filesize
6.0MB

MD5
d6f87988d770b4c004c9d816cdc9a1f7

SHA1
067089fc478524e570e54f88782ec6ae46b16600

SHA256
9ecc3955a2be552012e9d3a4f0ddda52c3173aae6e77be17070d72f9fb351433

SHA512
9981ce720e332b753d77e21aeda1dec79c5590dbe73a38f2c2a57344f7af50133053f8249f24f0891ee2bdcab64be8ec958bd8833103ab660095bdafd85eb224

Download Submit
C:\Windows\system\YYQTxXb.exe

Filesize
6.0MB

MD5
40dc9c48e812b91bcb98a440f67e58d7

SHA1
44da0a40459eeb47baca00c3d2d7e0f3654d261a

SHA256
f3154d1fc24c0cb0aae4f9cfb801bf6ade6f9ec8ef881f21a4c34f2f770a123e

SHA512
e3f4d413c48acaaa8adef2b521f6fbd695ee32f8278811d97f8dae6b09fa95f1121d88f81f18a2efaae0bebfbab22b8910a2c5a19086945803c68f7e6e4212a5

Download Submit
C:\Windows\system\auHxRtk.exe

Filesize
6.0MB

MD5
adc19b3d10ee5b9960287b85420771ae

SHA1
c11e2a3540d20259f89bba566b0dae1342405c7f

SHA256
0496c89c7d65e8f5f7d37b6ae6f01e19539b447cd8e3afab12fcc3d846d8316c

SHA512
ee8ab3c92e8b49d9cc700405638777166a33d99aea4d8e24451d50f961821eb915a90cd022e18d7e1abcaa0f73432cede9a39189709250ecf77c2a303be77b1d

Download Submit
C:\Windows\system\bsRLfZq.exe

Filesize
6.0MB

MD5
5cedc720b43174109a28337068e3b4b4

SHA1
860088032805c801436090af079cc0aeff776748

SHA256
6c6f416e250bb3a9a908b49c936a2a48f9ee005eb426c6fbeecbf9d27866cc58

SHA512
3106de4bbb212fb448977a7d973803472fa4cc2ef569717f52436e84ceae7ad68a374f726525fb4cf95b79d025529ff0b173896667076dbeaa5cd3b43412a216

Download Submit
C:\Windows\system\cuLorHm.exe

Filesize
6.0MB

MD5
a89bfeaf3691e1177a4cc40f79643d66

SHA1
dde4305870f717fd5ee5ff8dcefca71d5fd43198

SHA256
ba74993492388631b79a2c2cfa94907ac159c2d2f2f49f4f1ae9bf7a9a2b9a15

SHA512
167c810a3b20491ce78e282a2c7cb87cd154140de0c1669684c69e3a8e1ebf6e86e61e207122d381e2830248db70605d0814d0d865a4c9629af890f536475052

Download Submit
C:\Windows\system\hUzfODc.exe

Filesize
6.0MB

MD5
37ed1fdb05252e8e541ce59e8a1fce61

SHA1
80de186f7762f87e02e1156257d6b2a761c8b552

SHA256
71e3ba6c44155e63ee448fbf87bfc3215e4ae98619593e99dff37315ad372353

SHA512
f95871d25c1698e9f5f8b23d84fe96cd0410bd4da0906ba75e3d88aa3af55ab83204fb23a9870a4cd06f8d8fa222883b30f08d1e5829ab323b9ceed3a3aebafe

Download Submit
C:\Windows\system\hYduGBm.exe

Filesize
6.0MB

MD5
e1dd6b8da061c0f4793faeb722341572

SHA1
5279b149abaa48fe6203965e66b4b23f365f61d6

SHA256
c1e4de26d126a51ac7e818c7edf5d55056c60ffaa368933d6d86ba0fc71ee8d2

SHA512
55ab2315614cc442c51c2948f5adefd20c1efac813d914c275b7b6196bbedf63d73ba3782b3fb33ec305e60dfc1850364205b6a57a5c68d6d6eec8052a60bbde

Download Submit
C:\Windows\system\lEXpsjq.exe

Filesize
6.0MB

MD5
ccd8d297b1253307374e526c70b7d2e0

SHA1
c64ae3e44c34a66a31fed4cfc83680fa2f4919cd

SHA256
7a55d07fc07ecc42340d726360fc71c0d02c259d838e0322abaf50fd0430956b

SHA512
944a78b5846c7e618aebefbfbaf6883078d99189a7b3018b758bb1d8f273d01c80c26739ab7b8d86d8d686274bf62fad06b541e050f0e28e34a3ad9f18949567

Download Submit
C:\Windows\system\lPDuGIC.exe

Filesize
6.0MB

MD5
b10b0a105136e0dffe620e35bcae5f91

SHA1
de77eb8cf4c2e2ce845de25d064e7f56efe46217

SHA256
3229ecc2328e74e6ac9c6042345f5ab1995fa5971db85e4de5462b293987c2ef

SHA512
9c82a1fdc09597fd5b03b08ad67c5c51ac471be50961f119738cfce2d171fca9d6f7bd9a893476ebe0e9508b0695cf68842cf6ffdc97d4f4754e8970e9bf7707

Download Submit
C:\Windows\system\oYISIha.exe

Filesize
6.0MB

MD5
b0135bf59705379796e1b46d90fbf6ac

SHA1
d3f35f0137c7db51694190b8dbb5d5c3e89f0a9f

SHA256
4de4d25c99915e57e3630ceedf167e4772661ec876bcde0d94b4e41bb809f97c

SHA512
fcead88119c9a77c1f41d7c0e2bfd9aeaeaeaff84777f5413476b2571e0807af2948ca9ddb0e0f9ce0b95e5d830ea04962c8d94bdf6d8729534899b36b121fa9

Download Submit
C:\Windows\system\sdgyRty.exe

Filesize
6.0MB

MD5
301c188c3a7ab6f5c33c09d3f6f950e1

SHA1
17a65bc33935c20d737d352ed5a204085172ad57

SHA256
6913edec7e359f79cb57c84d5b98aa64f772fbc7b9d2f14cbe1c259035ec7b84

SHA512
56788ba2794c0186e9669b7053b3a202c205acf7762bc6a250763265e9d2f476523b140a63ed28729bfd650b87f32aaf667c08018f6115f0da03e11d447b37b5

Download Submit
C:\Windows\system\wTUUIMq.exe

Filesize
6.0MB

MD5
18a855d486103953ae111e5c5f803904

SHA1
03c59fbc6f547005bea6bed9cf55e8c55fc4601f

SHA256
396b84011c6992fe1d03068b91a9c16a7113012e7e8ff31991e0922665f8954f

SHA512
2cc8552fbdf4f0a130be1b5b0b247e36affa34d499afc2a2edc02fb031d1a5db710d5f59774a726af8cbcdde5f3417c60bf73a1150a6a6c7bd1acacea7cc29fd

Download Submit
C:\Windows\system\wcPZzKR.exe

Filesize
6.0MB

MD5
fc41a769479a9738bd7779009df77436

SHA1
97f316ffd0a46926f9de2a0fab39499eb390fd85

SHA256
de3247b49c822a2732130c457c7ad2702698a3232c2007e1b7067d92ab3dc1fe

SHA512
3795484f6872eade18d2f2a286b9bd4173fd6d1234754b9e8f0eacf11cd2cc4fe9b8b053a4ddc65c2a82680774bce506eef86da8e05396aeff55cae3dcc32898

Download Submit
C:\Windows\system\xeJgBLH.exe

Filesize
6.0MB

MD5
1c14412957f7dc0b57e740bdac681447

SHA1
8d385b0aca362783df92ec5232459ca88971fa4a

SHA256
a6d857d6862ba4c1f511794b3346482099a8825663b2ae4871861bde97a355ac

SHA512
5b8ae80b4720b5f29c78a2194d1df8181712d44e95a1ec1c64c862c97d2e777e739216e0f6f4d5a5dd144379dd1afea73ffcdf11cc0aee9292ef3556d96f4c8b

Download Submit
C:\Windows\system\zyKChFA.exe

Filesize
6.0MB

MD5
0494c25dfe923f7b010c70b4f52f50a0

SHA1
f2df07e8e089e3967ae0f09baed081f82e428b5c

SHA256
6d690745a24431ea32089d98fc1330dcba16c506e6316f1943fbd709ec9cbe8e

SHA512
e92aad4182773886dbd6ef01ccc389c57433a5bd8d0d811b8e88d08f071af8dcf8a2c766e8e597824bd5a7e9c7a860d20cf555b85967174bda76c53a34d9d0ea

Download Submit
\Windows\system\bAZTfcT.exe

Filesize
6.0MB

MD5
02d24bcbf3e95d4f35c75465d38e9f06

SHA1
cbbc14a67841668924d2e4567ce01e603976e5cf

SHA256
e3fc6851f59a56d4d18312ae9e86690b9a2796fb3ec08c049076fe044b77a109

SHA512
3e109d7578620b5a879ce6f84d28ea6bd8895793e7a4452a1af972f3f93c1076d4780a16f56763af46696183bf61b49a085725da7080ebca3441ebe3f88af636

Download Submit
\Windows\system\gPKKgsD.exe

Filesize
6.0MB

MD5
20e367f0b664d8bab9d6e40f08bec071

SHA1
5d6316f5cf9332699495922a456b4c2ff68d2816

SHA256
9125d27c8a0f798bb4aba5939ecbfd7d705d2aa82a6a924f3d87eb24097cb71a

SHA512
d87f0cdd9f6b8871b0690ec216aad0fed2f4788aebeca1e86e747bd6bf185544b38e4c3f87a8b8af2f597a6561f5a2742421ba9a86abf2171706d97478b836cc

Download Submit
\Windows\system\oBGYKPB.exe

Filesize
6.0MB

MD5
eb8c0d4da0b963f844b2cad2ba458e63

SHA1
21a919a7d84779c343634a727c0c117f5e9c429a

SHA256
cd220a591b97595d61bcd50c005b93cc2ade149bbe6185de00adb2c07a8a7658

SHA512
0ab2891a3793feb5db2613eed14d787b2cdec2278ba670daa3d1fe0c306a2f4ee94f6e651a727a2dc908c88f6085d5be4d92fc8f622d72e67ec8fea2acc42b6b

Download Submit
memory/556-563-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/556-4130-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/556-1576-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-1570-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2560-4126-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2560-555-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2572-3589-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2572-549-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2604-4123-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2604-553-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2624-557-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2624-4124-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2640-1572-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2640-1565-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2640-558-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2640-554-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2640-495-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-552-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2640-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2640-550-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2640-560-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2640-548-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2640-564-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2640-546-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2640-1557-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-544-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-1556-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2640-542-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2640-1577-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2640-540-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-1575-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-502-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2640-1574-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2640-562-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-1559-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2640-0-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2640-1561-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-1562-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2640-1571-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2640-1564-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-556-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2640-1566-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2640-1567-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2640-1568-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2640-1569-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2664-4081-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-545-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-4129-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2680-1563-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2680-543-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2684-551-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2684-4125-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2696-568-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3590-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-541-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-3588-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-4082-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-561-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-539-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2776-1560-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2776-4127-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2796-4083-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2796-547-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/3068-559-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1573-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-4128-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download