cobaltstrike | 67b73ca09b207ce06bee041390b3008dad928ced461da6eb3ca9218b4f884045

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-12-2024 02:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

01266c3e2348144fb01c9c2e7c4bf825
SHA1

63cf5221aada23a061ad29aee87900bc47631985
SHA256

67b73ca09b207ce06bee041390b3008dad928ced461da6eb3ca9218b4f884045
SHA512

7cd7b10b894dec1d8683e918f55bf18851c7752b20f76b011ec9eaa3b2042a003f327ecd574a030edc79d1e68fb95bdf50b37ad1accc66545f9e6830105034e9
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUN:T+q56utgpPF8u/7N

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000e00000001866e-12.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-61.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a5-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018792-82.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019353-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001936b-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019397-71.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018c1a-36.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018c26-32.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018687-25.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017525-13.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019356-60.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001928c-59.dat	cobalt_reflective_dll
behavioral1/files/0x000e000000015cbd-6.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019423-106.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000173fc-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019438-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019442-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944d-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019458-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ff-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946b-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194df-168.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ae-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c9-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946e-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019630-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952c-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019632-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001963a-194.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/780-0-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/files/0x000e00000001866e-12.dat	xmrig
behavioral1/files/0x000500000001937b-61.dat	xmrig
behavioral1/memory/2688-69-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a5-75.dat	xmrig
behavioral1/files/0x0006000000018792-82.dat	xmrig
behavioral1/memory/308-87-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/files/0x0005000000019353-90.dat	xmrig
behavioral1/files/0x000500000001936b-94.dat	xmrig
behavioral1/memory/780-97-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2664-73-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/files/0x0005000000019397-71.dat	xmrig
behavioral1/memory/2640-98-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2172-45-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/files/0x0008000000018c1a-36.dat	xmrig
behavioral1/memory/2688-100-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/files/0x0008000000018c26-32.dat	xmrig
behavioral1/files/0x0006000000018687-25.dat	xmrig
behavioral1/memory/2004-23-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/files/0x0008000000017525-13.dat	xmrig
behavioral1/memory/2756-101-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2552-92-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2740-91-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2708-88-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/780-86-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2624-83-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2568-81-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/1964-76-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2756-62-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/files/0x0005000000019356-60.dat	xmrig
behavioral1/files/0x000500000001928c-59.dat	xmrig
behavioral1/memory/780-41-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2740-37-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/780-29-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2624-102-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/files/0x000e000000015cbd-6.dat	xmrig
behavioral1/memory/308-19-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2708-103-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/2552-104-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2252-105-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/files/0x0005000000019423-106.dat	xmrig
behavioral1/files/0x00090000000173fc-120.dat	xmrig
behavioral1/files/0x0005000000019438-121.dat	xmrig
behavioral1/files/0x0005000000019426-113.dat	xmrig
behavioral1/memory/2640-116-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019442-128.dat	xmrig
behavioral1/files/0x000500000001944d-132.dat	xmrig
behavioral1/files/0x0005000000019458-137.dat	xmrig
behavioral1/files/0x000500000001945c-155.dat	xmrig
behavioral1/files/0x00050000000194ff-163.dat	xmrig
behavioral1/files/0x000500000001946b-145.dat	xmrig
behavioral1/files/0x00050000000194df-168.dat	xmrig
behavioral1/files/0x00050000000194ae-151.dat	xmrig
behavioral1/files/0x00050000000194c9-158.dat	xmrig
behavioral1/files/0x000500000001946e-157.dat	xmrig
behavioral1/files/0x0005000000019630-176.dat	xmrig
behavioral1/files/0x000500000001952c-182.dat	xmrig
behavioral1/files/0x0005000000019632-188.dat	xmrig
behavioral1/files/0x000500000001963a-194.dat	xmrig
behavioral1/memory/2552-3199-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2252-3200-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2172-3201-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2004-3203-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/308-3202-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2004	mFMBVho.exe
308	trwJrow.exe
2172	DkbNYoT.exe
2740	tJmaptU.exe
2664	nLvxUbX.exe
2756	MWdevvT.exe
2688	xNPrtNZ.exe
1964	HqBCcQa.exe
2568	llxMcIj.exe
2624	RhjPwPI.exe
2708	BEXwJQz.exe
2552	IHWGMmN.exe
2252	lanGbUW.exe
2640	jXApdrw.exe
492	IHWUCqe.exe
1632	FeIYAwa.exe
2868	SXkzEGg.exe
1912	gmapnlx.exe
2348	sMDSXgQ.exe
3048	juqOnCQ.exe
1496	FjaWCQV.exe
2496	UixRLid.exe
2952	CwcgwWZ.exe
3008	xDlHeEy.exe
1684	lZCTELu.exe
2056	JTnIRLD.exe
2884	ugthHjH.exe
1792	yVxVdtH.exe
1204	CZgFgLY.exe
1564	gxDyPcQ.exe
2112	mDovdzP.exe
1744	aKAJtDm.exe
3004	lVqIIHd.exe
1732	AYboBza.exe
2388	vXfyNgL.exe
2976	YlQZcRA.exe
1692	CTmyvmZ.exe
2972	NpTqxdH.exe
2248	KryHrau.exe
1652	wgrGvQE.exe
2364	HIREwMl.exe
1484	kALBRMV.exe
1000	TJjeCzm.exe
1076	kebcCpD.exe
888	uyvSrDv.exe
1976	NdIFKzu.exe
2300	lvoGfyI.exe
2276	nzTzrKR.exe
2732	wXvzrrC.exe
2564	UZMZAvi.exe
1988	iLHbFEl.exe
2652	DVTSZQR.exe
1180	OZGfcHD.exe
2108	QUanTSD.exe
480	xtvtiEH.exe
1704	vkycBHt.exe
1060	IBisuuQ.exe
2544	bUgcRDc.exe
2620	sPSWdxw.exe
2692	rLJhglA.exe
2504	lgrOoGn.exe
2592	vjqWmFI.exe
1516	rBpbJRo.exe
2736	eTgNIOB.exe

Loads dropped DLL 64 IoCs

pid	Process
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/780-0-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/files/0x000e00000001866e-12.dat	upx
behavioral1/files/0x000500000001937b-61.dat	upx
behavioral1/memory/2688-69-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/files/0x00050000000193a5-75.dat	upx
behavioral1/files/0x0006000000018792-82.dat	upx
behavioral1/memory/308-87-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/files/0x0005000000019353-90.dat	upx
behavioral1/files/0x000500000001936b-94.dat	upx
behavioral1/memory/2664-73-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/files/0x0005000000019397-71.dat	upx
behavioral1/memory/2640-98-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2172-45-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/files/0x0008000000018c1a-36.dat	upx
behavioral1/memory/2688-100-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/files/0x0008000000018c26-32.dat	upx
behavioral1/files/0x0006000000018687-25.dat	upx
behavioral1/memory/2004-23-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/files/0x0008000000017525-13.dat	upx
behavioral1/memory/2756-101-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2552-92-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2740-91-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2708-88-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/780-86-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2624-83-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2568-81-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/1964-76-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2756-62-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/files/0x0005000000019356-60.dat	upx
behavioral1/files/0x000500000001928c-59.dat	upx
behavioral1/memory/2740-37-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2624-102-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/files/0x000e000000015cbd-6.dat	upx
behavioral1/memory/308-19-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2708-103-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2552-104-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2252-105-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/files/0x0005000000019423-106.dat	upx
behavioral1/files/0x00090000000173fc-120.dat	upx
behavioral1/files/0x0005000000019438-121.dat	upx
behavioral1/files/0x0005000000019426-113.dat	upx
behavioral1/memory/2640-116-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/files/0x0005000000019442-128.dat	upx
behavioral1/files/0x000500000001944d-132.dat	upx
behavioral1/files/0x0005000000019458-137.dat	upx
behavioral1/files/0x000500000001945c-155.dat	upx
behavioral1/files/0x00050000000194ff-163.dat	upx
behavioral1/files/0x000500000001946b-145.dat	upx
behavioral1/files/0x00050000000194df-168.dat	upx
behavioral1/files/0x00050000000194ae-151.dat	upx
behavioral1/files/0x00050000000194c9-158.dat	upx
behavioral1/files/0x000500000001946e-157.dat	upx
behavioral1/files/0x0005000000019630-176.dat	upx
behavioral1/files/0x000500000001952c-182.dat	upx
behavioral1/files/0x0005000000019632-188.dat	upx
behavioral1/files/0x000500000001963a-194.dat	upx
behavioral1/memory/2552-3199-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2252-3200-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2172-3201-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2004-3203-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/308-3202-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2640-3206-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2740-3207-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/1964-3205-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\svAdPXc.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lcTxrtv.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JePgois.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mXUdFUm.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OFpbPJo.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pcNqUwj.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NepDaRF.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gpNRaEg.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cBoIKrF.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jFYgSGB.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CpRbjld.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HTsDDys.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VswJRTr.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NhncmJk.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ueZULJL.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RpyfwHW.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ezhsbkq.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EhRdwDX.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WyWDFHo.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xmMROwK.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aUuVUij.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cdKKRqU.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WWokSCU.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iKCVPUm.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KDpkIED.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EODjPZU.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sUSlbWe.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TlZLEiZ.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xNgJMVG.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cTlxNgm.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZWlVlPL.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IkdSTQU.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UwiSyae.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fFfxeIU.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KxuxNRR.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PcHTpkf.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TnpoUAn.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VVlnCZJ.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sXFttiy.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DpOePHf.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MTlzRHH.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lWnSTGI.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vBQyvpu.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IjWHHro.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sPSWdxw.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OnFbzoW.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SCNnucb.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wTfVvnn.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BqdRRYM.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NeEbadF.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yvlKFLY.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VbSIvuC.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YMPMzXK.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mHHhhbD.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PyliTcX.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CszWxVD.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PVflXOJ.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jKDAbQK.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RWBmNQv.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dbbzvtK.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LjGRKzM.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dRRnEPk.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RpkQIro.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lPLFXIB.exe	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 780 wrote to memory of 2004	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 780 wrote to memory of 2004	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 780 wrote to memory of 2004	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 780 wrote to memory of 308	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 780 wrote to memory of 308	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 780 wrote to memory of 308	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 780 wrote to memory of 1964	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 780 wrote to memory of 1964	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 780 wrote to memory of 1964	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 780 wrote to memory of 2172	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 780 wrote to memory of 2172	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 780 wrote to memory of 2172	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 780 wrote to memory of 2624	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 780 wrote to memory of 2624	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 780 wrote to memory of 2624	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 780 wrote to memory of 2740	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 780 wrote to memory of 2740	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 780 wrote to memory of 2740	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 780 wrote to memory of 2708	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 780 wrote to memory of 2708	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 780 wrote to memory of 2708	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 780 wrote to memory of 2664	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 780 wrote to memory of 2664	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 780 wrote to memory of 2664	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 780 wrote to memory of 2552	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 780 wrote to memory of 2552	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 780 wrote to memory of 2552	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 780 wrote to memory of 2756	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 780 wrote to memory of 2756	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 780 wrote to memory of 2756	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 780 wrote to memory of 2252	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 780 wrote to memory of 2252	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 780 wrote to memory of 2252	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 780 wrote to memory of 2688	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 780 wrote to memory of 2688	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 780 wrote to memory of 2688	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 780 wrote to memory of 2640	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 780 wrote to memory of 2640	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 780 wrote to memory of 2640	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 780 wrote to memory of 2568	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 780 wrote to memory of 2568	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 780 wrote to memory of 2568	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 780 wrote to memory of 2868	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 780 wrote to memory of 2868	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 780 wrote to memory of 2868	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 780 wrote to memory of 492	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 780 wrote to memory of 492	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 780 wrote to memory of 492	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 780 wrote to memory of 1912	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 780 wrote to memory of 1912	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 780 wrote to memory of 1912	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 780 wrote to memory of 1632	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 780 wrote to memory of 1632	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 780 wrote to memory of 1632	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 780 wrote to memory of 2348	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 780 wrote to memory of 2348	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 780 wrote to memory of 2348	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 780 wrote to memory of 3048	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 780 wrote to memory of 3048	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 780 wrote to memory of 3048	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 780 wrote to memory of 1496	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 780 wrote to memory of 1496	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 780 wrote to memory of 1496	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 780 wrote to memory of 2496	780	2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-27_01266c3e2348144fb01c9c2e7c4bf825_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:780
- C:\Windows\System\mFMBVho.exe
  C:\Windows\System\mFMBVho.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\trwJrow.exe
  C:\Windows\System\trwJrow.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\HqBCcQa.exe
  C:\Windows\System\HqBCcQa.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\DkbNYoT.exe
  C:\Windows\System\DkbNYoT.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\RhjPwPI.exe
  C:\Windows\System\RhjPwPI.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\tJmaptU.exe
  C:\Windows\System\tJmaptU.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\BEXwJQz.exe
  C:\Windows\System\BEXwJQz.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\nLvxUbX.exe
  C:\Windows\System\nLvxUbX.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\IHWGMmN.exe
  C:\Windows\System\IHWGMmN.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\MWdevvT.exe
  C:\Windows\System\MWdevvT.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\lanGbUW.exe
  C:\Windows\System\lanGbUW.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\xNPrtNZ.exe
  C:\Windows\System\xNPrtNZ.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\jXApdrw.exe
  C:\Windows\System\jXApdrw.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\llxMcIj.exe
  C:\Windows\System\llxMcIj.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\SXkzEGg.exe
  C:\Windows\System\SXkzEGg.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\IHWUCqe.exe
  C:\Windows\System\IHWUCqe.exe
  2⤵
  - Executes dropped EXE
  PID:492
- C:\Windows\System\gmapnlx.exe
  C:\Windows\System\gmapnlx.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\FeIYAwa.exe
  C:\Windows\System\FeIYAwa.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\sMDSXgQ.exe
  C:\Windows\System\sMDSXgQ.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\juqOnCQ.exe
  C:\Windows\System\juqOnCQ.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\FjaWCQV.exe
  C:\Windows\System\FjaWCQV.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\UixRLid.exe
  C:\Windows\System\UixRLid.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\JTnIRLD.exe
  C:\Windows\System\JTnIRLD.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\CwcgwWZ.exe
  C:\Windows\System\CwcgwWZ.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\ugthHjH.exe
  C:\Windows\System\ugthHjH.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\xDlHeEy.exe
  C:\Windows\System\xDlHeEy.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\yVxVdtH.exe
  C:\Windows\System\yVxVdtH.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\lZCTELu.exe
  C:\Windows\System\lZCTELu.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\gxDyPcQ.exe
  C:\Windows\System\gxDyPcQ.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\CZgFgLY.exe
  C:\Windows\System\CZgFgLY.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\mDovdzP.exe
  C:\Windows\System\mDovdzP.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\aKAJtDm.exe
  C:\Windows\System\aKAJtDm.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\lVqIIHd.exe
  C:\Windows\System\lVqIIHd.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\AYboBza.exe
  C:\Windows\System\AYboBza.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\vXfyNgL.exe
  C:\Windows\System\vXfyNgL.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\YlQZcRA.exe
  C:\Windows\System\YlQZcRA.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\NpTqxdH.exe
  C:\Windows\System\NpTqxdH.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\CTmyvmZ.exe
  C:\Windows\System\CTmyvmZ.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\wgrGvQE.exe
  C:\Windows\System\wgrGvQE.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\KryHrau.exe
  C:\Windows\System\KryHrau.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\HIREwMl.exe
  C:\Windows\System\HIREwMl.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\kALBRMV.exe
  C:\Windows\System\kALBRMV.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\TJjeCzm.exe
  C:\Windows\System\TJjeCzm.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\uyvSrDv.exe
  C:\Windows\System\uyvSrDv.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\kebcCpD.exe
  C:\Windows\System\kebcCpD.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\NdIFKzu.exe
  C:\Windows\System\NdIFKzu.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\iLHbFEl.exe
  C:\Windows\System\iLHbFEl.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\lvoGfyI.exe
  C:\Windows\System\lvoGfyI.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\vkycBHt.exe
  C:\Windows\System\vkycBHt.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\nzTzrKR.exe
  C:\Windows\System\nzTzrKR.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\IBisuuQ.exe
  C:\Windows\System\IBisuuQ.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\wXvzrrC.exe
  C:\Windows\System\wXvzrrC.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\bUgcRDc.exe
  C:\Windows\System\bUgcRDc.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\UZMZAvi.exe
  C:\Windows\System\UZMZAvi.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\sPSWdxw.exe
  C:\Windows\System\sPSWdxw.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\DVTSZQR.exe
  C:\Windows\System\DVTSZQR.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\rLJhglA.exe
  C:\Windows\System\rLJhglA.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\OZGfcHD.exe
  C:\Windows\System\OZGfcHD.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\lgrOoGn.exe
  C:\Windows\System\lgrOoGn.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\QUanTSD.exe
  C:\Windows\System\QUanTSD.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\vjqWmFI.exe
  C:\Windows\System\vjqWmFI.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\xtvtiEH.exe
  C:\Windows\System\xtvtiEH.exe
  2⤵
  - Executes dropped EXE
  PID:480
- C:\Windows\System\rBpbJRo.exe
  C:\Windows\System\rBpbJRo.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\eTgNIOB.exe
  C:\Windows\System\eTgNIOB.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\ddKhliC.exe
  C:\Windows\System\ddKhliC.exe
  2⤵
  PID:2892
- C:\Windows\System\injRjEf.exe
  C:\Windows\System\injRjEf.exe
  2⤵
  PID:2516
- C:\Windows\System\JVqhixE.exe
  C:\Windows\System\JVqhixE.exe
  2⤵
  PID:1044
- C:\Windows\System\RcnPKeW.exe
  C:\Windows\System\RcnPKeW.exe
  2⤵
  PID:1708
- C:\Windows\System\SBtrXpT.exe
  C:\Windows\System\SBtrXpT.exe
  2⤵
  PID:1764
- C:\Windows\System\yMxcnkW.exe
  C:\Windows\System\yMxcnkW.exe
  2⤵
  PID:1812
- C:\Windows\System\mgYSqMQ.exe
  C:\Windows\System\mgYSqMQ.exe
  2⤵
  PID:2616
- C:\Windows\System\NYAlFdO.exe
  C:\Windows\System\NYAlFdO.exe
  2⤵
  PID:2820
- C:\Windows\System\HbWyAVl.exe
  C:\Windows\System\HbWyAVl.exe
  2⤵
  PID:2156
- C:\Windows\System\sEarEIC.exe
  C:\Windows\System\sEarEIC.exe
  2⤵
  PID:1372
- C:\Windows\System\bwaTXmI.exe
  C:\Windows\System\bwaTXmI.exe
  2⤵
  PID:3068
- C:\Windows\System\uuwvCSZ.exe
  C:\Windows\System\uuwvCSZ.exe
  2⤵
  PID:1548
- C:\Windows\System\SlDupRZ.exe
  C:\Windows\System\SlDupRZ.exe
  2⤵
  PID:1956
- C:\Windows\System\FefpUUn.exe
  C:\Windows\System\FefpUUn.exe
  2⤵
  PID:2016
- C:\Windows\System\VVlnCZJ.exe
  C:\Windows\System\VVlnCZJ.exe
  2⤵
  PID:1308
- C:\Windows\System\qeDvfIW.exe
  C:\Windows\System\qeDvfIW.exe
  2⤵
  PID:2288
- C:\Windows\System\QUDsnIw.exe
  C:\Windows\System\QUDsnIw.exe
  2⤵
  PID:444
- C:\Windows\System\RckLFLB.exe
  C:\Windows\System\RckLFLB.exe
  2⤵
  PID:2088
- C:\Windows\System\oajHhpd.exe
  C:\Windows\System\oajHhpd.exe
  2⤵
  PID:688
- C:\Windows\System\LiHkXTv.exe
  C:\Windows\System\LiHkXTv.exe
  2⤵
  PID:2944
- C:\Windows\System\ccgJGUv.exe
  C:\Windows\System\ccgJGUv.exe
  2⤵
  PID:2904
- C:\Windows\System\OSfhAYd.exe
  C:\Windows\System\OSfhAYd.exe
  2⤵
  PID:1600
- C:\Windows\System\sdgvSeW.exe
  C:\Windows\System\sdgvSeW.exe
  2⤵
  PID:748
- C:\Windows\System\bnCvzrE.exe
  C:\Windows\System\bnCvzrE.exe
  2⤵
  PID:2432
- C:\Windows\System\jfdtLRt.exe
  C:\Windows\System\jfdtLRt.exe
  2⤵
  PID:1740
- C:\Windows\System\ZAmgywa.exe
  C:\Windows\System\ZAmgywa.exe
  2⤵
  PID:2316
- C:\Windows\System\IePbYLS.exe
  C:\Windows\System\IePbYLS.exe
  2⤵
  PID:1528
- C:\Windows\System\ApGudAt.exe
  C:\Windows\System\ApGudAt.exe
  2⤵
  PID:2264
- C:\Windows\System\KlcqZyF.exe
  C:\Windows\System\KlcqZyF.exe
  2⤵
  PID:696
- C:\Windows\System\EprOtOW.exe
  C:\Windows\System\EprOtOW.exe
  2⤵
  PID:984
- C:\Windows\System\qGcyWlS.exe
  C:\Windows\System\qGcyWlS.exe
  2⤵
  PID:1864
- C:\Windows\System\PhprnrK.exe
  C:\Windows\System\PhprnrK.exe
  2⤵
  PID:348
- C:\Windows\System\MTlzRHH.exe
  C:\Windows\System\MTlzRHH.exe
  2⤵
  PID:1972
- C:\Windows\System\lOHllGX.exe
  C:\Windows\System\lOHllGX.exe
  2⤵
  PID:1636
- C:\Windows\System\ycFrNQE.exe
  C:\Windows\System\ycFrNQE.exe
  2⤵
  PID:2680
- C:\Windows\System\KWsGTxU.exe
  C:\Windows\System\KWsGTxU.exe
  2⤵
  PID:1292
- C:\Windows\System\IRYWAwu.exe
  C:\Windows\System\IRYWAwu.exe
  2⤵
  PID:2844
- C:\Windows\System\mvZHWno.exe
  C:\Windows\System\mvZHWno.exe
  2⤵
  PID:2204
- C:\Windows\System\vHDfioc.exe
  C:\Windows\System\vHDfioc.exe
  2⤵
  PID:1716
- C:\Windows\System\gfordof.exe
  C:\Windows\System\gfordof.exe
  2⤵
  PID:2720
- C:\Windows\System\oAqafzg.exe
  C:\Windows\System\oAqafzg.exe
  2⤵
  PID:1068
- C:\Windows\System\OGwgCCI.exe
  C:\Windows\System\OGwgCCI.exe
  2⤵
  PID:268
- C:\Windows\System\rfVyVmk.exe
  C:\Windows\System\rfVyVmk.exe
  2⤵
  PID:2796
- C:\Windows\System\FqGsTNT.exe
  C:\Windows\System\FqGsTNT.exe
  2⤵
  PID:2800
- C:\Windows\System\XGHTgHu.exe
  C:\Windows\System\XGHTgHu.exe
  2⤵
  PID:2488
- C:\Windows\System\jmREdnR.exe
  C:\Windows\System\jmREdnR.exe
  2⤵
  PID:2208
- C:\Windows\System\VhXkMyr.exe
  C:\Windows\System\VhXkMyr.exe
  2⤵
  PID:2724
- C:\Windows\System\WekwgxI.exe
  C:\Windows\System\WekwgxI.exe
  2⤵
  PID:2584
- C:\Windows\System\LrgfVAx.exe
  C:\Windows\System\LrgfVAx.exe
  2⤵
  PID:2872
- C:\Windows\System\nMQkJgC.exe
  C:\Windows\System\nMQkJgC.exe
  2⤵
  PID:2044
- C:\Windows\System\giPuODT.exe
  C:\Windows\System\giPuODT.exe
  2⤵
  PID:1348
- C:\Windows\System\ADsarDu.exe
  C:\Windows\System\ADsarDu.exe
  2⤵
  PID:1512
- C:\Windows\System\dlCuELa.exe
  C:\Windows\System\dlCuELa.exe
  2⤵
  PID:2468
- C:\Windows\System\GrCqWTP.exe
  C:\Windows\System\GrCqWTP.exe
  2⤵
  PID:2100
- C:\Windows\System\kZRCZAe.exe
  C:\Windows\System\kZRCZAe.exe
  2⤵
  PID:2992
- C:\Windows\System\JmOKhUq.exe
  C:\Windows\System\JmOKhUq.exe
  2⤵
  PID:1052
- C:\Windows\System\aeyTHwK.exe
  C:\Windows\System\aeyTHwK.exe
  2⤵
  PID:988
- C:\Windows\System\JLZmEQv.exe
  C:\Windows\System\JLZmEQv.exe
  2⤵
  PID:2072
- C:\Windows\System\KKIfKaG.exe
  C:\Windows\System\KKIfKaG.exe
  2⤵
  PID:2084
- C:\Windows\System\pLdwjTJ.exe
  C:\Windows\System\pLdwjTJ.exe
  2⤵
  PID:1056
- C:\Windows\System\xxgEaKb.exe
  C:\Windows\System\xxgEaKb.exe
  2⤵
  PID:1756
- C:\Windows\System\hZAfloB.exe
  C:\Windows\System\hZAfloB.exe
  2⤵
  PID:1748
- C:\Windows\System\OFpbPJo.exe
  C:\Windows\System\OFpbPJo.exe
  2⤵
  PID:1176
- C:\Windows\System\NHdGeUQ.exe
  C:\Windows\System\NHdGeUQ.exe
  2⤵
  PID:2244
- C:\Windows\System\PpNszQd.exe
  C:\Windows\System\PpNszQd.exe
  2⤵
  PID:1556
- C:\Windows\System\vrovZGH.exe
  C:\Windows\System\vrovZGH.exe
  2⤵
  PID:2572
- C:\Windows\System\pcNqUwj.exe
  C:\Windows\System\pcNqUwj.exe
  2⤵
  PID:2588
- C:\Windows\System\OyLcOQP.exe
  C:\Windows\System\OyLcOQP.exe
  2⤵
  PID:2356
- C:\Windows\System\oVBmdxG.exe
  C:\Windows\System\oVBmdxG.exe
  2⤵
  PID:2648
- C:\Windows\System\iSnJDUv.exe
  C:\Windows\System\iSnJDUv.exe
  2⤵
  PID:2712
- C:\Windows\System\GWOsYND.exe
  C:\Windows\System\GWOsYND.exe
  2⤵
  PID:2600
- C:\Windows\System\bBruFfh.exe
  C:\Windows\System\bBruFfh.exe
  2⤵
  PID:2768
- C:\Windows\System\iShyFwj.exe
  C:\Windows\System\iShyFwj.exe
  2⤵
  PID:2832
- C:\Windows\System\kHixVqp.exe
  C:\Windows\System\kHixVqp.exe
  2⤵
  PID:2780
- C:\Windows\System\lnneXje.exe
  C:\Windows\System\lnneXje.exe
  2⤵
  PID:1500
- C:\Windows\System\vGlxpcU.exe
  C:\Windows\System\vGlxpcU.exe
  2⤵
  PID:2500
- C:\Windows\System\KQsxgWv.exe
  C:\Windows\System\KQsxgWv.exe
  2⤵
  PID:944
- C:\Windows\System\FzCdyAd.exe
  C:\Windows\System\FzCdyAd.exe
  2⤵
  PID:1368
- C:\Windows\System\XFKUtOA.exe
  C:\Windows\System\XFKUtOA.exe
  2⤵
  PID:1800
- C:\Windows\System\qluEfxn.exe
  C:\Windows\System\qluEfxn.exe
  2⤵
  PID:3016
- C:\Windows\System\XVcqrgt.exe
  C:\Windows\System\XVcqrgt.exe
  2⤵
  PID:836
- C:\Windows\System\Snzgxwd.exe
  C:\Windows\System\Snzgxwd.exe
  2⤵
  PID:2956
- C:\Windows\System\tuipKFy.exe
  C:\Windows\System\tuipKFy.exe
  2⤵
  PID:2960
- C:\Windows\System\jwkbUeb.exe
  C:\Windows\System\jwkbUeb.exe
  2⤵
  PID:2428
- C:\Windows\System\VFRqAOJ.exe
  C:\Windows\System\VFRqAOJ.exe
  2⤵
  PID:796
- C:\Windows\System\jmJGfhn.exe
  C:\Windows\System\jmJGfhn.exe
  2⤵
  PID:2296
- C:\Windows\System\aSGdUFI.exe
  C:\Windows\System\aSGdUFI.exe
  2⤵
  PID:2560
- C:\Windows\System\NvbnZLH.exe
  C:\Windows\System\NvbnZLH.exe
  2⤵
  PID:2760
- C:\Windows\System\oUgtwXK.exe
  C:\Windows\System\oUgtwXK.exe
  2⤵
  PID:1220
- C:\Windows\System\WGYeKGm.exe
  C:\Windows\System\WGYeKGm.exe
  2⤵
  PID:1612
- C:\Windows\System\vYyGGrR.exe
  C:\Windows\System\vYyGGrR.exe
  2⤵
  PID:2776
- C:\Windows\System\qfbVUIH.exe
  C:\Windows\System\qfbVUIH.exe
  2⤵
  PID:2924
- C:\Windows\System\hxbNxNH.exe
  C:\Windows\System\hxbNxNH.exe
  2⤵
  PID:2752
- C:\Windows\System\BwmubqX.exe
  C:\Windows\System\BwmubqX.exe
  2⤵
  PID:340
- C:\Windows\System\VswJRTr.exe
  C:\Windows\System\VswJRTr.exe
  2⤵
  PID:3076
- C:\Windows\System\lJoeQlZ.exe
  C:\Windows\System\lJoeQlZ.exe
  2⤵
  PID:3092
- C:\Windows\System\CrPPHDY.exe
  C:\Windows\System\CrPPHDY.exe
  2⤵
  PID:3108
- C:\Windows\System\oiKDxod.exe
  C:\Windows\System\oiKDxod.exe
  2⤵
  PID:3132
- C:\Windows\System\DhZtviR.exe
  C:\Windows\System\DhZtviR.exe
  2⤵
  PID:3152
- C:\Windows\System\amUvjpm.exe
  C:\Windows\System\amUvjpm.exe
  2⤵
  PID:3168
- C:\Windows\System\FZzfBup.exe
  C:\Windows\System\FZzfBup.exe
  2⤵
  PID:3184
- C:\Windows\System\yCIFepy.exe
  C:\Windows\System\yCIFepy.exe
  2⤵
  PID:3200
- C:\Windows\System\sdenzFC.exe
  C:\Windows\System\sdenzFC.exe
  2⤵
  PID:3236
- C:\Windows\System\bfctHlF.exe
  C:\Windows\System\bfctHlF.exe
  2⤵
  PID:3304
- C:\Windows\System\oyggKnp.exe
  C:\Windows\System\oyggKnp.exe
  2⤵
  PID:3320
- C:\Windows\System\mtmVmqv.exe
  C:\Windows\System\mtmVmqv.exe
  2⤵
  PID:3336
- C:\Windows\System\JOtAIUb.exe
  C:\Windows\System\JOtAIUb.exe
  2⤵
  PID:3368
- C:\Windows\System\nJpcUbx.exe
  C:\Windows\System\nJpcUbx.exe
  2⤵
  PID:3396
- C:\Windows\System\sfqjlbS.exe
  C:\Windows\System\sfqjlbS.exe
  2⤵
  PID:3412
- C:\Windows\System\PpqCeAK.exe
  C:\Windows\System\PpqCeAK.exe
  2⤵
  PID:3428
- C:\Windows\System\HDAQDJg.exe
  C:\Windows\System\HDAQDJg.exe
  2⤵
  PID:3448
- C:\Windows\System\kJtcAAd.exe
  C:\Windows\System\kJtcAAd.exe
  2⤵
  PID:3464
- C:\Windows\System\VCNpGzz.exe
  C:\Windows\System\VCNpGzz.exe
  2⤵
  PID:3484
- C:\Windows\System\FFgubIQ.exe
  C:\Windows\System\FFgubIQ.exe
  2⤵
  PID:3504
- C:\Windows\System\iobRwKi.exe
  C:\Windows\System\iobRwKi.exe
  2⤵
  PID:3520
- C:\Windows\System\UrFwhwr.exe
  C:\Windows\System\UrFwhwr.exe
  2⤵
  PID:3536
- C:\Windows\System\EXmhGnk.exe
  C:\Windows\System\EXmhGnk.exe
  2⤵
  PID:3556
- C:\Windows\System\GfweRTe.exe
  C:\Windows\System\GfweRTe.exe
  2⤵
  PID:3576
- C:\Windows\System\QldKOoj.exe
  C:\Windows\System\QldKOoj.exe
  2⤵
  PID:3596
- C:\Windows\System\rgkjpgP.exe
  C:\Windows\System\rgkjpgP.exe
  2⤵
  PID:3612
- C:\Windows\System\AjwgDjl.exe
  C:\Windows\System\AjwgDjl.exe
  2⤵
  PID:3640
- C:\Windows\System\ZhOITYH.exe
  C:\Windows\System\ZhOITYH.exe
  2⤵
  PID:3668
- C:\Windows\System\ngadYbd.exe
  C:\Windows\System\ngadYbd.exe
  2⤵
  PID:3684
- C:\Windows\System\JNwdlMG.exe
  C:\Windows\System\JNwdlMG.exe
  2⤵
  PID:3700
- C:\Windows\System\lEUzQVz.exe
  C:\Windows\System\lEUzQVz.exe
  2⤵
  PID:3716
- C:\Windows\System\fjFCVIs.exe
  C:\Windows\System\fjFCVIs.exe
  2⤵
  PID:3732
- C:\Windows\System\gQJGquW.exe
  C:\Windows\System\gQJGquW.exe
  2⤵
  PID:3748
- C:\Windows\System\GQzUSAk.exe
  C:\Windows\System\GQzUSAk.exe
  2⤵
  PID:3768
- C:\Windows\System\NzbTaGT.exe
  C:\Windows\System\NzbTaGT.exe
  2⤵
  PID:3816
- C:\Windows\System\aFQiSwm.exe
  C:\Windows\System\aFQiSwm.exe
  2⤵
  PID:3832
- C:\Windows\System\aUuVUij.exe
  C:\Windows\System\aUuVUij.exe
  2⤵
  PID:3848
- C:\Windows\System\OrrZDbu.exe
  C:\Windows\System\OrrZDbu.exe
  2⤵
  PID:3864
- C:\Windows\System\zmElmUK.exe
  C:\Windows\System\zmElmUK.exe
  2⤵
  PID:3880
- C:\Windows\System\hyWaTUB.exe
  C:\Windows\System\hyWaTUB.exe
  2⤵
  PID:3904
- C:\Windows\System\lbDGrKk.exe
  C:\Windows\System\lbDGrKk.exe
  2⤵
  PID:3920
- C:\Windows\System\XHPFErt.exe
  C:\Windows\System\XHPFErt.exe
  2⤵
  PID:3936
- C:\Windows\System\XMtRnMs.exe
  C:\Windows\System\XMtRnMs.exe
  2⤵
  PID:3952
- C:\Windows\System\reUpBgs.exe
  C:\Windows\System\reUpBgs.exe
  2⤵
  PID:3968
- C:\Windows\System\xOmHJaB.exe
  C:\Windows\System\xOmHJaB.exe
  2⤵
  PID:3984
- C:\Windows\System\fwOchCB.exe
  C:\Windows\System\fwOchCB.exe
  2⤵
  PID:4008
- C:\Windows\System\QjkeySE.exe
  C:\Windows\System\QjkeySE.exe
  2⤵
  PID:4024
- C:\Windows\System\vJFSZdp.exe
  C:\Windows\System\vJFSZdp.exe
  2⤵
  PID:4040
- C:\Windows\System\wXDoeHG.exe
  C:\Windows\System\wXDoeHG.exe
  2⤵
  PID:4056
- C:\Windows\System\aYzPSNH.exe
  C:\Windows\System\aYzPSNH.exe
  2⤵
  PID:4080
- C:\Windows\System\VFWcZMo.exe
  C:\Windows\System\VFWcZMo.exe
  2⤵
  PID:2200
- C:\Windows\System\wrELgQk.exe
  C:\Windows\System\wrELgQk.exe
  2⤵
  PID:2784
- C:\Windows\System\HGfGuDD.exe
  C:\Windows\System\HGfGuDD.exe
  2⤵
  PID:3028
- C:\Windows\System\OlaYaJB.exe
  C:\Windows\System\OlaYaJB.exe
  2⤵
  PID:1984
- C:\Windows\System\uvEYOvn.exe
  C:\Windows\System\uvEYOvn.exe
  2⤵
  PID:3148
- C:\Windows\System\fnDSTEj.exe
  C:\Windows\System\fnDSTEj.exe
  2⤵
  PID:1524
- C:\Windows\System\zuTSzis.exe
  C:\Windows\System\zuTSzis.exe
  2⤵
  PID:3124
- C:\Windows\System\sXFttiy.exe
  C:\Windows\System\sXFttiy.exe
  2⤵
  PID:1648
- C:\Windows\System\vlYxTWI.exe
  C:\Windows\System\vlYxTWI.exe
  2⤵
  PID:2548
- C:\Windows\System\YEYfBnn.exe
  C:\Windows\System\YEYfBnn.exe
  2⤵
  PID:1712
- C:\Windows\System\vKofHeN.exe
  C:\Windows\System\vKofHeN.exe
  2⤵
  PID:3232
- C:\Windows\System\kMQkEGC.exe
  C:\Windows\System\kMQkEGC.exe
  2⤵
  PID:3272
- C:\Windows\System\NWTxGIw.exe
  C:\Windows\System\NWTxGIw.exe
  2⤵
  PID:3316
- C:\Windows\System\tZFuiuW.exe
  C:\Windows\System\tZFuiuW.exe
  2⤵
  PID:3360
- C:\Windows\System\jkocNmu.exe
  C:\Windows\System\jkocNmu.exe
  2⤵
  PID:3384
- C:\Windows\System\IqWbwzQ.exe
  C:\Windows\System\IqWbwzQ.exe
  2⤵
  PID:3392
- C:\Windows\System\TPdSWXD.exe
  C:\Windows\System\TPdSWXD.exe
  2⤵
  PID:3472
- C:\Windows\System\vNCbABW.exe
  C:\Windows\System\vNCbABW.exe
  2⤵
  PID:3552
- C:\Windows\System\EvwoJPD.exe
  C:\Windows\System\EvwoJPD.exe
  2⤵
  PID:3584
- C:\Windows\System\ulIEtmS.exe
  C:\Windows\System\ulIEtmS.exe
  2⤵
  PID:3624
- C:\Windows\System\LGANCfc.exe
  C:\Windows\System\LGANCfc.exe
  2⤵
  PID:3564
- C:\Windows\System\FjXBLse.exe
  C:\Windows\System\FjXBLse.exe
  2⤵
  PID:3608
- C:\Windows\System\RNKKZnK.exe
  C:\Windows\System\RNKKZnK.exe
  2⤵
  PID:3492
- C:\Windows\System\rHGdrYS.exe
  C:\Windows\System\rHGdrYS.exe
  2⤵
  PID:3532
- C:\Windows\System\XXBRXcE.exe
  C:\Windows\System\XXBRXcE.exe
  2⤵
  PID:3692
- C:\Windows\System\fZHsaoS.exe
  C:\Windows\System\fZHsaoS.exe
  2⤵
  PID:3728
- C:\Windows\System\jdLbmNh.exe
  C:\Windows\System\jdLbmNh.exe
  2⤵
  PID:3784
- C:\Windows\System\hCUBjBF.exe
  C:\Windows\System\hCUBjBF.exe
  2⤵
  PID:3800
- C:\Windows\System\qYCAVGZ.exe
  C:\Windows\System\qYCAVGZ.exe
  2⤵
  PID:3780
- C:\Windows\System\bPskLlF.exe
  C:\Windows\System\bPskLlF.exe
  2⤵
  PID:3944
- C:\Windows\System\cypsFML.exe
  C:\Windows\System\cypsFML.exe
  2⤵
  PID:3980
- C:\Windows\System\UdNRWtZ.exe
  C:\Windows\System\UdNRWtZ.exe
  2⤵
  PID:4088
- C:\Windows\System\jzHnhtk.exe
  C:\Windows\System\jzHnhtk.exe
  2⤵
  PID:3024
- C:\Windows\System\nbCpQQh.exe
  C:\Windows\System\nbCpQQh.exe
  2⤵
  PID:3888
- C:\Windows\System\liNuSox.exe
  C:\Windows\System\liNuSox.exe
  2⤵
  PID:1424
- C:\Windows\System\ahGNHxe.exe
  C:\Windows\System\ahGNHxe.exe
  2⤵
  PID:1952
- C:\Windows\System\otXycNn.exe
  C:\Windows\System\otXycNn.exe
  2⤵
  PID:4076
- C:\Windows\System\RWBmNQv.exe
  C:\Windows\System\RWBmNQv.exe
  2⤵
  PID:1688
- C:\Windows\System\GEBqkFu.exe
  C:\Windows\System\GEBqkFu.exe
  2⤵
  PID:2188
- C:\Windows\System\jjLuryV.exe
  C:\Windows\System\jjLuryV.exe
  2⤵
  PID:3164
- C:\Windows\System\xCqGcyX.exe
  C:\Windows\System\xCqGcyX.exe
  2⤵
  PID:3208
- C:\Windows\System\GHqrqjc.exe
  C:\Windows\System\GHqrqjc.exe
  2⤵
  PID:4004
- C:\Windows\System\yeDlxMl.exe
  C:\Windows\System\yeDlxMl.exe
  2⤵
  PID:3244
- C:\Windows\System\UxDNDWA.exe
  C:\Windows\System\UxDNDWA.exe
  2⤵
  PID:3252
- C:\Windows\System\usmomCe.exe
  C:\Windows\System\usmomCe.exe
  2⤵
  PID:3284
- C:\Windows\System\JYHIvEC.exe
  C:\Windows\System\JYHIvEC.exe
  2⤵
  PID:3300
- C:\Windows\System\WtlZmMm.exe
  C:\Windows\System\WtlZmMm.exe
  2⤵
  PID:3440
- C:\Windows\System\rRMYeCn.exe
  C:\Windows\System\rRMYeCn.exe
  2⤵
  PID:3460
- C:\Windows\System\djimFpv.exe
  C:\Windows\System\djimFpv.exe
  2⤵
  PID:3544
- C:\Windows\System\OnFbzoW.exe
  C:\Windows\System\OnFbzoW.exe
  2⤵
  PID:3680
- C:\Windows\System\swSiXSa.exe
  C:\Windows\System\swSiXSa.exe
  2⤵
  PID:3712
- C:\Windows\System\mHHhhbD.exe
  C:\Windows\System\mHHhhbD.exe
  2⤵
  PID:3664
- C:\Windows\System\wHEXayR.exe
  C:\Windows\System\wHEXayR.exe
  2⤵
  PID:3812
- C:\Windows\System\URxvktu.exe
  C:\Windows\System\URxvktu.exe
  2⤵
  PID:2816
- C:\Windows\System\UblUXII.exe
  C:\Windows\System\UblUXII.exe
  2⤵
  PID:4020
- C:\Windows\System\YyTlSuw.exe
  C:\Windows\System\YyTlSuw.exe
  2⤵
  PID:3528
- C:\Windows\System\UkFMuVK.exe
  C:\Windows\System\UkFMuVK.exe
  2⤵
  PID:3964
- C:\Windows\System\eucGgww.exe
  C:\Windows\System\eucGgww.exe
  2⤵
  PID:4072
- C:\Windows\System\KpUZLkT.exe
  C:\Windows\System\KpUZLkT.exe
  2⤵
  PID:3860
- C:\Windows\System\tRPeGlA.exe
  C:\Windows\System\tRPeGlA.exe
  2⤵
  PID:884
- C:\Windows\System\iiBVUYa.exe
  C:\Windows\System\iiBVUYa.exe
  2⤵
  PID:1816
- C:\Windows\System\MPdJJLH.exe
  C:\Windows\System\MPdJJLH.exe
  2⤵
  PID:1332
- C:\Windows\System\pQEToIC.exe
  C:\Windows\System\pQEToIC.exe
  2⤵
  PID:4036
- C:\Windows\System\kQyvUTc.exe
  C:\Windows\System\kQyvUTc.exe
  2⤵
  PID:3256
- C:\Windows\System\XDbOZBW.exe
  C:\Windows\System\XDbOZBW.exe
  2⤵
  PID:3196
- C:\Windows\System\bzvgOPE.exe
  C:\Windows\System\bzvgOPE.exe
  2⤵
  PID:3348
- C:\Windows\System\iKWztgI.exe
  C:\Windows\System\iKWztgI.exe
  2⤵
  PID:3388
- C:\Windows\System\cAvClki.exe
  C:\Windows\System\cAvClki.exe
  2⤵
  PID:3708
- C:\Windows\System\JJZgjWK.exe
  C:\Windows\System\JJZgjWK.exe
  2⤵
  PID:3604
- C:\Windows\System\ScgNIrt.exe
  C:\Windows\System\ScgNIrt.exe
  2⤵
  PID:3928
- C:\Windows\System\vwxskrx.exe
  C:\Windows\System\vwxskrx.exe
  2⤵
  PID:3100
- C:\Windows\System\QAqlFXS.exe
  C:\Windows\System\QAqlFXS.exe
  2⤵
  PID:3056
- C:\Windows\System\ucwnWSx.exe
  C:\Windows\System\ucwnWSx.exe
  2⤵
  PID:4048
- C:\Windows\System\wTfVvnn.exe
  C:\Windows\System\wTfVvnn.exe
  2⤵
  PID:3248
- C:\Windows\System\kNMqUYM.exe
  C:\Windows\System\kNMqUYM.exe
  2⤵
  PID:3776
- C:\Windows\System\NPJuukU.exe
  C:\Windows\System\NPJuukU.exe
  2⤵
  PID:3744
- C:\Windows\System\XYqnVdW.exe
  C:\Windows\System\XYqnVdW.exe
  2⤵
  PID:864
- C:\Windows\System\oVdKaTi.exe
  C:\Windows\System\oVdKaTi.exe
  2⤵
  PID:3572
- C:\Windows\System\lTgDCGT.exe
  C:\Windows\System\lTgDCGT.exe
  2⤵
  PID:3844
- C:\Windows\System\gnBevjU.exe
  C:\Windows\System\gnBevjU.exe
  2⤵
  PID:3516
- C:\Windows\System\XhURjIo.exe
  C:\Windows\System\XhURjIo.exe
  2⤵
  PID:3656
- C:\Windows\System\PadReEA.exe
  C:\Windows\System\PadReEA.exe
  2⤵
  PID:1508
- C:\Windows\System\nKklyLQ.exe
  C:\Windows\System\nKklyLQ.exe
  2⤵
  PID:3824
- C:\Windows\System\ZmJoHEQ.exe
  C:\Windows\System\ZmJoHEQ.exe
  2⤵
  PID:1932
- C:\Windows\System\OIgSqWs.exe
  C:\Windows\System\OIgSqWs.exe
  2⤵
  PID:3288
- C:\Windows\System\SbOChzv.exe
  C:\Windows\System\SbOChzv.exe
  2⤵
  PID:3900
- C:\Windows\System\ZwmGDFA.exe
  C:\Windows\System\ZwmGDFA.exe
  2⤵
  PID:3356
- C:\Windows\System\dUiuPWT.exe
  C:\Windows\System\dUiuPWT.exe
  2⤵
  PID:3960
- C:\Windows\System\yjXiRpO.exe
  C:\Windows\System\yjXiRpO.exe
  2⤵
  PID:4112
- C:\Windows\System\EtCARaK.exe
  C:\Windows\System\EtCARaK.exe
  2⤵
  PID:4128
- C:\Windows\System\ndoJzgI.exe
  C:\Windows\System\ndoJzgI.exe
  2⤵
  PID:4156
- C:\Windows\System\BmrVSsn.exe
  C:\Windows\System\BmrVSsn.exe
  2⤵
  PID:4176
- C:\Windows\System\cGMTAEp.exe
  C:\Windows\System\cGMTAEp.exe
  2⤵
  PID:4196
- C:\Windows\System\KcBKpTK.exe
  C:\Windows\System\KcBKpTK.exe
  2⤵
  PID:4212
- C:\Windows\System\QlmvnQL.exe
  C:\Windows\System\QlmvnQL.exe
  2⤵
  PID:4236
- C:\Windows\System\ciYBkcK.exe
  C:\Windows\System\ciYBkcK.exe
  2⤵
  PID:4256
- C:\Windows\System\IqMJlhC.exe
  C:\Windows\System\IqMJlhC.exe
  2⤵
  PID:4272
- C:\Windows\System\bWyOjmL.exe
  C:\Windows\System\bWyOjmL.exe
  2⤵
  PID:4288
- C:\Windows\System\gpNRaEg.exe
  C:\Windows\System\gpNRaEg.exe
  2⤵
  PID:4304
- C:\Windows\System\USgWrrQ.exe
  C:\Windows\System\USgWrrQ.exe
  2⤵
  PID:4328
- C:\Windows\System\VATxZWN.exe
  C:\Windows\System\VATxZWN.exe
  2⤵
  PID:4352
- C:\Windows\System\YkMtChC.exe
  C:\Windows\System\YkMtChC.exe
  2⤵
  PID:4368
- C:\Windows\System\YuotbSy.exe
  C:\Windows\System\YuotbSy.exe
  2⤵
  PID:4384
- C:\Windows\System\giFDJbu.exe
  C:\Windows\System\giFDJbu.exe
  2⤵
  PID:4404
- C:\Windows\System\xIzaGGj.exe
  C:\Windows\System\xIzaGGj.exe
  2⤵
  PID:4420
- C:\Windows\System\MbPkXco.exe
  C:\Windows\System\MbPkXco.exe
  2⤵
  PID:4436
- C:\Windows\System\ttGaEXk.exe
  C:\Windows\System\ttGaEXk.exe
  2⤵
  PID:4452
- C:\Windows\System\aEilDIp.exe
  C:\Windows\System\aEilDIp.exe
  2⤵
  PID:4468
- C:\Windows\System\UwiSyae.exe
  C:\Windows\System\UwiSyae.exe
  2⤵
  PID:4484
- C:\Windows\System\ZPEhqtS.exe
  C:\Windows\System\ZPEhqtS.exe
  2⤵
  PID:4512
- C:\Windows\System\jpFXMmE.exe
  C:\Windows\System\jpFXMmE.exe
  2⤵
  PID:4532
- C:\Windows\System\KSWOxAz.exe
  C:\Windows\System\KSWOxAz.exe
  2⤵
  PID:4548
- C:\Windows\System\FTgdyZl.exe
  C:\Windows\System\FTgdyZl.exe
  2⤵
  PID:4580
- C:\Windows\System\zBBGmaB.exe
  C:\Windows\System\zBBGmaB.exe
  2⤵
  PID:4612
- C:\Windows\System\flLUCNZ.exe
  C:\Windows\System\flLUCNZ.exe
  2⤵
  PID:4628
- C:\Windows\System\kZIxUXO.exe
  C:\Windows\System\kZIxUXO.exe
  2⤵
  PID:4652
- C:\Windows\System\hZHWCeA.exe
  C:\Windows\System\hZHWCeA.exe
  2⤵
  PID:4668
- C:\Windows\System\RXAnbGR.exe
  C:\Windows\System\RXAnbGR.exe
  2⤵
  PID:4684
- C:\Windows\System\VhvRZqZ.exe
  C:\Windows\System\VhvRZqZ.exe
  2⤵
  PID:4704
- C:\Windows\System\qKoPPnr.exe
  C:\Windows\System\qKoPPnr.exe
  2⤵
  PID:4720
- C:\Windows\System\gfFTPGP.exe
  C:\Windows\System\gfFTPGP.exe
  2⤵
  PID:4736
- C:\Windows\System\Weyxrzz.exe
  C:\Windows\System\Weyxrzz.exe
  2⤵
  PID:4752
- C:\Windows\System\kaTdrdm.exe
  C:\Windows\System\kaTdrdm.exe
  2⤵
  PID:4772
- C:\Windows\System\vocEYUJ.exe
  C:\Windows\System\vocEYUJ.exe
  2⤵
  PID:4792
- C:\Windows\System\JbAhQND.exe
  C:\Windows\System\JbAhQND.exe
  2⤵
  PID:4808
- C:\Windows\System\NrstWCL.exe
  C:\Windows\System\NrstWCL.exe
  2⤵
  PID:4824
- C:\Windows\System\wQFjuvM.exe
  C:\Windows\System\wQFjuvM.exe
  2⤵
  PID:4840
- C:\Windows\System\fFfxeIU.exe
  C:\Windows\System\fFfxeIU.exe
  2⤵
  PID:4896
- C:\Windows\System\HsJXxLZ.exe
  C:\Windows\System\HsJXxLZ.exe
  2⤵
  PID:4920
- C:\Windows\System\rAIKnwL.exe
  C:\Windows\System\rAIKnwL.exe
  2⤵
  PID:4936
- C:\Windows\System\LfTfzIm.exe
  C:\Windows\System\LfTfzIm.exe
  2⤵
  PID:4952
- C:\Windows\System\NepDaRF.exe
  C:\Windows\System\NepDaRF.exe
  2⤵
  PID:4968
- C:\Windows\System\hcsBfMI.exe
  C:\Windows\System\hcsBfMI.exe
  2⤵
  PID:4984
- C:\Windows\System\kvDgxfa.exe
  C:\Windows\System\kvDgxfa.exe
  2⤵
  PID:5004
- C:\Windows\System\mJnVqIt.exe
  C:\Windows\System\mJnVqIt.exe
  2⤵
  PID:5024
- C:\Windows\System\NuInZXl.exe
  C:\Windows\System\NuInZXl.exe
  2⤵
  PID:5040
- C:\Windows\System\PRUOnvQ.exe
  C:\Windows\System\PRUOnvQ.exe
  2⤵
  PID:5056
- C:\Windows\System\xqAMktX.exe
  C:\Windows\System\xqAMktX.exe
  2⤵
  PID:5072
- C:\Windows\System\uguibQU.exe
  C:\Windows\System\uguibQU.exe
  2⤵
  PID:5088
- C:\Windows\System\ABDjQKT.exe
  C:\Windows\System\ABDjQKT.exe
  2⤵
  PID:5108
- C:\Windows\System\SnnqDoz.exe
  C:\Windows\System\SnnqDoz.exe
  2⤵
  PID:3808
- C:\Windows\System\asYlnQl.exe
  C:\Windows\System\asYlnQl.exe
  2⤵
  PID:3444
- C:\Windows\System\dAwlsea.exe
  C:\Windows\System\dAwlsea.exe
  2⤵
  PID:4120
- C:\Windows\System\ZZnfihU.exe
  C:\Windows\System\ZZnfihU.exe
  2⤵
  PID:4208
- C:\Windows\System\vNfnUqb.exe
  C:\Windows\System\vNfnUqb.exe
  2⤵
  PID:4232
- C:\Windows\System\Zedlvmi.exe
  C:\Windows\System\Zedlvmi.exe
  2⤵
  PID:4268
- C:\Windows\System\uJDEylx.exe
  C:\Windows\System\uJDEylx.exe
  2⤵
  PID:4284
- C:\Windows\System\PZBUXPo.exe
  C:\Windows\System\PZBUXPo.exe
  2⤵
  PID:4348
- C:\Windows\System\euVLJPL.exe
  C:\Windows\System\euVLJPL.exe
  2⤵
  PID:4412
- C:\Windows\System\XCFiYbr.exe
  C:\Windows\System\XCFiYbr.exe
  2⤵
  PID:4520
- C:\Windows\System\gqFwrQB.exe
  C:\Windows\System\gqFwrQB.exe
  2⤵
  PID:4556
- C:\Windows\System\fmcpiTR.exe
  C:\Windows\System\fmcpiTR.exe
  2⤵
  PID:4576
- C:\Windows\System\PxJrcGB.exe
  C:\Windows\System\PxJrcGB.exe
  2⤵
  PID:4324
- C:\Windows\System\LGsCvCt.exe
  C:\Windows\System\LGsCvCt.exe
  2⤵
  PID:4460
- C:\Windows\System\XaWfHqW.exe
  C:\Windows\System\XaWfHqW.exe
  2⤵
  PID:4464
- C:\Windows\System\ltWsvUL.exe
  C:\Windows\System\ltWsvUL.exe
  2⤵
  PID:4492
- C:\Windows\System\chZMGQB.exe
  C:\Windows\System\chZMGQB.exe
  2⤵
  PID:4664
- C:\Windows\System\oviDdaC.exe
  C:\Windows\System\oviDdaC.exe
  2⤵
  PID:4604
- C:\Windows\System\nKfiyoW.exe
  C:\Windows\System\nKfiyoW.exe
  2⤵
  PID:4768
- C:\Windows\System\JvwtJfb.exe
  C:\Windows\System\JvwtJfb.exe
  2⤵
  PID:4868
- C:\Windows\System\klaOhJH.exe
  C:\Windows\System\klaOhJH.exe
  2⤵
  PID:4676
- C:\Windows\System\sdFNmOZ.exe
  C:\Windows\System\sdFNmOZ.exe
  2⤵
  PID:4716
- C:\Windows\System\xRLJqzk.exe
  C:\Windows\System\xRLJqzk.exe
  2⤵
  PID:4780
- C:\Windows\System\BZJvgCU.exe
  C:\Windows\System\BZJvgCU.exe
  2⤵
  PID:4848
- C:\Windows\System\TvFJsZk.exe
  C:\Windows\System\TvFJsZk.exe
  2⤵
  PID:4888
- C:\Windows\System\atmoBXY.exe
  C:\Windows\System\atmoBXY.exe
  2⤵
  PID:4916
- C:\Windows\System\VaQkPMN.exe
  C:\Windows\System\VaQkPMN.exe
  2⤵
  PID:4980
- C:\Windows\System\yywZVmw.exe
  C:\Windows\System\yywZVmw.exe
  2⤵
  PID:5020
- C:\Windows\System\YZFfhTp.exe
  C:\Windows\System\YZFfhTp.exe
  2⤵
  PID:5116
- C:\Windows\System\jjzmwrd.exe
  C:\Windows\System\jjzmwrd.exe
  2⤵
  PID:5032
- C:\Windows\System\atnCTso.exe
  C:\Windows\System\atnCTso.exe
  2⤵
  PID:4140
- C:\Windows\System\YBeZsjI.exe
  C:\Windows\System\YBeZsjI.exe
  2⤵
  PID:5100
- C:\Windows\System\flgPWBK.exe
  C:\Windows\System\flgPWBK.exe
  2⤵
  PID:4220
- C:\Windows\System\htJSufU.exe
  C:\Windows\System\htJSufU.exe
  2⤵
  PID:4992
- C:\Windows\System\rAJBekN.exe
  C:\Windows\System\rAJBekN.exe
  2⤵
  PID:4172
- C:\Windows\System\lgnxTkH.exe
  C:\Windows\System\lgnxTkH.exe
  2⤵
  PID:4380
- C:\Windows\System\sJDzpxN.exe
  C:\Windows\System\sJDzpxN.exe
  2⤵
  PID:4504
- C:\Windows\System\pZDSNrR.exe
  C:\Windows\System\pZDSNrR.exe
  2⤵
  PID:4508
- C:\Windows\System\wXfTbXd.exe
  C:\Windows\System\wXfTbXd.exe
  2⤵
  PID:4568
- C:\Windows\System\OqVdUTD.exe
  C:\Windows\System\OqVdUTD.exe
  2⤵
  PID:4692
- C:\Windows\System\osrCkBc.exe
  C:\Windows\System\osrCkBc.exe
  2⤵
  PID:4364
- C:\Windows\System\dbbzvtK.exe
  C:\Windows\System\dbbzvtK.exe
  2⤵
  PID:4592
- C:\Windows\System\GSdlThc.exe
  C:\Windows\System\GSdlThc.exe
  2⤵
  PID:3276
- C:\Windows\System\FKXjMrX.exe
  C:\Windows\System\FKXjMrX.exe
  2⤵
  PID:4804
- C:\Windows\System\PxdFcMx.exe
  C:\Windows\System\PxdFcMx.exe
  2⤵
  PID:4640
- C:\Windows\System\kjPWMIj.exe
  C:\Windows\System\kjPWMIj.exe
  2⤵
  PID:4884
- C:\Windows\System\vLlbDMh.exe
  C:\Windows\System\vLlbDMh.exe
  2⤵
  PID:4976
- C:\Windows\System\ZCVCnst.exe
  C:\Windows\System\ZCVCnst.exe
  2⤵
  PID:5080
- C:\Windows\System\mAyyQNN.exe
  C:\Windows\System\mAyyQNN.exe
  2⤵
  PID:4000
- C:\Windows\System\EuzIUtK.exe
  C:\Windows\System\EuzIUtK.exe
  2⤵
  PID:4108
- C:\Windows\System\nPKpKNI.exe
  C:\Windows\System\nPKpKNI.exe
  2⤵
  PID:4192
- C:\Windows\System\jmatrsJ.exe
  C:\Windows\System\jmatrsJ.exe
  2⤵
  PID:4100
- C:\Windows\System\fsvwadf.exe
  C:\Windows\System\fsvwadf.exe
  2⤵
  PID:5000
- C:\Windows\System\xhcNIsT.exe
  C:\Windows\System\xhcNIsT.exe
  2⤵
  PID:4300
- C:\Windows\System\YRGAAmr.exe
  C:\Windows\System\YRGAAmr.exe
  2⤵
  PID:4660
- C:\Windows\System\qjanfSF.exe
  C:\Windows\System\qjanfSF.exe
  2⤵
  PID:4244
- C:\Windows\System\FshEbVv.exe
  C:\Windows\System\FshEbVv.exe
  2⤵
  PID:4264
- C:\Windows\System\dRRnEPk.exe
  C:\Windows\System\dRRnEPk.exe
  2⤵
  PID:4760
- C:\Windows\System\sNFxoyb.exe
  C:\Windows\System\sNFxoyb.exe
  2⤵
  PID:4396
- C:\Windows\System\EQJCvCN.exe
  C:\Windows\System\EQJCvCN.exe
  2⤵
  PID:4864
- C:\Windows\System\YdMEFMG.exe
  C:\Windows\System\YdMEFMG.exe
  2⤵
  PID:4852
- C:\Windows\System\uPOVYuk.exe
  C:\Windows\System\uPOVYuk.exe
  2⤵
  PID:4904
- C:\Windows\System\SICsCbY.exe
  C:\Windows\System\SICsCbY.exe
  2⤵
  PID:5068
- C:\Windows\System\PygJPxB.exe
  C:\Windows\System\PygJPxB.exe
  2⤵
  PID:4996
- C:\Windows\System\mufvMaV.exe
  C:\Windows\System\mufvMaV.exe
  2⤵
  PID:4528
- C:\Windows\System\HmUwmGS.exe
  C:\Windows\System\HmUwmGS.exe
  2⤵
  PID:4544
- C:\Windows\System\oRsTnrg.exe
  C:\Windows\System\oRsTnrg.exe
  2⤵
  PID:4316
- C:\Windows\System\fAXFXfc.exe
  C:\Windows\System\fAXFXfc.exe
  2⤵
  PID:4712
- C:\Windows\System\hlWFXtI.exe
  C:\Windows\System\hlWFXtI.exe
  2⤵
  PID:4644
- C:\Windows\System\bokeImE.exe
  C:\Windows\System\bokeImE.exe
  2⤵
  PID:5096
- C:\Windows\System\zVDRdiz.exe
  C:\Windows\System\zVDRdiz.exe
  2⤵
  PID:4728
- C:\Windows\System\YAWQAWq.exe
  C:\Windows\System\YAWQAWq.exe
  2⤵
  PID:4344
- C:\Windows\System\XRZnnUn.exe
  C:\Windows\System\XRZnnUn.exe
  2⤵
  PID:4788
- C:\Windows\System\roIaoLd.exe
  C:\Windows\System\roIaoLd.exe
  2⤵
  PID:3628
- C:\Windows\System\SeVbgXr.exe
  C:\Windows\System\SeVbgXr.exe
  2⤵
  PID:4748
- C:\Windows\System\bEoRMym.exe
  C:\Windows\System\bEoRMym.exe
  2⤵
  PID:5132
- C:\Windows\System\QOHnowj.exe
  C:\Windows\System\QOHnowj.exe
  2⤵
  PID:5156
- C:\Windows\System\zzLKIot.exe
  C:\Windows\System\zzLKIot.exe
  2⤵
  PID:5172
- C:\Windows\System\FPXIzzJ.exe
  C:\Windows\System\FPXIzzJ.exe
  2⤵
  PID:5188
- C:\Windows\System\rbxgAQN.exe
  C:\Windows\System\rbxgAQN.exe
  2⤵
  PID:5204
- C:\Windows\System\JIADnPZ.exe
  C:\Windows\System\JIADnPZ.exe
  2⤵
  PID:5220
- C:\Windows\System\dlQAOdL.exe
  C:\Windows\System\dlQAOdL.exe
  2⤵
  PID:5236
- C:\Windows\System\pmMdHab.exe
  C:\Windows\System\pmMdHab.exe
  2⤵
  PID:5260
- C:\Windows\System\oQWUSnk.exe
  C:\Windows\System\oQWUSnk.exe
  2⤵
  PID:5280
- C:\Windows\System\zVwjXdV.exe
  C:\Windows\System\zVwjXdV.exe
  2⤵
  PID:5296
- C:\Windows\System\ecdWkxD.exe
  C:\Windows\System\ecdWkxD.exe
  2⤵
  PID:5312
- C:\Windows\System\AFzvtZA.exe
  C:\Windows\System\AFzvtZA.exe
  2⤵
  PID:5332
- C:\Windows\System\cTDcqty.exe
  C:\Windows\System\cTDcqty.exe
  2⤵
  PID:5348
- C:\Windows\System\XLqLTDK.exe
  C:\Windows\System\XLqLTDK.exe
  2⤵
  PID:5392
- C:\Windows\System\esAfoCb.exe
  C:\Windows\System\esAfoCb.exe
  2⤵
  PID:5416
- C:\Windows\System\RhwWdbO.exe
  C:\Windows\System\RhwWdbO.exe
  2⤵
  PID:5432
- C:\Windows\System\hzCtFgp.exe
  C:\Windows\System\hzCtFgp.exe
  2⤵
  PID:5448
- C:\Windows\System\zpUTqhN.exe
  C:\Windows\System\zpUTqhN.exe
  2⤵
  PID:5464
- C:\Windows\System\jTtmoRS.exe
  C:\Windows\System\jTtmoRS.exe
  2⤵
  PID:5484
- C:\Windows\System\sRDmJII.exe
  C:\Windows\System\sRDmJII.exe
  2⤵
  PID:5500
- C:\Windows\System\IRBsWqs.exe
  C:\Windows\System\IRBsWqs.exe
  2⤵
  PID:5516
- C:\Windows\System\AigctvC.exe
  C:\Windows\System\AigctvC.exe
  2⤵
  PID:5532
- C:\Windows\System\kSbrbWk.exe
  C:\Windows\System\kSbrbWk.exe
  2⤵
  PID:5556
- C:\Windows\System\SCNnucb.exe
  C:\Windows\System\SCNnucb.exe
  2⤵
  PID:5572
- C:\Windows\System\unCSUab.exe
  C:\Windows\System\unCSUab.exe
  2⤵
  PID:5588
- C:\Windows\System\ataFMiX.exe
  C:\Windows\System\ataFMiX.exe
  2⤵
  PID:5604
- C:\Windows\System\cJOMznF.exe
  C:\Windows\System\cJOMznF.exe
  2⤵
  PID:5620
- C:\Windows\System\RpkQIro.exe
  C:\Windows\System\RpkQIro.exe
  2⤵
  PID:5656
- C:\Windows\System\SStYedu.exe
  C:\Windows\System\SStYedu.exe
  2⤵
  PID:5676
- C:\Windows\System\LjGRKzM.exe
  C:\Windows\System\LjGRKzM.exe
  2⤵
  PID:5692
- C:\Windows\System\ZNraoLV.exe
  C:\Windows\System\ZNraoLV.exe
  2⤵
  PID:5712
- C:\Windows\System\VtHyvJu.exe
  C:\Windows\System\VtHyvJu.exe
  2⤵
  PID:5728
- C:\Windows\System\VGsILmX.exe
  C:\Windows\System\VGsILmX.exe
  2⤵
  PID:5764
- C:\Windows\System\xRpfPTW.exe
  C:\Windows\System\xRpfPTW.exe
  2⤵
  PID:5784
- C:\Windows\System\eJNUNUf.exe
  C:\Windows\System\eJNUNUf.exe
  2⤵
  PID:5800
- C:\Windows\System\QwtOGuw.exe
  C:\Windows\System\QwtOGuw.exe
  2⤵
  PID:5820
- C:\Windows\System\dbLDLte.exe
  C:\Windows\System\dbLDLte.exe
  2⤵
  PID:5840
- C:\Windows\System\vpuFjHT.exe
  C:\Windows\System\vpuFjHT.exe
  2⤵
  PID:5856
- C:\Windows\System\zrvTboW.exe
  C:\Windows\System\zrvTboW.exe
  2⤵
  PID:5872
- C:\Windows\System\NUzETZC.exe
  C:\Windows\System\NUzETZC.exe
  2⤵
  PID:5888
- C:\Windows\System\AAAWyuS.exe
  C:\Windows\System\AAAWyuS.exe
  2⤵
  PID:5908
- C:\Windows\System\OulFBoP.exe
  C:\Windows\System\OulFBoP.exe
  2⤵
  PID:5928
- C:\Windows\System\PTZvoiz.exe
  C:\Windows\System\PTZvoiz.exe
  2⤵
  PID:5944
- C:\Windows\System\HTjLNzt.exe
  C:\Windows\System\HTjLNzt.exe
  2⤵
  PID:5960
- C:\Windows\System\hSYgKjM.exe
  C:\Windows\System\hSYgKjM.exe
  2⤵
  PID:5980
- C:\Windows\System\jZsRhEi.exe
  C:\Windows\System\jZsRhEi.exe
  2⤵
  PID:6000
- C:\Windows\System\hhjORQl.exe
  C:\Windows\System\hhjORQl.exe
  2⤵
  PID:6016
- C:\Windows\System\ibbdkZT.exe
  C:\Windows\System\ibbdkZT.exe
  2⤵
  PID:6036
- C:\Windows\System\LTEGwrV.exe
  C:\Windows\System\LTEGwrV.exe
  2⤵
  PID:6056
- C:\Windows\System\kgcuEqF.exe
  C:\Windows\System\kgcuEqF.exe
  2⤵
  PID:6072
- C:\Windows\System\lITIjGF.exe
  C:\Windows\System\lITIjGF.exe
  2⤵
  PID:6088
- C:\Windows\System\etAAToQ.exe
  C:\Windows\System\etAAToQ.exe
  2⤵
  PID:6116
- C:\Windows\System\RZRSoRl.exe
  C:\Windows\System\RZRSoRl.exe
  2⤵
  PID:6132
- C:\Windows\System\miEytjn.exe
  C:\Windows\System\miEytjn.exe
  2⤵
  PID:4908
- C:\Windows\System\wCXPldJ.exe
  C:\Windows\System\wCXPldJ.exe
  2⤵
  PID:5152
- C:\Windows\System\LHwUbZc.exe
  C:\Windows\System\LHwUbZc.exe
  2⤵
  PID:5216
- C:\Windows\System\vrFswWM.exe
  C:\Windows\System\vrFswWM.exe
  2⤵
  PID:5036
- C:\Windows\System\PyliTcX.exe
  C:\Windows\System\PyliTcX.exe
  2⤵
  PID:5256
- C:\Windows\System\nOBAPeO.exe
  C:\Windows\System\nOBAPeO.exe
  2⤵
  PID:5288
- C:\Windows\System\ZOOTcul.exe
  C:\Windows\System\ZOOTcul.exe
  2⤵
  PID:5328
- C:\Windows\System\slzjmBH.exe
  C:\Windows\System\slzjmBH.exe
  2⤵
  PID:5372
- C:\Windows\System\tNPMwTy.exe
  C:\Windows\System\tNPMwTy.exe
  2⤵
  PID:5380
- C:\Windows\System\yAAZqpt.exe
  C:\Windows\System\yAAZqpt.exe
  2⤵
  PID:5268
- C:\Windows\System\vlSJWbg.exe
  C:\Windows\System\vlSJWbg.exe
  2⤵
  PID:5388
- C:\Windows\System\MXfLdEY.exe
  C:\Windows\System\MXfLdEY.exe
  2⤵
  PID:5168
- C:\Windows\System\zdSmVfD.exe
  C:\Windows\System\zdSmVfD.exe
  2⤵
  PID:5344
- C:\Windows\System\YxAHcaN.exe
  C:\Windows\System\YxAHcaN.exe
  2⤵
  PID:5408
- C:\Windows\System\cdKKRqU.exe
  C:\Windows\System\cdKKRqU.exe
  2⤵
  PID:5456
- C:\Windows\System\dvFPHZu.exe
  C:\Windows\System\dvFPHZu.exe
  2⤵
  PID:5528
- C:\Windows\System\QccLjIZ.exe
  C:\Windows\System\QccLjIZ.exe
  2⤵
  PID:5600
- C:\Windows\System\qmVUgpD.exe
  C:\Windows\System\qmVUgpD.exe
  2⤵
  PID:5640
- C:\Windows\System\KECfobu.exe
  C:\Windows\System\KECfobu.exe
  2⤵
  PID:5548
- C:\Windows\System\AHPYVbF.exe
  C:\Windows\System\AHPYVbF.exe
  2⤵
  PID:5616
- C:\Windows\System\eBybXiS.exe
  C:\Windows\System\eBybXiS.exe
  2⤵
  PID:5512
- C:\Windows\System\xBrUOHR.exe
  C:\Windows\System\xBrUOHR.exe
  2⤵
  PID:5684
- C:\Windows\System\DNturdP.exe
  C:\Windows\System\DNturdP.exe
  2⤵
  PID:5724
- C:\Windows\System\jfdkmdG.exe
  C:\Windows\System\jfdkmdG.exe
  2⤵
  PID:5808
- C:\Windows\System\jwQmxzF.exe
  C:\Windows\System\jwQmxzF.exe
  2⤵
  PID:5672
- C:\Windows\System\KxuxNRR.exe
  C:\Windows\System\KxuxNRR.exe
  2⤵
  PID:5744
- C:\Windows\System\oKlEfuG.exe
  C:\Windows\System\oKlEfuG.exe
  2⤵
  PID:5884
- C:\Windows\System\ZQSOEUr.exe
  C:\Windows\System\ZQSOEUr.exe
  2⤵
  PID:5920
- C:\Windows\System\oXySznA.exe
  C:\Windows\System\oXySznA.exe
  2⤵
  PID:5996
- C:\Windows\System\VMpDbKW.exe
  C:\Windows\System\VMpDbKW.exe
  2⤵
  PID:5708
- C:\Windows\System\svAdPXc.exe
  C:\Windows\System\svAdPXc.exe
  2⤵
  PID:5668
- C:\Windows\System\MIJHxvP.exe
  C:\Windows\System\MIJHxvP.exe
  2⤵
  PID:5796
- C:\Windows\System\FEiAbjC.exe
  C:\Windows\System\FEiAbjC.exe
  2⤵
  PID:5896
- C:\Windows\System\SVEYVdK.exe
  C:\Windows\System\SVEYVdK.exe
  2⤵
  PID:5968
- C:\Windows\System\oipITUQ.exe
  C:\Windows\System\oipITUQ.exe
  2⤵
  PID:6028
- C:\Windows\System\wnPMQfH.exe
  C:\Windows\System\wnPMQfH.exe
  2⤵
  PID:6096
- C:\Windows\System\fANGsXo.exe
  C:\Windows\System\fANGsXo.exe
  2⤵
  PID:6112
- C:\Windows\System\stgbAil.exe
  C:\Windows\System\stgbAil.exe
  2⤵
  PID:6044
- C:\Windows\System\YskrUKA.exe
  C:\Windows\System\YskrUKA.exe
  2⤵
  PID:6124
- C:\Windows\System\ewiXkTA.exe
  C:\Windows\System\ewiXkTA.exe
  2⤵
  PID:6012
- C:\Windows\System\IjPlmzT.exe
  C:\Windows\System\IjPlmzT.exe
  2⤵
  PID:5324
- C:\Windows\System\ofuyqfO.exe
  C:\Windows\System\ofuyqfO.exe
  2⤵
  PID:5276
- C:\Windows\System\kTBhHBO.exe
  C:\Windows\System\kTBhHBO.exe
  2⤵
  PID:5400
- C:\Windows\System\nAQTyvb.exe
  C:\Windows\System\nAQTyvb.exe
  2⤵
  PID:5128
- C:\Windows\System\eTRByyV.exe
  C:\Windows\System\eTRByyV.exe
  2⤵
  PID:4400
- C:\Windows\System\CHNsEmz.exe
  C:\Windows\System\CHNsEmz.exe
  2⤵
  PID:5424
- C:\Windows\System\pSWTwSv.exe
  C:\Windows\System\pSWTwSv.exe
  2⤵
  PID:5568
- C:\Windows\System\QeInZqR.exe
  C:\Windows\System\QeInZqR.exe
  2⤵
  PID:5628
- C:\Windows\System\WfgSQEl.exe
  C:\Windows\System\WfgSQEl.exe
  2⤵
  PID:5552
- C:\Windows\System\lPLFXIB.exe
  C:\Windows\System\lPLFXIB.exe
  2⤵
  PID:5816
- C:\Windows\System\eHZaxty.exe
  C:\Windows\System\eHZaxty.exe
  2⤵
  PID:5444
- C:\Windows\System\efTlhXv.exe
  C:\Windows\System\efTlhXv.exe
  2⤵
  PID:5540
- C:\Windows\System\wPzdhck.exe
  C:\Windows\System\wPzdhck.exe
  2⤵
  PID:5916
- C:\Windows\System\vqgVWQE.exe
  C:\Windows\System\vqgVWQE.exe
  2⤵
  PID:5992
- C:\Windows\System\jmajtzT.exe
  C:\Windows\System\jmajtzT.exe
  2⤵
  PID:5736
- C:\Windows\System\jYeQmVF.exe
  C:\Windows\System\jYeQmVF.exe
  2⤵
  PID:5868
- C:\Windows\System\vuZfHqY.exe
  C:\Windows\System\vuZfHqY.exe
  2⤵
  PID:6008
- C:\Windows\System\hQmICGI.exe
  C:\Windows\System\hQmICGI.exe
  2⤵
  PID:6084
- C:\Windows\System\GPFRhkF.exe
  C:\Windows\System\GPFRhkF.exe
  2⤵
  PID:4572
- C:\Windows\System\ECVlZjs.exe
  C:\Windows\System\ECVlZjs.exe
  2⤵
  PID:5212
- C:\Windows\System\HdtEAMy.exe
  C:\Windows\System\HdtEAMy.exe
  2⤵
  PID:5200
- C:\Windows\System\NVaYKIW.exe
  C:\Windows\System\NVaYKIW.exe
  2⤵
  PID:5524
- C:\Windows\System\MOdhERY.exe
  C:\Windows\System\MOdhERY.exe
  2⤵
  PID:5580
- C:\Windows\System\PLnKpWP.exe
  C:\Windows\System\PLnKpWP.exe
  2⤵
  PID:5776
- C:\Windows\System\IOHSxnR.exe
  C:\Windows\System\IOHSxnR.exe
  2⤵
  PID:5544
- C:\Windows\System\kUjNiBm.exe
  C:\Windows\System\kUjNiBm.exe
  2⤵
  PID:5700
- C:\Windows\System\ZlxZtLh.exe
  C:\Windows\System\ZlxZtLh.exe
  2⤵
  PID:5340
- C:\Windows\System\DnVSbRk.exe
  C:\Windows\System\DnVSbRk.exe
  2⤵
  PID:6052
- C:\Windows\System\XbcssTp.exe
  C:\Windows\System\XbcssTp.exe
  2⤵
  PID:5956
- C:\Windows\System\slYRWHs.exe
  C:\Windows\System\slYRWHs.exe
  2⤵
  PID:5124
- C:\Windows\System\oPrKBMD.exe
  C:\Windows\System\oPrKBMD.exe
  2⤵
  PID:5720
- C:\Windows\System\zkEKFqR.exe
  C:\Windows\System\zkEKFqR.exe
  2⤵
  PID:5880
- C:\Windows\System\BVHzsIa.exe
  C:\Windows\System\BVHzsIa.exe
  2⤵
  PID:5828
- C:\Windows\System\hyfccGo.exe
  C:\Windows\System\hyfccGo.exe
  2⤵
  PID:5864
- C:\Windows\System\kCWfeHD.exe
  C:\Windows\System\kCWfeHD.exe
  2⤵
  PID:5648
- C:\Windows\System\GbbzORu.exe
  C:\Windows\System\GbbzORu.exe
  2⤵
  PID:6156
- C:\Windows\System\mfcCzHB.exe
  C:\Windows\System\mfcCzHB.exe
  2⤵
  PID:6172
- C:\Windows\System\HospfNd.exe
  C:\Windows\System\HospfNd.exe
  2⤵
  PID:6188
- C:\Windows\System\sMjtnYb.exe
  C:\Windows\System\sMjtnYb.exe
  2⤵
  PID:6204
- C:\Windows\System\KBhJrjd.exe
  C:\Windows\System\KBhJrjd.exe
  2⤵
  PID:6220
- C:\Windows\System\zcLEPBR.exe
  C:\Windows\System\zcLEPBR.exe
  2⤵
  PID:6236
- C:\Windows\System\lFfpnSF.exe
  C:\Windows\System\lFfpnSF.exe
  2⤵
  PID:6252
- C:\Windows\System\TFXhLes.exe
  C:\Windows\System\TFXhLes.exe
  2⤵
  PID:6272
- C:\Windows\System\QihSbNi.exe
  C:\Windows\System\QihSbNi.exe
  2⤵
  PID:6292
- C:\Windows\System\HLIvXgp.exe
  C:\Windows\System\HLIvXgp.exe
  2⤵
  PID:6328
- C:\Windows\System\VGsrGMj.exe
  C:\Windows\System\VGsrGMj.exe
  2⤵
  PID:6352
- C:\Windows\System\TbKIxoL.exe
  C:\Windows\System\TbKIxoL.exe
  2⤵
  PID:6372
- C:\Windows\System\NznriZk.exe
  C:\Windows\System\NznriZk.exe
  2⤵
  PID:6388
- C:\Windows\System\VVoEqjU.exe
  C:\Windows\System\VVoEqjU.exe
  2⤵
  PID:6404
- C:\Windows\System\lqhrzRR.exe
  C:\Windows\System\lqhrzRR.exe
  2⤵
  PID:6420
- C:\Windows\System\uKdSnxD.exe
  C:\Windows\System\uKdSnxD.exe
  2⤵
  PID:6436
- C:\Windows\System\GasSmkl.exe
  C:\Windows\System\GasSmkl.exe
  2⤵
  PID:6452
- C:\Windows\System\lIoaWdI.exe
  C:\Windows\System\lIoaWdI.exe
  2⤵
  PID:6468
- C:\Windows\System\ruTSRCv.exe
  C:\Windows\System\ruTSRCv.exe
  2⤵
  PID:6484
- C:\Windows\System\wYPRrVw.exe
  C:\Windows\System\wYPRrVw.exe
  2⤵
  PID:6500
- C:\Windows\System\GholxLp.exe
  C:\Windows\System\GholxLp.exe
  2⤵
  PID:6516
- C:\Windows\System\wLPVlmq.exe
  C:\Windows\System\wLPVlmq.exe
  2⤵
  PID:6532
- C:\Windows\System\YnegcdK.exe
  C:\Windows\System\YnegcdK.exe
  2⤵
  PID:6548
- C:\Windows\System\JUKxlAj.exe
  C:\Windows\System\JUKxlAj.exe
  2⤵
  PID:6564
- C:\Windows\System\PHCMjXP.exe
  C:\Windows\System\PHCMjXP.exe
  2⤵
  PID:6580
- C:\Windows\System\jqkDKdG.exe
  C:\Windows\System\jqkDKdG.exe
  2⤵
  PID:6596
- C:\Windows\System\aaREUDe.exe
  C:\Windows\System\aaREUDe.exe
  2⤵
  PID:6612
- C:\Windows\System\nHmAnIw.exe
  C:\Windows\System\nHmAnIw.exe
  2⤵
  PID:6628
- C:\Windows\System\lVXGUpc.exe
  C:\Windows\System\lVXGUpc.exe
  2⤵
  PID:6644
- C:\Windows\System\iLqyuaj.exe
  C:\Windows\System\iLqyuaj.exe
  2⤵
  PID:6660
- C:\Windows\System\VvaUBrR.exe
  C:\Windows\System\VvaUBrR.exe
  2⤵
  PID:6676
- C:\Windows\System\qwgtxWH.exe
  C:\Windows\System\qwgtxWH.exe
  2⤵
  PID:6692
- C:\Windows\System\tKOccfv.exe
  C:\Windows\System\tKOccfv.exe
  2⤵
  PID:6708
- C:\Windows\System\fhSWnGi.exe
  C:\Windows\System\fhSWnGi.exe
  2⤵
  PID:6724
- C:\Windows\System\DWkKvjb.exe
  C:\Windows\System\DWkKvjb.exe
  2⤵
  PID:6740
- C:\Windows\System\gJilRRK.exe
  C:\Windows\System\gJilRRK.exe
  2⤵
  PID:6756
- C:\Windows\System\ncWkfMb.exe
  C:\Windows\System\ncWkfMb.exe
  2⤵
  PID:6776
- C:\Windows\System\euIZVDP.exe
  C:\Windows\System\euIZVDP.exe
  2⤵
  PID:6792
- C:\Windows\System\yhnbdxy.exe
  C:\Windows\System\yhnbdxy.exe
  2⤵
  PID:6808
- C:\Windows\System\amCwVyM.exe
  C:\Windows\System\amCwVyM.exe
  2⤵
  PID:6824
- C:\Windows\System\SuxxbWJ.exe
  C:\Windows\System\SuxxbWJ.exe
  2⤵
  PID:6844
- C:\Windows\System\BqdRRYM.exe
  C:\Windows\System\BqdRRYM.exe
  2⤵
  PID:6860
- C:\Windows\System\rFuecnU.exe
  C:\Windows\System\rFuecnU.exe
  2⤵
  PID:6876
- C:\Windows\System\MGcNXBZ.exe
  C:\Windows\System\MGcNXBZ.exe
  2⤵
  PID:6892
- C:\Windows\System\lQMbKEx.exe
  C:\Windows\System\lQMbKEx.exe
  2⤵
  PID:6908
- C:\Windows\System\jTdTvqX.exe
  C:\Windows\System\jTdTvqX.exe
  2⤵
  PID:6924
- C:\Windows\System\smIloMI.exe
  C:\Windows\System\smIloMI.exe
  2⤵
  PID:6940
- C:\Windows\System\WjQtfta.exe
  C:\Windows\System\WjQtfta.exe
  2⤵
  PID:6956
- C:\Windows\System\iuUpxyw.exe
  C:\Windows\System\iuUpxyw.exe
  2⤵
  PID:6972
- C:\Windows\System\xlZxBvu.exe
  C:\Windows\System\xlZxBvu.exe
  2⤵
  PID:6988
- C:\Windows\System\KHbWLJn.exe
  C:\Windows\System\KHbWLJn.exe
  2⤵
  PID:7004
- C:\Windows\System\XMDEobU.exe
  C:\Windows\System\XMDEobU.exe
  2⤵
  PID:7020
- C:\Windows\System\vgJrIvb.exe
  C:\Windows\System\vgJrIvb.exe
  2⤵
  PID:7036
- C:\Windows\System\UPdovdE.exe
  C:\Windows\System\UPdovdE.exe
  2⤵
  PID:7052
- C:\Windows\System\WZPHohG.exe
  C:\Windows\System\WZPHohG.exe
  2⤵
  PID:7068
- C:\Windows\System\CtJuXid.exe
  C:\Windows\System\CtJuXid.exe
  2⤵
  PID:7084
- C:\Windows\System\tfLYeGs.exe
  C:\Windows\System\tfLYeGs.exe
  2⤵
  PID:7100
- C:\Windows\System\XyPkOEg.exe
  C:\Windows\System\XyPkOEg.exe
  2⤵
  PID:7116
- C:\Windows\System\mAlvzYW.exe
  C:\Windows\System\mAlvzYW.exe
  2⤵
  PID:7132
- C:\Windows\System\pdCoNNE.exe
  C:\Windows\System\pdCoNNE.exe
  2⤵
  PID:7148
- C:\Windows\System\WKtEtvO.exe
  C:\Windows\System\WKtEtvO.exe
  2⤵
  PID:7164
- C:\Windows\System\VahLEMm.exe
  C:\Windows\System\VahLEMm.exe
  2⤵
  PID:5308
- C:\Windows\System\SkHHIZg.exe
  C:\Windows\System\SkHHIZg.exe
  2⤵
  PID:6168
- C:\Windows\System\juOgqRw.exe
  C:\Windows\System\juOgqRw.exe
  2⤵
  PID:6232
- C:\Windows\System\ZDiEVAc.exe
  C:\Windows\System\ZDiEVAc.exe
  2⤵
  PID:6148
- C:\Windows\System\EMXtfjF.exe
  C:\Windows\System\EMXtfjF.exe
  2⤵
  PID:6212
- C:\Windows\System\qfSeVcJ.exe
  C:\Windows\System\qfSeVcJ.exe
  2⤵
  PID:6264
- C:\Windows\System\RnKXrYa.exe
  C:\Windows\System\RnKXrYa.exe
  2⤵
  PID:6308
- C:\Windows\System\WuEToZp.exe
  C:\Windows\System\WuEToZp.exe
  2⤵
  PID:6280
- C:\Windows\System\DxgURXt.exe
  C:\Windows\System\DxgURXt.exe
  2⤵
  PID:6284
- C:\Windows\System\HfNMrPN.exe
  C:\Windows\System\HfNMrPN.exe
  2⤵
  PID:6432
- C:\Windows\System\ONhjfVT.exe
  C:\Windows\System\ONhjfVT.exe
  2⤵
  PID:6384
- C:\Windows\System\OJithCf.exe
  C:\Windows\System\OJithCf.exe
  2⤵
  PID:6416
- C:\Windows\System\wkGfYna.exe
  C:\Windows\System\wkGfYna.exe
  2⤵
  PID:6336
- C:\Windows\System\iPbFKvF.exe
  C:\Windows\System\iPbFKvF.exe
  2⤵
  PID:6448
- C:\Windows\System\ldJuFhP.exe
  C:\Windows\System\ldJuFhP.exe
  2⤵
  PID:6556
- C:\Windows\System\bAxzXKg.exe
  C:\Windows\System\bAxzXKg.exe
  2⤵
  PID:6620
- C:\Windows\System\sXDimkD.exe
  C:\Windows\System\sXDimkD.exe
  2⤵
  PID:6652
- C:\Windows\System\cVAUaiv.exe
  C:\Windows\System\cVAUaiv.exe
  2⤵
  PID:6540
- C:\Windows\System\PxRDDGy.exe
  C:\Windows\System\PxRDDGy.exe
  2⤵
  PID:6576
- C:\Windows\System\EEBWwpX.exe
  C:\Windows\System\EEBWwpX.exe
  2⤵
  PID:6716
- C:\Windows\System\EnrFRlj.exe
  C:\Windows\System\EnrFRlj.exe
  2⤵
  PID:6748
- C:\Windows\System\LYbzaAI.exe
  C:\Windows\System\LYbzaAI.exe
  2⤵
  PID:6752
- C:\Windows\System\xbdzjFg.exe
  C:\Windows\System\xbdzjFg.exe
  2⤵
  PID:6700
- C:\Windows\System\QlkDXls.exe
  C:\Windows\System\QlkDXls.exe
  2⤵
  PID:6816
- C:\Windows\System\cqZshbq.exe
  C:\Windows\System\cqZshbq.exe
  2⤵
  PID:6852
- C:\Windows\System\QnobNRt.exe
  C:\Windows\System\QnobNRt.exe
  2⤵
  PID:6872
- C:\Windows\System\ueLJwlo.exe
  C:\Windows\System\ueLJwlo.exe
  2⤵
  PID:6888
- C:\Windows\System\okzuhFr.exe
  C:\Windows\System\okzuhFr.exe
  2⤵
  PID:6932
- C:\Windows\System\zWAggIL.exe
  C:\Windows\System\zWAggIL.exe
  2⤵
  PID:6952
- C:\Windows\System\BsbTXKG.exe
  C:\Windows\System\BsbTXKG.exe
  2⤵
  PID:6984
- C:\Windows\System\wnGWZYI.exe
  C:\Windows\System\wnGWZYI.exe
  2⤵
  PID:7044
- C:\Windows\System\LUAINRd.exe
  C:\Windows\System\LUAINRd.exe
  2⤵
  PID:7112
- C:\Windows\System\VhzBVbH.exe
  C:\Windows\System\VhzBVbH.exe
  2⤵
  PID:7092
- C:\Windows\System\KxOzlQr.exe
  C:\Windows\System\KxOzlQr.exe
  2⤵
  PID:7032
- C:\Windows\System\XDKMILv.exe
  C:\Windows\System\XDKMILv.exe
  2⤵
  PID:5940
- C:\Windows\System\xAlChtH.exe
  C:\Windows\System\xAlChtH.exe
  2⤵
  PID:6228
- C:\Windows\System\ihCXFal.exe
  C:\Windows\System\ihCXFal.exe
  2⤵
  PID:5476
- C:\Windows\System\ZWlVlPL.exe
  C:\Windows\System\ZWlVlPL.exe
  2⤵
  PID:6244
- C:\Windows\System\fpFltbt.exe
  C:\Windows\System\fpFltbt.exe
  2⤵
  PID:6368
- C:\Windows\System\AUwELzz.exe
  C:\Windows\System\AUwELzz.exe
  2⤵
  PID:6400
- C:\Windows\System\fymVmpG.exe
  C:\Windows\System\fymVmpG.exe
  2⤵
  PID:6324
- C:\Windows\System\evvxETF.exe
  C:\Windows\System\evvxETF.exe
  2⤵
  PID:6524
- C:\Windows\System\hLgRRnV.exe
  C:\Windows\System\hLgRRnV.exe
  2⤵
  PID:6572
- C:\Windows\System\GalQEwq.exe
  C:\Windows\System\GalQEwq.exe
  2⤵
  PID:6476
- C:\Windows\System\lcTxrtv.exe
  C:\Windows\System\lcTxrtv.exe
  2⤵
  PID:6820
- C:\Windows\System\lViMVaQ.exe
  C:\Windows\System\lViMVaQ.exe
  2⤵
  PID:6684
- C:\Windows\System\KCkUxCb.exe
  C:\Windows\System\KCkUxCb.exe
  2⤵
  PID:6784
- C:\Windows\System\uLKmokK.exe
  C:\Windows\System\uLKmokK.exe
  2⤵
  PID:6836
- C:\Windows\System\cKfNzNS.exe
  C:\Windows\System\cKfNzNS.exe
  2⤵
  PID:6948
- C:\Windows\System\lubHUbH.exe
  C:\Windows\System\lubHUbH.exe
  2⤵
  PID:7064
- C:\Windows\System\RFyoPZY.exe
  C:\Windows\System\RFyoPZY.exe
  2⤵
  PID:6184
- C:\Windows\System\BzWGnPJ.exe
  C:\Windows\System\BzWGnPJ.exe
  2⤵
  PID:6248
- C:\Windows\System\ywqqXLb.exe
  C:\Windows\System\ywqqXLb.exe
  2⤵
  PID:6980
- C:\Windows\System\RuXmcQg.exe
  C:\Windows\System\RuXmcQg.exe
  2⤵
  PID:6636
- C:\Windows\System\vHwdDhc.exe
  C:\Windows\System\vHwdDhc.exe
  2⤵
  PID:6200
- C:\Windows\System\aXrSYFO.exe
  C:\Windows\System\aXrSYFO.exe
  2⤵
  PID:6804
- C:\Windows\System\ItEchRW.exe
  C:\Windows\System\ItEchRW.exe
  2⤵
  PID:6348
- C:\Windows\System\oZvxfhv.exe
  C:\Windows\System\oZvxfhv.exe
  2⤵
  PID:6592
- C:\Windows\System\ybCyfuH.exe
  C:\Windows\System\ybCyfuH.exe
  2⤵
  PID:6788
- C:\Windows\System\kMvFweh.exe
  C:\Windows\System\kMvFweh.exe
  2⤵
  PID:7144
- C:\Windows\System\ecuNlFS.exe
  C:\Windows\System\ecuNlFS.exe
  2⤵
  PID:6968
- C:\Windows\System\tpxeszV.exe
  C:\Windows\System\tpxeszV.exe
  2⤵
  PID:6996
- C:\Windows\System\qzjfRYT.exe
  C:\Windows\System\qzjfRYT.exe
  2⤵
  PID:7000
- C:\Windows\System\sfmqioF.exe
  C:\Windows\System\sfmqioF.exe
  2⤵
  PID:6904
- C:\Windows\System\TDxteHO.exe
  C:\Windows\System\TDxteHO.exe
  2⤵
  PID:6304
- C:\Windows\System\jEalxYK.exe
  C:\Windows\System\jEalxYK.exe
  2⤵
  PID:6764
- C:\Windows\System\CRLhMSb.exe
  C:\Windows\System\CRLhMSb.exe
  2⤵
  PID:6720
- C:\Windows\System\dUTHQia.exe
  C:\Windows\System\dUTHQia.exe
  2⤵
  PID:6868
- C:\Windows\System\lrpUPAH.exe
  C:\Windows\System\lrpUPAH.exe
  2⤵
  PID:7180
- C:\Windows\System\vDmMfNV.exe
  C:\Windows\System\vDmMfNV.exe
  2⤵
  PID:7196
- C:\Windows\System\zfbmvbW.exe
  C:\Windows\System\zfbmvbW.exe
  2⤵
  PID:7212
- C:\Windows\System\FGopqIM.exe
  C:\Windows\System\FGopqIM.exe
  2⤵
  PID:7228
- C:\Windows\System\RPMdnhN.exe
  C:\Windows\System\RPMdnhN.exe
  2⤵
  PID:7244
- C:\Windows\System\xwPsYZr.exe
  C:\Windows\System\xwPsYZr.exe
  2⤵
  PID:7260
- C:\Windows\System\pLHUAcB.exe
  C:\Windows\System\pLHUAcB.exe
  2⤵
  PID:7276
- C:\Windows\System\upJueRl.exe
  C:\Windows\System\upJueRl.exe
  2⤵
  PID:7292
- C:\Windows\System\PfxuDyB.exe
  C:\Windows\System\PfxuDyB.exe
  2⤵
  PID:7308
- C:\Windows\System\VekMoMw.exe
  C:\Windows\System\VekMoMw.exe
  2⤵
  PID:7324
- C:\Windows\System\TvJzYuv.exe
  C:\Windows\System\TvJzYuv.exe
  2⤵
  PID:7340
- C:\Windows\System\HVfSWsW.exe
  C:\Windows\System\HVfSWsW.exe
  2⤵
  PID:7356
- C:\Windows\System\sCkPqNq.exe
  C:\Windows\System\sCkPqNq.exe
  2⤵
  PID:7372
- C:\Windows\System\BSqhyzf.exe
  C:\Windows\System\BSqhyzf.exe
  2⤵
  PID:7388
- C:\Windows\System\gOmohrw.exe
  C:\Windows\System\gOmohrw.exe
  2⤵
  PID:7404
- C:\Windows\System\AbjVcyt.exe
  C:\Windows\System\AbjVcyt.exe
  2⤵
  PID:7420
- C:\Windows\System\fBubyZE.exe
  C:\Windows\System\fBubyZE.exe
  2⤵
  PID:7436
- C:\Windows\System\IPaOGFu.exe
  C:\Windows\System\IPaOGFu.exe
  2⤵
  PID:7452
- C:\Windows\System\IRVCVXl.exe
  C:\Windows\System\IRVCVXl.exe
  2⤵
  PID:7468
- C:\Windows\System\FXMhpnh.exe
  C:\Windows\System\FXMhpnh.exe
  2⤵
  PID:7484
- C:\Windows\System\xCiMZnj.exe
  C:\Windows\System\xCiMZnj.exe
  2⤵
  PID:7500
- C:\Windows\System\jzGHeWF.exe
  C:\Windows\System\jzGHeWF.exe
  2⤵
  PID:7516
- C:\Windows\System\lVYFYzX.exe
  C:\Windows\System\lVYFYzX.exe
  2⤵
  PID:7532
- C:\Windows\System\RlbdPKw.exe
  C:\Windows\System\RlbdPKw.exe
  2⤵
  PID:7548
- C:\Windows\System\tJvUMrq.exe
  C:\Windows\System\tJvUMrq.exe
  2⤵
  PID:7564
- C:\Windows\System\gaDwWRS.exe
  C:\Windows\System\gaDwWRS.exe
  2⤵
  PID:7580
- C:\Windows\System\eoFKCPY.exe
  C:\Windows\System\eoFKCPY.exe
  2⤵
  PID:7596
- C:\Windows\System\catqfVp.exe
  C:\Windows\System\catqfVp.exe
  2⤵
  PID:7612
- C:\Windows\System\CCyerng.exe
  C:\Windows\System\CCyerng.exe
  2⤵
  PID:7628
- C:\Windows\System\vyBZjVK.exe
  C:\Windows\System\vyBZjVK.exe
  2⤵
  PID:7644
- C:\Windows\System\TlZLEiZ.exe
  C:\Windows\System\TlZLEiZ.exe
  2⤵
  PID:7660
- C:\Windows\System\Ofzeluf.exe
  C:\Windows\System\Ofzeluf.exe
  2⤵
  PID:7676
- C:\Windows\System\lTXvsjC.exe
  C:\Windows\System\lTXvsjC.exe
  2⤵
  PID:7692
- C:\Windows\System\wCgeWCD.exe
  C:\Windows\System\wCgeWCD.exe
  2⤵
  PID:7708
- C:\Windows\System\YlVrZYQ.exe
  C:\Windows\System\YlVrZYQ.exe
  2⤵
  PID:7724
- C:\Windows\System\Zwabnih.exe
  C:\Windows\System\Zwabnih.exe
  2⤵
  PID:7740
- C:\Windows\System\pKKbNeI.exe
  C:\Windows\System\pKKbNeI.exe
  2⤵
  PID:7756
- C:\Windows\System\BePSzlS.exe
  C:\Windows\System\BePSzlS.exe
  2⤵
  PID:7772
- C:\Windows\System\jWuGiJT.exe
  C:\Windows\System\jWuGiJT.exe
  2⤵
  PID:7788
- C:\Windows\System\cfTvdpr.exe
  C:\Windows\System\cfTvdpr.exe
  2⤵
  PID:7804
- C:\Windows\System\QlGAiqf.exe
  C:\Windows\System\QlGAiqf.exe
  2⤵
  PID:7820
- C:\Windows\System\cBoIKrF.exe
  C:\Windows\System\cBoIKrF.exe
  2⤵
  PID:7836
- C:\Windows\System\hvZZuBd.exe
  C:\Windows\System\hvZZuBd.exe
  2⤵
  PID:7852
- C:\Windows\System\yNcpQUh.exe
  C:\Windows\System\yNcpQUh.exe
  2⤵
  PID:7868
- C:\Windows\System\bFeQyHG.exe
  C:\Windows\System\bFeQyHG.exe
  2⤵
  PID:7884
- C:\Windows\System\SJeEJKs.exe
  C:\Windows\System\SJeEJKs.exe
  2⤵
  PID:7900
- C:\Windows\System\nJBqXaV.exe
  C:\Windows\System\nJBqXaV.exe
  2⤵
  PID:7916
- C:\Windows\System\BgFZZHN.exe
  C:\Windows\System\BgFZZHN.exe
  2⤵
  PID:7932
- C:\Windows\System\DpOePHf.exe
  C:\Windows\System\DpOePHf.exe
  2⤵
  PID:7948
- C:\Windows\System\ElkrseB.exe
  C:\Windows\System\ElkrseB.exe
  2⤵
  PID:7964
- C:\Windows\System\MSPDRNB.exe
  C:\Windows\System\MSPDRNB.exe
  2⤵
  PID:7980
- C:\Windows\System\NFdyBPy.exe
  C:\Windows\System\NFdyBPy.exe
  2⤵
  PID:7996
- C:\Windows\System\lrCFWdc.exe
  C:\Windows\System\lrCFWdc.exe
  2⤵
  PID:8012
- C:\Windows\System\hEjqPTr.exe
  C:\Windows\System\hEjqPTr.exe
  2⤵
  PID:8028
- C:\Windows\System\pMnqwSv.exe
  C:\Windows\System\pMnqwSv.exe
  2⤵
  PID:8044
- C:\Windows\System\AOunJIx.exe
  C:\Windows\System\AOunJIx.exe
  2⤵
  PID:8060
- C:\Windows\System\IoeRNuO.exe
  C:\Windows\System\IoeRNuO.exe
  2⤵
  PID:8076
- C:\Windows\System\OhOPckX.exe
  C:\Windows\System\OhOPckX.exe
  2⤵
  PID:8092
- C:\Windows\System\kqzXUGB.exe
  C:\Windows\System\kqzXUGB.exe
  2⤵
  PID:8108
- C:\Windows\System\YCjUhKK.exe
  C:\Windows\System\YCjUhKK.exe
  2⤵
  PID:8124
- C:\Windows\System\yVDxQxv.exe
  C:\Windows\System\yVDxQxv.exe
  2⤵
  PID:8140
- C:\Windows\System\eGSnHPb.exe
  C:\Windows\System\eGSnHPb.exe
  2⤵
  PID:8156
- C:\Windows\System\UyXaaxc.exe
  C:\Windows\System\UyXaaxc.exe
  2⤵
  PID:8172
- C:\Windows\System\TSWElKI.exe
  C:\Windows\System\TSWElKI.exe
  2⤵
  PID:8188
- C:\Windows\System\dtkGJBv.exe
  C:\Windows\System\dtkGJBv.exe
  2⤵
  PID:7172
- C:\Windows\System\kzbHrlt.exe
  C:\Windows\System\kzbHrlt.exe
  2⤵
  PID:7204
- C:\Windows\System\DLeaSBF.exe
  C:\Windows\System\DLeaSBF.exe
  2⤵
  PID:7236
- C:\Windows\System\EhEmSMN.exe
  C:\Windows\System\EhEmSMN.exe
  2⤵
  PID:7252
- C:\Windows\System\QyhDIxK.exe
  C:\Windows\System\QyhDIxK.exe
  2⤵
  PID:7284
- C:\Windows\System\ubJbCrb.exe
  C:\Windows\System\ubJbCrb.exe
  2⤵
  PID:7316
- C:\Windows\System\rYdZSZU.exe
  C:\Windows\System\rYdZSZU.exe
  2⤵
  PID:7368
- C:\Windows\System\KOSAOzu.exe
  C:\Windows\System\KOSAOzu.exe
  2⤵
  PID:7428
- C:\Windows\System\SlvBCaj.exe
  C:\Windows\System\SlvBCaj.exe
  2⤵
  PID:7464
- C:\Windows\System\EMLUOJv.exe
  C:\Windows\System\EMLUOJv.exe
  2⤵
  PID:7444
- C:\Windows\System\nyoRfcT.exe
  C:\Windows\System\nyoRfcT.exe
  2⤵
  PID:7480
- C:\Windows\System\TAtsOCv.exe
  C:\Windows\System\TAtsOCv.exe
  2⤵
  PID:7560
- C:\Windows\System\JdTZQsJ.exe
  C:\Windows\System\JdTZQsJ.exe
  2⤵
  PID:7592
- C:\Windows\System\pChWzpl.exe
  C:\Windows\System\pChWzpl.exe
  2⤵
  PID:7512
- C:\Windows\System\LSasIsU.exe
  C:\Windows\System\LSasIsU.exe
  2⤵
  PID:7608
- C:\Windows\System\ErANXxb.exe
  C:\Windows\System\ErANXxb.exe
  2⤵
  PID:7508
- C:\Windows\System\xNgJMVG.exe
  C:\Windows\System\xNgJMVG.exe
  2⤵
  PID:7748
- C:\Windows\System\ajyGpYL.exe
  C:\Windows\System\ajyGpYL.exe
  2⤵
  PID:7668
- C:\Windows\System\HNLHrVN.exe
  C:\Windows\System\HNLHrVN.exe
  2⤵
  PID:7764
- C:\Windows\System\hUMqdBx.exe
  C:\Windows\System\hUMqdBx.exe
  2⤵
  PID:7784
- C:\Windows\System\uXJmrib.exe
  C:\Windows\System\uXJmrib.exe
  2⤵
  PID:7940
- C:\Windows\System\iYQSRYU.exe
  C:\Windows\System\iYQSRYU.exe
  2⤵
  PID:7976
- C:\Windows\System\gwQxyag.exe
  C:\Windows\System\gwQxyag.exe
  2⤵
  PID:7828
- C:\Windows\System\ofAWfCw.exe
  C:\Windows\System\ofAWfCw.exe
  2⤵
  PID:8008
- C:\Windows\System\XjfAxLm.exe
  C:\Windows\System\XjfAxLm.exe
  2⤵
  PID:8068
- C:\Windows\System\xxmCjaL.exe
  C:\Windows\System\xxmCjaL.exe
  2⤵
  PID:8116
- C:\Windows\System\ZxtPfwg.exe
  C:\Windows\System\ZxtPfwg.exe
  2⤵
  PID:8104
- C:\Windows\System\AzrkCVH.exe
  C:\Windows\System\AzrkCVH.exe
  2⤵
  PID:8020
- C:\Windows\System\LlDZZio.exe
  C:\Windows\System\LlDZZio.exe
  2⤵
  PID:8168
- C:\Windows\System\eOJCxLI.exe
  C:\Windows\System\eOJCxLI.exe
  2⤵
  PID:7220
- C:\Windows\System\DerVaca.exe
  C:\Windows\System\DerVaca.exe
  2⤵
  PID:7272
- C:\Windows\System\kLvXRKD.exe
  C:\Windows\System\kLvXRKD.exe
  2⤵
  PID:7432
- C:\Windows\System\PJYbtNK.exe
  C:\Windows\System\PJYbtNK.exe
  2⤵
  PID:7400
- C:\Windows\System\sbJUqDz.exe
  C:\Windows\System\sbJUqDz.exe
  2⤵
  PID:7412
- C:\Windows\System\OBvGHjU.exe
  C:\Windows\System\OBvGHjU.exe
  2⤵
  PID:7528
- C:\Windows\System\BRoeluB.exe
  C:\Windows\System\BRoeluB.exe
  2⤵
  PID:7652
- C:\Windows\System\EbwqPlH.exe
  C:\Windows\System\EbwqPlH.exe
  2⤵
  PID:7656
- C:\Windows\System\wNvXgUB.exe
  C:\Windows\System\wNvXgUB.exe
  2⤵
  PID:7720
- C:\Windows\System\BYkzpEo.exe
  C:\Windows\System\BYkzpEo.exe
  2⤵
  PID:7816
- C:\Windows\System\HUDVEcx.exe
  C:\Windows\System\HUDVEcx.exe
  2⤵
  PID:7704
- C:\Windows\System\qIUjiAJ.exe
  C:\Windows\System\qIUjiAJ.exe
  2⤵
  PID:7896
- C:\Windows\System\kjclxel.exe
  C:\Windows\System\kjclxel.exe
  2⤵
  PID:7956
- C:\Windows\System\VNFkiXj.exe
  C:\Windows\System\VNFkiXj.exe
  2⤵
  PID:7832
- C:\Windows\System\pZWUYwX.exe
  C:\Windows\System\pZWUYwX.exe
  2⤵
  PID:8164
- C:\Windows\System\WMgFcMB.exe
  C:\Windows\System\WMgFcMB.exe
  2⤵
  PID:7224
- C:\Windows\System\yOJMuOY.exe
  C:\Windows\System\yOJMuOY.exe
  2⤵
  PID:7992
- C:\Windows\System\EpLJdYc.exe
  C:\Windows\System\EpLJdYc.exe
  2⤵
  PID:7348
- C:\Windows\System\WSjGydB.exe
  C:\Windows\System\WSjGydB.exe
  2⤵
  PID:8184
- C:\Windows\System\udjSTIh.exe
  C:\Windows\System\udjSTIh.exe
  2⤵
  PID:8088
- C:\Windows\System\ItEejzH.exe
  C:\Windows\System\ItEejzH.exe
  2⤵
  PID:7544
- C:\Windows\System\CqYqyfJ.exe
  C:\Windows\System\CqYqyfJ.exe
  2⤵
  PID:7780
- C:\Windows\System\PVflXOJ.exe
  C:\Windows\System\PVflXOJ.exe
  2⤵
  PID:7736
- C:\Windows\System\UeuEjLv.exe
  C:\Windows\System\UeuEjLv.exe
  2⤵
  PID:7988
- C:\Windows\System\VFrXANN.exe
  C:\Windows\System\VFrXANN.exe
  2⤵
  PID:7588
- C:\Windows\System\LoQaSyS.exe
  C:\Windows\System\LoQaSyS.exe
  2⤵
  PID:8036
- C:\Windows\System\BsSndtW.exe
  C:\Windows\System\BsSndtW.exe
  2⤵
  PID:7860
- C:\Windows\System\JbhlPUA.exe
  C:\Windows\System\JbhlPUA.exe
  2⤵
  PID:7576
- C:\Windows\System\zDiujpG.exe
  C:\Windows\System\zDiujpG.exe
  2⤵
  PID:7476
- C:\Windows\System\UqQlynD.exe
  C:\Windows\System\UqQlynD.exe
  2⤵
  PID:7416
- C:\Windows\System\csgtMlt.exe
  C:\Windows\System\csgtMlt.exe
  2⤵
  PID:8136
- C:\Windows\System\CszWxVD.exe
  C:\Windows\System\CszWxVD.exe
  2⤵
  PID:7304
- C:\Windows\System\tPaciQO.exe
  C:\Windows\System\tPaciQO.exe
  2⤵
  PID:7928
- C:\Windows\System\gWMOaMD.exe
  C:\Windows\System\gWMOaMD.exe
  2⤵
  PID:7188
- C:\Windows\System\FkvOqxX.exe
  C:\Windows\System\FkvOqxX.exe
  2⤵
  PID:8204
- C:\Windows\System\tqnQIPe.exe
  C:\Windows\System\tqnQIPe.exe
  2⤵
  PID:8220
- C:\Windows\System\bdgRbTS.exe
  C:\Windows\System\bdgRbTS.exe
  2⤵
  PID:8236
- C:\Windows\System\HYwgwRN.exe
  C:\Windows\System\HYwgwRN.exe
  2⤵
  PID:8252
- C:\Windows\System\tiBfekk.exe
  C:\Windows\System\tiBfekk.exe
  2⤵
  PID:8272
- C:\Windows\System\fNIrIzS.exe
  C:\Windows\System\fNIrIzS.exe
  2⤵
  PID:8288
- C:\Windows\System\mwgSieV.exe
  C:\Windows\System\mwgSieV.exe
  2⤵
  PID:8304
- C:\Windows\System\ADLRZWa.exe
  C:\Windows\System\ADLRZWa.exe
  2⤵
  PID:8332
- C:\Windows\System\TolkNog.exe
  C:\Windows\System\TolkNog.exe
  2⤵
  PID:8348
- C:\Windows\System\IyGojmq.exe
  C:\Windows\System\IyGojmq.exe
  2⤵
  PID:8380
- C:\Windows\System\dsUrvwx.exe
  C:\Windows\System\dsUrvwx.exe
  2⤵
  PID:8496
- C:\Windows\System\oGFYdCk.exe
  C:\Windows\System\oGFYdCk.exe
  2⤵
  PID:8520
- C:\Windows\System\NeEbadF.exe
  C:\Windows\System\NeEbadF.exe
  2⤵
  PID:8536
- C:\Windows\System\jFYgSGB.exe
  C:\Windows\System\jFYgSGB.exe
  2⤵
  PID:8556
- C:\Windows\System\BFEWSXx.exe
  C:\Windows\System\BFEWSXx.exe
  2⤵
  PID:8572
- C:\Windows\System\adrkgbR.exe
  C:\Windows\System\adrkgbR.exe
  2⤵
  PID:8588
- C:\Windows\System\ajiWGvq.exe
  C:\Windows\System\ajiWGvq.exe
  2⤵
  PID:8604
- C:\Windows\System\qBbTvuL.exe
  C:\Windows\System\qBbTvuL.exe
  2⤵
  PID:8620
- C:\Windows\System\hXpbkqh.exe
  C:\Windows\System\hXpbkqh.exe
  2⤵
  PID:8636
- C:\Windows\System\odLpYBq.exe
  C:\Windows\System\odLpYBq.exe
  2⤵
  PID:8652
- C:\Windows\System\xUsTxdu.exe
  C:\Windows\System\xUsTxdu.exe
  2⤵
  PID:8668
- C:\Windows\System\WweCtHc.exe
  C:\Windows\System\WweCtHc.exe
  2⤵
  PID:8684
- C:\Windows\System\gpPEYil.exe
  C:\Windows\System\gpPEYil.exe
  2⤵
  PID:8700
- C:\Windows\System\SRuYotn.exe
  C:\Windows\System\SRuYotn.exe
  2⤵
  PID:8716
- C:\Windows\System\DOcxbAl.exe
  C:\Windows\System\DOcxbAl.exe
  2⤵
  PID:8732
- C:\Windows\System\YzqHzbR.exe
  C:\Windows\System\YzqHzbR.exe
  2⤵
  PID:8748
- C:\Windows\System\bhOxUpo.exe
  C:\Windows\System\bhOxUpo.exe
  2⤵
  PID:8764
- C:\Windows\System\RDAiKsR.exe
  C:\Windows\System\RDAiKsR.exe
  2⤵
  PID:8780
- C:\Windows\System\gaohWmP.exe
  C:\Windows\System\gaohWmP.exe
  2⤵
  PID:8796
- C:\Windows\System\WUrllks.exe
  C:\Windows\System\WUrllks.exe
  2⤵
  PID:8816
- C:\Windows\System\ExJkFNE.exe
  C:\Windows\System\ExJkFNE.exe
  2⤵
  PID:8832
- C:\Windows\System\BxmrQkY.exe
  C:\Windows\System\BxmrQkY.exe
  2⤵
  PID:8848
- C:\Windows\System\boJGnAg.exe
  C:\Windows\System\boJGnAg.exe
  2⤵
  PID:8868
- C:\Windows\System\YohnGTH.exe
  C:\Windows\System\YohnGTH.exe
  2⤵
  PID:8924
- C:\Windows\System\FoQgdGE.exe
  C:\Windows\System\FoQgdGE.exe
  2⤵
  PID:8956
- C:\Windows\System\tzMvlME.exe
  C:\Windows\System\tzMvlME.exe
  2⤵
  PID:8980
- C:\Windows\System\IKWpUmD.exe
  C:\Windows\System\IKWpUmD.exe
  2⤵
  PID:8996
- C:\Windows\System\ZMJPlfl.exe
  C:\Windows\System\ZMJPlfl.exe
  2⤵
  PID:9012
- C:\Windows\System\JGHLeTq.exe
  C:\Windows\System\JGHLeTq.exe
  2⤵
  PID:9028
- C:\Windows\System\FBqXdTP.exe
  C:\Windows\System\FBqXdTP.exe
  2⤵
  PID:9044
- C:\Windows\System\LiJcnqj.exe
  C:\Windows\System\LiJcnqj.exe
  2⤵
  PID:9060
- C:\Windows\System\EKnZEje.exe
  C:\Windows\System\EKnZEje.exe
  2⤵
  PID:9076
- C:\Windows\System\qYGcfhK.exe
  C:\Windows\System\qYGcfhK.exe
  2⤵
  PID:9092
- C:\Windows\System\bPjNCYN.exe
  C:\Windows\System\bPjNCYN.exe
  2⤵
  PID:9108
- C:\Windows\System\roFOFdS.exe
  C:\Windows\System\roFOFdS.exe
  2⤵
  PID:9124
- C:\Windows\System\zQUXBXk.exe
  C:\Windows\System\zQUXBXk.exe
  2⤵
  PID:9140
- C:\Windows\System\VPsghTZ.exe
  C:\Windows\System\VPsghTZ.exe
  2⤵
  PID:9156
- C:\Windows\System\IjWHHro.exe
  C:\Windows\System\IjWHHro.exe
  2⤵
  PID:9176
- C:\Windows\System\wVutOim.exe
  C:\Windows\System\wVutOim.exe
  2⤵
  PID:8320
- C:\Windows\System\tQQxdlR.exe
  C:\Windows\System\tQQxdlR.exe
  2⤵
  PID:8344
- C:\Windows\System\SyhOxSk.exe
  C:\Windows\System\SyhOxSk.exe
  2⤵
  PID:8364
- C:\Windows\System\eCDkHZm.exe
  C:\Windows\System\eCDkHZm.exe
  2⤵
  PID:8408
- C:\Windows\System\fVZEveJ.exe
  C:\Windows\System\fVZEveJ.exe
  2⤵
  PID:8712
- C:\Windows\System\UdoIqbS.exe
  C:\Windows\System\UdoIqbS.exe
  2⤵
  PID:8772
- C:\Windows\System\ZEzrifh.exe
  C:\Windows\System\ZEzrifh.exe
  2⤵
  PID:8724
- C:\Windows\System\cTlxNgm.exe
  C:\Windows\System\cTlxNgm.exe
  2⤵
  PID:8692
- C:\Windows\System\nzlcVgi.exe
  C:\Windows\System\nzlcVgi.exe
  2⤵
  PID:8808
- C:\Windows\System\SFZsNzs.exe
  C:\Windows\System\SFZsNzs.exe
  2⤵
  PID:8856
- C:\Windows\System\hQzrFEJ.exe
  C:\Windows\System\hQzrFEJ.exe
  2⤵
  PID:8824
- C:\Windows\System\JektzHF.exe
  C:\Windows\System\JektzHF.exe
  2⤵
  PID:8900
- C:\Windows\System\zpGuRtK.exe
  C:\Windows\System\zpGuRtK.exe
  2⤵
  PID:8920
- C:\Windows\System\jXmZVDU.exe
  C:\Windows\System\jXmZVDU.exe
  2⤵
  PID:8940
- C:\Windows\System\zPSFSMT.exe
  C:\Windows\System\zPSFSMT.exe
  2⤵
  PID:9004
- C:\Windows\System\IkdSTQU.exe
  C:\Windows\System\IkdSTQU.exe
  2⤵
  PID:9024
- C:\Windows\System\hDOWKXN.exe
  C:\Windows\System\hDOWKXN.exe
  2⤵
  PID:9072
- C:\Windows\System\rlCVsaW.exe
  C:\Windows\System\rlCVsaW.exe
  2⤵
  PID:9120
- C:\Windows\System\XeWIyUK.exe
  C:\Windows\System\XeWIyUK.exe
  2⤵
  PID:9056
- C:\Windows\System\NiTkFkY.exe
  C:\Windows\System\NiTkFkY.exe
  2⤵
  PID:9188
- C:\Windows\System\uuhYwlx.exe
  C:\Windows\System\uuhYwlx.exe
  2⤵
  PID:9212
- C:\Windows\System\gQGVLFX.exe
  C:\Windows\System\gQGVLFX.exe
  2⤵
  PID:7972
- C:\Windows\System\dRioWqp.exe
  C:\Windows\System\dRioWqp.exe
  2⤵
  PID:8312
- C:\Windows\System\kJhRNju.exe
  C:\Windows\System\kJhRNju.exe
  2⤵
  PID:8296
- C:\Windows\System\CqqazPa.exe
  C:\Windows\System\CqqazPa.exe
  2⤵
  PID:8372
- C:\Windows\System\RddmRrY.exe
  C:\Windows\System\RddmRrY.exe
  2⤵
  PID:8388
- C:\Windows\System\jMzCrNY.exe
  C:\Windows\System\jMzCrNY.exe
  2⤵
  PID:8396
- C:\Windows\System\mXoJRWw.exe
  C:\Windows\System\mXoJRWw.exe
  2⤵
  PID:8428
- C:\Windows\System\DmukApa.exe
  C:\Windows\System\DmukApa.exe
  2⤵
  PID:8448
- C:\Windows\System\ribmnKc.exe
  C:\Windows\System\ribmnKc.exe
  2⤵
  PID:8464
- C:\Windows\System\wnYKVWj.exe
  C:\Windows\System\wnYKVWj.exe
  2⤵
  PID:8480
- C:\Windows\System\fuUcRlt.exe
  C:\Windows\System\fuUcRlt.exe
  2⤵
  PID:8504
- C:\Windows\System\ZUjuwTU.exe
  C:\Windows\System\ZUjuwTU.exe
  2⤵
  PID:8528
- C:\Windows\System\faGhgoz.exe
  C:\Windows\System\faGhgoz.exe
  2⤵
  PID:8552
- C:\Windows\System\JYWfRru.exe
  C:\Windows\System\JYWfRru.exe
  2⤵
  PID:8568
- C:\Windows\System\OGVKUvK.exe
  C:\Windows\System\OGVKUvK.exe
  2⤵
  PID:8616
- C:\Windows\System\zfZvThy.exe
  C:\Windows\System\zfZvThy.exe
  2⤵
  PID:8628
- C:\Windows\System\iipnCvl.exe
  C:\Windows\System\iipnCvl.exe
  2⤵
  PID:8760
- C:\Windows\System\cchHdRQ.exe
  C:\Windows\System\cchHdRQ.exe
  2⤵
  PID:8776
- C:\Windows\System\fZXfYYd.exe
  C:\Windows\System\fZXfYYd.exe
  2⤵
  PID:8828
- C:\Windows\System\UJSdeBi.exe
  C:\Windows\System\UJSdeBi.exe
  2⤵
  PID:8888
- C:\Windows\System\AiyeGIz.exe
  C:\Windows\System\AiyeGIz.exe
  2⤵
  PID:8916
- C:\Windows\System\udFqMsd.exe
  C:\Windows\System\udFqMsd.exe
  2⤵
  PID:8988
- C:\Windows\System\CuozhnV.exe
  C:\Windows\System\CuozhnV.exe
  2⤵
  PID:9104
- C:\Windows\System\iwSKDwW.exe
  C:\Windows\System\iwSKDwW.exe
  2⤵
  PID:9172
- C:\Windows\System\lDFKdMd.exe
  C:\Windows\System\lDFKdMd.exe
  2⤵
  PID:7192
- C:\Windows\System\WGulite.exe
  C:\Windows\System\WGulite.exe
  2⤵
  PID:9068
- C:\Windows\System\bTBxMoY.exe
  C:\Windows\System\bTBxMoY.exe
  2⤵
  PID:9116
- C:\Windows\System\zNqjMZI.exe
  C:\Windows\System\zNqjMZI.exe
  2⤵
  PID:9208
- C:\Windows\System\IPumJOz.exe
  C:\Windows\System\IPumJOz.exe
  2⤵
  PID:8280
- C:\Windows\System\QmlqEFl.exe
  C:\Windows\System\QmlqEFl.exe
  2⤵
  PID:8260
- C:\Windows\System\VhWOqUz.exe
  C:\Windows\System\VhWOqUz.exe
  2⤵
  PID:8212
- C:\Windows\System\GBpgxvH.exe
  C:\Windows\System\GBpgxvH.exe
  2⤵
  PID:8400
- C:\Windows\System\mmIehAQ.exe
  C:\Windows\System\mmIehAQ.exe
  2⤵
  PID:8488
- C:\Windows\System\SmoTqfG.exe
  C:\Windows\System\SmoTqfG.exe
  2⤵
  PID:8476
- C:\Windows\System\FccfGXA.exe
  C:\Windows\System\FccfGXA.exe
  2⤵
  PID:8416
- C:\Windows\System\QkdAcvd.exe
  C:\Windows\System\QkdAcvd.exe
  2⤵
  PID:8564
- C:\Windows\System\NPaTGWA.exe
  C:\Windows\System\NPaTGWA.exe
  2⤵
  PID:8600
- C:\Windows\System\IrmtJFf.exe
  C:\Windows\System\IrmtJFf.exe
  2⤵
  PID:8792
- C:\Windows\System\dyrHkDg.exe
  C:\Windows\System\dyrHkDg.exe
  2⤵
  PID:8708
- C:\Windows\System\wyUPYTM.exe
  C:\Windows\System\wyUPYTM.exe
  2⤵
  PID:8932
- C:\Windows\System\VNGTGQg.exe
  C:\Windows\System\VNGTGQg.exe
  2⤵
  PID:8844
- C:\Windows\System\ktbYhYs.exe
  C:\Windows\System\ktbYhYs.exe
  2⤵
  PID:8952
- C:\Windows\System\zbtsPGj.exe
  C:\Windows\System\zbtsPGj.exe
  2⤵
  PID:9168
- C:\Windows\System\IMMdeee.exe
  C:\Windows\System\IMMdeee.exe
  2⤵
  PID:8948
- C:\Windows\System\jBpxUDf.exe
  C:\Windows\System\jBpxUDf.exe
  2⤵
  PID:8360
- C:\Windows\System\FDNISMq.exe
  C:\Windows\System\FDNISMq.exe
  2⤵
  PID:8516
- C:\Windows\System\CkQHiJz.exe
  C:\Windows\System\CkQHiJz.exe
  2⤵
  PID:8676
- C:\Windows\System\DSASjWM.exe
  C:\Windows\System\DSASjWM.exe
  2⤵
  PID:8180
- C:\Windows\System\cpsegPt.exe
  C:\Windows\System\cpsegPt.exe
  2⤵
  PID:8244
- C:\Windows\System\rfgTKmz.exe
  C:\Windows\System\rfgTKmz.exe
  2⤵
  PID:8460
- C:\Windows\System\FQmgRSg.exe
  C:\Windows\System\FQmgRSg.exe
  2⤵
  PID:9164
- C:\Windows\System\WPeDDvz.exe
  C:\Windows\System\WPeDDvz.exe
  2⤵
  PID:8632
- C:\Windows\System\hFFfNbe.exe
  C:\Windows\System\hFFfNbe.exe
  2⤵
  PID:8492
- C:\Windows\System\NXzxTVM.exe
  C:\Windows\System\NXzxTVM.exe
  2⤵
  PID:9248
- C:\Windows\System\DnNzvZc.exe
  C:\Windows\System\DnNzvZc.exe
  2⤵
  PID:9268
- C:\Windows\System\BoMfLhC.exe
  C:\Windows\System\BoMfLhC.exe
  2⤵
  PID:9292
- C:\Windows\System\dHzRURI.exe
  C:\Windows\System\dHzRURI.exe
  2⤵
  PID:9316
- C:\Windows\System\IVjOLGq.exe
  C:\Windows\System\IVjOLGq.exe
  2⤵
  PID:9332
- C:\Windows\System\AuyhtgU.exe
  C:\Windows\System\AuyhtgU.exe
  2⤵
  PID:9352
- C:\Windows\System\VOYkdLU.exe
  C:\Windows\System\VOYkdLU.exe
  2⤵
  PID:9376
- C:\Windows\System\FjlyBpJ.exe
  C:\Windows\System\FjlyBpJ.exe
  2⤵
  PID:9392
- C:\Windows\System\cxeYQEr.exe
  C:\Windows\System\cxeYQEr.exe
  2⤵
  PID:9416
- C:\Windows\System\fgxxeJM.exe
  C:\Windows\System\fgxxeJM.exe
  2⤵
  PID:9432
- C:\Windows\System\aQxYPKl.exe
  C:\Windows\System\aQxYPKl.exe
  2⤵
  PID:9500
- C:\Windows\System\SVaRhok.exe
  C:\Windows\System\SVaRhok.exe
  2⤵
  PID:9520
- C:\Windows\System\LEomUWk.exe
  C:\Windows\System\LEomUWk.exe
  2⤵
  PID:9536
- C:\Windows\System\fCnlrBQ.exe
  C:\Windows\System\fCnlrBQ.exe
  2⤵
  PID:9552
- C:\Windows\System\JBRqslA.exe
  C:\Windows\System\JBRqslA.exe
  2⤵
  PID:9568
- C:\Windows\System\ybjIMEk.exe
  C:\Windows\System\ybjIMEk.exe
  2⤵
  PID:9584
- C:\Windows\System\mNEIKpX.exe
  C:\Windows\System\mNEIKpX.exe
  2⤵
  PID:9600
- C:\Windows\System\RIVkxYJ.exe
  C:\Windows\System\RIVkxYJ.exe
  2⤵
  PID:9616
- C:\Windows\System\cthSIFR.exe
  C:\Windows\System\cthSIFR.exe
  2⤵
  PID:9632
- C:\Windows\System\HDYUOxA.exe
  C:\Windows\System\HDYUOxA.exe
  2⤵
  PID:9648
- C:\Windows\System\dHPGmak.exe
  C:\Windows\System\dHPGmak.exe
  2⤵
  PID:9672
- C:\Windows\System\kWFfwRn.exe
  C:\Windows\System\kWFfwRn.exe
  2⤵
  PID:9688
- C:\Windows\System\BWWiZWT.exe
  C:\Windows\System\BWWiZWT.exe
  2⤵
  PID:9704
- C:\Windows\System\yvlKFLY.exe
  C:\Windows\System\yvlKFLY.exe
  2⤵
  PID:9720
- C:\Windows\System\WWokSCU.exe
  C:\Windows\System\WWokSCU.exe
  2⤵
  PID:9736
- C:\Windows\System\dnNbDVv.exe
  C:\Windows\System\dnNbDVv.exe
  2⤵
  PID:9752
- C:\Windows\System\ZgFseJI.exe
  C:\Windows\System\ZgFseJI.exe
  2⤵
  PID:9772
- C:\Windows\System\PYKquSt.exe
  C:\Windows\System\PYKquSt.exe
  2⤵
  PID:9788
- C:\Windows\System\YpEwLcx.exe
  C:\Windows\System\YpEwLcx.exe
  2⤵
  PID:9812
- C:\Windows\System\nrAykZU.exe
  C:\Windows\System\nrAykZU.exe
  2⤵
  PID:9828
- C:\Windows\System\WtSjUFH.exe
  C:\Windows\System\WtSjUFH.exe
  2⤵
  PID:9844
- C:\Windows\System\iUyFqWq.exe
  C:\Windows\System\iUyFqWq.exe
  2⤵
  PID:9860
- C:\Windows\System\iKCVPUm.exe
  C:\Windows\System\iKCVPUm.exe
  2⤵
  PID:9876
- C:\Windows\System\FlbJmoK.exe
  C:\Windows\System\FlbJmoK.exe
  2⤵
  PID:9900
- C:\Windows\System\kVXqpeS.exe
  C:\Windows\System\kVXqpeS.exe
  2⤵
  PID:9916
- C:\Windows\System\WIsuLCG.exe
  C:\Windows\System\WIsuLCG.exe
  2⤵
  PID:9932
- C:\Windows\System\uWyxLcS.exe
  C:\Windows\System\uWyxLcS.exe
  2⤵
  PID:9948
- C:\Windows\System\jsMmwEz.exe
  C:\Windows\System\jsMmwEz.exe
  2⤵
  PID:9964
- C:\Windows\System\UCAJphR.exe
  C:\Windows\System\UCAJphR.exe
  2⤵
  PID:9980
- C:\Windows\System\zUXBkSA.exe
  C:\Windows\System\zUXBkSA.exe
  2⤵
  PID:9996
- C:\Windows\System\UJFNxGl.exe
  C:\Windows\System\UJFNxGl.exe
  2⤵
  PID:10012
- C:\Windows\System\bnnutLD.exe
  C:\Windows\System\bnnutLD.exe
  2⤵
  PID:10032
- C:\Windows\System\QXTuSNe.exe
  C:\Windows\System\QXTuSNe.exe
  2⤵
  PID:9480
- C:\Windows\System\VMgWZLP.exe
  C:\Windows\System\VMgWZLP.exe
  2⤵
  PID:9492
- C:\Windows\System\NkEPqEM.exe
  C:\Windows\System\NkEPqEM.exe
  2⤵
  PID:9548
- C:\Windows\System\EXOiovb.exe
  C:\Windows\System\EXOiovb.exe
  2⤵
  PID:9640
- C:\Windows\System\ODPTNar.exe
  C:\Windows\System\ODPTNar.exe
  2⤵
  PID:9628
- C:\Windows\System\kSBpCeN.exe
  C:\Windows\System\kSBpCeN.exe
  2⤵
  PID:9668
- C:\Windows\System\AWZrKVU.exe
  C:\Windows\System\AWZrKVU.exe
  2⤵
  PID:9716
- C:\Windows\System\JZiGKNn.exe
  C:\Windows\System\JZiGKNn.exe
  2⤵
  PID:9784
- C:\Windows\System\paKQUak.exe
  C:\Windows\System\paKQUak.exe
  2⤵
  PID:9728
- C:\Windows\System\cCvhxMo.exe
  C:\Windows\System\cCvhxMo.exe
  2⤵
  PID:9804
- C:\Windows\System\VbSIvuC.exe
  C:\Windows\System\VbSIvuC.exe
  2⤵
  PID:9840
- C:\Windows\System\SaIaYKp.exe
  C:\Windows\System\SaIaYKp.exe
  2⤵
  PID:9896
- C:\Windows\System\IkQiYAz.exe
  C:\Windows\System\IkQiYAz.exe
  2⤵
  PID:9960
- C:\Windows\System\cVqEUeI.exe
  C:\Windows\System\cVqEUeI.exe
  2⤵
  PID:9976
- C:\Windows\System\NhncmJk.exe
  C:\Windows\System\NhncmJk.exe
  2⤵
  PID:10028
- C:\Windows\System\opXHhXE.exe
  C:\Windows\System\opXHhXE.exe
  2⤵
  PID:10044
- C:\Windows\System\SDiYZzR.exe
  C:\Windows\System\SDiYZzR.exe
  2⤵
  PID:10072
- C:\Windows\System\yiPiOYY.exe
  C:\Windows\System\yiPiOYY.exe
  2⤵
  PID:10056
- C:\Windows\System\FcxnOSb.exe
  C:\Windows\System\FcxnOSb.exe
  2⤵
  PID:10096
- C:\Windows\System\MrIeesp.exe
  C:\Windows\System\MrIeesp.exe
  2⤵
  PID:10112
- C:\Windows\System\nTJsVrk.exe
  C:\Windows\System\nTJsVrk.exe
  2⤵
  PID:10136
- C:\Windows\System\gYVBmHm.exe
  C:\Windows\System\gYVBmHm.exe
  2⤵
  PID:10160
- C:\Windows\System\ueZULJL.exe
  C:\Windows\System\ueZULJL.exe
  2⤵
  PID:10188
- C:\Windows\System\OphKWVX.exe
  C:\Windows\System\OphKWVX.exe
  2⤵
  PID:10208
- C:\Windows\System\WiJTWZH.exe
  C:\Windows\System\WiJTWZH.exe
  2⤵
  PID:10232
- C:\Windows\System\QENnCgV.exe
  C:\Windows\System\QENnCgV.exe
  2⤵
  PID:8440
- C:\Windows\System\MKXKmsX.exe
  C:\Windows\System\MKXKmsX.exe
  2⤵
  PID:8456
- C:\Windows\System\qRrcEpO.exe
  C:\Windows\System\qRrcEpO.exe
  2⤵
  PID:9232
- C:\Windows\System\POvjUOf.exe
  C:\Windows\System\POvjUOf.exe
  2⤵
  PID:8976
- C:\Windows\System\dTkbzhO.exe
  C:\Windows\System\dTkbzhO.exe
  2⤵
  PID:9264
- C:\Windows\System\iQBSxOc.exe
  C:\Windows\System\iQBSxOc.exe
  2⤵
  PID:9308
- C:\Windows\System\zLNAFug.exe
  C:\Windows\System\zLNAFug.exe
  2⤵
  PID:8648
- C:\Windows\System\oVmQuEu.exe
  C:\Windows\System\oVmQuEu.exe
  2⤵
  PID:9388
- C:\Windows\System\CNHmerZ.exe
  C:\Windows\System\CNHmerZ.exe
  2⤵
  PID:9408
- C:\Windows\System\cBrTzvJ.exe
  C:\Windows\System\cBrTzvJ.exe
  2⤵
  PID:9424
- C:\Windows\System\mamUFoE.exe
  C:\Windows\System\mamUFoE.exe
  2⤵
  PID:9496
- C:\Windows\System\GkbXAxG.exe
  C:\Windows\System\GkbXAxG.exe
  2⤵
  PID:9476
- C:\Windows\System\ZjiyoHR.exe
  C:\Windows\System\ZjiyoHR.exe
  2⤵
  PID:9612
- C:\Windows\System\SGMbgYu.exe
  C:\Windows\System\SGMbgYu.exe
  2⤵
  PID:9660
- C:\Windows\System\ZCdZQOq.exe
  C:\Windows\System\ZCdZQOq.exe
  2⤵
  PID:9328
- C:\Windows\System\gSknIiW.exe
  C:\Windows\System\gSknIiW.exe
  2⤵
  PID:9684
- C:\Windows\System\FEbVpHo.exe
  C:\Windows\System\FEbVpHo.exe
  2⤵
  PID:9700
- C:\Windows\System\iJKlQyj.exe
  C:\Windows\System\iJKlQyj.exe
  2⤵
  PID:9800
- C:\Windows\System\kAWbfpz.exe
  C:\Windows\System\kAWbfpz.exe
  2⤵
  PID:9892
- C:\Windows\System\eQPZBLi.exe
  C:\Windows\System\eQPZBLi.exe
  2⤵
  PID:9944
- C:\Windows\System\kSNijyr.exe
  C:\Windows\System\kSNijyr.exe
  2⤵
  PID:10020
- C:\Windows\System\hIhmCIa.exe
  C:\Windows\System\hIhmCIa.exe
  2⤵
  PID:10060
- C:\Windows\System\hhDrRMc.exe
  C:\Windows\System\hhDrRMc.exe
  2⤵
  PID:10116
- C:\Windows\System\NjqDqGw.exe
  C:\Windows\System\NjqDqGw.exe
  2⤵
  PID:10128
- C:\Windows\System\aPWGtTD.exe
  C:\Windows\System\aPWGtTD.exe
  2⤵
  PID:10180
- C:\Windows\System\zKiyuYY.exe
  C:\Windows\System\zKiyuYY.exe
  2⤵
  PID:10228
- C:\Windows\System\OUZIqOm.exe
  C:\Windows\System\OUZIqOm.exe
  2⤵
  PID:10224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CZgFgLY.exe

Filesize
6.0MB

MD5
928f68b8f6b99b80d69941d6d18a6b8c

SHA1
b3460a1f2394494f15cfdfac61060d78180a9f34

SHA256
f12bfef801dea25f7436f92dbd0c076a7e6d5994d8a8cd135211a6e3d90bf197

SHA512
c0ab1933a2f7319c0b07afa652534925afde5053533c48f41145687ce11430d28b41f6b6fe70913578a0095e97e1a407b4bc9fc5098263142180e2a2267044e7

Download Submit
C:\Windows\system\CwcgwWZ.exe

Filesize
6.0MB

MD5
62e7251d91d67c48954d98c57d846296

SHA1
ab6de35c8e9ecd72f40625d161efa72f2254b1fb

SHA256
13ca69b020038a0f63e2d9d6b30883b62214aa3bcc55e501fef009f6a61512c0

SHA512
4fa438d5ab0ad3c6e479741316690433fea6c5e66f0d99d386458837833ab4179a0fcb34c3bb2931eae7f412923220ce1fbceadd4f133884b89deac03297046e

Download Submit
C:\Windows\system\DkbNYoT.exe

Filesize
6.0MB

MD5
37b0b3ae0e5e15258793bf42f4c9d505

SHA1
4d0f0ed11f0f6ef230212d99134d9a144507aac9

SHA256
2f25623e1910909bd14017c157dda469e633f8e5cb2139e9ae5b233d3f60faa1

SHA512
7144eb7d9564808613f4b73810cecb5dfd753b5260f73dcd2a9fc2deb2082e6e73c2699babee64433b1b232458fa59c97af8ae4196cdacb5cbcc92a955bf689b

Download Submit
C:\Windows\system\FeIYAwa.exe

Filesize
6.0MB

MD5
e2da7b1e948a434fe6456053da5f4719

SHA1
de4a9ff00e995cd6ca693a8848fa252a0befec84

SHA256
4de62f25ca47526f0e6c485f175af15ef2ee7d37870da1b7507f90868da7e673

SHA512
ba509a60ef34698093104096b16b042f937ff366032c37e1fb2c89e381dad2c4b6d243b4a2be442ed9bbe6bc04bca29aff78647cd337add603e2a548ccc39f83

Download Submit
C:\Windows\system\IHWGMmN.exe

Filesize
6.0MB

MD5
c3a50d7a3e4ca0efd04a9a91f00fd1dd

SHA1
884f3ca787bc9418da719d5a5149ca8eac7ab861

SHA256
e155388d3276a236d5bd91dfff8ab000539f976e6257ea36cc11ae944322371c

SHA512
6ddf15bacaf579427abecd5ecfefc0b26a22461a68b6d332e22dd530c02f21243238354a63e05e884a6e01df5d6980bc099d2ed615fbf08d3fa3c2f4a6c69f93

Download Submit
C:\Windows\system\IHWUCqe.exe

Filesize
6.0MB

MD5
a917106ee78a0561e310c5d43b8dc0e8

SHA1
fb7b8685c3e60ce270e27ef945dbfed9148f7521

SHA256
796c9c544747985093607157056d995d16d497214c49c3c20673cc7c95ba8603

SHA512
324141b69cf731a79e975bd33ba916d03140034c192a3831b763b0880c4a87a55f138307f3b4b966f85211b03f4d8a3f90952d5410749af251b79a40afc52700

Download Submit
C:\Windows\system\MWdevvT.exe

Filesize
6.0MB

MD5
6de0a764e03478f00bf88372fb43f564

SHA1
fb3faead14956f439c9be618d2862ca060d37710

SHA256
231896c1fe33bc5cdb234da2523553cff0f0243ac6a20c09ea3d7a56015c85a4

SHA512
775e9fef767f404aa097e0f5274d0a111870d81e45bb4c7779388ce3a22299866f8d9120802ecccb0e6a6d50afeea7809743ded9f40d773d45f41a110be62d62

Download Submit
C:\Windows\system\RhjPwPI.exe

Filesize
6.0MB

MD5
7b0b05429765425526924d3341497c0b

SHA1
cc43cfa759a8811a95ddb3257bae901a5e0cb5fe

SHA256
bf132df4ff3796fce18144e979f8bb77e80155827e6476d6337ddffd4791e427

SHA512
a82f702d2c4e8d35917917dbc8037b28a17c299a4538a4accaabf4045861f205041e10c3a9799337d9667874a21fad5b7305bd250e448ed6a6507f5de9984528

Download Submit
C:\Windows\system\UixRLid.exe

Filesize
6.0MB

MD5
3bd2a984d33d34c23a9c144f02152d2b

SHA1
c548cb1510cc0bf91452871688a3650c1323fb87

SHA256
a1ffe0b1a8376c6039ad8f31d940a905ede87f98fa0b086194b1c0d6804ca9bc

SHA512
29c53a6b1f00216076b1f7e383361a6b44f22294c045fe2e651fc377ea21569fcacf8f77129c4c39ef1f001e02231a50f09f113fdb9daa510ec858fae2589b25

Download Submit
C:\Windows\system\aKAJtDm.exe

Filesize
6.0MB

MD5
62c00bba7b98bd6c75dc142341ffbd9a

SHA1
bb2a121b310037d593b4d624e29ad68dfce30daa

SHA256
cb491c8609fdea69269b19a8943747ad2570eccb2fbdf4e7e36472f229f3edbd

SHA512
ccf0f193029fe3c463ca7e2bb7e571903e6785d9c4d3dff9a9072bdccb3af9fd088b5118c10123f4d98b0e88390e91c8a4904bf6cce0251b377e2806c6164068

Download Submit
C:\Windows\system\gxDyPcQ.exe

Filesize
6.0MB

MD5
a4338f827e28e44937cee1bbeb6a9957

SHA1
b14f3bae2efc3075133ec628302e7c3d43cd88c4

SHA256
18e0423b8bcbce4abe81aa6667de0849fc61236801020903d9697010dc2b2d40

SHA512
42920349673e40f9e83a067f855802159705620fb4680c8f17d0c23dcb3fadc50107ee18b0d1e4249e5c93d891e7b0b8a22fddfd1f49a1f2d40729a92c7e3ddd

Download Submit
C:\Windows\system\lanGbUW.exe

Filesize
6.0MB

MD5
616c07e4e4c3fa05bece9a5229e49833

SHA1
bc45bdcf5c3c362fb2af0ec05109ece4854cddc9

SHA256
a1b9dfb3cd88c60921132c9900a0080c5d7a21ac626ddf59f7efbbc69780016f

SHA512
301186a8a36ccaf5edab87868884c9e91eefeed3ceaca32170fae83ad0c14480748b9134c799c460ac90adbe66e3c559a7a2d183d0481fef287def54f602555f

Download Submit
C:\Windows\system\mFMBVho.exe

Filesize
6.0MB

MD5
f2046d635c0be44c61be278068d88fff

SHA1
5f54ec19baab8820465e37a0237a0faa47c2b70d

SHA256
0001e324f1c0da60ff5103e308bbc0fb5970d15c6eba4f8079cd7276f00f77e6

SHA512
f84ae765e7c15b6b5f01cdc7102ea3ce682e437e954f68932bcc611623f03b301a0aede925dd2b09618279602e1292c208d439a14ba4d16cb4360ace5f64c9b5

Download Submit
C:\Windows\system\nLvxUbX.exe

Filesize
6.0MB

MD5
3634904ae77b8ddfa7e65b0e65a37425

SHA1
a8abd3ee010fdd1ba299310a54d95f2efe879d72

SHA256
534e0e8f0c3d5859f5f4565342761c41078d32127c714c7bfcec3ff6d9232bcd

SHA512
3c89e0d8d99b7f1d064f5fe0f9b8d9791f2a13c8d2820f1660827f514441935fc7834e6668f98d52034c2a30fc6e6f04463277631797970088f5f05f92606f5b

Download Submit
C:\Windows\system\tJmaptU.exe

Filesize
6.0MB

MD5
bcdea39a871fd2bc9bfdf2b488cb2eb8

SHA1
8e5e725deac93797de09e8880e088b442c220c07

SHA256
fc0fa1977f65fdd71dad782a3c5e6fbadb6c62496c56c3bf8f036d882e958eb9

SHA512
a9be4c99018d7d77ffd51fcfe0d43d41aeda97b32de133f2117f2cdbdbfed4eedd62e12edadbf0ecfafce67d22de2b8513e57a21d8ed04f633f243ceb0c1e845

Download Submit
C:\Windows\system\trwJrow.exe

Filesize
6.0MB

MD5
a171f282965de72bc9700fc3e57868b4

SHA1
dbeeccef5473fd782748515cd4c901c61d224c30

SHA256
ed0daf32ed7735417535939ddb7230d844c67dd2962acb052a5867cfd6ba15be

SHA512
78b6557f620a73699f61673eda8d621e171bbd23936a35a2506816c88c7f633e7edc5758e27a3725b4d270d84b79beb651ee4ceb034a93b46b1c7e8acf949ed8

Download Submit
C:\Windows\system\xDlHeEy.exe

Filesize
6.0MB

MD5
03d7158b290949b75e4df14528851d26

SHA1
99a30a586f486a63ee4f4bbb5de15e3987951b55

SHA256
0b4d859e3100fa6be750e29e3d911f94fe3152249f681c6ecf4931dfb2920a5e

SHA512
f866b6c927be2f392b9a7212c058e03186a1c9dd1174c40ea5009e4273a8001765018729dd4abfe74437983a6d62f7b997e32c526c62676555e5e4228fba90d4

Download Submit
C:\Windows\system\xNPrtNZ.exe

Filesize
6.0MB

MD5
f237bd35d87f02a987309185e69d46cb

SHA1
3cb5eaa9fc98362d4ff48bdafec913da8855df21

SHA256
f470f474206b6e58aa7a13544b175f00f9d23e64331e6060409f227dcaee23ee

SHA512
3f91871a321408ccb319ddf2420372dd0861b90ee746c415d935f2f789425dba91d8f315b0f63db049800cb5aa491b6f3a86e38ad30dcb5e0da8ac3b62931a6f

Download Submit
C:\Windows\system\yVxVdtH.exe

Filesize
6.0MB

MD5
7a464faa8c01afbd7217866c602765bc

SHA1
d9c48d6bd2680fa648df16707f2cb1274518e70b

SHA256
b0d230c6452a8afbdbb9fcb3b4d214cb586ca2bd174d730c905f53f2dc2e81c4

SHA512
8a15747efd2a17c1e2b9c1bbb821264a7996579650eceb5607398f9b0aee31fad6d4f5d4054438051f3bf47a7519f38a6def72356c3c3106264fd01c7186ebed

Download Submit
\Windows\system\BEXwJQz.exe

Filesize
6.0MB

MD5
e8e6c1961b51b32561a25af1c4118cf8

SHA1
389c0ed71a854316a6ebee6b1b47cd80dbd1de82

SHA256
b248c1924ab0dacee58c178072b1bb12ed309c73f90bc69724eb7693614138da

SHA512
833498fc0f36ee21bb1392412e911337e9c1751b4941f7f5033ce77c7d7366eb263a0326168f2b5b5f8c7fb4dc36b9a417b209f08dd8dd3b4f6c55dff4044bf2

Download Submit
\Windows\system\FjaWCQV.exe

Filesize
6.0MB

MD5
5556fd30206f76a9c67571f7f3f0fc3b

SHA1
5942694f2d9c7f58f47c2edf1f6508d269004bf1

SHA256
e06f444a16342036cf74fdadbc156129f6261c525eaccd96b66ab0d42b3695c1

SHA512
8a508cf2a432c14a16f774d3d14a750fd2e675dfe3fa9622ff2385b343f2297f325b880c17032721e04e5ecb84bed1c68f47956fbe033878b766b632f07ceacf

Download Submit
\Windows\system\HqBCcQa.exe

Filesize
6.0MB

MD5
16dcb6836cf4efaf7bc1f8eae1fa662e

SHA1
93162d7417dc6da036194b39c1121b97d79bb072

SHA256
2ee9d54090d6031f1d629b657b4acbd23bce912d50fe320635bb56ba9e2278ee

SHA512
151cbeae310c42d431a46f1a94a1a1b21b1783ddf3ade6465d41138f6bc5e218d22dc247442d9f8424d2ca13e13f5070604ba510dd6e0e9dc9cd882a7c5af3ff

Download Submit
\Windows\system\JTnIRLD.exe

Filesize
6.0MB

MD5
3221f76e85e24a1a3c90235992319d83

SHA1
589d74e0b2a44810557e12971c9751950631fd11

SHA256
5ff54b8b7675c4c6ed7177d9ac3bfc1f61366c7a409266d543bf07e93d7765cc

SHA512
7741a9200a4d7ae1cbc3078841ec1bcc9b72fffb78cfc7163f01fa896e7febed65f1ea3dd8063ad7086d3ba1c1d96dacdfb77eddb51eccb3b1b778adeef0ea99

Download Submit
\Windows\system\SXkzEGg.exe

Filesize
6.0MB

MD5
3568fe8612bb4c5718e494d31be7943e

SHA1
829f9898559d90bb76df669dafaaa82b85b4eda8

SHA256
a152a1742fa0164b7d224d5f86a2b76943178a8dd62c7cb4a909d5c212b719ea

SHA512
27758bb3fa3c016f10102bc02bb57784888ffe551486b5959b7b231540e1be6e14e5037fd77973464c169fe6a57832359303c33136fe38b5b9b831c22b967743

Download Submit
\Windows\system\gmapnlx.exe

Filesize
6.0MB

MD5
3c5b2f91fb7547227fe59ef752667ded

SHA1
8241f7e9ff63cddb57d681906797e968a7783678

SHA256
c26eb399f7845580e2d493ad3580b58f05b2f515ead93461f2bfe3bae966651b

SHA512
47b02bff62ec8cdbbbb2b75beee5156a4e89e0a8b01779c6907c977f801b3a8a3c17cd77aa76bc376a8ba6506e8cdf4606e757575d8662cc454baf69f29fd7dd

Download Submit
\Windows\system\jXApdrw.exe

Filesize
6.0MB

MD5
e1f3a507f64c5a87558143af5ea60fdd

SHA1
bd0d6b40cd88e9a379b7185167dabd6123905959

SHA256
3335bff69d3d1fdb47cbebdaad41b94a9677be6bf142d0bc54a2a0d5f9e53030

SHA512
7f37805438132636969325ce39a817c811fd8765bd0e16cdbc6b3faa883be0938ea95cf8b61fc319c1d9f5a1051611e6e646062c944eb6a0d5179bc069998d98

Download Submit
\Windows\system\juqOnCQ.exe

Filesize
6.0MB

MD5
e1edf875c4f17992e2781ef6bbc84f85

SHA1
349a1431b3a40ef0769ab444040c390c8668c4de

SHA256
661803f88c7154ec3f42b80b7487a28e1d9839a89e4875f9ea76717bbe2c82ad

SHA512
d6b89048952f4638bd2648b18ea72be48a4d1b3513f6e98740a2aa22490c66df17226ab078a04932f76ead9143217ca803a6371d93ff1aaf3468e1fa86f979c8

Download Submit
\Windows\system\lZCTELu.exe

Filesize
6.0MB

MD5
65f4cb2aa91cdfe66d73cf54347eb866

SHA1
2a8f66490a7068b7b2476997595eca1c6c8d1aa5

SHA256
77d0a97bfbfaf90e67298bda80add4744180c04c55a4888a4a9a42bf71f18bda

SHA512
fedb3908f0532416e7c4810bbbff0e7b4fdecdb5eaee1cb1a7601fac1e6dd58814ea2dd6149ab4bb920179d276ad4506f2212a2426cdbb69c61c35d89881eb7e

Download Submit
\Windows\system\llxMcIj.exe

Filesize
6.0MB

MD5
5fcacb1144562ed59871052e8bcccd29

SHA1
a3fe8f21cf835a76c26dda9a557057b2c48f15ce

SHA256
74d82527cd192705e2c0d51b92e50677d64029d71515387325587d00f9cbfb33

SHA512
2341a1668f4e84c47f8e305af645bce05258702cdb94a537f7abfb798233a157df25430b365e788b109c5834a66a6e974da8067a9b6ddeccb364ce56df8a193e

Download Submit
\Windows\system\mDovdzP.exe

Filesize
6.0MB

MD5
21d47ab936fb0e577624bd1f9d28c869

SHA1
a9188278ca6bf89b27b2e5463c2a32469a42bad9

SHA256
3c9ef034ea471d58a0cc23cff8c98cabb5e79a82ecca390c539383b07b84dbd4

SHA512
3398732baa495739d61712f2834e20abbda78a49388409447734ab5b4135b311f09c9e11b3d38b93c649a0e2530bd8e0e0143b28d246246f2ca1548893b183f0

Download Submit
\Windows\system\sMDSXgQ.exe

Filesize
6.0MB

MD5
8eb09f844af5f37a3885ffe5079e16ae

SHA1
0fc8a536925949db8d9a23e849c8a25b8ef9c90e

SHA256
a974e191dceccdaa14885b4d93bfef9e17d4de5215ecdde0b6782f8b83adc6ff

SHA512
1f69d7a8ae2ff778b3246819d29d0770513813e74016af846f456365c50fd00842bbab4c65ad41fbafc4f9fd571de20f58babde95204e246b1ba713168fd5ac4

Download Submit
\Windows\system\ugthHjH.exe

Filesize
6.0MB

MD5
a09283a875f35ec6d11d48c5426fccba

SHA1
437a5548862fb9a7d1956b1b32a1583894b6bfd4

SHA256
45b4c48bb8ea8894f4a515beffb7c2a67db521e74dc7813cd25605955f0c8913

SHA512
c09a2c84b0c285fcf279a4c705ed95c7c521e87c14b34784662d7a3aad6c50fa8e61d8fbe6b0f24befba9543db34a410c0bd3124cb4574b98116ba9b7aebda3a

Download Submit
memory/308-19-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/308-87-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/308-3202-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/780-35-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/780-80-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/780-58-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/780-50-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/780-41-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/780-0-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/780-30-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/780-29-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/780-8-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/780-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/780-70-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/780-46-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/780-53-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/780-97-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/780-86-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/1964-76-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/1964-3205-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2004-23-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2004-3203-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-3201-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2172-45-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2252-3200-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2252-105-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2552-3199-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2552-92-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2552-104-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2568-81-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2568-3957-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3233-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2624-102-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2624-83-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2640-116-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-98-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-3206-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-73-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2664-3214-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3209-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2688-69-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2688-100-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2708-88-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3234-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-103-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-3207-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2740-37-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2740-91-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3204-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2756-101-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2756-62-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download