cobaltstrike | 17d6990a07edf4a6d24c7393a01d38913273019cf1cceaaa6cd4f38500bbe4b6

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
30-12-2024 21:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

d402dee0b8d62419f1fefdcecd7a3804
SHA1

3e76980142e9d1649643ac48c77602b6e2c4c0bc
SHA256

17d6990a07edf4a6d24c7393a01d38913273019cf1cceaaa6cd4f38500bbe4b6
SHA512

f875825fe915e648f2ed599d0bef45cacb0997e372831b8d2492f879581a5b0f26e4ca9dc2126b1c1961edb774ea3a366cbcb498597efb4c35d048d16dd15d09
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUW:eOl56utgpPF8u/7W

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d00000001202b-6.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d54-13.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d67-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d6b-27.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d77-35.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019246-108.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c9-189.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b9-183.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a9-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019458-172.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019451-168.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-158.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-163.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a6-148.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b6-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019360-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933f-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019297-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019269-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019250-113.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b4e-94.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c16-102.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018744-66.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878e-63.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-56.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-54.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d9f-43.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186f4-42.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a8-72.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d6f-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2600-0-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/files/0x000d00000001202b-6.dat	xmrig
behavioral1/files/0x0007000000016d54-13.dat	xmrig
behavioral1/files/0x0007000000016d67-12.dat	xmrig
behavioral1/memory/2760-18-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/860-23-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d6b-27.dat	xmrig
behavioral1/memory/2680-76-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d77-35.dat	xmrig
behavioral1/memory/860-91-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/1636-97-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019246-108.dat	xmrig
behavioral1/memory/1636-950-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2680-595-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2520-292-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194c9-189.dat	xmrig
behavioral1/files/0x00050000000194b9-183.dat	xmrig
behavioral1/files/0x00050000000194a9-178.dat	xmrig
behavioral1/files/0x0005000000019458-172.dat	xmrig
behavioral1/files/0x0005000000019451-168.dat	xmrig
behavioral1/files/0x00050000000193c4-158.dat	xmrig
behavioral1/files/0x00050000000193df-163.dat	xmrig
behavioral1/files/0x00050000000193a6-148.dat	xmrig
behavioral1/files/0x00050000000193b6-152.dat	xmrig
behavioral1/files/0x0005000000019360-143.dat	xmrig
behavioral1/files/0x000500000001933f-138.dat	xmrig
behavioral1/files/0x0005000000019297-133.dat	xmrig
behavioral1/files/0x0005000000019284-128.dat	xmrig
behavioral1/files/0x0005000000019278-123.dat	xmrig
behavioral1/files/0x0005000000019269-118.dat	xmrig
behavioral1/files/0x0005000000019250-113.dat	xmrig
behavioral1/memory/2200-95-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/files/0x0006000000018b4e-94.dat	xmrig
behavioral1/files/0x0006000000018c16-102.dat	xmrig
behavioral1/memory/2852-90-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2980-89-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/files/0x0005000000018744-66.dat	xmrig
behavioral1/files/0x000500000001878e-63.dat	xmrig
behavioral1/memory/2520-59-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2600-58-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/files/0x0005000000018704-56.dat	xmrig
behavioral1/files/0x0005000000018739-54.dat	xmrig
behavioral1/memory/2960-49-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2600-46-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2096-45-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d9f-43.dat	xmrig
behavioral1/files/0x00060000000186f4-42.dat	xmrig
behavioral1/memory/2824-88-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2924-87-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2760-75-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2932-74-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/files/0x00050000000187a8-72.dat	xmrig
behavioral1/files/0x0007000000016d6f-33.dat	xmrig
behavioral1/memory/2200-29-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2392-9-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2392-3571-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2200-3594-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2760-3581-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/860-3601-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2960-3607-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2096-3600-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2680-3664-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/1636-3652-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2852-3648-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2392	PPuLdRI.exe
2760	iGukjwO.exe
860	icZoCYo.exe
2200	CDxlLFN.exe
2096	uexiose.exe
2960	nqvSWom.exe
2520	miUroJs.exe
2932	zjIRaKF.exe
2680	NHKrtAm.exe
2924	QIQtZer.exe
2824	STTMwKD.exe
2980	owArQUL.exe
2852	FXzdJoL.exe
1636	nBbpRMj.exe
852	ZjUzXwu.exe
2892	uYZDgRr.exe
1980	kmsougo.exe
2884	bEPneXa.exe
1852	kiWkmNG.exe
1564	ydiRtqC.exe
1284	BLPtHEN.exe
2776	TseMhgr.exe
2720	oSmVKUk.exe
280	PMYAZvG.exe
2652	efGclJV.exe
1488	NLVQPQR.exe
2264	SmAAGTm.exe
1920	IFgIgfL.exe
1124	POxfWKN.exe
2664	MzxcnMo.exe
744	VZkiKWW.exe
1372	MCBeajA.exe
2484	IKzDXgz.exe
900	FTyjeqT.exe
1768	yUOAWFw.exe
1540	TGWuLnL.exe
2872	UGioLDW.exe
632	fhbtcHF.exe
916	WRRQVtP.exe
2496	uvzAqxr.exe
1168	skgtvLZ.exe
2164	mpCFArW.exe
1032	zLUosRb.exe
612	qbJMyzW.exe
1724	WsgiQFy.exe
2152	taSOfxY.exe
2228	zDqftNm.exe
1324	wsleKvW.exe
276	cCFFIWJ.exe
1824	ishZZDY.exe
2612	BqrvkuU.exe
2452	EJbkjoD.exe
1708	UFTBwGL.exe
2460	JJepLpy.exe
2764	yZlCYIL.exe
2648	yBHDdzE.exe
2832	TrFNnHC.exe
1932	YnnPIqO.exe
2464	haxKdmD.exe
2956	JFcBQak.exe
2708	wqyfzzS.exe
3020	JzFRnqG.exe
1112	RjgyrGE.exe
2696	CmngpFv.exe

Loads dropped DLL 64 IoCs

pid	Process
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2600-0-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/files/0x000d00000001202b-6.dat	upx
behavioral1/files/0x0007000000016d54-13.dat	upx
behavioral1/files/0x0007000000016d67-12.dat	upx
behavioral1/memory/2760-18-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/860-23-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/files/0x0007000000016d6b-27.dat	upx
behavioral1/memory/2680-76-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/files/0x0009000000016d77-35.dat	upx
behavioral1/memory/860-91-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/1636-97-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/files/0x0005000000019246-108.dat	upx
behavioral1/memory/1636-950-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2680-595-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2520-292-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/files/0x00050000000194c9-189.dat	upx
behavioral1/files/0x00050000000194b9-183.dat	upx
behavioral1/files/0x00050000000194a9-178.dat	upx
behavioral1/files/0x0005000000019458-172.dat	upx
behavioral1/files/0x0005000000019451-168.dat	upx
behavioral1/files/0x00050000000193c4-158.dat	upx
behavioral1/files/0x00050000000193df-163.dat	upx
behavioral1/files/0x00050000000193a6-148.dat	upx
behavioral1/files/0x00050000000193b6-152.dat	upx
behavioral1/files/0x0005000000019360-143.dat	upx
behavioral1/files/0x000500000001933f-138.dat	upx
behavioral1/files/0x0005000000019297-133.dat	upx
behavioral1/files/0x0005000000019284-128.dat	upx
behavioral1/files/0x0005000000019278-123.dat	upx
behavioral1/files/0x0005000000019269-118.dat	upx
behavioral1/files/0x0005000000019250-113.dat	upx
behavioral1/memory/2200-95-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/files/0x0006000000018b4e-94.dat	upx
behavioral1/files/0x0006000000018c16-102.dat	upx
behavioral1/memory/2852-90-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2980-89-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/files/0x0005000000018744-66.dat	upx
behavioral1/files/0x000500000001878e-63.dat	upx
behavioral1/memory/2520-59-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2600-58-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/files/0x0005000000018704-56.dat	upx
behavioral1/files/0x0005000000018739-54.dat	upx
behavioral1/memory/2960-49-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2096-45-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/files/0x0008000000016d9f-43.dat	upx
behavioral1/files/0x00060000000186f4-42.dat	upx
behavioral1/memory/2824-88-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2924-87-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2760-75-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2932-74-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/files/0x00050000000187a8-72.dat	upx
behavioral1/files/0x0007000000016d6f-33.dat	upx
behavioral1/memory/2200-29-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2392-9-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2392-3571-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2200-3594-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2760-3581-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/860-3601-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2960-3607-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2096-3600-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2680-3664-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/1636-3652-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2852-3648-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2924-3641-0x000000013F430000-0x000000013F784000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\UtiFbwB.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FXAsocr.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MqBTBuO.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ahGOPBm.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DTlcyiG.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IfLFrif.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tNhEETU.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CwESjdq.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PTwXMIm.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DEvrlGz.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tRwYQzZ.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GlvbnLy.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HrUPwOR.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GUwpxqa.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSmVKUk.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MgGPKCf.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NLrJFMN.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RCZZIJL.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tWPtbPH.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HyTdjSa.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\meBFLrL.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pnqHzFC.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yCyFtHo.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QKVxkHc.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FAILsdw.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vLtAMtZ.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EyHMSvU.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xAZwJDf.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OgrRnWp.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\haxKdmD.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VGdYWOh.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MtYoIhx.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tmCJVZf.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hWzDXTn.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QMzlKxT.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xGMASuZ.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DoOJOLM.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IjUNuwb.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kKYIjIb.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XrmxQNL.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hgnYYaa.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\thkGwoo.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ExipugQ.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\retQCMJ.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hKYPaRZ.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CHaaBSX.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\USNNBvo.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJvZYib.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rRiGdam.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UjeuFPK.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WszHYfl.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KvFHSYQ.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hDOZGGo.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aBKSCHC.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mNOlKZG.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\guTZgnv.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yBskYdA.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ftkwQqY.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gkDjlIH.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XXGZhXy.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wlbFUOL.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vscaHjn.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Llwqvyv.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WyKYCzl.exe	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 2392	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2600 wrote to memory of 2392	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2600 wrote to memory of 2392	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2600 wrote to memory of 2760	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2600 wrote to memory of 2760	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2600 wrote to memory of 2760	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2600 wrote to memory of 860	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2600 wrote to memory of 860	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2600 wrote to memory of 860	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2600 wrote to memory of 2200	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2600 wrote to memory of 2200	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2600 wrote to memory of 2200	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2600 wrote to memory of 2096	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2600 wrote to memory of 2096	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2600 wrote to memory of 2096	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2600 wrote to memory of 2924	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2600 wrote to memory of 2924	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2600 wrote to memory of 2924	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2600 wrote to memory of 2960	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2600 wrote to memory of 2960	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2600 wrote to memory of 2960	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2600 wrote to memory of 2824	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2600 wrote to memory of 2824	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2600 wrote to memory of 2824	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2600 wrote to memory of 2520	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2600 wrote to memory of 2520	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2600 wrote to memory of 2520	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2600 wrote to memory of 2980	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2600 wrote to memory of 2980	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2600 wrote to memory of 2980	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2600 wrote to memory of 2932	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2600 wrote to memory of 2932	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2600 wrote to memory of 2932	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2600 wrote to memory of 2852	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2600 wrote to memory of 2852	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2600 wrote to memory of 2852	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2600 wrote to memory of 2680	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2600 wrote to memory of 2680	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2600 wrote to memory of 2680	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2600 wrote to memory of 1636	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2600 wrote to memory of 1636	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2600 wrote to memory of 1636	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2600 wrote to memory of 852	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2600 wrote to memory of 852	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2600 wrote to memory of 852	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2600 wrote to memory of 2892	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2600 wrote to memory of 2892	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2600 wrote to memory of 2892	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2600 wrote to memory of 1980	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2600 wrote to memory of 1980	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2600 wrote to memory of 1980	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2600 wrote to memory of 2884	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2600 wrote to memory of 2884	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2600 wrote to memory of 2884	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2600 wrote to memory of 1852	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2600 wrote to memory of 1852	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2600 wrote to memory of 1852	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2600 wrote to memory of 1564	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2600 wrote to memory of 1564	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2600 wrote to memory of 1564	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2600 wrote to memory of 1284	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2600 wrote to memory of 1284	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2600 wrote to memory of 1284	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2600 wrote to memory of 2776	2600	2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-30_d402dee0b8d62419f1fefdcecd7a3804_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Windows\System\PPuLdRI.exe
  C:\Windows\System\PPuLdRI.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\iGukjwO.exe
  C:\Windows\System\iGukjwO.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\icZoCYo.exe
  C:\Windows\System\icZoCYo.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\CDxlLFN.exe
  C:\Windows\System\CDxlLFN.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\uexiose.exe
  C:\Windows\System\uexiose.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\QIQtZer.exe
  C:\Windows\System\QIQtZer.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\nqvSWom.exe
  C:\Windows\System\nqvSWom.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\STTMwKD.exe
  C:\Windows\System\STTMwKD.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\miUroJs.exe
  C:\Windows\System\miUroJs.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\owArQUL.exe
  C:\Windows\System\owArQUL.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\zjIRaKF.exe
  C:\Windows\System\zjIRaKF.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\FXzdJoL.exe
  C:\Windows\System\FXzdJoL.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\NHKrtAm.exe
  C:\Windows\System\NHKrtAm.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\nBbpRMj.exe
  C:\Windows\System\nBbpRMj.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\ZjUzXwu.exe
  C:\Windows\System\ZjUzXwu.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\uYZDgRr.exe
  C:\Windows\System\uYZDgRr.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\kmsougo.exe
  C:\Windows\System\kmsougo.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\bEPneXa.exe
  C:\Windows\System\bEPneXa.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\kiWkmNG.exe
  C:\Windows\System\kiWkmNG.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\ydiRtqC.exe
  C:\Windows\System\ydiRtqC.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\BLPtHEN.exe
  C:\Windows\System\BLPtHEN.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\TseMhgr.exe
  C:\Windows\System\TseMhgr.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\oSmVKUk.exe
  C:\Windows\System\oSmVKUk.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\PMYAZvG.exe
  C:\Windows\System\PMYAZvG.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\efGclJV.exe
  C:\Windows\System\efGclJV.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\NLVQPQR.exe
  C:\Windows\System\NLVQPQR.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\SmAAGTm.exe
  C:\Windows\System\SmAAGTm.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\IFgIgfL.exe
  C:\Windows\System\IFgIgfL.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\POxfWKN.exe
  C:\Windows\System\POxfWKN.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\MzxcnMo.exe
  C:\Windows\System\MzxcnMo.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\VZkiKWW.exe
  C:\Windows\System\VZkiKWW.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\MCBeajA.exe
  C:\Windows\System\MCBeajA.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\IKzDXgz.exe
  C:\Windows\System\IKzDXgz.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\FTyjeqT.exe
  C:\Windows\System\FTyjeqT.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\yUOAWFw.exe
  C:\Windows\System\yUOAWFw.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\TGWuLnL.exe
  C:\Windows\System\TGWuLnL.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\UGioLDW.exe
  C:\Windows\System\UGioLDW.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\fhbtcHF.exe
  C:\Windows\System\fhbtcHF.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\WRRQVtP.exe
  C:\Windows\System\WRRQVtP.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\skgtvLZ.exe
  C:\Windows\System\skgtvLZ.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\uvzAqxr.exe
  C:\Windows\System\uvzAqxr.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\zLUosRb.exe
  C:\Windows\System\zLUosRb.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\mpCFArW.exe
  C:\Windows\System\mpCFArW.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\WsgiQFy.exe
  C:\Windows\System\WsgiQFy.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\qbJMyzW.exe
  C:\Windows\System\qbJMyzW.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\zDqftNm.exe
  C:\Windows\System\zDqftNm.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\taSOfxY.exe
  C:\Windows\System\taSOfxY.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\wsleKvW.exe
  C:\Windows\System\wsleKvW.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\cCFFIWJ.exe
  C:\Windows\System\cCFFIWJ.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\ishZZDY.exe
  C:\Windows\System\ishZZDY.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\BqrvkuU.exe
  C:\Windows\System\BqrvkuU.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\EJbkjoD.exe
  C:\Windows\System\EJbkjoD.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\UFTBwGL.exe
  C:\Windows\System\UFTBwGL.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\yZlCYIL.exe
  C:\Windows\System\yZlCYIL.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\JJepLpy.exe
  C:\Windows\System\JJepLpy.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\yBHDdzE.exe
  C:\Windows\System\yBHDdzE.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\TrFNnHC.exe
  C:\Windows\System\TrFNnHC.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\YnnPIqO.exe
  C:\Windows\System\YnnPIqO.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\haxKdmD.exe
  C:\Windows\System\haxKdmD.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\JFcBQak.exe
  C:\Windows\System\JFcBQak.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\wqyfzzS.exe
  C:\Windows\System\wqyfzzS.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\CmngpFv.exe
  C:\Windows\System\CmngpFv.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\JzFRnqG.exe
  C:\Windows\System\JzFRnqG.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\sGsryrB.exe
  C:\Windows\System\sGsryrB.exe
  2⤵
  PID:1992
- C:\Windows\System\RjgyrGE.exe
  C:\Windows\System\RjgyrGE.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\hAnlfay.exe
  C:\Windows\System\hAnlfay.exe
  2⤵
  PID:1656
- C:\Windows\System\zsdOFVi.exe
  C:\Windows\System\zsdOFVi.exe
  2⤵
  PID:1628
- C:\Windows\System\eSyeJxm.exe
  C:\Windows\System\eSyeJxm.exe
  2⤵
  PID:1620
- C:\Windows\System\eAvDfcL.exe
  C:\Windows\System\eAvDfcL.exe
  2⤵
  PID:1080
- C:\Windows\System\XoXJdfI.exe
  C:\Windows\System\XoXJdfI.exe
  2⤵
  PID:2052
- C:\Windows\System\cQmOcFs.exe
  C:\Windows\System\cQmOcFs.exe
  2⤵
  PID:2320
- C:\Windows\System\KfxTrEu.exe
  C:\Windows\System\KfxTrEu.exe
  2⤵
  PID:692
- C:\Windows\System\fDjiGeU.exe
  C:\Windows\System\fDjiGeU.exe
  2⤵
  PID:1304
- C:\Windows\System\TuBljxF.exe
  C:\Windows\System\TuBljxF.exe
  2⤵
  PID:1328
- C:\Windows\System\peBnSmv.exe
  C:\Windows\System\peBnSmv.exe
  2⤵
  PID:2232
- C:\Windows\System\fKnRZcE.exe
  C:\Windows\System\fKnRZcE.exe
  2⤵
  PID:1608
- C:\Windows\System\dXlcQjh.exe
  C:\Windows\System\dXlcQjh.exe
  2⤵
  PID:2528
- C:\Windows\System\xsztcnn.exe
  C:\Windows\System\xsztcnn.exe
  2⤵
  PID:560
- C:\Windows\System\srKZjQN.exe
  C:\Windows\System\srKZjQN.exe
  2⤵
  PID:2432
- C:\Windows\System\dFGUjAY.exe
  C:\Windows\System\dFGUjAY.exe
  2⤵
  PID:2488
- C:\Windows\System\LhvgyFl.exe
  C:\Windows\System\LhvgyFl.exe
  2⤵
  PID:1504
- C:\Windows\System\EqhLYsF.exe
  C:\Windows\System\EqhLYsF.exe
  2⤵
  PID:2312
- C:\Windows\System\hQyqGfl.exe
  C:\Windows\System\hQyqGfl.exe
  2⤵
  PID:2536
- C:\Windows\System\yEyFQtv.exe
  C:\Windows\System\yEyFQtv.exe
  2⤵
  PID:2292
- C:\Windows\System\qsOEQfn.exe
  C:\Windows\System\qsOEQfn.exe
  2⤵
  PID:896
- C:\Windows\System\jlXtfJt.exe
  C:\Windows\System\jlXtfJt.exe
  2⤵
  PID:1576
- C:\Windows\System\oWDbMXZ.exe
  C:\Windows\System\oWDbMXZ.exe
  2⤵
  PID:2196
- C:\Windows\System\dJXBrIM.exe
  C:\Windows\System\dJXBrIM.exe
  2⤵
  PID:1600
- C:\Windows\System\yMDdhwH.exe
  C:\Windows\System\yMDdhwH.exe
  2⤵
  PID:2400
- C:\Windows\System\vXgGDKm.exe
  C:\Windows\System\vXgGDKm.exe
  2⤵
  PID:2784
- C:\Windows\System\bPPXiEL.exe
  C:\Windows\System\bPPXiEL.exe
  2⤵
  PID:1996
- C:\Windows\System\EbiCLlP.exe
  C:\Windows\System\EbiCLlP.exe
  2⤵
  PID:264
- C:\Windows\System\BXaDIAi.exe
  C:\Windows\System\BXaDIAi.exe
  2⤵
  PID:2088
- C:\Windows\System\UVriVlu.exe
  C:\Windows\System\UVriVlu.exe
  2⤵
  PID:1480
- C:\Windows\System\xPLIJSz.exe
  C:\Windows\System\xPLIJSz.exe
  2⤵
  PID:2104
- C:\Windows\System\sMLFzou.exe
  C:\Windows\System\sMLFzou.exe
  2⤵
  PID:404
- C:\Windows\System\nlJZLIc.exe
  C:\Windows\System\nlJZLIc.exe
  2⤵
  PID:1796
- C:\Windows\System\bIlcRhe.exe
  C:\Windows\System\bIlcRhe.exe
  2⤵
  PID:920
- C:\Windows\System\pDvJdrJ.exe
  C:\Windows\System\pDvJdrJ.exe
  2⤵
  PID:1624
- C:\Windows\System\qPrqxvF.exe
  C:\Windows\System\qPrqxvF.exe
  2⤵
  PID:3076
- C:\Windows\System\kcYzEmf.exe
  C:\Windows\System\kcYzEmf.exe
  2⤵
  PID:3092
- C:\Windows\System\IfLFrif.exe
  C:\Windows\System\IfLFrif.exe
  2⤵
  PID:3112
- C:\Windows\System\nTuKwsY.exe
  C:\Windows\System\nTuKwsY.exe
  2⤵
  PID:3136
- C:\Windows\System\nMPgGxH.exe
  C:\Windows\System\nMPgGxH.exe
  2⤵
  PID:3152
- C:\Windows\System\LJMoAsu.exe
  C:\Windows\System\LJMoAsu.exe
  2⤵
  PID:3168
- C:\Windows\System\jqwsZFN.exe
  C:\Windows\System\jqwsZFN.exe
  2⤵
  PID:3192
- C:\Windows\System\YqqxKuY.exe
  C:\Windows\System\YqqxKuY.exe
  2⤵
  PID:3208
- C:\Windows\System\jUaXRqT.exe
  C:\Windows\System\jUaXRqT.exe
  2⤵
  PID:3276
- C:\Windows\System\lHxWRSs.exe
  C:\Windows\System\lHxWRSs.exe
  2⤵
  PID:3296
- C:\Windows\System\ovpspel.exe
  C:\Windows\System\ovpspel.exe
  2⤵
  PID:3316
- C:\Windows\System\BIYXKIN.exe
  C:\Windows\System\BIYXKIN.exe
  2⤵
  PID:3336
- C:\Windows\System\cLRdvpw.exe
  C:\Windows\System\cLRdvpw.exe
  2⤵
  PID:3356
- C:\Windows\System\NDgYDPk.exe
  C:\Windows\System\NDgYDPk.exe
  2⤵
  PID:3376
- C:\Windows\System\qaolDBo.exe
  C:\Windows\System\qaolDBo.exe
  2⤵
  PID:3396
- C:\Windows\System\IUbKHRV.exe
  C:\Windows\System\IUbKHRV.exe
  2⤵
  PID:3416
- C:\Windows\System\WTjHRXh.exe
  C:\Windows\System\WTjHRXh.exe
  2⤵
  PID:3436
- C:\Windows\System\OceLvoZ.exe
  C:\Windows\System\OceLvoZ.exe
  2⤵
  PID:3456
- C:\Windows\System\kRimZFT.exe
  C:\Windows\System\kRimZFT.exe
  2⤵
  PID:3472
- C:\Windows\System\VGdYWOh.exe
  C:\Windows\System\VGdYWOh.exe
  2⤵
  PID:3492
- C:\Windows\System\PZMQjgc.exe
  C:\Windows\System\PZMQjgc.exe
  2⤵
  PID:3516
- C:\Windows\System\yQYnsrH.exe
  C:\Windows\System\yQYnsrH.exe
  2⤵
  PID:3532
- C:\Windows\System\nllHqej.exe
  C:\Windows\System\nllHqej.exe
  2⤵
  PID:3556
- C:\Windows\System\rdDWiVx.exe
  C:\Windows\System\rdDWiVx.exe
  2⤵
  PID:3572
- C:\Windows\System\ZwosoVY.exe
  C:\Windows\System\ZwosoVY.exe
  2⤵
  PID:3596
- C:\Windows\System\SOQHRmq.exe
  C:\Windows\System\SOQHRmq.exe
  2⤵
  PID:3616
- C:\Windows\System\udbKcAw.exe
  C:\Windows\System\udbKcAw.exe
  2⤵
  PID:3632
- C:\Windows\System\rwVbMqB.exe
  C:\Windows\System\rwVbMqB.exe
  2⤵
  PID:3648
- C:\Windows\System\tNhEETU.exe
  C:\Windows\System\tNhEETU.exe
  2⤵
  PID:3672
- C:\Windows\System\WkKAqGG.exe
  C:\Windows\System\WkKAqGG.exe
  2⤵
  PID:3692
- C:\Windows\System\CNXtZRH.exe
  C:\Windows\System\CNXtZRH.exe
  2⤵
  PID:3720
- C:\Windows\System\tnHfzQC.exe
  C:\Windows\System\tnHfzQC.exe
  2⤵
  PID:3736
- C:\Windows\System\WOUGBkF.exe
  C:\Windows\System\WOUGBkF.exe
  2⤵
  PID:3760
- C:\Windows\System\vwsFViM.exe
  C:\Windows\System\vwsFViM.exe
  2⤵
  PID:3780
- C:\Windows\System\ZUscCCc.exe
  C:\Windows\System\ZUscCCc.exe
  2⤵
  PID:3800
- C:\Windows\System\BaqUQGA.exe
  C:\Windows\System\BaqUQGA.exe
  2⤵
  PID:3820
- C:\Windows\System\Iqtxmrz.exe
  C:\Windows\System\Iqtxmrz.exe
  2⤵
  PID:3840
- C:\Windows\System\IVnnEui.exe
  C:\Windows\System\IVnnEui.exe
  2⤵
  PID:3860
- C:\Windows\System\QbwXKfP.exe
  C:\Windows\System\QbwXKfP.exe
  2⤵
  PID:3880
- C:\Windows\System\MssZezK.exe
  C:\Windows\System\MssZezK.exe
  2⤵
  PID:3896
- C:\Windows\System\YnbQeLZ.exe
  C:\Windows\System\YnbQeLZ.exe
  2⤵
  PID:3912
- C:\Windows\System\PbaBTbA.exe
  C:\Windows\System\PbaBTbA.exe
  2⤵
  PID:3936
- C:\Windows\System\CsbfMSp.exe
  C:\Windows\System\CsbfMSp.exe
  2⤵
  PID:3952
- C:\Windows\System\KhNiVyv.exe
  C:\Windows\System\KhNiVyv.exe
  2⤵
  PID:3968
- C:\Windows\System\mCitSQm.exe
  C:\Windows\System\mCitSQm.exe
  2⤵
  PID:3984
- C:\Windows\System\yxfFTmF.exe
  C:\Windows\System\yxfFTmF.exe
  2⤵
  PID:4000
- C:\Windows\System\MgGPKCf.exe
  C:\Windows\System\MgGPKCf.exe
  2⤵
  PID:4028
- C:\Windows\System\TGkpZfg.exe
  C:\Windows\System\TGkpZfg.exe
  2⤵
  PID:4052
- C:\Windows\System\mgqiBjC.exe
  C:\Windows\System\mgqiBjC.exe
  2⤵
  PID:4068
- C:\Windows\System\VUAAoXd.exe
  C:\Windows\System\VUAAoXd.exe
  2⤵
  PID:2148
- C:\Windows\System\AYodzJH.exe
  C:\Windows\System\AYodzJH.exe
  2⤵
  PID:2028
- C:\Windows\System\coIqbKQ.exe
  C:\Windows\System\coIqbKQ.exe
  2⤵
  PID:2916
- C:\Windows\System\JhaCJfq.exe
  C:\Windows\System\JhaCJfq.exe
  2⤵
  PID:2780
- C:\Windows\System\iVtjzac.exe
  C:\Windows\System\iVtjzac.exe
  2⤵
  PID:1840
- C:\Windows\System\ExipugQ.exe
  C:\Windows\System\ExipugQ.exe
  2⤵
  PID:1260
- C:\Windows\System\yzdZGJl.exe
  C:\Windows\System\yzdZGJl.exe
  2⤵
  PID:812
- C:\Windows\System\ALAKMuu.exe
  C:\Windows\System\ALAKMuu.exe
  2⤵
  PID:1772
- C:\Windows\System\izATSTI.exe
  C:\Windows\System\izATSTI.exe
  2⤵
  PID:304
- C:\Windows\System\wJuNAde.exe
  C:\Windows\System\wJuNAde.exe
  2⤵
  PID:3108
- C:\Windows\System\ePPtpCb.exe
  C:\Windows\System\ePPtpCb.exe
  2⤵
  PID:2248
- C:\Windows\System\XojQHml.exe
  C:\Windows\System\XojQHml.exe
  2⤵
  PID:2168
- C:\Windows\System\yRYdFwA.exe
  C:\Windows\System\yRYdFwA.exe
  2⤵
  PID:3176
- C:\Windows\System\mJapYAJ.exe
  C:\Windows\System\mJapYAJ.exe
  2⤵
  PID:3128
- C:\Windows\System\yuPLDqr.exe
  C:\Windows\System\yuPLDqr.exe
  2⤵
  PID:2692
- C:\Windows\System\rexowGS.exe
  C:\Windows\System\rexowGS.exe
  2⤵
  PID:3088
- C:\Windows\System\zDUrkXd.exe
  C:\Windows\System\zDUrkXd.exe
  2⤵
  PID:1552
- C:\Windows\System\MqgnDdo.exe
  C:\Windows\System\MqgnDdo.exe
  2⤵
  PID:2172
- C:\Windows\System\TZQZhyk.exe
  C:\Windows\System\TZQZhyk.exe
  2⤵
  PID:3204
- C:\Windows\System\jWtyVVu.exe
  C:\Windows\System\jWtyVVu.exe
  2⤵
  PID:3228
- C:\Windows\System\vASvTFj.exe
  C:\Windows\System\vASvTFj.exe
  2⤵
  PID:3248
- C:\Windows\System\gsGxuBk.exe
  C:\Windows\System\gsGxuBk.exe
  2⤵
  PID:3264
- C:\Windows\System\YGlurKf.exe
  C:\Windows\System\YGlurKf.exe
  2⤵
  PID:3388
- C:\Windows\System\MlcXPvb.exe
  C:\Windows\System\MlcXPvb.exe
  2⤵
  PID:3428
- C:\Windows\System\OafDPCe.exe
  C:\Windows\System\OafDPCe.exe
  2⤵
  PID:3468
- C:\Windows\System\hEXSuWS.exe
  C:\Windows\System\hEXSuWS.exe
  2⤵
  PID:3444
- C:\Windows\System\CwrmTiE.exe
  C:\Windows\System\CwrmTiE.exe
  2⤵
  PID:3524
- C:\Windows\System\qRYoPri.exe
  C:\Windows\System\qRYoPri.exe
  2⤵
  PID:3540
- C:\Windows\System\elwZbTR.exe
  C:\Windows\System\elwZbTR.exe
  2⤵
  PID:3588
- C:\Windows\System\NLrJFMN.exe
  C:\Windows\System\NLrJFMN.exe
  2⤵
  PID:3660
- C:\Windows\System\hNjQGlP.exe
  C:\Windows\System\hNjQGlP.exe
  2⤵
  PID:3664
- C:\Windows\System\MtYoIhx.exe
  C:\Windows\System\MtYoIhx.exe
  2⤵
  PID:3708
- C:\Windows\System\KyDkliU.exe
  C:\Windows\System\KyDkliU.exe
  2⤵
  PID:3756
- C:\Windows\System\iOQtkoN.exe
  C:\Windows\System\iOQtkoN.exe
  2⤵
  PID:3608
- C:\Windows\System\owtpOiw.exe
  C:\Windows\System\owtpOiw.exe
  2⤵
  PID:3728
- C:\Windows\System\RoAqRbF.exe
  C:\Windows\System\RoAqRbF.exe
  2⤵
  PID:3772
- C:\Windows\System\yuRCfbE.exe
  C:\Windows\System\yuRCfbE.exe
  2⤵
  PID:3868
- C:\Windows\System\VFOLqLZ.exe
  C:\Windows\System\VFOLqLZ.exe
  2⤵
  PID:3816
- C:\Windows\System\jLJjYNf.exe
  C:\Windows\System\jLJjYNf.exe
  2⤵
  PID:4012
- C:\Windows\System\VMdBKbW.exe
  C:\Windows\System\VMdBKbW.exe
  2⤵
  PID:4060
- C:\Windows\System\Bmsffdi.exe
  C:\Windows\System\Bmsffdi.exe
  2⤵
  PID:588
- C:\Windows\System\SxIyhao.exe
  C:\Windows\System\SxIyhao.exe
  2⤵
  PID:2448
- C:\Windows\System\BLtjrFm.exe
  C:\Windows\System\BLtjrFm.exe
  2⤵
  PID:2100
- C:\Windows\System\EfdBXfv.exe
  C:\Windows\System\EfdBXfv.exe
  2⤵
  PID:3120
- C:\Windows\System\enpTSBL.exe
  C:\Windows\System\enpTSBL.exe
  2⤵
  PID:3888
- C:\Windows\System\AQpDMpk.exe
  C:\Windows\System\AQpDMpk.exe
  2⤵
  PID:3928
- C:\Windows\System\cwMJQfp.exe
  C:\Windows\System\cwMJQfp.exe
  2⤵
  PID:1164
- C:\Windows\System\VXOLXLr.exe
  C:\Windows\System\VXOLXLr.exe
  2⤵
  PID:4048
- C:\Windows\System\CwESjdq.exe
  C:\Windows\System\CwESjdq.exe
  2⤵
  PID:3260
- C:\Windows\System\bqNRVRG.exe
  C:\Windows\System\bqNRVRG.exe
  2⤵
  PID:4092
- C:\Windows\System\xleYmar.exe
  C:\Windows\System\xleYmar.exe
  2⤵
  PID:3508
- C:\Windows\System\LgAnAfs.exe
  C:\Windows\System\LgAnAfs.exe
  2⤵
  PID:2360
- C:\Windows\System\cJnrFqP.exe
  C:\Windows\System\cJnrFqP.exe
  2⤵
  PID:3656
- C:\Windows\System\XXGZhXy.exe
  C:\Windows\System\XXGZhXy.exe
  2⤵
  PID:2492
- C:\Windows\System\xiurFuB.exe
  C:\Windows\System\xiurFuB.exe
  2⤵
  PID:3240
- C:\Windows\System\UsMFJuc.exe
  C:\Windows\System\UsMFJuc.exe
  2⤵
  PID:3148
- C:\Windows\System\CxCSKzA.exe
  C:\Windows\System\CxCSKzA.exe
  2⤵
  PID:1136
- C:\Windows\System\zilPiDB.exe
  C:\Windows\System\zilPiDB.exe
  2⤵
  PID:2972
- C:\Windows\System\AvQsxck.exe
  C:\Windows\System\AvQsxck.exe
  2⤵
  PID:2036
- C:\Windows\System\JeESYVA.exe
  C:\Windows\System\JeESYVA.exe
  2⤵
  PID:3344
- C:\Windows\System\BlXtuWE.exe
  C:\Windows\System\BlXtuWE.exe
  2⤵
  PID:3680
- C:\Windows\System\xYerPSb.exe
  C:\Windows\System\xYerPSb.exe
  2⤵
  PID:3408
- C:\Windows\System\vKEMDcw.exe
  C:\Windows\System\vKEMDcw.exe
  2⤵
  PID:3448
- C:\Windows\System\pWgObEX.exe
  C:\Windows\System\pWgObEX.exe
  2⤵
  PID:3712
- C:\Windows\System\FAILsdw.exe
  C:\Windows\System\FAILsdw.exe
  2⤵
  PID:3688
- C:\Windows\System\roauEty.exe
  C:\Windows\System\roauEty.exe
  2⤵
  PID:3832
- C:\Windows\System\fDHokLi.exe
  C:\Windows\System\fDHokLi.exe
  2⤵
  PID:3552
- C:\Windows\System\rECLWuB.exe
  C:\Windows\System\rECLWuB.exe
  2⤵
  PID:3980
- C:\Windows\System\ZADoHLL.exe
  C:\Windows\System\ZADoHLL.exe
  2⤵
  PID:1340
- C:\Windows\System\aTqbsUW.exe
  C:\Windows\System\aTqbsUW.exe
  2⤵
  PID:2640
- C:\Windows\System\uzivlAH.exe
  C:\Windows\System\uzivlAH.exe
  2⤵
  PID:1128
- C:\Windows\System\EIrRaqo.exe
  C:\Windows\System\EIrRaqo.exe
  2⤵
  PID:3160
- C:\Windows\System\fSOPAXC.exe
  C:\Windows\System\fSOPAXC.exe
  2⤵
  PID:3220
- C:\Windows\System\kxdSGRO.exe
  C:\Windows\System\kxdSGRO.exe
  2⤵
  PID:3328
- C:\Windows\System\KXHULNF.exe
  C:\Windows\System\KXHULNF.exe
  2⤵
  PID:3528
- C:\Windows\System\TAGTrmZ.exe
  C:\Windows\System\TAGTrmZ.exe
  2⤵
  PID:3200
- C:\Windows\System\cercEiD.exe
  C:\Windows\System\cercEiD.exe
  2⤵
  PID:3372
- C:\Windows\System\kkNKWVE.exe
  C:\Windows\System\kkNKWVE.exe
  2⤵
  PID:2992
- C:\Windows\System\ontVIqR.exe
  C:\Windows\System\ontVIqR.exe
  2⤵
  PID:3404
- C:\Windows\System\wFztAQR.exe
  C:\Windows\System\wFztAQR.exe
  2⤵
  PID:3580
- C:\Windows\System\icfqvkb.exe
  C:\Windows\System\icfqvkb.exe
  2⤵
  PID:2372
- C:\Windows\System\gaRnJXo.exe
  C:\Windows\System\gaRnJXo.exe
  2⤵
  PID:2516
- C:\Windows\System\sWTWTEa.exe
  C:\Windows\System\sWTWTEa.exe
  2⤵
  PID:540
- C:\Windows\System\BcqUPGx.exe
  C:\Windows\System\BcqUPGx.exe
  2⤵
  PID:3976
- C:\Windows\System\TwBjxOj.exe
  C:\Windows\System\TwBjxOj.exe
  2⤵
  PID:3992
- C:\Windows\System\AWjhLLf.exe
  C:\Windows\System\AWjhLLf.exe
  2⤵
  PID:4084
- C:\Windows\System\yhzCUjL.exe
  C:\Windows\System\yhzCUjL.exe
  2⤵
  PID:3332
- C:\Windows\System\gHDJbnV.exe
  C:\Windows\System\gHDJbnV.exe
  2⤵
  PID:1752
- C:\Windows\System\kANMaTs.exe
  C:\Windows\System\kANMaTs.exe
  2⤵
  PID:4116
- C:\Windows\System\mOHvxtm.exe
  C:\Windows\System\mOHvxtm.exe
  2⤵
  PID:4132
- C:\Windows\System\lZvTJYG.exe
  C:\Windows\System\lZvTJYG.exe
  2⤵
  PID:4148
- C:\Windows\System\iPpHXTh.exe
  C:\Windows\System\iPpHXTh.exe
  2⤵
  PID:4164
- C:\Windows\System\LZIzATa.exe
  C:\Windows\System\LZIzATa.exe
  2⤵
  PID:4180
- C:\Windows\System\IjUNuwb.exe
  C:\Windows\System\IjUNuwb.exe
  2⤵
  PID:4196
- C:\Windows\System\QxRzQPx.exe
  C:\Windows\System\QxRzQPx.exe
  2⤵
  PID:4212
- C:\Windows\System\hRdaNxA.exe
  C:\Windows\System\hRdaNxA.exe
  2⤵
  PID:4228
- C:\Windows\System\vDCCeKD.exe
  C:\Windows\System\vDCCeKD.exe
  2⤵
  PID:4244
- C:\Windows\System\cIGdIrK.exe
  C:\Windows\System\cIGdIrK.exe
  2⤵
  PID:4260
- C:\Windows\System\vLtAMtZ.exe
  C:\Windows\System\vLtAMtZ.exe
  2⤵
  PID:4276
- C:\Windows\System\KbijWPP.exe
  C:\Windows\System\KbijWPP.exe
  2⤵
  PID:4292
- C:\Windows\System\tSxEkZK.exe
  C:\Windows\System\tSxEkZK.exe
  2⤵
  PID:4312
- C:\Windows\System\HQWIbao.exe
  C:\Windows\System\HQWIbao.exe
  2⤵
  PID:4332
- C:\Windows\System\ADxzlOl.exe
  C:\Windows\System\ADxzlOl.exe
  2⤵
  PID:4348
- C:\Windows\System\gGOtBtc.exe
  C:\Windows\System\gGOtBtc.exe
  2⤵
  PID:4364
- C:\Windows\System\hwWXECu.exe
  C:\Windows\System\hwWXECu.exe
  2⤵
  PID:4380
- C:\Windows\System\JamBXHr.exe
  C:\Windows\System\JamBXHr.exe
  2⤵
  PID:4396
- C:\Windows\System\LyGEYky.exe
  C:\Windows\System\LyGEYky.exe
  2⤵
  PID:4444
- C:\Windows\System\lsrfUJj.exe
  C:\Windows\System\lsrfUJj.exe
  2⤵
  PID:4464
- C:\Windows\System\reJMIbH.exe
  C:\Windows\System\reJMIbH.exe
  2⤵
  PID:4488
- C:\Windows\System\tbqUure.exe
  C:\Windows\System\tbqUure.exe
  2⤵
  PID:4504
- C:\Windows\System\ltvSSQy.exe
  C:\Windows\System\ltvSSQy.exe
  2⤵
  PID:4532
- C:\Windows\System\wBcKGYT.exe
  C:\Windows\System\wBcKGYT.exe
  2⤵
  PID:4556
- C:\Windows\System\PueQtFx.exe
  C:\Windows\System\PueQtFx.exe
  2⤵
  PID:4664
- C:\Windows\System\RcaIiOi.exe
  C:\Windows\System\RcaIiOi.exe
  2⤵
  PID:4684
- C:\Windows\System\ZCOThlx.exe
  C:\Windows\System\ZCOThlx.exe
  2⤵
  PID:4700
- C:\Windows\System\TuGuKhW.exe
  C:\Windows\System\TuGuKhW.exe
  2⤵
  PID:4724
- C:\Windows\System\cFAIvAC.exe
  C:\Windows\System\cFAIvAC.exe
  2⤵
  PID:4744
- C:\Windows\System\bimQjTS.exe
  C:\Windows\System\bimQjTS.exe
  2⤵
  PID:4764
- C:\Windows\System\YiTWoBR.exe
  C:\Windows\System\YiTWoBR.exe
  2⤵
  PID:4784
- C:\Windows\System\ZXecKvu.exe
  C:\Windows\System\ZXecKvu.exe
  2⤵
  PID:4804
- C:\Windows\System\fGsosht.exe
  C:\Windows\System\fGsosht.exe
  2⤵
  PID:4824
- C:\Windows\System\jgepesN.exe
  C:\Windows\System\jgepesN.exe
  2⤵
  PID:4844
- C:\Windows\System\ybUMedn.exe
  C:\Windows\System\ybUMedn.exe
  2⤵
  PID:4864
- C:\Windows\System\hgpraLT.exe
  C:\Windows\System\hgpraLT.exe
  2⤵
  PID:4884
- C:\Windows\System\rPwHCZy.exe
  C:\Windows\System\rPwHCZy.exe
  2⤵
  PID:4900
- C:\Windows\System\zotXsmP.exe
  C:\Windows\System\zotXsmP.exe
  2⤵
  PID:4920
- C:\Windows\System\RaoeRyN.exe
  C:\Windows\System\RaoeRyN.exe
  2⤵
  PID:4940
- C:\Windows\System\UERsOoM.exe
  C:\Windows\System\UERsOoM.exe
  2⤵
  PID:4956
- C:\Windows\System\PWzDXfY.exe
  C:\Windows\System\PWzDXfY.exe
  2⤵
  PID:4976
- C:\Windows\System\nppunTJ.exe
  C:\Windows\System\nppunTJ.exe
  2⤵
  PID:4992
- C:\Windows\System\CzNEKYm.exe
  C:\Windows\System\CzNEKYm.exe
  2⤵
  PID:5016
- C:\Windows\System\auGBzvp.exe
  C:\Windows\System\auGBzvp.exe
  2⤵
  PID:5040
- C:\Windows\System\IEDLlLB.exe
  C:\Windows\System\IEDLlLB.exe
  2⤵
  PID:5056
- C:\Windows\System\VkNdypx.exe
  C:\Windows\System\VkNdypx.exe
  2⤵
  PID:5084
- C:\Windows\System\ghFGgUG.exe
  C:\Windows\System\ghFGgUG.exe
  2⤵
  PID:5104
- C:\Windows\System\bSnlbBt.exe
  C:\Windows\System\bSnlbBt.exe
  2⤵
  PID:3236
- C:\Windows\System\rYKYdkJ.exe
  C:\Windows\System\rYKYdkJ.exe
  2⤵
  PID:4040
- C:\Windows\System\rvliFjA.exe
  C:\Windows\System\rvliFjA.exe
  2⤵
  PID:4156
- C:\Windows\System\xthVmLm.exe
  C:\Windows\System\xthVmLm.exe
  2⤵
  PID:4224
- C:\Windows\System\AGzPjSJ.exe
  C:\Windows\System\AGzPjSJ.exe
  2⤵
  PID:3812
- C:\Windows\System\qMbgNsQ.exe
  C:\Windows\System\qMbgNsQ.exe
  2⤵
  PID:3392
- C:\Windows\System\jefXgbc.exe
  C:\Windows\System\jefXgbc.exe
  2⤵
  PID:3776
- C:\Windows\System\YQOaVgI.exe
  C:\Windows\System\YQOaVgI.exe
  2⤵
  PID:4324
- C:\Windows\System\FCSXOFD.exe
  C:\Windows\System\FCSXOFD.exe
  2⤵
  PID:4452
- C:\Windows\System\UYpaPHy.exe
  C:\Windows\System\UYpaPHy.exe
  2⤵
  PID:3960
- C:\Windows\System\LUPNcNq.exe
  C:\Windows\System\LUPNcNq.exe
  2⤵
  PID:1756
- C:\Windows\System\THCqzoT.exe
  C:\Windows\System\THCqzoT.exe
  2⤵
  PID:4548
- C:\Windows\System\tlFrZcp.exe
  C:\Windows\System\tlFrZcp.exe
  2⤵
  PID:3836
- C:\Windows\System\bJYmUSy.exe
  C:\Windows\System\bJYmUSy.exe
  2⤵
  PID:4108
- C:\Windows\System\tWPtbPH.exe
  C:\Windows\System\tWPtbPH.exe
  2⤵
  PID:4236
- C:\Windows\System\qjijNJP.exe
  C:\Windows\System\qjijNJP.exe
  2⤵
  PID:4304
- C:\Windows\System\RDjpdOO.exe
  C:\Windows\System\RDjpdOO.exe
  2⤵
  PID:4376
- C:\Windows\System\QJsCIGL.exe
  C:\Windows\System\QJsCIGL.exe
  2⤵
  PID:4420
- C:\Windows\System\mxLOJPl.exe
  C:\Windows\System\mxLOJPl.exe
  2⤵
  PID:4440
- C:\Windows\System\NHnbtJr.exe
  C:\Windows\System\NHnbtJr.exe
  2⤵
  PID:4512
- C:\Windows\System\XrWmDLk.exe
  C:\Windows\System\XrWmDLk.exe
  2⤵
  PID:4564
- C:\Windows\System\bphpwpM.exe
  C:\Windows\System\bphpwpM.exe
  2⤵
  PID:4104
- C:\Windows\System\CHcRrdm.exe
  C:\Windows\System\CHcRrdm.exe
  2⤵
  PID:2304
- C:\Windows\System\BNReSJA.exe
  C:\Windows\System\BNReSJA.exe
  2⤵
  PID:4612
- C:\Windows\System\ibALnJa.exe
  C:\Windows\System\ibALnJa.exe
  2⤵
  PID:4632
- C:\Windows\System\azhYjTv.exe
  C:\Windows\System\azhYjTv.exe
  2⤵
  PID:4656
- C:\Windows\System\NYZkGRq.exe
  C:\Windows\System\NYZkGRq.exe
  2⤵
  PID:4676
- C:\Windows\System\yUTlXjF.exe
  C:\Windows\System\yUTlXjF.exe
  2⤵
  PID:4712
- C:\Windows\System\UtiFbwB.exe
  C:\Windows\System\UtiFbwB.exe
  2⤵
  PID:4696
- C:\Windows\System\EyHMSvU.exe
  C:\Windows\System\EyHMSvU.exe
  2⤵
  PID:4792
- C:\Windows\System\AqYwXFj.exe
  C:\Windows\System\AqYwXFj.exe
  2⤵
  PID:4836
- C:\Windows\System\fPgwqBB.exe
  C:\Windows\System\fPgwqBB.exe
  2⤵
  PID:4820
- C:\Windows\System\LQoyahX.exe
  C:\Windows\System\LQoyahX.exe
  2⤵
  PID:4860
- C:\Windows\System\UWQINPw.exe
  C:\Windows\System\UWQINPw.exe
  2⤵
  PID:4916
- C:\Windows\System\gxMRLDU.exe
  C:\Windows\System\gxMRLDU.exe
  2⤵
  PID:4932
- C:\Windows\System\sOrQiRI.exe
  C:\Windows\System\sOrQiRI.exe
  2⤵
  PID:5000
- C:\Windows\System\oYnUSAP.exe
  C:\Windows\System\oYnUSAP.exe
  2⤵
  PID:4892
- C:\Windows\System\vfFsIBt.exe
  C:\Windows\System\vfFsIBt.exe
  2⤵
  PID:5076
- C:\Windows\System\WFBxYBA.exe
  C:\Windows\System\WFBxYBA.exe
  2⤵
  PID:5012
- C:\Windows\System\kJuQKaH.exe
  C:\Windows\System\kJuQKaH.exe
  2⤵
  PID:5112
- C:\Windows\System\XJMQrlz.exe
  C:\Windows\System\XJMQrlz.exe
  2⤵
  PID:3872
- C:\Windows\System\dMXOKaA.exe
  C:\Windows\System\dMXOKaA.exe
  2⤵
  PID:3944
- C:\Windows\System\iQUJgve.exe
  C:\Windows\System\iQUJgve.exe
  2⤵
  PID:4220
- C:\Windows\System\xcMXmbh.exe
  C:\Windows\System\xcMXmbh.exe
  2⤵
  PID:3640
- C:\Windows\System\GuygYfA.exe
  C:\Windows\System\GuygYfA.exe
  2⤵
  PID:3060
- C:\Windows\System\EbmAjRQ.exe
  C:\Windows\System\EbmAjRQ.exe
  2⤵
  PID:5008
- C:\Windows\System\xsJONly.exe
  C:\Windows\System\xsJONly.exe
  2⤵
  PID:4388
- C:\Windows\System\wyCYTyV.exe
  C:\Windows\System\wyCYTyV.exe
  2⤵
  PID:4500
- C:\Windows\System\IXwFwve.exe
  C:\Windows\System\IXwFwve.exe
  2⤵
  PID:4540
- C:\Windows\System\CTBJewT.exe
  C:\Windows\System\CTBJewT.exe
  2⤵
  PID:3568
- C:\Windows\System\LsdBvUj.exe
  C:\Windows\System\LsdBvUj.exe
  2⤵
  PID:3224
- C:\Windows\System\DDxHZWR.exe
  C:\Windows\System\DDxHZWR.exe
  2⤵
  PID:4340
- C:\Windows\System\jectDnH.exe
  C:\Windows\System\jectDnH.exe
  2⤵
  PID:4432
- C:\Windows\System\VORLwbC.exe
  C:\Windows\System\VORLwbC.exe
  2⤵
  PID:4520
- C:\Windows\System\EHivVQT.exe
  C:\Windows\System\EHivVQT.exe
  2⤵
  PID:2316
- C:\Windows\System\IhBxvNa.exe
  C:\Windows\System\IhBxvNa.exe
  2⤵
  PID:4144
- C:\Windows\System\rwAIoQP.exe
  C:\Windows\System\rwAIoQP.exe
  2⤵
  PID:4680
- C:\Windows\System\DcMHaSQ.exe
  C:\Windows\System\DcMHaSQ.exe
  2⤵
  PID:4644
- C:\Windows\System\ajcnAdy.exe
  C:\Windows\System\ajcnAdy.exe
  2⤵
  PID:4716
- C:\Windows\System\UQBODIB.exe
  C:\Windows\System\UQBODIB.exe
  2⤵
  PID:4852
- C:\Windows\System\PTwXMIm.exe
  C:\Windows\System\PTwXMIm.exe
  2⤵
  PID:4736
- C:\Windows\System\XRyAcii.exe
  C:\Windows\System\XRyAcii.exe
  2⤵
  PID:4988
- C:\Windows\System\yIPgsDF.exe
  C:\Windows\System\yIPgsDF.exe
  2⤵
  PID:4972
- C:\Windows\System\MnPxeVW.exe
  C:\Windows\System\MnPxeVW.exe
  2⤵
  PID:5024
- C:\Windows\System\GZjgcDz.exe
  C:\Windows\System\GZjgcDz.exe
  2⤵
  PID:5064
- C:\Windows\System\chYIqrh.exe
  C:\Windows\System\chYIqrh.exe
  2⤵
  PID:5048
- C:\Windows\System\uqanRxQ.exe
  C:\Windows\System\uqanRxQ.exe
  2⤵
  PID:4192
- C:\Windows\System\IQiQcni.exe
  C:\Windows\System\IQiQcni.exe
  2⤵
  PID:3384
- C:\Windows\System\jAfWOQm.exe
  C:\Windows\System\jAfWOQm.exe
  2⤵
  PID:4188
- C:\Windows\System\gbYXMFM.exe
  C:\Windows\System\gbYXMFM.exe
  2⤵
  PID:4496
- C:\Windows\System\gwYdRWJ.exe
  C:\Windows\System\gwYdRWJ.exe
  2⤵
  PID:4176
- C:\Windows\System\CTqgeKP.exe
  C:\Windows\System\CTqgeKP.exe
  2⤵
  PID:4436
- C:\Windows\System\mcuICFj.exe
  C:\Windows\System\mcuICFj.exe
  2⤵
  PID:4300
- C:\Windows\System\LnlGyyl.exe
  C:\Windows\System\LnlGyyl.exe
  2⤵
  PID:4476
- C:\Windows\System\qWiFpJC.exe
  C:\Windows\System\qWiFpJC.exe
  2⤵
  PID:4480
- C:\Windows\System\DFpnRAr.exe
  C:\Windows\System\DFpnRAr.exe
  2⤵
  PID:4652
- C:\Windows\System\utiuWDW.exe
  C:\Windows\System\utiuWDW.exe
  2⤵
  PID:4760
- C:\Windows\System\jPImIdv.exe
  C:\Windows\System\jPImIdv.exe
  2⤵
  PID:4648
- C:\Windows\System\DCpmGDw.exe
  C:\Windows\System\DCpmGDw.exe
  2⤵
  PID:4936
- C:\Windows\System\fwVjWMU.exe
  C:\Windows\System\fwVjWMU.exe
  2⤵
  PID:1720
- C:\Windows\System\gPQDgUt.exe
  C:\Windows\System\gPQDgUt.exe
  2⤵
  PID:5092
- C:\Windows\System\VxWDZVj.exe
  C:\Windows\System\VxWDZVj.exe
  2⤵
  PID:5132
- C:\Windows\System\adksDNS.exe
  C:\Windows\System\adksDNS.exe
  2⤵
  PID:5152
- C:\Windows\System\IaktjUu.exe
  C:\Windows\System\IaktjUu.exe
  2⤵
  PID:5168
- C:\Windows\System\dvgCyNo.exe
  C:\Windows\System\dvgCyNo.exe
  2⤵
  PID:5192
- C:\Windows\System\iPHkBDu.exe
  C:\Windows\System\iPHkBDu.exe
  2⤵
  PID:5212
- C:\Windows\System\xBmdnzY.exe
  C:\Windows\System\xBmdnzY.exe
  2⤵
  PID:5232
- C:\Windows\System\XfglodU.exe
  C:\Windows\System\XfglodU.exe
  2⤵
  PID:5252
- C:\Windows\System\SlSijom.exe
  C:\Windows\System\SlSijom.exe
  2⤵
  PID:5272
- C:\Windows\System\qOGRQNU.exe
  C:\Windows\System\qOGRQNU.exe
  2⤵
  PID:5292
- C:\Windows\System\SZlQRiw.exe
  C:\Windows\System\SZlQRiw.exe
  2⤵
  PID:5312
- C:\Windows\System\EhUoUxX.exe
  C:\Windows\System\EhUoUxX.exe
  2⤵
  PID:5332
- C:\Windows\System\XFJSPfY.exe
  C:\Windows\System\XFJSPfY.exe
  2⤵
  PID:5352
- C:\Windows\System\KvFHSYQ.exe
  C:\Windows\System\KvFHSYQ.exe
  2⤵
  PID:5372
- C:\Windows\System\WoVNeGj.exe
  C:\Windows\System\WoVNeGj.exe
  2⤵
  PID:5392
- C:\Windows\System\retQCMJ.exe
  C:\Windows\System\retQCMJ.exe
  2⤵
  PID:5412
- C:\Windows\System\qYDClVd.exe
  C:\Windows\System\qYDClVd.exe
  2⤵
  PID:5432
- C:\Windows\System\rjwJCOZ.exe
  C:\Windows\System\rjwJCOZ.exe
  2⤵
  PID:5452
- C:\Windows\System\HoPoYWM.exe
  C:\Windows\System\HoPoYWM.exe
  2⤵
  PID:5472
- C:\Windows\System\FUBPKat.exe
  C:\Windows\System\FUBPKat.exe
  2⤵
  PID:5488
- C:\Windows\System\MzDJfMR.exe
  C:\Windows\System\MzDJfMR.exe
  2⤵
  PID:5512
- C:\Windows\System\OdGCRlO.exe
  C:\Windows\System\OdGCRlO.exe
  2⤵
  PID:5532
- C:\Windows\System\uyPSVEP.exe
  C:\Windows\System\uyPSVEP.exe
  2⤵
  PID:5552
- C:\Windows\System\JFCCPxJ.exe
  C:\Windows\System\JFCCPxJ.exe
  2⤵
  PID:5572
- C:\Windows\System\FlALext.exe
  C:\Windows\System\FlALext.exe
  2⤵
  PID:5588
- C:\Windows\System\xdPcnIH.exe
  C:\Windows\System\xdPcnIH.exe
  2⤵
  PID:5608
- C:\Windows\System\HNXYIrg.exe
  C:\Windows\System\HNXYIrg.exe
  2⤵
  PID:5632
- C:\Windows\System\QDaqskk.exe
  C:\Windows\System\QDaqskk.exe
  2⤵
  PID:5648
- C:\Windows\System\SKFnxWz.exe
  C:\Windows\System\SKFnxWz.exe
  2⤵
  PID:5668
- C:\Windows\System\rWsiECp.exe
  C:\Windows\System\rWsiECp.exe
  2⤵
  PID:5688
- C:\Windows\System\AhzxXAL.exe
  C:\Windows\System\AhzxXAL.exe
  2⤵
  PID:5708
- C:\Windows\System\mlATdMu.exe
  C:\Windows\System\mlATdMu.exe
  2⤵
  PID:5732
- C:\Windows\System\IIvQEHt.exe
  C:\Windows\System\IIvQEHt.exe
  2⤵
  PID:5752
- C:\Windows\System\KuBTnEh.exe
  C:\Windows\System\KuBTnEh.exe
  2⤵
  PID:5768
- C:\Windows\System\CZUXObf.exe
  C:\Windows\System\CZUXObf.exe
  2⤵
  PID:5788
- C:\Windows\System\ARiwhFW.exe
  C:\Windows\System\ARiwhFW.exe
  2⤵
  PID:5808
- C:\Windows\System\GUaOEfj.exe
  C:\Windows\System\GUaOEfj.exe
  2⤵
  PID:5828
- C:\Windows\System\iGDSYkk.exe
  C:\Windows\System\iGDSYkk.exe
  2⤵
  PID:5852
- C:\Windows\System\FBpQNqF.exe
  C:\Windows\System\FBpQNqF.exe
  2⤵
  PID:5876
- C:\Windows\System\ZfukpdQ.exe
  C:\Windows\System\ZfukpdQ.exe
  2⤵
  PID:5896
- C:\Windows\System\NtbiLTI.exe
  C:\Windows\System\NtbiLTI.exe
  2⤵
  PID:5916
- C:\Windows\System\UFZPdTt.exe
  C:\Windows\System\UFZPdTt.exe
  2⤵
  PID:5936
- C:\Windows\System\hKYPaRZ.exe
  C:\Windows\System\hKYPaRZ.exe
  2⤵
  PID:5952
- C:\Windows\System\ealqdzX.exe
  C:\Windows\System\ealqdzX.exe
  2⤵
  PID:5976
- C:\Windows\System\hfMgQjz.exe
  C:\Windows\System\hfMgQjz.exe
  2⤵
  PID:5996
- C:\Windows\System\hrHwAMN.exe
  C:\Windows\System\hrHwAMN.exe
  2⤵
  PID:6016
- C:\Windows\System\VbXraWV.exe
  C:\Windows\System\VbXraWV.exe
  2⤵
  PID:6040
- C:\Windows\System\VfgLgja.exe
  C:\Windows\System\VfgLgja.exe
  2⤵
  PID:6056
- C:\Windows\System\IxkRIQB.exe
  C:\Windows\System\IxkRIQB.exe
  2⤵
  PID:6080
- C:\Windows\System\XiKdyWd.exe
  C:\Windows\System\XiKdyWd.exe
  2⤵
  PID:6096
- C:\Windows\System\sWHPwWc.exe
  C:\Windows\System\sWHPwWc.exe
  2⤵
  PID:6112
- C:\Windows\System\PIFtWwU.exe
  C:\Windows\System\PIFtWwU.exe
  2⤵
  PID:6136
- C:\Windows\System\UVKitun.exe
  C:\Windows\System\UVKitun.exe
  2⤵
  PID:5100
- C:\Windows\System\lwRUkVS.exe
  C:\Windows\System\lwRUkVS.exe
  2⤵
  PID:2340
- C:\Windows\System\KJPiref.exe
  C:\Windows\System\KJPiref.exe
  2⤵
  PID:4356
- C:\Windows\System\VKYyShD.exe
  C:\Windows\System\VKYyShD.exe
  2⤵
  PID:4544
- C:\Windows\System\WXuTXxi.exe
  C:\Windows\System\WXuTXxi.exe
  2⤵
  PID:3272
- C:\Windows\System\LOsmkbK.exe
  C:\Windows\System\LOsmkbK.exe
  2⤵
  PID:4636
- C:\Windows\System\lpZTswW.exe
  C:\Windows\System\lpZTswW.exe
  2⤵
  PID:4604
- C:\Windows\System\yMJjwrJ.exe
  C:\Windows\System\yMJjwrJ.exe
  2⤵
  PID:4952
- C:\Windows\System\NkysgzL.exe
  C:\Windows\System\NkysgzL.exe
  2⤵
  PID:4912
- C:\Windows\System\KSdZuQT.exe
  C:\Windows\System\KSdZuQT.exe
  2⤵
  PID:5128
- C:\Windows\System\bpOLyoN.exe
  C:\Windows\System\bpOLyoN.exe
  2⤵
  PID:5184
- C:\Windows\System\JZOEyxl.exe
  C:\Windows\System\JZOEyxl.exe
  2⤵
  PID:5200
- C:\Windows\System\EURztBw.exe
  C:\Windows\System\EURztBw.exe
  2⤵
  PID:2620
- C:\Windows\System\pADNLuT.exe
  C:\Windows\System\pADNLuT.exe
  2⤵
  PID:5264
- C:\Windows\System\tTRrLBC.exe
  C:\Windows\System\tTRrLBC.exe
  2⤵
  PID:5308
- C:\Windows\System\PjiQaTE.exe
  C:\Windows\System\PjiQaTE.exe
  2⤵
  PID:5320
- C:\Windows\System\BZWhZIB.exe
  C:\Windows\System\BZWhZIB.exe
  2⤵
  PID:5348
- C:\Windows\System\xFuRfcO.exe
  C:\Windows\System\xFuRfcO.exe
  2⤵
  PID:5420
- C:\Windows\System\BunOfmg.exe
  C:\Windows\System\BunOfmg.exe
  2⤵
  PID:5424
- C:\Windows\System\eVWkdJc.exe
  C:\Windows\System\eVWkdJc.exe
  2⤵
  PID:5440
- C:\Windows\System\SUWMNTZ.exe
  C:\Windows\System\SUWMNTZ.exe
  2⤵
  PID:2704
- C:\Windows\System\cotfFIp.exe
  C:\Windows\System\cotfFIp.exe
  2⤵
  PID:5508
- C:\Windows\System\XGJfeiR.exe
  C:\Windows\System\XGJfeiR.exe
  2⤵
  PID:5520
- C:\Windows\System\OIXVnBI.exe
  C:\Windows\System\OIXVnBI.exe
  2⤵
  PID:5584
- C:\Windows\System\txfIvGX.exe
  C:\Windows\System\txfIvGX.exe
  2⤵
  PID:5524
- C:\Windows\System\EacrrQW.exe
  C:\Windows\System\EacrrQW.exe
  2⤵
  PID:5596
- C:\Windows\System\FMNNaXD.exe
  C:\Windows\System\FMNNaXD.exe
  2⤵
  PID:5660
- C:\Windows\System\BtpRqNd.exe
  C:\Windows\System\BtpRqNd.exe
  2⤵
  PID:5640
- C:\Windows\System\wteshcS.exe
  C:\Windows\System\wteshcS.exe
  2⤵
  PID:5720
- C:\Windows\System\hDOZGGo.exe
  C:\Windows\System\hDOZGGo.exe
  2⤵
  PID:5728
- C:\Windows\System\ZJnFzAb.exe
  C:\Windows\System\ZJnFzAb.exe
  2⤵
  PID:5816
- C:\Windows\System\OqwfItE.exe
  C:\Windows\System\OqwfItE.exe
  2⤵
  PID:5860
- C:\Windows\System\teFXIyG.exe
  C:\Windows\System\teFXIyG.exe
  2⤵
  PID:5904
- C:\Windows\System\pEEeMBi.exe
  C:\Windows\System\pEEeMBi.exe
  2⤵
  PID:5912
- C:\Windows\System\fPIYmFL.exe
  C:\Windows\System\fPIYmFL.exe
  2⤵
  PID:1524
- C:\Windows\System\XrqYfZT.exe
  C:\Windows\System\XrqYfZT.exe
  2⤵
  PID:5984
- C:\Windows\System\HrYBCMB.exe
  C:\Windows\System\HrYBCMB.exe
  2⤵
  PID:6024
- C:\Windows\System\yNNGjIk.exe
  C:\Windows\System\yNNGjIk.exe
  2⤵
  PID:5964
- C:\Windows\System\THqxFiI.exe
  C:\Windows\System\THqxFiI.exe
  2⤵
  PID:6008
- C:\Windows\System\nXwPcwq.exe
  C:\Windows\System\nXwPcwq.exe
  2⤵
  PID:6068
- C:\Windows\System\HEvemrO.exe
  C:\Windows\System\HEvemrO.exe
  2⤵
  PID:6108
- C:\Windows\System\KOLBfaI.exe
  C:\Windows\System\KOLBfaI.exe
  2⤵
  PID:6092
- C:\Windows\System\FKjAsAZ.exe
  C:\Windows\System\FKjAsAZ.exe
  2⤵
  PID:2700
- C:\Windows\System\tnkyrzM.exe
  C:\Windows\System\tnkyrzM.exe
  2⤵
  PID:4272
- C:\Windows\System\rSqZmJe.exe
  C:\Windows\System\rSqZmJe.exe
  2⤵
  PID:3184
- C:\Windows\System\wlbFUOL.exe
  C:\Windows\System\wlbFUOL.exe
  2⤵
  PID:5028
- C:\Windows\System\ybQvOly.exe
  C:\Windows\System\ybQvOly.exe
  2⤵
  PID:2596
- C:\Windows\System\ZcAuvvF.exe
  C:\Windows\System\ZcAuvvF.exe
  2⤵
  PID:5176
- C:\Windows\System\HUDYNhU.exe
  C:\Windows\System\HUDYNhU.exe
  2⤵
  PID:5224
- C:\Windows\System\TsCaRRS.exe
  C:\Windows\System\TsCaRRS.exe
  2⤵
  PID:4780
- C:\Windows\System\RicIpGH.exe
  C:\Windows\System\RicIpGH.exe
  2⤵
  PID:5328
- C:\Windows\System\TohbmCH.exe
  C:\Windows\System\TohbmCH.exe
  2⤵
  PID:5364
- C:\Windows\System\XvbXjQs.exe
  C:\Windows\System\XvbXjQs.exe
  2⤵
  PID:2556
- C:\Windows\System\PYTjXwn.exe
  C:\Windows\System\PYTjXwn.exe
  2⤵
  PID:5380
- C:\Windows\System\neJhORs.exe
  C:\Windows\System\neJhORs.exe
  2⤵
  PID:5604
- C:\Windows\System\chilkpr.exe
  C:\Windows\System\chilkpr.exe
  2⤵
  PID:2856
- C:\Windows\System\NfDWcDh.exe
  C:\Windows\System\NfDWcDh.exe
  2⤵
  PID:5548
- C:\Windows\System\PqQpDyX.exe
  C:\Windows\System\PqQpDyX.exe
  2⤵
  PID:5684
- C:\Windows\System\mhCpLmp.exe
  C:\Windows\System\mhCpLmp.exe
  2⤵
  PID:5776
- C:\Windows\System\EvHWaCj.exe
  C:\Windows\System\EvHWaCj.exe
  2⤵
  PID:5704
- C:\Windows\System\COinNtV.exe
  C:\Windows\System\COinNtV.exe
  2⤵
  PID:5676
- C:\Windows\System\jJGGWvO.exe
  C:\Windows\System\jJGGWvO.exe
  2⤵
  PID:5840
- C:\Windows\System\yAhpwKJ.exe
  C:\Windows\System\yAhpwKJ.exe
  2⤵
  PID:5796
- C:\Windows\System\KNUEPzd.exe
  C:\Windows\System\KNUEPzd.exe
  2⤵
  PID:5924
- C:\Windows\System\LJrZAiF.exe
  C:\Windows\System\LJrZAiF.exe
  2⤵
  PID:5892
- C:\Windows\System\uZzfKMv.exe
  C:\Windows\System\uZzfKMv.exe
  2⤵
  PID:6028
- C:\Windows\System\KBdULrd.exe
  C:\Windows\System\KBdULrd.exe
  2⤵
  PID:6128
- C:\Windows\System\OcVtuuQ.exe
  C:\Windows\System\OcVtuuQ.exe
  2⤵
  PID:2808
- C:\Windows\System\SgrTWnM.exe
  C:\Windows\System\SgrTWnM.exe
  2⤵
  PID:5148
- C:\Windows\System\ewlWWBq.exe
  C:\Windows\System\ewlWWBq.exe
  2⤵
  PID:4872
- C:\Windows\System\bWgbQbo.exe
  C:\Windows\System\bWgbQbo.exe
  2⤵
  PID:4412
- C:\Windows\System\IhiZJwS.exe
  C:\Windows\System\IhiZJwS.exe
  2⤵
  PID:5468
- C:\Windows\System\VyBTwMh.exe
  C:\Windows\System\VyBTwMh.exe
  2⤵
  PID:4896
- C:\Windows\System\IfOSqFi.exe
  C:\Windows\System\IfOSqFi.exe
  2⤵
  PID:5384
- C:\Windows\System\FfFQdvP.exe
  C:\Windows\System\FfFQdvP.exe
  2⤵
  PID:5304
- C:\Windows\System\ugultGr.exe
  C:\Windows\System\ugultGr.exe
  2⤵
  PID:5480
- C:\Windows\System\PveSHxV.exe
  C:\Windows\System\PveSHxV.exe
  2⤵
  PID:5564
- C:\Windows\System\hqDLYwM.exe
  C:\Windows\System\hqDLYwM.exe
  2⤵
  PID:5528
- C:\Windows\System\EdPsUxc.exe
  C:\Windows\System\EdPsUxc.exe
  2⤵
  PID:5680
- C:\Windows\System\JAYSzhg.exe
  C:\Windows\System\JAYSzhg.exe
  2⤵
  PID:5820
- C:\Windows\System\XjlBEoO.exe
  C:\Windows\System\XjlBEoO.exe
  2⤵
  PID:5868
- C:\Windows\System\YdVwTII.exe
  C:\Windows\System\YdVwTII.exe
  2⤵
  PID:6132
- C:\Windows\System\MHnLDHY.exe
  C:\Windows\System\MHnLDHY.exe
  2⤵
  PID:6036
- C:\Windows\System\UlrfGrp.exe
  C:\Windows\System\UlrfGrp.exe
  2⤵
  PID:4456
- C:\Windows\System\SBGjpEy.exe
  C:\Windows\System\SBGjpEy.exe
  2⤵
  PID:5116
- C:\Windows\System\AePSFcb.exe
  C:\Windows\System\AePSFcb.exe
  2⤵
  PID:5268
- C:\Windows\System\fpmcRad.exe
  C:\Windows\System\fpmcRad.exe
  2⤵
  PID:5160
- C:\Windows\System\cMWdjdQ.exe
  C:\Windows\System\cMWdjdQ.exe
  2⤵
  PID:4608
- C:\Windows\System\vscaHjn.exe
  C:\Windows\System\vscaHjn.exe
  2⤵
  PID:5324
- C:\Windows\System\OezhDHr.exe
  C:\Windows\System\OezhDHr.exe
  2⤵
  PID:5864
- C:\Windows\System\bIjuliA.exe
  C:\Windows\System\bIjuliA.exe
  2⤵
  PID:5872
- C:\Windows\System\VGfmNXO.exe
  C:\Windows\System\VGfmNXO.exe
  2⤵
  PID:5804
- C:\Windows\System\yPOgHOy.exe
  C:\Windows\System\yPOgHOy.exe
  2⤵
  PID:6064
- C:\Windows\System\ImfOuXP.exe
  C:\Windows\System\ImfOuXP.exe
  2⤵
  PID:4484
- C:\Windows\System\HfDgsuk.exe
  C:\Windows\System\HfDgsuk.exe
  2⤵
  PID:5244
- C:\Windows\System\KWApPsC.exe
  C:\Windows\System\KWApPsC.exe
  2⤵
  PID:5620
- C:\Windows\System\ZXBpEkJ.exe
  C:\Windows\System\ZXBpEkJ.exe
  2⤵
  PID:6168
- C:\Windows\System\MwiIFHg.exe
  C:\Windows\System\MwiIFHg.exe
  2⤵
  PID:6188
- C:\Windows\System\eWrxfbU.exe
  C:\Windows\System\eWrxfbU.exe
  2⤵
  PID:6208
- C:\Windows\System\ucETnaW.exe
  C:\Windows\System\ucETnaW.exe
  2⤵
  PID:6228
- C:\Windows\System\ZuVNAyY.exe
  C:\Windows\System\ZuVNAyY.exe
  2⤵
  PID:6248
- C:\Windows\System\iZWsrsl.exe
  C:\Windows\System\iZWsrsl.exe
  2⤵
  PID:6264
- C:\Windows\System\beCxBwL.exe
  C:\Windows\System\beCxBwL.exe
  2⤵
  PID:6284
- C:\Windows\System\OAXeCoe.exe
  C:\Windows\System\OAXeCoe.exe
  2⤵
  PID:6308
- C:\Windows\System\TarVnNj.exe
  C:\Windows\System\TarVnNj.exe
  2⤵
  PID:6328
- C:\Windows\System\pnqHzFC.exe
  C:\Windows\System\pnqHzFC.exe
  2⤵
  PID:6348
- C:\Windows\System\URSmdJb.exe
  C:\Windows\System\URSmdJb.exe
  2⤵
  PID:6368
- C:\Windows\System\PYwVUTe.exe
  C:\Windows\System\PYwVUTe.exe
  2⤵
  PID:6388
- C:\Windows\System\aBedRje.exe
  C:\Windows\System\aBedRje.exe
  2⤵
  PID:6408
- C:\Windows\System\cDojpkv.exe
  C:\Windows\System\cDojpkv.exe
  2⤵
  PID:6428
- C:\Windows\System\MegiUWE.exe
  C:\Windows\System\MegiUWE.exe
  2⤵
  PID:6448
- C:\Windows\System\tMKbzpL.exe
  C:\Windows\System\tMKbzpL.exe
  2⤵
  PID:6468
- C:\Windows\System\KDGxNPO.exe
  C:\Windows\System\KDGxNPO.exe
  2⤵
  PID:6488
- C:\Windows\System\ceFYwUi.exe
  C:\Windows\System\ceFYwUi.exe
  2⤵
  PID:6508
- C:\Windows\System\KyNhRfh.exe
  C:\Windows\System\KyNhRfh.exe
  2⤵
  PID:6528
- C:\Windows\System\ngHfGhO.exe
  C:\Windows\System\ngHfGhO.exe
  2⤵
  PID:6548
- C:\Windows\System\YSjJRFb.exe
  C:\Windows\System\YSjJRFb.exe
  2⤵
  PID:6572
- C:\Windows\System\TXVHZXV.exe
  C:\Windows\System\TXVHZXV.exe
  2⤵
  PID:6592
- C:\Windows\System\xUKRcMI.exe
  C:\Windows\System\xUKRcMI.exe
  2⤵
  PID:6612
- C:\Windows\System\BdTRJKO.exe
  C:\Windows\System\BdTRJKO.exe
  2⤵
  PID:6632
- C:\Windows\System\jFpUjIX.exe
  C:\Windows\System\jFpUjIX.exe
  2⤵
  PID:6652
- C:\Windows\System\gueNbbP.exe
  C:\Windows\System\gueNbbP.exe
  2⤵
  PID:6672
- C:\Windows\System\kKYIjIb.exe
  C:\Windows\System\kKYIjIb.exe
  2⤵
  PID:6692
- C:\Windows\System\weFRgeE.exe
  C:\Windows\System\weFRgeE.exe
  2⤵
  PID:6712
- C:\Windows\System\ktcozwY.exe
  C:\Windows\System\ktcozwY.exe
  2⤵
  PID:6732
- C:\Windows\System\tIUbSUc.exe
  C:\Windows\System\tIUbSUc.exe
  2⤵
  PID:6752
- C:\Windows\System\wKMJNRO.exe
  C:\Windows\System\wKMJNRO.exe
  2⤵
  PID:6772
- C:\Windows\System\soTSFBA.exe
  C:\Windows\System\soTSFBA.exe
  2⤵
  PID:6792
- C:\Windows\System\LobBavI.exe
  C:\Windows\System\LobBavI.exe
  2⤵
  PID:6812
- C:\Windows\System\rcdYJXn.exe
  C:\Windows\System\rcdYJXn.exe
  2⤵
  PID:6828
- C:\Windows\System\XrmxQNL.exe
  C:\Windows\System\XrmxQNL.exe
  2⤵
  PID:6848
- C:\Windows\System\MVYHuot.exe
  C:\Windows\System\MVYHuot.exe
  2⤵
  PID:6868
- C:\Windows\System\tlgOnth.exe
  C:\Windows\System\tlgOnth.exe
  2⤵
  PID:6892
- C:\Windows\System\yMNycQg.exe
  C:\Windows\System\yMNycQg.exe
  2⤵
  PID:6912
- C:\Windows\System\VUlOqck.exe
  C:\Windows\System\VUlOqck.exe
  2⤵
  PID:6932
- C:\Windows\System\XHYJYZq.exe
  C:\Windows\System\XHYJYZq.exe
  2⤵
  PID:6952
- C:\Windows\System\zULWpyr.exe
  C:\Windows\System\zULWpyr.exe
  2⤵
  PID:6972
- C:\Windows\System\DgkhHtL.exe
  C:\Windows\System\DgkhHtL.exe
  2⤵
  PID:6988
- C:\Windows\System\FYcQjnB.exe
  C:\Windows\System\FYcQjnB.exe
  2⤵
  PID:7004
- C:\Windows\System\Mbluxpq.exe
  C:\Windows\System\Mbluxpq.exe
  2⤵
  PID:7028
- C:\Windows\System\lvFirYY.exe
  C:\Windows\System\lvFirYY.exe
  2⤵
  PID:7044
- C:\Windows\System\coVVAXC.exe
  C:\Windows\System\coVVAXC.exe
  2⤵
  PID:7064
- C:\Windows\System\rBCgnwF.exe
  C:\Windows\System\rBCgnwF.exe
  2⤵
  PID:7084
- C:\Windows\System\DLviCCj.exe
  C:\Windows\System\DLviCCj.exe
  2⤵
  PID:7112
- C:\Windows\System\HQYhqBg.exe
  C:\Windows\System\HQYhqBg.exe
  2⤵
  PID:7136
- C:\Windows\System\raUGNza.exe
  C:\Windows\System\raUGNza.exe
  2⤵
  PID:7152
- C:\Windows\System\UTRXCYd.exe
  C:\Windows\System\UTRXCYd.exe
  2⤵
  PID:2904
- C:\Windows\System\qteiXSe.exe
  C:\Windows\System\qteiXSe.exe
  2⤵
  PID:5656
- C:\Windows\System\teOVeFO.exe
  C:\Windows\System\teOVeFO.exe
  2⤵
  PID:6104
- C:\Windows\System\NaUQdOZ.exe
  C:\Windows\System\NaUQdOZ.exe
  2⤵
  PID:3808
- C:\Windows\System\nRYTRgv.exe
  C:\Windows\System\nRYTRgv.exe
  2⤵
  PID:3512
- C:\Windows\System\VZRKBsa.exe
  C:\Windows\System\VZRKBsa.exe
  2⤵
  PID:2724
- C:\Windows\System\cKzwmQs.exe
  C:\Windows\System\cKzwmQs.exe
  2⤵
  PID:6200
- C:\Windows\System\DHLqvZP.exe
  C:\Windows\System\DHLqvZP.exe
  2⤵
  PID:6176
- C:\Windows\System\ljMDfWS.exe
  C:\Windows\System\ljMDfWS.exe
  2⤵
  PID:6224
- C:\Windows\System\GSMPRuc.exe
  C:\Windows\System\GSMPRuc.exe
  2⤵
  PID:6280
- C:\Windows\System\beTqGTg.exe
  C:\Windows\System\beTqGTg.exe
  2⤵
  PID:6260
- C:\Windows\System\NEjjZGr.exe
  C:\Windows\System\NEjjZGr.exe
  2⤵
  PID:6300
- C:\Windows\System\dpgRqWo.exe
  C:\Windows\System\dpgRqWo.exe
  2⤵
  PID:6336
- C:\Windows\System\mjkGMWn.exe
  C:\Windows\System\mjkGMWn.exe
  2⤵
  PID:6396
- C:\Windows\System\VYISIUQ.exe
  C:\Windows\System\VYISIUQ.exe
  2⤵
  PID:2732
- C:\Windows\System\bdpUDlN.exe
  C:\Windows\System\bdpUDlN.exe
  2⤵
  PID:6424
- C:\Windows\System\KRdzbJx.exe
  C:\Windows\System\KRdzbJx.exe
  2⤵
  PID:6484
- C:\Windows\System\MFhVewC.exe
  C:\Windows\System\MFhVewC.exe
  2⤵
  PID:6496
- C:\Windows\System\GlvbnLy.exe
  C:\Windows\System\GlvbnLy.exe
  2⤵
  PID:6500
- C:\Windows\System\GPtmzmy.exe
  C:\Windows\System\GPtmzmy.exe
  2⤵
  PID:6544
- C:\Windows\System\DzHiNJB.exe
  C:\Windows\System\DzHiNJB.exe
  2⤵
  PID:6660
- C:\Windows\System\Mqnfdid.exe
  C:\Windows\System\Mqnfdid.exe
  2⤵
  PID:6668
- C:\Windows\System\snBUjET.exe
  C:\Windows\System\snBUjET.exe
  2⤵
  PID:6728
- C:\Windows\System\ftGoZfK.exe
  C:\Windows\System\ftGoZfK.exe
  2⤵
  PID:6704
- C:\Windows\System\osLytDe.exe
  C:\Windows\System\osLytDe.exe
  2⤵
  PID:6808
- C:\Windows\System\pAFQegN.exe
  C:\Windows\System\pAFQegN.exe
  2⤵
  PID:6844
- C:\Windows\System\QpnymMh.exe
  C:\Windows\System\QpnymMh.exe
  2⤵
  PID:6784
- C:\Windows\System\pYLtdMr.exe
  C:\Windows\System\pYLtdMr.exe
  2⤵
  PID:6888
- C:\Windows\System\TedGwud.exe
  C:\Windows\System\TedGwud.exe
  2⤵
  PID:6860
- C:\Windows\System\UNdLkab.exe
  C:\Windows\System\UNdLkab.exe
  2⤵
  PID:6900
- C:\Windows\System\KiAzVzQ.exe
  C:\Windows\System\KiAzVzQ.exe
  2⤵
  PID:756
- C:\Windows\System\USNNBvo.exe
  C:\Windows\System\USNNBvo.exe
  2⤵
  PID:2416
- C:\Windows\System\xNQmotg.exe
  C:\Windows\System\xNQmotg.exe
  2⤵
  PID:7024
- C:\Windows\System\dYLSnwC.exe
  C:\Windows\System\dYLSnwC.exe
  2⤵
  PID:7060
- C:\Windows\System\tKcqlNw.exe
  C:\Windows\System\tKcqlNw.exe
  2⤵
  PID:1436
- C:\Windows\System\dytkPvE.exe
  C:\Windows\System\dytkPvE.exe
  2⤵
  PID:6568
- C:\Windows\System\rOszzeE.exe
  C:\Windows\System\rOszzeE.exe
  2⤵
  PID:2988
- C:\Windows\System\GjhYAyH.exe
  C:\Windows\System\GjhYAyH.exe
  2⤵
  PID:7132
- C:\Windows\System\CzKSzme.exe
  C:\Windows\System\CzKSzme.exe
  2⤵
  PID:7148
- C:\Windows\System\xHYiEOL.exe
  C:\Windows\System\xHYiEOL.exe
  2⤵
  PID:5988
- C:\Windows\System\HrUPwOR.exe
  C:\Windows\System\HrUPwOR.exe
  2⤵
  PID:5844
- C:\Windows\System\foNQVMm.exe
  C:\Windows\System\foNQVMm.exe
  2⤵
  PID:6204
- C:\Windows\System\VorHUfe.exe
  C:\Windows\System\VorHUfe.exe
  2⤵
  PID:3064
- C:\Windows\System\YyFwlPO.exe
  C:\Windows\System\YyFwlPO.exe
  2⤵
  PID:6356
- C:\Windows\System\FJnDcbB.exe
  C:\Windows\System\FJnDcbB.exe
  2⤵
  PID:6380
- C:\Windows\System\FHMVFzv.exe
  C:\Windows\System\FHMVFzv.exe
  2⤵
  PID:6520
- C:\Windows\System\xvypslL.exe
  C:\Windows\System\xvypslL.exe
  2⤵
  PID:1292
- C:\Windows\System\fkAjqAR.exe
  C:\Windows\System\fkAjqAR.exe
  2⤵
  PID:6608
- C:\Windows\System\yOpXwYD.exe
  C:\Windows\System\yOpXwYD.exe
  2⤵
  PID:5696
- C:\Windows\System\AJadJrX.exe
  C:\Windows\System\AJadJrX.exe
  2⤵
  PID:2676
- C:\Windows\System\oXqENOc.exe
  C:\Windows\System\oXqENOc.exe
  2⤵
  PID:6292
- C:\Windows\System\HkEPeIF.exe
  C:\Windows\System\HkEPeIF.exe
  2⤵
  PID:6628
- C:\Windows\System\qvWzahn.exe
  C:\Windows\System\qvWzahn.exe
  2⤵
  PID:6700
- C:\Windows\System\VVenAaI.exe
  C:\Windows\System\VVenAaI.exe
  2⤵
  PID:6516
- C:\Windows\System\LUrJtqT.exe
  C:\Windows\System\LUrJtqT.exe
  2⤵
  PID:6688
- C:\Windows\System\dbKmulr.exe
  C:\Windows\System\dbKmulr.exe
  2⤵
  PID:6748
- C:\Windows\System\CUoCCTR.exe
  C:\Windows\System\CUoCCTR.exe
  2⤵
  PID:6928
- C:\Windows\System\TFCbrdl.exe
  C:\Windows\System\TFCbrdl.exe
  2⤵
  PID:7000
- C:\Windows\System\vgYVFTu.exe
  C:\Windows\System\vgYVFTu.exe
  2⤵
  PID:6940
- C:\Windows\System\IACPQTY.exe
  C:\Windows\System\IACPQTY.exe
  2⤵
  PID:2888
- C:\Windows\System\RmNZnSJ.exe
  C:\Windows\System\RmNZnSJ.exe
  2⤵
  PID:7108
- C:\Windows\System\ZWaYGnh.exe
  C:\Windows\System\ZWaYGnh.exe
  2⤵
  PID:2928
- C:\Windows\System\gIJhLwa.exe
  C:\Windows\System\gIJhLwa.exe
  2⤵
  PID:2792
- C:\Windows\System\BoIqkxp.exe
  C:\Windows\System\BoIqkxp.exe
  2⤵
  PID:7120
- C:\Windows\System\xWSUxHv.exe
  C:\Windows\System\xWSUxHv.exe
  2⤵
  PID:4208
- C:\Windows\System\bsfmPzE.exe
  C:\Windows\System\bsfmPzE.exe
  2⤵
  PID:6600
- C:\Windows\System\cNgMkkl.exe
  C:\Windows\System\cNgMkkl.exe
  2⤵
  PID:2716
- C:\Windows\System\waHWgEs.exe
  C:\Windows\System\waHWgEs.exe
  2⤵
  PID:6256
- C:\Windows\System\KeKUnyg.exe
  C:\Windows\System\KeKUnyg.exe
  2⤵
  PID:6588
- C:\Windows\System\uzOmRqj.exe
  C:\Windows\System\uzOmRqj.exe
  2⤵
  PID:1972
- C:\Windows\System\yAhyFTd.exe
  C:\Windows\System\yAhyFTd.exe
  2⤵
  PID:6720
- C:\Windows\System\wAcBeui.exe
  C:\Windows\System\wAcBeui.exe
  2⤵
  PID:6836
- C:\Windows\System\KRfQdTM.exe
  C:\Windows\System\KRfQdTM.exe
  2⤵
  PID:6880
- C:\Windows\System\NaYlzue.exe
  C:\Windows\System\NaYlzue.exe
  2⤵
  PID:6856
- C:\Windows\System\ZKMivnV.exe
  C:\Windows\System\ZKMivnV.exe
  2⤵
  PID:1060
- C:\Windows\System\fpaVclr.exe
  C:\Windows\System\fpaVclr.exe
  2⤵
  PID:6648
- C:\Windows\System\uRtAyiu.exe
  C:\Windows\System\uRtAyiu.exe
  2⤵
  PID:6960
- C:\Windows\System\uRQtfvz.exe
  C:\Windows\System\uRQtfvz.exe
  2⤵
  PID:7104
- C:\Windows\System\csWQEUD.exe
  C:\Windows\System\csWQEUD.exe
  2⤵
  PID:1848
- C:\Windows\System\JYEizqF.exe
  C:\Windows\System\JYEizqF.exe
  2⤵
  PID:2660
- C:\Windows\System\AWmJrhS.exe
  C:\Windows\System\AWmJrhS.exe
  2⤵
  PID:6344
- C:\Windows\System\qVUQtfC.exe
  C:\Windows\System\qVUQtfC.exe
  2⤵
  PID:2440
- C:\Windows\System\fmSTIEO.exe
  C:\Windows\System\fmSTIEO.exe
  2⤵
  PID:5248
- C:\Windows\System\RdPQmAh.exe
  C:\Windows\System\RdPQmAh.exe
  2⤵
  PID:2472
- C:\Windows\System\zAQKMNm.exe
  C:\Windows\System\zAQKMNm.exe
  2⤵
  PID:6984
- C:\Windows\System\ZxQaawv.exe
  C:\Windows\System\ZxQaawv.exe
  2⤵
  PID:3424
- C:\Windows\System\CXXjLop.exe
  C:\Windows\System\CXXjLop.exe
  2⤵
  PID:1276
- C:\Windows\System\JQneRMd.exe
  C:\Windows\System\JQneRMd.exe
  2⤵
  PID:6088
- C:\Windows\System\GKLddvV.exe
  C:\Windows\System\GKLddvV.exe
  2⤵
  PID:3044
- C:\Windows\System\KUefeSx.exe
  C:\Windows\System\KUefeSx.exe
  2⤵
  PID:6920
- C:\Windows\System\SasSAIT.exe
  C:\Windows\System\SasSAIT.exe
  2⤵
  PID:6768
- C:\Windows\System\wkljFYr.exe
  C:\Windows\System\wkljFYr.exe
  2⤵
  PID:7164
- C:\Windows\System\hDzJBSU.exe
  C:\Windows\System\hDzJBSU.exe
  2⤵
  PID:764
- C:\Windows\System\YDBcftW.exe
  C:\Windows\System\YDBcftW.exe
  2⤵
  PID:6996
- C:\Windows\System\cIMhJAn.exe
  C:\Windows\System\cIMhJAn.exe
  2⤵
  PID:7176
- C:\Windows\System\kGGQXlJ.exe
  C:\Windows\System\kGGQXlJ.exe
  2⤵
  PID:7192
- C:\Windows\System\lEiTPNY.exe
  C:\Windows\System\lEiTPNY.exe
  2⤵
  PID:7212
- C:\Windows\System\MaemjNe.exe
  C:\Windows\System\MaemjNe.exe
  2⤵
  PID:7236
- C:\Windows\System\SfOIDVA.exe
  C:\Windows\System\SfOIDVA.exe
  2⤵
  PID:7256
- C:\Windows\System\FXAsocr.exe
  C:\Windows\System\FXAsocr.exe
  2⤵
  PID:7276
- C:\Windows\System\smaLjbe.exe
  C:\Windows\System\smaLjbe.exe
  2⤵
  PID:7296
- C:\Windows\System\zdMNcCL.exe
  C:\Windows\System\zdMNcCL.exe
  2⤵
  PID:7316
- C:\Windows\System\rkdlhSO.exe
  C:\Windows\System\rkdlhSO.exe
  2⤵
  PID:7336
- C:\Windows\System\qSziTxk.exe
  C:\Windows\System\qSziTxk.exe
  2⤵
  PID:7352
- C:\Windows\System\dqTfYmH.exe
  C:\Windows\System\dqTfYmH.exe
  2⤵
  PID:7368
- C:\Windows\System\OhkoVrx.exe
  C:\Windows\System\OhkoVrx.exe
  2⤵
  PID:7388
- C:\Windows\System\mNOlKZG.exe
  C:\Windows\System\mNOlKZG.exe
  2⤵
  PID:7412
- C:\Windows\System\uDBBQPI.exe
  C:\Windows\System\uDBBQPI.exe
  2⤵
  PID:7428
- C:\Windows\System\WOrzlwP.exe
  C:\Windows\System\WOrzlwP.exe
  2⤵
  PID:7444
- C:\Windows\System\jYZfyjn.exe
  C:\Windows\System\jYZfyjn.exe
  2⤵
  PID:7464
- C:\Windows\System\EkLtZwX.exe
  C:\Windows\System\EkLtZwX.exe
  2⤵
  PID:7484
- C:\Windows\System\rFMIZgG.exe
  C:\Windows\System\rFMIZgG.exe
  2⤵
  PID:7504
- C:\Windows\System\fPvtrRL.exe
  C:\Windows\System\fPvtrRL.exe
  2⤵
  PID:7528
- C:\Windows\System\CYLEAze.exe
  C:\Windows\System\CYLEAze.exe
  2⤵
  PID:7544
- C:\Windows\System\LDxjRGN.exe
  C:\Windows\System\LDxjRGN.exe
  2⤵
  PID:7564
- C:\Windows\System\uztrjmw.exe
  C:\Windows\System\uztrjmw.exe
  2⤵
  PID:7580
- C:\Windows\System\YHLFrJd.exe
  C:\Windows\System\YHLFrJd.exe
  2⤵
  PID:7600
- C:\Windows\System\apNruBN.exe
  C:\Windows\System\apNruBN.exe
  2⤵
  PID:7628
- C:\Windows\System\oEKZQui.exe
  C:\Windows\System\oEKZQui.exe
  2⤵
  PID:7696
- C:\Windows\System\enFaDUJ.exe
  C:\Windows\System\enFaDUJ.exe
  2⤵
  PID:7716
- C:\Windows\System\VQYzwdA.exe
  C:\Windows\System\VQYzwdA.exe
  2⤵
  PID:7732
- C:\Windows\System\dyRlKBh.exe
  C:\Windows\System\dyRlKBh.exe
  2⤵
  PID:7748
- C:\Windows\System\pGfFwgf.exe
  C:\Windows\System\pGfFwgf.exe
  2⤵
  PID:7764
- C:\Windows\System\FottwID.exe
  C:\Windows\System\FottwID.exe
  2⤵
  PID:7780
- C:\Windows\System\bXVxOfA.exe
  C:\Windows\System\bXVxOfA.exe
  2⤵
  PID:7796
- C:\Windows\System\SHuNjqa.exe
  C:\Windows\System\SHuNjqa.exe
  2⤵
  PID:7816
- C:\Windows\System\zYVBtLp.exe
  C:\Windows\System\zYVBtLp.exe
  2⤵
  PID:7832
- C:\Windows\System\nbZQOig.exe
  C:\Windows\System\nbZQOig.exe
  2⤵
  PID:7852
- C:\Windows\System\ocFJEvB.exe
  C:\Windows\System\ocFJEvB.exe
  2⤵
  PID:7868
- C:\Windows\System\JWchiQP.exe
  C:\Windows\System\JWchiQP.exe
  2⤵
  PID:7892
- C:\Windows\System\LlmewXG.exe
  C:\Windows\System\LlmewXG.exe
  2⤵
  PID:7908
- C:\Windows\System\tFZJPMQ.exe
  C:\Windows\System\tFZJPMQ.exe
  2⤵
  PID:7928
- C:\Windows\System\lBcnnuH.exe
  C:\Windows\System\lBcnnuH.exe
  2⤵
  PID:7952
- C:\Windows\System\KGfwOHq.exe
  C:\Windows\System\KGfwOHq.exe
  2⤵
  PID:7972
- C:\Windows\System\uQNRwnr.exe
  C:\Windows\System\uQNRwnr.exe
  2⤵
  PID:7992
- C:\Windows\System\EoRKenf.exe
  C:\Windows\System\EoRKenf.exe
  2⤵
  PID:8016
- C:\Windows\System\kmSKTZD.exe
  C:\Windows\System\kmSKTZD.exe
  2⤵
  PID:8036
- C:\Windows\System\aBKSCHC.exe
  C:\Windows\System\aBKSCHC.exe
  2⤵
  PID:8056
- C:\Windows\System\RzJQKbs.exe
  C:\Windows\System\RzJQKbs.exe
  2⤵
  PID:8076
- C:\Windows\System\jqXyrhs.exe
  C:\Windows\System\jqXyrhs.exe
  2⤵
  PID:8100
- C:\Windows\System\PfvNYdn.exe
  C:\Windows\System\PfvNYdn.exe
  2⤵
  PID:8124
- C:\Windows\System\BYRBjTd.exe
  C:\Windows\System\BYRBjTd.exe
  2⤵
  PID:8144
- C:\Windows\System\kHnrbSw.exe
  C:\Windows\System\kHnrbSw.exe
  2⤵
  PID:8168
- C:\Windows\System\mnoGoKz.exe
  C:\Windows\System\mnoGoKz.exe
  2⤵
  PID:8188
- C:\Windows\System\wPFfeLY.exe
  C:\Windows\System\wPFfeLY.exe
  2⤵
  PID:1528
- C:\Windows\System\LEiKAUz.exe
  C:\Windows\System\LEiKAUz.exe
  2⤵
  PID:6536
- C:\Windows\System\jZtyzXh.exe
  C:\Windows\System\jZtyzXh.exe
  2⤵
  PID:1432
- C:\Windows\System\JRcPZAw.exe
  C:\Windows\System\JRcPZAw.exe
  2⤵
  PID:7284
- C:\Windows\System\GaOkIpF.exe
  C:\Windows\System\GaOkIpF.exe
  2⤵
  PID:7332
- C:\Windows\System\XihHpZH.exe
  C:\Windows\System\XihHpZH.exe
  2⤵
  PID:7408
- C:\Windows\System\mWPyqdT.exe
  C:\Windows\System\mWPyqdT.exe
  2⤵
  PID:7472
- C:\Windows\System\OoEurgr.exe
  C:\Windows\System\OoEurgr.exe
  2⤵
  PID:7516
- C:\Windows\System\SvGohzh.exe
  C:\Windows\System\SvGohzh.exe
  2⤵
  PID:7560
- C:\Windows\System\AyZrPmp.exe
  C:\Windows\System\AyZrPmp.exe
  2⤵
  PID:7592
- C:\Windows\System\URucFfH.exe
  C:\Windows\System\URucFfH.exe
  2⤵
  PID:7636
- C:\Windows\System\IPaVZOs.exe
  C:\Windows\System\IPaVZOs.exe
  2⤵
  PID:7676
- C:\Windows\System\DWxSkht.exe
  C:\Windows\System\DWxSkht.exe
  2⤵
  PID:7040
- C:\Windows\System\PHWznYc.exe
  C:\Windows\System\PHWznYc.exe
  2⤵
  PID:7692
- C:\Windows\System\wgvzYeC.exe
  C:\Windows\System\wgvzYeC.exe
  2⤵
  PID:6296
- C:\Windows\System\gQXJnSF.exe
  C:\Windows\System\gQXJnSF.exe
  2⤵
  PID:7076
- C:\Windows\System\XZTYhFA.exe
  C:\Windows\System\XZTYhFA.exe
  2⤵
  PID:6964
- C:\Windows\System\lcwFKbn.exe
  C:\Windows\System\lcwFKbn.exe
  2⤵
  PID:7188
- C:\Windows\System\aWYVafH.exe
  C:\Windows\System\aWYVafH.exe
  2⤵
  PID:7232
- C:\Windows\System\brdBZCr.exe
  C:\Windows\System\brdBZCr.exe
  2⤵
  PID:7312
- C:\Windows\System\pDJNubz.exe
  C:\Windows\System\pDJNubz.exe
  2⤵
  PID:7380
- C:\Windows\System\TdnLSwC.exe
  C:\Windows\System\TdnLSwC.exe
  2⤵
  PID:7456
- C:\Windows\System\qoOzkGe.exe
  C:\Windows\System\qoOzkGe.exe
  2⤵
  PID:7572
- C:\Windows\System\mqGQsXx.exe
  C:\Windows\System\mqGQsXx.exe
  2⤵
  PID:7756
- C:\Windows\System\YdoSPDn.exe
  C:\Windows\System\YdoSPDn.exe
  2⤵
  PID:7792
- C:\Windows\System\YxmbimM.exe
  C:\Windows\System\YxmbimM.exe
  2⤵
  PID:7864
- C:\Windows\System\vDqwBaw.exe
  C:\Windows\System\vDqwBaw.exe
  2⤵
  PID:7940
- C:\Windows\System\grXaKYo.exe
  C:\Windows\System\grXaKYo.exe
  2⤵
  PID:7980
- C:\Windows\System\HUzKDkz.exe
  C:\Windows\System\HUzKDkz.exe
  2⤵
  PID:8072
- C:\Windows\System\ExqPFrf.exe
  C:\Windows\System\ExqPFrf.exe
  2⤵
  PID:8116
- C:\Windows\System\FVPBihM.exe
  C:\Windows\System\FVPBihM.exe
  2⤵
  PID:7744
- C:\Windows\System\SDgopIR.exe
  C:\Windows\System\SDgopIR.exe
  2⤵
  PID:7772
- C:\Windows\System\JHDLXTb.exe
  C:\Windows\System\JHDLXTb.exe
  2⤵
  PID:6456
- C:\Windows\System\VnyCKMh.exe
  C:\Windows\System\VnyCKMh.exe
  2⤵
  PID:7888
- C:\Windows\System\twBouFy.exe
  C:\Windows\System\twBouFy.exe
  2⤵
  PID:8140
- C:\Windows\System\XytUXQT.exe
  C:\Windows\System\XytUXQT.exe
  2⤵
  PID:8052
- C:\Windows\System\YERiqcJ.exe
  C:\Windows\System\YERiqcJ.exe
  2⤵
  PID:8176
- C:\Windows\System\TKIuBzk.exe
  C:\Windows\System\TKIuBzk.exe
  2⤵
  PID:8184
- C:\Windows\System\bubYgcL.exe
  C:\Windows\System\bubYgcL.exe
  2⤵
  PID:7292
- C:\Windows\System\vEVHlxi.exe
  C:\Windows\System\vEVHlxi.exe
  2⤵
  PID:7436
- C:\Windows\System\FSiUdgp.exe
  C:\Windows\System\FSiUdgp.exe
  2⤵
  PID:7524
- C:\Windows\System\nGoyMvJ.exe
  C:\Windows\System\nGoyMvJ.exe
  2⤵
  PID:7184
- C:\Windows\System\rRgwllG.exe
  C:\Windows\System\rRgwllG.exe
  2⤵
  PID:7252
- C:\Windows\System\ALngTuP.exe
  C:\Windows\System\ALngTuP.exe
  2⤵
  PID:7652
- C:\Windows\System\oquPdrV.exe
  C:\Windows\System\oquPdrV.exe
  2⤵
  PID:7512
- C:\Windows\System\vNXrDsB.exe
  C:\Windows\System\vNXrDsB.exe
  2⤵
  PID:7648
- C:\Windows\System\bynpuId.exe
  C:\Windows\System\bynpuId.exe
  2⤵
  PID:7540
- C:\Windows\System\YIPbQvF.exe
  C:\Windows\System\YIPbQvF.exe
  2⤵
  PID:4140
- C:\Windows\System\JhQqqwX.exe
  C:\Windows\System\JhQqqwX.exe
  2⤵
  PID:7452
- C:\Windows\System\NTqBCaK.exe
  C:\Windows\System\NTqBCaK.exe
  2⤵
  PID:6460
- C:\Windows\System\VqwWWZG.exe
  C:\Windows\System\VqwWWZG.exe
  2⤵
  PID:7788
- C:\Windows\System\ffKHBIo.exe
  C:\Windows\System\ffKHBIo.exe
  2⤵
  PID:8064
- C:\Windows\System\oUElgyF.exe
  C:\Windows\System\oUElgyF.exe
  2⤵
  PID:7624
- C:\Windows\System\unMwNDA.exe
  C:\Windows\System\unMwNDA.exe
  2⤵
  PID:7808
- C:\Windows\System\XHAvCIW.exe
  C:\Windows\System\XHAvCIW.exe
  2⤵
  PID:7724
- C:\Windows\System\YErBjHW.exe
  C:\Windows\System\YErBjHW.exe
  2⤵
  PID:8108
- C:\Windows\System\UTSzcRq.exe
  C:\Windows\System\UTSzcRq.exe
  2⤵
  PID:8164
- C:\Windows\System\gXDjAlx.exe
  C:\Windows\System\gXDjAlx.exe
  2⤵
  PID:7924
- C:\Windows\System\epMcKFO.exe
  C:\Windows\System\epMcKFO.exe
  2⤵
  PID:7200
- C:\Windows\System\NxXTdLq.exe
  C:\Windows\System\NxXTdLq.exe
  2⤵
  PID:7660
- C:\Windows\System\ndmpDnb.exe
  C:\Windows\System\ndmpDnb.exe
  2⤵
  PID:7304
- C:\Windows\System\sYPsoeN.exe
  C:\Windows\System\sYPsoeN.exe
  2⤵
  PID:7492
- C:\Windows\System\SFylyZI.exe
  C:\Windows\System\SFylyZI.exe
  2⤵
  PID:8156
- C:\Windows\System\cgdJDSE.exe
  C:\Windows\System\cgdJDSE.exe
  2⤵
  PID:8132
- C:\Windows\System\pznZhBX.exe
  C:\Windows\System\pznZhBX.exe
  2⤵
  PID:7668
- C:\Windows\System\RyLdWmE.exe
  C:\Windows\System\RyLdWmE.exe
  2⤵
  PID:8120
- C:\Windows\System\sAYarGn.exe
  C:\Windows\System\sAYarGn.exe
  2⤵
  PID:7664
- C:\Windows\System\CRLCDpv.exe
  C:\Windows\System\CRLCDpv.exe
  2⤵
  PID:8196
- C:\Windows\System\gOFsFLz.exe
  C:\Windows\System\gOFsFLz.exe
  2⤵
  PID:8216
- C:\Windows\System\gDCPRtF.exe
  C:\Windows\System\gDCPRtF.exe
  2⤵
  PID:8232
- C:\Windows\System\sYGGFHy.exe
  C:\Windows\System\sYGGFHy.exe
  2⤵
  PID:8268
- C:\Windows\System\vqaVqbr.exe
  C:\Windows\System\vqaVqbr.exe
  2⤵
  PID:8284
- C:\Windows\System\zLrfkBC.exe
  C:\Windows\System\zLrfkBC.exe
  2⤵
  PID:8312
- C:\Windows\System\bUGaXGa.exe
  C:\Windows\System\bUGaXGa.exe
  2⤵
  PID:8328
- C:\Windows\System\dxYYaCZ.exe
  C:\Windows\System\dxYYaCZ.exe
  2⤵
  PID:8348
- C:\Windows\System\auZMkNK.exe
  C:\Windows\System\auZMkNK.exe
  2⤵
  PID:8368
- C:\Windows\System\gxANFue.exe
  C:\Windows\System\gxANFue.exe
  2⤵
  PID:8392
- C:\Windows\System\irrwdeM.exe
  C:\Windows\System\irrwdeM.exe
  2⤵
  PID:8412
- C:\Windows\System\JERqjdu.exe
  C:\Windows\System\JERqjdu.exe
  2⤵
  PID:8436
- C:\Windows\System\TvRYtig.exe
  C:\Windows\System\TvRYtig.exe
  2⤵
  PID:8460
- C:\Windows\System\HyTdjSa.exe
  C:\Windows\System\HyTdjSa.exe
  2⤵
  PID:8488
- C:\Windows\System\ABgBdid.exe
  C:\Windows\System\ABgBdid.exe
  2⤵
  PID:8504
- C:\Windows\System\KJnMugI.exe
  C:\Windows\System\KJnMugI.exe
  2⤵
  PID:8524
- C:\Windows\System\yHBtpSw.exe
  C:\Windows\System\yHBtpSw.exe
  2⤵
  PID:8544
- C:\Windows\System\ihxSiTy.exe
  C:\Windows\System\ihxSiTy.exe
  2⤵
  PID:8560
- C:\Windows\System\XuHIyqg.exe
  C:\Windows\System\XuHIyqg.exe
  2⤵
  PID:8576
- C:\Windows\System\KrPOWgj.exe
  C:\Windows\System\KrPOWgj.exe
  2⤵
  PID:8592
- C:\Windows\System\uOaoDRU.exe
  C:\Windows\System\uOaoDRU.exe
  2⤵
  PID:8612
- C:\Windows\System\QHcdKge.exe
  C:\Windows\System\QHcdKge.exe
  2⤵
  PID:8632
- C:\Windows\System\TJOLJnY.exe
  C:\Windows\System\TJOLJnY.exe
  2⤵
  PID:8672
- C:\Windows\System\DGPBeGC.exe
  C:\Windows\System\DGPBeGC.exe
  2⤵
  PID:8688
- C:\Windows\System\lOgooac.exe
  C:\Windows\System\lOgooac.exe
  2⤵
  PID:8708
- C:\Windows\System\HeAOLoq.exe
  C:\Windows\System\HeAOLoq.exe
  2⤵
  PID:8728
- C:\Windows\System\sQoddmh.exe
  C:\Windows\System\sQoddmh.exe
  2⤵
  PID:8756
- C:\Windows\System\fIRRfaR.exe
  C:\Windows\System\fIRRfaR.exe
  2⤵
  PID:8780
- C:\Windows\System\meBFLrL.exe
  C:\Windows\System\meBFLrL.exe
  2⤵
  PID:8796
- C:\Windows\System\xXGNaJQ.exe
  C:\Windows\System\xXGNaJQ.exe
  2⤵
  PID:8812
- C:\Windows\System\WMgRsGR.exe
  C:\Windows\System\WMgRsGR.exe
  2⤵
  PID:8832
- C:\Windows\System\jFhApvt.exe
  C:\Windows\System\jFhApvt.exe
  2⤵
  PID:8848
- C:\Windows\System\SHcxcYj.exe
  C:\Windows\System\SHcxcYj.exe
  2⤵
  PID:8864
- C:\Windows\System\dSMtemE.exe
  C:\Windows\System\dSMtemE.exe
  2⤵
  PID:8880
- C:\Windows\System\QVEeSxK.exe
  C:\Windows\System\QVEeSxK.exe
  2⤵
  PID:8896
- C:\Windows\System\oofkTHU.exe
  C:\Windows\System\oofkTHU.exe
  2⤵
  PID:8912
- C:\Windows\System\MqBTBuO.exe
  C:\Windows\System\MqBTBuO.exe
  2⤵
  PID:8928
- C:\Windows\System\fkrWOoC.exe
  C:\Windows\System\fkrWOoC.exe
  2⤵
  PID:8944
- C:\Windows\System\wxJQOHy.exe
  C:\Windows\System\wxJQOHy.exe
  2⤵
  PID:8960
- C:\Windows\System\cBIxEZA.exe
  C:\Windows\System\cBIxEZA.exe
  2⤵
  PID:8976
- C:\Windows\System\hxwSieX.exe
  C:\Windows\System\hxwSieX.exe
  2⤵
  PID:8992
- C:\Windows\System\tLjfLKY.exe
  C:\Windows\System\tLjfLKY.exe
  2⤵
  PID:9008
- C:\Windows\System\vIQoUWC.exe
  C:\Windows\System\vIQoUWC.exe
  2⤵
  PID:9028
- C:\Windows\System\xnVhuil.exe
  C:\Windows\System\xnVhuil.exe
  2⤵
  PID:9044
- C:\Windows\System\RJFSJOt.exe
  C:\Windows\System\RJFSJOt.exe
  2⤵
  PID:9068
- C:\Windows\System\clwvQef.exe
  C:\Windows\System\clwvQef.exe
  2⤵
  PID:9088
- C:\Windows\System\GUwpxqa.exe
  C:\Windows\System\GUwpxqa.exe
  2⤵
  PID:9120
- C:\Windows\System\DMXcWSx.exe
  C:\Windows\System\DMXcWSx.exe
  2⤵
  PID:9144
- C:\Windows\System\fcxawyd.exe
  C:\Windows\System\fcxawyd.exe
  2⤵
  PID:9204
- C:\Windows\System\SEMsTJq.exe
  C:\Windows\System\SEMsTJq.exe
  2⤵
  PID:8212
- C:\Windows\System\KsWeZCh.exe
  C:\Windows\System\KsWeZCh.exe
  2⤵
  PID:8256
- C:\Windows\System\yOmWMaJ.exe
  C:\Windows\System\yOmWMaJ.exe
  2⤵
  PID:8292
- C:\Windows\System\EBtGTVx.exe
  C:\Windows\System\EBtGTVx.exe
  2⤵
  PID:8136
- C:\Windows\System\tmCJVZf.exe
  C:\Windows\System\tmCJVZf.exe
  2⤵
  PID:7848
- C:\Windows\System\QQbBaEi.exe
  C:\Windows\System\QQbBaEi.exe
  2⤵
  PID:6788
- C:\Windows\System\KZPLMHj.exe
  C:\Windows\System\KZPLMHj.exe
  2⤵
  PID:7248
- C:\Windows\System\ckZlPiQ.exe
  C:\Windows\System\ckZlPiQ.exe
  2⤵
  PID:6604
- C:\Windows\System\HcVGEQN.exe
  C:\Windows\System\HcVGEQN.exe
  2⤵
  PID:6760
- C:\Windows\System\eJixMNR.exe
  C:\Windows\System\eJixMNR.exe
  2⤵
  PID:8032
- C:\Windows\System\dPgjkxu.exe
  C:\Windows\System\dPgjkxu.exe
  2⤵
  PID:7740
- C:\Windows\System\tBOpcsr.exe
  C:\Windows\System\tBOpcsr.exe
  2⤵
  PID:7520
- C:\Windows\System\oyPbwgH.exe
  C:\Windows\System\oyPbwgH.exe
  2⤵
  PID:8152
- C:\Windows\System\lPSQMMf.exe
  C:\Windows\System\lPSQMMf.exe
  2⤵
  PID:8308
- C:\Windows\System\fcFJVkv.exe
  C:\Windows\System\fcFJVkv.exe
  2⤵
  PID:8012
- C:\Windows\System\xAZwJDf.exe
  C:\Windows\System\xAZwJDf.exe
  2⤵
  PID:8228
- C:\Windows\System\CnAetxr.exe
  C:\Windows\System\CnAetxr.exe
  2⤵
  PID:8340
- C:\Windows\System\Eapcvgv.exe
  C:\Windows\System\Eapcvgv.exe
  2⤵
  PID:8388
- C:\Windows\System\DynxInp.exe
  C:\Windows\System\DynxInp.exe
  2⤵
  PID:8432
- C:\Windows\System\wgtVKmm.exe
  C:\Windows\System\wgtVKmm.exe
  2⤵
  PID:8484
- C:\Windows\System\hWzDXTn.exe
  C:\Windows\System\hWzDXTn.exe
  2⤵
  PID:8320
- C:\Windows\System\ZZLqCIf.exe
  C:\Windows\System\ZZLqCIf.exe
  2⤵
  PID:8556
- C:\Windows\System\GBMSyHP.exe
  C:\Windows\System\GBMSyHP.exe
  2⤵
  PID:8364
- C:\Windows\System\GbTGDhd.exe
  C:\Windows\System\GbTGDhd.exe
  2⤵
  PID:8584
- C:\Windows\System\JyDuvvE.exe
  C:\Windows\System\JyDuvvE.exe
  2⤵
  PID:8448
- C:\Windows\System\QVgYVsb.exe
  C:\Windows\System\QVgYVsb.exe
  2⤵
  PID:8540
- C:\Windows\System\wHKAZBr.exe
  C:\Windows\System\wHKAZBr.exe
  2⤵
  PID:8532
- C:\Windows\System\KHfFolV.exe
  C:\Windows\System\KHfFolV.exe
  2⤵
  PID:8640
- C:\Windows\System\UKNKlBP.exe
  C:\Windows\System\UKNKlBP.exe
  2⤵
  PID:8680
- C:\Windows\System\AJvZYib.exe
  C:\Windows\System\AJvZYib.exe
  2⤵
  PID:8700
- C:\Windows\System\OWapZxM.exe
  C:\Windows\System\OWapZxM.exe
  2⤵
  PID:8704
- C:\Windows\System\uNfiJGJ.exe
  C:\Windows\System\uNfiJGJ.exe
  2⤵
  PID:8748
- C:\Windows\System\uchpwVs.exe
  C:\Windows\System\uchpwVs.exe
  2⤵
  PID:8804
- C:\Windows\System\bwDTXjY.exe
  C:\Windows\System\bwDTXjY.exe
  2⤵
  PID:8820
- C:\Windows\System\khCoPqE.exe
  C:\Windows\System\khCoPqE.exe
  2⤵
  PID:8876
- C:\Windows\System\OwbyDZx.exe
  C:\Windows\System\OwbyDZx.exe
  2⤵
  PID:8856
- C:\Windows\System\KsDRJvH.exe
  C:\Windows\System\KsDRJvH.exe
  2⤵
  PID:8908
- C:\Windows\System\rXZGJJR.exe
  C:\Windows\System\rXZGJJR.exe
  2⤵
  PID:8972
- C:\Windows\System\DCcRxpK.exe
  C:\Windows\System\DCcRxpK.exe
  2⤵
  PID:9076
- C:\Windows\System\PYoauCw.exe
  C:\Windows\System\PYoauCw.exe
  2⤵
  PID:8956
- C:\Windows\System\LWyFJTM.exe
  C:\Windows\System\LWyFJTM.exe
  2⤵
  PID:9020
- C:\Windows\System\NUvlgQd.exe
  C:\Windows\System\NUvlgQd.exe
  2⤵
  PID:9060
- C:\Windows\System\UDyWPBv.exe
  C:\Windows\System\UDyWPBv.exe
  2⤵
  PID:9108
- C:\Windows\System\cifdyRg.exe
  C:\Windows\System\cifdyRg.exe
  2⤵
  PID:8608
- C:\Windows\System\nhggwpy.exe
  C:\Windows\System\nhggwpy.exe
  2⤵
  PID:9132
- C:\Windows\System\BBwoSlV.exe
  C:\Windows\System\BBwoSlV.exe
  2⤵
  PID:9164
- C:\Windows\System\wslBeEC.exe
  C:\Windows\System\wslBeEC.exe
  2⤵
  PID:9184
- C:\Windows\System\mTtFIYD.exe
  C:\Windows\System\mTtFIYD.exe
  2⤵
  PID:9200
- C:\Windows\System\dBsiIMC.exe
  C:\Windows\System\dBsiIMC.exe
  2⤵
  PID:8244
- C:\Windows\System\YMtJZlD.exe
  C:\Windows\System\YMtJZlD.exe
  2⤵
  PID:8264
- C:\Windows\System\GlmjFXF.exe
  C:\Windows\System\GlmjFXF.exe
  2⤵
  PID:7656
- C:\Windows\System\pNCwyio.exe
  C:\Windows\System\pNCwyio.exe
  2⤵
  PID:7880
- C:\Windows\System\aMmLzGP.exe
  C:\Windows\System\aMmLzGP.exe
  2⤵
  PID:7948
- C:\Windows\System\uDktrXw.exe
  C:\Windows\System\uDktrXw.exe
  2⤵
  PID:8336
- C:\Windows\System\QqOIsEl.exe
  C:\Windows\System\QqOIsEl.exe
  2⤵
  PID:8280
- C:\Windows\System\kyHxNyg.exe
  C:\Windows\System\kyHxNyg.exe
  2⤵
  PID:8512
- C:\Windows\System\eQJhShu.exe
  C:\Windows\System\eQJhShu.exe
  2⤵
  PID:8356
- C:\Windows\System\PEeSybK.exe
  C:\Windows\System\PEeSybK.exe
  2⤵
  PID:7440
- C:\Windows\System\RIceqoy.exe
  C:\Windows\System\RIceqoy.exe
  2⤵
  PID:8384
- C:\Windows\System\KIYKqxb.exe
  C:\Windows\System\KIYKqxb.exe
  2⤵
  PID:8408
- C:\Windows\System\AAcdZFr.exe
  C:\Windows\System\AAcdZFr.exe
  2⤵
  PID:7776
- C:\Windows\System\FrAtzGv.exe
  C:\Windows\System\FrAtzGv.exe
  2⤵
  PID:8628
- C:\Windows\System\Ajjojea.exe
  C:\Windows\System\Ajjojea.exe
  2⤵
  PID:564
- C:\Windows\System\QMzlKxT.exe
  C:\Windows\System\QMzlKxT.exe
  2⤵
  PID:8656
- C:\Windows\System\oaUKszt.exe
  C:\Windows\System\oaUKszt.exe
  2⤵
  PID:8776
- C:\Windows\System\JLpaLMo.exe
  C:\Windows\System\JLpaLMo.exe
  2⤵
  PID:8768
- C:\Windows\System\LUCZxJJ.exe
  C:\Windows\System\LUCZxJJ.exe
  2⤵
  PID:8844
- C:\Windows\System\vIgtPTC.exe
  C:\Windows\System\vIgtPTC.exe
  2⤵
  PID:8968
- C:\Windows\System\swYqSfD.exe
  C:\Windows\System\swYqSfD.exe
  2⤵
  PID:8888
- C:\Windows\System\BwBHvxC.exe
  C:\Windows\System\BwBHvxC.exe
  2⤵
  PID:8988
- C:\Windows\System\BlWMYEy.exe
  C:\Windows\System\BlWMYEy.exe
  2⤵
  PID:8904
- C:\Windows\System\xeOiBGD.exe
  C:\Windows\System\xeOiBGD.exe
  2⤵
  PID:8892
- C:\Windows\System\PRheaYG.exe
  C:\Windows\System\PRheaYG.exe
  2⤵
  PID:9212
- C:\Windows\System\gwxJtKK.exe
  C:\Windows\System\gwxJtKK.exe
  2⤵
  PID:9116
- C:\Windows\System\OzQmzyI.exe
  C:\Windows\System\OzQmzyI.exe
  2⤵
  PID:7844
- C:\Windows\System\xscweuZ.exe
  C:\Windows\System\xscweuZ.exe
  2⤵
  PID:2300
- C:\Windows\System\cwamWZD.exe
  C:\Windows\System\cwamWZD.exe
  2⤵
  PID:700
- C:\Windows\System\qTMrmQt.exe
  C:\Windows\System\qTMrmQt.exe
  2⤵
  PID:1660
- C:\Windows\System\vCatppO.exe
  C:\Windows\System\vCatppO.exe
  2⤵
  PID:8788
- C:\Windows\System\mmJLXDs.exe
  C:\Windows\System\mmJLXDs.exe
  2⤵
  PID:8696
- C:\Windows\System\EJwaiaK.exe
  C:\Windows\System\EJwaiaK.exe
  2⤵
  PID:7680
- C:\Windows\System\EWsoymT.exe
  C:\Windows\System\EWsoymT.exe
  2⤵
  PID:8684
- C:\Windows\System\MartKLR.exe
  C:\Windows\System\MartKLR.exe
  2⤵
  PID:8952
- C:\Windows\System\EYgsxcI.exe
  C:\Windows\System\EYgsxcI.exe
  2⤵
  PID:8736
- C:\Windows\System\ecCfabd.exe
  C:\Windows\System\ecCfabd.exe
  2⤵
  PID:9104
- C:\Windows\System\jomCdPh.exe
  C:\Windows\System\jomCdPh.exe
  2⤵
  PID:9152
- C:\Windows\System\zXbqvnH.exe
  C:\Windows\System\zXbqvnH.exe
  2⤵
  PID:9096
- C:\Windows\System\nkkhtmI.exe
  C:\Windows\System\nkkhtmI.exe
  2⤵
  PID:8260
- C:\Windows\System\VUbprPa.exe
  C:\Windows\System\VUbprPa.exe
  2⤵
  PID:7500
- C:\Windows\System\SjeuvQh.exe
  C:\Windows\System\SjeuvQh.exe
  2⤵
  PID:7404
- C:\Windows\System\oZlLDjY.exe
  C:\Windows\System\oZlLDjY.exe
  2⤵
  PID:8452
- C:\Windows\System\xUqcJLg.exe
  C:\Windows\System\xUqcJLg.exe
  2⤵
  PID:8344
- C:\Windows\System\vNhzWxp.exe
  C:\Windows\System\vNhzWxp.exe
  2⤵
  PID:9156
- C:\Windows\System\GMAxzDS.exe
  C:\Windows\System\GMAxzDS.exe
  2⤵
  PID:8652
- C:\Windows\System\RsWQdJj.exe
  C:\Windows\System\RsWQdJj.exe
  2⤵
  PID:6824
- C:\Windows\System\ofcXFkn.exe
  C:\Windows\System\ofcXFkn.exe
  2⤵
  PID:1804
- C:\Windows\System\SoCNfDl.exe
  C:\Windows\System\SoCNfDl.exe
  2⤵
  PID:7596
- C:\Windows\System\eLgVCPW.exe
  C:\Windows\System\eLgVCPW.exe
  2⤵
  PID:8024
- C:\Windows\System\HqvXcqe.exe
  C:\Windows\System\HqvXcqe.exe
  2⤵
  PID:9176
- C:\Windows\System\NDFCAkm.exe
  C:\Windows\System\NDFCAkm.exe
  2⤵
  PID:9228
- C:\Windows\System\OMMVswk.exe
  C:\Windows\System\OMMVswk.exe
  2⤵
  PID:9244
- C:\Windows\System\qlriMMC.exe
  C:\Windows\System\qlriMMC.exe
  2⤵
  PID:9308
- C:\Windows\System\yfmLtHQ.exe
  C:\Windows\System\yfmLtHQ.exe
  2⤵
  PID:9348
- C:\Windows\System\PWmfjmC.exe
  C:\Windows\System\PWmfjmC.exe
  2⤵
  PID:9368
- C:\Windows\System\HnQuckw.exe
  C:\Windows\System\HnQuckw.exe
  2⤵
  PID:9384
- C:\Windows\System\YhHPPZY.exe
  C:\Windows\System\YhHPPZY.exe
  2⤵
  PID:9400
- C:\Windows\System\GpGunAR.exe
  C:\Windows\System\GpGunAR.exe
  2⤵
  PID:9416
- C:\Windows\System\rApXIub.exe
  C:\Windows\System\rApXIub.exe
  2⤵
  PID:9432
- C:\Windows\System\izMiKeZ.exe
  C:\Windows\System\izMiKeZ.exe
  2⤵
  PID:9448
- C:\Windows\System\BVYzPKG.exe
  C:\Windows\System\BVYzPKG.exe
  2⤵
  PID:9464
- C:\Windows\System\KEKBARC.exe
  C:\Windows\System\KEKBARC.exe
  2⤵
  PID:9480
- C:\Windows\System\vfxCzmV.exe
  C:\Windows\System\vfxCzmV.exe
  2⤵
  PID:9496
- C:\Windows\System\lSIuwQS.exe
  C:\Windows\System\lSIuwQS.exe
  2⤵
  PID:9512
- C:\Windows\System\kMqyBZi.exe
  C:\Windows\System\kMqyBZi.exe
  2⤵
  PID:9536
- C:\Windows\System\qhHzLUs.exe
  C:\Windows\System\qhHzLUs.exe
  2⤵
  PID:9552
- C:\Windows\System\RdAcxmp.exe
  C:\Windows\System\RdAcxmp.exe
  2⤵
  PID:9568
- C:\Windows\System\sYkdjwq.exe
  C:\Windows\System\sYkdjwq.exe
  2⤵
  PID:9584
- C:\Windows\System\yYDXYUL.exe
  C:\Windows\System\yYDXYUL.exe
  2⤵
  PID:9600
- C:\Windows\System\hRUaeKc.exe
  C:\Windows\System\hRUaeKc.exe
  2⤵
  PID:9616
- C:\Windows\System\sudDvwt.exe
  C:\Windows\System\sudDvwt.exe
  2⤵
  PID:9632
- C:\Windows\System\bGDeSCX.exe
  C:\Windows\System\bGDeSCX.exe
  2⤵
  PID:9648
- C:\Windows\System\jaVnazB.exe
  C:\Windows\System\jaVnazB.exe
  2⤵
  PID:9664
- C:\Windows\System\WMPyusc.exe
  C:\Windows\System\WMPyusc.exe
  2⤵
  PID:9680
- C:\Windows\System\iIbEaLY.exe
  C:\Windows\System\iIbEaLY.exe
  2⤵
  PID:9696
- C:\Windows\System\ZfiGaRD.exe
  C:\Windows\System\ZfiGaRD.exe
  2⤵
  PID:9712
- C:\Windows\System\WKLxOgw.exe
  C:\Windows\System\WKLxOgw.exe
  2⤵
  PID:9728
- C:\Windows\System\xMYWily.exe
  C:\Windows\System\xMYWily.exe
  2⤵
  PID:9744
- C:\Windows\System\jnEgTtV.exe
  C:\Windows\System\jnEgTtV.exe
  2⤵
  PID:9760
- C:\Windows\System\KhmOeIz.exe
  C:\Windows\System\KhmOeIz.exe
  2⤵
  PID:9776
- C:\Windows\System\EmMIbmi.exe
  C:\Windows\System\EmMIbmi.exe
  2⤵
  PID:9792
- C:\Windows\System\NxdHmhJ.exe
  C:\Windows\System\NxdHmhJ.exe
  2⤵
  PID:9808
- C:\Windows\System\WbkeeEN.exe
  C:\Windows\System\WbkeeEN.exe
  2⤵
  PID:9828
- C:\Windows\System\xGMASuZ.exe
  C:\Windows\System\xGMASuZ.exe
  2⤵
  PID:9856
- C:\Windows\System\IPedUjQ.exe
  C:\Windows\System\IPedUjQ.exe
  2⤵
  PID:9872
- C:\Windows\System\dvDGpDU.exe
  C:\Windows\System\dvDGpDU.exe
  2⤵
  PID:10100
- C:\Windows\System\YDlIKTH.exe
  C:\Windows\System\YDlIKTH.exe
  2⤵
  PID:10140
- C:\Windows\System\uGCIqvB.exe
  C:\Windows\System\uGCIqvB.exe
  2⤵
  PID:10156
- C:\Windows\System\CPRCjfH.exe
  C:\Windows\System\CPRCjfH.exe
  2⤵
  PID:10172
- C:\Windows\System\JeTEAMH.exe
  C:\Windows\System\JeTEAMH.exe
  2⤵
  PID:10188
- C:\Windows\System\VErViuG.exe
  C:\Windows\System\VErViuG.exe
  2⤵
  PID:10204
- C:\Windows\System\GFksYmM.exe
  C:\Windows\System\GFksYmM.exe
  2⤵
  PID:10232
- C:\Windows\System\tasqrBl.exe
  C:\Windows\System\tasqrBl.exe
  2⤵
  PID:2332
- C:\Windows\System\KMLQmln.exe
  C:\Windows\System\KMLQmln.exe
  2⤵
  PID:584
- C:\Windows\System\JHMqgzF.exe
  C:\Windows\System\JHMqgzF.exe
  2⤵
  PID:9220
- C:\Windows\System\OEMJwWk.exe
  C:\Windows\System\OEMJwWk.exe
  2⤵
  PID:9272
- C:\Windows\System\UnPuQjN.exe
  C:\Windows\System\UnPuQjN.exe
  2⤵
  PID:9304
- C:\Windows\System\bChFEtm.exe
  C:\Windows\System\bChFEtm.exe
  2⤵
  PID:9328
- C:\Windows\System\cdMtVMI.exe
  C:\Windows\System\cdMtVMI.exe
  2⤵
  PID:9440
- C:\Windows\System\MhPOwQQ.exe
  C:\Windows\System\MhPOwQQ.exe
  2⤵
  PID:9392
- C:\Windows\System\UDbOcnA.exe
  C:\Windows\System\UDbOcnA.exe
  2⤵
  PID:9472
- C:\Windows\System\PWwMRDZ.exe
  C:\Windows\System\PWwMRDZ.exe
  2⤵
  PID:9560
- C:\Windows\System\KQLYLoY.exe
  C:\Windows\System\KQLYLoY.exe
  2⤵
  PID:9524
- C:\Windows\System\uPsfceq.exe
  C:\Windows\System\uPsfceq.exe
  2⤵
  PID:9660
- C:\Windows\System\DrFuGLd.exe
  C:\Windows\System\DrFuGLd.exe
  2⤵
  PID:9724
- C:\Windows\System\GfKtlNi.exe
  C:\Windows\System\GfKtlNi.exe
  2⤵
  PID:9644
- C:\Windows\System\XumdzEX.exe
  C:\Windows\System\XumdzEX.exe
  2⤵
  PID:9708
- C:\Windows\System\HnJFzCw.exe
  C:\Windows\System\HnJFzCw.exe
  2⤵
  PID:9788
- C:\Windows\System\FKItphm.exe
  C:\Windows\System\FKItphm.exe
  2⤵
  PID:9476
- C:\Windows\System\kjTyynk.exe
  C:\Windows\System\kjTyynk.exe
  2⤵
  PID:9580
- C:\Windows\System\IwIYImh.exe
  C:\Windows\System\IwIYImh.exe
  2⤵
  PID:9804
- C:\Windows\System\JJrsQPs.exe
  C:\Windows\System\JJrsQPs.exe
  2⤵
  PID:9852
- C:\Windows\System\owSQamf.exe
  C:\Windows\System\owSQamf.exe
  2⤵
  PID:9880
- C:\Windows\System\AzPKNXp.exe
  C:\Windows\System\AzPKNXp.exe
  2⤵
  PID:9896
- C:\Windows\System\YjLZoDU.exe
  C:\Windows\System\YjLZoDU.exe
  2⤵
  PID:9916
- C:\Windows\System\YbsYmdW.exe
  C:\Windows\System\YbsYmdW.exe
  2⤵
  PID:9936
- C:\Windows\System\OefCLsI.exe
  C:\Windows\System\OefCLsI.exe
  2⤵
  PID:9948
- C:\Windows\System\VFhSLAZ.exe
  C:\Windows\System\VFhSLAZ.exe
  2⤵
  PID:10000
- C:\Windows\System\guTZgnv.exe
  C:\Windows\System\guTZgnv.exe
  2⤵
  PID:9992
- C:\Windows\System\SCzctxL.exe
  C:\Windows\System\SCzctxL.exe
  2⤵
  PID:10012
- C:\Windows\System\YzzUFhm.exe
  C:\Windows\System\YzzUFhm.exe
  2⤵
  PID:10028
- C:\Windows\System\ZyQLfhU.exe
  C:\Windows\System\ZyQLfhU.exe
  2⤵
  PID:10092
- C:\Windows\System\xWkPued.exe
  C:\Windows\System\xWkPued.exe
  2⤵
  PID:10052
- C:\Windows\System\LMbFMgM.exe
  C:\Windows\System\LMbFMgM.exe
  2⤵
  PID:10072
- C:\Windows\System\bwFuMTc.exe
  C:\Windows\System\bwFuMTc.exe
  2⤵
  PID:10096
- C:\Windows\System\iWobUst.exe
  C:\Windows\System\iWobUst.exe
  2⤵
  PID:10128
- C:\Windows\System\iikXuVi.exe
  C:\Windows\System\iikXuVi.exe
  2⤵
  PID:9884
- C:\Windows\System\sHEDtcZ.exe
  C:\Windows\System\sHEDtcZ.exe
  2⤵
  PID:5300
- C:\Windows\System\QmQwXAA.exe
  C:\Windows\System\QmQwXAA.exe
  2⤵
  PID:9036
- C:\Windows\System\DEvrlGz.exe
  C:\Windows\System\DEvrlGz.exe
  2⤵
  PID:8792
- C:\Windows\System\cvWaOUV.exe
  C:\Windows\System\cvWaOUV.exe
  2⤵
  PID:8204
- C:\Windows\System\LTIbHYp.exe
  C:\Windows\System\LTIbHYp.exe
  2⤵
  PID:9268
- C:\Windows\System\zlnpdbG.exe
  C:\Windows\System\zlnpdbG.exe
  2⤵
  PID:9320
- C:\Windows\System\JAHhJjW.exe
  C:\Windows\System\JAHhJjW.exe
  2⤵
  PID:9280
- C:\Windows\System\OxeWdvT.exe
  C:\Windows\System\OxeWdvT.exe
  2⤵
  PID:9324
- C:\Windows\System\PyOEhPj.exe
  C:\Windows\System\PyOEhPj.exe
  2⤵
  PID:9360
- C:\Windows\System\iUUSsWz.exe
  C:\Windows\System\iUUSsWz.exe
  2⤵
  PID:9456
- C:\Windows\System\ZzXLaya.exe
  C:\Windows\System\ZzXLaya.exe
  2⤵
  PID:8620
- C:\Windows\System\CkvIjMM.exe
  C:\Windows\System\CkvIjMM.exe
  2⤵
  PID:9628
- C:\Windows\System\BhqQrXV.exe
  C:\Windows\System\BhqQrXV.exe
  2⤵
  PID:9688
- C:\Windows\System\oXkBvjG.exe
  C:\Windows\System\oXkBvjG.exe
  2⤵
  PID:9576
- C:\Windows\System\qNxTurA.exe
  C:\Windows\System\qNxTurA.exe
  2⤵
  PID:9836
- C:\Windows\System\EGLTwmI.exe
  C:\Windows\System\EGLTwmI.exe
  2⤵
  PID:9924
- C:\Windows\System\HpPsVxg.exe
  C:\Windows\System\HpPsVxg.exe
  2⤵
  PID:10004
- C:\Windows\System\jbFMQnn.exe
  C:\Windows\System\jbFMQnn.exe
  2⤵
  PID:10060
- C:\Windows\System\pRzSrPK.exe
  C:\Windows\System\pRzSrPK.exe
  2⤵
  PID:9740
- C:\Windows\System\VEIaSAH.exe
  C:\Windows\System\VEIaSAH.exe
  2⤵
  PID:9972
- C:\Windows\System\jPXeiVn.exe
  C:\Windows\System\jPXeiVn.exe
  2⤵
  PID:10088
- C:\Windows\System\thijJlm.exe
  C:\Windows\System\thijJlm.exe
  2⤵
  PID:9824
- C:\Windows\System\LWILAOI.exe
  C:\Windows\System\LWILAOI.exe
  2⤵
  PID:9868
- C:\Windows\System\MLIWXVH.exe
  C:\Windows\System\MLIWXVH.exe
  2⤵
  PID:9944
- C:\Windows\System\RRPUkib.exe
  C:\Windows\System\RRPUkib.exe
  2⤵
  PID:10216
- C:\Windows\System\vElJcLO.exe
  C:\Windows\System\vElJcLO.exe
  2⤵
  PID:996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BLPtHEN.exe

Filesize
6.0MB

MD5
01e3efe3db1293a809896984d52020e1

SHA1
5cab560ed1dc42b3d7866f1b4c4bdbd353594628

SHA256
5faa4436ee65390cd8db903b15cc78d2bfdc979cf043b2dfcc1409850e8c3103

SHA512
ee6dee1d4a6ccafd52cdee0cb03d656c013d2ead0a2f6effb10a37fec742112c4406e809ee3cb2836531b52929abbbed76e2b471efb879ae66521b89027f93dd

Download Submit
C:\Windows\system\CDxlLFN.exe

Filesize
6.0MB

MD5
35d1987acef3baa3e7dc83cbe8b7c1d9

SHA1
9575cf30ba35234c088943dede51764c963841b3

SHA256
616cecd810cd225af3b254e2a7eaab0443157a477713b192198d0559b7bdd39e

SHA512
55fd0e7894cda3d63b1a58a7d5701f97387f6fafece32b2f78d6fdacfec6c09181757b446d5d6e0b1b8ba1bb9fd31ec005d0fcd3b59a11a594aff5726dacb6fa

Download Submit
C:\Windows\system\IFgIgfL.exe

Filesize
6.0MB

MD5
d599d53f5a6b889259a343c17f6b2c16

SHA1
0a935719aa37f7af412ddaedfa4f2f8648ef7758

SHA256
ce7acbaa1814636ebc46c74ce74ff1b13da4159015ad5ecc147110c1973c97ca

SHA512
7b1c59befc0e749a7edf8356fc59eca39d25d294e841feaaae06fb60d32c702d35bb9eefea4cffe40a22b9b2b08aee7dbb8e46cbe7ae2fc027a8e72811745183

Download Submit
C:\Windows\system\MCBeajA.exe

Filesize
6.0MB

MD5
38ae90e52e09a14929e227c6cf9b4c6d

SHA1
7a459aa9554b8fb2c8ec90ba6e21183ee51daea6

SHA256
79826b270223f2cb7439adf3f1e37c4c6da33084330d998777d1b832c09d9707

SHA512
716e35259c693bc4a570525f048c69bdd7578dc8f509dff367ded4e1e36bc9771d29059d39517fb0e1e00c2d5e790bc6b3af7302e8804e9bc6a49dc7dc93be8b

Download Submit
C:\Windows\system\MzxcnMo.exe

Filesize
6.0MB

MD5
c69973a1a0b73f8bcd6a1405feaa8d53

SHA1
b6fa3689fd2730e331ec24362eade49e9f8772f1

SHA256
9910e1363dbfcd16096bcdc31a0eb52a698e3e89b797c9fabc970e60df4e7b4d

SHA512
c012f1b27f3398cc8b8bf548e6c7de39ae519e0bf1bf8e176a81e25d7d729eb71c33d65b03a7cf92ae4d33112ca3597cf45a6bb00d6259d0097844754a0bc2ca

Download Submit
C:\Windows\system\NHKrtAm.exe

Filesize
6.0MB

MD5
46f188022875deea7cecfdedd11b4d80

SHA1
2ebf8eab5920d7713d9cb3a95d73d195d183218c

SHA256
dd2f61f271492e629367de391bf194cb9c0f766aed747b8e0aba1f3187a25b83

SHA512
6574f2fadf4e20c73544c2a325f30c6e15f701e48cbba674290ab3c177cb0de6a7847f57421f46957266aad9fddc4ef7dded550b07120f94452fcbc52d9466d9

Download Submit
C:\Windows\system\NLVQPQR.exe

Filesize
6.0MB

MD5
c9598f7e8bc342e17791437041202065

SHA1
b00feaf6c8fe1c6d69ef5e0337d9476abd524dc5

SHA256
391d1579d972853bc1f67d918cb20d75b4c21f05932b73d619b69e959e963f77

SHA512
9d59fd15ce75172fe97dc9078feacfc7fe32168f785d6da7a0a63d6fd79d5754d56c46aea2096ffff579b08997373a84238607e7d3f741aac6dcf78242a1b313

Download Submit
C:\Windows\system\PMYAZvG.exe

Filesize
6.0MB

MD5
ce2e8edca6e9f8fdbd8dacb8e8fbb93c

SHA1
6d434378eb3bcfa72a51c48d5dde590d4bcedead

SHA256
b87d2f125d9926c067ce6cedecc41309265d82ac65fee35a74e16c6a8a0acebc

SHA512
19979c6d04bba8aa07642bbf88d20db6b052a10ced894248beeeeade0654a60d91333f75daf80661facb6c0986dc196cbb8e20e3fc46ba215975618595ab58aa

Download Submit
C:\Windows\system\POxfWKN.exe

Filesize
6.0MB

MD5
55c0e29b4d4ae5d1450c74b97ccf32d7

SHA1
0e66208d74f99553edc75a229be37acff52efce9

SHA256
aee50d3e72ad45fa23e91f44d8ff46d214d10c69888df8d1f7a5f3a56cd79036

SHA512
a8feda90ae7532784a81b74ab367c53c38644a8dd50d9a8c7837be9788f6c29ee72dade16e82d423c265ddc90f247249e2779513f6cc13c3655f31370323ed63

Download Submit
C:\Windows\system\PPuLdRI.exe

Filesize
6.0MB

MD5
d0ae0f23f843f7d50a2ad3a7177a5241

SHA1
2a803a8a48c29a00563ef969ac1f33aad3be04e0

SHA256
4bfecd4b9a2c20903c36b1f345a3616fc0aa16c2de1231ec396a559416d0f7a2

SHA512
a8f4dde7fa997fb1abcd0c6dc39eb1c5da5db5f3a3c6b4a6d1d98e23859e73827735e9cd15adde4936628b8c5049846e40077ef885a9b4f47742a54a0677f850

Download Submit
C:\Windows\system\SmAAGTm.exe

Filesize
6.0MB

MD5
6e9e6b3135a6ee6d3cbdd21b5f62298b

SHA1
4335452fe23f647d349e4af8aa9c8a6982f4c4f2

SHA256
da4f5ad8cc6e1f19c5b92311b4be116b6403602808e332a10b60ddc26b089d07

SHA512
5f754749b4d12e3ceba9d00be86d1e847259465e092e5266a876e2844ba2666fab12e6c85639d32b9e1599cd76754db2826483753ca8ef89e2a3932a4936f9fd

Download Submit
C:\Windows\system\TseMhgr.exe

Filesize
6.0MB

MD5
bbc856f89e10748a8de4dde8f54fdff9

SHA1
acb0de9dc685092ccfdc728f1cd5426fa97311bf

SHA256
3ac9fc82fdc033cd7553228e4b574be35f3bb2900f78a4b5279e1fe29ae8534c

SHA512
4102f3c7804bd9a11213eea97c8082d13cffe6a1e06980ae0ebb86a8488217f03c5e1f527768f3bbf7a31c913e95fedeef3f53127b9989aa93ed28652218dd95

Download Submit
C:\Windows\system\VZkiKWW.exe

Filesize
6.0MB

MD5
e05996b06936c3c366e6852046eef025

SHA1
2bd202c3bfc5ffa64bb4bc2d02a11ea46522a349

SHA256
d499739d83d25f18a85907d1afd149c7506b2cd7a7791937f60d5b443ed513e0

SHA512
701b4780382294bc6a028314dcfa4a4a14169e5ac41c4fa4f561465ba5ce06fe5a6e61c1aed8b7041a25948c264f7ced92cf58f09257aaffc9209832c39e1492

Download Submit
C:\Windows\system\ZjUzXwu.exe

Filesize
6.0MB

MD5
c845a9c53f18f976e2ee6b0ee499a6b7

SHA1
7094d5cd67877627820fda4d7a02807082a01498

SHA256
b8e54265c7e787f833c3aae5cd32ac1436e02f9221e5db8c80d10df01aadc07f

SHA512
ceb4f4484c78f0378202135924a0bebb8818d3ad4e65cd6c9b2ad84b5c7971aa161f6d5e9d0a07b199cce44a862d2972e71712775337aac4300081c5ed773bcd

Download Submit
C:\Windows\system\bEPneXa.exe

Filesize
6.0MB

MD5
64594f35d5d5227557bbc279f60580a7

SHA1
6251c1290e759cb7637378d67fcbc1174de4caa7

SHA256
de5285156b8291c8a99154dfdba02aa7d87e5320aab8cd1863352ddefd139036

SHA512
731bcc514050fab726e620c8f52b62ed2bc3b2547d007efe8b4a24eb7e31041c4e9eecdf582e4c93677ab9b7f35907e19f2c37676f246178ee6c0654036906a0

Download Submit
C:\Windows\system\efGclJV.exe

Filesize
6.0MB

MD5
4ae5608725ad47c518184c31c7814849

SHA1
9600017155e36e17e282ba32e2c162d90b2f7491

SHA256
132169fb169e9ad8f2a8418fa892c4389c7a2efcbe4d74de9d6a23f69167d6aa

SHA512
96f81bf534e194e76f126ac7af4632ea4feef5697600a0525c0ae1ab3ecbf7e0b52d97bd65836096fdf1295d0bf4549f59486b5ccb88f0a0bdae079f7dafbf3a

Download Submit
C:\Windows\system\iGukjwO.exe

Filesize
6.0MB

MD5
e5f24a39663e83c3fe0df65d7082a931

SHA1
9b3bec00ed9a550e987ea0c50ebc491e111fc074

SHA256
d2161769a2f5d93b1684a6c2bb95473618e8c2405c8664f8f5d2336d9a316443

SHA512
9901443bc26e1b9bb1c224e7f05200a543957f7ae6f5a25231535f28614de06b4a534d4d49b070badcfc6ce65287c76ec305cec251a2b509d41bd5e2d400d8b4

Download Submit
C:\Windows\system\icZoCYo.exe

Filesize
6.0MB

MD5
20d3068837b43ffc41b189ad8478bc40

SHA1
6125f99f29f6105d3e800b72380b931848642a8f

SHA256
335c1c164441c0d4a2c9f390a76ac69cc7c9a1a21e720ee072ba6a324bec9d86

SHA512
33645020b80b3e915f573964f6dd085b921450acd63632514a55a097c81459f9090d4ed98fd163ed324320f37934f27976fb464b67339bf9c20ab8e89d4379c1

Download Submit
C:\Windows\system\kiWkmNG.exe

Filesize
6.0MB

MD5
798343961bf96fdc2ce9d3778ac46fe0

SHA1
606aa0e462da0747aa6b464b052e9908c29d8ae3

SHA256
7bd2fac855271700a721c1257f8e612095538a4fa33a727181c00596220b5035

SHA512
667a04908a789d37d56f3f4c22c29344907ab3313e7104dc47eb54997df4b088578749efbe160e3f908a04c5053447aec41e3bc8f649ea13cadc3e92c70542e4

Download Submit
C:\Windows\system\kmsougo.exe

Filesize
6.0MB

MD5
d608bbf4c3b2c7ae6231d450eb4a0927

SHA1
161e4378afc00e6504b8eab0b679391f0f1e0fbf

SHA256
782ce39abaa6ff29c01ed8c2072be8abd47847040b59dc3ee139e47fb6728191

SHA512
578700bd60c321b3c03bd7332d824b7fc0954c6a198959e9ef39825b6de38ee11fbe2e5d53e63068c741bbd8c926449dd61783486b086046498f5de99d997160

Download Submit
C:\Windows\system\miUroJs.exe

Filesize
6.0MB

MD5
f86fb845bb64f318a27e121bca066278

SHA1
dc09c04000c37442fd9aa33a3474b73104c45dc9

SHA256
240caa20432a8f4c3613977daaf5e315f9e1b280219a5f72a1e78b42924122ac

SHA512
0bb8ae6646c8423e7d3ba0f6de7f3310aecd0d8b86f8a56d46aaea004b09459050b20ef1882c259825222207f88e0fdbbfec718b3cf8f457217161b71a227fd1

Download Submit
C:\Windows\system\nBbpRMj.exe

Filesize
6.0MB

MD5
ea10cadf0067e40fc6a998852b8f3af7

SHA1
6c2be512fe047f719e4d9a4b7cf051b6485c74d7

SHA256
048c790571385d944d52a0d0753c75b9c27fa60c89afc76ff280ff5b6f5811b8

SHA512
02ed515e978942f2c4e870e9bde79607805d1d7994abb8d443d8296f2318f319c6445839c8e086ecd2ca7753cd2a1cb7afeaa3f3630d4c4ab801b5f3884ae03f

Download Submit
C:\Windows\system\nqvSWom.exe

Filesize
6.0MB

MD5
ec05b20425cb18a551642087bc9e6a5b

SHA1
067851641c6a7e901d9232ef96219ca93a4fd2fd

SHA256
85b684ce2d05abba0cf53b0930f465601df9c43a93819695465a6ef3d27afef1

SHA512
6e16cf8bd2dc0785e438ae10dc9a197ef78be355c3c1b7fcdbb964b8c138603665533732152011437d64050d2a45f7456de8846197dd0549d118ae7786e1a528

Download Submit
C:\Windows\system\oSmVKUk.exe

Filesize
6.0MB

MD5
8acb17a877b0688c6983bb1c433efce1

SHA1
20aace23a75c11cf1eb549424bc068ce3f0d3d40

SHA256
f4ab143fd7604aa5c83928f8ec91a2d637ff62b154b8a8f2d5fbb9152652490d

SHA512
f83a3ff583883e286f072b78ec95df3ba947f2a751cd8ccb2c6541f6df4addeaf51cdd252b88234c31ee2c838f94504607a7042e99d4c2656b65017a2d3089a5

Download Submit
C:\Windows\system\uYZDgRr.exe

Filesize
6.0MB

MD5
33de87c3b166c06427c46fcaa7bfd48f

SHA1
7651cd9b716b0d0449c782deb56305bcddd93d88

SHA256
990c3321405bfd089de5c79eb907ec13c97e27ca2cee33c85a041b4059494afa

SHA512
c622e8dcc43fdb1444db4ac663227108431409fdddc0efd6f0b4c22818b88d991420a612b96b24488d1d71ddb000e8c29c19a55cabdf3e2aa1f4cad6ba0be87e

Download Submit
C:\Windows\system\uexiose.exe

Filesize
6.0MB

MD5
338781a8f851674e7c84cc6c6c2b87e4

SHA1
c17f497ce3662861d462a8c9dcec525fa0029c61

SHA256
8773e06906fdd8aaff7a4d74dc86cf3099ae9cb1dd56b0d57111d8ac5a566f8e

SHA512
776159baee706faa482be771fcc342a491947c6676bddfd43a7f53593ee25113e4cf0f65972f537c054a6ef11075393d2691cb231feccaa76391cb45727bfb57

Download Submit
C:\Windows\system\ydiRtqC.exe

Filesize
6.0MB

MD5
47b4fb49d59272469e4793f00c49a886

SHA1
1b057fb78a4fac5449d2fc8dda3493511dc20517

SHA256
d00cf2743608160e4ed87357b2cb74aa4706b84af7fd93d1d62db987b119af78

SHA512
362b7eac118016649c18367d0f5efbfc453ed1ddc229e5e4de83c9dabc0d1da2d086d6576793480ad0cdf9e979210b22f1c3685f7cb777249b019d6455664cef

Download Submit
C:\Windows\system\zjIRaKF.exe

Filesize
6.0MB

MD5
e86da924e86c910d260e1208f2895295

SHA1
777011baa15fe246d261b33b8bf73284e850595a

SHA256
a28555c92b53b97068b3a92125953a818338fab41112b03149c0a1b2cf9eb5c7

SHA512
aa85d456a408b92136bae89a36ac8154213831e38bfbbe871ee1b285841b34d816faa3f33ab2bb93cb19abed805da7cf9a3bb806ff29cb4cb86b31bcb5809667

Download Submit
\Windows\system\FXzdJoL.exe

Filesize
6.0MB

MD5
7fba9a71f03629187e16c4fc78a83752

SHA1
30afcfdc71085e4cf468e9e0850d287060fd47cf

SHA256
08c73a67a1ae9b2fd8ede167031bf852ad3fef420306c6e37993338b08479c9a

SHA512
438eaa0ba1e904ec8e4f54e7816948e11d9e6ecaeab53ade01567ee3034dd1aa517f3a4e2c418138bbb456cd48f6d1b1f80921f230faac4ee31624e84c288f90

Download Submit
\Windows\system\QIQtZer.exe

Filesize
6.0MB

MD5
748f0a31486f03eb1aa5b21857dc16f4

SHA1
adcca118d8577bfbdf26cc970d455f9ef7140cdb

SHA256
46aeb7f26df3cc1e77708356269b309c7e7308e9df3c02ce2832188e5f479cbe

SHA512
6964b9113cb1b8d72728a47d27f96f1e346d983dc1ca3c0fe67d89cc2f839b15339ef110672fbf4b21c7a647fc122af94b7f1e0cadc16dd40c64d85f0d14f623

Download Submit
\Windows\system\STTMwKD.exe

Filesize
6.0MB

MD5
99a36f3433cbbaaf491728ea0e8e446e

SHA1
ef612e79309b41bb3b902feb626e2a76d2ce6539

SHA256
fdb0197465a13549b64690a5a67f4e98478179337d78f70ca69b48e165e64e06

SHA512
b2ac01e0c601873363673753ff2e7d6045de96ba613a10910b494c0bd61ccf50b14cd1f772ca6eacc379534995880ac2239f0a499467dd152421a05a74c5801f

Download Submit
\Windows\system\owArQUL.exe

Filesize
6.0MB

MD5
01dc60f727d257a14d5b6333c7c10635

SHA1
eb62dc75f787861d228602c194bb13b45f26a6c7

SHA256
0fd718e3de1c78bfb79d68cd924892d30d64381ddce5615cbff702037ee1d453

SHA512
e76182d6486d73215875db98942aa7eb47b8de9009b8f2163b4e838cc783ee757d0a683ef090cf1cddf2ba990bc54bb4757175063b71623f6e1a6026ee4e6c99

Download Submit
memory/860-3601-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/860-91-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/860-23-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/1636-97-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/1636-950-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/1636-3652-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2096-45-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2096-3600-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2200-3594-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2200-95-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2200-29-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2392-3571-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2392-9-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2520-292-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-3620-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-59-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-20-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2600-71-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2600-47-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-46-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2600-949-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-96-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-0-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-58-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-8-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2600-17-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-105-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-73-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2600-451-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2600-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2600-28-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2600-1096-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-595-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2680-76-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2680-3664-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2760-18-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-75-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3581-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3644-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-88-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-90-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2852-3648-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2924-87-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2924-3641-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2932-74-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2932-3615-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2960-49-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-3607-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-3633-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2980-89-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download