cobaltstrike | 3970091381ed01a529e7ad0fdfa73e3fd824b7ecb2745d1fa33594b2dc549d8d

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
30-12-2024 02:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

c51c95f5e7a8824300df5d5a10cedf80
SHA1

f710bf1490d400f2006fe684bb2f0935643e960c
SHA256

3970091381ed01a529e7ad0fdfa73e3fd824b7ecb2745d1fa33594b2dc549d8d
SHA512

c15af3ec8ba59a767720e70c175c5407110d31e2608a5a1879383dd4bdcdfc9cd812791c1d7cb0fef5de88b3980dae96df95e1d3cecb89ad6bcc6ece0a4f03fb
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUe:T+q56utgpPF8u/7e

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001202c-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015ec4-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015f7b-10.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001604c-19.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001610d-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016332-37.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d67-46.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de8-72.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df3-81.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017497-98.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-103.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-144.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b4e-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878e-154.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c16-164.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a8-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018744-148.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-137.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-113.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-108.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017049-94.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ecf-86.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dea-76.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9f-66.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d77-61.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6f-56.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6b-51.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d54-41.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001628b-31.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 63 IoCs

miner

resource	yara_rule
behavioral1/memory/2836-0-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/files/0x000c00000001202c-6.dat	xmrig
behavioral1/files/0x0008000000015ec4-11.dat	xmrig
behavioral1/files/0x0008000000015f7b-10.dat	xmrig
behavioral1/files/0x000700000001604c-19.dat	xmrig
behavioral1/files/0x000700000001610d-26.dat	xmrig
behavioral1/files/0x0007000000016332-37.dat	xmrig
behavioral1/files/0x0006000000016d67-46.dat	xmrig
behavioral1/files/0x0006000000016de8-72.dat	xmrig
behavioral1/files/0x0006000000016df3-81.dat	xmrig
behavioral1/files/0x0006000000017497-98.dat	xmrig
behavioral1/files/0x000600000001749c-103.dat	xmrig
behavioral1/files/0x00050000000186e7-118.dat	xmrig
behavioral1/files/0x00050000000186ed-123.dat	xmrig
behavioral1/files/0x0005000000018739-144.dat	xmrig
behavioral1/memory/1656-654-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2644-658-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/836-672-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2836-1905-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2176-674-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2940-670-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/572-668-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/772-666-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/1616-664-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2288-662-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2748-660-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2740-656-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2656-652-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018b4e-160.dat	xmrig
behavioral1/files/0x000500000001878e-154.dat	xmrig
behavioral1/files/0x0006000000018c16-164.dat	xmrig
behavioral1/files/0x00050000000187a8-158.dat	xmrig
behavioral1/files/0x0005000000018744-148.dat	xmrig
behavioral1/files/0x00050000000186f4-133.dat	xmrig
behavioral1/files/0x0005000000018704-137.dat	xmrig
behavioral1/files/0x00050000000186f1-128.dat	xmrig
behavioral1/files/0x0005000000018686-113.dat	xmrig
behavioral1/files/0x000600000001755b-108.dat	xmrig
behavioral1/files/0x0006000000017049-94.dat	xmrig
behavioral1/memory/2884-93-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2752-92-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/files/0x0006000000016ecf-86.dat	xmrig
behavioral1/files/0x0006000000016dea-76.dat	xmrig
behavioral1/files/0x0006000000016d9f-66.dat	xmrig
behavioral1/files/0x0006000000016d77-61.dat	xmrig
behavioral1/files/0x0006000000016d6f-56.dat	xmrig
behavioral1/files/0x0006000000016d6b-51.dat	xmrig
behavioral1/files/0x0008000000016d54-41.dat	xmrig
behavioral1/files/0x000700000001628b-31.dat	xmrig
behavioral1/memory/2884-3889-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/772-3900-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2288-3894-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2644-3885-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/1616-4112-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/836-4107-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2656-4106-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2748-4115-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2752-4116-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/572-4144-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2940-4143-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2740-4142-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2176-4174-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/1656-4180-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2752	BXwxfbN.exe
2884	WqVpJIL.exe
2656	WpDcdCp.exe
1656	pbbzWcm.exe
2740	OpFjaYN.exe
2644	MmWbaZz.exe
2748	WVlnfiY.exe
2288	PUjLKqO.exe
1616	SakYzOE.exe
772	PoaXRaT.exe
572	rWHxsgV.exe
2940	qQFrMlI.exe
836	MOUasaK.exe
2176	WYxGfrp.exe
1992	JlTeveG.exe
1108	dMesfbY.exe
2928	gKvodng.exe
2964	AlhrGAX.exe
2996	MsBCECk.exe
3040	TeaIPex.exe
3000	WXGvQLI.exe
2020	aCUzXXm.exe
2608	eZKgICJ.exe
2456	CuQHIxq.exe
1036	bOLmjCt.exe
2072	AXFfSzB.exe
1976	MhLqDZc.exe
2356	apdRavt.exe
2524	IOvUbtp.exe
1496	qBxmdHI.exe
800	iaEMByz.exe
2584	xNZnwra.exe
2392	ASouwfz.exe
3044	rArqVPX.exe
1688	lzitAPs.exe
1924	PpHkVIW.exe
2008	VlSHAoh.exe
972	SOuYoLn.exe
1620	GDGnABC.exe
1540	EetrmbN.exe
1964	jZYQPhR.exe
744	szGkays.exe
1736	vGawWGH.exe
1648	cTyGVyi.exe
1612	uLeYsca.exe
1528	NpFWnTm.exe
2376	AYFsVES.exe
1744	gJQHvMR.exe
2472	lLMOQtP.exe
1932	clWDFHh.exe
2064	DLAPxfn.exe
1668	oPGSvGV.exe
300	bfqLGbK.exe
1500	dOJyAEh.exe
2240	DwvjxOO.exe
2348	iQGOsji.exe
1604	lmnhHWl.exe
2092	hJSjZrn.exe
1844	eLNUByd.exe
2668	YAIlwvJ.exe
2624	epMArmg.exe
892	PidJRAY.exe
532	qvibmDL.exe
1048	eTZWxYO.exe

Loads dropped DLL 64 IoCs

pid	Process
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2836-0-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/files/0x000c00000001202c-6.dat	upx
behavioral1/files/0x0008000000015ec4-11.dat	upx
behavioral1/files/0x0008000000015f7b-10.dat	upx
behavioral1/files/0x000700000001604c-19.dat	upx
behavioral1/files/0x000700000001610d-26.dat	upx
behavioral1/files/0x0007000000016332-37.dat	upx
behavioral1/files/0x0006000000016d67-46.dat	upx
behavioral1/files/0x0006000000016de8-72.dat	upx
behavioral1/files/0x0006000000016df3-81.dat	upx
behavioral1/files/0x0006000000017497-98.dat	upx
behavioral1/files/0x000600000001749c-103.dat	upx
behavioral1/files/0x00050000000186e7-118.dat	upx
behavioral1/files/0x00050000000186ed-123.dat	upx
behavioral1/files/0x0005000000018739-144.dat	upx
behavioral1/memory/1656-654-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2644-658-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/836-672-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2836-1905-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2176-674-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2940-670-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/572-668-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/772-666-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/1616-664-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2288-662-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2748-660-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2740-656-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2656-652-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/files/0x0006000000018b4e-160.dat	upx
behavioral1/files/0x000500000001878e-154.dat	upx
behavioral1/files/0x0006000000018c16-164.dat	upx
behavioral1/files/0x00050000000187a8-158.dat	upx
behavioral1/files/0x0005000000018744-148.dat	upx
behavioral1/files/0x00050000000186f4-133.dat	upx
behavioral1/files/0x0005000000018704-137.dat	upx
behavioral1/files/0x00050000000186f1-128.dat	upx
behavioral1/files/0x0005000000018686-113.dat	upx
behavioral1/files/0x000600000001755b-108.dat	upx
behavioral1/files/0x0006000000017049-94.dat	upx
behavioral1/memory/2884-93-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2752-92-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/files/0x0006000000016ecf-86.dat	upx
behavioral1/files/0x0006000000016dea-76.dat	upx
behavioral1/files/0x0006000000016d9f-66.dat	upx
behavioral1/files/0x0006000000016d77-61.dat	upx
behavioral1/files/0x0006000000016d6f-56.dat	upx
behavioral1/files/0x0006000000016d6b-51.dat	upx
behavioral1/files/0x0008000000016d54-41.dat	upx
behavioral1/files/0x000700000001628b-31.dat	upx
behavioral1/memory/2884-3889-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/772-3900-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2288-3894-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2644-3885-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/1616-4112-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/836-4107-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2656-4106-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2748-4115-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2752-4116-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/572-4144-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2940-4143-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2740-4142-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2176-4174-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/1656-4180-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\VIPrWWo.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oTcZEHT.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sGjTzRP.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qCAHLma.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMEPZPn.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wVzmcLN.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kJxNKzH.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zvtIFNq.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XXEedoN.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vDRYWWz.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LdWkTba.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\slxbVYr.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DVZohos.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TlmgZBl.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tFDjXdy.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dATUmXx.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oVSYelL.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\blEHkRE.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RimFzQe.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GFYjIHi.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ttWoHvA.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DieudNF.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OUfLlHp.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dWikAeU.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UWFoIVw.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LbltKrU.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DyFmfzn.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JbuXVIX.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HofXQwu.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mGryzXh.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ROxLlJi.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SILWTyL.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iaEMByz.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WbucFdX.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QqdffDG.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UPHoimQ.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YWDUxDt.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KyMHJDu.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hNSrJqd.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZJYbCUw.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PoaXRaT.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lhQYDAj.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wuvFnBA.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cvYTMgj.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ySpHSzV.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RGohyyE.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PdRnnNQ.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IriIZbN.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gEEiPhF.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\waLKZUj.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dKobJBt.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eYSVorT.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TvBpXnv.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UKlwzMu.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eTZWxYO.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FwKWGuF.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LNqRpsh.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nLgDRMn.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IGVDkKb.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hPdhNYX.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kKuYKSu.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MnkJQwN.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LpOTntM.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vkjfuzh.exe	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2836 wrote to memory of 2752	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2836 wrote to memory of 2752	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2836 wrote to memory of 2752	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2836 wrote to memory of 2884	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2836 wrote to memory of 2884	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2836 wrote to memory of 2884	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2836 wrote to memory of 2656	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2836 wrote to memory of 2656	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2836 wrote to memory of 2656	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2836 wrote to memory of 1656	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2836 wrote to memory of 1656	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2836 wrote to memory of 1656	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2836 wrote to memory of 2740	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2836 wrote to memory of 2740	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2836 wrote to memory of 2740	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2836 wrote to memory of 2644	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2836 wrote to memory of 2644	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2836 wrote to memory of 2644	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2836 wrote to memory of 2748	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2836 wrote to memory of 2748	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2836 wrote to memory of 2748	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2836 wrote to memory of 2288	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2836 wrote to memory of 2288	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2836 wrote to memory of 2288	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2836 wrote to memory of 1616	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2836 wrote to memory of 1616	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2836 wrote to memory of 1616	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2836 wrote to memory of 772	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2836 wrote to memory of 772	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2836 wrote to memory of 772	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2836 wrote to memory of 572	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2836 wrote to memory of 572	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2836 wrote to memory of 572	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2836 wrote to memory of 2940	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2836 wrote to memory of 2940	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2836 wrote to memory of 2940	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2836 wrote to memory of 836	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2836 wrote to memory of 836	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2836 wrote to memory of 836	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2836 wrote to memory of 2176	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2836 wrote to memory of 2176	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2836 wrote to memory of 2176	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2836 wrote to memory of 1992	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2836 wrote to memory of 1992	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2836 wrote to memory of 1992	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2836 wrote to memory of 1108	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2836 wrote to memory of 1108	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2836 wrote to memory of 1108	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2836 wrote to memory of 2928	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2836 wrote to memory of 2928	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2836 wrote to memory of 2928	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2836 wrote to memory of 2964	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2836 wrote to memory of 2964	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2836 wrote to memory of 2964	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2836 wrote to memory of 2996	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2836 wrote to memory of 2996	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2836 wrote to memory of 2996	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2836 wrote to memory of 3040	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2836 wrote to memory of 3040	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2836 wrote to memory of 3040	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2836 wrote to memory of 3000	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2836 wrote to memory of 3000	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2836 wrote to memory of 3000	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2836 wrote to memory of 2020	2836	2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-30_c51c95f5e7a8824300df5d5a10cedf80_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2836
- C:\Windows\System\BXwxfbN.exe
  C:\Windows\System\BXwxfbN.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\WqVpJIL.exe
  C:\Windows\System\WqVpJIL.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\WpDcdCp.exe
  C:\Windows\System\WpDcdCp.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\pbbzWcm.exe
  C:\Windows\System\pbbzWcm.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\OpFjaYN.exe
  C:\Windows\System\OpFjaYN.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\MmWbaZz.exe
  C:\Windows\System\MmWbaZz.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\WVlnfiY.exe
  C:\Windows\System\WVlnfiY.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\PUjLKqO.exe
  C:\Windows\System\PUjLKqO.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\SakYzOE.exe
  C:\Windows\System\SakYzOE.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\PoaXRaT.exe
  C:\Windows\System\PoaXRaT.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\rWHxsgV.exe
  C:\Windows\System\rWHxsgV.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\qQFrMlI.exe
  C:\Windows\System\qQFrMlI.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\MOUasaK.exe
  C:\Windows\System\MOUasaK.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\WYxGfrp.exe
  C:\Windows\System\WYxGfrp.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\JlTeveG.exe
  C:\Windows\System\JlTeveG.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\dMesfbY.exe
  C:\Windows\System\dMesfbY.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\gKvodng.exe
  C:\Windows\System\gKvodng.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\AlhrGAX.exe
  C:\Windows\System\AlhrGAX.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\MsBCECk.exe
  C:\Windows\System\MsBCECk.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\TeaIPex.exe
  C:\Windows\System\TeaIPex.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\WXGvQLI.exe
  C:\Windows\System\WXGvQLI.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\aCUzXXm.exe
  C:\Windows\System\aCUzXXm.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\eZKgICJ.exe
  C:\Windows\System\eZKgICJ.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\CuQHIxq.exe
  C:\Windows\System\CuQHIxq.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\bOLmjCt.exe
  C:\Windows\System\bOLmjCt.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\AXFfSzB.exe
  C:\Windows\System\AXFfSzB.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\MhLqDZc.exe
  C:\Windows\System\MhLqDZc.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\apdRavt.exe
  C:\Windows\System\apdRavt.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\IOvUbtp.exe
  C:\Windows\System\IOvUbtp.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\qBxmdHI.exe
  C:\Windows\System\qBxmdHI.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\iaEMByz.exe
  C:\Windows\System\iaEMByz.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\ASouwfz.exe
  C:\Windows\System\ASouwfz.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\xNZnwra.exe
  C:\Windows\System\xNZnwra.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\rArqVPX.exe
  C:\Windows\System\rArqVPX.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\lzitAPs.exe
  C:\Windows\System\lzitAPs.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\PpHkVIW.exe
  C:\Windows\System\PpHkVIW.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\VlSHAoh.exe
  C:\Windows\System\VlSHAoh.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\SOuYoLn.exe
  C:\Windows\System\SOuYoLn.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\GDGnABC.exe
  C:\Windows\System\GDGnABC.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\szGkays.exe
  C:\Windows\System\szGkays.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\EetrmbN.exe
  C:\Windows\System\EetrmbN.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\vGawWGH.exe
  C:\Windows\System\vGawWGH.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\jZYQPhR.exe
  C:\Windows\System\jZYQPhR.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\cTyGVyi.exe
  C:\Windows\System\cTyGVyi.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\uLeYsca.exe
  C:\Windows\System\uLeYsca.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\NpFWnTm.exe
  C:\Windows\System\NpFWnTm.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\AYFsVES.exe
  C:\Windows\System\AYFsVES.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\gJQHvMR.exe
  C:\Windows\System\gJQHvMR.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\lLMOQtP.exe
  C:\Windows\System\lLMOQtP.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\clWDFHh.exe
  C:\Windows\System\clWDFHh.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\DLAPxfn.exe
  C:\Windows\System\DLAPxfn.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\oPGSvGV.exe
  C:\Windows\System\oPGSvGV.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\bfqLGbK.exe
  C:\Windows\System\bfqLGbK.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\dOJyAEh.exe
  C:\Windows\System\dOJyAEh.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\DwvjxOO.exe
  C:\Windows\System\DwvjxOO.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\iQGOsji.exe
  C:\Windows\System\iQGOsji.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\lmnhHWl.exe
  C:\Windows\System\lmnhHWl.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\hJSjZrn.exe
  C:\Windows\System\hJSjZrn.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\eLNUByd.exe
  C:\Windows\System\eLNUByd.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\YAIlwvJ.exe
  C:\Windows\System\YAIlwvJ.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\epMArmg.exe
  C:\Windows\System\epMArmg.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\PidJRAY.exe
  C:\Windows\System\PidJRAY.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\qvibmDL.exe
  C:\Windows\System\qvibmDL.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\eTZWxYO.exe
  C:\Windows\System\eTZWxYO.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\teArTmd.exe
  C:\Windows\System\teArTmd.exe
  2⤵
  PID:964
- C:\Windows\System\zMAeZmw.exe
  C:\Windows\System\zMAeZmw.exe
  2⤵
  PID:1852
- C:\Windows\System\zNMlxcN.exe
  C:\Windows\System\zNMlxcN.exe
  2⤵
  PID:380
- C:\Windows\System\eAgiQSR.exe
  C:\Windows\System\eAgiQSR.exe
  2⤵
  PID:2984
- C:\Windows\System\WrCsGya.exe
  C:\Windows\System\WrCsGya.exe
  2⤵
  PID:2804
- C:\Windows\System\ktzEFoC.exe
  C:\Windows\System\ktzEFoC.exe
  2⤵
  PID:2292
- C:\Windows\System\QeavfCl.exe
  C:\Windows\System\QeavfCl.exe
  2⤵
  PID:2196
- C:\Windows\System\CfaFFGq.exe
  C:\Windows\System\CfaFFGq.exe
  2⤵
  PID:1816
- C:\Windows\System\KfsssHX.exe
  C:\Windows\System\KfsssHX.exe
  2⤵
  PID:2160
- C:\Windows\System\LJxcoLj.exe
  C:\Windows\System\LJxcoLj.exe
  2⤵
  PID:1360
- C:\Windows\System\pubEXCL.exe
  C:\Windows\System\pubEXCL.exe
  2⤵
  PID:308
- C:\Windows\System\yISKYYP.exe
  C:\Windows\System\yISKYYP.exe
  2⤵
  PID:2044
- C:\Windows\System\oWjAKYo.exe
  C:\Windows\System\oWjAKYo.exe
  2⤵
  PID:2388
- C:\Windows\System\ZReMXXq.exe
  C:\Windows\System\ZReMXXq.exe
  2⤵
  PID:448
- C:\Windows\System\RfCuszd.exe
  C:\Windows\System\RfCuszd.exe
  2⤵
  PID:1592
- C:\Windows\System\MyKtmJg.exe
  C:\Windows\System\MyKtmJg.exe
  2⤵
  PID:992
- C:\Windows\System\lEBcdVc.exe
  C:\Windows\System\lEBcdVc.exe
  2⤵
  PID:1444
- C:\Windows\System\FSoPgXb.exe
  C:\Windows\System\FSoPgXb.exe
  2⤵
  PID:2136
- C:\Windows\System\XyMdNCZ.exe
  C:\Windows\System\XyMdNCZ.exe
  2⤵
  PID:760
- C:\Windows\System\HNaTInO.exe
  C:\Windows\System\HNaTInO.exe
  2⤵
  PID:936
- C:\Windows\System\dHqDqpv.exe
  C:\Windows\System\dHqDqpv.exe
  2⤵
  PID:2448
- C:\Windows\System\jFojqNB.exe
  C:\Windows\System\jFojqNB.exe
  2⤵
  PID:1944
- C:\Windows\System\GeScSPM.exe
  C:\Windows\System\GeScSPM.exe
  2⤵
  PID:1728
- C:\Windows\System\NEPjSlU.exe
  C:\Windows\System\NEPjSlU.exe
  2⤵
  PID:736
- C:\Windows\System\qPDxyFW.exe
  C:\Windows\System\qPDxyFW.exe
  2⤵
  PID:1680
- C:\Windows\System\ksBxstV.exe
  C:\Windows\System\ksBxstV.exe
  2⤵
  PID:1804
- C:\Windows\System\naciVse.exe
  C:\Windows\System\naciVse.exe
  2⤵
  PID:2436
- C:\Windows\System\NitLzHV.exe
  C:\Windows\System\NitLzHV.exe
  2⤵
  PID:1600
- C:\Windows\System\RimFzQe.exe
  C:\Windows\System\RimFzQe.exe
  2⤵
  PID:2916
- C:\Windows\System\zqFUPoj.exe
  C:\Windows\System\zqFUPoj.exe
  2⤵
  PID:2692
- C:\Windows\System\LzBbCmS.exe
  C:\Windows\System\LzBbCmS.exe
  2⤵
  PID:996
- C:\Windows\System\qmsueJO.exe
  C:\Windows\System\qmsueJO.exe
  2⤵
  PID:584
- C:\Windows\System\KZHsebI.exe
  C:\Windows\System\KZHsebI.exe
  2⤵
  PID:2268
- C:\Windows\System\qntUnYk.exe
  C:\Windows\System\qntUnYk.exe
  2⤵
  PID:3012
- C:\Windows\System\AVNTnwr.exe
  C:\Windows\System\AVNTnwr.exe
  2⤵
  PID:1288
- C:\Windows\System\seRiKII.exe
  C:\Windows\System\seRiKII.exe
  2⤵
  PID:2420
- C:\Windows\System\OSLflvf.exe
  C:\Windows\System\OSLflvf.exe
  2⤵
  PID:2164
- C:\Windows\System\KGZJaow.exe
  C:\Windows\System\KGZJaow.exe
  2⤵
  PID:1772
- C:\Windows\System\WbucFdX.exe
  C:\Windows\System\WbucFdX.exe
  2⤵
  PID:3008
- C:\Windows\System\lMPJMkL.exe
  C:\Windows\System\lMPJMkL.exe
  2⤵
  PID:2080
- C:\Windows\System\XCCIfgy.exe
  C:\Windows\System\XCCIfgy.exe
  2⤵
  PID:2068
- C:\Windows\System\ujRohct.exe
  C:\Windows\System\ujRohct.exe
  2⤵
  PID:1132
- C:\Windows\System\BFwurQK.exe
  C:\Windows\System\BFwurQK.exe
  2⤵
  PID:2372
- C:\Windows\System\bHGWIUe.exe
  C:\Windows\System\bHGWIUe.exe
  2⤵
  PID:1936
- C:\Windows\System\NpnvRZU.exe
  C:\Windows\System\NpnvRZU.exe
  2⤵
  PID:576
- C:\Windows\System\DJxajQT.exe
  C:\Windows\System\DJxajQT.exe
  2⤵
  PID:1868
- C:\Windows\System\ROuMXmc.exe
  C:\Windows\System\ROuMXmc.exe
  2⤵
  PID:2100
- C:\Windows\System\DOgbsfL.exe
  C:\Windows\System\DOgbsfL.exe
  2⤵
  PID:2768
- C:\Windows\System\UuECWOC.exe
  C:\Windows\System\UuECWOC.exe
  2⤵
  PID:2208
- C:\Windows\System\HVfDDAc.exe
  C:\Windows\System\HVfDDAc.exe
  2⤵
  PID:3080
- C:\Windows\System\vWBCQOD.exe
  C:\Windows\System\vWBCQOD.exe
  2⤵
  PID:3096
- C:\Windows\System\NvdZFEh.exe
  C:\Windows\System\NvdZFEh.exe
  2⤵
  PID:3116
- C:\Windows\System\zEmNgaq.exe
  C:\Windows\System\zEmNgaq.exe
  2⤵
  PID:3136
- C:\Windows\System\TthBuYC.exe
  C:\Windows\System\TthBuYC.exe
  2⤵
  PID:3168
- C:\Windows\System\LQywzzx.exe
  C:\Windows\System\LQywzzx.exe
  2⤵
  PID:3188
- C:\Windows\System\EMETRzw.exe
  C:\Windows\System\EMETRzw.exe
  2⤵
  PID:3204
- C:\Windows\System\HKmqqRi.exe
  C:\Windows\System\HKmqqRi.exe
  2⤵
  PID:3224
- C:\Windows\System\VWmQsqo.exe
  C:\Windows\System\VWmQsqo.exe
  2⤵
  PID:3248
- C:\Windows\System\NYbmMbR.exe
  C:\Windows\System\NYbmMbR.exe
  2⤵
  PID:3268
- C:\Windows\System\GMHkZyB.exe
  C:\Windows\System\GMHkZyB.exe
  2⤵
  PID:3288
- C:\Windows\System\EIRmirU.exe
  C:\Windows\System\EIRmirU.exe
  2⤵
  PID:3304
- C:\Windows\System\vDRYWWz.exe
  C:\Windows\System\vDRYWWz.exe
  2⤵
  PID:3320
- C:\Windows\System\VFhMVNc.exe
  C:\Windows\System\VFhMVNc.exe
  2⤵
  PID:3344
- C:\Windows\System\QqdffDG.exe
  C:\Windows\System\QqdffDG.exe
  2⤵
  PID:3360
- C:\Windows\System\zKrrPIm.exe
  C:\Windows\System\zKrrPIm.exe
  2⤵
  PID:3388
- C:\Windows\System\QNEQfeV.exe
  C:\Windows\System\QNEQfeV.exe
  2⤵
  PID:3408
- C:\Windows\System\kcZznHY.exe
  C:\Windows\System\kcZznHY.exe
  2⤵
  PID:3424
- C:\Windows\System\UDwUepm.exe
  C:\Windows\System\UDwUepm.exe
  2⤵
  PID:3448
- C:\Windows\System\fMTCwzl.exe
  C:\Windows\System\fMTCwzl.exe
  2⤵
  PID:3464
- C:\Windows\System\tmnQZHp.exe
  C:\Windows\System\tmnQZHp.exe
  2⤵
  PID:3488
- C:\Windows\System\shGWBBH.exe
  C:\Windows\System\shGWBBH.exe
  2⤵
  PID:3508
- C:\Windows\System\mtqzrQZ.exe
  C:\Windows\System\mtqzrQZ.exe
  2⤵
  PID:3528
- C:\Windows\System\dOJCKxI.exe
  C:\Windows\System\dOJCKxI.exe
  2⤵
  PID:3544
- C:\Windows\System\eEByZiO.exe
  C:\Windows\System\eEByZiO.exe
  2⤵
  PID:3568
- C:\Windows\System\nWEEkJp.exe
  C:\Windows\System\nWEEkJp.exe
  2⤵
  PID:3584
- C:\Windows\System\AbmbTvD.exe
  C:\Windows\System\AbmbTvD.exe
  2⤵
  PID:3604
- C:\Windows\System\tbvPVUi.exe
  C:\Windows\System\tbvPVUi.exe
  2⤵
  PID:3628
- C:\Windows\System\SkOdzYh.exe
  C:\Windows\System\SkOdzYh.exe
  2⤵
  PID:3648
- C:\Windows\System\UKdpMHV.exe
  C:\Windows\System\UKdpMHV.exe
  2⤵
  PID:3668
- C:\Windows\System\qeDzopg.exe
  C:\Windows\System\qeDzopg.exe
  2⤵
  PID:3684
- C:\Windows\System\hwWrlYt.exe
  C:\Windows\System\hwWrlYt.exe
  2⤵
  PID:3704
- C:\Windows\System\KIIgNXG.exe
  C:\Windows\System\KIIgNXG.exe
  2⤵
  PID:3720
- C:\Windows\System\xUgMULF.exe
  C:\Windows\System\xUgMULF.exe
  2⤵
  PID:3736
- C:\Windows\System\FxqmoXx.exe
  C:\Windows\System\FxqmoXx.exe
  2⤵
  PID:3752
- C:\Windows\System\wnyzJoM.exe
  C:\Windows\System\wnyzJoM.exe
  2⤵
  PID:3768
- C:\Windows\System\aCWqyQM.exe
  C:\Windows\System\aCWqyQM.exe
  2⤵
  PID:3796
- C:\Windows\System\RiUuEvP.exe
  C:\Windows\System\RiUuEvP.exe
  2⤵
  PID:3816
- C:\Windows\System\VPnAqLa.exe
  C:\Windows\System\VPnAqLa.exe
  2⤵
  PID:3840
- C:\Windows\System\HzJfMHA.exe
  C:\Windows\System\HzJfMHA.exe
  2⤵
  PID:3880
- C:\Windows\System\INmbdFQ.exe
  C:\Windows\System\INmbdFQ.exe
  2⤵
  PID:3900
- C:\Windows\System\zzmuGBw.exe
  C:\Windows\System\zzmuGBw.exe
  2⤵
  PID:3916
- C:\Windows\System\ptfQnqK.exe
  C:\Windows\System\ptfQnqK.exe
  2⤵
  PID:3936
- C:\Windows\System\ZWCLtIy.exe
  C:\Windows\System\ZWCLtIy.exe
  2⤵
  PID:3960
- C:\Windows\System\TpwhkZW.exe
  C:\Windows\System\TpwhkZW.exe
  2⤵
  PID:3980
- C:\Windows\System\LdWkTba.exe
  C:\Windows\System\LdWkTba.exe
  2⤵
  PID:4000
- C:\Windows\System\gNwqdAP.exe
  C:\Windows\System\gNwqdAP.exe
  2⤵
  PID:4016
- C:\Windows\System\NCQkAQP.exe
  C:\Windows\System\NCQkAQP.exe
  2⤵
  PID:4036
- C:\Windows\System\GWveQnY.exe
  C:\Windows\System\GWveQnY.exe
  2⤵
  PID:4052
- C:\Windows\System\vKhRpZC.exe
  C:\Windows\System\vKhRpZC.exe
  2⤵
  PID:4076
- C:\Windows\System\UGLnCwH.exe
  C:\Windows\System\UGLnCwH.exe
  2⤵
  PID:4092
- C:\Windows\System\WjxfoYI.exe
  C:\Windows\System\WjxfoYI.exe
  2⤵
  PID:2828
- C:\Windows\System\FUPwvQO.exe
  C:\Windows\System\FUPwvQO.exe
  2⤵
  PID:2792
- C:\Windows\System\NleUSIq.exe
  C:\Windows\System\NleUSIq.exe
  2⤵
  PID:1220
- C:\Windows\System\PEmwllG.exe
  C:\Windows\System\PEmwllG.exe
  2⤵
  PID:1512
- C:\Windows\System\FsFnJZv.exe
  C:\Windows\System\FsFnJZv.exe
  2⤵
  PID:1084
- C:\Windows\System\dytQPAu.exe
  C:\Windows\System\dytQPAu.exe
  2⤵
  PID:1864
- C:\Windows\System\TlmgZBl.exe
  C:\Windows\System\TlmgZBl.exe
  2⤵
  PID:2808
- C:\Windows\System\poKRsfC.exe
  C:\Windows\System\poKRsfC.exe
  2⤵
  PID:2004
- C:\Windows\System\sXuWUTV.exe
  C:\Windows\System\sXuWUTV.exe
  2⤵
  PID:868
- C:\Windows\System\Hutsnsb.exe
  C:\Windows\System\Hutsnsb.exe
  2⤵
  PID:884
- C:\Windows\System\VCCKuYX.exe
  C:\Windows\System\VCCKuYX.exe
  2⤵
  PID:2704
- C:\Windows\System\qXSvjkM.exe
  C:\Windows\System\qXSvjkM.exe
  2⤵
  PID:3112
- C:\Windows\System\NDPcgaC.exe
  C:\Windows\System\NDPcgaC.exe
  2⤵
  PID:3156
- C:\Windows\System\LXGZezz.exe
  C:\Windows\System\LXGZezz.exe
  2⤵
  PID:3200
- C:\Windows\System\NCESDyK.exe
  C:\Windows\System\NCESDyK.exe
  2⤵
  PID:880
- C:\Windows\System\wfmGIKG.exe
  C:\Windows\System\wfmGIKG.exe
  2⤵
  PID:3244
- C:\Windows\System\qnfExjV.exe
  C:\Windows\System\qnfExjV.exe
  2⤵
  PID:3180
- C:\Windows\System\sOBjbVo.exe
  C:\Windows\System\sOBjbVo.exe
  2⤵
  PID:3256
- C:\Windows\System\YuQDhjd.exe
  C:\Windows\System\YuQDhjd.exe
  2⤵
  PID:3312
- C:\Windows\System\iVmoMvC.exe
  C:\Windows\System\iVmoMvC.exe
  2⤵
  PID:3336
- C:\Windows\System\jAJRhHl.exe
  C:\Windows\System\jAJRhHl.exe
  2⤵
  PID:3372
- C:\Windows\System\JqgkeXh.exe
  C:\Windows\System\JqgkeXh.exe
  2⤵
  PID:3376
- C:\Windows\System\ghmwGtQ.exe
  C:\Windows\System\ghmwGtQ.exe
  2⤵
  PID:3384
- C:\Windows\System\GGurqaD.exe
  C:\Windows\System\GGurqaD.exe
  2⤵
  PID:3456
- C:\Windows\System\nKsZXmA.exe
  C:\Windows\System\nKsZXmA.exe
  2⤵
  PID:3496
- C:\Windows\System\ykLKgzg.exe
  C:\Windows\System\ykLKgzg.exe
  2⤵
  PID:3500
- C:\Windows\System\yUrpcPf.exe
  C:\Windows\System\yUrpcPf.exe
  2⤵
  PID:3560
- C:\Windows\System\WmaOTrZ.exe
  C:\Windows\System\WmaOTrZ.exe
  2⤵
  PID:3576
- C:\Windows\System\EIOODec.exe
  C:\Windows\System\EIOODec.exe
  2⤵
  PID:3624
- C:\Windows\System\yyVKvjo.exe
  C:\Windows\System\yyVKvjo.exe
  2⤵
  PID:3676
- C:\Windows\System\NMwqkoW.exe
  C:\Windows\System\NMwqkoW.exe
  2⤵
  PID:3620
- C:\Windows\System\srrMZLj.exe
  C:\Windows\System\srrMZLj.exe
  2⤵
  PID:3784
- C:\Windows\System\fsWpIUg.exe
  C:\Windows\System\fsWpIUg.exe
  2⤵
  PID:3928
- C:\Windows\System\NZDOdVa.exe
  C:\Windows\System\NZDOdVa.exe
  2⤵
  PID:3908
- C:\Windows\System\qGtLWMr.exe
  C:\Windows\System\qGtLWMr.exe
  2⤵
  PID:3976
- C:\Windows\System\WQbVWjH.exe
  C:\Windows\System\WQbVWjH.exe
  2⤵
  PID:3996
- C:\Windows\System\WWIPkWm.exe
  C:\Windows\System\WWIPkWm.exe
  2⤵
  PID:4048
- C:\Windows\System\homNUmV.exe
  C:\Windows\System\homNUmV.exe
  2⤵
  PID:4088
- C:\Windows\System\ldKxnWq.exe
  C:\Windows\System\ldKxnWq.exe
  2⤵
  PID:4068
- C:\Windows\System\ZHtXLRo.exe
  C:\Windows\System\ZHtXLRo.exe
  2⤵
  PID:2316
- C:\Windows\System\qCAHLma.exe
  C:\Windows\System\qCAHLma.exe
  2⤵
  PID:1912
- C:\Windows\System\dAxVIYE.exe
  C:\Windows\System\dAxVIYE.exe
  2⤵
  PID:1152
- C:\Windows\System\wTiaFWa.exe
  C:\Windows\System\wTiaFWa.exe
  2⤵
  PID:2192
- C:\Windows\System\lbZWkLf.exe
  C:\Windows\System\lbZWkLf.exe
  2⤵
  PID:1300
- C:\Windows\System\TGygFGL.exe
  C:\Windows\System\TGygFGL.exe
  2⤵
  PID:2516
- C:\Windows\System\woVqHBw.exe
  C:\Windows\System\woVqHBw.exe
  2⤵
  PID:2280
- C:\Windows\System\RJRfJvk.exe
  C:\Windows\System\RJRfJvk.exe
  2⤵
  PID:916
- C:\Windows\System\xGBbtLt.exe
  C:\Windows\System\xGBbtLt.exe
  2⤵
  PID:2912
- C:\Windows\System\YLUEzmg.exe
  C:\Windows\System\YLUEzmg.exe
  2⤵
  PID:2368
- C:\Windows\System\LwfnKmV.exe
  C:\Windows\System\LwfnKmV.exe
  2⤵
  PID:2580
- C:\Windows\System\dnaTifI.exe
  C:\Windows\System\dnaTifI.exe
  2⤵
  PID:3240
- C:\Windows\System\BJpCIfD.exe
  C:\Windows\System\BJpCIfD.exe
  2⤵
  PID:3280
- C:\Windows\System\CrrfPkw.exe
  C:\Windows\System\CrrfPkw.exe
  2⤵
  PID:3132
- C:\Windows\System\ZykqXTr.exe
  C:\Windows\System\ZykqXTr.exe
  2⤵
  PID:3416
- C:\Windows\System\WzRekAw.exe
  C:\Windows\System\WzRekAw.exe
  2⤵
  PID:3520
- C:\Windows\System\UWFoIVw.exe
  C:\Windows\System\UWFoIVw.exe
  2⤵
  PID:1280
- C:\Windows\System\ymDmRuR.exe
  C:\Windows\System\ymDmRuR.exe
  2⤵
  PID:3316
- C:\Windows\System\MZKsCyj.exe
  C:\Windows\System\MZKsCyj.exe
  2⤵
  PID:3644
- C:\Windows\System\BuNosGQ.exe
  C:\Windows\System\BuNosGQ.exe
  2⤵
  PID:3792
- C:\Windows\System\uNOvaBv.exe
  C:\Windows\System\uNOvaBv.exe
  2⤵
  PID:3476
- C:\Windows\System\SxwGCEc.exe
  C:\Windows\System\SxwGCEc.exe
  2⤵
  PID:3612
- C:\Windows\System\Rlrxnzn.exe
  C:\Windows\System\Rlrxnzn.exe
  2⤵
  PID:3440
- C:\Windows\System\ScGgxtI.exe
  C:\Windows\System\ScGgxtI.exe
  2⤵
  PID:3596
- C:\Windows\System\tLbPboz.exe
  C:\Windows\System\tLbPboz.exe
  2⤵
  PID:3944
- C:\Windows\System\bgJoNLd.exe
  C:\Windows\System\bgJoNLd.exe
  2⤵
  PID:4028
- C:\Windows\System\SIkONVR.exe
  C:\Windows\System\SIkONVR.exe
  2⤵
  PID:2252
- C:\Windows\System\qQpGvze.exe
  C:\Windows\System\qQpGvze.exe
  2⤵
  PID:3952
- C:\Windows\System\JgVfHLb.exe
  C:\Windows\System\JgVfHLb.exe
  2⤵
  PID:4064
- C:\Windows\System\QbgRLue.exe
  C:\Windows\System\QbgRLue.exe
  2⤵
  PID:2476
- C:\Windows\System\RqrZktC.exe
  C:\Windows\System\RqrZktC.exe
  2⤵
  PID:2724
- C:\Windows\System\uMEPZPn.exe
  C:\Windows\System\uMEPZPn.exe
  2⤵
  PID:3164
- C:\Windows\System\AzheEJP.exe
  C:\Windows\System\AzheEJP.exe
  2⤵
  PID:1548
- C:\Windows\System\jBliwPl.exe
  C:\Windows\System\jBliwPl.exe
  2⤵
  PID:3328
- C:\Windows\System\pxMtEUL.exe
  C:\Windows\System\pxMtEUL.exe
  2⤵
  PID:3580
- C:\Windows\System\qMmeZam.exe
  C:\Windows\System\qMmeZam.exe
  2⤵
  PID:3232
- C:\Windows\System\ZXFQMqY.exe
  C:\Windows\System\ZXFQMqY.exe
  2⤵
  PID:3524
- C:\Windows\System\bZpRXWX.exe
  C:\Windows\System\bZpRXWX.exe
  2⤵
  PID:3432
- C:\Windows\System\mKaHAgR.exe
  C:\Windows\System\mKaHAgR.exe
  2⤵
  PID:4104
- C:\Windows\System\aVDWbER.exe
  C:\Windows\System\aVDWbER.exe
  2⤵
  PID:4120
- C:\Windows\System\tGSLqgx.exe
  C:\Windows\System\tGSLqgx.exe
  2⤵
  PID:4136
- C:\Windows\System\ujRrYVb.exe
  C:\Windows\System\ujRrYVb.exe
  2⤵
  PID:4152
- C:\Windows\System\CBMDRRA.exe
  C:\Windows\System\CBMDRRA.exe
  2⤵
  PID:4168
- C:\Windows\System\ImWRbzq.exe
  C:\Windows\System\ImWRbzq.exe
  2⤵
  PID:4184
- C:\Windows\System\ngOOpmy.exe
  C:\Windows\System\ngOOpmy.exe
  2⤵
  PID:4200
- C:\Windows\System\RYyXoop.exe
  C:\Windows\System\RYyXoop.exe
  2⤵
  PID:4216
- C:\Windows\System\abWNBuR.exe
  C:\Windows\System\abWNBuR.exe
  2⤵
  PID:4232
- C:\Windows\System\slxbVYr.exe
  C:\Windows\System\slxbVYr.exe
  2⤵
  PID:4248
- C:\Windows\System\IVLUehl.exe
  C:\Windows\System\IVLUehl.exe
  2⤵
  PID:4264
- C:\Windows\System\CvUwjzz.exe
  C:\Windows\System\CvUwjzz.exe
  2⤵
  PID:4280
- C:\Windows\System\irBPpQh.exe
  C:\Windows\System\irBPpQh.exe
  2⤵
  PID:4296
- C:\Windows\System\lhQYDAj.exe
  C:\Windows\System\lhQYDAj.exe
  2⤵
  PID:4312
- C:\Windows\System\ghsFmdf.exe
  C:\Windows\System\ghsFmdf.exe
  2⤵
  PID:4328
- C:\Windows\System\CAQnMcD.exe
  C:\Windows\System\CAQnMcD.exe
  2⤵
  PID:4344
- C:\Windows\System\wKPFxiv.exe
  C:\Windows\System\wKPFxiv.exe
  2⤵
  PID:4360
- C:\Windows\System\SeXlDGL.exe
  C:\Windows\System\SeXlDGL.exe
  2⤵
  PID:4376
- C:\Windows\System\btRPfIq.exe
  C:\Windows\System\btRPfIq.exe
  2⤵
  PID:4392
- C:\Windows\System\QJGRuQO.exe
  C:\Windows\System\QJGRuQO.exe
  2⤵
  PID:4408
- C:\Windows\System\HpisRzc.exe
  C:\Windows\System\HpisRzc.exe
  2⤵
  PID:4424
- C:\Windows\System\SIkTLff.exe
  C:\Windows\System\SIkTLff.exe
  2⤵
  PID:4440
- C:\Windows\System\tNJpwcM.exe
  C:\Windows\System\tNJpwcM.exe
  2⤵
  PID:4456
- C:\Windows\System\FwKWGuF.exe
  C:\Windows\System\FwKWGuF.exe
  2⤵
  PID:4472
- C:\Windows\System\dTgxtIr.exe
  C:\Windows\System\dTgxtIr.exe
  2⤵
  PID:4488
- C:\Windows\System\QohiMNS.exe
  C:\Windows\System\QohiMNS.exe
  2⤵
  PID:4504
- C:\Windows\System\zpMOrDe.exe
  C:\Windows\System\zpMOrDe.exe
  2⤵
  PID:4520
- C:\Windows\System\PuyTnhF.exe
  C:\Windows\System\PuyTnhF.exe
  2⤵
  PID:4536
- C:\Windows\System\fFgHkLh.exe
  C:\Windows\System\fFgHkLh.exe
  2⤵
  PID:4552
- C:\Windows\System\PhvSOWc.exe
  C:\Windows\System\PhvSOWc.exe
  2⤵
  PID:4568
- C:\Windows\System\ZzdxKuB.exe
  C:\Windows\System\ZzdxKuB.exe
  2⤵
  PID:4584
- C:\Windows\System\GlKAdzf.exe
  C:\Windows\System\GlKAdzf.exe
  2⤵
  PID:4600
- C:\Windows\System\iJssQMB.exe
  C:\Windows\System\iJssQMB.exe
  2⤵
  PID:4616
- C:\Windows\System\UiDMIrq.exe
  C:\Windows\System\UiDMIrq.exe
  2⤵
  PID:4632
- C:\Windows\System\XhfmhOG.exe
  C:\Windows\System\XhfmhOG.exe
  2⤵
  PID:4648
- C:\Windows\System\wuvFnBA.exe
  C:\Windows\System\wuvFnBA.exe
  2⤵
  PID:4664
- C:\Windows\System\HTQfqMb.exe
  C:\Windows\System\HTQfqMb.exe
  2⤵
  PID:4680
- C:\Windows\System\wVzmcLN.exe
  C:\Windows\System\wVzmcLN.exe
  2⤵
  PID:4696
- C:\Windows\System\JfLNkgj.exe
  C:\Windows\System\JfLNkgj.exe
  2⤵
  PID:4712
- C:\Windows\System\zypTyOI.exe
  C:\Windows\System\zypTyOI.exe
  2⤵
  PID:4728
- C:\Windows\System\JanOIOc.exe
  C:\Windows\System\JanOIOc.exe
  2⤵
  PID:4744
- C:\Windows\System\OLmUdsU.exe
  C:\Windows\System\OLmUdsU.exe
  2⤵
  PID:4760
- C:\Windows\System\KcDmlUT.exe
  C:\Windows\System\KcDmlUT.exe
  2⤵
  PID:4776
- C:\Windows\System\bZOJwhA.exe
  C:\Windows\System\bZOJwhA.exe
  2⤵
  PID:4792
- C:\Windows\System\snPaLfh.exe
  C:\Windows\System\snPaLfh.exe
  2⤵
  PID:4808
- C:\Windows\System\qcIiBNa.exe
  C:\Windows\System\qcIiBNa.exe
  2⤵
  PID:4824
- C:\Windows\System\wYdoeAb.exe
  C:\Windows\System\wYdoeAb.exe
  2⤵
  PID:4840
- C:\Windows\System\GFYjIHi.exe
  C:\Windows\System\GFYjIHi.exe
  2⤵
  PID:4856
- C:\Windows\System\tvLkFBp.exe
  C:\Windows\System\tvLkFBp.exe
  2⤵
  PID:4872
- C:\Windows\System\GAwEiOE.exe
  C:\Windows\System\GAwEiOE.exe
  2⤵
  PID:4888
- C:\Windows\System\dxndjcI.exe
  C:\Windows\System\dxndjcI.exe
  2⤵
  PID:4904
- C:\Windows\System\YkVaEjM.exe
  C:\Windows\System\YkVaEjM.exe
  2⤵
  PID:4920
- C:\Windows\System\oBUjfUi.exe
  C:\Windows\System\oBUjfUi.exe
  2⤵
  PID:4936
- C:\Windows\System\uJmbJNr.exe
  C:\Windows\System\uJmbJNr.exe
  2⤵
  PID:4952
- C:\Windows\System\HkWyMuU.exe
  C:\Windows\System\HkWyMuU.exe
  2⤵
  PID:4968
- C:\Windows\System\Kcqutqh.exe
  C:\Windows\System\Kcqutqh.exe
  2⤵
  PID:4984
- C:\Windows\System\ollXGIC.exe
  C:\Windows\System\ollXGIC.exe
  2⤵
  PID:5000
- C:\Windows\System\YjQqcCZ.exe
  C:\Windows\System\YjQqcCZ.exe
  2⤵
  PID:5016
- C:\Windows\System\OsLiMaW.exe
  C:\Windows\System\OsLiMaW.exe
  2⤵
  PID:5032
- C:\Windows\System\miSPfFM.exe
  C:\Windows\System\miSPfFM.exe
  2⤵
  PID:5048
- C:\Windows\System\xZuYZns.exe
  C:\Windows\System\xZuYZns.exe
  2⤵
  PID:5064
- C:\Windows\System\GnctkTn.exe
  C:\Windows\System\GnctkTn.exe
  2⤵
  PID:5080
- C:\Windows\System\UvNNLWU.exe
  C:\Windows\System\UvNNLWU.exe
  2⤵
  PID:5096
- C:\Windows\System\ApCMtWd.exe
  C:\Windows\System\ApCMtWd.exe
  2⤵
  PID:5112
- C:\Windows\System\CkbBgiC.exe
  C:\Windows\System\CkbBgiC.exe
  2⤵
  PID:3776
- C:\Windows\System\vQIytwb.exe
  C:\Windows\System\vQIytwb.exe
  2⤵
  PID:2664
- C:\Windows\System\UGqWZRQ.exe
  C:\Windows\System\UGqWZRQ.exe
  2⤵
  PID:1596
- C:\Windows\System\KWVDdlg.exe
  C:\Windows\System\KWVDdlg.exe
  2⤵
  PID:2772
- C:\Windows\System\qGKPnws.exe
  C:\Windows\System\qGKPnws.exe
  2⤵
  PID:3592
- C:\Windows\System\pDnuRqB.exe
  C:\Windows\System\pDnuRqB.exe
  2⤵
  PID:3152
- C:\Windows\System\ZETJkWJ.exe
  C:\Windows\System\ZETJkWJ.exe
  2⤵
  PID:468
- C:\Windows\System\tFDjXdy.exe
  C:\Windows\System\tFDjXdy.exe
  2⤵
  PID:3332
- C:\Windows\System\KPWbnuo.exe
  C:\Windows\System\KPWbnuo.exe
  2⤵
  PID:4128
- C:\Windows\System\LpOTntM.exe
  C:\Windows\System\LpOTntM.exe
  2⤵
  PID:3404
- C:\Windows\System\syAjfjB.exe
  C:\Windows\System\syAjfjB.exe
  2⤵
  PID:4148
- C:\Windows\System\dUhHMFM.exe
  C:\Windows\System\dUhHMFM.exe
  2⤵
  PID:4176
- C:\Windows\System\tQWWXAM.exe
  C:\Windows\System\tQWWXAM.exe
  2⤵
  PID:4256
- C:\Windows\System\aEpaqNV.exe
  C:\Windows\System\aEpaqNV.exe
  2⤵
  PID:4288
- C:\Windows\System\ykvgzQE.exe
  C:\Windows\System\ykvgzQE.exe
  2⤵
  PID:4272
- C:\Windows\System\uRQTIFo.exe
  C:\Windows\System\uRQTIFo.exe
  2⤵
  PID:4308
- C:\Windows\System\hnGxuTk.exe
  C:\Windows\System\hnGxuTk.exe
  2⤵
  PID:4356
- C:\Windows\System\YBwtASY.exe
  C:\Windows\System\YBwtASY.exe
  2⤵
  PID:4388
- C:\Windows\System\koaNuye.exe
  C:\Windows\System\koaNuye.exe
  2⤵
  PID:4404
- C:\Windows\System\dpOpvxT.exe
  C:\Windows\System\dpOpvxT.exe
  2⤵
  PID:4484
- C:\Windows\System\nLgDRMn.exe
  C:\Windows\System\nLgDRMn.exe
  2⤵
  PID:4436
- C:\Windows\System\BApRwlp.exe
  C:\Windows\System\BApRwlp.exe
  2⤵
  PID:4516
- C:\Windows\System\CfMVDqI.exe
  C:\Windows\System\CfMVDqI.exe
  2⤵
  PID:4576
- C:\Windows\System\VYkgkKR.exe
  C:\Windows\System\VYkgkKR.exe
  2⤵
  PID:4564
- C:\Windows\System\gGndxbb.exe
  C:\Windows\System\gGndxbb.exe
  2⤵
  PID:4644
- C:\Windows\System\XPVYEel.exe
  C:\Windows\System\XPVYEel.exe
  2⤵
  PID:4628
- C:\Windows\System\wQFLXIh.exe
  C:\Windows\System\wQFLXIh.exe
  2⤵
  PID:4660
- C:\Windows\System\YplkdBk.exe
  C:\Windows\System\YplkdBk.exe
  2⤵
  PID:4692
- C:\Windows\System\WJxgJKX.exe
  C:\Windows\System\WJxgJKX.exe
  2⤵
  PID:4768
- C:\Windows\System\kebMbJs.exe
  C:\Windows\System\kebMbJs.exe
  2⤵
  PID:4752
- C:\Windows\System\QWNlyfu.exe
  C:\Windows\System\QWNlyfu.exe
  2⤵
  PID:4784
- C:\Windows\System\wVwvWFI.exe
  C:\Windows\System\wVwvWFI.exe
  2⤵
  PID:4820
- C:\Windows\System\gdjPjxu.exe
  C:\Windows\System\gdjPjxu.exe
  2⤵
  PID:4900
- C:\Windows\System\nmWJZeb.exe
  C:\Windows\System\nmWJZeb.exe
  2⤵
  PID:4880
- C:\Windows\System\zmIJyiw.exe
  C:\Windows\System\zmIJyiw.exe
  2⤵
  PID:4964
- C:\Windows\System\MpzUlpD.exe
  C:\Windows\System\MpzUlpD.exe
  2⤵
  PID:4948
- C:\Windows\System\wJbWCxD.exe
  C:\Windows\System\wJbWCxD.exe
  2⤵
  PID:5024
- C:\Windows\System\VVoUzGI.exe
  C:\Windows\System\VVoUzGI.exe
  2⤵
  PID:4980
- C:\Windows\System\FAaouDO.exe
  C:\Windows\System\FAaouDO.exe
  2⤵
  PID:5040
- C:\Windows\System\vipsBrt.exe
  C:\Windows\System\vipsBrt.exe
  2⤵
  PID:5044
- C:\Windows\System\yJISPDZ.exe
  C:\Windows\System\yJISPDZ.exe
  2⤵
  PID:3552
- C:\Windows\System\FzDBAen.exe
  C:\Windows\System\FzDBAen.exe
  2⤵
  PID:2596
- C:\Windows\System\VIPrWWo.exe
  C:\Windows\System\VIPrWWo.exe
  2⤵
  PID:4012
- C:\Windows\System\QQVBQqJ.exe
  C:\Windows\System\QQVBQqJ.exe
  2⤵
  PID:3284
- C:\Windows\System\OzordvA.exe
  C:\Windows\System\OzordvA.exe
  2⤵
  PID:4160
- C:\Windows\System\kreviou.exe
  C:\Windows\System\kreviou.exe
  2⤵
  PID:3396
- C:\Windows\System\KydOMYa.exe
  C:\Windows\System\KydOMYa.exe
  2⤵
  PID:4352
- C:\Windows\System\PziqfaN.exe
  C:\Windows\System\PziqfaN.exe
  2⤵
  PID:4260
- C:\Windows\System\NNdMgEK.exe
  C:\Windows\System\NNdMgEK.exe
  2⤵
  PID:4400
- C:\Windows\System\lhscWdA.exe
  C:\Windows\System\lhscWdA.exe
  2⤵
  PID:4544
- C:\Windows\System\zpCSwXX.exe
  C:\Windows\System\zpCSwXX.exe
  2⤵
  PID:4452
- C:\Windows\System\JnyAKNG.exe
  C:\Windows\System\JnyAKNG.exe
  2⤵
  PID:4612
- C:\Windows\System\hnAKxsL.exe
  C:\Windows\System\hnAKxsL.exe
  2⤵
  PID:4532
- C:\Windows\System\vkjfuzh.exe
  C:\Windows\System\vkjfuzh.exe
  2⤵
  PID:4624
- C:\Windows\System\FPoLLvc.exe
  C:\Windows\System\FPoLLvc.exe
  2⤵
  PID:4868
- C:\Windows\System\ejvmDaO.exe
  C:\Windows\System\ejvmDaO.exe
  2⤵
  PID:4800
- C:\Windows\System\wPliqMQ.exe
  C:\Windows\System\wPliqMQ.exe
  2⤵
  PID:4816
- C:\Windows\System\DhVqosh.exe
  C:\Windows\System\DhVqosh.exe
  2⤵
  PID:4992
- C:\Windows\System\eyoEosi.exe
  C:\Windows\System\eyoEosi.exe
  2⤵
  PID:5072
- C:\Windows\System\lzUMIpq.exe
  C:\Windows\System\lzUMIpq.exe
  2⤵
  PID:4976
- C:\Windows\System\cUrvZCy.exe
  C:\Windows\System\cUrvZCy.exe
  2⤵
  PID:5104
- C:\Windows\System\koyfwAx.exe
  C:\Windows\System\koyfwAx.exe
  2⤵
  PID:3536
- C:\Windows\System\sCWTgou.exe
  C:\Windows\System\sCWTgou.exe
  2⤵
  PID:4244
- C:\Windows\System\DiqmzFM.exe
  C:\Windows\System\DiqmzFM.exe
  2⤵
  PID:4368
- C:\Windows\System\uyBkSCW.exe
  C:\Windows\System\uyBkSCW.exe
  2⤵
  PID:5124
- C:\Windows\System\AOJwNVb.exe
  C:\Windows\System\AOJwNVb.exe
  2⤵
  PID:5140
- C:\Windows\System\dbonYGB.exe
  C:\Windows\System\dbonYGB.exe
  2⤵
  PID:5156
- C:\Windows\System\WMejgeM.exe
  C:\Windows\System\WMejgeM.exe
  2⤵
  PID:5172
- C:\Windows\System\lEHQNvG.exe
  C:\Windows\System\lEHQNvG.exe
  2⤵
  PID:5188
- C:\Windows\System\hqaZYhQ.exe
  C:\Windows\System\hqaZYhQ.exe
  2⤵
  PID:5204
- C:\Windows\System\LbltKrU.exe
  C:\Windows\System\LbltKrU.exe
  2⤵
  PID:5220
- C:\Windows\System\AQnCiCQ.exe
  C:\Windows\System\AQnCiCQ.exe
  2⤵
  PID:5236
- C:\Windows\System\HqbmvPC.exe
  C:\Windows\System\HqbmvPC.exe
  2⤵
  PID:5252
- C:\Windows\System\TtdHbUg.exe
  C:\Windows\System\TtdHbUg.exe
  2⤵
  PID:5268
- C:\Windows\System\nZEhVlG.exe
  C:\Windows\System\nZEhVlG.exe
  2⤵
  PID:5284
- C:\Windows\System\ZtvgoNZ.exe
  C:\Windows\System\ZtvgoNZ.exe
  2⤵
  PID:5300
- C:\Windows\System\GTFcVMX.exe
  C:\Windows\System\GTFcVMX.exe
  2⤵
  PID:5316
- C:\Windows\System\uNMSZmz.exe
  C:\Windows\System\uNMSZmz.exe
  2⤵
  PID:5332
- C:\Windows\System\tmoJGyI.exe
  C:\Windows\System\tmoJGyI.exe
  2⤵
  PID:5348
- C:\Windows\System\xYISkuF.exe
  C:\Windows\System\xYISkuF.exe
  2⤵
  PID:5364
- C:\Windows\System\vWHyQNh.exe
  C:\Windows\System\vWHyQNh.exe
  2⤵
  PID:5380
- C:\Windows\System\tjCpmAH.exe
  C:\Windows\System\tjCpmAH.exe
  2⤵
  PID:5400
- C:\Windows\System\mtvxZWX.exe
  C:\Windows\System\mtvxZWX.exe
  2⤵
  PID:5416
- C:\Windows\System\uocJxQT.exe
  C:\Windows\System\uocJxQT.exe
  2⤵
  PID:5432
- C:\Windows\System\BOJShOn.exe
  C:\Windows\System\BOJShOn.exe
  2⤵
  PID:5448
- C:\Windows\System\VRmKmDj.exe
  C:\Windows\System\VRmKmDj.exe
  2⤵
  PID:5464
- C:\Windows\System\KgMVBuE.exe
  C:\Windows\System\KgMVBuE.exe
  2⤵
  PID:5480
- C:\Windows\System\VFchmOL.exe
  C:\Windows\System\VFchmOL.exe
  2⤵
  PID:5496
- C:\Windows\System\YczRWVL.exe
  C:\Windows\System\YczRWVL.exe
  2⤵
  PID:5512
- C:\Windows\System\RWDShsf.exe
  C:\Windows\System\RWDShsf.exe
  2⤵
  PID:5528
- C:\Windows\System\XxijXNx.exe
  C:\Windows\System\XxijXNx.exe
  2⤵
  PID:5544
- C:\Windows\System\BEFmRHm.exe
  C:\Windows\System\BEFmRHm.exe
  2⤵
  PID:5560
- C:\Windows\System\XCWwydu.exe
  C:\Windows\System\XCWwydu.exe
  2⤵
  PID:5576
- C:\Windows\System\LTzJJnQ.exe
  C:\Windows\System\LTzJJnQ.exe
  2⤵
  PID:5592
- C:\Windows\System\fuTFtdS.exe
  C:\Windows\System\fuTFtdS.exe
  2⤵
  PID:5608
- C:\Windows\System\dDesiit.exe
  C:\Windows\System\dDesiit.exe
  2⤵
  PID:5624
- C:\Windows\System\qckqQwt.exe
  C:\Windows\System\qckqQwt.exe
  2⤵
  PID:5640
- C:\Windows\System\vWmjpmz.exe
  C:\Windows\System\vWmjpmz.exe
  2⤵
  PID:5660
- C:\Windows\System\alsBfIv.exe
  C:\Windows\System\alsBfIv.exe
  2⤵
  PID:5676
- C:\Windows\System\sDIeNbB.exe
  C:\Windows\System\sDIeNbB.exe
  2⤵
  PID:5692
- C:\Windows\System\snmzqWv.exe
  C:\Windows\System\snmzqWv.exe
  2⤵
  PID:5708
- C:\Windows\System\HrDhtBU.exe
  C:\Windows\System\HrDhtBU.exe
  2⤵
  PID:5724
- C:\Windows\System\BZbkDXs.exe
  C:\Windows\System\BZbkDXs.exe
  2⤵
  PID:5748
- C:\Windows\System\xEQFlvo.exe
  C:\Windows\System\xEQFlvo.exe
  2⤵
  PID:5764
- C:\Windows\System\WxZTUCk.exe
  C:\Windows\System\WxZTUCk.exe
  2⤵
  PID:5780
- C:\Windows\System\dqSAJyd.exe
  C:\Windows\System\dqSAJyd.exe
  2⤵
  PID:5796
- C:\Windows\System\uViGDYJ.exe
  C:\Windows\System\uViGDYJ.exe
  2⤵
  PID:5812
- C:\Windows\System\inamTZl.exe
  C:\Windows\System\inamTZl.exe
  2⤵
  PID:5828
- C:\Windows\System\aUXqXPp.exe
  C:\Windows\System\aUXqXPp.exe
  2⤵
  PID:5844
- C:\Windows\System\oUnHnLr.exe
  C:\Windows\System\oUnHnLr.exe
  2⤵
  PID:5860
- C:\Windows\System\tIZgQyw.exe
  C:\Windows\System\tIZgQyw.exe
  2⤵
  PID:5876
- C:\Windows\System\TXzsxVp.exe
  C:\Windows\System\TXzsxVp.exe
  2⤵
  PID:5892
- C:\Windows\System\RmUZyRO.exe
  C:\Windows\System\RmUZyRO.exe
  2⤵
  PID:5908
- C:\Windows\System\AtslgaY.exe
  C:\Windows\System\AtslgaY.exe
  2⤵
  PID:5924
- C:\Windows\System\vvIutFi.exe
  C:\Windows\System\vvIutFi.exe
  2⤵
  PID:5940
- C:\Windows\System\qPpnBFU.exe
  C:\Windows\System\qPpnBFU.exe
  2⤵
  PID:5956
- C:\Windows\System\McyIzjq.exe
  C:\Windows\System\McyIzjq.exe
  2⤵
  PID:5972
- C:\Windows\System\yUXhUNA.exe
  C:\Windows\System\yUXhUNA.exe
  2⤵
  PID:5988
- C:\Windows\System\bmCIPen.exe
  C:\Windows\System\bmCIPen.exe
  2⤵
  PID:6004
- C:\Windows\System\UPHoimQ.exe
  C:\Windows\System\UPHoimQ.exe
  2⤵
  PID:6020
- C:\Windows\System\AhqVBqK.exe
  C:\Windows\System\AhqVBqK.exe
  2⤵
  PID:6036
- C:\Windows\System\SAHfjPt.exe
  C:\Windows\System\SAHfjPt.exe
  2⤵
  PID:6052
- C:\Windows\System\UagNoIv.exe
  C:\Windows\System\UagNoIv.exe
  2⤵
  PID:6068
- C:\Windows\System\QvvGDiL.exe
  C:\Windows\System\QvvGDiL.exe
  2⤵
  PID:6084
- C:\Windows\System\dXjoSxC.exe
  C:\Windows\System\dXjoSxC.exe
  2⤵
  PID:6100
- C:\Windows\System\AXaDLgE.exe
  C:\Windows\System\AXaDLgE.exe
  2⤵
  PID:6116
- C:\Windows\System\zVkykvA.exe
  C:\Windows\System\zVkykvA.exe
  2⤵
  PID:3260
- C:\Windows\System\sRdXyfg.exe
  C:\Windows\System\sRdXyfg.exe
  2⤵
  PID:4724
- C:\Windows\System\KfksWLt.exe
  C:\Windows\System\KfksWLt.exe
  2⤵
  PID:3932
- C:\Windows\System\qgoiQsL.exe
  C:\Windows\System\qgoiQsL.exe
  2⤵
  PID:4676
- C:\Windows\System\VbCLzXj.exe
  C:\Windows\System\VbCLzXj.exe
  2⤵
  PID:5152
- C:\Windows\System\qKztdhc.exe
  C:\Windows\System\qKztdhc.exe
  2⤵
  PID:5216
- C:\Windows\System\hHoxwyl.exe
  C:\Windows\System\hHoxwyl.exe
  2⤵
  PID:5280
- C:\Windows\System\jvxzDoh.exe
  C:\Windows\System\jvxzDoh.exe
  2⤵
  PID:5344
- C:\Windows\System\mucVJnu.exe
  C:\Windows\System\mucVJnu.exe
  2⤵
  PID:4212
- C:\Windows\System\BNyAhfX.exe
  C:\Windows\System\BNyAhfX.exe
  2⤵
  PID:4500
- C:\Windows\System\wdJNFnr.exe
  C:\Windows\System\wdJNFnr.exe
  2⤵
  PID:5260
- C:\Windows\System\TsQMNUI.exe
  C:\Windows\System\TsQMNUI.exe
  2⤵
  PID:4560
- C:\Windows\System\PdqSObt.exe
  C:\Windows\System\PdqSObt.exe
  2⤵
  PID:5476
- C:\Windows\System\weuJlCt.exe
  C:\Windows\System\weuJlCt.exe
  2⤵
  PID:5292
- C:\Windows\System\ZLMJLPc.exe
  C:\Windows\System\ZLMJLPc.exe
  2⤵
  PID:5600
- C:\Windows\System\DTyplry.exe
  C:\Windows\System\DTyplry.exe
  2⤵
  PID:5324
- C:\Windows\System\bsVBOQA.exe
  C:\Windows\System\bsVBOQA.exe
  2⤵
  PID:5388
- C:\Windows\System\tovbJnk.exe
  C:\Windows\System\tovbJnk.exe
  2⤵
  PID:4916
- C:\Windows\System\puQTBdd.exe
  C:\Windows\System\puQTBdd.exe
  2⤵
  PID:5668
- C:\Windows\System\jhNLcTa.exe
  C:\Windows\System\jhNLcTa.exe
  2⤵
  PID:5732
- C:\Windows\System\rsmsQrd.exe
  C:\Windows\System\rsmsQrd.exe
  2⤵
  PID:5524
- C:\Windows\System\rjvXiUq.exe
  C:\Windows\System\rjvXiUq.exe
  2⤵
  PID:5168
- C:\Windows\System\NbRXVWs.exe
  C:\Windows\System\NbRXVWs.exe
  2⤵
  PID:5616
- C:\Windows\System\rUhGfxL.exe
  C:\Windows\System\rUhGfxL.exe
  2⤵
  PID:5656
- C:\Windows\System\GxKChIK.exe
  C:\Windows\System\GxKChIK.exe
  2⤵
  PID:5808
- C:\Windows\System\WIANZdZ.exe
  C:\Windows\System\WIANZdZ.exe
  2⤵
  PID:5840
- C:\Windows\System\QmJLyLb.exe
  C:\Windows\System\QmJLyLb.exe
  2⤵
  PID:5684
- C:\Windows\System\cMZdZkM.exe
  C:\Windows\System\cMZdZkM.exe
  2⤵
  PID:5996
- C:\Windows\System\gQCZnib.exe
  C:\Windows\System\gQCZnib.exe
  2⤵
  PID:6060
- C:\Windows\System\TGXgPjP.exe
  C:\Windows\System\TGXgPjP.exe
  2⤵
  PID:5296
- C:\Windows\System\fcqmboC.exe
  C:\Windows\System\fcqmboC.exe
  2⤵
  PID:5488
- C:\Windows\System\IXVpuOm.exe
  C:\Windows\System\IXVpuOm.exe
  2⤵
  PID:5652
- C:\Windows\System\XVmuNJx.exe
  C:\Windows\System\XVmuNJx.exe
  2⤵
  PID:5788
- C:\Windows\System\bPjkXWg.exe
  C:\Windows\System\bPjkXWg.exe
  2⤵
  PID:5852
- C:\Windows\System\UMCGnsc.exe
  C:\Windows\System\UMCGnsc.exe
  2⤵
  PID:5916
- C:\Windows\System\CSzxjkv.exe
  C:\Windows\System\CSzxjkv.exe
  2⤵
  PID:5952
- C:\Windows\System\ulzdMDs.exe
  C:\Windows\System\ulzdMDs.exe
  2⤵
  PID:6016
- C:\Windows\System\MBfaHzO.exe
  C:\Windows\System\MBfaHzO.exe
  2⤵
  PID:6080
- C:\Windows\System\hYAbyTR.exe
  C:\Windows\System\hYAbyTR.exe
  2⤵
  PID:5688
- C:\Windows\System\pWVAcHx.exe
  C:\Windows\System\pWVAcHx.exe
  2⤵
  PID:2936
- C:\Windows\System\lqdoJZR.exe
  C:\Windows\System\lqdoJZR.exe
  2⤵
  PID:4832
- C:\Windows\System\IzzcgAc.exe
  C:\Windows\System\IzzcgAc.exe
  2⤵
  PID:4656
- C:\Windows\System\DEYQrOH.exe
  C:\Windows\System\DEYQrOH.exe
  2⤵
  PID:5248
- C:\Windows\System\JtqnIre.exe
  C:\Windows\System\JtqnIre.exe
  2⤵
  PID:5184
- C:\Windows\System\ecVAoyM.exe
  C:\Windows\System\ecVAoyM.exe
  2⤵
  PID:5132
- C:\Windows\System\bZYjHRl.exe
  C:\Windows\System\bZYjHRl.exe
  2⤵
  PID:5472
- C:\Windows\System\ETispyW.exe
  C:\Windows\System\ETispyW.exe
  2⤵
  PID:4852
- C:\Windows\System\jvTJBFt.exe
  C:\Windows\System\jvTJBFt.exe
  2⤵
  PID:5408
- C:\Windows\System\wCQoqxJ.exe
  C:\Windows\System\wCQoqxJ.exe
  2⤵
  PID:5632
- C:\Windows\System\xkwsAQW.exe
  C:\Windows\System\xkwsAQW.exe
  2⤵
  PID:5584
- C:\Windows\System\dYoaBMe.exe
  C:\Windows\System\dYoaBMe.exe
  2⤵
  PID:5636
- C:\Windows\System\AUiyYoi.exe
  C:\Windows\System\AUiyYoi.exe
  2⤵
  PID:5932
- C:\Windows\System\BLpkmUX.exe
  C:\Windows\System\BLpkmUX.exe
  2⤵
  PID:5552
- C:\Windows\System\HuQXTSp.exe
  C:\Windows\System\HuQXTSp.exe
  2⤵
  PID:6128
- C:\Windows\System\mqEYqxB.exe
  C:\Windows\System\mqEYqxB.exe
  2⤵
  PID:5964
- C:\Windows\System\YRLSJex.exe
  C:\Windows\System\YRLSJex.exe
  2⤵
  PID:5756
- C:\Windows\System\moOVWjd.exe
  C:\Windows\System\moOVWjd.exe
  2⤵
  PID:5888
- C:\Windows\System\BZOwwhX.exe
  C:\Windows\System\BZOwwhX.exe
  2⤵
  PID:6112
- C:\Windows\System\ETccVxK.exe
  C:\Windows\System\ETccVxK.exe
  2⤵
  PID:2652
- C:\Windows\System\ttWoHvA.exe
  C:\Windows\System\ttWoHvA.exe
  2⤵
  PID:5824
- C:\Windows\System\MbnRdZp.exe
  C:\Windows\System\MbnRdZp.exe
  2⤵
  PID:5212
- C:\Windows\System\MsvopYI.exe
  C:\Windows\System\MsvopYI.exe
  2⤵
  PID:2924
- C:\Windows\System\TdazDLS.exe
  C:\Windows\System\TdazDLS.exe
  2⤵
  PID:4928
- C:\Windows\System\KDmamAV.exe
  C:\Windows\System\KDmamAV.exe
  2⤵
  PID:5428
- C:\Windows\System\zAcVpsZ.exe
  C:\Windows\System\zAcVpsZ.exe
  2⤵
  PID:6032
- C:\Windows\System\YWXOdCe.exe
  C:\Windows\System\YWXOdCe.exe
  2⤵
  PID:4340
- C:\Windows\System\agYtkGH.exe
  C:\Windows\System\agYtkGH.exe
  2⤵
  PID:4196
- C:\Windows\System\QVUwFty.exe
  C:\Windows\System\QVUwFty.exe
  2⤵
  PID:6096
- C:\Windows\System\SfHmCHS.exe
  C:\Windows\System\SfHmCHS.exe
  2⤵
  PID:5736
- C:\Windows\System\CQOWYqm.exe
  C:\Windows\System\CQOWYqm.exe
  2⤵
  PID:5868
- C:\Windows\System\olLAqpJ.exe
  C:\Windows\System\olLAqpJ.exe
  2⤵
  PID:2696
- C:\Windows\System\vxvQVSK.exe
  C:\Windows\System\vxvQVSK.exe
  2⤵
  PID:6152
- C:\Windows\System\EctFvDD.exe
  C:\Windows\System\EctFvDD.exe
  2⤵
  PID:6168
- C:\Windows\System\XDAANTH.exe
  C:\Windows\System\XDAANTH.exe
  2⤵
  PID:6184
- C:\Windows\System\ZMpBpwc.exe
  C:\Windows\System\ZMpBpwc.exe
  2⤵
  PID:6200
- C:\Windows\System\fOgBpuj.exe
  C:\Windows\System\fOgBpuj.exe
  2⤵
  PID:6216
- C:\Windows\System\eToRnUo.exe
  C:\Windows\System\eToRnUo.exe
  2⤵
  PID:6232
- C:\Windows\System\DieudNF.exe
  C:\Windows\System\DieudNF.exe
  2⤵
  PID:6248
- C:\Windows\System\zNHoJTK.exe
  C:\Windows\System\zNHoJTK.exe
  2⤵
  PID:6264
- C:\Windows\System\vSYzwDv.exe
  C:\Windows\System\vSYzwDv.exe
  2⤵
  PID:6280
- C:\Windows\System\mqoPala.exe
  C:\Windows\System\mqoPala.exe
  2⤵
  PID:6296
- C:\Windows\System\ATGDevT.exe
  C:\Windows\System\ATGDevT.exe
  2⤵
  PID:6312
- C:\Windows\System\sJbwLmc.exe
  C:\Windows\System\sJbwLmc.exe
  2⤵
  PID:6328
- C:\Windows\System\UuCYnUQ.exe
  C:\Windows\System\UuCYnUQ.exe
  2⤵
  PID:6344
- C:\Windows\System\mgFlLvE.exe
  C:\Windows\System\mgFlLvE.exe
  2⤵
  PID:6360
- C:\Windows\System\wKcIZrI.exe
  C:\Windows\System\wKcIZrI.exe
  2⤵
  PID:6376
- C:\Windows\System\zKMfZTG.exe
  C:\Windows\System\zKMfZTG.exe
  2⤵
  PID:6392
- C:\Windows\System\AUkApiw.exe
  C:\Windows\System\AUkApiw.exe
  2⤵
  PID:6408
- C:\Windows\System\qZYwTnc.exe
  C:\Windows\System\qZYwTnc.exe
  2⤵
  PID:6424
- C:\Windows\System\hQrjDgx.exe
  C:\Windows\System\hQrjDgx.exe
  2⤵
  PID:6440
- C:\Windows\System\MMLdfEl.exe
  C:\Windows\System\MMLdfEl.exe
  2⤵
  PID:6456
- C:\Windows\System\LVtYmFN.exe
  C:\Windows\System\LVtYmFN.exe
  2⤵
  PID:6472
- C:\Windows\System\fcEiwWl.exe
  C:\Windows\System\fcEiwWl.exe
  2⤵
  PID:6488
- C:\Windows\System\QQWCIZi.exe
  C:\Windows\System\QQWCIZi.exe
  2⤵
  PID:6504
- C:\Windows\System\dMBrAqf.exe
  C:\Windows\System\dMBrAqf.exe
  2⤵
  PID:6520
- C:\Windows\System\LcenoYp.exe
  C:\Windows\System\LcenoYp.exe
  2⤵
  PID:6536
- C:\Windows\System\nvyUUfz.exe
  C:\Windows\System\nvyUUfz.exe
  2⤵
  PID:6556
- C:\Windows\System\ndPnIeM.exe
  C:\Windows\System\ndPnIeM.exe
  2⤵
  PID:6572
- C:\Windows\System\yuMXcCK.exe
  C:\Windows\System\yuMXcCK.exe
  2⤵
  PID:6588
- C:\Windows\System\eRqoavZ.exe
  C:\Windows\System\eRqoavZ.exe
  2⤵
  PID:6604
- C:\Windows\System\pGevRZR.exe
  C:\Windows\System\pGevRZR.exe
  2⤵
  PID:6672
- C:\Windows\System\svqegFe.exe
  C:\Windows\System\svqegFe.exe
  2⤵
  PID:6688
- C:\Windows\System\tWlBTHz.exe
  C:\Windows\System\tWlBTHz.exe
  2⤵
  PID:6704
- C:\Windows\System\ErjSblI.exe
  C:\Windows\System\ErjSblI.exe
  2⤵
  PID:7100
- C:\Windows\System\GyAtGBW.exe
  C:\Windows\System\GyAtGBW.exe
  2⤵
  PID:3036
- C:\Windows\System\OIMGIct.exe
  C:\Windows\System\OIMGIct.exe
  2⤵
  PID:6620
- C:\Windows\System\wKoSwoh.exe
  C:\Windows\System\wKoSwoh.exe
  2⤵
  PID:6636
- C:\Windows\System\RcnflSW.exe
  C:\Windows\System\RcnflSW.exe
  2⤵
  PID:6652
- C:\Windows\System\zhKBKfs.exe
  C:\Windows\System\zhKBKfs.exe
  2⤵
  PID:6668
- C:\Windows\System\FjGpSbs.exe
  C:\Windows\System\FjGpSbs.exe
  2⤵
  PID:1576
- C:\Windows\System\NsPYLlc.exe
  C:\Windows\System\NsPYLlc.exe
  2⤵
  PID:3828
- C:\Windows\System\TsyuKjI.exe
  C:\Windows\System\TsyuKjI.exe
  2⤵
  PID:6684
- C:\Windows\System\Kvvjmmt.exe
  C:\Windows\System\Kvvjmmt.exe
  2⤵
  PID:2152
- C:\Windows\System\ITYUvKg.exe
  C:\Windows\System\ITYUvKg.exe
  2⤵
  PID:3760
- C:\Windows\System\dUBEbok.exe
  C:\Windows\System\dUBEbok.exe
  2⤵
  PID:6736
- C:\Windows\System\YTBkzrD.exe
  C:\Windows\System\YTBkzrD.exe
  2⤵
  PID:1980
- C:\Windows\System\hoNpzZY.exe
  C:\Windows\System\hoNpzZY.exe
  2⤵
  PID:3924
- C:\Windows\System\YQJPbxR.exe
  C:\Windows\System\YQJPbxR.exe
  2⤵
  PID:3872
- C:\Windows\System\BlJzcnG.exe
  C:\Windows\System\BlJzcnG.exe
  2⤵
  PID:3808
- C:\Windows\System\UxlCLDu.exe
  C:\Windows\System\UxlCLDu.exe
  2⤵
  PID:1800
- C:\Windows\System\AqofkdW.exe
  C:\Windows\System\AqofkdW.exe
  2⤵
  PID:2860
- C:\Windows\System\LcNwnfD.exe
  C:\Windows\System\LcNwnfD.exe
  2⤵
  PID:7108
- C:\Windows\System\sNTUQDO.exe
  C:\Windows\System\sNTUQDO.exe
  2⤵
  PID:7076
- C:\Windows\System\ErGaWdy.exe
  C:\Windows\System\ErGaWdy.exe
  2⤵
  PID:6764
- C:\Windows\System\myBYttE.exe
  C:\Windows\System\myBYttE.exe
  2⤵
  PID:6788
- C:\Windows\System\sHQXoZL.exe
  C:\Windows\System\sHQXoZL.exe
  2⤵
  PID:7132
- C:\Windows\System\wEVBRNA.exe
  C:\Windows\System\wEVBRNA.exe
  2⤵
  PID:7152
- C:\Windows\System\ahhwiEm.exe
  C:\Windows\System\ahhwiEm.exe
  2⤵
  PID:6108
- C:\Windows\System\aGchhWs.exe
  C:\Windows\System\aGchhWs.exe
  2⤵
  PID:5704
- C:\Windows\System\JwpogYQ.exe
  C:\Windows\System\JwpogYQ.exe
  2⤵
  PID:6816
- C:\Windows\System\aZSGAfV.exe
  C:\Windows\System\aZSGAfV.exe
  2⤵
  PID:6840
- C:\Windows\System\VytkHPc.exe
  C:\Windows\System\VytkHPc.exe
  2⤵
  PID:6868
- C:\Windows\System\WCrElPC.exe
  C:\Windows\System\WCrElPC.exe
  2⤵
  PID:6892
- C:\Windows\System\SeGJOgk.exe
  C:\Windows\System\SeGJOgk.exe
  2⤵
  PID:6912
- C:\Windows\System\pAGGEfK.exe
  C:\Windows\System\pAGGEfK.exe
  2⤵
  PID:6924
- C:\Windows\System\WlcjYsV.exe
  C:\Windows\System\WlcjYsV.exe
  2⤵
  PID:6956
- C:\Windows\System\DKOjWuD.exe
  C:\Windows\System\DKOjWuD.exe
  2⤵
  PID:6964
- C:\Windows\System\grJPxKl.exe
  C:\Windows\System\grJPxKl.exe
  2⤵
  PID:6988
- C:\Windows\System\mGdxUHv.exe
  C:\Windows\System\mGdxUHv.exe
  2⤵
  PID:7008
- C:\Windows\System\vpifgqE.exe
  C:\Windows\System\vpifgqE.exe
  2⤵
  PID:7020
- C:\Windows\System\CWantVk.exe
  C:\Windows\System\CWantVk.exe
  2⤵
  PID:7032
- C:\Windows\System\fNUkXOP.exe
  C:\Windows\System\fNUkXOP.exe
  2⤵
  PID:7060
- C:\Windows\System\eUAePdF.exe
  C:\Windows\System\eUAePdF.exe
  2⤵
  PID:7072
- C:\Windows\System\dPFbUaN.exe
  C:\Windows\System\dPFbUaN.exe
  2⤵
  PID:7088
- C:\Windows\System\VPclPvs.exe
  C:\Windows\System\VPclPvs.exe
  2⤵
  PID:264
- C:\Windows\System\VSjeDzg.exe
  C:\Windows\System\VSjeDzg.exe
  2⤵
  PID:5536
- C:\Windows\System\uDzegBC.exe
  C:\Windows\System\uDzegBC.exe
  2⤵
  PID:5760
- C:\Windows\System\WLvzcCt.exe
  C:\Windows\System\WLvzcCt.exe
  2⤵
  PID:5340
- C:\Windows\System\gaviijA.exe
  C:\Windows\System\gaviijA.exe
  2⤵
  PID:6176
- C:\Windows\System\OopLmiS.exe
  C:\Windows\System\OopLmiS.exe
  2⤵
  PID:6196
- C:\Windows\System\zTbViXO.exe
  C:\Windows\System\zTbViXO.exe
  2⤵
  PID:2416
- C:\Windows\System\rXqdvTC.exe
  C:\Windows\System\rXqdvTC.exe
  2⤵
  PID:6212
- C:\Windows\System\vZoLnAB.exe
  C:\Windows\System\vZoLnAB.exe
  2⤵
  PID:6244
- C:\Windows\System\zbpnWzm.exe
  C:\Windows\System\zbpnWzm.exe
  2⤵
  PID:6272
- C:\Windows\System\cpfzXWa.exe
  C:\Windows\System\cpfzXWa.exe
  2⤵
  PID:6308
- C:\Windows\System\iClJmsQ.exe
  C:\Windows\System\iClJmsQ.exe
  2⤵
  PID:6388
- C:\Windows\System\AuqqMiV.exe
  C:\Windows\System\AuqqMiV.exe
  2⤵
  PID:6448
- C:\Windows\System\yqRyqsa.exe
  C:\Windows\System\yqRyqsa.exe
  2⤵
  PID:6404
- C:\Windows\System\Rqnmhke.exe
  C:\Windows\System\Rqnmhke.exe
  2⤵
  PID:6484
- C:\Windows\System\InvkFNB.exe
  C:\Windows\System\InvkFNB.exe
  2⤵
  PID:6464
- C:\Windows\System\GFPOhqV.exe
  C:\Windows\System\GFPOhqV.exe
  2⤵
  PID:6528
- C:\Windows\System\aMaYxaF.exe
  C:\Windows\System\aMaYxaF.exe
  2⤵
  PID:6580
- C:\Windows\System\gZVBHtr.exe
  C:\Windows\System\gZVBHtr.exe
  2⤵
  PID:6568
- C:\Windows\System\KsqDAgv.exe
  C:\Windows\System\KsqDAgv.exe
  2⤵
  PID:6600
- C:\Windows\System\yePwGms.exe
  C:\Windows\System\yePwGms.exe
  2⤵
  PID:3836
- C:\Windows\System\twjbOkJ.exe
  C:\Windows\System\twjbOkJ.exe
  2⤵
  PID:3028
- C:\Windows\System\DyFmfzn.exe
  C:\Windows\System\DyFmfzn.exe
  2⤵
  PID:6664
- C:\Windows\System\liXmmrf.exe
  C:\Windows\System\liXmmrf.exe
  2⤵
  PID:3864
- C:\Windows\System\qaASsql.exe
  C:\Windows\System\qaASsql.exe
  2⤵
  PID:2864
- C:\Windows\System\uXFKPvH.exe
  C:\Windows\System\uXFKPvH.exe
  2⤵
  PID:2660
- C:\Windows\System\dIBJsPm.exe
  C:\Windows\System\dIBJsPm.exe
  2⤵
  PID:3832
- C:\Windows\System\JaZblSh.exe
  C:\Windows\System\JaZblSh.exe
  2⤵
  PID:3728
- C:\Windows\System\vrPYzgR.exe
  C:\Windows\System\vrPYzgR.exe
  2⤵
  PID:3868
- C:\Windows\System\upiMnbu.exe
  C:\Windows\System\upiMnbu.exe
  2⤵
  PID:3764
- C:\Windows\System\PCQfxwc.exe
  C:\Windows\System\PCQfxwc.exe
  2⤵
  PID:6752
- C:\Windows\System\OuAygAA.exe
  C:\Windows\System\OuAygAA.exe
  2⤵
  PID:6796
- C:\Windows\System\lEfgYFM.exe
  C:\Windows\System\lEfgYFM.exe
  2⤵
  PID:2188
- C:\Windows\System\SQnimPM.exe
  C:\Windows\System\SQnimPM.exe
  2⤵
  PID:2088
- C:\Windows\System\eJsHHWy.exe
  C:\Windows\System\eJsHHWy.exe
  2⤵
  PID:6012
- C:\Windows\System\AKNPHFM.exe
  C:\Windows\System\AKNPHFM.exe
  2⤵
  PID:6776
- C:\Windows\System\HPNIVTv.exe
  C:\Windows\System\HPNIVTv.exe
  2⤵
  PID:7148
- C:\Windows\System\yOLEpyg.exe
  C:\Windows\System\yOLEpyg.exe
  2⤵
  PID:6076
- C:\Windows\System\CeZhDlo.exe
  C:\Windows\System\CeZhDlo.exe
  2⤵
  PID:6876
- C:\Windows\System\Wyeopoh.exe
  C:\Windows\System\Wyeopoh.exe
  2⤵
  PID:6888
- C:\Windows\System\bEuWzgn.exe
  C:\Windows\System\bEuWzgn.exe
  2⤵
  PID:6932
- C:\Windows\System\URiWNmc.exe
  C:\Windows\System\URiWNmc.exe
  2⤵
  PID:5948
- C:\Windows\System\QOfZBud.exe
  C:\Windows\System\QOfZBud.exe
  2⤵
  PID:6860
- C:\Windows\System\PIPxLpj.exe
  C:\Windows\System\PIPxLpj.exe
  2⤵
  PID:6944
- C:\Windows\System\yrHdmhU.exe
  C:\Windows\System\yrHdmhU.exe
  2⤵
  PID:6812
- C:\Windows\System\LPqnuTq.exe
  C:\Windows\System\LPqnuTq.exe
  2⤵
  PID:6984
- C:\Windows\System\LUKiSiD.exe
  C:\Windows\System\LUKiSiD.exe
  2⤵
  PID:7052
- C:\Windows\System\dATUmXx.exe
  C:\Windows\System\dATUmXx.exe
  2⤵
  PID:1808
- C:\Windows\System\OUCyzPD.exe
  C:\Windows\System\OUCyzPD.exe
  2⤵
  PID:2784
- C:\Windows\System\pwegnts.exe
  C:\Windows\System\pwegnts.exe
  2⤵
  PID:6320
- C:\Windows\System\bdAjilR.exe
  C:\Windows\System\bdAjilR.exe
  2⤵
  PID:6400
- C:\Windows\System\vLHrAuG.exe
  C:\Windows\System\vLHrAuG.exe
  2⤵
  PID:6516
- C:\Windows\System\EGCglab.exe
  C:\Windows\System\EGCglab.exe
  2⤵
  PID:6552
- C:\Windows\System\rXAstgR.exe
  C:\Windows\System\rXAstgR.exe
  2⤵
  PID:7004
- C:\Windows\System\gEEiPhF.exe
  C:\Windows\System\gEEiPhF.exe
  2⤵
  PID:7092
- C:\Windows\System\iaItHGN.exe
  C:\Windows\System\iaItHGN.exe
  2⤵
  PID:1488
- C:\Windows\System\FAYIMCy.exe
  C:\Windows\System\FAYIMCy.exe
  2⤵
  PID:6228
- C:\Windows\System\fQhVcan.exe
  C:\Windows\System\fQhVcan.exe
  2⤵
  PID:2520
- C:\Windows\System\jIyqcfO.exe
  C:\Windows\System\jIyqcfO.exe
  2⤵
  PID:6700
- C:\Windows\System\fnwSYHl.exe
  C:\Windows\System\fnwSYHl.exe
  2⤵
  PID:3892
- C:\Windows\System\hruoiiK.exe
  C:\Windows\System\hruoiiK.exe
  2⤵
  PID:6420
- C:\Windows\System\bJyHjhU.exe
  C:\Windows\System\bJyHjhU.exe
  2⤵
  PID:6548
- C:\Windows\System\DdomOgt.exe
  C:\Windows\System\DdomOgt.exe
  2⤵
  PID:1764
- C:\Windows\System\pyxWYNf.exe
  C:\Windows\System\pyxWYNf.exe
  2⤵
  PID:6628
- C:\Windows\System\XkJgSih.exe
  C:\Windows\System\XkJgSih.exe
  2⤵
  PID:1224
- C:\Windows\System\cYzjIzO.exe
  C:\Windows\System\cYzjIzO.exe
  2⤵
  PID:3696
- C:\Windows\System\URsxLOM.exe
  C:\Windows\System\URsxLOM.exe
  2⤵
  PID:1324
- C:\Windows\System\MQhqUWN.exe
  C:\Windows\System\MQhqUWN.exe
  2⤵
  PID:3032
- C:\Windows\System\DKwISSK.exe
  C:\Windows\System\DKwISSK.exe
  2⤵
  PID:7116
- C:\Windows\System\DuHqlzi.exe
  C:\Windows\System\DuHqlzi.exe
  2⤵
  PID:3068
- C:\Windows\System\mFwyjyi.exe
  C:\Windows\System\mFwyjyi.exe
  2⤵
  PID:2216
- C:\Windows\System\YWDUxDt.exe
  C:\Windows\System\YWDUxDt.exe
  2⤵
  PID:6828
- C:\Windows\System\DgBGiiR.exe
  C:\Windows\System\DgBGiiR.exe
  2⤵
  PID:2308
- C:\Windows\System\OSiiNFf.exe
  C:\Windows\System\OSiiNFf.exe
  2⤵
  PID:6908
- C:\Windows\System\EazWRCa.exe
  C:\Windows\System\EazWRCa.exe
  2⤵
  PID:6856
- C:\Windows\System\xbHuURj.exe
  C:\Windows\System\xbHuURj.exe
  2⤵
  PID:6260
- C:\Windows\System\ANnkxSG.exe
  C:\Windows\System\ANnkxSG.exe
  2⤵
  PID:6976
- C:\Windows\System\sXeajlw.exe
  C:\Windows\System\sXeajlw.exe
  2⤵
  PID:7000
- C:\Windows\System\bSsoLNl.exe
  C:\Windows\System\bSsoLNl.exe
  2⤵
  PID:6848
- C:\Windows\System\gzeAnyu.exe
  C:\Windows\System\gzeAnyu.exe
  2⤵
  PID:6304
- C:\Windows\System\ajJRDnR.exe
  C:\Windows\System\ajJRDnR.exe
  2⤵
  PID:6720
- C:\Windows\System\CdcouGo.exe
  C:\Windows\System\CdcouGo.exe
  2⤵
  PID:6372
- C:\Windows\System\nziDBrb.exe
  C:\Windows\System\nziDBrb.exe
  2⤵
  PID:2868
- C:\Windows\System\KXiQsiI.exe
  C:\Windows\System\KXiQsiI.exe
  2⤵
  PID:6352
- C:\Windows\System\cvYTMgj.exe
  C:\Windows\System\cvYTMgj.exe
  2⤵
  PID:6640
- C:\Windows\System\VhNcDZT.exe
  C:\Windows\System\VhNcDZT.exe
  2⤵
  PID:2460
- C:\Windows\System\rDhaIXM.exe
  C:\Windows\System\rDhaIXM.exe
  2⤵
  PID:588
- C:\Windows\System\waLKZUj.exe
  C:\Windows\System\waLKZUj.exe
  2⤵
  PID:7144
- C:\Windows\System\ftpJFZo.exe
  C:\Windows\System\ftpJFZo.exe
  2⤵
  PID:3876
- C:\Windows\System\sLtZHCm.exe
  C:\Windows\System\sLtZHCm.exe
  2⤵
  PID:7164
- C:\Windows\System\beLZRlL.exe
  C:\Windows\System\beLZRlL.exe
  2⤵
  PID:6844
- C:\Windows\System\tzwsqsY.exe
  C:\Windows\System\tzwsqsY.exe
  2⤵
  PID:6224
- C:\Windows\System\trnyhYP.exe
  C:\Windows\System\trnyhYP.exe
  2⤵
  PID:6724
- C:\Windows\System\wewrmET.exe
  C:\Windows\System\wewrmET.exe
  2⤵
  PID:632
- C:\Windows\System\neExUCx.exe
  C:\Windows\System\neExUCx.exe
  2⤵
  PID:2728
- C:\Windows\System\HtGUyRK.exe
  C:\Windows\System\HtGUyRK.exe
  2⤵
  PID:6632
- C:\Windows\System\AhhhAde.exe
  C:\Windows\System\AhhhAde.exe
  2⤵
  PID:1768
- C:\Windows\System\LCpOBNM.exe
  C:\Windows\System\LCpOBNM.exe
  2⤵
  PID:6864
- C:\Windows\System\yRXGBmv.exe
  C:\Windows\System\yRXGBmv.exe
  2⤵
  PID:1988
- C:\Windows\System\QtuyeAT.exe
  C:\Windows\System\QtuyeAT.exe
  2⤵
  PID:2212
- C:\Windows\System\jPnuGsf.exe
  C:\Windows\System\jPnuGsf.exe
  2⤵
  PID:5520
- C:\Windows\System\fYSZJwC.exe
  C:\Windows\System\fYSZJwC.exe
  2⤵
  PID:2336
- C:\Windows\System\qFYpdnr.exe
  C:\Windows\System\qFYpdnr.exe
  2⤵
  PID:6928
- C:\Windows\System\ZYLtfoU.exe
  C:\Windows\System\ZYLtfoU.exe
  2⤵
  PID:2708
- C:\Windows\System\NeFxoCa.exe
  C:\Windows\System\NeFxoCa.exe
  2⤵
  PID:7140
- C:\Windows\System\ivPusAX.exe
  C:\Windows\System\ivPusAX.exe
  2⤵
  PID:7184
- C:\Windows\System\obQjQyv.exe
  C:\Windows\System\obQjQyv.exe
  2⤵
  PID:7200
- C:\Windows\System\upmwSWs.exe
  C:\Windows\System\upmwSWs.exe
  2⤵
  PID:7216
- C:\Windows\System\VZwcewt.exe
  C:\Windows\System\VZwcewt.exe
  2⤵
  PID:7232
- C:\Windows\System\veRrNqw.exe
  C:\Windows\System\veRrNqw.exe
  2⤵
  PID:7248
- C:\Windows\System\wLvtHbD.exe
  C:\Windows\System\wLvtHbD.exe
  2⤵
  PID:7264
- C:\Windows\System\ZCsneeQ.exe
  C:\Windows\System\ZCsneeQ.exe
  2⤵
  PID:7280
- C:\Windows\System\GChDDQS.exe
  C:\Windows\System\GChDDQS.exe
  2⤵
  PID:7300
- C:\Windows\System\ySpHSzV.exe
  C:\Windows\System\ySpHSzV.exe
  2⤵
  PID:7316
- C:\Windows\System\rZUqnBt.exe
  C:\Windows\System\rZUqnBt.exe
  2⤵
  PID:7344
- C:\Windows\System\RrjkHwK.exe
  C:\Windows\System\RrjkHwK.exe
  2⤵
  PID:7360
- C:\Windows\System\ccdSgiF.exe
  C:\Windows\System\ccdSgiF.exe
  2⤵
  PID:7376
- C:\Windows\System\ksWzfyR.exe
  C:\Windows\System\ksWzfyR.exe
  2⤵
  PID:7392
- C:\Windows\System\lnRxSOY.exe
  C:\Windows\System\lnRxSOY.exe
  2⤵
  PID:7408
- C:\Windows\System\gxAxOzC.exe
  C:\Windows\System\gxAxOzC.exe
  2⤵
  PID:7424
- C:\Windows\System\kdwDEUY.exe
  C:\Windows\System\kdwDEUY.exe
  2⤵
  PID:7440
- C:\Windows\System\VLUBUlX.exe
  C:\Windows\System\VLUBUlX.exe
  2⤵
  PID:7460
- C:\Windows\System\AqdUzpk.exe
  C:\Windows\System\AqdUzpk.exe
  2⤵
  PID:7480
- C:\Windows\System\zgktPaV.exe
  C:\Windows\System\zgktPaV.exe
  2⤵
  PID:7496
- C:\Windows\System\KuRzAOg.exe
  C:\Windows\System\KuRzAOg.exe
  2⤵
  PID:7520
- C:\Windows\System\LYevxQd.exe
  C:\Windows\System\LYevxQd.exe
  2⤵
  PID:7540
- C:\Windows\System\DUQhcSz.exe
  C:\Windows\System\DUQhcSz.exe
  2⤵
  PID:7556
- C:\Windows\System\DPIszcn.exe
  C:\Windows\System\DPIszcn.exe
  2⤵
  PID:7572
- C:\Windows\System\KYbbLrd.exe
  C:\Windows\System\KYbbLrd.exe
  2⤵
  PID:7588
- C:\Windows\System\BnjvBOR.exe
  C:\Windows\System\BnjvBOR.exe
  2⤵
  PID:7632
- C:\Windows\System\rXGZIcI.exe
  C:\Windows\System\rXGZIcI.exe
  2⤵
  PID:7652
- C:\Windows\System\GglBBwc.exe
  C:\Windows\System\GglBBwc.exe
  2⤵
  PID:7672
- C:\Windows\System\ovEGdtQ.exe
  C:\Windows\System\ovEGdtQ.exe
  2⤵
  PID:7692
- C:\Windows\System\VQbeWaK.exe
  C:\Windows\System\VQbeWaK.exe
  2⤵
  PID:7716
- C:\Windows\System\uQtODmo.exe
  C:\Windows\System\uQtODmo.exe
  2⤵
  PID:7732
- C:\Windows\System\DYrKXfm.exe
  C:\Windows\System\DYrKXfm.exe
  2⤵
  PID:7752
- C:\Windows\System\gMLVmrM.exe
  C:\Windows\System\gMLVmrM.exe
  2⤵
  PID:7768
- C:\Windows\System\IkmUQje.exe
  C:\Windows\System\IkmUQje.exe
  2⤵
  PID:7788
- C:\Windows\System\YzhiNna.exe
  C:\Windows\System\YzhiNna.exe
  2⤵
  PID:7804
- C:\Windows\System\tgWbwzN.exe
  C:\Windows\System\tgWbwzN.exe
  2⤵
  PID:7820
- C:\Windows\System\liYtKJw.exe
  C:\Windows\System\liYtKJw.exe
  2⤵
  PID:7836
- C:\Windows\System\tIAaRHV.exe
  C:\Windows\System\tIAaRHV.exe
  2⤵
  PID:7856
- C:\Windows\System\PLYZkKi.exe
  C:\Windows\System\PLYZkKi.exe
  2⤵
  PID:7876
- C:\Windows\System\FlpqxTs.exe
  C:\Windows\System\FlpqxTs.exe
  2⤵
  PID:7900
- C:\Windows\System\awBAoSl.exe
  C:\Windows\System\awBAoSl.exe
  2⤵
  PID:7916
- C:\Windows\System\pjSSrdf.exe
  C:\Windows\System\pjSSrdf.exe
  2⤵
  PID:7936
- C:\Windows\System\BJchNpK.exe
  C:\Windows\System\BJchNpK.exe
  2⤵
  PID:7952
- C:\Windows\System\KFgMazY.exe
  C:\Windows\System\KFgMazY.exe
  2⤵
  PID:7976
- C:\Windows\System\RxQJVAI.exe
  C:\Windows\System\RxQJVAI.exe
  2⤵
  PID:7992
- C:\Windows\System\SKTyNnd.exe
  C:\Windows\System\SKTyNnd.exe
  2⤵
  PID:8012
- C:\Windows\System\ROXwdGu.exe
  C:\Windows\System\ROXwdGu.exe
  2⤵
  PID:8032
- C:\Windows\System\CUCPoRh.exe
  C:\Windows\System\CUCPoRh.exe
  2⤵
  PID:8052
- C:\Windows\System\YsDQUWu.exe
  C:\Windows\System\YsDQUWu.exe
  2⤵
  PID:8068
- C:\Windows\System\QFUqbNm.exe
  C:\Windows\System\QFUqbNm.exe
  2⤵
  PID:8096
- C:\Windows\System\EImEhXS.exe
  C:\Windows\System\EImEhXS.exe
  2⤵
  PID:8116
- C:\Windows\System\SVIOaMK.exe
  C:\Windows\System\SVIOaMK.exe
  2⤵
  PID:8136
- C:\Windows\System\tciHTAC.exe
  C:\Windows\System\tciHTAC.exe
  2⤵
  PID:8156
- C:\Windows\System\eOCbEPn.exe
  C:\Windows\System\eOCbEPn.exe
  2⤵
  PID:8172
- C:\Windows\System\uTfxqAf.exe
  C:\Windows\System\uTfxqAf.exe
  2⤵
  PID:8188
- C:\Windows\System\GTKFIew.exe
  C:\Windows\System\GTKFIew.exe
  2⤵
  PID:7208
- C:\Windows\System\fFjeXjs.exe
  C:\Windows\System\fFjeXjs.exe
  2⤵
  PID:7244
- C:\Windows\System\JKWNUSa.exe
  C:\Windows\System\JKWNUSa.exe
  2⤵
  PID:7192
- C:\Windows\System\XgQahzn.exe
  C:\Windows\System\XgQahzn.exe
  2⤵
  PID:7256
- C:\Windows\System\ofAaKgG.exe
  C:\Windows\System\ofAaKgG.exe
  2⤵
  PID:7384
- C:\Windows\System\adRnwZw.exe
  C:\Windows\System\adRnwZw.exe
  2⤵
  PID:7420
- C:\Windows\System\VuqvHbL.exe
  C:\Windows\System\VuqvHbL.exe
  2⤵
  PID:7536
- C:\Windows\System\cOeEUIo.exe
  C:\Windows\System\cOeEUIo.exe
  2⤵
  PID:7616
- C:\Windows\System\UNPMdcl.exe
  C:\Windows\System\UNPMdcl.exe
  2⤵
  PID:7700
- C:\Windows\System\MfaZkpF.exe
  C:\Windows\System\MfaZkpF.exe
  2⤵
  PID:7748
- C:\Windows\System\XwXhbGq.exe
  C:\Windows\System\XwXhbGq.exe
  2⤵
  PID:7844
- C:\Windows\System\IjXhdYE.exe
  C:\Windows\System\IjXhdYE.exe
  2⤵
  PID:7888
- C:\Windows\System\ptdXPVr.exe
  C:\Windows\System\ptdXPVr.exe
  2⤵
  PID:7328
- C:\Windows\System\ptnyPrI.exe
  C:\Windows\System\ptnyPrI.exe
  2⤵
  PID:7688
- C:\Windows\System\roGonHx.exe
  C:\Windows\System\roGonHx.exe
  2⤵
  PID:7432
- C:\Windows\System\zOrPtIQ.exe
  C:\Windows\System\zOrPtIQ.exe
  2⤵
  PID:7476
- C:\Windows\System\kEJhCxp.exe
  C:\Windows\System\kEJhCxp.exe
  2⤵
  PID:7548
- C:\Windows\System\eXtBpgz.exe
  C:\Windows\System\eXtBpgz.exe
  2⤵
  PID:7960
- C:\Windows\System\aBQplcC.exe
  C:\Windows\System\aBQplcC.exe
  2⤵
  PID:7972
- C:\Windows\System\kJxNKzH.exe
  C:\Windows\System\kJxNKzH.exe
  2⤵
  PID:7680
- C:\Windows\System\TfXtBze.exe
  C:\Windows\System\TfXtBze.exe
  2⤵
  PID:7864
- C:\Windows\System\ObyQQwg.exe
  C:\Windows\System\ObyQQwg.exe
  2⤵
  PID:7644
- C:\Windows\System\csdrLxY.exe
  C:\Windows\System\csdrLxY.exe
  2⤵
  PID:7796
- C:\Windows\System\gudKdPF.exe
  C:\Windows\System\gudKdPF.exe
  2⤵
  PID:7948
- C:\Windows\System\VKGUWQc.exe
  C:\Windows\System\VKGUWQc.exe
  2⤵
  PID:8040
- C:\Windows\System\XaJKebi.exe
  C:\Windows\System\XaJKebi.exe
  2⤵
  PID:8028
- C:\Windows\System\oMfYsrw.exe
  C:\Windows\System\oMfYsrw.exe
  2⤵
  PID:8084
- C:\Windows\System\KjdGPYV.exe
  C:\Windows\System\KjdGPYV.exe
  2⤵
  PID:8104
- C:\Windows\System\IhFNfWd.exe
  C:\Windows\System\IhFNfWd.exe
  2⤵
  PID:8060
- C:\Windows\System\RGohyyE.exe
  C:\Windows\System\RGohyyE.exe
  2⤵
  PID:6880
- C:\Windows\System\bSnXOqd.exe
  C:\Windows\System\bSnXOqd.exe
  2⤵
  PID:8180
- C:\Windows\System\FoWrPQx.exe
  C:\Windows\System\FoWrPQx.exe
  2⤵
  PID:7292
- C:\Windows\System\DtuYHPM.exe
  C:\Windows\System\DtuYHPM.exe
  2⤵
  PID:7488
- C:\Windows\System\OMuvPGE.exe
  C:\Windows\System\OMuvPGE.exe
  2⤵
  PID:7608
- C:\Windows\System\BTahmhZ.exe
  C:\Windows\System\BTahmhZ.exe
  2⤵
  PID:7620
- C:\Windows\System\OBthbUY.exe
  C:\Windows\System\OBthbUY.exe
  2⤵
  PID:7352
- C:\Windows\System\ssiuVIC.exe
  C:\Windows\System\ssiuVIC.exe
  2⤵
  PID:7416
- C:\Windows\System\MFjalEM.exe
  C:\Windows\System\MFjalEM.exe
  2⤵
  PID:7596
- C:\Windows\System\vdEiBbZ.exe
  C:\Windows\System\vdEiBbZ.exe
  2⤵
  PID:7600
- C:\Windows\System\dhBMEJv.exe
  C:\Windows\System\dhBMEJv.exe
  2⤵
  PID:7712
- C:\Windows\System\MryPCjL.exe
  C:\Windows\System\MryPCjL.exe
  2⤵
  PID:7368
- C:\Windows\System\NeiedIO.exe
  C:\Windows\System\NeiedIO.exe
  2⤵
  PID:7812
- C:\Windows\System\YfpRHMq.exe
  C:\Windows\System\YfpRHMq.exe
  2⤵
  PID:7928
- C:\Windows\System\pHkrbat.exe
  C:\Windows\System\pHkrbat.exe
  2⤵
  PID:7400
- C:\Windows\System\wkWlmTm.exe
  C:\Windows\System\wkWlmTm.exe
  2⤵
  PID:7764
- C:\Windows\System\BpXsDET.exe
  C:\Windows\System\BpXsDET.exe
  2⤵
  PID:7832
- C:\Windows\System\zsjwuTi.exe
  C:\Windows\System\zsjwuTi.exe
  2⤵
  PID:7932
- C:\Windows\System\ZiMsiDf.exe
  C:\Windows\System\ZiMsiDf.exe
  2⤵
  PID:8088
- C:\Windows\System\BsrbPfr.exe
  C:\Windows\System\BsrbPfr.exe
  2⤵
  PID:7312
- C:\Windows\System\WhhAbGE.exe
  C:\Windows\System\WhhAbGE.exe
  2⤵
  PID:7296
- C:\Windows\System\efSgsbr.exe
  C:\Windows\System\efSgsbr.exe
  2⤵
  PID:7468
- C:\Windows\System\YePcCyV.exe
  C:\Windows\System\YePcCyV.exe
  2⤵
  PID:8000
- C:\Windows\System\yLPKukP.exe
  C:\Windows\System\yLPKukP.exe
  2⤵
  PID:7240
- C:\Windows\System\AJbmrhG.exe
  C:\Windows\System\AJbmrhG.exe
  2⤵
  PID:8048
- C:\Windows\System\rCjgiHl.exe
  C:\Windows\System\rCjgiHl.exe
  2⤵
  PID:8144
- C:\Windows\System\pnRttVF.exe
  C:\Windows\System\pnRttVF.exe
  2⤵
  PID:7308
- C:\Windows\System\SfgwLOg.exe
  C:\Windows\System\SfgwLOg.exe
  2⤵
  PID:7660
- C:\Windows\System\JbuXVIX.exe
  C:\Windows\System\JbuXVIX.exe
  2⤵
  PID:7744
- C:\Windows\System\rwqqTvb.exe
  C:\Windows\System\rwqqTvb.exe
  2⤵
  PID:7924
- C:\Windows\System\lJiVOMc.exe
  C:\Windows\System\lJiVOMc.exe
  2⤵
  PID:7816
- C:\Windows\System\qiCgMZy.exe
  C:\Windows\System\qiCgMZy.exe
  2⤵
  PID:7988
- C:\Windows\System\XPwShgv.exe
  C:\Windows\System\XPwShgv.exe
  2⤵
  PID:8092
- C:\Windows\System\UfNnjrO.exe
  C:\Windows\System\UfNnjrO.exe
  2⤵
  PID:7228
- C:\Windows\System\zvtIFNq.exe
  C:\Windows\System\zvtIFNq.exe
  2⤵
  PID:6208
- C:\Windows\System\XKqpiao.exe
  C:\Windows\System\XKqpiao.exe
  2⤵
  PID:8008
- C:\Windows\System\CBjRQPQ.exe
  C:\Windows\System\CBjRQPQ.exe
  2⤵
  PID:8132
- C:\Windows\System\Znajjil.exe
  C:\Windows\System\Znajjil.exe
  2⤵
  PID:1664
- C:\Windows\System\YIVmDWa.exe
  C:\Windows\System\YIVmDWa.exe
  2⤵
  PID:8208
- C:\Windows\System\UFvzdqQ.exe
  C:\Windows\System\UFvzdqQ.exe
  2⤵
  PID:8224
- C:\Windows\System\PMaOpJn.exe
  C:\Windows\System\PMaOpJn.exe
  2⤵
  PID:8240
- C:\Windows\System\LHTGEFM.exe
  C:\Windows\System\LHTGEFM.exe
  2⤵
  PID:8256
- C:\Windows\System\zogBbcJ.exe
  C:\Windows\System\zogBbcJ.exe
  2⤵
  PID:8272
- C:\Windows\System\YnymYAf.exe
  C:\Windows\System\YnymYAf.exe
  2⤵
  PID:8288
- C:\Windows\System\HnLKRhL.exe
  C:\Windows\System\HnLKRhL.exe
  2⤵
  PID:8304
- C:\Windows\System\eCWDazn.exe
  C:\Windows\System\eCWDazn.exe
  2⤵
  PID:8320
- C:\Windows\System\VLOgQgc.exe
  C:\Windows\System\VLOgQgc.exe
  2⤵
  PID:8336
- C:\Windows\System\BJCUqeV.exe
  C:\Windows\System\BJCUqeV.exe
  2⤵
  PID:8352
- C:\Windows\System\IzKjIqM.exe
  C:\Windows\System\IzKjIqM.exe
  2⤵
  PID:8368
- C:\Windows\System\nzwZLGl.exe
  C:\Windows\System\nzwZLGl.exe
  2⤵
  PID:8384
- C:\Windows\System\lAuYfZH.exe
  C:\Windows\System\lAuYfZH.exe
  2⤵
  PID:8400
- C:\Windows\System\EBklSrX.exe
  C:\Windows\System\EBklSrX.exe
  2⤵
  PID:8416
- C:\Windows\System\vYazptL.exe
  C:\Windows\System\vYazptL.exe
  2⤵
  PID:8432
- C:\Windows\System\oiqiMkS.exe
  C:\Windows\System\oiqiMkS.exe
  2⤵
  PID:8448
- C:\Windows\System\JoTwiOB.exe
  C:\Windows\System\JoTwiOB.exe
  2⤵
  PID:8464
- C:\Windows\System\KLdrUHU.exe
  C:\Windows\System\KLdrUHU.exe
  2⤵
  PID:8480
- C:\Windows\System\aUmEDHV.exe
  C:\Windows\System\aUmEDHV.exe
  2⤵
  PID:8496
- C:\Windows\System\hQqABhy.exe
  C:\Windows\System\hQqABhy.exe
  2⤵
  PID:8512
- C:\Windows\System\dIonngS.exe
  C:\Windows\System\dIonngS.exe
  2⤵
  PID:8528
- C:\Windows\System\oMMyRok.exe
  C:\Windows\System\oMMyRok.exe
  2⤵
  PID:8544
- C:\Windows\System\SLTiuEK.exe
  C:\Windows\System\SLTiuEK.exe
  2⤵
  PID:8560
- C:\Windows\System\dqpRMNK.exe
  C:\Windows\System\dqpRMNK.exe
  2⤵
  PID:8576
- C:\Windows\System\zgehqZd.exe
  C:\Windows\System\zgehqZd.exe
  2⤵
  PID:8592
- C:\Windows\System\QqzOOkX.exe
  C:\Windows\System\QqzOOkX.exe
  2⤵
  PID:8608
- C:\Windows\System\CgqGEap.exe
  C:\Windows\System\CgqGEap.exe
  2⤵
  PID:8624
- C:\Windows\System\bkNvYlL.exe
  C:\Windows\System\bkNvYlL.exe
  2⤵
  PID:8640
- C:\Windows\System\dKobJBt.exe
  C:\Windows\System\dKobJBt.exe
  2⤵
  PID:8656
- C:\Windows\System\RtXXkxn.exe
  C:\Windows\System\RtXXkxn.exe
  2⤵
  PID:8672
- C:\Windows\System\FgSUxbm.exe
  C:\Windows\System\FgSUxbm.exe
  2⤵
  PID:8688
- C:\Windows\System\GZTKPDX.exe
  C:\Windows\System\GZTKPDX.exe
  2⤵
  PID:8704
- C:\Windows\System\EulmNmW.exe
  C:\Windows\System\EulmNmW.exe
  2⤵
  PID:8720
- C:\Windows\System\rAkrLxA.exe
  C:\Windows\System\rAkrLxA.exe
  2⤵
  PID:8736
- C:\Windows\System\yaRUxqJ.exe
  C:\Windows\System\yaRUxqJ.exe
  2⤵
  PID:8752
- C:\Windows\System\hSdHTJX.exe
  C:\Windows\System\hSdHTJX.exe
  2⤵
  PID:8768
- C:\Windows\System\KsbtJfH.exe
  C:\Windows\System\KsbtJfH.exe
  2⤵
  PID:8784
- C:\Windows\System\nYxCkyu.exe
  C:\Windows\System\nYxCkyu.exe
  2⤵
  PID:8804
- C:\Windows\System\qhCqKMf.exe
  C:\Windows\System\qhCqKMf.exe
  2⤵
  PID:8832
- C:\Windows\System\SkkMSVY.exe
  C:\Windows\System\SkkMSVY.exe
  2⤵
  PID:8852
- C:\Windows\System\NHRkEqj.exe
  C:\Windows\System\NHRkEqj.exe
  2⤵
  PID:8876
- C:\Windows\System\YwEUrgi.exe
  C:\Windows\System\YwEUrgi.exe
  2⤵
  PID:8896
- C:\Windows\System\KNFjcCT.exe
  C:\Windows\System\KNFjcCT.exe
  2⤵
  PID:8916
- C:\Windows\System\WwXRFdx.exe
  C:\Windows\System\WwXRFdx.exe
  2⤵
  PID:8976
- C:\Windows\System\uWKqsby.exe
  C:\Windows\System\uWKqsby.exe
  2⤵
  PID:9024
- C:\Windows\System\rdIqZzM.exe
  C:\Windows\System\rdIqZzM.exe
  2⤵
  PID:9040
- C:\Windows\System\nmPNxgS.exe
  C:\Windows\System\nmPNxgS.exe
  2⤵
  PID:9056
- C:\Windows\System\hNSrJqd.exe
  C:\Windows\System\hNSrJqd.exe
  2⤵
  PID:9072
- C:\Windows\System\jzUcOEy.exe
  C:\Windows\System\jzUcOEy.exe
  2⤵
  PID:9088
- C:\Windows\System\CoLYxIZ.exe
  C:\Windows\System\CoLYxIZ.exe
  2⤵
  PID:9104
- C:\Windows\System\SvhdVBl.exe
  C:\Windows\System\SvhdVBl.exe
  2⤵
  PID:9120
- C:\Windows\System\MqtvNch.exe
  C:\Windows\System\MqtvNch.exe
  2⤵
  PID:9136
- C:\Windows\System\AthwXvN.exe
  C:\Windows\System\AthwXvN.exe
  2⤵
  PID:9152
- C:\Windows\System\DJZLnqY.exe
  C:\Windows\System\DJZLnqY.exe
  2⤵
  PID:9168
- C:\Windows\System\mFzLNcP.exe
  C:\Windows\System\mFzLNcP.exe
  2⤵
  PID:9184
- C:\Windows\System\TdbxTNm.exe
  C:\Windows\System\TdbxTNm.exe
  2⤵
  PID:9204
- C:\Windows\System\blryyKm.exe
  C:\Windows\System\blryyKm.exe
  2⤵
  PID:8216
- C:\Windows\System\bPEfLUm.exe
  C:\Windows\System\bPEfLUm.exe
  2⤵
  PID:7780
- C:\Windows\System\foRITvc.exe
  C:\Windows\System\foRITvc.exe
  2⤵
  PID:8204
- C:\Windows\System\uTeMIlx.exe
  C:\Windows\System\uTeMIlx.exe
  2⤵
  PID:7912
- C:\Windows\System\CfjeYHK.exe
  C:\Windows\System\CfjeYHK.exe
  2⤵
  PID:8020
- C:\Windows\System\LWZjIul.exe
  C:\Windows\System\LWZjIul.exe
  2⤵
  PID:8316
- C:\Windows\System\edQoiAY.exe
  C:\Windows\System\edQoiAY.exe
  2⤵
  PID:8408
- C:\Windows\System\YWdfvXU.exe
  C:\Windows\System\YWdfvXU.exe
  2⤵
  PID:8472
- C:\Windows\System\QTszbKI.exe
  C:\Windows\System\QTszbKI.exe
  2⤵
  PID:8568
- C:\Windows\System\oGQAKqJ.exe
  C:\Windows\System\oGQAKqJ.exe
  2⤵
  PID:8632
- C:\Windows\System\xuZQDpW.exe
  C:\Windows\System\xuZQDpW.exe
  2⤵
  PID:8700
- C:\Windows\System\lHGFOUL.exe
  C:\Windows\System\lHGFOUL.exe
  2⤵
  PID:8884
- C:\Windows\System\ZHwiCFQ.exe
  C:\Windows\System\ZHwiCFQ.exe
  2⤵
  PID:8520
- C:\Windows\System\GmbzqnT.exe
  C:\Windows\System\GmbzqnT.exe
  2⤵
  PID:8924
- C:\Windows\System\qzCHlsv.exe
  C:\Windows\System\qzCHlsv.exe
  2⤵
  PID:8812
- C:\Windows\System\zpcEZEJ.exe
  C:\Windows\System\zpcEZEJ.exe
  2⤵
  PID:8828
- C:\Windows\System\KiLHeVQ.exe
  C:\Windows\System\KiLHeVQ.exe
  2⤵
  PID:8872
- C:\Windows\System\VcMFAUf.exe
  C:\Windows\System\VcMFAUf.exe
  2⤵
  PID:8300
- C:\Windows\System\dqIzdIE.exe
  C:\Windows\System\dqIzdIE.exe
  2⤵
  PID:8492
- C:\Windows\System\nBqIRjQ.exe
  C:\Windows\System\nBqIRjQ.exe
  2⤵
  PID:8268
- C:\Windows\System\ozIHpZG.exe
  C:\Windows\System\ozIHpZG.exe
  2⤵
  PID:8428
- C:\Windows\System\zvPXGVi.exe
  C:\Windows\System\zvPXGVi.exe
  2⤵
  PID:8620
- C:\Windows\System\XMoyHvD.exe
  C:\Windows\System\XMoyHvD.exe
  2⤵
  PID:8712
- C:\Windows\System\MskhEYK.exe
  C:\Windows\System\MskhEYK.exe
  2⤵
  PID:8860
- C:\Windows\System\GTehlve.exe
  C:\Windows\System\GTehlve.exe
  2⤵
  PID:8952
- C:\Windows\System\MGflhea.exe
  C:\Windows\System\MGflhea.exe
  2⤵
  PID:8960
- C:\Windows\System\EPSWHFH.exe
  C:\Windows\System\EPSWHFH.exe
  2⤵
  PID:9008
- C:\Windows\System\OEsKRIf.exe
  C:\Windows\System\OEsKRIf.exe
  2⤵
  PID:9112
- C:\Windows\System\BHORvIx.exe
  C:\Windows\System\BHORvIx.exe
  2⤵
  PID:8248
- C:\Windows\System\dERqIws.exe
  C:\Windows\System\dERqIws.exe
  2⤵
  PID:8312
- C:\Windows\System\lTeCpHW.exe
  C:\Windows\System\lTeCpHW.exe
  2⤵
  PID:8572
- C:\Windows\System\VGieYfN.exe
  C:\Windows\System\VGieYfN.exe
  2⤵
  PID:7908
- C:\Windows\System\RlQFvwk.exe
  C:\Windows\System\RlQFvwk.exe
  2⤵
  PID:8696
- C:\Windows\System\RLeTXcE.exe
  C:\Windows\System\RLeTXcE.exe
  2⤵
  PID:7640
- C:\Windows\System\ikaNqJr.exe
  C:\Windows\System\ikaNqJr.exe
  2⤵
  PID:8504
- C:\Windows\System\niYlFWJ.exe
  C:\Windows\System\niYlFWJ.exe
  2⤵
  PID:8604
- C:\Windows\System\vGxOsCl.exe
  C:\Windows\System\vGxOsCl.exe
  2⤵
  PID:8792
- C:\Windows\System\BCDAMXO.exe
  C:\Windows\System\BCDAMXO.exe
  2⤵
  PID:8840
- C:\Windows\System\sIEZExj.exe
  C:\Windows\System\sIEZExj.exe
  2⤵
  PID:8360
- C:\Windows\System\CJgmZNd.exe
  C:\Windows\System\CJgmZNd.exe
  2⤵
  PID:8584
- C:\Windows\System\zyivkpQ.exe
  C:\Windows\System\zyivkpQ.exe
  2⤵
  PID:8588
- C:\Windows\System\dfzwPPg.exe
  C:\Windows\System\dfzwPPg.exe
  2⤵
  PID:8524
- C:\Windows\System\yYTNRkb.exe
  C:\Windows\System\yYTNRkb.exe
  2⤵
  PID:8748
- C:\Windows\System\DrsFyVg.exe
  C:\Windows\System\DrsFyVg.exe
  2⤵
  PID:8864
- C:\Windows\System\hVlgaZk.exe
  C:\Windows\System\hVlgaZk.exe
  2⤵
  PID:8972
- C:\Windows\System\ZiKYPtq.exe
  C:\Windows\System\ZiKYPtq.exe
  2⤵
  PID:8944
- C:\Windows\System\bXbUQZg.exe
  C:\Windows\System\bXbUQZg.exe
  2⤵
  PID:8928
- C:\Windows\System\aqliBKC.exe
  C:\Windows\System\aqliBKC.exe
  2⤵
  PID:9012
- C:\Windows\System\eumVyRk.exe
  C:\Windows\System\eumVyRk.exe
  2⤵
  PID:9144
- C:\Windows\System\Pjqzhjp.exe
  C:\Windows\System\Pjqzhjp.exe
  2⤵
  PID:9080
- C:\Windows\System\SjbnFMA.exe
  C:\Windows\System\SjbnFMA.exe
  2⤵
  PID:9100
- C:\Windows\System\YENQOks.exe
  C:\Windows\System\YENQOks.exe
  2⤵
  PID:9164
- C:\Windows\System\EoYjmjC.exe
  C:\Windows\System\EoYjmjC.exe
  2⤵
  PID:8280
- C:\Windows\System\SIswEjd.exe
  C:\Windows\System\SIswEjd.exe
  2⤵
  PID:8440
- C:\Windows\System\XWZboHn.exe
  C:\Windows\System\XWZboHn.exe
  2⤵
  PID:7568
- C:\Windows\System\iMoanss.exe
  C:\Windows\System\iMoanss.exe
  2⤵
  PID:7564
- C:\Windows\System\eYSVorT.exe
  C:\Windows\System\eYSVorT.exe
  2⤵
  PID:8848
- C:\Windows\System\HdFLBJX.exe
  C:\Windows\System\HdFLBJX.exe
  2⤵
  PID:8936
- C:\Windows\System\lruzrxp.exe
  C:\Windows\System\lruzrxp.exe
  2⤵
  PID:8744
- C:\Windows\System\dtLPakY.exe
  C:\Windows\System\dtLPakY.exe
  2⤵
  PID:8988
- C:\Windows\System\UJpSwVC.exe
  C:\Windows\System\UJpSwVC.exe
  2⤵
  PID:9132
- C:\Windows\System\jLyACeF.exe
  C:\Windows\System\jLyACeF.exe
  2⤵
  PID:8680
- C:\Windows\System\HXowGBa.exe
  C:\Windows\System\HXowGBa.exe
  2⤵
  PID:9176
- C:\Windows\System\KYMnsnO.exe
  C:\Windows\System\KYMnsnO.exe
  2⤵
  PID:8732
- C:\Windows\System\lGOkAlL.exe
  C:\Windows\System\lGOkAlL.exe
  2⤵
  PID:8380
- C:\Windows\System\XXEedoN.exe
  C:\Windows\System\XXEedoN.exe
  2⤵
  PID:9196
- C:\Windows\System\GThklmX.exe
  C:\Windows\System\GThklmX.exe
  2⤵
  PID:8444
- C:\Windows\System\BCDCING.exe
  C:\Windows\System\BCDCING.exe
  2⤵
  PID:9004
- C:\Windows\System\PqvWTLr.exe
  C:\Windows\System\PqvWTLr.exe
  2⤵
  PID:8800
- C:\Windows\System\cgTruSm.exe
  C:\Windows\System\cgTruSm.exe
  2⤵
  PID:8776
- C:\Windows\System\NIKDfXP.exe
  C:\Windows\System\NIKDfXP.exe
  2⤵
  PID:8424
- C:\Windows\System\ArAeeax.exe
  C:\Windows\System\ArAeeax.exe
  2⤵
  PID:8844
- C:\Windows\System\NRUVuMi.exe
  C:\Windows\System\NRUVuMi.exe
  2⤵
  PID:8892
- C:\Windows\System\dTVSFIZ.exe
  C:\Windows\System\dTVSFIZ.exe
  2⤵
  PID:8456
- C:\Windows\System\SUssNRK.exe
  C:\Windows\System\SUssNRK.exe
  2⤵
  PID:9228
- C:\Windows\System\fQJNzIO.exe
  C:\Windows\System\fQJNzIO.exe
  2⤵
  PID:9244
- C:\Windows\System\VxEQdxb.exe
  C:\Windows\System\VxEQdxb.exe
  2⤵
  PID:9260
- C:\Windows\System\rbpityn.exe
  C:\Windows\System\rbpityn.exe
  2⤵
  PID:9276
- C:\Windows\System\ZzqxPfn.exe
  C:\Windows\System\ZzqxPfn.exe
  2⤵
  PID:9292
- C:\Windows\System\aixrNEk.exe
  C:\Windows\System\aixrNEk.exe
  2⤵
  PID:9308
- C:\Windows\System\SaRXpEG.exe
  C:\Windows\System\SaRXpEG.exe
  2⤵
  PID:9324
- C:\Windows\System\cYzXLUw.exe
  C:\Windows\System\cYzXLUw.exe
  2⤵
  PID:9340
- C:\Windows\System\LqBRiym.exe
  C:\Windows\System\LqBRiym.exe
  2⤵
  PID:9356
- C:\Windows\System\YmyyhRW.exe
  C:\Windows\System\YmyyhRW.exe
  2⤵
  PID:9372
- C:\Windows\System\OYRdOwb.exe
  C:\Windows\System\OYRdOwb.exe
  2⤵
  PID:9388
- C:\Windows\System\oGMxSqW.exe
  C:\Windows\System\oGMxSqW.exe
  2⤵
  PID:9404
- C:\Windows\System\PMzCzUV.exe
  C:\Windows\System\PMzCzUV.exe
  2⤵
  PID:9420
- C:\Windows\System\GogmzgL.exe
  C:\Windows\System\GogmzgL.exe
  2⤵
  PID:9436
- C:\Windows\System\bhSxGNP.exe
  C:\Windows\System\bhSxGNP.exe
  2⤵
  PID:9452
- C:\Windows\System\XlXkZRr.exe
  C:\Windows\System\XlXkZRr.exe
  2⤵
  PID:9468
- C:\Windows\System\FHpfrah.exe
  C:\Windows\System\FHpfrah.exe
  2⤵
  PID:9484
- C:\Windows\System\DfmwPIQ.exe
  C:\Windows\System\DfmwPIQ.exe
  2⤵
  PID:9500
- C:\Windows\System\qQjrWcB.exe
  C:\Windows\System\qQjrWcB.exe
  2⤵
  PID:9516
- C:\Windows\System\QukdQAu.exe
  C:\Windows\System\QukdQAu.exe
  2⤵
  PID:9532
- C:\Windows\System\UzyTxTt.exe
  C:\Windows\System\UzyTxTt.exe
  2⤵
  PID:9548
- C:\Windows\System\qrtUttp.exe
  C:\Windows\System\qrtUttp.exe
  2⤵
  PID:9564
- C:\Windows\System\vBPhyRu.exe
  C:\Windows\System\vBPhyRu.exe
  2⤵
  PID:9580
- C:\Windows\System\CTKBuFl.exe
  C:\Windows\System\CTKBuFl.exe
  2⤵
  PID:9596
- C:\Windows\System\bZSCksy.exe
  C:\Windows\System\bZSCksy.exe
  2⤵
  PID:9612
- C:\Windows\System\PAAvjJi.exe
  C:\Windows\System\PAAvjJi.exe
  2⤵
  PID:9628
- C:\Windows\System\rjJjnWr.exe
  C:\Windows\System\rjJjnWr.exe
  2⤵
  PID:9644
- C:\Windows\System\INrQgEO.exe
  C:\Windows\System\INrQgEO.exe
  2⤵
  PID:9660
- C:\Windows\System\cTGPyAQ.exe
  C:\Windows\System\cTGPyAQ.exe
  2⤵
  PID:9676
- C:\Windows\System\DnsAzzN.exe
  C:\Windows\System\DnsAzzN.exe
  2⤵
  PID:9692
- C:\Windows\System\WbxRtSt.exe
  C:\Windows\System\WbxRtSt.exe
  2⤵
  PID:9708
- C:\Windows\System\wajSxYU.exe
  C:\Windows\System\wajSxYU.exe
  2⤵
  PID:9724
- C:\Windows\System\XYDplJq.exe
  C:\Windows\System\XYDplJq.exe
  2⤵
  PID:9740
- C:\Windows\System\pPUbcWY.exe
  C:\Windows\System\pPUbcWY.exe
  2⤵
  PID:9756
- C:\Windows\System\ynbKHrO.exe
  C:\Windows\System\ynbKHrO.exe
  2⤵
  PID:9772
- C:\Windows\System\YubpNwG.exe
  C:\Windows\System\YubpNwG.exe
  2⤵
  PID:9788
- C:\Windows\System\VlaOlbf.exe
  C:\Windows\System\VlaOlbf.exe
  2⤵
  PID:9804
- C:\Windows\System\oiCuYyd.exe
  C:\Windows\System\oiCuYyd.exe
  2⤵
  PID:9820
- C:\Windows\System\vNUInMY.exe
  C:\Windows\System\vNUInMY.exe
  2⤵
  PID:9836
- C:\Windows\System\LqqzikP.exe
  C:\Windows\System\LqqzikP.exe
  2⤵
  PID:9856
- C:\Windows\System\gXwvmOv.exe
  C:\Windows\System\gXwvmOv.exe
  2⤵
  PID:9872
- C:\Windows\System\CfXDJVa.exe
  C:\Windows\System\CfXDJVa.exe
  2⤵
  PID:9888
- C:\Windows\System\hHJucuz.exe
  C:\Windows\System\hHJucuz.exe
  2⤵
  PID:9904
- C:\Windows\System\sFPViaA.exe
  C:\Windows\System\sFPViaA.exe
  2⤵
  PID:9920
- C:\Windows\System\AmRRhQv.exe
  C:\Windows\System\AmRRhQv.exe
  2⤵
  PID:9936
- C:\Windows\System\NVOTxZQ.exe
  C:\Windows\System\NVOTxZQ.exe
  2⤵
  PID:9952
- C:\Windows\System\NgcWQJu.exe
  C:\Windows\System\NgcWQJu.exe
  2⤵
  PID:9968
- C:\Windows\System\EeLWQDv.exe
  C:\Windows\System\EeLWQDv.exe
  2⤵
  PID:9984
- C:\Windows\System\fkaHtMD.exe
  C:\Windows\System\fkaHtMD.exe
  2⤵
  PID:10000
- C:\Windows\System\uoWoONa.exe
  C:\Windows\System\uoWoONa.exe
  2⤵
  PID:10016
- C:\Windows\System\LvgXlTF.exe
  C:\Windows\System\LvgXlTF.exe
  2⤵
  PID:10032
- C:\Windows\System\ZQpJKlX.exe
  C:\Windows\System\ZQpJKlX.exe
  2⤵
  PID:10048
- C:\Windows\System\UBjVVMF.exe
  C:\Windows\System\UBjVVMF.exe
  2⤵
  PID:10064
- C:\Windows\System\HofXQwu.exe
  C:\Windows\System\HofXQwu.exe
  2⤵
  PID:10080
- C:\Windows\System\rWmzIqr.exe
  C:\Windows\System\rWmzIqr.exe
  2⤵
  PID:10096
- C:\Windows\System\wjJPWWb.exe
  C:\Windows\System\wjJPWWb.exe
  2⤵
  PID:10112
- C:\Windows\System\GLJPXpy.exe
  C:\Windows\System\GLJPXpy.exe
  2⤵
  PID:10128
- C:\Windows\System\zOeoyub.exe
  C:\Windows\System\zOeoyub.exe
  2⤵
  PID:10144
- C:\Windows\System\KyjticN.exe
  C:\Windows\System\KyjticN.exe
  2⤵
  PID:10160
- C:\Windows\System\QsMLRJp.exe
  C:\Windows\System\QsMLRJp.exe
  2⤵
  PID:10176
- C:\Windows\System\RnlvSkN.exe
  C:\Windows\System\RnlvSkN.exe
  2⤵
  PID:10192
- C:\Windows\System\PNKoumw.exe
  C:\Windows\System\PNKoumw.exe
  2⤵
  PID:10208
- C:\Windows\System\SDtzrMe.exe
  C:\Windows\System\SDtzrMe.exe
  2⤵
  PID:10224
- C:\Windows\System\yQkYmXE.exe
  C:\Windows\System\yQkYmXE.exe
  2⤵
  PID:8984
- C:\Windows\System\xFjcjUQ.exe
  C:\Windows\System\xFjcjUQ.exe
  2⤵
  PID:9256
- C:\Windows\System\FAqaCrc.exe
  C:\Windows\System\FAqaCrc.exe
  2⤵
  PID:9320
- C:\Windows\System\kMumNUc.exe
  C:\Windows\System\kMumNUc.exe
  2⤵
  PID:9240
- C:\Windows\System\dWFUMMs.exe
  C:\Windows\System\dWFUMMs.exe
  2⤵
  PID:9352
- C:\Windows\System\tPPgDpL.exe
  C:\Windows\System\tPPgDpL.exe
  2⤵
  PID:9272
- C:\Windows\System\nhRQYMM.exe
  C:\Windows\System\nhRQYMM.exe
  2⤵
  PID:9348
- C:\Windows\System\DpwYXJw.exe
  C:\Windows\System\DpwYXJw.exe
  2⤵
  PID:9444
- C:\Windows\System\UWzRZKI.exe
  C:\Windows\System\UWzRZKI.exe
  2⤵
  PID:9396
- C:\Windows\System\EpmpkHB.exe
  C:\Windows\System\EpmpkHB.exe
  2⤵
  PID:9528
- C:\Windows\System\QPXKbob.exe
  C:\Windows\System\QPXKbob.exe
  2⤵
  PID:9496
- C:\Windows\System\hmGtZcs.exe
  C:\Windows\System\hmGtZcs.exe
  2⤵
  PID:9448
- C:\Windows\System\TvBpXnv.exe
  C:\Windows\System\TvBpXnv.exe
  2⤵
  PID:9576
- C:\Windows\System\UcTqymP.exe
  C:\Windows\System\UcTqymP.exe
  2⤵
  PID:9608
- C:\Windows\System\mGryzXh.exe
  C:\Windows\System\mGryzXh.exe
  2⤵
  PID:9592
- C:\Windows\System\kbUDJZq.exe
  C:\Windows\System\kbUDJZq.exe
  2⤵
  PID:9684
- C:\Windows\System\BAggvXj.exe
  C:\Windows\System\BAggvXj.exe
  2⤵
  PID:9704
- C:\Windows\System\LtbXLzh.exe
  C:\Windows\System\LtbXLzh.exe
  2⤵
  PID:9752
- C:\Windows\System\giSjnST.exe
  C:\Windows\System\giSjnST.exe
  2⤵
  PID:9800
- C:\Windows\System\KyMHJDu.exe
  C:\Windows\System\KyMHJDu.exe
  2⤵
  PID:9784
- C:\Windows\System\pBHLAbE.exe
  C:\Windows\System\pBHLAbE.exe
  2⤵
  PID:9844
- C:\Windows\System\cKPtcpy.exe
  C:\Windows\System\cKPtcpy.exe
  2⤵
  PID:9928
- C:\Windows\System\Oftqtea.exe
  C:\Windows\System\Oftqtea.exe
  2⤵
  PID:9896
- C:\Windows\System\VQzejHY.exe
  C:\Windows\System\VQzejHY.exe
  2⤵
  PID:10024
- C:\Windows\System\DTzjTgE.exe
  C:\Windows\System\DTzjTgE.exe
  2⤵
  PID:10088
- C:\Windows\System\zohPDeH.exe
  C:\Windows\System\zohPDeH.exe
  2⤵
  PID:9916
- C:\Windows\System\MRpZgxX.exe
  C:\Windows\System\MRpZgxX.exe
  2⤵
  PID:10044
- C:\Windows\System\tCAHOXi.exe
  C:\Windows\System\tCAHOXi.exe
  2⤵
  PID:9948
- C:\Windows\System\MyVPxRk.exe
  C:\Windows\System\MyVPxRk.exe
  2⤵
  PID:10108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AXFfSzB.exe

Filesize
6.0MB

MD5
653bcd4c9e64a6e75598639766088351

SHA1
cc6a73fdfa99c297a7da8b01bf5483feb0b26288

SHA256
a68d2a23bc9cb10d3a95398381160de8b88f3adce10549fc327c03f880d0f04d

SHA512
838abeb174fa74dd527d443823f59b78c143082bcbf920eb32a864e66c6042fa4915176e85cb2fc48fbf89eb5a7583b38298dab7627f562cd07c20bcc2466d6e

Download Submit
C:\Windows\system\AlhrGAX.exe

Filesize
6.0MB

MD5
5c274a2d8e0ca914810d5d4c45b399b3

SHA1
7749dba056f82222a9f89b9481720602e5e76308

SHA256
2506bca1d678e7e7052a7f033bdac9090d579bd810a5e3f780ae8091e4e9bc0d

SHA512
9aa56c53548c25b6ca5370ba9b81ab8c69e6fd13be5fd471c63b301358596e371dd7f6dca38cff3bb163939ab50b05176811244220b0c29c8491820689cc2bfb

Download Submit
C:\Windows\system\BXwxfbN.exe

Filesize
6.0MB

MD5
6ae6734846b61c75579c7743fa836b13

SHA1
03d9093f32533542930228b407820982c6fd967b

SHA256
3aa3c555c98486759b2c28c604a3dc1c6b591cce9dacb555a5d2fa8f79a74022

SHA512
b51c8aea24d023edd3f03d0a2e4d1e6900b8c6b847bc46328d960f5a16d35c92965a371046d884632bc318a1097905f5265a55da3a1c38e8af4a8b7392807d26

Download Submit
C:\Windows\system\CuQHIxq.exe

Filesize
6.0MB

MD5
8e2371d4906659fb893a8436f48db44b

SHA1
7b82d3f7b286378f8debad8576b3987631b9a6c6

SHA256
0fd233cc7687f7327bdcb7e513f7ebca10be60646cc446d9b8bea8360781e89b

SHA512
d1adefee643c1e194feea68b92bc3281d1da64a458ec32811c4636282d43ba219111978ceea0b8ec815966006820933cfd31a7fcbd67dd7a0833003c47556320

Download Submit
C:\Windows\system\IOvUbtp.exe

Filesize
6.0MB

MD5
fe7745a923f9b5df173b9b3cf7bf4782

SHA1
ca34ad33d97309afefd8427ab7d3094006271820

SHA256
5cafc4254ded3e2f4a7a4e27b607ac6d0b298667fbf4ba634f5039b2c8072025

SHA512
9eb0f32d76a235c51a6eb75b77af815ecd291f4bd8a0c4123b0893f78a76dd754bda18b41bbf4322690c86ab7e7d09eb0673b3195638e718fa8a4b616fd23a46

Download Submit
C:\Windows\system\JlTeveG.exe

Filesize
6.0MB

MD5
bf20453ab6f66dda9a56031fe1c10061

SHA1
c7b6c59190172793b2c793f00b4ea806d52356e3

SHA256
f0464bdba3dfdff112bf3383680d1a563f7ce4b4d3e9fbd439e23d9bcffc032a

SHA512
9e1bca0bbe07240c20b8430e9a58ea198715d6bd82d231ff52abd454abb6cf073bb023d609b2c50f0eda91669f68cc6f206279692e5ae5393a4b89c9f9dbd04f

Download Submit
C:\Windows\system\MOUasaK.exe

Filesize
6.0MB

MD5
bc182491978305dc25be2e4482a09eb6

SHA1
baecf16ce3dafda203fe2a3750421d272f19a89d

SHA256
e7e2582394b32a2d17d88010ed40c2f94d00e30b15203d5c3e21865f480f9789

SHA512
bb8221475b9b1dabb2dfb038350d8a958eaaa7c7b094b69f83b541ce84c7b01deafed4a1f745026bdc48b285fe1c2c7bfcb6da3b316c24bb552116de2251e43b

Download Submit
C:\Windows\system\MhLqDZc.exe

Filesize
6.0MB

MD5
09b4c82485f8ab305eccf3c799e77482

SHA1
a80b1fa8725cf86c60e72e0b1115af8d2f43d883

SHA256
9e41ef9960dfe2eda241cd06a35a223e80b21ea04f96f8139a6baf00efbb0b71

SHA512
e5f513074ce05c2facc579619c875054931baf873cd70cf4f396fd7a759223b0e9231fe6382df22b2478277ef11de18f4c5dff354f4ace4199c89dcb25c54361

Download Submit
C:\Windows\system\MmWbaZz.exe

Filesize
6.0MB

MD5
429db26c692fcd1b86f86d7432a42441

SHA1
e5012f93de06d529973dd5ecf293ddd2b93fbc62

SHA256
a308846bbfe12f5ecbdf68728d941ae0d19db1571309321a3a5790496f9d80c7

SHA512
02d4cb5b81b2656d693eed7a8cb588b9ddda245f7add15e4f824bd1e96b0b2a3b49dfb626cc480d4a4c4c03a1c4d9c0ab9b4dd0e9ef10afd197b88d60ffc00f8

Download Submit
C:\Windows\system\MsBCECk.exe

Filesize
6.0MB

MD5
ff011ee185f5021608d66fad18ff244d

SHA1
798bc09687faa6d44abc232c8f70145152cc4553

SHA256
2c0fb49ba92901f787401bf3ba4bb6fda11549243c5b5db02f7f34ef418da4aa

SHA512
9d5d328205e2f3c97fc829453b134e1df373400a912a2c026b144de262bc50242dfdc9528d4f4665a79461f143dd49081db7f22c8a1c7c425a707139076a7ec0

Download Submit
C:\Windows\system\OpFjaYN.exe

Filesize
6.0MB

MD5
b85888d7bc49048a42de7e8d77fc7eb9

SHA1
7b35fce524bc97b032117a8c55d2ebeab34c2f97

SHA256
414a43052893a9bd48f706fe82a96b11d391d3d8a70f9e108ed1441c7e293379

SHA512
ad5fd8efadbd1b54bb07a2fcc8cfcfac9d7ab006964888f16140060d6008cdf4a57e1c692bab597b9ba39a5d44fe27febdda2aaac2661c748aec03ed25132c4c

Download Submit
C:\Windows\system\PUjLKqO.exe

Filesize
6.0MB

MD5
a599d2f42d94449228c36a3f9a977604

SHA1
e685d4cfd9d9ebd8e31b6452526c77ce8f016a39

SHA256
34b6b68bd81ad0aed3471321a24830533a8d4ba42a540f3cf25e1899cd864e70

SHA512
95c487a7eee95490607d45637cd67673027d73ad2699c813b99072b604aee4e5940548a39f7b0b173137dddb0230a1b5a862308f74fa6303aeb0ced249fe79ec

Download Submit
C:\Windows\system\PoaXRaT.exe

Filesize
6.0MB

MD5
1b4ace407006db9f17b95438293d6f4a

SHA1
f73117a24cddafccffbc4cff9bc579a74cd286b9

SHA256
beccfee73ccedc3796bb3f1c6d62694d166331fe4558214ab383b5c5522063fe

SHA512
40b0a18046bb83151fca3278465105bfdac7c7e7a8572dd47e950fec61980b2924b05c92108d7a9d62440d99d4e613b0c03c383ed64deef2e4779e34b2beec01

Download Submit
C:\Windows\system\SakYzOE.exe

Filesize
6.0MB

MD5
2f4c8d165316eb5e79de227c79161693

SHA1
8faa82e99f7b9044a8852f0e29aea6d696544899

SHA256
4d13294e6f754486d0f9f6ae4d8cdfbd9fbd5fd78b708eaee8ab0037befd4f95

SHA512
75e65e835735da6d39769a2a8d1f50ae101f3a267fb15c10debf2cdc7d694ae1699c3ba968faa0d1ce86f5b0aee8a09016f8dacee7f6af589e451ea0f82d6d77

Download Submit
C:\Windows\system\TeaIPex.exe

Filesize
6.0MB

MD5
3bcedf61aaef21f98d58ffb20d0f5c98

SHA1
607c4137e068c264e556bafa0715dfbb79917dfd

SHA256
6ff363cbc38a569c997a804a5825d33f91055fdc94c0a5c87bccbc1a99f96f81

SHA512
71d5ab25d7d3eb23151d9e68c457e471b1602635881e457a9981c4f66bf879f689b0b6b1a24614292604c130585c2081e3db89b9411963ef45e3d86a4b94e258

Download Submit
C:\Windows\system\WVlnfiY.exe

Filesize
6.0MB

MD5
b54d5545d675575072b0a1fe9449a55b

SHA1
1dd58c5a27337aa9c5b778e53973d844093d3d9b

SHA256
246b02b2c8b544bd03837b502083c314e21e1624a0b392e300abc54e34997a6b

SHA512
f6b333c9de73ed7f6c9b95b4cc7e38b430661d63622f43f15ba881ee3dad4d10f27ef8c72b8dfbbc50a54153392382e9ec4f7d43ed038a06a0971af1532c9612

Download Submit
C:\Windows\system\WXGvQLI.exe

Filesize
6.0MB

MD5
d974f4825302abfb6e38e546ccf51099

SHA1
f47797e36758918bd4a5cd500df953b4420f295e

SHA256
5cd01b1a3a47d4df2b14b73367aabf227efb7968d99726e191c9a149b8a3c8c9

SHA512
26bbc79bab55a37fe2282c26750b31913b32a9ad6f416bde9c0ae40d239208f424a44ca99eeb6a302cb8834a5f22d842ade975b9a5af68578d1c0088d7feeaa2

Download Submit
C:\Windows\system\WYxGfrp.exe

Filesize
6.0MB

MD5
9e178811b14c360b49192689769a9924

SHA1
c586316bbce53b3f2e7b6a14f8d37a30252aa36e

SHA256
15cfb4bf54098078b5b3115ba53ad812709636579f6b6a7dddf2e09da7684886

SHA512
994068377b06eb0ff5f426cc31f73c8ef6a74b64c9c7e7f8a7545646578aa919d9625333e63b404b4d940626d2e41e568c02b18962e003c814850edb0d8eebda

Download Submit
C:\Windows\system\WpDcdCp.exe

Filesize
6.0MB

MD5
efd5921feec73e0e674e1365d1feaaa6

SHA1
f08b2385534d2ea004983321e3985636bb02d436

SHA256
d9c9f164713a04c754483e8bba3ce3184546fe2299bd959a3d925416a8d3b7fe

SHA512
5bd9015f7eb40293aa03cca1bc00b3685729ee94252c48648bb4f8ee0b6b55dd46cdb5cff288795159e1f0c063fe0742abf6a59dfb437ac91c7e31a84d37815f

Download Submit
C:\Windows\system\WqVpJIL.exe

Filesize
6.0MB

MD5
b98e7e3ed8fd49e0705163d3378bdc27

SHA1
4f889271a6c3313bebe6a3645471e82bb8eaacc8

SHA256
eb31765af9aaf294cd1c8510585026e1c2c0565a80c52f584c46c8e7305771d4

SHA512
d948787bd6f874b5806c5f8115d8bdb08d98215e1fb5056829be4582c5128efa752cb04eeeb0afca20ddd7e526cc7a60096f3436c5e1742698e1cfe86fb20361

Download Submit
C:\Windows\system\aCUzXXm.exe

Filesize
6.0MB

MD5
86b19e4fabe4c5fa19f3652efb78a850

SHA1
4a3dbac433565850ac57c2c4c91b8390443b0ed6

SHA256
dda2c29ff3077a5f015b09084c636d71490d5621bb4cb115ff9d15b0d2f810b3

SHA512
330b4acc20ab84c8123c4c82688f2d8c8eda71f31a1bcd9c4b25a99ec34e97e038c5f94eada69a2e5826523d37298619d835c923986fd774d398c6541d4798d4

Download Submit
C:\Windows\system\apdRavt.exe

Filesize
6.0MB

MD5
7d12fa705a6b55ede30c3c21cd641558

SHA1
e1c49f0de03ea5c207cce12c673dafc3b2a41ab3

SHA256
206e7e12fe9ad2a02d5e3d1c25b3c72a1e8c17b5323f6d27dd6e1131bd75ad81

SHA512
853f2081c7c598065bca889c77184406f8d3ca930f1b126d5b933c28a2c8f4573027d1df49877deeb2cad7c51dd3e102ac68f918ecc468b7cb69c89ca2554d9e

Download Submit
C:\Windows\system\bOLmjCt.exe

Filesize
6.0MB

MD5
526bdb2f0e04601e0aab4416483768f6

SHA1
d3bda2213d8a1c85f1a8d5be6d1814087f9ea9c8

SHA256
466c6a6b5fcbbeb959c78a11bb2708cb381e5bb59486c45fa6bc8a3b3a41c187

SHA512
79f6f49144a3234321067256ad03265d88531e1fd554c78fa9962465ac6b03afb63c0eae0530243c93565dc29959b569f4c5edcb656ae8624d0bf3fb212d6b47

Download Submit
C:\Windows\system\dMesfbY.exe

Filesize
6.0MB

MD5
4938236c894c879f603e3471b27e771b

SHA1
cc43b7c0805e2d6145bb8baba1d17e77a1f8696d

SHA256
1d8d9c1540310fb42209b4413e18eb0222d32b5df52420d61788f7c248121c2f

SHA512
494cb23b3a6855fc799ef0eb39157ce3435bed99c341ae64ac8b06325dae00fe9441cb79b1d023b85cb7f74a2d52eb8cbc6669f0d2579e271efca56137d267ca

Download Submit
C:\Windows\system\eZKgICJ.exe

Filesize
6.0MB

MD5
58698109114f732a14169b8ecff71c29

SHA1
b6312d368debca5971a6a73c5a74cf2b296de6f8

SHA256
d740faa39c2a8e1d2f26c90edb7a4cc5c884e305c6b509c795221a638c29e0d2

SHA512
d43c8052498ef389c75b661232fde264fa363f59b0ec9ad1e1b7be8fa6a13b1cda72f2a1cd994e0b0781ed77e0033c452c10858dfcbe41805ad419882a39dc0b

Download Submit
C:\Windows\system\gKvodng.exe

Filesize
6.0MB

MD5
9bb5f4f6aa8ce01227ee47334c8b5094

SHA1
f50bcf7ef3397f9e9bbccedcfc19485d6e08506f

SHA256
9739a79e9837b35e77cc86dbc25e98e5211358d605b516b5af9bf9b1c9c60e1e

SHA512
d496974f37d45eca0f1f98d15b7711699585755674be26eb9b860035419cc74300c946bacccd60a429c8dd1734e6fe07e09ceca06b79d7ac2b70ed2cd71a8903

Download Submit
C:\Windows\system\iaEMByz.exe

Filesize
6.0MB

MD5
9688bdf4c3f8de67435a91dc09ea75ab

SHA1
effdadf3de70bc40cbd22004f64bf535583f5236

SHA256
a81e11e27d3647da93471c8575dd4836a0e651b7089516c2e49b23f73bc4589f

SHA512
8f6f9c4c73b21f5ddad59773280ca857ca2aadc7b3aada67517667778600d7acac5a7d45f6022fdab5344a347c56b2139bb8cb8f37a13f53d40c86baa389e302

Download Submit
C:\Windows\system\qBxmdHI.exe

Filesize
6.0MB

MD5
01202b885dca1827b8d72316d1ef4b14

SHA1
bd217262120c73a7f83b48e7b7bf284b346b6777

SHA256
36c0cefcc1159155a5ef27594f5707068e6596c12a9c4098bcfd137ee6600000

SHA512
0c0690a2cbfe6b0747f1c0432a16957a8dbb6761c3646909ba7b18d1747408b48b1c217c828105aa016e3fd3baf6d8c900a875654ca79be530264bce3ecbc717

Download Submit
C:\Windows\system\qQFrMlI.exe

Filesize
6.0MB

MD5
f94f3e5a0e30700a41874e00009d306f

SHA1
7eddb83b10627f5b134f2c5338cc1c656245eefa

SHA256
30310997205c7caaa6885dcf776a2fb1432c4b2689153d358110c8305a1eb33e

SHA512
0bfd005db5b80152e2feb41d97fe303098e110b1ffb0c412a754d2e9130afbbf2a2d0b03d67f2e8aba0019facaf4893ef9fbc27f76d990db56cc0e74c4feb2b2

Download Submit
C:\Windows\system\rWHxsgV.exe

Filesize
6.0MB

MD5
c8dad83a8b30af2b64c47035c2f006be

SHA1
efb36404834eafb808eee497e01039d9c82205db

SHA256
060795582977e855f6e3eb29b0cc5a75b33b16f6b27fd99e630e49a70e4ad573

SHA512
e941fb55970d44c25ac7fadf12ea5f6e3d3310ca515202745d2658d494297b42bc1d574f108496867d73f5dad0f50783a40a0245fa879c393e0b6012e682ba46

Download Submit
\Windows\system\ASouwfz.exe

Filesize
6.0MB

MD5
ea7ca030c4367410f9dd23dad1de0bcf

SHA1
139448520cc82f2884a5ac5c33355e02a9aee093

SHA256
db4c9a544a13eaec946da42219f99f68060455fe30c584280728f89565307864

SHA512
b0d2e685eb6ec661357aba0b97af6a73a6108612eaff0e7eb84214479b0f6ea9e95e08d8e9abf07b24ec8a08af03ebf8d1d81769cb415e5ad9472a1fafa013dd

Download Submit
\Windows\system\pbbzWcm.exe

Filesize
6.0MB

MD5
7cdef0b84282876ce28c8052b20bf8d1

SHA1
78a27aa4a920894e54c98da46b09983f303ec299

SHA256
d0d88de0b4318832d1d408a921b497659630c5faff287ade004ae28b50c2ad95

SHA512
14a288172e0345b1f09d6927f9d196f600e606dea714ca07a9c153c425df4d9f712686a86bc31f1a88a0e28d20933b5b1709bcd1a20ef8249c93ffeccb4b166d

Download Submit
\Windows\system\xNZnwra.exe

Filesize
6.0MB

MD5
d83b4a678ab94e39e829c6aeb6e9ef65

SHA1
91dfffbd8bb3b41eb2fcd8a823e0883340f17a32

SHA256
ba293dc7a4a03035462e951e95b7812435c41f53c92cdeea328347826bab4550

SHA512
705eaffbba8dc8b549c8407fcdb90f5440d7e7f33287a7fc92d52e9f5b9eadf6d80f50052cd7ec65be7c754e9d4479373bec8408b18697119583ee4cb2e92f05

Download Submit
memory/572-668-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/572-4144-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/772-666-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/772-3900-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/836-4107-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/836-672-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/1616-664-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/1616-4112-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-654-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/1656-4180-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2176-674-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2176-4174-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2288-662-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2288-3894-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2644-658-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3885-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2656-4106-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-652-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-4142-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-656-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-4115-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2748-660-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2752-4116-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2752-92-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2836-667-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2836-675-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-665-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-661-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2836-669-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2836-671-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2836-673-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2836-12-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2836-663-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-676-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2836-659-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-677-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-1905-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-657-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2836-655-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-653-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2836-0-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-93-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2884-3889-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2940-4143-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-670-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download