cobaltstrike | d7b10aa70001de1c4cddd0a5544d710de2c4df0cade380dabd21d09905350070

Analysis

max time kernel
148s
max time network
126s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
31-12-2024 00:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

8c156b577787306486e274676ea3fc7a
SHA1

2d9d054cfdb89ee0a11fcd92f5595e1e6b6bcc54
SHA256

d7b10aa70001de1c4cddd0a5544d710de2c4df0cade380dabd21d09905350070
SHA512

08b22f990d79df1f721405e18dd4a9ea2a562cf42c5561aed207b2361065c8ede515d9f65f317ddebfdae8760bcde7b1b2955ae546c7a1321f82a5f625ff3998
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUt:T+q56utgpPF8u/7t

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001225c-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019394-11.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193b8-15.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019470-17.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019480-25.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019489-30.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001948c-36.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000195b3-45.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a049-50.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a309-60.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f6-70.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3fd-81.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44d-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44f-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a475-185.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a477-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a471-179.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a473-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46d-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46b-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a469-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a459-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a457-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a438-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a404-127.dat	cobalt_reflective_dll
behavioral1/files/0x002f000000018bd7-106.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a400-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f8-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ab-65.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b6-55.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019490-41.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3012-0-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x000a00000001225c-6.dat	xmrig
behavioral1/files/0x0008000000019394-11.dat	xmrig
behavioral1/files/0x00070000000193b8-15.dat	xmrig
behavioral1/files/0x0006000000019470-17.dat	xmrig
behavioral1/files/0x0006000000019480-25.dat	xmrig
behavioral1/files/0x0006000000019489-30.dat	xmrig
behavioral1/files/0x000800000001948c-36.dat	xmrig
behavioral1/files/0x00070000000195b3-45.dat	xmrig
behavioral1/files/0x000500000001a049-50.dat	xmrig
behavioral1/files/0x000500000001a309-60.dat	xmrig
behavioral1/files/0x000500000001a3f6-70.dat	xmrig
behavioral1/files/0x000500000001a3fd-81.dat	xmrig
behavioral1/memory/2516-119-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x000500000001a44d-134.dat	xmrig
behavioral1/files/0x000500000001a44f-138.dat	xmrig
behavioral1/memory/3012-515-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x000500000001a475-185.dat	xmrig
behavioral1/files/0x000500000001a477-188.dat	xmrig
behavioral1/files/0x000500000001a471-179.dat	xmrig
behavioral1/files/0x000500000001a473-183.dat	xmrig
behavioral1/files/0x000500000001a46d-169.dat	xmrig
behavioral1/files/0x000500000001a46f-173.dat	xmrig
behavioral1/files/0x000500000001a46b-163.dat	xmrig
behavioral1/files/0x000500000001a469-159.dat	xmrig
behavioral1/files/0x000500000001a463-153.dat	xmrig
behavioral1/files/0x000500000001a459-148.dat	xmrig
behavioral1/files/0x000500000001a457-143.dat	xmrig
behavioral1/files/0x000500000001a438-129.dat	xmrig
behavioral1/files/0x000500000001a404-127.dat	xmrig
behavioral1/memory/1888-124-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/3012-123-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2796-101-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/3012-100-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/3016-99-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2776-98-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/3012-97-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2904-96-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/3012-95-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/memory/3012-118-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/628-117-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/3012-116-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2368-115-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2884-113-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/3012-112-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2788-111-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2876-109-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/3012-108-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2932-107-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/files/0x002f000000018bd7-106.dat	xmrig
behavioral1/memory/3012-104-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/memory/2172-91-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/3012-90-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/3032-89-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a400-86.dat	xmrig
behavioral1/files/0x000500000001a3f8-75.dat	xmrig
behavioral1/files/0x000500000001a3ab-65.dat	xmrig
behavioral1/files/0x000500000001a0b6-55.dat	xmrig
behavioral1/files/0x0007000000019490-41.dat	xmrig
behavioral1/memory/2516-1651-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2788-1624-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2368-1640-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/628-1633-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2876-1612-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1888	VmYICfp.exe
3032	ppuCaXO.exe
2172	dvbWlFG.exe
2904	VcIatrv.exe
2776	QawAVRD.exe
3016	dzBxPOl.exe
2796	xyqDxxn.exe
2932	AuerxVq.exe
2876	OWAzsbm.exe
2788	bzKhndn.exe
2884	GyCHHQn.exe
2368	jhxgpJR.exe
628	PJtqkJR.exe
2516	SIfzJGd.exe
1772	ohjRzri.exe
1212	adSUQNp.exe
2280	RsTDivX.exe
2348	syXttEB.exe
2956	UEpPsif.exe
1672	ZduoXAF.exe
1000	aQUhcYc.exe
436	mrfrjTS.exe
2468	fSBFwUb.exe
1928	ydrdZER.exe
2496	QbDcphZ.exe
2384	DQmMMeC.exe
1884	OxtKJCJ.exe
1840	ZVICYkF.exe
1972	iKkiVUU.exe
840	LUshjhD.exe
584	NuxSUux.exe
1604	UKZASCr.exe
1768	RQnKJOa.exe
1620	qzQaAUy.exe
1560	cePIlme.exe
2636	jFzDIQE.exe
1268	NKcNfoa.exe
2952	dDGKWmR.exe
1656	XTURYLa.exe
236	FDOAwZi.exe
1760	vaRFtLA.exe
1796	XTpmnIH.exe
1568	RLUCasP.exe
1112	DzBmQyt.exe
1660	kVNGJSx.exe
1936	BmKzXjA.exe
2576	HJZLREj.exe
784	mbqTwSP.exe
880	ZfwqYxs.exe
1508	UCKOvUR.exe
2116	iANSeoL.exe
1720	SeFWgoz.exe
1228	Dzbvprv.exe
2892	YOTLfYi.exe
2224	zMeeSSm.exe
2924	QLygtDD.exe
2296	wEHKQhU.exe
2228	SqUucjI.exe
2840	SXudOBN.exe
1816	dtFgMcy.exe
1732	rNMCMKn.exe
928	xATrYSO.exe
2044	reFfDXQ.exe
1624	lqYyNTR.exe

Loads dropped DLL 64 IoCs

pid	Process
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3012-0-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x000a00000001225c-6.dat	upx
behavioral1/files/0x0008000000019394-11.dat	upx
behavioral1/files/0x00070000000193b8-15.dat	upx
behavioral1/files/0x0006000000019470-17.dat	upx
behavioral1/files/0x0006000000019480-25.dat	upx
behavioral1/files/0x0006000000019489-30.dat	upx
behavioral1/files/0x000800000001948c-36.dat	upx
behavioral1/files/0x00070000000195b3-45.dat	upx
behavioral1/files/0x000500000001a049-50.dat	upx
behavioral1/files/0x000500000001a309-60.dat	upx
behavioral1/files/0x000500000001a3f6-70.dat	upx
behavioral1/files/0x000500000001a3fd-81.dat	upx
behavioral1/memory/2516-119-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x000500000001a44d-134.dat	upx
behavioral1/files/0x000500000001a44f-138.dat	upx
behavioral1/memory/3012-515-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x000500000001a475-185.dat	upx
behavioral1/files/0x000500000001a477-188.dat	upx
behavioral1/files/0x000500000001a471-179.dat	upx
behavioral1/files/0x000500000001a473-183.dat	upx
behavioral1/files/0x000500000001a46d-169.dat	upx
behavioral1/files/0x000500000001a46f-173.dat	upx
behavioral1/files/0x000500000001a46b-163.dat	upx
behavioral1/files/0x000500000001a469-159.dat	upx
behavioral1/files/0x000500000001a463-153.dat	upx
behavioral1/files/0x000500000001a459-148.dat	upx
behavioral1/files/0x000500000001a457-143.dat	upx
behavioral1/files/0x000500000001a438-129.dat	upx
behavioral1/files/0x000500000001a404-127.dat	upx
behavioral1/memory/1888-124-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2796-101-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/3016-99-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2776-98-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2904-96-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/628-117-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2368-115-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2884-113-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2788-111-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2876-109-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2932-107-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/files/0x002f000000018bd7-106.dat	upx
behavioral1/memory/2172-91-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/3032-89-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/files/0x000500000001a400-86.dat	upx
behavioral1/files/0x000500000001a3f8-75.dat	upx
behavioral1/files/0x000500000001a3ab-65.dat	upx
behavioral1/files/0x000500000001a0b6-55.dat	upx
behavioral1/files/0x0007000000019490-41.dat	upx
behavioral1/memory/2516-1651-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2788-1624-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2368-1640-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/628-1633-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2876-1612-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2884-1627-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2932-1608-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/3016-1600-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2796-1598-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/3032-1596-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2904-1595-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2776-1594-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2172-1590-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/1888-1585-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ohNNbrO.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LWYwSnX.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lwSXKtS.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\idDJKwQ.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SIFoCYv.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VDFuNur.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tNLgRTQ.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mvUoTkx.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gPISnwV.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AckcRtp.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GDsBnlK.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gBafSLn.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GuDijGg.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RXqGuxC.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JebbjwY.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UKZASCr.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rFkkpsY.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dDCqlVg.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NoxlmEe.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NpbBrfS.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IMbgYGQ.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zIHNyOU.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TnVEqcB.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LqmSpVt.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GsCXXhI.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JpEPCnX.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ppuCaXO.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Dzbvprv.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lqYyNTR.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SiJQEsx.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TYqHbWz.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EreCYrH.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oXflcFC.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MDnCcTC.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dYYRIMF.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nVAdCyA.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bIlNdTb.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BJKmMvE.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LAptZIH.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JbqgLew.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fROZsdS.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fgPCPLa.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SJCzyvm.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jAenhzd.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RkrXGzi.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qyTYcAU.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GxiyoLs.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\joOtZDz.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IRURlid.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FHBaPnS.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IsExOdH.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PldieGZ.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UiliQCZ.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cWlEPsq.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nJHUurZ.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AhCpBBL.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zfAlubH.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ALIfElO.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\heMIvjs.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EkNiTmd.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zCyPEHO.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TPycypa.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FHxKUTp.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\syXttEB.exe	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 1888	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3012 wrote to memory of 1888	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3012 wrote to memory of 1888	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3012 wrote to memory of 3032	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3012 wrote to memory of 3032	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3012 wrote to memory of 3032	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3012 wrote to memory of 2172	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3012 wrote to memory of 2172	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3012 wrote to memory of 2172	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3012 wrote to memory of 2904	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3012 wrote to memory of 2904	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3012 wrote to memory of 2904	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3012 wrote to memory of 2776	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3012 wrote to memory of 2776	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3012 wrote to memory of 2776	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3012 wrote to memory of 3016	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3012 wrote to memory of 3016	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3012 wrote to memory of 3016	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3012 wrote to memory of 2796	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3012 wrote to memory of 2796	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3012 wrote to memory of 2796	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3012 wrote to memory of 2932	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3012 wrote to memory of 2932	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3012 wrote to memory of 2932	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3012 wrote to memory of 2876	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3012 wrote to memory of 2876	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3012 wrote to memory of 2876	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3012 wrote to memory of 2788	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3012 wrote to memory of 2788	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3012 wrote to memory of 2788	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3012 wrote to memory of 2884	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3012 wrote to memory of 2884	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3012 wrote to memory of 2884	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3012 wrote to memory of 2368	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3012 wrote to memory of 2368	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3012 wrote to memory of 2368	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3012 wrote to memory of 628	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3012 wrote to memory of 628	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3012 wrote to memory of 628	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3012 wrote to memory of 2516	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3012 wrote to memory of 2516	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3012 wrote to memory of 2516	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3012 wrote to memory of 1772	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3012 wrote to memory of 1772	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3012 wrote to memory of 1772	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3012 wrote to memory of 1212	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3012 wrote to memory of 1212	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3012 wrote to memory of 1212	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3012 wrote to memory of 2280	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3012 wrote to memory of 2280	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3012 wrote to memory of 2280	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3012 wrote to memory of 2956	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3012 wrote to memory of 2956	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3012 wrote to memory of 2956	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3012 wrote to memory of 2348	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3012 wrote to memory of 2348	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3012 wrote to memory of 2348	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3012 wrote to memory of 1672	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3012 wrote to memory of 1672	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3012 wrote to memory of 1672	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3012 wrote to memory of 1000	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3012 wrote to memory of 1000	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3012 wrote to memory of 1000	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3012 wrote to memory of 436	3012	2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-31_8c156b577787306486e274676ea3fc7a_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Windows\System\VmYICfp.exe
  C:\Windows\System\VmYICfp.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\ppuCaXO.exe
  C:\Windows\System\ppuCaXO.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\dvbWlFG.exe
  C:\Windows\System\dvbWlFG.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\VcIatrv.exe
  C:\Windows\System\VcIatrv.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\QawAVRD.exe
  C:\Windows\System\QawAVRD.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\dzBxPOl.exe
  C:\Windows\System\dzBxPOl.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\xyqDxxn.exe
  C:\Windows\System\xyqDxxn.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\AuerxVq.exe
  C:\Windows\System\AuerxVq.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\OWAzsbm.exe
  C:\Windows\System\OWAzsbm.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\bzKhndn.exe
  C:\Windows\System\bzKhndn.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\GyCHHQn.exe
  C:\Windows\System\GyCHHQn.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\jhxgpJR.exe
  C:\Windows\System\jhxgpJR.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\PJtqkJR.exe
  C:\Windows\System\PJtqkJR.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\SIfzJGd.exe
  C:\Windows\System\SIfzJGd.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\ohjRzri.exe
  C:\Windows\System\ohjRzri.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\adSUQNp.exe
  C:\Windows\System\adSUQNp.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\RsTDivX.exe
  C:\Windows\System\RsTDivX.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\UEpPsif.exe
  C:\Windows\System\UEpPsif.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\syXttEB.exe
  C:\Windows\System\syXttEB.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\ZduoXAF.exe
  C:\Windows\System\ZduoXAF.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\aQUhcYc.exe
  C:\Windows\System\aQUhcYc.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\mrfrjTS.exe
  C:\Windows\System\mrfrjTS.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\fSBFwUb.exe
  C:\Windows\System\fSBFwUb.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\ydrdZER.exe
  C:\Windows\System\ydrdZER.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\QbDcphZ.exe
  C:\Windows\System\QbDcphZ.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\DQmMMeC.exe
  C:\Windows\System\DQmMMeC.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\OxtKJCJ.exe
  C:\Windows\System\OxtKJCJ.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\ZVICYkF.exe
  C:\Windows\System\ZVICYkF.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\iKkiVUU.exe
  C:\Windows\System\iKkiVUU.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\LUshjhD.exe
  C:\Windows\System\LUshjhD.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\NuxSUux.exe
  C:\Windows\System\NuxSUux.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\RQnKJOa.exe
  C:\Windows\System\RQnKJOa.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\UKZASCr.exe
  C:\Windows\System\UKZASCr.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\cePIlme.exe
  C:\Windows\System\cePIlme.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\qzQaAUy.exe
  C:\Windows\System\qzQaAUy.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\jFzDIQE.exe
  C:\Windows\System\jFzDIQE.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\NKcNfoa.exe
  C:\Windows\System\NKcNfoa.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\dDGKWmR.exe
  C:\Windows\System\dDGKWmR.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\XTURYLa.exe
  C:\Windows\System\XTURYLa.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\RLUCasP.exe
  C:\Windows\System\RLUCasP.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\FDOAwZi.exe
  C:\Windows\System\FDOAwZi.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\DzBmQyt.exe
  C:\Windows\System\DzBmQyt.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\vaRFtLA.exe
  C:\Windows\System\vaRFtLA.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\HJZLREj.exe
  C:\Windows\System\HJZLREj.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\XTpmnIH.exe
  C:\Windows\System\XTpmnIH.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\mbqTwSP.exe
  C:\Windows\System\mbqTwSP.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\kVNGJSx.exe
  C:\Windows\System\kVNGJSx.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\ZfwqYxs.exe
  C:\Windows\System\ZfwqYxs.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\BmKzXjA.exe
  C:\Windows\System\BmKzXjA.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\UCKOvUR.exe
  C:\Windows\System\UCKOvUR.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\iANSeoL.exe
  C:\Windows\System\iANSeoL.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\SeFWgoz.exe
  C:\Windows\System\SeFWgoz.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\Dzbvprv.exe
  C:\Windows\System\Dzbvprv.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\YOTLfYi.exe
  C:\Windows\System\YOTLfYi.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\zMeeSSm.exe
  C:\Windows\System\zMeeSSm.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\QLygtDD.exe
  C:\Windows\System\QLygtDD.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\wEHKQhU.exe
  C:\Windows\System\wEHKQhU.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\SqUucjI.exe
  C:\Windows\System\SqUucjI.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\SXudOBN.exe
  C:\Windows\System\SXudOBN.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\dtFgMcy.exe
  C:\Windows\System\dtFgMcy.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\rNMCMKn.exe
  C:\Windows\System\rNMCMKn.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\xATrYSO.exe
  C:\Windows\System\xATrYSO.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\reFfDXQ.exe
  C:\Windows\System\reFfDXQ.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\lqYyNTR.exe
  C:\Windows\System\lqYyNTR.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\nokNJFp.exe
  C:\Windows\System\nokNJFp.exe
  2⤵
  PID:944
- C:\Windows\System\SCozFMu.exe
  C:\Windows\System\SCozFMu.exe
  2⤵
  PID:1192
- C:\Windows\System\VSSiZiN.exe
  C:\Windows\System\VSSiZiN.exe
  2⤵
  PID:2336
- C:\Windows\System\CpZxPmd.exe
  C:\Windows\System\CpZxPmd.exe
  2⤵
  PID:2176
- C:\Windows\System\YykJxqD.exe
  C:\Windows\System\YykJxqD.exe
  2⤵
  PID:772
- C:\Windows\System\JBCPBGi.exe
  C:\Windows\System\JBCPBGi.exe
  2⤵
  PID:1020
- C:\Windows\System\kyvvGUM.exe
  C:\Windows\System\kyvvGUM.exe
  2⤵
  PID:1668
- C:\Windows\System\byebxJC.exe
  C:\Windows\System\byebxJC.exe
  2⤵
  PID:956
- C:\Windows\System\apMHJXx.exe
  C:\Windows\System\apMHJXx.exe
  2⤵
  PID:1580
- C:\Windows\System\WErWbnv.exe
  C:\Windows\System\WErWbnv.exe
  2⤵
  PID:2820
- C:\Windows\System\HBgIvdG.exe
  C:\Windows\System\HBgIvdG.exe
  2⤵
  PID:672
- C:\Windows\System\uMvkchy.exe
  C:\Windows\System\uMvkchy.exe
  2⤵
  PID:1992
- C:\Windows\System\iNPrbLo.exe
  C:\Windows\System\iNPrbLo.exe
  2⤵
  PID:2124
- C:\Windows\System\jeRfzPQ.exe
  C:\Windows\System\jeRfzPQ.exe
  2⤵
  PID:2272
- C:\Windows\System\ujfGQjv.exe
  C:\Windows\System\ujfGQjv.exe
  2⤵
  PID:692
- C:\Windows\System\UXzrjWT.exe
  C:\Windows\System\UXzrjWT.exe
  2⤵
  PID:2992
- C:\Windows\System\IOiZMVR.exe
  C:\Windows\System\IOiZMVR.exe
  2⤵
  PID:1820
- C:\Windows\System\dqOLVEU.exe
  C:\Windows\System\dqOLVEU.exe
  2⤵
  PID:2624
- C:\Windows\System\pzLFVZv.exe
  C:\Windows\System\pzLFVZv.exe
  2⤵
  PID:1628
- C:\Windows\System\KMRSbiH.exe
  C:\Windows\System\KMRSbiH.exe
  2⤵
  PID:1252
- C:\Windows\System\gXloFww.exe
  C:\Windows\System\gXloFww.exe
  2⤵
  PID:2620
- C:\Windows\System\PtTOdjR.exe
  C:\Windows\System\PtTOdjR.exe
  2⤵
  PID:2536
- C:\Windows\System\jXyULgC.exe
  C:\Windows\System\jXyULgC.exe
  2⤵
  PID:2792
- C:\Windows\System\BFCbvVt.exe
  C:\Windows\System\BFCbvVt.exe
  2⤵
  PID:2844
- C:\Windows\System\nLAzmfS.exe
  C:\Windows\System\nLAzmfS.exe
  2⤵
  PID:2356
- C:\Windows\System\TXDIfmE.exe
  C:\Windows\System\TXDIfmE.exe
  2⤵
  PID:2748
- C:\Windows\System\LqmSpVt.exe
  C:\Windows\System\LqmSpVt.exe
  2⤵
  PID:2232
- C:\Windows\System\zqiAkZN.exe
  C:\Windows\System\zqiAkZN.exe
  2⤵
  PID:2604
- C:\Windows\System\qqzmyPc.exe
  C:\Windows\System\qqzmyPc.exe
  2⤵
  PID:2292
- C:\Windows\System\LjnkGhk.exe
  C:\Windows\System\LjnkGhk.exe
  2⤵
  PID:1984
- C:\Windows\System\xlZQtXc.exe
  C:\Windows\System\xlZQtXc.exe
  2⤵
  PID:676
- C:\Windows\System\yGNGhbf.exe
  C:\Windows\System\yGNGhbf.exe
  2⤵
  PID:2264
- C:\Windows\System\qWFyOTw.exe
  C:\Windows\System\qWFyOTw.exe
  2⤵
  PID:1448
- C:\Windows\System\LDPrHPq.exe
  C:\Windows\System\LDPrHPq.exe
  2⤵
  PID:832
- C:\Windows\System\nZOsHOU.exe
  C:\Windows\System\nZOsHOU.exe
  2⤵
  PID:2720
- C:\Windows\System\FgJvAbg.exe
  C:\Windows\System\FgJvAbg.exe
  2⤵
  PID:3080
- C:\Windows\System\AUYWbCj.exe
  C:\Windows\System\AUYWbCj.exe
  2⤵
  PID:3100
- C:\Windows\System\BXxdOFo.exe
  C:\Windows\System\BXxdOFo.exe
  2⤵
  PID:3120
- C:\Windows\System\QPggRzq.exe
  C:\Windows\System\QPggRzq.exe
  2⤵
  PID:3136
- C:\Windows\System\iyHztIG.exe
  C:\Windows\System\iyHztIG.exe
  2⤵
  PID:3164
- C:\Windows\System\EGOflft.exe
  C:\Windows\System\EGOflft.exe
  2⤵
  PID:3184
- C:\Windows\System\xpvPAWu.exe
  C:\Windows\System\xpvPAWu.exe
  2⤵
  PID:3204
- C:\Windows\System\cTfWyqs.exe
  C:\Windows\System\cTfWyqs.exe
  2⤵
  PID:3224
- C:\Windows\System\BJWpoxI.exe
  C:\Windows\System\BJWpoxI.exe
  2⤵
  PID:3244
- C:\Windows\System\UiliQCZ.exe
  C:\Windows\System\UiliQCZ.exe
  2⤵
  PID:3264
- C:\Windows\System\WZTaGha.exe
  C:\Windows\System\WZTaGha.exe
  2⤵
  PID:3284
- C:\Windows\System\nmCMkZZ.exe
  C:\Windows\System\nmCMkZZ.exe
  2⤵
  PID:3308
- C:\Windows\System\jXxxHkK.exe
  C:\Windows\System\jXxxHkK.exe
  2⤵
  PID:3328
- C:\Windows\System\taiBjdU.exe
  C:\Windows\System\taiBjdU.exe
  2⤵
  PID:3348
- C:\Windows\System\nbJPefN.exe
  C:\Windows\System\nbJPefN.exe
  2⤵
  PID:3368
- C:\Windows\System\xRPndBY.exe
  C:\Windows\System\xRPndBY.exe
  2⤵
  PID:3388
- C:\Windows\System\cDJpmxT.exe
  C:\Windows\System\cDJpmxT.exe
  2⤵
  PID:3408
- C:\Windows\System\hQliCmM.exe
  C:\Windows\System\hQliCmM.exe
  2⤵
  PID:3428
- C:\Windows\System\hKUPbkL.exe
  C:\Windows\System\hKUPbkL.exe
  2⤵
  PID:3448
- C:\Windows\System\iaKjvbZ.exe
  C:\Windows\System\iaKjvbZ.exe
  2⤵
  PID:3468
- C:\Windows\System\cXnXLgr.exe
  C:\Windows\System\cXnXLgr.exe
  2⤵
  PID:3488
- C:\Windows\System\psjXlsV.exe
  C:\Windows\System\psjXlsV.exe
  2⤵
  PID:3508
- C:\Windows\System\Ruxeztf.exe
  C:\Windows\System\Ruxeztf.exe
  2⤵
  PID:3528
- C:\Windows\System\gGPFWme.exe
  C:\Windows\System\gGPFWme.exe
  2⤵
  PID:3548
- C:\Windows\System\dCOGcqm.exe
  C:\Windows\System\dCOGcqm.exe
  2⤵
  PID:3572
- C:\Windows\System\gBKoAdu.exe
  C:\Windows\System\gBKoAdu.exe
  2⤵
  PID:3592
- C:\Windows\System\nAEFPCL.exe
  C:\Windows\System\nAEFPCL.exe
  2⤵
  PID:3616
- C:\Windows\System\zDGCiam.exe
  C:\Windows\System\zDGCiam.exe
  2⤵
  PID:3636
- C:\Windows\System\dJeiKLf.exe
  C:\Windows\System\dJeiKLf.exe
  2⤵
  PID:3656
- C:\Windows\System\dqpbvNl.exe
  C:\Windows\System\dqpbvNl.exe
  2⤵
  PID:3672
- C:\Windows\System\yfvwNOB.exe
  C:\Windows\System\yfvwNOB.exe
  2⤵
  PID:3696
- C:\Windows\System\kUKWiVD.exe
  C:\Windows\System\kUKWiVD.exe
  2⤵
  PID:3716
- C:\Windows\System\RCcysrQ.exe
  C:\Windows\System\RCcysrQ.exe
  2⤵
  PID:3736
- C:\Windows\System\uRNLhOy.exe
  C:\Windows\System\uRNLhOy.exe
  2⤵
  PID:3756
- C:\Windows\System\SUpDmUP.exe
  C:\Windows\System\SUpDmUP.exe
  2⤵
  PID:3776
- C:\Windows\System\DqmUiVF.exe
  C:\Windows\System\DqmUiVF.exe
  2⤵
  PID:3796
- C:\Windows\System\pMPSPpo.exe
  C:\Windows\System\pMPSPpo.exe
  2⤵
  PID:3816
- C:\Windows\System\bkvxoXz.exe
  C:\Windows\System\bkvxoXz.exe
  2⤵
  PID:3836
- C:\Windows\System\wrhXoaC.exe
  C:\Windows\System\wrhXoaC.exe
  2⤵
  PID:3856
- C:\Windows\System\zbShNmw.exe
  C:\Windows\System\zbShNmw.exe
  2⤵
  PID:3876
- C:\Windows\System\rMHaWnm.exe
  C:\Windows\System\rMHaWnm.exe
  2⤵
  PID:3896
- C:\Windows\System\pfshjdl.exe
  C:\Windows\System\pfshjdl.exe
  2⤵
  PID:3916
- C:\Windows\System\FIlZdUC.exe
  C:\Windows\System\FIlZdUC.exe
  2⤵
  PID:3944
- C:\Windows\System\ebOBcNt.exe
  C:\Windows\System\ebOBcNt.exe
  2⤵
  PID:3968
- C:\Windows\System\SQYZDnq.exe
  C:\Windows\System\SQYZDnq.exe
  2⤵
  PID:3988
- C:\Windows\System\scjwCej.exe
  C:\Windows\System\scjwCej.exe
  2⤵
  PID:4004
- C:\Windows\System\NfTOvzj.exe
  C:\Windows\System\NfTOvzj.exe
  2⤵
  PID:4024
- C:\Windows\System\ewqVLDH.exe
  C:\Windows\System\ewqVLDH.exe
  2⤵
  PID:4044
- C:\Windows\System\srleWSK.exe
  C:\Windows\System\srleWSK.exe
  2⤵
  PID:4068
- C:\Windows\System\GWCCGdq.exe
  C:\Windows\System\GWCCGdq.exe
  2⤵
  PID:4092
- C:\Windows\System\mcaLCmE.exe
  C:\Windows\System\mcaLCmE.exe
  2⤵
  PID:1676
- C:\Windows\System\VpybkDu.exe
  C:\Windows\System\VpybkDu.exe
  2⤵
  PID:768
- C:\Windows\System\vEZwbHM.exe
  C:\Windows\System\vEZwbHM.exe
  2⤵
  PID:1632
- C:\Windows\System\aLEzCoA.exe
  C:\Windows\System\aLEzCoA.exe
  2⤵
  PID:1648
- C:\Windows\System\eUPEHMI.exe
  C:\Windows\System\eUPEHMI.exe
  2⤵
  PID:3068
- C:\Windows\System\safOSQg.exe
  C:\Windows\System\safOSQg.exe
  2⤵
  PID:1744
- C:\Windows\System\RHGgjlt.exe
  C:\Windows\System\RHGgjlt.exe
  2⤵
  PID:1060
- C:\Windows\System\URHtgex.exe
  C:\Windows\System\URHtgex.exe
  2⤵
  PID:652
- C:\Windows\System\DzzJdOS.exe
  C:\Windows\System\DzzJdOS.exe
  2⤵
  PID:1148
- C:\Windows\System\uArwVWU.exe
  C:\Windows\System\uArwVWU.exe
  2⤵
  PID:1764
- C:\Windows\System\aCLafZB.exe
  C:\Windows\System\aCLafZB.exe
  2⤵
  PID:1964
- C:\Windows\System\RKQhWTa.exe
  C:\Windows\System\RKQhWTa.exe
  2⤵
  PID:908
- C:\Windows\System\JSYWdxM.exe
  C:\Windows\System\JSYWdxM.exe
  2⤵
  PID:1444
- C:\Windows\System\EenxnMB.exe
  C:\Windows\System\EenxnMB.exe
  2⤵
  PID:3116
- C:\Windows\System\cotNvwd.exe
  C:\Windows\System\cotNvwd.exe
  2⤵
  PID:3156
- C:\Windows\System\mEVbUpv.exe
  C:\Windows\System\mEVbUpv.exe
  2⤵
  PID:3172
- C:\Windows\System\bIlNdTb.exe
  C:\Windows\System\bIlNdTb.exe
  2⤵
  PID:3196
- C:\Windows\System\igmcliz.exe
  C:\Windows\System\igmcliz.exe
  2⤵
  PID:3232
- C:\Windows\System\mjiwVhf.exe
  C:\Windows\System\mjiwVhf.exe
  2⤵
  PID:3272
- C:\Windows\System\LCIcorY.exe
  C:\Windows\System\LCIcorY.exe
  2⤵
  PID:3276
- C:\Windows\System\fepQmMC.exe
  C:\Windows\System\fepQmMC.exe
  2⤵
  PID:3296
- C:\Windows\System\vzJLkBS.exe
  C:\Windows\System\vzJLkBS.exe
  2⤵
  PID:3364
- C:\Windows\System\UJNKycZ.exe
  C:\Windows\System\UJNKycZ.exe
  2⤵
  PID:3340
- C:\Windows\System\YYZdLtV.exe
  C:\Windows\System\YYZdLtV.exe
  2⤵
  PID:3380
- C:\Windows\System\XsSCEDt.exe
  C:\Windows\System\XsSCEDt.exe
  2⤵
  PID:3436
- C:\Windows\System\XsekVjs.exe
  C:\Windows\System\XsekVjs.exe
  2⤵
  PID:3456
- C:\Windows\System\YFaXYzb.exe
  C:\Windows\System\YFaXYzb.exe
  2⤵
  PID:3484
- C:\Windows\System\hrIaGZQ.exe
  C:\Windows\System\hrIaGZQ.exe
  2⤵
  PID:3524
- C:\Windows\System\ZYMwHuT.exe
  C:\Windows\System\ZYMwHuT.exe
  2⤵
  PID:3500
- C:\Windows\System\UIBpNnT.exe
  C:\Windows\System\UIBpNnT.exe
  2⤵
  PID:3564
- C:\Windows\System\apGGaNs.exe
  C:\Windows\System\apGGaNs.exe
  2⤵
  PID:3712
- C:\Windows\System\GgusZhD.exe
  C:\Windows\System\GgusZhD.exe
  2⤵
  PID:3744
- C:\Windows\System\YkoZRag.exe
  C:\Windows\System\YkoZRag.exe
  2⤵
  PID:3804
- C:\Windows\System\KwtNEUl.exe
  C:\Windows\System\KwtNEUl.exe
  2⤵
  PID:3848
- C:\Windows\System\cFkSxyA.exe
  C:\Windows\System\cFkSxyA.exe
  2⤵
  PID:3892
- C:\Windows\System\DhCqhnL.exe
  C:\Windows\System\DhCqhnL.exe
  2⤵
  PID:3868
- C:\Windows\System\cMxakNA.exe
  C:\Windows\System\cMxakNA.exe
  2⤵
  PID:3908
- C:\Windows\System\QLcVIfm.exe
  C:\Windows\System\QLcVIfm.exe
  2⤵
  PID:4012
- C:\Windows\System\nfWoTIa.exe
  C:\Windows\System\nfWoTIa.exe
  2⤵
  PID:3960
- C:\Windows\System\APkVdBy.exe
  C:\Windows\System\APkVdBy.exe
  2⤵
  PID:2012
- C:\Windows\System\KgwMJZl.exe
  C:\Windows\System\KgwMJZl.exe
  2⤵
  PID:2908
- C:\Windows\System\hNmLnBr.exe
  C:\Windows\System\hNmLnBr.exe
  2⤵
  PID:3052
- C:\Windows\System\ZLgtASz.exe
  C:\Windows\System\ZLgtASz.exe
  2⤵
  PID:2324
- C:\Windows\System\BZpvgcp.exe
  C:\Windows\System\BZpvgcp.exe
  2⤵
  PID:3096
- C:\Windows\System\GqWByMi.exe
  C:\Windows\System\GqWByMi.exe
  2⤵
  PID:3236
- C:\Windows\System\OgWZpQm.exe
  C:\Windows\System\OgWZpQm.exe
  2⤵
  PID:3336
- C:\Windows\System\xwhwIwC.exe
  C:\Windows\System\xwhwIwC.exe
  2⤵
  PID:3460
- C:\Windows\System\cWlEPsq.exe
  C:\Windows\System\cWlEPsq.exe
  2⤵
  PID:4040
- C:\Windows\System\ojfcqlM.exe
  C:\Windows\System\ojfcqlM.exe
  2⤵
  PID:4088
- C:\Windows\System\bvHruRB.exe
  C:\Windows\System\bvHruRB.exe
  2⤵
  PID:3588
- C:\Windows\System\PZAJKis.exe
  C:\Windows\System\PZAJKis.exe
  2⤵
  PID:872
- C:\Windows\System\tUFAThG.exe
  C:\Windows\System\tUFAThG.exe
  2⤵
  PID:1684
- C:\Windows\System\xpavOGf.exe
  C:\Windows\System\xpavOGf.exe
  2⤵
  PID:3648
- C:\Windows\System\CEkNUwf.exe
  C:\Windows\System\CEkNUwf.exe
  2⤵
  PID:688
- C:\Windows\System\NkxxgEb.exe
  C:\Windows\System\NkxxgEb.exe
  2⤵
  PID:3076
- C:\Windows\System\bsaWoQw.exe
  C:\Windows\System\bsaWoQw.exe
  2⤵
  PID:3220
- C:\Windows\System\xnvtGPh.exe
  C:\Windows\System\xnvtGPh.exe
  2⤵
  PID:3256
- C:\Windows\System\zGfljWG.exe
  C:\Windows\System\zGfljWG.exe
  2⤵
  PID:3396
- C:\Windows\System\LjZzsVI.exe
  C:\Windows\System\LjZzsVI.exe
  2⤵
  PID:3568
- C:\Windows\System\lDCWPut.exe
  C:\Windows\System\lDCWPut.exe
  2⤵
  PID:1596
- C:\Windows\System\pusNTTp.exe
  C:\Windows\System\pusNTTp.exe
  2⤵
  PID:3884
- C:\Windows\System\WDaEKhx.exe
  C:\Windows\System\WDaEKhx.exe
  2⤵
  PID:2236
- C:\Windows\System\HsoIcFp.exe
  C:\Windows\System\HsoIcFp.exe
  2⤵
  PID:3940
- C:\Windows\System\qTAkRWu.exe
  C:\Windows\System\qTAkRWu.exe
  2⤵
  PID:3976
- C:\Windows\System\dcDmOgD.exe
  C:\Windows\System\dcDmOgD.exe
  2⤵
  PID:3980
- C:\Windows\System\oXflcFC.exe
  C:\Windows\System\oXflcFC.exe
  2⤵
  PID:2168
- C:\Windows\System\kyoNMtE.exe
  C:\Windows\System\kyoNMtE.exe
  2⤵
  PID:3180
- C:\Windows\System\zotEGAu.exe
  C:\Windows\System\zotEGAu.exe
  2⤵
  PID:3424
- C:\Windows\System\kTUPpdz.exe
  C:\Windows\System\kTUPpdz.exe
  2⤵
  PID:2732
- C:\Windows\System\IQouUoE.exe
  C:\Windows\System\IQouUoE.exe
  2⤵
  PID:4084
- C:\Windows\System\ZgdSGXl.exe
  C:\Windows\System\ZgdSGXl.exe
  2⤵
  PID:532
- C:\Windows\System\KDjgYfN.exe
  C:\Windows\System\KDjgYfN.exe
  2⤵
  PID:3612
- C:\Windows\System\hjiqWXA.exe
  C:\Windows\System\hjiqWXA.exe
  2⤵
  PID:1828
- C:\Windows\System\YQLiUHv.exe
  C:\Windows\System\YQLiUHv.exe
  2⤵
  PID:3624
- C:\Windows\System\iqFRJjP.exe
  C:\Windows\System\iqFRJjP.exe
  2⤵
  PID:4108
- C:\Windows\System\qoghpNk.exe
  C:\Windows\System\qoghpNk.exe
  2⤵
  PID:4128
- C:\Windows\System\egtVpDI.exe
  C:\Windows\System\egtVpDI.exe
  2⤵
  PID:4148
- C:\Windows\System\XapugXc.exe
  C:\Windows\System\XapugXc.exe
  2⤵
  PID:4168
- C:\Windows\System\lQDsVrV.exe
  C:\Windows\System\lQDsVrV.exe
  2⤵
  PID:4188
- C:\Windows\System\PzVMeVo.exe
  C:\Windows\System\PzVMeVo.exe
  2⤵
  PID:4208
- C:\Windows\System\tKnTezy.exe
  C:\Windows\System\tKnTezy.exe
  2⤵
  PID:4228
- C:\Windows\System\BJKmMvE.exe
  C:\Windows\System\BJKmMvE.exe
  2⤵
  PID:4244
- C:\Windows\System\ZoFBGSK.exe
  C:\Windows\System\ZoFBGSK.exe
  2⤵
  PID:4268
- C:\Windows\System\QGQCqjL.exe
  C:\Windows\System\QGQCqjL.exe
  2⤵
  PID:4284
- C:\Windows\System\bBucoJk.exe
  C:\Windows\System\bBucoJk.exe
  2⤵
  PID:4308
- C:\Windows\System\uprbABq.exe
  C:\Windows\System\uprbABq.exe
  2⤵
  PID:4328
- C:\Windows\System\wqecvnu.exe
  C:\Windows\System\wqecvnu.exe
  2⤵
  PID:4348
- C:\Windows\System\AkZUvcv.exe
  C:\Windows\System\AkZUvcv.exe
  2⤵
  PID:4364
- C:\Windows\System\RDjdQfo.exe
  C:\Windows\System\RDjdQfo.exe
  2⤵
  PID:4388
- C:\Windows\System\hegZWLA.exe
  C:\Windows\System\hegZWLA.exe
  2⤵
  PID:4404
- C:\Windows\System\dqTJOQp.exe
  C:\Windows\System\dqTJOQp.exe
  2⤵
  PID:4428
- C:\Windows\System\rFkkpsY.exe
  C:\Windows\System\rFkkpsY.exe
  2⤵
  PID:4448
- C:\Windows\System\lLzcBFs.exe
  C:\Windows\System\lLzcBFs.exe
  2⤵
  PID:4468
- C:\Windows\System\dXmKmhl.exe
  C:\Windows\System\dXmKmhl.exe
  2⤵
  PID:4488
- C:\Windows\System\SEupOLc.exe
  C:\Windows\System\SEupOLc.exe
  2⤵
  PID:4508
- C:\Windows\System\uCMNMFZ.exe
  C:\Windows\System\uCMNMFZ.exe
  2⤵
  PID:4532
- C:\Windows\System\gFOMffx.exe
  C:\Windows\System\gFOMffx.exe
  2⤵
  PID:4552
- C:\Windows\System\zCOJYbp.exe
  C:\Windows\System\zCOJYbp.exe
  2⤵
  PID:4572
- C:\Windows\System\zOFxddE.exe
  C:\Windows\System\zOFxddE.exe
  2⤵
  PID:4592
- C:\Windows\System\KuWWRPR.exe
  C:\Windows\System\KuWWRPR.exe
  2⤵
  PID:4608
- C:\Windows\System\NFCZGdI.exe
  C:\Windows\System\NFCZGdI.exe
  2⤵
  PID:4632
- C:\Windows\System\MfpEjlY.exe
  C:\Windows\System\MfpEjlY.exe
  2⤵
  PID:4652
- C:\Windows\System\xtsdUgm.exe
  C:\Windows\System\xtsdUgm.exe
  2⤵
  PID:4672
- C:\Windows\System\EkNiTmd.exe
  C:\Windows\System\EkNiTmd.exe
  2⤵
  PID:4692
- C:\Windows\System\TAlJKnn.exe
  C:\Windows\System\TAlJKnn.exe
  2⤵
  PID:4712
- C:\Windows\System\PTrSkKl.exe
  C:\Windows\System\PTrSkKl.exe
  2⤵
  PID:4732
- C:\Windows\System\EPGIPPx.exe
  C:\Windows\System\EPGIPPx.exe
  2⤵
  PID:4748
- C:\Windows\System\alDscFp.exe
  C:\Windows\System\alDscFp.exe
  2⤵
  PID:4768
- C:\Windows\System\IDpBwDp.exe
  C:\Windows\System\IDpBwDp.exe
  2⤵
  PID:4792
- C:\Windows\System\bvWEcjI.exe
  C:\Windows\System\bvWEcjI.exe
  2⤵
  PID:4808
- C:\Windows\System\tbIYUbp.exe
  C:\Windows\System\tbIYUbp.exe
  2⤵
  PID:4832
- C:\Windows\System\pyasmhV.exe
  C:\Windows\System\pyasmhV.exe
  2⤵
  PID:4852
- C:\Windows\System\vHXupYh.exe
  C:\Windows\System\vHXupYh.exe
  2⤵
  PID:4872
- C:\Windows\System\dVLUsDq.exe
  C:\Windows\System\dVLUsDq.exe
  2⤵
  PID:4892
- C:\Windows\System\EkVIuki.exe
  C:\Windows\System\EkVIuki.exe
  2⤵
  PID:4912
- C:\Windows\System\EMoZxFJ.exe
  C:\Windows\System\EMoZxFJ.exe
  2⤵
  PID:4932
- C:\Windows\System\ZiArtKa.exe
  C:\Windows\System\ZiArtKa.exe
  2⤵
  PID:4952
- C:\Windows\System\gkuagCc.exe
  C:\Windows\System\gkuagCc.exe
  2⤵
  PID:4976
- C:\Windows\System\DRViNYM.exe
  C:\Windows\System\DRViNYM.exe
  2⤵
  PID:4996
- C:\Windows\System\wUIfqER.exe
  C:\Windows\System\wUIfqER.exe
  2⤵
  PID:5016
- C:\Windows\System\RHPeKUY.exe
  C:\Windows\System\RHPeKUY.exe
  2⤵
  PID:5032
- C:\Windows\System\xvBHKqE.exe
  C:\Windows\System\xvBHKqE.exe
  2⤵
  PID:5056
- C:\Windows\System\SZntaQj.exe
  C:\Windows\System\SZntaQj.exe
  2⤵
  PID:5076
- C:\Windows\System\vDrgLgv.exe
  C:\Windows\System\vDrgLgv.exe
  2⤵
  PID:5096
- C:\Windows\System\XkdTHDQ.exe
  C:\Windows\System\XkdTHDQ.exe
  2⤵
  PID:5116
- C:\Windows\System\xkqTafe.exe
  C:\Windows\System\xkqTafe.exe
  2⤵
  PID:3732
- C:\Windows\System\rlYspTj.exe
  C:\Windows\System\rlYspTj.exe
  2⤵
  PID:3704
- C:\Windows\System\SOidKcU.exe
  C:\Windows\System\SOidKcU.exe
  2⤵
  PID:3544
- C:\Windows\System\hgSCJQH.exe
  C:\Windows\System\hgSCJQH.exe
  2⤵
  PID:3828
- C:\Windows\System\kWvgTBm.exe
  C:\Windows\System\kWvgTBm.exe
  2⤵
  PID:3768
- C:\Windows\System\lWDxLoz.exe
  C:\Windows\System\lWDxLoz.exe
  2⤵
  PID:1700
- C:\Windows\System\IOFwJmE.exe
  C:\Windows\System\IOFwJmE.exe
  2⤵
  PID:1636
- C:\Windows\System\RJxCjAD.exe
  C:\Windows\System\RJxCjAD.exe
  2⤵
  PID:3200
- C:\Windows\System\TiJJTgf.exe
  C:\Windows\System\TiJJTgf.exe
  2⤵
  PID:4076
- C:\Windows\System\SHCVTMp.exe
  C:\Windows\System\SHCVTMp.exe
  2⤵
  PID:556
- C:\Windows\System\WbjzYAK.exe
  C:\Windows\System\WbjzYAK.exe
  2⤵
  PID:2912
- C:\Windows\System\kkCuzmi.exe
  C:\Windows\System\kkCuzmi.exe
  2⤵
  PID:3628
- C:\Windows\System\bxNaCQT.exe
  C:\Windows\System\bxNaCQT.exe
  2⤵
  PID:4124
- C:\Windows\System\UfTDRSy.exe
  C:\Windows\System\UfTDRSy.exe
  2⤵
  PID:4184
- C:\Windows\System\ftHrjlH.exe
  C:\Windows\System\ftHrjlH.exe
  2⤵
  PID:4216
- C:\Windows\System\SJCzyvm.exe
  C:\Windows\System\SJCzyvm.exe
  2⤵
  PID:4196
- C:\Windows\System\qQXjmDg.exe
  C:\Windows\System\qQXjmDg.exe
  2⤵
  PID:4264
- C:\Windows\System\WpDBWla.exe
  C:\Windows\System\WpDBWla.exe
  2⤵
  PID:3560
- C:\Windows\System\wIyUONU.exe
  C:\Windows\System\wIyUONU.exe
  2⤵
  PID:4316
- C:\Windows\System\dIoGHxt.exe
  C:\Windows\System\dIoGHxt.exe
  2⤵
  PID:4340
- C:\Windows\System\NnJJODt.exe
  C:\Windows\System\NnJJODt.exe
  2⤵
  PID:4376
- C:\Windows\System\nrQFVwr.exe
  C:\Windows\System\nrQFVwr.exe
  2⤵
  PID:4416
- C:\Windows\System\qibJcAa.exe
  C:\Windows\System\qibJcAa.exe
  2⤵
  PID:4400
- C:\Windows\System\rboMUMs.exe
  C:\Windows\System\rboMUMs.exe
  2⤵
  PID:4464
- C:\Windows\System\spNTkiV.exe
  C:\Windows\System\spNTkiV.exe
  2⤵
  PID:936
- C:\Windows\System\SjxEwbL.exe
  C:\Windows\System\SjxEwbL.exe
  2⤵
  PID:4524
- C:\Windows\System\KrJrXwb.exe
  C:\Windows\System\KrJrXwb.exe
  2⤵
  PID:4544
- C:\Windows\System\QLadUKX.exe
  C:\Windows\System\QLadUKX.exe
  2⤵
  PID:4588
- C:\Windows\System\vlAEOKU.exe
  C:\Windows\System\vlAEOKU.exe
  2⤵
  PID:4628
- C:\Windows\System\UtknBxu.exe
  C:\Windows\System\UtknBxu.exe
  2⤵
  PID:4668
- C:\Windows\System\OjLbrhZ.exe
  C:\Windows\System\OjLbrhZ.exe
  2⤵
  PID:4664
- C:\Windows\System\KsuIcqu.exe
  C:\Windows\System\KsuIcqu.exe
  2⤵
  PID:4708
- C:\Windows\System\GbUjNMI.exe
  C:\Windows\System\GbUjNMI.exe
  2⤵
  PID:4776
- C:\Windows\System\XbQVJMd.exe
  C:\Windows\System\XbQVJMd.exe
  2⤵
  PID:4780
- C:\Windows\System\xrGbVJI.exe
  C:\Windows\System\xrGbVJI.exe
  2⤵
  PID:4528
- C:\Windows\System\xQvlzWr.exe
  C:\Windows\System\xQvlzWr.exe
  2⤵
  PID:4824
- C:\Windows\System\CJkHjgx.exe
  C:\Windows\System\CJkHjgx.exe
  2⤵
  PID:4860
- C:\Windows\System\RlOzWEp.exe
  C:\Windows\System\RlOzWEp.exe
  2⤵
  PID:4880
- C:\Windows\System\iMBszzT.exe
  C:\Windows\System\iMBszzT.exe
  2⤵
  PID:4928
- C:\Windows\System\SdPQNpF.exe
  C:\Windows\System\SdPQNpF.exe
  2⤵
  PID:4944
- C:\Windows\System\LFGDWAQ.exe
  C:\Windows\System\LFGDWAQ.exe
  2⤵
  PID:4968
- C:\Windows\System\lonPBui.exe
  C:\Windows\System\lonPBui.exe
  2⤵
  PID:5012
- C:\Windows\System\qcziGDS.exe
  C:\Windows\System\qcziGDS.exe
  2⤵
  PID:5008
- C:\Windows\System\EGVrWQt.exe
  C:\Windows\System\EGVrWQt.exe
  2⤵
  PID:5052
- C:\Windows\System\HGeSvlT.exe
  C:\Windows\System\HGeSvlT.exe
  2⤵
  PID:5112
- C:\Windows\System\CKgmPkx.exe
  C:\Windows\System\CKgmPkx.exe
  2⤵
  PID:3580
- C:\Windows\System\klefgJF.exe
  C:\Windows\System\klefgJF.exe
  2⤵
  PID:3688
- C:\Windows\System\KzYSEOm.exe
  C:\Windows\System\KzYSEOm.exe
  2⤵
  PID:3812
- C:\Windows\System\vUCzVLY.exe
  C:\Windows\System\vUCzVLY.exe
  2⤵
  PID:2640
- C:\Windows\System\bvpWTIQ.exe
  C:\Windows\System\bvpWTIQ.exe
  2⤵
  PID:4036
- C:\Windows\System\xknQukS.exe
  C:\Windows\System\xknQukS.exe
  2⤵
  PID:1784
- C:\Windows\System\MMsHcim.exe
  C:\Windows\System\MMsHcim.exe
  2⤵
  PID:2772
- C:\Windows\System\Mcciqpn.exe
  C:\Windows\System\Mcciqpn.exe
  2⤵
  PID:4144
- C:\Windows\System\nOaeXvC.exe
  C:\Windows\System\nOaeXvC.exe
  2⤵
  PID:4240
- C:\Windows\System\lhtvCYw.exe
  C:\Windows\System\lhtvCYw.exe
  2⤵
  PID:1924
- C:\Windows\System\FxaHhDr.exe
  C:\Windows\System\FxaHhDr.exe
  2⤵
  PID:4300
- C:\Windows\System\uqgtZtQ.exe
  C:\Windows\System\uqgtZtQ.exe
  2⤵
  PID:4344
- C:\Windows\System\vHbxQux.exe
  C:\Windows\System\vHbxQux.exe
  2⤵
  PID:4456
- C:\Windows\System\MeWjmVN.exe
  C:\Windows\System\MeWjmVN.exe
  2⤵
  PID:4380
- C:\Windows\System\LAptZIH.exe
  C:\Windows\System\LAptZIH.exe
  2⤵
  PID:4476
- C:\Windows\System\UAybrMy.exe
  C:\Windows\System\UAybrMy.exe
  2⤵
  PID:3008
- C:\Windows\System\Zeoipbp.exe
  C:\Windows\System\Zeoipbp.exe
  2⤵
  PID:4600
- C:\Windows\System\XbjhfIB.exe
  C:\Windows\System\XbjhfIB.exe
  2⤵
  PID:4548
- C:\Windows\System\RJKNBfS.exe
  C:\Windows\System\RJKNBfS.exe
  2⤵
  PID:4724
- C:\Windows\System\zcmVbTk.exe
  C:\Windows\System\zcmVbTk.exe
  2⤵
  PID:4644
- C:\Windows\System\AaTFWvO.exe
  C:\Windows\System\AaTFWvO.exe
  2⤵
  PID:4800
- C:\Windows\System\dEQyTfc.exe
  C:\Windows\System\dEQyTfc.exe
  2⤵
  PID:4924
- C:\Windows\System\ztoDTui.exe
  C:\Windows\System\ztoDTui.exe
  2⤵
  PID:580
- C:\Windows\System\NhVwGwe.exe
  C:\Windows\System\NhVwGwe.exe
  2⤵
  PID:4900
- C:\Windows\System\cByVKcY.exe
  C:\Windows\System\cByVKcY.exe
  2⤵
  PID:5068
- C:\Windows\System\zUbwHXm.exe
  C:\Windows\System\zUbwHXm.exe
  2⤵
  PID:4884
- C:\Windows\System\NCaZbuC.exe
  C:\Windows\System\NCaZbuC.exe
  2⤵
  PID:3440
- C:\Windows\System\OJmPYdE.exe
  C:\Windows\System\OJmPYdE.exe
  2⤵
  PID:5064
- C:\Windows\System\Vhxmsol.exe
  C:\Windows\System\Vhxmsol.exe
  2⤵
  PID:5088
- C:\Windows\System\eijdmJW.exe
  C:\Windows\System\eijdmJW.exe
  2⤵
  PID:3772
- C:\Windows\System\sOtHnAE.exe
  C:\Windows\System\sOtHnAE.exe
  2⤵
  PID:2864
- C:\Windows\System\TOyfbSr.exe
  C:\Windows\System\TOyfbSr.exe
  2⤵
  PID:1564
- C:\Windows\System\ywhRdNL.exe
  C:\Windows\System\ywhRdNL.exe
  2⤵
  PID:4336
- C:\Windows\System\WEwvwxp.exe
  C:\Windows\System\WEwvwxp.exe
  2⤵
  PID:4444
- C:\Windows\System\dlzJvSm.exe
  C:\Windows\System\dlzJvSm.exe
  2⤵
  PID:3060
- C:\Windows\System\YNZTJow.exe
  C:\Windows\System\YNZTJow.exe
  2⤵
  PID:4176
- C:\Windows\System\FPOXCaL.exe
  C:\Windows\System\FPOXCaL.exe
  2⤵
  PID:5004
- C:\Windows\System\PEjIyaK.exe
  C:\Windows\System\PEjIyaK.exe
  2⤵
  PID:4164
- C:\Windows\System\anbYPnM.exe
  C:\Windows\System\anbYPnM.exe
  2⤵
  PID:4480
- C:\Windows\System\SmlSEZC.exe
  C:\Windows\System\SmlSEZC.exe
  2⤵
  PID:4516
- C:\Windows\System\JsHNMDr.exe
  C:\Windows\System\JsHNMDr.exe
  2⤵
  PID:5084
- C:\Windows\System\JwjrZNZ.exe
  C:\Windows\System\JwjrZNZ.exe
  2⤵
  PID:4160
- C:\Windows\System\SfOApvy.exe
  C:\Windows\System\SfOApvy.exe
  2⤵
  PID:4720
- C:\Windows\System\VJzbSft.exe
  C:\Windows\System\VJzbSft.exe
  2⤵
  PID:4864
- C:\Windows\System\YRjljDs.exe
  C:\Windows\System\YRjljDs.exe
  2⤵
  PID:2416
- C:\Windows\System\MURlBlq.exe
  C:\Windows\System\MURlBlq.exe
  2⤵
  PID:2104
- C:\Windows\System\cgbGOjK.exe
  C:\Windows\System\cgbGOjK.exe
  2⤵
  PID:4396
- C:\Windows\System\DhGRNwb.exe
  C:\Windows\System\DhGRNwb.exe
  2⤵
  PID:4500
- C:\Windows\System\KPOEdyx.exe
  C:\Windows\System\KPOEdyx.exe
  2⤵
  PID:4684
- C:\Windows\System\GtbxLtt.exe
  C:\Windows\System\GtbxLtt.exe
  2⤵
  PID:4648
- C:\Windows\System\xQBcErf.exe
  C:\Windows\System\xQBcErf.exe
  2⤵
  PID:5140
- C:\Windows\System\dLCrwwm.exe
  C:\Windows\System\dLCrwwm.exe
  2⤵
  PID:5160
- C:\Windows\System\cbrzDYC.exe
  C:\Windows\System\cbrzDYC.exe
  2⤵
  PID:5180
- C:\Windows\System\cDDQrmt.exe
  C:\Windows\System\cDDQrmt.exe
  2⤵
  PID:5204
- C:\Windows\System\nDtYrUM.exe
  C:\Windows\System\nDtYrUM.exe
  2⤵
  PID:5228
- C:\Windows\System\htqrxYJ.exe
  C:\Windows\System\htqrxYJ.exe
  2⤵
  PID:5248
- C:\Windows\System\GIjljoh.exe
  C:\Windows\System\GIjljoh.exe
  2⤵
  PID:5268
- C:\Windows\System\DXuQktB.exe
  C:\Windows\System\DXuQktB.exe
  2⤵
  PID:5288
- C:\Windows\System\mLESRPV.exe
  C:\Windows\System\mLESRPV.exe
  2⤵
  PID:5312
- C:\Windows\System\wyEizEO.exe
  C:\Windows\System\wyEizEO.exe
  2⤵
  PID:5332
- C:\Windows\System\ujZzirW.exe
  C:\Windows\System\ujZzirW.exe
  2⤵
  PID:5356
- C:\Windows\System\ziOvGxt.exe
  C:\Windows\System\ziOvGxt.exe
  2⤵
  PID:5380
- C:\Windows\System\TwXzmDj.exe
  C:\Windows\System\TwXzmDj.exe
  2⤵
  PID:5404
- C:\Windows\System\YWkQqjZ.exe
  C:\Windows\System\YWkQqjZ.exe
  2⤵
  PID:5424
- C:\Windows\System\IMbgYGQ.exe
  C:\Windows\System\IMbgYGQ.exe
  2⤵
  PID:5444
- C:\Windows\System\HSgkmAe.exe
  C:\Windows\System\HSgkmAe.exe
  2⤵
  PID:5464
- C:\Windows\System\jyAtkim.exe
  C:\Windows\System\jyAtkim.exe
  2⤵
  PID:5484
- C:\Windows\System\fFeVbwG.exe
  C:\Windows\System\fFeVbwG.exe
  2⤵
  PID:5500
- C:\Windows\System\PvZJMIP.exe
  C:\Windows\System\PvZJMIP.exe
  2⤵
  PID:5524
- C:\Windows\System\UibAPDV.exe
  C:\Windows\System\UibAPDV.exe
  2⤵
  PID:5544
- C:\Windows\System\htYFSTY.exe
  C:\Windows\System\htYFSTY.exe
  2⤵
  PID:5564
- C:\Windows\System\gPISnwV.exe
  C:\Windows\System\gPISnwV.exe
  2⤵
  PID:5584
- C:\Windows\System\yHzUFGx.exe
  C:\Windows\System\yHzUFGx.exe
  2⤵
  PID:5604
- C:\Windows\System\yDFDDeD.exe
  C:\Windows\System\yDFDDeD.exe
  2⤵
  PID:5624
- C:\Windows\System\jnQjTcG.exe
  C:\Windows\System\jnQjTcG.exe
  2⤵
  PID:5644
- C:\Windows\System\uXfdLBl.exe
  C:\Windows\System\uXfdLBl.exe
  2⤵
  PID:5664
- C:\Windows\System\MVMBTrX.exe
  C:\Windows\System\MVMBTrX.exe
  2⤵
  PID:5684
- C:\Windows\System\TnErmiW.exe
  C:\Windows\System\TnErmiW.exe
  2⤵
  PID:5708
- C:\Windows\System\axdxXzz.exe
  C:\Windows\System\axdxXzz.exe
  2⤵
  PID:5728
- C:\Windows\System\USZgsJE.exe
  C:\Windows\System\USZgsJE.exe
  2⤵
  PID:5748
- C:\Windows\System\TpiTuDh.exe
  C:\Windows\System\TpiTuDh.exe
  2⤵
  PID:5768
- C:\Windows\System\HoonhYE.exe
  C:\Windows\System\HoonhYE.exe
  2⤵
  PID:5788
- C:\Windows\System\BJDGHcW.exe
  C:\Windows\System\BJDGHcW.exe
  2⤵
  PID:5808
- C:\Windows\System\MveXRXh.exe
  C:\Windows\System\MveXRXh.exe
  2⤵
  PID:5832
- C:\Windows\System\vIYfRGB.exe
  C:\Windows\System\vIYfRGB.exe
  2⤵
  PID:5852
- C:\Windows\System\mVlTBaX.exe
  C:\Windows\System\mVlTBaX.exe
  2⤵
  PID:5872
- C:\Windows\System\SujvkEF.exe
  C:\Windows\System\SujvkEF.exe
  2⤵
  PID:5892
- C:\Windows\System\jhBLApW.exe
  C:\Windows\System\jhBLApW.exe
  2⤵
  PID:5912
- C:\Windows\System\TuhtCon.exe
  C:\Windows\System\TuhtCon.exe
  2⤵
  PID:5932
- C:\Windows\System\HPbzESg.exe
  C:\Windows\System\HPbzESg.exe
  2⤵
  PID:5952
- C:\Windows\System\sefjLKL.exe
  C:\Windows\System\sefjLKL.exe
  2⤵
  PID:5972
- C:\Windows\System\PgzOJfQ.exe
  C:\Windows\System\PgzOJfQ.exe
  2⤵
  PID:5992
- C:\Windows\System\MhCZDDR.exe
  C:\Windows\System\MhCZDDR.exe
  2⤵
  PID:6012
- C:\Windows\System\tffjxXU.exe
  C:\Windows\System\tffjxXU.exe
  2⤵
  PID:6032
- C:\Windows\System\hkKSOkC.exe
  C:\Windows\System\hkKSOkC.exe
  2⤵
  PID:6056
- C:\Windows\System\hgcysUX.exe
  C:\Windows\System\hgcysUX.exe
  2⤵
  PID:6076
- C:\Windows\System\bnMLzFT.exe
  C:\Windows\System\bnMLzFT.exe
  2⤵
  PID:6096
- C:\Windows\System\ZLvJULQ.exe
  C:\Windows\System\ZLvJULQ.exe
  2⤵
  PID:6116
- C:\Windows\System\wTBCWjE.exe
  C:\Windows\System\wTBCWjE.exe
  2⤵
  PID:6136
- C:\Windows\System\FwPTCdt.exe
  C:\Windows\System\FwPTCdt.exe
  2⤵
  PID:2268
- C:\Windows\System\FxODReU.exe
  C:\Windows\System\FxODReU.exe
  2⤵
  PID:2868
- C:\Windows\System\KeIYUPq.exe
  C:\Windows\System\KeIYUPq.exe
  2⤵
  PID:3092
- C:\Windows\System\gmgOmDg.exe
  C:\Windows\System\gmgOmDg.exe
  2⤵
  PID:4424
- C:\Windows\System\wlgxwaH.exe
  C:\Windows\System\wlgxwaH.exe
  2⤵
  PID:4140
- C:\Windows\System\NcGNdGY.exe
  C:\Windows\System\NcGNdGY.exe
  2⤵
  PID:4180
- C:\Windows\System\VqOhIoM.exe
  C:\Windows\System\VqOhIoM.exe
  2⤵
  PID:4992
- C:\Windows\System\wLknHHj.exe
  C:\Windows\System\wLknHHj.exe
  2⤵
  PID:5168
- C:\Windows\System\dDCqlVg.exe
  C:\Windows\System\dDCqlVg.exe
  2⤵
  PID:5224
- C:\Windows\System\csWItFR.exe
  C:\Windows\System\csWItFR.exe
  2⤵
  PID:3132
- C:\Windows\System\toljAqG.exe
  C:\Windows\System\toljAqG.exe
  2⤵
  PID:5256
- C:\Windows\System\JRbqgzl.exe
  C:\Windows\System\JRbqgzl.exe
  2⤵
  PID:4116
- C:\Windows\System\QFWvTIr.exe
  C:\Windows\System\QFWvTIr.exe
  2⤵
  PID:5260
- C:\Windows\System\YQDFKYK.exe
  C:\Windows\System\YQDFKYK.exe
  2⤵
  PID:5300
- C:\Windows\System\DBGDjIG.exe
  C:\Windows\System\DBGDjIG.exe
  2⤵
  PID:5244
- C:\Windows\System\HbwMeUi.exe
  C:\Windows\System\HbwMeUi.exe
  2⤵
  PID:5276
- C:\Windows\System\sNxLJwl.exe
  C:\Windows\System\sNxLJwl.exe
  2⤵
  PID:5388
- C:\Windows\System\XPRmwKf.exe
  C:\Windows\System\XPRmwKf.exe
  2⤵
  PID:5396
- C:\Windows\System\ZlZIOwl.exe
  C:\Windows\System\ZlZIOwl.exe
  2⤵
  PID:5412
- C:\Windows\System\HTxgepW.exe
  C:\Windows\System\HTxgepW.exe
  2⤵
  PID:5416
- C:\Windows\System\GOhoiXJ.exe
  C:\Windows\System\GOhoiXJ.exe
  2⤵
  PID:5460
- C:\Windows\System\KwIymUf.exe
  C:\Windows\System\KwIymUf.exe
  2⤵
  PID:5520
- C:\Windows\System\WCtpVuX.exe
  C:\Windows\System\WCtpVuX.exe
  2⤵
  PID:5552
- C:\Windows\System\lrdUqBf.exe
  C:\Windows\System\lrdUqBf.exe
  2⤵
  PID:5560
- C:\Windows\System\JuBomcS.exe
  C:\Windows\System\JuBomcS.exe
  2⤵
  PID:5572
- C:\Windows\System\sPFERvG.exe
  C:\Windows\System\sPFERvG.exe
  2⤵
  PID:5612
- C:\Windows\System\IqsefUa.exe
  C:\Windows\System\IqsefUa.exe
  2⤵
  PID:5660
- C:\Windows\System\iCbdwJS.exe
  C:\Windows\System\iCbdwJS.exe
  2⤵
  PID:5692
- C:\Windows\System\CqTzgYr.exe
  C:\Windows\System\CqTzgYr.exe
  2⤵
  PID:5700
- C:\Windows\System\gwBGnAA.exe
  C:\Windows\System\gwBGnAA.exe
  2⤵
  PID:5740
- C:\Windows\System\EfsGkxe.exe
  C:\Windows\System\EfsGkxe.exe
  2⤵
  PID:5780
- C:\Windows\System\HfnBaPj.exe
  C:\Windows\System\HfnBaPj.exe
  2⤵
  PID:5828
- C:\Windows\System\qjabWav.exe
  C:\Windows\System\qjabWav.exe
  2⤵
  PID:5860
- C:\Windows\System\bbKatzS.exe
  C:\Windows\System\bbKatzS.exe
  2⤵
  PID:5920
- C:\Windows\System\WZUoVLC.exe
  C:\Windows\System\WZUoVLC.exe
  2⤵
  PID:5940
- C:\Windows\System\cLOgyex.exe
  C:\Windows\System\cLOgyex.exe
  2⤵
  PID:5964
- C:\Windows\System\ledfjTq.exe
  C:\Windows\System\ledfjTq.exe
  2⤵
  PID:5984
- C:\Windows\System\AHdhQxB.exe
  C:\Windows\System\AHdhQxB.exe
  2⤵
  PID:6028
- C:\Windows\System\xpuFayL.exe
  C:\Windows\System\xpuFayL.exe
  2⤵
  PID:6092
- C:\Windows\System\lXmKByM.exe
  C:\Windows\System\lXmKByM.exe
  2⤵
  PID:6104
- C:\Windows\System\mONoXFF.exe
  C:\Windows\System\mONoXFF.exe
  2⤵
  PID:6128
- C:\Windows\System\jEKjVaw.exe
  C:\Windows\System\jEKjVaw.exe
  2⤵
  PID:4840
- C:\Windows\System\VmXjoPC.exe
  C:\Windows\System\VmXjoPC.exe
  2⤵
  PID:3680
- C:\Windows\System\CaYDVAS.exe
  C:\Windows\System\CaYDVAS.exe
  2⤵
  PID:1240
- C:\Windows\System\CwDbfAO.exe
  C:\Windows\System\CwDbfAO.exe
  2⤵
  PID:5092
- C:\Windows\System\BvnQcPf.exe
  C:\Windows\System\BvnQcPf.exe
  2⤵
  PID:2344
- C:\Windows\System\BWAqraq.exe
  C:\Windows\System\BWAqraq.exe
  2⤵
  PID:5212
- C:\Windows\System\tTpILOM.exe
  C:\Windows\System\tTpILOM.exe
  2⤵
  PID:2940
- C:\Windows\System\JJyBwnc.exe
  C:\Windows\System\JJyBwnc.exe
  2⤵
  PID:5156
- C:\Windows\System\qjbQYTI.exe
  C:\Windows\System\qjbQYTI.exe
  2⤵
  PID:5320
- C:\Windows\System\PxDbVms.exe
  C:\Windows\System\PxDbVms.exe
  2⤵
  PID:5348
- C:\Windows\System\ioUAlYZ.exe
  C:\Windows\System\ioUAlYZ.exe
  2⤵
  PID:5420
- C:\Windows\System\yKortdi.exe
  C:\Windows\System\yKortdi.exe
  2⤵
  PID:5440
- C:\Windows\System\ZaxAExM.exe
  C:\Windows\System\ZaxAExM.exe
  2⤵
  PID:5472
- C:\Windows\System\UmNrwke.exe
  C:\Windows\System\UmNrwke.exe
  2⤵
  PID:3924
- C:\Windows\System\bUEZxGq.exe
  C:\Windows\System\bUEZxGq.exe
  2⤵
  PID:5640
- C:\Windows\System\jJxMIyh.exe
  C:\Windows\System\jJxMIyh.exe
  2⤵
  PID:5616
- C:\Windows\System\IBlRyky.exe
  C:\Windows\System\IBlRyky.exe
  2⤵
  PID:5716
- C:\Windows\System\YTTlByN.exe
  C:\Windows\System\YTTlByN.exe
  2⤵
  PID:5724
- C:\Windows\System\PLhzADx.exe
  C:\Windows\System\PLhzADx.exe
  2⤵
  PID:5784
- C:\Windows\System\EDFGvUD.exe
  C:\Windows\System\EDFGvUD.exe
  2⤵
  PID:5844
- C:\Windows\System\zIHNyOU.exe
  C:\Windows\System\zIHNyOU.exe
  2⤵
  PID:5944
- C:\Windows\System\KnAEnfK.exe
  C:\Windows\System\KnAEnfK.exe
  2⤵
  PID:6052
- C:\Windows\System\xzCgzgR.exe
  C:\Windows\System\xzCgzgR.exe
  2⤵
  PID:6072
- C:\Windows\System\xGtfIzc.exe
  C:\Windows\System\xGtfIzc.exe
  2⤵
  PID:2056
- C:\Windows\System\ZEBRwYN.exe
  C:\Windows\System\ZEBRwYN.exe
  2⤵
  PID:6132
- C:\Windows\System\IDdDnes.exe
  C:\Windows\System\IDdDnes.exe
  2⤵
  PID:4660
- C:\Windows\System\XLnDJJw.exe
  C:\Windows\System\XLnDJJw.exe
  2⤵
  PID:2088
- C:\Windows\System\oFtFsSp.exe
  C:\Windows\System\oFtFsSp.exe
  2⤵
  PID:940
- C:\Windows\System\JbqgLew.exe
  C:\Windows\System\JbqgLew.exe
  2⤵
  PID:5220
- C:\Windows\System\iICWHmv.exe
  C:\Windows\System\iICWHmv.exe
  2⤵
  PID:3044
- C:\Windows\System\asayGzB.exe
  C:\Windows\System\asayGzB.exe
  2⤵
  PID:5516
- C:\Windows\System\dAIlpol.exe
  C:\Windows\System\dAIlpol.exe
  2⤵
  PID:3176
- C:\Windows\System\FbENTmX.exe
  C:\Windows\System\FbENTmX.exe
  2⤵
  PID:5676
- C:\Windows\System\FXZAxMt.exe
  C:\Windows\System\FXZAxMt.exe
  2⤵
  PID:5652
- C:\Windows\System\IDoatqV.exe
  C:\Windows\System\IDoatqV.exe
  2⤵
  PID:5796
- C:\Windows\System\KJUycvg.exe
  C:\Windows\System\KJUycvg.exe
  2⤵
  PID:5900
- C:\Windows\System\NTVZIXZ.exe
  C:\Windows\System\NTVZIXZ.exe
  2⤵
  PID:5908
- C:\Windows\System\xBiACNO.exe
  C:\Windows\System\xBiACNO.exe
  2⤵
  PID:6044
- C:\Windows\System\gEQzImD.exe
  C:\Windows\System\gEQzImD.exe
  2⤵
  PID:3864
- C:\Windows\System\mWTODJf.exe
  C:\Windows\System\mWTODJf.exe
  2⤵
  PID:3644
- C:\Windows\System\wkyngLE.exe
  C:\Windows\System\wkyngLE.exe
  2⤵
  PID:884
- C:\Windows\System\eawUWan.exe
  C:\Windows\System\eawUWan.exe
  2⤵
  PID:5196
- C:\Windows\System\rjQeYcP.exe
  C:\Windows\System\rjQeYcP.exe
  2⤵
  PID:5496
- C:\Windows\System\sHWLrkC.exe
  C:\Windows\System\sHWLrkC.exe
  2⤵
  PID:5596
- C:\Windows\System\GsCXXhI.exe
  C:\Windows\System\GsCXXhI.exe
  2⤵
  PID:5760
- C:\Windows\System\lteQBlu.exe
  C:\Windows\System\lteQBlu.exe
  2⤵
  PID:2120
- C:\Windows\System\PLmaAzH.exe
  C:\Windows\System\PLmaAzH.exe
  2⤵
  PID:2896
- C:\Windows\System\NMHOxtQ.exe
  C:\Windows\System\NMHOxtQ.exe
  2⤵
  PID:5924
- C:\Windows\System\jXQLXdn.exe
  C:\Windows\System\jXQLXdn.exe
  2⤵
  PID:6124
- C:\Windows\System\EaqiuLZ.exe
  C:\Windows\System\EaqiuLZ.exe
  2⤵
  PID:5304
- C:\Windows\System\nJlkaNM.exe
  C:\Windows\System\nJlkaNM.exe
  2⤵
  PID:5352
- C:\Windows\System\FDxRRAB.exe
  C:\Windows\System\FDxRRAB.exe
  2⤵
  PID:2608
- C:\Windows\System\EDEzGTL.exe
  C:\Windows\System\EDEzGTL.exe
  2⤵
  PID:6160
- C:\Windows\System\liLuNJH.exe
  C:\Windows\System\liLuNJH.exe
  2⤵
  PID:6176
- C:\Windows\System\qbWndxO.exe
  C:\Windows\System\qbWndxO.exe
  2⤵
  PID:6204
- C:\Windows\System\ftuUeQJ.exe
  C:\Windows\System\ftuUeQJ.exe
  2⤵
  PID:6224
- C:\Windows\System\QUWcpUl.exe
  C:\Windows\System\QUWcpUl.exe
  2⤵
  PID:6252
- C:\Windows\System\jAenhzd.exe
  C:\Windows\System\jAenhzd.exe
  2⤵
  PID:6268
- C:\Windows\System\fliOaMn.exe
  C:\Windows\System\fliOaMn.exe
  2⤵
  PID:6284
- C:\Windows\System\bOFWCkX.exe
  C:\Windows\System\bOFWCkX.exe
  2⤵
  PID:6308
- C:\Windows\System\ixeKJmM.exe
  C:\Windows\System\ixeKJmM.exe
  2⤵
  PID:6324
- C:\Windows\System\tgycppu.exe
  C:\Windows\System\tgycppu.exe
  2⤵
  PID:6348
- C:\Windows\System\eqlwtJf.exe
  C:\Windows\System\eqlwtJf.exe
  2⤵
  PID:6368
- C:\Windows\System\FIEarmL.exe
  C:\Windows\System\FIEarmL.exe
  2⤵
  PID:6384
- C:\Windows\System\SMDCysN.exe
  C:\Windows\System\SMDCysN.exe
  2⤵
  PID:6412
- C:\Windows\System\roxGnJT.exe
  C:\Windows\System\roxGnJT.exe
  2⤵
  PID:6436
- C:\Windows\System\btUHdIB.exe
  C:\Windows\System\btUHdIB.exe
  2⤵
  PID:6456
- C:\Windows\System\QMasGDo.exe
  C:\Windows\System\QMasGDo.exe
  2⤵
  PID:6476
- C:\Windows\System\lUBUeIT.exe
  C:\Windows\System\lUBUeIT.exe
  2⤵
  PID:6496
- C:\Windows\System\gUdovWF.exe
  C:\Windows\System\gUdovWF.exe
  2⤵
  PID:6516
- C:\Windows\System\EnGUABE.exe
  C:\Windows\System\EnGUABE.exe
  2⤵
  PID:6536
- C:\Windows\System\EJHSRdY.exe
  C:\Windows\System\EJHSRdY.exe
  2⤵
  PID:6556
- C:\Windows\System\rDliOjk.exe
  C:\Windows\System\rDliOjk.exe
  2⤵
  PID:6576
- C:\Windows\System\kLazhzq.exe
  C:\Windows\System\kLazhzq.exe
  2⤵
  PID:6596
- C:\Windows\System\HjgGdmR.exe
  C:\Windows\System\HjgGdmR.exe
  2⤵
  PID:6612
- C:\Windows\System\ykQIcwD.exe
  C:\Windows\System\ykQIcwD.exe
  2⤵
  PID:6636
- C:\Windows\System\mxAHrez.exe
  C:\Windows\System\mxAHrez.exe
  2⤵
  PID:6656
- C:\Windows\System\GbFxXRV.exe
  C:\Windows\System\GbFxXRV.exe
  2⤵
  PID:6676
- C:\Windows\System\cxljkXD.exe
  C:\Windows\System\cxljkXD.exe
  2⤵
  PID:6696
- C:\Windows\System\bEndkJE.exe
  C:\Windows\System\bEndkJE.exe
  2⤵
  PID:6712
- C:\Windows\System\auOTofy.exe
  C:\Windows\System\auOTofy.exe
  2⤵
  PID:6736
- C:\Windows\System\NmECShP.exe
  C:\Windows\System\NmECShP.exe
  2⤵
  PID:6760
- C:\Windows\System\GqmhOdP.exe
  C:\Windows\System\GqmhOdP.exe
  2⤵
  PID:6780
- C:\Windows\System\LWYwSnX.exe
  C:\Windows\System\LWYwSnX.exe
  2⤵
  PID:6800
- C:\Windows\System\uFZOqbY.exe
  C:\Windows\System\uFZOqbY.exe
  2⤵
  PID:6820
- C:\Windows\System\ozckmLp.exe
  C:\Windows\System\ozckmLp.exe
  2⤵
  PID:6840
- C:\Windows\System\ersQcxQ.exe
  C:\Windows\System\ersQcxQ.exe
  2⤵
  PID:6860
- C:\Windows\System\QfEWKVh.exe
  C:\Windows\System\QfEWKVh.exe
  2⤵
  PID:6880
- C:\Windows\System\jIpMdZa.exe
  C:\Windows\System\jIpMdZa.exe
  2⤵
  PID:6900
- C:\Windows\System\pzKanwR.exe
  C:\Windows\System\pzKanwR.exe
  2⤵
  PID:6916
- C:\Windows\System\zfAlubH.exe
  C:\Windows\System\zfAlubH.exe
  2⤵
  PID:6936
- C:\Windows\System\NujbXky.exe
  C:\Windows\System\NujbXky.exe
  2⤵
  PID:6960
- C:\Windows\System\XElDqXS.exe
  C:\Windows\System\XElDqXS.exe
  2⤵
  PID:6980
- C:\Windows\System\FIJgJWP.exe
  C:\Windows\System\FIJgJWP.exe
  2⤵
  PID:7000
- C:\Windows\System\KJxUqMe.exe
  C:\Windows\System\KJxUqMe.exe
  2⤵
  PID:7020
- C:\Windows\System\XzrwWvQ.exe
  C:\Windows\System\XzrwWvQ.exe
  2⤵
  PID:7040
- C:\Windows\System\KjsfUZk.exe
  C:\Windows\System\KjsfUZk.exe
  2⤵
  PID:7060
- C:\Windows\System\kMGxury.exe
  C:\Windows\System\kMGxury.exe
  2⤵
  PID:7084
- C:\Windows\System\TmABdPU.exe
  C:\Windows\System\TmABdPU.exe
  2⤵
  PID:7108
- C:\Windows\System\dDMwlok.exe
  C:\Windows\System\dDMwlok.exe
  2⤵
  PID:7124
- C:\Windows\System\VpPFfXK.exe
  C:\Windows\System\VpPFfXK.exe
  2⤵
  PID:7144
- C:\Windows\System\QNZyllb.exe
  C:\Windows\System\QNZyllb.exe
  2⤵
  PID:7164
- C:\Windows\System\hoYRUVO.exe
  C:\Windows\System\hoYRUVO.exe
  2⤵
  PID:5128
- C:\Windows\System\nZRxuuf.exe
  C:\Windows\System\nZRxuuf.exe
  2⤵
  PID:5264
- C:\Windows\System\lKEmcmy.exe
  C:\Windows\System\lKEmcmy.exe
  2⤵
  PID:5372
- C:\Windows\System\hJWQnpe.exe
  C:\Windows\System\hJWQnpe.exe
  2⤵
  PID:2768
- C:\Windows\System\kcZJmid.exe
  C:\Windows\System\kcZJmid.exe
  2⤵
  PID:808
- C:\Windows\System\nZJbmgK.exe
  C:\Windows\System\nZJbmgK.exe
  2⤵
  PID:6068
- C:\Windows\System\cmzokDy.exe
  C:\Windows\System\cmzokDy.exe
  2⤵
  PID:6244
- C:\Windows\System\GqmxsTY.exe
  C:\Windows\System\GqmxsTY.exe
  2⤵
  PID:6316
- C:\Windows\System\chMrQCR.exe
  C:\Windows\System\chMrQCR.exe
  2⤵
  PID:5308
- C:\Windows\System\txBfZax.exe
  C:\Windows\System\txBfZax.exe
  2⤵
  PID:6172
- C:\Windows\System\noAExCD.exe
  C:\Windows\System\noAExCD.exe
  2⤵
  PID:6364
- C:\Windows\System\zUxxlSm.exe
  C:\Windows\System\zUxxlSm.exe
  2⤵
  PID:6296
- C:\Windows\System\lppBDIP.exe
  C:\Windows\System\lppBDIP.exe
  2⤵
  PID:6332
- C:\Windows\System\KNNnxSf.exe
  C:\Windows\System\KNNnxSf.exe
  2⤵
  PID:6408
- C:\Windows\System\WVvAjeo.exe
  C:\Windows\System\WVvAjeo.exe
  2⤵
  PID:5960
- C:\Windows\System\AkvDtIs.exe
  C:\Windows\System\AkvDtIs.exe
  2⤵
  PID:6452
- C:\Windows\System\BiaiQKk.exe
  C:\Windows\System\BiaiQKk.exe
  2⤵
  PID:6424
- C:\Windows\System\sRHBYCh.exe
  C:\Windows\System\sRHBYCh.exe
  2⤵
  PID:6492
- C:\Windows\System\vGkksht.exe
  C:\Windows\System\vGkksht.exe
  2⤵
  PID:6528
- C:\Windows\System\YZPlNoO.exe
  C:\Windows\System\YZPlNoO.exe
  2⤵
  PID:6508
- C:\Windows\System\AckcRtp.exe
  C:\Windows\System\AckcRtp.exe
  2⤵
  PID:6604
- C:\Windows\System\SjLLhHt.exe
  C:\Windows\System\SjLLhHt.exe
  2⤵
  PID:6584
- C:\Windows\System\WZYvyOZ.exe
  C:\Windows\System\WZYvyOZ.exe
  2⤵
  PID:6620
- C:\Windows\System\iwYRqrG.exe
  C:\Windows\System\iwYRqrG.exe
  2⤵
  PID:6632
- C:\Windows\System\aMPihAl.exe
  C:\Windows\System\aMPihAl.exe
  2⤵
  PID:6684
- C:\Windows\System\joOtZDz.exe
  C:\Windows\System\joOtZDz.exe
  2⤵
  PID:6672
- C:\Windows\System\WMSjPlr.exe
  C:\Windows\System\WMSjPlr.exe
  2⤵
  PID:6732
- C:\Windows\System\cRDNGkX.exe
  C:\Windows\System\cRDNGkX.exe
  2⤵
  PID:6772
- C:\Windows\System\FcbMRfR.exe
  C:\Windows\System\FcbMRfR.exe
  2⤵
  PID:6752
- C:\Windows\System\MDnCcTC.exe
  C:\Windows\System\MDnCcTC.exe
  2⤵
  PID:6808
- C:\Windows\System\snbkaqC.exe
  C:\Windows\System\snbkaqC.exe
  2⤵
  PID:6856
- C:\Windows\System\PLRTTeU.exe
  C:\Windows\System\PLRTTeU.exe
  2⤵
  PID:6832
- C:\Windows\System\mfodrAe.exe
  C:\Windows\System\mfodrAe.exe
  2⤵
  PID:2312
- C:\Windows\System\TXPrWmj.exe
  C:\Windows\System\TXPrWmj.exe
  2⤵
  PID:6872
- C:\Windows\System\NfgZTaz.exe
  C:\Windows\System\NfgZTaz.exe
  2⤵
  PID:6908
- C:\Windows\System\rsQXjQH.exe
  C:\Windows\System\rsQXjQH.exe
  2⤵
  PID:1264
- C:\Windows\System\RaenjLV.exe
  C:\Windows\System\RaenjLV.exe
  2⤵
  PID:6976
- C:\Windows\System\gWWXsZf.exe
  C:\Windows\System\gWWXsZf.exe
  2⤵
  PID:6972
- C:\Windows\System\Oqcumgw.exe
  C:\Windows\System\Oqcumgw.exe
  2⤵
  PID:6996
- C:\Windows\System\xHEQOMX.exe
  C:\Windows\System\xHEQOMX.exe
  2⤵
  PID:7048
- C:\Windows\System\psHoUoq.exe
  C:\Windows\System\psHoUoq.exe
  2⤵
  PID:7056
- C:\Windows\System\GesOZQi.exe
  C:\Windows\System\GesOZQi.exe
  2⤵
  PID:2188
- C:\Windows\System\VDFuNur.exe
  C:\Windows\System\VDFuNur.exe
  2⤵
  PID:2308
- C:\Windows\System\FHJaUVb.exe
  C:\Windows\System\FHJaUVb.exe
  2⤵
  PID:7100
- C:\Windows\System\XWtgWNe.exe
  C:\Windows\System\XWtgWNe.exe
  2⤵
  PID:5840
- C:\Windows\System\wqJnzAM.exe
  C:\Windows\System\wqJnzAM.exe
  2⤵
  PID:1056
- C:\Windows\System\ALIfElO.exe
  C:\Windows\System\ALIfElO.exe
  2⤵
  PID:5236
- C:\Windows\System\sIVPrdQ.exe
  C:\Windows\System\sIVPrdQ.exe
  2⤵
  PID:5600
- C:\Windows\System\qtFJuIA.exe
  C:\Windows\System\qtFJuIA.exe
  2⤵
  PID:4788
- C:\Windows\System\LaqJGcl.exe
  C:\Windows\System\LaqJGcl.exe
  2⤵
  PID:6216
- C:\Windows\System\fEMdeow.exe
  C:\Windows\System\fEMdeow.exe
  2⤵
  PID:6196
- C:\Windows\System\JRwZAUb.exe
  C:\Windows\System\JRwZAUb.exe
  2⤵
  PID:6484
- C:\Windows\System\dJzUTvH.exe
  C:\Windows\System\dJzUTvH.exe
  2⤵
  PID:6472
- C:\Windows\System\uHIvEhM.exe
  C:\Windows\System\uHIvEhM.exe
  2⤵
  PID:1136
- C:\Windows\System\NoxlmEe.exe
  C:\Windows\System\NoxlmEe.exe
  2⤵
  PID:2040
- C:\Windows\System\cwOgjpC.exe
  C:\Windows\System\cwOgjpC.exe
  2⤵
  PID:6812
- C:\Windows\System\CUTujiR.exe
  C:\Windows\System\CUTujiR.exe
  2⤵
  PID:6768
- C:\Windows\System\FdWeMLd.exe
  C:\Windows\System\FdWeMLd.exe
  2⤵
  PID:6084
- C:\Windows\System\FnebgTm.exe
  C:\Windows\System\FnebgTm.exe
  2⤵
  PID:6924
- C:\Windows\System\CUuCUSo.exe
  C:\Windows\System\CUuCUSo.exe
  2⤵
  PID:6896
- C:\Windows\System\UtOVwzA.exe
  C:\Windows\System\UtOVwzA.exe
  2⤵
  PID:1644
- C:\Windows\System\tpvPUQQ.exe
  C:\Windows\System\tpvPUQQ.exe
  2⤵
  PID:5364
- C:\Windows\System\AiddgTe.exe
  C:\Windows\System\AiddgTe.exe
  2⤵
  PID:6756
- C:\Windows\System\dqqqKwo.exe
  C:\Windows\System\dqqqKwo.exe
  2⤵
  PID:2076
- C:\Windows\System\YvrYYJD.exe
  C:\Windows\System\YvrYYJD.exe
  2⤵
  PID:7140
- C:\Windows\System\PfgcStF.exe
  C:\Windows\System\PfgcStF.exe
  2⤵
  PID:7120
- C:\Windows\System\zUAaKQf.exe
  C:\Windows\System\zUAaKQf.exe
  2⤵
  PID:7092
- C:\Windows\System\ILwrpwA.exe
  C:\Windows\System\ILwrpwA.exe
  2⤵
  PID:1920
- C:\Windows\System\PVLiuvD.exe
  C:\Windows\System\PVLiuvD.exe
  2⤵
  PID:6000
- C:\Windows\System\zTfptLT.exe
  C:\Windows\System\zTfptLT.exe
  2⤵
  PID:6236
- C:\Windows\System\WGlVKOS.exe
  C:\Windows\System\WGlVKOS.exe
  2⤵
  PID:6200
- C:\Windows\System\QXvzqIP.exe
  C:\Windows\System\QXvzqIP.exe
  2⤵
  PID:3028
- C:\Windows\System\wWxgQmV.exe
  C:\Windows\System\wWxgQmV.exe
  2⤵
  PID:6276
- C:\Windows\System\fFGgvYf.exe
  C:\Windows\System\fFGgvYf.exe
  2⤵
  PID:6264
- C:\Windows\System\IumWVuo.exe
  C:\Windows\System\IumWVuo.exe
  2⤵
  PID:6380
- C:\Windows\System\RkrXGzi.exe
  C:\Windows\System\RkrXGzi.exe
  2⤵
  PID:7096
- C:\Windows\System\ENfzHZx.exe
  C:\Windows\System\ENfzHZx.exe
  2⤵
  PID:6532
- C:\Windows\System\zrToEyh.exe
  C:\Windows\System\zrToEyh.exe
  2⤵
  PID:6644
- C:\Windows\System\AROtxXS.exe
  C:\Windows\System\AROtxXS.exe
  2⤵
  PID:6564
- C:\Windows\System\ActOAhd.exe
  C:\Windows\System\ActOAhd.exe
  2⤵
  PID:6848
- C:\Windows\System\uzmchlE.exe
  C:\Windows\System\uzmchlE.exe
  2⤵
  PID:6728
- C:\Windows\System\MPnCeyQ.exe
  C:\Windows\System\MPnCeyQ.exe
  2⤵
  PID:5172
- C:\Windows\System\CFPuXTs.exe
  C:\Windows\System\CFPuXTs.exe
  2⤵
  PID:6776
- C:\Windows\System\bhYYLCS.exe
  C:\Windows\System\bhYYLCS.exe
  2⤵
  PID:2764
- C:\Windows\System\KIVBHET.exe
  C:\Windows\System\KIVBHET.exe
  2⤵
  PID:2420
- C:\Windows\System\GhPhqKX.exe
  C:\Windows\System\GhPhqKX.exe
  2⤵
  PID:764
- C:\Windows\System\FoVDhcs.exe
  C:\Windows\System\FoVDhcs.exe
  2⤵
  PID:2832
- C:\Windows\System\wMoErrV.exe
  C:\Windows\System\wMoErrV.exe
  2⤵
  PID:7012
- C:\Windows\System\hACYjsh.exe
  C:\Windows\System\hACYjsh.exe
  2⤵
  PID:1892
- C:\Windows\System\MsFbQNF.exe
  C:\Windows\System\MsFbQNF.exe
  2⤵
  PID:2812
- C:\Windows\System\ExTamMR.exe
  C:\Windows\System\ExTamMR.exe
  2⤵
  PID:1712
- C:\Windows\System\rcivHgN.exe
  C:\Windows\System\rcivHgN.exe
  2⤵
  PID:6392
- C:\Windows\System\dLsrMwp.exe
  C:\Windows\System\dLsrMwp.exe
  2⤵
  PID:6280
- C:\Windows\System\MwXmpHx.exe
  C:\Windows\System\MwXmpHx.exe
  2⤵
  PID:920
- C:\Windows\System\DFJfjoG.exe
  C:\Windows\System\DFJfjoG.exe
  2⤵
  PID:5632
- C:\Windows\System\ofnHarv.exe
  C:\Windows\System\ofnHarv.exe
  2⤵
  PID:6344
- C:\Windows\System\rUWlKIi.exe
  C:\Windows\System\rUWlKIi.exe
  2⤵
  PID:6572
- C:\Windows\System\wUgwVxd.exe
  C:\Windows\System\wUgwVxd.exe
  2⤵
  PID:6788
- C:\Windows\System\ULxKLXW.exe
  C:\Windows\System\ULxKLXW.exe
  2⤵
  PID:6648
- C:\Windows\System\lbamSKy.exe
  C:\Windows\System\lbamSKy.exe
  2⤵
  PID:2728
- C:\Windows\System\kymJJHl.exe
  C:\Windows\System\kymJJHl.exe
  2⤵
  PID:7116
- C:\Windows\System\jofgaxA.exe
  C:\Windows\System\jofgaxA.exe
  2⤵
  PID:2360
- C:\Windows\System\heMIvjs.exe
  C:\Windows\System\heMIvjs.exe
  2⤵
  PID:7160
- C:\Windows\System\iBEtjKK.exe
  C:\Windows\System\iBEtjKK.exe
  2⤵
  PID:6188
- C:\Windows\System\hWUdZDL.exe
  C:\Windows\System\hWUdZDL.exe
  2⤵
  PID:6404
- C:\Windows\System\AfaXPxp.exe
  C:\Windows\System\AfaXPxp.exe
  2⤵
  PID:6664
- C:\Windows\System\tNLgRTQ.exe
  C:\Windows\System\tNLgRTQ.exe
  2⤵
  PID:6592
- C:\Windows\System\pfNXjGy.exe
  C:\Windows\System\pfNXjGy.exe
  2⤵
  PID:6212
- C:\Windows\System\kDrGVIh.exe
  C:\Windows\System\kDrGVIh.exe
  2⤵
  PID:5672
- C:\Windows\System\ufIJMEw.exe
  C:\Windows\System\ufIJMEw.exe
  2⤵
  PID:7028
- C:\Windows\System\CVzjubS.exe
  C:\Windows\System\CVzjubS.exe
  2⤵
  PID:6168
- C:\Windows\System\oawrQZD.exe
  C:\Windows\System\oawrQZD.exe
  2⤵
  PID:6968
- C:\Windows\System\JBjRirD.exe
  C:\Windows\System\JBjRirD.exe
  2⤵
  PID:2644
- C:\Windows\System\cgtMvQL.exe
  C:\Windows\System\cgtMvQL.exe
  2⤵
  PID:7176
- C:\Windows\System\zdZMeGJ.exe
  C:\Windows\System\zdZMeGJ.exe
  2⤵
  PID:7192
- C:\Windows\System\oaBHKQX.exe
  C:\Windows\System\oaBHKQX.exe
  2⤵
  PID:7208
- C:\Windows\System\vnVeydr.exe
  C:\Windows\System\vnVeydr.exe
  2⤵
  PID:7224
- C:\Windows\System\tBPgBlR.exe
  C:\Windows\System\tBPgBlR.exe
  2⤵
  PID:7240
- C:\Windows\System\SbBLnOX.exe
  C:\Windows\System\SbBLnOX.exe
  2⤵
  PID:7264
- C:\Windows\System\lUBZbfG.exe
  C:\Windows\System\lUBZbfG.exe
  2⤵
  PID:7280
- C:\Windows\System\oxSMWkN.exe
  C:\Windows\System\oxSMWkN.exe
  2⤵
  PID:7296
- C:\Windows\System\JFhDsfE.exe
  C:\Windows\System\JFhDsfE.exe
  2⤵
  PID:7316
- C:\Windows\System\mJCcHLo.exe
  C:\Windows\System\mJCcHLo.exe
  2⤵
  PID:7332
- C:\Windows\System\fjbyEOq.exe
  C:\Windows\System\fjbyEOq.exe
  2⤵
  PID:7348
- C:\Windows\System\uNKHHKQ.exe
  C:\Windows\System\uNKHHKQ.exe
  2⤵
  PID:7364
- C:\Windows\System\mTUXfHF.exe
  C:\Windows\System\mTUXfHF.exe
  2⤵
  PID:7380
- C:\Windows\System\mtvQBTj.exe
  C:\Windows\System\mtvQBTj.exe
  2⤵
  PID:7396
- C:\Windows\System\KIxLuRB.exe
  C:\Windows\System\KIxLuRB.exe
  2⤵
  PID:7412
- C:\Windows\System\PwTlWFb.exe
  C:\Windows\System\PwTlWFb.exe
  2⤵
  PID:7428
- C:\Windows\System\jMHrjjq.exe
  C:\Windows\System\jMHrjjq.exe
  2⤵
  PID:7444
- C:\Windows\System\TvbsAhZ.exe
  C:\Windows\System\TvbsAhZ.exe
  2⤵
  PID:7460
- C:\Windows\System\aQTKdkY.exe
  C:\Windows\System\aQTKdkY.exe
  2⤵
  PID:7476
- C:\Windows\System\DUkVNOV.exe
  C:\Windows\System\DUkVNOV.exe
  2⤵
  PID:7492
- C:\Windows\System\UCmwXUo.exe
  C:\Windows\System\UCmwXUo.exe
  2⤵
  PID:7508
- C:\Windows\System\XhDlmNl.exe
  C:\Windows\System\XhDlmNl.exe
  2⤵
  PID:7524
- C:\Windows\System\HsbXLjC.exe
  C:\Windows\System\HsbXLjC.exe
  2⤵
  PID:7540
- C:\Windows\System\flXtKuY.exe
  C:\Windows\System\flXtKuY.exe
  2⤵
  PID:7556
- C:\Windows\System\MvsoZCQ.exe
  C:\Windows\System\MvsoZCQ.exe
  2⤵
  PID:7572
- C:\Windows\System\qJHupgZ.exe
  C:\Windows\System\qJHupgZ.exe
  2⤵
  PID:7588
- C:\Windows\System\KoGhswr.exe
  C:\Windows\System\KoGhswr.exe
  2⤵
  PID:7604
- C:\Windows\System\AmMPqag.exe
  C:\Windows\System\AmMPqag.exe
  2⤵
  PID:7620
- C:\Windows\System\GuDijGg.exe
  C:\Windows\System\GuDijGg.exe
  2⤵
  PID:7636
- C:\Windows\System\lwpNjDr.exe
  C:\Windows\System\lwpNjDr.exe
  2⤵
  PID:7652
- C:\Windows\System\gsKLqdm.exe
  C:\Windows\System\gsKLqdm.exe
  2⤵
  PID:7672
- C:\Windows\System\TPmaowS.exe
  C:\Windows\System\TPmaowS.exe
  2⤵
  PID:7688
- C:\Windows\System\bJEWlOR.exe
  C:\Windows\System\bJEWlOR.exe
  2⤵
  PID:7704
- C:\Windows\System\bsaGghk.exe
  C:\Windows\System\bsaGghk.exe
  2⤵
  PID:7720
- C:\Windows\System\OjCapwY.exe
  C:\Windows\System\OjCapwY.exe
  2⤵
  PID:7740
- C:\Windows\System\xpPnMOB.exe
  C:\Windows\System\xpPnMOB.exe
  2⤵
  PID:7756
- C:\Windows\System\EPFNPvQ.exe
  C:\Windows\System\EPFNPvQ.exe
  2⤵
  PID:7772
- C:\Windows\System\EqTPBqx.exe
  C:\Windows\System\EqTPBqx.exe
  2⤵
  PID:7788
- C:\Windows\System\XUuIXSp.exe
  C:\Windows\System\XUuIXSp.exe
  2⤵
  PID:7804
- C:\Windows\System\rLEaKdv.exe
  C:\Windows\System\rLEaKdv.exe
  2⤵
  PID:7820
- C:\Windows\System\odMMIYF.exe
  C:\Windows\System\odMMIYF.exe
  2⤵
  PID:7836
- C:\Windows\System\Hqailej.exe
  C:\Windows\System\Hqailej.exe
  2⤵
  PID:7852
- C:\Windows\System\Sqlyawh.exe
  C:\Windows\System\Sqlyawh.exe
  2⤵
  PID:7868
- C:\Windows\System\xHXkWsR.exe
  C:\Windows\System\xHXkWsR.exe
  2⤵
  PID:7884
- C:\Windows\System\WIdDpFA.exe
  C:\Windows\System\WIdDpFA.exe
  2⤵
  PID:7900
- C:\Windows\System\NBXGmHV.exe
  C:\Windows\System\NBXGmHV.exe
  2⤵
  PID:7916
- C:\Windows\System\HjbhoYO.exe
  C:\Windows\System\HjbhoYO.exe
  2⤵
  PID:7932
- C:\Windows\System\wVwNaUl.exe
  C:\Windows\System\wVwNaUl.exe
  2⤵
  PID:7948
- C:\Windows\System\xExQNwU.exe
  C:\Windows\System\xExQNwU.exe
  2⤵
  PID:7964
- C:\Windows\System\kBBFGfO.exe
  C:\Windows\System\kBBFGfO.exe
  2⤵
  PID:7980
- C:\Windows\System\PxpRWYL.exe
  C:\Windows\System\PxpRWYL.exe
  2⤵
  PID:7996
- C:\Windows\System\MqMkOqp.exe
  C:\Windows\System\MqMkOqp.exe
  2⤵
  PID:8012
- C:\Windows\System\Swamfgt.exe
  C:\Windows\System\Swamfgt.exe
  2⤵
  PID:8028
- C:\Windows\System\rZnKZOZ.exe
  C:\Windows\System\rZnKZOZ.exe
  2⤵
  PID:8044
- C:\Windows\System\HPzUQHt.exe
  C:\Windows\System\HPzUQHt.exe
  2⤵
  PID:8060
- C:\Windows\System\kbKFjdf.exe
  C:\Windows\System\kbKFjdf.exe
  2⤵
  PID:8076
- C:\Windows\System\VDEwepX.exe
  C:\Windows\System\VDEwepX.exe
  2⤵
  PID:8092
- C:\Windows\System\mEaeZuk.exe
  C:\Windows\System\mEaeZuk.exe
  2⤵
  PID:8108
- C:\Windows\System\zCyPEHO.exe
  C:\Windows\System\zCyPEHO.exe
  2⤵
  PID:8124
- C:\Windows\System\XAONESs.exe
  C:\Windows\System\XAONESs.exe
  2⤵
  PID:8140
- C:\Windows\System\BkdcMbx.exe
  C:\Windows\System\BkdcMbx.exe
  2⤵
  PID:8156
- C:\Windows\System\OxrXJfc.exe
  C:\Windows\System\OxrXJfc.exe
  2⤵
  PID:8172
- C:\Windows\System\tkWsUgy.exe
  C:\Windows\System\tkWsUgy.exe
  2⤵
  PID:8188
- C:\Windows\System\fAdIrOU.exe
  C:\Windows\System\fAdIrOU.exe
  2⤵
  PID:7076
- C:\Windows\System\NxYeNEW.exe
  C:\Windows\System\NxYeNEW.exe
  2⤵
  PID:7188
- C:\Windows\System\gOIotDn.exe
  C:\Windows\System\gOIotDn.exe
  2⤵
  PID:7216
- C:\Windows\System\aGLEhIG.exe
  C:\Windows\System\aGLEhIG.exe
  2⤵
  PID:7272
- C:\Windows\System\jVodhKj.exe
  C:\Windows\System\jVodhKj.exe
  2⤵
  PID:7276
- C:\Windows\System\ZHZLGjX.exe
  C:\Windows\System\ZHZLGjX.exe
  2⤵
  PID:7312
- C:\Windows\System\uodRxAk.exe
  C:\Windows\System\uodRxAk.exe
  2⤵
  PID:7408
- C:\Windows\System\Hhukajm.exe
  C:\Windows\System\Hhukajm.exe
  2⤵
  PID:7392
- C:\Windows\System\CaJxNzA.exe
  C:\Windows\System\CaJxNzA.exe
  2⤵
  PID:7472
- C:\Windows\System\hAIdYQp.exe
  C:\Windows\System\hAIdYQp.exe
  2⤵
  PID:7484
- C:\Windows\System\rywYBzy.exe
  C:\Windows\System\rywYBzy.exe
  2⤵
  PID:7536
- C:\Windows\System\oEQuJWN.exe
  C:\Windows\System\oEQuJWN.exe
  2⤵
  PID:7552
- C:\Windows\System\JyQyQrE.exe
  C:\Windows\System\JyQyQrE.exe
  2⤵
  PID:7564
- C:\Windows\System\FfaqZYJ.exe
  C:\Windows\System\FfaqZYJ.exe
  2⤵
  PID:7628
- C:\Windows\System\LWBXgRn.exe
  C:\Windows\System\LWBXgRn.exe
  2⤵
  PID:7648
- C:\Windows\System\RXqGuxC.exe
  C:\Windows\System\RXqGuxC.exe
  2⤵
  PID:7748
- C:\Windows\System\JAPzFFI.exe
  C:\Windows\System\JAPzFFI.exe
  2⤵
  PID:7800
- C:\Windows\System\tjNxKPA.exe
  C:\Windows\System\tjNxKPA.exe
  2⤵
  PID:7860
- C:\Windows\System\zffERIq.exe
  C:\Windows\System\zffERIq.exe
  2⤵
  PID:7812
- C:\Windows\System\zbhFeBH.exe
  C:\Windows\System\zbhFeBH.exe
  2⤵
  PID:7848
- C:\Windows\System\YmfhQLn.exe
  C:\Windows\System\YmfhQLn.exe
  2⤵
  PID:7956
- C:\Windows\System\eVwujAA.exe
  C:\Windows\System\eVwujAA.exe
  2⤵
  PID:7972
- C:\Windows\System\TnVEqcB.exe
  C:\Windows\System\TnVEqcB.exe
  2⤵
  PID:8004
- C:\Windows\System\zzkcTRY.exe
  C:\Windows\System\zzkcTRY.exe
  2⤵
  PID:8056
- C:\Windows\System\izNJZfQ.exe
  C:\Windows\System\izNJZfQ.exe
  2⤵
  PID:8084
- C:\Windows\System\JAmJVGn.exe
  C:\Windows\System\JAmJVGn.exe
  2⤵
  PID:8120
- C:\Windows\System\irVQklW.exe
  C:\Windows\System\irVQklW.exe
  2⤵
  PID:8148
- C:\Windows\System\eWFHfFD.exe
  C:\Windows\System\eWFHfFD.exe
  2⤵
  PID:7172
- C:\Windows\System\ZYeVMpT.exe
  C:\Windows\System\ZYeVMpT.exe
  2⤵
  PID:7236
- C:\Windows\System\BVuuEgT.exe
  C:\Windows\System\BVuuEgT.exe
  2⤵
  PID:7664
- C:\Windows\System\VpMRPtX.exe
  C:\Windows\System\VpMRPtX.exe
  2⤵
  PID:7256
- C:\Windows\System\SoRWgfD.exe
  C:\Windows\System\SoRWgfD.exe
  2⤵
  PID:1092
- C:\Windows\System\KVSTzAW.exe
  C:\Windows\System\KVSTzAW.exe
  2⤵
  PID:1088
- C:\Windows\System\RIdaSCo.exe
  C:\Windows\System\RIdaSCo.exe
  2⤵
  PID:608
- C:\Windows\System\NMmLxkP.exe
  C:\Windows\System\NMmLxkP.exe
  2⤵
  PID:360
- C:\Windows\System\QovTpjn.exe
  C:\Windows\System\QovTpjn.exe
  2⤵
  PID:7388
- C:\Windows\System\ZKYHVuz.exe
  C:\Windows\System\ZKYHVuz.exe
  2⤵
  PID:7424
- C:\Windows\System\mCyXmOq.exe
  C:\Windows\System\mCyXmOq.exe
  2⤵
  PID:7596
- C:\Windows\System\hLdquFc.exe
  C:\Windows\System\hLdquFc.exe
  2⤵
  PID:7600
- C:\Windows\System\suuimoB.exe
  C:\Windows\System\suuimoB.exe
  2⤵
  PID:7616
- C:\Windows\System\YRfzOSL.exe
  C:\Windows\System\YRfzOSL.exe
  2⤵
  PID:7696
- C:\Windows\System\IKHVVjQ.exe
  C:\Windows\System\IKHVVjQ.exe
  2⤵
  PID:7712
- C:\Windows\System\WRnsGiV.exe
  C:\Windows\System\WRnsGiV.exe
  2⤵
  PID:7832
- C:\Windows\System\weMjNBQ.exe
  C:\Windows\System\weMjNBQ.exe
  2⤵
  PID:7864
- C:\Windows\System\jAoObHV.exe
  C:\Windows\System\jAoObHV.exe
  2⤵
  PID:7944
- C:\Windows\System\tGISpFi.exe
  C:\Windows\System\tGISpFi.exe
  2⤵
  PID:8020
- C:\Windows\System\dENVlDN.exe
  C:\Windows\System\dENVlDN.exe
  2⤵
  PID:7924
- C:\Windows\System\ewGZBHd.exe
  C:\Windows\System\ewGZBHd.exe
  2⤵
  PID:8116
- C:\Windows\System\vsCwoZN.exe
  C:\Windows\System\vsCwoZN.exe
  2⤵
  PID:8184
- C:\Windows\System\FvBAKQR.exe
  C:\Windows\System\FvBAKQR.exe
  2⤵
  PID:8136
- C:\Windows\System\JbLJUSu.exe
  C:\Windows\System\JbLJUSu.exe
  2⤵
  PID:8152
- C:\Windows\System\LmAHfLv.exe
  C:\Windows\System\LmAHfLv.exe
  2⤵
  PID:1440
- C:\Windows\System\CfIZizl.exe
  C:\Windows\System\CfIZizl.exe
  2⤵
  PID:7520
- C:\Windows\System\bfKWjla.exe
  C:\Windows\System\bfKWjla.exe
  2⤵
  PID:7668
- C:\Windows\System\FObjViZ.exe
  C:\Windows\System\FObjViZ.exe
  2⤵
  PID:7816
- C:\Windows\System\mVccQGg.exe
  C:\Windows\System\mVccQGg.exe
  2⤵
  PID:8088
- C:\Windows\System\qWUtbhI.exe
  C:\Windows\System\qWUtbhI.exe
  2⤵
  PID:1116
- C:\Windows\System\hdGgujH.exe
  C:\Windows\System\hdGgujH.exe
  2⤵
  PID:7644
- C:\Windows\System\szsXXoh.exe
  C:\Windows\System\szsXXoh.exe
  2⤵
  PID:8040
- C:\Windows\System\BDXHxdR.exe
  C:\Windows\System\BDXHxdR.exe
  2⤵
  PID:7700
- C:\Windows\System\nGgBWSz.exe
  C:\Windows\System\nGgBWSz.exe
  2⤵
  PID:7940
- C:\Windows\System\qREonoe.exe
  C:\Windows\System\qREonoe.exe
  2⤵
  PID:7376
- C:\Windows\System\qQufGCM.exe
  C:\Windows\System\qQufGCM.exe
  2⤵
  PID:7784
- C:\Windows\System\EvCfGWt.exe
  C:\Windows\System\EvCfGWt.exe
  2⤵
  PID:7912
- C:\Windows\System\cmbHYiT.exe
  C:\Windows\System\cmbHYiT.exe
  2⤵
  PID:7584
- C:\Windows\System\JYHYMxY.exe
  C:\Windows\System\JYHYMxY.exe
  2⤵
  PID:7896
- C:\Windows\System\HMquPqt.exe
  C:\Windows\System\HMquPqt.exe
  2⤵
  PID:7200
- C:\Windows\System\cQAGmOL.exe
  C:\Windows\System\cQAGmOL.exe
  2⤵
  PID:7500
- C:\Windows\System\kBmJTmE.exe
  C:\Windows\System\kBmJTmE.exe
  2⤵
  PID:6792
- C:\Windows\System\aSwvREN.exe
  C:\Windows\System\aSwvREN.exe
  2⤵
  PID:7328
- C:\Windows\System\ZwhWZAq.exe
  C:\Windows\System\ZwhWZAq.exe
  2⤵
  PID:8204
- C:\Windows\System\STdFVmS.exe
  C:\Windows\System\STdFVmS.exe
  2⤵
  PID:8220
- C:\Windows\System\roPqqqh.exe
  C:\Windows\System\roPqqqh.exe
  2⤵
  PID:8236
- C:\Windows\System\YafyiGN.exe
  C:\Windows\System\YafyiGN.exe
  2⤵
  PID:8252
- C:\Windows\System\RJAsaUc.exe
  C:\Windows\System\RJAsaUc.exe
  2⤵
  PID:8268
- C:\Windows\System\rAxeGvW.exe
  C:\Windows\System\rAxeGvW.exe
  2⤵
  PID:8284
- C:\Windows\System\tPATNDI.exe
  C:\Windows\System\tPATNDI.exe
  2⤵
  PID:8300
- C:\Windows\System\oHLORgq.exe
  C:\Windows\System\oHLORgq.exe
  2⤵
  PID:8316
- C:\Windows\System\zDfRMHk.exe
  C:\Windows\System\zDfRMHk.exe
  2⤵
  PID:8332
- C:\Windows\System\JGOzVjL.exe
  C:\Windows\System\JGOzVjL.exe
  2⤵
  PID:8348
- C:\Windows\System\uWXYlrA.exe
  C:\Windows\System\uWXYlrA.exe
  2⤵
  PID:8364
- C:\Windows\System\XxkSlrI.exe
  C:\Windows\System\XxkSlrI.exe
  2⤵
  PID:8380
- C:\Windows\System\lrKlFaY.exe
  C:\Windows\System\lrKlFaY.exe
  2⤵
  PID:8396
- C:\Windows\System\rJUbbXf.exe
  C:\Windows\System\rJUbbXf.exe
  2⤵
  PID:8412
- C:\Windows\System\eeBPqIy.exe
  C:\Windows\System\eeBPqIy.exe
  2⤵
  PID:8428
- C:\Windows\System\SmsMXri.exe
  C:\Windows\System\SmsMXri.exe
  2⤵
  PID:8444
- C:\Windows\System\esHbowk.exe
  C:\Windows\System\esHbowk.exe
  2⤵
  PID:8460
- C:\Windows\System\cicvWRP.exe
  C:\Windows\System\cicvWRP.exe
  2⤵
  PID:8476
- C:\Windows\System\AnjVFVz.exe
  C:\Windows\System\AnjVFVz.exe
  2⤵
  PID:8492
- C:\Windows\System\pzpNKac.exe
  C:\Windows\System\pzpNKac.exe
  2⤵
  PID:8508
- C:\Windows\System\HDKneYD.exe
  C:\Windows\System\HDKneYD.exe
  2⤵
  PID:8524
- C:\Windows\System\VKwRrPx.exe
  C:\Windows\System\VKwRrPx.exe
  2⤵
  PID:8540
- C:\Windows\System\QObJVWa.exe
  C:\Windows\System\QObJVWa.exe
  2⤵
  PID:8556
- C:\Windows\System\qZSPBkF.exe
  C:\Windows\System\qZSPBkF.exe
  2⤵
  PID:8576
- C:\Windows\System\spMdVnk.exe
  C:\Windows\System\spMdVnk.exe
  2⤵
  PID:8592
- C:\Windows\System\pJKSUok.exe
  C:\Windows\System\pJKSUok.exe
  2⤵
  PID:8608
- C:\Windows\System\NjGgfFA.exe
  C:\Windows\System\NjGgfFA.exe
  2⤵
  PID:8624
- C:\Windows\System\vLyiATd.exe
  C:\Windows\System\vLyiATd.exe
  2⤵
  PID:8640
- C:\Windows\System\ccgxYTj.exe
  C:\Windows\System\ccgxYTj.exe
  2⤵
  PID:8656
- C:\Windows\System\JnVEuLx.exe
  C:\Windows\System\JnVEuLx.exe
  2⤵
  PID:8672
- C:\Windows\System\aHLwEBd.exe
  C:\Windows\System\aHLwEBd.exe
  2⤵
  PID:8688
- C:\Windows\System\GBMOhMs.exe
  C:\Windows\System\GBMOhMs.exe
  2⤵
  PID:8704
- C:\Windows\System\umfKgYp.exe
  C:\Windows\System\umfKgYp.exe
  2⤵
  PID:8724
- C:\Windows\System\dYYRIMF.exe
  C:\Windows\System\dYYRIMF.exe
  2⤵
  PID:8744
- C:\Windows\System\thKgEYl.exe
  C:\Windows\System\thKgEYl.exe
  2⤵
  PID:8764
- C:\Windows\System\OxHijXI.exe
  C:\Windows\System\OxHijXI.exe
  2⤵
  PID:8788
- C:\Windows\System\bjCIDdH.exe
  C:\Windows\System\bjCIDdH.exe
  2⤵
  PID:8804
- C:\Windows\System\RBDJxiw.exe
  C:\Windows\System\RBDJxiw.exe
  2⤵
  PID:8820
- C:\Windows\System\NdbKPsd.exe
  C:\Windows\System\NdbKPsd.exe
  2⤵
  PID:8836
- C:\Windows\System\NkCfnoF.exe
  C:\Windows\System\NkCfnoF.exe
  2⤵
  PID:8852
- C:\Windows\System\xagUhbI.exe
  C:\Windows\System\xagUhbI.exe
  2⤵
  PID:8868
- C:\Windows\System\KNuTddo.exe
  C:\Windows\System\KNuTddo.exe
  2⤵
  PID:8884
- C:\Windows\System\OyczGCg.exe
  C:\Windows\System\OyczGCg.exe
  2⤵
  PID:8900
- C:\Windows\System\QoqUcUJ.exe
  C:\Windows\System\QoqUcUJ.exe
  2⤵
  PID:8916
- C:\Windows\System\Hlqjmjm.exe
  C:\Windows\System\Hlqjmjm.exe
  2⤵
  PID:8936
- C:\Windows\System\PJiVBTQ.exe
  C:\Windows\System\PJiVBTQ.exe
  2⤵
  PID:8952
- C:\Windows\System\IxOcSzZ.exe
  C:\Windows\System\IxOcSzZ.exe
  2⤵
  PID:8972
- C:\Windows\System\BkBYvVX.exe
  C:\Windows\System\BkBYvVX.exe
  2⤵
  PID:8988
- C:\Windows\System\NVogRXP.exe
  C:\Windows\System\NVogRXP.exe
  2⤵
  PID:9004
- C:\Windows\System\mQGmisj.exe
  C:\Windows\System\mQGmisj.exe
  2⤵
  PID:9020
- C:\Windows\System\bsOxPks.exe
  C:\Windows\System\bsOxPks.exe
  2⤵
  PID:9036
- C:\Windows\System\UCxDQpF.exe
  C:\Windows\System\UCxDQpF.exe
  2⤵
  PID:9052
- C:\Windows\System\fLAtVxz.exe
  C:\Windows\System\fLAtVxz.exe
  2⤵
  PID:9076
- C:\Windows\System\WrASIMi.exe
  C:\Windows\System\WrASIMi.exe
  2⤵
  PID:9092
- C:\Windows\System\glgHDxu.exe
  C:\Windows\System\glgHDxu.exe
  2⤵
  PID:9108
- C:\Windows\System\fsaGNUq.exe
  C:\Windows\System\fsaGNUq.exe
  2⤵
  PID:9132
- C:\Windows\System\EttaIfi.exe
  C:\Windows\System\EttaIfi.exe
  2⤵
  PID:9156
- C:\Windows\System\rfwEgGk.exe
  C:\Windows\System\rfwEgGk.exe
  2⤵
  PID:9176
- C:\Windows\System\VHSSbPc.exe
  C:\Windows\System\VHSSbPc.exe
  2⤵
  PID:9196
- C:\Windows\System\baKdRac.exe
  C:\Windows\System\baKdRac.exe
  2⤵
  PID:9212
- C:\Windows\System\GDttIMj.exe
  C:\Windows\System\GDttIMj.exe
  2⤵
  PID:8216
- C:\Windows\System\YhGXfzW.exe
  C:\Windows\System\YhGXfzW.exe
  2⤵
  PID:8244
- C:\Windows\System\atyfQsc.exe
  C:\Windows\System\atyfQsc.exe
  2⤵
  PID:8264
- C:\Windows\System\JGqxXDb.exe
  C:\Windows\System\JGqxXDb.exe
  2⤵
  PID:8292
- C:\Windows\System\sSJLdjS.exe
  C:\Windows\System\sSJLdjS.exe
  2⤵
  PID:8328
- C:\Windows\System\mNDfrDK.exe
  C:\Windows\System\mNDfrDK.exe
  2⤵
  PID:8360
- C:\Windows\System\DyavwSV.exe
  C:\Windows\System\DyavwSV.exe
  2⤵
  PID:8408
- C:\Windows\System\ajeyUoG.exe
  C:\Windows\System\ajeyUoG.exe
  2⤵
  PID:8488
- C:\Windows\System\lwSXKtS.exe
  C:\Windows\System\lwSXKtS.exe
  2⤵
  PID:8516
- C:\Windows\System\eLypJBx.exe
  C:\Windows\System\eLypJBx.exe
  2⤵
  PID:8532
- C:\Windows\System\ugmSspw.exe
  C:\Windows\System\ugmSspw.exe
  2⤵
  PID:8552
- C:\Windows\System\JXiDdbf.exe
  C:\Windows\System\JXiDdbf.exe
  2⤵
  PID:8604
- C:\Windows\System\LSuIJNI.exe
  C:\Windows\System\LSuIJNI.exe
  2⤵
  PID:8648
- C:\Windows\System\idDJKwQ.exe
  C:\Windows\System\idDJKwQ.exe
  2⤵
  PID:8684
- C:\Windows\System\GDsBnlK.exe
  C:\Windows\System\GDsBnlK.exe
  2⤵
  PID:8696
- C:\Windows\System\rtnoinL.exe
  C:\Windows\System\rtnoinL.exe
  2⤵
  PID:8740
- C:\Windows\System\sozkcei.exe
  C:\Windows\System\sozkcei.exe
  2⤵
  PID:8756
- C:\Windows\System\LNDhiZl.exe
  C:\Windows\System\LNDhiZl.exe
  2⤵
  PID:8784
- C:\Windows\System\xWEPqbg.exe
  C:\Windows\System\xWEPqbg.exe
  2⤵
  PID:8816
- C:\Windows\System\CGuxnMT.exe
  C:\Windows\System\CGuxnMT.exe
  2⤵
  PID:8832
- C:\Windows\System\cjZCrlx.exe
  C:\Windows\System\cjZCrlx.exe
  2⤵
  PID:8864
- C:\Windows\System\ClKcVdr.exe
  C:\Windows\System\ClKcVdr.exe
  2⤵
  PID:8944
- C:\Windows\System\YDtJSTE.exe
  C:\Windows\System\YDtJSTE.exe
  2⤵
  PID:8984
- C:\Windows\System\TZHwQCf.exe
  C:\Windows\System\TZHwQCf.exe
  2⤵
  PID:8932
- C:\Windows\System\AzVkfGg.exe
  C:\Windows\System\AzVkfGg.exe
  2⤵
  PID:9048
- C:\Windows\System\cVDewCF.exe
  C:\Windows\System\cVDewCF.exe
  2⤵
  PID:9084
- C:\Windows\System\jNWGWet.exe
  C:\Windows\System\jNWGWet.exe
  2⤵
  PID:9060
- C:\Windows\System\siMCZDY.exe
  C:\Windows\System\siMCZDY.exe
  2⤵
  PID:9088
- C:\Windows\System\eAnAvCz.exe
  C:\Windows\System\eAnAvCz.exe
  2⤵
  PID:9128
- C:\Windows\System\eHoHAEt.exe
  C:\Windows\System\eHoHAEt.exe
  2⤵
  PID:9172
- C:\Windows\System\vuKxlSo.exe
  C:\Windows\System\vuKxlSo.exe
  2⤵
  PID:9140
- C:\Windows\System\XUbZDlM.exe
  C:\Windows\System\XUbZDlM.exe
  2⤵
  PID:8200
- C:\Windows\System\AtQxzcP.exe
  C:\Windows\System\AtQxzcP.exe
  2⤵
  PID:7660
- C:\Windows\System\BuPNcbV.exe
  C:\Windows\System\BuPNcbV.exe
  2⤵
  PID:2996
- C:\Windows\System\tNLLzrg.exe
  C:\Windows\System\tNLLzrg.exe
  2⤵
  PID:8276
- C:\Windows\System\bJJzvpC.exe
  C:\Windows\System\bJJzvpC.exe
  2⤵
  PID:336
- C:\Windows\System\GwOwHcZ.exe
  C:\Windows\System\GwOwHcZ.exe
  2⤵
  PID:2584
- C:\Windows\System\oDVmJTh.exe
  C:\Windows\System\oDVmJTh.exe
  2⤵
  PID:8388
- C:\Windows\System\sYFYGGB.exe
  C:\Windows\System\sYFYGGB.exe
  2⤵
  PID:8440
- C:\Windows\System\QDGCGon.exe
  C:\Windows\System\QDGCGon.exe
  2⤵
  PID:8404
- C:\Windows\System\xrUtHrF.exe
  C:\Windows\System\xrUtHrF.exe
  2⤵
  PID:324
- C:\Windows\System\yjeKbAu.exe
  C:\Windows\System\yjeKbAu.exe
  2⤵
  PID:1164
- C:\Windows\System\JUVPygJ.exe
  C:\Windows\System\JUVPygJ.exe
  2⤵
  PID:2984
- C:\Windows\System\XvKplqk.exe
  C:\Windows\System\XvKplqk.exe
  2⤵
  PID:8436
- C:\Windows\System\MuOinYJ.exe
  C:\Windows\System\MuOinYJ.exe
  2⤵
  PID:8536
- C:\Windows\System\wvByFZk.exe
  C:\Windows\System\wvByFZk.exe
  2⤵
  PID:8572
- C:\Windows\System\jKiuadF.exe
  C:\Windows\System\jKiuadF.exe
  2⤵
  PID:8732
- C:\Windows\System\DgcPPZy.exe
  C:\Windows\System\DgcPPZy.exe
  2⤵
  PID:8636
- C:\Windows\System\HwwbenS.exe
  C:\Windows\System\HwwbenS.exe
  2⤵
  PID:8844
- C:\Windows\System\ubRbNnX.exe
  C:\Windows\System\ubRbNnX.exe
  2⤵
  PID:8800
- C:\Windows\System\QwecgNy.exe
  C:\Windows\System\QwecgNy.exe
  2⤵
  PID:8912
- C:\Windows\System\YFyfWfo.exe
  C:\Windows\System\YFyfWfo.exe
  2⤵
  PID:8928
- C:\Windows\System\xYkhSQL.exe
  C:\Windows\System\xYkhSQL.exe
  2⤵
  PID:9072
- C:\Windows\System\fELlVYu.exe
  C:\Windows\System\fELlVYu.exe
  2⤵
  PID:9068
- C:\Windows\System\XoYYJpa.exe
  C:\Windows\System\XoYYJpa.exe
  2⤵
  PID:9152
- C:\Windows\System\ChrneYh.exe
  C:\Windows\System\ChrneYh.exe
  2⤵
  PID:9208
- C:\Windows\System\rQaMxYY.exe
  C:\Windows\System\rQaMxYY.exe
  2⤵
  PID:8312
- C:\Windows\System\SVxZYjZ.exe
  C:\Windows\System\SVxZYjZ.exe
  2⤵
  PID:1692
- C:\Windows\System\aIWfnaN.exe
  C:\Windows\System\aIWfnaN.exe
  2⤵
  PID:1460
- C:\Windows\System\GfWaXTv.exe
  C:\Windows\System\GfWaXTv.exe
  2⤵
  PID:8324
- C:\Windows\System\CltZWIL.exe
  C:\Windows\System\CltZWIL.exe
  2⤵
  PID:2148
- C:\Windows\System\QjoPixA.exe
  C:\Windows\System\QjoPixA.exe
  2⤵
  PID:2244
- C:\Windows\System\UOcpjAM.exe
  C:\Windows\System\UOcpjAM.exe
  2⤵
  PID:8548
- C:\Windows\System\FmxaCkb.exe
  C:\Windows\System\FmxaCkb.exe
  2⤵
  PID:8680
- C:\Windows\System\vjeuRwd.exe
  C:\Windows\System\vjeuRwd.exe
  2⤵
  PID:8752
- C:\Windows\System\QtEvSGX.exe
  C:\Windows\System\QtEvSGX.exe
  2⤵
  PID:8456
- C:\Windows\System\NxIjwtN.exe
  C:\Windows\System\NxIjwtN.exe
  2⤵
  PID:9028
- C:\Windows\System\sqhNVte.exe
  C:\Windows\System\sqhNVte.exe
  2⤵
  PID:8964
- C:\Windows\System\dThcvkd.exe
  C:\Windows\System\dThcvkd.exe
  2⤵
  PID:9204
- C:\Windows\System\bgezDPe.exe
  C:\Windows\System\bgezDPe.exe
  2⤵
  PID:2184
- C:\Windows\System\SaSbznG.exe
  C:\Windows\System\SaSbznG.exe
  2⤵
  PID:8716
- C:\Windows\System\jWKakvW.exe
  C:\Windows\System\jWKakvW.exe
  2⤵
  PID:1548
- C:\Windows\System\VsfHCMQ.exe
  C:\Windows\System\VsfHCMQ.exe
  2⤵
  PID:8876
- C:\Windows\System\QsDoJnX.exe
  C:\Windows\System\QsDoJnX.exe
  2⤵
  PID:8720
- C:\Windows\System\ZrTajeY.exe
  C:\Windows\System\ZrTajeY.exe
  2⤵
  PID:9148
- C:\Windows\System\fEbqNQA.exe
  C:\Windows\System\fEbqNQA.exe
  2⤵
  PID:8376
- C:\Windows\System\WfElrUC.exe
  C:\Windows\System\WfElrUC.exe
  2⤵
  PID:8924
- C:\Windows\System\cKDFDwe.exe
  C:\Windows\System\cKDFDwe.exe
  2⤵
  PID:9032
- C:\Windows\System\efwFtLR.exe
  C:\Windows\System\efwFtLR.exe
  2⤵
  PID:9236
- C:\Windows\System\LQvpQVU.exe
  C:\Windows\System\LQvpQVU.exe
  2⤵
  PID:9252
- C:\Windows\System\wKOgOpE.exe
  C:\Windows\System\wKOgOpE.exe
  2⤵
  PID:9268
- C:\Windows\System\ttOTSnq.exe
  C:\Windows\System\ttOTSnq.exe
  2⤵
  PID:9284
- C:\Windows\System\FTpcKVL.exe
  C:\Windows\System\FTpcKVL.exe
  2⤵
  PID:9300
- C:\Windows\System\EIKHRro.exe
  C:\Windows\System\EIKHRro.exe
  2⤵
  PID:9316
- C:\Windows\System\RtcVPPY.exe
  C:\Windows\System\RtcVPPY.exe
  2⤵
  PID:9332
- C:\Windows\System\epWiOOW.exe
  C:\Windows\System\epWiOOW.exe
  2⤵
  PID:9348
- C:\Windows\System\gkvsomC.exe
  C:\Windows\System\gkvsomC.exe
  2⤵
  PID:9364
- C:\Windows\System\pGdLLHA.exe
  C:\Windows\System\pGdLLHA.exe
  2⤵
  PID:9380
- C:\Windows\System\fUCOTny.exe
  C:\Windows\System\fUCOTny.exe
  2⤵
  PID:9396
- C:\Windows\System\lLSDCmr.exe
  C:\Windows\System\lLSDCmr.exe
  2⤵
  PID:9412
- C:\Windows\System\sxLEtBd.exe
  C:\Windows\System\sxLEtBd.exe
  2⤵
  PID:9428
- C:\Windows\System\zjVqwRH.exe
  C:\Windows\System\zjVqwRH.exe
  2⤵
  PID:9444
- C:\Windows\System\wBPmGNN.exe
  C:\Windows\System\wBPmGNN.exe
  2⤵
  PID:9460
- C:\Windows\System\rWCKOOf.exe
  C:\Windows\System\rWCKOOf.exe
  2⤵
  PID:9476
- C:\Windows\System\EpLpDnD.exe
  C:\Windows\System\EpLpDnD.exe
  2⤵
  PID:9492
- C:\Windows\System\PQwEbIp.exe
  C:\Windows\System\PQwEbIp.exe
  2⤵
  PID:9508
- C:\Windows\System\qrPfVEj.exe
  C:\Windows\System\qrPfVEj.exe
  2⤵
  PID:9524
- C:\Windows\System\wftqgIr.exe
  C:\Windows\System\wftqgIr.exe
  2⤵
  PID:9540
- C:\Windows\System\AAeghLK.exe
  C:\Windows\System\AAeghLK.exe
  2⤵
  PID:9556
- C:\Windows\System\laDSYMl.exe
  C:\Windows\System\laDSYMl.exe
  2⤵
  PID:9572
- C:\Windows\System\NsQjTJm.exe
  C:\Windows\System\NsQjTJm.exe
  2⤵
  PID:9588
- C:\Windows\System\gKTFVgJ.exe
  C:\Windows\System\gKTFVgJ.exe
  2⤵
  PID:9604
- C:\Windows\System\rNswaVE.exe
  C:\Windows\System\rNswaVE.exe
  2⤵
  PID:9620
- C:\Windows\System\wHSuPBQ.exe
  C:\Windows\System\wHSuPBQ.exe
  2⤵
  PID:9636
- C:\Windows\System\MDbsOXn.exe
  C:\Windows\System\MDbsOXn.exe
  2⤵
  PID:9652
- C:\Windows\System\NQRWBnX.exe
  C:\Windows\System\NQRWBnX.exe
  2⤵
  PID:9668
- C:\Windows\System\mucCEaV.exe
  C:\Windows\System\mucCEaV.exe
  2⤵
  PID:9684
- C:\Windows\System\JqBhVTL.exe
  C:\Windows\System\JqBhVTL.exe
  2⤵
  PID:9700
- C:\Windows\System\LNFveSo.exe
  C:\Windows\System\LNFveSo.exe
  2⤵
  PID:9716
- C:\Windows\System\aedCXUX.exe
  C:\Windows\System\aedCXUX.exe
  2⤵
  PID:9736
- C:\Windows\System\MpxcTgg.exe
  C:\Windows\System\MpxcTgg.exe
  2⤵
  PID:9756
- C:\Windows\System\ICthjuG.exe
  C:\Windows\System\ICthjuG.exe
  2⤵
  PID:9772
- C:\Windows\System\HockKBu.exe
  C:\Windows\System\HockKBu.exe
  2⤵
  PID:9788
- C:\Windows\System\QjMYdgZ.exe
  C:\Windows\System\QjMYdgZ.exe
  2⤵
  PID:9808
- C:\Windows\System\RrZaOiv.exe
  C:\Windows\System\RrZaOiv.exe
  2⤵
  PID:9824
- C:\Windows\System\ZTyAAIq.exe
  C:\Windows\System\ZTyAAIq.exe
  2⤵
  PID:9840
- C:\Windows\System\IRURlid.exe
  C:\Windows\System\IRURlid.exe
  2⤵
  PID:9856
- C:\Windows\System\ZNTaiHt.exe
  C:\Windows\System\ZNTaiHt.exe
  2⤵
  PID:9872
- C:\Windows\System\fnuDUmG.exe
  C:\Windows\System\fnuDUmG.exe
  2⤵
  PID:9888
- C:\Windows\System\wzuKGHM.exe
  C:\Windows\System\wzuKGHM.exe
  2⤵
  PID:9904
- C:\Windows\System\pxiBFuR.exe
  C:\Windows\System\pxiBFuR.exe
  2⤵
  PID:9920
- C:\Windows\System\lWrrcrS.exe
  C:\Windows\System\lWrrcrS.exe
  2⤵
  PID:9936
- C:\Windows\System\lgWxeik.exe
  C:\Windows\System\lgWxeik.exe
  2⤵
  PID:9952
- C:\Windows\System\JebbjwY.exe
  C:\Windows\System\JebbjwY.exe
  2⤵
  PID:9968
- C:\Windows\System\jsMsGBp.exe
  C:\Windows\System\jsMsGBp.exe
  2⤵
  PID:9984
- C:\Windows\System\GMmHyDL.exe
  C:\Windows\System\GMmHyDL.exe
  2⤵
  PID:10000
- C:\Windows\System\rviLQid.exe
  C:\Windows\System\rviLQid.exe
  2⤵
  PID:10016
- C:\Windows\System\DtQPZPb.exe
  C:\Windows\System\DtQPZPb.exe
  2⤵
  PID:10032
- C:\Windows\System\ZOGRYTT.exe
  C:\Windows\System\ZOGRYTT.exe
  2⤵
  PID:10048
- C:\Windows\System\TPycypa.exe
  C:\Windows\System\TPycypa.exe
  2⤵
  PID:10068
- C:\Windows\System\dOExAJJ.exe
  C:\Windows\System\dOExAJJ.exe
  2⤵
  PID:10084
- C:\Windows\System\VDjmNqM.exe
  C:\Windows\System\VDjmNqM.exe
  2⤵
  PID:10100
- C:\Windows\System\mjasWVZ.exe
  C:\Windows\System\mjasWVZ.exe
  2⤵
  PID:10116
- C:\Windows\System\pMQpfSP.exe
  C:\Windows\System\pMQpfSP.exe
  2⤵
  PID:10132
- C:\Windows\System\sNBnXAy.exe
  C:\Windows\System\sNBnXAy.exe
  2⤵
  PID:10148
- C:\Windows\System\XrpOhzo.exe
  C:\Windows\System\XrpOhzo.exe
  2⤵
  PID:10164
- C:\Windows\System\vApUgaH.exe
  C:\Windows\System\vApUgaH.exe
  2⤵
  PID:10180
- C:\Windows\System\pPhaLav.exe
  C:\Windows\System\pPhaLav.exe
  2⤵
  PID:10196
- C:\Windows\System\QqVcVKo.exe
  C:\Windows\System\QqVcVKo.exe
  2⤵
  PID:10212
- C:\Windows\System\paKfLnF.exe
  C:\Windows\System\paKfLnF.exe
  2⤵
  PID:10228
- C:\Windows\System\fkPrqoi.exe
  C:\Windows\System\fkPrqoi.exe
  2⤵
  PID:8776
- C:\Windows\System\fjUuwiI.exe
  C:\Windows\System\fjUuwiI.exe
  2⤵
  PID:9168
- C:\Windows\System\ABQdYyj.exe
  C:\Windows\System\ABQdYyj.exe
  2⤵
  PID:9228
- C:\Windows\System\qOuRyuS.exe
  C:\Windows\System\qOuRyuS.exe
  2⤵
  PID:9280
- C:\Windows\System\xcfDLHS.exe
  C:\Windows\System\xcfDLHS.exe
  2⤵
  PID:9296
- C:\Windows\System\jeJwjHd.exe
  C:\Windows\System\jeJwjHd.exe
  2⤵
  PID:9360
- C:\Windows\System\LoxjpFd.exe
  C:\Windows\System\LoxjpFd.exe
  2⤵
  PID:9340
- C:\Windows\System\fapXyCd.exe
  C:\Windows\System\fapXyCd.exe
  2⤵
  PID:9344
- C:\Windows\System\FpSbwlB.exe
  C:\Windows\System\FpSbwlB.exe
  2⤵
  PID:9440
- C:\Windows\System\SSEKnHV.exe
  C:\Windows\System\SSEKnHV.exe
  2⤵
  PID:9484
- C:\Windows\System\DNBefOX.exe
  C:\Windows\System\DNBefOX.exe
  2⤵
  PID:9500
- C:\Windows\System\WBICHZY.exe
  C:\Windows\System\WBICHZY.exe
  2⤵
  PID:10080
- C:\Windows\System\TCBmfCP.exe
  C:\Windows\System\TCBmfCP.exe
  2⤵
  PID:10192
- C:\Windows\System\SrqfeqP.exe
  C:\Windows\System\SrqfeqP.exe
  2⤵
  PID:10144
- C:\Windows\System\aFuoImA.exe
  C:\Windows\System\aFuoImA.exe
  2⤵
  PID:8736
- C:\Windows\System\TNcgGCr.exe
  C:\Windows\System\TNcgGCr.exe
  2⤵
  PID:9248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AuerxVq.exe

Filesize
6.0MB

MD5
62803598eeafa1fb16f2ff658c7a6d77

SHA1
c7e32d3f1d1fc1fbedadb662fc74981a95adb1b6

SHA256
ebd11566d4429f8b30d7da1928eef524531e08a42fb10ced41871718485a5622

SHA512
8c0451e63bbf8fbf31ad2793c5e3341be88f1d789e57ac4b0926227cd9e46339135b36e88ce4ac48dc623d4c0b38be3cef6b862304d1063672952b8d6733576f

Download Submit
C:\Windows\system\DQmMMeC.exe

Filesize
6.0MB

MD5
bfaa177b373509a824fd5364734157d0

SHA1
80d3c2408c880c291812b03ec7cd048f90d251a3

SHA256
99679a217e469a9331a790f8c136adb33ce2a6d3851479cd94d04d89ad795685

SHA512
a665f7064061a026040c90d228d5d830a8f6c0c13ff0a618cf597feea8d3624f797839efb39ca9260886e9f0dc73d7ca5ceb1c77daf5bf89b9304be6d505eb52

Download Submit
C:\Windows\system\GyCHHQn.exe

Filesize
6.0MB

MD5
1dd7755a52f7e51e7c1af2f156b6df54

SHA1
84fdef7a9a2fd2661206cb620dffc7b6edf73697

SHA256
e2d84268618cfcb3888e0511fa6c220218d942f188bbaf8965c38a837cacf473

SHA512
74b5201e28159888459fbe97a6160cf3c756ce0c770f50270ca411f855edcab9f2b37e6a2d1b5f92174d786ba83cfd9fac6ed3e545d119d85edc25904b4ba24c

Download Submit
C:\Windows\system\LUshjhD.exe

Filesize
6.0MB

MD5
6efdc5a88be74df2db2e72c85661d7d4

SHA1
3e287f616735b440bf64c4236dc644b0a9680b28

SHA256
3fbad322c6addabf9b738ecd856831ed6ec85674fe315abd30fc88ae348096dc

SHA512
2da3e76d3a0a5a89c22e6191992d23eda21cf8edff11c32ef016f61eb8737a2280a9776b3f6d4cdbba4d1ce050285a01d8f10e95ef036b0807e5b5e75543e508

Download Submit
C:\Windows\system\NuxSUux.exe

Filesize
6.0MB

MD5
6adf1d86380b525df6f26ea3a7b2754b

SHA1
b4eace6072af8b2e44fbafe91e133406d46f82f4

SHA256
42562b8753d0bffc724a3dd1da2fe2c9f4ea33e7bd7257d8a0299588961ce0a3

SHA512
2ebfae1412d04e312f74c8de8ce594a65d157bbc6e2da2d79955b4b76de0929c8b3e4c7f67a4d67836e355f7e9b3edc5a1f5acfd18cf600e10e71b2e2ada2db4

Download Submit
C:\Windows\system\OWAzsbm.exe

Filesize
6.0MB

MD5
7f14d46a644894c1cd2e17bba425d52b

SHA1
6a0950e1b39f76825bbe16e743519735bfc40e72

SHA256
01929de153e36d8fef5f066bb300237940c132fd82cc206a34bb2caa387ad212

SHA512
9df019bccc34d5162f48e7dc0b3ff16be2c2bf7ede30d2a07838172c8b1f56337a042929ea2b8341f20b7ee528bd9c1739a846b0e69448adcbec2f13131b71c3

Download Submit
C:\Windows\system\OxtKJCJ.exe

Filesize
6.0MB

MD5
27b5af979d862e94a8e87cf63fb201f3

SHA1
85a04a29bcb69ba72f5fc6a8f89f136e2d1f7c4c

SHA256
16668335321598239f21027dc429f62f55d73a98ba4d43ffe65a35d28938f0a1

SHA512
817053ae6700756680d9a405962647cc05bbd25b1415eb3e58ce0263b2f39c112da8df2dae681869816f2f3bbb1827be6fe95c3eaf8994f451bbfb6672757252

Download Submit
C:\Windows\system\PJtqkJR.exe

Filesize
6.0MB

MD5
3f180a63853f403495444e8165db2837

SHA1
351536ea26e05278c39133082836bc580af5ffd1

SHA256
86b7121eb8f12b617651aec24950a567bc58c98643d6a1b55cf9fa9ef0a76c88

SHA512
2a36db993520ecfb589fb68c8dd2cff7e257c34f87697c5f1870b120b3eb8da9b967418590b1ac231b78c8e9a335d39358f008baf3f5779d78234f77ddddc3cf

Download Submit
C:\Windows\system\QawAVRD.exe

Filesize
6.0MB

MD5
04e0d8cbe18e3466fc19d0385604b7bd

SHA1
f46fd1366be2368c77a1180d25d1035d36fbdb47

SHA256
590d3a60a4b972c77b3aa8a1032fed09bb2ea11605ee134ee5cde6efd0cc92d2

SHA512
e2937ced30a0f033da1fb930908ab942192bf4c719098a7e819c887398faff31a463d584977be781955f3d93dd0a96cfb965a01267e486d01dd1233d35283e0a

Download Submit
C:\Windows\system\QbDcphZ.exe

Filesize
6.0MB

MD5
049d3bc69ca1593f512148c6f03f16c0

SHA1
8d66f588db0e5ac789337d2609ee1c3ee368efc9

SHA256
30a0c33f73a308888f537a762fc98139f9b0e3e0376dd26d71b6723645053b6b

SHA512
c93639289ba2d660bd16142d04c67fc2f84f3a9789fd6a55dd9169b7c18b8c08731fc9d05967a0d90345315a4113266e1161f54b4060028e6bfc87163103e368

Download Submit
C:\Windows\system\RsTDivX.exe

Filesize
6.0MB

MD5
1e359a51a4e421b33cbb603e71af8d97

SHA1
5232bab731f8518f4d402abbdb02a535c2b10cda

SHA256
fa5f485e3c2809f2928d877fab0fae10944784dbb43459c8461b2bf13c38811b

SHA512
bc9ae806419e2f287cac175749fccca634bee2ae385bddb39456b3d1817ee9a74f21f5f3f96e6e0abd46549c19e6157c318b4aeb08dfde8b8ab066bfb396435f

Download Submit
C:\Windows\system\SIfzJGd.exe

Filesize
6.0MB

MD5
f671c1564211465237d71a35c5aa6217

SHA1
ae831d17c34d961902efb8b92053ac0451252845

SHA256
63190f22d36d3661c0e29fee2e8031a4b29b39999046a245edd44a72c927a145

SHA512
ed3d8942d7298d7246a71d1d4680201815efdea617726d3d63be569e7ae612eb57bf570c837547526ec92d351b7158d700af99e029db6b9cc5f9e5701f15d0b5

Download Submit
C:\Windows\system\UEpPsif.exe

Filesize
6.0MB

MD5
a5a9dfadc9f0cf4650c13377b460d31c

SHA1
8369f205c2962c819c682db916ca15659dc1a407

SHA256
c293c4ef0eea335bd9b60ee1aa5a5a07d9234db389d7f6f141554ad5f7ae62a4

SHA512
a064bd85f81fec27471021b6e22df6bcc49ab1be14cd0b3814f5122270e3d198209ca1f67a2f999408b5c551f15d7a91b62232160023802376016b84bcf0a2ec

Download Submit
C:\Windows\system\VmYICfp.exe

Filesize
6.0MB

MD5
580b6ce1020f85165ea607137ea61f9b

SHA1
ec4b3cf83929a9a224a316142d660ebb79dbc58b

SHA256
09021bcaa1169b976077f4cdf05c2982ad1e777763ea9d326be4e0236503659e

SHA512
4b54137e4ede947c113b83f2741825a0c09004dd09afbeab76f5f355e31f5275652f09826efeba3b08a860ff1efc3895199e06c3d9958662a15c84dcecc90ea1

Download Submit
C:\Windows\system\ZVICYkF.exe

Filesize
6.0MB

MD5
153f3ff8ac7068eaad5eaada1bfee87a

SHA1
0d97a969f61c0b807dbec3a13ace7129704014ec

SHA256
cf4c4297eca78efcbfdb469b94cfe6e2d77be5942b4b5ca8f129ee1830d98331

SHA512
43ea6a0fc0f08ca34434835d540deba96e455e052293713ee9d36500cc2c423dd3798fc0121bf57da1d1117bb863337390ffefd6878714a6aeefb711fd1e81b8

Download Submit
C:\Windows\system\ZduoXAF.exe

Filesize
6.0MB

MD5
c69519604f3a2162ab0728d6eac11bc5

SHA1
adc1e3f16ec304d881ffa993e95e3f6773a6180a

SHA256
89bdf3002fb58d1d07f3f081496b5241116dd762e51ebf5f5083920274358e59

SHA512
9e0848f1e753f4937d89ff7ab24b7886857283b69292cb636d16f725822fbd71f16ffaa9626fe7507c6a4bac08f25d15813d30c1565c40511c07c8f224c54427

Download Submit
C:\Windows\system\aQUhcYc.exe

Filesize
6.0MB

MD5
7283ebccd9ea6900de05a5888094c68c

SHA1
7470dcd6f2a04063fcf166d7d646652dedd1939d

SHA256
5e33a14b1ed83572854a90b8c3b53d063fed9e0d810f0dcf8091825a32c3201e

SHA512
d1456234ca5c155622e31f40728f0822bcbc51d8e635f51e7d2e3b1d380e43fa5c05d1aa118eff6d9f0154f4c5e9df90af034c7f3e5b2e1549af978ab31f7c88

Download Submit
C:\Windows\system\adSUQNp.exe

Filesize
6.0MB

MD5
2fb95917a9a148fd13dc94e7531695b2

SHA1
48ec8e7c421a2697093b70900d25951d7c498c4b

SHA256
f689e041644aa13b9df0159c262638e67a731633d5191875e045c292e1161467

SHA512
9d20aa74260fe5072a72dd603b95661b8a30327f6b79c01a7a67ee67bfba1e63d740aa06fe2b18d92e9c137976febd6be2def1556dc594386511ec60a9019e3a

Download Submit
C:\Windows\system\bzKhndn.exe

Filesize
6.0MB

MD5
64a9c7448184697059cae1e5fd447726

SHA1
9e6635288bb0733ced4bbdb5281ec118b81144bb

SHA256
47794d25c1a4cb22aeeefd9d8568830c968de50371872218ae90dfdd8a492702

SHA512
05a05bd211c77f0b0f9d068edcdf6a9841d5ab4051b933487667de5baf9a234255a656f3a82f801334583358cebc37afe76add67f99ba7474ad8416d233a623d

Download Submit
C:\Windows\system\dvbWlFG.exe

Filesize
6.0MB

MD5
0bf1e2735bba02bd3b719765f1753d01

SHA1
36f20c9b790f0a052929d583940e54862fb5805a

SHA256
eb756d77f72d8b347abc2a49882dc176dd72d6d965a523a0edc87b750dac90d3

SHA512
d7d7c4da48350bdadc736a7ddbe3715070b8b974d8492cd3f5d8eed915748a8cd244acfd4ab0a6b349a7ce1a57808dc93236964e2e6e1ab97180040ac753dae3

Download Submit
C:\Windows\system\dzBxPOl.exe

Filesize
6.0MB

MD5
d23ceae04a583e62864f1894e60b2436

SHA1
6f7f0149a1cf4ac00ccd2f3e7d35ad3b16fc33fc

SHA256
07b9f11d498fa0e4c603f6c936224b139124866498d65d22555c6a2b275b7839

SHA512
7acf71cc1012337d3330454657ff729f5f5740224846aad5810fd1b34cbaa391b96544b170fa94cca6410c3821976bb5daf7f3015e8faba855a62b4f8406b335

Download Submit
C:\Windows\system\fSBFwUb.exe

Filesize
6.0MB

MD5
a0cc4445e474ec80f37c194027f50e72

SHA1
894745434002736108526f4d762c765b7f95d466

SHA256
f748154fee2b3da62ad0d2d4fb0ea8ee9c04e07f57a50a7bda62e244c10e61cb

SHA512
482a1acce6d472095aab52278b8d3e28fafdbbc3c0d8ce5c78a721e00c776075b712cda648f2dd6f547b5e1a589f639f97a547fe2edffc39766db485ee10a7cf

Download Submit
C:\Windows\system\iKkiVUU.exe

Filesize
6.0MB

MD5
a6a5d0e7bbc41a2dd27d6a908e759ede

SHA1
9a49aae6c0a9dff7b23c1117df483e68d879e4f5

SHA256
e078c62e0dc32bb3a4fe88be8bdee3439f3aafef7c3389baaf133a825cfda7de

SHA512
5622606e299e2545859593d4da9e949cb47aa182bf02a51b4510b944fd063d153221ad20ce4fd6dd0fcd3cab867c35f1dd871367837c5ac4393620caaff78555

Download Submit
C:\Windows\system\jhxgpJR.exe

Filesize
6.0MB

MD5
c0b03442e7102dfd33a3232a1d07bc82

SHA1
a937c51c404cdc50dd2b9307e99ee5d472555b98

SHA256
ef6fb2c67b99591cbe8e1fc67c3a8b33443e63949d58500cf86f55438571b771

SHA512
cc6f89402e72488ce4887cca542cc81d98819f9fc449a8aa8899c18fd31d71dc9a97c20bbc6f6101bb422922df562ff6c78516ed2c79711c6bd985d85d17e046

Download Submit
C:\Windows\system\mrfrjTS.exe

Filesize
6.0MB

MD5
f5bf0367c1623be844e314ad90f31385

SHA1
cdbc51e36e04ef4de921aeacbb3c6d523ae8f2db

SHA256
827353d33843d31e301ba6f1cbe9e8a864257ac8c129ca6f70cdc62c0c839a3a

SHA512
df3567c2b32f4161a37af83404ee32ac84f8194e053ac7809a9357818a7b6e455d75ac3ce6f0ecd8113a4997d7f64f5a29ff9c78416e1037b09990fcf1291deb

Download Submit
C:\Windows\system\ohjRzri.exe

Filesize
6.0MB

MD5
f0241b0cbd19a7ce0fac03ed118bb80d

SHA1
665f12cbe29404d8b58ada6974f64b60685e895d

SHA256
41f7d55dd4ef97074fd75a3a0c8f0986f1437c3bd7c874269939b67af08eaf27

SHA512
ba1d4c5dded322bf22ed4b52c95973d3f1969bea5b36c536a776c3ac11e1bff8a16fadc51e5594b21fd51ce073addaaf8ea1c2f01f326a3ebbc5672d7180e3d2

Download Submit
C:\Windows\system\ppuCaXO.exe

Filesize
6.0MB

MD5
f934c06e675645211594d6738f5b979a

SHA1
b5ba1e6697aeccad46c990323a54d8ddc114ba10

SHA256
779fbc919c88a296d5b6bd2f37efac5fbb8738951e1a57b43d322a769bff3948

SHA512
279930b2a6e58cfbbc2243a237f3898af7f0ec9c7ae41fcecd0e18d0bd6ea2ec04e5220e7bbe69d56d6a37da96aa1a87b574de6a89417ef9ee5f63a62310200e

Download Submit
C:\Windows\system\syXttEB.exe

Filesize
6.0MB

MD5
2a617ecada3e3f99756487fba8e49b6a

SHA1
2c93ef5e1eecb3151728092214d69d0dd1a353a6

SHA256
14603ce132ae6404e5e807c91d9a54fbaa95ee61c4cffd17115ce8fc7d459da8

SHA512
16a5b8935c94b09d579277c0858964c90f7dc1d76e1d5118c744e80f8c1fb4cf1d649e3fead7cfdb51c687345d3d42e6341917ed86c7e10050a850812a38c4e9

Download Submit
C:\Windows\system\xyqDxxn.exe

Filesize
6.0MB

MD5
a87b45c34031a21d286f73d9ef2eacae

SHA1
91d67051ce419397579dfe45e26d3b848fb27e47

SHA256
0015d636e072172d5da911fbd182ab92b93037f5d78938157b23d134793cefa3

SHA512
43a3718c0f276ec2c1135a1b1b88f6c0f9cce9b4c6a9836efc70347d7fd678d7ab354a02a7db40f6b1e100eb525730f7aa618531e0806e6d7bd2ab2cbb9421d0

Download Submit
C:\Windows\system\ydrdZER.exe

Filesize
6.0MB

MD5
58adc734ebd8ef3aacffbe1194fc071b

SHA1
a56205e217ba5b6b68bbb1b555742145c4aff3eb

SHA256
e1ff95ab677b6010354408f811eedf3a9c01d8dafc09142117cb71b54c7eb1eb

SHA512
1a4a2bb7a8b1daee5b1513b86903bbe700ac0ae0b1552118ff692013cba14eb3570030308c4bb015f3848d5770ea765867c121cfc635babb89f7f930f50136c5

Download Submit
\Windows\system\RQnKJOa.exe

Filesize
6.0MB

MD5
99da0592b45da825440460418414d940

SHA1
0303bfb259af1e34560761435a2f41b2ae20c126

SHA256
e1547750d012727f05c6576a6e59c983727361af275d99f1b2b8d3609ea4a65d

SHA512
b82869f078a57e2e05174bef44fd078b13ae7da97089670d94bf79423bcbd389927b4faa9ce821f903ae5a3e0b62080881f4ce4a6a81d639d62b5e0abd94ae08

Download Submit
\Windows\system\UKZASCr.exe

Filesize
6.0MB

MD5
259a9b8ba12f082928c014c828966126

SHA1
65d1ab6fc291258bfc79d629003e1e6823d7dd57

SHA256
19c0bee48a80b5a35ed8713fdb478876197bc330cef3d9506b7121b6b41a8a76

SHA512
d6e9e1d5d985487aac70ce073a44751231a0fe7cc86011d152be0b9ea039b058e828a0331be1061084e2ba412cb3bd0991cecd8828a681633d329e1e971b17ec

Download Submit
\Windows\system\VcIatrv.exe

Filesize
6.0MB

MD5
d7698f6df1bf9655a4391d05034e8806

SHA1
c260274c6f9a560e8be9096a5fe70cb40ea78e9b

SHA256
b1d07aa98df74ab9a42d83b1f6ae79bf716ec4176378a92ec88f132c44e65ff8

SHA512
e2554aca69b6eb39c0b6a3ad81f4aca26b1c91c8eed6797aaa067e436469cb109110b32833ee09e992d4e5ab375ead240e440fcc16a10c3a33aa2b566963371b

Download Submit
memory/628-1633-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/628-117-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/1888-1585-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/1888-124-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-91-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2172-1590-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2368-1640-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2368-115-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2516-119-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2516-1651-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2776-1594-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2776-98-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2788-111-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-1624-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-101-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-1598-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-1612-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2876-109-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2884-1627-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2884-113-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2904-96-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1595-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2932-1608-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2932-107-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/3012-518-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-83-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-90-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/3012-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/3012-88-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-108-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/3012-110-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-112-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/3012-114-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-116-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/3012-118-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/3012-104-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-95-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-97-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/3012-591-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-100-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-123-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/3012-586-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-515-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/3012-0-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/3016-1600-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/3016-99-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/3032-1596-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-89-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download