cobaltstrike | 333005eac44b1eb3684cb307b87fe968b89f99f476416f5111a3881b256eacf4

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 04:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

fc0b7c42c817526d745afb07825a4add
SHA1

619cd63a8e9729bb6c955a248c96a08f2572d390
SHA256

333005eac44b1eb3684cb307b87fe968b89f99f476416f5111a3881b256eacf4
SHA512

d85eb627240f91e39e996a14f514e651d3fa598e300d591a101cb64f65edb0c6c52338d4242cbf781c8945708173750926227a400a557a4291d7bdca50ad882b
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUa:T+q56utgpPF8u/7a

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000f000000012782-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd7-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ce0-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ce8-25.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d04-36.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d1-50.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e6-61.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-72.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195cc-122.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ce-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e0-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf2-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf0-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bec-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019931-149.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a0-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019665-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-137.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d0-129.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ca-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c8-114.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-109.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-106.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c4-102.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c2-97.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958b-93.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948d-79.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f0-66.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ca5-55.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a8-43.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cf0-31.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2404-0-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/files/0x000f000000012782-3.dat	xmrig
behavioral1/files/0x0007000000016cd7-11.dat	xmrig
behavioral1/memory/2300-13-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2176-10-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016ce0-9.dat	xmrig
behavioral1/memory/476-20-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016ce8-25.dat	xmrig
behavioral1/memory/2480-26-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2680-32-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2176-37-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2792-38-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d04-36.dat	xmrig
behavioral1/files/0x00050000000193d1-50.dat	xmrig
behavioral1/memory/2556-62-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/files/0x00050000000193e6-61.dat	xmrig
behavioral1/files/0x000500000001945c-72.dat	xmrig
behavioral1/files/0x00050000000195cc-122.dat	xmrig
behavioral1/files/0x00050000000195ce-125.dat	xmrig
behavioral1/files/0x00050000000195e0-133.dat	xmrig
behavioral1/memory/2404-283-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/files/0x0005000000019bf2-161.dat	xmrig
behavioral1/files/0x0005000000019bf0-158.dat	xmrig
behavioral1/files/0x0005000000019bec-153.dat	xmrig
behavioral1/files/0x0005000000019931-149.dat	xmrig
behavioral1/files/0x00050000000196a0-145.dat	xmrig
behavioral1/files/0x0005000000019665-141.dat	xmrig
behavioral1/files/0x0005000000019624-137.dat	xmrig
behavioral1/files/0x00050000000195d0-129.dat	xmrig
behavioral1/files/0x00050000000195ca-117.dat	xmrig
behavioral1/files/0x00050000000195c8-114.dat	xmrig
behavioral1/files/0x00050000000195c7-109.dat	xmrig
behavioral1/files/0x00050000000195c6-106.dat	xmrig
behavioral1/files/0x00050000000195c4-102.dat	xmrig
behavioral1/files/0x00050000000195c2-97.dat	xmrig
behavioral1/files/0x000500000001958b-93.dat	xmrig
behavioral1/memory/2748-87-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x00050000000194e2-86.dat	xmrig
behavioral1/memory/2104-80-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/files/0x000500000001948d-79.dat	xmrig
behavioral1/memory/2232-73-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2404-70-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2576-67-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/files/0x00050000000193f0-66.dat	xmrig
behavioral1/memory/2840-56-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/files/0x0009000000016ca5-55.dat	xmrig
behavioral1/memory/2536-51-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/3000-44-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a8-43.dat	xmrig
behavioral1/memory/2300-41-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2404-34-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/files/0x0009000000016cf0-31.dat	xmrig
behavioral1/memory/2176-3034-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2300-4044-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2480-4045-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2536-4046-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2792-4047-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2232-4050-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2556-4049-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2748-4048-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2576-4051-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2104-4052-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2680-4053-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/476-4055-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2176	CMGgUsD.exe
2300	TVZSAJw.exe
476	PytfARN.exe
2480	yMHeEaz.exe
2680	aHtvkqR.exe
2792	fXtrkPj.exe
3000	wtpaUel.exe
2536	MFaAjnE.exe
2840	HKAceJO.exe
2556	gYmYrXN.exe
2576	eGIbjPM.exe
2232	TKNYpqT.exe
2104	WrZdGLK.exe
2748	npmTuWt.exe
2780	KfFcuyq.exe
1636	ZChIswH.exe
1592	Xherwvd.exe
2516	mqPbZAr.exe
2356	YBJOrmX.exe
2764	dIvUlqO.exe
1396	PsJPZGg.exe
1760	XPzNEbP.exe
2032	HBjqVkt.exe
2976	myfroNQ.exe
2900	HSAjMCO.exe
2888	VjezqTt.exe
2628	FgymGwd.exe
2348	RecpDdJ.exe
2492	qewrEuF.exe
2964	BItBOvs.exe
1480	mTnBcWt.exe
1776	oSMrZGp.exe
1124	CmbGxAW.exe
2960	cgnyCZA.exe
2944	yMPDlov.exe
2424	nvMzGHY.exe
948	Wfpjanf.exe
2120	kGFVoAx.exe
2164	dPtDuzR.exe
1720	XRgxXRg.exe
3032	ZXQTVuZ.exe
1716	VQELztK.exe
684	xrqHwYM.exe
2376	JReMPfA.exe
1672	FgrVEDY.exe
1544	pSJoSRm.exe
1780	XPfTYhb.exe
1564	JKINVok.exe
1284	fYlbSdv.exe
1296	TvMnFpl.exe
2968	dRmzysZ.exe
1140	iuFHkiv.exe
2264	MggkCGs.exe
3036	jsPYEOI.exe
3004	jzfzMxl.exe
3044	dDvABtN.exe
3060	nieMGFy.exe
1756	lWlGTfC.exe
2132	DvReLDS.exe
1668	KrwTsgb.exe
880	VAhyULp.exe
2020	LFlOcKp.exe
2072	ugRqTLR.exe
1600	oKxSLyp.exe

Loads dropped DLL 64 IoCs

pid	Process
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2404-0-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/files/0x000f000000012782-3.dat	upx
behavioral1/files/0x0007000000016cd7-11.dat	upx
behavioral1/memory/2300-13-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2176-10-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/files/0x0007000000016ce0-9.dat	upx
behavioral1/memory/476-20-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/files/0x0007000000016ce8-25.dat	upx
behavioral1/memory/2480-26-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2680-32-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2176-37-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2792-38-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x0009000000016d04-36.dat	upx
behavioral1/files/0x00050000000193d1-50.dat	upx
behavioral1/memory/2556-62-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/files/0x00050000000193e6-61.dat	upx
behavioral1/files/0x000500000001945c-72.dat	upx
behavioral1/files/0x00050000000195cc-122.dat	upx
behavioral1/files/0x00050000000195ce-125.dat	upx
behavioral1/files/0x00050000000195e0-133.dat	upx
behavioral1/files/0x0005000000019bf2-161.dat	upx
behavioral1/files/0x0005000000019bf0-158.dat	upx
behavioral1/files/0x0005000000019bec-153.dat	upx
behavioral1/files/0x0005000000019931-149.dat	upx
behavioral1/files/0x00050000000196a0-145.dat	upx
behavioral1/files/0x0005000000019665-141.dat	upx
behavioral1/files/0x0005000000019624-137.dat	upx
behavioral1/files/0x00050000000195d0-129.dat	upx
behavioral1/files/0x00050000000195ca-117.dat	upx
behavioral1/files/0x00050000000195c8-114.dat	upx
behavioral1/files/0x00050000000195c7-109.dat	upx
behavioral1/files/0x00050000000195c6-106.dat	upx
behavioral1/files/0x00050000000195c4-102.dat	upx
behavioral1/files/0x00050000000195c2-97.dat	upx
behavioral1/files/0x000500000001958b-93.dat	upx
behavioral1/memory/2748-87-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x00050000000194e2-86.dat	upx
behavioral1/memory/2104-80-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/files/0x000500000001948d-79.dat	upx
behavioral1/memory/2232-73-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2576-67-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/files/0x00050000000193f0-66.dat	upx
behavioral1/memory/2840-56-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/files/0x0009000000016ca5-55.dat	upx
behavioral1/memory/2536-51-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/3000-44-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/files/0x00050000000193a8-43.dat	upx
behavioral1/memory/2300-41-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2404-34-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/files/0x0009000000016cf0-31.dat	upx
behavioral1/memory/2176-3034-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2300-4044-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2480-4045-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2536-4046-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2792-4047-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2232-4050-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2556-4049-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2748-4048-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2576-4051-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2104-4052-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2680-4053-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/476-4055-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/3000-4054-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2840-4056-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ZChIswH.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PasDiiJ.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UAtrBcJ.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HXNZNXs.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PFWGtAv.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cQRaQmT.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wQbVAcM.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MATwnJP.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CpyUTHK.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FwqZILy.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MYjRjsm.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\thARmKm.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KjxfWKU.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hjEsQZL.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vgZmAXr.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tmSErCM.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OSoKsmB.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\goZLCnZ.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ppmTdTu.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSNgVuq.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NNYBjxq.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ggcRFjX.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fEsioPf.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rwpqJdi.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bJVXCHK.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qBGJAEl.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DnfdOhI.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CMGgUsD.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wjSHVru.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xAhYgGQ.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JuKHlAO.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\COzwXJr.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cuOhJag.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uAzFZqh.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hzLutEP.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jgldQPj.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DFDrkAz.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nWZZzPu.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dILGMck.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Hbolldm.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PhhlZPd.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XPfTYhb.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ubGwYiV.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qEscBqX.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jsWmWQa.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jZQzQjn.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aSJjNou.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TKNYpqT.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JUJjvOV.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uUYhecY.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CmbGxAW.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rozNRtK.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FZAgCZk.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oqrZhvO.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NNkgWBZ.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GYoeJdt.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CSssaoR.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mxPMSml.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ijGtvkS.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EYqdBRy.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RbssafG.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wlvCxKx.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\unHMSTd.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tQnAIor.exe	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 2176	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2404 wrote to memory of 2176	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2404 wrote to memory of 2176	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2404 wrote to memory of 2300	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2404 wrote to memory of 2300	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2404 wrote to memory of 2300	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2404 wrote to memory of 476	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2404 wrote to memory of 476	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2404 wrote to memory of 476	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2404 wrote to memory of 2480	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2404 wrote to memory of 2480	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2404 wrote to memory of 2480	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2404 wrote to memory of 2680	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2404 wrote to memory of 2680	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2404 wrote to memory of 2680	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2404 wrote to memory of 2792	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2404 wrote to memory of 2792	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2404 wrote to memory of 2792	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2404 wrote to memory of 3000	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2404 wrote to memory of 3000	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2404 wrote to memory of 3000	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2404 wrote to memory of 2536	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2404 wrote to memory of 2536	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2404 wrote to memory of 2536	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2404 wrote to memory of 2840	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2404 wrote to memory of 2840	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2404 wrote to memory of 2840	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2404 wrote to memory of 2556	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2404 wrote to memory of 2556	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2404 wrote to memory of 2556	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2404 wrote to memory of 2576	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2404 wrote to memory of 2576	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2404 wrote to memory of 2576	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2404 wrote to memory of 2232	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2404 wrote to memory of 2232	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2404 wrote to memory of 2232	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2404 wrote to memory of 2104	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2404 wrote to memory of 2104	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2404 wrote to memory of 2104	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2404 wrote to memory of 2748	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2404 wrote to memory of 2748	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2404 wrote to memory of 2748	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2404 wrote to memory of 2780	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2404 wrote to memory of 2780	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2404 wrote to memory of 2780	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2404 wrote to memory of 1636	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2404 wrote to memory of 1636	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2404 wrote to memory of 1636	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2404 wrote to memory of 1592	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2404 wrote to memory of 1592	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2404 wrote to memory of 1592	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2404 wrote to memory of 2516	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2404 wrote to memory of 2516	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2404 wrote to memory of 2516	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2404 wrote to memory of 2356	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2404 wrote to memory of 2356	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2404 wrote to memory of 2356	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2404 wrote to memory of 2764	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2404 wrote to memory of 2764	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2404 wrote to memory of 2764	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2404 wrote to memory of 1396	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2404 wrote to memory of 1396	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2404 wrote to memory of 1396	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2404 wrote to memory of 1760	2404	2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_fc0b7c42c817526d745afb07825a4add_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Windows\System\CMGgUsD.exe
  C:\Windows\System\CMGgUsD.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\TVZSAJw.exe
  C:\Windows\System\TVZSAJw.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\PytfARN.exe
  C:\Windows\System\PytfARN.exe
  2⤵
  - Executes dropped EXE
  PID:476
- C:\Windows\System\yMHeEaz.exe
  C:\Windows\System\yMHeEaz.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\aHtvkqR.exe
  C:\Windows\System\aHtvkqR.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\fXtrkPj.exe
  C:\Windows\System\fXtrkPj.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\wtpaUel.exe
  C:\Windows\System\wtpaUel.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\MFaAjnE.exe
  C:\Windows\System\MFaAjnE.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\HKAceJO.exe
  C:\Windows\System\HKAceJO.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\gYmYrXN.exe
  C:\Windows\System\gYmYrXN.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\eGIbjPM.exe
  C:\Windows\System\eGIbjPM.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\TKNYpqT.exe
  C:\Windows\System\TKNYpqT.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\WrZdGLK.exe
  C:\Windows\System\WrZdGLK.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\npmTuWt.exe
  C:\Windows\System\npmTuWt.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\KfFcuyq.exe
  C:\Windows\System\KfFcuyq.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\ZChIswH.exe
  C:\Windows\System\ZChIswH.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\Xherwvd.exe
  C:\Windows\System\Xherwvd.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\mqPbZAr.exe
  C:\Windows\System\mqPbZAr.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\YBJOrmX.exe
  C:\Windows\System\YBJOrmX.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\dIvUlqO.exe
  C:\Windows\System\dIvUlqO.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\PsJPZGg.exe
  C:\Windows\System\PsJPZGg.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\XPzNEbP.exe
  C:\Windows\System\XPzNEbP.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\HBjqVkt.exe
  C:\Windows\System\HBjqVkt.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\myfroNQ.exe
  C:\Windows\System\myfroNQ.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\HSAjMCO.exe
  C:\Windows\System\HSAjMCO.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\VjezqTt.exe
  C:\Windows\System\VjezqTt.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\FgymGwd.exe
  C:\Windows\System\FgymGwd.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\RecpDdJ.exe
  C:\Windows\System\RecpDdJ.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\qewrEuF.exe
  C:\Windows\System\qewrEuF.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\BItBOvs.exe
  C:\Windows\System\BItBOvs.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\mTnBcWt.exe
  C:\Windows\System\mTnBcWt.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\oSMrZGp.exe
  C:\Windows\System\oSMrZGp.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\CmbGxAW.exe
  C:\Windows\System\CmbGxAW.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\cgnyCZA.exe
  C:\Windows\System\cgnyCZA.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\yMPDlov.exe
  C:\Windows\System\yMPDlov.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\nvMzGHY.exe
  C:\Windows\System\nvMzGHY.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\Wfpjanf.exe
  C:\Windows\System\Wfpjanf.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\kGFVoAx.exe
  C:\Windows\System\kGFVoAx.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\dPtDuzR.exe
  C:\Windows\System\dPtDuzR.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\XRgxXRg.exe
  C:\Windows\System\XRgxXRg.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\ZXQTVuZ.exe
  C:\Windows\System\ZXQTVuZ.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\VQELztK.exe
  C:\Windows\System\VQELztK.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\xrqHwYM.exe
  C:\Windows\System\xrqHwYM.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\JReMPfA.exe
  C:\Windows\System\JReMPfA.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\FgrVEDY.exe
  C:\Windows\System\FgrVEDY.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\pSJoSRm.exe
  C:\Windows\System\pSJoSRm.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\XPfTYhb.exe
  C:\Windows\System\XPfTYhb.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\JKINVok.exe
  C:\Windows\System\JKINVok.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\fYlbSdv.exe
  C:\Windows\System\fYlbSdv.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\TvMnFpl.exe
  C:\Windows\System\TvMnFpl.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\dRmzysZ.exe
  C:\Windows\System\dRmzysZ.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\iuFHkiv.exe
  C:\Windows\System\iuFHkiv.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\MggkCGs.exe
  C:\Windows\System\MggkCGs.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\jsPYEOI.exe
  C:\Windows\System\jsPYEOI.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\jzfzMxl.exe
  C:\Windows\System\jzfzMxl.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\dDvABtN.exe
  C:\Windows\System\dDvABtN.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\nieMGFy.exe
  C:\Windows\System\nieMGFy.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\lWlGTfC.exe
  C:\Windows\System\lWlGTfC.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\DvReLDS.exe
  C:\Windows\System\DvReLDS.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\KrwTsgb.exe
  C:\Windows\System\KrwTsgb.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\VAhyULp.exe
  C:\Windows\System\VAhyULp.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\LFlOcKp.exe
  C:\Windows\System\LFlOcKp.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\ugRqTLR.exe
  C:\Windows\System\ugRqTLR.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\oKxSLyp.exe
  C:\Windows\System\oKxSLyp.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\KzXpiVs.exe
  C:\Windows\System\KzXpiVs.exe
  2⤵
  PID:2112
- C:\Windows\System\eBsrxtV.exe
  C:\Windows\System\eBsrxtV.exe
  2⤵
  PID:1972
- C:\Windows\System\QJDPunv.exe
  C:\Windows\System\QJDPunv.exe
  2⤵
  PID:1736
- C:\Windows\System\AbFkPhL.exe
  C:\Windows\System\AbFkPhL.exe
  2⤵
  PID:2388
- C:\Windows\System\kfzptUF.exe
  C:\Windows\System\kfzptUF.exe
  2⤵
  PID:2852
- C:\Windows\System\UNufiSe.exe
  C:\Windows\System\UNufiSe.exe
  2⤵
  PID:2820
- C:\Windows\System\QUFSmfT.exe
  C:\Windows\System\QUFSmfT.exe
  2⤵
  PID:2700
- C:\Windows\System\uCarlxC.exe
  C:\Windows\System\uCarlxC.exe
  2⤵
  PID:2728
- C:\Windows\System\JhlrjIz.exe
  C:\Windows\System\JhlrjIz.exe
  2⤵
  PID:1288
- C:\Windows\System\GKJOBYJ.exe
  C:\Windows\System\GKJOBYJ.exe
  2⤵
  PID:2788
- C:\Windows\System\iMdBdUU.exe
  C:\Windows\System\iMdBdUU.exe
  2⤵
  PID:2592
- C:\Windows\System\KIXyKbz.exe
  C:\Windows\System\KIXyKbz.exe
  2⤵
  PID:1392
- C:\Windows\System\adMNDTM.exe
  C:\Windows\System\adMNDTM.exe
  2⤵
  PID:1176
- C:\Windows\System\ZUeSzuz.exe
  C:\Windows\System\ZUeSzuz.exe
  2⤵
  PID:396
- C:\Windows\System\mxPMSml.exe
  C:\Windows\System\mxPMSml.exe
  2⤵
  PID:2932
- C:\Windows\System\MwWQIzB.exe
  C:\Windows\System\MwWQIzB.exe
  2⤵
  PID:2896
- C:\Windows\System\kxvElCi.exe
  C:\Windows\System\kxvElCi.exe
  2⤵
  PID:1744
- C:\Windows\System\JLJQAlu.exe
  C:\Windows\System\JLJQAlu.exe
  2⤵
  PID:1096
- C:\Windows\System\bXFdAEB.exe
  C:\Windows\System\bXFdAEB.exe
  2⤵
  PID:1072
- C:\Windows\System\mOFQhIQ.exe
  C:\Windows\System\mOFQhIQ.exe
  2⤵
  PID:2336
- C:\Windows\System\UNCJYMK.exe
  C:\Windows\System\UNCJYMK.exe
  2⤵
  PID:1244
- C:\Windows\System\xWVFZnu.exe
  C:\Windows\System\xWVFZnu.exe
  2⤵
  PID:736
- C:\Windows\System\pVxjfQM.exe
  C:\Windows\System\pVxjfQM.exe
  2⤵
  PID:1008
- C:\Windows\System\fBOHzZw.exe
  C:\Windows\System\fBOHzZw.exe
  2⤵
  PID:1728
- C:\Windows\System\PsnEeHv.exe
  C:\Windows\System\PsnEeHv.exe
  2⤵
  PID:1892
- C:\Windows\System\wTVXDnE.exe
  C:\Windows\System\wTVXDnE.exe
  2⤵
  PID:1680
- C:\Windows\System\REEmyop.exe
  C:\Windows\System\REEmyop.exe
  2⤵
  PID:2252
- C:\Windows\System\XxVdJlV.exe
  C:\Windows\System\XxVdJlV.exe
  2⤵
  PID:316
- C:\Windows\System\qlfwffh.exe
  C:\Windows\System\qlfwffh.exe
  2⤵
  PID:552
- C:\Windows\System\tQnAIor.exe
  C:\Windows\System\tQnAIor.exe
  2⤵
  PID:348
- C:\Windows\System\bmrKHoo.exe
  C:\Windows\System\bmrKHoo.exe
  2⤵
  PID:1148
- C:\Windows\System\JhMbBOB.exe
  C:\Windows\System\JhMbBOB.exe
  2⤵
  PID:1040
- C:\Windows\System\WQEiYSt.exe
  C:\Windows\System\WQEiYSt.exe
  2⤵
  PID:868
- C:\Windows\System\kigHpCY.exe
  C:\Windows\System\kigHpCY.exe
  2⤵
  PID:2448
- C:\Windows\System\UsrmkUk.exe
  C:\Windows\System\UsrmkUk.exe
  2⤵
  PID:1608
- C:\Windows\System\uKnDWna.exe
  C:\Windows\System\uKnDWna.exe
  2⤵
  PID:1516
- C:\Windows\System\HamiQEQ.exe
  C:\Windows\System\HamiQEQ.exe
  2⤵
  PID:2692
- C:\Windows\System\BUygfQW.exe
  C:\Windows\System\BUygfQW.exe
  2⤵
  PID:2528
- C:\Windows\System\rngTTvO.exe
  C:\Windows\System\rngTTvO.exe
  2⤵
  PID:1596
- C:\Windows\System\dHQYqNs.exe
  C:\Windows\System\dHQYqNs.exe
  2⤵
  PID:2752
- C:\Windows\System\qJEoBXx.exe
  C:\Windows\System\qJEoBXx.exe
  2⤵
  PID:1060
- C:\Windows\System\zJSGduz.exe
  C:\Windows\System\zJSGduz.exe
  2⤵
  PID:2384
- C:\Windows\System\tdKWqFg.exe
  C:\Windows\System\tdKWqFg.exe
  2⤵
  PID:1836
- C:\Windows\System\XdMXvHL.exe
  C:\Windows\System\XdMXvHL.exe
  2⤵
  PID:2952
- C:\Windows\System\mygcPoM.exe
  C:\Windows\System\mygcPoM.exe
  2⤵
  PID:680
- C:\Windows\System\enPzSnz.exe
  C:\Windows\System\enPzSnz.exe
  2⤵
  PID:568
- C:\Windows\System\TZqmQKg.exe
  C:\Windows\System\TZqmQKg.exe
  2⤵
  PID:1752
- C:\Windows\System\SDMDATz.exe
  C:\Windows\System\SDMDATz.exe
  2⤵
  PID:752
- C:\Windows\System\AnYfcYJ.exe
  C:\Windows\System\AnYfcYJ.exe
  2⤵
  PID:3052
- C:\Windows\System\rWcMZQL.exe
  C:\Windows\System\rWcMZQL.exe
  2⤵
  PID:2460
- C:\Windows\System\NsEUhIh.exe
  C:\Windows\System\NsEUhIh.exe
  2⤵
  PID:2988
- C:\Windows\System\rozNRtK.exe
  C:\Windows\System\rozNRtK.exe
  2⤵
  PID:3076
- C:\Windows\System\AHffAAe.exe
  C:\Windows\System\AHffAAe.exe
  2⤵
  PID:3092
- C:\Windows\System\pHZTTfB.exe
  C:\Windows\System\pHZTTfB.exe
  2⤵
  PID:3108
- C:\Windows\System\TdzcGjf.exe
  C:\Windows\System\TdzcGjf.exe
  2⤵
  PID:3124
- C:\Windows\System\rrznaLs.exe
  C:\Windows\System\rrznaLs.exe
  2⤵
  PID:3140
- C:\Windows\System\ytcNfdH.exe
  C:\Windows\System\ytcNfdH.exe
  2⤵
  PID:3156
- C:\Windows\System\UgDfnDm.exe
  C:\Windows\System\UgDfnDm.exe
  2⤵
  PID:3172
- C:\Windows\System\rPPjwPW.exe
  C:\Windows\System\rPPjwPW.exe
  2⤵
  PID:3188
- C:\Windows\System\qIXuFTj.exe
  C:\Windows\System\qIXuFTj.exe
  2⤵
  PID:3204
- C:\Windows\System\yEyaNSk.exe
  C:\Windows\System\yEyaNSk.exe
  2⤵
  PID:3220
- C:\Windows\System\qbNpZKz.exe
  C:\Windows\System\qbNpZKz.exe
  2⤵
  PID:3236
- C:\Windows\System\TDRVWNW.exe
  C:\Windows\System\TDRVWNW.exe
  2⤵
  PID:3252
- C:\Windows\System\sLIrfqh.exe
  C:\Windows\System\sLIrfqh.exe
  2⤵
  PID:3268
- C:\Windows\System\aZZSuUo.exe
  C:\Windows\System\aZZSuUo.exe
  2⤵
  PID:3284
- C:\Windows\System\oPCKqQk.exe
  C:\Windows\System\oPCKqQk.exe
  2⤵
  PID:3300
- C:\Windows\System\nPBlzdW.exe
  C:\Windows\System\nPBlzdW.exe
  2⤵
  PID:3316
- C:\Windows\System\reZeHFb.exe
  C:\Windows\System\reZeHFb.exe
  2⤵
  PID:3332
- C:\Windows\System\EIDSfFP.exe
  C:\Windows\System\EIDSfFP.exe
  2⤵
  PID:3348
- C:\Windows\System\BnbADCd.exe
  C:\Windows\System\BnbADCd.exe
  2⤵
  PID:3364
- C:\Windows\System\oqCOWRX.exe
  C:\Windows\System\oqCOWRX.exe
  2⤵
  PID:3380
- C:\Windows\System\dVQReTZ.exe
  C:\Windows\System\dVQReTZ.exe
  2⤵
  PID:3396
- C:\Windows\System\vlbsvgu.exe
  C:\Windows\System\vlbsvgu.exe
  2⤵
  PID:3412
- C:\Windows\System\vxTrCxb.exe
  C:\Windows\System\vxTrCxb.exe
  2⤵
  PID:3428
- C:\Windows\System\IAKuTdZ.exe
  C:\Windows\System\IAKuTdZ.exe
  2⤵
  PID:3448
- C:\Windows\System\bNHJWyJ.exe
  C:\Windows\System\bNHJWyJ.exe
  2⤵
  PID:3464
- C:\Windows\System\NoTHYWL.exe
  C:\Windows\System\NoTHYWL.exe
  2⤵
  PID:3480
- C:\Windows\System\ASTYaeI.exe
  C:\Windows\System\ASTYaeI.exe
  2⤵
  PID:3496
- C:\Windows\System\SrmtjkH.exe
  C:\Windows\System\SrmtjkH.exe
  2⤵
  PID:3512
- C:\Windows\System\kUNCTGs.exe
  C:\Windows\System\kUNCTGs.exe
  2⤵
  PID:3528
- C:\Windows\System\CMuqQyq.exe
  C:\Windows\System\CMuqQyq.exe
  2⤵
  PID:3544
- C:\Windows\System\mzrFWqj.exe
  C:\Windows\System\mzrFWqj.exe
  2⤵
  PID:3560
- C:\Windows\System\vYoaqqt.exe
  C:\Windows\System\vYoaqqt.exe
  2⤵
  PID:3576
- C:\Windows\System\rYcwLId.exe
  C:\Windows\System\rYcwLId.exe
  2⤵
  PID:3592
- C:\Windows\System\TihpTKV.exe
  C:\Windows\System\TihpTKV.exe
  2⤵
  PID:3608
- C:\Windows\System\oJPiVxp.exe
  C:\Windows\System\oJPiVxp.exe
  2⤵
  PID:3624
- C:\Windows\System\LCMMkZq.exe
  C:\Windows\System\LCMMkZq.exe
  2⤵
  PID:3640
- C:\Windows\System\WZUyidh.exe
  C:\Windows\System\WZUyidh.exe
  2⤵
  PID:3656
- C:\Windows\System\zSHRKyw.exe
  C:\Windows\System\zSHRKyw.exe
  2⤵
  PID:3672
- C:\Windows\System\dNUVDfd.exe
  C:\Windows\System\dNUVDfd.exe
  2⤵
  PID:3688
- C:\Windows\System\InKlLgJ.exe
  C:\Windows\System\InKlLgJ.exe
  2⤵
  PID:3704
- C:\Windows\System\NonkRih.exe
  C:\Windows\System\NonkRih.exe
  2⤵
  PID:3720
- C:\Windows\System\DSpDvoW.exe
  C:\Windows\System\DSpDvoW.exe
  2⤵
  PID:3736
- C:\Windows\System\eNawLoR.exe
  C:\Windows\System\eNawLoR.exe
  2⤵
  PID:3752
- C:\Windows\System\ktjbcfe.exe
  C:\Windows\System\ktjbcfe.exe
  2⤵
  PID:3768
- C:\Windows\System\ghWZiyl.exe
  C:\Windows\System\ghWZiyl.exe
  2⤵
  PID:3784
- C:\Windows\System\yuGqtGm.exe
  C:\Windows\System\yuGqtGm.exe
  2⤵
  PID:3800
- C:\Windows\System\SEjGInJ.exe
  C:\Windows\System\SEjGInJ.exe
  2⤵
  PID:3816
- C:\Windows\System\QStQwId.exe
  C:\Windows\System\QStQwId.exe
  2⤵
  PID:3832
- C:\Windows\System\IhEsDra.exe
  C:\Windows\System\IhEsDra.exe
  2⤵
  PID:3848
- C:\Windows\System\DaaxeJi.exe
  C:\Windows\System\DaaxeJi.exe
  2⤵
  PID:3864
- C:\Windows\System\OqMnxVn.exe
  C:\Windows\System\OqMnxVn.exe
  2⤵
  PID:3880
- C:\Windows\System\tsPLekP.exe
  C:\Windows\System\tsPLekP.exe
  2⤵
  PID:3896
- C:\Windows\System\WbBJZMt.exe
  C:\Windows\System\WbBJZMt.exe
  2⤵
  PID:3912
- C:\Windows\System\qGcYUmc.exe
  C:\Windows\System\qGcYUmc.exe
  2⤵
  PID:3928
- C:\Windows\System\frXkOWZ.exe
  C:\Windows\System\frXkOWZ.exe
  2⤵
  PID:3944
- C:\Windows\System\Kbbhoyq.exe
  C:\Windows\System\Kbbhoyq.exe
  2⤵
  PID:3960
- C:\Windows\System\pIuiyNd.exe
  C:\Windows\System\pIuiyNd.exe
  2⤵
  PID:3976
- C:\Windows\System\WSkKeRy.exe
  C:\Windows\System\WSkKeRy.exe
  2⤵
  PID:3992
- C:\Windows\System\GHPqYDA.exe
  C:\Windows\System\GHPqYDA.exe
  2⤵
  PID:4008
- C:\Windows\System\HzVJThw.exe
  C:\Windows\System\HzVJThw.exe
  2⤵
  PID:4024
- C:\Windows\System\COfXkGT.exe
  C:\Windows\System\COfXkGT.exe
  2⤵
  PID:4040
- C:\Windows\System\JSLTFib.exe
  C:\Windows\System\JSLTFib.exe
  2⤵
  PID:4056
- C:\Windows\System\NyfninS.exe
  C:\Windows\System\NyfninS.exe
  2⤵
  PID:4072
- C:\Windows\System\yaBVdfL.exe
  C:\Windows\System\yaBVdfL.exe
  2⤵
  PID:4088
- C:\Windows\System\VpjUYVN.exe
  C:\Windows\System\VpjUYVN.exe
  2⤵
  PID:1816
- C:\Windows\System\ifKBnGG.exe
  C:\Windows\System\ifKBnGG.exe
  2⤵
  PID:2096
- C:\Windows\System\kukvseF.exe
  C:\Windows\System\kukvseF.exe
  2⤵
  PID:2008
- C:\Windows\System\HXNZNXs.exe
  C:\Windows\System\HXNZNXs.exe
  2⤵
  PID:1848
- C:\Windows\System\jMnFosv.exe
  C:\Windows\System\jMnFosv.exe
  2⤵
  PID:844
- C:\Windows\System\QtenSGv.exe
  C:\Windows\System\QtenSGv.exe
  2⤵
  PID:2392
- C:\Windows\System\YtpyIKc.exe
  C:\Windows\System\YtpyIKc.exe
  2⤵
  PID:1932
- C:\Windows\System\tUoXVHL.exe
  C:\Windows\System\tUoXVHL.exe
  2⤵
  PID:1560
- C:\Windows\System\aJkbUXi.exe
  C:\Windows\System\aJkbUXi.exe
  2⤵
  PID:1724
- C:\Windows\System\FqiZbxM.exe
  C:\Windows\System\FqiZbxM.exe
  2⤵
  PID:3104
- C:\Windows\System\cBjGroZ.exe
  C:\Windows\System\cBjGroZ.exe
  2⤵
  PID:3136
- C:\Windows\System\xmucNZO.exe
  C:\Windows\System\xmucNZO.exe
  2⤵
  PID:3184
- C:\Windows\System\myqqsCm.exe
  C:\Windows\System\myqqsCm.exe
  2⤵
  PID:3200
- C:\Windows\System\uzjscwL.exe
  C:\Windows\System\uzjscwL.exe
  2⤵
  PID:3248
- C:\Windows\System\LSzwnew.exe
  C:\Windows\System\LSzwnew.exe
  2⤵
  PID:3264
- C:\Windows\System\kBVyFfa.exe
  C:\Windows\System\kBVyFfa.exe
  2⤵
  PID:3296
- C:\Windows\System\FYqhauB.exe
  C:\Windows\System\FYqhauB.exe
  2⤵
  PID:3328
- C:\Windows\System\bbrmNlu.exe
  C:\Windows\System\bbrmNlu.exe
  2⤵
  PID:3360
- C:\Windows\System\PFWGtAv.exe
  C:\Windows\System\PFWGtAv.exe
  2⤵
  PID:3408
- C:\Windows\System\UskrwGb.exe
  C:\Windows\System\UskrwGb.exe
  2⤵
  PID:3440
- C:\Windows\System\zGmyDcV.exe
  C:\Windows\System\zGmyDcV.exe
  2⤵
  PID:3460
- C:\Windows\System\ygOVYuJ.exe
  C:\Windows\System\ygOVYuJ.exe
  2⤵
  PID:3508
- C:\Windows\System\KSTuYhJ.exe
  C:\Windows\System\KSTuYhJ.exe
  2⤵
  PID:3540
- C:\Windows\System\lqFCVGH.exe
  C:\Windows\System\lqFCVGH.exe
  2⤵
  PID:3572
- C:\Windows\System\DmEMfzr.exe
  C:\Windows\System\DmEMfzr.exe
  2⤵
  PID:3588
- C:\Windows\System\xxNAShn.exe
  C:\Windows\System\xxNAShn.exe
  2⤵
  PID:3620
- C:\Windows\System\CYRwzds.exe
  C:\Windows\System\CYRwzds.exe
  2⤵
  PID:3668
- C:\Windows\System\qpDPfwB.exe
  C:\Windows\System\qpDPfwB.exe
  2⤵
  PID:3700
- C:\Windows\System\bCwozMw.exe
  C:\Windows\System\bCwozMw.exe
  2⤵
  PID:3732
- C:\Windows\System\jLOYqUd.exe
  C:\Windows\System\jLOYqUd.exe
  2⤵
  PID:3764
- C:\Windows\System\FHAMRXJ.exe
  C:\Windows\System\FHAMRXJ.exe
  2⤵
  PID:3792
- C:\Windows\System\SiyJPrt.exe
  C:\Windows\System\SiyJPrt.exe
  2⤵
  PID:3808
- C:\Windows\System\NNYBjxq.exe
  C:\Windows\System\NNYBjxq.exe
  2⤵
  PID:3856
- C:\Windows\System\QSnNSUB.exe
  C:\Windows\System\QSnNSUB.exe
  2⤵
  PID:3872
- C:\Windows\System\CMfoPQi.exe
  C:\Windows\System\CMfoPQi.exe
  2⤵
  PID:3904
- C:\Windows\System\ZegOuDa.exe
  C:\Windows\System\ZegOuDa.exe
  2⤵
  PID:3936
- C:\Windows\System\zUpougH.exe
  C:\Windows\System\zUpougH.exe
  2⤵
  PID:3968
- C:\Windows\System\YPJvIOs.exe
  C:\Windows\System\YPJvIOs.exe
  2⤵
  PID:4000
- C:\Windows\System\cQRaQmT.exe
  C:\Windows\System\cQRaQmT.exe
  2⤵
  PID:4032
- C:\Windows\System\pDGOsQr.exe
  C:\Windows\System\pDGOsQr.exe
  2⤵
  PID:4064
- C:\Windows\System\PTidLBb.exe
  C:\Windows\System\PTidLBb.exe
  2⤵
  PID:2864
- C:\Windows\System\skLUudF.exe
  C:\Windows\System\skLUudF.exe
  2⤵
  PID:2940
- C:\Windows\System\eALxZMC.exe
  C:\Windows\System\eALxZMC.exe
  2⤵
  PID:2980
- C:\Windows\System\pXpVXoQ.exe
  C:\Windows\System\pXpVXoQ.exe
  2⤵
  PID:2056
- C:\Windows\System\xTIGWlz.exe
  C:\Windows\System\xTIGWlz.exe
  2⤵
  PID:1700
- C:\Windows\System\vgZmAXr.exe
  C:\Windows\System\vgZmAXr.exe
  2⤵
  PID:3132
- C:\Windows\System\rAWfbPL.exe
  C:\Windows\System\rAWfbPL.exe
  2⤵
  PID:3196
- C:\Windows\System\ztAETLA.exe
  C:\Windows\System\ztAETLA.exe
  2⤵
  PID:3276
- C:\Windows\System\efdJXGO.exe
  C:\Windows\System\efdJXGO.exe
  2⤵
  PID:3340
- C:\Windows\System\csihYmd.exe
  C:\Windows\System\csihYmd.exe
  2⤵
  PID:3404
- C:\Windows\System\frHzIkm.exe
  C:\Windows\System\frHzIkm.exe
  2⤵
  PID:3472
- C:\Windows\System\nsvYDbK.exe
  C:\Windows\System\nsvYDbK.exe
  2⤵
  PID:3536
- C:\Windows\System\ggcRFjX.exe
  C:\Windows\System\ggcRFjX.exe
  2⤵
  PID:3600
- C:\Windows\System\bTquIrm.exe
  C:\Windows\System\bTquIrm.exe
  2⤵
  PID:3648
- C:\Windows\System\lvTlUSY.exe
  C:\Windows\System\lvTlUSY.exe
  2⤵
  PID:3712
- C:\Windows\System\NImqOKV.exe
  C:\Windows\System\NImqOKV.exe
  2⤵
  PID:2060
- C:\Windows\System\bvVxncu.exe
  C:\Windows\System\bvVxncu.exe
  2⤵
  PID:3828
- C:\Windows\System\DQEeGOR.exe
  C:\Windows\System\DQEeGOR.exe
  2⤵
  PID:3876
- C:\Windows\System\DSYmkoU.exe
  C:\Windows\System\DSYmkoU.exe
  2⤵
  PID:3956
- C:\Windows\System\QgSNAxP.exe
  C:\Windows\System\QgSNAxP.exe
  2⤵
  PID:4016
- C:\Windows\System\jOVtcsH.exe
  C:\Windows\System\jOVtcsH.exe
  2⤵
  PID:4080
- C:\Windows\System\qxQPfQT.exe
  C:\Windows\System\qxQPfQT.exe
  2⤵
  PID:1340
- C:\Windows\System\RAupTeD.exe
  C:\Windows\System\RAupTeD.exe
  2⤵
  PID:2208
- C:\Windows\System\ukRsRDe.exe
  C:\Windows\System\ukRsRDe.exe
  2⤵
  PID:3164
- C:\Windows\System\aWEXePD.exe
  C:\Windows\System\aWEXePD.exe
  2⤵
  PID:3280
- C:\Windows\System\OVIFSLy.exe
  C:\Windows\System\OVIFSLy.exe
  2⤵
  PID:3392
- C:\Windows\System\GwlXbyQ.exe
  C:\Windows\System\GwlXbyQ.exe
  2⤵
  PID:4112
- C:\Windows\System\PNUMzwU.exe
  C:\Windows\System\PNUMzwU.exe
  2⤵
  PID:4128
- C:\Windows\System\pTqylFs.exe
  C:\Windows\System\pTqylFs.exe
  2⤵
  PID:4144
- C:\Windows\System\fDSynCG.exe
  C:\Windows\System\fDSynCG.exe
  2⤵
  PID:4160
- C:\Windows\System\efadRpa.exe
  C:\Windows\System\efadRpa.exe
  2⤵
  PID:4176
- C:\Windows\System\hfUiyjZ.exe
  C:\Windows\System\hfUiyjZ.exe
  2⤵
  PID:4192
- C:\Windows\System\CCZnVVs.exe
  C:\Windows\System\CCZnVVs.exe
  2⤵
  PID:4208
- C:\Windows\System\iFtGoId.exe
  C:\Windows\System\iFtGoId.exe
  2⤵
  PID:4224
- C:\Windows\System\XOCjsYV.exe
  C:\Windows\System\XOCjsYV.exe
  2⤵
  PID:4240
- C:\Windows\System\mcYsRzp.exe
  C:\Windows\System\mcYsRzp.exe
  2⤵
  PID:4256
- C:\Windows\System\effddlg.exe
  C:\Windows\System\effddlg.exe
  2⤵
  PID:4272
- C:\Windows\System\DNfvQem.exe
  C:\Windows\System\DNfvQem.exe
  2⤵
  PID:4288
- C:\Windows\System\NbEhUtE.exe
  C:\Windows\System\NbEhUtE.exe
  2⤵
  PID:4304
- C:\Windows\System\kxJqXsL.exe
  C:\Windows\System\kxJqXsL.exe
  2⤵
  PID:4320
- C:\Windows\System\gCgVWen.exe
  C:\Windows\System\gCgVWen.exe
  2⤵
  PID:4336
- C:\Windows\System\UEConCF.exe
  C:\Windows\System\UEConCF.exe
  2⤵
  PID:4352
- C:\Windows\System\EWWQKkk.exe
  C:\Windows\System\EWWQKkk.exe
  2⤵
  PID:4368
- C:\Windows\System\MuPkMfP.exe
  C:\Windows\System\MuPkMfP.exe
  2⤵
  PID:4384
- C:\Windows\System\rUCVpBx.exe
  C:\Windows\System\rUCVpBx.exe
  2⤵
  PID:4400
- C:\Windows\System\AHzOstr.exe
  C:\Windows\System\AHzOstr.exe
  2⤵
  PID:4416
- C:\Windows\System\bQLUihJ.exe
  C:\Windows\System\bQLUihJ.exe
  2⤵
  PID:4432
- C:\Windows\System\zJYkfOj.exe
  C:\Windows\System\zJYkfOj.exe
  2⤵
  PID:4448
- C:\Windows\System\HKmYbNv.exe
  C:\Windows\System\HKmYbNv.exe
  2⤵
  PID:4464
- C:\Windows\System\AbmkHbo.exe
  C:\Windows\System\AbmkHbo.exe
  2⤵
  PID:4480
- C:\Windows\System\FZAgCZk.exe
  C:\Windows\System\FZAgCZk.exe
  2⤵
  PID:4496
- C:\Windows\System\XiItBJW.exe
  C:\Windows\System\XiItBJW.exe
  2⤵
  PID:4512
- C:\Windows\System\IZOwPyB.exe
  C:\Windows\System\IZOwPyB.exe
  2⤵
  PID:4528
- C:\Windows\System\UBEjmLX.exe
  C:\Windows\System\UBEjmLX.exe
  2⤵
  PID:4544
- C:\Windows\System\OmIVNTU.exe
  C:\Windows\System\OmIVNTU.exe
  2⤵
  PID:4560
- C:\Windows\System\zSActQe.exe
  C:\Windows\System\zSActQe.exe
  2⤵
  PID:4576
- C:\Windows\System\WuZrJUF.exe
  C:\Windows\System\WuZrJUF.exe
  2⤵
  PID:4592
- C:\Windows\System\zblKdFu.exe
  C:\Windows\System\zblKdFu.exe
  2⤵
  PID:4608
- C:\Windows\System\YWUTUVL.exe
  C:\Windows\System\YWUTUVL.exe
  2⤵
  PID:4624
- C:\Windows\System\nWZZzPu.exe
  C:\Windows\System\nWZZzPu.exe
  2⤵
  PID:4640
- C:\Windows\System\erWEBzS.exe
  C:\Windows\System\erWEBzS.exe
  2⤵
  PID:4656
- C:\Windows\System\drjeQUK.exe
  C:\Windows\System\drjeQUK.exe
  2⤵
  PID:4672
- C:\Windows\System\mZaCBpi.exe
  C:\Windows\System\mZaCBpi.exe
  2⤵
  PID:4688
- C:\Windows\System\gsiCRPK.exe
  C:\Windows\System\gsiCRPK.exe
  2⤵
  PID:4704
- C:\Windows\System\WeWWfOA.exe
  C:\Windows\System\WeWWfOA.exe
  2⤵
  PID:4720
- C:\Windows\System\WooFRFk.exe
  C:\Windows\System\WooFRFk.exe
  2⤵
  PID:4736
- C:\Windows\System\fEsioPf.exe
  C:\Windows\System\fEsioPf.exe
  2⤵
  PID:4752
- C:\Windows\System\DVorNfM.exe
  C:\Windows\System\DVorNfM.exe
  2⤵
  PID:4768
- C:\Windows\System\BPQSDsJ.exe
  C:\Windows\System\BPQSDsJ.exe
  2⤵
  PID:4784
- C:\Windows\System\bBSfGWH.exe
  C:\Windows\System\bBSfGWH.exe
  2⤵
  PID:4800
- C:\Windows\System\tuEruHD.exe
  C:\Windows\System\tuEruHD.exe
  2⤵
  PID:4816
- C:\Windows\System\vqhfjub.exe
  C:\Windows\System\vqhfjub.exe
  2⤵
  PID:4832
- C:\Windows\System\NAfnlaC.exe
  C:\Windows\System\NAfnlaC.exe
  2⤵
  PID:4848
- C:\Windows\System\IbQByCW.exe
  C:\Windows\System\IbQByCW.exe
  2⤵
  PID:4864
- C:\Windows\System\FJUESkU.exe
  C:\Windows\System\FJUESkU.exe
  2⤵
  PID:4880
- C:\Windows\System\xjFeWLd.exe
  C:\Windows\System\xjFeWLd.exe
  2⤵
  PID:4896
- C:\Windows\System\hvKEcef.exe
  C:\Windows\System\hvKEcef.exe
  2⤵
  PID:4912
- C:\Windows\System\XbZrHVE.exe
  C:\Windows\System\XbZrHVE.exe
  2⤵
  PID:4928
- C:\Windows\System\FEDEuOg.exe
  C:\Windows\System\FEDEuOg.exe
  2⤵
  PID:4944
- C:\Windows\System\TmgBkOF.exe
  C:\Windows\System\TmgBkOF.exe
  2⤵
  PID:4960
- C:\Windows\System\CFBtZBu.exe
  C:\Windows\System\CFBtZBu.exe
  2⤵
  PID:4976
- C:\Windows\System\XTuJtWo.exe
  C:\Windows\System\XTuJtWo.exe
  2⤵
  PID:4992
- C:\Windows\System\cGdWfDn.exe
  C:\Windows\System\cGdWfDn.exe
  2⤵
  PID:5008
- C:\Windows\System\QxsOyHR.exe
  C:\Windows\System\QxsOyHR.exe
  2⤵
  PID:5024
- C:\Windows\System\vJvzEmt.exe
  C:\Windows\System\vJvzEmt.exe
  2⤵
  PID:5040
- C:\Windows\System\IfSZswL.exe
  C:\Windows\System\IfSZswL.exe
  2⤵
  PID:5056
- C:\Windows\System\TvTaVjh.exe
  C:\Windows\System\TvTaVjh.exe
  2⤵
  PID:5072
- C:\Windows\System\IlAVxhS.exe
  C:\Windows\System\IlAVxhS.exe
  2⤵
  PID:5088
- C:\Windows\System\obOHZvo.exe
  C:\Windows\System\obOHZvo.exe
  2⤵
  PID:5104
- C:\Windows\System\gFtkukQ.exe
  C:\Windows\System\gFtkukQ.exe
  2⤵
  PID:3476
- C:\Windows\System\NqmYgvf.exe
  C:\Windows\System\NqmYgvf.exe
  2⤵
  PID:2180
- C:\Windows\System\cXQubUg.exe
  C:\Windows\System\cXQubUg.exe
  2⤵
  PID:3728
- C:\Windows\System\VoEhfdy.exe
  C:\Windows\System\VoEhfdy.exe
  2⤵
  PID:3840
- C:\Windows\System\tKoBGSs.exe
  C:\Windows\System\tKoBGSs.exe
  2⤵
  PID:2676
- C:\Windows\System\bTLiqIa.exe
  C:\Windows\System\bTLiqIa.exe
  2⤵
  PID:2456
- C:\Windows\System\nnzfLed.exe
  C:\Windows\System\nnzfLed.exe
  2⤵
  PID:4052
- C:\Windows\System\qGERdZR.exe
  C:\Windows\System\qGERdZR.exe
  2⤵
  PID:3116
- C:\Windows\System\amrlhWz.exe
  C:\Windows\System\amrlhWz.exe
  2⤵
  PID:3356
- C:\Windows\System\KIqkbZN.exe
  C:\Windows\System\KIqkbZN.exe
  2⤵
  PID:4108
- C:\Windows\System\gCjBnbb.exe
  C:\Windows\System\gCjBnbb.exe
  2⤵
  PID:4140
- C:\Windows\System\FWzieEP.exe
  C:\Windows\System\FWzieEP.exe
  2⤵
  PID:4172
- C:\Windows\System\vGUiaOT.exe
  C:\Windows\System\vGUiaOT.exe
  2⤵
  PID:4204
- C:\Windows\System\oqrZhvO.exe
  C:\Windows\System\oqrZhvO.exe
  2⤵
  PID:4236
- C:\Windows\System\VrgIltB.exe
  C:\Windows\System\VrgIltB.exe
  2⤵
  PID:4268
- C:\Windows\System\mHzBhfb.exe
  C:\Windows\System\mHzBhfb.exe
  2⤵
  PID:4300
- C:\Windows\System\mGcVtdy.exe
  C:\Windows\System\mGcVtdy.exe
  2⤵
  PID:4332
- C:\Windows\System\OnKLZVA.exe
  C:\Windows\System\OnKLZVA.exe
  2⤵
  PID:4376
- C:\Windows\System\ZgTymPt.exe
  C:\Windows\System\ZgTymPt.exe
  2⤵
  PID:4408
- C:\Windows\System\QMKfjNk.exe
  C:\Windows\System\QMKfjNk.exe
  2⤵
  PID:4440
- C:\Windows\System\zdAdyik.exe
  C:\Windows\System\zdAdyik.exe
  2⤵
  PID:4472
- C:\Windows\System\CJCxgNC.exe
  C:\Windows\System\CJCxgNC.exe
  2⤵
  PID:4504
- C:\Windows\System\cuOhJag.exe
  C:\Windows\System\cuOhJag.exe
  2⤵
  PID:4536
- C:\Windows\System\vLVZBVz.exe
  C:\Windows\System\vLVZBVz.exe
  2⤵
  PID:4568
- C:\Windows\System\VwuekOO.exe
  C:\Windows\System\VwuekOO.exe
  2⤵
  PID:4600
- C:\Windows\System\ALcdzuv.exe
  C:\Windows\System\ALcdzuv.exe
  2⤵
  PID:4632
- C:\Windows\System\XqfINUm.exe
  C:\Windows\System\XqfINUm.exe
  2⤵
  PID:4664
- C:\Windows\System\eqLaXsI.exe
  C:\Windows\System\eqLaXsI.exe
  2⤵
  PID:4696
- C:\Windows\System\WjurjYU.exe
  C:\Windows\System\WjurjYU.exe
  2⤵
  PID:4716
- C:\Windows\System\dSjlYHE.exe
  C:\Windows\System\dSjlYHE.exe
  2⤵
  PID:4760
- C:\Windows\System\GzsALJV.exe
  C:\Windows\System\GzsALJV.exe
  2⤵
  PID:4776
- C:\Windows\System\YqcJpcM.exe
  C:\Windows\System\YqcJpcM.exe
  2⤵
  PID:4796
- C:\Windows\System\RlyTsao.exe
  C:\Windows\System\RlyTsao.exe
  2⤵
  PID:4812
- C:\Windows\System\TAvquYn.exe
  C:\Windows\System\TAvquYn.exe
  2⤵
  PID:4860
- C:\Windows\System\NNkgWBZ.exe
  C:\Windows\System\NNkgWBZ.exe
  2⤵
  PID:4892
- C:\Windows\System\rwpqJdi.exe
  C:\Windows\System\rwpqJdi.exe
  2⤵
  PID:4936
- C:\Windows\System\JbTOekU.exe
  C:\Windows\System\JbTOekU.exe
  2⤵
  PID:2688
- C:\Windows\System\yYhsure.exe
  C:\Windows\System\yYhsure.exe
  2⤵
  PID:4988
- C:\Windows\System\ZYsAWqG.exe
  C:\Windows\System\ZYsAWqG.exe
  2⤵
  PID:5020
- C:\Windows\System\kgTMmwZ.exe
  C:\Windows\System\kgTMmwZ.exe
  2⤵
  PID:5052
- C:\Windows\System\ueAEVtt.exe
  C:\Windows\System\ueAEVtt.exe
  2⤵
  PID:5084
- C:\Windows\System\sTXoCzW.exe
  C:\Windows\System\sTXoCzW.exe
  2⤵
  PID:5116
- C:\Windows\System\ZiTCkXA.exe
  C:\Windows\System\ZiTCkXA.exe
  2⤵
  PID:3696
- C:\Windows\System\ikwYYrN.exe
  C:\Windows\System\ikwYYrN.exe
  2⤵
  PID:1304
- C:\Windows\System\nmLRtqG.exe
  C:\Windows\System\nmLRtqG.exe
  2⤵
  PID:4068
- C:\Windows\System\WSlCNjb.exe
  C:\Windows\System\WSlCNjb.exe
  2⤵
  PID:3180
- C:\Windows\System\OtNkfIM.exe
  C:\Windows\System\OtNkfIM.exe
  2⤵
  PID:4136
- C:\Windows\System\IKfuFYU.exe
  C:\Windows\System\IKfuFYU.exe
  2⤵
  PID:4216
- C:\Windows\System\GsVjpVj.exe
  C:\Windows\System\GsVjpVj.exe
  2⤵
  PID:4280
- C:\Windows\System\jNxJiSu.exe
  C:\Windows\System\jNxJiSu.exe
  2⤵
  PID:2244
- C:\Windows\System\PLggcqH.exe
  C:\Windows\System\PLggcqH.exe
  2⤵
  PID:4364
- C:\Windows\System\wQbVAcM.exe
  C:\Windows\System\wQbVAcM.exe
  2⤵
  PID:4444
- C:\Windows\System\gIJSktc.exe
  C:\Windows\System\gIJSktc.exe
  2⤵
  PID:4476
- C:\Windows\System\rzFOgBK.exe
  C:\Windows\System\rzFOgBK.exe
  2⤵
  PID:4540
- C:\Windows\System\eSivOCy.exe
  C:\Windows\System\eSivOCy.exe
  2⤵
  PID:4588
- C:\Windows\System\YHHeaUG.exe
  C:\Windows\System\YHHeaUG.exe
  2⤵
  PID:4668
- C:\Windows\System\BAcPtyl.exe
  C:\Windows\System\BAcPtyl.exe
  2⤵
  PID:4732
- C:\Windows\System\xEALnzq.exe
  C:\Windows\System\xEALnzq.exe
  2⤵
  PID:4792
- C:\Windows\System\hRPnPnT.exe
  C:\Windows\System\hRPnPnT.exe
  2⤵
  PID:4844
- C:\Windows\System\dILGMck.exe
  C:\Windows\System\dILGMck.exe
  2⤵
  PID:5136
- C:\Windows\System\dNRHzaC.exe
  C:\Windows\System\dNRHzaC.exe
  2⤵
  PID:5152
- C:\Windows\System\zsYaGVv.exe
  C:\Windows\System\zsYaGVv.exe
  2⤵
  PID:5168
- C:\Windows\System\MjWxhwT.exe
  C:\Windows\System\MjWxhwT.exe
  2⤵
  PID:5184
- C:\Windows\System\urkYSsw.exe
  C:\Windows\System\urkYSsw.exe
  2⤵
  PID:5200
- C:\Windows\System\RTiexFT.exe
  C:\Windows\System\RTiexFT.exe
  2⤵
  PID:5216
- C:\Windows\System\XwRBgfY.exe
  C:\Windows\System\XwRBgfY.exe
  2⤵
  PID:5232
- C:\Windows\System\UQhWxIq.exe
  C:\Windows\System\UQhWxIq.exe
  2⤵
  PID:5248
- C:\Windows\System\EWtrZSB.exe
  C:\Windows\System\EWtrZSB.exe
  2⤵
  PID:5264
- C:\Windows\System\wQOwsNi.exe
  C:\Windows\System\wQOwsNi.exe
  2⤵
  PID:5280
- C:\Windows\System\iIGNPuK.exe
  C:\Windows\System\iIGNPuK.exe
  2⤵
  PID:5296
- C:\Windows\System\HFpfUEp.exe
  C:\Windows\System\HFpfUEp.exe
  2⤵
  PID:5312
- C:\Windows\System\PasDiiJ.exe
  C:\Windows\System\PasDiiJ.exe
  2⤵
  PID:5328
- C:\Windows\System\rElQPUa.exe
  C:\Windows\System\rElQPUa.exe
  2⤵
  PID:5344
- C:\Windows\System\NIbKcgE.exe
  C:\Windows\System\NIbKcgE.exe
  2⤵
  PID:5360
- C:\Windows\System\ajwaIAI.exe
  C:\Windows\System\ajwaIAI.exe
  2⤵
  PID:5376
- C:\Windows\System\FiKxTyj.exe
  C:\Windows\System\FiKxTyj.exe
  2⤵
  PID:5392
- C:\Windows\System\sOeKKPU.exe
  C:\Windows\System\sOeKKPU.exe
  2⤵
  PID:5408
- C:\Windows\System\malfKkF.exe
  C:\Windows\System\malfKkF.exe
  2⤵
  PID:5424
- C:\Windows\System\JDlpnRo.exe
  C:\Windows\System\JDlpnRo.exe
  2⤵
  PID:5444
- C:\Windows\System\xcXGmNn.exe
  C:\Windows\System\xcXGmNn.exe
  2⤵
  PID:5460
- C:\Windows\System\HOpwctM.exe
  C:\Windows\System\HOpwctM.exe
  2⤵
  PID:5476
- C:\Windows\System\TLEuuHT.exe
  C:\Windows\System\TLEuuHT.exe
  2⤵
  PID:5492
- C:\Windows\System\hFURDcm.exe
  C:\Windows\System\hFURDcm.exe
  2⤵
  PID:5508
- C:\Windows\System\ASBYstv.exe
  C:\Windows\System\ASBYstv.exe
  2⤵
  PID:5524
- C:\Windows\System\OHLYqxg.exe
  C:\Windows\System\OHLYqxg.exe
  2⤵
  PID:5540
- C:\Windows\System\viwIiUk.exe
  C:\Windows\System\viwIiUk.exe
  2⤵
  PID:5556
- C:\Windows\System\apPozmd.exe
  C:\Windows\System\apPozmd.exe
  2⤵
  PID:5572
- C:\Windows\System\UOdadXe.exe
  C:\Windows\System\UOdadXe.exe
  2⤵
  PID:5588
- C:\Windows\System\bJVXCHK.exe
  C:\Windows\System\bJVXCHK.exe
  2⤵
  PID:5604
- C:\Windows\System\zDVqKht.exe
  C:\Windows\System\zDVqKht.exe
  2⤵
  PID:5620
- C:\Windows\System\ozCDPRF.exe
  C:\Windows\System\ozCDPRF.exe
  2⤵
  PID:5636
- C:\Windows\System\Qcznflv.exe
  C:\Windows\System\Qcznflv.exe
  2⤵
  PID:5652
- C:\Windows\System\vVlHDrw.exe
  C:\Windows\System\vVlHDrw.exe
  2⤵
  PID:5668
- C:\Windows\System\ushUXKu.exe
  C:\Windows\System\ushUXKu.exe
  2⤵
  PID:5684
- C:\Windows\System\jWYkRFM.exe
  C:\Windows\System\jWYkRFM.exe
  2⤵
  PID:5700
- C:\Windows\System\aWTEMmx.exe
  C:\Windows\System\aWTEMmx.exe
  2⤵
  PID:5716
- C:\Windows\System\oVhCoiT.exe
  C:\Windows\System\oVhCoiT.exe
  2⤵
  PID:5732
- C:\Windows\System\ahGBqcK.exe
  C:\Windows\System\ahGBqcK.exe
  2⤵
  PID:5748
- C:\Windows\System\MATwnJP.exe
  C:\Windows\System\MATwnJP.exe
  2⤵
  PID:5764
- C:\Windows\System\vfcPNfk.exe
  C:\Windows\System\vfcPNfk.exe
  2⤵
  PID:5780
- C:\Windows\System\uzYSbNp.exe
  C:\Windows\System\uzYSbNp.exe
  2⤵
  PID:5796
- C:\Windows\System\zIoVfRD.exe
  C:\Windows\System\zIoVfRD.exe
  2⤵
  PID:5812
- C:\Windows\System\UVGpcRj.exe
  C:\Windows\System\UVGpcRj.exe
  2⤵
  PID:5828
- C:\Windows\System\rxySKwt.exe
  C:\Windows\System\rxySKwt.exe
  2⤵
  PID:5844
- C:\Windows\System\UdTxcxK.exe
  C:\Windows\System\UdTxcxK.exe
  2⤵
  PID:5860
- C:\Windows\System\hJevecp.exe
  C:\Windows\System\hJevecp.exe
  2⤵
  PID:5876
- C:\Windows\System\CQICyJT.exe
  C:\Windows\System\CQICyJT.exe
  2⤵
  PID:5892
- C:\Windows\System\eHnJtNW.exe
  C:\Windows\System\eHnJtNW.exe
  2⤵
  PID:5908
- C:\Windows\System\YnqruIw.exe
  C:\Windows\System\YnqruIw.exe
  2⤵
  PID:5924
- C:\Windows\System\kjhXdKB.exe
  C:\Windows\System\kjhXdKB.exe
  2⤵
  PID:5940
- C:\Windows\System\LxxxDbu.exe
  C:\Windows\System\LxxxDbu.exe
  2⤵
  PID:5956
- C:\Windows\System\DjYRvrx.exe
  C:\Windows\System\DjYRvrx.exe
  2⤵
  PID:5972
- C:\Windows\System\SfOwnxm.exe
  C:\Windows\System\SfOwnxm.exe
  2⤵
  PID:5988
- C:\Windows\System\AiYvgtP.exe
  C:\Windows\System\AiYvgtP.exe
  2⤵
  PID:6004
- C:\Windows\System\KCkDvGL.exe
  C:\Windows\System\KCkDvGL.exe
  2⤵
  PID:6020
- C:\Windows\System\hCkVMKt.exe
  C:\Windows\System\hCkVMKt.exe
  2⤵
  PID:6036
- C:\Windows\System\pfSJPPA.exe
  C:\Windows\System\pfSJPPA.exe
  2⤵
  PID:6052
- C:\Windows\System\nrDuSwg.exe
  C:\Windows\System\nrDuSwg.exe
  2⤵
  PID:6068
- C:\Windows\System\IPiMBqp.exe
  C:\Windows\System\IPiMBqp.exe
  2⤵
  PID:6088
- C:\Windows\System\nFGEtUM.exe
  C:\Windows\System\nFGEtUM.exe
  2⤵
  PID:6104
- C:\Windows\System\NjJzwZf.exe
  C:\Windows\System\NjJzwZf.exe
  2⤵
  PID:6120
- C:\Windows\System\KrIZRVv.exe
  C:\Windows\System\KrIZRVv.exe
  2⤵
  PID:6136
- C:\Windows\System\qKrlaon.exe
  C:\Windows\System\qKrlaon.exe
  2⤵
  PID:4888
- C:\Windows\System\FpXVEtJ.exe
  C:\Windows\System\FpXVEtJ.exe
  2⤵
  PID:4956
- C:\Windows\System\PnNxEOz.exe
  C:\Windows\System\PnNxEOz.exe
  2⤵
  PID:5016
- C:\Windows\System\yKYYLar.exe
  C:\Windows\System\yKYYLar.exe
  2⤵
  PID:5080
- C:\Windows\System\LrbAhCB.exe
  C:\Windows\System\LrbAhCB.exe
  2⤵
  PID:3524
- C:\Windows\System\QzJNmWD.exe
  C:\Windows\System\QzJNmWD.exe
  2⤵
  PID:3940
- C:\Windows\System\HidaYVO.exe
  C:\Windows\System\HidaYVO.exe
  2⤵
  PID:4120
- C:\Windows\System\qhpzhIg.exe
  C:\Windows\System\qhpzhIg.exe
  2⤵
  PID:4248
- C:\Windows\System\JJDydqs.exe
  C:\Windows\System\JJDydqs.exe
  2⤵
  PID:4316
- C:\Windows\System\tpOPGhB.exe
  C:\Windows\System\tpOPGhB.exe
  2⤵
  PID:4412
- C:\Windows\System\bCJZDNW.exe
  C:\Windows\System\bCJZDNW.exe
  2⤵
  PID:4520
- C:\Windows\System\TLtTokc.exe
  C:\Windows\System\TLtTokc.exe
  2⤵
  PID:4648
- C:\Windows\System\JBPxlnP.exe
  C:\Windows\System\JBPxlnP.exe
  2⤵
  PID:4780
- C:\Windows\System\cSBdSog.exe
  C:\Windows\System\cSBdSog.exe
  2⤵
  PID:5128
- C:\Windows\System\SkNNRFe.exe
  C:\Windows\System\SkNNRFe.exe
  2⤵
  PID:5160
- C:\Windows\System\EltVHwH.exe
  C:\Windows\System\EltVHwH.exe
  2⤵
  PID:2884
- C:\Windows\System\jkVsCnA.exe
  C:\Windows\System\jkVsCnA.exe
  2⤵
  PID:5212
- C:\Windows\System\ALlzoMx.exe
  C:\Windows\System\ALlzoMx.exe
  2⤵
  PID:5244
- C:\Windows\System\AbmnlSz.exe
  C:\Windows\System\AbmnlSz.exe
  2⤵
  PID:5276
- C:\Windows\System\ysnPgte.exe
  C:\Windows\System\ysnPgte.exe
  2⤵
  PID:5308
- C:\Windows\System\XoeAtZV.exe
  C:\Windows\System\XoeAtZV.exe
  2⤵
  PID:5340
- C:\Windows\System\QlhPNxW.exe
  C:\Windows\System\QlhPNxW.exe
  2⤵
  PID:5372
- C:\Windows\System\KHBSSMw.exe
  C:\Windows\System\KHBSSMw.exe
  2⤵
  PID:5404
- C:\Windows\System\tUbrhEh.exe
  C:\Windows\System\tUbrhEh.exe
  2⤵
  PID:5436
- C:\Windows\System\idSUZbj.exe
  C:\Windows\System\idSUZbj.exe
  2⤵
  PID:5472
- C:\Windows\System\zRHbqhb.exe
  C:\Windows\System\zRHbqhb.exe
  2⤵
  PID:2668
- C:\Windows\System\JpqjQeI.exe
  C:\Windows\System\JpqjQeI.exe
  2⤵
  PID:5520
- C:\Windows\System\viJaULH.exe
  C:\Windows\System\viJaULH.exe
  2⤵
  PID:5564
- C:\Windows\System\TRHmChs.exe
  C:\Windows\System\TRHmChs.exe
  2⤵
  PID:5584
- C:\Windows\System\tmSErCM.exe
  C:\Windows\System\tmSErCM.exe
  2⤵
  PID:5628
- C:\Windows\System\oRnHcpC.exe
  C:\Windows\System\oRnHcpC.exe
  2⤵
  PID:5660
- C:\Windows\System\ScMoYiV.exe
  C:\Windows\System\ScMoYiV.exe
  2⤵
  PID:5692
- C:\Windows\System\lKbIDXj.exe
  C:\Windows\System\lKbIDXj.exe
  2⤵
  PID:5724
- C:\Windows\System\PcKXfmA.exe
  C:\Windows\System\PcKXfmA.exe
  2⤵
  PID:5756
- C:\Windows\System\FGmoRbk.exe
  C:\Windows\System\FGmoRbk.exe
  2⤵
  PID:5788
- C:\Windows\System\RjLRzFQ.exe
  C:\Windows\System\RjLRzFQ.exe
  2⤵
  PID:5808
- C:\Windows\System\eyPujBh.exe
  C:\Windows\System\eyPujBh.exe
  2⤵
  PID:5852
- C:\Windows\System\YOQsNxm.exe
  C:\Windows\System\YOQsNxm.exe
  2⤵
  PID:5872
- C:\Windows\System\GnUrHas.exe
  C:\Windows\System\GnUrHas.exe
  2⤵
  PID:5904
- C:\Windows\System\weCOtmI.exe
  C:\Windows\System\weCOtmI.exe
  2⤵
  PID:5936
- C:\Windows\System\jLIAmOF.exe
  C:\Windows\System\jLIAmOF.exe
  2⤵
  PID:5968
- C:\Windows\System\xcKTBZj.exe
  C:\Windows\System\xcKTBZj.exe
  2⤵
  PID:6000
- C:\Windows\System\fjiqtMJ.exe
  C:\Windows\System\fjiqtMJ.exe
  2⤵
  PID:6032
- C:\Windows\System\PyyMobt.exe
  C:\Windows\System\PyyMobt.exe
  2⤵
  PID:6064
- C:\Windows\System\OrHVRvh.exe
  C:\Windows\System\OrHVRvh.exe
  2⤵
  PID:6096
- C:\Windows\System\enJBxeM.exe
  C:\Windows\System\enJBxeM.exe
  2⤵
  PID:6128
- C:\Windows\System\ViNeEkt.exe
  C:\Windows\System\ViNeEkt.exe
  2⤵
  PID:4924
- C:\Windows\System\GzvWwgu.exe
  C:\Windows\System\GzvWwgu.exe
  2⤵
  PID:5068
- C:\Windows\System\cwiWdRB.exe
  C:\Windows\System\cwiWdRB.exe
  2⤵
  PID:3776
- C:\Windows\System\HjZUCjs.exe
  C:\Windows\System\HjZUCjs.exe
  2⤵
  PID:1992
- C:\Windows\System\tniiuQN.exe
  C:\Windows\System\tniiuQN.exe
  2⤵
  PID:2216
- C:\Windows\System\daUHUpA.exe
  C:\Windows\System\daUHUpA.exe
  2⤵
  PID:2212
- C:\Windows\System\pnnzwAJ.exe
  C:\Windows\System\pnnzwAJ.exe
  2⤵
  PID:4636
- C:\Windows\System\ijGtvkS.exe
  C:\Windows\System\ijGtvkS.exe
  2⤵
  PID:2844
- C:\Windows\System\wjSHVru.exe
  C:\Windows\System\wjSHVru.exe
  2⤵
  PID:5180
- C:\Windows\System\yJTFgTT.exe
  C:\Windows\System\yJTFgTT.exe
  2⤵
  PID:5228
- C:\Windows\System\FQJzRjE.exe
  C:\Windows\System\FQJzRjE.exe
  2⤵
  PID:5304
- C:\Windows\System\wiwjUnI.exe
  C:\Windows\System\wiwjUnI.exe
  2⤵
  PID:5356
- C:\Windows\System\yTYFQar.exe
  C:\Windows\System\yTYFQar.exe
  2⤵
  PID:5420
- C:\Windows\System\VyYNtTw.exe
  C:\Windows\System\VyYNtTw.exe
  2⤵
  PID:5488
- C:\Windows\System\waefDFM.exe
  C:\Windows\System\waefDFM.exe
  2⤵
  PID:5532
- C:\Windows\System\CyBWXKi.exe
  C:\Windows\System\CyBWXKi.exe
  2⤵
  PID:5596
- C:\Windows\System\XXASoxa.exe
  C:\Windows\System\XXASoxa.exe
  2⤵
  PID:5644
- C:\Windows\System\XVBDKVM.exe
  C:\Windows\System\XVBDKVM.exe
  2⤵
  PID:5648
- C:\Windows\System\flhTMPv.exe
  C:\Windows\System\flhTMPv.exe
  2⤵
  PID:5712
- C:\Windows\System\UUOGcNq.exe
  C:\Windows\System\UUOGcNq.exe
  2⤵
  PID:5776
- C:\Windows\System\VQWEjzE.exe
  C:\Windows\System\VQWEjzE.exe
  2⤵
  PID:1916
- C:\Windows\System\qrjclHA.exe
  C:\Windows\System\qrjclHA.exe
  2⤵
  PID:5888
- C:\Windows\System\XAXGRMw.exe
  C:\Windows\System\XAXGRMw.exe
  2⤵
  PID:1944
- C:\Windows\System\WqyXgLt.exe
  C:\Windows\System\WqyXgLt.exe
  2⤵
  PID:5996
- C:\Windows\System\MewJgFj.exe
  C:\Windows\System\MewJgFj.exe
  2⤵
  PID:6060
- C:\Windows\System\ZKOOFWc.exe
  C:\Windows\System\ZKOOFWc.exe
  2⤵
  PID:2916
- C:\Windows\System\JBGznOh.exe
  C:\Windows\System\JBGznOh.exe
  2⤵
  PID:2564
- C:\Windows\System\zbxrZRm.exe
  C:\Windows\System\zbxrZRm.exe
  2⤵
  PID:2652
- C:\Windows\System\qDGedWe.exe
  C:\Windows\System\qDGedWe.exe
  2⤵
  PID:4392
- C:\Windows\System\yceslSj.exe
  C:\Windows\System\yceslSj.exe
  2⤵
  PID:5148
- C:\Windows\System\lWfaDBB.exe
  C:\Windows\System\lWfaDBB.exe
  2⤵
  PID:5240
- C:\Windows\System\sJjRYpP.exe
  C:\Windows\System\sJjRYpP.exe
  2⤵
  PID:5368
- C:\Windows\System\QuRsfWY.exe
  C:\Windows\System\QuRsfWY.exe
  2⤵
  PID:5516
- C:\Windows\System\LJkBYKo.exe
  C:\Windows\System\LJkBYKo.exe
  2⤵
  PID:6152
- C:\Windows\System\BdQLjTk.exe
  C:\Windows\System\BdQLjTk.exe
  2⤵
  PID:6168
- C:\Windows\System\ZzXUhST.exe
  C:\Windows\System\ZzXUhST.exe
  2⤵
  PID:6188
- C:\Windows\System\FrKIxTq.exe
  C:\Windows\System\FrKIxTq.exe
  2⤵
  PID:6204
- C:\Windows\System\QQQXBGD.exe
  C:\Windows\System\QQQXBGD.exe
  2⤵
  PID:6220
- C:\Windows\System\HLjOztq.exe
  C:\Windows\System\HLjOztq.exe
  2⤵
  PID:6236
- C:\Windows\System\zJvxbXw.exe
  C:\Windows\System\zJvxbXw.exe
  2⤵
  PID:6252
- C:\Windows\System\HGknxrQ.exe
  C:\Windows\System\HGknxrQ.exe
  2⤵
  PID:6268
- C:\Windows\System\DvYDaCP.exe
  C:\Windows\System\DvYDaCP.exe
  2⤵
  PID:6284
- C:\Windows\System\rGakOXC.exe
  C:\Windows\System\rGakOXC.exe
  2⤵
  PID:6300
- C:\Windows\System\PyNRswd.exe
  C:\Windows\System\PyNRswd.exe
  2⤵
  PID:6316
- C:\Windows\System\EqLTIAy.exe
  C:\Windows\System\EqLTIAy.exe
  2⤵
  PID:6332
- C:\Windows\System\MvyODJL.exe
  C:\Windows\System\MvyODJL.exe
  2⤵
  PID:6348
- C:\Windows\System\KuaHYQA.exe
  C:\Windows\System\KuaHYQA.exe
  2⤵
  PID:6364
- C:\Windows\System\mtoCHGS.exe
  C:\Windows\System\mtoCHGS.exe
  2⤵
  PID:6380
- C:\Windows\System\USoRKdg.exe
  C:\Windows\System\USoRKdg.exe
  2⤵
  PID:6396
- C:\Windows\System\FwDLMhu.exe
  C:\Windows\System\FwDLMhu.exe
  2⤵
  PID:6412
- C:\Windows\System\imhsRLE.exe
  C:\Windows\System\imhsRLE.exe
  2⤵
  PID:6428
- C:\Windows\System\cyNVXLu.exe
  C:\Windows\System\cyNVXLu.exe
  2⤵
  PID:6444
- C:\Windows\System\Hbolldm.exe
  C:\Windows\System\Hbolldm.exe
  2⤵
  PID:6460
- C:\Windows\System\PUDpOIw.exe
  C:\Windows\System\PUDpOIw.exe
  2⤵
  PID:6476
- C:\Windows\System\kBZvKJX.exe
  C:\Windows\System\kBZvKJX.exe
  2⤵
  PID:6492
- C:\Windows\System\CpyUTHK.exe
  C:\Windows\System\CpyUTHK.exe
  2⤵
  PID:6508
- C:\Windows\System\ZjOALut.exe
  C:\Windows\System\ZjOALut.exe
  2⤵
  PID:6524
- C:\Windows\System\DnYrWpR.exe
  C:\Windows\System\DnYrWpR.exe
  2⤵
  PID:6540
- C:\Windows\System\dZqqkER.exe
  C:\Windows\System\dZqqkER.exe
  2⤵
  PID:6556
- C:\Windows\System\EenyNKu.exe
  C:\Windows\System\EenyNKu.exe
  2⤵
  PID:6572
- C:\Windows\System\cqJjuQw.exe
  C:\Windows\System\cqJjuQw.exe
  2⤵
  PID:6588
- C:\Windows\System\VJIamMB.exe
  C:\Windows\System\VJIamMB.exe
  2⤵
  PID:6604
- C:\Windows\System\BzTrjcs.exe
  C:\Windows\System\BzTrjcs.exe
  2⤵
  PID:6620
- C:\Windows\System\QMKcOtK.exe
  C:\Windows\System\QMKcOtK.exe
  2⤵
  PID:6636
- C:\Windows\System\MMyYArp.exe
  C:\Windows\System\MMyYArp.exe
  2⤵
  PID:6652
- C:\Windows\System\TFhaZxv.exe
  C:\Windows\System\TFhaZxv.exe
  2⤵
  PID:6668
- C:\Windows\System\mRKLPOi.exe
  C:\Windows\System\mRKLPOi.exe
  2⤵
  PID:6684
- C:\Windows\System\vRemoYD.exe
  C:\Windows\System\vRemoYD.exe
  2⤵
  PID:6700
- C:\Windows\System\SjzqIeG.exe
  C:\Windows\System\SjzqIeG.exe
  2⤵
  PID:6716
- C:\Windows\System\IaCuIQn.exe
  C:\Windows\System\IaCuIQn.exe
  2⤵
  PID:6732
- C:\Windows\System\yvtFsOR.exe
  C:\Windows\System\yvtFsOR.exe
  2⤵
  PID:6748
- C:\Windows\System\VLpJxjt.exe
  C:\Windows\System\VLpJxjt.exe
  2⤵
  PID:6764
- C:\Windows\System\gphFIiu.exe
  C:\Windows\System\gphFIiu.exe
  2⤵
  PID:6780
- C:\Windows\System\AdwMiWy.exe
  C:\Windows\System\AdwMiWy.exe
  2⤵
  PID:6796
- C:\Windows\System\HmDDFCD.exe
  C:\Windows\System\HmDDFCD.exe
  2⤵
  PID:6812
- C:\Windows\System\qQKMYhY.exe
  C:\Windows\System\qQKMYhY.exe
  2⤵
  PID:6828
- C:\Windows\System\nOkZvDd.exe
  C:\Windows\System\nOkZvDd.exe
  2⤵
  PID:6844
- C:\Windows\System\OWgjLhR.exe
  C:\Windows\System\OWgjLhR.exe
  2⤵
  PID:6864
- C:\Windows\System\uiBhCvk.exe
  C:\Windows\System\uiBhCvk.exe
  2⤵
  PID:6880
- C:\Windows\System\pniVySX.exe
  C:\Windows\System\pniVySX.exe
  2⤵
  PID:6896
- C:\Windows\System\DlvTwbX.exe
  C:\Windows\System\DlvTwbX.exe
  2⤵
  PID:6912
- C:\Windows\System\ULDSFKL.exe
  C:\Windows\System\ULDSFKL.exe
  2⤵
  PID:6928
- C:\Windows\System\YJfWDAa.exe
  C:\Windows\System\YJfWDAa.exe
  2⤵
  PID:6944
- C:\Windows\System\EFgGMWs.exe
  C:\Windows\System\EFgGMWs.exe
  2⤵
  PID:6960
- C:\Windows\System\bkcsciB.exe
  C:\Windows\System\bkcsciB.exe
  2⤵
  PID:6976
- C:\Windows\System\NYRgDoO.exe
  C:\Windows\System\NYRgDoO.exe
  2⤵
  PID:6992
- C:\Windows\System\ZznSBJV.exe
  C:\Windows\System\ZznSBJV.exe
  2⤵
  PID:7008
- C:\Windows\System\cdkyDxf.exe
  C:\Windows\System\cdkyDxf.exe
  2⤵
  PID:7024
- C:\Windows\System\LxZrQoW.exe
  C:\Windows\System\LxZrQoW.exe
  2⤵
  PID:7040
- C:\Windows\System\IiclXPj.exe
  C:\Windows\System\IiclXPj.exe
  2⤵
  PID:7056
- C:\Windows\System\SlyYnYF.exe
  C:\Windows\System\SlyYnYF.exe
  2⤵
  PID:7072
- C:\Windows\System\MicEzUk.exe
  C:\Windows\System\MicEzUk.exe
  2⤵
  PID:7088
- C:\Windows\System\lwLfZyl.exe
  C:\Windows\System\lwLfZyl.exe
  2⤵
  PID:7104
- C:\Windows\System\fCbLLDP.exe
  C:\Windows\System\fCbLLDP.exe
  2⤵
  PID:7120
- C:\Windows\System\EtHdlWl.exe
  C:\Windows\System\EtHdlWl.exe
  2⤵
  PID:7136
- C:\Windows\System\BDesXPw.exe
  C:\Windows\System\BDesXPw.exe
  2⤵
  PID:7152
- C:\Windows\System\oxcOUDW.exe
  C:\Windows\System\oxcOUDW.exe
  2⤵
  PID:5580
- C:\Windows\System\WhhxbCQ.exe
  C:\Windows\System\WhhxbCQ.exe
  2⤵
  PID:1684
- C:\Windows\System\ftoqiJy.exe
  C:\Windows\System\ftoqiJy.exe
  2⤵
  PID:5744
- C:\Windows\System\fwbPrDz.exe
  C:\Windows\System\fwbPrDz.exe
  2⤵
  PID:5856
- C:\Windows\System\yvcOwpw.exe
  C:\Windows\System\yvcOwpw.exe
  2⤵
  PID:5964
- C:\Windows\System\EhAlveB.exe
  C:\Windows\System\EhAlveB.exe
  2⤵
  PID:6112
- C:\Windows\System\pLyDKUl.exe
  C:\Windows\System\pLyDKUl.exe
  2⤵
  PID:5112
- C:\Windows\System\CJnYmDR.exe
  C:\Windows\System\CJnYmDR.exe
  2⤵
  PID:4712
- C:\Windows\System\nvvmXlF.exe
  C:\Windows\System\nvvmXlF.exe
  2⤵
  PID:5292
- C:\Windows\System\JjVhZmv.exe
  C:\Windows\System\JjVhZmv.exe
  2⤵
  PID:5500
- C:\Windows\System\rivkZtV.exe
  C:\Windows\System\rivkZtV.exe
  2⤵
  PID:6176
- C:\Windows\System\BQhRrfD.exe
  C:\Windows\System\BQhRrfD.exe
  2⤵
  PID:6212
- C:\Windows\System\rfZAyrQ.exe
  C:\Windows\System\rfZAyrQ.exe
  2⤵
  PID:6244
- C:\Windows\System\IyRhBHA.exe
  C:\Windows\System\IyRhBHA.exe
  2⤵
  PID:6264
- C:\Windows\System\DipGTWN.exe
  C:\Windows\System\DipGTWN.exe
  2⤵
  PID:6296
- C:\Windows\System\Hvklmty.exe
  C:\Windows\System\Hvklmty.exe
  2⤵
  PID:6328
- C:\Windows\System\dAZqUmP.exe
  C:\Windows\System\dAZqUmP.exe
  2⤵
  PID:6360
- C:\Windows\System\YLgaBRt.exe
  C:\Windows\System\YLgaBRt.exe
  2⤵
  PID:6392
- C:\Windows\System\zhImhwU.exe
  C:\Windows\System\zhImhwU.exe
  2⤵
  PID:6424
- C:\Windows\System\fVGSkTp.exe
  C:\Windows\System\fVGSkTp.exe
  2⤵
  PID:6456
- C:\Windows\System\ZIawMxk.exe
  C:\Windows\System\ZIawMxk.exe
  2⤵
  PID:6488
- C:\Windows\System\vPXMCes.exe
  C:\Windows\System\vPXMCes.exe
  2⤵
  PID:6520
- C:\Windows\System\jAyCwAG.exe
  C:\Windows\System\jAyCwAG.exe
  2⤵
  PID:6552
- C:\Windows\System\IsRpMCR.exe
  C:\Windows\System\IsRpMCR.exe
  2⤵
  PID:6584
- C:\Windows\System\TUEPaRY.exe
  C:\Windows\System\TUEPaRY.exe
  2⤵
  PID:6616
- C:\Windows\System\ubGwYiV.exe
  C:\Windows\System\ubGwYiV.exe
  2⤵
  PID:6648
- C:\Windows\System\kvtnXlc.exe
  C:\Windows\System\kvtnXlc.exe
  2⤵
  PID:6664
- C:\Windows\System\KCnrVDH.exe
  C:\Windows\System\KCnrVDH.exe
  2⤵
  PID:6696
- C:\Windows\System\JpFdJeb.exe
  C:\Windows\System\JpFdJeb.exe
  2⤵
  PID:6728
- C:\Windows\System\dSYXjVl.exe
  C:\Windows\System\dSYXjVl.exe
  2⤵
  PID:6772
- C:\Windows\System\ndywsKc.exe
  C:\Windows\System\ndywsKc.exe
  2⤵
  PID:6804
- C:\Windows\System\jAjFxeb.exe
  C:\Windows\System\jAjFxeb.exe
  2⤵
  PID:6824
- C:\Windows\System\BkeGQSa.exe
  C:\Windows\System\BkeGQSa.exe
  2⤵
  PID:6872
- C:\Windows\System\sbgibHr.exe
  C:\Windows\System\sbgibHr.exe
  2⤵
  PID:6904
- C:\Windows\System\QxCtPUO.exe
  C:\Windows\System\QxCtPUO.exe
  2⤵
  PID:6936
- C:\Windows\System\FNWnxhD.exe
  C:\Windows\System\FNWnxhD.exe
  2⤵
  PID:2276
- C:\Windows\System\jaRODNR.exe
  C:\Windows\System\jaRODNR.exe
  2⤵
  PID:6988
- C:\Windows\System\yAEXsqU.exe
  C:\Windows\System\yAEXsqU.exe
  2⤵
  PID:7032
- C:\Windows\System\FwqZILy.exe
  C:\Windows\System\FwqZILy.exe
  2⤵
  PID:7064
- C:\Windows\System\sPpqpfs.exe
  C:\Windows\System\sPpqpfs.exe
  2⤵
  PID:7084
- C:\Windows\System\TQfGTco.exe
  C:\Windows\System\TQfGTco.exe
  2⤵
  PID:7128
- C:\Windows\System\WIqcfyo.exe
  C:\Windows\System\WIqcfyo.exe
  2⤵
  PID:7160
- C:\Windows\System\mQaUXnB.exe
  C:\Windows\System\mQaUXnB.exe
  2⤵
  PID:5680
- C:\Windows\System\FHYQopN.exe
  C:\Windows\System\FHYQopN.exe
  2⤵
  PID:5868
- C:\Windows\System\klIutBe.exe
  C:\Windows\System\klIutBe.exe
  2⤵
  PID:4856
- C:\Windows\System\FTjPVje.exe
  C:\Windows\System\FTjPVje.exe
  2⤵
  PID:864
- C:\Windows\System\Klzasay.exe
  C:\Windows\System\Klzasay.exe
  2⤵
  PID:5432
- C:\Windows\System\kbEcPnr.exe
  C:\Windows\System\kbEcPnr.exe
  2⤵
  PID:6196
- C:\Windows\System\xAhYgGQ.exe
  C:\Windows\System\xAhYgGQ.exe
  2⤵
  PID:2288
- C:\Windows\System\pYnCSti.exe
  C:\Windows\System\pYnCSti.exe
  2⤵
  PID:6312
- C:\Windows\System\xYTqMGI.exe
  C:\Windows\System\xYTqMGI.exe
  2⤵
  PID:6388
- C:\Windows\System\KrJYFSA.exe
  C:\Windows\System\KrJYFSA.exe
  2⤵
  PID:6452
- C:\Windows\System\txHQMqg.exe
  C:\Windows\System\txHQMqg.exe
  2⤵
  PID:2304
- C:\Windows\System\NIKZAwm.exe
  C:\Windows\System\NIKZAwm.exe
  2⤵
  PID:6580
- C:\Windows\System\qYRMCGi.exe
  C:\Windows\System\qYRMCGi.exe
  2⤵
  PID:2324
- C:\Windows\System\mALBxpf.exe
  C:\Windows\System\mALBxpf.exe
  2⤵
  PID:6676
- C:\Windows\System\LdGnTbV.exe
  C:\Windows\System\LdGnTbV.exe
  2⤵
  PID:6740
- C:\Windows\System\vyjxzNF.exe
  C:\Windows\System\vyjxzNF.exe
  2⤵
  PID:6792
- C:\Windows\System\nVMmmXY.exe
  C:\Windows\System\nVMmmXY.exe
  2⤵
  PID:2488
- C:\Windows\System\rmCJFfk.exe
  C:\Windows\System\rmCJFfk.exe
  2⤵
  PID:6920
- C:\Windows\System\FFSWWqv.exe
  C:\Windows\System\FFSWWqv.exe
  2⤵
  PID:6984
- C:\Windows\System\KOnZIQY.exe
  C:\Windows\System\KOnZIQY.exe
  2⤵
  PID:7048
- C:\Windows\System\dqacyXW.exe
  C:\Windows\System\dqacyXW.exe
  2⤵
  PID:7112
- C:\Windows\System\KiqVlqR.exe
  C:\Windows\System\KiqVlqR.exe
  2⤵
  PID:1528
- C:\Windows\System\yidvXXu.exe
  C:\Windows\System\yidvXXu.exe
  2⤵
  PID:6028
- C:\Windows\System\JQWeMDE.exe
  C:\Windows\System\JQWeMDE.exe
  2⤵
  PID:2436
- C:\Windows\System\CxcazYM.exe
  C:\Windows\System\CxcazYM.exe
  2⤵
  PID:6232
- C:\Windows\System\oKfxsgM.exe
  C:\Windows\System\oKfxsgM.exe
  2⤵
  PID:6344
- C:\Windows\System\jiqdFRp.exe
  C:\Windows\System\jiqdFRp.exe
  2⤵
  PID:6484
- C:\Windows\System\uAzFZqh.exe
  C:\Windows\System\uAzFZqh.exe
  2⤵
  PID:6600
- C:\Windows\System\pBkakfZ.exe
  C:\Windows\System\pBkakfZ.exe
  2⤵
  PID:7180
- C:\Windows\System\KtDzLQK.exe
  C:\Windows\System\KtDzLQK.exe
  2⤵
  PID:7196
- C:\Windows\System\gJoASzo.exe
  C:\Windows\System\gJoASzo.exe
  2⤵
  PID:7212
- C:\Windows\System\XmwPzrn.exe
  C:\Windows\System\XmwPzrn.exe
  2⤵
  PID:7228
- C:\Windows\System\oFwaGIn.exe
  C:\Windows\System\oFwaGIn.exe
  2⤵
  PID:7244
- C:\Windows\System\qEscBqX.exe
  C:\Windows\System\qEscBqX.exe
  2⤵
  PID:7260
- C:\Windows\System\rbsRHJU.exe
  C:\Windows\System\rbsRHJU.exe
  2⤵
  PID:7276
- C:\Windows\System\hOEfIlb.exe
  C:\Windows\System\hOEfIlb.exe
  2⤵
  PID:7292
- C:\Windows\System\arWIiRn.exe
  C:\Windows\System\arWIiRn.exe
  2⤵
  PID:7308
- C:\Windows\System\IawdepJ.exe
  C:\Windows\System\IawdepJ.exe
  2⤵
  PID:7324
- C:\Windows\System\UxVlaWi.exe
  C:\Windows\System\UxVlaWi.exe
  2⤵
  PID:7340
- C:\Windows\System\TmeypzP.exe
  C:\Windows\System\TmeypzP.exe
  2⤵
  PID:7356
- C:\Windows\System\kkYwknA.exe
  C:\Windows\System\kkYwknA.exe
  2⤵
  PID:7372
- C:\Windows\System\RyDCAzB.exe
  C:\Windows\System\RyDCAzB.exe
  2⤵
  PID:7388
- C:\Windows\System\PoqGwuZ.exe
  C:\Windows\System\PoqGwuZ.exe
  2⤵
  PID:7404
- C:\Windows\System\IfidOEO.exe
  C:\Windows\System\IfidOEO.exe
  2⤵
  PID:7420
- C:\Windows\System\BuSgfDy.exe
  C:\Windows\System\BuSgfDy.exe
  2⤵
  PID:7436
- C:\Windows\System\KitmLif.exe
  C:\Windows\System\KitmLif.exe
  2⤵
  PID:7452
- C:\Windows\System\nPAQOYs.exe
  C:\Windows\System\nPAQOYs.exe
  2⤵
  PID:7468
- C:\Windows\System\OTWuBhd.exe
  C:\Windows\System\OTWuBhd.exe
  2⤵
  PID:7484
- C:\Windows\System\bUlawvz.exe
  C:\Windows\System\bUlawvz.exe
  2⤵
  PID:7500
- C:\Windows\System\yTvayrl.exe
  C:\Windows\System\yTvayrl.exe
  2⤵
  PID:7516
- C:\Windows\System\nXSciaA.exe
  C:\Windows\System\nXSciaA.exe
  2⤵
  PID:7532
- C:\Windows\System\EhXmtmn.exe
  C:\Windows\System\EhXmtmn.exe
  2⤵
  PID:7548
- C:\Windows\System\OoRcqbi.exe
  C:\Windows\System\OoRcqbi.exe
  2⤵
  PID:7564
- C:\Windows\System\CUadyYj.exe
  C:\Windows\System\CUadyYj.exe
  2⤵
  PID:7580
- C:\Windows\System\fKyassh.exe
  C:\Windows\System\fKyassh.exe
  2⤵
  PID:7596
- C:\Windows\System\uUknnrO.exe
  C:\Windows\System\uUknnrO.exe
  2⤵
  PID:7612
- C:\Windows\System\TFHnVhR.exe
  C:\Windows\System\TFHnVhR.exe
  2⤵
  PID:7628
- C:\Windows\System\pDSivqZ.exe
  C:\Windows\System\pDSivqZ.exe
  2⤵
  PID:7644
- C:\Windows\System\ExgrptQ.exe
  C:\Windows\System\ExgrptQ.exe
  2⤵
  PID:7664
- C:\Windows\System\lkQfHAi.exe
  C:\Windows\System\lkQfHAi.exe
  2⤵
  PID:7680
- C:\Windows\System\THiDpAN.exe
  C:\Windows\System\THiDpAN.exe
  2⤵
  PID:7696
- C:\Windows\System\HyCwAlW.exe
  C:\Windows\System\HyCwAlW.exe
  2⤵
  PID:7712
- C:\Windows\System\nlolGqg.exe
  C:\Windows\System\nlolGqg.exe
  2⤵
  PID:7728
- C:\Windows\System\gTthhQx.exe
  C:\Windows\System\gTthhQx.exe
  2⤵
  PID:7744
- C:\Windows\System\ZtWZfty.exe
  C:\Windows\System\ZtWZfty.exe
  2⤵
  PID:7760
- C:\Windows\System\jMNiBeY.exe
  C:\Windows\System\jMNiBeY.exe
  2⤵
  PID:7776
- C:\Windows\System\WPuQYdy.exe
  C:\Windows\System\WPuQYdy.exe
  2⤵
  PID:7792
- C:\Windows\System\qmtyIhl.exe
  C:\Windows\System\qmtyIhl.exe
  2⤵
  PID:7808
- C:\Windows\System\EscZnrt.exe
  C:\Windows\System\EscZnrt.exe
  2⤵
  PID:7824
- C:\Windows\System\bPoknuu.exe
  C:\Windows\System\bPoknuu.exe
  2⤵
  PID:7840
- C:\Windows\System\OhDqcky.exe
  C:\Windows\System\OhDqcky.exe
  2⤵
  PID:7856
- C:\Windows\System\HxXuZSg.exe
  C:\Windows\System\HxXuZSg.exe
  2⤵
  PID:7872
- C:\Windows\System\OSoKsmB.exe
  C:\Windows\System\OSoKsmB.exe
  2⤵
  PID:7888
- C:\Windows\System\PjNhWZt.exe
  C:\Windows\System\PjNhWZt.exe
  2⤵
  PID:7904
- C:\Windows\System\vlMVBMO.exe
  C:\Windows\System\vlMVBMO.exe
  2⤵
  PID:7920
- C:\Windows\System\QJWeyTG.exe
  C:\Windows\System\QJWeyTG.exe
  2⤵
  PID:7936
- C:\Windows\System\dCTmzXp.exe
  C:\Windows\System\dCTmzXp.exe
  2⤵
  PID:7952
- C:\Windows\System\AisZJer.exe
  C:\Windows\System\AisZJer.exe
  2⤵
  PID:7968
- C:\Windows\System\GqWOHut.exe
  C:\Windows\System\GqWOHut.exe
  2⤵
  PID:7984
- C:\Windows\System\uuLRFIu.exe
  C:\Windows\System\uuLRFIu.exe
  2⤵
  PID:8000
- C:\Windows\System\MYjRjsm.exe
  C:\Windows\System\MYjRjsm.exe
  2⤵
  PID:8016
- C:\Windows\System\EZecXVw.exe
  C:\Windows\System\EZecXVw.exe
  2⤵
  PID:8032
- C:\Windows\System\clqAGFg.exe
  C:\Windows\System\clqAGFg.exe
  2⤵
  PID:8048
- C:\Windows\System\jsWmWQa.exe
  C:\Windows\System\jsWmWQa.exe
  2⤵
  PID:8064
- C:\Windows\System\DQjNEAg.exe
  C:\Windows\System\DQjNEAg.exe
  2⤵
  PID:8080
- C:\Windows\System\AQsGVnp.exe
  C:\Windows\System\AQsGVnp.exe
  2⤵
  PID:8096
- C:\Windows\System\qMnTdDT.exe
  C:\Windows\System\qMnTdDT.exe
  2⤵
  PID:8112
- C:\Windows\System\BzJTMei.exe
  C:\Windows\System\BzJTMei.exe
  2⤵
  PID:8128
- C:\Windows\System\IUebmWJ.exe
  C:\Windows\System\IUebmWJ.exe
  2⤵
  PID:8144
- C:\Windows\System\DuaWGcS.exe
  C:\Windows\System\DuaWGcS.exe
  2⤵
  PID:8160
- C:\Windows\System\NVGwIKB.exe
  C:\Windows\System\NVGwIKB.exe
  2⤵
  PID:8176
- C:\Windows\System\iQxsjqV.exe
  C:\Windows\System\iQxsjqV.exe
  2⤵
  PID:2316
- C:\Windows\System\fRagjpm.exe
  C:\Windows\System\fRagjpm.exe
  2⤵
  PID:6788
- C:\Windows\System\JUJjvOV.exe
  C:\Windows\System\JUJjvOV.exe
  2⤵
  PID:6892
- C:\Windows\System\MdFwhJT.exe
  C:\Windows\System\MdFwhJT.exe
  2⤵
  PID:7036
- C:\Windows\System\ugHlCuu.exe
  C:\Windows\System\ugHlCuu.exe
  2⤵
  PID:2380
- C:\Windows\System\FwvTtmM.exe
  C:\Windows\System\FwvTtmM.exe
  2⤵
  PID:4184
- C:\Windows\System\MOvSHkg.exe
  C:\Windows\System\MOvSHkg.exe
  2⤵
  PID:6292
- C:\Windows\System\mfMfxTg.exe
  C:\Windows\System\mfMfxTg.exe
  2⤵
  PID:6420
- C:\Windows\System\BEKHXGm.exe
  C:\Windows\System\BEKHXGm.exe
  2⤵
  PID:7188
- C:\Windows\System\kVXUtiL.exe
  C:\Windows\System\kVXUtiL.exe
  2⤵
  PID:7220
- C:\Windows\System\pwKpxOw.exe
  C:\Windows\System\pwKpxOw.exe
  2⤵
  PID:7256
- C:\Windows\System\qjkfgqk.exe
  C:\Windows\System\qjkfgqk.exe
  2⤵
  PID:7288
- C:\Windows\System\bJVyHSc.exe
  C:\Windows\System\bJVyHSc.exe
  2⤵
  PID:7320
- C:\Windows\System\qqFagAu.exe
  C:\Windows\System\qqFagAu.exe
  2⤵
  PID:7348
- C:\Windows\System\MtvYpCq.exe
  C:\Windows\System\MtvYpCq.exe
  2⤵
  PID:7380
- C:\Windows\System\tkDmbdV.exe
  C:\Windows\System\tkDmbdV.exe
  2⤵
  PID:7412
- C:\Windows\System\AJcNWuV.exe
  C:\Windows\System\AJcNWuV.exe
  2⤵
  PID:2108
- C:\Windows\System\JpxZBJb.exe
  C:\Windows\System\JpxZBJb.exe
  2⤵
  PID:7464
- C:\Windows\System\pAOFQEs.exe
  C:\Windows\System\pAOFQEs.exe
  2⤵
  PID:7496
- C:\Windows\System\hjvYWut.exe
  C:\Windows\System\hjvYWut.exe
  2⤵
  PID:7528
- C:\Windows\System\FTvRQRL.exe
  C:\Windows\System\FTvRQRL.exe
  2⤵
  PID:7560
- C:\Windows\System\uViIoOx.exe
  C:\Windows\System\uViIoOx.exe
  2⤵
  PID:7588
- C:\Windows\System\EqVVSXU.exe
  C:\Windows\System\EqVVSXU.exe
  2⤵
  PID:7620
- C:\Windows\System\MxBjRvt.exe
  C:\Windows\System\MxBjRvt.exe
  2⤵
  PID:7652
- C:\Windows\System\wpmwXyG.exe
  C:\Windows\System\wpmwXyG.exe
  2⤵
  PID:7688
- C:\Windows\System\oBKKgPB.exe
  C:\Windows\System\oBKKgPB.exe
  2⤵
  PID:7720
- C:\Windows\System\WgKnxUH.exe
  C:\Windows\System\WgKnxUH.exe
  2⤵
  PID:7752
- C:\Windows\System\JJARQFk.exe
  C:\Windows\System\JJARQFk.exe
  2⤵
  PID:7784
- C:\Windows\System\jVRdmJI.exe
  C:\Windows\System\jVRdmJI.exe
  2⤵
  PID:7804
- C:\Windows\System\hEmRVTv.exe
  C:\Windows\System\hEmRVTv.exe
  2⤵
  PID:7848
- C:\Windows\System\DicwFOX.exe
  C:\Windows\System\DicwFOX.exe
  2⤵
  PID:7868
- C:\Windows\System\JMoUNDd.exe
  C:\Windows\System\JMoUNDd.exe
  2⤵
  PID:7896
- C:\Windows\System\qlkpsZu.exe
  C:\Windows\System\qlkpsZu.exe
  2⤵
  PID:7928
- C:\Windows\System\unlNSMU.exe
  C:\Windows\System\unlNSMU.exe
  2⤵
  PID:7960
- C:\Windows\System\btBGtwn.exe
  C:\Windows\System\btBGtwn.exe
  2⤵
  PID:7992
- C:\Windows\System\ygQzhLo.exe
  C:\Windows\System\ygQzhLo.exe
  2⤵
  PID:8024
- C:\Windows\System\rVNVWMN.exe
  C:\Windows\System\rVNVWMN.exe
  2⤵
  PID:8056
- C:\Windows\System\dyEIdhj.exe
  C:\Windows\System\dyEIdhj.exe
  2⤵
  PID:8088
- C:\Windows\System\CShXBeL.exe
  C:\Windows\System\CShXBeL.exe
  2⤵
  PID:8120
- C:\Windows\System\zBkKSLy.exe
  C:\Windows\System\zBkKSLy.exe
  2⤵
  PID:2684
- C:\Windows\System\gDycvWG.exe
  C:\Windows\System\gDycvWG.exe
  2⤵
  PID:8172
- C:\Windows\System\YuYnmtx.exe
  C:\Windows\System\YuYnmtx.exe
  2⤵
  PID:6708
- C:\Windows\System\aTgtBWU.exe
  C:\Windows\System\aTgtBWU.exe
  2⤵
  PID:6956
- C:\Windows\System\cEfYhlC.exe
  C:\Windows\System\cEfYhlC.exe
  2⤵
  PID:7144
- C:\Windows\System\MeVnucp.exe
  C:\Windows\System\MeVnucp.exe
  2⤵
  PID:6216
- C:\Windows\System\goZLCnZ.exe
  C:\Windows\System\goZLCnZ.exe
  2⤵
  PID:6612
- C:\Windows\System\mQMZqpG.exe
  C:\Windows\System\mQMZqpG.exe
  2⤵
  PID:7272
- C:\Windows\System\NotzREk.exe
  C:\Windows\System\NotzREk.exe
  2⤵
  PID:3444
- C:\Windows\System\RTedILY.exe
  C:\Windows\System\RTedILY.exe
  2⤵
  PID:7352
- C:\Windows\System\iGslLvp.exe
  C:\Windows\System\iGslLvp.exe
  2⤵
  PID:7428
- C:\Windows\System\XUWZQNS.exe
  C:\Windows\System\XUWZQNS.exe
  2⤵
  PID:7492
- C:\Windows\System\LBFfvsX.exe
  C:\Windows\System\LBFfvsX.exe
  2⤵
  PID:7544
- C:\Windows\System\GRJatFC.exe
  C:\Windows\System\GRJatFC.exe
  2⤵
  PID:7604
- C:\Windows\System\anSUZOD.exe
  C:\Windows\System\anSUZOD.exe
  2⤵
  PID:7672
- C:\Windows\System\nIeRCbe.exe
  C:\Windows\System\nIeRCbe.exe
  2⤵
  PID:7708
- C:\Windows\System\gBHsJFY.exe
  C:\Windows\System\gBHsJFY.exe
  2⤵
  PID:7740
- C:\Windows\System\vXoRsEO.exe
  C:\Windows\System\vXoRsEO.exe
  2⤵
  PID:7820
- C:\Windows\System\ssUUOdr.exe
  C:\Windows\System\ssUUOdr.exe
  2⤵
  PID:7864
- C:\Windows\System\xeWIweg.exe
  C:\Windows\System\xeWIweg.exe
  2⤵
  PID:7948
- C:\Windows\System\EUXxXzM.exe
  C:\Windows\System\EUXxXzM.exe
  2⤵
  PID:7996
- C:\Windows\System\JlVBaDY.exe
  C:\Windows\System\JlVBaDY.exe
  2⤵
  PID:2812
- C:\Windows\System\SLWMrtx.exe
  C:\Windows\System\SLWMrtx.exe
  2⤵
  PID:8076
- C:\Windows\System\NwktAsh.exe
  C:\Windows\System\NwktAsh.exe
  2⤵
  PID:8140
- C:\Windows\System\WrTQtBw.exe
  C:\Windows\System\WrTQtBw.exe
  2⤵
  PID:8188
- C:\Windows\System\FGSiJpH.exe
  C:\Windows\System\FGSiJpH.exe
  2⤵
  PID:6888
- C:\Windows\System\TeSNGTo.exe
  C:\Windows\System\TeSNGTo.exe
  2⤵
  PID:6164
- C:\Windows\System\lrkQhPw.exe
  C:\Windows\System\lrkQhPw.exe
  2⤵
  PID:7236
- C:\Windows\System\BrdPQWw.exe
  C:\Windows\System\BrdPQWw.exe
  2⤵
  PID:2648
- C:\Windows\System\AXklcWQ.exe
  C:\Windows\System\AXklcWQ.exe
  2⤵
  PID:7460
- C:\Windows\System\bvrOqQw.exe
  C:\Windows\System\bvrOqQw.exe
  2⤵
  PID:7576
- C:\Windows\System\NBBamSy.exe
  C:\Windows\System\NBBamSy.exe
  2⤵
  PID:2664
- C:\Windows\System\SjOaqgv.exe
  C:\Windows\System\SjOaqgv.exe
  2⤵
  PID:2808
- C:\Windows\System\nrDGhrn.exe
  C:\Windows\System\nrDGhrn.exe
  2⤵
  PID:7964
- C:\Windows\System\vavsIgr.exe
  C:\Windows\System\vavsIgr.exe
  2⤵
  PID:2580
- C:\Windows\System\qdBaSSO.exe
  C:\Windows\System\qdBaSSO.exe
  2⤵
  PID:2152
- C:\Windows\System\VeNcGRa.exe
  C:\Windows\System\VeNcGRa.exe
  2⤵
  PID:8108
- C:\Windows\System\XUlTYTR.exe
  C:\Windows\System\XUlTYTR.exe
  2⤵
  PID:5836
- C:\Windows\System\LoMavSo.exe
  C:\Windows\System\LoMavSo.exe
  2⤵
  PID:7208
- C:\Windows\System\uxWRWdt.exe
  C:\Windows\System\uxWRWdt.exe
  2⤵
  PID:7368
- C:\Windows\System\nHqlfFo.exe
  C:\Windows\System\nHqlfFo.exe
  2⤵
  PID:7608
- C:\Windows\System\KEJfybt.exe
  C:\Windows\System\KEJfybt.exe
  2⤵
  PID:2656
- C:\Windows\System\TasgcXm.exe
  C:\Windows\System\TasgcXm.exe
  2⤵
  PID:2604
- C:\Windows\System\HmkHwME.exe
  C:\Windows\System\HmkHwME.exe
  2⤵
  PID:1664
- C:\Windows\System\tlCjKkX.exe
  C:\Windows\System\tlCjKkX.exe
  2⤵
  PID:376
- C:\Windows\System\IGtFqLZ.exe
  C:\Windows\System\IGtFqLZ.exe
  2⤵
  PID:6356
- C:\Windows\System\uWAUifW.exe
  C:\Windows\System\uWAUifW.exe
  2⤵
  PID:2760
- C:\Windows\System\NnqOfXl.exe
  C:\Windows\System\NnqOfXl.exe
  2⤵
  PID:7512
- C:\Windows\System\mDkjemk.exe
  C:\Windows\System\mDkjemk.exe
  2⤵
  PID:8204
- C:\Windows\System\vznNFiK.exe
  C:\Windows\System\vznNFiK.exe
  2⤵
  PID:8220
- C:\Windows\System\kMnXqwQ.exe
  C:\Windows\System\kMnXqwQ.exe
  2⤵
  PID:8236
- C:\Windows\System\tgXReOJ.exe
  C:\Windows\System\tgXReOJ.exe
  2⤵
  PID:8252
- C:\Windows\System\EGWKNTA.exe
  C:\Windows\System\EGWKNTA.exe
  2⤵
  PID:8268
- C:\Windows\System\BdALvYu.exe
  C:\Windows\System\BdALvYu.exe
  2⤵
  PID:8284
- C:\Windows\System\ADalfLN.exe
  C:\Windows\System\ADalfLN.exe
  2⤵
  PID:8300
- C:\Windows\System\kOCdqWf.exe
  C:\Windows\System\kOCdqWf.exe
  2⤵
  PID:8316
- C:\Windows\System\vSCSgHa.exe
  C:\Windows\System\vSCSgHa.exe
  2⤵
  PID:8332
- C:\Windows\System\qQHTkqW.exe
  C:\Windows\System\qQHTkqW.exe
  2⤵
  PID:8348
- C:\Windows\System\PxbgjwJ.exe
  C:\Windows\System\PxbgjwJ.exe
  2⤵
  PID:8364
- C:\Windows\System\ykARnxb.exe
  C:\Windows\System\ykARnxb.exe
  2⤵
  PID:8380
- C:\Windows\System\mhnLsIt.exe
  C:\Windows\System\mhnLsIt.exe
  2⤵
  PID:8396
- C:\Windows\System\BcnDYtp.exe
  C:\Windows\System\BcnDYtp.exe
  2⤵
  PID:8412
- C:\Windows\System\YHqeJHv.exe
  C:\Windows\System\YHqeJHv.exe
  2⤵
  PID:8428
- C:\Windows\System\oClDatY.exe
  C:\Windows\System\oClDatY.exe
  2⤵
  PID:8444
- C:\Windows\System\lWQRBCY.exe
  C:\Windows\System\lWQRBCY.exe
  2⤵
  PID:8464
- C:\Windows\System\lFHAefj.exe
  C:\Windows\System\lFHAefj.exe
  2⤵
  PID:8480
- C:\Windows\System\DBfHZOy.exe
  C:\Windows\System\DBfHZOy.exe
  2⤵
  PID:8496
- C:\Windows\System\paFyMQN.exe
  C:\Windows\System\paFyMQN.exe
  2⤵
  PID:8512
- C:\Windows\System\pErExzL.exe
  C:\Windows\System\pErExzL.exe
  2⤵
  PID:8528
- C:\Windows\System\CyXwlMB.exe
  C:\Windows\System\CyXwlMB.exe
  2⤵
  PID:8544
- C:\Windows\System\xCsNxHY.exe
  C:\Windows\System\xCsNxHY.exe
  2⤵
  PID:8560
- C:\Windows\System\uXXTPQx.exe
  C:\Windows\System\uXXTPQx.exe
  2⤵
  PID:8576
- C:\Windows\System\MQglHtw.exe
  C:\Windows\System\MQglHtw.exe
  2⤵
  PID:8592
- C:\Windows\System\UoUjfmq.exe
  C:\Windows\System\UoUjfmq.exe
  2⤵
  PID:8608
- C:\Windows\System\ZAkIAvS.exe
  C:\Windows\System\ZAkIAvS.exe
  2⤵
  PID:8624
- C:\Windows\System\eaxSwxE.exe
  C:\Windows\System\eaxSwxE.exe
  2⤵
  PID:8640
- C:\Windows\System\DqXUMeJ.exe
  C:\Windows\System\DqXUMeJ.exe
  2⤵
  PID:8656
- C:\Windows\System\hobUPgV.exe
  C:\Windows\System\hobUPgV.exe
  2⤵
  PID:8672
- C:\Windows\System\HiHQqKo.exe
  C:\Windows\System\HiHQqKo.exe
  2⤵
  PID:8688
- C:\Windows\System\RWRqIIB.exe
  C:\Windows\System\RWRqIIB.exe
  2⤵
  PID:8708
- C:\Windows\System\nwJAhrv.exe
  C:\Windows\System\nwJAhrv.exe
  2⤵
  PID:8724
- C:\Windows\System\MLBjucq.exe
  C:\Windows\System\MLBjucq.exe
  2⤵
  PID:8740
- C:\Windows\System\nJVSElY.exe
  C:\Windows\System\nJVSElY.exe
  2⤵
  PID:8756
- C:\Windows\System\anuGEHG.exe
  C:\Windows\System\anuGEHG.exe
  2⤵
  PID:8812
- C:\Windows\System\UqqtimD.exe
  C:\Windows\System\UqqtimD.exe
  2⤵
  PID:8832
- C:\Windows\System\wsGbNRl.exe
  C:\Windows\System\wsGbNRl.exe
  2⤵
  PID:8860
- C:\Windows\System\FeedGhs.exe
  C:\Windows\System\FeedGhs.exe
  2⤵
  PID:8876
- C:\Windows\System\UAtrBcJ.exe
  C:\Windows\System\UAtrBcJ.exe
  2⤵
  PID:8892
- C:\Windows\System\fBRcJiz.exe
  C:\Windows\System\fBRcJiz.exe
  2⤵
  PID:8908
- C:\Windows\System\tKinPoG.exe
  C:\Windows\System\tKinPoG.exe
  2⤵
  PID:8924
- C:\Windows\System\uZiMpZj.exe
  C:\Windows\System\uZiMpZj.exe
  2⤵
  PID:8940
- C:\Windows\System\EhwFJti.exe
  C:\Windows\System\EhwFJti.exe
  2⤵
  PID:8956
- C:\Windows\System\RuEFUvq.exe
  C:\Windows\System\RuEFUvq.exe
  2⤵
  PID:8972
- C:\Windows\System\DEKZQUR.exe
  C:\Windows\System\DEKZQUR.exe
  2⤵
  PID:8988
- C:\Windows\System\USYBGBv.exe
  C:\Windows\System\USYBGBv.exe
  2⤵
  PID:9004
- C:\Windows\System\sGCRhsx.exe
  C:\Windows\System\sGCRhsx.exe
  2⤵
  PID:9020
- C:\Windows\System\JqkBlWB.exe
  C:\Windows\System\JqkBlWB.exe
  2⤵
  PID:9036
- C:\Windows\System\nYXLkwJ.exe
  C:\Windows\System\nYXLkwJ.exe
  2⤵
  PID:9052
- C:\Windows\System\xXuZbNx.exe
  C:\Windows\System\xXuZbNx.exe
  2⤵
  PID:9068
- C:\Windows\System\EKpktzb.exe
  C:\Windows\System\EKpktzb.exe
  2⤵
  PID:9084
- C:\Windows\System\zzyrpVJ.exe
  C:\Windows\System\zzyrpVJ.exe
  2⤵
  PID:9100
- C:\Windows\System\vCXNGSp.exe
  C:\Windows\System\vCXNGSp.exe
  2⤵
  PID:9116
- C:\Windows\System\Vuzpoil.exe
  C:\Windows\System\Vuzpoil.exe
  2⤵
  PID:9132
- C:\Windows\System\SLYdzsE.exe
  C:\Windows\System\SLYdzsE.exe
  2⤵
  PID:9148
- C:\Windows\System\eKNGCgu.exe
  C:\Windows\System\eKNGCgu.exe
  2⤵
  PID:9164
- C:\Windows\System\OKZEGvq.exe
  C:\Windows\System\OKZEGvq.exe
  2⤵
  PID:9180
- C:\Windows\System\zkpmnBl.exe
  C:\Windows\System\zkpmnBl.exe
  2⤵
  PID:9196
- C:\Windows\System\WcrbtxQ.exe
  C:\Windows\System\WcrbtxQ.exe
  2⤵
  PID:9212
- C:\Windows\System\YJMdTGG.exe
  C:\Windows\System\YJMdTGG.exe
  2⤵
  PID:2712
- C:\Windows\System\AxoFRXe.exe
  C:\Windows\System\AxoFRXe.exe
  2⤵
  PID:7252
- C:\Windows\System\xCckiCS.exe
  C:\Windows\System\xCckiCS.exe
  2⤵
  PID:1940
- C:\Windows\System\jtDhjbW.exe
  C:\Windows\System\jtDhjbW.exe
  2⤵
  PID:8200
- C:\Windows\System\wUJrpvj.exe
  C:\Windows\System\wUJrpvj.exe
  2⤵
  PID:7932
- C:\Windows\System\LzMonFD.exe
  C:\Windows\System\LzMonFD.exe
  2⤵
  PID:2924
- C:\Windows\System\qgSiFrJ.exe
  C:\Windows\System\qgSiFrJ.exe
  2⤵
  PID:8248
- C:\Windows\System\NjaISJH.exe
  C:\Windows\System\NjaISJH.exe
  2⤵
  PID:8276
- C:\Windows\System\JVHWJQi.exe
  C:\Windows\System\JVHWJQi.exe
  2⤵
  PID:8292
- C:\Windows\System\vNDCNlG.exe
  C:\Windows\System\vNDCNlG.exe
  2⤵
  PID:8308
- C:\Windows\System\qBGJAEl.exe
  C:\Windows\System\qBGJAEl.exe
  2⤵
  PID:8312
- C:\Windows\System\eonwUiY.exe
  C:\Windows\System\eonwUiY.exe
  2⤵
  PID:1300
- C:\Windows\System\cQkVYpS.exe
  C:\Windows\System\cQkVYpS.exe
  2⤵
  PID:8388
- C:\Windows\System\jZJWoHT.exe
  C:\Windows\System\jZJWoHT.exe
  2⤵
  PID:8420
- C:\Windows\System\jZQzQjn.exe
  C:\Windows\System\jZQzQjn.exe
  2⤵
  PID:8472
- C:\Windows\System\eiJhAQf.exe
  C:\Windows\System\eiJhAQf.exe
  2⤵
  PID:8504
- C:\Windows\System\xXyGblY.exe
  C:\Windows\System\xXyGblY.exe
  2⤵
  PID:8536
- C:\Windows\System\EZVZRUf.exe
  C:\Windows\System\EZVZRUf.exe
  2⤵
  PID:8572
- C:\Windows\System\HnaGUGB.exe
  C:\Windows\System\HnaGUGB.exe
  2⤵
  PID:8632
- C:\Windows\System\UYLFytB.exe
  C:\Windows\System\UYLFytB.exe
  2⤵
  PID:8668
- C:\Windows\System\jPVxHbO.exe
  C:\Windows\System\jPVxHbO.exe
  2⤵
  PID:8748
- C:\Windows\System\xVevFvV.exe
  C:\Windows\System\xVevFvV.exe
  2⤵
  PID:8824
- C:\Windows\System\cWaixbE.exe
  C:\Windows\System\cWaixbE.exe
  2⤵
  PID:2876
- C:\Windows\System\xZMgiIy.exe
  C:\Windows\System\xZMgiIy.exe
  2⤵
  PID:8868
- C:\Windows\System\cmtnejp.exe
  C:\Windows\System\cmtnejp.exe
  2⤵
  PID:8900
- C:\Windows\System\ACnqydg.exe
  C:\Windows\System\ACnqydg.exe
  2⤵
  PID:8916
- C:\Windows\System\ToBXLfz.exe
  C:\Windows\System\ToBXLfz.exe
  2⤵
  PID:1956
- C:\Windows\System\JkEoAet.exe
  C:\Windows\System\JkEoAet.exe
  2⤵
  PID:8996
- C:\Windows\System\OrkEacU.exe
  C:\Windows\System\OrkEacU.exe
  2⤵
  PID:2908
- C:\Windows\System\JuKHlAO.exe
  C:\Windows\System\JuKHlAO.exe
  2⤵
  PID:8980
- C:\Windows\System\WDLZRmU.exe
  C:\Windows\System\WDLZRmU.exe
  2⤵
  PID:9048
- C:\Windows\System\APwIerp.exe
  C:\Windows\System\APwIerp.exe
  2⤵
  PID:9092
- C:\Windows\System\YwsewcV.exe
  C:\Windows\System\YwsewcV.exe
  2⤵
  PID:9112
- C:\Windows\System\xbLXDwg.exe
  C:\Windows\System\xbLXDwg.exe
  2⤵
  PID:9160
- C:\Windows\System\YUBxZED.exe
  C:\Windows\System\YUBxZED.exe
  2⤵
  PID:9176
- C:\Windows\System\MJEdjaF.exe
  C:\Windows\System\MJEdjaF.exe
  2⤵
  PID:832
- C:\Windows\System\DPYVzSN.exe
  C:\Windows\System\DPYVzSN.exe
  2⤵
  PID:448
- C:\Windows\System\YeZrIbo.exe
  C:\Windows\System\YeZrIbo.exe
  2⤵
  PID:2076
- C:\Windows\System\oZsTjYp.exe
  C:\Windows\System\oZsTjYp.exe
  2⤵
  PID:8852
- C:\Windows\System\UkjFrpf.exe
  C:\Windows\System\UkjFrpf.exe
  2⤵
  PID:8492
- C:\Windows\System\TFoVcAQ.exe
  C:\Windows\System\TFoVcAQ.exe
  2⤵
  PID:8620
- C:\Windows\System\INgzHtd.exe
  C:\Windows\System\INgzHtd.exe
  2⤵
  PID:1580
- C:\Windows\System\UYbEAfq.exe
  C:\Windows\System\UYbEAfq.exe
  2⤵
  PID:8848
- C:\Windows\System\ypKTrcG.exe
  C:\Windows\System\ypKTrcG.exe
  2⤵
  PID:1128
- C:\Windows\System\lXoRiQQ.exe
  C:\Windows\System\lXoRiQQ.exe
  2⤵
  PID:9044
- C:\Windows\System\QveSCKm.exe
  C:\Windows\System\QveSCKm.exe
  2⤵
  PID:8600
- C:\Windows\System\jaROgTU.exe
  C:\Windows\System\jaROgTU.exe
  2⤵
  PID:8648
- C:\Windows\System\sruPLUS.exe
  C:\Windows\System\sruPLUS.exe
  2⤵
  PID:8328
- C:\Windows\System\XPumjTd.exe
  C:\Windows\System\XPumjTd.exe
  2⤵
  PID:8520
- C:\Windows\System\JqtZNQV.exe
  C:\Windows\System\JqtZNQV.exe
  2⤵
  PID:8716
- C:\Windows\System\KcLVfvV.exe
  C:\Windows\System\KcLVfvV.exe
  2⤵
  PID:1216
- C:\Windows\System\hYuLTtZ.exe
  C:\Windows\System\hYuLTtZ.exe
  2⤵
  PID:8768
- C:\Windows\System\thARmKm.exe
  C:\Windows\System\thARmKm.exe
  2⤵
  PID:8808
- C:\Windows\System\erarrUc.exe
  C:\Windows\System\erarrUc.exe
  2⤵
  PID:8888
- C:\Windows\System\ALMumlk.exe
  C:\Windows\System\ALMumlk.exe
  2⤵
  PID:8952
- C:\Windows\System\BPmSCNf.exe
  C:\Windows\System\BPmSCNf.exe
  2⤵
  PID:8356
- C:\Windows\System\zSfRjvd.exe
  C:\Windows\System\zSfRjvd.exe
  2⤵
  PID:9144
- C:\Windows\System\KjxfWKU.exe
  C:\Windows\System\KjxfWKU.exe
  2⤵
  PID:8232
- C:\Windows\System\bfQGrnJ.exe
  C:\Windows\System\bfQGrnJ.exe
  2⤵
  PID:8244
- C:\Windows\System\sGZXkaR.exe
  C:\Windows\System\sGZXkaR.exe
  2⤵
  PID:8216
- C:\Windows\System\NJZbHrD.exe
  C:\Windows\System\NJZbHrD.exe
  2⤵
  PID:8436
- C:\Windows\System\FEAkfQZ.exe
  C:\Windows\System\FEAkfQZ.exe
  2⤵
  PID:9204
- C:\Windows\System\lIGSCSK.exe
  C:\Windows\System\lIGSCSK.exe
  2⤵
  PID:8440
- C:\Windows\System\lBUPwwv.exe
  C:\Windows\System\lBUPwwv.exe
  2⤵
  PID:8556
- C:\Windows\System\oyNpbIq.exe
  C:\Windows\System\oyNpbIq.exe
  2⤵
  PID:8588
- C:\Windows\System\AXElOIC.exe
  C:\Windows\System\AXElOIC.exe
  2⤵
  PID:8840
- C:\Windows\System\NeQdcDp.exe
  C:\Windows\System\NeQdcDp.exe
  2⤵
  PID:1820
- C:\Windows\System\oRbUwyw.exe
  C:\Windows\System\oRbUwyw.exe
  2⤵
  PID:8460
- C:\Windows\System\mhvYnxF.exe
  C:\Windows\System\mhvYnxF.exe
  2⤵
  PID:8948
- C:\Windows\System\GYoeJdt.exe
  C:\Windows\System\GYoeJdt.exe
  2⤵
  PID:2836
- C:\Windows\System\aiNwnPn.exe
  C:\Windows\System\aiNwnPn.exe
  2⤵
  PID:2620
- C:\Windows\System\gJlbXij.exe
  C:\Windows\System\gJlbXij.exe
  2⤵
  PID:7912
- C:\Windows\System\sdLVaop.exe
  C:\Windows\System\sdLVaop.exe
  2⤵
  PID:8844
- C:\Windows\System\BJwtuEu.exe
  C:\Windows\System\BJwtuEu.exe
  2⤵
  PID:8228
- C:\Windows\System\trEainh.exe
  C:\Windows\System\trEainh.exe
  2⤵
  PID:9016
- C:\Windows\System\TITSrxS.exe
  C:\Windows\System\TITSrxS.exe
  2⤵
  PID:9064
- C:\Windows\System\CSssaoR.exe
  C:\Windows\System\CSssaoR.exe
  2⤵
  PID:9172
- C:\Windows\System\nzKZgze.exe
  C:\Windows\System\nzKZgze.exe
  2⤵
  PID:8616
- C:\Windows\System\VTlwVna.exe
  C:\Windows\System\VTlwVna.exe
  2⤵
  PID:8376
- C:\Windows\System\ukrtjpp.exe
  C:\Windows\System\ukrtjpp.exe
  2⤵
  PID:9156
- C:\Windows\System\COzwXJr.exe
  C:\Windows\System\COzwXJr.exe
  2⤵
  PID:8964
- C:\Windows\System\DTZMoFl.exe
  C:\Windows\System\DTZMoFl.exe
  2⤵
  PID:8340
- C:\Windows\System\nvfGgbn.exe
  C:\Windows\System\nvfGgbn.exe
  2⤵
  PID:9228
- C:\Windows\System\qfFCrMc.exe
  C:\Windows\System\qfFCrMc.exe
  2⤵
  PID:9244
- C:\Windows\System\lobVLSz.exe
  C:\Windows\System\lobVLSz.exe
  2⤵
  PID:9260
- C:\Windows\System\uPNYAfB.exe
  C:\Windows\System\uPNYAfB.exe
  2⤵
  PID:9276
- C:\Windows\System\aIvscPj.exe
  C:\Windows\System\aIvscPj.exe
  2⤵
  PID:9292
- C:\Windows\System\YQgKWpF.exe
  C:\Windows\System\YQgKWpF.exe
  2⤵
  PID:9312
- C:\Windows\System\JuPoGUA.exe
  C:\Windows\System\JuPoGUA.exe
  2⤵
  PID:9328
- C:\Windows\System\yyElmYL.exe
  C:\Windows\System\yyElmYL.exe
  2⤵
  PID:9344
- C:\Windows\System\ZVSSXyI.exe
  C:\Windows\System\ZVSSXyI.exe
  2⤵
  PID:9360
- C:\Windows\System\aSJjNou.exe
  C:\Windows\System\aSJjNou.exe
  2⤵
  PID:9376
- C:\Windows\System\VVJsYVz.exe
  C:\Windows\System\VVJsYVz.exe
  2⤵
  PID:9392
- C:\Windows\System\lljKHuj.exe
  C:\Windows\System\lljKHuj.exe
  2⤵
  PID:9408
- C:\Windows\System\hzVhipL.exe
  C:\Windows\System\hzVhipL.exe
  2⤵
  PID:9424
- C:\Windows\System\XIGGPrF.exe
  C:\Windows\System\XIGGPrF.exe
  2⤵
  PID:9440
- C:\Windows\System\sgZoAxC.exe
  C:\Windows\System\sgZoAxC.exe
  2⤵
  PID:9456
- C:\Windows\System\tJseGqd.exe
  C:\Windows\System\tJseGqd.exe
  2⤵
  PID:9472
- C:\Windows\System\KKISmDm.exe
  C:\Windows\System\KKISmDm.exe
  2⤵
  PID:9488
- C:\Windows\System\aqheeym.exe
  C:\Windows\System\aqheeym.exe
  2⤵
  PID:9504
- C:\Windows\System\zydCQfj.exe
  C:\Windows\System\zydCQfj.exe
  2⤵
  PID:9520
- C:\Windows\System\ualmmiz.exe
  C:\Windows\System\ualmmiz.exe
  2⤵
  PID:9536
- C:\Windows\System\EZWiRYs.exe
  C:\Windows\System\EZWiRYs.exe
  2⤵
  PID:9552
- C:\Windows\System\VoxZHRg.exe
  C:\Windows\System\VoxZHRg.exe
  2⤵
  PID:9572
- C:\Windows\System\XmSTLHp.exe
  C:\Windows\System\XmSTLHp.exe
  2⤵
  PID:9588
- C:\Windows\System\EPbaHSI.exe
  C:\Windows\System\EPbaHSI.exe
  2⤵
  PID:9604
- C:\Windows\System\neevbHv.exe
  C:\Windows\System\neevbHv.exe
  2⤵
  PID:9620
- C:\Windows\System\lfBjqnF.exe
  C:\Windows\System\lfBjqnF.exe
  2⤵
  PID:9636
- C:\Windows\System\rpQzWgp.exe
  C:\Windows\System\rpQzWgp.exe
  2⤵
  PID:9652
- C:\Windows\System\lWsbQNv.exe
  C:\Windows\System\lWsbQNv.exe
  2⤵
  PID:9668
- C:\Windows\System\xkbCzkJ.exe
  C:\Windows\System\xkbCzkJ.exe
  2⤵
  PID:9684
- C:\Windows\System\IhstLJa.exe
  C:\Windows\System\IhstLJa.exe
  2⤵
  PID:9700
- C:\Windows\System\LBnxeDx.exe
  C:\Windows\System\LBnxeDx.exe
  2⤵
  PID:9716
- C:\Windows\System\ELdGmyQ.exe
  C:\Windows\System\ELdGmyQ.exe
  2⤵
  PID:9732
- C:\Windows\System\nqGNTPX.exe
  C:\Windows\System\nqGNTPX.exe
  2⤵
  PID:9748
- C:\Windows\System\ooNvCNC.exe
  C:\Windows\System\ooNvCNC.exe
  2⤵
  PID:9764
- C:\Windows\System\psoJlLz.exe
  C:\Windows\System\psoJlLz.exe
  2⤵
  PID:9780
- C:\Windows\System\usoinQU.exe
  C:\Windows\System\usoinQU.exe
  2⤵
  PID:9796
- C:\Windows\System\SQZBuFz.exe
  C:\Windows\System\SQZBuFz.exe
  2⤵
  PID:9812
- C:\Windows\System\TMMFRpi.exe
  C:\Windows\System\TMMFRpi.exe
  2⤵
  PID:9828
- C:\Windows\System\tGqqWCX.exe
  C:\Windows\System\tGqqWCX.exe
  2⤵
  PID:9844
- C:\Windows\System\flwmdwB.exe
  C:\Windows\System\flwmdwB.exe
  2⤵
  PID:9864
- C:\Windows\System\ZUODcKk.exe
  C:\Windows\System\ZUODcKk.exe
  2⤵
  PID:9880
- C:\Windows\System\gfBcZwC.exe
  C:\Windows\System\gfBcZwC.exe
  2⤵
  PID:9896
- C:\Windows\System\DnfdOhI.exe
  C:\Windows\System\DnfdOhI.exe
  2⤵
  PID:9912
- C:\Windows\System\ZRWevYo.exe
  C:\Windows\System\ZRWevYo.exe
  2⤵
  PID:9928
- C:\Windows\System\lVKRhPD.exe
  C:\Windows\System\lVKRhPD.exe
  2⤵
  PID:9944
- C:\Windows\System\ARtrypc.exe
  C:\Windows\System\ARtrypc.exe
  2⤵
  PID:9960
- C:\Windows\System\bhgXYxo.exe
  C:\Windows\System\bhgXYxo.exe
  2⤵
  PID:9976
- C:\Windows\System\XxSXWTt.exe
  C:\Windows\System\XxSXWTt.exe
  2⤵
  PID:9996
- C:\Windows\System\AuKbIxH.exe
  C:\Windows\System\AuKbIxH.exe
  2⤵
  PID:10012
- C:\Windows\System\eniolUU.exe
  C:\Windows\System\eniolUU.exe
  2⤵
  PID:10028
- C:\Windows\System\kKSSGVO.exe
  C:\Windows\System\kKSSGVO.exe
  2⤵
  PID:10044
- C:\Windows\System\fnHWfHB.exe
  C:\Windows\System\fnHWfHB.exe
  2⤵
  PID:10060
- C:\Windows\System\Bmfpdem.exe
  C:\Windows\System\Bmfpdem.exe
  2⤵
  PID:10076
- C:\Windows\System\cEKnDVz.exe
  C:\Windows\System\cEKnDVz.exe
  2⤵
  PID:10096
- C:\Windows\System\iOGKPMY.exe
  C:\Windows\System\iOGKPMY.exe
  2⤵
  PID:10112
- C:\Windows\System\HcWCtMh.exe
  C:\Windows\System\HcWCtMh.exe
  2⤵
  PID:10128
- C:\Windows\System\ARPbnbI.exe
  C:\Windows\System\ARPbnbI.exe
  2⤵
  PID:10144
- C:\Windows\System\ZuiOpQp.exe
  C:\Windows\System\ZuiOpQp.exe
  2⤵
  PID:10160
- C:\Windows\System\LfhsTlD.exe
  C:\Windows\System\LfhsTlD.exe
  2⤵
  PID:10176
- C:\Windows\System\xrySVTC.exe
  C:\Windows\System\xrySVTC.exe
  2⤵
  PID:10192
- C:\Windows\System\BSMweuS.exe
  C:\Windows\System\BSMweuS.exe
  2⤵
  PID:10208
- C:\Windows\System\qSqBhbS.exe
  C:\Windows\System\qSqBhbS.exe
  2⤵
  PID:10224
- C:\Windows\System\tfcwCdM.exe
  C:\Windows\System\tfcwCdM.exe
  2⤵
  PID:9224
- C:\Windows\System\FnpURjO.exe
  C:\Windows\System\FnpURjO.exe
  2⤵
  PID:9236
- C:\Windows\System\yrdenxw.exe
  C:\Windows\System\yrdenxw.exe
  2⤵
  PID:9304
- C:\Windows\System\OEpWYGc.exe
  C:\Windows\System\OEpWYGc.exe
  2⤵
  PID:9336
- C:\Windows\System\nVvmVmS.exe
  C:\Windows\System\nVvmVmS.exe
  2⤵
  PID:9384
- C:\Windows\System\hGfUPXV.exe
  C:\Windows\System\hGfUPXV.exe
  2⤵
  PID:9452
- C:\Windows\System\XUsUkvA.exe
  C:\Windows\System\XUsUkvA.exe
  2⤵
  PID:9516
- C:\Windows\System\gCMdRQA.exe
  C:\Windows\System\gCMdRQA.exe
  2⤵
  PID:9500
- C:\Windows\System\MboITEA.exe
  C:\Windows\System\MboITEA.exe
  2⤵
  PID:9468
- C:\Windows\System\QBKsfxs.exe
  C:\Windows\System\QBKsfxs.exe
  2⤵
  PID:9584
- C:\Windows\System\GFEhahJ.exe
  C:\Windows\System\GFEhahJ.exe
  2⤵
  PID:9568
- C:\Windows\System\yqRhfCx.exe
  C:\Windows\System\yqRhfCx.exe
  2⤵
  PID:9600
- C:\Windows\System\wTHwhPh.exe
  C:\Windows\System\wTHwhPh.exe
  2⤵
  PID:9664
- C:\Windows\System\GSnoqgl.exe
  C:\Windows\System\GSnoqgl.exe
  2⤵
  PID:9680
- C:\Windows\System\WKTvQEj.exe
  C:\Windows\System\WKTvQEj.exe
  2⤵
  PID:9724
- C:\Windows\System\CIshWNQ.exe
  C:\Windows\System\CIshWNQ.exe
  2⤵
  PID:9772
- C:\Windows\System\teUkluE.exe
  C:\Windows\System\teUkluE.exe
  2⤵
  PID:9808
- C:\Windows\System\onGZuaS.exe
  C:\Windows\System\onGZuaS.exe
  2⤵
  PID:9920
- C:\Windows\System\MPRMRQw.exe
  C:\Windows\System\MPRMRQw.exe
  2⤵
  PID:9904
- C:\Windows\System\VsxOdLg.exe
  C:\Windows\System\VsxOdLg.exe
  2⤵
  PID:9972
- C:\Windows\System\PkioeGI.exe
  C:\Windows\System\PkioeGI.exe
  2⤵
  PID:10040
- C:\Windows\System\evnIIoj.exe
  C:\Windows\System\evnIIoj.exe
  2⤵
  PID:10084
- C:\Windows\System\doMQITr.exe
  C:\Windows\System\doMQITr.exe
  2⤵
  PID:10052
- C:\Windows\System\zYcFSmX.exe
  C:\Windows\System\zYcFSmX.exe
  2⤵
  PID:10104
- C:\Windows\System\qxPfKVr.exe
  C:\Windows\System\qxPfKVr.exe
  2⤵
  PID:10140
- C:\Windows\System\JMwnpZH.exe
  C:\Windows\System\JMwnpZH.exe
  2⤵
  PID:10200
- C:\Windows\System\xgpelEk.exe
  C:\Windows\System\xgpelEk.exe
  2⤵
  PID:10184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BItBOvs.exe

Filesize
6.0MB

MD5
df8fff0c8b7eff19cfd1c8af02f159c3

SHA1
0c3e66953d859d25a9d4e31aa6d02f9de699fc46

SHA256
501bf9645b6f933058f912947e46b370174be7902c9e8cf9867f02cba699eefe

SHA512
c1969e917303e1e97820cd41fe56ca4d18fea1cae2af59a81e012111fa786143d67d7a7375eaa9b39cd332ab22b57edb59557fb7f1fb048a3813e3fac0ef2895

Download Submit
C:\Windows\system\FgymGwd.exe

Filesize
6.0MB

MD5
674e2043072c3c7bcd963eaa65d302d4

SHA1
2cdf8a7be0b82c51f1d7c7187f80eff1d533dcdb

SHA256
832eb80f39c569fb81a73d3017b01ba95677148bd66a4af1f779024abe22a22f

SHA512
e4582b3096e195da623f4b88fa4cbebc50eba4c01ce90b581f73fb0cc4313a51d55f305b088965474f2614224ff03873228d09ee6e474d36d49dd0f1d16a1785

Download Submit
C:\Windows\system\HBjqVkt.exe

Filesize
6.0MB

MD5
18948302dfd14fae52bcf2b22445c900

SHA1
3e798ce9ed51d168d9106c5bfcba23a488c27c7d

SHA256
7394983cab11371dd811eca522fc01844798b5cceaf9fd0338b342cc269870f0

SHA512
e6336fb7ba0f4470d7fcf1239bbedfb8138959ebe3d112ce645bdd7494c0c18ed0e3b03b87c6f6145f2e51f68f7b28ba92a5d6019703d440e424ee5b3fe486fa

Download Submit
C:\Windows\system\HKAceJO.exe

Filesize
6.0MB

MD5
a53cb5c5e8125cd2a93a7f160dd4f9d1

SHA1
f539370067d7491f3559062b8a1dbf71ed1a8f70

SHA256
bb06a5d50fa39dac7eae9ec9362c85e6fbe566b6b1402dfd86b987ae3c1d3414

SHA512
2620ce249c07d7e8f194839f84fda66a152aa799401c6b707f5eb4d002b54100e93feb411805efb1d3cf99c5f25653e7f5d5bd9a1539426ec472c60bae62aa0e

Download Submit
C:\Windows\system\HSAjMCO.exe

Filesize
6.0MB

MD5
f33a0aa7d85ee1ca98b2acf31b881052

SHA1
bb3ccfa22f65ea3bfeafe2376139f54bd57ba3f4

SHA256
bc65b135ed7e61edef69fa358296e4d185039ea508167550f621ed0e19a9b5cd

SHA512
80e05b54a5a4014e2ec57af861d60ec5fdfe90b88ba570e18cb54b932602068985da125ed801e55bb231fc19439b0dad876d7ef24cda7ef8383faa2ea12a3606

Download Submit
C:\Windows\system\KfFcuyq.exe

Filesize
6.0MB

MD5
d354e8193ddf83b3e662857fdb075552

SHA1
e03f04941f5f835dd65acc564ed9e1a3ad111c24

SHA256
57affa5f5ae7e31d367635810182040f4767e08e6d8cb949c223ab25eee478d4

SHA512
4c5a50696c411b5c14bed44f42f2b45af4a2a6e24b5a64a34b52237c41df50af18ca7689691be2d049e8be853defe7dc28f81da0b53771c388da682e417d939c

Download Submit
C:\Windows\system\MFaAjnE.exe

Filesize
6.0MB

MD5
8cd32ce278e0039271c7bc1cf5a27abd

SHA1
8d9cfca88b097d656a08daec7c0d4d56afc62bc5

SHA256
23a7169157cd4b5b1b761f3b34113e25520516b0911ae37f543cdb3e75e9824d

SHA512
d231e83dc7be381647618ec3e54083990a1fcf32472465f3f235050b8c73fddd920f004226e6e840b7b0e1c3dffaedc98c99657bc395244d9b745c0b4dfa79d9

Download Submit
C:\Windows\system\PsJPZGg.exe

Filesize
6.0MB

MD5
683e9cbf7de6edc9ba39defb353a177b

SHA1
ae0086c76128a2d79bd99f5a9f148e5eb3be58b3

SHA256
ed75e1e75c286e180c517d973ce2946eb4f92bd54ea0eda4f498b41fa8d619bf

SHA512
d0e1ac8e70f84b36618174e36867ef8ec8a42115b53c615e5bd8dd1d9886ccc2ee7dcef77036bd305c135f998bda9ff651fbcd6eb8b6164a5dde4d2c7d4b91a7

Download Submit
C:\Windows\system\PytfARN.exe

Filesize
6.0MB

MD5
d14afec2d287337d6adf4e5b7f107f75

SHA1
05d41fb1523067cc95b8ae6872d385f9c9c869ca

SHA256
1b6340e1cb527cfcdf73c589891769fd9bb66e34974b2c7b3da6d3ccba8d3d60

SHA512
321848a2221c0e0b965a91fa828e7edeccea952aa5548565faec654aef6dca574892f8359a09183a08daf8e485710ac72ffece1651b765d405be2ca6dd652c96

Download Submit
C:\Windows\system\RecpDdJ.exe

Filesize
6.0MB

MD5
834e28e72304d028a4e763ef3e0e2c0f

SHA1
c3dffd21b15699b2c0f90cdb38d47cd31bbae5e7

SHA256
d7808fdc3ea65e35a16bd7dad5c1fb60f4431933fad18785d26e162b0ac77ca0

SHA512
6a501f76a9717a3c769d02cc864be470c665e382b40700942f83ffc292f95b6ca4bc02baa68efd2a5ef86c737e9074dbb32ea4ad26e3ce840201c5acd7030bd3

Download Submit
C:\Windows\system\TKNYpqT.exe

Filesize
6.0MB

MD5
8a5e3174ce303ec3255c15152595a2f5

SHA1
c906cf220e1bcaaf488cdcd8657ea0146bd24c07

SHA256
7a8a874a71fe2105faf1e81c1cb2a4b5a6d49404140671d8fc92390a057690c4

SHA512
2c3e4f2ceeacb372864c23783e312c8246923c15fecd3c786b9370d7024c78d238159b5c058cdb100848f1f8ddac50f24d4b01cbf5831e9f186f1f8ae7d22532

Download Submit
C:\Windows\system\TVZSAJw.exe

Filesize
6.0MB

MD5
b33b18bf706752b06369325049655002

SHA1
3053f18f91e16c4071cae0033372d5fc2e13776c

SHA256
a888980aa35c9421734de4d9719c2e639c23e692329786fe1c8582a7fdc03ea5

SHA512
11d4d1d264b423ba1fc90406465c22c761820d46ad9aa4a68ce5fb831d9d15d41c9ffa84975854df96ef255b762c1dd4d4524e0f135a3c3afb4b514400356a75

Download Submit
C:\Windows\system\VjezqTt.exe

Filesize
6.0MB

MD5
a1e1f3742eded6e41a59d63e18da6c36

SHA1
0c2bd5cd786148ef83d86823d9ec1cf19a045e1b

SHA256
d6b27383a8dfc4c58d27a11ff55be0f34ec30b0f2f39ad6efeb388cc11771f46

SHA512
7c60978d1dfbbd90005c501f779fb7b5dc502ba4c1aa2277a37e907707637e5860378dcc3ac29b1d4364d9c6a97f1711315caab7f3cd2b754b649ba618664cdd

Download Submit
C:\Windows\system\WrZdGLK.exe

Filesize
6.0MB

MD5
38450290674d69125c3a1bba8f3eb3c9

SHA1
1259af70e8934506d9fde0be3fa2c1103035c421

SHA256
7bf45153a194a4eea04b433d7f2abd9c5f6e3abc2b5e4fdca38cc8ae4cc738a1

SHA512
030c299bd7ddd49833c789e10343a81b2dc41aa93d4aad95e78653f2da3dc632d213ed01daec9e7b0fbfdad192f8881b98ce078634e54c76e8816800149fe4e0

Download Submit
C:\Windows\system\XPzNEbP.exe

Filesize
6.0MB

MD5
71178309dd4c51f1da8756e982f95c40

SHA1
a64fa06085989ee9554317d853d788ff2d22271f

SHA256
0d1245f3fd03efb078fbbcb39f0413555ba2898cbdcd1f34b5d75e3b48d7e28d

SHA512
be2828896dc1327ca24191b2d81be245c9636a24519c1868ed0c5a36996db0f186803464340f5314a1bd4422cbe96b86e47215c071ea9e7a985fe859817e1d0e

Download Submit
C:\Windows\system\Xherwvd.exe

Filesize
6.0MB

MD5
cdeaa5a950941c0876aed8df122d3c59

SHA1
e8b5a3d0ad4bf70092b1c2d3dbdf868d8e63a933

SHA256
2f2995348220314a9837ab0b58194dc76f6727c7de9f5830c208cf3c79c2e46d

SHA512
c7687027f914f9ba549e3271d24e09319a64f529077864599cc61877990379208bfc9fc585b858e6c3423045955b54f821e75cc3b7beb89b86fc76a366e167bd

Download Submit
C:\Windows\system\YBJOrmX.exe

Filesize
6.0MB

MD5
a4459f6707027ed3efa675bad8298532

SHA1
93b0b163e386ad0df77857b77fe3daa0f26b4cb9

SHA256
3642de4b67d937f7199e108291f65ff310e2a10770264b854e6c61c7ed778a5a

SHA512
e5360fcc37819c963d89c80576e9d27e578455ac83b315639291441bb2a080f48040218f76faed74b5c47ee388a534596f476b4876e8bb786c143aa60afc90c4

Download Submit
C:\Windows\system\ZChIswH.exe

Filesize
6.0MB

MD5
ae8a134af71e600df2f94821f57318e3

SHA1
5f9ed9b1d74baf83d4e468da58f44c82646985c3

SHA256
9ebe4dae736369ad7344632806e33bea58078988fbed16fdbf9a9d48c5450c10

SHA512
1578a2a28e14decba0b8c7f40be9e1e5192a22db2cdf7117aa8478629ee8f3932fa42f25e4f3d9bfa8e8e39f50f90ea09049ca56c7387ed24d5043b5d04cc7dc

Download Submit
C:\Windows\system\aHtvkqR.exe

Filesize
6.0MB

MD5
388dbd2c07a656bbe9a5a8ac8b9907bf

SHA1
674e900c03364b1f2e3230438159b5a7aa31af09

SHA256
fa5a8ef1595b2c6990fbe5c25fe4c9851be79af5d6bef1f14db57b8ee613fe36

SHA512
507f38d7b12109214f91b490e5129d6d5fb4d6d9e2572ca01fe54f5e950dba6c31d9eb157ecbcc2ef0b570089f2bf29d911f03e30dbc8e8ac1989d92eee33c05

Download Submit
C:\Windows\system\dIvUlqO.exe

Filesize
6.0MB

MD5
3f984f0615d9c9aa6946f5df7a30077c

SHA1
e6e845da994fea6aa99bdec3bf1fea454a6cb979

SHA256
eea9dda7198d81616449271bcf928fa4c7f01674febcfcb6170fe9e3478e9f59

SHA512
e62283cfbf6c5083d8929d9fbd77d8d30a029ad645f3a48cf2d7498ecfa11fe601d46416442a00db9e6dbb125210830dc3570f224144df37987a22d104a18a0e

Download Submit
C:\Windows\system\eGIbjPM.exe

Filesize
6.0MB

MD5
da0f6e3b5aaabd66b3ecde75b1792026

SHA1
53ef5f00707c3b2ae661bc5705233f3219ec3c1c

SHA256
22965bf994c1444209bdd7a1f1d7ed44f189d46399ec8e819796ceb14c7824fd

SHA512
881cbff17ff7282bb86be53a47e6c4d784c54adf77821bbe21a83abf59cca639e96f1dcdfc0a64c9cd919f348690814f04fdc62b26f37ababc775c06bb7b9cf3

Download Submit
C:\Windows\system\fXtrkPj.exe

Filesize
6.0MB

MD5
c8758dbf2a14248e9f9e8dd72918a75e

SHA1
8663144c7c6c919876536db640d7466a82a6670a

SHA256
d41f0af5e923ddd4c0c5458927a4a067bf28a545c5084f0a2ebe4f5ca251f199

SHA512
49d66c9136ef8842ba93f5b9e23b5d8299c775f9c42a778e4dfe6ea62f5e8feb8e0525381fb23a6362127190b941f3f59a918344a82009ddda37f24f32781082

Download Submit
C:\Windows\system\gYmYrXN.exe

Filesize
6.0MB

MD5
f09e0b5844b9c1584e5c95eed0c5c7fb

SHA1
c008389a2e1cc7683fbcbd696e8a7de88401e77a

SHA256
8cda7f00c80b1b7f540ef196b00f042a65a19a4e63460cc4b07acfb0181e255d

SHA512
bece79a690380f60a6bab477446ee32e47f010ac1a3cdfcf759e3d7d7936b69c6138b8acfc2cb226234817f3833625256f7171e5b3a89c10db2833a1a425a412

Download Submit
C:\Windows\system\mTnBcWt.exe

Filesize
6.0MB

MD5
564b0350b3780da726677d5b30dac279

SHA1
edae21c83605c5fb93410201195151f0c8f91c5b

SHA256
9ea6b3e262a24138b6cdd30ac8a50253a2932f90f7c533576ed6816bc4708eed

SHA512
8f9fb9440bcf4422483ec8dc07ba2a4bf894a81977215e17bb317c55bfa5ea5534e43b3c73d5ce621154de5f8131073de554e428b593e0d1f89d8e4a65d968af

Download Submit
C:\Windows\system\mqPbZAr.exe

Filesize
6.0MB

MD5
567a5a8c34ef2dda679b70772851faef

SHA1
2d6f5b52fcf73cf72a15232c5a735aa647e8f7b8

SHA256
c13abf15bf685eeb13301cb0c4c52db398b17c29074f2e8d74c1f62c1137223a

SHA512
fd48f1ea3b61b206151d7667b213b0caea4c77ab8bd0d117459ae22a4805a9f29984157484c1e7845141e4524e02c5d01da084fc54c683fd7b097d235ffc92e6

Download Submit
C:\Windows\system\myfroNQ.exe

Filesize
6.0MB

MD5
2b26640977c8806a7e1cfe16cf693312

SHA1
fc39efb46267b23bca670df936b7110f9c6fafbb

SHA256
f6b05d5241b32548d1501302d0fbc9b0e418c80db08a41380819c1e403ab1c17

SHA512
67202685dccdda2f91cac237d757c3c9ddca5c0bb6e297c35675463c7697ce0ea1e6651d2e41c60364ae2125a7503e37cc720f804fac6c776140ec5171085592

Download Submit
C:\Windows\system\npmTuWt.exe

Filesize
6.0MB

MD5
7cd8119dfbf9fa76e270dc7376c4143c

SHA1
8a0a4356465ad8a26bd22cb3cfbec0d4213deb55

SHA256
83f31965dd88baa388221d2b3fae34ded21717cd1c69b8a4ffca924415413210

SHA512
1cea005b17fdfb37309a28292c14b9cb6773c8bfa99c67b2d8da225875e09c8a8514b8b290e61b4588656f62bcef6f28712654bebab748316f652376bdbd27b4

Download Submit
C:\Windows\system\oSMrZGp.exe

Filesize
6.0MB

MD5
2fc8db58f2c596b737650ed3561256ad

SHA1
3089e8666ed75c72f0c48991e66c544f9afd74b1

SHA256
35b7e28b4a67694eaa36505714dfc9892f7cb5938073447571a76d1a99057261

SHA512
9d67e6bcda5b44cf59847d353e487d5ee795beea6c2b9d8fbdd532624a95179b6de8d37998119b7590cf7461ea64577057df0583d87bf918e1f7497fc0e45ed3

Download Submit
C:\Windows\system\qewrEuF.exe

Filesize
6.0MB

MD5
931a8be08c6f1263df7503255d51fb30

SHA1
e47d99399aaabc42addeb543f7baf08c93b489b2

SHA256
9dbd9dfe92ee920c47a31d28152a47ac87163b0ad7e047e177140f153c555f0e

SHA512
e672fa2a20d476e12ed467a1300dc9e2717ca1c9107ad20ee18b392dea7c3534c521d2b602858e8f357e5f44abb349a6042118d409a9956ead632f7a7ab09f62

Download Submit
C:\Windows\system\wtpaUel.exe

Filesize
6.0MB

MD5
6897597f83b827744a89e2f689ebf1c3

SHA1
ee60a039f2c1c8e596a6cc1c19b98083598eb80e

SHA256
2c5d20e9333b9d30a171ab758556f841392862157b42a18248b41f9b6180943d

SHA512
233645ec55f3c8d24c7c87f613efae550c9f2f2aef671cc76572f07da65327334e111ea86848247f24306533df7c13d44dfe852b662db77014bc20db3fd9e2f7

Download Submit
C:\Windows\system\yMHeEaz.exe

Filesize
6.0MB

MD5
e4cef7d011bac2968993f9baa055b3ea

SHA1
71841e73e80581b8a02405efd74e63518417838d

SHA256
0b729da5085e0cbac50c53e7fce7022570bcc4ce28b3c63fc1f5a9ee7ca3757f

SHA512
a6828f1c5571359fa133181fc0539d2e8992ef682bdee79b198b73b6d47f9b763a513b4ab3a912c19a01383fe57d44fe9835dc1583f393d5bf4ad459bd9bc8cb

Download Submit
\Windows\system\CMGgUsD.exe

Filesize
6.0MB

MD5
028806faf9a2d121e8ddf52ab0a83e88

SHA1
2ea3e770840c3fe9964c4a526bf52727741c9273

SHA256
471c5de335a639349cd29f23d13399c45d33b52bb981e2e5f1efa39b39271c85

SHA512
beb3609abb12b544e91ec4a3c571989f0db99589df3ea868deb6db151630046234d9d8b48f617463aaeb0da19c826dcdc7930e0d8b75b65d616730c7a8229fd3

Download Submit
memory/476-20-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/476-4055-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-80-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-4052-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-3034-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-37-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-10-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-4050-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2232-73-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2300-13-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2300-41-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2300-4044-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2404-77-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-22-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2404-90-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2404-84-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2404-91-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2404-14-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2404-59-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2404-76-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2404-83-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2404-0-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2404-70-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-483-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2404-574-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2404-376-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2404-53-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2404-16-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2404-47-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2404-28-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-283-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2404-34-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2480-26-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2480-4045-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2536-51-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2536-4046-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2556-62-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2556-4049-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2576-4051-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2576-67-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2680-4053-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-32-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-87-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2748-4048-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2792-4047-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2792-38-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2840-56-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2840-4056-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/3000-44-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-4054-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download