cobaltstrike | 854b0603c93695b462abd8d3ee2adaef2fab8d854c310e8dbd112740723e4e95

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-09-2024 12:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.1MB
MD5

301dfc0ff52d11138e2e3f67233c199c
SHA1

2e14bf6d52e0fea481882d99383ac5b5bdda277f
SHA256

854b0603c93695b462abd8d3ee2adaef2fab8d854c310e8dbd112740723e4e95
SHA512

63e53205ed856fa25f8cd701de165eb74042c17d2b30bd2a7dd86d35494677b4f0ceb4dcdfbcc5c7236f4ee2d230488ae17a30a782ef7a238958101028230252
SSDEEP

98304:IapSdlWdfE0pZPD56utgpPFotBER/mQ32lUO:32Y56utgpPF8u/7O

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0009000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001878c-7.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018bf3-19.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001922c-25.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018731-37.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019279-51.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001926a-47.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019261-33.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000192a9-62.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019506-73.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194fc-76.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957e-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952f-77.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-99.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-131.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e6-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c56-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c58-194.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000199b9-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c54-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001963b-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196c0-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001970b-172.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001967f-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962b-150.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2112-0-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x0009000000012117-3.dat	xmrig
behavioral1/files/0x000700000001878c-7.dat	xmrig
behavioral1/memory/2984-15-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2920-11-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/files/0x0008000000018bf3-19.dat	xmrig
behavioral1/memory/2128-24-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2052-28-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x000700000001922c-25.dat	xmrig
behavioral1/files/0x0007000000018731-37.dat	xmrig
behavioral1/memory/2708-42-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/3000-36-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/files/0x0006000000019279-51.dat	xmrig
behavioral1/memory/2128-56-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2656-49-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2984-48-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/files/0x000600000001926a-47.dat	xmrig
behavioral1/memory/2640-57-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2920-35-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2112-34-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x0006000000019261-33.dat	xmrig
behavioral1/memory/2052-58-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x00080000000192a9-62.dat	xmrig
behavioral1/memory/3000-66-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2924-68-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x0005000000019506-73.dat	xmrig
behavioral1/files/0x00050000000194fc-76.dat	xmrig
behavioral1/files/0x000500000001957e-80.dat	xmrig
behavioral1/files/0x000500000001952f-77.dat	xmrig
behavioral1/files/0x00050000000195a7-99.dat	xmrig
behavioral1/files/0x000500000001961d-115.dat	xmrig
behavioral1/files/0x0005000000019627-131.dat	xmrig
behavioral1/memory/2452-91-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/files/0x00050000000195e6-155.dat	xmrig
behavioral1/files/0x0005000000019623-137.dat	xmrig
behavioral1/files/0x000500000001961f-158.dat	xmrig
behavioral1/files/0x0005000000019c56-189.dat	xmrig
behavioral1/memory/2112-692-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2580-983-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c58-194.dat	xmrig
behavioral1/files/0x00050000000199b9-180.dat	xmrig
behavioral1/files/0x0005000000019c54-184.dat	xmrig
behavioral1/files/0x000500000001963b-168.dat	xmrig
behavioral1/files/0x0005000000019629-164.dat	xmrig
behavioral1/files/0x0005000000019625-163.dat	xmrig
behavioral1/files/0x0005000000019622-160.dat	xmrig
behavioral1/files/0x00050000000196c0-156.dat	xmrig
behavioral1/memory/2112-135-0x0000000002300000-0x0000000002654000-memory.dmp	xmrig
behavioral1/memory/2640-129-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019621-126.dat	xmrig
behavioral1/memory/2580-104-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/files/0x000500000001970b-172.dat	xmrig
behavioral1/memory/2524-92-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2656-90-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2676-88-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/files/0x000500000001967f-151.dat	xmrig
behavioral1/files/0x000500000001962b-150.dat	xmrig
behavioral1/memory/2304-109-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2708-72-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2920-3997-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2984-3998-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2128-3999-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2052-4000-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2708-4001-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2920	ieWtmem.exe
2984	wZJrCZM.exe
2128	CTErYas.exe
2052	TFIXXXX.exe
3000	DEaXULn.exe
2708	NoLdLDj.exe
2656	vbTPXgG.exe
2640	XKEgsiG.exe
2924	EzdIyfw.exe
2676	UEhzRxD.exe
2452	zXOMDbA.exe
2524	JkqouMI.exe
2580	QpfidTf.exe
2304	iLJfebc.exe
1020	TqAwuZd.exe
1664	IzwdyIC.exe
2292	pfarbTR.exe
1432	tPeSqAU.exe
1892	mwfPhVJ.exe
1828	wZqVysM.exe
1140	glETmHE.exe
1464	LyToZjo.exe
1252	APmsIJd.exe
2300	MHDVpbv.exe
1888	nHFRmKv.exe
1680	ezRGmfR.exe
2724	CTawdqR.exe
2820	sAfWsVr.exe
2028	nPUEZfT.exe
2148	KUMhYcf.exe
1696	RGfisCl.exe
2380	BqGetUF.exe
840	rVoQlIk.exe
1604	VMJVJpK.exe
1528	BlEXGkL.exe
1932	CsZPNqA.exe
1204	FPDQnYb.exe
1644	FNaKEXN.exe
1648	uPNuzsq.exe
908	AzghNrc.exe
1208	jqsSpuC.exe
236	GMgixjN.exe
320	PTolJDN.exe
2184	TABxUZi.exe
2592	DUFRwRi.exe
2860	jPeKKcj.exe
812	LKoGsjF.exe
1880	NPmBJBv.exe
484	ikhbrIJ.exe
2224	cwiTZTp.exe
896	qlRmSLV.exe
2588	jXYgkqp.exe
1492	UQCKLno.exe
2992	nsfaQKy.exe
1636	eLqvKzv.exe
2972	BtuElUc.exe
1780	kQEVALy.exe
2428	ejITuCT.exe
2768	LaLBqyp.exe
576	GZJHXxy.exe
2848	hRVAUfr.exe
2700	UoYHNhz.exe
2712	rkrkNFU.exe
2616	ghRfdNx.exe

Loads dropped DLL 64 IoCs

pid	Process
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2112-0-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x0009000000012117-3.dat	upx
behavioral1/files/0x000700000001878c-7.dat	upx
behavioral1/memory/2984-15-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2920-11-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/files/0x0008000000018bf3-19.dat	upx
behavioral1/memory/2128-24-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2052-28-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/files/0x000700000001922c-25.dat	upx
behavioral1/files/0x0007000000018731-37.dat	upx
behavioral1/memory/2708-42-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/3000-36-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/files/0x0006000000019279-51.dat	upx
behavioral1/memory/2128-56-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2656-49-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2984-48-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/files/0x000600000001926a-47.dat	upx
behavioral1/memory/2640-57-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2920-35-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2112-34-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x0006000000019261-33.dat	upx
behavioral1/memory/2052-58-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/files/0x00080000000192a9-62.dat	upx
behavioral1/memory/3000-66-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2924-68-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x0005000000019506-73.dat	upx
behavioral1/files/0x00050000000194fc-76.dat	upx
behavioral1/files/0x000500000001957e-80.dat	upx
behavioral1/files/0x000500000001952f-77.dat	upx
behavioral1/files/0x00050000000195a7-99.dat	upx
behavioral1/files/0x000500000001961d-115.dat	upx
behavioral1/files/0x0005000000019627-131.dat	upx
behavioral1/memory/2452-91-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/files/0x00050000000195e6-155.dat	upx
behavioral1/files/0x0005000000019623-137.dat	upx
behavioral1/files/0x000500000001961f-158.dat	upx
behavioral1/files/0x0005000000019c56-189.dat	upx
behavioral1/memory/2580-983-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/files/0x0005000000019c58-194.dat	upx
behavioral1/files/0x00050000000199b9-180.dat	upx
behavioral1/files/0x0005000000019c54-184.dat	upx
behavioral1/files/0x000500000001963b-168.dat	upx
behavioral1/files/0x0005000000019629-164.dat	upx
behavioral1/files/0x0005000000019625-163.dat	upx
behavioral1/files/0x0005000000019622-160.dat	upx
behavioral1/files/0x00050000000196c0-156.dat	upx
behavioral1/memory/2640-129-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/files/0x0005000000019621-126.dat	upx
behavioral1/memory/2580-104-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/files/0x000500000001970b-172.dat	upx
behavioral1/memory/2524-92-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2656-90-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2676-88-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/files/0x000500000001967f-151.dat	upx
behavioral1/files/0x000500000001962b-150.dat	upx
behavioral1/memory/2304-109-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2708-72-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2920-3997-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2984-3998-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2128-3999-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2052-4000-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2708-4001-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/3000-4002-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2640-4003-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\auQiXei.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dxcYrOY.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wHEyXOa.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\buvdcev.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\syaesbA.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ftwPDqH.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yeWnmrS.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UoYZqAn.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TArclFh.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GrgbCkJ.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jvaLEzm.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\REDToDa.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JzhjiUx.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lQEcncG.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GcNATzH.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eZSoflU.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JpgxFJt.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XKEgsiG.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qxzxoOp.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HEenJFU.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oRbxrqy.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WvALKes.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mNLjWSS.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QpfidTf.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cioFggD.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cECAngj.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yHFAUqv.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wAJPYnc.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ifbcqKU.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pCUigFX.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AutRWZa.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WpmKRLF.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BuKKiBf.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MqVfvXf.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NVTqqOC.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\trJzgJY.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dSiiCwW.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SLyeNrN.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GePTXsl.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tiqbMVE.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tWttXvo.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\abtNUpA.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OwFbSOv.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XRiapOG.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ewOdOce.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iFsDAGH.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iGfdAXE.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wJjLIcY.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yBdplbG.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UlLUeRh.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gWooymW.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NhwmeYj.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WYKJRBl.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GcfrCjJ.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tbtcXgA.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EpNdyjY.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BALhmKR.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FFtEwhV.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MKvShJD.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BmlsDjm.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CNIgoCh.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yKXqslT.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VPGylNG.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bENvrmE.exe	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2920	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2112 wrote to memory of 2920	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2112 wrote to memory of 2920	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2112 wrote to memory of 2984	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2112 wrote to memory of 2984	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2112 wrote to memory of 2984	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2112 wrote to memory of 2128	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2112 wrote to memory of 2128	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2112 wrote to memory of 2128	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2112 wrote to memory of 2052	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2112 wrote to memory of 2052	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2112 wrote to memory of 2052	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2112 wrote to memory of 3000	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2112 wrote to memory of 3000	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2112 wrote to memory of 3000	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2112 wrote to memory of 2708	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2112 wrote to memory of 2708	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2112 wrote to memory of 2708	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2112 wrote to memory of 2656	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2112 wrote to memory of 2656	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2112 wrote to memory of 2656	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2112 wrote to memory of 2640	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2112 wrote to memory of 2640	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2112 wrote to memory of 2640	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2112 wrote to memory of 2924	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2112 wrote to memory of 2924	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2112 wrote to memory of 2924	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2112 wrote to memory of 2676	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2112 wrote to memory of 2676	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2112 wrote to memory of 2676	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2112 wrote to memory of 2452	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2112 wrote to memory of 2452	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2112 wrote to memory of 2452	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2112 wrote to memory of 2524	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2112 wrote to memory of 2524	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2112 wrote to memory of 2524	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2112 wrote to memory of 2580	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2112 wrote to memory of 2580	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2112 wrote to memory of 2580	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2112 wrote to memory of 2304	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2112 wrote to memory of 2304	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2112 wrote to memory of 2304	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2112 wrote to memory of 1140	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2112 wrote to memory of 1140	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2112 wrote to memory of 1140	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2112 wrote to memory of 1020	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2112 wrote to memory of 1020	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2112 wrote to memory of 1020	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2112 wrote to memory of 1464	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2112 wrote to memory of 1464	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2112 wrote to memory of 1464	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2112 wrote to memory of 1664	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2112 wrote to memory of 1664	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2112 wrote to memory of 1664	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2112 wrote to memory of 1252	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2112 wrote to memory of 1252	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2112 wrote to memory of 1252	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2112 wrote to memory of 2292	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2112 wrote to memory of 2292	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2112 wrote to memory of 2292	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2112 wrote to memory of 2300	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2112 wrote to memory of 2300	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2112 wrote to memory of 2300	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2112 wrote to memory of 1432	2112	2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-14_301dfc0ff52d11138e2e3f67233c199c_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Windows\System\ieWtmem.exe
  C:\Windows\System\ieWtmem.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\wZJrCZM.exe
  C:\Windows\System\wZJrCZM.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\CTErYas.exe
  C:\Windows\System\CTErYas.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\TFIXXXX.exe
  C:\Windows\System\TFIXXXX.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\DEaXULn.exe
  C:\Windows\System\DEaXULn.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\NoLdLDj.exe
  C:\Windows\System\NoLdLDj.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\vbTPXgG.exe
  C:\Windows\System\vbTPXgG.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\XKEgsiG.exe
  C:\Windows\System\XKEgsiG.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\EzdIyfw.exe
  C:\Windows\System\EzdIyfw.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\UEhzRxD.exe
  C:\Windows\System\UEhzRxD.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\zXOMDbA.exe
  C:\Windows\System\zXOMDbA.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\JkqouMI.exe
  C:\Windows\System\JkqouMI.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\QpfidTf.exe
  C:\Windows\System\QpfidTf.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\iLJfebc.exe
  C:\Windows\System\iLJfebc.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\glETmHE.exe
  C:\Windows\System\glETmHE.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\TqAwuZd.exe
  C:\Windows\System\TqAwuZd.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\LyToZjo.exe
  C:\Windows\System\LyToZjo.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\IzwdyIC.exe
  C:\Windows\System\IzwdyIC.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\APmsIJd.exe
  C:\Windows\System\APmsIJd.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\pfarbTR.exe
  C:\Windows\System\pfarbTR.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\MHDVpbv.exe
  C:\Windows\System\MHDVpbv.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\tPeSqAU.exe
  C:\Windows\System\tPeSqAU.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\nHFRmKv.exe
  C:\Windows\System\nHFRmKv.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\mwfPhVJ.exe
  C:\Windows\System\mwfPhVJ.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\ezRGmfR.exe
  C:\Windows\System\ezRGmfR.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\wZqVysM.exe
  C:\Windows\System\wZqVysM.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\sAfWsVr.exe
  C:\Windows\System\sAfWsVr.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\CTawdqR.exe
  C:\Windows\System\CTawdqR.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\nPUEZfT.exe
  C:\Windows\System\nPUEZfT.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\KUMhYcf.exe
  C:\Windows\System\KUMhYcf.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\RGfisCl.exe
  C:\Windows\System\RGfisCl.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\BqGetUF.exe
  C:\Windows\System\BqGetUF.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\rVoQlIk.exe
  C:\Windows\System\rVoQlIk.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\VMJVJpK.exe
  C:\Windows\System\VMJVJpK.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\BlEXGkL.exe
  C:\Windows\System\BlEXGkL.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\CsZPNqA.exe
  C:\Windows\System\CsZPNqA.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\FPDQnYb.exe
  C:\Windows\System\FPDQnYb.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\FNaKEXN.exe
  C:\Windows\System\FNaKEXN.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\uPNuzsq.exe
  C:\Windows\System\uPNuzsq.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\AzghNrc.exe
  C:\Windows\System\AzghNrc.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\jqsSpuC.exe
  C:\Windows\System\jqsSpuC.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\GMgixjN.exe
  C:\Windows\System\GMgixjN.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\PTolJDN.exe
  C:\Windows\System\PTolJDN.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\TABxUZi.exe
  C:\Windows\System\TABxUZi.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\DUFRwRi.exe
  C:\Windows\System\DUFRwRi.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\jPeKKcj.exe
  C:\Windows\System\jPeKKcj.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\LKoGsjF.exe
  C:\Windows\System\LKoGsjF.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\NPmBJBv.exe
  C:\Windows\System\NPmBJBv.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\ikhbrIJ.exe
  C:\Windows\System\ikhbrIJ.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\cwiTZTp.exe
  C:\Windows\System\cwiTZTp.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\qlRmSLV.exe
  C:\Windows\System\qlRmSLV.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\jXYgkqp.exe
  C:\Windows\System\jXYgkqp.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\nsfaQKy.exe
  C:\Windows\System\nsfaQKy.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\UQCKLno.exe
  C:\Windows\System\UQCKLno.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\eLqvKzv.exe
  C:\Windows\System\eLqvKzv.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\BtuElUc.exe
  C:\Windows\System\BtuElUc.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\kQEVALy.exe
  C:\Windows\System\kQEVALy.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\ejITuCT.exe
  C:\Windows\System\ejITuCT.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\LaLBqyp.exe
  C:\Windows\System\LaLBqyp.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\GZJHXxy.exe
  C:\Windows\System\GZJHXxy.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\hRVAUfr.exe
  C:\Windows\System\hRVAUfr.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\UoYHNhz.exe
  C:\Windows\System\UoYHNhz.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\rkrkNFU.exe
  C:\Windows\System\rkrkNFU.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\ghRfdNx.exe
  C:\Windows\System\ghRfdNx.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\KtYjiwN.exe
  C:\Windows\System\KtYjiwN.exe
  2⤵
  PID:1848
- C:\Windows\System\dtGFoLi.exe
  C:\Windows\System\dtGFoLi.exe
  2⤵
  PID:2544
- C:\Windows\System\yyGViMc.exe
  C:\Windows\System\yyGViMc.exe
  2⤵
  PID:2852
- C:\Windows\System\jYPPGUf.exe
  C:\Windows\System\jYPPGUf.exe
  2⤵
  PID:2536
- C:\Windows\System\JbgZYys.exe
  C:\Windows\System\JbgZYys.exe
  2⤵
  PID:2560
- C:\Windows\System\ErLmJTZ.exe
  C:\Windows\System\ErLmJTZ.exe
  2⤵
  PID:1120
- C:\Windows\System\JOffkLq.exe
  C:\Windows\System\JOffkLq.exe
  2⤵
  PID:1952
- C:\Windows\System\WCRFLfQ.exe
  C:\Windows\System\WCRFLfQ.exe
  2⤵
  PID:1732
- C:\Windows\System\ujFYoto.exe
  C:\Windows\System\ujFYoto.exe
  2⤵
  PID:2736
- C:\Windows\System\XsafOzj.exe
  C:\Windows\System\XsafOzj.exe
  2⤵
  PID:2552
- C:\Windows\System\UpCatgY.exe
  C:\Windows\System\UpCatgY.exe
  2⤵
  PID:2440
- C:\Windows\System\izEtRhJ.exe
  C:\Windows\System\izEtRhJ.exe
  2⤵
  PID:288
- C:\Windows\System\xbSuXEI.exe
  C:\Windows\System\xbSuXEI.exe
  2⤵
  PID:2248
- C:\Windows\System\LVuQeSd.exe
  C:\Windows\System\LVuQeSd.exe
  2⤵
  PID:1196
- C:\Windows\System\SrICjwi.exe
  C:\Windows\System\SrICjwi.exe
  2⤵
  PID:2548
- C:\Windows\System\EIsRELo.exe
  C:\Windows\System\EIsRELo.exe
  2⤵
  PID:2692
- C:\Windows\System\JeUCxmX.exe
  C:\Windows\System\JeUCxmX.exe
  2⤵
  PID:1436
- C:\Windows\System\BvUZJWU.exe
  C:\Windows\System\BvUZJWU.exe
  2⤵
  PID:1712
- C:\Windows\System\OIVcBYu.exe
  C:\Windows\System\OIVcBYu.exe
  2⤵
  PID:1536
- C:\Windows\System\qVmtHKl.exe
  C:\Windows\System\qVmtHKl.exe
  2⤵
  PID:1608
- C:\Windows\System\BJnNXrU.exe
  C:\Windows\System\BJnNXrU.exe
  2⤵
  PID:2188
- C:\Windows\System\AASnoAs.exe
  C:\Windows\System\AASnoAs.exe
  2⤵
  PID:1700
- C:\Windows\System\hZdKbbH.exe
  C:\Windows\System\hZdKbbH.exe
  2⤵
  PID:916
- C:\Windows\System\EVfyRtW.exe
  C:\Windows\System\EVfyRtW.exe
  2⤵
  PID:592
- C:\Windows\System\kltTNyd.exe
  C:\Windows\System\kltTNyd.exe
  2⤵
  PID:2060
- C:\Windows\System\liHJQNp.exe
  C:\Windows\System\liHJQNp.exe
  2⤵
  PID:2200
- C:\Windows\System\ywvvYuT.exe
  C:\Windows\System\ywvvYuT.exe
  2⤵
  PID:2432
- C:\Windows\System\qpTaEMS.exe
  C:\Windows\System\qpTaEMS.exe
  2⤵
  PID:1832
- C:\Windows\System\AweXsSE.exe
  C:\Windows\System\AweXsSE.exe
  2⤵
  PID:2080
- C:\Windows\System\bVFAhsg.exe
  C:\Windows\System\bVFAhsg.exe
  2⤵
  PID:764
- C:\Windows\System\vyGhZHu.exe
  C:\Windows\System\vyGhZHu.exe
  2⤵
  PID:756
- C:\Windows\System\NDxtLLz.exe
  C:\Windows\System\NDxtLLz.exe
  2⤵
  PID:2376
- C:\Windows\System\DNuZKUQ.exe
  C:\Windows\System\DNuZKUQ.exe
  2⤵
  PID:2064
- C:\Windows\System\AXeqaDk.exe
  C:\Windows\System\AXeqaDk.exe
  2⤵
  PID:1884
- C:\Windows\System\LqiJGSL.exe
  C:\Windows\System\LqiJGSL.exe
  2⤵
  PID:2788
- C:\Windows\System\rsHtVpH.exe
  C:\Windows\System\rsHtVpH.exe
  2⤵
  PID:2720
- C:\Windows\System\XGfrzAM.exe
  C:\Windows\System\XGfrzAM.exe
  2⤵
  PID:2624
- C:\Windows\System\lyyWlmD.exe
  C:\Windows\System\lyyWlmD.exe
  2⤵
  PID:2696
- C:\Windows\System\OiPOTgY.exe
  C:\Windows\System\OiPOTgY.exe
  2⤵
  PID:2668
- C:\Windows\System\EGJdbkn.exe
  C:\Windows\System\EGJdbkn.exe
  2⤵
  PID:3024
- C:\Windows\System\oVVGvwg.exe
  C:\Windows\System\oVVGvwg.exe
  2⤵
  PID:1096
- C:\Windows\System\dlHPDus.exe
  C:\Windows\System\dlHPDus.exe
  2⤵
  PID:1344
- C:\Windows\System\ntmvUuA.exe
  C:\Windows\System\ntmvUuA.exe
  2⤵
  PID:2960
- C:\Windows\System\auQiXei.exe
  C:\Windows\System\auQiXei.exe
  2⤵
  PID:2456
- C:\Windows\System\WwkgSBE.exe
  C:\Windows\System\WwkgSBE.exe
  2⤵
  PID:1912
- C:\Windows\System\yhhHuYK.exe
  C:\Windows\System\yhhHuYK.exe
  2⤵
  PID:2876
- C:\Windows\System\ueAbCvf.exe
  C:\Windows\System\ueAbCvf.exe
  2⤵
  PID:1716
- C:\Windows\System\WptYMUC.exe
  C:\Windows\System\WptYMUC.exe
  2⤵
  PID:584
- C:\Windows\System\trJzgJY.exe
  C:\Windows\System\trJzgJY.exe
  2⤵
  PID:2236
- C:\Windows\System\DECmqMv.exe
  C:\Windows\System\DECmqMv.exe
  2⤵
  PID:1460
- C:\Windows\System\jkhFliw.exe
  C:\Windows\System\jkhFliw.exe
  2⤵
  PID:2828
- C:\Windows\System\GPPvekm.exe
  C:\Windows\System\GPPvekm.exe
  2⤵
  PID:2096
- C:\Windows\System\jXyfrAJ.exe
  C:\Windows\System\jXyfrAJ.exe
  2⤵
  PID:2348
- C:\Windows\System\vPNlfmd.exe
  C:\Windows\System\vPNlfmd.exe
  2⤵
  PID:1860
- C:\Windows\System\rVrwbEV.exe
  C:\Windows\System\rVrwbEV.exe
  2⤵
  PID:1408
- C:\Windows\System\OMaqgwz.exe
  C:\Windows\System\OMaqgwz.exe
  2⤵
  PID:2900
- C:\Windows\System\JmhHfTk.exe
  C:\Windows\System\JmhHfTk.exe
  2⤵
  PID:2088
- C:\Windows\System\yVMjgZH.exe
  C:\Windows\System\yVMjgZH.exe
  2⤵
  PID:2688
- C:\Windows\System\NyxfDpk.exe
  C:\Windows\System\NyxfDpk.exe
  2⤵
  PID:2952
- C:\Windows\System\SiMFCzl.exe
  C:\Windows\System\SiMFCzl.exe
  2⤵
  PID:2784
- C:\Windows\System\EJYhtep.exe
  C:\Windows\System\EJYhtep.exe
  2⤵
  PID:1336
- C:\Windows\System\IBruCOj.exe
  C:\Windows\System\IBruCOj.exe
  2⤵
  PID:2620
- C:\Windows\System\JByFbJK.exe
  C:\Windows\System\JByFbJK.exe
  2⤵
  PID:1300
- C:\Windows\System\LTiXfmv.exe
  C:\Windows\System\LTiXfmv.exe
  2⤵
  PID:952
- C:\Windows\System\qXBORgt.exe
  C:\Windows\System\qXBORgt.exe
  2⤵
  PID:1276
- C:\Windows\System\uLgIXxC.exe
  C:\Windows\System\uLgIXxC.exe
  2⤵
  PID:328
- C:\Windows\System\rOteayl.exe
  C:\Windows\System\rOteayl.exe
  2⤵
  PID:2496
- C:\Windows\System\ZdkjQVK.exe
  C:\Windows\System\ZdkjQVK.exe
  2⤵
  PID:1516
- C:\Windows\System\GzfKoEx.exe
  C:\Windows\System\GzfKoEx.exe
  2⤵
  PID:2760
- C:\Windows\System\YlLwboz.exe
  C:\Windows\System\YlLwboz.exe
  2⤵
  PID:2796
- C:\Windows\System\QdyusQz.exe
  C:\Windows\System\QdyusQz.exe
  2⤵
  PID:2912
- C:\Windows\System\ETeEkgw.exe
  C:\Windows\System\ETeEkgw.exe
  2⤵
  PID:2844
- C:\Windows\System\htQcSwg.exe
  C:\Windows\System\htQcSwg.exe
  2⤵
  PID:832
- C:\Windows\System\vOEaUcF.exe
  C:\Windows\System\vOEaUcF.exe
  2⤵
  PID:2484
- C:\Windows\System\QwjlCQO.exe
  C:\Windows\System\QwjlCQO.exe
  2⤵
  PID:380
- C:\Windows\System\YUFOvGj.exe
  C:\Windows\System\YUFOvGj.exe
  2⤵
  PID:336
- C:\Windows\System\idNMEbv.exe
  C:\Windows\System\idNMEbv.exe
  2⤵
  PID:3088
- C:\Windows\System\xnruyGS.exe
  C:\Windows\System\xnruyGS.exe
  2⤵
  PID:3104
- C:\Windows\System\OsftzHp.exe
  C:\Windows\System\OsftzHp.exe
  2⤵
  PID:3124
- C:\Windows\System\YqGdYEn.exe
  C:\Windows\System\YqGdYEn.exe
  2⤵
  PID:3144
- C:\Windows\System\debJcJa.exe
  C:\Windows\System\debJcJa.exe
  2⤵
  PID:3164
- C:\Windows\System\iFsDAGH.exe
  C:\Windows\System\iFsDAGH.exe
  2⤵
  PID:3184
- C:\Windows\System\MOZNLfC.exe
  C:\Windows\System\MOZNLfC.exe
  2⤵
  PID:3208
- C:\Windows\System\OjwHrGa.exe
  C:\Windows\System\OjwHrGa.exe
  2⤵
  PID:3228
- C:\Windows\System\dtQjzzW.exe
  C:\Windows\System\dtQjzzW.exe
  2⤵
  PID:3248
- C:\Windows\System\UIEkiBy.exe
  C:\Windows\System\UIEkiBy.exe
  2⤵
  PID:3268
- C:\Windows\System\pCUigFX.exe
  C:\Windows\System\pCUigFX.exe
  2⤵
  PID:3288
- C:\Windows\System\aqswOFy.exe
  C:\Windows\System\aqswOFy.exe
  2⤵
  PID:3304
- C:\Windows\System\UbLIXTp.exe
  C:\Windows\System\UbLIXTp.exe
  2⤵
  PID:3324
- C:\Windows\System\lRJLzqk.exe
  C:\Windows\System\lRJLzqk.exe
  2⤵
  PID:3344
- C:\Windows\System\vEvyGqt.exe
  C:\Windows\System\vEvyGqt.exe
  2⤵
  PID:3364
- C:\Windows\System\dxcYrOY.exe
  C:\Windows\System\dxcYrOY.exe
  2⤵
  PID:3388
- C:\Windows\System\RHNAwlH.exe
  C:\Windows\System\RHNAwlH.exe
  2⤵
  PID:3408
- C:\Windows\System\GByXGea.exe
  C:\Windows\System\GByXGea.exe
  2⤵
  PID:3428
- C:\Windows\System\SxfFBKA.exe
  C:\Windows\System\SxfFBKA.exe
  2⤵
  PID:3448
- C:\Windows\System\sRoChWc.exe
  C:\Windows\System\sRoChWc.exe
  2⤵
  PID:3468
- C:\Windows\System\ZNCpnap.exe
  C:\Windows\System\ZNCpnap.exe
  2⤵
  PID:3488
- C:\Windows\System\yKHokJC.exe
  C:\Windows\System\yKHokJC.exe
  2⤵
  PID:3512
- C:\Windows\System\xNxVVbi.exe
  C:\Windows\System\xNxVVbi.exe
  2⤵
  PID:3532
- C:\Windows\System\KHTnZVb.exe
  C:\Windows\System\KHTnZVb.exe
  2⤵
  PID:3552
- C:\Windows\System\cioFggD.exe
  C:\Windows\System\cioFggD.exe
  2⤵
  PID:3572
- C:\Windows\System\iVthVpK.exe
  C:\Windows\System\iVthVpK.exe
  2⤵
  PID:3592
- C:\Windows\System\YsvRTuy.exe
  C:\Windows\System\YsvRTuy.exe
  2⤵
  PID:3612
- C:\Windows\System\YOLrvwt.exe
  C:\Windows\System\YOLrvwt.exe
  2⤵
  PID:3636
- C:\Windows\System\iTRTtYX.exe
  C:\Windows\System\iTRTtYX.exe
  2⤵
  PID:3656
- C:\Windows\System\kzrHWdO.exe
  C:\Windows\System\kzrHWdO.exe
  2⤵
  PID:3676
- C:\Windows\System\nVggRzF.exe
  C:\Windows\System\nVggRzF.exe
  2⤵
  PID:3696
- C:\Windows\System\fXuspwR.exe
  C:\Windows\System\fXuspwR.exe
  2⤵
  PID:3716
- C:\Windows\System\FtIiNwZ.exe
  C:\Windows\System\FtIiNwZ.exe
  2⤵
  PID:3736
- C:\Windows\System\vKvZywm.exe
  C:\Windows\System\vKvZywm.exe
  2⤵
  PID:3756
- C:\Windows\System\nhiNBom.exe
  C:\Windows\System\nhiNBom.exe
  2⤵
  PID:3776
- C:\Windows\System\qkVgYzf.exe
  C:\Windows\System\qkVgYzf.exe
  2⤵
  PID:3792
- C:\Windows\System\qQIYwTo.exe
  C:\Windows\System\qQIYwTo.exe
  2⤵
  PID:3812
- C:\Windows\System\agvXcYo.exe
  C:\Windows\System\agvXcYo.exe
  2⤵
  PID:3836
- C:\Windows\System\blhJCAg.exe
  C:\Windows\System\blhJCAg.exe
  2⤵
  PID:3856
- C:\Windows\System\qFMDMqr.exe
  C:\Windows\System\qFMDMqr.exe
  2⤵
  PID:3872
- C:\Windows\System\XLdOwFH.exe
  C:\Windows\System\XLdOwFH.exe
  2⤵
  PID:3892
- C:\Windows\System\ccjsfCz.exe
  C:\Windows\System\ccjsfCz.exe
  2⤵
  PID:3916
- C:\Windows\System\iGfdAXE.exe
  C:\Windows\System\iGfdAXE.exe
  2⤵
  PID:3936
- C:\Windows\System\tkIvYns.exe
  C:\Windows\System\tkIvYns.exe
  2⤵
  PID:3952
- C:\Windows\System\rftYNNr.exe
  C:\Windows\System\rftYNNr.exe
  2⤵
  PID:3976
- C:\Windows\System\GUwrpgC.exe
  C:\Windows\System\GUwrpgC.exe
  2⤵
  PID:3996
- C:\Windows\System\uTozVKa.exe
  C:\Windows\System\uTozVKa.exe
  2⤵
  PID:4016
- C:\Windows\System\nqmrpaF.exe
  C:\Windows\System\nqmrpaF.exe
  2⤵
  PID:4036
- C:\Windows\System\iOjZFIB.exe
  C:\Windows\System\iOjZFIB.exe
  2⤵
  PID:4056
- C:\Windows\System\JVNJXoX.exe
  C:\Windows\System\JVNJXoX.exe
  2⤵
  PID:4072
- C:\Windows\System\hRDbqKs.exe
  C:\Windows\System\hRDbqKs.exe
  2⤵
  PID:2904
- C:\Windows\System\mBQtfHT.exe
  C:\Windows\System\mBQtfHT.exe
  2⤵
  PID:2948
- C:\Windows\System\lQEcncG.exe
  C:\Windows\System\lQEcncG.exe
  2⤵
  PID:936
- C:\Windows\System\yNCeoyh.exe
  C:\Windows\System\yNCeoyh.exe
  2⤵
  PID:3016
- C:\Windows\System\OLgBDrK.exe
  C:\Windows\System\OLgBDrK.exe
  2⤵
  PID:1552
- C:\Windows\System\hGYPthz.exe
  C:\Windows\System\hGYPthz.exe
  2⤵
  PID:2400
- C:\Windows\System\goGhXlQ.exe
  C:\Windows\System\goGhXlQ.exe
  2⤵
  PID:3084
- C:\Windows\System\emxBpiy.exe
  C:\Windows\System\emxBpiy.exe
  2⤵
  PID:3152
- C:\Windows\System\JywarmY.exe
  C:\Windows\System\JywarmY.exe
  2⤵
  PID:3192
- C:\Windows\System\hGkZPLD.exe
  C:\Windows\System\hGkZPLD.exe
  2⤵
  PID:3136
- C:\Windows\System\OzlhXth.exe
  C:\Windows\System\OzlhXth.exe
  2⤵
  PID:3236
- C:\Windows\System\GouOQcT.exe
  C:\Windows\System\GouOQcT.exe
  2⤵
  PID:3284
- C:\Windows\System\IdALLzK.exe
  C:\Windows\System\IdALLzK.exe
  2⤵
  PID:3312
- C:\Windows\System\rNADEYt.exe
  C:\Windows\System\rNADEYt.exe
  2⤵
  PID:3296
- C:\Windows\System\qsVVNWh.exe
  C:\Windows\System\qsVVNWh.exe
  2⤵
  PID:3336
- C:\Windows\System\sgWESrV.exe
  C:\Windows\System\sgWESrV.exe
  2⤵
  PID:3400
- C:\Windows\System\EchJLPU.exe
  C:\Windows\System\EchJLPU.exe
  2⤵
  PID:3436
- C:\Windows\System\EWIOtwo.exe
  C:\Windows\System\EWIOtwo.exe
  2⤵
  PID:3476
- C:\Windows\System\fpFUSam.exe
  C:\Windows\System\fpFUSam.exe
  2⤵
  PID:3500
- C:\Windows\System\mQSfZqG.exe
  C:\Windows\System\mQSfZqG.exe
  2⤵
  PID:3524
- C:\Windows\System\WhZFuUE.exe
  C:\Windows\System\WhZFuUE.exe
  2⤵
  PID:3560
- C:\Windows\System\XjExOcQ.exe
  C:\Windows\System\XjExOcQ.exe
  2⤵
  PID:3588
- C:\Windows\System\xxdjhyY.exe
  C:\Windows\System\xxdjhyY.exe
  2⤵
  PID:3624
- C:\Windows\System\xzhZYwY.exe
  C:\Windows\System\xzhZYwY.exe
  2⤵
  PID:3628
- C:\Windows\System\uzNDkUY.exe
  C:\Windows\System\uzNDkUY.exe
  2⤵
  PID:3688
- C:\Windows\System\cNdnpPh.exe
  C:\Windows\System\cNdnpPh.exe
  2⤵
  PID:3704
- C:\Windows\System\ZfgONpP.exe
  C:\Windows\System\ZfgONpP.exe
  2⤵
  PID:3768
- C:\Windows\System\lxAzVeO.exe
  C:\Windows\System\lxAzVeO.exe
  2⤵
  PID:3748
- C:\Windows\System\IukbxVu.exe
  C:\Windows\System\IukbxVu.exe
  2⤵
  PID:3788
- C:\Windows\System\FIzGWKG.exe
  C:\Windows\System\FIzGWKG.exe
  2⤵
  PID:3880
- C:\Windows\System\BHcmfmU.exe
  C:\Windows\System\BHcmfmU.exe
  2⤵
  PID:3900
- C:\Windows\System\aBIamIg.exe
  C:\Windows\System\aBIamIg.exe
  2⤵
  PID:3928
- C:\Windows\System\XDEIpim.exe
  C:\Windows\System\XDEIpim.exe
  2⤵
  PID:3972
- C:\Windows\System\XMddysY.exe
  C:\Windows\System\XMddysY.exe
  2⤵
  PID:4044
- C:\Windows\System\wHEyXOa.exe
  C:\Windows\System\wHEyXOa.exe
  2⤵
  PID:4052
- C:\Windows\System\cMelHxK.exe
  C:\Windows\System\cMelHxK.exe
  2⤵
  PID:4092
- C:\Windows\System\LIVrNwY.exe
  C:\Windows\System\LIVrNwY.exe
  2⤵
  PID:4068
- C:\Windows\System\yZCpoXA.exe
  C:\Windows\System\yZCpoXA.exe
  2⤵
  PID:2020
- C:\Windows\System\pUmRQjt.exe
  C:\Windows\System\pUmRQjt.exe
  2⤵
  PID:2208
- C:\Windows\System\tAXwsuZ.exe
  C:\Windows\System\tAXwsuZ.exe
  2⤵
  PID:2772
- C:\Windows\System\IRqNqUS.exe
  C:\Windows\System\IRqNqUS.exe
  2⤵
  PID:3048
- C:\Windows\System\MnOrEbV.exe
  C:\Windows\System\MnOrEbV.exe
  2⤵
  PID:3156
- C:\Windows\System\uxIPGxC.exe
  C:\Windows\System\uxIPGxC.exe
  2⤵
  PID:3180
- C:\Windows\System\HKQgeij.exe
  C:\Windows\System\HKQgeij.exe
  2⤵
  PID:3204
- C:\Windows\System\DLcukMZ.exe
  C:\Windows\System\DLcukMZ.exe
  2⤵
  PID:3220
- C:\Windows\System\JXDxCnu.exe
  C:\Windows\System\JXDxCnu.exe
  2⤵
  PID:3300
- C:\Windows\System\nzoJtaU.exe
  C:\Windows\System\nzoJtaU.exe
  2⤵
  PID:3380
- C:\Windows\System\pjozFKC.exe
  C:\Windows\System\pjozFKC.exe
  2⤵
  PID:3420
- C:\Windows\System\dLXmHGO.exe
  C:\Windows\System\dLXmHGO.exe
  2⤵
  PID:3504
- C:\Windows\System\moSTuAo.exe
  C:\Windows\System\moSTuAo.exe
  2⤵
  PID:3528
- C:\Windows\System\dMNAhDg.exe
  C:\Windows\System\dMNAhDg.exe
  2⤵
  PID:3600
- C:\Windows\System\QFMbwQE.exe
  C:\Windows\System\QFMbwQE.exe
  2⤵
  PID:3644
- C:\Windows\System\ubdsAFs.exe
  C:\Windows\System\ubdsAFs.exe
  2⤵
  PID:3764
- C:\Windows\System\oXUTFOl.exe
  C:\Windows\System\oXUTFOl.exe
  2⤵
  PID:3824
- C:\Windows\System\bENvrmE.exe
  C:\Windows\System\bENvrmE.exe
  2⤵
  PID:3844
- C:\Windows\System\GcfrCjJ.exe
  C:\Windows\System\GcfrCjJ.exe
  2⤵
  PID:3888
- C:\Windows\System\WyidEms.exe
  C:\Windows\System\WyidEms.exe
  2⤵
  PID:3960
- C:\Windows\System\llVBGdo.exe
  C:\Windows\System\llVBGdo.exe
  2⤵
  PID:3944
- C:\Windows\System\QbQdLvz.exe
  C:\Windows\System\QbQdLvz.exe
  2⤵
  PID:4032
- C:\Windows\System\uwpITxL.exe
  C:\Windows\System\uwpITxL.exe
  2⤵
  PID:1600
- C:\Windows\System\XFcZRDf.exe
  C:\Windows\System\XFcZRDf.exe
  2⤵
  PID:3028
- C:\Windows\System\ypaCPqK.exe
  C:\Windows\System\ypaCPqK.exe
  2⤵
  PID:1176
- C:\Windows\System\sMefmBA.exe
  C:\Windows\System\sMefmBA.exe
  2⤵
  PID:3076
- C:\Windows\System\kkREvPj.exe
  C:\Windows\System\kkREvPj.exe
  2⤵
  PID:956
- C:\Windows\System\ndeUEpX.exe
  C:\Windows\System\ndeUEpX.exe
  2⤵
  PID:2680
- C:\Windows\System\tlGJQGe.exe
  C:\Windows\System\tlGJQGe.exe
  2⤵
  PID:3132
- C:\Windows\System\NIerGac.exe
  C:\Windows\System\NIerGac.exe
  2⤵
  PID:3404
- C:\Windows\System\qRotiGK.exe
  C:\Windows\System\qRotiGK.exe
  2⤵
  PID:2360
- C:\Windows\System\adUveuN.exe
  C:\Windows\System\adUveuN.exe
  2⤵
  PID:3496
- C:\Windows\System\yZiHCRM.exe
  C:\Windows\System\yZiHCRM.exe
  2⤵
  PID:3564
- C:\Windows\System\MGGBLhJ.exe
  C:\Windows\System\MGGBLhJ.exe
  2⤵
  PID:3672
- C:\Windows\System\qjuCaNa.exe
  C:\Windows\System\qjuCaNa.exe
  2⤵
  PID:3800
- C:\Windows\System\YHsOWtl.exe
  C:\Windows\System\YHsOWtl.exe
  2⤵
  PID:3908
- C:\Windows\System\TpfofKI.exe
  C:\Windows\System\TpfofKI.exe
  2⤵
  PID:4004
- C:\Windows\System\xkthkCX.exe
  C:\Windows\System\xkthkCX.exe
  2⤵
  PID:2940
- C:\Windows\System\EgRhtDW.exe
  C:\Windows\System\EgRhtDW.exe
  2⤵
  PID:608
- C:\Windows\System\kylenmR.exe
  C:\Windows\System\kylenmR.exe
  2⤵
  PID:2764
- C:\Windows\System\UJWNucs.exe
  C:\Windows\System\UJWNucs.exe
  2⤵
  PID:2324
- C:\Windows\System\mlqTpMh.exe
  C:\Windows\System\mlqTpMh.exe
  2⤵
  PID:2532
- C:\Windows\System\VkoaRhL.exe
  C:\Windows\System\VkoaRhL.exe
  2⤵
  PID:3376
- C:\Windows\System\PQdQnbw.exe
  C:\Windows\System\PQdQnbw.exe
  2⤵
  PID:3356
- C:\Windows\System\Pneincb.exe
  C:\Windows\System\Pneincb.exe
  2⤵
  PID:3732
- C:\Windows\System\LntKIsi.exe
  C:\Windows\System\LntKIsi.exe
  2⤵
  PID:3480
- C:\Windows\System\KUjFklj.exe
  C:\Windows\System\KUjFklj.exe
  2⤵
  PID:3948
- C:\Windows\System\zqinslk.exe
  C:\Windows\System\zqinslk.exe
  2⤵
  PID:3828
- C:\Windows\System\SSjLdKe.exe
  C:\Windows\System\SSjLdKe.exe
  2⤵
  PID:3988
- C:\Windows\System\lXzSFAM.exe
  C:\Windows\System\lXzSFAM.exe
  2⤵
  PID:4028
- C:\Windows\System\YJYfJkD.exe
  C:\Windows\System\YJYfJkD.exe
  2⤵
  PID:4112
- C:\Windows\System\texkYZW.exe
  C:\Windows\System\texkYZW.exe
  2⤵
  PID:4132
- C:\Windows\System\ZVLFaoi.exe
  C:\Windows\System\ZVLFaoi.exe
  2⤵
  PID:4152
- C:\Windows\System\ovIbfMA.exe
  C:\Windows\System\ovIbfMA.exe
  2⤵
  PID:4172
- C:\Windows\System\pRvxPJy.exe
  C:\Windows\System\pRvxPJy.exe
  2⤵
  PID:4188
- C:\Windows\System\VVCWKgy.exe
  C:\Windows\System\VVCWKgy.exe
  2⤵
  PID:4212
- C:\Windows\System\yHttYLR.exe
  C:\Windows\System\yHttYLR.exe
  2⤵
  PID:4232
- C:\Windows\System\dDkLnvw.exe
  C:\Windows\System\dDkLnvw.exe
  2⤵
  PID:4252
- C:\Windows\System\bgSxCPz.exe
  C:\Windows\System\bgSxCPz.exe
  2⤵
  PID:4272
- C:\Windows\System\hgnMRrd.exe
  C:\Windows\System\hgnMRrd.exe
  2⤵
  PID:4292
- C:\Windows\System\hwBeMdi.exe
  C:\Windows\System\hwBeMdi.exe
  2⤵
  PID:4312
- C:\Windows\System\ZlWXnOX.exe
  C:\Windows\System\ZlWXnOX.exe
  2⤵
  PID:4332
- C:\Windows\System\KWxfJpI.exe
  C:\Windows\System\KWxfJpI.exe
  2⤵
  PID:4352
- C:\Windows\System\EpdwfXY.exe
  C:\Windows\System\EpdwfXY.exe
  2⤵
  PID:4372
- C:\Windows\System\EKoXHSJ.exe
  C:\Windows\System\EKoXHSJ.exe
  2⤵
  PID:4388
- C:\Windows\System\mrIXMZu.exe
  C:\Windows\System\mrIXMZu.exe
  2⤵
  PID:4412
- C:\Windows\System\GePTXsl.exe
  C:\Windows\System\GePTXsl.exe
  2⤵
  PID:4436
- C:\Windows\System\JJDNNEq.exe
  C:\Windows\System\JJDNNEq.exe
  2⤵
  PID:4456
- C:\Windows\System\LZNxPVo.exe
  C:\Windows\System\LZNxPVo.exe
  2⤵
  PID:4476
- C:\Windows\System\LhBwzDG.exe
  C:\Windows\System\LhBwzDG.exe
  2⤵
  PID:4496
- C:\Windows\System\mGJEcXe.exe
  C:\Windows\System\mGJEcXe.exe
  2⤵
  PID:4516
- C:\Windows\System\rlwnMov.exe
  C:\Windows\System\rlwnMov.exe
  2⤵
  PID:4536
- C:\Windows\System\hKmiXXD.exe
  C:\Windows\System\hKmiXXD.exe
  2⤵
  PID:4556
- C:\Windows\System\lSOGokm.exe
  C:\Windows\System\lSOGokm.exe
  2⤵
  PID:4576
- C:\Windows\System\hePisZA.exe
  C:\Windows\System\hePisZA.exe
  2⤵
  PID:4596
- C:\Windows\System\pnrghyu.exe
  C:\Windows\System\pnrghyu.exe
  2⤵
  PID:4616
- C:\Windows\System\FeCbVhm.exe
  C:\Windows\System\FeCbVhm.exe
  2⤵
  PID:4636
- C:\Windows\System\VERFFTN.exe
  C:\Windows\System\VERFFTN.exe
  2⤵
  PID:4656
- C:\Windows\System\dAnUeaG.exe
  C:\Windows\System\dAnUeaG.exe
  2⤵
  PID:4676
- C:\Windows\System\deyxhBm.exe
  C:\Windows\System\deyxhBm.exe
  2⤵
  PID:4696
- C:\Windows\System\TkekmHz.exe
  C:\Windows\System\TkekmHz.exe
  2⤵
  PID:4716
- C:\Windows\System\bStLbaY.exe
  C:\Windows\System\bStLbaY.exe
  2⤵
  PID:4736
- C:\Windows\System\CMFPppU.exe
  C:\Windows\System\CMFPppU.exe
  2⤵
  PID:4756
- C:\Windows\System\EdraUHs.exe
  C:\Windows\System\EdraUHs.exe
  2⤵
  PID:4776
- C:\Windows\System\EcfWqGm.exe
  C:\Windows\System\EcfWqGm.exe
  2⤵
  PID:4796
- C:\Windows\System\xWRrpWD.exe
  C:\Windows\System\xWRrpWD.exe
  2⤵
  PID:4816
- C:\Windows\System\JVCDeuH.exe
  C:\Windows\System\JVCDeuH.exe
  2⤵
  PID:4836
- C:\Windows\System\zxwBTvK.exe
  C:\Windows\System\zxwBTvK.exe
  2⤵
  PID:4860
- C:\Windows\System\OfBgVEb.exe
  C:\Windows\System\OfBgVEb.exe
  2⤵
  PID:4880
- C:\Windows\System\OEWfRFG.exe
  C:\Windows\System\OEWfRFG.exe
  2⤵
  PID:4900
- C:\Windows\System\kHEvLPJ.exe
  C:\Windows\System\kHEvLPJ.exe
  2⤵
  PID:4920
- C:\Windows\System\uUpuBdq.exe
  C:\Windows\System\uUpuBdq.exe
  2⤵
  PID:4940
- C:\Windows\System\HmRrzto.exe
  C:\Windows\System\HmRrzto.exe
  2⤵
  PID:4960
- C:\Windows\System\LrPKQFW.exe
  C:\Windows\System\LrPKQFW.exe
  2⤵
  PID:4980
- C:\Windows\System\RqTLqJi.exe
  C:\Windows\System\RqTLqJi.exe
  2⤵
  PID:5000
- C:\Windows\System\JhkirhD.exe
  C:\Windows\System\JhkirhD.exe
  2⤵
  PID:5020
- C:\Windows\System\xUzXHON.exe
  C:\Windows\System\xUzXHON.exe
  2⤵
  PID:5036
- C:\Windows\System\hWDIhVh.exe
  C:\Windows\System\hWDIhVh.exe
  2⤵
  PID:5060
- C:\Windows\System\PWRsDeK.exe
  C:\Windows\System\PWRsDeK.exe
  2⤵
  PID:5080
- C:\Windows\System\kXDOFBo.exe
  C:\Windows\System\kXDOFBo.exe
  2⤵
  PID:5100
- C:\Windows\System\MCLFNow.exe
  C:\Windows\System\MCLFNow.exe
  2⤵
  PID:2956
- C:\Windows\System\RwMqZFN.exe
  C:\Windows\System\RwMqZFN.exe
  2⤵
  PID:3256
- C:\Windows\System\DkMWkFB.exe
  C:\Windows\System\DkMWkFB.exe
  2⤵
  PID:3568
- C:\Windows\System\zhrgcrn.exe
  C:\Windows\System\zhrgcrn.exe
  2⤵
  PID:3772
- C:\Windows\System\jQXmThX.exe
  C:\Windows\System\jQXmThX.exe
  2⤵
  PID:4064
- C:\Windows\System\mfbjWZZ.exe
  C:\Windows\System\mfbjWZZ.exe
  2⤵
  PID:4120
- C:\Windows\System\YrsBbIz.exe
  C:\Windows\System\YrsBbIz.exe
  2⤵
  PID:4140
- C:\Windows\System\XqIcjBZ.exe
  C:\Windows\System\XqIcjBZ.exe
  2⤵
  PID:4144
- C:\Windows\System\PxeTEON.exe
  C:\Windows\System\PxeTEON.exe
  2⤵
  PID:4180
- C:\Windows\System\UYFdibs.exe
  C:\Windows\System\UYFdibs.exe
  2⤵
  PID:4224
- C:\Windows\System\VteSZHO.exe
  C:\Windows\System\VteSZHO.exe
  2⤵
  PID:4260
- C:\Windows\System\ssTbnRs.exe
  C:\Windows\System\ssTbnRs.exe
  2⤵
  PID:4328
- C:\Windows\System\uBJhAKd.exe
  C:\Windows\System\uBJhAKd.exe
  2⤵
  PID:4304
- C:\Windows\System\UhKKSGv.exe
  C:\Windows\System\UhKKSGv.exe
  2⤵
  PID:4368
- C:\Windows\System\dCWwqoK.exe
  C:\Windows\System\dCWwqoK.exe
  2⤵
  PID:4380
- C:\Windows\System\qxzxoOp.exe
  C:\Windows\System\qxzxoOp.exe
  2⤵
  PID:4424
- C:\Windows\System\iCiMQZh.exe
  C:\Windows\System\iCiMQZh.exe
  2⤵
  PID:4464
- C:\Windows\System\ACqdZsz.exe
  C:\Windows\System\ACqdZsz.exe
  2⤵
  PID:4504
- C:\Windows\System\cnTtoPq.exe
  C:\Windows\System\cnTtoPq.exe
  2⤵
  PID:4508
- C:\Windows\System\VVcjUlR.exe
  C:\Windows\System\VVcjUlR.exe
  2⤵
  PID:4552
- C:\Windows\System\qtxjSVB.exe
  C:\Windows\System\qtxjSVB.exe
  2⤵
  PID:4608
- C:\Windows\System\ItZOAXT.exe
  C:\Windows\System\ItZOAXT.exe
  2⤵
  PID:4632
- C:\Windows\System\WRmwWcj.exe
  C:\Windows\System\WRmwWcj.exe
  2⤵
  PID:4692
- C:\Windows\System\VUAvRhV.exe
  C:\Windows\System\VUAvRhV.exe
  2⤵
  PID:4724
- C:\Windows\System\buvdcev.exe
  C:\Windows\System\buvdcev.exe
  2⤵
  PID:4712
- C:\Windows\System\XehojPq.exe
  C:\Windows\System\XehojPq.exe
  2⤵
  PID:4752
- C:\Windows\System\Ipgwkgi.exe
  C:\Windows\System\Ipgwkgi.exe
  2⤵
  PID:4808
- C:\Windows\System\NDWWOOP.exe
  C:\Windows\System\NDWWOOP.exe
  2⤵
  PID:4848
- C:\Windows\System\QnQmqej.exe
  C:\Windows\System\QnQmqej.exe
  2⤵
  PID:4892
- C:\Windows\System\KHPDPOe.exe
  C:\Windows\System\KHPDPOe.exe
  2⤵
  PID:4872
- C:\Windows\System\sfpPWbl.exe
  C:\Windows\System\sfpPWbl.exe
  2⤵
  PID:4912
- C:\Windows\System\oFUVcIa.exe
  C:\Windows\System\oFUVcIa.exe
  2⤵
  PID:4948
- C:\Windows\System\NYJlAXF.exe
  C:\Windows\System\NYJlAXF.exe
  2⤵
  PID:5012
- C:\Windows\System\GcNATzH.exe
  C:\Windows\System\GcNATzH.exe
  2⤵
  PID:5056
- C:\Windows\System\ojXmcjs.exe
  C:\Windows\System\ojXmcjs.exe
  2⤵
  PID:5096
- C:\Windows\System\agkKqLY.exe
  C:\Windows\System\agkKqLY.exe
  2⤵
  PID:5108
- C:\Windows\System\XtIIEoZ.exe
  C:\Windows\System\XtIIEoZ.exe
  2⤵
  PID:3276
- C:\Windows\System\WerGERq.exe
  C:\Windows\System\WerGERq.exe
  2⤵
  PID:3804
- C:\Windows\System\fNdIfgZ.exe
  C:\Windows\System\fNdIfgZ.exe
  2⤵
  PID:2068
- C:\Windows\System\uUZNeCv.exe
  C:\Windows\System\uUZNeCv.exe
  2⤵
  PID:2508
- C:\Windows\System\AlYqjxg.exe
  C:\Windows\System\AlYqjxg.exe
  2⤵
  PID:4164
- C:\Windows\System\DXciwZq.exe
  C:\Windows\System\DXciwZq.exe
  2⤵
  PID:4204
- C:\Windows\System\HXNHtMX.exe
  C:\Windows\System\HXNHtMX.exe
  2⤵
  PID:4320
- C:\Windows\System\oOEoGke.exe
  C:\Windows\System\oOEoGke.exe
  2⤵
  PID:4348
- C:\Windows\System\tcTsCRS.exe
  C:\Windows\System\tcTsCRS.exe
  2⤵
  PID:4300
- C:\Windows\System\SFKMJoO.exe
  C:\Windows\System\SFKMJoO.exe
  2⤵
  PID:4444
- C:\Windows\System\IHLbsZY.exe
  C:\Windows\System\IHLbsZY.exe
  2⤵
  PID:4448
- C:\Windows\System\rjDfkpd.exe
  C:\Windows\System\rjDfkpd.exe
  2⤵
  PID:2284
- C:\Windows\System\eHOhHyH.exe
  C:\Windows\System\eHOhHyH.exe
  2⤵
  PID:4568
- C:\Windows\System\JFwNanQ.exe
  C:\Windows\System\JFwNanQ.exe
  2⤵
  PID:4592
- C:\Windows\System\koMAstq.exe
  C:\Windows\System\koMAstq.exe
  2⤵
  PID:4652
- C:\Windows\System\TKYAyyr.exe
  C:\Windows\System\TKYAyyr.exe
  2⤵
  PID:4688
- C:\Windows\System\wwLrbGN.exe
  C:\Windows\System\wwLrbGN.exe
  2⤵
  PID:4708
- C:\Windows\System\XwbVBpu.exe
  C:\Windows\System\XwbVBpu.exe
  2⤵
  PID:4784
- C:\Windows\System\OsNjaUP.exe
  C:\Windows\System\OsNjaUP.exe
  2⤵
  PID:4876
- C:\Windows\System\fiycTWm.exe
  C:\Windows\System\fiycTWm.exe
  2⤵
  PID:4888
- C:\Windows\System\RQdsPvg.exe
  C:\Windows\System\RQdsPvg.exe
  2⤵
  PID:5068
- C:\Windows\System\eemJppw.exe
  C:\Windows\System\eemJppw.exe
  2⤵
  PID:4988
- C:\Windows\System\xonLcww.exe
  C:\Windows\System\xonLcww.exe
  2⤵
  PID:3808
- C:\Windows\System\IZdLBLf.exe
  C:\Windows\System\IZdLBLf.exe
  2⤵
  PID:1232
- C:\Windows\System\tCPTPgH.exe
  C:\Windows\System\tCPTPgH.exe
  2⤵
  PID:5088
- C:\Windows\System\tmohcok.exe
  C:\Windows\System\tmohcok.exe
  2⤵
  PID:4104
- C:\Windows\System\GcPBcDz.exe
  C:\Windows\System\GcPBcDz.exe
  2⤵
  PID:4012
- C:\Windows\System\WepqYie.exe
  C:\Windows\System\WepqYie.exe
  2⤵
  PID:4856
- C:\Windows\System\cwDooNn.exe
  C:\Windows\System\cwDooNn.exe
  2⤵
  PID:4248
- C:\Windows\System\LDNXBFQ.exe
  C:\Windows\System\LDNXBFQ.exe
  2⤵
  PID:4284
- C:\Windows\System\tKVZZDi.exe
  C:\Windows\System\tKVZZDi.exe
  2⤵
  PID:4344
- C:\Windows\System\KpesCIv.exe
  C:\Windows\System\KpesCIv.exe
  2⤵
  PID:4624
- C:\Windows\System\MOeUXej.exe
  C:\Windows\System\MOeUXej.exe
  2⤵
  PID:2472
- C:\Windows\System\NipKNSS.exe
  C:\Windows\System\NipKNSS.exe
  2⤵
  PID:1180
- C:\Windows\System\tZnrGRn.exe
  C:\Windows\System\tZnrGRn.exe
  2⤵
  PID:2936
- C:\Windows\System\qwekKdm.exe
  C:\Windows\System\qwekKdm.exe
  2⤵
  PID:4648
- C:\Windows\System\ZoirCwW.exe
  C:\Windows\System\ZoirCwW.exe
  2⤵
  PID:4792
- C:\Windows\System\jAqkcEV.exe
  C:\Windows\System\jAqkcEV.exe
  2⤵
  PID:1728
- C:\Windows\System\tbtcXgA.exe
  C:\Windows\System\tbtcXgA.exe
  2⤵
  PID:4744
- C:\Windows\System\BmlsDjm.exe
  C:\Windows\System\BmlsDjm.exe
  2⤵
  PID:4828
- C:\Windows\System\szhQOWo.exe
  C:\Windows\System\szhQOWo.exe
  2⤵
  PID:4868
- C:\Windows\System\PFdRsuQ.exe
  C:\Windows\System\PFdRsuQ.exe
  2⤵
  PID:5016
- C:\Windows\System\jKjenOG.exe
  C:\Windows\System\jKjenOG.exe
  2⤵
  PID:2384
- C:\Windows\System\oHtmroY.exe
  C:\Windows\System\oHtmroY.exe
  2⤵
  PID:5076
- C:\Windows\System\ykFaYlo.exe
  C:\Windows\System\ykFaYlo.exe
  2⤵
  PID:1632
- C:\Windows\System\ffnvGRq.exe
  C:\Windows\System\ffnvGRq.exe
  2⤵
  PID:4240
- C:\Windows\System\nqTAOgL.exe
  C:\Windows\System\nqTAOgL.exe
  2⤵
  PID:1248
- C:\Windows\System\NWrngNK.exe
  C:\Windows\System\NWrngNK.exe
  2⤵
  PID:4268
- C:\Windows\System\eCQiPkd.exe
  C:\Windows\System\eCQiPkd.exe
  2⤵
  PID:1188
- C:\Windows\System\vtKXvKV.exe
  C:\Windows\System\vtKXvKV.exe
  2⤵
  PID:1772
- C:\Windows\System\nKRIVmb.exe
  C:\Windows\System\nKRIVmb.exe
  2⤵
  PID:2716
- C:\Windows\System\vYZTYZl.exe
  C:\Windows\System\vYZTYZl.exe
  2⤵
  PID:4728
- C:\Windows\System\holTBRm.exe
  C:\Windows\System\holTBRm.exe
  2⤵
  PID:3456
- C:\Windows\System\zCwxGiZ.exe
  C:\Windows\System\zCwxGiZ.exe
  2⤵
  PID:2288
- C:\Windows\System\dKkHsNi.exe
  C:\Windows\System\dKkHsNi.exe
  2⤵
  PID:5128
- C:\Windows\System\JyTOLLZ.exe
  C:\Windows\System\JyTOLLZ.exe
  2⤵
  PID:5152
- C:\Windows\System\RevoUXW.exe
  C:\Windows\System\RevoUXW.exe
  2⤵
  PID:5172
- C:\Windows\System\SkWpPuo.exe
  C:\Windows\System\SkWpPuo.exe
  2⤵
  PID:5188
- C:\Windows\System\UbjLJbG.exe
  C:\Windows\System\UbjLJbG.exe
  2⤵
  PID:5204
- C:\Windows\System\hfKtuSM.exe
  C:\Windows\System\hfKtuSM.exe
  2⤵
  PID:5220
- C:\Windows\System\AhlLSTd.exe
  C:\Windows\System\AhlLSTd.exe
  2⤵
  PID:5268
- C:\Windows\System\zvgVTbU.exe
  C:\Windows\System\zvgVTbU.exe
  2⤵
  PID:5304
- C:\Windows\System\pdlqOiA.exe
  C:\Windows\System\pdlqOiA.exe
  2⤵
  PID:5320
- C:\Windows\System\oARjlao.exe
  C:\Windows\System\oARjlao.exe
  2⤵
  PID:5356
- C:\Windows\System\eftqMjT.exe
  C:\Windows\System\eftqMjT.exe
  2⤵
  PID:5380
- C:\Windows\System\zoxnFIR.exe
  C:\Windows\System\zoxnFIR.exe
  2⤵
  PID:5400
- C:\Windows\System\KPROlxw.exe
  C:\Windows\System\KPROlxw.exe
  2⤵
  PID:5416
- C:\Windows\System\BzenLAt.exe
  C:\Windows\System\BzenLAt.exe
  2⤵
  PID:5432
- C:\Windows\System\HEenJFU.exe
  C:\Windows\System\HEenJFU.exe
  2⤵
  PID:5452
- C:\Windows\System\vwpzIER.exe
  C:\Windows\System\vwpzIER.exe
  2⤵
  PID:5468
- C:\Windows\System\vARtqkv.exe
  C:\Windows\System\vARtqkv.exe
  2⤵
  PID:5484
- C:\Windows\System\GkrxSqW.exe
  C:\Windows\System\GkrxSqW.exe
  2⤵
  PID:5500
- C:\Windows\System\DwTUqhC.exe
  C:\Windows\System\DwTUqhC.exe
  2⤵
  PID:5520
- C:\Windows\System\NJcEUmf.exe
  C:\Windows\System\NJcEUmf.exe
  2⤵
  PID:5540
- C:\Windows\System\rxjueRI.exe
  C:\Windows\System\rxjueRI.exe
  2⤵
  PID:5556
- C:\Windows\System\QsRQHoi.exe
  C:\Windows\System\QsRQHoi.exe
  2⤵
  PID:5572
- C:\Windows\System\JoSdVdf.exe
  C:\Windows\System\JoSdVdf.exe
  2⤵
  PID:5600
- C:\Windows\System\WyWvfhd.exe
  C:\Windows\System\WyWvfhd.exe
  2⤵
  PID:5620
- C:\Windows\System\DPfADMb.exe
  C:\Windows\System\DPfADMb.exe
  2⤵
  PID:5648
- C:\Windows\System\aDmgDEY.exe
  C:\Windows\System\aDmgDEY.exe
  2⤵
  PID:5664
- C:\Windows\System\kRHOcGc.exe
  C:\Windows\System\kRHOcGc.exe
  2⤵
  PID:5680
- C:\Windows\System\YKBJPbx.exe
  C:\Windows\System\YKBJPbx.exe
  2⤵
  PID:5700
- C:\Windows\System\qkVeFGR.exe
  C:\Windows\System\qkVeFGR.exe
  2⤵
  PID:5716
- C:\Windows\System\xrJyYLf.exe
  C:\Windows\System\xrJyYLf.exe
  2⤵
  PID:5744
- C:\Windows\System\eXqKGMz.exe
  C:\Windows\System\eXqKGMz.exe
  2⤵
  PID:5760
- C:\Windows\System\DDgceKH.exe
  C:\Windows\System\DDgceKH.exe
  2⤵
  PID:5776
- C:\Windows\System\cjApbli.exe
  C:\Windows\System\cjApbli.exe
  2⤵
  PID:5824
- C:\Windows\System\iDbzRtK.exe
  C:\Windows\System\iDbzRtK.exe
  2⤵
  PID:5844
- C:\Windows\System\gjBkfky.exe
  C:\Windows\System\gjBkfky.exe
  2⤵
  PID:5860
- C:\Windows\System\YoKNFNB.exe
  C:\Windows\System\YoKNFNB.exe
  2⤵
  PID:5876
- C:\Windows\System\zmUDYKA.exe
  C:\Windows\System\zmUDYKA.exe
  2⤵
  PID:5900
- C:\Windows\System\CUtKqkm.exe
  C:\Windows\System\CUtKqkm.exe
  2⤵
  PID:5920
- C:\Windows\System\gnrydlE.exe
  C:\Windows\System\gnrydlE.exe
  2⤵
  PID:5940
- C:\Windows\System\KBBwhiY.exe
  C:\Windows\System\KBBwhiY.exe
  2⤵
  PID:5960
- C:\Windows\System\OxRmTku.exe
  C:\Windows\System\OxRmTku.exe
  2⤵
  PID:5976
- C:\Windows\System\dSiiCwW.exe
  C:\Windows\System\dSiiCwW.exe
  2⤵
  PID:5992
- C:\Windows\System\afMpHdA.exe
  C:\Windows\System\afMpHdA.exe
  2⤵
  PID:6008
- C:\Windows\System\sKgHxRf.exe
  C:\Windows\System\sKgHxRf.exe
  2⤵
  PID:6024
- C:\Windows\System\XOJeMak.exe
  C:\Windows\System\XOJeMak.exe
  2⤵
  PID:6044
- C:\Windows\System\eNWoVBg.exe
  C:\Windows\System\eNWoVBg.exe
  2⤵
  PID:6064
- C:\Windows\System\UFWttsC.exe
  C:\Windows\System\UFWttsC.exe
  2⤵
  PID:6080
- C:\Windows\System\zDTTNps.exe
  C:\Windows\System\zDTTNps.exe
  2⤵
  PID:6136
- C:\Windows\System\naoFXcR.exe
  C:\Windows\System\naoFXcR.exe
  2⤵
  PID:1036
- C:\Windows\System\FSEVRJO.exe
  C:\Windows\System\FSEVRJO.exe
  2⤵
  PID:2944
- C:\Windows\System\DMoegcE.exe
  C:\Windows\System\DMoegcE.exe
  2⤵
  PID:4772
- C:\Windows\System\CGBxNRE.exe
  C:\Windows\System\CGBxNRE.exe
  2⤵
  PID:5048
- C:\Windows\System\PWWcrNO.exe
  C:\Windows\System\PWWcrNO.exe
  2⤵
  PID:1708
- C:\Windows\System\UcYLCkn.exe
  C:\Windows\System\UcYLCkn.exe
  2⤵
  PID:3964
- C:\Windows\System\azJmqEV.exe
  C:\Windows\System\azJmqEV.exe
  2⤵
  PID:4360
- C:\Windows\System\CEWAXTG.exe
  C:\Windows\System\CEWAXTG.exe
  2⤵
  PID:5196
- C:\Windows\System\lbUAuZo.exe
  C:\Windows\System\lbUAuZo.exe
  2⤵
  PID:5124
- C:\Windows\System\UlLUeRh.exe
  C:\Windows\System\UlLUeRh.exe
  2⤵
  PID:5136
- C:\Windows\System\BuBhYAC.exe
  C:\Windows\System\BuBhYAC.exe
  2⤵
  PID:5180
- C:\Windows\System\iZUGIMV.exe
  C:\Windows\System\iZUGIMV.exe
  2⤵
  PID:5240
- C:\Windows\System\eaSTwhQ.exe
  C:\Windows\System\eaSTwhQ.exe
  2⤵
  PID:5264
- C:\Windows\System\eazPGtf.exe
  C:\Windows\System\eazPGtf.exe
  2⤵
  PID:2044
- C:\Windows\System\qEvGcjU.exe
  C:\Windows\System\qEvGcjU.exe
  2⤵
  PID:5288
- C:\Windows\System\BdhKlhU.exe
  C:\Windows\System\BdhKlhU.exe
  2⤵
  PID:5344
- C:\Windows\System\RjFQWWU.exe
  C:\Windows\System\RjFQWWU.exe
  2⤵
  PID:5300
- C:\Windows\System\VKNByEh.exe
  C:\Windows\System\VKNByEh.exe
  2⤵
  PID:5372
- C:\Windows\System\cdxHmFF.exe
  C:\Windows\System\cdxHmFF.exe
  2⤵
  PID:5444
- C:\Windows\System\xSeVlVs.exe
  C:\Windows\System\xSeVlVs.exe
  2⤵
  PID:5548
- C:\Windows\System\ZOOCfoQ.exe
  C:\Windows\System\ZOOCfoQ.exe
  2⤵
  PID:5552
- C:\Windows\System\rBEJcph.exe
  C:\Windows\System\rBEJcph.exe
  2⤵
  PID:5588
- C:\Windows\System\CSqcWfU.exe
  C:\Windows\System\CSqcWfU.exe
  2⤵
  PID:5628
- C:\Windows\System\BZJerNG.exe
  C:\Windows\System\BZJerNG.exe
  2⤵
  PID:5636
- C:\Windows\System\rBtAxoX.exe
  C:\Windows\System\rBtAxoX.exe
  2⤵
  PID:5676
- C:\Windows\System\PazGazG.exe
  C:\Windows\System\PazGazG.exe
  2⤵
  PID:5608
- C:\Windows\System\XTAfwKe.exe
  C:\Windows\System\XTAfwKe.exe
  2⤵
  PID:5460
- C:\Windows\System\gmgLonT.exe
  C:\Windows\System\gmgLonT.exe
  2⤵
  PID:5752
- C:\Windows\System\PXURXgn.exe
  C:\Windows\System\PXURXgn.exe
  2⤵
  PID:5792
- C:\Windows\System\aVRVQLv.exe
  C:\Windows\System\aVRVQLv.exe
  2⤵
  PID:5568
- C:\Windows\System\ZBxmibf.exe
  C:\Windows\System\ZBxmibf.exe
  2⤵
  PID:5820
- C:\Windows\System\cdtdGAb.exe
  C:\Windows\System\cdtdGAb.exe
  2⤵
  PID:5888
- C:\Windows\System\oeZUhAt.exe
  C:\Windows\System\oeZUhAt.exe
  2⤵
  PID:5932
- C:\Windows\System\kGWUbwM.exe
  C:\Windows\System\kGWUbwM.exe
  2⤵
  PID:5840
- C:\Windows\System\AutRWZa.exe
  C:\Windows\System\AutRWZa.exe
  2⤵
  PID:6000
- C:\Windows\System\LTeyGnK.exe
  C:\Windows\System\LTeyGnK.exe
  2⤵
  PID:6076
- C:\Windows\System\IiJCkCJ.exe
  C:\Windows\System\IiJCkCJ.exe
  2⤵
  PID:5952
- C:\Windows\System\fxOqKAg.exe
  C:\Windows\System\fxOqKAg.exe
  2⤵
  PID:6088
- C:\Windows\System\LOOZeAN.exe
  C:\Windows\System\LOOZeAN.exe
  2⤵
  PID:5948
- C:\Windows\System\UbnZUjj.exe
  C:\Windows\System\UbnZUjj.exe
  2⤵
  PID:6116
- C:\Windows\System\ZcuOnCr.exe
  C:\Windows\System\ZcuOnCr.exe
  2⤵
  PID:2732
- C:\Windows\System\GiEDFNH.exe
  C:\Windows\System\GiEDFNH.exe
  2⤵
  PID:4408
- C:\Windows\System\lQaIJfH.exe
  C:\Windows\System\lQaIJfH.exe
  2⤵
  PID:408
- C:\Windows\System\hZjTLBq.exe
  C:\Windows\System\hZjTLBq.exe
  2⤵
  PID:4804
- C:\Windows\System\bQAWICU.exe
  C:\Windows\System\bQAWICU.exe
  2⤵
  PID:5144
- C:\Windows\System\BTHgkbs.exe
  C:\Windows\System\BTHgkbs.exe
  2⤵
  PID:5200
- C:\Windows\System\YvWvlEg.exe
  C:\Windows\System\YvWvlEg.exe
  2⤵
  PID:4968
- C:\Windows\System\ecwznIP.exe
  C:\Windows\System\ecwznIP.exe
  2⤵
  PID:2540
- C:\Windows\System\SvBtwGN.exe
  C:\Windows\System\SvBtwGN.exe
  2⤵
  PID:5280
- C:\Windows\System\chpZyRb.exe
  C:\Windows\System\chpZyRb.exe
  2⤵
  PID:5632
- C:\Windows\System\vTGVjpe.exe
  C:\Windows\System\vTGVjpe.exe
  2⤵
  PID:5800
- C:\Windows\System\IiwOnCl.exe
  C:\Windows\System\IiwOnCl.exe
  2⤵
  PID:5564
- C:\Windows\System\xPjZYCC.exe
  C:\Windows\System\xPjZYCC.exe
  2⤵
  PID:5412
- C:\Windows\System\fJbSXUa.exe
  C:\Windows\System\fJbSXUa.exe
  2⤵
  PID:5388
- C:\Windows\System\cvtqoQo.exe
  C:\Windows\System\cvtqoQo.exe
  2⤵
  PID:5672
- C:\Windows\System\jmYNQks.exe
  C:\Windows\System\jmYNQks.exe
  2⤵
  PID:5788
- C:\Windows\System\ztzpnPE.exe
  C:\Windows\System\ztzpnPE.exe
  2⤵
  PID:5736
- C:\Windows\System\ngOTUXw.exe
  C:\Windows\System\ngOTUXw.exe
  2⤵
  PID:5816
- C:\Windows\System\qfBbjxR.exe
  C:\Windows\System\qfBbjxR.exe
  2⤵
  PID:5836
- C:\Windows\System\mnbBjHC.exe
  C:\Windows\System\mnbBjHC.exe
  2⤵
  PID:6036
- C:\Windows\System\nXtERNd.exe
  C:\Windows\System\nXtERNd.exe
  2⤵
  PID:6096
- C:\Windows\System\rcVsvGq.exe
  C:\Windows\System\rcVsvGq.exe
  2⤵
  PID:3216
- C:\Windows\System\SSTdnEA.exe
  C:\Windows\System\SSTdnEA.exe
  2⤵
  PID:5336
- C:\Windows\System\ZmmjxLv.exe
  C:\Windows\System\ZmmjxLv.exe
  2⤵
  PID:6112
- C:\Windows\System\OLBroUd.exe
  C:\Windows\System\OLBroUd.exe
  2⤵
  PID:5164
- C:\Windows\System\pnwbtKO.exe
  C:\Windows\System\pnwbtKO.exe
  2⤵
  PID:6120
- C:\Windows\System\xDOFJPZ.exe
  C:\Windows\System\xDOFJPZ.exe
  2⤵
  PID:5328
- C:\Windows\System\cECAngj.exe
  C:\Windows\System\cECAngj.exe
  2⤵
  PID:892
- C:\Windows\System\dwIKXVg.exe
  C:\Windows\System\dwIKXVg.exe
  2⤵
  PID:5352
- C:\Windows\System\WYHEpZY.exe
  C:\Windows\System\WYHEpZY.exe
  2⤵
  PID:5712
- C:\Windows\System\qHBERWQ.exe
  C:\Windows\System\qHBERWQ.exe
  2⤵
  PID:5536
- C:\Windows\System\kxpHXqW.exe
  C:\Windows\System\kxpHXqW.exe
  2⤵
  PID:5988
- C:\Windows\System\DEFvfIf.exe
  C:\Windows\System\DEFvfIf.exe
  2⤵
  PID:5516
- C:\Windows\System\nszcdMg.exe
  C:\Windows\System\nszcdMg.exe
  2⤵
  PID:5856
- C:\Windows\System\BFGMtqn.exe
  C:\Windows\System\BFGMtqn.exe
  2⤵
  PID:2812
- C:\Windows\System\UmisnNA.exe
  C:\Windows\System\UmisnNA.exe
  2⤵
  PID:4852
- C:\Windows\System\GtivKtW.exe
  C:\Windows\System\GtivKtW.exe
  2⤵
  PID:5072
- C:\Windows\System\HMdPdrc.exe
  C:\Windows\System\HMdPdrc.exe
  2⤵
  PID:5168
- C:\Windows\System\TArclFh.exe
  C:\Windows\System\TArclFh.exe
  2⤵
  PID:5872
- C:\Windows\System\JXljYex.exe
  C:\Windows\System\JXljYex.exe
  2⤵
  PID:5972
- C:\Windows\System\aOvAGnd.exe
  C:\Windows\System\aOvAGnd.exe
  2⤵
  PID:5916
- C:\Windows\System\VMPaOQk.exe
  C:\Windows\System\VMPaOQk.exe
  2⤵
  PID:5772
- C:\Windows\System\lyVFLkV.exe
  C:\Windows\System\lyVFLkV.exe
  2⤵
  PID:6108
- C:\Windows\System\wJjLIcY.exe
  C:\Windows\System\wJjLIcY.exe
  2⤵
  PID:5784
- C:\Windows\System\AURGgTe.exe
  C:\Windows\System\AURGgTe.exe
  2⤵
  PID:5644
- C:\Windows\System\nqYFtxk.exe
  C:\Windows\System\nqYFtxk.exe
  2⤵
  PID:5584
- C:\Windows\System\fVEfItJ.exe
  C:\Windows\System\fVEfItJ.exe
  2⤵
  PID:5424
- C:\Windows\System\dSRTWjd.exe
  C:\Windows\System\dSRTWjd.exe
  2⤵
  PID:5364
- C:\Windows\System\EFsYqFd.exe
  C:\Windows\System\EFsYqFd.exe
  2⤵
  PID:6156
- C:\Windows\System\FFGnRMz.exe
  C:\Windows\System\FFGnRMz.exe
  2⤵
  PID:6172
- C:\Windows\System\iTehwjy.exe
  C:\Windows\System\iTehwjy.exe
  2⤵
  PID:6188
- C:\Windows\System\ImoxJtc.exe
  C:\Windows\System\ImoxJtc.exe
  2⤵
  PID:6204
- C:\Windows\System\dHRAcrb.exe
  C:\Windows\System\dHRAcrb.exe
  2⤵
  PID:6224
- C:\Windows\System\AbvDgLG.exe
  C:\Windows\System\AbvDgLG.exe
  2⤵
  PID:6244
- C:\Windows\System\LnhHMMQ.exe
  C:\Windows\System\LnhHMMQ.exe
  2⤵
  PID:6268
- C:\Windows\System\jpXSpxT.exe
  C:\Windows\System\jpXSpxT.exe
  2⤵
  PID:6288
- C:\Windows\System\AJpeJzt.exe
  C:\Windows\System\AJpeJzt.exe
  2⤵
  PID:6304
- C:\Windows\System\iOipBhc.exe
  C:\Windows\System\iOipBhc.exe
  2⤵
  PID:6324
- C:\Windows\System\OsyeNrD.exe
  C:\Windows\System\OsyeNrD.exe
  2⤵
  PID:6376
- C:\Windows\System\VJNacjw.exe
  C:\Windows\System\VJNacjw.exe
  2⤵
  PID:6392
- C:\Windows\System\jmaWWRP.exe
  C:\Windows\System\jmaWWRP.exe
  2⤵
  PID:6408
- C:\Windows\System\rwOzsKj.exe
  C:\Windows\System\rwOzsKj.exe
  2⤵
  PID:6428
- C:\Windows\System\cVnGsdi.exe
  C:\Windows\System\cVnGsdi.exe
  2⤵
  PID:6444
- C:\Windows\System\RurvsTO.exe
  C:\Windows\System\RurvsTO.exe
  2⤵
  PID:6464
- C:\Windows\System\fmSlNLt.exe
  C:\Windows\System\fmSlNLt.exe
  2⤵
  PID:6484
- C:\Windows\System\hGeotVg.exe
  C:\Windows\System\hGeotVg.exe
  2⤵
  PID:6508
- C:\Windows\System\sXArNNP.exe
  C:\Windows\System\sXArNNP.exe
  2⤵
  PID:6524
- C:\Windows\System\FddYsGK.exe
  C:\Windows\System\FddYsGK.exe
  2⤵
  PID:6544
- C:\Windows\System\SfNCiGg.exe
  C:\Windows\System\SfNCiGg.exe
  2⤵
  PID:6560
- C:\Windows\System\vawCYnC.exe
  C:\Windows\System\vawCYnC.exe
  2⤵
  PID:6576
- C:\Windows\System\AUMhvzk.exe
  C:\Windows\System\AUMhvzk.exe
  2⤵
  PID:6592
- C:\Windows\System\OEfzLPw.exe
  C:\Windows\System\OEfzLPw.exe
  2⤵
  PID:6608
- C:\Windows\System\kkvQrNE.exe
  C:\Windows\System\kkvQrNE.exe
  2⤵
  PID:6632
- C:\Windows\System\lhElxgH.exe
  C:\Windows\System\lhElxgH.exe
  2⤵
  PID:6672
- C:\Windows\System\FLSxaeq.exe
  C:\Windows\System\FLSxaeq.exe
  2⤵
  PID:6688
- C:\Windows\System\DGrJXSE.exe
  C:\Windows\System\DGrJXSE.exe
  2⤵
  PID:6704
- C:\Windows\System\NjxbYzF.exe
  C:\Windows\System\NjxbYzF.exe
  2⤵
  PID:6720
- C:\Windows\System\JuJudcr.exe
  C:\Windows\System\JuJudcr.exe
  2⤵
  PID:6736
- C:\Windows\System\kEPzdqT.exe
  C:\Windows\System\kEPzdqT.exe
  2⤵
  PID:6752
- C:\Windows\System\uzlKsTx.exe
  C:\Windows\System\uzlKsTx.exe
  2⤵
  PID:6768
- C:\Windows\System\YGFCheZ.exe
  C:\Windows\System\YGFCheZ.exe
  2⤵
  PID:6784
- C:\Windows\System\kIiNsdk.exe
  C:\Windows\System\kIiNsdk.exe
  2⤵
  PID:6800
- C:\Windows\System\LHEtHXf.exe
  C:\Windows\System\LHEtHXf.exe
  2⤵
  PID:6816
- C:\Windows\System\wpXyXBg.exe
  C:\Windows\System\wpXyXBg.exe
  2⤵
  PID:6832
- C:\Windows\System\YSUvGtT.exe
  C:\Windows\System\YSUvGtT.exe
  2⤵
  PID:6848
- C:\Windows\System\avyEZVx.exe
  C:\Windows\System\avyEZVx.exe
  2⤵
  PID:6864
- C:\Windows\System\vFBQpzM.exe
  C:\Windows\System\vFBQpzM.exe
  2⤵
  PID:6880
- C:\Windows\System\tLkuKvr.exe
  C:\Windows\System\tLkuKvr.exe
  2⤵
  PID:6940
- C:\Windows\System\YsiwzyX.exe
  C:\Windows\System\YsiwzyX.exe
  2⤵
  PID:6964
- C:\Windows\System\sGYvnDX.exe
  C:\Windows\System\sGYvnDX.exe
  2⤵
  PID:6984
- C:\Windows\System\LbOMGru.exe
  C:\Windows\System\LbOMGru.exe
  2⤵
  PID:7008
- C:\Windows\System\CzPFuWg.exe
  C:\Windows\System\CzPFuWg.exe
  2⤵
  PID:7028
- C:\Windows\System\gWooymW.exe
  C:\Windows\System\gWooymW.exe
  2⤵
  PID:7048
- C:\Windows\System\ZDEGrvV.exe
  C:\Windows\System\ZDEGrvV.exe
  2⤵
  PID:7064
- C:\Windows\System\lRCVaTj.exe
  C:\Windows\System\lRCVaTj.exe
  2⤵
  PID:7080
- C:\Windows\System\bQJVrnP.exe
  C:\Windows\System\bQJVrnP.exe
  2⤵
  PID:7096
- C:\Windows\System\pGkACDV.exe
  C:\Windows\System\pGkACDV.exe
  2⤵
  PID:7112
- C:\Windows\System\itYCOal.exe
  C:\Windows\System\itYCOal.exe
  2⤵
  PID:7128
- C:\Windows\System\fDcPVAt.exe
  C:\Windows\System\fDcPVAt.exe
  2⤵
  PID:7144
- C:\Windows\System\mxhbPCB.exe
  C:\Windows\System\mxhbPCB.exe
  2⤵
  PID:7160
- C:\Windows\System\QcsfIag.exe
  C:\Windows\System\QcsfIag.exe
  2⤵
  PID:5260
- C:\Windows\System\mxdzHyq.exe
  C:\Windows\System\mxdzHyq.exe
  2⤵
  PID:6148
- C:\Windows\System\ferPXiY.exe
  C:\Windows\System\ferPXiY.exe
  2⤵
  PID:6332
- C:\Windows\System\elHJmYx.exe
  C:\Windows\System\elHJmYx.exe
  2⤵
  PID:6168
- C:\Windows\System\hGdBbiV.exe
  C:\Windows\System\hGdBbiV.exe
  2⤵
  PID:6344
- C:\Windows\System\UintMvO.exe
  C:\Windows\System\UintMvO.exe
  2⤵
  PID:6316
- C:\Windows\System\jbgYgEZ.exe
  C:\Windows\System\jbgYgEZ.exe
  2⤵
  PID:6280
- C:\Windows\System\rCYkltm.exe
  C:\Windows\System\rCYkltm.exe
  2⤵
  PID:6236
- C:\Windows\System\FemOCqJ.exe
  C:\Windows\System\FemOCqJ.exe
  2⤵
  PID:6400
- C:\Windows\System\JuXGymX.exe
  C:\Windows\System\JuXGymX.exe
  2⤵
  PID:6472
- C:\Windows\System\FJuHDXx.exe
  C:\Windows\System\FJuHDXx.exe
  2⤵
  PID:6388
- C:\Windows\System\OyLwFTU.exe
  C:\Windows\System\OyLwFTU.exe
  2⤵
  PID:6516
- C:\Windows\System\UTdroqV.exe
  C:\Windows\System\UTdroqV.exe
  2⤵
  PID:6616
- C:\Windows\System\qJlPVbr.exe
  C:\Windows\System\qJlPVbr.exe
  2⤵
  PID:6504
- C:\Windows\System\KyjXztq.exe
  C:\Windows\System\KyjXztq.exe
  2⤵
  PID:6540
- C:\Windows\System\YXIFAmb.exe
  C:\Windows\System\YXIFAmb.exe
  2⤵
  PID:6620
- C:\Windows\System\GuqKFjL.exe
  C:\Windows\System\GuqKFjL.exe
  2⤵
  PID:6460
- C:\Windows\System\knMiEIh.exe
  C:\Windows\System\knMiEIh.exe
  2⤵
  PID:6660
- C:\Windows\System\MqhKTdk.exe
  C:\Windows\System\MqhKTdk.exe
  2⤵
  PID:6904
- C:\Windows\System\jgEzzXT.exe
  C:\Windows\System\jgEzzXT.exe
  2⤵
  PID:6912
- C:\Windows\System\QhiCLhJ.exe
  C:\Windows\System\QhiCLhJ.exe
  2⤵
  PID:6856
- C:\Windows\System\vLOthMD.exe
  C:\Windows\System\vLOthMD.exe
  2⤵
  PID:6932
- C:\Windows\System\hMSzohR.exe
  C:\Windows\System\hMSzohR.exe
  2⤵
  PID:6716
- C:\Windows\System\ydIodPQ.exe
  C:\Windows\System\ydIodPQ.exe
  2⤵
  PID:6780
- C:\Windows\System\HxCWHZl.exe
  C:\Windows\System\HxCWHZl.exe
  2⤵
  PID:6872
- C:\Windows\System\xXEoOQW.exe
  C:\Windows\System\xXEoOQW.exe
  2⤵
  PID:6996
- C:\Windows\System\BlcNvSm.exe
  C:\Windows\System\BlcNvSm.exe
  2⤵
  PID:7040
- C:\Windows\System\HdBdEQx.exe
  C:\Windows\System\HdBdEQx.exe
  2⤵
  PID:7072
- C:\Windows\System\ZBfDxfu.exe
  C:\Windows\System\ZBfDxfu.exe
  2⤵
  PID:7140
- C:\Windows\System\nHhLLBB.exe
  C:\Windows\System\nHhLLBB.exe
  2⤵
  PID:7016
- C:\Windows\System\dZMLNoL.exe
  C:\Windows\System\dZMLNoL.exe
  2⤵
  PID:7088
- C:\Windows\System\ReNODKd.exe
  C:\Windows\System\ReNODKd.exe
  2⤵
  PID:7156
- C:\Windows\System\LphhYkx.exe
  C:\Windows\System\LphhYkx.exe
  2⤵
  PID:7060
- C:\Windows\System\SovAsMR.exe
  C:\Windows\System\SovAsMR.exe
  2⤵
  PID:6216
- C:\Windows\System\FrKGmBD.exe
  C:\Windows\System\FrKGmBD.exe
  2⤵
  PID:6356
- C:\Windows\System\AnFmjIJ.exe
  C:\Windows\System\AnFmjIJ.exe
  2⤵
  PID:6384
- C:\Windows\System\qapELYd.exe
  C:\Windows\System\qapELYd.exe
  2⤵
  PID:6552
- C:\Windows\System\uGPGuPC.exe
  C:\Windows\System\uGPGuPC.exe
  2⤵
  PID:6456
- C:\Windows\System\ApUCZNP.exe
  C:\Windows\System\ApUCZNP.exe
  2⤵
  PID:6492
- C:\Windows\System\FPHPdZp.exe
  C:\Windows\System\FPHPdZp.exe
  2⤵
  PID:6604
- C:\Windows\System\rqFZLlo.exe
  C:\Windows\System\rqFZLlo.exe
  2⤵
  PID:6360
- C:\Windows\System\udlzyuc.exe
  C:\Windows\System\udlzyuc.exe
  2⤵
  PID:6656
- C:\Windows\System\vKhTzEQ.exe
  C:\Windows\System\vKhTzEQ.exe
  2⤵
  PID:6728
- C:\Windows\System\GSYvGHi.exe
  C:\Windows\System\GSYvGHi.exe
  2⤵
  PID:6824
- C:\Windows\System\NkgKMIR.exe
  C:\Windows\System\NkgKMIR.exe
  2⤵
  PID:6896
- C:\Windows\System\ysoFpqv.exe
  C:\Windows\System\ysoFpqv.exe
  2⤵
  PID:6764
- C:\Windows\System\idiMali.exe
  C:\Windows\System\idiMali.exe
  2⤵
  PID:6828
- C:\Windows\System\mUjBQiE.exe
  C:\Windows\System\mUjBQiE.exe
  2⤵
  PID:6712
- C:\Windows\System\jtCiXae.exe
  C:\Windows\System\jtCiXae.exe
  2⤵
  PID:6844
- C:\Windows\System\TuqYDIN.exe
  C:\Windows\System\TuqYDIN.exe
  2⤵
  PID:7004
- C:\Windows\System\pgHAyVY.exe
  C:\Windows\System\pgHAyVY.exe
  2⤵
  PID:1488
- C:\Windows\System\KgAGlUz.exe
  C:\Windows\System\KgAGlUz.exe
  2⤵
  PID:7124
- C:\Windows\System\JfnzMUs.exe
  C:\Windows\System\JfnzMUs.exe
  2⤵
  PID:7056
- C:\Windows\System\bVAWOWY.exe
  C:\Windows\System\bVAWOWY.exe
  2⤵
  PID:3652
- C:\Windows\System\oxVPboM.exe
  C:\Windows\System\oxVPboM.exe
  2⤵
  PID:6296
- C:\Windows\System\LnBIbDQ.exe
  C:\Windows\System\LnBIbDQ.exe
  2⤵
  PID:6196
- C:\Windows\System\ZDAOZdQ.exe
  C:\Windows\System\ZDAOZdQ.exe
  2⤵
  PID:6992
- C:\Windows\System\txrvNCK.exe
  C:\Windows\System\txrvNCK.exe
  2⤵
  PID:6240
- C:\Windows\System\sfsTMPz.exe
  C:\Windows\System\sfsTMPz.exe
  2⤵
  PID:6572
- C:\Windows\System\oaBvTsd.exe
  C:\Windows\System\oaBvTsd.exe
  2⤵
  PID:6500
- C:\Windows\System\ayjLLod.exe
  C:\Windows\System\ayjLLod.exe
  2⤵
  PID:6424
- C:\Windows\System\syaesbA.exe
  C:\Windows\System\syaesbA.exe
  2⤵
  PID:6668
- C:\Windows\System\WcqOtoA.exe
  C:\Windows\System\WcqOtoA.exe
  2⤵
  PID:6928
- C:\Windows\System\golNMFt.exe
  C:\Windows\System\golNMFt.exe
  2⤵
  PID:7104
- C:\Windows\System\vtiKeUP.exe
  C:\Windows\System\vtiKeUP.exe
  2⤵
  PID:6184
- C:\Windows\System\CNIgoCh.exe
  C:\Windows\System\CNIgoCh.exe
  2⤵
  PID:6416
- C:\Windows\System\oRbxrqy.exe
  C:\Windows\System\oRbxrqy.exe
  2⤵
  PID:2488
- C:\Windows\System\gJwaAHf.exe
  C:\Windows\System\gJwaAHf.exe
  2⤵
  PID:6300
- C:\Windows\System\ZHrUDcH.exe
  C:\Windows\System\ZHrUDcH.exe
  2⤵
  PID:6260
- C:\Windows\System\bCiePpy.exe
  C:\Windows\System\bCiePpy.exe
  2⤵
  PID:6312
- C:\Windows\System\zDKbpGG.exe
  C:\Windows\System\zDKbpGG.exe
  2⤵
  PID:6840
- C:\Windows\System\RbqjEGu.exe
  C:\Windows\System\RbqjEGu.exe
  2⤵
  PID:6180
- C:\Windows\System\nyunfPV.exe
  C:\Windows\System\nyunfPV.exe
  2⤵
  PID:6812
- C:\Windows\System\IhIufEj.exe
  C:\Windows\System\IhIufEj.exe
  2⤵
  PID:6264
- C:\Windows\System\axhyQQE.exe
  C:\Windows\System\axhyQQE.exe
  2⤵
  PID:6652
- C:\Windows\System\Wxsajkg.exe
  C:\Windows\System\Wxsajkg.exe
  2⤵
  PID:7180
- C:\Windows\System\tiqbMVE.exe
  C:\Windows\System\tiqbMVE.exe
  2⤵
  PID:7196
- C:\Windows\System\LCoknuh.exe
  C:\Windows\System\LCoknuh.exe
  2⤵
  PID:7212
- C:\Windows\System\nAKGqED.exe
  C:\Windows\System\nAKGqED.exe
  2⤵
  PID:7228
- C:\Windows\System\zRxjobc.exe
  C:\Windows\System\zRxjobc.exe
  2⤵
  PID:7244
- C:\Windows\System\fBpdulw.exe
  C:\Windows\System\fBpdulw.exe
  2⤵
  PID:7260
- C:\Windows\System\OnIwzKN.exe
  C:\Windows\System\OnIwzKN.exe
  2⤵
  PID:7276
- C:\Windows\System\RPpktAf.exe
  C:\Windows\System\RPpktAf.exe
  2⤵
  PID:7292
- C:\Windows\System\ZDEtduL.exe
  C:\Windows\System\ZDEtduL.exe
  2⤵
  PID:7308
- C:\Windows\System\rmAMeWz.exe
  C:\Windows\System\rmAMeWz.exe
  2⤵
  PID:7324
- C:\Windows\System\IUnevzR.exe
  C:\Windows\System\IUnevzR.exe
  2⤵
  PID:7340
- C:\Windows\System\bIUIrVj.exe
  C:\Windows\System\bIUIrVj.exe
  2⤵
  PID:7356
- C:\Windows\System\AWsEPVA.exe
  C:\Windows\System\AWsEPVA.exe
  2⤵
  PID:7372
- C:\Windows\System\YjFGEyn.exe
  C:\Windows\System\YjFGEyn.exe
  2⤵
  PID:7388
- C:\Windows\System\FVxKQba.exe
  C:\Windows\System\FVxKQba.exe
  2⤵
  PID:7404
- C:\Windows\System\eieapSY.exe
  C:\Windows\System\eieapSY.exe
  2⤵
  PID:7420
- C:\Windows\System\aTZLbbN.exe
  C:\Windows\System\aTZLbbN.exe
  2⤵
  PID:7436
- C:\Windows\System\GVUHzDu.exe
  C:\Windows\System\GVUHzDu.exe
  2⤵
  PID:7452
- C:\Windows\System\hptgCvX.exe
  C:\Windows\System\hptgCvX.exe
  2⤵
  PID:7472
- C:\Windows\System\fyjOhME.exe
  C:\Windows\System\fyjOhME.exe
  2⤵
  PID:7492
- C:\Windows\System\kYNzbFu.exe
  C:\Windows\System\kYNzbFu.exe
  2⤵
  PID:7508
- C:\Windows\System\BWvRWTC.exe
  C:\Windows\System\BWvRWTC.exe
  2⤵
  PID:7524
- C:\Windows\System\HmCyvKo.exe
  C:\Windows\System\HmCyvKo.exe
  2⤵
  PID:7540
- C:\Windows\System\tWttXvo.exe
  C:\Windows\System\tWttXvo.exe
  2⤵
  PID:7556
- C:\Windows\System\bRxebtL.exe
  C:\Windows\System\bRxebtL.exe
  2⤵
  PID:7572
- C:\Windows\System\jKoSJid.exe
  C:\Windows\System\jKoSJid.exe
  2⤵
  PID:7588
- C:\Windows\System\bMcTgNY.exe
  C:\Windows\System\bMcTgNY.exe
  2⤵
  PID:7604
- C:\Windows\System\cCFzbRY.exe
  C:\Windows\System\cCFzbRY.exe
  2⤵
  PID:7620
- C:\Windows\System\vNfXpLx.exe
  C:\Windows\System\vNfXpLx.exe
  2⤵
  PID:7636
- C:\Windows\System\mMIDakY.exe
  C:\Windows\System\mMIDakY.exe
  2⤵
  PID:7652
- C:\Windows\System\YYjAiBm.exe
  C:\Windows\System\YYjAiBm.exe
  2⤵
  PID:7668
- C:\Windows\System\Bychycw.exe
  C:\Windows\System\Bychycw.exe
  2⤵
  PID:7688
- C:\Windows\System\cZTkBRU.exe
  C:\Windows\System\cZTkBRU.exe
  2⤵
  PID:7704
- C:\Windows\System\hcPLVpb.exe
  C:\Windows\System\hcPLVpb.exe
  2⤵
  PID:7720
- C:\Windows\System\XJqIAil.exe
  C:\Windows\System\XJqIAil.exe
  2⤵
  PID:7736
- C:\Windows\System\OnqmQsJ.exe
  C:\Windows\System\OnqmQsJ.exe
  2⤵
  PID:7752
- C:\Windows\System\ftwPDqH.exe
  C:\Windows\System\ftwPDqH.exe
  2⤵
  PID:7768
- C:\Windows\System\vOSRIUd.exe
  C:\Windows\System\vOSRIUd.exe
  2⤵
  PID:7784
- C:\Windows\System\JPpFgBR.exe
  C:\Windows\System\JPpFgBR.exe
  2⤵
  PID:7800
- C:\Windows\System\OBSuAOR.exe
  C:\Windows\System\OBSuAOR.exe
  2⤵
  PID:7816
- C:\Windows\System\hcDBluk.exe
  C:\Windows\System\hcDBluk.exe
  2⤵
  PID:7832
- C:\Windows\System\KzVEecv.exe
  C:\Windows\System\KzVEecv.exe
  2⤵
  PID:7848
- C:\Windows\System\GlSSCkn.exe
  C:\Windows\System\GlSSCkn.exe
  2⤵
  PID:7864
- C:\Windows\System\GamKAPm.exe
  C:\Windows\System\GamKAPm.exe
  2⤵
  PID:7880
- C:\Windows\System\MMTiyfv.exe
  C:\Windows\System\MMTiyfv.exe
  2⤵
  PID:7896
- C:\Windows\System\AHtcMgH.exe
  C:\Windows\System\AHtcMgH.exe
  2⤵
  PID:7912
- C:\Windows\System\ETSBGOc.exe
  C:\Windows\System\ETSBGOc.exe
  2⤵
  PID:7928
- C:\Windows\System\bzebgiT.exe
  C:\Windows\System\bzebgiT.exe
  2⤵
  PID:7944
- C:\Windows\System\SMfhKDj.exe
  C:\Windows\System\SMfhKDj.exe
  2⤵
  PID:7960
- C:\Windows\System\frmgdpo.exe
  C:\Windows\System\frmgdpo.exe
  2⤵
  PID:7976
- C:\Windows\System\CxwYcfi.exe
  C:\Windows\System\CxwYcfi.exe
  2⤵
  PID:7992
- C:\Windows\System\fxyVpcL.exe
  C:\Windows\System\fxyVpcL.exe
  2⤵
  PID:8008
- C:\Windows\System\xVxFIoY.exe
  C:\Windows\System\xVxFIoY.exe
  2⤵
  PID:8024
- C:\Windows\System\kmhaMDW.exe
  C:\Windows\System\kmhaMDW.exe
  2⤵
  PID:8040
- C:\Windows\System\oMNcdzp.exe
  C:\Windows\System\oMNcdzp.exe
  2⤵
  PID:8056
- C:\Windows\System\LhMJlhD.exe
  C:\Windows\System\LhMJlhD.exe
  2⤵
  PID:8072
- C:\Windows\System\hBUQVfZ.exe
  C:\Windows\System\hBUQVfZ.exe
  2⤵
  PID:8088
- C:\Windows\System\YxDmHis.exe
  C:\Windows\System\YxDmHis.exe
  2⤵
  PID:8104
- C:\Windows\System\uOPtcWE.exe
  C:\Windows\System\uOPtcWE.exe
  2⤵
  PID:8120
- C:\Windows\System\MWSCNQw.exe
  C:\Windows\System\MWSCNQw.exe
  2⤵
  PID:8136
- C:\Windows\System\fKFPwet.exe
  C:\Windows\System\fKFPwet.exe
  2⤵
  PID:8152
- C:\Windows\System\rCcjnFB.exe
  C:\Windows\System\rCcjnFB.exe
  2⤵
  PID:8168
- C:\Windows\System\RnkbbsX.exe
  C:\Windows\System\RnkbbsX.exe
  2⤵
  PID:8184
- C:\Windows\System\GrgbCkJ.exe
  C:\Windows\System\GrgbCkJ.exe
  2⤵
  PID:7136
- C:\Windows\System\WvALKes.exe
  C:\Windows\System\WvALKes.exe
  2⤵
  PID:7172
- C:\Windows\System\IeHOaAi.exe
  C:\Windows\System\IeHOaAi.exe
  2⤵
  PID:7192
- C:\Windows\System\gAYIPse.exe
  C:\Windows\System\gAYIPse.exe
  2⤵
  PID:7204
- C:\Windows\System\Hujshoo.exe
  C:\Windows\System\Hujshoo.exe
  2⤵
  PID:7220
- C:\Windows\System\iMKcOeM.exe
  C:\Windows\System\iMKcOeM.exe
  2⤵
  PID:7224
- C:\Windows\System\HiuoiLp.exe
  C:\Windows\System\HiuoiLp.exe
  2⤵
  PID:7304
- C:\Windows\System\VWWWiNq.exe
  C:\Windows\System\VWWWiNq.exe
  2⤵
  PID:7368
- C:\Windows\System\KkDrEDo.exe
  C:\Windows\System\KkDrEDo.exe
  2⤵
  PID:7432
- C:\Windows\System\pgCXOjF.exe
  C:\Windows\System\pgCXOjF.exe
  2⤵
  PID:7256
- C:\Windows\System\GwDknGU.exe
  C:\Windows\System\GwDknGU.exe
  2⤵
  PID:7380
- C:\Windows\System\ZjtmHxu.exe
  C:\Windows\System\ZjtmHxu.exe
  2⤵
  PID:7444
- C:\Windows\System\NvVpxOa.exe
  C:\Windows\System\NvVpxOa.exe
  2⤵
  PID:7348
- C:\Windows\System\lTlKujN.exe
  C:\Windows\System\lTlKujN.exe
  2⤵
  PID:7520
- C:\Windows\System\oZurBkr.exe
  C:\Windows\System\oZurBkr.exe
  2⤵
  PID:7500
- C:\Windows\System\eutgpgK.exe
  C:\Windows\System\eutgpgK.exe
  2⤵
  PID:7564
- C:\Windows\System\iwNiwJd.exe
  C:\Windows\System\iwNiwJd.exe
  2⤵
  PID:7580
- C:\Windows\System\rQFyaOO.exe
  C:\Windows\System\rQFyaOO.exe
  2⤵
  PID:7628
- C:\Windows\System\fyRVWJo.exe
  C:\Windows\System\fyRVWJo.exe
  2⤵
  PID:7660
- C:\Windows\System\bVSbvBt.exe
  C:\Windows\System\bVSbvBt.exe
  2⤵
  PID:7712
- C:\Windows\System\LqcpxBm.exe
  C:\Windows\System\LqcpxBm.exe
  2⤵
  PID:7728
- C:\Windows\System\PvJWtfu.exe
  C:\Windows\System\PvJWtfu.exe
  2⤵
  PID:7828
- C:\Windows\System\MiMyDbk.exe
  C:\Windows\System\MiMyDbk.exe
  2⤵
  PID:7840
- C:\Windows\System\CiSpWuU.exe
  C:\Windows\System\CiSpWuU.exe
  2⤵
  PID:7760
- C:\Windows\System\EjRGJvA.exe
  C:\Windows\System\EjRGJvA.exe
  2⤵
  PID:7920
- C:\Windows\System\YucdiIp.exe
  C:\Windows\System\YucdiIp.exe
  2⤵
  PID:7808
- C:\Windows\System\UrsLVnT.exe
  C:\Windows\System\UrsLVnT.exe
  2⤵
  PID:7872
- C:\Windows\System\AssZoZo.exe
  C:\Windows\System\AssZoZo.exe
  2⤵
  PID:8020
- C:\Windows\System\bXgIaTm.exe
  C:\Windows\System\bXgIaTm.exe
  2⤵
  PID:8084
- C:\Windows\System\BAEwGVz.exe
  C:\Windows\System\BAEwGVz.exe
  2⤵
  PID:8144
- C:\Windows\System\nRSiYEh.exe
  C:\Windows\System\nRSiYEh.exe
  2⤵
  PID:8180
- C:\Windows\System\judcSlx.exe
  C:\Windows\System\judcSlx.exe
  2⤵
  PID:7968
- C:\Windows\System\cGQBwEe.exe
  C:\Windows\System\cGQBwEe.exe
  2⤵
  PID:8032
- C:\Windows\System\EjIWfvj.exe
  C:\Windows\System\EjIWfvj.exe
  2⤵
  PID:8096
- C:\Windows\System\kUPfnts.exe
  C:\Windows\System\kUPfnts.exe
  2⤵
  PID:8160
- C:\Windows\System\DAMFcyx.exe
  C:\Windows\System\DAMFcyx.exe
  2⤵
  PID:6164
- C:\Windows\System\ZENQbFh.exe
  C:\Windows\System\ZENQbFh.exe
  2⤵
  PID:7268
- C:\Windows\System\oyOabtJ.exe
  C:\Windows\System\oyOabtJ.exe
  2⤵
  PID:7288
- C:\Windows\System\GLJYoPF.exe
  C:\Windows\System\GLJYoPF.exe
  2⤵
  PID:7336
- C:\Windows\System\efWlxvG.exe
  C:\Windows\System\efWlxvG.exe
  2⤵
  PID:7024
- C:\Windows\System\GnCfQXa.exe
  C:\Windows\System\GnCfQXa.exe
  2⤵
  PID:7240
- C:\Windows\System\BDllAxF.exe
  C:\Windows\System\BDllAxF.exe
  2⤵
  PID:7516
- C:\Windows\System\TMkQCQx.exe
  C:\Windows\System\TMkQCQx.exe
  2⤵
  PID:7616
- C:\Windows\System\kbohNKZ.exe
  C:\Windows\System\kbohNKZ.exe
  2⤵
  PID:7860
- C:\Windows\System\JXTNUKG.exe
  C:\Windows\System\JXTNUKG.exe
  2⤵
  PID:7316
- C:\Windows\System\VDaJzKU.exe
  C:\Windows\System\VDaJzKU.exe
  2⤵
  PID:7644
- C:\Windows\System\sOySGJb.exe
  C:\Windows\System\sOySGJb.exe
  2⤵
  PID:7700
- C:\Windows\System\MrPjvnf.exe
  C:\Windows\System\MrPjvnf.exe
  2⤵
  PID:7904
- C:\Windows\System\FUpWalp.exe
  C:\Windows\System\FUpWalp.exe
  2⤵
  PID:7764
- C:\Windows\System\yYLMJfW.exe
  C:\Windows\System\yYLMJfW.exe
  2⤵
  PID:8016
- C:\Windows\System\koOfpRF.exe
  C:\Windows\System\koOfpRF.exe
  2⤵
  PID:8068
- C:\Windows\System\spmYamX.exe
  C:\Windows\System\spmYamX.exe
  2⤵
  PID:8128
- C:\Windows\System\WAFBsSv.exe
  C:\Windows\System\WAFBsSv.exe
  2⤵
  PID:7940
- C:\Windows\System\eDyrMWp.exe
  C:\Windows\System\eDyrMWp.exe
  2⤵
  PID:8176
- C:\Windows\System\WNMLdIO.exe
  C:\Windows\System\WNMLdIO.exe
  2⤵
  PID:7300
- C:\Windows\System\XOlFOZh.exe
  C:\Windows\System\XOlFOZh.exe
  2⤵
  PID:7464
- C:\Windows\System\jvaLEzm.exe
  C:\Windows\System\jvaLEzm.exe
  2⤵
  PID:7600
- C:\Windows\System\DoeGiUU.exe
  C:\Windows\System\DoeGiUU.exe
  2⤵
  PID:8000
- C:\Windows\System\zMrytyY.exe
  C:\Windows\System\zMrytyY.exe
  2⤵
  PID:7696
- C:\Windows\System\AkUqPzG.exe
  C:\Windows\System\AkUqPzG.exe
  2⤵
  PID:7792
- C:\Windows\System\vlRexce.exe
  C:\Windows\System\vlRexce.exe
  2⤵
  PID:6252
- C:\Windows\System\NhwmeYj.exe
  C:\Windows\System\NhwmeYj.exe
  2⤵
  PID:7796
- C:\Windows\System\BdxLIsu.exe
  C:\Windows\System\BdxLIsu.exe
  2⤵
  PID:7536
- C:\Windows\System\XEuQbsw.exe
  C:\Windows\System\XEuQbsw.exe
  2⤵
  PID:7780
- C:\Windows\System\mzkWCgk.exe
  C:\Windows\System\mzkWCgk.exe
  2⤵
  PID:7936
- C:\Windows\System\RBeRTFB.exe
  C:\Windows\System\RBeRTFB.exe
  2⤵
  PID:6588
- C:\Windows\System\oPqPhKu.exe
  C:\Windows\System\oPqPhKu.exe
  2⤵
  PID:8204
- C:\Windows\System\ZXJmctZ.exe
  C:\Windows\System\ZXJmctZ.exe
  2⤵
  PID:8220
- C:\Windows\System\QGsWLpb.exe
  C:\Windows\System\QGsWLpb.exe
  2⤵
  PID:8236
- C:\Windows\System\lQAappf.exe
  C:\Windows\System\lQAappf.exe
  2⤵
  PID:8252
- C:\Windows\System\gnGwmTY.exe
  C:\Windows\System\gnGwmTY.exe
  2⤵
  PID:8268
- C:\Windows\System\SgellWn.exe
  C:\Windows\System\SgellWn.exe
  2⤵
  PID:8288
- C:\Windows\System\abtNUpA.exe
  C:\Windows\System\abtNUpA.exe
  2⤵
  PID:8304
- C:\Windows\System\ORnoXsW.exe
  C:\Windows\System\ORnoXsW.exe
  2⤵
  PID:8320
- C:\Windows\System\twWaGGH.exe
  C:\Windows\System\twWaGGH.exe
  2⤵
  PID:8336
- C:\Windows\System\NPfEcXp.exe
  C:\Windows\System\NPfEcXp.exe
  2⤵
  PID:8352
- C:\Windows\System\SNsKXMp.exe
  C:\Windows\System\SNsKXMp.exe
  2⤵
  PID:8368
- C:\Windows\System\hbKOgfa.exe
  C:\Windows\System\hbKOgfa.exe
  2⤵
  PID:8384
- C:\Windows\System\RRlLJDn.exe
  C:\Windows\System\RRlLJDn.exe
  2⤵
  PID:8400
- C:\Windows\System\duDiOiP.exe
  C:\Windows\System\duDiOiP.exe
  2⤵
  PID:8416
- C:\Windows\System\jbEAEbE.exe
  C:\Windows\System\jbEAEbE.exe
  2⤵
  PID:8432
- C:\Windows\System\uMfEFeP.exe
  C:\Windows\System\uMfEFeP.exe
  2⤵
  PID:8448
- C:\Windows\System\fBoSGON.exe
  C:\Windows\System\fBoSGON.exe
  2⤵
  PID:8468
- C:\Windows\System\chjYOGV.exe
  C:\Windows\System\chjYOGV.exe
  2⤵
  PID:8484
- C:\Windows\System\ohEZEUE.exe
  C:\Windows\System\ohEZEUE.exe
  2⤵
  PID:8500
- C:\Windows\System\GcKPlkI.exe
  C:\Windows\System\GcKPlkI.exe
  2⤵
  PID:8516
- C:\Windows\System\ixUKwUW.exe
  C:\Windows\System\ixUKwUW.exe
  2⤵
  PID:8532
- C:\Windows\System\KSZMJzo.exe
  C:\Windows\System\KSZMJzo.exe
  2⤵
  PID:8548
- C:\Windows\System\TpVNxfm.exe
  C:\Windows\System\TpVNxfm.exe
  2⤵
  PID:8564
- C:\Windows\System\buKdNkA.exe
  C:\Windows\System\buKdNkA.exe
  2⤵
  PID:8580
- C:\Windows\System\hAgWink.exe
  C:\Windows\System\hAgWink.exe
  2⤵
  PID:8596
- C:\Windows\System\wAKRltK.exe
  C:\Windows\System\wAKRltK.exe
  2⤵
  PID:8612
- C:\Windows\System\XXmeDJZ.exe
  C:\Windows\System\XXmeDJZ.exe
  2⤵
  PID:8628
- C:\Windows\System\yZFYApp.exe
  C:\Windows\System\yZFYApp.exe
  2⤵
  PID:8648
- C:\Windows\System\RWSkuGi.exe
  C:\Windows\System\RWSkuGi.exe
  2⤵
  PID:8664
- C:\Windows\System\IjVxmug.exe
  C:\Windows\System\IjVxmug.exe
  2⤵
  PID:8684
- C:\Windows\System\aMRLqrv.exe
  C:\Windows\System\aMRLqrv.exe
  2⤵
  PID:8700
- C:\Windows\System\REDToDa.exe
  C:\Windows\System\REDToDa.exe
  2⤵
  PID:8716
- C:\Windows\System\YqTFzhM.exe
  C:\Windows\System\YqTFzhM.exe
  2⤵
  PID:8732
- C:\Windows\System\YEsgeVf.exe
  C:\Windows\System\YEsgeVf.exe
  2⤵
  PID:8748
- C:\Windows\System\Rozrdrh.exe
  C:\Windows\System\Rozrdrh.exe
  2⤵
  PID:8764
- C:\Windows\System\RlBPOfp.exe
  C:\Windows\System\RlBPOfp.exe
  2⤵
  PID:8784
- C:\Windows\System\RfurkEF.exe
  C:\Windows\System\RfurkEF.exe
  2⤵
  PID:8800
- C:\Windows\System\zPWutCw.exe
  C:\Windows\System\zPWutCw.exe
  2⤵
  PID:8816
- C:\Windows\System\OWmKBax.exe
  C:\Windows\System\OWmKBax.exe
  2⤵
  PID:8832
- C:\Windows\System\ghFdLRs.exe
  C:\Windows\System\ghFdLRs.exe
  2⤵
  PID:8848
- C:\Windows\System\siLhjLR.exe
  C:\Windows\System\siLhjLR.exe
  2⤵
  PID:8864
- C:\Windows\System\WpmKRLF.exe
  C:\Windows\System\WpmKRLF.exe
  2⤵
  PID:8880
- C:\Windows\System\zWNMTrh.exe
  C:\Windows\System\zWNMTrh.exe
  2⤵
  PID:8896
- C:\Windows\System\ZCauRos.exe
  C:\Windows\System\ZCauRos.exe
  2⤵
  PID:8912
- C:\Windows\System\mAtJwfH.exe
  C:\Windows\System\mAtJwfH.exe
  2⤵
  PID:8928
- C:\Windows\System\JvGJMRv.exe
  C:\Windows\System\JvGJMRv.exe
  2⤵
  PID:8944
- C:\Windows\System\rSVXdWO.exe
  C:\Windows\System\rSVXdWO.exe
  2⤵
  PID:8960
- C:\Windows\System\QEjTLUC.exe
  C:\Windows\System\QEjTLUC.exe
  2⤵
  PID:8976
- C:\Windows\System\kzzJugG.exe
  C:\Windows\System\kzzJugG.exe
  2⤵
  PID:8992
- C:\Windows\System\xCaTSAa.exe
  C:\Windows\System\xCaTSAa.exe
  2⤵
  PID:9008
- C:\Windows\System\ebuITho.exe
  C:\Windows\System\ebuITho.exe
  2⤵
  PID:9024
- C:\Windows\System\buHDrLN.exe
  C:\Windows\System\buHDrLN.exe
  2⤵
  PID:9040
- C:\Windows\System\PwlbBGr.exe
  C:\Windows\System\PwlbBGr.exe
  2⤵
  PID:9056
- C:\Windows\System\gvYxiUa.exe
  C:\Windows\System\gvYxiUa.exe
  2⤵
  PID:9072
- C:\Windows\System\yRNIEoU.exe
  C:\Windows\System\yRNIEoU.exe
  2⤵
  PID:9088
- C:\Windows\System\OyXUDLj.exe
  C:\Windows\System\OyXUDLj.exe
  2⤵
  PID:9104
- C:\Windows\System\RcPYdiu.exe
  C:\Windows\System\RcPYdiu.exe
  2⤵
  PID:9120
- C:\Windows\System\GHmGzaC.exe
  C:\Windows\System\GHmGzaC.exe
  2⤵
  PID:9136
- C:\Windows\System\Mmytsth.exe
  C:\Windows\System\Mmytsth.exe
  2⤵
  PID:9152
- C:\Windows\System\uqYbhGA.exe
  C:\Windows\System\uqYbhGA.exe
  2⤵
  PID:9168
- C:\Windows\System\svNYngo.exe
  C:\Windows\System\svNYngo.exe
  2⤵
  PID:9184
- C:\Windows\System\zNTNLWC.exe
  C:\Windows\System\zNTNLWC.exe
  2⤵
  PID:9200
- C:\Windows\System\yHFAUqv.exe
  C:\Windows\System\yHFAUqv.exe
  2⤵
  PID:6680
- C:\Windows\System\JlrSlZD.exe
  C:\Windows\System\JlrSlZD.exe
  2⤵
  PID:8212
- C:\Windows\System\LZYmqaN.exe
  C:\Windows\System\LZYmqaN.exe
  2⤵
  PID:8276
- C:\Windows\System\xHnKeND.exe
  C:\Windows\System\xHnKeND.exe
  2⤵
  PID:8316
- C:\Windows\System\zyHFUfx.exe
  C:\Windows\System\zyHFUfx.exe
  2⤵
  PID:7988
- C:\Windows\System\kFDGWCt.exe
  C:\Windows\System\kFDGWCt.exe
  2⤵
  PID:8412
- C:\Windows\System\GaZXlEm.exe
  C:\Windows\System\GaZXlEm.exe
  2⤵
  PID:8480
- C:\Windows\System\xByEHLh.exe
  C:\Windows\System\xByEHLh.exe
  2⤵
  PID:8232
- C:\Windows\System\WWDlyKy.exe
  C:\Windows\System\WWDlyKy.exe
  2⤵
  PID:8424
- C:\Windows\System\lceKobJ.exe
  C:\Windows\System\lceKobJ.exe
  2⤵
  PID:8300
- C:\Windows\System\PwtzygB.exe
  C:\Windows\System\PwtzygB.exe
  2⤵
  PID:8360
- C:\Windows\System\xlWAXrO.exe
  C:\Windows\System\xlWAXrO.exe
  2⤵
  PID:8460
- C:\Windows\System\gSqngHB.exe
  C:\Windows\System\gSqngHB.exe
  2⤵
  PID:8524
- C:\Windows\System\xjIpTbZ.exe
  C:\Windows\System\xjIpTbZ.exe
  2⤵
  PID:8572
- C:\Windows\System\DVMMAnf.exe
  C:\Windows\System\DVMMAnf.exe
  2⤵
  PID:8576
- C:\Windows\System\txcoOth.exe
  C:\Windows\System\txcoOth.exe
  2⤵
  PID:8624
- C:\Windows\System\OsUjaIS.exe
  C:\Windows\System\OsUjaIS.exe
  2⤵
  PID:8640
- C:\Windows\System\qkDjDQZ.exe
  C:\Windows\System\qkDjDQZ.exe
  2⤵
  PID:8680
- C:\Windows\System\vsHQsDM.exe
  C:\Windows\System\vsHQsDM.exe
  2⤵
  PID:8724
- C:\Windows\System\hnYESuU.exe
  C:\Windows\System\hnYESuU.exe
  2⤵
  PID:8712
- C:\Windows\System\fLPwSDv.exe
  C:\Windows\System\fLPwSDv.exe
  2⤵
  PID:8792
- C:\Windows\System\QBsOOtu.exe
  C:\Windows\System\QBsOOtu.exe
  2⤵
  PID:8824
- C:\Windows\System\dnCqUyt.exe
  C:\Windows\System\dnCqUyt.exe
  2⤵
  PID:8808
- C:\Windows\System\MVTuvgx.exe
  C:\Windows\System\MVTuvgx.exe
  2⤵
  PID:8844
- C:\Windows\System\OwFbSOv.exe
  C:\Windows\System\OwFbSOv.exe
  2⤵
  PID:8888
- C:\Windows\System\vyKZctc.exe
  C:\Windows\System\vyKZctc.exe
  2⤵
  PID:8956
- C:\Windows\System\BnxrIvT.exe
  C:\Windows\System\BnxrIvT.exe
  2⤵
  PID:8940
- C:\Windows\System\LtAYFIA.exe
  C:\Windows\System\LtAYFIA.exe
  2⤵
  PID:8936
- C:\Windows\System\kSLXBsc.exe
  C:\Windows\System\kSLXBsc.exe
  2⤵
  PID:9036
- C:\Windows\System\DSQmNFc.exe
  C:\Windows\System\DSQmNFc.exe
  2⤵
  PID:9020
- C:\Windows\System\FhhDgsj.exe
  C:\Windows\System\FhhDgsj.exe
  2⤵
  PID:9084
- C:\Windows\System\LfjWKMY.exe
  C:\Windows\System\LfjWKMY.exe
  2⤵
  PID:9176
- C:\Windows\System\rXiQzJT.exe
  C:\Windows\System\rXiQzJT.exe
  2⤵
  PID:9100
- C:\Windows\System\QIixVYa.exe
  C:\Windows\System\QIixVYa.exe
  2⤵
  PID:9164
- C:\Windows\System\yBdplbG.exe
  C:\Windows\System\yBdplbG.exe
  2⤵
  PID:8244
- C:\Windows\System\sBTIZmN.exe
  C:\Windows\System\sBTIZmN.exe
  2⤵
  PID:7612
- C:\Windows\System\yLfRyqW.exe
  C:\Windows\System\yLfRyqW.exe
  2⤵
  PID:8444
- C:\Windows\System\NlIfdEI.exe
  C:\Windows\System\NlIfdEI.exe
  2⤵
  PID:8332
- C:\Windows\System\brKvXlD.exe
  C:\Windows\System\brKvXlD.exe
  2⤵
  PID:8380
- C:\Windows\System\eVtPuGS.exe
  C:\Windows\System\eVtPuGS.exe
  2⤵
  PID:8344
- C:\Windows\System\yKXqslT.exe
  C:\Windows\System\yKXqslT.exe
  2⤵
  PID:8512
- C:\Windows\System\jmcZxGG.exe
  C:\Windows\System\jmcZxGG.exe
  2⤵
  PID:8560
- C:\Windows\System\YxXwDlN.exe
  C:\Windows\System\YxXwDlN.exe
  2⤵
  PID:8676
- C:\Windows\System\EpNdyjY.exe
  C:\Windows\System\EpNdyjY.exe
  2⤵
  PID:8756
- C:\Windows\System\KdPsPsq.exe
  C:\Windows\System\KdPsPsq.exe
  2⤵
  PID:8744
- C:\Windows\System\lbyydBu.exe
  C:\Windows\System\lbyydBu.exe
  2⤵
  PID:8876
- C:\Windows\System\BdqAOlA.exe
  C:\Windows\System\BdqAOlA.exe
  2⤵
  PID:8924
- C:\Windows\System\FuETcxX.exe
  C:\Windows\System\FuETcxX.exe
  2⤵
  PID:8908
- C:\Windows\System\chliOvd.exe
  C:\Windows\System\chliOvd.exe
  2⤵
  PID:9004
- C:\Windows\System\zXJhpKu.exe
  C:\Windows\System\zXJhpKu.exe
  2⤵
  PID:9080
- C:\Windows\System\wroYVzk.exe
  C:\Windows\System\wroYVzk.exe
  2⤵
  PID:9196
- C:\Windows\System\hYurDCJ.exe
  C:\Windows\System\hYurDCJ.exe
  2⤵
  PID:9160
- C:\Windows\System\QNSAixN.exe
  C:\Windows\System\QNSAixN.exe
  2⤵
  PID:8496
- C:\Windows\System\vqBVDLv.exe
  C:\Windows\System\vqBVDLv.exe
  2⤵
  PID:8592
- C:\Windows\System\tyJnGAs.exe
  C:\Windows\System\tyJnGAs.exe
  2⤵
  PID:8856
- C:\Windows\System\TYtKCIP.exe
  C:\Windows\System\TYtKCIP.exe
  2⤵
  PID:8988
- C:\Windows\System\BkoCrsE.exe
  C:\Windows\System\BkoCrsE.exe
  2⤵
  PID:8228
- C:\Windows\System\LHqKLWD.exe
  C:\Windows\System\LHqKLWD.exe
  2⤵
  PID:8396
- C:\Windows\System\fSYozRf.exe
  C:\Windows\System\fSYozRf.exe
  2⤵
  PID:9016
- C:\Windows\System\YrwvppI.exe
  C:\Windows\System\YrwvppI.exe
  2⤵
  PID:9144
- C:\Windows\System\OfWYkzN.exe
  C:\Windows\System\OfWYkzN.exe
  2⤵
  PID:8692
- C:\Windows\System\LQEaLQn.exe
  C:\Windows\System\LQEaLQn.exe
  2⤵
  PID:6776
- C:\Windows\System\sgrBDxS.exe
  C:\Windows\System\sgrBDxS.exe
  2⤵
  PID:8544
- C:\Windows\System\VAjWCZw.exe
  C:\Windows\System\VAjWCZw.exe
  2⤵
  PID:9052
- C:\Windows\System\hQeDPzk.exe
  C:\Windows\System\hQeDPzk.exe
  2⤵
  PID:8780
- C:\Windows\System\utvMuLp.exe
  C:\Windows\System\utvMuLp.exe
  2⤵
  PID:8200
- C:\Windows\System\yxEnECi.exe
  C:\Windows\System\yxEnECi.exe
  2⤵
  PID:8840
- C:\Windows\System\QFdMbEA.exe
  C:\Windows\System\QFdMbEA.exe
  2⤵
  PID:9232
- C:\Windows\System\LYAAemd.exe
  C:\Windows\System\LYAAemd.exe
  2⤵
  PID:9248
- C:\Windows\System\WgKNsLp.exe
  C:\Windows\System\WgKNsLp.exe
  2⤵
  PID:9264
- C:\Windows\System\XRiapOG.exe
  C:\Windows\System\XRiapOG.exe
  2⤵
  PID:9280
- C:\Windows\System\xhLjxaw.exe
  C:\Windows\System\xhLjxaw.exe
  2⤵
  PID:9296
- C:\Windows\System\mXejGKn.exe
  C:\Windows\System\mXejGKn.exe
  2⤵
  PID:9312
- C:\Windows\System\OzMhIXc.exe
  C:\Windows\System\OzMhIXc.exe
  2⤵
  PID:9328
- C:\Windows\System\NOCFkGx.exe
  C:\Windows\System\NOCFkGx.exe
  2⤵
  PID:9344
- C:\Windows\System\wLZKfSO.exe
  C:\Windows\System\wLZKfSO.exe
  2⤵
  PID:9360
- C:\Windows\System\QaTpmri.exe
  C:\Windows\System\QaTpmri.exe
  2⤵
  PID:9376
- C:\Windows\System\xErurir.exe
  C:\Windows\System\xErurir.exe
  2⤵
  PID:9392
- C:\Windows\System\HgdgYpN.exe
  C:\Windows\System\HgdgYpN.exe
  2⤵
  PID:9408
- C:\Windows\System\bsDKTNb.exe
  C:\Windows\System\bsDKTNb.exe
  2⤵
  PID:9424
- C:\Windows\System\ZeJtWQD.exe
  C:\Windows\System\ZeJtWQD.exe
  2⤵
  PID:9440
- C:\Windows\System\BKfmNHf.exe
  C:\Windows\System\BKfmNHf.exe
  2⤵
  PID:9456
- C:\Windows\System\LVfdQXy.exe
  C:\Windows\System\LVfdQXy.exe
  2⤵
  PID:9472
- C:\Windows\System\aSThgtp.exe
  C:\Windows\System\aSThgtp.exe
  2⤵
  PID:9488
- C:\Windows\System\cYQUZQm.exe
  C:\Windows\System\cYQUZQm.exe
  2⤵
  PID:9504
- C:\Windows\System\ScnnxYl.exe
  C:\Windows\System\ScnnxYl.exe
  2⤵
  PID:9520
- C:\Windows\System\GZzHkNw.exe
  C:\Windows\System\GZzHkNw.exe
  2⤵
  PID:9544
- C:\Windows\System\QTQhxHL.exe
  C:\Windows\System\QTQhxHL.exe
  2⤵
  PID:9560
- C:\Windows\System\RILiSAP.exe
  C:\Windows\System\RILiSAP.exe
  2⤵
  PID:9576
- C:\Windows\System\FcBBmDE.exe
  C:\Windows\System\FcBBmDE.exe
  2⤵
  PID:9592
- C:\Windows\System\VPGylNG.exe
  C:\Windows\System\VPGylNG.exe
  2⤵
  PID:9608
- C:\Windows\System\vgCQpjw.exe
  C:\Windows\System\vgCQpjw.exe
  2⤵
  PID:9624
- C:\Windows\System\ngehipU.exe
  C:\Windows\System\ngehipU.exe
  2⤵
  PID:9640
- C:\Windows\System\gVqXDfD.exe
  C:\Windows\System\gVqXDfD.exe
  2⤵
  PID:9656
- C:\Windows\System\bMLFFAi.exe
  C:\Windows\System\bMLFFAi.exe
  2⤵
  PID:9672
- C:\Windows\System\QmIEFnp.exe
  C:\Windows\System\QmIEFnp.exe
  2⤵
  PID:9688
- C:\Windows\System\UzfSBGZ.exe
  C:\Windows\System\UzfSBGZ.exe
  2⤵
  PID:9704
- C:\Windows\System\MfnPCyP.exe
  C:\Windows\System\MfnPCyP.exe
  2⤵
  PID:9720
- C:\Windows\System\xxGTIVP.exe
  C:\Windows\System\xxGTIVP.exe
  2⤵
  PID:9736
- C:\Windows\System\vrIczrl.exe
  C:\Windows\System\vrIczrl.exe
  2⤵
  PID:9752
- C:\Windows\System\FReMrpM.exe
  C:\Windows\System\FReMrpM.exe
  2⤵
  PID:9768
- C:\Windows\System\dqndDoZ.exe
  C:\Windows\System\dqndDoZ.exe
  2⤵
  PID:9784
- C:\Windows\System\WdBCGUk.exe
  C:\Windows\System\WdBCGUk.exe
  2⤵
  PID:9800
- C:\Windows\System\jjeUpPV.exe
  C:\Windows\System\jjeUpPV.exe
  2⤵
  PID:9816
- C:\Windows\System\RcRVlqb.exe
  C:\Windows\System\RcRVlqb.exe
  2⤵
  PID:9832
- C:\Windows\System\NrFdvMS.exe
  C:\Windows\System\NrFdvMS.exe
  2⤵
  PID:9848
- C:\Windows\System\ERIqnPD.exe
  C:\Windows\System\ERIqnPD.exe
  2⤵
  PID:9864
- C:\Windows\System\hOZeZSm.exe
  C:\Windows\System\hOZeZSm.exe
  2⤵
  PID:9880
- C:\Windows\System\mDvjdzT.exe
  C:\Windows\System\mDvjdzT.exe
  2⤵
  PID:9896
- C:\Windows\System\htvkauT.exe
  C:\Windows\System\htvkauT.exe
  2⤵
  PID:9912
- C:\Windows\System\OyOevti.exe
  C:\Windows\System\OyOevti.exe
  2⤵
  PID:9928
- C:\Windows\System\hcphIRX.exe
  C:\Windows\System\hcphIRX.exe
  2⤵
  PID:9944
- C:\Windows\System\dZOPNzH.exe
  C:\Windows\System\dZOPNzH.exe
  2⤵
  PID:9960
- C:\Windows\System\IVFYfxq.exe
  C:\Windows\System\IVFYfxq.exe
  2⤵
  PID:9976
- C:\Windows\System\fVuOSoq.exe
  C:\Windows\System\fVuOSoq.exe
  2⤵
  PID:9992
- C:\Windows\System\SLyeNrN.exe
  C:\Windows\System\SLyeNrN.exe
  2⤵
  PID:10008
- C:\Windows\System\wioIoXb.exe
  C:\Windows\System\wioIoXb.exe
  2⤵
  PID:10024
- C:\Windows\System\bjwRdWo.exe
  C:\Windows\System\bjwRdWo.exe
  2⤵
  PID:10040
- C:\Windows\System\QfXMpUS.exe
  C:\Windows\System\QfXMpUS.exe
  2⤵
  PID:10056
- C:\Windows\System\vTlXKGR.exe
  C:\Windows\System\vTlXKGR.exe
  2⤵
  PID:10072
- C:\Windows\System\PVnzLcr.exe
  C:\Windows\System\PVnzLcr.exe
  2⤵
  PID:10088
- C:\Windows\System\urcsbPb.exe
  C:\Windows\System\urcsbPb.exe
  2⤵
  PID:10104
- C:\Windows\System\hgSCyvT.exe
  C:\Windows\System\hgSCyvT.exe
  2⤵
  PID:10120
- C:\Windows\System\hEfjJqC.exe
  C:\Windows\System\hEfjJqC.exe
  2⤵
  PID:10136
- C:\Windows\System\KSRkSit.exe
  C:\Windows\System\KSRkSit.exe
  2⤵
  PID:10156
- C:\Windows\System\XvdERIE.exe
  C:\Windows\System\XvdERIE.exe
  2⤵
  PID:10172
- C:\Windows\System\Xsctujw.exe
  C:\Windows\System\Xsctujw.exe
  2⤵
  PID:10188
- C:\Windows\System\AXeXJoD.exe
  C:\Windows\System\AXeXJoD.exe
  2⤵
  PID:10204
- C:\Windows\System\QHAFooU.exe
  C:\Windows\System\QHAFooU.exe
  2⤵
  PID:10220
- C:\Windows\System\JYZazJE.exe
  C:\Windows\System\JYZazJE.exe
  2⤵
  PID:10236
- C:\Windows\System\MFsWIeG.exe
  C:\Windows\System\MFsWIeG.exe
  2⤵
  PID:9212
- C:\Windows\System\QHAkxfz.exe
  C:\Windows\System\QHAkxfz.exe
  2⤵
  PID:9244
- C:\Windows\System\ReVLTLp.exe
  C:\Windows\System\ReVLTLp.exe
  2⤵
  PID:9256
- C:\Windows\System\LvKyZnU.exe
  C:\Windows\System\LvKyZnU.exe
  2⤵
  PID:9320
- C:\Windows\System\RTqKLpO.exe
  C:\Windows\System\RTqKLpO.exe
  2⤵
  PID:9388
- C:\Windows\System\uUMCzdj.exe
  C:\Windows\System\uUMCzdj.exe
  2⤵
  PID:9336
- C:\Windows\System\RpKfgpH.exe
  C:\Windows\System\RpKfgpH.exe
  2⤵
  PID:9400
- C:\Windows\System\YldnEjM.exe
  C:\Windows\System\YldnEjM.exe
  2⤵
  PID:9464
- C:\Windows\System\TpLaIPM.exe
  C:\Windows\System\TpLaIPM.exe
  2⤵
  PID:9448
- C:\Windows\System\TmhaBJt.exe
  C:\Windows\System\TmhaBJt.exe
  2⤵
  PID:9480
- C:\Windows\System\BuKKiBf.exe
  C:\Windows\System\BuKKiBf.exe
  2⤵
  PID:9532
- C:\Windows\System\MGGUtIn.exe
  C:\Windows\System\MGGUtIn.exe
  2⤵
  PID:9568
- C:\Windows\System\BCIxrfP.exe
  C:\Windows\System\BCIxrfP.exe
  2⤵
  PID:9556
- C:\Windows\System\LJJIeqi.exe
  C:\Windows\System\LJJIeqi.exe
  2⤵
  PID:9600
- C:\Windows\System\goytHPO.exe
  C:\Windows\System\goytHPO.exe
  2⤵
  PID:9652
- C:\Windows\System\UYIJbCn.exe
  C:\Windows\System\UYIJbCn.exe
  2⤵
  PID:9700
- C:\Windows\System\qPzvOmD.exe
  C:\Windows\System\qPzvOmD.exe
  2⤵
  PID:9792
- C:\Windows\System\CxaFzjp.exe
  C:\Windows\System\CxaFzjp.exe
  2⤵
  PID:9748
- C:\Windows\System\iVoYjeH.exe
  C:\Windows\System\iVoYjeH.exe
  2⤵
  PID:9780
- C:\Windows\System\IgKOmzY.exe
  C:\Windows\System\IgKOmzY.exe
  2⤵
  PID:9840
- C:\Windows\System\gZXjERF.exe
  C:\Windows\System\gZXjERF.exe
  2⤵
  PID:9904
- C:\Windows\System\VoDkunV.exe
  C:\Windows\System\VoDkunV.exe
  2⤵
  PID:9968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\APmsIJd.exe

Filesize
6.1MB

MD5
6ed0740c6a3b0b5240343a8e593da85c

SHA1
a9f116666963e7e4e0eeab180acfccaffd20c2cd

SHA256
d9dc39def84649edb3ed44183611e4e3a65628b416d24d2ccc0c8042248bb712

SHA512
e04028c3e5538ef1c4d5e470d0a5017d7c5f8b2b2bc14e2439d495efebcaa08cca8fa0f8221d548ce7a20907a66671fd5420527a7862a61d7a96cfd424b0a520

Download Submit
C:\Windows\system\BqGetUF.exe

Filesize
6.1MB

MD5
d02990493fc8da3886eabeab80b5cec6

SHA1
0e2376a088d2c70893d257bf0a5362e504ed4461

SHA256
4ed1f5f8bd75ad660e86c6c71a0c2e245d2ad66d7dd755a0c6694a7e0b3a5d16

SHA512
539add6e46140b32065a321750ce4a7ded9fe3b550df8c91abb321ce5cdb0eb4ed7eb1b39e4b6d030f76145e538a77d2802e7ab840d2a14094cbaf7f9d962cd8

Download Submit
C:\Windows\system\CTErYas.exe

Filesize
6.1MB

MD5
b1c5f10d2b7d27964eb097372dbaecaa

SHA1
46ab6ca2d7047e0da7aa256ab8ccf05ec1fd1f72

SHA256
20eaef968cfeddbdf9bf9f92fb6a3fe366f49e90d815c3ad1d8206de12ff5984

SHA512
e19efada640140d9a91e36f888aabd273f6e6c0bfce0d6b968bfaca88fa5a08ab7fd5d8c621335f9ca1f1724fb0f09680b2f6b3946fd4f0216b523c53dd8185f

Download Submit
C:\Windows\system\CTawdqR.exe

Filesize
6.1MB

MD5
dcf35f9324fa9e142f8b0d74a4fcedcf

SHA1
9fa20d268e0532dd28ca17b9ead8e32354d3da92

SHA256
27875131c77ee030740d0761a44969c57784d455f9d6fd5dafd38cf1b463e05b

SHA512
cbb80d91561e9335c6d33c321074a9ca7eb238956d3eb75695191f24ff3121bce94c578bd2341a84eb01246c6277a5f2d70636695fa5843cff57ce0e94da8a8e

Download Submit
C:\Windows\system\DEaXULn.exe

Filesize
6.1MB

MD5
e859b1c7f1c5f7792f3a11d74e563b25

SHA1
eed471e82583c4e8126705c21808959ac471560c

SHA256
1c887fc18ddf72e44af58ab9f46d1f92c176761ad09af50e45da8df9a725c11c

SHA512
3974a0bcd22a413d621e7ddebd57287c0cc532c2da69a639f70d2da5bda933fdd5a691d48b5d835f00e35831f161bb412289081ddabe74b108e3d32c1d403e14

Download Submit
C:\Windows\system\IzwdyIC.exe

Filesize
6.1MB

MD5
1e7e9547b74ae570997e2b67d95f02c3

SHA1
d3ab5b915221a8ff68ea0a2b7cbe36039643a2b6

SHA256
1d01d6ea0340d628a98adf29913c768671dac4297d462b52ff6bfdda92dd7691

SHA512
a57f90ca2fa21761579295c68dbd3ebd4bb15fa8fd3005cdceb0fa26822a575eb3b1c83fb54cfb727774eb98d807c96eca14ea1687f1841b472cbba377d5d1ad

Download Submit
C:\Windows\system\KUMhYcf.exe

Filesize
6.1MB

MD5
5e299b69234da0f9094cd3eb1db04cf2

SHA1
5802b685969df176e32d99cd42805a66138cd329

SHA256
48421f0fe2691bc1792999cfb9a45746632dbe087fca5316fe3057ec88065e52

SHA512
0e4c9fd7c7f2dada602eede0204ee628d7b56fc6ec5f2508be49add87e428df7ce5eca28f33849aa5bcdc85cf6773b3b0184dd249733e0734759612482967c2b

Download Submit
C:\Windows\system\LyToZjo.exe

Filesize
6.1MB

MD5
da8710c575067dd955be48716a1ff894

SHA1
ec9093c4b71956d29238239b9f83b571f48a033d

SHA256
40d126bd7d5992da645efe95d603983a58af8f47d351a3f4fc2608f465ab3379

SHA512
4884fd119e01aa2ab9018f47e24ba0dfe83c62e3dc9cd855d6f5e32d79cf140ac482a916af4cbac4a24421a704dca289c878a21b905b0338c35aa395503dd5b3

Download Submit
C:\Windows\system\MHDVpbv.exe

Filesize
6.1MB

MD5
1d62c55ac046449ceab793e21a8194ca

SHA1
d45aa2ffea936c21a9ce29fedc0a3d6b704b84bb

SHA256
40c6c4e8ff5b153912cb9593b721762ac1b8a0a68db51bc7a31ac66f962bfe45

SHA512
b184b0a13afaf02d88fa5acf48bde26ebcdcd7a1cb3317abcfd1d27e32a8b85345dab5753d59f8730a241541154fb041979a7de8891560616aca426bd5c3fcb8

Download Submit
C:\Windows\system\RGfisCl.exe

Filesize
6.1MB

MD5
730d11ab6aca71b8d0cfc3557fc21fcb

SHA1
3018b092cadfa60bdca344cf5224978df1608f61

SHA256
a1e266173f401a5ca827edd914514f74c46bfde689f1ca8110abd04ecbc1fbb9

SHA512
616083a700140f53f3707a9fb81dee566e0f8bb24bfd258b495debe356ad2de2c0674b0b0e093c2c203ee381a6348de16705b1fb35719e93ac09caedea0639dc

Download Submit
C:\Windows\system\TFIXXXX.exe

Filesize
6.1MB

MD5
1cae16bb05b8580d76af35e019442d9e

SHA1
631fbbd09a1a07d77378536f77c01e10e9346628

SHA256
7629fa5d34ce9da93d1321e6e3ce05f29106fc15fa110be8ca11046dd4a935ad

SHA512
e21b3b5d073b8537339ca0f0f917c78c350871997f2b9937cd8b144884fef71f1f13f011f5e768c0798b8c6304b06669e9dfe0a6a181f166a263e34f4b09411c

Download Submit
C:\Windows\system\TqAwuZd.exe

Filesize
6.1MB

MD5
f71324ff0655c62d7cd4c73b802c0013

SHA1
3d5a9f23535adcaa283b4c1200ec0aa826413db6

SHA256
b75e1093e33f8bfaf3937815fb3c604c55ea595448ce910533a52e7e2da89530

SHA512
d3e478b94a3d78527006114dff10370e0095202c356fe4dac76d43dfba9535c270c2ccf52ea37fa7a74f8b7fee20f0e3830af7552b880178be68c983cf05818b

Download Submit
C:\Windows\system\UEhzRxD.exe

Filesize
6.1MB

MD5
45423ed8c7b4a3462a806a511cc6810d

SHA1
788466452aee00e69b0f78a927782a77a4dfbe87

SHA256
9e87fa0cf08317d6a5bcf9f25daa6ceda7f92f9c43ae24c910f3eacfbefec1d8

SHA512
fbca2175447982366fc70ee2242575fd0c03b622fa1d8ec220f36c567903bf4d0ca0a7b73e3d77fed51010b0476664d1e4575feb6027697bedd898feffb66074

Download Submit
C:\Windows\system\ezRGmfR.exe

Filesize
6.1MB

MD5
68f0c7108bc8f259e4c047cf152bc18d

SHA1
ae32b93a916fdc9dc25ea606f487e3e257426913

SHA256
16518382aa03bdc453ed77a60035af6c3454fa87a1c0547376ac06d2dd6e726b

SHA512
f49de25614c85083006ff9439d0a0f2290e83bcfd99539d39dfbeebf7d48c2d944dbbe9c5cad8153415d063b67a91d1e7146fcd2d1b359265be8cdfb12a85276

Download Submit
C:\Windows\system\glETmHE.exe

Filesize
6.1MB

MD5
7cf0de6e545422283abc8c591446a623

SHA1
c94d5776688ce696c7748fc9ff46494e8fcb17c9

SHA256
aab39f1f2199f8a2906759ef4d5fb98fbbdcb98d09223b73352a44d8310c1843

SHA512
0aff643aa7d556899661726a8d17c549f61d26dd6a2ac92cbaaede296ef3f0fbb83029dfbff10857d8e10804bf42b9ddc896f9973b00fdaa1dcbf721583bd984

Download Submit
C:\Windows\system\iLJfebc.exe

Filesize
6.1MB

MD5
4f497299345547b099cf08c14a7c3d0d

SHA1
7b483fdc1fb782af8c98c2fd29bc23cea6c0614d

SHA256
5eac815d736dca3eae0d076566eddee2d694608417acd5ebeeca0244bd7fe898

SHA512
d39919cb896fd454408d26f09f9ba862ffae7e0a141bd7df4d9a48a2f61c3848f74594bcd821d2f3adbdcec5fe6f3c70e6364ea9ffcbb83a6ef02df849473c0c

Download Submit
C:\Windows\system\mwfPhVJ.exe

Filesize
6.1MB

MD5
2ff70ad9af209f04ccff3d1f16bae123

SHA1
db5fe2d15bbb01c0e6c80fbfb041643e5c304eab

SHA256
90355efc5b44052ed508c4c67f0c7a5ff6eca9e5bf11cc5cef01d3db430d891d

SHA512
83528d60cf297971137d1cf9b68c50c9279218593c0027186e3cdffc2e87b4aebd4dd14770924270491b3fea21401bb0027f14548fe92a0d9dd4b7798ed4bfaf

Download Submit
C:\Windows\system\nHFRmKv.exe

Filesize
6.1MB

MD5
07e0ca14caa0021dbd16fead539d325d

SHA1
72451d0802e6b263c7bec5e3f0476e3d0aa23f66

SHA256
e6086e99ef863ea4326d162f2efe424665eea8e38c6281dcccaca1ffefdcfc63

SHA512
1911449e1188b94f67c475162493a1e79578063607724484cf14bd989df218c26b4033731624a8db06a9bf88ce6d270e962e5864214981a0b845caddc3feb835

Download Submit
C:\Windows\system\nPUEZfT.exe

Filesize
6.1MB

MD5
e4d4074e80dd11b6d279186df96e285c

SHA1
8c4a8e8484f12ecd12ebeded56c08fc21d675463

SHA256
17f9fb92b80ba2ed446f1101aa7a29dccff95e53a00057e71513ba47651745d8

SHA512
51ec2d1f163fb374a4ea04130f270196c371bb19c9aa06c7c73092d992d2d74321e926f02f6c1a2efe06e047c3a4a29ebb40b6bee3a880105c623f0d236bbeed

Download Submit
C:\Windows\system\pfarbTR.exe

Filesize
6.1MB

MD5
c93f38fa17be75e6e642dcd0a343fb1e

SHA1
b30640d695a1c52dfc68dfb38d71bcc6b31929d9

SHA256
1abae4eea63122d79b7e16f8bb0aa09d0e89f9d923e18a974b20eed9ff2d7359

SHA512
204c2fc19a2366d90f42d151cf269759e41097b995e5fff726d3021bb23046c7b815e4132f61d99d3e10ab45ba2b5ae010dd98e13c719788e5ef7fcba7877736

Download Submit
C:\Windows\system\vbTPXgG.exe

Filesize
6.1MB

MD5
fd039fac8cd708894c79896c561e52ef

SHA1
14442d7a496eec7e773cf3c26839cfb64034efb2

SHA256
cae11e3b748fee61830583bc31cdabcbe870ced1a2ec8fa16d32dd0204a233c6

SHA512
dfa998efb5dd61751524d33e87a901d832102be247ad11b116ec6480322a81d474019ffcdb799205b50f6b0d2350dc71edfaef50b316e2906ccb372419ecc792

Download Submit
C:\Windows\system\wZqVysM.exe

Filesize
6.1MB

MD5
745548d1c8324122805b951558079e89

SHA1
927aecff74d367409aeebfbd5d92e3e7a3348c27

SHA256
07836ac5f200252b1f4c35865254f4865dbae3ec34b84c9a7329ea3bbd8475e9

SHA512
d1f1b40e4f900b1583df5087ce47af8ef5c4e476c519f453e51055db4f772512e4936c5628968c4f7517fafe9c3e706b7b8f8ef5a2e53aae7cbc3206f3529034

Download Submit
\Windows\system\EzdIyfw.exe

Filesize
6.1MB

MD5
0432c2a632644fe669855c10581c16c9

SHA1
7c81d67160e176777666667e03a1959d84d33a2e

SHA256
2b4bc0455dad43b1051204a6db0f7923c3116166c360de5baa4b4a5c0dbcee52

SHA512
7652dea07282caf71d52b46e3046cfaf0392cfac72b5a5ab35fca73bd569b8daa425026f7cdc608777a1936595f1c3c3ed43f7afbf70e71edae3f45fb59230b1

Download Submit
\Windows\system\JkqouMI.exe

Filesize
6.1MB

MD5
20d6dd8245fc6177f187c887b32343c3

SHA1
7715de3c1e7811b95ee60f05da7751238ef791bb

SHA256
4a8b2b42f1549dcc7501491cb28db44c1ee4aa411b4ed9c8c51ba86745ffa895

SHA512
bbf5408c7f551a63d79532d753c25be66fc3556c02ab3e74c7ac6b8d4775c5785a4a8cb1ae313df7c831477358debc31db650cbc45dad93dc91268cf234d05b4

Download Submit
\Windows\system\NoLdLDj.exe

Filesize
6.1MB

MD5
f8cb867c51122a50f214eb437f15011c

SHA1
3ceca5a09055512e6ad4a7ae408d23afa7e8dbb0

SHA256
f433ce77a56d98e931487dd03d8ad4ff54102582b48a9c801adb4d0a7a8b2fd9

SHA512
4b2e2b366adeb8693c2750a0f4098edd9b2d783715e1f70f53b37777d6637b64d25ffa9dcaf1c08527cf7a257a930cd53f99ff33d72f9c88fdb09d2794ea259e

Download Submit
\Windows\system\QpfidTf.exe

Filesize
6.1MB

MD5
38c7cfde55fdbf2b763a53323047f9fe

SHA1
b0ec2cdde16f4666770849e2652bef06c73fce9f

SHA256
23018f99651c802b1a745c991176560b324fcad58e48dae3c678a13156859fcf

SHA512
71302ef61daea41d6b6c233aba096fc9a6feedb7d520420105969a10b4c4dee9dd1853034e735f1a80ab4f286707a7b3aeb9bb254ace3c2ee6d54db87ae20abf

Download Submit
\Windows\system\XKEgsiG.exe

Filesize
6.1MB

MD5
2672db72898012b78aa1872c7286546b

SHA1
18995b14d581e505dc5b4e0111c7de01f7fb5c26

SHA256
53d8e12c848d9ccc3b89b71c0343cc7423d721e0c1b1d7097bdc8b2173c6733f

SHA512
b03c0a3b57476b453383dcd7014580cf2d6a822f3ef57fa0c2e1321f4327a66780ab333b750ce567fff950d7c015aa2c16652230c1ecd9f5f29b6d9daaaecc0e

Download Submit
\Windows\system\ieWtmem.exe

Filesize
6.1MB

MD5
e00d3bdb359a57d3386c9061dd692c71

SHA1
378911e0e0ac05e9949c262626c6b10e09c42cb0

SHA256
394f42a9821a6056036db08dc861c7619fb398e9b5260209e9740bcd7f8a6baf

SHA512
07112ca2cbeee83a6155e698e063fdb631b40a875f9cd1b3314e9e8dec22cf11d7e0fca6344a0a1244c439d0c8bdd2fe55d14cca8a21e1c46b1b749a0df72cff

Download Submit
\Windows\system\sAfWsVr.exe

Filesize
6.1MB

MD5
25132fd575a0f880c95843424801b3b8

SHA1
8bf1a6cb1628538a98df6f1ca5252a1614da9061

SHA256
47089c77d7c6153311c56c5991f87a2c80e3a6542b4d4cdedb60f821d11a6568

SHA512
a1a2f82f8159d1184a436caae6bb520f166ce6675ea62740bf1550c476e666dd12dfd17a3c923142addebe0990c4a62c2561bc685ad4f963a110ac0783f62514

Download Submit
\Windows\system\tPeSqAU.exe

Filesize
6.1MB

MD5
63ddff52d706cd0a34ed0d2151a4a9d0

SHA1
07eaa462c243dd3d13f7b677ffd66d4375fa2a76

SHA256
63aa5d69e6039f871f618ad96a711fe4364d75873a227e06959c9f8e50ec5589

SHA512
121309f03bb9be37cb120fe77c966129f38aa162ec5c6e68b9d1346687642b292f10bc72297a8919b8654f74d2db76e42544159b25d2fd782761c299bbeaee0f

Download Submit
\Windows\system\wZJrCZM.exe

Filesize
6.1MB

MD5
b855371c16c8303b038287db8df59c4f

SHA1
360caaefc855d35189c1c3e88c3c0a8ec7c5b3da

SHA256
fe2b9c6b2fe7d2a5cea35c844e762018cc68d6fe3987613a6c76573202498eab

SHA512
14fc4737b9a7e7a89f31d49b77f24ddc7f5d0300973755ae4cf69142c79850876a83ee89333d649611b0cccc0d829aa67f8300b7de123ca955cea08a553f3f17

Download Submit
\Windows\system\zXOMDbA.exe

Filesize
6.1MB

MD5
c7430fcdf817df49a30ac6a55fff48a2

SHA1
180f7c8b9e7291affec7d9126e6379274c6124d0

SHA256
0ab26d1dbd5258bb61a31021832c8d422cf53b0923c5b310d86348ba0c52c591

SHA512
36937815a88000e18df6d418da93f7d6b692f1b02e5bb4bbe346f6d754b3ae76f6d4ac4eeeb7bf9e288643d6266482864bd3aa6ed633ba608b1ceaa1117c3f00

Download Submit
memory/2052-58-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2052-4000-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2052-28-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2112-873-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2112-601-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2112-84-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2112-52-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2112-0-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2112-111-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2112-44-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2112-34-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2112-26-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2112-692-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2112-1213-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2112-1098-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2112-13-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2112-87-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2112-763-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2112-82-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2112-135-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2112-40-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2112-30-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2128-56-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2128-24-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2128-3999-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2304-4009-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2304-109-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2452-4008-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2452-91-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2524-4007-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2524-92-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2580-4010-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2580-983-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2580-104-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2640-57-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-129-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-4003-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-49-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2656-90-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2656-4004-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4006-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2676-88-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2708-42-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2708-72-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2708-4001-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2920-35-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2920-3997-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2920-11-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2924-4005-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2924-68-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2984-48-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2984-3998-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2984-15-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/3000-4002-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/3000-66-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/3000-36-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download