cobaltstrike | fcdd819e96c959e1983eccb38343b9461acf17a00b9aafc7135411c19ebe0323

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22/09/2024, 13:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

1ebe88e365db1a640637fb3e7ae33530
SHA1

e2b09355ce0d6c1dc0d583edcbeb4bb9c9886130
SHA256

fcdd819e96c959e1983eccb38343b9461acf17a00b9aafc7135411c19ebe0323
SHA512

a90b95e01f7aec92483dedd72b5298de6e46d318b76c6716d2f23896c434d7d380f89eadf24a736724a87d658e38f74b72e4576f38c62c6c0c9f97f3bae97747
SSDEEP

98304:MLCNtIimedfE0pZXJ56utgpPFotBER/mQ32lU/:aEIiH56utgpPF8u/7/

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b0000000122ea-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016db5-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dd0-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016de4-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016edb-38.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d58-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-116.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946a-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019465-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945b-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019450-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019433-148.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-144.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019387-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-108.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-96.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-82.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f6-69.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-62.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000190e1-57.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017400-52.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001707c-45.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016eb8-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3012-2-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/files/0x000b0000000122ea-3.dat	xmrig
behavioral1/memory/2596-9-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x0009000000016db5-10.dat	xmrig
behavioral1/files/0x0008000000016dd0-12.dat	xmrig
behavioral1/memory/2320-15-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/1248-22-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016de4-27.dat	xmrig
behavioral1/memory/1668-28-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016edb-38.dat	xmrig
behavioral1/memory/2764-39-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2664-47-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2520-53-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d58-75.dat	xmrig
behavioral1/files/0x0005000000019268-100.dat	xmrig
behavioral1/files/0x000500000001929a-116.dat	xmrig
behavioral1/files/0x00050000000193a4-136.dat	xmrig
behavioral1/files/0x000500000001946a-164.dat	xmrig
behavioral1/memory/2980-937-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2632-746-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2524-523-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/files/0x0005000000019465-160.dat	xmrig
behavioral1/files/0x000500000001945b-156.dat	xmrig
behavioral1/files/0x0005000000019450-152.dat	xmrig
behavioral1/files/0x0005000000019433-148.dat	xmrig
behavioral1/files/0x00050000000193c1-144.dat	xmrig
behavioral1/files/0x00050000000193b3-140.dat	xmrig
behavioral1/files/0x0005000000019377-128.dat	xmrig
behavioral1/files/0x0005000000019319-120.dat	xmrig
behavioral1/files/0x0005000000019387-132.dat	xmrig
behavioral1/files/0x0005000000019365-124.dat	xmrig
behavioral1/files/0x0005000000019278-112.dat	xmrig
behavioral1/files/0x0005000000019275-108.dat	xmrig
behavioral1/files/0x000500000001926c-104.dat	xmrig
behavioral1/files/0x0005000000019259-96.dat	xmrig
behavioral1/memory/2980-90-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x0005000000019240-89.dat	xmrig
behavioral1/memory/2632-83-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x0005000000019217-82.dat	xmrig
behavioral1/memory/2524-76-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2560-70-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x00050000000191f6-69.dat	xmrig
behavioral1/memory/2540-63-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x00050000000191d2-62.dat	xmrig
behavioral1/memory/2548-58-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/files/0x00080000000190e1-57.dat	xmrig
behavioral1/memory/3012-55-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/files/0x0008000000017400-52.dat	xmrig
behavioral1/memory/3012-49-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2320-46-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/files/0x000700000001707c-45.dat	xmrig
behavioral1/memory/2652-35-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/3012-34-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/files/0x0007000000016eb8-33.dat	xmrig
behavioral1/memory/3012-20-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2596-3836-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/2320-3828-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2540-4021-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2980-4022-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2524-4023-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/1668-4026-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2520-4025-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2764-4024-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2548-4027-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2596	TuhbxeB.exe
2320	KoGmQIt.exe
1248	IedjnKm.exe
1668	kwjdGod.exe
2652	RsVwWRO.exe
2764	OvOvGhm.exe
2664	wfRcABN.exe
2520	bsFuuvA.exe
2548	lmPvDYf.exe
2540	FobFlBi.exe
2560	QFcDfba.exe
2524	HoiJgNl.exe
2632	aTCTwzF.exe
2980	eWzvDwe.exe
584	BUTHMiI.exe
396	uNLxdTJ.exe
2740	filOGok.exe
2828	mpoCnLr.exe
2028	vugmbcZ.exe
2580	Kpncpsv.exe
2340	nombElz.exe
1400	vBtfLPU.exe
2736	uhikSpm.exe
1980	QMvwxSJ.exe
1724	WkWNZzY.exe
2160	nSvCldV.exe
2120	BLVPZoo.exe
2096	DsMhulp.exe
1012	lZYcPWA.exe
900	scYQEmX.exe
2412	qqEDuRa.exe
700	hBzADqS.exe
1336	gmeNvvA.exe
1196	QHKYKti.exe
1620	Lzxgyrf.exe
1968	nlTlUPg.exe
764	VnLxAKo.exe
1876	LpdGtsx.exe
2264	dQVzCTe.exe
988	JJYpnOe.exe
1820	hXKekIB.exe
572	VJaZDib.exe
1536	TUTOHzb.exe
1524	LcwfDWW.exe
1768	LLHAoBM.exe
2400	EsqQLpc.exe
2880	EUHhDFS.exe
1936	yFpqJOB.exe
1804	fGHzgOl.exe
2220	lpTodPD.exe
2344	glzSaYl.exe
2348	VaZcFRd.exe
1928	BsMKvnl.exe
2920	rWSTQGY.exe
2176	xWueUAc.exe
556	WKbSlnV.exe
2016	WvifQaj.exe
2228	xPcwPDV.exe
2592	WVGwRgk.exe
1748	nqLVOVo.exe
2932	bWXgHOt.exe
3008	fOHJDIJ.exe
2060	rmhFaVS.exe
3052	vhEMrmt.exe

Loads dropped DLL 64 IoCs

pid	Process
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3012-2-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/files/0x000b0000000122ea-3.dat	upx
behavioral1/memory/2596-9-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x0009000000016db5-10.dat	upx
behavioral1/files/0x0008000000016dd0-12.dat	upx
behavioral1/memory/2320-15-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/1248-22-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/files/0x0008000000016de4-27.dat	upx
behavioral1/memory/1668-28-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/files/0x0007000000016edb-38.dat	upx
behavioral1/memory/2764-39-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2664-47-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2520-53-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/files/0x0009000000016d58-75.dat	upx
behavioral1/files/0x0005000000019268-100.dat	upx
behavioral1/files/0x000500000001929a-116.dat	upx
behavioral1/files/0x00050000000193a4-136.dat	upx
behavioral1/files/0x000500000001946a-164.dat	upx
behavioral1/memory/2980-937-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2632-746-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2524-523-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/files/0x0005000000019465-160.dat	upx
behavioral1/files/0x000500000001945b-156.dat	upx
behavioral1/files/0x0005000000019450-152.dat	upx
behavioral1/files/0x0005000000019433-148.dat	upx
behavioral1/files/0x00050000000193c1-144.dat	upx
behavioral1/files/0x00050000000193b3-140.dat	upx
behavioral1/files/0x0005000000019377-128.dat	upx
behavioral1/files/0x0005000000019319-120.dat	upx
behavioral1/files/0x0005000000019387-132.dat	upx
behavioral1/files/0x0005000000019365-124.dat	upx
behavioral1/files/0x0005000000019278-112.dat	upx
behavioral1/files/0x0005000000019275-108.dat	upx
behavioral1/files/0x000500000001926c-104.dat	upx
behavioral1/files/0x0005000000019259-96.dat	upx
behavioral1/memory/2980-90-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x0005000000019240-89.dat	upx
behavioral1/memory/2632-83-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x0005000000019217-82.dat	upx
behavioral1/memory/2524-76-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2560-70-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x00050000000191f6-69.dat	upx
behavioral1/memory/2540-63-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x00050000000191d2-62.dat	upx
behavioral1/memory/2548-58-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/files/0x00080000000190e1-57.dat	upx
behavioral1/files/0x0008000000017400-52.dat	upx
behavioral1/memory/2320-46-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/files/0x000700000001707c-45.dat	upx
behavioral1/memory/2652-35-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/3012-34-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/files/0x0007000000016eb8-33.dat	upx
behavioral1/memory/2596-3836-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/2320-3828-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2540-4021-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2980-4022-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2524-4023-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/1668-4026-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2520-4025-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2764-4024-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2548-4027-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2664-4029-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2652-4028-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2560-4030-0x000000013FED0000-0x0000000140224000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\BUTHMiI.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MHSsNcr.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GtwWHKg.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YTnYFCw.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JgcaadR.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fJAZdzL.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BsUgsnm.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HwLKJzJ.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oNvzVMa.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DghtEDb.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nWLSPKj.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zwiZpBE.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DaPtHXw.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hNUcLPF.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NyLlgQt.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Gukhadn.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LuwsIgz.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QfaHeOs.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aVFoxdk.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IBLhvbl.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MMvPjWv.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\alULeVe.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MPHPHJi.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QcQPSTM.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gWjCJYD.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\acNCVBd.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GkdChgb.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nJeVRjp.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mEnKwpf.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YemOTmS.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kVXDUiI.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hhVMotU.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pUZsLZx.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYIlyrC.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IGrrUib.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LwbzoEm.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\omlhkBo.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lGqndxZ.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YzCFdAb.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\STScsRs.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hQUjdGk.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bCxXRjn.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HLGqIpK.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aiPQmmx.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\caTVGMY.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tEXutol.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\txwBzrz.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XzUGAFM.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PMKbXdG.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nfsArcT.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fXnVpNz.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ggfokph.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ikMYKxa.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vMEYhrn.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zfzwWCz.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GILRCTp.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RpNxpza.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OWqLFrL.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\egAvgfG.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kitcAGL.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lCdGugF.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ONXGBNy.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ApTYJsA.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TbtqysZ.exe	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2596	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3012 wrote to memory of 2596	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3012 wrote to memory of 2596	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3012 wrote to memory of 2320	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3012 wrote to memory of 2320	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3012 wrote to memory of 2320	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3012 wrote to memory of 1248	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3012 wrote to memory of 1248	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3012 wrote to memory of 1248	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3012 wrote to memory of 1668	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3012 wrote to memory of 1668	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3012 wrote to memory of 1668	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3012 wrote to memory of 2652	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3012 wrote to memory of 2652	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3012 wrote to memory of 2652	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3012 wrote to memory of 2764	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3012 wrote to memory of 2764	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3012 wrote to memory of 2764	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3012 wrote to memory of 2664	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3012 wrote to memory of 2664	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3012 wrote to memory of 2664	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3012 wrote to memory of 2520	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3012 wrote to memory of 2520	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3012 wrote to memory of 2520	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3012 wrote to memory of 2548	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3012 wrote to memory of 2548	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3012 wrote to memory of 2548	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3012 wrote to memory of 2540	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3012 wrote to memory of 2540	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3012 wrote to memory of 2540	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3012 wrote to memory of 2560	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3012 wrote to memory of 2560	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3012 wrote to memory of 2560	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3012 wrote to memory of 2524	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3012 wrote to memory of 2524	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3012 wrote to memory of 2524	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3012 wrote to memory of 2632	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3012 wrote to memory of 2632	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3012 wrote to memory of 2632	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3012 wrote to memory of 2980	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3012 wrote to memory of 2980	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3012 wrote to memory of 2980	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3012 wrote to memory of 584	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3012 wrote to memory of 584	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3012 wrote to memory of 584	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3012 wrote to memory of 396	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3012 wrote to memory of 396	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3012 wrote to memory of 396	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3012 wrote to memory of 2740	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3012 wrote to memory of 2740	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3012 wrote to memory of 2740	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3012 wrote to memory of 2828	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3012 wrote to memory of 2828	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3012 wrote to memory of 2828	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3012 wrote to memory of 2028	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3012 wrote to memory of 2028	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3012 wrote to memory of 2028	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3012 wrote to memory of 2580	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3012 wrote to memory of 2580	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3012 wrote to memory of 2580	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3012 wrote to memory of 2340	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 3012 wrote to memory of 2340	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 3012 wrote to memory of 2340	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 3012 wrote to memory of 1400	3012	2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-22_1ebe88e365db1a640637fb3e7ae33530_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Windows\System\TuhbxeB.exe
  C:\Windows\System\TuhbxeB.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\KoGmQIt.exe
  C:\Windows\System\KoGmQIt.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\IedjnKm.exe
  C:\Windows\System\IedjnKm.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\kwjdGod.exe
  C:\Windows\System\kwjdGod.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\RsVwWRO.exe
  C:\Windows\System\RsVwWRO.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\OvOvGhm.exe
  C:\Windows\System\OvOvGhm.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\wfRcABN.exe
  C:\Windows\System\wfRcABN.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\bsFuuvA.exe
  C:\Windows\System\bsFuuvA.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\lmPvDYf.exe
  C:\Windows\System\lmPvDYf.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\FobFlBi.exe
  C:\Windows\System\FobFlBi.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\QFcDfba.exe
  C:\Windows\System\QFcDfba.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\HoiJgNl.exe
  C:\Windows\System\HoiJgNl.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\aTCTwzF.exe
  C:\Windows\System\aTCTwzF.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\eWzvDwe.exe
  C:\Windows\System\eWzvDwe.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\BUTHMiI.exe
  C:\Windows\System\BUTHMiI.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\uNLxdTJ.exe
  C:\Windows\System\uNLxdTJ.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\filOGok.exe
  C:\Windows\System\filOGok.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\mpoCnLr.exe
  C:\Windows\System\mpoCnLr.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\vugmbcZ.exe
  C:\Windows\System\vugmbcZ.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\Kpncpsv.exe
  C:\Windows\System\Kpncpsv.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\nombElz.exe
  C:\Windows\System\nombElz.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\vBtfLPU.exe
  C:\Windows\System\vBtfLPU.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\uhikSpm.exe
  C:\Windows\System\uhikSpm.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\QMvwxSJ.exe
  C:\Windows\System\QMvwxSJ.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\WkWNZzY.exe
  C:\Windows\System\WkWNZzY.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\nSvCldV.exe
  C:\Windows\System\nSvCldV.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\BLVPZoo.exe
  C:\Windows\System\BLVPZoo.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\DsMhulp.exe
  C:\Windows\System\DsMhulp.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\lZYcPWA.exe
  C:\Windows\System\lZYcPWA.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\scYQEmX.exe
  C:\Windows\System\scYQEmX.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\qqEDuRa.exe
  C:\Windows\System\qqEDuRa.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\hBzADqS.exe
  C:\Windows\System\hBzADqS.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\gmeNvvA.exe
  C:\Windows\System\gmeNvvA.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\QHKYKti.exe
  C:\Windows\System\QHKYKti.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\Lzxgyrf.exe
  C:\Windows\System\Lzxgyrf.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\nlTlUPg.exe
  C:\Windows\System\nlTlUPg.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\VnLxAKo.exe
  C:\Windows\System\VnLxAKo.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\LpdGtsx.exe
  C:\Windows\System\LpdGtsx.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\dQVzCTe.exe
  C:\Windows\System\dQVzCTe.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\JJYpnOe.exe
  C:\Windows\System\JJYpnOe.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\hXKekIB.exe
  C:\Windows\System\hXKekIB.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\VJaZDib.exe
  C:\Windows\System\VJaZDib.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\TUTOHzb.exe
  C:\Windows\System\TUTOHzb.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\LcwfDWW.exe
  C:\Windows\System\LcwfDWW.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\LLHAoBM.exe
  C:\Windows\System\LLHAoBM.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\EsqQLpc.exe
  C:\Windows\System\EsqQLpc.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\EUHhDFS.exe
  C:\Windows\System\EUHhDFS.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\yFpqJOB.exe
  C:\Windows\System\yFpqJOB.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\fGHzgOl.exe
  C:\Windows\System\fGHzgOl.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\lpTodPD.exe
  C:\Windows\System\lpTodPD.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\glzSaYl.exe
  C:\Windows\System\glzSaYl.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\VaZcFRd.exe
  C:\Windows\System\VaZcFRd.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\BsMKvnl.exe
  C:\Windows\System\BsMKvnl.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\rWSTQGY.exe
  C:\Windows\System\rWSTQGY.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\xWueUAc.exe
  C:\Windows\System\xWueUAc.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\WKbSlnV.exe
  C:\Windows\System\WKbSlnV.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\WvifQaj.exe
  C:\Windows\System\WvifQaj.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\xPcwPDV.exe
  C:\Windows\System\xPcwPDV.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\WVGwRgk.exe
  C:\Windows\System\WVGwRgk.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\nqLVOVo.exe
  C:\Windows\System\nqLVOVo.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\bWXgHOt.exe
  C:\Windows\System\bWXgHOt.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\fOHJDIJ.exe
  C:\Windows\System\fOHJDIJ.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\rmhFaVS.exe
  C:\Windows\System\rmhFaVS.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\vhEMrmt.exe
  C:\Windows\System\vhEMrmt.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\DuPDUqL.exe
  C:\Windows\System\DuPDUqL.exe
  2⤵
  PID:2668
- C:\Windows\System\xkMakYY.exe
  C:\Windows\System\xkMakYY.exe
  2⤵
  PID:2780
- C:\Windows\System\kymoYFc.exe
  C:\Windows\System\kymoYFc.exe
  2⤵
  PID:1672
- C:\Windows\System\gVDtKIX.exe
  C:\Windows\System\gVDtKIX.exe
  2⤵
  PID:780
- C:\Windows\System\egtXkTG.exe
  C:\Windows\System\egtXkTG.exe
  2⤵
  PID:2972
- C:\Windows\System\uflLHsn.exe
  C:\Windows\System\uflLHsn.exe
  2⤵
  PID:1760
- C:\Windows\System\kwHAuKz.exe
  C:\Windows\System\kwHAuKz.exe
  2⤵
  PID:2012
- C:\Windows\System\wDtoOgD.exe
  C:\Windows\System\wDtoOgD.exe
  2⤵
  PID:1744
- C:\Windows\System\KNqrQvf.exe
  C:\Windows\System\KNqrQvf.exe
  2⤵
  PID:1996
- C:\Windows\System\ybjZSxf.exe
  C:\Windows\System\ybjZSxf.exe
  2⤵
  PID:760
- C:\Windows\System\QENbmCc.exe
  C:\Windows\System\QENbmCc.exe
  2⤵
  PID:952
- C:\Windows\System\VXEIowu.exe
  C:\Windows\System\VXEIowu.exe
  2⤵
  PID:2144
- C:\Windows\System\LuwsIgz.exe
  C:\Windows\System\LuwsIgz.exe
  2⤵
  PID:2136
- C:\Windows\System\dTKmXOL.exe
  C:\Windows\System\dTKmXOL.exe
  2⤵
  PID:1728
- C:\Windows\System\nRVSrAy.exe
  C:\Windows\System\nRVSrAy.exe
  2⤵
  PID:680
- C:\Windows\System\VtUEROm.exe
  C:\Windows\System\VtUEROm.exe
  2⤵
  PID:2336
- C:\Windows\System\vvzvtQg.exe
  C:\Windows\System\vvzvtQg.exe
  2⤵
  PID:1984
- C:\Windows\System\VFInohl.exe
  C:\Windows\System\VFInohl.exe
  2⤵
  PID:908
- C:\Windows\System\VMdsynb.exe
  C:\Windows\System\VMdsynb.exe
  2⤵
  PID:936
- C:\Windows\System\guqWXmI.exe
  C:\Windows\System\guqWXmI.exe
  2⤵
  PID:1384
- C:\Windows\System\wXjVOgg.exe
  C:\Windows\System\wXjVOgg.exe
  2⤵
  PID:2408
- C:\Windows\System\jCBcNpa.exe
  C:\Windows\System\jCBcNpa.exe
  2⤵
  PID:2212
- C:\Windows\System\PcfmOXc.exe
  C:\Windows\System\PcfmOXc.exe
  2⤵
  PID:2416
- C:\Windows\System\UmZClpq.exe
  C:\Windows\System\UmZClpq.exe
  2⤵
  PID:1776
- C:\Windows\System\XlOwgTG.exe
  C:\Windows\System\XlOwgTG.exe
  2⤵
  PID:2748
- C:\Windows\System\OKFbTtB.exe
  C:\Windows\System\OKFbTtB.exe
  2⤵
  PID:2512
- C:\Windows\System\fzoQSCJ.exe
  C:\Windows\System\fzoQSCJ.exe
  2⤵
  PID:1864
- C:\Windows\System\jikKzRQ.exe
  C:\Windows\System\jikKzRQ.exe
  2⤵
  PID:2140
- C:\Windows\System\KLodsJU.exe
  C:\Windows\System\KLodsJU.exe
  2⤵
  PID:3080
- C:\Windows\System\IzpmIoa.exe
  C:\Windows\System\IzpmIoa.exe
  2⤵
  PID:3100
- C:\Windows\System\oNvzVMa.exe
  C:\Windows\System\oNvzVMa.exe
  2⤵
  PID:3120
- C:\Windows\System\LQBeGWT.exe
  C:\Windows\System\LQBeGWT.exe
  2⤵
  PID:3136
- C:\Windows\System\dKvpQof.exe
  C:\Windows\System\dKvpQof.exe
  2⤵
  PID:3160
- C:\Windows\System\xvuqWfn.exe
  C:\Windows\System\xvuqWfn.exe
  2⤵
  PID:3180
- C:\Windows\System\RwIGSkP.exe
  C:\Windows\System\RwIGSkP.exe
  2⤵
  PID:3200
- C:\Windows\System\NebhecK.exe
  C:\Windows\System\NebhecK.exe
  2⤵
  PID:3220
- C:\Windows\System\OnubngI.exe
  C:\Windows\System\OnubngI.exe
  2⤵
  PID:3240
- C:\Windows\System\shgrRQO.exe
  C:\Windows\System\shgrRQO.exe
  2⤵
  PID:3256
- C:\Windows\System\kbxZJjI.exe
  C:\Windows\System\kbxZJjI.exe
  2⤵
  PID:3280
- C:\Windows\System\rFZlCRf.exe
  C:\Windows\System\rFZlCRf.exe
  2⤵
  PID:3300
- C:\Windows\System\djSBOiv.exe
  C:\Windows\System\djSBOiv.exe
  2⤵
  PID:3324
- C:\Windows\System\DYRQWuE.exe
  C:\Windows\System\DYRQWuE.exe
  2⤵
  PID:3344
- C:\Windows\System\PyOOUis.exe
  C:\Windows\System\PyOOUis.exe
  2⤵
  PID:3368
- C:\Windows\System\RaIYgQx.exe
  C:\Windows\System\RaIYgQx.exe
  2⤵
  PID:3388
- C:\Windows\System\mDuDfMU.exe
  C:\Windows\System\mDuDfMU.exe
  2⤵
  PID:3408
- C:\Windows\System\HLHGzik.exe
  C:\Windows\System\HLHGzik.exe
  2⤵
  PID:3428
- C:\Windows\System\bhRAYIZ.exe
  C:\Windows\System\bhRAYIZ.exe
  2⤵
  PID:3448
- C:\Windows\System\kkVFeRp.exe
  C:\Windows\System\kkVFeRp.exe
  2⤵
  PID:3468
- C:\Windows\System\ArdpOCF.exe
  C:\Windows\System\ArdpOCF.exe
  2⤵
  PID:3488
- C:\Windows\System\ORvmxWq.exe
  C:\Windows\System\ORvmxWq.exe
  2⤵
  PID:3508
- C:\Windows\System\MghyQlB.exe
  C:\Windows\System\MghyQlB.exe
  2⤵
  PID:3528
- C:\Windows\System\gHsHOHn.exe
  C:\Windows\System\gHsHOHn.exe
  2⤵
  PID:3544
- C:\Windows\System\KCMTeyG.exe
  C:\Windows\System\KCMTeyG.exe
  2⤵
  PID:3568
- C:\Windows\System\cfdtsdr.exe
  C:\Windows\System\cfdtsdr.exe
  2⤵
  PID:3588
- C:\Windows\System\FXtzkRU.exe
  C:\Windows\System\FXtzkRU.exe
  2⤵
  PID:3608
- C:\Windows\System\NNWFpYc.exe
  C:\Windows\System\NNWFpYc.exe
  2⤵
  PID:3628
- C:\Windows\System\aGNkbSk.exe
  C:\Windows\System\aGNkbSk.exe
  2⤵
  PID:3648
- C:\Windows\System\EiJwvyR.exe
  C:\Windows\System\EiJwvyR.exe
  2⤵
  PID:3668
- C:\Windows\System\osQwYug.exe
  C:\Windows\System\osQwYug.exe
  2⤵
  PID:3688
- C:\Windows\System\WOepwUm.exe
  C:\Windows\System\WOepwUm.exe
  2⤵
  PID:3708
- C:\Windows\System\eVcbjIT.exe
  C:\Windows\System\eVcbjIT.exe
  2⤵
  PID:3732
- C:\Windows\System\uLxRMlP.exe
  C:\Windows\System\uLxRMlP.exe
  2⤵
  PID:3748
- C:\Windows\System\GIcJsUS.exe
  C:\Windows\System\GIcJsUS.exe
  2⤵
  PID:3772
- C:\Windows\System\tbBigSm.exe
  C:\Windows\System\tbBigSm.exe
  2⤵
  PID:3792
- C:\Windows\System\iuwoQgH.exe
  C:\Windows\System\iuwoQgH.exe
  2⤵
  PID:3812
- C:\Windows\System\MOMuPfH.exe
  C:\Windows\System\MOMuPfH.exe
  2⤵
  PID:3832
- C:\Windows\System\JVxIHUm.exe
  C:\Windows\System\JVxIHUm.exe
  2⤵
  PID:3852
- C:\Windows\System\oXjpKum.exe
  C:\Windows\System\oXjpKum.exe
  2⤵
  PID:3872
- C:\Windows\System\UzjZtpS.exe
  C:\Windows\System\UzjZtpS.exe
  2⤵
  PID:3892
- C:\Windows\System\ZjzgOdy.exe
  C:\Windows\System\ZjzgOdy.exe
  2⤵
  PID:3912
- C:\Windows\System\iFyJRqU.exe
  C:\Windows\System\iFyJRqU.exe
  2⤵
  PID:3932
- C:\Windows\System\AcLOoxC.exe
  C:\Windows\System\AcLOoxC.exe
  2⤵
  PID:3952
- C:\Windows\System\ZzshjBI.exe
  C:\Windows\System\ZzshjBI.exe
  2⤵
  PID:3972
- C:\Windows\System\wMEsKJc.exe
  C:\Windows\System\wMEsKJc.exe
  2⤵
  PID:3988
- C:\Windows\System\JWjmYCl.exe
  C:\Windows\System\JWjmYCl.exe
  2⤵
  PID:4008
- C:\Windows\System\jjfAFZk.exe
  C:\Windows\System\jjfAFZk.exe
  2⤵
  PID:4032
- C:\Windows\System\sjNEmWx.exe
  C:\Windows\System\sjNEmWx.exe
  2⤵
  PID:4052
- C:\Windows\System\QwIvrRi.exe
  C:\Windows\System\QwIvrRi.exe
  2⤵
  PID:4072
- C:\Windows\System\cLnBvBa.exe
  C:\Windows\System\cLnBvBa.exe
  2⤵
  PID:1232
- C:\Windows\System\kHcmoiK.exe
  C:\Windows\System\kHcmoiK.exe
  2⤵
  PID:3064
- C:\Windows\System\WNpJUup.exe
  C:\Windows\System\WNpJUup.exe
  2⤵
  PID:2196
- C:\Windows\System\IqFaziu.exe
  C:\Windows\System\IqFaziu.exe
  2⤵
  PID:1548
- C:\Windows\System\sEvVMOR.exe
  C:\Windows\System\sEvVMOR.exe
  2⤵
  PID:316
- C:\Windows\System\BnEGdJH.exe
  C:\Windows\System\BnEGdJH.exe
  2⤵
  PID:2068
- C:\Windows\System\dAKWeTx.exe
  C:\Windows\System\dAKWeTx.exe
  2⤵
  PID:2276
- C:\Windows\System\FeAfzyW.exe
  C:\Windows\System\FeAfzyW.exe
  2⤵
  PID:1236
- C:\Windows\System\KHAGevG.exe
  C:\Windows\System\KHAGevG.exe
  2⤵
  PID:1568
- C:\Windows\System\pPwnAQf.exe
  C:\Windows\System\pPwnAQf.exe
  2⤵
  PID:1596
- C:\Windows\System\fhGoYNa.exe
  C:\Windows\System\fhGoYNa.exe
  2⤵
  PID:2808
- C:\Windows\System\xcZrRYk.exe
  C:\Windows\System\xcZrRYk.exe
  2⤵
  PID:624
- C:\Windows\System\pBAMeck.exe
  C:\Windows\System\pBAMeck.exe
  2⤵
  PID:2712
- C:\Windows\System\FrRBpaJ.exe
  C:\Windows\System\FrRBpaJ.exe
  2⤵
  PID:2728
- C:\Windows\System\DrKdvBM.exe
  C:\Windows\System\DrKdvBM.exe
  2⤵
  PID:3112
- C:\Windows\System\nmNYxQg.exe
  C:\Windows\System\nmNYxQg.exe
  2⤵
  PID:3148
- C:\Windows\System\UbxDFQL.exe
  C:\Windows\System\UbxDFQL.exe
  2⤵
  PID:3188
- C:\Windows\System\hQUjdGk.exe
  C:\Windows\System\hQUjdGk.exe
  2⤵
  PID:3208
- C:\Windows\System\pfEbeTD.exe
  C:\Windows\System\pfEbeTD.exe
  2⤵
  PID:3264
- C:\Windows\System\mOKMwMw.exe
  C:\Windows\System\mOKMwMw.exe
  2⤵
  PID:3248
- C:\Windows\System\goLYklS.exe
  C:\Windows\System\goLYklS.exe
  2⤵
  PID:3292
- C:\Windows\System\RkqKRPC.exe
  C:\Windows\System\RkqKRPC.exe
  2⤵
  PID:3360
- C:\Windows\System\oJjoeav.exe
  C:\Windows\System\oJjoeav.exe
  2⤵
  PID:3384
- C:\Windows\System\YditNSB.exe
  C:\Windows\System\YditNSB.exe
  2⤵
  PID:3436
- C:\Windows\System\mGptMqz.exe
  C:\Windows\System\mGptMqz.exe
  2⤵
  PID:3456
- C:\Windows\System\CkIjYIz.exe
  C:\Windows\System\CkIjYIz.exe
  2⤵
  PID:3484
- C:\Windows\System\YcHZkjD.exe
  C:\Windows\System\YcHZkjD.exe
  2⤵
  PID:3504
- C:\Windows\System\xsBfTit.exe
  C:\Windows\System\xsBfTit.exe
  2⤵
  PID:3564
- C:\Windows\System\NzvonlR.exe
  C:\Windows\System\NzvonlR.exe
  2⤵
  PID:3600
- C:\Windows\System\eTUbJYi.exe
  C:\Windows\System\eTUbJYi.exe
  2⤵
  PID:3636
- C:\Windows\System\hlrMRkw.exe
  C:\Windows\System\hlrMRkw.exe
  2⤵
  PID:3680
- C:\Windows\System\IqTJXEJ.exe
  C:\Windows\System\IqTJXEJ.exe
  2⤵
  PID:3656
- C:\Windows\System\KPTBXCF.exe
  C:\Windows\System\KPTBXCF.exe
  2⤵
  PID:3704
- C:\Windows\System\MVLjqcA.exe
  C:\Windows\System\MVLjqcA.exe
  2⤵
  PID:3764
- C:\Windows\System\AVzkEhL.exe
  C:\Windows\System\AVzkEhL.exe
  2⤵
  PID:3804
- C:\Windows\System\ETuzDmN.exe
  C:\Windows\System\ETuzDmN.exe
  2⤵
  PID:3784
- C:\Windows\System\lREpVqc.exe
  C:\Windows\System\lREpVqc.exe
  2⤵
  PID:3888
- C:\Windows\System\uMazLQK.exe
  C:\Windows\System\uMazLQK.exe
  2⤵
  PID:3920
- C:\Windows\System\gmxAwCy.exe
  C:\Windows\System\gmxAwCy.exe
  2⤵
  PID:3908
- C:\Windows\System\TocHUTM.exe
  C:\Windows\System\TocHUTM.exe
  2⤵
  PID:3968
- C:\Windows\System\DAPxssO.exe
  C:\Windows\System\DAPxssO.exe
  2⤵
  PID:4040
- C:\Windows\System\wjDUvNv.exe
  C:\Windows\System\wjDUvNv.exe
  2⤵
  PID:4016
- C:\Windows\System\OMvSnvG.exe
  C:\Windows\System\OMvSnvG.exe
  2⤵
  PID:4088
- C:\Windows\System\MDIUSxc.exe
  C:\Windows\System\MDIUSxc.exe
  2⤵
  PID:4060
- C:\Windows\System\ylnHYkr.exe
  C:\Windows\System\ylnHYkr.exe
  2⤵
  PID:1016
- C:\Windows\System\PGIOiNV.exe
  C:\Windows\System\PGIOiNV.exe
  2⤵
  PID:2912
- C:\Windows\System\umOUZdc.exe
  C:\Windows\System\umOUZdc.exe
  2⤵
  PID:2084
- C:\Windows\System\tpPPthf.exe
  C:\Windows\System\tpPPthf.exe
  2⤵
  PID:1252
- C:\Windows\System\MzfCSak.exe
  C:\Windows\System\MzfCSak.exe
  2⤵
  PID:3044
- C:\Windows\System\rvDiwyq.exe
  C:\Windows\System\rvDiwyq.exe
  2⤵
  PID:1720
- C:\Windows\System\XzUGAFM.exe
  C:\Windows\System\XzUGAFM.exe
  2⤵
  PID:2036
- C:\Windows\System\UOdoATu.exe
  C:\Windows\System\UOdoATu.exe
  2⤵
  PID:3092
- C:\Windows\System\iZSCVTw.exe
  C:\Windows\System\iZSCVTw.exe
  2⤵
  PID:3168
- C:\Windows\System\lFievLP.exe
  C:\Windows\System\lFievLP.exe
  2⤵
  PID:3232
- C:\Windows\System\HwLKJzJ.exe
  C:\Windows\System\HwLKJzJ.exe
  2⤵
  PID:3308
- C:\Windows\System\yzISspW.exe
  C:\Windows\System\yzISspW.exe
  2⤵
  PID:3268
- C:\Windows\System\ILcsFjy.exe
  C:\Windows\System\ILcsFjy.exe
  2⤵
  PID:3332
- C:\Windows\System\abnONKs.exe
  C:\Windows\System\abnONKs.exe
  2⤵
  PID:3440
- C:\Windows\System\rKWnepn.exe
  C:\Windows\System\rKWnepn.exe
  2⤵
  PID:3524
- C:\Windows\System\jgLWgOc.exe
  C:\Windows\System\jgLWgOc.exe
  2⤵
  PID:3596
- C:\Windows\System\jeGQkRJ.exe
  C:\Windows\System\jeGQkRJ.exe
  2⤵
  PID:3536
- C:\Windows\System\uvxlygk.exe
  C:\Windows\System\uvxlygk.exe
  2⤵
  PID:3684
- C:\Windows\System\OKmvfXr.exe
  C:\Windows\System\OKmvfXr.exe
  2⤵
  PID:3660
- C:\Windows\System\QxWErzK.exe
  C:\Windows\System\QxWErzK.exe
  2⤵
  PID:3808
- C:\Windows\System\ABoiPoj.exe
  C:\Windows\System\ABoiPoj.exe
  2⤵
  PID:3820
- C:\Windows\System\MDYDRJV.exe
  C:\Windows\System\MDYDRJV.exe
  2⤵
  PID:3960
- C:\Windows\System\CirJYCM.exe
  C:\Windows\System\CirJYCM.exe
  2⤵
  PID:3996
- C:\Windows\System\AxIdlYj.exe
  C:\Windows\System\AxIdlYj.exe
  2⤵
  PID:3944
- C:\Windows\System\oTHuxdS.exe
  C:\Windows\System\oTHuxdS.exe
  2⤵
  PID:1332
- C:\Windows\System\gYjbpHb.exe
  C:\Windows\System\gYjbpHb.exe
  2⤵
  PID:1116
- C:\Windows\System\yQqNFWp.exe
  C:\Windows\System\yQqNFWp.exe
  2⤵
  PID:4068
- C:\Windows\System\GzzOedQ.exe
  C:\Windows\System\GzzOedQ.exe
  2⤵
  PID:1632
- C:\Windows\System\EvEyfFn.exe
  C:\Windows\System\EvEyfFn.exe
  2⤵
  PID:1688
- C:\Windows\System\bCxXRjn.exe
  C:\Windows\System\bCxXRjn.exe
  2⤵
  PID:3152
- C:\Windows\System\OuKMgKz.exe
  C:\Windows\System\OuKMgKz.exe
  2⤵
  PID:1364
- C:\Windows\System\FEaXhvg.exe
  C:\Windows\System\FEaXhvg.exe
  2⤵
  PID:3144
- C:\Windows\System\ohGHQqg.exe
  C:\Windows\System\ohGHQqg.exe
  2⤵
  PID:3320
- C:\Windows\System\ZBxMzSr.exe
  C:\Windows\System\ZBxMzSr.exe
  2⤵
  PID:3520
- C:\Windows\System\JmNkcBA.exe
  C:\Windows\System\JmNkcBA.exe
  2⤵
  PID:3464
- C:\Windows\System\QexMnym.exe
  C:\Windows\System\QexMnym.exe
  2⤵
  PID:3724
- C:\Windows\System\jCAJCyu.exe
  C:\Windows\System\jCAJCyu.exe
  2⤵
  PID:3828
- C:\Windows\System\QfaHeOs.exe
  C:\Windows\System\QfaHeOs.exe
  2⤵
  PID:3640
- C:\Windows\System\cnNdYRB.exe
  C:\Windows\System\cnNdYRB.exe
  2⤵
  PID:3868
- C:\Windows\System\ArJYsqJ.exe
  C:\Windows\System\ArJYsqJ.exe
  2⤵
  PID:3924
- C:\Windows\System\zFlklWS.exe
  C:\Windows\System\zFlklWS.exe
  2⤵
  PID:1048
- C:\Windows\System\QDKgBgc.exe
  C:\Windows\System\QDKgBgc.exe
  2⤵
  PID:3560
- C:\Windows\System\nJeduRD.exe
  C:\Windows\System\nJeduRD.exe
  2⤵
  PID:1680
- C:\Windows\System\zJPnOyC.exe
  C:\Windows\System\zJPnOyC.exe
  2⤵
  PID:1756
- C:\Windows\System\qupiQKw.exe
  C:\Windows\System\qupiQKw.exe
  2⤵
  PID:3176
- C:\Windows\System\KMJxwDs.exe
  C:\Windows\System\KMJxwDs.exe
  2⤵
  PID:3580
- C:\Windows\System\NZCKziU.exe
  C:\Windows\System\NZCKziU.exe
  2⤵
  PID:3516
- C:\Windows\System\AzzZGzJ.exe
  C:\Windows\System\AzzZGzJ.exe
  2⤵
  PID:3460
- C:\Windows\System\XqRekJZ.exe
  C:\Windows\System\XqRekJZ.exe
  2⤵
  PID:3800
- C:\Windows\System\ptEjaWl.exe
  C:\Windows\System\ptEjaWl.exe
  2⤵
  PID:4084
- C:\Windows\System\hNidRIr.exe
  C:\Windows\System\hNidRIr.exe
  2⤵
  PID:4120
- C:\Windows\System\odjlsdh.exe
  C:\Windows\System\odjlsdh.exe
  2⤵
  PID:4140
- C:\Windows\System\zFoyJag.exe
  C:\Windows\System\zFoyJag.exe
  2⤵
  PID:4160
- C:\Windows\System\wUbUZkE.exe
  C:\Windows\System\wUbUZkE.exe
  2⤵
  PID:4176
- C:\Windows\System\emVgGGv.exe
  C:\Windows\System\emVgGGv.exe
  2⤵
  PID:4200
- C:\Windows\System\iEZPlpX.exe
  C:\Windows\System\iEZPlpX.exe
  2⤵
  PID:4220
- C:\Windows\System\XVQQZPj.exe
  C:\Windows\System\XVQQZPj.exe
  2⤵
  PID:4240
- C:\Windows\System\rtAccjH.exe
  C:\Windows\System\rtAccjH.exe
  2⤵
  PID:4256
- C:\Windows\System\aRMXAZS.exe
  C:\Windows\System\aRMXAZS.exe
  2⤵
  PID:4280
- C:\Windows\System\xJngpPe.exe
  C:\Windows\System\xJngpPe.exe
  2⤵
  PID:4296
- C:\Windows\System\AGJQhxF.exe
  C:\Windows\System\AGJQhxF.exe
  2⤵
  PID:4316
- C:\Windows\System\AjYBcmJ.exe
  C:\Windows\System\AjYBcmJ.exe
  2⤵
  PID:4336
- C:\Windows\System\TDlyPKi.exe
  C:\Windows\System\TDlyPKi.exe
  2⤵
  PID:4360
- C:\Windows\System\YecTTVf.exe
  C:\Windows\System\YecTTVf.exe
  2⤵
  PID:4376
- C:\Windows\System\lADecvH.exe
  C:\Windows\System\lADecvH.exe
  2⤵
  PID:4396
- C:\Windows\System\HSaEVzK.exe
  C:\Windows\System\HSaEVzK.exe
  2⤵
  PID:4416
- C:\Windows\System\WmmBOnu.exe
  C:\Windows\System\WmmBOnu.exe
  2⤵
  PID:4440
- C:\Windows\System\leZNLyp.exe
  C:\Windows\System\leZNLyp.exe
  2⤵
  PID:4460
- C:\Windows\System\VCdNhyc.exe
  C:\Windows\System\VCdNhyc.exe
  2⤵
  PID:4484
- C:\Windows\System\rJfSSXe.exe
  C:\Windows\System\rJfSSXe.exe
  2⤵
  PID:4500
- C:\Windows\System\DghtEDb.exe
  C:\Windows\System\DghtEDb.exe
  2⤵
  PID:4524
- C:\Windows\System\kYZiwGI.exe
  C:\Windows\System\kYZiwGI.exe
  2⤵
  PID:4544
- C:\Windows\System\UIQolix.exe
  C:\Windows\System\UIQolix.exe
  2⤵
  PID:4564
- C:\Windows\System\CUtBdld.exe
  C:\Windows\System\CUtBdld.exe
  2⤵
  PID:4584
- C:\Windows\System\eHFyPqA.exe
  C:\Windows\System\eHFyPqA.exe
  2⤵
  PID:4608
- C:\Windows\System\uXmlwav.exe
  C:\Windows\System\uXmlwav.exe
  2⤵
  PID:4624
- C:\Windows\System\jUOfdbO.exe
  C:\Windows\System\jUOfdbO.exe
  2⤵
  PID:4644
- C:\Windows\System\INMRwbu.exe
  C:\Windows\System\INMRwbu.exe
  2⤵
  PID:4664
- C:\Windows\System\XJgbNzT.exe
  C:\Windows\System\XJgbNzT.exe
  2⤵
  PID:4688
- C:\Windows\System\apEIJaI.exe
  C:\Windows\System\apEIJaI.exe
  2⤵
  PID:4704
- C:\Windows\System\pPHpncV.exe
  C:\Windows\System\pPHpncV.exe
  2⤵
  PID:4720
- C:\Windows\System\VTHQViZ.exe
  C:\Windows\System\VTHQViZ.exe
  2⤵
  PID:4748
- C:\Windows\System\kXqqbBo.exe
  C:\Windows\System\kXqqbBo.exe
  2⤵
  PID:4768
- C:\Windows\System\ECEPJXI.exe
  C:\Windows\System\ECEPJXI.exe
  2⤵
  PID:4788
- C:\Windows\System\ifVUZli.exe
  C:\Windows\System\ifVUZli.exe
  2⤵
  PID:4808
- C:\Windows\System\ApTYJsA.exe
  C:\Windows\System\ApTYJsA.exe
  2⤵
  PID:4828
- C:\Windows\System\iMQhZwI.exe
  C:\Windows\System\iMQhZwI.exe
  2⤵
  PID:4848
- C:\Windows\System\hHxiqCX.exe
  C:\Windows\System\hHxiqCX.exe
  2⤵
  PID:4868
- C:\Windows\System\AvoWMUP.exe
  C:\Windows\System\AvoWMUP.exe
  2⤵
  PID:4888
- C:\Windows\System\itIhlHV.exe
  C:\Windows\System\itIhlHV.exe
  2⤵
  PID:4908
- C:\Windows\System\dlUUPWF.exe
  C:\Windows\System\dlUUPWF.exe
  2⤵
  PID:4928
- C:\Windows\System\hMFrmNr.exe
  C:\Windows\System\hMFrmNr.exe
  2⤵
  PID:4952
- C:\Windows\System\YavkUJR.exe
  C:\Windows\System\YavkUJR.exe
  2⤵
  PID:4972
- C:\Windows\System\hHMOyiP.exe
  C:\Windows\System\hHMOyiP.exe
  2⤵
  PID:4992
- C:\Windows\System\HLGqIpK.exe
  C:\Windows\System\HLGqIpK.exe
  2⤵
  PID:5012
- C:\Windows\System\VGtJwfr.exe
  C:\Windows\System\VGtJwfr.exe
  2⤵
  PID:5032
- C:\Windows\System\PvSoMBv.exe
  C:\Windows\System\PvSoMBv.exe
  2⤵
  PID:5052
- C:\Windows\System\ovEBXIz.exe
  C:\Windows\System\ovEBXIz.exe
  2⤵
  PID:5076
- C:\Windows\System\MGeaFUX.exe
  C:\Windows\System\MGeaFUX.exe
  2⤵
  PID:5096
- C:\Windows\System\IhMRpvf.exe
  C:\Windows\System\IhMRpvf.exe
  2⤵
  PID:5116
- C:\Windows\System\BFpQfPS.exe
  C:\Windows\System\BFpQfPS.exe
  2⤵
  PID:4028
- C:\Windows\System\QcQPSTM.exe
  C:\Windows\System\QcQPSTM.exe
  2⤵
  PID:1740
- C:\Windows\System\pQddnAt.exe
  C:\Windows\System\pQddnAt.exe
  2⤵
  PID:2696
- C:\Windows\System\LjFjMoV.exe
  C:\Windows\System\LjFjMoV.exe
  2⤵
  PID:3744
- C:\Windows\System\UJMshrU.exe
  C:\Windows\System\UJMshrU.exe
  2⤵
  PID:2020
- C:\Windows\System\ixEbtUz.exe
  C:\Windows\System\ixEbtUz.exe
  2⤵
  PID:4116
- C:\Windows\System\nXmZebS.exe
  C:\Windows\System\nXmZebS.exe
  2⤵
  PID:960
- C:\Windows\System\cBQrwkR.exe
  C:\Windows\System\cBQrwkR.exe
  2⤵
  PID:4184
- C:\Windows\System\dqFAFZT.exe
  C:\Windows\System\dqFAFZT.exe
  2⤵
  PID:3024
- C:\Windows\System\nWLSPKj.exe
  C:\Windows\System\nWLSPKj.exe
  2⤵
  PID:4232
- C:\Windows\System\hiCVfjk.exe
  C:\Windows\System\hiCVfjk.exe
  2⤵
  PID:4208
- C:\Windows\System\IbKaxzF.exe
  C:\Windows\System\IbKaxzF.exe
  2⤵
  PID:4216
- C:\Windows\System\VfNXtwp.exe
  C:\Windows\System\VfNXtwp.exe
  2⤵
  PID:4352
- C:\Windows\System\XDoAlPZ.exe
  C:\Windows\System\XDoAlPZ.exe
  2⤵
  PID:4292
- C:\Windows\System\SDGxIve.exe
  C:\Windows\System\SDGxIve.exe
  2⤵
  PID:4332
- C:\Windows\System\rUSiCwt.exe
  C:\Windows\System\rUSiCwt.exe
  2⤵
  PID:4428
- C:\Windows\System\KTRgNtU.exe
  C:\Windows\System\KTRgNtU.exe
  2⤵
  PID:4448
- C:\Windows\System\caYsGjr.exe
  C:\Windows\System\caYsGjr.exe
  2⤵
  PID:4476
- C:\Windows\System\zwiZpBE.exe
  C:\Windows\System\zwiZpBE.exe
  2⤵
  PID:4512
- C:\Windows\System\tLXWoRx.exe
  C:\Windows\System\tLXWoRx.exe
  2⤵
  PID:4532
- C:\Windows\System\FaHtgAW.exe
  C:\Windows\System\FaHtgAW.exe
  2⤵
  PID:4536
- C:\Windows\System\mTeHKga.exe
  C:\Windows\System\mTeHKga.exe
  2⤵
  PID:4632
- C:\Windows\System\stxWjlO.exe
  C:\Windows\System\stxWjlO.exe
  2⤵
  PID:4652
- C:\Windows\System\WWBNrly.exe
  C:\Windows\System\WWBNrly.exe
  2⤵
  PID:4660
- C:\Windows\System\rIaNncG.exe
  C:\Windows\System\rIaNncG.exe
  2⤵
  PID:4764
- C:\Windows\System\dBgybcS.exe
  C:\Windows\System\dBgybcS.exe
  2⤵
  PID:4740
- C:\Windows\System\smquQIA.exe
  C:\Windows\System\smquQIA.exe
  2⤵
  PID:4776
- C:\Windows\System\lXKRvJG.exe
  C:\Windows\System\lXKRvJG.exe
  2⤵
  PID:4844
- C:\Windows\System\NuGnSRt.exe
  C:\Windows\System\NuGnSRt.exe
  2⤵
  PID:4816
- C:\Windows\System\BCrIUoN.exe
  C:\Windows\System\BCrIUoN.exe
  2⤵
  PID:4884
- C:\Windows\System\XjIEFpX.exe
  C:\Windows\System\XjIEFpX.exe
  2⤵
  PID:4900
- C:\Windows\System\ZfiZqhc.exe
  C:\Windows\System\ZfiZqhc.exe
  2⤵
  PID:3028
- C:\Windows\System\sNuMhDZ.exe
  C:\Windows\System\sNuMhDZ.exe
  2⤵
  PID:4968
- C:\Windows\System\blxdLXq.exe
  C:\Windows\System\blxdLXq.exe
  2⤵
  PID:5040
- C:\Windows\System\GkdChgb.exe
  C:\Windows\System\GkdChgb.exe
  2⤵
  PID:4984
- C:\Windows\System\ZMpLrOK.exe
  C:\Windows\System\ZMpLrOK.exe
  2⤵
  PID:5092
- C:\Windows\System\zpkaNal.exe
  C:\Windows\System\zpkaNal.exe
  2⤵
  PID:3948
- C:\Windows\System\NaEBrhC.exe
  C:\Windows\System\NaEBrhC.exe
  2⤵
  PID:3088
- C:\Windows\System\egoxDRr.exe
  C:\Windows\System\egoxDRr.exe
  2⤵
  PID:3128
- C:\Windows\System\krXuUhK.exe
  C:\Windows\System\krXuUhK.exe
  2⤵
  PID:3984
- C:\Windows\System\FankKNz.exe
  C:\Windows\System\FankKNz.exe
  2⤵
  PID:3844
- C:\Windows\System\WQvwWEk.exe
  C:\Windows\System\WQvwWEk.exe
  2⤵
  PID:4136
- C:\Windows\System\mIJEFHx.exe
  C:\Windows\System\mIJEFHx.exe
  2⤵
  PID:4112
- C:\Windows\System\GNOYxLI.exe
  C:\Windows\System\GNOYxLI.exe
  2⤵
  PID:4276
- C:\Windows\System\IzumNQd.exe
  C:\Windows\System\IzumNQd.exe
  2⤵
  PID:4344
- C:\Windows\System\iLUnThU.exe
  C:\Windows\System\iLUnThU.exe
  2⤵
  PID:4212
- C:\Windows\System\fuzzBvN.exe
  C:\Windows\System\fuzzBvN.exe
  2⤵
  PID:4468
- C:\Windows\System\qkZPPZk.exe
  C:\Windows\System\qkZPPZk.exe
  2⤵
  PID:4412
- C:\Windows\System\jtuPiBn.exe
  C:\Windows\System\jtuPiBn.exe
  2⤵
  PID:4520
- C:\Windows\System\durLkcv.exe
  C:\Windows\System\durLkcv.exe
  2⤵
  PID:4592
- C:\Windows\System\UydbHgS.exe
  C:\Windows\System\UydbHgS.exe
  2⤵
  PID:4560
- C:\Windows\System\ePjzxHD.exe
  C:\Windows\System\ePjzxHD.exe
  2⤵
  PID:4572
- C:\Windows\System\gVAxlzg.exe
  C:\Windows\System\gVAxlzg.exe
  2⤵
  PID:4616
- C:\Windows\System\reWEdhl.exe
  C:\Windows\System\reWEdhl.exe
  2⤵
  PID:2660
- C:\Windows\System\MJDSHZZ.exe
  C:\Windows\System\MJDSHZZ.exe
  2⤵
  PID:2564
- C:\Windows\System\PuTdWwr.exe
  C:\Windows\System\PuTdWwr.exe
  2⤵
  PID:4916
- C:\Windows\System\ruWLOrF.exe
  C:\Windows\System\ruWLOrF.exe
  2⤵
  PID:2756
- C:\Windows\System\EWMYQmj.exe
  C:\Windows\System\EWMYQmj.exe
  2⤵
  PID:2544
- C:\Windows\System\bklJyFW.exe
  C:\Windows\System\bklJyFW.exe
  2⤵
  PID:4920
- C:\Windows\System\mymyFiJ.exe
  C:\Windows\System\mymyFiJ.exe
  2⤵
  PID:5008
- C:\Windows\System\TErKcPS.exe
  C:\Windows\System\TErKcPS.exe
  2⤵
  PID:5088
- C:\Windows\System\ShLLWks.exe
  C:\Windows\System\ShLLWks.exe
  2⤵
  PID:5108
- C:\Windows\System\HNgrEwi.exe
  C:\Windows\System\HNgrEwi.exe
  2⤵
  PID:1544
- C:\Windows\System\HgTUUht.exe
  C:\Windows\System\HgTUUht.exe
  2⤵
  PID:3276
- C:\Windows\System\ecbFlWV.exe
  C:\Windows\System\ecbFlWV.exe
  2⤵
  PID:4188
- C:\Windows\System\gTtZkHs.exe
  C:\Windows\System\gTtZkHs.exe
  2⤵
  PID:1500
- C:\Windows\System\VxFirey.exe
  C:\Windows\System\VxFirey.exe
  2⤵
  PID:4308
- C:\Windows\System\aYyydmp.exe
  C:\Windows\System\aYyydmp.exe
  2⤵
  PID:4392
- C:\Windows\System\lTYecNv.exe
  C:\Windows\System\lTYecNv.exe
  2⤵
  PID:4404
- C:\Windows\System\GvDrlJc.exe
  C:\Windows\System\GvDrlJc.exe
  2⤵
  PID:4480
- C:\Windows\System\TrUUAWs.exe
  C:\Windows\System\TrUUAWs.exe
  2⤵
  PID:4556
- C:\Windows\System\EZBcaBl.exe
  C:\Windows\System\EZBcaBl.exe
  2⤵
  PID:4620
- C:\Windows\System\LNcDimr.exe
  C:\Windows\System\LNcDimr.exe
  2⤵
  PID:4736
- C:\Windows\System\AXDigVT.exe
  C:\Windows\System\AXDigVT.exe
  2⤵
  PID:4796
- C:\Windows\System\HLVIznY.exe
  C:\Windows\System\HLVIznY.exe
  2⤵
  PID:4864
- C:\Windows\System\YmnmCQp.exe
  C:\Windows\System\YmnmCQp.exe
  2⤵
  PID:2900
- C:\Windows\System\UqWKUgB.exe
  C:\Windows\System\UqWKUgB.exe
  2⤵
  PID:4960
- C:\Windows\System\PRbOAtT.exe
  C:\Windows\System\PRbOAtT.exe
  2⤵
  PID:4980
- C:\Windows\System\UTcUyfp.exe
  C:\Windows\System\UTcUyfp.exe
  2⤵
  PID:3404
- C:\Windows\System\wAdBElU.exe
  C:\Windows\System\wAdBElU.exe
  2⤵
  PID:4272
- C:\Windows\System\IxFwlZp.exe
  C:\Windows\System\IxFwlZp.exe
  2⤵
  PID:3032
- C:\Windows\System\GNzvGzF.exe
  C:\Windows\System\GNzvGzF.exe
  2⤵
  PID:4372
- C:\Windows\System\OWqLFrL.exe
  C:\Windows\System\OWqLFrL.exe
  2⤵
  PID:4436
- C:\Windows\System\VzixDBT.exe
  C:\Windows\System\VzixDBT.exe
  2⤵
  PID:4732
- C:\Windows\System\opLWBdM.exe
  C:\Windows\System\opLWBdM.exe
  2⤵
  PID:4304
- C:\Windows\System\cwzCdrm.exe
  C:\Windows\System\cwzCdrm.exe
  2⤵
  PID:4784
- C:\Windows\System\LwbzoEm.exe
  C:\Windows\System\LwbzoEm.exe
  2⤵
  PID:4936
- C:\Windows\System\FjbnKtj.exe
  C:\Windows\System\FjbnKtj.exe
  2⤵
  PID:4760
- C:\Windows\System\GtzCxWx.exe
  C:\Windows\System\GtzCxWx.exe
  2⤵
  PID:4824
- C:\Windows\System\CxtmxNM.exe
  C:\Windows\System\CxtmxNM.exe
  2⤵
  PID:5112
- C:\Windows\System\zCvMdQf.exe
  C:\Windows\System\zCvMdQf.exe
  2⤵
  PID:4156
- C:\Windows\System\WatyWUQ.exe
  C:\Windows\System\WatyWUQ.exe
  2⤵
  PID:2992
- C:\Windows\System\hhuImwU.exe
  C:\Windows\System\hhuImwU.exe
  2⤵
  PID:4472
- C:\Windows\System\LuQEBId.exe
  C:\Windows\System\LuQEBId.exe
  2⤵
  PID:5124
- C:\Windows\System\lXjLPXY.exe
  C:\Windows\System\lXjLPXY.exe
  2⤵
  PID:5144
- C:\Windows\System\vFjqVjN.exe
  C:\Windows\System\vFjqVjN.exe
  2⤵
  PID:5164
- C:\Windows\System\KULhRjU.exe
  C:\Windows\System\KULhRjU.exe
  2⤵
  PID:5184
- C:\Windows\System\jnMLnsm.exe
  C:\Windows\System\jnMLnsm.exe
  2⤵
  PID:5204
- C:\Windows\System\PdlvDXK.exe
  C:\Windows\System\PdlvDXK.exe
  2⤵
  PID:5224
- C:\Windows\System\vGoTYig.exe
  C:\Windows\System\vGoTYig.exe
  2⤵
  PID:5244
- C:\Windows\System\awdWGVi.exe
  C:\Windows\System\awdWGVi.exe
  2⤵
  PID:5264
- C:\Windows\System\bIuCWAD.exe
  C:\Windows\System\bIuCWAD.exe
  2⤵
  PID:5284
- C:\Windows\System\iDIMXvh.exe
  C:\Windows\System\iDIMXvh.exe
  2⤵
  PID:5304
- C:\Windows\System\qjfnUbD.exe
  C:\Windows\System\qjfnUbD.exe
  2⤵
  PID:5324
- C:\Windows\System\agMpMlK.exe
  C:\Windows\System\agMpMlK.exe
  2⤵
  PID:5344
- C:\Windows\System\KqIVnud.exe
  C:\Windows\System\KqIVnud.exe
  2⤵
  PID:5364
- C:\Windows\System\sHGmGlF.exe
  C:\Windows\System\sHGmGlF.exe
  2⤵
  PID:5384
- C:\Windows\System\TnCwzHL.exe
  C:\Windows\System\TnCwzHL.exe
  2⤵
  PID:5404
- C:\Windows\System\nJeVRjp.exe
  C:\Windows\System\nJeVRjp.exe
  2⤵
  PID:5424
- C:\Windows\System\ejZwivN.exe
  C:\Windows\System\ejZwivN.exe
  2⤵
  PID:5444
- C:\Windows\System\PTpwaNK.exe
  C:\Windows\System\PTpwaNK.exe
  2⤵
  PID:5464
- C:\Windows\System\iVmsdpp.exe
  C:\Windows\System\iVmsdpp.exe
  2⤵
  PID:5484
- C:\Windows\System\WHGfJeW.exe
  C:\Windows\System\WHGfJeW.exe
  2⤵
  PID:5504
- C:\Windows\System\jJwOxYZ.exe
  C:\Windows\System\jJwOxYZ.exe
  2⤵
  PID:5524
- C:\Windows\System\VQGONGy.exe
  C:\Windows\System\VQGONGy.exe
  2⤵
  PID:5544
- C:\Windows\System\shTfrtu.exe
  C:\Windows\System\shTfrtu.exe
  2⤵
  PID:5564
- C:\Windows\System\uKsTOvU.exe
  C:\Windows\System\uKsTOvU.exe
  2⤵
  PID:5584
- C:\Windows\System\eIjkCBy.exe
  C:\Windows\System\eIjkCBy.exe
  2⤵
  PID:5600
- C:\Windows\System\XLYIuFQ.exe
  C:\Windows\System\XLYIuFQ.exe
  2⤵
  PID:5624
- C:\Windows\System\sTgYfBu.exe
  C:\Windows\System\sTgYfBu.exe
  2⤵
  PID:5640
- C:\Windows\System\EiNLJQa.exe
  C:\Windows\System\EiNLJQa.exe
  2⤵
  PID:5664
- C:\Windows\System\rnfCORa.exe
  C:\Windows\System\rnfCORa.exe
  2⤵
  PID:5680
- C:\Windows\System\tqMqrgo.exe
  C:\Windows\System\tqMqrgo.exe
  2⤵
  PID:5704
- C:\Windows\System\wsQXReY.exe
  C:\Windows\System\wsQXReY.exe
  2⤵
  PID:5724
- C:\Windows\System\AqKuuew.exe
  C:\Windows\System\AqKuuew.exe
  2⤵
  PID:5744
- C:\Windows\System\Xgiavqf.exe
  C:\Windows\System\Xgiavqf.exe
  2⤵
  PID:5764
- C:\Windows\System\bCQolkI.exe
  C:\Windows\System\bCQolkI.exe
  2⤵
  PID:5784
- C:\Windows\System\UgOPYqp.exe
  C:\Windows\System\UgOPYqp.exe
  2⤵
  PID:5804
- C:\Windows\System\xfwOYvc.exe
  C:\Windows\System\xfwOYvc.exe
  2⤵
  PID:5824
- C:\Windows\System\EIvStEI.exe
  C:\Windows\System\EIvStEI.exe
  2⤵
  PID:5844
- C:\Windows\System\HygIvep.exe
  C:\Windows\System\HygIvep.exe
  2⤵
  PID:5864
- C:\Windows\System\mvqceoo.exe
  C:\Windows\System\mvqceoo.exe
  2⤵
  PID:5884
- C:\Windows\System\mjmApGd.exe
  C:\Windows\System\mjmApGd.exe
  2⤵
  PID:5904
- C:\Windows\System\xOZIedP.exe
  C:\Windows\System\xOZIedP.exe
  2⤵
  PID:5924
- C:\Windows\System\otQmYRq.exe
  C:\Windows\System\otQmYRq.exe
  2⤵
  PID:5944
- C:\Windows\System\eBCrdTW.exe
  C:\Windows\System\eBCrdTW.exe
  2⤵
  PID:5964
- C:\Windows\System\btrvcJU.exe
  C:\Windows\System\btrvcJU.exe
  2⤵
  PID:5984
- C:\Windows\System\JyABABK.exe
  C:\Windows\System\JyABABK.exe
  2⤵
  PID:6000
- C:\Windows\System\EtskVwX.exe
  C:\Windows\System\EtskVwX.exe
  2⤵
  PID:6024
- C:\Windows\System\FDiaZtY.exe
  C:\Windows\System\FDiaZtY.exe
  2⤵
  PID:6044
- C:\Windows\System\QLWFlvQ.exe
  C:\Windows\System\QLWFlvQ.exe
  2⤵
  PID:6064
- C:\Windows\System\WQqVTSK.exe
  C:\Windows\System\WQqVTSK.exe
  2⤵
  PID:6084
- C:\Windows\System\OpPKuTb.exe
  C:\Windows\System\OpPKuTb.exe
  2⤵
  PID:6108
- C:\Windows\System\ooIoiUs.exe
  C:\Windows\System\ooIoiUs.exe
  2⤵
  PID:6128
- C:\Windows\System\tfJUOXw.exe
  C:\Windows\System\tfJUOXw.exe
  2⤵
  PID:5068
- C:\Windows\System\AbPtpLU.exe
  C:\Windows\System\AbPtpLU.exe
  2⤵
  PID:4800
- C:\Windows\System\JYbztuz.exe
  C:\Windows\System\JYbztuz.exe
  2⤵
  PID:4248
- C:\Windows\System\pibuIJM.exe
  C:\Windows\System\pibuIJM.exe
  2⤵
  PID:5084
- C:\Windows\System\knINwfO.exe
  C:\Windows\System\knINwfO.exe
  2⤵
  PID:4196
- C:\Windows\System\peEXREM.exe
  C:\Windows\System\peEXREM.exe
  2⤵
  PID:4716
- C:\Windows\System\rVncFsR.exe
  C:\Windows\System\rVncFsR.exe
  2⤵
  PID:5152
- C:\Windows\System\sJwDJLi.exe
  C:\Windows\System\sJwDJLi.exe
  2⤵
  PID:5220
- C:\Windows\System\nHgoQpR.exe
  C:\Windows\System\nHgoQpR.exe
  2⤵
  PID:5252
- C:\Windows\System\HnMpWCV.exe
  C:\Windows\System\HnMpWCV.exe
  2⤵
  PID:5256
- C:\Windows\System\lREnIeo.exe
  C:\Windows\System\lREnIeo.exe
  2⤵
  PID:5300
- C:\Windows\System\cwzSbsS.exe
  C:\Windows\System\cwzSbsS.exe
  2⤵
  PID:5340
- C:\Windows\System\yLvwmXu.exe
  C:\Windows\System\yLvwmXu.exe
  2⤵
  PID:5380
- C:\Windows\System\aqpyNVL.exe
  C:\Windows\System\aqpyNVL.exe
  2⤵
  PID:5420
- C:\Windows\System\LJQpchY.exe
  C:\Windows\System\LJQpchY.exe
  2⤵
  PID:5452
- C:\Windows\System\zqsTNmg.exe
  C:\Windows\System\zqsTNmg.exe
  2⤵
  PID:5436
- C:\Windows\System\qPcbiZl.exe
  C:\Windows\System\qPcbiZl.exe
  2⤵
  PID:5480
- C:\Windows\System\oTVIttl.exe
  C:\Windows\System\oTVIttl.exe
  2⤵
  PID:5536
- C:\Windows\System\zyoaKHJ.exe
  C:\Windows\System\zyoaKHJ.exe
  2⤵
  PID:5576
- C:\Windows\System\pXEvIeZ.exe
  C:\Windows\System\pXEvIeZ.exe
  2⤵
  PID:5616
- C:\Windows\System\NlgBjwB.exe
  C:\Windows\System\NlgBjwB.exe
  2⤵
  PID:5592
- C:\Windows\System\HHIAytv.exe
  C:\Windows\System\HHIAytv.exe
  2⤵
  PID:5652
- C:\Windows\System\ftrZUqD.exe
  C:\Windows\System\ftrZUqD.exe
  2⤵
  PID:5700
- C:\Windows\System\ZbcGOOy.exe
  C:\Windows\System\ZbcGOOy.exe
  2⤵
  PID:5740
- C:\Windows\System\mCBwqnO.exe
  C:\Windows\System\mCBwqnO.exe
  2⤵
  PID:5772
- C:\Windows\System\SSGyWfq.exe
  C:\Windows\System\SSGyWfq.exe
  2⤵
  PID:4728
- C:\Windows\System\EvaBXyy.exe
  C:\Windows\System\EvaBXyy.exe
  2⤵
  PID:5816
- C:\Windows\System\gbkfEca.exe
  C:\Windows\System\gbkfEca.exe
  2⤵
  PID:5796
- C:\Windows\System\fuMsITg.exe
  C:\Windows\System\fuMsITg.exe
  2⤵
  PID:5872
- C:\Windows\System\kndSSSr.exe
  C:\Windows\System\kndSSSr.exe
  2⤵
  PID:5880
- C:\Windows\System\ruCbVTq.exe
  C:\Windows\System\ruCbVTq.exe
  2⤵
  PID:5920
- C:\Windows\System\WPeKADQ.exe
  C:\Windows\System\WPeKADQ.exe
  2⤵
  PID:5960
- C:\Windows\System\oFmAEJa.exe
  C:\Windows\System\oFmAEJa.exe
  2⤵
  PID:6020
- C:\Windows\System\ZBvopPI.exe
  C:\Windows\System\ZBvopPI.exe
  2⤵
  PID:6032
- C:\Windows\System\pOaiPCb.exe
  C:\Windows\System\pOaiPCb.exe
  2⤵
  PID:6056
- C:\Windows\System\btVmzQh.exe
  C:\Windows\System\btVmzQh.exe
  2⤵
  PID:6100
- C:\Windows\System\AJTUBGw.exe
  C:\Windows\System\AJTUBGw.exe
  2⤵
  PID:5028
- C:\Windows\System\ERcpAXk.exe
  C:\Windows\System\ERcpAXk.exe
  2⤵
  PID:4804
- C:\Windows\System\gfjsINP.exe
  C:\Windows\System\gfjsINP.exe
  2⤵
  PID:5044
- C:\Windows\System\gklYcta.exe
  C:\Windows\System\gklYcta.exe
  2⤵
  PID:5132
- C:\Windows\System\UKIAwuZ.exe
  C:\Windows\System\UKIAwuZ.exe
  2⤵
  PID:5172
- C:\Windows\System\PiKCCpk.exe
  C:\Windows\System\PiKCCpk.exe
  2⤵
  PID:5216
- C:\Windows\System\WXmTyNQ.exe
  C:\Windows\System\WXmTyNQ.exe
  2⤵
  PID:5236
- C:\Windows\System\SBYOTGR.exe
  C:\Windows\System\SBYOTGR.exe
  2⤵
  PID:5316
- C:\Windows\System\RXOZyxO.exe
  C:\Windows\System\RXOZyxO.exe
  2⤵
  PID:5400
- C:\Windows\System\KGpeoPU.exe
  C:\Windows\System\KGpeoPU.exe
  2⤵
  PID:5396
- C:\Windows\System\oNKPRQa.exe
  C:\Windows\System\oNKPRQa.exe
  2⤵
  PID:5496
- C:\Windows\System\IwsXAku.exe
  C:\Windows\System\IwsXAku.exe
  2⤵
  PID:5580
- C:\Windows\System\HvJwfqm.exe
  C:\Windows\System\HvJwfqm.exe
  2⤵
  PID:5556
- C:\Windows\System\azKjQpm.exe
  C:\Windows\System\azKjQpm.exe
  2⤵
  PID:5660
- C:\Windows\System\pnzoQku.exe
  C:\Windows\System\pnzoQku.exe
  2⤵
  PID:5676
- C:\Windows\System\DRzExeD.exe
  C:\Windows\System\DRzExeD.exe
  2⤵
  PID:5692
- C:\Windows\System\oVyFIkX.exe
  C:\Windows\System\oVyFIkX.exe
  2⤵
  PID:5760
- C:\Windows\System\rEizEHr.exe
  C:\Windows\System\rEizEHr.exe
  2⤵
  PID:5860
- C:\Windows\System\hGJXHMM.exe
  C:\Windows\System\hGJXHMM.exe
  2⤵
  PID:5896
- C:\Windows\System\baSCFIK.exe
  C:\Windows\System\baSCFIK.exe
  2⤵
  PID:6016
- C:\Windows\System\epZYSqY.exe
  C:\Windows\System\epZYSqY.exe
  2⤵
  PID:6060
- C:\Windows\System\DSfnXVo.exe
  C:\Windows\System\DSfnXVo.exe
  2⤵
  PID:6040
- C:\Windows\System\EuOiCnn.exe
  C:\Windows\System\EuOiCnn.exe
  2⤵
  PID:6092
- C:\Windows\System\HiTQvSj.exe
  C:\Windows\System\HiTQvSj.exe
  2⤵
  PID:4836
- C:\Windows\System\NuiotLX.exe
  C:\Windows\System\NuiotLX.exe
  2⤵
  PID:4552
- C:\Windows\System\cSQuAVz.exe
  C:\Windows\System\cSQuAVz.exe
  2⤵
  PID:5196
- C:\Windows\System\weoTJkJ.exe
  C:\Windows\System\weoTJkJ.exe
  2⤵
  PID:5280
- C:\Windows\System\rfGVWFO.exe
  C:\Windows\System\rfGVWFO.exe
  2⤵
  PID:5320
- C:\Windows\System\gFtubEl.exe
  C:\Windows\System\gFtubEl.exe
  2⤵
  PID:2332
- C:\Windows\System\OjpHyqd.exe
  C:\Windows\System\OjpHyqd.exe
  2⤵
  PID:5608
- C:\Windows\System\ZCXjKbp.exe
  C:\Windows\System\ZCXjKbp.exe
  2⤵
  PID:5648
- C:\Windows\System\ODpvcNt.exe
  C:\Windows\System\ODpvcNt.exe
  2⤵
  PID:5636
- C:\Windows\System\wzUEHRs.exe
  C:\Windows\System\wzUEHRs.exe
  2⤵
  PID:5720
- C:\Windows\System\ADFBhLD.exe
  C:\Windows\System\ADFBhLD.exe
  2⤵
  PID:5840
- C:\Windows\System\kMtswoj.exe
  C:\Windows\System\kMtswoj.exe
  2⤵
  PID:6008
- C:\Windows\System\wixnRfD.exe
  C:\Windows\System\wixnRfD.exe
  2⤵
  PID:6012
- C:\Windows\System\yhgcILL.exe
  C:\Windows\System\yhgcILL.exe
  2⤵
  PID:2224
- C:\Windows\System\GMtbpcN.exe
  C:\Windows\System\GMtbpcN.exe
  2⤵
  PID:4288
- C:\Windows\System\NcYbmSv.exe
  C:\Windows\System\NcYbmSv.exe
  2⤵
  PID:5140
- C:\Windows\System\bzNNLYQ.exe
  C:\Windows\System\bzNNLYQ.exe
  2⤵
  PID:5356
- C:\Windows\System\AHamTNc.exe
  C:\Windows\System\AHamTNc.exe
  2⤵
  PID:5412
- C:\Windows\System\FbRwPoi.exe
  C:\Windows\System\FbRwPoi.exe
  2⤵
  PID:2268
- C:\Windows\System\KViyEzg.exe
  C:\Windows\System\KViyEzg.exe
  2⤵
  PID:5856
- C:\Windows\System\Cosqyok.exe
  C:\Windows\System\Cosqyok.exe
  2⤵
  PID:6156
- C:\Windows\System\BKROXpP.exe
  C:\Windows\System\BKROXpP.exe
  2⤵
  PID:6176
- C:\Windows\System\aRTsuBw.exe
  C:\Windows\System\aRTsuBw.exe
  2⤵
  PID:6196
- C:\Windows\System\ZgDqJOb.exe
  C:\Windows\System\ZgDqJOb.exe
  2⤵
  PID:6216
- C:\Windows\System\IRaRiiq.exe
  C:\Windows\System\IRaRiiq.exe
  2⤵
  PID:6236
- C:\Windows\System\CoZYekd.exe
  C:\Windows\System\CoZYekd.exe
  2⤵
  PID:6256
- C:\Windows\System\CyFvuEj.exe
  C:\Windows\System\CyFvuEj.exe
  2⤵
  PID:6276
- C:\Windows\System\lcPixxB.exe
  C:\Windows\System\lcPixxB.exe
  2⤵
  PID:6296
- C:\Windows\System\skUiAAK.exe
  C:\Windows\System\skUiAAK.exe
  2⤵
  PID:6316
- C:\Windows\System\UgtEBXR.exe
  C:\Windows\System\UgtEBXR.exe
  2⤵
  PID:6336
- C:\Windows\System\ScyaENS.exe
  C:\Windows\System\ScyaENS.exe
  2⤵
  PID:6360
- C:\Windows\System\LGWFdQp.exe
  C:\Windows\System\LGWFdQp.exe
  2⤵
  PID:6380
- C:\Windows\System\WNnhPFd.exe
  C:\Windows\System\WNnhPFd.exe
  2⤵
  PID:6400
- C:\Windows\System\UUgdmDS.exe
  C:\Windows\System\UUgdmDS.exe
  2⤵
  PID:6420
- C:\Windows\System\dMKlrsn.exe
  C:\Windows\System\dMKlrsn.exe
  2⤵
  PID:6440
- C:\Windows\System\IIAynVi.exe
  C:\Windows\System\IIAynVi.exe
  2⤵
  PID:6460
- C:\Windows\System\MhrBkvF.exe
  C:\Windows\System\MhrBkvF.exe
  2⤵
  PID:6480
- C:\Windows\System\FHZSbzz.exe
  C:\Windows\System\FHZSbzz.exe
  2⤵
  PID:6500
- C:\Windows\System\UAgRwXB.exe
  C:\Windows\System\UAgRwXB.exe
  2⤵
  PID:6520
- C:\Windows\System\XsCrLVy.exe
  C:\Windows\System\XsCrLVy.exe
  2⤵
  PID:6540
- C:\Windows\System\yrYcyWM.exe
  C:\Windows\System\yrYcyWM.exe
  2⤵
  PID:6560
- C:\Windows\System\uxfciyH.exe
  C:\Windows\System\uxfciyH.exe
  2⤵
  PID:6580
- C:\Windows\System\VDQLeAd.exe
  C:\Windows\System\VDQLeAd.exe
  2⤵
  PID:6600
- C:\Windows\System\wNnnwFe.exe
  C:\Windows\System\wNnnwFe.exe
  2⤵
  PID:6620
- C:\Windows\System\CmSRmyD.exe
  C:\Windows\System\CmSRmyD.exe
  2⤵
  PID:6640
- C:\Windows\System\rCeuIXS.exe
  C:\Windows\System\rCeuIXS.exe
  2⤵
  PID:6660
- C:\Windows\System\UkfKEUr.exe
  C:\Windows\System\UkfKEUr.exe
  2⤵
  PID:6680
- C:\Windows\System\WhwdFAB.exe
  C:\Windows\System\WhwdFAB.exe
  2⤵
  PID:6700
- C:\Windows\System\dIOBMSP.exe
  C:\Windows\System\dIOBMSP.exe
  2⤵
  PID:6720
- C:\Windows\System\LOkQJog.exe
  C:\Windows\System\LOkQJog.exe
  2⤵
  PID:6740
- C:\Windows\System\vMTAehW.exe
  C:\Windows\System\vMTAehW.exe
  2⤵
  PID:6760
- C:\Windows\System\xqxugVQ.exe
  C:\Windows\System\xqxugVQ.exe
  2⤵
  PID:6780
- C:\Windows\System\XMulxJV.exe
  C:\Windows\System\XMulxJV.exe
  2⤵
  PID:6800
- C:\Windows\System\nONwvXB.exe
  C:\Windows\System\nONwvXB.exe
  2⤵
  PID:6820
- C:\Windows\System\QhHnDWl.exe
  C:\Windows\System\QhHnDWl.exe
  2⤵
  PID:6840
- C:\Windows\System\cgmgRAo.exe
  C:\Windows\System\cgmgRAo.exe
  2⤵
  PID:6860
- C:\Windows\System\IQpgDcW.exe
  C:\Windows\System\IQpgDcW.exe
  2⤵
  PID:6880
- C:\Windows\System\fKgBmaM.exe
  C:\Windows\System\fKgBmaM.exe
  2⤵
  PID:6900
- C:\Windows\System\nTgfHHZ.exe
  C:\Windows\System\nTgfHHZ.exe
  2⤵
  PID:6920
- C:\Windows\System\noAPVzy.exe
  C:\Windows\System\noAPVzy.exe
  2⤵
  PID:6940
- C:\Windows\System\fGFeRHL.exe
  C:\Windows\System\fGFeRHL.exe
  2⤵
  PID:6960
- C:\Windows\System\jdLPZhx.exe
  C:\Windows\System\jdLPZhx.exe
  2⤵
  PID:6980
- C:\Windows\System\yZEVIUL.exe
  C:\Windows\System\yZEVIUL.exe
  2⤵
  PID:7000
- C:\Windows\System\CUQxpJt.exe
  C:\Windows\System\CUQxpJt.exe
  2⤵
  PID:7020
- C:\Windows\System\VPlWMHR.exe
  C:\Windows\System\VPlWMHR.exe
  2⤵
  PID:7044
- C:\Windows\System\qjdRkrO.exe
  C:\Windows\System\qjdRkrO.exe
  2⤵
  PID:7064
- C:\Windows\System\YoOHQSq.exe
  C:\Windows\System\YoOHQSq.exe
  2⤵
  PID:7084
- C:\Windows\System\IJrMOMf.exe
  C:\Windows\System\IJrMOMf.exe
  2⤵
  PID:7104
- C:\Windows\System\QTArCVB.exe
  C:\Windows\System\QTArCVB.exe
  2⤵
  PID:7124
- C:\Windows\System\yAEddDE.exe
  C:\Windows\System\yAEddDE.exe
  2⤵
  PID:7144
- C:\Windows\System\xNRHCyv.exe
  C:\Windows\System\xNRHCyv.exe
  2⤵
  PID:7160
- C:\Windows\System\lwiRcrF.exe
  C:\Windows\System\lwiRcrF.exe
  2⤵
  PID:5940
- C:\Windows\System\TjdqaKa.exe
  C:\Windows\System\TjdqaKa.exe
  2⤵
  PID:6136
- C:\Windows\System\dJJykGh.exe
  C:\Windows\System\dJJykGh.exe
  2⤵
  PID:5232
- C:\Windows\System\aVFoxdk.exe
  C:\Windows\System\aVFoxdk.exe
  2⤵
  PID:5492
- C:\Windows\System\pJMPFwK.exe
  C:\Windows\System\pJMPFwK.exe
  2⤵
  PID:5612
- C:\Windows\System\fYNFpVR.exe
  C:\Windows\System\fYNFpVR.exe
  2⤵
  PID:5696
- C:\Windows\System\MQktAym.exe
  C:\Windows\System\MQktAym.exe
  2⤵
  PID:6148
- C:\Windows\System\NyLEXWZ.exe
  C:\Windows\System\NyLEXWZ.exe
  2⤵
  PID:6188
- C:\Windows\System\soEAKwn.exe
  C:\Windows\System\soEAKwn.exe
  2⤵
  PID:6252
- C:\Windows\System\apqjFgJ.exe
  C:\Windows\System\apqjFgJ.exe
  2⤵
  PID:6264
- C:\Windows\System\qoXMcwF.exe
  C:\Windows\System\qoXMcwF.exe
  2⤵
  PID:6304
- C:\Windows\System\OHloBGD.exe
  C:\Windows\System\OHloBGD.exe
  2⤵
  PID:6328
- C:\Windows\System\lHiOSFT.exe
  C:\Windows\System\lHiOSFT.exe
  2⤵
  PID:6372
- C:\Windows\System\EaMCnwe.exe
  C:\Windows\System\EaMCnwe.exe
  2⤵
  PID:6392
- C:\Windows\System\nedeJvz.exe
  C:\Windows\System\nedeJvz.exe
  2⤵
  PID:6428
- C:\Windows\System\omzjSWa.exe
  C:\Windows\System\omzjSWa.exe
  2⤵
  PID:6476
- C:\Windows\System\ONBqhAq.exe
  C:\Windows\System\ONBqhAq.exe
  2⤵
  PID:6528
- C:\Windows\System\kulKPzb.exe
  C:\Windows\System\kulKPzb.exe
  2⤵
  PID:6532
- C:\Windows\System\HejNjAE.exe
  C:\Windows\System\HejNjAE.exe
  2⤵
  PID:6552
- C:\Windows\System\PMKbXdG.exe
  C:\Windows\System\PMKbXdG.exe
  2⤵
  PID:6592
- C:\Windows\System\bSsWsEC.exe
  C:\Windows\System\bSsWsEC.exe
  2⤵
  PID:6628
- C:\Windows\System\sRPDmIM.exe
  C:\Windows\System\sRPDmIM.exe
  2⤵
  PID:6632
- C:\Windows\System\RmFRcpE.exe
  C:\Windows\System\RmFRcpE.exe
  2⤵
  PID:6676
- C:\Windows\System\LkQJtLO.exe
  C:\Windows\System\LkQJtLO.exe
  2⤵
  PID:1948
- C:\Windows\System\ZemSktK.exe
  C:\Windows\System\ZemSktK.exe
  2⤵
  PID:6748
- C:\Windows\System\IxwKGaT.exe
  C:\Windows\System\IxwKGaT.exe
  2⤵
  PID:6812
- C:\Windows\System\NglCKTF.exe
  C:\Windows\System\NglCKTF.exe
  2⤵
  PID:6856
- C:\Windows\System\RgxNgIk.exe
  C:\Windows\System\RgxNgIk.exe
  2⤵
  PID:6868
- C:\Windows\System\OAvIwUB.exe
  C:\Windows\System\OAvIwUB.exe
  2⤵
  PID:6928
- C:\Windows\System\kXCSwaj.exe
  C:\Windows\System\kXCSwaj.exe
  2⤵
  PID:6912
- C:\Windows\System\oWAOILu.exe
  C:\Windows\System\oWAOILu.exe
  2⤵
  PID:6976
- C:\Windows\System\XZDhNzW.exe
  C:\Windows\System\XZDhNzW.exe
  2⤵
  PID:6992
- C:\Windows\System\DvdVniW.exe
  C:\Windows\System\DvdVniW.exe
  2⤵
  PID:7028
- C:\Windows\System\dPQNsUL.exe
  C:\Windows\System\dPQNsUL.exe
  2⤵
  PID:7092
- C:\Windows\System\ZUFgTCK.exe
  C:\Windows\System\ZUFgTCK.exe
  2⤵
  PID:7136
- C:\Windows\System\ohMblqj.exe
  C:\Windows\System\ohMblqj.exe
  2⤵
  PID:7116
- C:\Windows\System\uFliXJg.exe
  C:\Windows\System\uFliXJg.exe
  2⤵
  PID:5996
- C:\Windows\System\GwDvBNi.exe
  C:\Windows\System\GwDvBNi.exe
  2⤵
  PID:4348
- C:\Windows\System\NiAhdKs.exe
  C:\Windows\System\NiAhdKs.exe
  2⤵
  PID:4064
- C:\Windows\System\NLaNlAl.exe
  C:\Windows\System\NLaNlAl.exe
  2⤵
  PID:5512
- C:\Windows\System\UOSNZZY.exe
  C:\Windows\System\UOSNZZY.exe
  2⤵
  PID:5756
- C:\Windows\System\pMdzMyc.exe
  C:\Windows\System\pMdzMyc.exe
  2⤵
  PID:6232
- C:\Windows\System\RLslvDl.exe
  C:\Windows\System\RLslvDl.exe
  2⤵
  PID:6244
- C:\Windows\System\ErcGAaK.exe
  C:\Windows\System\ErcGAaK.exe
  2⤵
  PID:6268
- C:\Windows\System\rJuTxVB.exe
  C:\Windows\System\rJuTxVB.exe
  2⤵
  PID:6284
- C:\Windows\System\QosDjkW.exe
  C:\Windows\System\QosDjkW.exe
  2⤵
  PID:6308
- C:\Windows\System\aFRFrit.exe
  C:\Windows\System\aFRFrit.exe
  2⤵
  PID:2032
- C:\Windows\System\TIeSHHf.exe
  C:\Windows\System\TIeSHHf.exe
  2⤵
  PID:6488
- C:\Windows\System\HiQNgKw.exe
  C:\Windows\System\HiQNgKw.exe
  2⤵
  PID:6452
- C:\Windows\System\eiBfrOo.exe
  C:\Windows\System\eiBfrOo.exe
  2⤵
  PID:6508
- C:\Windows\System\SoPczvd.exe
  C:\Windows\System\SoPczvd.exe
  2⤵
  PID:2752
- C:\Windows\System\uKdPqlY.exe
  C:\Windows\System\uKdPqlY.exe
  2⤵
  PID:1268
- C:\Windows\System\NNEuCev.exe
  C:\Windows\System\NNEuCev.exe
  2⤵
  PID:1600
- C:\Windows\System\FrRoqot.exe
  C:\Windows\System\FrRoqot.exe
  2⤵
  PID:6668
- C:\Windows\System\oOVSVWf.exe
  C:\Windows\System\oOVSVWf.exe
  2⤵
  PID:6716
- C:\Windows\System\WeWdEUt.exe
  C:\Windows\System\WeWdEUt.exe
  2⤵
  PID:2156
- C:\Windows\System\DZhtnVs.exe
  C:\Windows\System\DZhtnVs.exe
  2⤵
  PID:2800
- C:\Windows\System\jLQOEcr.exe
  C:\Windows\System\jLQOEcr.exe
  2⤵
  PID:7040
- C:\Windows\System\vPNtSDU.exe
  C:\Windows\System\vPNtSDU.exe
  2⤵
  PID:748
- C:\Windows\System\bjQaWNy.exe
  C:\Windows\System\bjQaWNy.exe
  2⤵
  PID:6872
- C:\Windows\System\QJfzaQE.exe
  C:\Windows\System\QJfzaQE.exe
  2⤵
  PID:2556
- C:\Windows\System\Ufhyjuy.exe
  C:\Windows\System\Ufhyjuy.exe
  2⤵
  PID:6956
- C:\Windows\System\DaPtHXw.exe
  C:\Windows\System\DaPtHXw.exe
  2⤵
  PID:7008
- C:\Windows\System\lJargzw.exe
  C:\Windows\System\lJargzw.exe
  2⤵
  PID:6988
- C:\Windows\System\XPGUeFm.exe
  C:\Windows\System\XPGUeFm.exe
  2⤵
  PID:2000
- C:\Windows\System\BoWBbSO.exe
  C:\Windows\System\BoWBbSO.exe
  2⤵
  PID:7072
- C:\Windows\System\DVvbDIq.exe
  C:\Windows\System\DVvbDIq.exe
  2⤵
  PID:5276
- C:\Windows\System\XvpULor.exe
  C:\Windows\System\XvpULor.exe
  2⤵
  PID:5516
- C:\Windows\System\LItJdEU.exe
  C:\Windows\System\LItJdEU.exe
  2⤵
  PID:7112
- C:\Windows\System\ByWoqyZ.exe
  C:\Windows\System\ByWoqyZ.exe
  2⤵
  PID:284
- C:\Windows\System\xyMvVET.exe
  C:\Windows\System\xyMvVET.exe
  2⤵
  PID:6212
- C:\Windows\System\VzScAIp.exe
  C:\Windows\System\VzScAIp.exe
  2⤵
  PID:6292
- C:\Windows\System\ifzyakp.exe
  C:\Windows\System\ifzyakp.exe
  2⤵
  PID:1608
- C:\Windows\System\ydEdCsu.exe
  C:\Windows\System\ydEdCsu.exe
  2⤵
  PID:6456
- C:\Windows\System\tYmmXgf.exe
  C:\Windows\System\tYmmXgf.exe
  2⤵
  PID:2984
- C:\Windows\System\FchhLZa.exe
  C:\Windows\System\FchhLZa.exe
  2⤵
  PID:6548
- C:\Windows\System\ZfkNKQS.exe
  C:\Windows\System\ZfkNKQS.exe
  2⤵
  PID:1068
- C:\Windows\System\FojQZuh.exe
  C:\Windows\System\FojQZuh.exe
  2⤵
  PID:6696
- C:\Windows\System\HlFvkEg.exe
  C:\Windows\System\HlFvkEg.exe
  2⤵
  PID:2112
- C:\Windows\System\DQpOIQw.exe
  C:\Windows\System\DQpOIQw.exe
  2⤵
  PID:6756
- C:\Windows\System\yOnxRjb.exe
  C:\Windows\System\yOnxRjb.exe
  2⤵
  PID:4756
- C:\Windows\System\wBurDDX.exe
  C:\Windows\System\wBurDDX.exe
  2⤵
  PID:2968
- C:\Windows\System\thrubwj.exe
  C:\Windows\System\thrubwj.exe
  2⤵
  PID:6996
- C:\Windows\System\YTPkIse.exe
  C:\Windows\System\YTPkIse.exe
  2⤵
  PID:6896
- C:\Windows\System\yarNmPj.exe
  C:\Windows\System\yarNmPj.exe
  2⤵
  PID:752
- C:\Windows\System\gpOpBuv.exe
  C:\Windows\System\gpOpBuv.exe
  2⤵
  PID:2716
- C:\Windows\System\skIfQpq.exe
  C:\Windows\System\skIfQpq.exe
  2⤵
  PID:6168
- C:\Windows\System\JOTvQBO.exe
  C:\Windows\System\JOTvQBO.exe
  2⤵
  PID:6948
- C:\Windows\System\FqFZvYQ.exe
  C:\Windows\System\FqFZvYQ.exe
  2⤵
  PID:2676
- C:\Windows\System\LwOCOUJ.exe
  C:\Windows\System\LwOCOUJ.exe
  2⤵
  PID:1564
- C:\Windows\System\XbAOwfH.exe
  C:\Windows\System\XbAOwfH.exe
  2⤵
  PID:1628
- C:\Windows\System\XtZSCyv.exe
  C:\Windows\System\XtZSCyv.exe
  2⤵
  PID:6612
- C:\Windows\System\shIxjOw.exe
  C:\Windows\System\shIxjOw.exe
  2⤵
  PID:6692
- C:\Windows\System\ThCfJSf.exe
  C:\Windows\System\ThCfJSf.exe
  2⤵
  PID:6324
- C:\Windows\System\mEnKwpf.exe
  C:\Windows\System\mEnKwpf.exe
  2⤵
  PID:1816
- C:\Windows\System\rUrYNAH.exe
  C:\Windows\System\rUrYNAH.exe
  2⤵
  PID:2536
- C:\Windows\System\bVYMnIY.exe
  C:\Windows\System\bVYMnIY.exe
  2⤵
  PID:300
- C:\Windows\System\OdzGATJ.exe
  C:\Windows\System\OdzGATJ.exe
  2⤵
  PID:2944
- C:\Windows\System\VBgeZed.exe
  C:\Windows\System\VBgeZed.exe
  2⤵
  PID:5972
- C:\Windows\System\mPwjJjO.exe
  C:\Windows\System\mPwjJjO.exe
  2⤵
  PID:408
- C:\Windows\System\AfVEoRt.exe
  C:\Windows\System\AfVEoRt.exe
  2⤵
  PID:5472
- C:\Windows\System\ZdDfAvj.exe
  C:\Windows\System\ZdDfAvj.exe
  2⤵
  PID:7156
- C:\Windows\System\FndSmfI.exe
  C:\Windows\System\FndSmfI.exe
  2⤵
  PID:2396
- C:\Windows\System\XhDfBoa.exe
  C:\Windows\System\XhDfBoa.exe
  2⤵
  PID:6408
- C:\Windows\System\hEvyRll.exe
  C:\Windows\System\hEvyRll.exe
  2⤵
  PID:6836
- C:\Windows\System\NvqQTil.exe
  C:\Windows\System\NvqQTil.exe
  2⤵
  PID:2500
- C:\Windows\System\ESJyUya.exe
  C:\Windows\System\ESJyUya.exe
  2⤵
  PID:2616
- C:\Windows\System\DaKBjwk.exe
  C:\Windows\System\DaKBjwk.exe
  2⤵
  PID:7060
- C:\Windows\System\xGJEpaW.exe
  C:\Windows\System\xGJEpaW.exe
  2⤵
  PID:7032
- C:\Windows\System\YsZzFJs.exe
  C:\Windows\System\YsZzFJs.exe
  2⤵
  PID:5932
- C:\Windows\System\kBMnIUM.exe
  C:\Windows\System\kBMnIUM.exe
  2⤵
  PID:7184
- C:\Windows\System\mCLQTMV.exe
  C:\Windows\System\mCLQTMV.exe
  2⤵
  PID:7200
- C:\Windows\System\cjKcSKK.exe
  C:\Windows\System\cjKcSKK.exe
  2⤵
  PID:7216
- C:\Windows\System\JKrhqNm.exe
  C:\Windows\System\JKrhqNm.exe
  2⤵
  PID:7236
- C:\Windows\System\StIHrVq.exe
  C:\Windows\System\StIHrVq.exe
  2⤵
  PID:7256
- C:\Windows\System\QNFFGxd.exe
  C:\Windows\System\QNFFGxd.exe
  2⤵
  PID:7276
- C:\Windows\System\tYCdtlb.exe
  C:\Windows\System\tYCdtlb.exe
  2⤵
  PID:7292
- C:\Windows\System\egAvgfG.exe
  C:\Windows\System\egAvgfG.exe
  2⤵
  PID:7308
- C:\Windows\System\qmGrKic.exe
  C:\Windows\System\qmGrKic.exe
  2⤵
  PID:7324
- C:\Windows\System\KuqRaEe.exe
  C:\Windows\System\KuqRaEe.exe
  2⤵
  PID:7340
- C:\Windows\System\HHSSXLp.exe
  C:\Windows\System\HHSSXLp.exe
  2⤵
  PID:7360
- C:\Windows\System\rENemJF.exe
  C:\Windows\System\rENemJF.exe
  2⤵
  PID:7384
- C:\Windows\System\uIqZKsK.exe
  C:\Windows\System\uIqZKsK.exe
  2⤵
  PID:7400
- C:\Windows\System\JKVWcOQ.exe
  C:\Windows\System\JKVWcOQ.exe
  2⤵
  PID:7424
- C:\Windows\System\wEtyFhx.exe
  C:\Windows\System\wEtyFhx.exe
  2⤵
  PID:7440
- C:\Windows\System\GLPisuZ.exe
  C:\Windows\System\GLPisuZ.exe
  2⤵
  PID:7460
- C:\Windows\System\GNhuDul.exe
  C:\Windows\System\GNhuDul.exe
  2⤵
  PID:7476
- C:\Windows\System\ajpKebZ.exe
  C:\Windows\System\ajpKebZ.exe
  2⤵
  PID:7496
- C:\Windows\System\vVhstpN.exe
  C:\Windows\System\vVhstpN.exe
  2⤵
  PID:7512
- C:\Windows\System\QXKzXOy.exe
  C:\Windows\System\QXKzXOy.exe
  2⤵
  PID:7536
- C:\Windows\System\RHPHBOf.exe
  C:\Windows\System\RHPHBOf.exe
  2⤵
  PID:7552
- C:\Windows\System\uNAdguc.exe
  C:\Windows\System\uNAdguc.exe
  2⤵
  PID:7568
- C:\Windows\System\NiDewBV.exe
  C:\Windows\System\NiDewBV.exe
  2⤵
  PID:7584
- C:\Windows\System\OvawUdr.exe
  C:\Windows\System\OvawUdr.exe
  2⤵
  PID:7600
- C:\Windows\System\EgPyngW.exe
  C:\Windows\System\EgPyngW.exe
  2⤵
  PID:7620
- C:\Windows\System\FtkMXGp.exe
  C:\Windows\System\FtkMXGp.exe
  2⤵
  PID:7636
- C:\Windows\System\qratXiU.exe
  C:\Windows\System\qratXiU.exe
  2⤵
  PID:7660
- C:\Windows\System\DzHxCRz.exe
  C:\Windows\System\DzHxCRz.exe
  2⤵
  PID:7676
- C:\Windows\System\gLGmJnf.exe
  C:\Windows\System\gLGmJnf.exe
  2⤵
  PID:7692
- C:\Windows\System\sVQrXXm.exe
  C:\Windows\System\sVQrXXm.exe
  2⤵
  PID:7708
- C:\Windows\System\aiPQmmx.exe
  C:\Windows\System\aiPQmmx.exe
  2⤵
  PID:7724
- C:\Windows\System\YemOTmS.exe
  C:\Windows\System\YemOTmS.exe
  2⤵
  PID:7744
- C:\Windows\System\GtwWHKg.exe
  C:\Windows\System\GtwWHKg.exe
  2⤵
  PID:7768
- C:\Windows\System\LNMcgdm.exe
  C:\Windows\System\LNMcgdm.exe
  2⤵
  PID:7784
- C:\Windows\System\wIRsiYB.exe
  C:\Windows\System\wIRsiYB.exe
  2⤵
  PID:7820
- C:\Windows\System\VOlTFQS.exe
  C:\Windows\System\VOlTFQS.exe
  2⤵
  PID:7836
- C:\Windows\System\TbtqysZ.exe
  C:\Windows\System\TbtqysZ.exe
  2⤵
  PID:7852
- C:\Windows\System\aSvfeNM.exe
  C:\Windows\System\aSvfeNM.exe
  2⤵
  PID:7868
- C:\Windows\System\SwQjOvE.exe
  C:\Windows\System\SwQjOvE.exe
  2⤵
  PID:7884
- C:\Windows\System\aulIBOc.exe
  C:\Windows\System\aulIBOc.exe
  2⤵
  PID:7900
- C:\Windows\System\SbDOBcp.exe
  C:\Windows\System\SbDOBcp.exe
  2⤵
  PID:7960
- C:\Windows\System\kWcEKDR.exe
  C:\Windows\System\kWcEKDR.exe
  2⤵
  PID:8040
- C:\Windows\System\MFIADtk.exe
  C:\Windows\System\MFIADtk.exe
  2⤵
  PID:8064
- C:\Windows\System\ToqyGJq.exe
  C:\Windows\System\ToqyGJq.exe
  2⤵
  PID:8080
- C:\Windows\System\ioIxyAM.exe
  C:\Windows\System\ioIxyAM.exe
  2⤵
  PID:8096
- C:\Windows\System\sKANcnc.exe
  C:\Windows\System\sKANcnc.exe
  2⤵
  PID:8112
- C:\Windows\System\TpPhBhP.exe
  C:\Windows\System\TpPhBhP.exe
  2⤵
  PID:8132
- C:\Windows\System\tzxWPFV.exe
  C:\Windows\System\tzxWPFV.exe
  2⤵
  PID:8152
- C:\Windows\System\jDlUalq.exe
  C:\Windows\System\jDlUalq.exe
  2⤵
  PID:8168
- C:\Windows\System\UGcDPcU.exe
  C:\Windows\System\UGcDPcU.exe
  2⤵
  PID:8184
- C:\Windows\System\NYbZEVQ.exe
  C:\Windows\System\NYbZEVQ.exe
  2⤵
  PID:7248
- C:\Windows\System\HKfVTda.exe
  C:\Windows\System\HKfVTda.exe
  2⤵
  PID:7252
- C:\Windows\System\WBdIfyL.exe
  C:\Windows\System\WBdIfyL.exe
  2⤵
  PID:7320
- C:\Windows\System\flrxhOX.exe
  C:\Windows\System\flrxhOX.exe
  2⤵
  PID:7392
- C:\Windows\System\rUOooOv.exe
  C:\Windows\System\rUOooOv.exe
  2⤵
  PID:6572
- C:\Windows\System\TLurEnC.exe
  C:\Windows\System\TLurEnC.exe
  2⤵
  PID:7472
- C:\Windows\System\DrejoqN.exe
  C:\Windows\System\DrejoqN.exe
  2⤵
  PID:7548
- C:\Windows\System\CJtsoUk.exe
  C:\Windows\System\CJtsoUk.exe
  2⤵
  PID:7616
- C:\Windows\System\hiwnayn.exe
  C:\Windows\System\hiwnayn.exe
  2⤵
  PID:7656
- C:\Windows\System\CosUYvd.exe
  C:\Windows\System\CosUYvd.exe
  2⤵
  PID:7720
- C:\Windows\System\QLEurOW.exe
  C:\Windows\System\QLEurOW.exe
  2⤵
  PID:7800
- C:\Windows\System\MNvGnVX.exe
  C:\Windows\System\MNvGnVX.exe
  2⤵
  PID:5352
- C:\Windows\System\kitcAGL.exe
  C:\Windows\System\kitcAGL.exe
  2⤵
  PID:7228
- C:\Windows\System\qgyMQtg.exe
  C:\Windows\System\qgyMQtg.exe
  2⤵
  PID:7272
- C:\Windows\System\cRkhuDc.exe
  C:\Windows\System\cRkhuDc.exe
  2⤵
  PID:7336
- C:\Windows\System\mmxNtOH.exe
  C:\Windows\System\mmxNtOH.exe
  2⤵
  PID:7408
- C:\Windows\System\LhosyVF.exe
  C:\Windows\System\LhosyVF.exe
  2⤵
  PID:7808
- C:\Windows\System\IIzPoUM.exe
  C:\Windows\System\IIzPoUM.exe
  2⤵
  PID:7132
- C:\Windows\System\fIqwdXe.exe
  C:\Windows\System\fIqwdXe.exe
  2⤵
  PID:7844
- C:\Windows\System\wIFQmrD.exe
  C:\Windows\System\wIFQmrD.exe
  2⤵
  PID:7916
- C:\Windows\System\hhyueoc.exe
  C:\Windows\System\hhyueoc.exe
  2⤵
  PID:7936
- C:\Windows\System\BlimOcr.exe
  C:\Windows\System\BlimOcr.exe
  2⤵
  PID:7700
- C:\Windows\System\YzXZyPB.exe
  C:\Windows\System\YzXZyPB.exe
  2⤵
  PID:7740
- C:\Windows\System\nfsArcT.exe
  C:\Windows\System\nfsArcT.exe
  2⤵
  PID:7828
- C:\Windows\System\NJDUnjU.exe
  C:\Windows\System\NJDUnjU.exe
  2⤵
  PID:7896
- C:\Windows\System\zYIlyrC.exe
  C:\Windows\System\zYIlyrC.exe
  2⤵
  PID:7596
- C:\Windows\System\QoOHxUH.exe
  C:\Windows\System\QoOHxUH.exe
  2⤵
  PID:7988
- C:\Windows\System\pFavTRM.exe
  C:\Windows\System\pFavTRM.exe
  2⤵
  PID:8020
- C:\Windows\System\ZZVLilW.exe
  C:\Windows\System\ZZVLilW.exe
  2⤵
  PID:8036
- C:\Windows\System\TUXfWwx.exe
  C:\Windows\System\TUXfWwx.exe
  2⤵
  PID:8120
- C:\Windows\System\IEfAevF.exe
  C:\Windows\System\IEfAevF.exe
  2⤵
  PID:8164
- C:\Windows\System\frFQNvB.exe
  C:\Windows\System\frFQNvB.exe
  2⤵
  PID:8104
- C:\Windows\System\jIPlVDN.exe
  C:\Windows\System\jIPlVDN.exe
  2⤵
  PID:8180
- C:\Windows\System\zxykNHl.exe
  C:\Windows\System\zxykNHl.exe
  2⤵
  PID:7176
- C:\Windows\System\sTdSuUP.exe
  C:\Windows\System\sTdSuUP.exe
  2⤵
  PID:7212
- C:\Windows\System\wvLbnOW.exe
  C:\Windows\System\wvLbnOW.exe
  2⤵
  PID:6556
- C:\Windows\System\wxPrlJe.exe
  C:\Windows\System\wxPrlJe.exe
  2⤵
  PID:7652
- C:\Windows\System\RptlONC.exe
  C:\Windows\System\RptlONC.exe
  2⤵
  PID:7796
- C:\Windows\System\mDyqdaC.exe
  C:\Windows\System\mDyqdaC.exe
  2⤵
  PID:7580
- C:\Windows\System\yaveQYM.exe
  C:\Windows\System\yaveQYM.exe
  2⤵
  PID:7304
- C:\Windows\System\xvxtEvp.exe
  C:\Windows\System\xvxtEvp.exe
  2⤵
  PID:7932
- C:\Windows\System\gntlwpv.exe
  C:\Windows\System\gntlwpv.exe
  2⤵
  PID:7264
- C:\Windows\System\kDXRxGs.exe
  C:\Windows\System\kDXRxGs.exe
  2⤵
  PID:6788
- C:\Windows\System\AWSKbvw.exe
  C:\Windows\System\AWSKbvw.exe
  2⤵
  PID:7980
- C:\Windows\System\TKoxstc.exe
  C:\Windows\System\TKoxstc.exe
  2⤵
  PID:7448
- C:\Windows\System\SohGOwx.exe
  C:\Windows\System\SohGOwx.exe
  2⤵
  PID:7716
- C:\Windows\System\UxnJvXY.exe
  C:\Windows\System\UxnJvXY.exe
  2⤵
  PID:7632
- C:\Windows\System\XYxoYGr.exe
  C:\Windows\System\XYxoYGr.exe
  2⤵
  PID:7492
- C:\Windows\System\lOnEQYl.exe
  C:\Windows\System\lOnEQYl.exe
  2⤵
  PID:7628
- C:\Windows\System\apJKWQq.exe
  C:\Windows\System\apJKWQq.exe
  2⤵
  PID:8016
- C:\Windows\System\ivMNMgP.exe
  C:\Windows\System\ivMNMgP.exe
  2⤵
  PID:8056
- C:\Windows\System\gWjCJYD.exe
  C:\Windows\System\gWjCJYD.exe
  2⤵
  PID:8144
- C:\Windows\System\SkLsdik.exe
  C:\Windows\System\SkLsdik.exe
  2⤵
  PID:6224
- C:\Windows\System\fXnVpNz.exe
  C:\Windows\System\fXnVpNz.exe
  2⤵
  PID:7432
- C:\Windows\System\zeyLyYq.exe
  C:\Windows\System\zeyLyYq.exe
  2⤵
  PID:7520
- C:\Windows\System\nAaYydo.exe
  C:\Windows\System\nAaYydo.exe
  2⤵
  PID:7760
- C:\Windows\System\ClTBHEx.exe
  C:\Windows\System\ClTBHEx.exe
  2⤵
  PID:7288
- C:\Windows\System\jnAowGv.exe
  C:\Windows\System\jnAowGv.exe
  2⤵
  PID:7224
- C:\Windows\System\NuTjiwG.exe
  C:\Windows\System\NuTjiwG.exe
  2⤵
  PID:7532
- C:\Windows\System\ovnAvlv.exe
  C:\Windows\System\ovnAvlv.exe
  2⤵
  PID:7876
- C:\Windows\System\XbvwSzR.exe
  C:\Windows\System\XbvwSzR.exe
  2⤵
  PID:7560
- C:\Windows\System\VJLCtSA.exe
  C:\Windows\System\VJLCtSA.exe
  2⤵
  PID:7776
- C:\Windows\System\uOTTEbC.exe
  C:\Windows\System\uOTTEbC.exe
  2⤵
  PID:8004
- C:\Windows\System\uNokgMk.exe
  C:\Windows\System\uNokgMk.exe
  2⤵
  PID:8032
- C:\Windows\System\lCdGugF.exe
  C:\Windows\System\lCdGugF.exe
  2⤵
  PID:6688
- C:\Windows\System\oVAkBwT.exe
  C:\Windows\System\oVAkBwT.exe
  2⤵
  PID:8088
- C:\Windows\System\ryTxDuR.exe
  C:\Windows\System\ryTxDuR.exe
  2⤵
  PID:7924
- C:\Windows\System\azSkiKK.exe
  C:\Windows\System\azSkiKK.exe
  2⤵
  PID:7928
- C:\Windows\System\amVQHaE.exe
  C:\Windows\System\amVQHaE.exe
  2⤵
  PID:7612
- C:\Windows\System\UxSFdsS.exe
  C:\Windows\System\UxSFdsS.exe
  2⤵
  PID:7484
- C:\Windows\System\hcvaGvY.exe
  C:\Windows\System\hcvaGvY.exe
  2⤵
  PID:7524
- C:\Windows\System\JelEFdJ.exe
  C:\Windows\System\JelEFdJ.exe
  2⤵
  PID:7192
- C:\Windows\System\HchSIyf.exe
  C:\Windows\System\HchSIyf.exe
  2⤵
  PID:8176
- C:\Windows\System\DDsATPV.exe
  C:\Windows\System\DDsATPV.exe
  2⤵
  PID:6432
- C:\Windows\System\FGMZIlP.exe
  C:\Windows\System\FGMZIlP.exe
  2⤵
  PID:7984
- C:\Windows\System\IcHQXsE.exe
  C:\Windows\System\IcHQXsE.exe
  2⤵
  PID:7456
- C:\Windows\System\cLTnFPn.exe
  C:\Windows\System\cLTnFPn.exe
  2⤵
  PID:7356
- C:\Windows\System\nIfSnyS.exe
  C:\Windows\System\nIfSnyS.exe
  2⤵
  PID:7528
- C:\Windows\System\TNSuYtF.exe
  C:\Windows\System\TNSuYtF.exe
  2⤵
  PID:8108
- C:\Windows\System\acNllLU.exe
  C:\Windows\System\acNllLU.exe
  2⤵
  PID:7380
- C:\Windows\System\yLpdWFN.exe
  C:\Windows\System\yLpdWFN.exe
  2⤵
  PID:8204
- C:\Windows\System\wAsfguV.exe
  C:\Windows\System\wAsfguV.exe
  2⤵
  PID:8228
- C:\Windows\System\wgylaGy.exe
  C:\Windows\System\wgylaGy.exe
  2⤵
  PID:8264
- C:\Windows\System\HfNYHIM.exe
  C:\Windows\System\HfNYHIM.exe
  2⤵
  PID:8284
- C:\Windows\System\tcTvzYQ.exe
  C:\Windows\System\tcTvzYQ.exe
  2⤵
  PID:8300
- C:\Windows\System\jCITUMz.exe
  C:\Windows\System\jCITUMz.exe
  2⤵
  PID:8324
- C:\Windows\System\kvfMkHt.exe
  C:\Windows\System\kvfMkHt.exe
  2⤵
  PID:8340
- C:\Windows\System\gafSHss.exe
  C:\Windows\System\gafSHss.exe
  2⤵
  PID:8360
- C:\Windows\System\mLoXExg.exe
  C:\Windows\System\mLoXExg.exe
  2⤵
  PID:8376
- C:\Windows\System\zxpPicz.exe
  C:\Windows\System\zxpPicz.exe
  2⤵
  PID:8392
- C:\Windows\System\caTVGMY.exe
  C:\Windows\System\caTVGMY.exe
  2⤵
  PID:8428
- C:\Windows\System\gUipCHB.exe
  C:\Windows\System\gUipCHB.exe
  2⤵
  PID:8444
- C:\Windows\System\jMmgiGe.exe
  C:\Windows\System\jMmgiGe.exe
  2⤵
  PID:8460
- C:\Windows\System\DgMWgvP.exe
  C:\Windows\System\DgMWgvP.exe
  2⤵
  PID:8476
- C:\Windows\System\FLJnjDK.exe
  C:\Windows\System\FLJnjDK.exe
  2⤵
  PID:8492
- C:\Windows\System\kWIlgcJ.exe
  C:\Windows\System\kWIlgcJ.exe
  2⤵
  PID:8536
- C:\Windows\System\VjJrpTg.exe
  C:\Windows\System\VjJrpTg.exe
  2⤵
  PID:8556
- C:\Windows\System\zFdcyUs.exe
  C:\Windows\System\zFdcyUs.exe
  2⤵
  PID:8572
- C:\Windows\System\DBcgxfi.exe
  C:\Windows\System\DBcgxfi.exe
  2⤵
  PID:8592
- C:\Windows\System\ExCrmwJ.exe
  C:\Windows\System\ExCrmwJ.exe
  2⤵
  PID:8612
- C:\Windows\System\YjpaZCb.exe
  C:\Windows\System\YjpaZCb.exe
  2⤵
  PID:8628
- C:\Windows\System\rIYvRAz.exe
  C:\Windows\System\rIYvRAz.exe
  2⤵
  PID:8644
- C:\Windows\System\nmQbYPE.exe
  C:\Windows\System\nmQbYPE.exe
  2⤵
  PID:8660
- C:\Windows\System\jtzgNmC.exe
  C:\Windows\System\jtzgNmC.exe
  2⤵
  PID:8676
- C:\Windows\System\OXLPiWI.exe
  C:\Windows\System\OXLPiWI.exe
  2⤵
  PID:8692
- C:\Windows\System\ZhPMdmb.exe
  C:\Windows\System\ZhPMdmb.exe
  2⤵
  PID:8708
- C:\Windows\System\NFLAUqf.exe
  C:\Windows\System\NFLAUqf.exe
  2⤵
  PID:8724
- C:\Windows\System\gHFvXFQ.exe
  C:\Windows\System\gHFvXFQ.exe
  2⤵
  PID:8740
- C:\Windows\System\VhPyMUy.exe
  C:\Windows\System\VhPyMUy.exe
  2⤵
  PID:8756
- C:\Windows\System\iHXGyBl.exe
  C:\Windows\System\iHXGyBl.exe
  2⤵
  PID:8772
- C:\Windows\System\UpyWASn.exe
  C:\Windows\System\UpyWASn.exe
  2⤵
  PID:8796
- C:\Windows\System\MxAouoM.exe
  C:\Windows\System\MxAouoM.exe
  2⤵
  PID:8812
- C:\Windows\System\RoktOJm.exe
  C:\Windows\System\RoktOJm.exe
  2⤵
  PID:8840
- C:\Windows\System\QubwmNF.exe
  C:\Windows\System\QubwmNF.exe
  2⤵
  PID:8868
- C:\Windows\System\VNsXkEh.exe
  C:\Windows\System\VNsXkEh.exe
  2⤵
  PID:8884
- C:\Windows\System\kVXDUiI.exe
  C:\Windows\System\kVXDUiI.exe
  2⤵
  PID:8908
- C:\Windows\System\CebsTmP.exe
  C:\Windows\System\CebsTmP.exe
  2⤵
  PID:8960
- C:\Windows\System\yRpeSpn.exe
  C:\Windows\System\yRpeSpn.exe
  2⤵
  PID:8976
- C:\Windows\System\yYkkkPQ.exe
  C:\Windows\System\yYkkkPQ.exe
  2⤵
  PID:8996
- C:\Windows\System\uRegKXT.exe
  C:\Windows\System\uRegKXT.exe
  2⤵
  PID:9012
- C:\Windows\System\GpFvpVU.exe
  C:\Windows\System\GpFvpVU.exe
  2⤵
  PID:9028
- C:\Windows\System\ELbmsYQ.exe
  C:\Windows\System\ELbmsYQ.exe
  2⤵
  PID:9048
- C:\Windows\System\RbywcFa.exe
  C:\Windows\System\RbywcFa.exe
  2⤵
  PID:9064
- C:\Windows\System\eUBNbKD.exe
  C:\Windows\System\eUBNbKD.exe
  2⤵
  PID:9080
- C:\Windows\System\fEJXdKX.exe
  C:\Windows\System\fEJXdKX.exe
  2⤵
  PID:9096
- C:\Windows\System\QYBzYZg.exe
  C:\Windows\System\QYBzYZg.exe
  2⤵
  PID:9116
- C:\Windows\System\oddHPHc.exe
  C:\Windows\System\oddHPHc.exe
  2⤵
  PID:9152
- C:\Windows\System\omlhkBo.exe
  C:\Windows\System\omlhkBo.exe
  2⤵
  PID:9168
- C:\Windows\System\AFztpik.exe
  C:\Windows\System\AFztpik.exe
  2⤵
  PID:9184
- C:\Windows\System\HJMKdPI.exe
  C:\Windows\System\HJMKdPI.exe
  2⤵
  PID:9200
- C:\Windows\System\MpQVGif.exe
  C:\Windows\System\MpQVGif.exe
  2⤵
  PID:8196
- C:\Windows\System\LhcYktL.exe
  C:\Windows\System\LhcYktL.exe
  2⤵
  PID:8244
- C:\Windows\System\CzuzgPV.exe
  C:\Windows\System\CzuzgPV.exe
  2⤵
  PID:8260
- C:\Windows\System\fEpPicj.exe
  C:\Windows\System\fEpPicj.exe
  2⤵
  PID:8224
- C:\Windows\System\BljGtih.exe
  C:\Windows\System\BljGtih.exe
  2⤵
  PID:8352
- C:\Windows\System\lGqndxZ.exe
  C:\Windows\System\lGqndxZ.exe
  2⤵
  PID:8308
- C:\Windows\System\TuVburI.exe
  C:\Windows\System\TuVburI.exe
  2⤵
  PID:8400
- C:\Windows\System\ORKGqwt.exe
  C:\Windows\System\ORKGqwt.exe
  2⤵
  PID:8408
- C:\Windows\System\iwDrRtC.exe
  C:\Windows\System\iwDrRtC.exe
  2⤵
  PID:8436
- C:\Windows\System\PnnTAVe.exe
  C:\Windows\System\PnnTAVe.exe
  2⤵
  PID:8488
- C:\Windows\System\YzCFdAb.exe
  C:\Windows\System\YzCFdAb.exe
  2⤵
  PID:8500
- C:\Windows\System\vFjdjFh.exe
  C:\Windows\System\vFjdjFh.exe
  2⤵
  PID:8552
- C:\Windows\System\Mthrntc.exe
  C:\Windows\System\Mthrntc.exe
  2⤵
  PID:8604
- C:\Windows\System\HESJBpM.exe
  C:\Windows\System\HESJBpM.exe
  2⤵
  PID:8652
- C:\Windows\System\iteuuss.exe
  C:\Windows\System\iteuuss.exe
  2⤵
  PID:8668
- C:\Windows\System\UDSDPhu.exe
  C:\Windows\System\UDSDPhu.exe
  2⤵
  PID:8752
- C:\Windows\System\avnUxYN.exe
  C:\Windows\System\avnUxYN.exe
  2⤵
  PID:8832
- C:\Windows\System\wvAWFmO.exe
  C:\Windows\System\wvAWFmO.exe
  2⤵
  PID:8916
- C:\Windows\System\WpqnSAr.exe
  C:\Windows\System\WpqnSAr.exe
  2⤵
  PID:8852
- C:\Windows\System\UfmRcJQ.exe
  C:\Windows\System\UfmRcJQ.exe
  2⤵
  PID:8808
- C:\Windows\System\ikMYKxa.exe
  C:\Windows\System\ikMYKxa.exe
  2⤵
  PID:8896
- C:\Windows\System\ukYbmNw.exe
  C:\Windows\System\ukYbmNw.exe
  2⤵
  PID:8924
- C:\Windows\System\RpkbFFy.exe
  C:\Windows\System\RpkbFFy.exe
  2⤵
  PID:8948
- C:\Windows\System\lJfAESP.exe
  C:\Windows\System\lJfAESP.exe
  2⤵
  PID:8972
- C:\Windows\System\kWpCGVJ.exe
  C:\Windows\System\kWpCGVJ.exe
  2⤵
  PID:9020
- C:\Windows\System\RTmwuWA.exe
  C:\Windows\System\RTmwuWA.exe
  2⤵
  PID:9088
- C:\Windows\System\KZdwYbW.exe
  C:\Windows\System\KZdwYbW.exe
  2⤵
  PID:9136
- C:\Windows\System\tAklQJv.exe
  C:\Windows\System\tAklQJv.exe
  2⤵
  PID:9132
- C:\Windows\System\oeSIAYg.exe
  C:\Windows\System\oeSIAYg.exe
  2⤵
  PID:9036
- C:\Windows\System\DLfBZMB.exe
  C:\Windows\System\DLfBZMB.exe
  2⤵
  PID:9180
- C:\Windows\System\VaPuqNz.exe
  C:\Windows\System\VaPuqNz.exe
  2⤵
  PID:9104
- C:\Windows\System\DuxYOhT.exe
  C:\Windows\System\DuxYOhT.exe
  2⤵
  PID:8240
- C:\Windows\System\PKlqkxe.exe
  C:\Windows\System\PKlqkxe.exe
  2⤵
  PID:8212
- C:\Windows\System\TkkjegT.exe
  C:\Windows\System\TkkjegT.exe
  2⤵
  PID:8368
- C:\Windows\System\QropcmY.exe
  C:\Windows\System\QropcmY.exe
  2⤵
  PID:8312
- C:\Windows\System\XCbmIpa.exe
  C:\Windows\System\XCbmIpa.exe
  2⤵
  PID:8424
- C:\Windows\System\CJGhHpb.exe
  C:\Windows\System\CJGhHpb.exe
  2⤵
  PID:8512
- C:\Windows\System\xqWpcJx.exe
  C:\Windows\System\xqWpcJx.exe
  2⤵
  PID:8456
- C:\Windows\System\CPxNJiI.exe
  C:\Windows\System\CPxNJiI.exe
  2⤵
  PID:8588
- C:\Windows\System\kOAeRaq.exe
  C:\Windows\System\kOAeRaq.exe
  2⤵
  PID:8792
- C:\Windows\System\WuoFmZP.exe
  C:\Windows\System\WuoFmZP.exe
  2⤵
  PID:8748
- C:\Windows\System\Ggfokph.exe
  C:\Windows\System\Ggfokph.exe
  2⤵
  PID:8640
- C:\Windows\System\QuvmXXj.exe
  C:\Windows\System\QuvmXXj.exe
  2⤵
  PID:8932
- C:\Windows\System\dxVwqTX.exe
  C:\Windows\System\dxVwqTX.exe
  2⤵
  PID:8876
- C:\Windows\System\rNEAhqb.exe
  C:\Windows\System\rNEAhqb.exe
  2⤵
  PID:8768
- C:\Windows\System\dIgjSyN.exe
  C:\Windows\System\dIgjSyN.exe
  2⤵
  PID:8516
- C:\Windows\System\vWEQBly.exe
  C:\Windows\System\vWEQBly.exe
  2⤵
  PID:9148
- C:\Windows\System\DCelACf.exe
  C:\Windows\System\DCelACf.exe
  2⤵
  PID:8956
- C:\Windows\System\pZfVWtO.exe
  C:\Windows\System\pZfVWtO.exe
  2⤵
  PID:7948
- C:\Windows\System\jcCJQBP.exe
  C:\Windows\System\jcCJQBP.exe
  2⤵
  PID:8356
- C:\Windows\System\wKwrTdH.exe
  C:\Windows\System\wKwrTdH.exe
  2⤵
  PID:8256
- C:\Windows\System\NyLlgQt.exe
  C:\Windows\System\NyLlgQt.exe
  2⤵
  PID:8236
- C:\Windows\System\ITOTTUg.exe
  C:\Windows\System\ITOTTUg.exe
  2⤵
  PID:8508
- C:\Windows\System\nvUivqB.exe
  C:\Windows\System\nvUivqB.exe
  2⤵
  PID:8532
- C:\Windows\System\dWfVmcd.exe
  C:\Windows\System\dWfVmcd.exe
  2⤵
  PID:8564
- C:\Windows\System\RCsXESg.exe
  C:\Windows\System\RCsXESg.exe
  2⤵
  PID:8716
- C:\Windows\System\OGQxmhz.exe
  C:\Windows\System\OGQxmhz.exe
  2⤵
  PID:8900
- C:\Windows\System\XhjDDUo.exe
  C:\Windows\System\XhjDDUo.exe
  2⤵
  PID:9108
- C:\Windows\System\naJErRh.exe
  C:\Windows\System\naJErRh.exe
  2⤵
  PID:8880
- C:\Windows\System\qmTxLeb.exe
  C:\Windows\System\qmTxLeb.exe
  2⤵
  PID:9056
- C:\Windows\System\ZIOkKtb.exe
  C:\Windows\System\ZIOkKtb.exe
  2⤵
  PID:9192
- C:\Windows\System\uKjJKSv.exe
  C:\Windows\System\uKjJKSv.exe
  2⤵
  PID:8292
- C:\Windows\System\iYlVslR.exe
  C:\Windows\System\iYlVslR.exe
  2⤵
  PID:8276
- C:\Windows\System\iAZKgil.exe
  C:\Windows\System\iAZKgil.exe
  2⤵
  PID:8636
- C:\Windows\System\jvRwHvI.exe
  C:\Windows\System\jvRwHvI.exe
  2⤵
  PID:8688
- C:\Windows\System\AQWRCvN.exe
  C:\Windows\System\AQWRCvN.exe
  2⤵
  PID:9164
- C:\Windows\System\yGEKcsJ.exe
  C:\Windows\System\yGEKcsJ.exe
  2⤵
  PID:8940
- C:\Windows\System\IGrrUib.exe
  C:\Windows\System\IGrrUib.exe
  2⤵
  PID:8968
- C:\Windows\System\jBXOlLf.exe
  C:\Windows\System\jBXOlLf.exe
  2⤵
  PID:8216
- C:\Windows\System\dNBhvpJ.exe
  C:\Windows\System\dNBhvpJ.exe
  2⤵
  PID:8788
- C:\Windows\System\vMEYhrn.exe
  C:\Windows\System\vMEYhrn.exe
  2⤵
  PID:8412
- C:\Windows\System\wkJHHJE.exe
  C:\Windows\System\wkJHHJE.exe
  2⤵
  PID:9008
- C:\Windows\System\LrKEEca.exe
  C:\Windows\System\LrKEEca.exe
  2⤵
  PID:8484
- C:\Windows\System\FKjDFki.exe
  C:\Windows\System\FKjDFki.exe
  2⤵
  PID:8904
- C:\Windows\System\lxvPcFj.exe
  C:\Windows\System\lxvPcFj.exe
  2⤵
  PID:7196
- C:\Windows\System\RdCKwHF.exe
  C:\Windows\System\RdCKwHF.exe
  2⤵
  PID:8336
- C:\Windows\System\IBLhvbl.exe
  C:\Windows\System\IBLhvbl.exe
  2⤵
  PID:9224
- C:\Windows\System\NKFrnaF.exe
  C:\Windows\System\NKFrnaF.exe
  2⤵
  PID:9248
- C:\Windows\System\CPqyrpU.exe
  C:\Windows\System\CPqyrpU.exe
  2⤵
  PID:9268
- C:\Windows\System\xTeREoi.exe
  C:\Windows\System\xTeREoi.exe
  2⤵
  PID:9288
- C:\Windows\System\kovrDKM.exe
  C:\Windows\System\kovrDKM.exe
  2⤵
  PID:9308
- C:\Windows\System\gOjszvR.exe
  C:\Windows\System\gOjszvR.exe
  2⤵
  PID:9328
- C:\Windows\System\MAeODXe.exe
  C:\Windows\System\MAeODXe.exe
  2⤵
  PID:9348
- C:\Windows\System\wNwhchP.exe
  C:\Windows\System\wNwhchP.exe
  2⤵
  PID:9364
- C:\Windows\System\DRLtFlx.exe
  C:\Windows\System\DRLtFlx.exe
  2⤵
  PID:9380
- C:\Windows\System\swGHPhs.exe
  C:\Windows\System\swGHPhs.exe
  2⤵
  PID:9396
- C:\Windows\System\YbfhbzB.exe
  C:\Windows\System\YbfhbzB.exe
  2⤵
  PID:9428
- C:\Windows\System\rDDdMwb.exe
  C:\Windows\System\rDDdMwb.exe
  2⤵
  PID:9452
- C:\Windows\System\xcRaASR.exe
  C:\Windows\System\xcRaASR.exe
  2⤵
  PID:9468
- C:\Windows\System\FuOQjoE.exe
  C:\Windows\System\FuOQjoE.exe
  2⤵
  PID:9488
- C:\Windows\System\RVuHBIh.exe
  C:\Windows\System\RVuHBIh.exe
  2⤵
  PID:9504
- C:\Windows\System\GtDWLWc.exe
  C:\Windows\System\GtDWLWc.exe
  2⤵
  PID:9528
- C:\Windows\System\iBrqSfM.exe
  C:\Windows\System\iBrqSfM.exe
  2⤵
  PID:9552
- C:\Windows\System\GpZwkdE.exe
  C:\Windows\System\GpZwkdE.exe
  2⤵
  PID:9568
- C:\Windows\System\QpAebJB.exe
  C:\Windows\System\QpAebJB.exe
  2⤵
  PID:9588
- C:\Windows\System\VyXWkOV.exe
  C:\Windows\System\VyXWkOV.exe
  2⤵
  PID:9608
- C:\Windows\System\kNoPwXp.exe
  C:\Windows\System\kNoPwXp.exe
  2⤵
  PID:9624
- C:\Windows\System\NuWBaSN.exe
  C:\Windows\System\NuWBaSN.exe
  2⤵
  PID:9640
- C:\Windows\System\hUFGtfw.exe
  C:\Windows\System\hUFGtfw.exe
  2⤵
  PID:9660
- C:\Windows\System\qwhfQQy.exe
  C:\Windows\System\qwhfQQy.exe
  2⤵
  PID:9676
- C:\Windows\System\AfItvZE.exe
  C:\Windows\System\AfItvZE.exe
  2⤵
  PID:9696
- C:\Windows\System\UCFhmff.exe
  C:\Windows\System\UCFhmff.exe
  2⤵
  PID:9720
- C:\Windows\System\FEXpYhC.exe
  C:\Windows\System\FEXpYhC.exe
  2⤵
  PID:9740
- C:\Windows\System\fkefvrB.exe
  C:\Windows\System\fkefvrB.exe
  2⤵
  PID:9764
- C:\Windows\System\MMWKOJK.exe
  C:\Windows\System\MMWKOJK.exe
  2⤵
  PID:9780
- C:\Windows\System\PdpbavU.exe
  C:\Windows\System\PdpbavU.exe
  2⤵
  PID:9800
- C:\Windows\System\zIdtNmR.exe
  C:\Windows\System\zIdtNmR.exe
  2⤵
  PID:9832
- C:\Windows\System\jwPDfYf.exe
  C:\Windows\System\jwPDfYf.exe
  2⤵
  PID:9848
- C:\Windows\System\AxanjBs.exe
  C:\Windows\System\AxanjBs.exe
  2⤵
  PID:9868
- C:\Windows\System\jxaxePJ.exe
  C:\Windows\System\jxaxePJ.exe
  2⤵
  PID:9892
- C:\Windows\System\UMFoRXe.exe
  C:\Windows\System\UMFoRXe.exe
  2⤵
  PID:9916
- C:\Windows\System\qPPxZLa.exe
  C:\Windows\System\qPPxZLa.exe
  2⤵
  PID:9936
- C:\Windows\System\CLTxktX.exe
  C:\Windows\System\CLTxktX.exe
  2⤵
  PID:9952
- C:\Windows\System\wExwJPX.exe
  C:\Windows\System\wExwJPX.exe
  2⤵
  PID:9968
- C:\Windows\System\iAEmyRu.exe
  C:\Windows\System\iAEmyRu.exe
  2⤵
  PID:9996
- C:\Windows\System\hzMhOcl.exe
  C:\Windows\System\hzMhOcl.exe
  2⤵
  PID:10016
- C:\Windows\System\gqMHCLt.exe
  C:\Windows\System\gqMHCLt.exe
  2⤵
  PID:10032
- C:\Windows\System\PYjAQcP.exe
  C:\Windows\System\PYjAQcP.exe
  2⤵
  PID:10048
- C:\Windows\System\WWBpNqb.exe
  C:\Windows\System\WWBpNqb.exe
  2⤵
  PID:10072
- C:\Windows\System\obLDWgE.exe
  C:\Windows\System\obLDWgE.exe
  2⤵
  PID:10088
- C:\Windows\System\zfzwWCz.exe
  C:\Windows\System\zfzwWCz.exe
  2⤵
  PID:10104
- C:\Windows\System\imYBURv.exe
  C:\Windows\System\imYBURv.exe
  2⤵
  PID:10120
- C:\Windows\System\NeOJswu.exe
  C:\Windows\System\NeOJswu.exe
  2⤵
  PID:10140
- C:\Windows\System\mtFcTxX.exe
  C:\Windows\System\mtFcTxX.exe
  2⤵
  PID:10160
- C:\Windows\System\MzSqGOE.exe
  C:\Windows\System\MzSqGOE.exe
  2⤵
  PID:10184
- C:\Windows\System\ZMzoTju.exe
  C:\Windows\System\ZMzoTju.exe
  2⤵
  PID:10204
- C:\Windows\System\TfuOXaH.exe
  C:\Windows\System\TfuOXaH.exe
  2⤵
  PID:10232
- C:\Windows\System\hJvmxJx.exe
  C:\Windows\System\hJvmxJx.exe
  2⤵
  PID:9232
- C:\Windows\System\OjlmnbN.exe
  C:\Windows\System\OjlmnbN.exe
  2⤵
  PID:9244
- C:\Windows\System\LakLoSx.exe
  C:\Windows\System\LakLoSx.exe
  2⤵
  PID:9276
- C:\Windows\System\oXPvXUt.exe
  C:\Windows\System\oXPvXUt.exe
  2⤵
  PID:9304
- C:\Windows\System\BQdUqPQ.exe
  C:\Windows\System\BQdUqPQ.exe
  2⤵
  PID:9320
- C:\Windows\System\UyCxtrv.exe
  C:\Windows\System\UyCxtrv.exe
  2⤵
  PID:9376
- C:\Windows\System\StSnQiN.exe
  C:\Windows\System\StSnQiN.exe
  2⤵
  PID:9416
- C:\Windows\System\lOsGpxU.exe
  C:\Windows\System\lOsGpxU.exe
  2⤵
  PID:9448
- C:\Windows\System\IReQCmL.exe
  C:\Windows\System\IReQCmL.exe
  2⤵
  PID:9476
- C:\Windows\System\ehYEBYJ.exe
  C:\Windows\System\ehYEBYJ.exe
  2⤵
  PID:9536
- C:\Windows\System\ZFTQDVE.exe
  C:\Windows\System\ZFTQDVE.exe
  2⤵
  PID:9560
- C:\Windows\System\KpeTVOO.exe
  C:\Windows\System\KpeTVOO.exe
  2⤵
  PID:9604
- C:\Windows\System\iieTlHw.exe
  C:\Windows\System\iieTlHw.exe
  2⤵
  PID:9212
- C:\Windows\System\nlBJfzg.exe
  C:\Windows\System\nlBJfzg.exe
  2⤵
  PID:9684
- C:\Windows\System\sCKlfoh.exe
  C:\Windows\System\sCKlfoh.exe
  2⤵
  PID:9736
- C:\Windows\System\whXyRkZ.exe
  C:\Windows\System\whXyRkZ.exe
  2⤵
  PID:9752
- C:\Windows\System\TusbwfS.exe
  C:\Windows\System\TusbwfS.exe
  2⤵
  PID:9712
- C:\Windows\System\LgUVkRv.exe
  C:\Windows\System\LgUVkRv.exe
  2⤵
  PID:9816
- C:\Windows\System\jCiIuSy.exe
  C:\Windows\System\jCiIuSy.exe
  2⤵
  PID:9792
- C:\Windows\System\CyQoTDR.exe
  C:\Windows\System\CyQoTDR.exe
  2⤵
  PID:9864
- C:\Windows\System\ymxdEKT.exe
  C:\Windows\System\ymxdEKT.exe
  2⤵
  PID:9884
- C:\Windows\System\LmLwFbR.exe
  C:\Windows\System\LmLwFbR.exe
  2⤵
  PID:9924
- C:\Windows\System\khemuiI.exe
  C:\Windows\System\khemuiI.exe
  2⤵
  PID:9964
- C:\Windows\System\YiTnGcK.exe
  C:\Windows\System\YiTnGcK.exe
  2⤵
  PID:9980
- C:\Windows\System\lHIUHuD.exe
  C:\Windows\System\lHIUHuD.exe
  2⤵
  PID:10008
- C:\Windows\System\GILRCTp.exe
  C:\Windows\System\GILRCTp.exe
  2⤵
  PID:10060
- C:\Windows\System\kFBKwgS.exe
  C:\Windows\System\kFBKwgS.exe
  2⤵
  PID:10096
- C:\Windows\System\UiQeZFA.exe
  C:\Windows\System\UiQeZFA.exe
  2⤵
  PID:10132
- C:\Windows\System\iurDwkz.exe
  C:\Windows\System\iurDwkz.exe
  2⤵
  PID:10216
- C:\Windows\System\WwgYMVK.exe
  C:\Windows\System\WwgYMVK.exe
  2⤵
  PID:10224
- C:\Windows\System\diUnmuv.exe
  C:\Windows\System\diUnmuv.exe
  2⤵
  PID:9240
- C:\Windows\System\CYFQpUI.exe
  C:\Windows\System\CYFQpUI.exe
  2⤵
  PID:9344
- C:\Windows\System\ewuAhrb.exe
  C:\Windows\System\ewuAhrb.exe
  2⤵
  PID:10196
- C:\Windows\System\NJAqbOz.exe
  C:\Windows\System\NJAqbOz.exe
  2⤵
  PID:9444
- C:\Windows\System\JlUoImC.exe
  C:\Windows\System\JlUoImC.exe
  2⤵
  PID:9516
- C:\Windows\System\acvDtof.exe
  C:\Windows\System\acvDtof.exe
  2⤵
  PID:9404
- C:\Windows\System\YTnYFCw.exe
  C:\Windows\System\YTnYFCw.exe
  2⤵
  PID:9464
- C:\Windows\System\MTtaAcX.exe
  C:\Windows\System\MTtaAcX.exe
  2⤵
  PID:9580
- C:\Windows\System\HTPYmqY.exe
  C:\Windows\System\HTPYmqY.exe
  2⤵
  PID:9540
- C:\Windows\System\eYweAaN.exe
  C:\Windows\System\eYweAaN.exe
  2⤵
  PID:9728
- C:\Windows\System\mZmzUcY.exe
  C:\Windows\System\mZmzUcY.exe
  2⤵
  PID:9760
- C:\Windows\System\jhXWxBN.exe
  C:\Windows\System\jhXWxBN.exe
  2⤵
  PID:9704
- C:\Windows\System\Ceiawnp.exe
  C:\Windows\System\Ceiawnp.exe
  2⤵
  PID:9908
- C:\Windows\System\DxFfipq.exe
  C:\Windows\System\DxFfipq.exe
  2⤵
  PID:10056
- C:\Windows\System\bHIvVHI.exe
  C:\Windows\System\bHIvVHI.exe
  2⤵
  PID:9880
- C:\Windows\System\IRPHlqj.exe
  C:\Windows\System\IRPHlqj.exe
  2⤵
  PID:10176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BLVPZoo.exe

Filesize
6.0MB

MD5
9488f6404ac5f4c19035d5ca60a81e5e

SHA1
3f9c7c28831045ced8d27330423715e3681240a9

SHA256
649b25a984fe5ab57ff1ba07f70f79a61616c42c5b30174bcd105cd4413d5c91

SHA512
da27a57ab908958f2bbd772c65edd521b9d7456b50eba20c749138ab727c14e869088812a202f4628a66338ad468c302588edad1e99c75b2070794203d74cad0

Download Submit
C:\Windows\system\BUTHMiI.exe

Filesize
6.0MB

MD5
b605f31afd25007f403d3728366e6168

SHA1
1b93f5baf4e1d538e3f9e3d520f0fe861668dfb8

SHA256
34b856fcb5fd21e3dd05cc21349faa8e3198842d3b9b6b8bc5738b5a789bc974

SHA512
d56e29652a65102c8f74ccd1c848f97312e67faee6fc5749c8bd4844697403f7705fa9430f5066682c8da30bb10bbd2545bf2a5f6b773f9deed61fc39677e8af

Download Submit
C:\Windows\system\DsMhulp.exe

Filesize
6.0MB

MD5
1e803a20071378604060d3c83dd71cdb

SHA1
c929a9a959647101eec5783507d63d548814d582

SHA256
dfc0810f573ef36c11322258b3c26194bc745b2517c76267f0420a646be606d8

SHA512
2aaa2fe3ce0fe4a2c33bc6f7fd178f55d05e1d7a6a9dd572b68cdaed8d2c87a6be2c10379c46bf34bd357dedad49373122bcf8c519c60b6858b1990729c8538f

Download Submit
C:\Windows\system\FobFlBi.exe

Filesize
6.0MB

MD5
f0331b7644b11e5ff02964c39a653d65

SHA1
f3e0147d711038fc1871f2e097169659fea52fc0

SHA256
1e94e226a4e0843ff688cab1bc291c04daf33bf9907a32ed7ad8e8630bf92714

SHA512
c774b8ee9beed5d9ae6e865bd0a66e78ebb64e6fca2880dc28ffc2c6321d20202828335c7fe853655c872a97c6cd886c72df119e6f88a89ed5ded6f41125b984

Download Submit
C:\Windows\system\HoiJgNl.exe

Filesize
6.0MB

MD5
52094b39e09e288cd3ab8807a74c7753

SHA1
29b631604d8843e59be7817ababb8935a6de64bc

SHA256
539a1fabd35d3aa0a008b9ae17af72cd57d00342e4c115f2be749f3f36b5fe64

SHA512
b715f90ebe6dd1b05dabd26e7ba25e7159f7751f3f432187ec9cf387f4feff29e54d0d428a245be04f68f09341d0b46ec98db6dcefce0324b3535b238573136e

Download Submit
C:\Windows\system\IedjnKm.exe

Filesize
6.0MB

MD5
ccf0a0348d40be85c729f839095e8fcc

SHA1
c1ea4308b8a54b26c54197b1f58d130625817b66

SHA256
51f8945ef0b87aef174e4b67c47c31e499ee69317b2d9442ea86dd8bc9fd6f27

SHA512
44036cbdedfa4eb9f7c0099713388d5acfb56cc24f9aaf94296c28cdb3d2153e37d52e4e0e23c1895bef75f3014ddc11e72c6d04b9de4155e9dc1f0c0a8e9dae

Download Submit
C:\Windows\system\Kpncpsv.exe

Filesize
6.0MB

MD5
b34565ce7af6b41b9d5fe701528c0b72

SHA1
b1a5452aca8d039ede2cc29b18ef3412722426f6

SHA256
810e640a31bff1b1f9b11c1d651115b612781610931e9ec9944330eca4c7e38f

SHA512
96bc06f49bd304ce5d557f2b2ad1e8fca612a15c5e17e25b0696a8d6c2890fe6e1f8a849f511614fb44b17158a82f0d0355f508837f47870bd73d67a7a451c15

Download Submit
C:\Windows\system\OvOvGhm.exe

Filesize
6.0MB

MD5
0684931155d7cdcc8afa4933ab3d1982

SHA1
11916e8b01a58e33f55e8c3e817aeeb7435bbd8e

SHA256
d0fe7e0f10ce648e9b68933340f6224eba98303fbd7e4ddabf9288db1e012bfe

SHA512
b9e7d6aeb70a3f23843dd00060aab00d0b47f8090d336cce9135061029af92b3a6a5f008d5ba6a388d93db5876f2d14f6f163ab3f70295734eb264ead70e6b2a

Download Submit
C:\Windows\system\QFcDfba.exe

Filesize
6.0MB

MD5
c53abb156ed26ef027dbdadae99e2dfe

SHA1
42436c2f202db8084be184f7aa5ab6c7b853e4c2

SHA256
ea5e8488a709a6a7bb8ba24776324e7d1c6b9f967437f32644ea06586b38547e

SHA512
81995cb2c6b4b6be7665aa062bdbf825acf286993588bfe06d48cc388d1dfae0ceef7ecea09eca26434ea4b76efd4d6ac3b5f10eb06854f13ebb0d3230a3972e

Download Submit
C:\Windows\system\QMvwxSJ.exe

Filesize
6.0MB

MD5
f9f55d258460f87778f01b1071b7baf7

SHA1
8831c76f5fca7bfc771d070c0bf8e65aaf6387e9

SHA256
f30f6be502c61f771b0232cfa09ae9654eff3f01b13c562d059e172715410e98

SHA512
0e4d51fcafc80ea9014e24c03c5e6c3b135f47dbce00304e8ed1d37d5aff6f28eeaca221be3dcf4ef0f3e4e00d6db8c1d3ecdc0da0ce6836ef8287a32db8becd

Download Submit
C:\Windows\system\RsVwWRO.exe

Filesize
6.0MB

MD5
ab8113c2d7411cc9214d0187019144de

SHA1
78e4f4ca11b155cc629dde57c9692b0286afebde

SHA256
908cc7432a6994b281587241785bfee39104e2ab3c0b9551b94cb211ce71c9ce

SHA512
51a89fc8ff9af05cd1365b1c407078015cb8119752f63106544cfcd1ae350a963b096fd2a3c593620b0437dae25dc85b7a7b7896f00f8b3da0735a611733097f

Download Submit
C:\Windows\system\WkWNZzY.exe

Filesize
6.0MB

MD5
4150ad54dec3a519b57f93ed3494be97

SHA1
d8f4fd0d7dd49678f95ffe05063e1d1d6c16ab24

SHA256
1bdfae59ed6934e69e427bb4c803cb514d746fd3ea66732bdffb01ac512baf13

SHA512
95a19109edc7d67adf68f7e5e50e39c36dce84cfb665674daf5bb02e7645741895faa8bb639cc72895d7d8621db01e0adba223d88d1bc7964c17d0eda0e2c085

Download Submit
C:\Windows\system\aTCTwzF.exe

Filesize
6.0MB

MD5
34fa069faaa97352f0ac997e692d36e7

SHA1
1d51c197e3ee4a7cba52e50ae6a756a4462bd238

SHA256
642c5774da3424da9e5b3488dd682fafb99aeb7cfa8d156c2033800019ca6ecd

SHA512
85795566cb2febef7fa52548c31ac9f0de2c5324b4099766dc3e4acb6c834a875076a755b465d39e8e651389a20cd55b46955517506d1260abf59c0f870ec200

Download Submit
C:\Windows\system\bsFuuvA.exe

Filesize
6.0MB

MD5
91cbf0108b59b13c098cc88edc4ff71b

SHA1
018cda1fc3c13debf9fb8fb296f273a82c036a41

SHA256
2f7a322f5b7768f4738ed1791f2577fefda8511d2b982141bd62cef962688b55

SHA512
03d9fde2e444b2abc4d8e90ba87f7b889d1465c8abeb020dca04ad0af5e345cee5aa0b7f9e68a8cdc4cab5c927c57da07b51fbb26595fba1f7b77c9a84339adb

Download Submit
C:\Windows\system\eWzvDwe.exe

Filesize
6.0MB

MD5
283894b89f2ae13a5edbe5893798bdc4

SHA1
0996cb7d9567f5500a37471d55529181e090618b

SHA256
fbf8f7b1e856f71aa4ecb157fbd6547cc732c823f9dd4891fdfa7140397d7d4e

SHA512
798c871f5ca3a5f4b5756038f94b6acb31786567ae1e88ca94a59e09e0f8a6bece0a6ade2817bbf589b5f255eeb0f3003e73edeac281c67001cd6de3175ec86f

Download Submit
C:\Windows\system\filOGok.exe

Filesize
6.0MB

MD5
9b3891b7e6fb2a04bfb0c062bb667fe2

SHA1
14ee7258dee7876fcb29b6c0d9fb4df66588799b

SHA256
6b9b34729fba90445b3c6e2855fb371a965a33bf1e1f3a8f0014e191587d02fc

SHA512
8367c770a1dc559ffc5a8da1f62b6938df631da2d14844130c207ee5168e161b90074ab6f90ba18c1fb13d3dfdb6c574beabbf2c439b99a866c1219f612ad873

Download Submit
C:\Windows\system\hBzADqS.exe

Filesize
6.0MB

MD5
f65553de04f6a01e3fad615634096656

SHA1
f76dbc792fbf31eb8741d87406252265c3e3bfc7

SHA256
efca6c810bfe0b7002b5d92f082da49a8ea3f43cafc3c864823c8b756ab5ca63

SHA512
b29459b65fb9ec67e81602ba28d8093b4f9d4a8e6ad31982135c64075c1f7507e63ba46493601d13908d10ac2b561ba2f64b7eb769d7b15190817c4fab3ecaf2

Download Submit
C:\Windows\system\kwjdGod.exe

Filesize
6.0MB

MD5
38661565125a959d0e6334530fe434ae

SHA1
b1827016374afadd14ad07d843660f7feef372e8

SHA256
0f6d40011cf47ddbce4aa42ef97d9de8b3b6afe3358fa64f9c400c820f2743f3

SHA512
654ffc1f0361aa7a6d5f86a1e5e3c597376a5cb25f41ae0bba1290258ebdde948299e9f73261b2a531960dce622a82a3c09bc1d486d5a3efc6129c13c6e5f002

Download Submit
C:\Windows\system\lZYcPWA.exe

Filesize
6.0MB

MD5
bc3642e4345010a1bd87c49abd94f60a

SHA1
6508e9d9ea5c8ffbcad11a806b6302f33669bfce

SHA256
93091a520e27388ec9beda41888603b0d83ab1c5c67114bd44e409b1a544516d

SHA512
f00d0ddcf585e61045fa8785644237512ed91e01216722dc6c990a88e657173abb961edabfa1e65a66d3f8788c533a9b427a3bbc4b8b9d620bbac2c480cb0e31

Download Submit
C:\Windows\system\lmPvDYf.exe

Filesize
6.0MB

MD5
fa354ab3c7e76ea7d1969152d08a2262

SHA1
ec37e070ebf70346ae235e6b8ed2e25b45bbc242

SHA256
06719d1b433ef6d45d39837436f019879b3f7a3bdbd60563ea10fefc5d65d794

SHA512
3c0ddcdf269517ba2f6f17c3bb73dca6cc69e37d86c5667cbc0fcc353e6791dba4d57d461ecdd6c5a7632d294241248a3ef60c4103ea9218fa917543cfd228b7

Download Submit
C:\Windows\system\mpoCnLr.exe

Filesize
6.0MB

MD5
7471ddabc597707df232c96b31c1ef57

SHA1
d5b2ecac0a4bc9b5595c694a65441625e9e4abe3

SHA256
d10752091644a62a2fff9ba92e642a72158a2645691bd4593e62f053ca323603

SHA512
460e4b49bda36234e57e60fb072496313e03a802c8c960cb5f7020d9b3b22cb4e02742d27eafc4c1904b4a1e735b0ec7442971efdfc3b5b5ef4d0c56338fe6e6

Download Submit
C:\Windows\system\nSvCldV.exe

Filesize
6.0MB

MD5
6aed9bcdbbe5edcc4990b1ba4737e02d

SHA1
4f224378d409a4c95e28df3d3cbab43a17be56f6

SHA256
42d221a74b66b906539a03c9736ba6d8ef8f9a370559648e1cfe7316fab8c492

SHA512
d19e2bf7da0e5a2357d071019b36a5262ed56e0c562b287969fb5161c6003a99c79e42b6d45d354cecdb5ba58c68245e96355732ee664859b1be3b922e39e0b3

Download Submit
C:\Windows\system\nombElz.exe

Filesize
6.0MB

MD5
3894130cde2715beca7e457be3346d25

SHA1
80bcc9ca6ea8a72e62151c28b32f7860c08c589b

SHA256
2c6c781eb6cbdaf6aa6fa46710cf19285b5726f1daf440448802ce4e5f9860ce

SHA512
425c4fc174003d69b8909af0e3907c5e53d90a018a96adb64e724037b911eed96ba75d2e877d115b9e5a5daf70e6c1603960530555d1ae7e983544ef913aa3ab

Download Submit
C:\Windows\system\qqEDuRa.exe

Filesize
6.0MB

MD5
1a0c6ff6d4032200b7fa14cab6e3dd0f

SHA1
7105f4974b1c64015dfe5e2c83639b07f757ce18

SHA256
721c595162584a26bf899d9464f72a3150a5224a325f245875f3d7aa2ce93097

SHA512
ac7ff015f4cb4b61d66ae01edb36e3be27f08ca241eaf5c5abc1c0a0eb8e2aff5996a1f89932ebb222cfaf03d04e6b9a0fe06cf465f58809b359b011bd40916e

Download Submit
C:\Windows\system\scYQEmX.exe

Filesize
6.0MB

MD5
b0ec86eee60c7563207ad2e15143967b

SHA1
8a9fca11740389f440714471c67bae50dcbd44f2

SHA256
490bcabb05d30740255da12614dbc66abe39d7b57fcf184ecc7da31928bd8719

SHA512
97288cdbc1750786821d54d076dd29eb83099e499fd5835306c251e7d3f4ce0da55d384ed07da5b56cfb168d3df9a8f846918699f97f36661101537f619011b9

Download Submit
C:\Windows\system\uNLxdTJ.exe

Filesize
6.0MB

MD5
e2bb5743b541005ead77fd683046940a

SHA1
91fc0b18839478b350b58e2c7ca6910a31deebf4

SHA256
942065a632712126022e6e9215630da3600fdb2d23051202b34fe1e533f1fbcb

SHA512
17db860c3607faec1ce2f3655a74c91cf653f9ad7781cfb9a6db6fbf9b0ce29e5e5a5f0b197dee04eab084a4822ade0c0785ec2b9ed28e3888eb17a80ec24b6e

Download Submit
C:\Windows\system\uhikSpm.exe

Filesize
6.0MB

MD5
dc49efdc6e8f6a269be778dd3f584e83

SHA1
9dc3c73896f797eaddcc22400ac684281622173c

SHA256
b70ad27995073c485ba0f7634d502cbba782ebbc2f90f59ea4d2a3e289844d83

SHA512
5b04a875f4f457715c553942cd9df08ab6fffc27ec298af0d187dd3f5c276b13ef77ac13c271e10c114c84ac91d11586fc5430a7ad105345df6c4f7bbe5d57eb

Download Submit
C:\Windows\system\vBtfLPU.exe

Filesize
6.0MB

MD5
a78ba9a91c2f7ef8a4840b415e795799

SHA1
40c41f252f178239c4a69984b5af1083284c37d3

SHA256
1038bee083f5a8d1bd03c7c7d6cdcbf139a2bbb006388d7a56b83ad9e3e397e3

SHA512
5fc345addaf4c60990f3d1bc399aff069319ee1f1da7b0e2db67474a158906836d8d48aad8edb5da26ccf432dcead99a600dc2b456d6bf79c8c924d24665cf9d

Download Submit
C:\Windows\system\vugmbcZ.exe

Filesize
6.0MB

MD5
3590e95619194956716ab4b59497d25b

SHA1
53b9805deb5274d75ab77966c66b4e5be23f64e0

SHA256
85847d733301f9670e51b090290269765f56519d353206de67d16b25ae0f361f

SHA512
4d7cfad1a13de0d968e77c2c7a512f3f48b728d0be45dcd2f2799dd6ad56d95dbc8da36b726902ba903a832af4e31a216d552100ab3518ce6a691c4a51e3205d

Download Submit
C:\Windows\system\wfRcABN.exe

Filesize
6.0MB

MD5
3d0aec1916899ffbaf7151c7bb8598d2

SHA1
634bc2644b12fc919b44f283c5a1d0f03fc50d31

SHA256
9bec59a09ed96fc57e48bb889da95354c544c5d62a395a62b73e003bcf1da49f

SHA512
807b17f09c901d58e4016bddafceb8c3abda6cfab446a03b22cba7c15a48473d4c0426f875fbfce14af2057f4a96d4f2a8022f9686ae98b00dd3037684e15210

Download Submit
\Windows\system\KoGmQIt.exe

Filesize
6.0MB

MD5
eb181efaa249f14e78ad41ed62781a27

SHA1
496b086c1b5be5f72d29ad8100d6def264dd12e5

SHA256
74e73400e8363d3f8b58af546e529603f26be1101657c3df5e2139054a8066ac

SHA512
27a136d4ebdf9e6af96291c55bff25fa2d2704826a683843bfdd266ee2e4835e6d0623b511287e15db75c9b24e287e17166d265d32aa4c61b5dc36e3d6125bc8

Download Submit
\Windows\system\TuhbxeB.exe

Filesize
6.0MB

MD5
0b27d6cfcb261b5f6d1b9c09012b79b9

SHA1
591b98e9bdb26a431fa7b22da664c80f297bdb16

SHA256
5240f0f482946d7f7e250991b499458eee876bc4d3c8f9f84fa78650dab50f46

SHA512
faf6459dba4d1d8c7227246f911c4517c654107c13b949cb0b6bca12bdf7392bfa5d6f0173816013f141ab92cbfe44d92d9f5333e04e925e39b9f943e58ab014

Download Submit
memory/1248-22-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1248-4032-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-4026-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-28-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-3828-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2320-15-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2320-46-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2520-4025-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2520-53-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2524-4023-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2524-523-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2524-76-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2540-4021-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2540-63-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2548-4027-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2548-58-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2560-4030-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2560-70-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2596-3836-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2596-9-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2632-83-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2632-4031-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2632-746-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2652-4028-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2652-35-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2664-47-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2664-4029-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2764-39-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-4024-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-937-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2980-90-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2980-4022-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/3012-20-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-24-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-49-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/3012-79-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/3012-80-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-42-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/3012-86-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/3012-34-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/3012-87-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/3012-30-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-66-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/3012-55-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/3012-73-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-72-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/3012-93-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/3012-235-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/3012-419-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-633-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-859-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/3012-0-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/3012-1037-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-94-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-13-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-7-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-2-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download