cobaltstrike | 1c18614cd0bcc1b06a7a3169e52daf65cbd1868f6ae5e8782313f5fa38235dcd

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-09-2024 03:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

358d276d1005756ea0d1e75d50d47f82
SHA1

5e3a6e602c202b72ef2c23f9d523d84384ac647f
SHA256

1c18614cd0bcc1b06a7a3169e52daf65cbd1868f6ae5e8782313f5fa38235dcd
SHA512

db50eb34b720da7fea19b9999a97544dcf81dcd8311ffefa882b7a0ff55ad21d0206483b618cf291a8b9ec36e7797c8dd3e26e9846a30c044864852c471d1fe6
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUC:T+q56utgpPF8u/7C

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d000000012254-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016276-11.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000167ea-20.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016a49-40.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dc1-50.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-56.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019280-74.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-189.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960e-193.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019610-199.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-184.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d9-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960a-178.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f3-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019537-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-153.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194bd-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941a-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019436-148.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193ec-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019417-138.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c8-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d4-128.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b7-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019399-104.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015fba-94.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938b-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-70.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c53-46.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c36-36.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001650a-19.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2296-0-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/files/0x000d000000012254-3.dat	xmrig
behavioral1/files/0x0008000000016276-11.dat	xmrig
behavioral1/memory/2344-15-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2336-10-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x00070000000167ea-20.dat	xmrig
behavioral1/memory/1552-35-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2804-39-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/1056-41-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016a49-40.dat	xmrig
behavioral1/files/0x0008000000016dc1-50.dat	xmrig
behavioral1/memory/2296-54-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2672-55-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x0005000000019263-56.dat	xmrig
behavioral1/memory/2668-71-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019280-74.dat	xmrig
behavioral1/memory/3012-89-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2820-87-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2296-102-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x000500000001960d-189.dat	xmrig
behavioral1/memory/1780-1046-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2016-900-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/3012-704-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2576-512-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2296-387-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2668-275-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x000500000001960e-193.dat	xmrig
behavioral1/files/0x0005000000019610-199.dat	xmrig
behavioral1/files/0x000500000001960c-184.dat	xmrig
behavioral1/files/0x00050000000195d9-173.dat	xmrig
behavioral1/files/0x000500000001960a-178.dat	xmrig
behavioral1/files/0x00050000000194f3-164.dat	xmrig
behavioral1/files/0x0005000000019537-168.dat	xmrig
behavioral1/files/0x0005000000019441-153.dat	xmrig
behavioral1/files/0x00050000000194bd-158.dat	xmrig
behavioral1/files/0x000500000001941a-144.dat	xmrig
behavioral1/files/0x0005000000019436-148.dat	xmrig
behavioral1/files/0x00050000000193ec-133.dat	xmrig
behavioral1/files/0x0005000000019417-138.dat	xmrig
behavioral1/files/0x00050000000193c8-124.dat	xmrig
behavioral1/files/0x00050000000193d4-128.dat	xmrig
behavioral1/files/0x00050000000193b7-113.dat	xmrig
behavioral1/files/0x00050000000193c1-118.dat	xmrig
behavioral1/memory/1780-106-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2892-105-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x0005000000019399-104.dat	xmrig
behavioral1/memory/2296-103-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2016-96-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2672-95-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x0009000000015fba-94.dat	xmrig
behavioral1/files/0x000500000001938b-86.dat	xmrig
behavioral1/memory/2576-79-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2296-76-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2804-75-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019278-70.dat	xmrig
behavioral1/memory/2892-63-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2820-49-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2336-48-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2296-47-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c53-46.dat	xmrig
behavioral1/memory/2736-29-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c36-36.dat	xmrig
behavioral1/memory/2296-33-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/files/0x000800000001650a-19.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2336	uTtIysK.exe
2344	kQyQqDj.exe
2736	qIqjsPk.exe
1552	tnzgKMk.exe
2804	ZOhZWlZ.exe
1056	hglEeyS.exe
2820	CZqjSUF.exe
2672	nveWnDF.exe
2892	upuLQkL.exe
2668	HBgxXLw.exe
2576	sOHdNpg.exe
3012	VhlVSPU.exe
2016	WZBQiZU.exe
1780	LuNHyCo.exe
400	WiKEVBD.exe
1916	lyNlWou.exe
1524	zlhZrKr.exe
920	EdTTCmh.exe
2900	QWqkoJT.exe
2644	yVwuGFc.exe
2164	BcsBfBD.exe
2312	HlkNgbT.exe
2392	nQcgGfU.exe
1428	EZTqLay.exe
2004	UnVFbxi.exe
1412	YcaEzOW.exe
2960	zxNdaxV.exe
1156	PCDdLtt.exe
960	gPVNGRq.exe
2268	goMPgUg.exe
1568	MkYVsXg.exe
272	EJylTgJ.exe
964	goTobTY.exe
940	vXLlDzx.exe
2140	sWttkGe.exe
1252	hZlNRaK.exe
784	TfpOxTX.exe
2964	jKMBEZb.exe
1052	zNnUtIu.exe
1744	xOWOMbd.exe
2448	ufqxyPi.exe
2040	pMyHALp.exe
324	nAxjCdC.exe
2072	ymGjVqB.exe
2740	fAJVRNi.exe
2996	NrzVlep.exe
340	Tqnuzjf.exe
484	YKvKUdC.exe
2320	Cdqwyxj.exe
1540	nckJsVK.exe
2984	BFgbHpV.exe
1988	PthYvEQ.exe
2516	NvDPEcx.exe
2648	aRSwzHC.exe
2368	MVulyjs.exe
2872	PQbTGKN.exe
2604	RVJZbaD.exe
2836	MBpuiiy.exe
3016	IqtSdGv.exe
2924	CePGIuw.exe
1932	cqJyHzu.exe
1964	ZCDxjPw.exe
2852	ygsenRx.exe
352	tUsnooC.exe

Loads dropped DLL 64 IoCs

pid	Process
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2296-0-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/files/0x000d000000012254-3.dat	upx
behavioral1/files/0x0008000000016276-11.dat	upx
behavioral1/memory/2344-15-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2336-10-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/files/0x00070000000167ea-20.dat	upx
behavioral1/memory/1552-35-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2804-39-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/1056-41-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/files/0x0007000000016a49-40.dat	upx
behavioral1/files/0x0008000000016dc1-50.dat	upx
behavioral1/memory/2672-55-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x0005000000019263-56.dat	upx
behavioral1/memory/2668-71-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/files/0x0005000000019280-74.dat	upx
behavioral1/memory/3012-89-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2820-87-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/files/0x000500000001960d-189.dat	upx
behavioral1/memory/1780-1046-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2016-900-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/3012-704-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2576-512-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2668-275-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/files/0x000500000001960e-193.dat	upx
behavioral1/files/0x0005000000019610-199.dat	upx
behavioral1/files/0x000500000001960c-184.dat	upx
behavioral1/files/0x00050000000195d9-173.dat	upx
behavioral1/files/0x000500000001960a-178.dat	upx
behavioral1/files/0x00050000000194f3-164.dat	upx
behavioral1/files/0x0005000000019537-168.dat	upx
behavioral1/files/0x0005000000019441-153.dat	upx
behavioral1/files/0x00050000000194bd-158.dat	upx
behavioral1/files/0x000500000001941a-144.dat	upx
behavioral1/files/0x0005000000019436-148.dat	upx
behavioral1/files/0x00050000000193ec-133.dat	upx
behavioral1/files/0x0005000000019417-138.dat	upx
behavioral1/files/0x00050000000193c8-124.dat	upx
behavioral1/files/0x00050000000193d4-128.dat	upx
behavioral1/files/0x00050000000193b7-113.dat	upx
behavioral1/files/0x00050000000193c1-118.dat	upx
behavioral1/memory/1780-106-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2892-105-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x0005000000019399-104.dat	upx
behavioral1/memory/2016-96-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2672-95-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x0009000000015fba-94.dat	upx
behavioral1/files/0x000500000001938b-86.dat	upx
behavioral1/memory/2576-79-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2804-75-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/files/0x0005000000019278-70.dat	upx
behavioral1/memory/2892-63-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2820-49-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2336-48-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2296-47-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/files/0x0008000000016c53-46.dat	upx
behavioral1/memory/2736-29-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x0007000000016c36-36.dat	upx
behavioral1/files/0x000800000001650a-19.dat	upx
behavioral1/memory/2736-4096-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2804-4097-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/1552-4098-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2672-4099-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2892-4100-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2820-4101-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\xMAIWAL.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RufDMCV.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\khfuThe.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QZDifUE.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DbOpath.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AZXwgGv.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QWDwLAS.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wszDtxK.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gwwHcJg.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\erNhpWv.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UAjgaUD.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sCkoEYw.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DAIjAMJ.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HKyciFm.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\exaXTav.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\valWMMa.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QDSeHdT.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\szEVORO.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RWPzjia.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hJLaOui.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XuvQCbk.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VyZBtij.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSJOGwH.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VnlgbwM.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\efIwMpt.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xNIKSEr.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NyZqjcK.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wkgFIWv.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XoEpqJO.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AmzTMBd.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YzDLlCa.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZMHhprO.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fIrXpsc.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GjFRPPX.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tKGwYdu.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\evTVsBD.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jrKUlFI.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NJSadyR.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AIQIisn.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eKlPBOY.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bdbwelw.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YxfauoH.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cGuvnOt.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nuzaaJZ.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZNvziar.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QAlNfdp.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PQbTGKN.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZBwsfTd.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aSHhGhJ.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UePHikq.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YMpwHda.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lnWmLdT.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OjBHhch.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OacgXDZ.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iWIeZCL.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rZSDJyE.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QwSEEgy.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WNbFVes.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ENBvOzt.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VCwBnjy.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uhpoaMH.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZurBUZx.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\upHsnID.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKhPgxf.exe	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 2336	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2296 wrote to memory of 2336	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2296 wrote to memory of 2336	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2296 wrote to memory of 2344	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2296 wrote to memory of 2344	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2296 wrote to memory of 2344	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2296 wrote to memory of 2736	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2296 wrote to memory of 2736	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2296 wrote to memory of 2736	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2296 wrote to memory of 1552	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2296 wrote to memory of 1552	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2296 wrote to memory of 1552	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2296 wrote to memory of 1056	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2296 wrote to memory of 1056	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2296 wrote to memory of 1056	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2296 wrote to memory of 2804	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2296 wrote to memory of 2804	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2296 wrote to memory of 2804	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2296 wrote to memory of 2820	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2296 wrote to memory of 2820	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2296 wrote to memory of 2820	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2296 wrote to memory of 2672	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2296 wrote to memory of 2672	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2296 wrote to memory of 2672	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2296 wrote to memory of 2892	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2296 wrote to memory of 2892	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2296 wrote to memory of 2892	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2296 wrote to memory of 2668	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2296 wrote to memory of 2668	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2296 wrote to memory of 2668	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2296 wrote to memory of 2576	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2296 wrote to memory of 2576	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2296 wrote to memory of 2576	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2296 wrote to memory of 3012	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2296 wrote to memory of 3012	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2296 wrote to memory of 3012	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2296 wrote to memory of 2016	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2296 wrote to memory of 2016	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2296 wrote to memory of 2016	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2296 wrote to memory of 1780	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2296 wrote to memory of 1780	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2296 wrote to memory of 1780	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2296 wrote to memory of 400	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2296 wrote to memory of 400	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2296 wrote to memory of 400	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2296 wrote to memory of 1916	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2296 wrote to memory of 1916	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2296 wrote to memory of 1916	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2296 wrote to memory of 1524	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2296 wrote to memory of 1524	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2296 wrote to memory of 1524	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2296 wrote to memory of 920	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2296 wrote to memory of 920	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2296 wrote to memory of 920	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2296 wrote to memory of 2900	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2296 wrote to memory of 2900	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2296 wrote to memory of 2900	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2296 wrote to memory of 2644	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2296 wrote to memory of 2644	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2296 wrote to memory of 2644	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2296 wrote to memory of 2164	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2296 wrote to memory of 2164	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2296 wrote to memory of 2164	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2296 wrote to memory of 2312	2296	2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-23_358d276d1005756ea0d1e75d50d47f82_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Windows\System\uTtIysK.exe
  C:\Windows\System\uTtIysK.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\kQyQqDj.exe
  C:\Windows\System\kQyQqDj.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\qIqjsPk.exe
  C:\Windows\System\qIqjsPk.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\tnzgKMk.exe
  C:\Windows\System\tnzgKMk.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\hglEeyS.exe
  C:\Windows\System\hglEeyS.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\ZOhZWlZ.exe
  C:\Windows\System\ZOhZWlZ.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\CZqjSUF.exe
  C:\Windows\System\CZqjSUF.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\nveWnDF.exe
  C:\Windows\System\nveWnDF.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\upuLQkL.exe
  C:\Windows\System\upuLQkL.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\HBgxXLw.exe
  C:\Windows\System\HBgxXLw.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\sOHdNpg.exe
  C:\Windows\System\sOHdNpg.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\VhlVSPU.exe
  C:\Windows\System\VhlVSPU.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\WZBQiZU.exe
  C:\Windows\System\WZBQiZU.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\LuNHyCo.exe
  C:\Windows\System\LuNHyCo.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\WiKEVBD.exe
  C:\Windows\System\WiKEVBD.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\lyNlWou.exe
  C:\Windows\System\lyNlWou.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\zlhZrKr.exe
  C:\Windows\System\zlhZrKr.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\EdTTCmh.exe
  C:\Windows\System\EdTTCmh.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\QWqkoJT.exe
  C:\Windows\System\QWqkoJT.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\yVwuGFc.exe
  C:\Windows\System\yVwuGFc.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\BcsBfBD.exe
  C:\Windows\System\BcsBfBD.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\HlkNgbT.exe
  C:\Windows\System\HlkNgbT.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\nQcgGfU.exe
  C:\Windows\System\nQcgGfU.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\EZTqLay.exe
  C:\Windows\System\EZTqLay.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\UnVFbxi.exe
  C:\Windows\System\UnVFbxi.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\YcaEzOW.exe
  C:\Windows\System\YcaEzOW.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\zxNdaxV.exe
  C:\Windows\System\zxNdaxV.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\PCDdLtt.exe
  C:\Windows\System\PCDdLtt.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\gPVNGRq.exe
  C:\Windows\System\gPVNGRq.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\goMPgUg.exe
  C:\Windows\System\goMPgUg.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\MkYVsXg.exe
  C:\Windows\System\MkYVsXg.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\EJylTgJ.exe
  C:\Windows\System\EJylTgJ.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\goTobTY.exe
  C:\Windows\System\goTobTY.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\vXLlDzx.exe
  C:\Windows\System\vXLlDzx.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\sWttkGe.exe
  C:\Windows\System\sWttkGe.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\hZlNRaK.exe
  C:\Windows\System\hZlNRaK.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\TfpOxTX.exe
  C:\Windows\System\TfpOxTX.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\jKMBEZb.exe
  C:\Windows\System\jKMBEZb.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\zNnUtIu.exe
  C:\Windows\System\zNnUtIu.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\xOWOMbd.exe
  C:\Windows\System\xOWOMbd.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\ufqxyPi.exe
  C:\Windows\System\ufqxyPi.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\pMyHALp.exe
  C:\Windows\System\pMyHALp.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\nAxjCdC.exe
  C:\Windows\System\nAxjCdC.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\ymGjVqB.exe
  C:\Windows\System\ymGjVqB.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\fAJVRNi.exe
  C:\Windows\System\fAJVRNi.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\NrzVlep.exe
  C:\Windows\System\NrzVlep.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\Tqnuzjf.exe
  C:\Windows\System\Tqnuzjf.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\YKvKUdC.exe
  C:\Windows\System\YKvKUdC.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\Cdqwyxj.exe
  C:\Windows\System\Cdqwyxj.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\nckJsVK.exe
  C:\Windows\System\nckJsVK.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\BFgbHpV.exe
  C:\Windows\System\BFgbHpV.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\PthYvEQ.exe
  C:\Windows\System\PthYvEQ.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\NvDPEcx.exe
  C:\Windows\System\NvDPEcx.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\aRSwzHC.exe
  C:\Windows\System\aRSwzHC.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\MVulyjs.exe
  C:\Windows\System\MVulyjs.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\PQbTGKN.exe
  C:\Windows\System\PQbTGKN.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\RVJZbaD.exe
  C:\Windows\System\RVJZbaD.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\MBpuiiy.exe
  C:\Windows\System\MBpuiiy.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\IqtSdGv.exe
  C:\Windows\System\IqtSdGv.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\CePGIuw.exe
  C:\Windows\System\CePGIuw.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\cqJyHzu.exe
  C:\Windows\System\cqJyHzu.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\ZCDxjPw.exe
  C:\Windows\System\ZCDxjPw.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\ygsenRx.exe
  C:\Windows\System\ygsenRx.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\tUsnooC.exe
  C:\Windows\System\tUsnooC.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\waAvZal.exe
  C:\Windows\System\waAvZal.exe
  2⤵
  PID:2404
- C:\Windows\System\RPSNUWf.exe
  C:\Windows\System\RPSNUWf.exe
  2⤵
  PID:1996
- C:\Windows\System\vEcqGth.exe
  C:\Windows\System\vEcqGth.exe
  2⤵
  PID:2216
- C:\Windows\System\ztFeoZP.exe
  C:\Windows\System\ztFeoZP.exe
  2⤵
  PID:668
- C:\Windows\System\fOTmGmP.exe
  C:\Windows\System\fOTmGmP.exe
  2⤵
  PID:2540
- C:\Windows\System\ZrdhWCl.exe
  C:\Windows\System\ZrdhWCl.exe
  2⤵
  PID:2484
- C:\Windows\System\meehInG.exe
  C:\Windows\System\meehInG.exe
  2⤵
  PID:908
- C:\Windows\System\EAWTAse.exe
  C:\Windows\System\EAWTAse.exe
  2⤵
  PID:1248
- C:\Windows\System\tAdBQCe.exe
  C:\Windows\System\tAdBQCe.exe
  2⤵
  PID:1712
- C:\Windows\System\oQkNqae.exe
  C:\Windows\System\oQkNqae.exe
  2⤵
  PID:1492
- C:\Windows\System\UayumGv.exe
  C:\Windows\System\UayumGv.exe
  2⤵
  PID:2064
- C:\Windows\System\pMMtrsw.exe
  C:\Windows\System\pMMtrsw.exe
  2⤵
  PID:1448
- C:\Windows\System\FnXwBzv.exe
  C:\Windows\System\FnXwBzv.exe
  2⤵
  PID:2220
- C:\Windows\System\qbxUWei.exe
  C:\Windows\System\qbxUWei.exe
  2⤵
  PID:1560
- C:\Windows\System\xCIOGLg.exe
  C:\Windows\System\xCIOGLg.exe
  2⤵
  PID:760
- C:\Windows\System\rMmDPfP.exe
  C:\Windows\System\rMmDPfP.exe
  2⤵
  PID:1660
- C:\Windows\System\qmnarmr.exe
  C:\Windows\System\qmnarmr.exe
  2⤵
  PID:1008
- C:\Windows\System\VRzwgYW.exe
  C:\Windows\System\VRzwgYW.exe
  2⤵
  PID:1644
- C:\Windows\System\EqzkRZq.exe
  C:\Windows\System\EqzkRZq.exe
  2⤵
  PID:3060
- C:\Windows\System\etPkbhx.exe
  C:\Windows\System\etPkbhx.exe
  2⤵
  PID:2712
- C:\Windows\System\GjFRPPX.exe
  C:\Windows\System\GjFRPPX.exe
  2⤵
  PID:3068
- C:\Windows\System\TuoJIJT.exe
  C:\Windows\System\TuoJIJT.exe
  2⤵
  PID:3004
- C:\Windows\System\sFscKBd.exe
  C:\Windows\System\sFscKBd.exe
  2⤵
  PID:1800
- C:\Windows\System\iHenhIT.exe
  C:\Windows\System\iHenhIT.exe
  2⤵
  PID:332
- C:\Windows\System\pjqlxOy.exe
  C:\Windows\System\pjqlxOy.exe
  2⤵
  PID:1696
- C:\Windows\System\zWbegpp.exe
  C:\Windows\System\zWbegpp.exe
  2⤵
  PID:2908
- C:\Windows\System\izZnunV.exe
  C:\Windows\System\izZnunV.exe
  2⤵
  PID:2896
- C:\Windows\System\ZVTregi.exe
  C:\Windows\System\ZVTregi.exe
  2⤵
  PID:2148
- C:\Windows\System\ZKeVWqd.exe
  C:\Windows\System\ZKeVWqd.exe
  2⤵
  PID:2956
- C:\Windows\System\lVwRSqn.exe
  C:\Windows\System\lVwRSqn.exe
  2⤵
  PID:2032
- C:\Windows\System\rquAdet.exe
  C:\Windows\System\rquAdet.exe
  2⤵
  PID:1948
- C:\Windows\System\VTXWpWW.exe
  C:\Windows\System\VTXWpWW.exe
  2⤵
  PID:892
- C:\Windows\System\RWPzjia.exe
  C:\Windows\System\RWPzjia.exe
  2⤵
  PID:532
- C:\Windows\System\POWTBQp.exe
  C:\Windows\System\POWTBQp.exe
  2⤵
  PID:2260
- C:\Windows\System\ySCVbWC.exe
  C:\Windows\System\ySCVbWC.exe
  2⤵
  PID:1420
- C:\Windows\System\JjUfHEE.exe
  C:\Windows\System\JjUfHEE.exe
  2⤵
  PID:2940
- C:\Windows\System\rljDsKS.exe
  C:\Windows\System\rljDsKS.exe
  2⤵
  PID:2928
- C:\Windows\System\hzRMHiR.exe
  C:\Windows\System\hzRMHiR.exe
  2⤵
  PID:2204
- C:\Windows\System\LLOIlmD.exe
  C:\Windows\System\LLOIlmD.exe
  2⤵
  PID:2700
- C:\Windows\System\tzHRiyh.exe
  C:\Windows\System\tzHRiyh.exe
  2⤵
  PID:2720
- C:\Windows\System\hkENEkh.exe
  C:\Windows\System\hkENEkh.exe
  2⤵
  PID:2572
- C:\Windows\System\QuCXeNf.exe
  C:\Windows\System\QuCXeNf.exe
  2⤵
  PID:1952
- C:\Windows\System\FDQAyyn.exe
  C:\Windows\System\FDQAyyn.exe
  2⤵
  PID:2124
- C:\Windows\System\jXhBoxg.exe
  C:\Windows\System\jXhBoxg.exe
  2⤵
  PID:2744
- C:\Windows\System\PqcakLM.exe
  C:\Windows\System\PqcakLM.exe
  2⤵
  PID:616
- C:\Windows\System\FTyErUX.exe
  C:\Windows\System\FTyErUX.exe
  2⤵
  PID:1480
- C:\Windows\System\tKGwYdu.exe
  C:\Windows\System\tKGwYdu.exe
  2⤵
  PID:1720
- C:\Windows\System\ToFwQoJ.exe
  C:\Windows\System\ToFwQoJ.exe
  2⤵
  PID:3088
- C:\Windows\System\vCmViNR.exe
  C:\Windows\System\vCmViNR.exe
  2⤵
  PID:3108
- C:\Windows\System\kgUfHtm.exe
  C:\Windows\System\kgUfHtm.exe
  2⤵
  PID:3128
- C:\Windows\System\xtmFamI.exe
  C:\Windows\System\xtmFamI.exe
  2⤵
  PID:3148
- C:\Windows\System\qkCRkpc.exe
  C:\Windows\System\qkCRkpc.exe
  2⤵
  PID:3168
- C:\Windows\System\tFUHwpb.exe
  C:\Windows\System\tFUHwpb.exe
  2⤵
  PID:3188
- C:\Windows\System\ZurBUZx.exe
  C:\Windows\System\ZurBUZx.exe
  2⤵
  PID:3208
- C:\Windows\System\mvdHHPS.exe
  C:\Windows\System\mvdHHPS.exe
  2⤵
  PID:3228
- C:\Windows\System\leJeVhp.exe
  C:\Windows\System\leJeVhp.exe
  2⤵
  PID:3248
- C:\Windows\System\WqMbLVP.exe
  C:\Windows\System\WqMbLVP.exe
  2⤵
  PID:3268
- C:\Windows\System\JSanWCK.exe
  C:\Windows\System\JSanWCK.exe
  2⤵
  PID:3288
- C:\Windows\System\wfpDjft.exe
  C:\Windows\System\wfpDjft.exe
  2⤵
  PID:3308
- C:\Windows\System\EXvSVTE.exe
  C:\Windows\System\EXvSVTE.exe
  2⤵
  PID:3328
- C:\Windows\System\wJtLgOp.exe
  C:\Windows\System\wJtLgOp.exe
  2⤵
  PID:3348
- C:\Windows\System\XFXljwL.exe
  C:\Windows\System\XFXljwL.exe
  2⤵
  PID:3364
- C:\Windows\System\QbzpMgd.exe
  C:\Windows\System\QbzpMgd.exe
  2⤵
  PID:3388
- C:\Windows\System\watbpNk.exe
  C:\Windows\System\watbpNk.exe
  2⤵
  PID:3408
- C:\Windows\System\UAZPkpC.exe
  C:\Windows\System\UAZPkpC.exe
  2⤵
  PID:3428
- C:\Windows\System\YrUszkW.exe
  C:\Windows\System\YrUszkW.exe
  2⤵
  PID:3448
- C:\Windows\System\AZiDZiI.exe
  C:\Windows\System\AZiDZiI.exe
  2⤵
  PID:3468
- C:\Windows\System\yPZhSDT.exe
  C:\Windows\System\yPZhSDT.exe
  2⤵
  PID:3488
- C:\Windows\System\lChupQn.exe
  C:\Windows\System\lChupQn.exe
  2⤵
  PID:3508
- C:\Windows\System\ewQMhDl.exe
  C:\Windows\System\ewQMhDl.exe
  2⤵
  PID:3528
- C:\Windows\System\DWcGtDm.exe
  C:\Windows\System\DWcGtDm.exe
  2⤵
  PID:3548
- C:\Windows\System\sOeTGFF.exe
  C:\Windows\System\sOeTGFF.exe
  2⤵
  PID:3568
- C:\Windows\System\KnTPtyF.exe
  C:\Windows\System\KnTPtyF.exe
  2⤵
  PID:3592
- C:\Windows\System\JdoIfsJ.exe
  C:\Windows\System\JdoIfsJ.exe
  2⤵
  PID:3612
- C:\Windows\System\MvlaBjV.exe
  C:\Windows\System\MvlaBjV.exe
  2⤵
  PID:3632
- C:\Windows\System\nPvdXKb.exe
  C:\Windows\System\nPvdXKb.exe
  2⤵
  PID:3652
- C:\Windows\System\UqtWpzQ.exe
  C:\Windows\System\UqtWpzQ.exe
  2⤵
  PID:3672
- C:\Windows\System\rtPNNXM.exe
  C:\Windows\System\rtPNNXM.exe
  2⤵
  PID:3692
- C:\Windows\System\NuJEfqh.exe
  C:\Windows\System\NuJEfqh.exe
  2⤵
  PID:3712
- C:\Windows\System\gwMwmFr.exe
  C:\Windows\System\gwMwmFr.exe
  2⤵
  PID:3728
- C:\Windows\System\iCdCPHE.exe
  C:\Windows\System\iCdCPHE.exe
  2⤵
  PID:3752
- C:\Windows\System\qmFftCN.exe
  C:\Windows\System\qmFftCN.exe
  2⤵
  PID:3772
- C:\Windows\System\sKTeIsj.exe
  C:\Windows\System\sKTeIsj.exe
  2⤵
  PID:3792
- C:\Windows\System\zrBVsCL.exe
  C:\Windows\System\zrBVsCL.exe
  2⤵
  PID:3812
- C:\Windows\System\UAjgaUD.exe
  C:\Windows\System\UAjgaUD.exe
  2⤵
  PID:3832
- C:\Windows\System\UtyeJET.exe
  C:\Windows\System\UtyeJET.exe
  2⤵
  PID:3852
- C:\Windows\System\ngPoBLT.exe
  C:\Windows\System\ngPoBLT.exe
  2⤵
  PID:3872
- C:\Windows\System\ICCPZoT.exe
  C:\Windows\System\ICCPZoT.exe
  2⤵
  PID:3892
- C:\Windows\System\DBcNbAG.exe
  C:\Windows\System\DBcNbAG.exe
  2⤵
  PID:3912
- C:\Windows\System\WRIpvEP.exe
  C:\Windows\System\WRIpvEP.exe
  2⤵
  PID:3932
- C:\Windows\System\zTBbDMJ.exe
  C:\Windows\System\zTBbDMJ.exe
  2⤵
  PID:3952
- C:\Windows\System\IPOWJAz.exe
  C:\Windows\System\IPOWJAz.exe
  2⤵
  PID:3972
- C:\Windows\System\tmpOAKD.exe
  C:\Windows\System\tmpOAKD.exe
  2⤵
  PID:3992
- C:\Windows\System\bWDYPlq.exe
  C:\Windows\System\bWDYPlq.exe
  2⤵
  PID:4008
- C:\Windows\System\YQLXHer.exe
  C:\Windows\System\YQLXHer.exe
  2⤵
  PID:4032
- C:\Windows\System\WscdQHJ.exe
  C:\Windows\System\WscdQHJ.exe
  2⤵
  PID:4056
- C:\Windows\System\bHGzahJ.exe
  C:\Windows\System\bHGzahJ.exe
  2⤵
  PID:4076
- C:\Windows\System\KnRkxwD.exe
  C:\Windows\System\KnRkxwD.exe
  2⤵
  PID:800
- C:\Windows\System\zQSbAVF.exe
  C:\Windows\System\zQSbAVF.exe
  2⤵
  PID:1836
- C:\Windows\System\ngCqcet.exe
  C:\Windows\System\ngCqcet.exe
  2⤵
  PID:2844
- C:\Windows\System\WjabJYy.exe
  C:\Windows\System\WjabJYy.exe
  2⤵
  PID:1832
- C:\Windows\System\JbJwbxM.exe
  C:\Windows\System\JbJwbxM.exe
  2⤵
  PID:1880
- C:\Windows\System\GJgscps.exe
  C:\Windows\System\GJgscps.exe
  2⤵
  PID:2528
- C:\Windows\System\iihahAb.exe
  C:\Windows\System\iihahAb.exe
  2⤵
  PID:1944
- C:\Windows\System\DBqZGCB.exe
  C:\Windows\System\DBqZGCB.exe
  2⤵
  PID:1708
- C:\Windows\System\nBulhKg.exe
  C:\Windows\System\nBulhKg.exe
  2⤵
  PID:3096
- C:\Windows\System\CmPHTym.exe
  C:\Windows\System\CmPHTym.exe
  2⤵
  PID:3140
- C:\Windows\System\FnHouxt.exe
  C:\Windows\System\FnHouxt.exe
  2⤵
  PID:3176
- C:\Windows\System\alpZJNY.exe
  C:\Windows\System\alpZJNY.exe
  2⤵
  PID:3180
- C:\Windows\System\itoykEt.exe
  C:\Windows\System\itoykEt.exe
  2⤵
  PID:3204
- C:\Windows\System\wpgmAcS.exe
  C:\Windows\System\wpgmAcS.exe
  2⤵
  PID:3260
- C:\Windows\System\uWMgqVi.exe
  C:\Windows\System\uWMgqVi.exe
  2⤵
  PID:3276
- C:\Windows\System\yasOOOo.exe
  C:\Windows\System\yasOOOo.exe
  2⤵
  PID:3316
- C:\Windows\System\tirPFht.exe
  C:\Windows\System\tirPFht.exe
  2⤵
  PID:3372
- C:\Windows\System\BWdoKPh.exe
  C:\Windows\System\BWdoKPh.exe
  2⤵
  PID:3416
- C:\Windows\System\eKlPBOY.exe
  C:\Windows\System\eKlPBOY.exe
  2⤵
  PID:3404
- C:\Windows\System\IoCtpaL.exe
  C:\Windows\System\IoCtpaL.exe
  2⤵
  PID:3440
- C:\Windows\System\RFyRjhT.exe
  C:\Windows\System\RFyRjhT.exe
  2⤵
  PID:3500
- C:\Windows\System\pUQdkFt.exe
  C:\Windows\System\pUQdkFt.exe
  2⤵
  PID:3520
- C:\Windows\System\aKLitzV.exe
  C:\Windows\System\aKLitzV.exe
  2⤵
  PID:3588
- C:\Windows\System\RyadXaP.exe
  C:\Windows\System\RyadXaP.exe
  2⤵
  PID:3620
- C:\Windows\System\yLsxPkx.exe
  C:\Windows\System\yLsxPkx.exe
  2⤵
  PID:3604
- C:\Windows\System\XZVXzAp.exe
  C:\Windows\System\XZVXzAp.exe
  2⤵
  PID:3644
- C:\Windows\System\EKpihWK.exe
  C:\Windows\System\EKpihWK.exe
  2⤵
  PID:3708
- C:\Windows\System\kayGOnW.exe
  C:\Windows\System\kayGOnW.exe
  2⤵
  PID:3748
- C:\Windows\System\ucJaiyn.exe
  C:\Windows\System\ucJaiyn.exe
  2⤵
  PID:3768
- C:\Windows\System\EANwVxh.exe
  C:\Windows\System\EANwVxh.exe
  2⤵
  PID:3800
- C:\Windows\System\HMWBXOx.exe
  C:\Windows\System\HMWBXOx.exe
  2⤵
  PID:3824
- C:\Windows\System\JoxzDyD.exe
  C:\Windows\System\JoxzDyD.exe
  2⤵
  PID:3868
- C:\Windows\System\EkGSLyb.exe
  C:\Windows\System\EkGSLyb.exe
  2⤵
  PID:3900
- C:\Windows\System\ZoiWbmd.exe
  C:\Windows\System\ZoiWbmd.exe
  2⤵
  PID:3920
- C:\Windows\System\DYobfWn.exe
  C:\Windows\System\DYobfWn.exe
  2⤵
  PID:3924
- C:\Windows\System\efNAApF.exe
  C:\Windows\System\efNAApF.exe
  2⤵
  PID:3964
- C:\Windows\System\McxYIyK.exe
  C:\Windows\System\McxYIyK.exe
  2⤵
  PID:4072
- C:\Windows\System\yBtgyBI.exe
  C:\Windows\System\yBtgyBI.exe
  2⤵
  PID:4052
- C:\Windows\System\xBytqFv.exe
  C:\Windows\System\xBytqFv.exe
  2⤵
  PID:4084
- C:\Windows\System\ERAlkLt.exe
  C:\Windows\System\ERAlkLt.exe
  2⤵
  PID:1672
- C:\Windows\System\ieRiBFY.exe
  C:\Windows\System\ieRiBFY.exe
  2⤵
  PID:2840
- C:\Windows\System\oFUMFeF.exe
  C:\Windows\System\oFUMFeF.exe
  2⤵
  PID:2452
- C:\Windows\System\ycERUtQ.exe
  C:\Windows\System\ycERUtQ.exe
  2⤵
  PID:3144
- C:\Windows\System\XygvCzI.exe
  C:\Windows\System\XygvCzI.exe
  2⤵
  PID:3164
- C:\Windows\System\mhIlgyf.exe
  C:\Windows\System\mhIlgyf.exe
  2⤵
  PID:3160
- C:\Windows\System\cIcSnSU.exe
  C:\Windows\System\cIcSnSU.exe
  2⤵
  PID:3236
- C:\Windows\System\RxvrrWG.exe
  C:\Windows\System\RxvrrWG.exe
  2⤵
  PID:3120
- C:\Windows\System\Lqkfbox.exe
  C:\Windows\System\Lqkfbox.exe
  2⤵
  PID:3300
- C:\Windows\System\upHsnID.exe
  C:\Windows\System\upHsnID.exe
  2⤵
  PID:3380
- C:\Windows\System\EcFzNGI.exe
  C:\Windows\System\EcFzNGI.exe
  2⤵
  PID:3356
- C:\Windows\System\rpmbkZJ.exe
  C:\Windows\System\rpmbkZJ.exe
  2⤵
  PID:3464
- C:\Windows\System\dJCRKYU.exe
  C:\Windows\System\dJCRKYU.exe
  2⤵
  PID:3524
- C:\Windows\System\rATaMwA.exe
  C:\Windows\System\rATaMwA.exe
  2⤵
  PID:3564
- C:\Windows\System\sbkPcbq.exe
  C:\Windows\System\sbkPcbq.exe
  2⤵
  PID:3560
- C:\Windows\System\FmrEqYS.exe
  C:\Windows\System\FmrEqYS.exe
  2⤵
  PID:3608
- C:\Windows\System\OXidNLT.exe
  C:\Windows\System\OXidNLT.exe
  2⤵
  PID:3736
- C:\Windows\System\VImnDCH.exe
  C:\Windows\System\VImnDCH.exe
  2⤵
  PID:3788
- C:\Windows\System\cUBelAv.exe
  C:\Windows\System\cUBelAv.exe
  2⤵
  PID:3760
- C:\Windows\System\BUoYDlF.exe
  C:\Windows\System\BUoYDlF.exe
  2⤵
  PID:3948
- C:\Windows\System\tgguXNj.exe
  C:\Windows\System\tgguXNj.exe
  2⤵
  PID:3884
- C:\Windows\System\juFDQWW.exe
  C:\Windows\System\juFDQWW.exe
  2⤵
  PID:4068
- C:\Windows\System\HSOKIki.exe
  C:\Windows\System\HSOKIki.exe
  2⤵
  PID:896
- C:\Windows\System\rZSDJyE.exe
  C:\Windows\System\rZSDJyE.exe
  2⤵
  PID:4020
- C:\Windows\System\zDsTwXc.exe
  C:\Windows\System\zDsTwXc.exe
  2⤵
  PID:2968
- C:\Windows\System\ttuvOTT.exe
  C:\Windows\System\ttuvOTT.exe
  2⤵
  PID:2684
- C:\Windows\System\LHQbCai.exe
  C:\Windows\System\LHQbCai.exe
  2⤵
  PID:3076
- C:\Windows\System\zlCFKiE.exe
  C:\Windows\System\zlCFKiE.exe
  2⤵
  PID:3196
- C:\Windows\System\tzeEThO.exe
  C:\Windows\System\tzeEThO.exe
  2⤵
  PID:3336
- C:\Windows\System\yTQsNon.exe
  C:\Windows\System\yTQsNon.exe
  2⤵
  PID:3340
- C:\Windows\System\OeQYvlu.exe
  C:\Windows\System\OeQYvlu.exe
  2⤵
  PID:3504
- C:\Windows\System\WpkRFyk.exe
  C:\Windows\System\WpkRFyk.exe
  2⤵
  PID:3020
- C:\Windows\System\GcaKMCV.exe
  C:\Windows\System\GcaKMCV.exe
  2⤵
  PID:2068
- C:\Windows\System\dtnBubs.exe
  C:\Windows\System\dtnBubs.exe
  2⤵
  PID:3684
- C:\Windows\System\EDzYuRz.exe
  C:\Windows\System\EDzYuRz.exe
  2⤵
  PID:3860
- C:\Windows\System\durGoXB.exe
  C:\Windows\System\durGoXB.exe
  2⤵
  PID:3940
- C:\Windows\System\dmmvMHU.exe
  C:\Windows\System\dmmvMHU.exe
  2⤵
  PID:3880
- C:\Windows\System\VXghFtY.exe
  C:\Windows\System\VXghFtY.exe
  2⤵
  PID:3628
- C:\Windows\System\ZjlwURf.exe
  C:\Windows\System\ZjlwURf.exe
  2⤵
  PID:316
- C:\Windows\System\hJLaOui.exe
  C:\Windows\System\hJLaOui.exe
  2⤵
  PID:3700
- C:\Windows\System\yJNDlNj.exe
  C:\Windows\System\yJNDlNj.exe
  2⤵
  PID:3080
- C:\Windows\System\RFMKcLX.exe
  C:\Windows\System\RFMKcLX.exe
  2⤵
  PID:3476
- C:\Windows\System\AgJSnyg.exe
  C:\Windows\System\AgJSnyg.exe
  2⤵
  PID:3396
- C:\Windows\System\pPTNFlM.exe
  C:\Windows\System\pPTNFlM.exe
  2⤵
  PID:3968
- C:\Windows\System\PDVIcaO.exe
  C:\Windows\System\PDVIcaO.exe
  2⤵
  PID:3844
- C:\Windows\System\fbtmbtb.exe
  C:\Windows\System\fbtmbtb.exe
  2⤵
  PID:756
- C:\Windows\System\TZxLZPc.exe
  C:\Windows\System\TZxLZPc.exe
  2⤵
  PID:2948
- C:\Windows\System\jvuwjgD.exe
  C:\Windows\System\jvuwjgD.exe
  2⤵
  PID:3320
- C:\Windows\System\uZHIuod.exe
  C:\Windows\System\uZHIuod.exe
  2⤵
  PID:3124
- C:\Windows\System\CdKKjZv.exe
  C:\Windows\System\CdKKjZv.exe
  2⤵
  PID:2868
- C:\Windows\System\SAilhkN.exe
  C:\Windows\System\SAilhkN.exe
  2⤵
  PID:2208
- C:\Windows\System\iFqfpKM.exe
  C:\Windows\System\iFqfpKM.exe
  2⤵
  PID:3648
- C:\Windows\System\jIfHiky.exe
  C:\Windows\System\jIfHiky.exe
  2⤵
  PID:3780
- C:\Windows\System\mlqDdxv.exe
  C:\Windows\System\mlqDdxv.exe
  2⤵
  PID:3136
- C:\Windows\System\BRFDeTm.exe
  C:\Windows\System\BRFDeTm.exe
  2⤵
  PID:2624
- C:\Windows\System\eAFazVp.exe
  C:\Windows\System\eAFazVp.exe
  2⤵
  PID:3048
- C:\Windows\System\wwYvFwk.exe
  C:\Windows\System\wwYvFwk.exe
  2⤵
  PID:2780
- C:\Windows\System\HaYGyOf.exe
  C:\Windows\System\HaYGyOf.exe
  2⤵
  PID:2884
- C:\Windows\System\pDxTyhm.exe
  C:\Windows\System\pDxTyhm.exe
  2⤵
  PID:2028
- C:\Windows\System\WkuyoCc.exe
  C:\Windows\System\WkuyoCc.exe
  2⤵
  PID:2748
- C:\Windows\System\HJVdmmq.exe
  C:\Windows\System\HJVdmmq.exe
  2⤵
  PID:4100
- C:\Windows\System\EohrKKw.exe
  C:\Windows\System\EohrKKw.exe
  2⤵
  PID:4116
- C:\Windows\System\fjJGKMW.exe
  C:\Windows\System\fjJGKMW.exe
  2⤵
  PID:4132
- C:\Windows\System\gJDhjoo.exe
  C:\Windows\System\gJDhjoo.exe
  2⤵
  PID:4148
- C:\Windows\System\AmzTMBd.exe
  C:\Windows\System\AmzTMBd.exe
  2⤵
  PID:4164
- C:\Windows\System\SZGhVpV.exe
  C:\Windows\System\SZGhVpV.exe
  2⤵
  PID:4180
- C:\Windows\System\bxIlnFQ.exe
  C:\Windows\System\bxIlnFQ.exe
  2⤵
  PID:4196
- C:\Windows\System\TxgGzdZ.exe
  C:\Windows\System\TxgGzdZ.exe
  2⤵
  PID:4212
- C:\Windows\System\OnbxRtL.exe
  C:\Windows\System\OnbxRtL.exe
  2⤵
  PID:4228
- C:\Windows\System\ywXCDlu.exe
  C:\Windows\System\ywXCDlu.exe
  2⤵
  PID:4244
- C:\Windows\System\fRCJvrr.exe
  C:\Windows\System\fRCJvrr.exe
  2⤵
  PID:4260
- C:\Windows\System\GnXQeKT.exe
  C:\Windows\System\GnXQeKT.exe
  2⤵
  PID:4276
- C:\Windows\System\zBLduLG.exe
  C:\Windows\System\zBLduLG.exe
  2⤵
  PID:4292
- C:\Windows\System\CUenbAs.exe
  C:\Windows\System\CUenbAs.exe
  2⤵
  PID:4308
- C:\Windows\System\HXKqkjv.exe
  C:\Windows\System\HXKqkjv.exe
  2⤵
  PID:4324
- C:\Windows\System\EuJdEoA.exe
  C:\Windows\System\EuJdEoA.exe
  2⤵
  PID:4340
- C:\Windows\System\uHRAcXd.exe
  C:\Windows\System\uHRAcXd.exe
  2⤵
  PID:4356
- C:\Windows\System\sCrXItO.exe
  C:\Windows\System\sCrXItO.exe
  2⤵
  PID:4372
- C:\Windows\System\udILLUZ.exe
  C:\Windows\System\udILLUZ.exe
  2⤵
  PID:4388
- C:\Windows\System\RcIjBvn.exe
  C:\Windows\System\RcIjBvn.exe
  2⤵
  PID:4404
- C:\Windows\System\DUWlvjU.exe
  C:\Windows\System\DUWlvjU.exe
  2⤵
  PID:4424
- C:\Windows\System\Dltbiim.exe
  C:\Windows\System\Dltbiim.exe
  2⤵
  PID:4440
- C:\Windows\System\RFTjijX.exe
  C:\Windows\System\RFTjijX.exe
  2⤵
  PID:4456
- C:\Windows\System\rxILQXL.exe
  C:\Windows\System\rxILQXL.exe
  2⤵
  PID:4472
- C:\Windows\System\QWDwLAS.exe
  C:\Windows\System\QWDwLAS.exe
  2⤵
  PID:4488
- C:\Windows\System\EZxCMru.exe
  C:\Windows\System\EZxCMru.exe
  2⤵
  PID:4504
- C:\Windows\System\rKsNhOd.exe
  C:\Windows\System\rKsNhOd.exe
  2⤵
  PID:4520
- C:\Windows\System\gHtyghw.exe
  C:\Windows\System\gHtyghw.exe
  2⤵
  PID:4536
- C:\Windows\System\dvYDexk.exe
  C:\Windows\System\dvYDexk.exe
  2⤵
  PID:4552
- C:\Windows\System\gcyrpxv.exe
  C:\Windows\System\gcyrpxv.exe
  2⤵
  PID:4568
- C:\Windows\System\XvatGfh.exe
  C:\Windows\System\XvatGfh.exe
  2⤵
  PID:4584
- C:\Windows\System\QYdYvfX.exe
  C:\Windows\System\QYdYvfX.exe
  2⤵
  PID:4600
- C:\Windows\System\oruLbpk.exe
  C:\Windows\System\oruLbpk.exe
  2⤵
  PID:4616
- C:\Windows\System\FKhPgxf.exe
  C:\Windows\System\FKhPgxf.exe
  2⤵
  PID:4632
- C:\Windows\System\zBTkRmc.exe
  C:\Windows\System\zBTkRmc.exe
  2⤵
  PID:4648
- C:\Windows\System\ZSgagiE.exe
  C:\Windows\System\ZSgagiE.exe
  2⤵
  PID:4664
- C:\Windows\System\SfBapSN.exe
  C:\Windows\System\SfBapSN.exe
  2⤵
  PID:4680
- C:\Windows\System\saRcxTz.exe
  C:\Windows\System\saRcxTz.exe
  2⤵
  PID:4696
- C:\Windows\System\kJPTDvj.exe
  C:\Windows\System\kJPTDvj.exe
  2⤵
  PID:4712
- C:\Windows\System\nYuVSuv.exe
  C:\Windows\System\nYuVSuv.exe
  2⤵
  PID:4728
- C:\Windows\System\foveoDZ.exe
  C:\Windows\System\foveoDZ.exe
  2⤵
  PID:4744
- C:\Windows\System\aIHIqfA.exe
  C:\Windows\System\aIHIqfA.exe
  2⤵
  PID:4760
- C:\Windows\System\fcoLTLI.exe
  C:\Windows\System\fcoLTLI.exe
  2⤵
  PID:4776
- C:\Windows\System\jiLyzJU.exe
  C:\Windows\System\jiLyzJU.exe
  2⤵
  PID:4792
- C:\Windows\System\NABQIcv.exe
  C:\Windows\System\NABQIcv.exe
  2⤵
  PID:4808
- C:\Windows\System\NxJSoNT.exe
  C:\Windows\System\NxJSoNT.exe
  2⤵
  PID:4824
- C:\Windows\System\nMZCaBL.exe
  C:\Windows\System\nMZCaBL.exe
  2⤵
  PID:4840
- C:\Windows\System\wszDtxK.exe
  C:\Windows\System\wszDtxK.exe
  2⤵
  PID:4856
- C:\Windows\System\NMNupxQ.exe
  C:\Windows\System\NMNupxQ.exe
  2⤵
  PID:4872
- C:\Windows\System\SJOWaLn.exe
  C:\Windows\System\SJOWaLn.exe
  2⤵
  PID:4888
- C:\Windows\System\SlYJlnv.exe
  C:\Windows\System\SlYJlnv.exe
  2⤵
  PID:4904
- C:\Windows\System\EditXsz.exe
  C:\Windows\System\EditXsz.exe
  2⤵
  PID:4920
- C:\Windows\System\sjumKei.exe
  C:\Windows\System\sjumKei.exe
  2⤵
  PID:4936
- C:\Windows\System\iVxRAKP.exe
  C:\Windows\System\iVxRAKP.exe
  2⤵
  PID:4952
- C:\Windows\System\BUIcUne.exe
  C:\Windows\System\BUIcUne.exe
  2⤵
  PID:4968
- C:\Windows\System\JbWoRPO.exe
  C:\Windows\System\JbWoRPO.exe
  2⤵
  PID:4984
- C:\Windows\System\fOxKvUw.exe
  C:\Windows\System\fOxKvUw.exe
  2⤵
  PID:5000
- C:\Windows\System\hiFArds.exe
  C:\Windows\System\hiFArds.exe
  2⤵
  PID:5016
- C:\Windows\System\wJYHfCn.exe
  C:\Windows\System\wJYHfCn.exe
  2⤵
  PID:5032
- C:\Windows\System\IFwkpLv.exe
  C:\Windows\System\IFwkpLv.exe
  2⤵
  PID:5052
- C:\Windows\System\BLmnDOq.exe
  C:\Windows\System\BLmnDOq.exe
  2⤵
  PID:5068
- C:\Windows\System\OqEAiqu.exe
  C:\Windows\System\OqEAiqu.exe
  2⤵
  PID:5084
- C:\Windows\System\ZcKibER.exe
  C:\Windows\System\ZcKibER.exe
  2⤵
  PID:5100
- C:\Windows\System\SPmNZMh.exe
  C:\Windows\System\SPmNZMh.exe
  2⤵
  PID:5116
- C:\Windows\System\vRujtuB.exe
  C:\Windows\System\vRujtuB.exe
  2⤵
  PID:3980
- C:\Windows\System\OKgfBjy.exe
  C:\Windows\System\OKgfBjy.exe
  2⤵
  PID:2808
- C:\Windows\System\dRHcnYN.exe
  C:\Windows\System\dRHcnYN.exe
  2⤵
  PID:4016
- C:\Windows\System\kClHKOr.exe
  C:\Windows\System\kClHKOr.exe
  2⤵
  PID:2800
- C:\Windows\System\NyZqjcK.exe
  C:\Windows\System\NyZqjcK.exe
  2⤵
  PID:1652
- C:\Windows\System\OlYuqcV.exe
  C:\Windows\System\OlYuqcV.exe
  2⤵
  PID:4108
- C:\Windows\System\lFVbzqm.exe
  C:\Windows\System\lFVbzqm.exe
  2⤵
  PID:4140
- C:\Windows\System\exaXTav.exe
  C:\Windows\System\exaXTav.exe
  2⤵
  PID:4172
- C:\Windows\System\YZbayTE.exe
  C:\Windows\System\YZbayTE.exe
  2⤵
  PID:4204
- C:\Windows\System\jHuPNqK.exe
  C:\Windows\System\jHuPNqK.exe
  2⤵
  PID:4236
- C:\Windows\System\ICbzqdm.exe
  C:\Windows\System\ICbzqdm.exe
  2⤵
  PID:4284
- C:\Windows\System\GOfXyNr.exe
  C:\Windows\System\GOfXyNr.exe
  2⤵
  PID:4300
- C:\Windows\System\ESsahbp.exe
  C:\Windows\System\ESsahbp.exe
  2⤵
  PID:4332
- C:\Windows\System\BZNlkLD.exe
  C:\Windows\System\BZNlkLD.exe
  2⤵
  PID:4364
- C:\Windows\System\uXRmsYo.exe
  C:\Windows\System\uXRmsYo.exe
  2⤵
  PID:584
- C:\Windows\System\idfTchg.exe
  C:\Windows\System\idfTchg.exe
  2⤵
  PID:4400
- C:\Windows\System\ePpZPSs.exe
  C:\Windows\System\ePpZPSs.exe
  2⤵
  PID:4436
- C:\Windows\System\CDFMbEw.exe
  C:\Windows\System\CDFMbEw.exe
  2⤵
  PID:4480
- C:\Windows\System\yXTsRfF.exe
  C:\Windows\System\yXTsRfF.exe
  2⤵
  PID:4512
- C:\Windows\System\uyCZptn.exe
  C:\Windows\System\uyCZptn.exe
  2⤵
  PID:4544
- C:\Windows\System\yQYewlL.exe
  C:\Windows\System\yQYewlL.exe
  2⤵
  PID:4560
- C:\Windows\System\BjssljP.exe
  C:\Windows\System\BjssljP.exe
  2⤵
  PID:4592
- C:\Windows\System\WYdeESK.exe
  C:\Windows\System\WYdeESK.exe
  2⤵
  PID:4624
- C:\Windows\System\DsDSyXa.exe
  C:\Windows\System\DsDSyXa.exe
  2⤵
  PID:4656
- C:\Windows\System\bdbwelw.exe
  C:\Windows\System\bdbwelw.exe
  2⤵
  PID:4676
- C:\Windows\System\TUYNpmT.exe
  C:\Windows\System\TUYNpmT.exe
  2⤵
  PID:4708
- C:\Windows\System\EpQAdil.exe
  C:\Windows\System\EpQAdil.exe
  2⤵
  PID:4740
- C:\Windows\System\MuMwJTI.exe
  C:\Windows\System\MuMwJTI.exe
  2⤵
  PID:4768
- C:\Windows\System\ohuMIoo.exe
  C:\Windows\System\ohuMIoo.exe
  2⤵
  PID:4804
- C:\Windows\System\rEESqax.exe
  C:\Windows\System\rEESqax.exe
  2⤵
  PID:4836
- C:\Windows\System\TFNqsXc.exe
  C:\Windows\System\TFNqsXc.exe
  2⤵
  PID:4868
- C:\Windows\System\PzCrnlT.exe
  C:\Windows\System\PzCrnlT.exe
  2⤵
  PID:4884
- C:\Windows\System\OlbNlEp.exe
  C:\Windows\System\OlbNlEp.exe
  2⤵
  PID:4928
- C:\Windows\System\GQNzhKr.exe
  C:\Windows\System\GQNzhKr.exe
  2⤵
  PID:4948
- C:\Windows\System\eRAQDtI.exe
  C:\Windows\System\eRAQDtI.exe
  2⤵
  PID:4992
- C:\Windows\System\wkgFIWv.exe
  C:\Windows\System\wkgFIWv.exe
  2⤵
  PID:5024
- C:\Windows\System\NlqTekr.exe
  C:\Windows\System\NlqTekr.exe
  2⤵
  PID:5044
- C:\Windows\System\NNjMZNk.exe
  C:\Windows\System\NNjMZNk.exe
  2⤵
  PID:5080
- C:\Windows\System\FskAmMa.exe
  C:\Windows\System\FskAmMa.exe
  2⤵
  PID:5112
- C:\Windows\System\CqfkLdF.exe
  C:\Windows\System\CqfkLdF.exe
  2⤵
  PID:1548
- C:\Windows\System\NSGMtiK.exe
  C:\Windows\System\NSGMtiK.exe
  2⤵
  PID:3084
- C:\Windows\System\FcEPOek.exe
  C:\Windows\System\FcEPOek.exe
  2⤵
  PID:2468
- C:\Windows\System\nMGpHqK.exe
  C:\Windows\System\nMGpHqK.exe
  2⤵
  PID:4144
- C:\Windows\System\lEnUykK.exe
  C:\Windows\System\lEnUykK.exe
  2⤵
  PID:4176
- C:\Windows\System\gdAxPdw.exe
  C:\Windows\System\gdAxPdw.exe
  2⤵
  PID:4256
- C:\Windows\System\UXjQuSR.exe
  C:\Windows\System\UXjQuSR.exe
  2⤵
  PID:4288
- C:\Windows\System\eAWkjnA.exe
  C:\Windows\System\eAWkjnA.exe
  2⤵
  PID:4336
- C:\Windows\System\yfTJQjU.exe
  C:\Windows\System\yfTJQjU.exe
  2⤵
  PID:4432
- C:\Windows\System\zHVvfLZ.exe
  C:\Windows\System\zHVvfLZ.exe
  2⤵
  PID:4496
- C:\Windows\System\HJxnFOL.exe
  C:\Windows\System\HJxnFOL.exe
  2⤵
  PID:592
- C:\Windows\System\iPOXxIj.exe
  C:\Windows\System\iPOXxIj.exe
  2⤵
  PID:4608
- C:\Windows\System\QwSEEgy.exe
  C:\Windows\System\QwSEEgy.exe
  2⤵
  PID:1364
- C:\Windows\System\PJUVQyJ.exe
  C:\Windows\System\PJUVQyJ.exe
  2⤵
  PID:4724
- C:\Windows\System\ydZabNC.exe
  C:\Windows\System\ydZabNC.exe
  2⤵
  PID:4772
- C:\Windows\System\UGqyVJD.exe
  C:\Windows\System\UGqyVJD.exe
  2⤵
  PID:2592
- C:\Windows\System\eUkUUBG.exe
  C:\Windows\System\eUkUUBG.exe
  2⤵
  PID:4820
- C:\Windows\System\uannCnF.exe
  C:\Windows\System\uannCnF.exe
  2⤵
  PID:4864
- C:\Windows\System\ISIJFXp.exe
  C:\Windows\System\ISIJFXp.exe
  2⤵
  PID:4916
- C:\Windows\System\kkSyfqG.exe
  C:\Windows\System\kkSyfqG.exe
  2⤵
  PID:4980
- C:\Windows\System\evTVsBD.exe
  C:\Windows\System\evTVsBD.exe
  2⤵
  PID:2828
- C:\Windows\System\jdOsFGx.exe
  C:\Windows\System\jdOsFGx.exe
  2⤵
  PID:5076
- C:\Windows\System\IqbAzFf.exe
  C:\Windows\System\IqbAzFf.exe
  2⤵
  PID:3516
- C:\Windows\System\tOjkRqK.exe
  C:\Windows\System\tOjkRqK.exe
  2⤵
  PID:4128
- C:\Windows\System\odJwdGf.exe
  C:\Windows\System\odJwdGf.exe
  2⤵
  PID:4160
- C:\Windows\System\nxTkxoH.exe
  C:\Windows\System\nxTkxoH.exe
  2⤵
  PID:4320
- C:\Windows\System\FLVvKSE.exe
  C:\Windows\System\FLVvKSE.exe
  2⤵
  PID:4396
- C:\Windows\System\JBEjKZc.exe
  C:\Windows\System\JBEjKZc.exe
  2⤵
  PID:4532
- C:\Windows\System\DcIbXTp.exe
  C:\Windows\System\DcIbXTp.exe
  2⤵
  PID:4640
- C:\Windows\System\EmyQilw.exe
  C:\Windows\System\EmyQilw.exe
  2⤵
  PID:2240
- C:\Windows\System\FWTqNiP.exe
  C:\Windows\System\FWTqNiP.exe
  2⤵
  PID:4852
- C:\Windows\System\DTqfMDC.exe
  C:\Windows\System\DTqfMDC.exe
  2⤵
  PID:4896
- C:\Windows\System\WITEaEd.exe
  C:\Windows\System\WITEaEd.exe
  2⤵
  PID:5096
- C:\Windows\System\qUMkFUP.exe
  C:\Windows\System\qUMkFUP.exe
  2⤵
  PID:2760
- C:\Windows\System\DwKQvfD.exe
  C:\Windows\System\DwKQvfD.exe
  2⤵
  PID:2584
- C:\Windows\System\namhxYz.exe
  C:\Windows\System\namhxYz.exe
  2⤵
  PID:4220
- C:\Windows\System\OacgXDZ.exe
  C:\Windows\System\OacgXDZ.exe
  2⤵
  PID:4484
- C:\Windows\System\ubcjfFc.exe
  C:\Windows\System\ubcjfFc.exe
  2⤵
  PID:4580
- C:\Windows\System\FvhcLiB.exe
  C:\Windows\System\FvhcLiB.exe
  2⤵
  PID:4040
- C:\Windows\System\cgcJhXR.exe
  C:\Windows\System\cgcJhXR.exe
  2⤵
  PID:4784
- C:\Windows\System\aAjRjnw.exe
  C:\Windows\System\aAjRjnw.exe
  2⤵
  PID:4912
- C:\Windows\System\iwRgcvy.exe
  C:\Windows\System\iwRgcvy.exe
  2⤵
  PID:4224
- C:\Windows\System\VXexhfL.exe
  C:\Windows\System\VXexhfL.exe
  2⤵
  PID:2416
- C:\Windows\System\bjFQCKG.exe
  C:\Windows\System\bjFQCKG.exe
  2⤵
  PID:1456
- C:\Windows\System\iCJlQuV.exe
  C:\Windows\System\iCJlQuV.exe
  2⤵
  PID:2024
- C:\Windows\System\TbCvQLd.exe
  C:\Windows\System\TbCvQLd.exe
  2⤵
  PID:4704
- C:\Windows\System\iXsQrOn.exe
  C:\Windows\System\iXsQrOn.exe
  2⤵
  PID:2532
- C:\Windows\System\ygXTgLE.exe
  C:\Windows\System\ygXTgLE.exe
  2⤵
  PID:4416
- C:\Windows\System\NDlwroy.exe
  C:\Windows\System\NDlwroy.exe
  2⤵
  PID:2284
- C:\Windows\System\yiEeCyU.exe
  C:\Windows\System\yiEeCyU.exe
  2⤵
  PID:1204
- C:\Windows\System\AttURyt.exe
  C:\Windows\System\AttURyt.exe
  2⤵
  PID:1968
- C:\Windows\System\gUHEpqB.exe
  C:\Windows\System\gUHEpqB.exe
  2⤵
  PID:2920
- C:\Windows\System\XzUczsS.exe
  C:\Windows\System\XzUczsS.exe
  2⤵
  PID:1440
- C:\Windows\System\Nrwwdlh.exe
  C:\Windows\System\Nrwwdlh.exe
  2⤵
  PID:2120
- C:\Windows\System\RRqvNep.exe
  C:\Windows\System\RRqvNep.exe
  2⤵
  PID:2676
- C:\Windows\System\ujccTrU.exe
  C:\Windows\System\ujccTrU.exe
  2⤵
  PID:5124
- C:\Windows\System\sRyCbIb.exe
  C:\Windows\System\sRyCbIb.exe
  2⤵
  PID:5140
- C:\Windows\System\YkVBwWx.exe
  C:\Windows\System\YkVBwWx.exe
  2⤵
  PID:5156
- C:\Windows\System\ERoHHFR.exe
  C:\Windows\System\ERoHHFR.exe
  2⤵
  PID:5172
- C:\Windows\System\THxgRUn.exe
  C:\Windows\System\THxgRUn.exe
  2⤵
  PID:5188
- C:\Windows\System\rzxilZQ.exe
  C:\Windows\System\rzxilZQ.exe
  2⤵
  PID:5204
- C:\Windows\System\ptanuXp.exe
  C:\Windows\System\ptanuXp.exe
  2⤵
  PID:5220
- C:\Windows\System\nYufjHT.exe
  C:\Windows\System\nYufjHT.exe
  2⤵
  PID:5236
- C:\Windows\System\htqUGoI.exe
  C:\Windows\System\htqUGoI.exe
  2⤵
  PID:5252
- C:\Windows\System\viYPMiI.exe
  C:\Windows\System\viYPMiI.exe
  2⤵
  PID:5268
- C:\Windows\System\COhDFtZ.exe
  C:\Windows\System\COhDFtZ.exe
  2⤵
  PID:5284
- C:\Windows\System\RfoXGWl.exe
  C:\Windows\System\RfoXGWl.exe
  2⤵
  PID:5300
- C:\Windows\System\dvrQNCF.exe
  C:\Windows\System\dvrQNCF.exe
  2⤵
  PID:5332
- C:\Windows\System\fuwkyOR.exe
  C:\Windows\System\fuwkyOR.exe
  2⤵
  PID:5392
- C:\Windows\System\ShRjBLR.exe
  C:\Windows\System\ShRjBLR.exe
  2⤵
  PID:5424
- C:\Windows\System\fRdNKmz.exe
  C:\Windows\System\fRdNKmz.exe
  2⤵
  PID:5444
- C:\Windows\System\AagAOAf.exe
  C:\Windows\System\AagAOAf.exe
  2⤵
  PID:5464
- C:\Windows\System\RqEHzVu.exe
  C:\Windows\System\RqEHzVu.exe
  2⤵
  PID:5480
- C:\Windows\System\ViedDYQ.exe
  C:\Windows\System\ViedDYQ.exe
  2⤵
  PID:5512
- C:\Windows\System\tJLsYOt.exe
  C:\Windows\System\tJLsYOt.exe
  2⤵
  PID:5544
- C:\Windows\System\wVbmNFw.exe
  C:\Windows\System\wVbmNFw.exe
  2⤵
  PID:5572
- C:\Windows\System\HcLVzCs.exe
  C:\Windows\System\HcLVzCs.exe
  2⤵
  PID:5588
- C:\Windows\System\pGBXzAg.exe
  C:\Windows\System\pGBXzAg.exe
  2⤵
  PID:5604
- C:\Windows\System\BrlZDEL.exe
  C:\Windows\System\BrlZDEL.exe
  2⤵
  PID:5620
- C:\Windows\System\asxWXiC.exe
  C:\Windows\System\asxWXiC.exe
  2⤵
  PID:5636
- C:\Windows\System\YgtFvkG.exe
  C:\Windows\System\YgtFvkG.exe
  2⤵
  PID:5652
- C:\Windows\System\YAiWzqh.exe
  C:\Windows\System\YAiWzqh.exe
  2⤵
  PID:5668
- C:\Windows\System\qVUirJf.exe
  C:\Windows\System\qVUirJf.exe
  2⤵
  PID:5684
- C:\Windows\System\buqyPXE.exe
  C:\Windows\System\buqyPXE.exe
  2⤵
  PID:5956
- C:\Windows\System\zOHEZCv.exe
  C:\Windows\System\zOHEZCv.exe
  2⤵
  PID:5972
- C:\Windows\System\TPUkSfl.exe
  C:\Windows\System\TPUkSfl.exe
  2⤵
  PID:5988
- C:\Windows\System\OAYuGSr.exe
  C:\Windows\System\OAYuGSr.exe
  2⤵
  PID:6004
- C:\Windows\System\ktMrpym.exe
  C:\Windows\System\ktMrpym.exe
  2⤵
  PID:6020
- C:\Windows\System\famHVuO.exe
  C:\Windows\System\famHVuO.exe
  2⤵
  PID:6036
- C:\Windows\System\bXVXrmE.exe
  C:\Windows\System\bXVXrmE.exe
  2⤵
  PID:6052
- C:\Windows\System\msxXsJU.exe
  C:\Windows\System\msxXsJU.exe
  2⤵
  PID:6068
- C:\Windows\System\fRTJers.exe
  C:\Windows\System\fRTJers.exe
  2⤵
  PID:6084
- C:\Windows\System\GUHOyfF.exe
  C:\Windows\System\GUHOyfF.exe
  2⤵
  PID:6116
- C:\Windows\System\FsRXsqi.exe
  C:\Windows\System\FsRXsqi.exe
  2⤵
  PID:6136
- C:\Windows\System\tkyDScY.exe
  C:\Windows\System\tkyDScY.exe
  2⤵
  PID:5012
- C:\Windows\System\BmEqDvM.exe
  C:\Windows\System\BmEqDvM.exe
  2⤵
  PID:636
- C:\Windows\System\suqVFcE.exe
  C:\Windows\System\suqVFcE.exe
  2⤵
  PID:5152
- C:\Windows\System\rZZRpgy.exe
  C:\Windows\System\rZZRpgy.exe
  2⤵
  PID:5168
- C:\Windows\System\wpqqNqU.exe
  C:\Windows\System\wpqqNqU.exe
  2⤵
  PID:5196
- C:\Windows\System\MxMcYZI.exe
  C:\Windows\System\MxMcYZI.exe
  2⤵
  PID:5216
- C:\Windows\System\ZEFozBK.exe
  C:\Windows\System\ZEFozBK.exe
  2⤵
  PID:2180
- C:\Windows\System\KLSxprH.exe
  C:\Windows\System\KLSxprH.exe
  2⤵
  PID:2128
- C:\Windows\System\UCWWQje.exe
  C:\Windows\System\UCWWQje.exe
  2⤵
  PID:1316
- C:\Windows\System\iWIeZCL.exe
  C:\Windows\System\iWIeZCL.exe
  2⤵
  PID:1796
- C:\Windows\System\YDePiiZ.exe
  C:\Windows\System\YDePiiZ.exe
  2⤵
  PID:5292
- C:\Windows\System\VVOZjcO.exe
  C:\Windows\System\VVOZjcO.exe
  2⤵
  PID:5316
- C:\Windows\System\zDBSkUv.exe
  C:\Windows\System\zDBSkUv.exe
  2⤵
  PID:876
- C:\Windows\System\SXtssmn.exe
  C:\Windows\System\SXtssmn.exe
  2⤵
  PID:5312
- C:\Windows\System\djIfPOi.exe
  C:\Windows\System\djIfPOi.exe
  2⤵
  PID:5048
- C:\Windows\System\BRaLQTp.exe
  C:\Windows\System\BRaLQTp.exe
  2⤵
  PID:5356
- C:\Windows\System\nfAneYC.exe
  C:\Windows\System\nfAneYC.exe
  2⤵
  PID:5388
- C:\Windows\System\mxOuRYh.exe
  C:\Windows\System\mxOuRYh.exe
  2⤵
  PID:5384
- C:\Windows\System\QhZbbpK.exe
  C:\Windows\System\QhZbbpK.exe
  2⤵
  PID:5416
- C:\Windows\System\cwlzXKT.exe
  C:\Windows\System\cwlzXKT.exe
  2⤵
  PID:5460
- C:\Windows\System\edVMMDb.exe
  C:\Windows\System\edVMMDb.exe
  2⤵
  PID:5496
- C:\Windows\System\pRlYIsS.exe
  C:\Windows\System\pRlYIsS.exe
  2⤵
  PID:5552
- C:\Windows\System\TBxejlb.exe
  C:\Windows\System\TBxejlb.exe
  2⤵
  PID:5568
- C:\Windows\System\PAEseSn.exe
  C:\Windows\System\PAEseSn.exe
  2⤵
  PID:5632
- C:\Windows\System\LjhyhqR.exe
  C:\Windows\System\LjhyhqR.exe
  2⤵
  PID:5440
- C:\Windows\System\dLkpHNM.exe
  C:\Windows\System\dLkpHNM.exe
  2⤵
  PID:5536
- C:\Windows\System\OWltTwo.exe
  C:\Windows\System\OWltTwo.exe
  2⤵
  PID:5680
- C:\Windows\System\toTitkP.exe
  C:\Windows\System\toTitkP.exe
  2⤵
  PID:5476
- C:\Windows\System\EtFvkRi.exe
  C:\Windows\System\EtFvkRi.exe
  2⤵
  PID:5584
- C:\Windows\System\ZsDJaxk.exe
  C:\Windows\System\ZsDJaxk.exe
  2⤵
  PID:5716
- C:\Windows\System\mnmGMzk.exe
  C:\Windows\System\mnmGMzk.exe
  2⤵
  PID:5712
- C:\Windows\System\ihIYzHr.exe
  C:\Windows\System\ihIYzHr.exe
  2⤵
  PID:5724
- C:\Windows\System\sNKjuAe.exe
  C:\Windows\System\sNKjuAe.exe
  2⤵
  PID:5752
- C:\Windows\System\JmMVLAQ.exe
  C:\Windows\System\JmMVLAQ.exe
  2⤵
  PID:5772
- C:\Windows\System\CKaqwYn.exe
  C:\Windows\System\CKaqwYn.exe
  2⤵
  PID:5788
- C:\Windows\System\Evsheqa.exe
  C:\Windows\System\Evsheqa.exe
  2⤵
  PID:5804
- C:\Windows\System\DxHOZnX.exe
  C:\Windows\System\DxHOZnX.exe
  2⤵
  PID:5820
- C:\Windows\System\gSCWwHk.exe
  C:\Windows\System\gSCWwHk.exe
  2⤵
  PID:5832
- C:\Windows\System\QSuHxzM.exe
  C:\Windows\System\QSuHxzM.exe
  2⤵
  PID:5852
- C:\Windows\System\llYEjeL.exe
  C:\Windows\System\llYEjeL.exe
  2⤵
  PID:5868
- C:\Windows\System\ahsQohi.exe
  C:\Windows\System\ahsQohi.exe
  2⤵
  PID:5884
- C:\Windows\System\SxaWKAZ.exe
  C:\Windows\System\SxaWKAZ.exe
  2⤵
  PID:5900
- C:\Windows\System\dTVVakd.exe
  C:\Windows\System\dTVVakd.exe
  2⤵
  PID:5920
- C:\Windows\System\vSjVkoW.exe
  C:\Windows\System\vSjVkoW.exe
  2⤵
  PID:5936
- C:\Windows\System\iMspCQi.exe
  C:\Windows\System\iMspCQi.exe
  2⤵
  PID:5952
- C:\Windows\System\oSOwkMS.exe
  C:\Windows\System\oSOwkMS.exe
  2⤵
  PID:5984
- C:\Windows\System\rCsQsEI.exe
  C:\Windows\System\rCsQsEI.exe
  2⤵
  PID:6048
- C:\Windows\System\jZYyFCA.exe
  C:\Windows\System\jZYyFCA.exe
  2⤵
  PID:6132
- C:\Windows\System\ciuKBuX.exe
  C:\Windows\System\ciuKBuX.exe
  2⤵
  PID:4352
- C:\Windows\System\zsAcMOY.exe
  C:\Windows\System\zsAcMOY.exe
  2⤵
  PID:6100
- C:\Windows\System\UAQapIG.exe
  C:\Windows\System\UAQapIG.exe
  2⤵
  PID:5964
- C:\Windows\System\GKqTpPL.exe
  C:\Windows\System\GKqTpPL.exe
  2⤵
  PID:2816
- C:\Windows\System\BvoEYdK.exe
  C:\Windows\System\BvoEYdK.exe
  2⤵
  PID:3740
- C:\Windows\System\GzVuamE.exe
  C:\Windows\System\GzVuamE.exe
  2⤵
  PID:5164
- C:\Windows\System\dGYBIWx.exe
  C:\Windows\System\dGYBIWx.exe
  2⤵
  PID:1868
- C:\Windows\System\EHmhmZl.exe
  C:\Windows\System\EHmhmZl.exe
  2⤵
  PID:5232
- C:\Windows\System\HTBWPfa.exe
  C:\Windows\System\HTBWPfa.exe
  2⤵
  PID:2136
- C:\Windows\System\XZDFCyZ.exe
  C:\Windows\System\XZDFCyZ.exe
  2⤵
  PID:5580
- C:\Windows\System\srCzhSi.exe
  C:\Windows\System\srCzhSi.exe
  2⤵
  PID:5768
- C:\Windows\System\GVXErPk.exe
  C:\Windows\System\GVXErPk.exe
  2⤵
  PID:5796
- C:\Windows\System\BDvfVms.exe
  C:\Windows\System\BDvfVms.exe
  2⤵
  PID:5828
- C:\Windows\System\iMZntap.exe
  C:\Windows\System\iMZntap.exe
  2⤵
  PID:5864
- C:\Windows\System\cISCWnc.exe
  C:\Windows\System\cISCWnc.exe
  2⤵
  PID:5896
- C:\Windows\System\nuzaaJZ.exe
  C:\Windows\System\nuzaaJZ.exe
  2⤵
  PID:5880
- C:\Windows\System\nPWzwFI.exe
  C:\Windows\System\nPWzwFI.exe
  2⤵
  PID:5980
- C:\Windows\System\HmXqvee.exe
  C:\Windows\System\HmXqvee.exe
  2⤵
  PID:6044
- C:\Windows\System\nXMmLoU.exe
  C:\Windows\System\nXMmLoU.exe
  2⤵
  PID:6104
- C:\Windows\System\MabczTj.exe
  C:\Windows\System\MabczTj.exe
  2⤵
  PID:5148
- C:\Windows\System\ytAjiem.exe
  C:\Windows\System\ytAjiem.exe
  2⤵
  PID:5248
- C:\Windows\System\aTZHaPh.exe
  C:\Windows\System\aTZHaPh.exe
  2⤵
  PID:6032
- C:\Windows\System\QiTpgdC.exe
  C:\Windows\System\QiTpgdC.exe
  2⤵
  PID:2608
- C:\Windows\System\QrPaHqz.exe
  C:\Windows\System\QrPaHqz.exe
  2⤵
  PID:5308
- C:\Windows\System\yaXqmwt.exe
  C:\Windows\System\yaXqmwt.exe
  2⤵
  PID:5352
- C:\Windows\System\ImoWqPt.exe
  C:\Windows\System\ImoWqPt.exe
  2⤵
  PID:5364
- C:\Windows\System\wcYBImr.exe
  C:\Windows\System\wcYBImr.exe
  2⤵
  PID:5368
- C:\Windows\System\ZwsxrsF.exe
  C:\Windows\System\ZwsxrsF.exe
  2⤵
  PID:5404
- C:\Windows\System\uRbPyOD.exe
  C:\Windows\System\uRbPyOD.exe
  2⤵
  PID:5504
- C:\Windows\System\vZHNdUZ.exe
  C:\Windows\System\vZHNdUZ.exe
  2⤵
  PID:5564
- C:\Windows\System\AtoLVVa.exe
  C:\Windows\System\AtoLVVa.exe
  2⤵
  PID:5560
- C:\Windows\System\hekAMgd.exe
  C:\Windows\System\hekAMgd.exe
  2⤵
  PID:5612
- C:\Windows\System\MJJPLNv.exe
  C:\Windows\System\MJJPLNv.exe
  2⤵
  PID:5648
- C:\Windows\System\NcWrcoY.exe
  C:\Windows\System\NcWrcoY.exe
  2⤵
  PID:5756
- C:\Windows\System\BKEmrgX.exe
  C:\Windows\System\BKEmrgX.exe
  2⤵
  PID:5932
- C:\Windows\System\aSHhGhJ.exe
  C:\Windows\System\aSHhGhJ.exe
  2⤵
  PID:5740
- C:\Windows\System\OtAvnZf.exe
  C:\Windows\System\OtAvnZf.exe
  2⤵
  PID:4788
- C:\Windows\System\zqRjMbY.exe
  C:\Windows\System\zqRjMbY.exe
  2⤵
  PID:2360
- C:\Windows\System\ZbeCsYC.exe
  C:\Windows\System\ZbeCsYC.exe
  2⤵
  PID:6108
- C:\Windows\System\YkKpntB.exe
  C:\Windows\System\YkKpntB.exe
  2⤵
  PID:6128
- C:\Windows\System\QesEuAa.exe
  C:\Windows\System\QesEuAa.exe
  2⤵
  PID:5948
- C:\Windows\System\kzdzuOq.exe
  C:\Windows\System\kzdzuOq.exe
  2⤵
  PID:5376
- C:\Windows\System\WKbcSlm.exe
  C:\Windows\System\WKbcSlm.exe
  2⤵
  PID:5628
- C:\Windows\System\umqCIgz.exe
  C:\Windows\System\umqCIgz.exe
  2⤵
  PID:6080
- C:\Windows\System\tgdHNKN.exe
  C:\Windows\System\tgdHNKN.exe
  2⤵
  PID:1256
- C:\Windows\System\poxtLfl.exe
  C:\Windows\System\poxtLfl.exe
  2⤵
  PID:6000
- C:\Windows\System\gskbhsG.exe
  C:\Windows\System\gskbhsG.exe
  2⤵
  PID:5644
- C:\Windows\System\hcSRCAW.exe
  C:\Windows\System\hcSRCAW.exe
  2⤵
  PID:5472
- C:\Windows\System\QDSeHdT.exe
  C:\Windows\System\QDSeHdT.exe
  2⤵
  PID:5848
- C:\Windows\System\oBHJrWb.exe
  C:\Windows\System\oBHJrWb.exe
  2⤵
  PID:5488
- C:\Windows\System\qcYFwkn.exe
  C:\Windows\System\qcYFwkn.exe
  2⤵
  PID:6156
- C:\Windows\System\YlkJgfD.exe
  C:\Windows\System\YlkJgfD.exe
  2⤵
  PID:6172
- C:\Windows\System\qvsFsWl.exe
  C:\Windows\System\qvsFsWl.exe
  2⤵
  PID:6188
- C:\Windows\System\xfclOpw.exe
  C:\Windows\System\xfclOpw.exe
  2⤵
  PID:6204
- C:\Windows\System\xXgPUTR.exe
  C:\Windows\System\xXgPUTR.exe
  2⤵
  PID:6220
- C:\Windows\System\dwKexWF.exe
  C:\Windows\System\dwKexWF.exe
  2⤵
  PID:6256
- C:\Windows\System\gdTUHcJ.exe
  C:\Windows\System\gdTUHcJ.exe
  2⤵
  PID:6272
- C:\Windows\System\kpkeQLq.exe
  C:\Windows\System\kpkeQLq.exe
  2⤵
  PID:6288
- C:\Windows\System\nEsLQhF.exe
  C:\Windows\System\nEsLQhF.exe
  2⤵
  PID:6304
- C:\Windows\System\YIlsrPG.exe
  C:\Windows\System\YIlsrPG.exe
  2⤵
  PID:6324
- C:\Windows\System\TubTrKF.exe
  C:\Windows\System\TubTrKF.exe
  2⤵
  PID:6340
- C:\Windows\System\avMbTZs.exe
  C:\Windows\System\avMbTZs.exe
  2⤵
  PID:6368
- C:\Windows\System\mYWhiNr.exe
  C:\Windows\System\mYWhiNr.exe
  2⤵
  PID:6384
- C:\Windows\System\oYuhrhY.exe
  C:\Windows\System\oYuhrhY.exe
  2⤵
  PID:6400
- C:\Windows\System\XefBwHq.exe
  C:\Windows\System\XefBwHq.exe
  2⤵
  PID:6448
- C:\Windows\System\gdQdJRM.exe
  C:\Windows\System\gdQdJRM.exe
  2⤵
  PID:6464
- C:\Windows\System\WGTwDeX.exe
  C:\Windows\System\WGTwDeX.exe
  2⤵
  PID:6480
- C:\Windows\System\cpGnlwE.exe
  C:\Windows\System\cpGnlwE.exe
  2⤵
  PID:6500
- C:\Windows\System\GEeVBVN.exe
  C:\Windows\System\GEeVBVN.exe
  2⤵
  PID:6516
- C:\Windows\System\kfnBhtU.exe
  C:\Windows\System\kfnBhtU.exe
  2⤵
  PID:6532
- C:\Windows\System\JYyAoxV.exe
  C:\Windows\System\JYyAoxV.exe
  2⤵
  PID:6548
- C:\Windows\System\nPKlvxt.exe
  C:\Windows\System\nPKlvxt.exe
  2⤵
  PID:6564
- C:\Windows\System\pzjAirT.exe
  C:\Windows\System\pzjAirT.exe
  2⤵
  PID:6608
- C:\Windows\System\dSGpJtj.exe
  C:\Windows\System\dSGpJtj.exe
  2⤵
  PID:6624
- C:\Windows\System\valWMMa.exe
  C:\Windows\System\valWMMa.exe
  2⤵
  PID:6640
- C:\Windows\System\BFiXdPq.exe
  C:\Windows\System\BFiXdPq.exe
  2⤵
  PID:6656
- C:\Windows\System\haochfd.exe
  C:\Windows\System\haochfd.exe
  2⤵
  PID:6672
- C:\Windows\System\TKKmMjm.exe
  C:\Windows\System\TKKmMjm.exe
  2⤵
  PID:6688
- C:\Windows\System\imbBHJS.exe
  C:\Windows\System\imbBHJS.exe
  2⤵
  PID:6704
- C:\Windows\System\PSQdMwg.exe
  C:\Windows\System\PSQdMwg.exe
  2⤵
  PID:6720
- C:\Windows\System\qUWlgge.exe
  C:\Windows\System\qUWlgge.exe
  2⤵
  PID:6736
- C:\Windows\System\sXGpBEW.exe
  C:\Windows\System\sXGpBEW.exe
  2⤵
  PID:6752
- C:\Windows\System\szJXJuk.exe
  C:\Windows\System\szJXJuk.exe
  2⤵
  PID:6768
- C:\Windows\System\BZFRKKG.exe
  C:\Windows\System\BZFRKKG.exe
  2⤵
  PID:6784
- C:\Windows\System\KUINLbc.exe
  C:\Windows\System\KUINLbc.exe
  2⤵
  PID:6800
- C:\Windows\System\OwseMdD.exe
  C:\Windows\System\OwseMdD.exe
  2⤵
  PID:6816
- C:\Windows\System\fuaZCpQ.exe
  C:\Windows\System\fuaZCpQ.exe
  2⤵
  PID:6832
- C:\Windows\System\olDMwbY.exe
  C:\Windows\System\olDMwbY.exe
  2⤵
  PID:6848
- C:\Windows\System\AXdYmcX.exe
  C:\Windows\System\AXdYmcX.exe
  2⤵
  PID:6864
- C:\Windows\System\dumfsUR.exe
  C:\Windows\System\dumfsUR.exe
  2⤵
  PID:6880
- C:\Windows\System\pQMMrTV.exe
  C:\Windows\System\pQMMrTV.exe
  2⤵
  PID:6896
- C:\Windows\System\ncyCtLP.exe
  C:\Windows\System\ncyCtLP.exe
  2⤵
  PID:6912
- C:\Windows\System\qfUIXEI.exe
  C:\Windows\System\qfUIXEI.exe
  2⤵
  PID:6940
- C:\Windows\System\hXZJBHL.exe
  C:\Windows\System\hXZJBHL.exe
  2⤵
  PID:6996
- C:\Windows\System\jUURsXg.exe
  C:\Windows\System\jUURsXg.exe
  2⤵
  PID:7016
- C:\Windows\System\uXxpUyx.exe
  C:\Windows\System\uXxpUyx.exe
  2⤵
  PID:7032
- C:\Windows\System\kbDdRmz.exe
  C:\Windows\System\kbDdRmz.exe
  2⤵
  PID:7056
- C:\Windows\System\ITOisDh.exe
  C:\Windows\System\ITOisDh.exe
  2⤵
  PID:7072
- C:\Windows\System\vSpqzsg.exe
  C:\Windows\System\vSpqzsg.exe
  2⤵
  PID:7088
- C:\Windows\System\bCWajPh.exe
  C:\Windows\System\bCWajPh.exe
  2⤵
  PID:7104
- C:\Windows\System\MIBPGla.exe
  C:\Windows\System\MIBPGla.exe
  2⤵
  PID:7120
- C:\Windows\System\gyojiTm.exe
  C:\Windows\System\gyojiTm.exe
  2⤵
  PID:7136
- C:\Windows\System\Abkcnfk.exe
  C:\Windows\System\Abkcnfk.exe
  2⤵
  PID:7152
- C:\Windows\System\hHIOndk.exe
  C:\Windows\System\hHIOndk.exe
  2⤵
  PID:5696
- C:\Windows\System\FDgPWmD.exe
  C:\Windows\System\FDgPWmD.exe
  2⤵
  PID:6184
- C:\Windows\System\iRqQKLH.exe
  C:\Windows\System\iRqQKLH.exe
  2⤵
  PID:912
- C:\Windows\System\LVTkVcA.exe
  C:\Windows\System\LVTkVcA.exe
  2⤵
  PID:4420
- C:\Windows\System\rMhtkwz.exe
  C:\Windows\System\rMhtkwz.exe
  2⤵
  PID:6168
- C:\Windows\System\MyvExAk.exe
  C:\Windows\System\MyvExAk.exe
  2⤵
  PID:6152
- C:\Windows\System\HUQSjeq.exe
  C:\Windows\System\HUQSjeq.exe
  2⤵
  PID:5692
- C:\Windows\System\qanrAEn.exe
  C:\Windows\System\qanrAEn.exe
  2⤵
  PID:6248
- C:\Windows\System\uzlqOyC.exe
  C:\Windows\System\uzlqOyC.exe
  2⤵
  PID:6268
- C:\Windows\System\UePHikq.exe
  C:\Windows\System\UePHikq.exe
  2⤵
  PID:6300
- C:\Windows\System\HAjDnks.exe
  C:\Windows\System\HAjDnks.exe
  2⤵
  PID:6348
- C:\Windows\System\sCkoEYw.exe
  C:\Windows\System\sCkoEYw.exe
  2⤵
  PID:6364
- C:\Windows\System\VpZftvu.exe
  C:\Windows\System\VpZftvu.exe
  2⤵
  PID:6416
- C:\Windows\System\XzcpThg.exe
  C:\Windows\System\XzcpThg.exe
  2⤵
  PID:6424
- C:\Windows\System\AEJoIIw.exe
  C:\Windows\System\AEJoIIw.exe
  2⤵
  PID:6440
- C:\Windows\System\FOvyCLw.exe
  C:\Windows\System\FOvyCLw.exe
  2⤵
  PID:6476
- C:\Windows\System\XuvQCbk.exe
  C:\Windows\System\XuvQCbk.exe
  2⤵
  PID:6544
- C:\Windows\System\WLkPTFy.exe
  C:\Windows\System\WLkPTFy.exe
  2⤵
  PID:6584
- C:\Windows\System\BCUkTqC.exe
  C:\Windows\System\BCUkTqC.exe
  2⤵
  PID:6576
- C:\Windows\System\TcVmyvG.exe
  C:\Windows\System\TcVmyvG.exe
  2⤵
  PID:6460
- C:\Windows\System\EOcEoax.exe
  C:\Windows\System\EOcEoax.exe
  2⤵
  PID:6528
- C:\Windows\System\jrKUlFI.exe
  C:\Windows\System\jrKUlFI.exe
  2⤵
  PID:6620
- C:\Windows\System\VyZBtij.exe
  C:\Windows\System\VyZBtij.exe
  2⤵
  PID:6684
- C:\Windows\System\sIRECRl.exe
  C:\Windows\System\sIRECRl.exe
  2⤵
  PID:6748
- C:\Windows\System\umOckeF.exe
  C:\Windows\System\umOckeF.exe
  2⤵
  PID:6812
- C:\Windows\System\Vrxrljn.exe
  C:\Windows\System\Vrxrljn.exe
  2⤵
  PID:6876
- C:\Windows\System\dPJHtUX.exe
  C:\Windows\System\dPJHtUX.exe
  2⤵
  PID:6632
- C:\Windows\System\JgPNpgV.exe
  C:\Windows\System\JgPNpgV.exe
  2⤵
  PID:6920
- C:\Windows\System\VWTlvHM.exe
  C:\Windows\System\VWTlvHM.exe
  2⤵
  PID:6888
- C:\Windows\System\ogevqHV.exe
  C:\Windows\System\ogevqHV.exe
  2⤵
  PID:6824
- C:\Windows\System\TnbhMmo.exe
  C:\Windows\System\TnbhMmo.exe
  2⤵
  PID:6760
- C:\Windows\System\imglCfZ.exe
  C:\Windows\System\imglCfZ.exe
  2⤵
  PID:6936
- C:\Windows\System\ztIGzNn.exe
  C:\Windows\System\ztIGzNn.exe
  2⤵
  PID:6960
- C:\Windows\System\dgNRGzL.exe
  C:\Windows\System\dgNRGzL.exe
  2⤵
  PID:6972
- C:\Windows\System\DMFiKjT.exe
  C:\Windows\System\DMFiKjT.exe
  2⤵
  PID:6984
- C:\Windows\System\bFiOvTe.exe
  C:\Windows\System\bFiOvTe.exe
  2⤵
  PID:7040
- C:\Windows\System\oaewozK.exe
  C:\Windows\System\oaewozK.exe
  2⤵
  PID:7064
- C:\Windows\System\fowUueS.exe
  C:\Windows\System\fowUueS.exe
  2⤵
  PID:7084
- C:\Windows\System\ebpVKos.exe
  C:\Windows\System\ebpVKos.exe
  2⤵
  PID:7128
- C:\Windows\System\DFEBeTe.exe
  C:\Windows\System\DFEBeTe.exe
  2⤵
  PID:7148
- C:\Windows\System\paXgBNM.exe
  C:\Windows\System\paXgBNM.exe
  2⤵
  PID:5860
- C:\Windows\System\wRkRhrr.exe
  C:\Windows\System\wRkRhrr.exe
  2⤵
  PID:5328
- C:\Windows\System\NJSadyR.exe
  C:\Windows\System\NJSadyR.exe
  2⤵
  PID:6264
- C:\Windows\System\jahUqZd.exe
  C:\Windows\System\jahUqZd.exe
  2⤵
  PID:6316
- C:\Windows\System\ZBwsfTd.exe
  C:\Windows\System\ZBwsfTd.exe
  2⤵
  PID:6412
- C:\Windows\System\seQuHVD.exe
  C:\Windows\System\seQuHVD.exe
  2⤵
  PID:6592
- C:\Windows\System\XUaxZpS.exe
  C:\Windows\System\XUaxZpS.exe
  2⤵
  PID:6808
- C:\Windows\System\RHRfOkt.exe
  C:\Windows\System\RHRfOkt.exe
  2⤵
  PID:6680
- C:\Windows\System\RyNmJBu.exe
  C:\Windows\System\RyNmJBu.exe
  2⤵
  PID:6828
- C:\Windows\System\GVPwPvz.exe
  C:\Windows\System\GVPwPvz.exe
  2⤵
  PID:6380
- C:\Windows\System\SMPSgsA.exe
  C:\Windows\System\SMPSgsA.exe
  2⤵
  PID:6600
- C:\Windows\System\vEzaMhj.exe
  C:\Windows\System\vEzaMhj.exe
  2⤵
  PID:6560
- C:\Windows\System\iyNucxL.exe
  C:\Windows\System\iyNucxL.exe
  2⤵
  PID:6664
- C:\Windows\System\RwseAAx.exe
  C:\Windows\System\RwseAAx.exe
  2⤵
  PID:6956
- C:\Windows\System\lklSGuy.exe
  C:\Windows\System\lklSGuy.exe
  2⤵
  PID:7012
- C:\Windows\System\eoNthZh.exe
  C:\Windows\System\eoNthZh.exe
  2⤵
  PID:7028
- C:\Windows\System\NWlWrVP.exe
  C:\Windows\System\NWlWrVP.exe
  2⤵
  PID:7096
- C:\Windows\System\wfZatKB.exe
  C:\Windows\System\wfZatKB.exe
  2⤵
  PID:2132
- C:\Windows\System\HPnAeFG.exe
  C:\Windows\System\HPnAeFG.exe
  2⤵
  PID:6216
- C:\Windows\System\LdNRTVu.exe
  C:\Windows\System\LdNRTVu.exe
  2⤵
  PID:6232
- C:\Windows\System\hzdoBMk.exe
  C:\Windows\System\hzdoBMk.exe
  2⤵
  PID:6244
- C:\Windows\System\fOpOUpK.exe
  C:\Windows\System\fOpOUpK.exe
  2⤵
  PID:6356
- C:\Windows\System\ddBfdVx.exe
  C:\Windows\System\ddBfdVx.exe
  2⤵
  PID:6436
- C:\Windows\System\uUmEEIg.exe
  C:\Windows\System\uUmEEIg.exe
  2⤵
  PID:6408
- C:\Windows\System\BVkvneQ.exe
  C:\Windows\System\BVkvneQ.exe
  2⤵
  PID:6540
- C:\Windows\System\WJxpifi.exe
  C:\Windows\System\WJxpifi.exe
  2⤵
  PID:6932
- C:\Windows\System\gggjPLS.exe
  C:\Windows\System\gggjPLS.exe
  2⤵
  PID:6744
- C:\Windows\System\Obdbcnj.exe
  C:\Windows\System\Obdbcnj.exe
  2⤵
  PID:6652
- C:\Windows\System\HLdhWnB.exe
  C:\Windows\System\HLdhWnB.exe
  2⤵
  PID:7116
- C:\Windows\System\xMAIWAL.exe
  C:\Windows\System\xMAIWAL.exe
  2⤵
  PID:6228
- C:\Windows\System\SeXPcuZ.exe
  C:\Windows\System\SeXPcuZ.exe
  2⤵
  PID:5844
- C:\Windows\System\LWapYff.exe
  C:\Windows\System\LWapYff.exe
  2⤵
  PID:6668
- C:\Windows\System\wQYPRNv.exe
  C:\Windows\System\wQYPRNv.exe
  2⤵
  PID:6524
- C:\Windows\System\cmgSOuI.exe
  C:\Windows\System\cmgSOuI.exe
  2⤵
  PID:6444
- C:\Windows\System\CtzfSFs.exe
  C:\Windows\System\CtzfSFs.exe
  2⤵
  PID:5836
- C:\Windows\System\QTbTvRl.exe
  C:\Windows\System\QTbTvRl.exe
  2⤵
  PID:6420
- C:\Windows\System\ZNvziar.exe
  C:\Windows\System\ZNvziar.exe
  2⤵
  PID:7100
- C:\Windows\System\SXDBlmr.exe
  C:\Windows\System\SXDBlmr.exe
  2⤵
  PID:6616
- C:\Windows\System\oQcfddt.exe
  C:\Windows\System\oQcfddt.exe
  2⤵
  PID:7184
- C:\Windows\System\RhTvJte.exe
  C:\Windows\System\RhTvJte.exe
  2⤵
  PID:7200
- C:\Windows\System\jXHiOhI.exe
  C:\Windows\System\jXHiOhI.exe
  2⤵
  PID:7216
- C:\Windows\System\IeYsuOy.exe
  C:\Windows\System\IeYsuOy.exe
  2⤵
  PID:7232
- C:\Windows\System\WokRwrI.exe
  C:\Windows\System\WokRwrI.exe
  2⤵
  PID:7248
- C:\Windows\System\NbWtMFD.exe
  C:\Windows\System\NbWtMFD.exe
  2⤵
  PID:7264
- C:\Windows\System\MCvDGMy.exe
  C:\Windows\System\MCvDGMy.exe
  2⤵
  PID:7280
- C:\Windows\System\IMCWiiI.exe
  C:\Windows\System\IMCWiiI.exe
  2⤵
  PID:7296
- C:\Windows\System\xEMkHYO.exe
  C:\Windows\System\xEMkHYO.exe
  2⤵
  PID:7312
- C:\Windows\System\bIBZnch.exe
  C:\Windows\System\bIBZnch.exe
  2⤵
  PID:7328
- C:\Windows\System\mHuLxny.exe
  C:\Windows\System\mHuLxny.exe
  2⤵
  PID:7344
- C:\Windows\System\muMewWf.exe
  C:\Windows\System\muMewWf.exe
  2⤵
  PID:7360
- C:\Windows\System\myWAWpV.exe
  C:\Windows\System\myWAWpV.exe
  2⤵
  PID:7376
- C:\Windows\System\axnuKID.exe
  C:\Windows\System\axnuKID.exe
  2⤵
  PID:7392
- C:\Windows\System\KzlEKaa.exe
  C:\Windows\System\KzlEKaa.exe
  2⤵
  PID:7408
- C:\Windows\System\QkhJaCK.exe
  C:\Windows\System\QkhJaCK.exe
  2⤵
  PID:7424
- C:\Windows\System\HpuxiIN.exe
  C:\Windows\System\HpuxiIN.exe
  2⤵
  PID:7440
- C:\Windows\System\qqbhhIX.exe
  C:\Windows\System\qqbhhIX.exe
  2⤵
  PID:7456
- C:\Windows\System\GLJXvPA.exe
  C:\Windows\System\GLJXvPA.exe
  2⤵
  PID:7472
- C:\Windows\System\KOELkhh.exe
  C:\Windows\System\KOELkhh.exe
  2⤵
  PID:7488
- C:\Windows\System\dQdrlVp.exe
  C:\Windows\System\dQdrlVp.exe
  2⤵
  PID:7504
- C:\Windows\System\tHWRVXf.exe
  C:\Windows\System\tHWRVXf.exe
  2⤵
  PID:7520
- C:\Windows\System\CAzLIJK.exe
  C:\Windows\System\CAzLIJK.exe
  2⤵
  PID:7536
- C:\Windows\System\WNbFVes.exe
  C:\Windows\System\WNbFVes.exe
  2⤵
  PID:7552
- C:\Windows\System\qfnAgvT.exe
  C:\Windows\System\qfnAgvT.exe
  2⤵
  PID:7568
- C:\Windows\System\VxJojMt.exe
  C:\Windows\System\VxJojMt.exe
  2⤵
  PID:7584
- C:\Windows\System\cdlfWrZ.exe
  C:\Windows\System\cdlfWrZ.exe
  2⤵
  PID:7600
- C:\Windows\System\hwlDhZi.exe
  C:\Windows\System\hwlDhZi.exe
  2⤵
  PID:7620
- C:\Windows\System\hQCBWGS.exe
  C:\Windows\System\hQCBWGS.exe
  2⤵
  PID:7636
- C:\Windows\System\rtnivRz.exe
  C:\Windows\System\rtnivRz.exe
  2⤵
  PID:7652
- C:\Windows\System\lhcFKzd.exe
  C:\Windows\System\lhcFKzd.exe
  2⤵
  PID:7668
- C:\Windows\System\gzaALYn.exe
  C:\Windows\System\gzaALYn.exe
  2⤵
  PID:7684
- C:\Windows\System\GbjQHWp.exe
  C:\Windows\System\GbjQHWp.exe
  2⤵
  PID:7700
- C:\Windows\System\PcNngaE.exe
  C:\Windows\System\PcNngaE.exe
  2⤵
  PID:7716
- C:\Windows\System\XjikiXc.exe
  C:\Windows\System\XjikiXc.exe
  2⤵
  PID:7732
- C:\Windows\System\HRDeixS.exe
  C:\Windows\System\HRDeixS.exe
  2⤵
  PID:7748
- C:\Windows\System\vuacKnp.exe
  C:\Windows\System\vuacKnp.exe
  2⤵
  PID:7764
- C:\Windows\System\ACNNyYX.exe
  C:\Windows\System\ACNNyYX.exe
  2⤵
  PID:7780
- C:\Windows\System\sMFcpOa.exe
  C:\Windows\System\sMFcpOa.exe
  2⤵
  PID:7796
- C:\Windows\System\FjmjZyf.exe
  C:\Windows\System\FjmjZyf.exe
  2⤵
  PID:7812
- C:\Windows\System\OwDbafi.exe
  C:\Windows\System\OwDbafi.exe
  2⤵
  PID:7828
- C:\Windows\System\YhrYXat.exe
  C:\Windows\System\YhrYXat.exe
  2⤵
  PID:7844
- C:\Windows\System\tVEXKxl.exe
  C:\Windows\System\tVEXKxl.exe
  2⤵
  PID:7860
- C:\Windows\System\EMAYHoD.exe
  C:\Windows\System\EMAYHoD.exe
  2⤵
  PID:7876
- C:\Windows\System\RNFDKOJ.exe
  C:\Windows\System\RNFDKOJ.exe
  2⤵
  PID:7892
- C:\Windows\System\VPMNWwx.exe
  C:\Windows\System\VPMNWwx.exe
  2⤵
  PID:7908
- C:\Windows\System\VqdFmJq.exe
  C:\Windows\System\VqdFmJq.exe
  2⤵
  PID:7924
- C:\Windows\System\EjcKKHb.exe
  C:\Windows\System\EjcKKHb.exe
  2⤵
  PID:7940
- C:\Windows\System\xjBzXnJ.exe
  C:\Windows\System\xjBzXnJ.exe
  2⤵
  PID:7956
- C:\Windows\System\wqBbapT.exe
  C:\Windows\System\wqBbapT.exe
  2⤵
  PID:7972
- C:\Windows\System\OfeoCwA.exe
  C:\Windows\System\OfeoCwA.exe
  2⤵
  PID:7988
- C:\Windows\System\erqklKk.exe
  C:\Windows\System\erqklKk.exe
  2⤵
  PID:8004
- C:\Windows\System\igCgShY.exe
  C:\Windows\System\igCgShY.exe
  2⤵
  PID:8020
- C:\Windows\System\XBeLWEX.exe
  C:\Windows\System\XBeLWEX.exe
  2⤵
  PID:8036
- C:\Windows\System\XweDChF.exe
  C:\Windows\System\XweDChF.exe
  2⤵
  PID:8052
- C:\Windows\System\PcgdpEz.exe
  C:\Windows\System\PcgdpEz.exe
  2⤵
  PID:8068
- C:\Windows\System\rYgoLTb.exe
  C:\Windows\System\rYgoLTb.exe
  2⤵
  PID:8084
- C:\Windows\System\gSittid.exe
  C:\Windows\System\gSittid.exe
  2⤵
  PID:8100
- C:\Windows\System\shJUQaM.exe
  C:\Windows\System\shJUQaM.exe
  2⤵
  PID:8116
- C:\Windows\System\sPjjokJ.exe
  C:\Windows\System\sPjjokJ.exe
  2⤵
  PID:8132
- C:\Windows\System\szEVORO.exe
  C:\Windows\System\szEVORO.exe
  2⤵
  PID:8148
- C:\Windows\System\VTcbSAj.exe
  C:\Windows\System\VTcbSAj.exe
  2⤵
  PID:8164
- C:\Windows\System\oSJOGwH.exe
  C:\Windows\System\oSJOGwH.exe
  2⤵
  PID:8180
- C:\Windows\System\uGcVnIr.exe
  C:\Windows\System\uGcVnIr.exe
  2⤵
  PID:7176
- C:\Windows\System\OvCeCCn.exe
  C:\Windows\System\OvCeCCn.exe
  2⤵
  PID:6908
- C:\Windows\System\RRzeNrD.exe
  C:\Windows\System\RRzeNrD.exe
  2⤵
  PID:7228
- C:\Windows\System\VnlgbwM.exe
  C:\Windows\System\VnlgbwM.exe
  2⤵
  PID:6968
- C:\Windows\System\xCqgOpg.exe
  C:\Windows\System\xCqgOpg.exe
  2⤵
  PID:7244
- C:\Windows\System\WvgPPwA.exe
  C:\Windows\System\WvgPPwA.exe
  2⤵
  PID:7304
- C:\Windows\System\gRhftZQ.exe
  C:\Windows\System\gRhftZQ.exe
  2⤵
  PID:7336
- C:\Windows\System\IrHsOEL.exe
  C:\Windows\System\IrHsOEL.exe
  2⤵
  PID:7352
- C:\Windows\System\PbtDKYY.exe
  C:\Windows\System\PbtDKYY.exe
  2⤵
  PID:7404
- C:\Windows\System\sGWHpEK.exe
  C:\Windows\System\sGWHpEK.exe
  2⤵
  PID:7468
- C:\Windows\System\RaxdLiU.exe
  C:\Windows\System\RaxdLiU.exe
  2⤵
  PID:7416
- C:\Windows\System\vUfHuOZ.exe
  C:\Windows\System\vUfHuOZ.exe
  2⤵
  PID:7452
- C:\Windows\System\IVDoAIp.exe
  C:\Windows\System\IVDoAIp.exe
  2⤵
  PID:7560
- C:\Windows\System\qaEWEut.exe
  C:\Windows\System\qaEWEut.exe
  2⤵
  PID:7608
- C:\Windows\System\YMpwHda.exe
  C:\Windows\System\YMpwHda.exe
  2⤵
  PID:7544
- C:\Windows\System\LGTuTIH.exe
  C:\Windows\System\LGTuTIH.exe
  2⤵
  PID:7512
- C:\Windows\System\emLTyuD.exe
  C:\Windows\System\emLTyuD.exe
  2⤵
  PID:7664
- C:\Windows\System\CbLyImX.exe
  C:\Windows\System\CbLyImX.exe
  2⤵
  PID:7676
- C:\Windows\System\RqeeeID.exe
  C:\Windows\System\RqeeeID.exe
  2⤵
  PID:7760
- C:\Windows\System\CIdkeJz.exe
  C:\Windows\System\CIdkeJz.exe
  2⤵
  PID:7712
- C:\Windows\System\mRkYrjy.exe
  C:\Windows\System\mRkYrjy.exe
  2⤵
  PID:7644
- C:\Windows\System\WwKhNpv.exe
  C:\Windows\System\WwKhNpv.exe
  2⤵
  PID:7808
- C:\Windows\System\QAlNfdp.exe
  C:\Windows\System\QAlNfdp.exe
  2⤵
  PID:7840
- C:\Windows\System\kPAlPjX.exe
  C:\Windows\System\kPAlPjX.exe
  2⤵
  PID:7884
- C:\Windows\System\bZndVzu.exe
  C:\Windows\System\bZndVzu.exe
  2⤵
  PID:7904
- C:\Windows\System\naLfCPG.exe
  C:\Windows\System\naLfCPG.exe
  2⤵
  PID:7968
- C:\Windows\System\BOThqEn.exe
  C:\Windows\System\BOThqEn.exe
  2⤵
  PID:8064
- C:\Windows\System\xftDuqq.exe
  C:\Windows\System\xftDuqq.exe
  2⤵
  PID:8128
- C:\Windows\System\nHMPhSJ.exe
  C:\Windows\System\nHMPhSJ.exe
  2⤵
  PID:8160
- C:\Windows\System\pNIWhBW.exe
  C:\Windows\System\pNIWhBW.exe
  2⤵
  PID:5780
- C:\Windows\System\RufDMCV.exe
  C:\Windows\System\RufDMCV.exe
  2⤵
  PID:7288
- C:\Windows\System\gkkpmDJ.exe
  C:\Windows\System\gkkpmDJ.exe
  2⤵
  PID:7948
- C:\Windows\System\lnWmLdT.exe
  C:\Windows\System\lnWmLdT.exe
  2⤵
  PID:8176
- C:\Windows\System\DmKbrdZ.exe
  C:\Windows\System\DmKbrdZ.exe
  2⤵
  PID:8112
- C:\Windows\System\MbVNsfP.exe
  C:\Windows\System\MbVNsfP.exe
  2⤵
  PID:8048
- C:\Windows\System\rnZeOXC.exe
  C:\Windows\System\rnZeOXC.exe
  2⤵
  PID:7984
- C:\Windows\System\kJCejig.exe
  C:\Windows\System\kJCejig.exe
  2⤵
  PID:7324
- C:\Windows\System\TGYAWdZ.exe
  C:\Windows\System\TGYAWdZ.exe
  2⤵
  PID:7400
- C:\Windows\System\ywtwDpL.exe
  C:\Windows\System\ywtwDpL.exe
  2⤵
  PID:7500
- C:\Windows\System\andosuI.exe
  C:\Windows\System\andosuI.exe
  2⤵
  PID:7484
- C:\Windows\System\iWqlWsC.exe
  C:\Windows\System\iWqlWsC.exe
  2⤵
  PID:7612
- C:\Windows\System\SHUklhy.exe
  C:\Windows\System\SHUklhy.exe
  2⤵
  PID:7388
- C:\Windows\System\xTpcvFz.exe
  C:\Windows\System\xTpcvFz.exe
  2⤵
  PID:7756
- C:\Windows\System\QvNdoOr.exe
  C:\Windows\System\QvNdoOr.exe
  2⤵
  PID:7804
- C:\Windows\System\vOABmWi.exe
  C:\Windows\System\vOABmWi.exe
  2⤵
  PID:7852
- C:\Windows\System\rcnNMyW.exe
  C:\Windows\System\rcnNMyW.exe
  2⤵
  PID:7824
- C:\Windows\System\gcNstrc.exe
  C:\Windows\System\gcNstrc.exe
  2⤵
  PID:7276
- C:\Windows\System\SJSUXIq.exe
  C:\Windows\System\SJSUXIq.exe
  2⤵
  PID:8060
- C:\Windows\System\ijNuYVV.exe
  C:\Windows\System\ijNuYVV.exe
  2⤵
  PID:8028
- C:\Windows\System\akYoVul.exe
  C:\Windows\System\akYoVul.exe
  2⤵
  PID:1516
- C:\Windows\System\JCZHiFt.exe
  C:\Windows\System\JCZHiFt.exe
  2⤵
  PID:7368
- C:\Windows\System\ZfDRBfF.exe
  C:\Windows\System\ZfDRBfF.exe
  2⤵
  PID:7372
- C:\Windows\System\qLwiBhk.exe
  C:\Windows\System\qLwiBhk.exe
  2⤵
  PID:7792
- C:\Windows\System\nZpcXzZ.exe
  C:\Windows\System\nZpcXzZ.exe
  2⤵
  PID:7632
- C:\Windows\System\pRazsmH.exe
  C:\Windows\System\pRazsmH.exe
  2⤵
  PID:7464
- C:\Windows\System\PqPUbug.exe
  C:\Windows\System\PqPUbug.exe
  2⤵
  PID:7776
- C:\Windows\System\DAOSNOE.exe
  C:\Windows\System\DAOSNOE.exe
  2⤵
  PID:7212
- C:\Windows\System\OtENbpH.exe
  C:\Windows\System\OtENbpH.exe
  2⤵
  PID:7208
- C:\Windows\System\lAWrtHy.exe
  C:\Windows\System\lAWrtHy.exe
  2⤵
  PID:7900
- C:\Windows\System\qApuigB.exe
  C:\Windows\System\qApuigB.exe
  2⤵
  PID:7648
- C:\Windows\System\PFJncRh.exe
  C:\Windows\System\PFJncRh.exe
  2⤵
  PID:8076
- C:\Windows\System\KyhpsgU.exe
  C:\Windows\System\KyhpsgU.exe
  2⤵
  PID:8200
- C:\Windows\System\ECkGNzJ.exe
  C:\Windows\System\ECkGNzJ.exe
  2⤵
  PID:8216
- C:\Windows\System\khfuThe.exe
  C:\Windows\System\khfuThe.exe
  2⤵
  PID:8232
- C:\Windows\System\gPcpYbY.exe
  C:\Windows\System\gPcpYbY.exe
  2⤵
  PID:8248
- C:\Windows\System\KBWiXVt.exe
  C:\Windows\System\KBWiXVt.exe
  2⤵
  PID:8264
- C:\Windows\System\UnkPEPj.exe
  C:\Windows\System\UnkPEPj.exe
  2⤵
  PID:8280
- C:\Windows\System\AiOGHtt.exe
  C:\Windows\System\AiOGHtt.exe
  2⤵
  PID:8296
- C:\Windows\System\lrElvcF.exe
  C:\Windows\System\lrElvcF.exe
  2⤵
  PID:8312
- C:\Windows\System\yQSgzTg.exe
  C:\Windows\System\yQSgzTg.exe
  2⤵
  PID:8328
- C:\Windows\System\pPGmGqH.exe
  C:\Windows\System\pPGmGqH.exe
  2⤵
  PID:8344
- C:\Windows\System\EhLLgYi.exe
  C:\Windows\System\EhLLgYi.exe
  2⤵
  PID:8360
- C:\Windows\System\jifpDCV.exe
  C:\Windows\System\jifpDCV.exe
  2⤵
  PID:8376
- C:\Windows\System\MTGuGMP.exe
  C:\Windows\System\MTGuGMP.exe
  2⤵
  PID:8392
- C:\Windows\System\axZaffO.exe
  C:\Windows\System\axZaffO.exe
  2⤵
  PID:8408
- C:\Windows\System\erAqSmY.exe
  C:\Windows\System\erAqSmY.exe
  2⤵
  PID:8424
- C:\Windows\System\ZinYSua.exe
  C:\Windows\System\ZinYSua.exe
  2⤵
  PID:8440
- C:\Windows\System\evrDAiQ.exe
  C:\Windows\System\evrDAiQ.exe
  2⤵
  PID:8456
- C:\Windows\System\trNVHTm.exe
  C:\Windows\System\trNVHTm.exe
  2⤵
  PID:8472
- C:\Windows\System\jmOaSRe.exe
  C:\Windows\System\jmOaSRe.exe
  2⤵
  PID:8488
- C:\Windows\System\FUABBPF.exe
  C:\Windows\System\FUABBPF.exe
  2⤵
  PID:8504
- C:\Windows\System\mEbShGS.exe
  C:\Windows\System\mEbShGS.exe
  2⤵
  PID:8520
- C:\Windows\System\cQiWREG.exe
  C:\Windows\System\cQiWREG.exe
  2⤵
  PID:8536
- C:\Windows\System\rkgaJpy.exe
  C:\Windows\System\rkgaJpy.exe
  2⤵
  PID:8552
- C:\Windows\System\CdEjMzq.exe
  C:\Windows\System\CdEjMzq.exe
  2⤵
  PID:8568
- C:\Windows\System\PKLxmZP.exe
  C:\Windows\System\PKLxmZP.exe
  2⤵
  PID:8584
- C:\Windows\System\FEqdZLg.exe
  C:\Windows\System\FEqdZLg.exe
  2⤵
  PID:8600
- C:\Windows\System\JPJwPHE.exe
  C:\Windows\System\JPJwPHE.exe
  2⤵
  PID:8616
- C:\Windows\System\Ghjasxh.exe
  C:\Windows\System\Ghjasxh.exe
  2⤵
  PID:8632
- C:\Windows\System\jVaKrnK.exe
  C:\Windows\System\jVaKrnK.exe
  2⤵
  PID:8648
- C:\Windows\System\qAWQajX.exe
  C:\Windows\System\qAWQajX.exe
  2⤵
  PID:8664
- C:\Windows\System\DkAueeI.exe
  C:\Windows\System\DkAueeI.exe
  2⤵
  PID:8680
- C:\Windows\System\YsXKkzx.exe
  C:\Windows\System\YsXKkzx.exe
  2⤵
  PID:8696
- C:\Windows\System\lGVmyUY.exe
  C:\Windows\System\lGVmyUY.exe
  2⤵
  PID:8712
- C:\Windows\System\tHyNhog.exe
  C:\Windows\System\tHyNhog.exe
  2⤵
  PID:8728
- C:\Windows\System\DjVWYaf.exe
  C:\Windows\System\DjVWYaf.exe
  2⤵
  PID:8744
- C:\Windows\System\TTBEmaE.exe
  C:\Windows\System\TTBEmaE.exe
  2⤵
  PID:8760
- C:\Windows\System\JrrGAcy.exe
  C:\Windows\System\JrrGAcy.exe
  2⤵
  PID:8776
- C:\Windows\System\lwGVBDX.exe
  C:\Windows\System\lwGVBDX.exe
  2⤵
  PID:8792
- C:\Windows\System\dNHomIq.exe
  C:\Windows\System\dNHomIq.exe
  2⤵
  PID:8808
- C:\Windows\System\JjjUOvI.exe
  C:\Windows\System\JjjUOvI.exe
  2⤵
  PID:8824
- C:\Windows\System\zjEJLqA.exe
  C:\Windows\System\zjEJLqA.exe
  2⤵
  PID:8840
- C:\Windows\System\xpIfrab.exe
  C:\Windows\System\xpIfrab.exe
  2⤵
  PID:8856
- C:\Windows\System\DIGacmU.exe
  C:\Windows\System\DIGacmU.exe
  2⤵
  PID:8872
- C:\Windows\System\FYFvSLh.exe
  C:\Windows\System\FYFvSLh.exe
  2⤵
  PID:8888
- C:\Windows\System\ehodAtb.exe
  C:\Windows\System\ehodAtb.exe
  2⤵
  PID:8904
- C:\Windows\System\XPUXgIo.exe
  C:\Windows\System\XPUXgIo.exe
  2⤵
  PID:8920
- C:\Windows\System\YYEayFu.exe
  C:\Windows\System\YYEayFu.exe
  2⤵
  PID:8936
- C:\Windows\System\GRsQbDt.exe
  C:\Windows\System\GRsQbDt.exe
  2⤵
  PID:8952
- C:\Windows\System\xIidXiS.exe
  C:\Windows\System\xIidXiS.exe
  2⤵
  PID:8968
- C:\Windows\System\FhlwvgY.exe
  C:\Windows\System\FhlwvgY.exe
  2⤵
  PID:8984
- C:\Windows\System\qdbFLXw.exe
  C:\Windows\System\qdbFLXw.exe
  2⤵
  PID:9000
- C:\Windows\System\vitWxhb.exe
  C:\Windows\System\vitWxhb.exe
  2⤵
  PID:9016
- C:\Windows\System\BRpUSvi.exe
  C:\Windows\System\BRpUSvi.exe
  2⤵
  PID:9032
- C:\Windows\System\CeRSHEO.exe
  C:\Windows\System\CeRSHEO.exe
  2⤵
  PID:9048
- C:\Windows\System\xLzaIHK.exe
  C:\Windows\System\xLzaIHK.exe
  2⤵
  PID:9064
- C:\Windows\System\NcHebAv.exe
  C:\Windows\System\NcHebAv.exe
  2⤵
  PID:9080
- C:\Windows\System\rnNVmdw.exe
  C:\Windows\System\rnNVmdw.exe
  2⤵
  PID:9096
- C:\Windows\System\FhlbGxw.exe
  C:\Windows\System\FhlbGxw.exe
  2⤵
  PID:9112
- C:\Windows\System\CFBqCWK.exe
  C:\Windows\System\CFBqCWK.exe
  2⤵
  PID:9128
- C:\Windows\System\FjXGgMS.exe
  C:\Windows\System\FjXGgMS.exe
  2⤵
  PID:9144
- C:\Windows\System\mZreWFr.exe
  C:\Windows\System\mZreWFr.exe
  2⤵
  PID:9160
- C:\Windows\System\RjHjKQp.exe
  C:\Windows\System\RjHjKQp.exe
  2⤵
  PID:9176
- C:\Windows\System\hLbDwKQ.exe
  C:\Windows\System\hLbDwKQ.exe
  2⤵
  PID:9192
- C:\Windows\System\pMJoREz.exe
  C:\Windows\System\pMJoREz.exe
  2⤵
  PID:9208
- C:\Windows\System\HyTkHyv.exe
  C:\Windows\System\HyTkHyv.exe
  2⤵
  PID:8016
- C:\Windows\System\QZDifUE.exe
  C:\Windows\System\QZDifUE.exe
  2⤵
  PID:8224
- C:\Windows\System\ntvpWuz.exe
  C:\Windows\System\ntvpWuz.exe
  2⤵
  PID:8288
- C:\Windows\System\HhuBWTt.exe
  C:\Windows\System\HhuBWTt.exe
  2⤵
  PID:7008
- C:\Windows\System\TmhxzhY.exe
  C:\Windows\System\TmhxzhY.exe
  2⤵
  PID:8292
- C:\Windows\System\ziNKIXF.exe
  C:\Windows\System\ziNKIXF.exe
  2⤵
  PID:8356
- C:\Windows\System\MAVsemP.exe
  C:\Windows\System\MAVsemP.exe
  2⤵
  PID:8420
- C:\Windows\System\iFjEyet.exe
  C:\Windows\System\iFjEyet.exe
  2⤵
  PID:7580
- C:\Windows\System\ORUDBWZ.exe
  C:\Windows\System\ORUDBWZ.exe
  2⤵
  PID:8368
- C:\Windows\System\DbOpath.exe
  C:\Windows\System\DbOpath.exe
  2⤵
  PID:8212
- C:\Windows\System\TUFozjL.exe
  C:\Windows\System\TUFozjL.exe
  2⤵
  PID:8436
- C:\Windows\System\JrkjmqD.exe
  C:\Windows\System\JrkjmqD.exe
  2⤵
  PID:8496
- C:\Windows\System\pGhJfuo.exe
  C:\Windows\System\pGhJfuo.exe
  2⤵
  PID:8516
- C:\Windows\System\XReuGcy.exe
  C:\Windows\System\XReuGcy.exe
  2⤵
  PID:8580
- C:\Windows\System\XuDeOfD.exe
  C:\Windows\System\XuDeOfD.exe
  2⤵
  PID:8612
- C:\Windows\System\NTnmGiu.exe
  C:\Windows\System\NTnmGiu.exe
  2⤵
  PID:8592
- C:\Windows\System\deSGyBB.exe
  C:\Windows\System\deSGyBB.exe
  2⤵
  PID:8644
- C:\Windows\System\ilkHHqW.exe
  C:\Windows\System\ilkHHqW.exe
  2⤵
  PID:8660
- C:\Windows\System\rjVoSJc.exe
  C:\Windows\System\rjVoSJc.exe
  2⤵
  PID:8740
- C:\Windows\System\mJPnEif.exe
  C:\Windows\System\mJPnEif.exe
  2⤵
  PID:8804
- C:\Windows\System\vkCKCUN.exe
  C:\Windows\System\vkCKCUN.exe
  2⤵
  PID:8756
- C:\Windows\System\vPOjxGg.exe
  C:\Windows\System\vPOjxGg.exe
  2⤵
  PID:8692
- C:\Windows\System\STFTvaK.exe
  C:\Windows\System\STFTvaK.exe
  2⤵
  PID:8864
- C:\Windows\System\VrhwSjA.exe
  C:\Windows\System\VrhwSjA.exe
  2⤵
  PID:8848
- C:\Windows\System\ENBvOzt.exe
  C:\Windows\System\ENBvOzt.exe
  2⤵
  PID:8884
- C:\Windows\System\MPSNiiT.exe
  C:\Windows\System\MPSNiiT.exe
  2⤵
  PID:8932
- C:\Windows\System\OlgioDT.exe
  C:\Windows\System\OlgioDT.exe
  2⤵
  PID:8944
- C:\Windows\System\XzBXvYp.exe
  C:\Windows\System\XzBXvYp.exe
  2⤵
  PID:8980
- C:\Windows\System\wOIZUSO.exe
  C:\Windows\System\wOIZUSO.exe
  2⤵
  PID:9012
- C:\Windows\System\WQhuEBW.exe
  C:\Windows\System\WQhuEBW.exe
  2⤵
  PID:9076
- C:\Windows\System\bYiaKkD.exe
  C:\Windows\System\bYiaKkD.exe
  2⤵
  PID:9072
- C:\Windows\System\cyXKseZ.exe
  C:\Windows\System\cyXKseZ.exe
  2⤵
  PID:9124
- C:\Windows\System\IpQvEGV.exe
  C:\Windows\System\IpQvEGV.exe
  2⤵
  PID:9136
- C:\Windows\System\uHcvRAj.exe
  C:\Windows\System\uHcvRAj.exe
  2⤵
  PID:8032
- C:\Windows\System\mfTmYAY.exe
  C:\Windows\System\mfTmYAY.exe
  2⤵
  PID:9172
- C:\Windows\System\cVrydpq.exe
  C:\Windows\System\cVrydpq.exe
  2⤵
  PID:8196
- C:\Windows\System\xkYCIEX.exe
  C:\Windows\System\xkYCIEX.exe
  2⤵
  PID:8244
- C:\Windows\System\OpQTkXr.exe
  C:\Windows\System\OpQTkXr.exe
  2⤵
  PID:8352
- C:\Windows\System\FbgeVDC.exe
  C:\Windows\System\FbgeVDC.exe
  2⤵
  PID:8452
- C:\Windows\System\tmAhyOL.exe
  C:\Windows\System\tmAhyOL.exe
  2⤵
  PID:7548
- C:\Windows\System\flstxnx.exe
  C:\Windows\System\flstxnx.exe
  2⤵
  PID:8484
- C:\Windows\System\altWAFV.exe
  C:\Windows\System\altWAFV.exe
  2⤵
  PID:8532
- C:\Windows\System\YxfauoH.exe
  C:\Windows\System\YxfauoH.exe
  2⤵
  PID:8708
- C:\Windows\System\iOvFhgB.exe
  C:\Windows\System\iOvFhgB.exe
  2⤵
  PID:8772
- C:\Windows\System\JKmuvVl.exe
  C:\Windows\System\JKmuvVl.exe
  2⤵
  PID:8836
- C:\Windows\System\YYMorGs.exe
  C:\Windows\System\YYMorGs.exe
  2⤵
  PID:8560
- C:\Windows\System\ZAfQkwO.exe
  C:\Windows\System\ZAfQkwO.exe
  2⤵
  PID:9024
- C:\Windows\System\IthpNbq.exe
  C:\Windows\System\IthpNbq.exe
  2⤵
  PID:8992
- C:\Windows\System\eBWrvQF.exe
  C:\Windows\System\eBWrvQF.exe
  2⤵
  PID:8788
- C:\Windows\System\QdwIRVp.exe
  C:\Windows\System\QdwIRVp.exe
  2⤵
  PID:8912
- C:\Windows\System\RbpAfoa.exe
  C:\Windows\System\RbpAfoa.exe
  2⤵
  PID:8256
- C:\Windows\System\YkTOqWK.exe
  C:\Windows\System\YkTOqWK.exe
  2⤵
  PID:8208
- C:\Windows\System\FAVVLRz.exe
  C:\Windows\System\FAVVLRz.exe
  2⤵
  PID:8324
- C:\Windows\System\TEOzCaV.exe
  C:\Windows\System\TEOzCaV.exe
  2⤵
  PID:8548
- C:\Windows\System\jBJQuVV.exe
  C:\Windows\System\jBJQuVV.exe
  2⤵
  PID:8308
- C:\Windows\System\QeisCdd.exe
  C:\Windows\System\QeisCdd.exe
  2⤵
  PID:8628
- C:\Windows\System\QbZsqdS.exe
  C:\Windows\System\QbZsqdS.exe
  2⤵
  PID:8676
- C:\Windows\System\Twuffxd.exe
  C:\Windows\System\Twuffxd.exe
  2⤵
  PID:9060
- C:\Windows\System\dwYXKWr.exe
  C:\Windows\System\dwYXKWr.exe
  2⤵
  PID:8960
- C:\Windows\System\sNSDugc.exe
  C:\Windows\System\sNSDugc.exe
  2⤵
  PID:9188
- C:\Windows\System\gwwHcJg.exe
  C:\Windows\System\gwwHcJg.exe
  2⤵
  PID:8752
- C:\Windows\System\ZvFBEQH.exe
  C:\Windows\System\ZvFBEQH.exe
  2⤵
  PID:8432
- C:\Windows\System\OBMthea.exe
  C:\Windows\System\OBMthea.exe
  2⤵
  PID:8964
- C:\Windows\System\MZpYcrz.exe
  C:\Windows\System\MZpYcrz.exe
  2⤵
  PID:9152
- C:\Windows\System\AbyYITi.exe
  C:\Windows\System\AbyYITi.exe
  2⤵
  PID:8880
- C:\Windows\System\iaYuBms.exe
  C:\Windows\System\iaYuBms.exe
  2⤵
  PID:9236
- C:\Windows\System\VuPGCxn.exe
  C:\Windows\System\VuPGCxn.exe
  2⤵
  PID:9252
- C:\Windows\System\ABzdqEP.exe
  C:\Windows\System\ABzdqEP.exe
  2⤵
  PID:9268
- C:\Windows\System\JOztLWk.exe
  C:\Windows\System\JOztLWk.exe
  2⤵
  PID:9284
- C:\Windows\System\uFbXJKF.exe
  C:\Windows\System\uFbXJKF.exe
  2⤵
  PID:9300
- C:\Windows\System\HSLnulJ.exe
  C:\Windows\System\HSLnulJ.exe
  2⤵
  PID:9316
- C:\Windows\System\SVKSrjn.exe
  C:\Windows\System\SVKSrjn.exe
  2⤵
  PID:9332
- C:\Windows\System\FoekYIK.exe
  C:\Windows\System\FoekYIK.exe
  2⤵
  PID:9348
- C:\Windows\System\bDxMKEt.exe
  C:\Windows\System\bDxMKEt.exe
  2⤵
  PID:9364
- C:\Windows\System\SwKPkpb.exe
  C:\Windows\System\SwKPkpb.exe
  2⤵
  PID:9380
- C:\Windows\System\Mwvpaod.exe
  C:\Windows\System\Mwvpaod.exe
  2⤵
  PID:9396
- C:\Windows\System\MZTxUNi.exe
  C:\Windows\System\MZTxUNi.exe
  2⤵
  PID:9412
- C:\Windows\System\AyUoKbV.exe
  C:\Windows\System\AyUoKbV.exe
  2⤵
  PID:9428
- C:\Windows\System\NfwRVZL.exe
  C:\Windows\System\NfwRVZL.exe
  2⤵
  PID:9444
- C:\Windows\System\SWxWbOE.exe
  C:\Windows\System\SWxWbOE.exe
  2⤵
  PID:9896
- C:\Windows\System\wVKryvJ.exe
  C:\Windows\System\wVKryvJ.exe
  2⤵
  PID:10164
- C:\Windows\System\OnWBXOD.exe
  C:\Windows\System\OnWBXOD.exe
  2⤵
  PID:10120
- C:\Windows\System\StRxMYd.exe
  C:\Windows\System\StRxMYd.exe
  2⤵
  PID:10152
- C:\Windows\System\lRZtjpS.exe
  C:\Windows\System\lRZtjpS.exe
  2⤵
  PID:10184
- C:\Windows\System\OnPzPSc.exe
  C:\Windows\System\OnPzPSc.exe
  2⤵
  PID:10212
- C:\Windows\System\azMLjow.exe
  C:\Windows\System\azMLjow.exe
  2⤵
  PID:9292
- C:\Windows\System\HtMglQm.exe
  C:\Windows\System\HtMglQm.exe
  2⤵
  PID:9276
- C:\Windows\System\cGuvnOt.exe
  C:\Windows\System\cGuvnOt.exe
  2⤵
  PID:9220
- C:\Windows\System\EZsIHdy.exe
  C:\Windows\System\EZsIHdy.exe
  2⤵
  PID:9120
- C:\Windows\System\VCwBnjy.exe
  C:\Windows\System\VCwBnjy.exe
  2⤵
  PID:10232
- C:\Windows\System\LzXFTqJ.exe
  C:\Windows\System\LzXFTqJ.exe
  2⤵
  PID:9372
- C:\Windows\System\tRqIFIK.exe
  C:\Windows\System\tRqIFIK.exe
  2⤵
  PID:9388
- C:\Windows\System\WnhMwRz.exe
  C:\Windows\System\WnhMwRz.exe
  2⤵
  PID:9452
- C:\Windows\System\homljvj.exe
  C:\Windows\System\homljvj.exe
  2⤵
  PID:9476
- C:\Windows\System\tsiJRqK.exe
  C:\Windows\System\tsiJRqK.exe
  2⤵
  PID:9504
- C:\Windows\System\wZfpygL.exe
  C:\Windows\System\wZfpygL.exe
  2⤵
  PID:9544
- C:\Windows\System\jhfXQjt.exe
  C:\Windows\System\jhfXQjt.exe
  2⤵
  PID:9628
- C:\Windows\System\BOJhosz.exe
  C:\Windows\System\BOJhosz.exe
  2⤵
  PID:9672
- C:\Windows\System\MUJwlRL.exe
  C:\Windows\System\MUJwlRL.exe
  2⤵
  PID:9724
- C:\Windows\System\OPXJsIE.exe
  C:\Windows\System\OPXJsIE.exe
  2⤵
  PID:9772
- C:\Windows\System\zEjdbaB.exe
  C:\Windows\System\zEjdbaB.exe
  2⤵
  PID:9884
- C:\Windows\System\CjnHctR.exe
  C:\Windows\System\CjnHctR.exe
  2⤵
  PID:10140
- C:\Windows\System\yQTxwqu.exe
  C:\Windows\System\yQTxwqu.exe
  2⤵
  PID:10052
- C:\Windows\System\JyxjbVt.exe
  C:\Windows\System\JyxjbVt.exe
  2⤵
  PID:10084
- C:\Windows\System\yhhXOqh.exe
  C:\Windows\System\yhhXOqh.exe
  2⤵
  PID:10224
- C:\Windows\System\lgpRvRX.exe
  C:\Windows\System\lgpRvRX.exe
  2⤵
  PID:9436
- C:\Windows\System\wQFwaac.exe
  C:\Windows\System\wQFwaac.exe
  2⤵
  PID:9952
- C:\Windows\System\UWwHlZu.exe
  C:\Windows\System\UWwHlZu.exe
  2⤵
  PID:9496
- C:\Windows\System\RDnIRuz.exe
  C:\Windows\System\RDnIRuz.exe
  2⤵
  PID:9524
- C:\Windows\System\AtIbETe.exe
  C:\Windows\System\AtIbETe.exe
  2⤵
  PID:9548
- C:\Windows\System\wLMWpJq.exe
  C:\Windows\System\wLMWpJq.exe
  2⤵
  PID:9572
- C:\Windows\System\eWeUZDJ.exe
  C:\Windows\System\eWeUZDJ.exe
  2⤵
  PID:9632
- C:\Windows\System\XfaHFKr.exe
  C:\Windows\System\XfaHFKr.exe
  2⤵
  PID:10020
- C:\Windows\System\czJYicK.exe
  C:\Windows\System\czJYicK.exe
  2⤵
  PID:9984
- C:\Windows\System\hCTGeNi.exe
  C:\Windows\System\hCTGeNi.exe
  2⤵
  PID:10016
- C:\Windows\System\gqUPqcN.exe
  C:\Windows\System\gqUPqcN.exe
  2⤵
  PID:9920
- C:\Windows\System\TLoBvbh.exe
  C:\Windows\System\TLoBvbh.exe
  2⤵
  PID:9904
- C:\Windows\System\PKzVfLK.exe
  C:\Windows\System\PKzVfLK.exe
  2⤵
  PID:9856
- C:\Windows\System\eryhgnT.exe
  C:\Windows\System\eryhgnT.exe
  2⤵
  PID:9832
- C:\Windows\System\bpSQTtV.exe
  C:\Windows\System\bpSQTtV.exe
  2⤵
  PID:9820
- C:\Windows\System\ovmSkEW.exe
  C:\Windows\System\ovmSkEW.exe
  2⤵
  PID:9796
- C:\Windows\System\iSCDkiz.exe
  C:\Windows\System\iSCDkiz.exe
  2⤵
  PID:9744
- C:\Windows\System\XObSUYK.exe
  C:\Windows\System\XObSUYK.exe
  2⤵
  PID:9716
- C:\Windows\System\RWQloBT.exe
  C:\Windows\System\RWQloBT.exe
  2⤵
  PID:9696
- C:\Windows\System\zrvdvDt.exe
  C:\Windows\System\zrvdvDt.exe
  2⤵
  PID:10104
- C:\Windows\System\wsLuUbg.exe
  C:\Windows\System\wsLuUbg.exe
  2⤵
  PID:9964
- C:\Windows\System\ZKwHGTm.exe
  C:\Windows\System\ZKwHGTm.exe
  2⤵
  PID:10008
- C:\Windows\System\SiJZQxr.exe
  C:\Windows\System\SiJZQxr.exe
  2⤵
  PID:10172
- C:\Windows\System\BWprPwD.exe
  C:\Windows\System\BWprPwD.exe
  2⤵
  PID:10216
- C:\Windows\System\CTwyrxE.exe
  C:\Windows\System\CTwyrxE.exe
  2⤵
  PID:9440
- C:\Windows\System\zATQIEq.exe
  C:\Windows\System\zATQIEq.exe
  2⤵
  PID:9600
- C:\Windows\System\jAbtTaK.exe
  C:\Windows\System\jAbtTaK.exe
  2⤵
  PID:9836
- C:\Windows\System\SRbYSEg.exe
  C:\Windows\System\SRbYSEg.exe
  2⤵
  PID:9460
- C:\Windows\System\QeuDsUJ.exe
  C:\Windows\System\QeuDsUJ.exe
  2⤵
  PID:9264
- C:\Windows\System\LCEBVZk.exe
  C:\Windows\System\LCEBVZk.exe
  2⤵
  PID:9464
- C:\Windows\System\axuCKrE.exe
  C:\Windows\System\axuCKrE.exe
  2⤵
  PID:9556
- C:\Windows\System\UwZfSVV.exe
  C:\Windows\System\UwZfSVV.exe
  2⤵
  PID:9664
- C:\Windows\System\wBPoKwV.exe
  C:\Windows\System\wBPoKwV.exe
  2⤵
  PID:10080
- C:\Windows\System\YCVFaHG.exe
  C:\Windows\System\YCVFaHG.exe
  2⤵
  PID:9520
- C:\Windows\System\mwVfVac.exe
  C:\Windows\System\mwVfVac.exe
  2⤵
  PID:10072
- C:\Windows\System\NrAsYRc.exe
  C:\Windows\System\NrAsYRc.exe
  2⤵
  PID:9408
- C:\Windows\System\AdfcPWK.exe
  C:\Windows\System\AdfcPWK.exe
  2⤵
  PID:10064
- C:\Windows\System\RcUVQcs.exe
  C:\Windows\System\RcUVQcs.exe
  2⤵
  PID:10032
- C:\Windows\System\hKWMWtZ.exe
  C:\Windows\System\hKWMWtZ.exe
  2⤵
  PID:9596
- C:\Windows\System\LemuXIo.exe
  C:\Windows\System\LemuXIo.exe
  2⤵
  PID:9644
- C:\Windows\System\HnLLfrd.exe
  C:\Windows\System\HnLLfrd.exe
  2⤵
  PID:9936
- C:\Windows\System\VsybrLw.exe
  C:\Windows\System\VsybrLw.exe
  2⤵
  PID:9844
- C:\Windows\System\dAdvJeK.exe
  C:\Windows\System\dAdvJeK.exe
  2⤵
  PID:9864
- C:\Windows\System\DFLMHld.exe
  C:\Windows\System\DFLMHld.exe
  2⤵
  PID:9824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BcsBfBD.exe

Filesize
6.0MB

MD5
ed4bd8b1e9f178d5fc488dde270bca8a

SHA1
a93bb1f6bc5757b9b4fdfcc5d8edf061e28cb428

SHA256
f11ca7b46c0214972defda20fbd657c3c2bd54c5305aa643c464a5c8597083d3

SHA512
686e869ca258a81aba287711ba68dc1fd4ec68ecfd0b58339b326120458ffa458e64dd7c78df1a20ca1c9244225399a9545fce0fc39dd62171b308e01fc214b0

Download Submit
C:\Windows\system\CZqjSUF.exe

Filesize
6.0MB

MD5
58af2cc097d6fca32cb9f84108f05b3b

SHA1
02c6e852ae6672f3eb9260141e4dc2fe6948bda1

SHA256
ad93a17e7fa8f1ac4e316bc470ca404cb7e04ebd91e032ba3fe29165b8edde39

SHA512
a18af129ce3c57964bf03b811c0dd608d7c4551d6dff8cb75ab5c4adf617fa7da97674d207ef728ff23f808b32016ac10e96a3a9b0ae7b60187399658d1ec32c

Download Submit
C:\Windows\system\EJylTgJ.exe

Filesize
6.0MB

MD5
475a9391d2666754fb8f68d85881d5af

SHA1
f33c1c0d281732af7290532016e35fb02440ca14

SHA256
dc46dc2fb668ad1afc8ab6cadf95af3c46ccb0612d3d1bc79f171be206a9acea

SHA512
3ee4587f5db40343ac2ca4172e9a5b9d74cfcdc823683b45810435fca89bc1bae2a2a05fc1db39318c13ebd0ae767ffda9b04fa49d8d718995dd85db7beedbab

Download Submit
C:\Windows\system\EZTqLay.exe

Filesize
6.0MB

MD5
e73551140d47b5e66d5a314aaf418855

SHA1
8573527f573edd47e64d791bac0070b378d4a905

SHA256
aea7b195b98de5f6cadb016cd968ffb4d2e1a25bb01cb055f23950fd4e289930

SHA512
61fd014da9913e5b7b670ff6fd9c6d3868fe5312dd29c3eea706f3020ac53c5ee7b5703a5736d3e94e5668f7fb68a76d8436c09563e84270def8681aebeb50a7

Download Submit
C:\Windows\system\EdTTCmh.exe

Filesize
6.0MB

MD5
e2d1a098b9f916ee16c99063b4512e6b

SHA1
72331a33b88a43b4bcc9848aec82b68becc59e6f

SHA256
287aeab63b2b4051adb4034b1c864289c9dcecbe648a3c28e2309a552fe235f8

SHA512
8b0eb83e62027b7fcc5bbd6105f28a55687045089145599138fe1a3a4a2651ec3e151beaca2aef8ad8b132fde3b29419b367ef421776aeed5f5df42899a6242b

Download Submit
C:\Windows\system\HBgxXLw.exe

Filesize
6.0MB

MD5
0f088b546d66513f1a217db2f36ecfd6

SHA1
14023ced9360e5cb7c84b1161403d82c41afc88b

SHA256
3835fe4561a8317e7809c0928b1a6ec8303431bb22e301d895746e59a982ec6f

SHA512
ae85e4b30c3183ab2addd5c86c10b08f961910da994e73bed9f732087788f022f588101bc2e67e53a0372570d70874beb5956ff9277d30596060410c62dd5903

Download Submit
C:\Windows\system\HlkNgbT.exe

Filesize
6.0MB

MD5
c02e6d9f51f02f9a5db0e11ed5d5bede

SHA1
72b4a7c7d69ee55a252ccf461f2721ba7346ba03

SHA256
44c1e751f41a4cac2e2894e4bcfcbb19a50fd07a8fe3899e16eda7b37ad1ff6b

SHA512
a4d9eb93e21e683c79c168a8cc3af71a9dacf02157b3c0dd21ad6ccb0ec1b7a118826007fa1fdcd1d7d1c8596742230bb9050056bd042b54f6ef76b1a2ce76ff

Download Submit
C:\Windows\system\LuNHyCo.exe

Filesize
6.0MB

MD5
98f3047f00ec1dd9bd5b86ff3df938de

SHA1
66c2db09158dcebd8b0918dcd94b76742005dd45

SHA256
2063a80e3a3372c6d2cf763dca778b8e0997242197473250f6627c8a506d4cb2

SHA512
836e43dc866bbbe3aee3fdf444232f93f0ba24c0866439d9a5747506a69ce2b3f473a0833879a6936f2148e73ec1ff0d21e1d86c32931e98f20ae21fdafd0d8b

Download Submit
C:\Windows\system\MkYVsXg.exe

Filesize
6.0MB

MD5
d956846e486fe172896d46f89fb71942

SHA1
0e674f78d63b9a6557eee34baead42a0ab00308c

SHA256
7526aaaca516c8a96441b43a97bb809e5af11803b12527dbe1b076e3d3c7d878

SHA512
d41a2b4a83cfd55aa2660d807cd084b68fb8eeeee33f43c3ce469c6c9bffdd00fe59b415a4ee4ffae12da9a68a70d0ff3cbe82becbbf41b65b212444ffa739ba

Download Submit
C:\Windows\system\PCDdLtt.exe

Filesize
6.0MB

MD5
275b3ec640b9e51f814ed09593a78d27

SHA1
e05cec87b7729e51b8faf3db32620beab5113600

SHA256
4b981038bbd5637ff507e4313dc1dab8fbb6e7cc663288cce8401660303ee520

SHA512
3206ad2407902259da7ce50e2206c7c9ff0c14054c0576ca3ea1c11422679c578561df96c5a3bc04713ab528e524c6574c5932dab578cfa53f46644b93426107

Download Submit
C:\Windows\system\QWqkoJT.exe

Filesize
6.0MB

MD5
972489dec3b5c93a8f3460bd7fcce9d0

SHA1
2f34c6569bd775f4938d1542636f23e1373cebe3

SHA256
7a6b122919e152cc4e1a1c43fe0932944677e71c6aa74e4e1f2e844cf6294605

SHA512
fb5543a5d22f6fc9d224a0b4ea577c7d94087fb8d6a112960484f37988f10392a4c880c5470fefb01259df01d516b18d52b2b4f10175425830b9e85ce228d0ae

Download Submit
C:\Windows\system\UnVFbxi.exe

Filesize
6.0MB

MD5
ddb1d84ae36dfe68ad6dce1238abfd8b

SHA1
14485e4037a362ca61d6909cde968dd3f702b1f8

SHA256
017e0bce78930df7e53dd54fe7f825f98c23d1b8fca24badab1b262d5472ff9f

SHA512
b61d48ffa3bf0ecdf8b332d29a0b71e914b8fc40d38ce36fe568a67656568429cf2b0cb29eb547432c013f22378d7aafa3ae3acb123b03052e6f0d29d894286a

Download Submit
C:\Windows\system\VhlVSPU.exe

Filesize
6.0MB

MD5
eaafeb5c167647985f4caefa0bc53c55

SHA1
0fe55186c0103e0f15734136f21d529573219ffa

SHA256
3821d5191cbfe89d8916d88b8257b2142ff02fb6d92a3d7a1eed2c8d3c080e6d

SHA512
7707a1cd3fb398a9b3de20c1a32994650af39df37e058a9ec893de4d411ef67d7a96f7901304763dac09686e365a93390ae794035dcdece2a54dd13cf5a03ba4

Download Submit
C:\Windows\system\WZBQiZU.exe

Filesize
6.0MB

MD5
e360c69717feca722fc9e5a4437c0bff

SHA1
f0a4cbf946f41a0f9c10e655195e09ff1ec25be9

SHA256
0e0316f138176792b176af7b89732ec4da5815cc8e021edebc81d22576f69cf2

SHA512
036348201fe4df8fdd688a6e0705d8d5fa25692a1eb3912d03b893e7ef3cd7886947244b3d48c92c459eb3551c4cccf29417dfa9351d1dc79b7447e14efd34a5

Download Submit
C:\Windows\system\WiKEVBD.exe

Filesize
6.0MB

MD5
8336cf29006eb72c691a4e601d166f08

SHA1
40db78c904b4943b7e31a6e22bdc9064ab025463

SHA256
b3b5a7db2c5474a37b6ecc3666ea3fec92677f09527f3ab8d7c310203cc203ab

SHA512
c2db427990268ca03fdb569f40464a9dad3702bd7a1c92c31f423cd7ac0c568dfdec267db186ed35bbad7568c5b36895c73cc1ad6bdffd7fd25b9f218716f980

Download Submit
C:\Windows\system\YcaEzOW.exe

Filesize
6.0MB

MD5
67962c06cdbc6f3874a67fc19bff41df

SHA1
37b2c5495904838ef733e4b926e8b4970765f25c

SHA256
7397d114806be96c27f366a6ead7dfb2e3222765931b10d6b3cf889e1ba61f2f

SHA512
640d3e6c72b158ba11d7c8c11f031604fd3f826132c6bbf2c489e76cb34e8757fa70c9688192104713d3d3c466c102f4212e68c8f7b49e49d443e5b3a7fa275d

Download Submit
C:\Windows\system\ZOhZWlZ.exe

Filesize
6.0MB

MD5
2d7352e7d7aab94a9953e16f360e4ff3

SHA1
9cd145312806a68adf2dbca08277ac7f6dfed0e2

SHA256
29f6f587c0836d9c8e4b67260c72c0d8e0651ca8bd65cbbf1f3ee2a46c0f86c8

SHA512
2c5949b5de8ba41d7b8446da8cf71623ff48b0f0ea820bf2fa896011f5d62cb8f750024a515d6a317f8df5af054561fb03b81ed875d0ab6b4c4ea035a930435d

Download Submit
C:\Windows\system\gPVNGRq.exe

Filesize
6.0MB

MD5
acdbaecbc8cca936d4acb8115c8e372c

SHA1
54fa95597f39182122fabc3d99d8bb21377ae6db

SHA256
869f526db2ad63fb3b0ff11fb84365ad86f8819d137d6e7b0b1c47fabec834c7

SHA512
6c34c27c0140b4279543e898c82c6883394e18bb41b90f83e4e688b3ea15fb3b37030368a0640d36cb8c370433caf0579302da4d64c007d14bdecd7a9672922e

Download Submit
C:\Windows\system\goMPgUg.exe

Filesize
6.0MB

MD5
74a7589d52bec4a680c317e258f747f6

SHA1
9f76b0cb22bb9a4d3451a2c953d5cc6c84847ec4

SHA256
7341eff210dee1db56553dd03807e4d4d626910ede9bd81556aa8630aa27c006

SHA512
26dda19eff820ba2974da0cd61e08373183f84c1a7457cad1d96c4f76a2be7f842b52ebbeb01cbc5587840ce0327f46ac6a8d1a1415d3f09947ac457b88fe2c8

Download Submit
C:\Windows\system\hglEeyS.exe

Filesize
6.0MB

MD5
ddcf1539619b8d88d2ed1919836e9f5e

SHA1
0c58c0f6f38318385cc47d50ab6a03476a6b8759

SHA256
42b23c464687e188c9cd664df259bd15cbe534646faa8a685c58d8ae6a367f02

SHA512
3b8416a65870e393e191041e307a02358c7cb3bb40939e4de732d3e9716c199cde175d586d81ab0386848849e22762f54bd2f1c4d1433c2dcfa92b99a85c06f7

Download Submit
C:\Windows\system\kQyQqDj.exe

Filesize
6.0MB

MD5
db5bafa1d1383d272e0d512a33d10332

SHA1
ca1b8d374d50ff1a7d7ec40d3b4e3f159e3e2c32

SHA256
acef14679433a57b2c0230776946ea634937c960ed1f64a98c01fceead475793

SHA512
08af9c0aed01aab465393321e71b8a360b1d2d032d5638ec191b6e0b08ef1d26a548f480c465e48351c22eeabf630e7e6d418ef7e02bb7241c194380b7ae1294

Download Submit
C:\Windows\system\lyNlWou.exe

Filesize
6.0MB

MD5
e205eac34c972844ecef3e515bfe2b24

SHA1
ecad562b3cf029f7c2355088e1acd55f14aac1c0

SHA256
081c82d331f18418b2d5985167ee81692dd799403eeb333536326913cd711eea

SHA512
b116f5641e6ee9ec8fa83302261758fcf2a31c8330940d4a10e17791de5dd3704ac812cc8255c3d029ebbb768fc500a2b69152c28934d6df1d7d4c11dfe12496

Download Submit
C:\Windows\system\nQcgGfU.exe

Filesize
6.0MB

MD5
662fbb100490b6842819f282b966cc57

SHA1
20dd0dcd17b9820fed304cd80c3e84125d8f879f

SHA256
1f960097f32de9e412e3d3e05081510f73d4e76070f87c57809c2ce79fcdcade

SHA512
754048ebcff48edc8cb8fcaa7c2fcdd94511090e7b420ac9a41b30463efd5f9f4f099d43e895c691944c94c096c45c730106fbc5d2d654bb5c329bfc80d7abf9

Download Submit
C:\Windows\system\qIqjsPk.exe

Filesize
6.0MB

MD5
d54fef83f013e6cd27c33cf16520e55f

SHA1
e39983d152037896983d377f5248e5e98db643c5

SHA256
229f5ac900faf627f736c27da7cad051cd8f917c13f78618cc55f080089d8f04

SHA512
4dc2050b762cc4a9c7642f9fc0b115b4eecb48287d9573b3be9fe795175f6355b98c7f5e741e65847c697f887cda371d67106c9740c63d9b699389a9a28f2e1f

Download Submit
C:\Windows\system\yVwuGFc.exe

Filesize
6.0MB

MD5
cb750627719ac6dcc92ebc7fdb39ebcd

SHA1
e107ccd148d32f10200f4337690ff4ce734499bc

SHA256
614d03b3bb82c47123cb3a6a965f27cab747139e5c064c8133751da1efcd1cff

SHA512
f8662bddb9a9ffed98ec969f2e3eecccb372af4113ec36d061b650a4fb125442768e4233e3390ee8c27426f2a17c7b538777fcda6c4b9ba91f1e9e297ddfb089

Download Submit
C:\Windows\system\zlhZrKr.exe

Filesize
6.0MB

MD5
70aeab5a8a52dd1db48a296ef4c46429

SHA1
28df6902fbab33883cf8ec75f2536a7ff5e7e65b

SHA256
1ec5629d156caa35e4954468c46ee7bfdb14f8a0d712c9b9fe914c2ced5ceb4d

SHA512
fd43350967ef582c89c117672244ceab3245c889be296815a381821f051196903bfe805bc94d098626d44ea5b054283a96d1e6d8cb63d9df120d15540f037809

Download Submit
C:\Windows\system\zxNdaxV.exe

Filesize
6.0MB

MD5
9191962244e89452245c22aec3b30354

SHA1
cc9e9003235575b26395a968cb62bb50196703ba

SHA256
c5e0a227e99e60ee4ee2b5118c26fada0835b4be05a7251dbc0dbe331e52e7f1

SHA512
7ad5dd0fe08dba90beee8865d2a29cfb19c01ef2021972aff9a4b49aea47e94d94ca6b078cdabcf4d6cd7b102d47338276ee9523c2ac14ca56eaf964e5d9fe2a

Download Submit
\Windows\system\nveWnDF.exe

Filesize
6.0MB

MD5
124c6fcff9547188c6bafc3e73747d01

SHA1
4176699c40c210ad21695867ecfa0fd9aa1132ef

SHA256
6a6952a141135c75cc941f6c96c321413e85bf6f989cdcae04f9bb0f00f5bf0d

SHA512
9f161dd8ab9a2d9ae62ffb7984dba0954344d988702646520677d9957591926bc7934183dbfd96064c11c0e15ce87c6b6ce341c5082b1aa9ba7295585be826bb

Download Submit
\Windows\system\sOHdNpg.exe

Filesize
6.0MB

MD5
9c5c9656afdf8a7e7830430ec48ae835

SHA1
452053388b63182563186eaf82002049c77fbeb6

SHA256
6c8213255786091808855391e4fe6dfea53ee00270edba24d7b02fe3bef4f052

SHA512
45283b76086b014fce0e29f3f301a873319f000cedb9b7b69465cfbb9c15a6923cf9f719b3f6fbd5c0a5868a0d958257fa4ef08db1bbe2f13aa1edd8a984a540

Download Submit
\Windows\system\tnzgKMk.exe

Filesize
6.0MB

MD5
cf1956e30d9c946189c3ca30ba8054e6

SHA1
f4ec007d41ca43f671766b487700692923dc5d43

SHA256
8ebf987b1502cd0d05b72764b5e1bbef9cd37cc81e9b935095adf28137803abd

SHA512
601a4b78fa2c82b4ef8a62019ab35f2dfc6d78016ee164e67775e34ea5752c68d3308739a25526dad79a4e903f02d2d8c24f09037a50ec421b9c7463b9949a44

Download Submit
\Windows\system\uTtIysK.exe

Filesize
6.0MB

MD5
8ede0e6068d601aab83afb1c3d8fe9ef

SHA1
ce2365f883078aa5714041efa9ad838f4f477f66

SHA256
10c4278f2d045cf41dcdb40b7875e5b66bc02ddb04489066a7a2ca5f34e15b1c

SHA512
1ec469d328c51faf55aef5e5aef6e0395d419e8d917f33e595e57a2d20f0d30cbbb55f43b5da722b738e2904a69693c85fe15e7be9cc14971e1a321ae3572c05

Download Submit
\Windows\system\upuLQkL.exe

Filesize
6.0MB

MD5
75d4d8f25712ff4307b72d852d3aee41

SHA1
f64f34d5e66585d1514e3f7881f7099d17bc604e

SHA256
6abdd731ebf9a8f89eddf7ced14657545290faf9e292c3202c7f94b8dab795cd

SHA512
fa02637218b7a357689f94cc02fa5d07e04ca9ab49a5d5274830c12db849862cd374e4ae746afd3eef9d72b044f2ffd1bda07624644566dd3a6037bea8a934c8

Download Submit
memory/1056-41-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-4106-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1552-4098-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1552-35-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1780-1046-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/1780-4107-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/1780-106-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2016-900-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-4105-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-96-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-68-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-1-0x0000000000300000-0x0000000000310000-memory.dmp

Filesize
64KB

Download
memory/2296-1083-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2296-0-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2296-102-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2296-387-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2296-59-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2296-110-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-88-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2296-58-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-14-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2296-33-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-103-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2296-582-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2296-37-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-26-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-92-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-45-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2296-47-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2296-76-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2296-83-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2296-57-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2296-54-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2296-979-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2296-111-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2336-48-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2336-10-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2344-15-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2576-79-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2576-4103-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2576-512-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2668-71-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-4102-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-275-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-55-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2672-95-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2672-4099-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2736-29-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-4096-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-39-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-4097-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-75-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-87-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2820-4101-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2820-49-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2892-4100-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2892-105-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2892-63-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/3012-4104-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/3012-704-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/3012-89-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download