cobaltstrike | 2dd12f0663bfa0f1298de45959abffbcd7ad468b4d0922ef0b8b2495c388da03

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04-10-2024 21:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

fda2aa63e0e88702d183cf084b3bf781
SHA1

aad1645bc56798bcd39868a5be72b4c86ef4c050
SHA256

2dd12f0663bfa0f1298de45959abffbcd7ad468b4d0922ef0b8b2495c388da03
SHA512

69468c068657bd492ad533c3ac6594fb184f7f01e307fbce046ee447a4ea88e0f25ce68ccc2ea858a66a27884046cbda1144db066b4d3836e6f2e59f8a4c7766
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUv:T+q56utgpPF8u/7v

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000f0000000139a5-6.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173b2-12.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173f6-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017474-27.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962a-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001966c-77.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019616-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019618-65.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001749c-49.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db8-122.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196e8-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3a-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196ac-87.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c36-99.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019da4-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d20-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a301-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a345-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42b-189.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0a1-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07b-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a067-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f9f-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fb9-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d44-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c53-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c38-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001997c-126.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016f97-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019614-46.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000017481-30.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001746c-26.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2076-0-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/files/0x000f0000000139a5-6.dat	xmrig
behavioral1/files/0x00080000000173b2-12.dat	xmrig
behavioral1/memory/2640-16-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/1664-13-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/files/0x00070000000173f6-10.dat	xmrig
behavioral1/files/0x0007000000017474-27.dat	xmrig
behavioral1/memory/2816-45-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2076-55-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2076-66-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2588-62-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/2144-78-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2624-83-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001962a-84.dat	xmrig
behavioral1/memory/2572-85-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2616-72-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2076-80-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/files/0x000500000001966c-77.dat	xmrig
behavioral1/memory/1664-61-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019616-60.dat	xmrig
behavioral1/memory/2428-59-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/files/0x0005000000019618-65.dat	xmrig
behavioral1/memory/2720-53-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/files/0x000900000001749c-49.dat	xmrig
behavioral1/files/0x0005000000019db8-122.dat	xmrig
behavioral1/files/0x00050000000196e8-142.dat	xmrig
behavioral1/files/0x0005000000019c3a-105.dat	xmrig
behavioral1/files/0x00050000000196ac-87.dat	xmrig
behavioral1/files/0x0005000000019c36-99.dat	xmrig
behavioral1/files/0x0005000000019da4-150.dat	xmrig
behavioral1/files/0x0005000000019d20-148.dat	xmrig
behavioral1/memory/2076-120-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/files/0x000500000001a301-178.dat	xmrig
behavioral1/files/0x000500000001a345-184.dat	xmrig
behavioral1/memory/2076-285-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2572-726-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2076-943-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2588-284-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a42b-189.dat	xmrig
behavioral1/files/0x000500000001a0a1-174.dat	xmrig
behavioral1/files/0x000500000001a07b-169.dat	xmrig
behavioral1/files/0x000500000001a067-164.dat	xmrig
behavioral1/files/0x0005000000019f9f-154.dat	xmrig
behavioral1/files/0x0005000000019fb9-159.dat	xmrig
behavioral1/files/0x0005000000019d44-129.dat	xmrig
behavioral1/files/0x0005000000019c53-128.dat	xmrig
behavioral1/files/0x0005000000019c38-127.dat	xmrig
behavioral1/files/0x000500000001997c-126.dat	xmrig
behavioral1/files/0x0009000000016f97-125.dat	xmrig
behavioral1/memory/2720-111-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/files/0x0005000000019614-46.dat	xmrig
behavioral1/memory/2192-41-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2688-40-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/files/0x0009000000017481-30.dat	xmrig
behavioral1/files/0x000700000001746c-26.dat	xmrig
behavioral1/memory/2144-24-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2640-4012-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2144-4013-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2192-4014-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2688-4015-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2816-4016-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2720-4017-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2616-4018-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2428-4019-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1664	YyWsnzD.exe
2640	iQCUkub.exe
2144	yzGsmRp.exe
2192	kRyJLmu.exe
2688	MEUgjIJ.exe
2816	lKlScIB.exe
2428	FBUuhOU.exe
2720	xgCyjPd.exe
2588	XQRXUeS.exe
2616	sTrsnMr.exe
2624	HamzkxZ.exe
2572	JvGmvbu.exe
608	eTnVQCc.exe
2788	mgcgMca.exe
2892	VDYcEfZ.exe
840	KnYAwAU.exe
380	QReEKrw.exe
3060	Hhcslut.exe
3048	mXybjem.exe
2800	hJYNepL.exe
2912	vjYhYjv.exe
1216	YzTKDHg.exe
1996	ODeKtpu.exe
1328	oMyCzQV.exe
1592	gkABbbP.exe
2504	tydRIqz.exe
1460	snwJQPL.exe
944	JkcViqt.exe
1680	chEjTMX.exe
816	DyEFUse.exe
1440	QtrqDCe.exe
1784	tJkLnXk.exe
2156	wtzqQCL.exe
1228	BDlpaTw.exe
1012	tQCkFfP.exe
2104	ZEfVfjQ.exe
2124	emXleJP.exe
2132	pjljLWM.exe
604	ueBwuGu.exe
3016	vNVcBoY.exe
2232	RZQubCw.exe
2424	IfQaHCc.exe
2296	ObAjGos.exe
2252	IqpUXZC.exe
2336	IuEsTeB.exe
280	JEfPaUL.exe
584	veBhiAS.exe
2948	AaOscKP.exe
1504	WomtKah.exe
2276	ueVTiEN.exe
2364	VtBQjiZ.exe
2488	TpMDPSJ.exe
2668	gXZIluA.exe
2856	bPJzvwd.exe
2828	fbDehks.exe
2872	qSBrksK.exe
2604	PAFzlYo.exe
1056	VpRpLcw.exe
2936	KkKwnNU.exe
2792	UFBGoQs.exe
2384	oqddOWF.exe
2180	EghlufF.exe
2100	iVGYIFU.exe
536	BMSAZMX.exe

Loads dropped DLL 64 IoCs

pid	Process
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2076-0-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/files/0x000f0000000139a5-6.dat	upx
behavioral1/files/0x00080000000173b2-12.dat	upx
behavioral1/memory/2640-16-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/1664-13-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/files/0x00070000000173f6-10.dat	upx
behavioral1/files/0x0007000000017474-27.dat	upx
behavioral1/memory/2816-45-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2076-55-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2588-62-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2144-78-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2624-83-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x000500000001962a-84.dat	upx
behavioral1/memory/2572-85-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/2616-72-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/files/0x000500000001966c-77.dat	upx
behavioral1/memory/1664-61-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/files/0x0005000000019616-60.dat	upx
behavioral1/memory/2428-59-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/files/0x0005000000019618-65.dat	upx
behavioral1/memory/2720-53-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/files/0x000900000001749c-49.dat	upx
behavioral1/files/0x0005000000019db8-122.dat	upx
behavioral1/files/0x00050000000196e8-142.dat	upx
behavioral1/files/0x0005000000019c3a-105.dat	upx
behavioral1/files/0x00050000000196ac-87.dat	upx
behavioral1/files/0x0005000000019c36-99.dat	upx
behavioral1/files/0x0005000000019da4-150.dat	upx
behavioral1/files/0x0005000000019d20-148.dat	upx
behavioral1/files/0x000500000001a301-178.dat	upx
behavioral1/files/0x000500000001a345-184.dat	upx
behavioral1/memory/2572-726-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/2588-284-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/files/0x000500000001a42b-189.dat	upx
behavioral1/files/0x000500000001a0a1-174.dat	upx
behavioral1/files/0x000500000001a07b-169.dat	upx
behavioral1/files/0x000500000001a067-164.dat	upx
behavioral1/files/0x0005000000019f9f-154.dat	upx
behavioral1/files/0x0005000000019fb9-159.dat	upx
behavioral1/files/0x0005000000019d44-129.dat	upx
behavioral1/files/0x0005000000019c53-128.dat	upx
behavioral1/files/0x0005000000019c38-127.dat	upx
behavioral1/files/0x000500000001997c-126.dat	upx
behavioral1/files/0x0009000000016f97-125.dat	upx
behavioral1/memory/2720-111-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/files/0x0005000000019614-46.dat	upx
behavioral1/memory/2192-41-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2688-40-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/files/0x0009000000017481-30.dat	upx
behavioral1/files/0x000700000001746c-26.dat	upx
behavioral1/memory/2144-24-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2640-4012-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2144-4013-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2192-4014-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2688-4015-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2816-4016-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2720-4017-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2616-4018-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2428-4019-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2624-4020-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2588-4021-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2572-4022-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\aMrXHDM.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qJCrNug.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JfeiQak.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bLLsHny.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XQiJtNK.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xnXzuWP.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aQMwDWt.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QIysYWY.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ryttKdj.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NyGhoEz.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dPDHEZm.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uIiPuJa.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ddemJPD.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cjJbwHz.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PQRZCpF.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kNIDaDh.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NixNZzb.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xgCyjPd.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mwVpUWl.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BflQqek.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sqKPycj.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DyBOYga.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lmyqyxf.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iazzjOH.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xuWDkTJ.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xyJFnpc.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvzdOBY.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OnYOmiW.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KNIGfOz.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VfolteL.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bpxsuDQ.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HQOtZMe.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hMewmWk.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jhrsuGx.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XNFlXiZ.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TZComAp.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CiEPFbc.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kMXviex.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WpYzGCZ.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ygKMXjD.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\usDvcuE.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yCefmZh.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GNICCcQ.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YTPXsmi.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nXCScdo.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PiJzhxX.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\alBdbWQ.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fpXeDHZ.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jBrUrie.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IfHnIoi.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qmvCwXd.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zznjJGV.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ItHchrO.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VbeGYMf.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VllbHpq.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dAjzJaP.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uDvYgJg.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\plZeHzA.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Pwlgwgz.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XWqHAYy.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sZwVnaL.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ABgbeAE.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WlDqSpc.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RFDCdmG.exe	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 1664	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2076 wrote to memory of 1664	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2076 wrote to memory of 1664	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2076 wrote to memory of 2640	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2076 wrote to memory of 2640	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2076 wrote to memory of 2640	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2076 wrote to memory of 2144	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2076 wrote to memory of 2144	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2076 wrote to memory of 2144	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2076 wrote to memory of 2192	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2076 wrote to memory of 2192	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2076 wrote to memory of 2192	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2076 wrote to memory of 2688	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2076 wrote to memory of 2688	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2076 wrote to memory of 2688	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2076 wrote to memory of 2816	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2076 wrote to memory of 2816	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2076 wrote to memory of 2816	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2076 wrote to memory of 2428	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2076 wrote to memory of 2428	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2076 wrote to memory of 2428	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2076 wrote to memory of 2720	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2076 wrote to memory of 2720	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2076 wrote to memory of 2720	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2076 wrote to memory of 2588	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2076 wrote to memory of 2588	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2076 wrote to memory of 2588	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2076 wrote to memory of 2616	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2076 wrote to memory of 2616	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2076 wrote to memory of 2616	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2076 wrote to memory of 2572	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2076 wrote to memory of 2572	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2076 wrote to memory of 2572	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2076 wrote to memory of 2624	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2076 wrote to memory of 2624	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2076 wrote to memory of 2624	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2076 wrote to memory of 3048	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2076 wrote to memory of 3048	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2076 wrote to memory of 3048	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2076 wrote to memory of 608	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2076 wrote to memory of 608	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2076 wrote to memory of 608	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2076 wrote to memory of 2800	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2076 wrote to memory of 2800	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2076 wrote to memory of 2800	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2076 wrote to memory of 2788	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2076 wrote to memory of 2788	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2076 wrote to memory of 2788	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2076 wrote to memory of 2912	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2076 wrote to memory of 2912	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2076 wrote to memory of 2912	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2076 wrote to memory of 2892	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2076 wrote to memory of 2892	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2076 wrote to memory of 2892	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2076 wrote to memory of 1216	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2076 wrote to memory of 1216	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2076 wrote to memory of 1216	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2076 wrote to memory of 840	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2076 wrote to memory of 840	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2076 wrote to memory of 840	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2076 wrote to memory of 1996	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2076 wrote to memory of 1996	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2076 wrote to memory of 1996	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2076 wrote to memory of 380	2076	2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-04_fda2aa63e0e88702d183cf084b3bf781_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Windows\System\YyWsnzD.exe
  C:\Windows\System\YyWsnzD.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\iQCUkub.exe
  C:\Windows\System\iQCUkub.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\yzGsmRp.exe
  C:\Windows\System\yzGsmRp.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\kRyJLmu.exe
  C:\Windows\System\kRyJLmu.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\MEUgjIJ.exe
  C:\Windows\System\MEUgjIJ.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\lKlScIB.exe
  C:\Windows\System\lKlScIB.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\FBUuhOU.exe
  C:\Windows\System\FBUuhOU.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\xgCyjPd.exe
  C:\Windows\System\xgCyjPd.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\XQRXUeS.exe
  C:\Windows\System\XQRXUeS.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\sTrsnMr.exe
  C:\Windows\System\sTrsnMr.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\JvGmvbu.exe
  C:\Windows\System\JvGmvbu.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\HamzkxZ.exe
  C:\Windows\System\HamzkxZ.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\mXybjem.exe
  C:\Windows\System\mXybjem.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\eTnVQCc.exe
  C:\Windows\System\eTnVQCc.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\hJYNepL.exe
  C:\Windows\System\hJYNepL.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\mgcgMca.exe
  C:\Windows\System\mgcgMca.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\vjYhYjv.exe
  C:\Windows\System\vjYhYjv.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\VDYcEfZ.exe
  C:\Windows\System\VDYcEfZ.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\YzTKDHg.exe
  C:\Windows\System\YzTKDHg.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\KnYAwAU.exe
  C:\Windows\System\KnYAwAU.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\ODeKtpu.exe
  C:\Windows\System\ODeKtpu.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\QReEKrw.exe
  C:\Windows\System\QReEKrw.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\oMyCzQV.exe
  C:\Windows\System\oMyCzQV.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\Hhcslut.exe
  C:\Windows\System\Hhcslut.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\gkABbbP.exe
  C:\Windows\System\gkABbbP.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\tydRIqz.exe
  C:\Windows\System\tydRIqz.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\snwJQPL.exe
  C:\Windows\System\snwJQPL.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\JkcViqt.exe
  C:\Windows\System\JkcViqt.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\chEjTMX.exe
  C:\Windows\System\chEjTMX.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\DyEFUse.exe
  C:\Windows\System\DyEFUse.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\QtrqDCe.exe
  C:\Windows\System\QtrqDCe.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\tJkLnXk.exe
  C:\Windows\System\tJkLnXk.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\wtzqQCL.exe
  C:\Windows\System\wtzqQCL.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\BDlpaTw.exe
  C:\Windows\System\BDlpaTw.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\tQCkFfP.exe
  C:\Windows\System\tQCkFfP.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\ZEfVfjQ.exe
  C:\Windows\System\ZEfVfjQ.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\emXleJP.exe
  C:\Windows\System\emXleJP.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\pjljLWM.exe
  C:\Windows\System\pjljLWM.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\ueBwuGu.exe
  C:\Windows\System\ueBwuGu.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\vNVcBoY.exe
  C:\Windows\System\vNVcBoY.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\RZQubCw.exe
  C:\Windows\System\RZQubCw.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\IfQaHCc.exe
  C:\Windows\System\IfQaHCc.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\ObAjGos.exe
  C:\Windows\System\ObAjGos.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\IqpUXZC.exe
  C:\Windows\System\IqpUXZC.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\IuEsTeB.exe
  C:\Windows\System\IuEsTeB.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\JEfPaUL.exe
  C:\Windows\System\JEfPaUL.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\veBhiAS.exe
  C:\Windows\System\veBhiAS.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\AaOscKP.exe
  C:\Windows\System\AaOscKP.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\WomtKah.exe
  C:\Windows\System\WomtKah.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\ueVTiEN.exe
  C:\Windows\System\ueVTiEN.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\VtBQjiZ.exe
  C:\Windows\System\VtBQjiZ.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\TpMDPSJ.exe
  C:\Windows\System\TpMDPSJ.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\gXZIluA.exe
  C:\Windows\System\gXZIluA.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\bPJzvwd.exe
  C:\Windows\System\bPJzvwd.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\fbDehks.exe
  C:\Windows\System\fbDehks.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\qSBrksK.exe
  C:\Windows\System\qSBrksK.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\VpRpLcw.exe
  C:\Windows\System\VpRpLcw.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\PAFzlYo.exe
  C:\Windows\System\PAFzlYo.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\UFBGoQs.exe
  C:\Windows\System\UFBGoQs.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\KkKwnNU.exe
  C:\Windows\System\KkKwnNU.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\EghlufF.exe
  C:\Windows\System\EghlufF.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\oqddOWF.exe
  C:\Windows\System\oqddOWF.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\BMSAZMX.exe
  C:\Windows\System\BMSAZMX.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\iVGYIFU.exe
  C:\Windows\System\iVGYIFU.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\jxIpdYI.exe
  C:\Windows\System\jxIpdYI.exe
  2⤵
  PID:2456
- C:\Windows\System\cyZCJem.exe
  C:\Windows\System\cyZCJem.exe
  2⤵
  PID:2452
- C:\Windows\System\LRfrdTa.exe
  C:\Windows\System\LRfrdTa.exe
  2⤵
  PID:1564
- C:\Windows\System\GUFXPAU.exe
  C:\Windows\System\GUFXPAU.exe
  2⤵
  PID:1300
- C:\Windows\System\cujKxPO.exe
  C:\Windows\System\cujKxPO.exe
  2⤵
  PID:112
- C:\Windows\System\EsievHR.exe
  C:\Windows\System\EsievHR.exe
  2⤵
  PID:572
- C:\Windows\System\KnBlONY.exe
  C:\Windows\System\KnBlONY.exe
  2⤵
  PID:2268
- C:\Windows\System\rIogPpT.exe
  C:\Windows\System\rIogPpT.exe
  2⤵
  PID:1232
- C:\Windows\System\AYNHuiJ.exe
  C:\Windows\System\AYNHuiJ.exe
  2⤵
  PID:1164
- C:\Windows\System\JEINlAp.exe
  C:\Windows\System\JEINlAp.exe
  2⤵
  PID:2064
- C:\Windows\System\fGqWubT.exe
  C:\Windows\System\fGqWubT.exe
  2⤵
  PID:2116
- C:\Windows\System\XigPRwD.exe
  C:\Windows\System\XigPRwD.exe
  2⤵
  PID:564
- C:\Windows\System\idctbjW.exe
  C:\Windows\System\idctbjW.exe
  2⤵
  PID:1016
- C:\Windows\System\ZcdnxrJ.exe
  C:\Windows\System\ZcdnxrJ.exe
  2⤵
  PID:1436
- C:\Windows\System\BqMkJIg.exe
  C:\Windows\System\BqMkJIg.exe
  2⤵
  PID:2996
- C:\Windows\System\rUnJSnu.exe
  C:\Windows\System\rUnJSnu.exe
  2⤵
  PID:276
- C:\Windows\System\PQgNjyb.exe
  C:\Windows\System\PQgNjyb.exe
  2⤵
  PID:2500
- C:\Windows\System\AKlITic.exe
  C:\Windows\System\AKlITic.exe
  2⤵
  PID:1540
- C:\Windows\System\swEHeVf.exe
  C:\Windows\System\swEHeVf.exe
  2⤵
  PID:2684
- C:\Windows\System\euzunFS.exe
  C:\Windows\System\euzunFS.exe
  2⤵
  PID:2680
- C:\Windows\System\bMjvfaN.exe
  C:\Windows\System\bMjvfaN.exe
  2⤵
  PID:2512
- C:\Windows\System\McOGWyx.exe
  C:\Windows\System\McOGWyx.exe
  2⤵
  PID:2700
- C:\Windows\System\PdiUDhh.exe
  C:\Windows\System\PdiUDhh.exe
  2⤵
  PID:2196
- C:\Windows\System\xCMCPIq.exe
  C:\Windows\System\xCMCPIq.exe
  2⤵
  PID:468
- C:\Windows\System\KerNiQZ.exe
  C:\Windows\System\KerNiQZ.exe
  2⤵
  PID:2056
- C:\Windows\System\woOopyl.exe
  C:\Windows\System\woOopyl.exe
  2⤵
  PID:3032
- C:\Windows\System\MIYfVcE.exe
  C:\Windows\System\MIYfVcE.exe
  2⤵
  PID:1676
- C:\Windows\System\THeRWUO.exe
  C:\Windows\System\THeRWUO.exe
  2⤵
  PID:552
- C:\Windows\System\GAlqdfW.exe
  C:\Windows\System\GAlqdfW.exe
  2⤵
  PID:1684
- C:\Windows\System\sbdGnmN.exe
  C:\Windows\System\sbdGnmN.exe
  2⤵
  PID:1712
- C:\Windows\System\BMFQXSx.exe
  C:\Windows\System\BMFQXSx.exe
  2⤵
  PID:1212
- C:\Windows\System\iPRwxUq.exe
  C:\Windows\System\iPRwxUq.exe
  2⤵
  PID:3004
- C:\Windows\System\eebeGiP.exe
  C:\Windows\System\eebeGiP.exe
  2⤵
  PID:2300
- C:\Windows\System\rJLgxsT.exe
  C:\Windows\System\rJLgxsT.exe
  2⤵
  PID:2068
- C:\Windows\System\WhRuuZM.exe
  C:\Windows\System\WhRuuZM.exe
  2⤵
  PID:324
- C:\Windows\System\uWYxcZJ.exe
  C:\Windows\System\uWYxcZJ.exe
  2⤵
  PID:2492
- C:\Windows\System\uVosLam.exe
  C:\Windows\System\uVosLam.exe
  2⤵
  PID:2676
- C:\Windows\System\rykmeUH.exe
  C:\Windows\System\rykmeUH.exe
  2⤵
  PID:2644
- C:\Windows\System\owpvKuf.exe
  C:\Windows\System\owpvKuf.exe
  2⤵
  PID:3028
- C:\Windows\System\UgyJzSy.exe
  C:\Windows\System\UgyJzSy.exe
  2⤵
  PID:2780
- C:\Windows\System\bVUjmLY.exe
  C:\Windows\System\bVUjmLY.exe
  2⤵
  PID:1660
- C:\Windows\System\vZGRFoE.exe
  C:\Windows\System\vZGRFoE.exe
  2⤵
  PID:1640
- C:\Windows\System\ewpolvL.exe
  C:\Windows\System\ewpolvL.exe
  2⤵
  PID:2524
- C:\Windows\System\JKblaCs.exe
  C:\Windows\System\JKblaCs.exe
  2⤵
  PID:1732
- C:\Windows\System\dAxKMft.exe
  C:\Windows\System\dAxKMft.exe
  2⤵
  PID:2968
- C:\Windows\System\OFJZtOs.exe
  C:\Windows\System\OFJZtOs.exe
  2⤵
  PID:1456
- C:\Windows\System\uBbnVqN.exe
  C:\Windows\System\uBbnVqN.exe
  2⤵
  PID:848
- C:\Windows\System\OqGTtHF.exe
  C:\Windows\System\OqGTtHF.exe
  2⤵
  PID:1532
- C:\Windows\System\lnIkeTg.exe
  C:\Windows\System\lnIkeTg.exe
  2⤵
  PID:2568
- C:\Windows\System\xUZaCwX.exe
  C:\Windows\System\xUZaCwX.exe
  2⤵
  PID:3092
- C:\Windows\System\pkttMBA.exe
  C:\Windows\System\pkttMBA.exe
  2⤵
  PID:3116
- C:\Windows\System\faBYayf.exe
  C:\Windows\System\faBYayf.exe
  2⤵
  PID:3132
- C:\Windows\System\MevDzFa.exe
  C:\Windows\System\MevDzFa.exe
  2⤵
  PID:3156
- C:\Windows\System\zkOYXLl.exe
  C:\Windows\System\zkOYXLl.exe
  2⤵
  PID:3176
- C:\Windows\System\rUCRLuJ.exe
  C:\Windows\System\rUCRLuJ.exe
  2⤵
  PID:3196
- C:\Windows\System\sZwVnaL.exe
  C:\Windows\System\sZwVnaL.exe
  2⤵
  PID:3216
- C:\Windows\System\xTgRdnH.exe
  C:\Windows\System\xTgRdnH.exe
  2⤵
  PID:3236
- C:\Windows\System\BSusyuT.exe
  C:\Windows\System\BSusyuT.exe
  2⤵
  PID:3256
- C:\Windows\System\mPZVJnf.exe
  C:\Windows\System\mPZVJnf.exe
  2⤵
  PID:3276
- C:\Windows\System\FbHUJjK.exe
  C:\Windows\System\FbHUJjK.exe
  2⤵
  PID:3296
- C:\Windows\System\SewIRrY.exe
  C:\Windows\System\SewIRrY.exe
  2⤵
  PID:3316
- C:\Windows\System\Djdvrha.exe
  C:\Windows\System\Djdvrha.exe
  2⤵
  PID:3332
- C:\Windows\System\EZOFurQ.exe
  C:\Windows\System\EZOFurQ.exe
  2⤵
  PID:3356
- C:\Windows\System\ABgbeAE.exe
  C:\Windows\System\ABgbeAE.exe
  2⤵
  PID:3376
- C:\Windows\System\NACsccL.exe
  C:\Windows\System\NACsccL.exe
  2⤵
  PID:3396
- C:\Windows\System\aHeMNXi.exe
  C:\Windows\System\aHeMNXi.exe
  2⤵
  PID:3412
- C:\Windows\System\ddNwMNQ.exe
  C:\Windows\System\ddNwMNQ.exe
  2⤵
  PID:3436
- C:\Windows\System\iMABghs.exe
  C:\Windows\System\iMABghs.exe
  2⤵
  PID:3456
- C:\Windows\System\uCMSNWP.exe
  C:\Windows\System\uCMSNWP.exe
  2⤵
  PID:3476
- C:\Windows\System\mtHvGpG.exe
  C:\Windows\System\mtHvGpG.exe
  2⤵
  PID:3496
- C:\Windows\System\BpFppyr.exe
  C:\Windows\System\BpFppyr.exe
  2⤵
  PID:3516
- C:\Windows\System\YKrwqTx.exe
  C:\Windows\System\YKrwqTx.exe
  2⤵
  PID:3536
- C:\Windows\System\XzFZkQx.exe
  C:\Windows\System\XzFZkQx.exe
  2⤵
  PID:3556
- C:\Windows\System\DqCtWnK.exe
  C:\Windows\System\DqCtWnK.exe
  2⤵
  PID:3572
- C:\Windows\System\NwwlDLs.exe
  C:\Windows\System\NwwlDLs.exe
  2⤵
  PID:3596
- C:\Windows\System\iGWkbWG.exe
  C:\Windows\System\iGWkbWG.exe
  2⤵
  PID:3616
- C:\Windows\System\HCfGZMG.exe
  C:\Windows\System\HCfGZMG.exe
  2⤵
  PID:3636
- C:\Windows\System\fJXdWtr.exe
  C:\Windows\System\fJXdWtr.exe
  2⤵
  PID:3656
- C:\Windows\System\QncRoSG.exe
  C:\Windows\System\QncRoSG.exe
  2⤵
  PID:3676
- C:\Windows\System\rFkWCua.exe
  C:\Windows\System\rFkWCua.exe
  2⤵
  PID:3692
- C:\Windows\System\pNYybKo.exe
  C:\Windows\System\pNYybKo.exe
  2⤵
  PID:3716
- C:\Windows\System\gzEHoWi.exe
  C:\Windows\System\gzEHoWi.exe
  2⤵
  PID:3732
- C:\Windows\System\lCacYsZ.exe
  C:\Windows\System\lCacYsZ.exe
  2⤵
  PID:3756
- C:\Windows\System\NyGhoEz.exe
  C:\Windows\System\NyGhoEz.exe
  2⤵
  PID:3776
- C:\Windows\System\VMBMYMp.exe
  C:\Windows\System\VMBMYMp.exe
  2⤵
  PID:3796
- C:\Windows\System\vMMBDAN.exe
  C:\Windows\System\vMMBDAN.exe
  2⤵
  PID:3816
- C:\Windows\System\UqNPYAT.exe
  C:\Windows\System\UqNPYAT.exe
  2⤵
  PID:3836
- C:\Windows\System\YoCcURX.exe
  C:\Windows\System\YoCcURX.exe
  2⤵
  PID:3852
- C:\Windows\System\SxBeHsZ.exe
  C:\Windows\System\SxBeHsZ.exe
  2⤵
  PID:3876
- C:\Windows\System\ggDqFiz.exe
  C:\Windows\System\ggDqFiz.exe
  2⤵
  PID:3892
- C:\Windows\System\tzhoJMh.exe
  C:\Windows\System\tzhoJMh.exe
  2⤵
  PID:3920
- C:\Windows\System\rmHVWbt.exe
  C:\Windows\System\rmHVWbt.exe
  2⤵
  PID:3936
- C:\Windows\System\haPkBLF.exe
  C:\Windows\System\haPkBLF.exe
  2⤵
  PID:3960
- C:\Windows\System\wzCkHGj.exe
  C:\Windows\System\wzCkHGj.exe
  2⤵
  PID:3980
- C:\Windows\System\IfHnIoi.exe
  C:\Windows\System\IfHnIoi.exe
  2⤵
  PID:4000
- C:\Windows\System\eBXoqtP.exe
  C:\Windows\System\eBXoqtP.exe
  2⤵
  PID:4020
- C:\Windows\System\MDffGRJ.exe
  C:\Windows\System\MDffGRJ.exe
  2⤵
  PID:4040
- C:\Windows\System\JgeRVRC.exe
  C:\Windows\System\JgeRVRC.exe
  2⤵
  PID:4056
- C:\Windows\System\kMXviex.exe
  C:\Windows\System\kMXviex.exe
  2⤵
  PID:4080
- C:\Windows\System\xjxXxkM.exe
  C:\Windows\System\xjxXxkM.exe
  2⤵
  PID:708
- C:\Windows\System\BCeXvvh.exe
  C:\Windows\System\BCeXvvh.exe
  2⤵
  PID:1656
- C:\Windows\System\VCXdGZi.exe
  C:\Windows\System\VCXdGZi.exe
  2⤵
  PID:2924
- C:\Windows\System\lSxQTRO.exe
  C:\Windows\System\lSxQTRO.exe
  2⤵
  PID:2712
- C:\Windows\System\rFUGnBg.exe
  C:\Windows\System\rFUGnBg.exe
  2⤵
  PID:676
- C:\Windows\System\TgzRbmd.exe
  C:\Windows\System\TgzRbmd.exe
  2⤵
  PID:2388
- C:\Windows\System\jYRWBSv.exe
  C:\Windows\System\jYRWBSv.exe
  2⤵
  PID:3100
- C:\Windows\System\HbThZZC.exe
  C:\Windows\System\HbThZZC.exe
  2⤵
  PID:3104
- C:\Windows\System\hKBzztN.exe
  C:\Windows\System\hKBzztN.exe
  2⤵
  PID:3148
- C:\Windows\System\GEnHYnl.exe
  C:\Windows\System\GEnHYnl.exe
  2⤵
  PID:3184
- C:\Windows\System\pXqMZBf.exe
  C:\Windows\System\pXqMZBf.exe
  2⤵
  PID:3188
- C:\Windows\System\AIZLhrm.exe
  C:\Windows\System\AIZLhrm.exe
  2⤵
  PID:3228
- C:\Windows\System\hdMdcAm.exe
  C:\Windows\System\hdMdcAm.exe
  2⤵
  PID:3204
- C:\Windows\System\HOyLOrY.exe
  C:\Windows\System\HOyLOrY.exe
  2⤵
  PID:3304
- C:\Windows\System\NjTtEkp.exe
  C:\Windows\System\NjTtEkp.exe
  2⤵
  PID:3292
- C:\Windows\System\ieHIPni.exe
  C:\Windows\System\ieHIPni.exe
  2⤵
  PID:3328
- C:\Windows\System\dUyCnMe.exe
  C:\Windows\System\dUyCnMe.exe
  2⤵
  PID:3372
- C:\Windows\System\LrGpfBy.exe
  C:\Windows\System\LrGpfBy.exe
  2⤵
  PID:3368
- C:\Windows\System\FOqBIkj.exe
  C:\Windows\System\FOqBIkj.exe
  2⤵
  PID:3444
- C:\Windows\System\xihAKms.exe
  C:\Windows\System\xihAKms.exe
  2⤵
  PID:3452
- C:\Windows\System\IDpLZPg.exe
  C:\Windows\System\IDpLZPg.exe
  2⤵
  PID:3484
- C:\Windows\System\DKWfbDQ.exe
  C:\Windows\System\DKWfbDQ.exe
  2⤵
  PID:2728
- C:\Windows\System\DvVDZIv.exe
  C:\Windows\System\DvVDZIv.exe
  2⤵
  PID:3524
- C:\Windows\System\dPDHEZm.exe
  C:\Windows\System\dPDHEZm.exe
  2⤵
  PID:3624
- C:\Windows\System\KqAZvMi.exe
  C:\Windows\System\KqAZvMi.exe
  2⤵
  PID:3604
- C:\Windows\System\dDVCTTK.exe
  C:\Windows\System\dDVCTTK.exe
  2⤵
  PID:2224
- C:\Windows\System\krSpdaU.exe
  C:\Windows\System\krSpdaU.exe
  2⤵
  PID:3704
- C:\Windows\System\jeZybMc.exe
  C:\Windows\System\jeZybMc.exe
  2⤵
  PID:3688
- C:\Windows\System\DbDViMT.exe
  C:\Windows\System\DbDViMT.exe
  2⤵
  PID:3040
- C:\Windows\System\mrMHzys.exe
  C:\Windows\System\mrMHzys.exe
  2⤵
  PID:3784
- C:\Windows\System\JhQiLAd.exe
  C:\Windows\System\JhQiLAd.exe
  2⤵
  PID:3824
- C:\Windows\System\LnBhcyh.exe
  C:\Windows\System\LnBhcyh.exe
  2⤵
  PID:3808
- C:\Windows\System\IgKZini.exe
  C:\Windows\System\IgKZini.exe
  2⤵
  PID:2844
- C:\Windows\System\otPOZSw.exe
  C:\Windows\System\otPOZSw.exe
  2⤵
  PID:3908
- C:\Windows\System\PXXsioE.exe
  C:\Windows\System\PXXsioE.exe
  2⤵
  PID:3904
- C:\Windows\System\YXdHMmv.exe
  C:\Windows\System\YXdHMmv.exe
  2⤵
  PID:3932
- C:\Windows\System\PClkcqf.exe
  C:\Windows\System\PClkcqf.exe
  2⤵
  PID:4028
- C:\Windows\System\QHkXHYE.exe
  C:\Windows\System\QHkXHYE.exe
  2⤵
  PID:2696
- C:\Windows\System\JKaUSMP.exe
  C:\Windows\System\JKaUSMP.exe
  2⤵
  PID:4016
- C:\Windows\System\kwXbbcd.exe
  C:\Windows\System\kwXbbcd.exe
  2⤵
  PID:2264
- C:\Windows\System\nycCtHD.exe
  C:\Windows\System\nycCtHD.exe
  2⤵
  PID:4088
- C:\Windows\System\VllbHpq.exe
  C:\Windows\System\VllbHpq.exe
  2⤵
  PID:1036
- C:\Windows\System\sisZlqi.exe
  C:\Windows\System\sisZlqi.exe
  2⤵
  PID:2648
- C:\Windows\System\BMILNNO.exe
  C:\Windows\System\BMILNNO.exe
  2⤵
  PID:3112
- C:\Windows\System\QlnJhZp.exe
  C:\Windows\System\QlnJhZp.exe
  2⤵
  PID:2736
- C:\Windows\System\yCLwINH.exe
  C:\Windows\System\yCLwINH.exe
  2⤵
  PID:3088
- C:\Windows\System\YKlsQOA.exe
  C:\Windows\System\YKlsQOA.exe
  2⤵
  PID:2744
- C:\Windows\System\qHbHIbL.exe
  C:\Windows\System\qHbHIbL.exe
  2⤵
  PID:3244
- C:\Windows\System\yZEZAVh.exe
  C:\Windows\System\yZEZAVh.exe
  2⤵
  PID:3352
- C:\Windows\System\jyKfkJr.exe
  C:\Windows\System\jyKfkJr.exe
  2⤵
  PID:3288
- C:\Windows\System\MvfpkVS.exe
  C:\Windows\System\MvfpkVS.exe
  2⤵
  PID:3504
- C:\Windows\System\YnEQRdz.exe
  C:\Windows\System\YnEQRdz.exe
  2⤵
  PID:3548
- C:\Windows\System\IJOhbvP.exe
  C:\Windows\System\IJOhbvP.exe
  2⤵
  PID:3564
- C:\Windows\System\uEnMIJb.exe
  C:\Windows\System\uEnMIJb.exe
  2⤵
  PID:3432
- C:\Windows\System\laPfcCI.exe
  C:\Windows\System\laPfcCI.exe
  2⤵
  PID:3508
- C:\Windows\System\igkIING.exe
  C:\Windows\System\igkIING.exe
  2⤵
  PID:3648
- C:\Windows\System\OFvHiVm.exe
  C:\Windows\System\OFvHiVm.exe
  2⤵
  PID:3728
- C:\Windows\System\rObFcHT.exe
  C:\Windows\System\rObFcHT.exe
  2⤵
  PID:3772
- C:\Windows\System\WvebDQe.exe
  C:\Windows\System\WvebDQe.exe
  2⤵
  PID:3804
- C:\Windows\System\CCIzuYE.exe
  C:\Windows\System\CCIzuYE.exe
  2⤵
  PID:3768
- C:\Windows\System\EcvoRfw.exe
  C:\Windows\System\EcvoRfw.exe
  2⤵
  PID:3860
- C:\Windows\System\HoOJBvI.exe
  C:\Windows\System\HoOJBvI.exe
  2⤵
  PID:3956
- C:\Windows\System\leDaJdl.exe
  C:\Windows\System\leDaJdl.exe
  2⤵
  PID:3952
- C:\Windows\System\ehRnssu.exe
  C:\Windows\System\ehRnssu.exe
  2⤵
  PID:4032
- C:\Windows\System\fVpFfKt.exe
  C:\Windows\System\fVpFfKt.exe
  2⤵
  PID:2620
- C:\Windows\System\eiFkCVg.exe
  C:\Windows\System\eiFkCVg.exe
  2⤵
  PID:2864
- C:\Windows\System\lhplavI.exe
  C:\Windows\System\lhplavI.exe
  2⤵
  PID:548
- C:\Windows\System\hsRaohz.exe
  C:\Windows\System\hsRaohz.exe
  2⤵
  PID:2128
- C:\Windows\System\VpMdeLB.exe
  C:\Windows\System\VpMdeLB.exe
  2⤵
  PID:3928
- C:\Windows\System\mgzoczV.exe
  C:\Windows\System\mgzoczV.exe
  2⤵
  PID:2704
- C:\Windows\System\MWefEQa.exe
  C:\Windows\System\MWefEQa.exe
  2⤵
  PID:3144
- C:\Windows\System\kzcNUEJ.exe
  C:\Windows\System\kzcNUEJ.exe
  2⤵
  PID:3252
- C:\Windows\System\seLiHqD.exe
  C:\Windows\System\seLiHqD.exe
  2⤵
  PID:3424
- C:\Windows\System\wKQnCpU.exe
  C:\Windows\System\wKQnCpU.exe
  2⤵
  PID:3404
- C:\Windows\System\vsgUmvn.exe
  C:\Windows\System\vsgUmvn.exe
  2⤵
  PID:3392
- C:\Windows\System\MjaTmxp.exe
  C:\Windows\System\MjaTmxp.exe
  2⤵
  PID:3544
- C:\Windows\System\VZYiuWv.exe
  C:\Windows\System\VZYiuWv.exe
  2⤵
  PID:3584
- C:\Windows\System\XJrQPop.exe
  C:\Windows\System\XJrQPop.exe
  2⤵
  PID:3672
- C:\Windows\System\tOuSKIn.exe
  C:\Windows\System\tOuSKIn.exe
  2⤵
  PID:3628
- C:\Windows\System\IWmjFuI.exe
  C:\Windows\System\IWmjFuI.exe
  2⤵
  PID:3828
- C:\Windows\System\deCAkAf.exe
  C:\Windows\System\deCAkAf.exe
  2⤵
  PID:3744
- C:\Windows\System\QGXSSgT.exe
  C:\Windows\System\QGXSSgT.exe
  2⤵
  PID:3872
- C:\Windows\System\lQGIKzv.exe
  C:\Windows\System\lQGIKzv.exe
  2⤵
  PID:3900
- C:\Windows\System\eXUVtsE.exe
  C:\Windows\System\eXUVtsE.exe
  2⤵
  PID:4048
- C:\Windows\System\kPYHtNM.exe
  C:\Windows\System\kPYHtNM.exe
  2⤵
  PID:2812
- C:\Windows\System\rVoxvSX.exe
  C:\Windows\System\rVoxvSX.exe
  2⤵
  PID:3084
- C:\Windows\System\ymdWDCy.exe
  C:\Windows\System\ymdWDCy.exe
  2⤵
  PID:4068
- C:\Windows\System\sBPlmcc.exe
  C:\Windows\System\sBPlmcc.exe
  2⤵
  PID:2360
- C:\Windows\System\aBQvSaY.exe
  C:\Windows\System\aBQvSaY.exe
  2⤵
  PID:3232
- C:\Windows\System\AysenHI.exe
  C:\Windows\System\AysenHI.exe
  2⤵
  PID:3916
- C:\Windows\System\cUShgpk.exe
  C:\Windows\System\cUShgpk.exe
  2⤵
  PID:3528
- C:\Windows\System\UDMxpfx.exe
  C:\Windows\System\UDMxpfx.exe
  2⤵
  PID:2716
- C:\Windows\System\HzYSMLy.exe
  C:\Windows\System\HzYSMLy.exe
  2⤵
  PID:2672
- C:\Windows\System\hSlQrqe.exe
  C:\Windows\System\hSlQrqe.exe
  2⤵
  PID:2152
- C:\Windows\System\JyYiEpk.exe
  C:\Windows\System\JyYiEpk.exe
  2⤵
  PID:3888
- C:\Windows\System\xfzIQkW.exe
  C:\Windows\System\xfzIQkW.exe
  2⤵
  PID:3972
- C:\Windows\System\iLpeQQJ.exe
  C:\Windows\System\iLpeQQJ.exe
  2⤵
  PID:1952
- C:\Windows\System\qKktaxt.exe
  C:\Windows\System\qKktaxt.exe
  2⤵
  PID:2280
- C:\Windows\System\WpYzGCZ.exe
  C:\Windows\System\WpYzGCZ.exe
  2⤵
  PID:2484
- C:\Windows\System\MNgZfTo.exe
  C:\Windows\System\MNgZfTo.exe
  2⤵
  PID:2784
- C:\Windows\System\mIPIQlg.exe
  C:\Windows\System\mIPIQlg.exe
  2⤵
  PID:2580
- C:\Windows\System\oLvnyao.exe
  C:\Windows\System\oLvnyao.exe
  2⤵
  PID:3124
- C:\Windows\System\MRgbQME.exe
  C:\Windows\System\MRgbQME.exe
  2⤵
  PID:3340
- C:\Windows\System\nBoRuBm.exe
  C:\Windows\System\nBoRuBm.exe
  2⤵
  PID:3532
- C:\Windows\System\LGtChZS.exe
  C:\Windows\System\LGtChZS.exe
  2⤵
  PID:2560
- C:\Windows\System\EmsfSmR.exe
  C:\Windows\System\EmsfSmR.exe
  2⤵
  PID:3388
- C:\Windows\System\vYpuwZr.exe
  C:\Windows\System\vYpuwZr.exe
  2⤵
  PID:2284
- C:\Windows\System\hVbbKLk.exe
  C:\Windows\System\hVbbKLk.exe
  2⤵
  PID:1700
- C:\Windows\System\aynEWVI.exe
  C:\Windows\System\aynEWVI.exe
  2⤵
  PID:3512
- C:\Windows\System\izqrJdv.exe
  C:\Windows\System\izqrJdv.exe
  2⤵
  PID:2200
- C:\Windows\System\pnrpymi.exe
  C:\Windows\System\pnrpymi.exe
  2⤵
  PID:2216
- C:\Windows\System\IWdpAqh.exe
  C:\Windows\System\IWdpAqh.exe
  2⤵
  PID:2596
- C:\Windows\System\yxyPKAZ.exe
  C:\Windows\System\yxyPKAZ.exe
  2⤵
  PID:1028
- C:\Windows\System\OnYOmiW.exe
  C:\Windows\System\OnYOmiW.exe
  2⤵
  PID:3128
- C:\Windows\System\szZWVnY.exe
  C:\Windows\System\szZWVnY.exe
  2⤵
  PID:3996
- C:\Windows\System\SNGFPIc.exe
  C:\Windows\System\SNGFPIc.exe
  2⤵
  PID:2608
- C:\Windows\System\IszVRdT.exe
  C:\Windows\System\IszVRdT.exe
  2⤵
  PID:2408
- C:\Windows\System\Yitblxq.exe
  C:\Windows\System\Yitblxq.exe
  2⤵
  PID:4100
- C:\Windows\System\iOoDduV.exe
  C:\Windows\System\iOoDduV.exe
  2⤵
  PID:4124
- C:\Windows\System\TThTleC.exe
  C:\Windows\System\TThTleC.exe
  2⤵
  PID:4140
- C:\Windows\System\zEHWYNg.exe
  C:\Windows\System\zEHWYNg.exe
  2⤵
  PID:4180
- C:\Windows\System\fPkWRzx.exe
  C:\Windows\System\fPkWRzx.exe
  2⤵
  PID:4196
- C:\Windows\System\PEeTYQe.exe
  C:\Windows\System\PEeTYQe.exe
  2⤵
  PID:4212
- C:\Windows\System\ulNhUWA.exe
  C:\Windows\System\ulNhUWA.exe
  2⤵
  PID:4236
- C:\Windows\System\KVRavNp.exe
  C:\Windows\System\KVRavNp.exe
  2⤵
  PID:4252
- C:\Windows\System\WhJoqWR.exe
  C:\Windows\System\WhJoqWR.exe
  2⤵
  PID:4276
- C:\Windows\System\dpGKzKE.exe
  C:\Windows\System\dpGKzKE.exe
  2⤵
  PID:4296
- C:\Windows\System\BdqaZiv.exe
  C:\Windows\System\BdqaZiv.exe
  2⤵
  PID:4320
- C:\Windows\System\MXVBeFH.exe
  C:\Windows\System\MXVBeFH.exe
  2⤵
  PID:4336
- C:\Windows\System\KcbNTau.exe
  C:\Windows\System\KcbNTau.exe
  2⤵
  PID:4352
- C:\Windows\System\XhLDLID.exe
  C:\Windows\System\XhLDLID.exe
  2⤵
  PID:4368
- C:\Windows\System\HbMYKQu.exe
  C:\Windows\System\HbMYKQu.exe
  2⤵
  PID:4384
- C:\Windows\System\BKaMwWa.exe
  C:\Windows\System\BKaMwWa.exe
  2⤵
  PID:4400
- C:\Windows\System\XENgqyh.exe
  C:\Windows\System\XENgqyh.exe
  2⤵
  PID:4416
- C:\Windows\System\RZEHGOV.exe
  C:\Windows\System\RZEHGOV.exe
  2⤵
  PID:4440
- C:\Windows\System\uSxTSKr.exe
  C:\Windows\System\uSxTSKr.exe
  2⤵
  PID:4476
- C:\Windows\System\NSsaRyi.exe
  C:\Windows\System\NSsaRyi.exe
  2⤵
  PID:4496
- C:\Windows\System\POFKreL.exe
  C:\Windows\System\POFKreL.exe
  2⤵
  PID:4512
- C:\Windows\System\sqEuTTZ.exe
  C:\Windows\System\sqEuTTZ.exe
  2⤵
  PID:4528
- C:\Windows\System\byTdbud.exe
  C:\Windows\System\byTdbud.exe
  2⤵
  PID:4544
- C:\Windows\System\NUhqnPE.exe
  C:\Windows\System\NUhqnPE.exe
  2⤵
  PID:4560
- C:\Windows\System\XUQpdkB.exe
  C:\Windows\System\XUQpdkB.exe
  2⤵
  PID:4576
- C:\Windows\System\eSTHVwk.exe
  C:\Windows\System\eSTHVwk.exe
  2⤵
  PID:4596
- C:\Windows\System\mgzxdRZ.exe
  C:\Windows\System\mgzxdRZ.exe
  2⤵
  PID:4616
- C:\Windows\System\ocyEumy.exe
  C:\Windows\System\ocyEumy.exe
  2⤵
  PID:4632
- C:\Windows\System\twSTMXn.exe
  C:\Windows\System\twSTMXn.exe
  2⤵
  PID:4652
- C:\Windows\System\YpGAswd.exe
  C:\Windows\System\YpGAswd.exe
  2⤵
  PID:4672
- C:\Windows\System\GgCYRli.exe
  C:\Windows\System\GgCYRli.exe
  2⤵
  PID:4692
- C:\Windows\System\IcoeJbE.exe
  C:\Windows\System\IcoeJbE.exe
  2⤵
  PID:4712
- C:\Windows\System\ygKMXjD.exe
  C:\Windows\System\ygKMXjD.exe
  2⤵
  PID:4760
- C:\Windows\System\VwjXzIU.exe
  C:\Windows\System\VwjXzIU.exe
  2⤵
  PID:4780
- C:\Windows\System\segCaDf.exe
  C:\Windows\System\segCaDf.exe
  2⤵
  PID:4796
- C:\Windows\System\BwkCuLz.exe
  C:\Windows\System\BwkCuLz.exe
  2⤵
  PID:4812
- C:\Windows\System\UKgaOgu.exe
  C:\Windows\System\UKgaOgu.exe
  2⤵
  PID:4828
- C:\Windows\System\mwVpUWl.exe
  C:\Windows\System\mwVpUWl.exe
  2⤵
  PID:4844
- C:\Windows\System\EInhrIs.exe
  C:\Windows\System\EInhrIs.exe
  2⤵
  PID:4868
- C:\Windows\System\oZeiWnR.exe
  C:\Windows\System\oZeiWnR.exe
  2⤵
  PID:4884
- C:\Windows\System\PxuiQdh.exe
  C:\Windows\System\PxuiQdh.exe
  2⤵
  PID:4900
- C:\Windows\System\pAttzqK.exe
  C:\Windows\System\pAttzqK.exe
  2⤵
  PID:4920
- C:\Windows\System\VimnuSq.exe
  C:\Windows\System\VimnuSq.exe
  2⤵
  PID:4944
- C:\Windows\System\ejCFHHu.exe
  C:\Windows\System\ejCFHHu.exe
  2⤵
  PID:4968
- C:\Windows\System\uQOrzkd.exe
  C:\Windows\System\uQOrzkd.exe
  2⤵
  PID:4996
- C:\Windows\System\YTPXsmi.exe
  C:\Windows\System\YTPXsmi.exe
  2⤵
  PID:5016
- C:\Windows\System\UQbwAHo.exe
  C:\Windows\System\UQbwAHo.exe
  2⤵
  PID:5032
- C:\Windows\System\qtkWbMg.exe
  C:\Windows\System\qtkWbMg.exe
  2⤵
  PID:5064
- C:\Windows\System\rzKEeTJ.exe
  C:\Windows\System\rzKEeTJ.exe
  2⤵
  PID:5084
- C:\Windows\System\omnsKUR.exe
  C:\Windows\System\omnsKUR.exe
  2⤵
  PID:5100
- C:\Windows\System\AhDpLZy.exe
  C:\Windows\System\AhDpLZy.exe
  2⤵
  PID:5116
- C:\Windows\System\NaWCYlP.exe
  C:\Windows\System\NaWCYlP.exe
  2⤵
  PID:2532
- C:\Windows\System\PqgxZzX.exe
  C:\Windows\System\PqgxZzX.exe
  2⤵
  PID:704
- C:\Windows\System\dmdgzNi.exe
  C:\Windows\System\dmdgzNi.exe
  2⤵
  PID:3224
- C:\Windows\System\jWmLrnX.exe
  C:\Windows\System\jWmLrnX.exe
  2⤵
  PID:4136
- C:\Windows\System\lStSytz.exe
  C:\Windows\System\lStSytz.exe
  2⤵
  PID:4156
- C:\Windows\System\JgNbLsR.exe
  C:\Windows\System\JgNbLsR.exe
  2⤵
  PID:4176
- C:\Windows\System\CCXGDyP.exe
  C:\Windows\System\CCXGDyP.exe
  2⤵
  PID:4188
- C:\Windows\System\CPYnpNa.exe
  C:\Windows\System\CPYnpNa.exe
  2⤵
  PID:4208
- C:\Windows\System\ploFQCi.exe
  C:\Windows\System\ploFQCi.exe
  2⤵
  PID:4228
- C:\Windows\System\lJnMHQI.exe
  C:\Windows\System\lJnMHQI.exe
  2⤵
  PID:4260
- C:\Windows\System\rvjtUPs.exe
  C:\Windows\System\rvjtUPs.exe
  2⤵
  PID:4248
- C:\Windows\System\raUsJdG.exe
  C:\Windows\System\raUsJdG.exe
  2⤵
  PID:2860
- C:\Windows\System\dxWshXz.exe
  C:\Windows\System\dxWshXz.exe
  2⤵
  PID:4284
- C:\Windows\System\ElXTzTL.exe
  C:\Windows\System\ElXTzTL.exe
  2⤵
  PID:4332
- C:\Windows\System\Eczyhzx.exe
  C:\Windows\System\Eczyhzx.exe
  2⤵
  PID:4364
- C:\Windows\System\SVvhpqS.exe
  C:\Windows\System\SVvhpqS.exe
  2⤵
  PID:4432
- C:\Windows\System\XrHNNDE.exe
  C:\Windows\System\XrHNNDE.exe
  2⤵
  PID:4488
- C:\Windows\System\fPXxxcH.exe
  C:\Windows\System\fPXxxcH.exe
  2⤵
  PID:4540
- C:\Windows\System\bpxsuDQ.exe
  C:\Windows\System\bpxsuDQ.exe
  2⤵
  PID:4684
- C:\Windows\System\tZaPbeR.exe
  C:\Windows\System\tZaPbeR.exe
  2⤵
  PID:4680
- C:\Windows\System\NUIAgad.exe
  C:\Windows\System\NUIAgad.exe
  2⤵
  PID:4556
- C:\Windows\System\PqQVzfX.exe
  C:\Windows\System\PqQVzfX.exe
  2⤵
  PID:4588
- C:\Windows\System\RDykEQm.exe
  C:\Windows\System\RDykEQm.exe
  2⤵
  PID:4744
- C:\Windows\System\ZqsEcAH.exe
  C:\Windows\System\ZqsEcAH.exe
  2⤵
  PID:4728
- C:\Windows\System\btBqdjD.exe
  C:\Windows\System\btBqdjD.exe
  2⤵
  PID:4628
- C:\Windows\System\UcqIKos.exe
  C:\Windows\System\UcqIKos.exe
  2⤵
  PID:4788
- C:\Windows\System\sNVtRTT.exe
  C:\Windows\System\sNVtRTT.exe
  2⤵
  PID:4824
- C:\Windows\System\HVbUsBe.exe
  C:\Windows\System\HVbUsBe.exe
  2⤵
  PID:4864
- C:\Windows\System\ZVhlgFP.exe
  C:\Windows\System\ZVhlgFP.exe
  2⤵
  PID:4836
- C:\Windows\System\QYQaggc.exe
  C:\Windows\System\QYQaggc.exe
  2⤵
  PID:4980
- C:\Windows\System\PPsyzVn.exe
  C:\Windows\System\PPsyzVn.exe
  2⤵
  PID:4956
- C:\Windows\System\ITFhrBt.exe
  C:\Windows\System\ITFhrBt.exe
  2⤵
  PID:4916
- C:\Windows\System\VGhjHzz.exe
  C:\Windows\System\VGhjHzz.exe
  2⤵
  PID:5052
- C:\Windows\System\CFVUXTy.exe
  C:\Windows\System\CFVUXTy.exe
  2⤵
  PID:5012
- C:\Windows\System\nAtIZlh.exe
  C:\Windows\System\nAtIZlh.exe
  2⤵
  PID:5072
- C:\Windows\System\dJbwxJo.exe
  C:\Windows\System\dJbwxJo.exe
  2⤵
  PID:5112
- C:\Windows\System\WlDqSpc.exe
  C:\Windows\System\WlDqSpc.exe
  2⤵
  PID:3248
- C:\Windows\System\gfRMzSZ.exe
  C:\Windows\System\gfRMzSZ.exe
  2⤵
  PID:4172
- C:\Windows\System\YYSuccx.exe
  C:\Windows\System\YYSuccx.exe
  2⤵
  PID:4312
- C:\Windows\System\NkpCwkD.exe
  C:\Windows\System\NkpCwkD.exe
  2⤵
  PID:4116
- C:\Windows\System\yGZRozS.exe
  C:\Windows\System\yGZRozS.exe
  2⤵
  PID:4224
- C:\Windows\System\LTeKwvj.exe
  C:\Windows\System\LTeKwvj.exe
  2⤵
  PID:1008
- C:\Windows\System\ujqZGoo.exe
  C:\Windows\System\ujqZGoo.exe
  2⤵
  PID:4112
- C:\Windows\System\AGcLuHh.exe
  C:\Windows\System\AGcLuHh.exe
  2⤵
  PID:4292
- C:\Windows\System\ZEhBPhD.exe
  C:\Windows\System\ZEhBPhD.exe
  2⤵
  PID:4504
- C:\Windows\System\wjXtrWx.exe
  C:\Windows\System\wjXtrWx.exe
  2⤵
  PID:4612
- C:\Windows\System\hPbkeni.exe
  C:\Windows\System\hPbkeni.exe
  2⤵
  PID:4752
- C:\Windows\System\FgHVaps.exe
  C:\Windows\System\FgHVaps.exe
  2⤵
  PID:4708
- C:\Windows\System\isgfKij.exe
  C:\Windows\System\isgfKij.exe
  2⤵
  PID:4424
- C:\Windows\System\pdedPck.exe
  C:\Windows\System\pdedPck.exe
  2⤵
  PID:4524
- C:\Windows\System\rhlXsqM.exe
  C:\Windows\System\rhlXsqM.exe
  2⤵
  PID:4584
- C:\Windows\System\SCqquko.exe
  C:\Windows\System\SCqquko.exe
  2⤵
  PID:4876
- C:\Windows\System\tWSlhHL.exe
  C:\Windows\System\tWSlhHL.exe
  2⤵
  PID:4932
- C:\Windows\System\PMLByVS.exe
  C:\Windows\System\PMLByVS.exe
  2⤵
  PID:4976
- C:\Windows\System\adQQhLA.exe
  C:\Windows\System\adQQhLA.exe
  2⤵
  PID:5008
- C:\Windows\System\JaTdTke.exe
  C:\Windows\System\JaTdTke.exe
  2⤵
  PID:4912
- C:\Windows\System\ATsEzsh.exe
  C:\Windows\System\ATsEzsh.exe
  2⤵
  PID:4376
- C:\Windows\System\RpaEmwY.exe
  C:\Windows\System\RpaEmwY.exe
  2⤵
  PID:2316
- C:\Windows\System\phrVWUW.exe
  C:\Windows\System\phrVWUW.exe
  2⤵
  PID:4120
- C:\Windows\System\CCulNRI.exe
  C:\Windows\System\CCulNRI.exe
  2⤵
  PID:4244
- C:\Windows\System\ePevQjB.exe
  C:\Windows\System\ePevQjB.exe
  2⤵
  PID:5048
- C:\Windows\System\NnkqLNR.exe
  C:\Windows\System\NnkqLNR.exe
  2⤵
  PID:4380
- C:\Windows\System\AxsVpJB.exe
  C:\Windows\System\AxsVpJB.exe
  2⤵
  PID:4756
- C:\Windows\System\oPLJjOp.exe
  C:\Windows\System\oPLJjOp.exe
  2⤵
  PID:4700
- C:\Windows\System\yWDQNAF.exe
  C:\Windows\System\yWDQNAF.exe
  2⤵
  PID:4472
- C:\Windows\System\WnzzKxi.exe
  C:\Windows\System\WnzzKxi.exe
  2⤵
  PID:4792
- C:\Windows\System\KbujXhy.exe
  C:\Windows\System\KbujXhy.exe
  2⤵
  PID:4724
- C:\Windows\System\YLoEhNI.exe
  C:\Windows\System\YLoEhNI.exe
  2⤵
  PID:4896
- C:\Windows\System\oYcnAkp.exe
  C:\Windows\System\oYcnAkp.exe
  2⤵
  PID:5108
- C:\Windows\System\yxEcZdJ.exe
  C:\Windows\System\yxEcZdJ.exe
  2⤵
  PID:5004
- C:\Windows\System\QfQBPWk.exe
  C:\Windows\System\QfQBPWk.exe
  2⤵
  PID:4452
- C:\Windows\System\aWeoeIT.exe
  C:\Windows\System\aWeoeIT.exe
  2⤵
  PID:4572
- C:\Windows\System\ehRRqNN.exe
  C:\Windows\System\ehRRqNN.exe
  2⤵
  PID:4132
- C:\Windows\System\NdsVXdh.exe
  C:\Windows\System\NdsVXdh.exe
  2⤵
  PID:284
- C:\Windows\System\ITQAbWe.exe
  C:\Windows\System\ITQAbWe.exe
  2⤵
  PID:4740
- C:\Windows\System\uYdsYNj.exe
  C:\Windows\System\uYdsYNj.exe
  2⤵
  PID:4344
- C:\Windows\System\GQWuIxC.exe
  C:\Windows\System\GQWuIxC.exe
  2⤵
  PID:1928
- C:\Windows\System\DhEEefe.exe
  C:\Windows\System\DhEEefe.exe
  2⤵
  PID:4204
- C:\Windows\System\WMHBvjZ.exe
  C:\Windows\System\WMHBvjZ.exe
  2⤵
  PID:4928
- C:\Windows\System\BoaKoXW.exe
  C:\Windows\System\BoaKoXW.exe
  2⤵
  PID:1200
- C:\Windows\System\OKDOQnp.exe
  C:\Windows\System\OKDOQnp.exe
  2⤵
  PID:4108
- C:\Windows\System\QxcocME.exe
  C:\Windows\System\QxcocME.exe
  2⤵
  PID:4936
- C:\Windows\System\ltoCoPw.exe
  C:\Windows\System\ltoCoPw.exe
  2⤵
  PID:4484
- C:\Windows\System\vEGLeVt.exe
  C:\Windows\System\vEGLeVt.exe
  2⤵
  PID:4840
- C:\Windows\System\wWptPQF.exe
  C:\Windows\System\wWptPQF.exe
  2⤵
  PID:5140
- C:\Windows\System\fLCSUvz.exe
  C:\Windows\System\fLCSUvz.exe
  2⤵
  PID:5168
- C:\Windows\System\KfgmDVE.exe
  C:\Windows\System\KfgmDVE.exe
  2⤵
  PID:5184
- C:\Windows\System\VCvaCDH.exe
  C:\Windows\System\VCvaCDH.exe
  2⤵
  PID:5208
- C:\Windows\System\ZbELVLQ.exe
  C:\Windows\System\ZbELVLQ.exe
  2⤵
  PID:5228
- C:\Windows\System\OSevxVS.exe
  C:\Windows\System\OSevxVS.exe
  2⤵
  PID:5244
- C:\Windows\System\YdChXgG.exe
  C:\Windows\System\YdChXgG.exe
  2⤵
  PID:5260
- C:\Windows\System\bEttEAj.exe
  C:\Windows\System\bEttEAj.exe
  2⤵
  PID:5276
- C:\Windows\System\dbeuDMP.exe
  C:\Windows\System\dbeuDMP.exe
  2⤵
  PID:5296
- C:\Windows\System\uQGsnvU.exe
  C:\Windows\System\uQGsnvU.exe
  2⤵
  PID:5316
- C:\Windows\System\WnOISDx.exe
  C:\Windows\System\WnOISDx.exe
  2⤵
  PID:5332
- C:\Windows\System\IiSuWcD.exe
  C:\Windows\System\IiSuWcD.exe
  2⤵
  PID:5348
- C:\Windows\System\Tfxhhbu.exe
  C:\Windows\System\Tfxhhbu.exe
  2⤵
  PID:5364
- C:\Windows\System\GViaZMM.exe
  C:\Windows\System\GViaZMM.exe
  2⤵
  PID:5380
- C:\Windows\System\lJIoTJK.exe
  C:\Windows\System\lJIoTJK.exe
  2⤵
  PID:5396
- C:\Windows\System\VRYEseD.exe
  C:\Windows\System\VRYEseD.exe
  2⤵
  PID:5416
- C:\Windows\System\bwcYQLk.exe
  C:\Windows\System\bwcYQLk.exe
  2⤵
  PID:5452
- C:\Windows\System\BflQqek.exe
  C:\Windows\System\BflQqek.exe
  2⤵
  PID:5468
- C:\Windows\System\HQOtZMe.exe
  C:\Windows\System\HQOtZMe.exe
  2⤵
  PID:5512
- C:\Windows\System\sqKPycj.exe
  C:\Windows\System\sqKPycj.exe
  2⤵
  PID:5532
- C:\Windows\System\bEwAjJk.exe
  C:\Windows\System\bEwAjJk.exe
  2⤵
  PID:5552
- C:\Windows\System\ZwMRDTG.exe
  C:\Windows\System\ZwMRDTG.exe
  2⤵
  PID:5568
- C:\Windows\System\XupjCOc.exe
  C:\Windows\System\XupjCOc.exe
  2⤵
  PID:5588
- C:\Windows\System\JMpbXvy.exe
  C:\Windows\System\JMpbXvy.exe
  2⤵
  PID:5612
- C:\Windows\System\rqliDPr.exe
  C:\Windows\System\rqliDPr.exe
  2⤵
  PID:5632
- C:\Windows\System\lKkTobk.exe
  C:\Windows\System\lKkTobk.exe
  2⤵
  PID:5648
- C:\Windows\System\SswgARI.exe
  C:\Windows\System\SswgARI.exe
  2⤵
  PID:5676
- C:\Windows\System\GJIcncO.exe
  C:\Windows\System\GJIcncO.exe
  2⤵
  PID:5692
- C:\Windows\System\aLfYfTe.exe
  C:\Windows\System\aLfYfTe.exe
  2⤵
  PID:5708
- C:\Windows\System\iitQLMR.exe
  C:\Windows\System\iitQLMR.exe
  2⤵
  PID:5736
- C:\Windows\System\qmvCwXd.exe
  C:\Windows\System\qmvCwXd.exe
  2⤵
  PID:5752
- C:\Windows\System\XTgBiRO.exe
  C:\Windows\System\XTgBiRO.exe
  2⤵
  PID:5772
- C:\Windows\System\CMALEjt.exe
  C:\Windows\System\CMALEjt.exe
  2⤵
  PID:5788
- C:\Windows\System\OYjloUl.exe
  C:\Windows\System\OYjloUl.exe
  2⤵
  PID:5804
- C:\Windows\System\PQRZCpF.exe
  C:\Windows\System\PQRZCpF.exe
  2⤵
  PID:5824
- C:\Windows\System\thJWKPe.exe
  C:\Windows\System\thJWKPe.exe
  2⤵
  PID:5840
- C:\Windows\System\BXNsrHp.exe
  C:\Windows\System\BXNsrHp.exe
  2⤵
  PID:5856
- C:\Windows\System\OgXIrMs.exe
  C:\Windows\System\OgXIrMs.exe
  2⤵
  PID:5876
- C:\Windows\System\cjuvcMz.exe
  C:\Windows\System\cjuvcMz.exe
  2⤵
  PID:5892
- C:\Windows\System\mBYiyFX.exe
  C:\Windows\System\mBYiyFX.exe
  2⤵
  PID:5908
- C:\Windows\System\zIyYAaJ.exe
  C:\Windows\System\zIyYAaJ.exe
  2⤵
  PID:5924
- C:\Windows\System\NzOZsSN.exe
  C:\Windows\System\NzOZsSN.exe
  2⤵
  PID:5976
- C:\Windows\System\RWPdcxR.exe
  C:\Windows\System\RWPdcxR.exe
  2⤵
  PID:5992
- C:\Windows\System\aQxnJjN.exe
  C:\Windows\System\aQxnJjN.exe
  2⤵
  PID:6008
- C:\Windows\System\CrTLOMs.exe
  C:\Windows\System\CrTLOMs.exe
  2⤵
  PID:6028
- C:\Windows\System\XHqAOKI.exe
  C:\Windows\System\XHqAOKI.exe
  2⤵
  PID:6048
- C:\Windows\System\dxBbMuY.exe
  C:\Windows\System\dxBbMuY.exe
  2⤵
  PID:6064
- C:\Windows\System\wVWvste.exe
  C:\Windows\System\wVWvste.exe
  2⤵
  PID:6080
- C:\Windows\System\EgtLukC.exe
  C:\Windows\System\EgtLukC.exe
  2⤵
  PID:6096
- C:\Windows\System\FLuPkou.exe
  C:\Windows\System\FLuPkou.exe
  2⤵
  PID:6112
- C:\Windows\System\LfHPRuU.exe
  C:\Windows\System\LfHPRuU.exe
  2⤵
  PID:6128
- C:\Windows\System\ZPFrRHr.exe
  C:\Windows\System\ZPFrRHr.exe
  2⤵
  PID:4392
- C:\Windows\System\RxWuKru.exe
  C:\Windows\System\RxWuKru.exe
  2⤵
  PID:4456
- C:\Windows\System\iEPhxnq.exe
  C:\Windows\System\iEPhxnq.exe
  2⤵
  PID:5164
- C:\Windows\System\nvlFyHe.exe
  C:\Windows\System\nvlFyHe.exe
  2⤵
  PID:5200
- C:\Windows\System\JGjJUCp.exe
  C:\Windows\System\JGjJUCp.exe
  2⤵
  PID:5268
- C:\Windows\System\kNIDaDh.exe
  C:\Windows\System\kNIDaDh.exe
  2⤵
  PID:5360
- C:\Windows\System\tUoymdq.exe
  C:\Windows\System\tUoymdq.exe
  2⤵
  PID:5240
- C:\Windows\System\tfdWckF.exe
  C:\Windows\System\tfdWckF.exe
  2⤵
  PID:5356
- C:\Windows\System\sOwTNtt.exe
  C:\Windows\System\sOwTNtt.exe
  2⤵
  PID:5308
- C:\Windows\System\HuyhzJE.exe
  C:\Windows\System\HuyhzJE.exe
  2⤵
  PID:5372
- C:\Windows\System\CpStNVl.exe
  C:\Windows\System\CpStNVl.exe
  2⤵
  PID:5412
- C:\Windows\System\mWrqbmC.exe
  C:\Windows\System\mWrqbmC.exe
  2⤵
  PID:5428
- C:\Windows\System\zHewGVK.exe
  C:\Windows\System\zHewGVK.exe
  2⤵
  PID:5520
- C:\Windows\System\QefJxKt.exe
  C:\Windows\System\QefJxKt.exe
  2⤵
  PID:5440
- C:\Windows\System\ZlsZvAR.exe
  C:\Windows\System\ZlsZvAR.exe
  2⤵
  PID:5480
- C:\Windows\System\QNHUtaV.exe
  C:\Windows\System\QNHUtaV.exe
  2⤵
  PID:5540
- C:\Windows\System\WIlyzVC.exe
  C:\Windows\System\WIlyzVC.exe
  2⤵
  PID:5596
- C:\Windows\System\dJPndir.exe
  C:\Windows\System\dJPndir.exe
  2⤵
  PID:5640
- C:\Windows\System\NixNZzb.exe
  C:\Windows\System\NixNZzb.exe
  2⤵
  PID:5660
- C:\Windows\System\vVzOZrW.exe
  C:\Windows\System\vVzOZrW.exe
  2⤵
  PID:5668
- C:\Windows\System\QbHkvBD.exe
  C:\Windows\System\QbHkvBD.exe
  2⤵
  PID:5700
- C:\Windows\System\veMukQj.exe
  C:\Windows\System\veMukQj.exe
  2⤵
  PID:5728
- C:\Windows\System\ownkPZJ.exe
  C:\Windows\System\ownkPZJ.exe
  2⤵
  PID:5764
- C:\Windows\System\BVKuvKr.exe
  C:\Windows\System\BVKuvKr.exe
  2⤵
  PID:5832
- C:\Windows\System\jYBTYzM.exe
  C:\Windows\System\jYBTYzM.exe
  2⤵
  PID:5816
- C:\Windows\System\ILFVdwL.exe
  C:\Windows\System\ILFVdwL.exe
  2⤵
  PID:5872
- C:\Windows\System\HcAGiGm.exe
  C:\Windows\System\HcAGiGm.exe
  2⤵
  PID:5936
- C:\Windows\System\WrgNGTt.exe
  C:\Windows\System\WrgNGTt.exe
  2⤵
  PID:5852
- C:\Windows\System\YoXdbNA.exe
  C:\Windows\System\YoXdbNA.exe
  2⤵
  PID:6000
- C:\Windows\System\WRGeRBg.exe
  C:\Windows\System\WRGeRBg.exe
  2⤵
  PID:6056
- C:\Windows\System\YmRVBAQ.exe
  C:\Windows\System\YmRVBAQ.exe
  2⤵
  PID:1448
- C:\Windows\System\CTMTlZm.exe
  C:\Windows\System\CTMTlZm.exe
  2⤵
  PID:4468
- C:\Windows\System\cWnSebY.exe
  C:\Windows\System\cWnSebY.exe
  2⤵
  PID:5192
- C:\Windows\System\iazzjOH.exe
  C:\Windows\System\iazzjOH.exe
  2⤵
  PID:4328
- C:\Windows\System\ogAGFDN.exe
  C:\Windows\System\ogAGFDN.exe
  2⤵
  PID:6076
- C:\Windows\System\iEwWNdf.exe
  C:\Windows\System\iEwWNdf.exe
  2⤵
  PID:6136
- C:\Windows\System\xyOVliN.exe
  C:\Windows\System\xyOVliN.exe
  2⤵
  PID:5136
- C:\Windows\System\KjRrKRl.exe
  C:\Windows\System\KjRrKRl.exe
  2⤵
  PID:5408
- C:\Windows\System\cdpyeKt.exe
  C:\Windows\System\cdpyeKt.exe
  2⤵
  PID:5180
- C:\Windows\System\PEbLEoC.exe
  C:\Windows\System\PEbLEoC.exe
  2⤵
  PID:5304
- C:\Windows\System\AUeSEsr.exe
  C:\Windows\System\AUeSEsr.exe
  2⤵
  PID:5176
- C:\Windows\System\xuWDkTJ.exe
  C:\Windows\System\xuWDkTJ.exe
  2⤵
  PID:5252
- C:\Windows\System\sxyRiRe.exe
  C:\Windows\System\sxyRiRe.exe
  2⤵
  PID:5500
- C:\Windows\System\EzCCRrj.exe
  C:\Windows\System\EzCCRrj.exe
  2⤵
  PID:5560
- C:\Windows\System\zNpwKZK.exe
  C:\Windows\System\zNpwKZK.exe
  2⤵
  PID:5576
- C:\Windows\System\tBLVpba.exe
  C:\Windows\System\tBLVpba.exe
  2⤵
  PID:5656
- C:\Windows\System\gvjOCcy.exe
  C:\Windows\System\gvjOCcy.exe
  2⤵
  PID:5608
- C:\Windows\System\RFDCdmG.exe
  C:\Windows\System\RFDCdmG.exe
  2⤵
  PID:5716
- C:\Windows\System\bGqWgxV.exe
  C:\Windows\System\bGqWgxV.exe
  2⤵
  PID:5956
- C:\Windows\System\JIlCQQH.exe
  C:\Windows\System\JIlCQQH.exe
  2⤵
  PID:5916
- C:\Windows\System\TKCcDYv.exe
  C:\Windows\System\TKCcDYv.exe
  2⤵
  PID:5784
- C:\Windows\System\xVBvjWG.exe
  C:\Windows\System\xVBvjWG.exe
  2⤵
  PID:5972
- C:\Windows\System\pguFkjn.exe
  C:\Windows\System\pguFkjn.exe
  2⤵
  PID:6020
- C:\Windows\System\tnHzrVw.exe
  C:\Windows\System\tnHzrVw.exe
  2⤵
  PID:964
- C:\Windows\System\DkbJqsQ.exe
  C:\Windows\System\DkbJqsQ.exe
  2⤵
  PID:2148
- C:\Windows\System\yRbTMGM.exe
  C:\Windows\System\yRbTMGM.exe
  2⤵
  PID:6072
- C:\Windows\System\UqJlmxU.exe
  C:\Windows\System\UqJlmxU.exe
  2⤵
  PID:5216
- C:\Windows\System\QbjjPne.exe
  C:\Windows\System\QbjjPne.exe
  2⤵
  PID:5464
- C:\Windows\System\QYIUYsq.exe
  C:\Windows\System\QYIUYsq.exe
  2⤵
  PID:5324
- C:\Windows\System\frNxmVA.exe
  C:\Windows\System\frNxmVA.exe
  2⤵
  PID:5564
- C:\Windows\System\SzkDQnS.exe
  C:\Windows\System\SzkDQnS.exe
  2⤵
  PID:5492
- C:\Windows\System\wHECNUU.exe
  C:\Windows\System\wHECNUU.exe
  2⤵
  PID:5604
- C:\Windows\System\sFHOkhl.exe
  C:\Windows\System\sFHOkhl.exe
  2⤵
  PID:5944
- C:\Windows\System\KhkNmXA.exe
  C:\Windows\System\KhkNmXA.exe
  2⤵
  PID:5620
- C:\Windows\System\uaZanrA.exe
  C:\Windows\System\uaZanrA.exe
  2⤵
  PID:5724
- C:\Windows\System\IabzqDs.exe
  C:\Windows\System\IabzqDs.exe
  2⤵
  PID:5096
- C:\Windows\System\nlociJT.exe
  C:\Windows\System\nlociJT.exe
  2⤵
  PID:6044
- C:\Windows\System\SACyLVf.exe
  C:\Windows\System\SACyLVf.exe
  2⤵
  PID:6124
- C:\Windows\System\usDvcuE.exe
  C:\Windows\System\usDvcuE.exe
  2⤵
  PID:6104
- C:\Windows\System\jgwHrBI.exe
  C:\Windows\System\jgwHrBI.exe
  2⤵
  PID:5448
- C:\Windows\System\dnZSaFM.exe
  C:\Windows\System\dnZSaFM.exe
  2⤵
  PID:5504
- C:\Windows\System\VIZPbJQ.exe
  C:\Windows\System\VIZPbJQ.exe
  2⤵
  PID:5800
- C:\Windows\System\tmTqRmE.exe
  C:\Windows\System\tmTqRmE.exe
  2⤵
  PID:5704
- C:\Windows\System\PVhYzpV.exe
  C:\Windows\System\PVhYzpV.exe
  2⤵
  PID:5760
- C:\Windows\System\ITeSJZG.exe
  C:\Windows\System\ITeSJZG.exe
  2⤵
  PID:5968
- C:\Windows\System\ufljXnZ.exe
  C:\Windows\System\ufljXnZ.exe
  2⤵
  PID:6040
- C:\Windows\System\mTiOXIo.exe
  C:\Windows\System\mTiOXIo.exe
  2⤵
  PID:5868
- C:\Windows\System\kXgkJMI.exe
  C:\Windows\System\kXgkJMI.exe
  2⤵
  PID:5284
- C:\Windows\System\GfCZWMM.exe
  C:\Windows\System\GfCZWMM.exe
  2⤵
  PID:4448
- C:\Windows\System\bBUMqoq.exe
  C:\Windows\System\bBUMqoq.exe
  2⤵
  PID:5904
- C:\Windows\System\jDkOezp.exe
  C:\Windows\System\jDkOezp.exe
  2⤵
  PID:5496
- C:\Windows\System\kTlziqE.exe
  C:\Windows\System\kTlziqE.exe
  2⤵
  PID:6172
- C:\Windows\System\EIUKJVI.exe
  C:\Windows\System\EIUKJVI.exe
  2⤵
  PID:6192
- C:\Windows\System\sSnQRtr.exe
  C:\Windows\System\sSnQRtr.exe
  2⤵
  PID:6212
- C:\Windows\System\NClTUws.exe
  C:\Windows\System\NClTUws.exe
  2⤵
  PID:6228
- C:\Windows\System\BMZOczO.exe
  C:\Windows\System\BMZOczO.exe
  2⤵
  PID:6244
- C:\Windows\System\QFBhftt.exe
  C:\Windows\System\QFBhftt.exe
  2⤵
  PID:6260
- C:\Windows\System\NpTanhQ.exe
  C:\Windows\System\NpTanhQ.exe
  2⤵
  PID:6276
- C:\Windows\System\MfRSUPs.exe
  C:\Windows\System\MfRSUPs.exe
  2⤵
  PID:6292
- C:\Windows\System\EMVNlsd.exe
  C:\Windows\System\EMVNlsd.exe
  2⤵
  PID:6308
- C:\Windows\System\wxVyuYH.exe
  C:\Windows\System\wxVyuYH.exe
  2⤵
  PID:6332
- C:\Windows\System\pxznmfS.exe
  C:\Windows\System\pxznmfS.exe
  2⤵
  PID:6352
- C:\Windows\System\CAjXrmH.exe
  C:\Windows\System\CAjXrmH.exe
  2⤵
  PID:6368
- C:\Windows\System\IFZjwDH.exe
  C:\Windows\System\IFZjwDH.exe
  2⤵
  PID:6424
- C:\Windows\System\lawnhYu.exe
  C:\Windows\System\lawnhYu.exe
  2⤵
  PID:6440
- C:\Windows\System\pMDMzNS.exe
  C:\Windows\System\pMDMzNS.exe
  2⤵
  PID:6456
- C:\Windows\System\lITZNbv.exe
  C:\Windows\System\lITZNbv.exe
  2⤵
  PID:6472
- C:\Windows\System\cAlTzlU.exe
  C:\Windows\System\cAlTzlU.exe
  2⤵
  PID:6496
- C:\Windows\System\jetPlKA.exe
  C:\Windows\System\jetPlKA.exe
  2⤵
  PID:6512
- C:\Windows\System\kqaWqvv.exe
  C:\Windows\System\kqaWqvv.exe
  2⤵
  PID:6528
- C:\Windows\System\LMfPoDx.exe
  C:\Windows\System\LMfPoDx.exe
  2⤵
  PID:6544
- C:\Windows\System\RdMXYAY.exe
  C:\Windows\System\RdMXYAY.exe
  2⤵
  PID:6560
- C:\Windows\System\RFJulnU.exe
  C:\Windows\System\RFJulnU.exe
  2⤵
  PID:6576
- C:\Windows\System\luztzTb.exe
  C:\Windows\System\luztzTb.exe
  2⤵
  PID:6596
- C:\Windows\System\qJGXTTH.exe
  C:\Windows\System\qJGXTTH.exe
  2⤵
  PID:6616
- C:\Windows\System\qadHWkH.exe
  C:\Windows\System\qadHWkH.exe
  2⤵
  PID:6632
- C:\Windows\System\evpBXqq.exe
  C:\Windows\System\evpBXqq.exe
  2⤵
  PID:6684
- C:\Windows\System\Rcgrjxv.exe
  C:\Windows\System\Rcgrjxv.exe
  2⤵
  PID:6700
- C:\Windows\System\lOrlLLn.exe
  C:\Windows\System\lOrlLLn.exe
  2⤵
  PID:6716
- C:\Windows\System\bUIpVjz.exe
  C:\Windows\System\bUIpVjz.exe
  2⤵
  PID:6732
- C:\Windows\System\AjytlXU.exe
  C:\Windows\System\AjytlXU.exe
  2⤵
  PID:6748
- C:\Windows\System\gMDOvQv.exe
  C:\Windows\System\gMDOvQv.exe
  2⤵
  PID:6764
- C:\Windows\System\cRTtpkY.exe
  C:\Windows\System\cRTtpkY.exe
  2⤵
  PID:6780
- C:\Windows\System\fgGxJvS.exe
  C:\Windows\System\fgGxJvS.exe
  2⤵
  PID:6820
- C:\Windows\System\RJreWEZ.exe
  C:\Windows\System\RJreWEZ.exe
  2⤵
  PID:6836
- C:\Windows\System\mzfvTzW.exe
  C:\Windows\System\mzfvTzW.exe
  2⤵
  PID:6856
- C:\Windows\System\XHoJvbx.exe
  C:\Windows\System\XHoJvbx.exe
  2⤵
  PID:6872
- C:\Windows\System\nXCScdo.exe
  C:\Windows\System\nXCScdo.exe
  2⤵
  PID:6892
- C:\Windows\System\lQEylFg.exe
  C:\Windows\System\lQEylFg.exe
  2⤵
  PID:6912
- C:\Windows\System\suptAjf.exe
  C:\Windows\System\suptAjf.exe
  2⤵
  PID:6928
- C:\Windows\System\TmOGqWa.exe
  C:\Windows\System\TmOGqWa.exe
  2⤵
  PID:6944
- C:\Windows\System\dYywVAx.exe
  C:\Windows\System\dYywVAx.exe
  2⤵
  PID:6964
- C:\Windows\System\dAjzJaP.exe
  C:\Windows\System\dAjzJaP.exe
  2⤵
  PID:6984
- C:\Windows\System\necHUGF.exe
  C:\Windows\System\necHUGF.exe
  2⤵
  PID:7004
- C:\Windows\System\TAdDMjY.exe
  C:\Windows\System\TAdDMjY.exe
  2⤵
  PID:7020
- C:\Windows\System\hzlIwld.exe
  C:\Windows\System\hzlIwld.exe
  2⤵
  PID:7036
- C:\Windows\System\BaVfpVm.exe
  C:\Windows\System\BaVfpVm.exe
  2⤵
  PID:7052
- C:\Windows\System\eYaNKvo.exe
  C:\Windows\System\eYaNKvo.exe
  2⤵
  PID:7076
- C:\Windows\System\DsbULeP.exe
  C:\Windows\System\DsbULeP.exe
  2⤵
  PID:7096
- C:\Windows\System\pCPGChE.exe
  C:\Windows\System\pCPGChE.exe
  2⤵
  PID:7112
- C:\Windows\System\pfWjxbI.exe
  C:\Windows\System\pfWjxbI.exe
  2⤵
  PID:7128
- C:\Windows\System\jgyxESO.exe
  C:\Windows\System\jgyxESO.exe
  2⤵
  PID:7144
- C:\Windows\System\pmIutcB.exe
  C:\Windows\System\pmIutcB.exe
  2⤵
  PID:7164
- C:\Windows\System\yphbqUW.exe
  C:\Windows\System\yphbqUW.exe
  2⤵
  PID:5948
- C:\Windows\System\kfFCvHk.exe
  C:\Windows\System\kfFCvHk.exe
  2⤵
  PID:2832
- C:\Windows\System\RCmPemn.exe
  C:\Windows\System\RCmPemn.exe
  2⤵
  PID:5256
- C:\Windows\System\BsXhffu.exe
  C:\Windows\System\BsXhffu.exe
  2⤵
  PID:2396
- C:\Windows\System\ChvYfPr.exe
  C:\Windows\System\ChvYfPr.exe
  2⤵
  PID:6320
- C:\Windows\System\uwTCwiq.exe
  C:\Windows\System\uwTCwiq.exe
  2⤵
  PID:6364
- C:\Windows\System\sdDMfGd.exe
  C:\Windows\System\sdDMfGd.exe
  2⤵
  PID:6376
- C:\Windows\System\ArFlYxw.exe
  C:\Windows\System\ArFlYxw.exe
  2⤵
  PID:6388
- C:\Windows\System\yjxaYSL.exe
  C:\Windows\System\yjxaYSL.exe
  2⤵
  PID:6240
- C:\Windows\System\WkrKlqJ.exe
  C:\Windows\System\WkrKlqJ.exe
  2⤵
  PID:6416
- C:\Windows\System\qTrzhxf.exe
  C:\Windows\System\qTrzhxf.exe
  2⤵
  PID:6452
- C:\Windows\System\SholsSU.exe
  C:\Windows\System\SholsSU.exe
  2⤵
  PID:6432
- C:\Windows\System\qePEwYe.exe
  C:\Windows\System\qePEwYe.exe
  2⤵
  PID:6556
- C:\Windows\System\MMSabnA.exe
  C:\Windows\System\MMSabnA.exe
  2⤵
  PID:6628
- C:\Windows\System\fGvHBMC.exe
  C:\Windows\System\fGvHBMC.exe
  2⤵
  PID:6504
- C:\Windows\System\oFGYVFK.exe
  C:\Windows\System\oFGYVFK.exe
  2⤵
  PID:6608
- C:\Windows\System\zUGAHGd.exe
  C:\Windows\System\zUGAHGd.exe
  2⤵
  PID:6660
- C:\Windows\System\iFtakiK.exe
  C:\Windows\System\iFtakiK.exe
  2⤵
  PID:6692
- C:\Windows\System\pDhyeUV.exe
  C:\Windows\System\pDhyeUV.exe
  2⤵
  PID:6676
- C:\Windows\System\pwHBLyJ.exe
  C:\Windows\System\pwHBLyJ.exe
  2⤵
  PID:6776
- C:\Windows\System\WoEvNKV.exe
  C:\Windows\System\WoEvNKV.exe
  2⤵
  PID:6792
- C:\Windows\System\uDvYgJg.exe
  C:\Windows\System\uDvYgJg.exe
  2⤵
  PID:6808
- C:\Windows\System\LYmWyOI.exe
  C:\Windows\System\LYmWyOI.exe
  2⤵
  PID:6828
- C:\Windows\System\qAODvps.exe
  C:\Windows\System\qAODvps.exe
  2⤵
  PID:6936
- C:\Windows\System\kSKDeZe.exe
  C:\Windows\System\kSKDeZe.exe
  2⤵
  PID:6972
- C:\Windows\System\lykeOHt.exe
  C:\Windows\System\lykeOHt.exe
  2⤵
  PID:7016
- C:\Windows\System\lyAsoSy.exe
  C:\Windows\System\lyAsoSy.exe
  2⤵
  PID:6884
- C:\Windows\System\KNIGfOz.exe
  C:\Windows\System\KNIGfOz.exe
  2⤵
  PID:7088
- C:\Windows\System\IjfpQOj.exe
  C:\Windows\System\IjfpQOj.exe
  2⤵
  PID:7152
- C:\Windows\System\ciITkfO.exe
  C:\Windows\System\ciITkfO.exe
  2⤵
  PID:2208
- C:\Windows\System\gdEAnDA.exe
  C:\Windows\System\gdEAnDA.exe
  2⤵
  PID:7028
- C:\Windows\System\kqLrrZj.exe
  C:\Windows\System\kqLrrZj.exe
  2⤵
  PID:7068
- C:\Windows\System\AxMaAiK.exe
  C:\Windows\System\AxMaAiK.exe
  2⤵
  PID:6168
- C:\Windows\System\yRhvEWk.exe
  C:\Windows\System\yRhvEWk.exe
  2⤵
  PID:6184
- C:\Windows\System\kJZTUmg.exe
  C:\Windows\System\kJZTUmg.exe
  2⤵
  PID:6220
- C:\Windows\System\igjcFGM.exe
  C:\Windows\System\igjcFGM.exe
  2⤵
  PID:6252
- C:\Windows\System\GWjwJje.exe
  C:\Windows\System\GWjwJje.exe
  2⤵
  PID:5292
- C:\Windows\System\RiVVzim.exe
  C:\Windows\System\RiVVzim.exe
  2⤵
  PID:6584
- C:\Windows\System\hpKiqJE.exe
  C:\Windows\System\hpKiqJE.exe
  2⤵
  PID:6588
- C:\Windows\System\GIYiJSS.exe
  C:\Windows\System\GIYiJSS.exe
  2⤵
  PID:6200
- C:\Windows\System\TpPJDHo.exe
  C:\Windows\System\TpPJDHo.exe
  2⤵
  PID:5328
- C:\Windows\System\XftslsQ.exe
  C:\Windows\System\XftslsQ.exe
  2⤵
  PID:6672
- C:\Windows\System\kKQlYZo.exe
  C:\Windows\System\kKQlYZo.exe
  2⤵
  PID:4152
- C:\Windows\System\zybwgOK.exe
  C:\Windows\System\zybwgOK.exe
  2⤵
  PID:6204
- C:\Windows\System\YpxAjxQ.exe
  C:\Windows\System\YpxAjxQ.exe
  2⤵
  PID:6668
- C:\Windows\System\DqpQAgf.exe
  C:\Windows\System\DqpQAgf.exe
  2⤵
  PID:6552
- C:\Windows\System\xyJFnpc.exe
  C:\Windows\System\xyJFnpc.exe
  2⤵
  PID:6484
- C:\Windows\System\cWVGyqA.exe
  C:\Windows\System\cWVGyqA.exe
  2⤵
  PID:6796
- C:\Windows\System\OOmIAYH.exe
  C:\Windows\System\OOmIAYH.exe
  2⤵
  PID:6952
- C:\Windows\System\JNJxgkW.exe
  C:\Windows\System\JNJxgkW.exe
  2⤵
  PID:6848
- C:\Windows\System\DRUfSgG.exe
  C:\Windows\System\DRUfSgG.exe
  2⤵
  PID:6236
- C:\Windows\System\aJtmMbE.exe
  C:\Windows\System\aJtmMbE.exe
  2⤵
  PID:7160
- C:\Windows\System\VRCmsrB.exe
  C:\Windows\System\VRCmsrB.exe
  2⤵
  PID:7108
- C:\Windows\System\PqsuofE.exe
  C:\Windows\System\PqsuofE.exe
  2⤵
  PID:6404
- C:\Windows\System\GMGrWuI.exe
  C:\Windows\System\GMGrWuI.exe
  2⤵
  PID:6540
- C:\Windows\System\zWSNAlj.exe
  C:\Windows\System\zWSNAlj.exe
  2⤵
  PID:6696
- C:\Windows\System\PKveZNx.exe
  C:\Windows\System\PKveZNx.exe
  2⤵
  PID:6864
- C:\Windows\System\oQVRumU.exe
  C:\Windows\System\oQVRumU.exe
  2⤵
  PID:6300
- C:\Windows\System\rKuNwsr.exe
  C:\Windows\System\rKuNwsr.exe
  2⤵
  PID:1728
- C:\Windows\System\ArLyOGr.exe
  C:\Windows\System\ArLyOGr.exe
  2⤵
  PID:6852
- C:\Windows\System\wHrKfth.exe
  C:\Windows\System\wHrKfth.exe
  2⤵
  PID:6644
- C:\Windows\System\sgtgYxY.exe
  C:\Windows\System\sgtgYxY.exe
  2⤵
  PID:5436
- C:\Windows\System\XQiJtNK.exe
  C:\Windows\System\XQiJtNK.exe
  2⤵
  PID:6908
- C:\Windows\System\rgYqakE.exe
  C:\Windows\System\rgYqakE.exe
  2⤵
  PID:7084
- C:\Windows\System\ehUpLSw.exe
  C:\Windows\System\ehUpLSw.exe
  2⤵
  PID:6284
- C:\Windows\System\yigUoMN.exe
  C:\Windows\System\yigUoMN.exe
  2⤵
  PID:6468
- C:\Windows\System\KfNyTzx.exe
  C:\Windows\System\KfNyTzx.exe
  2⤵
  PID:6256
- C:\Windows\System\TEFXkNs.exe
  C:\Windows\System\TEFXkNs.exe
  2⤵
  PID:6348
- C:\Windows\System\bZZqIAP.exe
  C:\Windows\System\bZZqIAP.exe
  2⤵
  PID:6328
- C:\Windows\System\GiDVZnq.exe
  C:\Windows\System\GiDVZnq.exe
  2⤵
  PID:5236
- C:\Windows\System\gSYHAjI.exe
  C:\Windows\System\gSYHAjI.exe
  2⤵
  PID:7180
- C:\Windows\System\wHLlawy.exe
  C:\Windows\System\wHLlawy.exe
  2⤵
  PID:7200
- C:\Windows\System\HdNfiZe.exe
  C:\Windows\System\HdNfiZe.exe
  2⤵
  PID:7216
- C:\Windows\System\oSIIBmk.exe
  C:\Windows\System\oSIIBmk.exe
  2⤵
  PID:7232
- C:\Windows\System\BwXCTzb.exe
  C:\Windows\System\BwXCTzb.exe
  2⤵
  PID:7248
- C:\Windows\System\MmejtBu.exe
  C:\Windows\System\MmejtBu.exe
  2⤵
  PID:7264
- C:\Windows\System\WIlKeRe.exe
  C:\Windows\System\WIlKeRe.exe
  2⤵
  PID:7280
- C:\Windows\System\xzFtwpY.exe
  C:\Windows\System\xzFtwpY.exe
  2⤵
  PID:7300
- C:\Windows\System\WLbMNCX.exe
  C:\Windows\System\WLbMNCX.exe
  2⤵
  PID:7324
- C:\Windows\System\eUnFrJj.exe
  C:\Windows\System\eUnFrJj.exe
  2⤵
  PID:7344
- C:\Windows\System\eSSRMeg.exe
  C:\Windows\System\eSSRMeg.exe
  2⤵
  PID:7368
- C:\Windows\System\IuWJdOI.exe
  C:\Windows\System\IuWJdOI.exe
  2⤵
  PID:7388
- C:\Windows\System\qsSkQDV.exe
  C:\Windows\System\qsSkQDV.exe
  2⤵
  PID:7404
- C:\Windows\System\CobmFup.exe
  C:\Windows\System\CobmFup.exe
  2⤵
  PID:7428
- C:\Windows\System\fNnKyWO.exe
  C:\Windows\System\fNnKyWO.exe
  2⤵
  PID:7448
- C:\Windows\System\RoCuBfh.exe
  C:\Windows\System\RoCuBfh.exe
  2⤵
  PID:7488
- C:\Windows\System\XGICbWb.exe
  C:\Windows\System\XGICbWb.exe
  2⤵
  PID:7508
- C:\Windows\System\hAoLAnK.exe
  C:\Windows\System\hAoLAnK.exe
  2⤵
  PID:7544
- C:\Windows\System\sqlOesE.exe
  C:\Windows\System\sqlOesE.exe
  2⤵
  PID:7560
- C:\Windows\System\kOWrjbG.exe
  C:\Windows\System\kOWrjbG.exe
  2⤵
  PID:7576
- C:\Windows\System\yrvcDzZ.exe
  C:\Windows\System\yrvcDzZ.exe
  2⤵
  PID:7596
- C:\Windows\System\UMizDWC.exe
  C:\Windows\System\UMizDWC.exe
  2⤵
  PID:7616
- C:\Windows\System\PiJzhxX.exe
  C:\Windows\System\PiJzhxX.exe
  2⤵
  PID:7636
- C:\Windows\System\VchmZPQ.exe
  C:\Windows\System\VchmZPQ.exe
  2⤵
  PID:7652
- C:\Windows\System\XfquFZP.exe
  C:\Windows\System\XfquFZP.exe
  2⤵
  PID:7668
- C:\Windows\System\HUPcbWX.exe
  C:\Windows\System\HUPcbWX.exe
  2⤵
  PID:7688
- C:\Windows\System\hQyojVL.exe
  C:\Windows\System\hQyojVL.exe
  2⤵
  PID:7712
- C:\Windows\System\FwkFvMq.exe
  C:\Windows\System\FwkFvMq.exe
  2⤵
  PID:7744
- C:\Windows\System\rrdjsxM.exe
  C:\Windows\System\rrdjsxM.exe
  2⤵
  PID:7760
- C:\Windows\System\FxijluM.exe
  C:\Windows\System\FxijluM.exe
  2⤵
  PID:7776
- C:\Windows\System\pqBugpv.exe
  C:\Windows\System\pqBugpv.exe
  2⤵
  PID:7800
- C:\Windows\System\NMjrlLa.exe
  C:\Windows\System\NMjrlLa.exe
  2⤵
  PID:7816
- C:\Windows\System\brHZBHM.exe
  C:\Windows\System\brHZBHM.exe
  2⤵
  PID:7832
- C:\Windows\System\pyslfwD.exe
  C:\Windows\System\pyslfwD.exe
  2⤵
  PID:7852
- C:\Windows\System\bcTEInQ.exe
  C:\Windows\System\bcTEInQ.exe
  2⤵
  PID:7868
- C:\Windows\System\UXXpePx.exe
  C:\Windows\System\UXXpePx.exe
  2⤵
  PID:7884
- C:\Windows\System\ctwHPfE.exe
  C:\Windows\System\ctwHPfE.exe
  2⤵
  PID:7900
- C:\Windows\System\qJwZGZs.exe
  C:\Windows\System\qJwZGZs.exe
  2⤵
  PID:7920
- C:\Windows\System\kRdFiYO.exe
  C:\Windows\System\kRdFiYO.exe
  2⤵
  PID:7944
- C:\Windows\System\uSNFsMB.exe
  C:\Windows\System\uSNFsMB.exe
  2⤵
  PID:7960
- C:\Windows\System\GNqYEaD.exe
  C:\Windows\System\GNqYEaD.exe
  2⤵
  PID:7976
- C:\Windows\System\PtGACCp.exe
  C:\Windows\System\PtGACCp.exe
  2⤵
  PID:8016
- C:\Windows\System\tQZpvAF.exe
  C:\Windows\System\tQZpvAF.exe
  2⤵
  PID:8040
- C:\Windows\System\DxJAERJ.exe
  C:\Windows\System\DxJAERJ.exe
  2⤵
  PID:8056
- C:\Windows\System\CTxnDtY.exe
  C:\Windows\System\CTxnDtY.exe
  2⤵
  PID:8072
- C:\Windows\System\eyBVJlG.exe
  C:\Windows\System\eyBVJlG.exe
  2⤵
  PID:8096
- C:\Windows\System\veImgsr.exe
  C:\Windows\System\veImgsr.exe
  2⤵
  PID:8112
- C:\Windows\System\qOOvmpo.exe
  C:\Windows\System\qOOvmpo.exe
  2⤵
  PID:8140
- C:\Windows\System\MyVjBcd.exe
  C:\Windows\System\MyVjBcd.exe
  2⤵
  PID:8160
- C:\Windows\System\hMewmWk.exe
  C:\Windows\System\hMewmWk.exe
  2⤵
  PID:8176
- C:\Windows\System\heGuZFO.exe
  C:\Windows\System\heGuZFO.exe
  2⤵
  PID:6816
- C:\Windows\System\eiqkneE.exe
  C:\Windows\System\eiqkneE.exe
  2⤵
  PID:6524
- C:\Windows\System\oaDUJtO.exe
  C:\Windows\System\oaDUJtO.exe
  2⤵
  PID:6536
- C:\Windows\System\jBYWPWW.exe
  C:\Windows\System\jBYWPWW.exe
  2⤵
  PID:2764
- C:\Windows\System\HTesFHl.exe
  C:\Windows\System\HTesFHl.exe
  2⤵
  PID:7060
- C:\Windows\System\nHnZYPo.exe
  C:\Windows\System\nHnZYPo.exe
  2⤵
  PID:7256
- C:\Windows\System\plZeHzA.exe
  C:\Windows\System\plZeHzA.exe
  2⤵
  PID:7332
- C:\Windows\System\QaEIUec.exe
  C:\Windows\System\QaEIUec.exe
  2⤵
  PID:7176
- C:\Windows\System\DitvUBx.exe
  C:\Windows\System\DitvUBx.exe
  2⤵
  PID:6980
- C:\Windows\System\aaQDurU.exe
  C:\Windows\System\aaQDurU.exe
  2⤵
  PID:7336
- C:\Windows\System\zelMeQL.exe
  C:\Windows\System\zelMeQL.exe
  2⤵
  PID:7416
- C:\Windows\System\duZwoyi.exe
  C:\Windows\System\duZwoyi.exe
  2⤵
  PID:6900
- C:\Windows\System\jhrsuGx.exe
  C:\Windows\System\jhrsuGx.exe
  2⤵
  PID:7460
- C:\Windows\System\ibbzVoV.exe
  C:\Windows\System\ibbzVoV.exe
  2⤵
  PID:7516
- C:\Windows\System\YXyPdqw.exe
  C:\Windows\System\YXyPdqw.exe
  2⤵
  PID:7396
- C:\Windows\System\DzSSIBt.exe
  C:\Windows\System\DzSSIBt.exe
  2⤵
  PID:7356
- C:\Windows\System\KVWDaTw.exe
  C:\Windows\System\KVWDaTw.exe
  2⤵
  PID:7364
- C:\Windows\System\dwInKEs.exe
  C:\Windows\System\dwInKEs.exe
  2⤵
  PID:7436
- C:\Windows\System\WCVrYVf.exe
  C:\Windows\System\WCVrYVf.exe
  2⤵
  PID:7556
- C:\Windows\System\cYuMIQc.exe
  C:\Windows\System\cYuMIQc.exe
  2⤵
  PID:7648
- C:\Windows\System\lXKahrc.exe
  C:\Windows\System\lXKahrc.exe
  2⤵
  PID:7664
- C:\Windows\System\WnGoTgM.exe
  C:\Windows\System\WnGoTgM.exe
  2⤵
  PID:7624
- C:\Windows\System\PzqtbGl.exe
  C:\Windows\System\PzqtbGl.exe
  2⤵
  PID:7720
- C:\Windows\System\qbkoNWM.exe
  C:\Windows\System\qbkoNWM.exe
  2⤵
  PID:7732
- C:\Windows\System\KmDOsuK.exe
  C:\Windows\System\KmDOsuK.exe
  2⤵
  PID:7756
- C:\Windows\System\czmZAkA.exe
  C:\Windows\System\czmZAkA.exe
  2⤵
  PID:7848
- C:\Windows\System\AmHGIOR.exe
  C:\Windows\System\AmHGIOR.exe
  2⤵
  PID:7912
- C:\Windows\System\lCAztZg.exe
  C:\Windows\System\lCAztZg.exe
  2⤵
  PID:7864
- C:\Windows\System\iSmqgIV.exe
  C:\Windows\System\iSmqgIV.exe
  2⤵
  PID:7956
- C:\Windows\System\UcrrtRx.exe
  C:\Windows\System\UcrrtRx.exe
  2⤵
  PID:8000
- C:\Windows\System\mZvzBFB.exe
  C:\Windows\System\mZvzBFB.exe
  2⤵
  PID:7936
- C:\Windows\System\uEblWWO.exe
  C:\Windows\System\uEblWWO.exe
  2⤵
  PID:7972
- C:\Windows\System\IXiYJGu.exe
  C:\Windows\System\IXiYJGu.exe
  2⤵
  PID:8088
- C:\Windows\System\KaNcFyR.exe
  C:\Windows\System\KaNcFyR.exe
  2⤵
  PID:8064
- C:\Windows\System\cqDOKkP.exe
  C:\Windows\System\cqDOKkP.exe
  2⤵
  PID:8104
- C:\Windows\System\rESfiKl.exe
  C:\Windows\System\rESfiKl.exe
  2⤵
  PID:8136
- C:\Windows\System\AkqXXKN.exe
  C:\Windows\System\AkqXXKN.exe
  2⤵
  PID:6656
- C:\Windows\System\SwLYxvO.exe
  C:\Windows\System\SwLYxvO.exe
  2⤵
  PID:6572
- C:\Windows\System\wKLCfNI.exe
  C:\Windows\System\wKLCfNI.exe
  2⤵
  PID:8152
- C:\Windows\System\FayiLmk.exe
  C:\Windows\System\FayiLmk.exe
  2⤵
  PID:6400
- C:\Windows\System\uVBGFXZ.exe
  C:\Windows\System\uVBGFXZ.exe
  2⤵
  PID:7212
- C:\Windows\System\SIXNEMi.exe
  C:\Windows\System\SIXNEMi.exe
  2⤵
  PID:7316
- C:\Windows\System\vjSbDcE.exe
  C:\Windows\System\vjSbDcE.exe
  2⤵
  PID:7320
- C:\Windows\System\OQrasOj.exe
  C:\Windows\System\OQrasOj.exe
  2⤵
  PID:7456
- C:\Windows\System\WCmhwtB.exe
  C:\Windows\System\WCmhwtB.exe
  2⤵
  PID:7480
- C:\Windows\System\dvXJzBl.exe
  C:\Windows\System\dvXJzBl.exe
  2⤵
  PID:7532
- C:\Windows\System\focaVzs.exe
  C:\Windows\System\focaVzs.exe
  2⤵
  PID:7608
- C:\Windows\System\oYYFqlx.exe
  C:\Windows\System\oYYFqlx.exe
  2⤵
  PID:7592
- C:\Windows\System\ExZqYMk.exe
  C:\Windows\System\ExZqYMk.exe
  2⤵
  PID:7360
- C:\Windows\System\QLyLHUE.exe
  C:\Windows\System\QLyLHUE.exe
  2⤵
  PID:7812
- C:\Windows\System\UzsApxz.exe
  C:\Windows\System\UzsApxz.exe
  2⤵
  PID:7840
- C:\Windows\System\memKnce.exe
  C:\Windows\System\memKnce.exe
  2⤵
  PID:7768
- C:\Windows\System\SuwUFiv.exe
  C:\Windows\System\SuwUFiv.exe
  2⤵
  PID:7684
- C:\Windows\System\Srrprgb.exe
  C:\Windows\System\Srrprgb.exe
  2⤵
  PID:7828
- C:\Windows\System\nHooaFJ.exe
  C:\Windows\System\nHooaFJ.exe
  2⤵
  PID:7992
- C:\Windows\System\EFucTts.exe
  C:\Windows\System\EFucTts.exe
  2⤵
  PID:8052
- C:\Windows\System\pLUtskL.exe
  C:\Windows\System\pLUtskL.exe
  2⤵
  PID:8024
- C:\Windows\System\RSVxgEC.exe
  C:\Windows\System\RSVxgEC.exe
  2⤵
  PID:6996
- C:\Windows\System\uqoaSKC.exe
  C:\Windows\System\uqoaSKC.exe
  2⤵
  PID:8172
- C:\Windows\System\KgLjZHL.exe
  C:\Windows\System\KgLjZHL.exe
  2⤵
  PID:8068
- C:\Windows\System\gXbasPL.exe
  C:\Windows\System\gXbasPL.exe
  2⤵
  PID:7296
- C:\Windows\System\iQKkvEY.exe
  C:\Windows\System\iQKkvEY.exe
  2⤵
  PID:5720
- C:\Windows\System\QRmRFrT.exe
  C:\Windows\System\QRmRFrT.exe
  2⤵
  PID:7376
- C:\Windows\System\KiGtoRr.exe
  C:\Windows\System\KiGtoRr.exe
  2⤵
  PID:7568
- C:\Windows\System\sJzqHuh.exe
  C:\Windows\System\sJzqHuh.exe
  2⤵
  PID:7504
- C:\Windows\System\LUOIyXB.exe
  C:\Windows\System\LUOIyXB.exe
  2⤵
  PID:7612
- C:\Windows\System\mMDSBWN.exe
  C:\Windows\System\mMDSBWN.exe
  2⤵
  PID:7708
- C:\Windows\System\mlABTqA.exe
  C:\Windows\System\mlABTqA.exe
  2⤵
  PID:7784
- C:\Windows\System\AIVasnZ.exe
  C:\Windows\System\AIVasnZ.exe
  2⤵
  PID:8132
- C:\Windows\System\CBlkEGH.exe
  C:\Windows\System\CBlkEGH.exe
  2⤵
  PID:8028
- C:\Windows\System\GGYlKCk.exe
  C:\Windows\System\GGYlKCk.exe
  2⤵
  PID:6956
- C:\Windows\System\PILqTyX.exe
  C:\Windows\System\PILqTyX.exe
  2⤵
  PID:7896
- C:\Windows\System\IyDAyYm.exe
  C:\Windows\System\IyDAyYm.exe
  2⤵
  PID:8188
- C:\Windows\System\pWufAXw.exe
  C:\Windows\System\pWufAXw.exe
  2⤵
  PID:7604
- C:\Windows\System\NDnFoNh.exe
  C:\Windows\System\NDnFoNh.exe
  2⤵
  PID:7288
- C:\Windows\System\YabQeID.exe
  C:\Windows\System\YabQeID.exe
  2⤵
  PID:7824
- C:\Windows\System\WlEQkzQ.exe
  C:\Windows\System\WlEQkzQ.exe
  2⤵
  PID:7400
- C:\Windows\System\elCVHdE.exe
  C:\Windows\System\elCVHdE.exe
  2⤵
  PID:7588
- C:\Windows\System\SlqErXl.exe
  C:\Windows\System\SlqErXl.exe
  2⤵
  PID:7124
- C:\Windows\System\kvoJXQi.exe
  C:\Windows\System\kvoJXQi.exe
  2⤵
  PID:7996
- C:\Windows\System\hkJnpSN.exe
  C:\Windows\System\hkJnpSN.exe
  2⤵
  PID:7208
- C:\Windows\System\wPUMEsG.exe
  C:\Windows\System\wPUMEsG.exe
  2⤵
  PID:7844
- C:\Windows\System\rHFMvnG.exe
  C:\Windows\System\rHFMvnG.exe
  2⤵
  PID:7928
- C:\Windows\System\wocUqTO.exe
  C:\Windows\System\wocUqTO.exe
  2⤵
  PID:7412
- C:\Windows\System\zajyNcP.exe
  C:\Windows\System\zajyNcP.exe
  2⤵
  PID:7792
- C:\Windows\System\saQdtaf.exe
  C:\Windows\System\saQdtaf.exe
  2⤵
  PID:7752
- C:\Windows\System\WctsRHx.exe
  C:\Windows\System\WctsRHx.exe
  2⤵
  PID:8032
- C:\Windows\System\tzAUwGY.exe
  C:\Windows\System\tzAUwGY.exe
  2⤵
  PID:7788
- C:\Windows\System\alBdbWQ.exe
  C:\Windows\System\alBdbWQ.exe
  2⤵
  PID:6844
- C:\Windows\System\uIiPuJa.exe
  C:\Windows\System\uIiPuJa.exe
  2⤵
  PID:6652
- C:\Windows\System\mHTPvVJ.exe
  C:\Windows\System\mHTPvVJ.exe
  2⤵
  PID:8200
- C:\Windows\System\niTDUNA.exe
  C:\Windows\System\niTDUNA.exe
  2⤵
  PID:8224
- C:\Windows\System\QzcPnlq.exe
  C:\Windows\System\QzcPnlq.exe
  2⤵
  PID:8240
- C:\Windows\System\gleMDMF.exe
  C:\Windows\System\gleMDMF.exe
  2⤵
  PID:8256
- C:\Windows\System\MLoizyU.exe
  C:\Windows\System\MLoizyU.exe
  2⤵
  PID:8276
- C:\Windows\System\Pwlgwgz.exe
  C:\Windows\System\Pwlgwgz.exe
  2⤵
  PID:8292
- C:\Windows\System\VzodPlM.exe
  C:\Windows\System\VzodPlM.exe
  2⤵
  PID:8308
- C:\Windows\System\aSOTULF.exe
  C:\Windows\System\aSOTULF.exe
  2⤵
  PID:8324
- C:\Windows\System\eoZYORu.exe
  C:\Windows\System\eoZYORu.exe
  2⤵
  PID:8348
- C:\Windows\System\ezAWsGv.exe
  C:\Windows\System\ezAWsGv.exe
  2⤵
  PID:8364
- C:\Windows\System\lzzgitZ.exe
  C:\Windows\System\lzzgitZ.exe
  2⤵
  PID:8384
- C:\Windows\System\cSfFQEH.exe
  C:\Windows\System\cSfFQEH.exe
  2⤵
  PID:8400
- C:\Windows\System\pVkHGoy.exe
  C:\Windows\System\pVkHGoy.exe
  2⤵
  PID:8416
- C:\Windows\System\KhVJMnX.exe
  C:\Windows\System\KhVJMnX.exe
  2⤵
  PID:8436
- C:\Windows\System\vLiiBet.exe
  C:\Windows\System\vLiiBet.exe
  2⤵
  PID:8452
- C:\Windows\System\SsSxkFr.exe
  C:\Windows\System\SsSxkFr.exe
  2⤵
  PID:8468
- C:\Windows\System\TCphNDn.exe
  C:\Windows\System\TCphNDn.exe
  2⤵
  PID:8484
- C:\Windows\System\XdVzZhu.exe
  C:\Windows\System\XdVzZhu.exe
  2⤵
  PID:8516
- C:\Windows\System\WGrxdaN.exe
  C:\Windows\System\WGrxdaN.exe
  2⤵
  PID:8532
- C:\Windows\System\CVIKGuA.exe
  C:\Windows\System\CVIKGuA.exe
  2⤵
  PID:8564
- C:\Windows\System\PKhXVOj.exe
  C:\Windows\System\PKhXVOj.exe
  2⤵
  PID:8584
- C:\Windows\System\gjYSBHp.exe
  C:\Windows\System\gjYSBHp.exe
  2⤵
  PID:8636
- C:\Windows\System\hJQvyxI.exe
  C:\Windows\System\hJQvyxI.exe
  2⤵
  PID:8652
- C:\Windows\System\nLcClLd.exe
  C:\Windows\System\nLcClLd.exe
  2⤵
  PID:8668
- C:\Windows\System\pDnsufv.exe
  C:\Windows\System\pDnsufv.exe
  2⤵
  PID:8684
- C:\Windows\System\eqiCSHP.exe
  C:\Windows\System\eqiCSHP.exe
  2⤵
  PID:8716
- C:\Windows\System\zznjJGV.exe
  C:\Windows\System\zznjJGV.exe
  2⤵
  PID:8732
- C:\Windows\System\STeIYJY.exe
  C:\Windows\System\STeIYJY.exe
  2⤵
  PID:8752
- C:\Windows\System\ZKEFgiH.exe
  C:\Windows\System\ZKEFgiH.exe
  2⤵
  PID:8768
- C:\Windows\System\BEmkgWk.exe
  C:\Windows\System\BEmkgWk.exe
  2⤵
  PID:8784
- C:\Windows\System\OMiYIwB.exe
  C:\Windows\System\OMiYIwB.exe
  2⤵
  PID:8800
- C:\Windows\System\YnlDVKN.exe
  C:\Windows\System\YnlDVKN.exe
  2⤵
  PID:8816
- C:\Windows\System\nIQdIHT.exe
  C:\Windows\System\nIQdIHT.exe
  2⤵
  PID:8852
- C:\Windows\System\ApbJrsh.exe
  C:\Windows\System\ApbJrsh.exe
  2⤵
  PID:8876
- C:\Windows\System\bcBkIgV.exe
  C:\Windows\System\bcBkIgV.exe
  2⤵
  PID:8892
- C:\Windows\System\ClAvjCc.exe
  C:\Windows\System\ClAvjCc.exe
  2⤵
  PID:8912
- C:\Windows\System\vLwMiNr.exe
  C:\Windows\System\vLwMiNr.exe
  2⤵
  PID:8932
- C:\Windows\System\hpiOeJn.exe
  C:\Windows\System\hpiOeJn.exe
  2⤵
  PID:8960
- C:\Windows\System\QKupwDV.exe
  C:\Windows\System\QKupwDV.exe
  2⤵
  PID:8980
- C:\Windows\System\CbepYrs.exe
  C:\Windows\System\CbepYrs.exe
  2⤵
  PID:8996
- C:\Windows\System\UsDDbnb.exe
  C:\Windows\System\UsDDbnb.exe
  2⤵
  PID:9016
- C:\Windows\System\NLMwmKP.exe
  C:\Windows\System\NLMwmKP.exe
  2⤵
  PID:9032
- C:\Windows\System\jhcavZE.exe
  C:\Windows\System\jhcavZE.exe
  2⤵
  PID:9056
- C:\Windows\System\bgCDKEq.exe
  C:\Windows\System\bgCDKEq.exe
  2⤵
  PID:9072
- C:\Windows\System\dnjwxnd.exe
  C:\Windows\System\dnjwxnd.exe
  2⤵
  PID:9088
- C:\Windows\System\Zvievkm.exe
  C:\Windows\System\Zvievkm.exe
  2⤵
  PID:9104
- C:\Windows\System\aEPQMXj.exe
  C:\Windows\System\aEPQMXj.exe
  2⤵
  PID:9120
- C:\Windows\System\uilsMGG.exe
  C:\Windows\System\uilsMGG.exe
  2⤵
  PID:9136
- C:\Windows\System\UfnFJqT.exe
  C:\Windows\System\UfnFJqT.exe
  2⤵
  PID:9152
- C:\Windows\System\XBCTzuE.exe
  C:\Windows\System\XBCTzuE.exe
  2⤵
  PID:9192
- C:\Windows\System\XNFlXiZ.exe
  C:\Windows\System\XNFlXiZ.exe
  2⤵
  PID:9208
- C:\Windows\System\UmGtsiD.exe
  C:\Windows\System\UmGtsiD.exe
  2⤵
  PID:8216
- C:\Windows\System\KrLbefo.exe
  C:\Windows\System\KrLbefo.exe
  2⤵
  PID:8248
- C:\Windows\System\wTakzhJ.exe
  C:\Windows\System\wTakzhJ.exe
  2⤵
  PID:8316
- C:\Windows\System\BMBVTQT.exe
  C:\Windows\System\BMBVTQT.exe
  2⤵
  PID:8264
- C:\Windows\System\uhwFOiB.exe
  C:\Windows\System\uhwFOiB.exe
  2⤵
  PID:8424
- C:\Windows\System\YSqwdRF.exe
  C:\Windows\System\YSqwdRF.exe
  2⤵
  PID:8304
- C:\Windows\System\xnXzuWP.exe
  C:\Windows\System\xnXzuWP.exe
  2⤵
  PID:8380
- C:\Windows\System\jJIItXE.exe
  C:\Windows\System\jJIItXE.exe
  2⤵
  PID:8336
- C:\Windows\System\vPwmiNe.exe
  C:\Windows\System\vPwmiNe.exe
  2⤵
  PID:8504
- C:\Windows\System\cRobHDT.exe
  C:\Windows\System\cRobHDT.exe
  2⤵
  PID:8480
- C:\Windows\System\negBfQl.exe
  C:\Windows\System\negBfQl.exe
  2⤵
  PID:8572
- C:\Windows\System\rdywImq.exe
  C:\Windows\System\rdywImq.exe
  2⤵
  PID:8604
- C:\Windows\System\nptxiji.exe
  C:\Windows\System\nptxiji.exe
  2⤵
  PID:8644
- C:\Windows\System\deEjYtY.exe
  C:\Windows\System\deEjYtY.exe
  2⤵
  PID:8676
- C:\Windows\System\PQHSKVa.exe
  C:\Windows\System\PQHSKVa.exe
  2⤵
  PID:8704
- C:\Windows\System\ttpBKTY.exe
  C:\Windows\System\ttpBKTY.exe
  2⤵
  PID:8748
- C:\Windows\System\YgnDPmZ.exe
  C:\Windows\System\YgnDPmZ.exe
  2⤵
  PID:8760
- C:\Windows\System\IiytmFs.exe
  C:\Windows\System\IiytmFs.exe
  2⤵
  PID:8808
- C:\Windows\System\tUCPboO.exe
  C:\Windows\System\tUCPboO.exe
  2⤵
  PID:8868
- C:\Windows\System\fpXeDHZ.exe
  C:\Windows\System\fpXeDHZ.exe
  2⤵
  PID:8832
- C:\Windows\System\xmUDTVX.exe
  C:\Windows\System\xmUDTVX.exe
  2⤵
  PID:8872
- C:\Windows\System\hXRkKuY.exe
  C:\Windows\System\hXRkKuY.exe
  2⤵
  PID:8904
- C:\Windows\System\mkwYYKF.exe
  C:\Windows\System\mkwYYKF.exe
  2⤵
  PID:8920
- C:\Windows\System\DqciJXm.exe
  C:\Windows\System\DqciJXm.exe
  2⤵
  PID:8968
- C:\Windows\System\LKQylUc.exe
  C:\Windows\System\LKQylUc.exe
  2⤵
  PID:9012
- C:\Windows\System\nMhlyAj.exe
  C:\Windows\System\nMhlyAj.exe
  2⤵
  PID:9044
- C:\Windows\System\hnYVaWc.exe
  C:\Windows\System\hnYVaWc.exe
  2⤵
  PID:9064
- C:\Windows\System\BwVOslO.exe
  C:\Windows\System\BwVOslO.exe
  2⤵
  PID:9160
- C:\Windows\System\BgMrypS.exe
  C:\Windows\System\BgMrypS.exe
  2⤵
  PID:9180
- C:\Windows\System\samLxrz.exe
  C:\Windows\System\samLxrz.exe
  2⤵
  PID:9052
- C:\Windows\System\MhlMqdx.exe
  C:\Windows\System\MhlMqdx.exe
  2⤵
  PID:8320
- C:\Windows\System\gyczOGz.exe
  C:\Windows\System\gyczOGz.exe
  2⤵
  PID:9148
- C:\Windows\System\bdfupTm.exe
  C:\Windows\System\bdfupTm.exe
  2⤵
  PID:8340
- C:\Windows\System\JIhGGeL.exe
  C:\Windows\System\JIhGGeL.exe
  2⤵
  PID:8236
- C:\Windows\System\wpcgVvi.exe
  C:\Windows\System\wpcgVvi.exe
  2⤵
  PID:8460
- C:\Windows\System\LKCLTVT.exe
  C:\Windows\System\LKCLTVT.exe
  2⤵
  PID:8540
- C:\Windows\System\xHlqnFL.exe
  C:\Windows\System\xHlqnFL.exe
  2⤵
  PID:7644
- C:\Windows\System\HEXoZxi.exe
  C:\Windows\System\HEXoZxi.exe
  2⤵
  PID:8496
- C:\Windows\System\DTsdMWA.exe
  C:\Windows\System\DTsdMWA.exe
  2⤵
  PID:8600
- C:\Windows\System\OMZbxck.exe
  C:\Windows\System\OMZbxck.exe
  2⤵
  PID:8712
- C:\Windows\System\btDCkVM.exe
  C:\Windows\System\btDCkVM.exe
  2⤵
  PID:8860
- C:\Windows\System\bhVjXxs.exe
  C:\Windows\System\bhVjXxs.exe
  2⤵
  PID:8928
- C:\Windows\System\QMaqmVm.exe
  C:\Windows\System\QMaqmVm.exe
  2⤵
  PID:8972
- C:\Windows\System\PQBuboq.exe
  C:\Windows\System\PQBuboq.exe
  2⤵
  PID:9080
- C:\Windows\System\nEIOLFt.exe
  C:\Windows\System\nEIOLFt.exe
  2⤵
  PID:8208
- C:\Windows\System\MYWyxVU.exe
  C:\Windows\System\MYWyxVU.exe
  2⤵
  PID:8220
- C:\Windows\System\dEoBoqx.exe
  C:\Windows\System\dEoBoqx.exe
  2⤵
  PID:8828
- C:\Windows\System\xhWeSwk.exe
  C:\Windows\System\xhWeSwk.exe
  2⤵
  PID:9164
- C:\Windows\System\GDjuhUr.exe
  C:\Windows\System\GDjuhUr.exe
  2⤵
  PID:9100
- C:\Windows\System\ZGRgfRs.exe
  C:\Windows\System\ZGRgfRs.exe
  2⤵
  PID:9188
- C:\Windows\System\bfdsVsR.exe
  C:\Windows\System\bfdsVsR.exe
  2⤵
  PID:9028
- C:\Windows\System\oRLTrvY.exe
  C:\Windows\System\oRLTrvY.exe
  2⤵
  PID:8464
- C:\Windows\System\YVhDQNx.exe
  C:\Windows\System\YVhDQNx.exe
  2⤵
  PID:8596
- C:\Windows\System\nHyHgEp.exe
  C:\Windows\System\nHyHgEp.exe
  2⤵
  PID:8664
- C:\Windows\System\JfeiQak.exe
  C:\Windows\System\JfeiQak.exe
  2⤵
  PID:8740
- C:\Windows\System\VCeyaSg.exe
  C:\Windows\System\VCeyaSg.exe
  2⤵
  PID:9172
- C:\Windows\System\YRAlOXo.exe
  C:\Windows\System\YRAlOXo.exe
  2⤵
  PID:8268
- C:\Windows\System\LsZNdPg.exe
  C:\Windows\System\LsZNdPg.exe
  2⤵
  PID:8448
- C:\Windows\System\qeYPjJX.exe
  C:\Windows\System\qeYPjJX.exe
  2⤵
  PID:9024
- C:\Windows\System\RoQbImP.exe
  C:\Windows\System\RoQbImP.exe
  2⤵
  PID:8700
- C:\Windows\System\vaPCcLW.exe
  C:\Windows\System\vaPCcLW.exe
  2⤵
  PID:9132
- C:\Windows\System\vIJQIQQ.exe
  C:\Windows\System\vIJQIQQ.exe
  2⤵
  PID:8560
- C:\Windows\System\vejqGIB.exe
  C:\Windows\System\vejqGIB.exe
  2⤵
  PID:8288
- C:\Windows\System\edRPOjX.exe
  C:\Windows\System\edRPOjX.exe
  2⤵
  PID:8988
- C:\Windows\System\dZXdMol.exe
  C:\Windows\System\dZXdMol.exe
  2⤵
  PID:9144
- C:\Windows\System\uEHeRwp.exe
  C:\Windows\System\uEHeRwp.exe
  2⤵
  PID:8888
- C:\Windows\System\fcTNHVN.exe
  C:\Windows\System\fcTNHVN.exe
  2⤵
  PID:8432
- C:\Windows\System\xDHXHXI.exe
  C:\Windows\System\xDHXHXI.exe
  2⤵
  PID:8648
- C:\Windows\System\brnIMDG.exe
  C:\Windows\System\brnIMDG.exe
  2⤵
  PID:8976
- C:\Windows\System\frhbVfk.exe
  C:\Windows\System\frhbVfk.exe
  2⤵
  PID:8212
- C:\Windows\System\OfPGSVE.exe
  C:\Windows\System\OfPGSVE.exe
  2⤵
  PID:8724
- C:\Windows\System\ucADeoS.exe
  C:\Windows\System\ucADeoS.exe
  2⤵
  PID:8512
- C:\Windows\System\imaJJHU.exe
  C:\Windows\System\imaJJHU.exe
  2⤵
  PID:8624
- C:\Windows\System\duyYCRu.exe
  C:\Windows\System\duyYCRu.exe
  2⤵
  PID:8408
- C:\Windows\System\TGXTUAM.exe
  C:\Windows\System\TGXTUAM.exe
  2⤵
  PID:8500
- C:\Windows\System\RYbqEur.exe
  C:\Windows\System\RYbqEur.exe
  2⤵
  PID:8864
- C:\Windows\System\zSAtyAr.exe
  C:\Windows\System\zSAtyAr.exe
  2⤵
  PID:9232
- C:\Windows\System\tDPGgoT.exe
  C:\Windows\System\tDPGgoT.exe
  2⤵
  PID:9252
- C:\Windows\System\zkqgqBJ.exe
  C:\Windows\System\zkqgqBJ.exe
  2⤵
  PID:9268
- C:\Windows\System\YerMpHg.exe
  C:\Windows\System\YerMpHg.exe
  2⤵
  PID:9300
- C:\Windows\System\FadNHkE.exe
  C:\Windows\System\FadNHkE.exe
  2⤵
  PID:9316
- C:\Windows\System\bFXyRiK.exe
  C:\Windows\System\bFXyRiK.exe
  2⤵
  PID:9340
- C:\Windows\System\TNDYyen.exe
  C:\Windows\System\TNDYyen.exe
  2⤵
  PID:9356
- C:\Windows\System\ONdNCqq.exe
  C:\Windows\System\ONdNCqq.exe
  2⤵
  PID:9376
- C:\Windows\System\GTxLbSC.exe
  C:\Windows\System\GTxLbSC.exe
  2⤵
  PID:9392
- C:\Windows\System\koyIoPR.exe
  C:\Windows\System\koyIoPR.exe
  2⤵
  PID:9412
- C:\Windows\System\THlFauD.exe
  C:\Windows\System\THlFauD.exe
  2⤵
  PID:9428
- C:\Windows\System\NtstlGt.exe
  C:\Windows\System\NtstlGt.exe
  2⤵
  PID:9452
- C:\Windows\System\elrlZtM.exe
  C:\Windows\System\elrlZtM.exe
  2⤵
  PID:9476
- C:\Windows\System\NLdMirY.exe
  C:\Windows\System\NLdMirY.exe
  2⤵
  PID:9492
- C:\Windows\System\XWqHAYy.exe
  C:\Windows\System\XWqHAYy.exe
  2⤵
  PID:9524
- C:\Windows\System\IjFwpha.exe
  C:\Windows\System\IjFwpha.exe
  2⤵
  PID:9540
- C:\Windows\System\DASCobW.exe
  C:\Windows\System\DASCobW.exe
  2⤵
  PID:9564
- C:\Windows\System\aQMwDWt.exe
  C:\Windows\System\aQMwDWt.exe
  2⤵
  PID:9580
- C:\Windows\System\zXrIEBr.exe
  C:\Windows\System\zXrIEBr.exe
  2⤵
  PID:9600
- C:\Windows\System\tPQBQIW.exe
  C:\Windows\System\tPQBQIW.exe
  2⤵
  PID:9616
- C:\Windows\System\uvzdOBY.exe
  C:\Windows\System\uvzdOBY.exe
  2⤵
  PID:9632
- C:\Windows\System\BFJuMVk.exe
  C:\Windows\System\BFJuMVk.exe
  2⤵
  PID:9652
- C:\Windows\System\GXzDuGJ.exe
  C:\Windows\System\GXzDuGJ.exe
  2⤵
  PID:9668
- C:\Windows\System\KKYyfui.exe
  C:\Windows\System\KKYyfui.exe
  2⤵
  PID:9684
- C:\Windows\System\tIeHawb.exe
  C:\Windows\System\tIeHawb.exe
  2⤵
  PID:9700
- C:\Windows\System\asMCKkI.exe
  C:\Windows\System\asMCKkI.exe
  2⤵
  PID:9724
- C:\Windows\System\NrUDEuZ.exe
  C:\Windows\System\NrUDEuZ.exe
  2⤵
  PID:9760
- C:\Windows\System\dtPxScN.exe
  C:\Windows\System\dtPxScN.exe
  2⤵
  PID:9780
- C:\Windows\System\MpxvieJ.exe
  C:\Windows\System\MpxvieJ.exe
  2⤵
  PID:9800
- C:\Windows\System\Lwhamye.exe
  C:\Windows\System\Lwhamye.exe
  2⤵
  PID:9820
- C:\Windows\System\dIJwVeR.exe
  C:\Windows\System\dIJwVeR.exe
  2⤵
  PID:9844
- C:\Windows\System\lhFEcoL.exe
  C:\Windows\System\lhFEcoL.exe
  2⤵
  PID:9860
- C:\Windows\System\oCbehDn.exe
  C:\Windows\System\oCbehDn.exe
  2⤵
  PID:9880
- C:\Windows\System\aaeTgGh.exe
  C:\Windows\System\aaeTgGh.exe
  2⤵
  PID:9896
- C:\Windows\System\wWnxrAV.exe
  C:\Windows\System\wWnxrAV.exe
  2⤵
  PID:9916
- C:\Windows\System\aDPSoSE.exe
  C:\Windows\System\aDPSoSE.exe
  2⤵
  PID:9936
- C:\Windows\System\EIMApPi.exe
  C:\Windows\System\EIMApPi.exe
  2⤵
  PID:9952
- C:\Windows\System\ddemJPD.exe
  C:\Windows\System\ddemJPD.exe
  2⤵
  PID:9972
- C:\Windows\System\shMQdBE.exe
  C:\Windows\System\shMQdBE.exe
  2⤵
  PID:9992
- C:\Windows\System\lyxcywv.exe
  C:\Windows\System\lyxcywv.exe
  2⤵
  PID:10008
- C:\Windows\System\ZvAPMBr.exe
  C:\Windows\System\ZvAPMBr.exe
  2⤵
  PID:10024
- C:\Windows\System\DrKHnWi.exe
  C:\Windows\System\DrKHnWi.exe
  2⤵
  PID:10044
- C:\Windows\System\WxaesPG.exe
  C:\Windows\System\WxaesPG.exe
  2⤵
  PID:10068
- C:\Windows\System\WLcEjMp.exe
  C:\Windows\System\WLcEjMp.exe
  2⤵
  PID:10084
- C:\Windows\System\dNwOeev.exe
  C:\Windows\System\dNwOeev.exe
  2⤵
  PID:10112
- C:\Windows\System\oVPOqts.exe
  C:\Windows\System\oVPOqts.exe
  2⤵
  PID:10128
- C:\Windows\System\pMHZzPG.exe
  C:\Windows\System\pMHZzPG.exe
  2⤵
  PID:10148
- C:\Windows\System\sOENvxv.exe
  C:\Windows\System\sOENvxv.exe
  2⤵
  PID:10168
- C:\Windows\System\hCNlgeH.exe
  C:\Windows\System\hCNlgeH.exe
  2⤵
  PID:10188
- C:\Windows\System\DvUDaZQ.exe
  C:\Windows\System\DvUDaZQ.exe
  2⤵
  PID:10208
- C:\Windows\System\MApPAOV.exe
  C:\Windows\System\MApPAOV.exe
  2⤵
  PID:10232
- C:\Windows\System\BuVGSGM.exe
  C:\Windows\System\BuVGSGM.exe
  2⤵
  PID:9260
- C:\Windows\System\UerUCxn.exe
  C:\Windows\System\UerUCxn.exe
  2⤵
  PID:9284
- C:\Windows\System\zqOvNMA.exe
  C:\Windows\System\zqOvNMA.exe
  2⤵
  PID:9308
- C:\Windows\System\ogMXcaX.exe
  C:\Windows\System\ogMXcaX.exe
  2⤵
  PID:9384
- C:\Windows\System\WHGYCuk.exe
  C:\Windows\System\WHGYCuk.exe
  2⤵
  PID:9364
- C:\Windows\System\eiuQchd.exe
  C:\Windows\System\eiuQchd.exe
  2⤵
  PID:9472
- C:\Windows\System\NKdBAiG.exe
  C:\Windows\System\NKdBAiG.exe
  2⤵
  PID:9484
- C:\Windows\System\ISeEnAs.exe
  C:\Windows\System\ISeEnAs.exe
  2⤵
  PID:9516
- C:\Windows\System\HHADnjO.exe
  C:\Windows\System\HHADnjO.exe
  2⤵
  PID:9556
- C:\Windows\System\enBEPSO.exe
  C:\Windows\System\enBEPSO.exe
  2⤵
  PID:9596
- C:\Windows\System\BYcaKiX.exe
  C:\Windows\System\BYcaKiX.exe
  2⤵
  PID:9624
- C:\Windows\System\mKyGVuU.exe
  C:\Windows\System\mKyGVuU.exe
  2⤵
  PID:9664
- C:\Windows\System\DEvviGQ.exe
  C:\Windows\System\DEvviGQ.exe
  2⤵
  PID:9736
- C:\Windows\System\tLbVqyF.exe
  C:\Windows\System\tLbVqyF.exe
  2⤵
  PID:9612
- C:\Windows\System\BuLcjIq.exe
  C:\Windows\System\BuLcjIq.exe
  2⤵
  PID:9644
- C:\Windows\System\wGVBxNf.exe
  C:\Windows\System\wGVBxNf.exe
  2⤵
  PID:9788
- C:\Windows\System\ScQQRKl.exe
  C:\Windows\System\ScQQRKl.exe
  2⤵
  PID:9836
- C:\Windows\System\LBUjJHb.exe
  C:\Windows\System\LBUjJHb.exe
  2⤵
  PID:9868
- C:\Windows\System\EoncxpS.exe
  C:\Windows\System\EoncxpS.exe
  2⤵
  PID:9944
- C:\Windows\System\LZsHqWB.exe
  C:\Windows\System\LZsHqWB.exe
  2⤵
  PID:10016
- C:\Windows\System\ZvMYHpi.exe
  C:\Windows\System\ZvMYHpi.exe
  2⤵
  PID:10064
- C:\Windows\System\WbGBfub.exe
  C:\Windows\System\WbGBfub.exe
  2⤵
  PID:10108
- C:\Windows\System\IklTdQP.exe
  C:\Windows\System\IklTdQP.exe
  2⤵
  PID:10144
- C:\Windows\System\UtTGcjw.exe
  C:\Windows\System\UtTGcjw.exe
  2⤵
  PID:10184
- C:\Windows\System\lpTGGUF.exe
  C:\Windows\System\lpTGGUF.exe
  2⤵
  PID:10120
- C:\Windows\System\qGgcUGo.exe
  C:\Windows\System\qGgcUGo.exe
  2⤵
  PID:9928
- C:\Windows\System\leMAjIz.exe
  C:\Windows\System\leMAjIz.exe
  2⤵
  PID:9348
- C:\Windows\System\AVINrTF.exe
  C:\Windows\System\AVINrTF.exe
  2⤵
  PID:10032
- C:\Windows\System\URDCRgu.exe
  C:\Windows\System\URDCRgu.exe
  2⤵
  PID:9332
- C:\Windows\System\PhHKTvk.exe
  C:\Windows\System\PhHKTvk.exe
  2⤵
  PID:9460
- C:\Windows\System\gtkkliA.exe
  C:\Windows\System\gtkkliA.exe
  2⤵
  PID:9424
- C:\Windows\System\yCefmZh.exe
  C:\Windows\System\yCefmZh.exe
  2⤵
  PID:9436
- C:\Windows\System\prIVSlv.exe
  C:\Windows\System\prIVSlv.exe
  2⤵
  PID:9224
- C:\Windows\System\krdoFCK.exe
  C:\Windows\System\krdoFCK.exe
  2⤵
  PID:10200
- C:\Windows\System\QfAniGb.exe
  C:\Windows\System\QfAniGb.exe
  2⤵
  PID:9532
- C:\Windows\System\WyJYPSi.exe
  C:\Windows\System\WyJYPSi.exe
  2⤵
  PID:9588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DyEFUse.exe

Filesize
6.0MB

MD5
62a0c74d032866e31e47b9abba09a266

SHA1
4260408c274b0af7f5272f00f359290b0b1f4f98

SHA256
dadec37cc81797f2148281465232d408ff7b35bd330595f1fc546f925c95ee7f

SHA512
bb8d8a3f6f64504b63835b0036347f4b42904c0589668e03150c9f6d8da4053c574539f5d11d36a36ae5d817654b31763ece087802dca74c1e5baf028b39eb2d

Download Submit
C:\Windows\system\FBUuhOU.exe

Filesize
6.0MB

MD5
8966610ff195b1703615579b62ebdc74

SHA1
2f0a15156fabafb5863bcaefa235f7973b906fab

SHA256
b4ae86a68cd6290cd2858579afe0fb5cf2eab599f57530af7be0bde1ff0e2a92

SHA512
3bc6ddcfd5d376fbf8b18e621d2e109efa6fc854e1ebad626f51869b33424448941e891fefd622415d1940eae45e20d6e226dcfb23fd59e958650e2a551dd61c

Download Submit
C:\Windows\system\HamzkxZ.exe

Filesize
6.0MB

MD5
6394d6b9c4302da8a3b08ecd9548bf46

SHA1
36480b2b7423438c3faed15e2862a4137654b0f4

SHA256
c50725bd503f7e6baaff6842775d95f3bf0ee07c23f646be6fb15f209f0999b2

SHA512
920c78ebd860a984847cc2a08d98387b11ebabafb4fc4c6a986fb5d7a7597ae5a9d3b3b489d1f87b3b7094f6a3adc5be24627d30e1fe6247792d8de73faef4fe

Download Submit
C:\Windows\system\JkcViqt.exe

Filesize
6.0MB

MD5
ab8f13235c42c206ded3ec226ac21c32

SHA1
cefcc4f2178722f59bb79cfb03676b6321a500aa

SHA256
d893b3666acf4afbb440ca3eaf02d048357806f4847db45308c70b62046d9f1a

SHA512
c92cb5138b824d9922717fb1d216f550e751292c07eeb89362a32726ea017299fdc25e1009c3661c7e1cf27288191cef262374a949f7f67bd3c9610b2e07e6f3

Download Submit
C:\Windows\system\JvGmvbu.exe

Filesize
6.0MB

MD5
3c0c2b0a4ca812f65a263bc7f84cadbf

SHA1
b4fa312941fdf9faaae713701791b7273a493d70

SHA256
09a46563ef0021eb7070ddf1fca4a5d699790408ea9a22af5ffc200c94159256

SHA512
3b15803e82e2c313d4ce62ab41186189a0cabcd2bdf5759bdbea0f89804fa0f85b1667db106f96f88aac2072d3ec1aa3e68156c704d6b97ed54798b9d31509ba

Download Submit
C:\Windows\system\KnYAwAU.exe

Filesize
6.0MB

MD5
11687c243a395b4b72c09b778d613220

SHA1
7a51d16b58e53162d625bbc84bdae654eab31a18

SHA256
c305ea1abbfbceb0d885009a533c82814b9ed9ca004fa371cca3813ac7d6ea9e

SHA512
22b2c76e32324ac322980efc6a3080288cdf4b9e02b71e8a6725e0f5e09ed07c18fe04d5b71ea911aa9c95faeddf0ca50a1ada7b74d02f0c6ebee5fbe77a5f01

Download Submit
C:\Windows\system\ODeKtpu.exe

Filesize
6.0MB

MD5
487fb9ad1fa50bd9b5644ff1a3cefe38

SHA1
b81a24cbb28b8f73a45bcf9c060b624ec503f73d

SHA256
310577d46c6a495d44e37dd1f94c8872679753756a009ee6898d238e8c29962d

SHA512
cb011be993d05a29b1212fdc8073921bb44bfbda3b8df4a7c7b64575263002d558758951346ab2c984068e327f35c19359abf5f841cff7d557ea94428b7ea15f

Download Submit
C:\Windows\system\QReEKrw.exe

Filesize
6.0MB

MD5
57fdc95610f4e48f2b639aeb183c524a

SHA1
adc6f010adab87820c163a4cfc01f648ab67d8f5

SHA256
88b535d9d46d366ea6ca70b3a075c425379b81d38ef2128871d1a595406b8b3d

SHA512
18cd5ec1101d660ffc102317cf33e118247165b9a64fe3045bdbc32fdfd7d54f9ab2f094a7249b6d29b5f648438746f3d83f6cbcfbd77d91eafa3c576e5d1dea

Download Submit
C:\Windows\system\QtrqDCe.exe

Filesize
6.0MB

MD5
d54dfef165b76aaf6b2ae57f501f1c6c

SHA1
9d35d5fcd5c08e97b046e3c437a8ca8c40904a04

SHA256
1c3801c40d940eda13c9d8fd7864223ed7a9037c8597c8d53f4f3e12f0ac70b2

SHA512
46cf369bc23c14776bc00f357aa8e90762d464077434bc606520f79255d2b35c8b99d11a9c8f2a4d9029a0423691eeda06ca01e4f0be54b7a623693f800c198b

Download Submit
C:\Windows\system\VDYcEfZ.exe

Filesize
6.0MB

MD5
20c7dcbc5f191fb7201170967b5946bb

SHA1
9fd58ea80799755974742786d815058c0f554498

SHA256
fb3568ddefe465f0bfb92579575df1de8be2c0b099151785b998a7ff96838b24

SHA512
548d7ac68e2d3652035a219bab2a6469f6f77eaebbe3aa8a89021b3f64e8a3bbb7bda14376b53f962166741ce0f91d69427758161cb2a488cd2d93a4ce8cf768

Download Submit
C:\Windows\system\XQRXUeS.exe

Filesize
6.0MB

MD5
830c302b9e27cee41d9c3ab34084c3fe

SHA1
31ac1d7bd2a8320bcbe8c2ec8ab0458aca8dad3f

SHA256
9ebbbd95cf25e7e6002cf23f16ad633c598d784b408ef79f96d57f9a3919798c

SHA512
7f5d2329652bef48e66229e193ce6c4b3d844cb71d16d1df985d1e61d135c69d1e74d2f73057019cb32a326d88c0269d7f53b79378f9d5d6a423261ab66e4161

Download Submit
C:\Windows\system\YyWsnzD.exe

Filesize
6.0MB

MD5
123d935bb3b7d27946542cb09df017fc

SHA1
790b7eb5b50b7b746d7bc48d0602271cc9961dfc

SHA256
8292abb29f585e96cc888d7d39bdc894d10a9cca837360447387bcf5ef39c73e

SHA512
7d8fab74a3d033f2c77c9601f905467f21aec5be54a9d85232216e988fa53b559c9f4e2aa760e0e03f3aba1a04a6542d017900861ccea69061d31bcfd7b44379

Download Submit
C:\Windows\system\chEjTMX.exe

Filesize
6.0MB

MD5
45fc4921211e063c3ff61b238e1466fd

SHA1
d633ca35cdd377e7232828eb88e1dcc427748b3b

SHA256
38997e28b6d1671efaa687a6cf5296c52b4e90b338c43da73207ef2533bceb91

SHA512
972c9c41747e2ae5c683b3bc5c7df4ea32f1e5b540407241117c79a4d49e2073f1e3d769bbd5c291aa54c3831ebdc4f9c81dae029278d8d6ff7b745b8e0056f1

Download Submit
C:\Windows\system\eTnVQCc.exe

Filesize
6.0MB

MD5
e6d3bda5986adc923bb86a6cd92b5fb6

SHA1
84f9d3171e0f12342aa7e98c1f84b042b9a963e0

SHA256
ca0da8a80043a26902e5fe8a71c97f2b28534193baa81cfcea694f0efbaa7367

SHA512
66704e8ba7fa8308b90842ff168b24b67acb1ebf0fba823b4d031b46d0ae9c53730dea7f9bf26e1bf803ce5f465e789cb2763c970c86b89fb16abebb9ffb1eed

Download Submit
C:\Windows\system\gkABbbP.exe

Filesize
6.0MB

MD5
e7c61e121e7606e652ebb356799f7ab3

SHA1
2e47a5db92aa1308a2e3cfb1a4da8b217b90e949

SHA256
b0f87e6b6e0aded502b25d04b50dd90695e9f2a6bdca717d2e631fb7bc19285b

SHA512
48b8071d16b3a4bcb593268563917a7b7d11a4d94e1f2682d0eaaf770324d3c1538eb9183cf7279c9ab9d19ab19a7206c5209a83dcf16034f8faf90bd93abf05

Download Submit
C:\Windows\system\hJYNepL.exe

Filesize
6.0MB

MD5
a219d23c9a3973be20bde8392250e634

SHA1
b151c0532b2bdadc64580d40a7f2c0c7b32275bc

SHA256
d841d9ac2ae6505df119bd79cb36e86e91086153fdde85542754fb933128c5e1

SHA512
9a73c95ed14eb6afdb00c7e928a31a0340ad088e6723971f80e0a969877383bdc5e633b09c6d3ec42b206c5d1a5dec0f76b60ec255a219c6e1a0fc440d0f2089

Download Submit
C:\Windows\system\iQCUkub.exe

Filesize
6.0MB

MD5
9769b42d595eceee0d53609ba76ce52b

SHA1
0f0d4d38132920751605a7b0f0327762b30a15a3

SHA256
633d5216711950694aca60201bac30eb86b20d4aaf9a43cc8837e882ef788758

SHA512
5d29d0294389305651c272495d3cb2a87b7f51398a4fcdf43e426e5f23dae7ebe071fd87862315c4beaa827d8aca345155a5edb2c34d049d885e3633bc8a77ad

Download Submit
C:\Windows\system\kRyJLmu.exe

Filesize
6.0MB

MD5
b5fa1654e28566fd108df6b75210e971

SHA1
eea7d9eeac4d92c9028651b2c4d7862d7aa1107d

SHA256
ba9a87ff9eef76ab247a83a624f795f7de0c99346d2a2a20a72ac6e7203ff495

SHA512
eb8679acafb907f890a6faf27e9f1feb55f8e0d0bfbac6034d093d6673f328de9e41bb3c90a368a07da3902355fe93987f68ec4d26a190413ae652a1a3f1799b

Download Submit
C:\Windows\system\mgcgMca.exe

Filesize
6.0MB

MD5
9ef11dc5aa27dd1c123af67398be76ff

SHA1
29c7122532a437a148cb606de697230d321a38f0

SHA256
6b4cf6d386eb21c26a9c1af4303c142c93deb232cc49ec42ea34f3154abf5d45

SHA512
0f565ceab5fad1555801a753630a4cebb53b0d83efecb6cf5d4e0d9d3d492c405005850417e974d3d9175c07f08d1dc0df20406e9c0f4a5fce598728f599b473

Download Submit
C:\Windows\system\oMyCzQV.exe

Filesize
6.0MB

MD5
06ec196cc8f20492bb05fa673273c0f6

SHA1
80fbd080b75be9178f5dae0c765324bf2736582e

SHA256
2fc6250286d9cee173a3647a71700ddc224704b39589d909297f411ae31fef9e

SHA512
0cf077e6bd17abe42b75c4bade93887029a0caa43cb342952de89b027540ab4e915d98157364413aba4975c5bdd0528d5be32549b063438bfb5dff81fedf86ea

Download Submit
C:\Windows\system\sTrsnMr.exe

Filesize
6.0MB

MD5
60ef061426fd97d87f6943d72af79c79

SHA1
d61a3fc23400de896a75aa6a0c27cb72b33595fc

SHA256
78eecf14ca4081938838a05a487091edc021e8d86370520e1e08ec511cbcc704

SHA512
a7b06e2e94af251ce45bcf5b7276e805b06d81b22091d64455d25b79cc5b8ebaa38434fc2b28e9927cfaa0e22a55a6a5d2b1a588a5fb4044a93391ac3c2f6072

Download Submit
C:\Windows\system\snwJQPL.exe

Filesize
6.0MB

MD5
474ec69899ac296ac8995b7f58b26a21

SHA1
a1d0839e13a245f1d2afacab497afa16da7cc544

SHA256
c11b5f2f9cef1109340e5520046e1041af63c85949073c999d3b83c97e177b9c

SHA512
f1b941bef694c7c9d964cb031164e5e66b0e275d170c48cdd4cbfdf71324957348afb838c5b37d63b13e19ab1ce45b6a64bbe08b39bc052b0c7f08e33ad01cbd

Download Submit
C:\Windows\system\tJkLnXk.exe

Filesize
6.0MB

MD5
bd8a337f301c1138a384dca5d500fa42

SHA1
39d4615a9b286382f821769231f57eabf40c7e1d

SHA256
ee2ccd21745f5f2662365c8d4aa0b7c8bb18058bc3bead62332251c2386ad8e7

SHA512
65537fcf92e682533f4213505ac9a7f5cadeed20b7fb4d496330b87f55c5a2c3a0f18097928e6a77c5b94095d755e4543a08731ce54d76c6984125fd0829f328

Download Submit
C:\Windows\system\tydRIqz.exe

Filesize
6.0MB

MD5
e42aa143069c4e8e91f23a79e9864078

SHA1
3314d89c2cd0fa4bf039b913084679dd25b1fc0d

SHA256
accd4cc96e415b248b90d864fd0c12d57d5f487d06ae2cc91763faaa8a4f9407

SHA512
d7e6c2bc904ebdb92088f0d3f213408e5bb7dab231e2b2e0f0279305b55a0364fdb04166693356f86e480a978cb0da6220e6ad024cc13bb5c61f1fb3cd952e74

Download Submit
C:\Windows\system\yzGsmRp.exe

Filesize
6.0MB

MD5
0ccce931c80331bda5e71c24da367af3

SHA1
6390caa73f5b61781d9dac961949dd3b99a0e942

SHA256
8b46b3401d831eacfbc851187794b63ed88c56f0bb23bc42bd9d6cdda8a380da

SHA512
91503144722cb219aeef5ffca439f9f772b0d5256816fba0a52ea5dad4e6b41b421d5fb215c51b17bad5756354be49c29de9b458e8686a88a0fd23e379e0c13e

Download Submit
\Windows\system\Hhcslut.exe

Filesize
6.0MB

MD5
61a17fb182ba3330eb1ba5d7928d90a0

SHA1
ee143b0cfe098c2c486ae1ac58495378a119ce8b

SHA256
0a8740577c2f42a7306c30be6b54656cdf301daed02a1af17a3107be17f6a150

SHA512
5c6f8ddac98971933042069539857cac377aa735b8ba1d95f6c6aa0b4278e4b3631a52d8d7037ae3becbb87fd9e0e07e626fb804a64c4423745996a62711b288

Download Submit
\Windows\system\MEUgjIJ.exe

Filesize
6.0MB

MD5
4399cd11b381ad8aae0785547fba04a3

SHA1
f461913d4d008737d462c54e11992163e8f8f296

SHA256
194ccfeabf4f02cca77809ae39d6a471603f0e454c5327f13a9857ca846a5084

SHA512
4ccc01c57cd19cbc6aa483cc2da928d58b9a0be9d403d936bad9a830decfa84533ffcd928a0ac9b1a16edc6d1a1b2207e6a83f97f032cd32d2d3f60f14af4b33

Download Submit
\Windows\system\YzTKDHg.exe

Filesize
6.0MB

MD5
ca04f515fa457c56223735536fb95c86

SHA1
0f8ce2070ad5848b031c0b8c7ba7843edb39e3ce

SHA256
8e60eafa5bd753f8d1eff159cfe5714e2950bde31fcca7629746befca250c86b

SHA512
5395925e4fc2c7afe619cf786047d47944db219f26c82daf55d088dcc8719fe27efba0d4508b996769489e296f8a433e1fdcdc833ccfad294a0041fe1ee7107e

Download Submit
\Windows\system\lKlScIB.exe

Filesize
6.0MB

MD5
4b876e65cfebd3213a384ac392a5b614

SHA1
6103d5717c4ed4b2fba4a92505db24cc0e73cff7

SHA256
77d701c2a83c8a7476289217d5a173d545de2e0ad7da81b3245d7e1a773eb44d

SHA512
58605341cc8b2ab6279c8bff3ed8618c968f2b47801ef4b525de171434a5a63d8ce5606e643ae34c08d11f3f816a3c46d2db206507397613d5da866407553cab

Download Submit
\Windows\system\mXybjem.exe

Filesize
6.0MB

MD5
29906213f9cc54230e8de4c16f552972

SHA1
002d935ae430d1fe781835cf3cabbf84b01af8d4

SHA256
858cbeb49a5a66015bd1f17fe86d19100ba410e8c7da8114a60f4928799fc5af

SHA512
a066c1e069108297f56912b019f45bcafafa170eaffec6ed2014424e543f260c050f5388aa915893ea78e873bfb8ab58e7e3d453940cb3ff593760cdf80013ca

Download Submit
\Windows\system\vjYhYjv.exe

Filesize
6.0MB

MD5
e979220f378315235033446c63faa744

SHA1
b701c62ad47b46a7c4fc495d76f62770040d403d

SHA256
c94b1e159af6e98cf9d8549e5f41770a691db5f36825c256e802ce82eb3b113b

SHA512
f848ffbed54cfb443ee1ae5a3750f96f90573785eb415207de6df0871b91cf45861c924a6a43abdc67ec775a16c55c4a7d5e03009ec81f1f6739896a1130c0a3

Download Submit
\Windows\system\xgCyjPd.exe

Filesize
6.0MB

MD5
388cd9fa7414c383e6561cfb9fd0c7bb

SHA1
07b8ea973f24ac9fb8e22c8c6d9fb5e244e3de83

SHA256
9f4c1a53c7102797fd99c631b6379464eee17a920d733096266b856414a46c20

SHA512
78e364c20a24c511be2b8e3fe6705f452928c2c893c35b06d737510e4994fdaf20f5d9fa4eddeb42ba1f7a0ce59f85892d4742d8234b769a49f5e8f1b5d0c4ce

Download Submit
memory/1664-61-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1664-13-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-66-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-943-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2076-82-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-15-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2076-120-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2076-139-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-55-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2076-54-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2076-285-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-599-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2076-33-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2076-138-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2076-947-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2076-1128-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2076-7-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-0-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2076-37-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2076-75-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2076-131-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2076-80-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2144-4013-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2144-24-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2144-78-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2192-41-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-4014-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-59-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2428-4019-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2572-726-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2572-85-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2572-4022-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2588-4021-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-62-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-284-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-72-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-4018-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-4020-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-83-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-4012-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-16-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-40-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2688-4015-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2720-4017-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2720-53-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2720-111-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2816-4016-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2816-45-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download