cobaltstrike | d4cc30d10e1b1f57088839e1b3b47b0f14ea952e524a2c964436a69b5f3ac64c

Analysis

max time kernel
123s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-11-2024 21:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a0ac7dce707d612d819a055407798e01
SHA1

6cd35bcdfb4409345c83129e3ad3c272f4816ae7
SHA256

d4cc30d10e1b1f57088839e1b3b47b0f14ea952e524a2c964436a69b5f3ac64c
SHA512

2fffcb701f010aafb67ce954f22ae1ff1b3755b7374949da30aa653938b70f6599ff8584c28f99bfff2211c920e65d25b2c608d4900b88fbc0121bef7c910ce4
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUb:T+q56utgpPF8u/7b

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012116-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017403-8.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001748f-27.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001752f-33.dat	cobalt_reflective_dll
behavioral1/files/0x001600000001866d-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018690-53.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019401-108.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d8-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e4-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-191.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019620-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019639-185.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001967d-195.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019539-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947e-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942f-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019403-114.dat	cobalt_reflective_dll
behavioral1/files/0x002d0000000173aa-82.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193c4-69.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d9-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-78.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001879b-62.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000018678-48.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017409-10.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2016-0-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/files/0x0007000000012116-6.dat	xmrig
behavioral1/files/0x0008000000017403-8.dat	xmrig
behavioral1/memory/2772-16-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2700-15-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2780-23-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/files/0x000800000001748f-27.dat	xmrig
behavioral1/files/0x000700000001752f-33.dat	xmrig
behavioral1/memory/2576-36-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/files/0x001600000001866d-39.dat	xmrig
behavioral1/files/0x0007000000018690-53.dat	xmrig
behavioral1/memory/3060-58-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/3064-66-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2920-72-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/files/0x0005000000019401-108.dat	xmrig
behavioral1/files/0x00050000000193df-101.dat	xmrig
behavioral1/files/0x0005000000019441-124.dat	xmrig
behavioral1/files/0x00050000000194d8-134.dat	xmrig
behavioral1/files/0x00050000000195e4-144.dat	xmrig
behavioral1/files/0x000500000001961d-155.dat	xmrig
behavioral1/files/0x0005000000019625-179.dat	xmrig
behavioral1/memory/2920-345-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/756-952-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/files/0x0005000000019623-191.dat	xmrig
behavioral1/files/0x0005000000019620-189.dat	xmrig
behavioral1/files/0x0005000000019639-185.dat	xmrig
behavioral1/files/0x0005000000019627-176.dat	xmrig
behavioral1/files/0x000500000001967d-195.dat	xmrig
behavioral1/files/0x0005000000019629-184.dat	xmrig
behavioral1/files/0x0005000000019621-168.dat	xmrig
behavioral1/files/0x000500000001961f-159.dat	xmrig
behavioral1/files/0x000500000001961b-149.dat	xmrig
behavioral1/files/0x0005000000019539-139.dat	xmrig
behavioral1/files/0x000500000001947e-129.dat	xmrig
behavioral1/files/0x000500000001942f-119.dat	xmrig
behavioral1/files/0x0005000000019403-114.dat	xmrig
behavioral1/memory/2068-85-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x002d0000000173aa-82.dat	xmrig
behavioral1/memory/1404-107-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/756-97-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/1232-93-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2568-92-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2576-70-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/files/0x00060000000193c4-69.dat	xmrig
behavioral1/files/0x00050000000193d9-90.dat	xmrig
behavioral1/memory/2720-80-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193cc-78.dat	xmrig
behavioral1/memory/2668-64-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x000700000001879b-62.dat	xmrig
behavioral1/memory/2016-42-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2720-41-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2568-50-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/files/0x000a000000018678-48.dat	xmrig
behavioral1/memory/2668-29-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x0008000000017409-10.dat	xmrig
behavioral1/memory/2016-11-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/memory/1404-3555-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2772-3554-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2720-3584-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2568-3585-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2576-3587-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/1232-3586-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2700-3598-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/3064-3596-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2700	zezbWiL.exe
2772	HUiaIOe.exe
2780	pmvgeYI.exe
2668	xfVEyEJ.exe
2576	YTrOUXX.exe
2720	ZFkPmGN.exe
2568	UWQMdTG.exe
3060	sDAPHRY.exe
3064	GlAzqCu.exe
2920	YTifnMh.exe
2068	QwqhOQw.exe
1232	HAfTCIE.exe
756	xUUJTrb.exe
1404	iCCtJtA.exe
1940	SDrWZGH.exe
2856	baMCoKY.exe
1876	reUWcDD.exe
540	ZrJbANv.exe
1228	eNlSndw.exe
2992	ruqOmYL.exe
1448	njNzsPa.exe
2996	gZlsYcd.exe
980	dTebNLW.exe
2168	NUUPIhF.exe
2208	AFWUVOm.exe
1980	evUUcNE.exe
1176	yAYRqRm.exe
3036	oIEODwI.exe
1948	jMEJbak.exe
2648	lwYKhUs.exe
2096	TKjedJH.exe
1292	WsLzRbO.exe
1532	uwkfeli.exe
1612	kPeBsLT.exe
956	gYGfQCr.exe
2260	JeebdwI.exe
1844	RstqlZy.exe
1596	KSRdxwk.exe
692	ybMjvSp.exe
2056	rqySjyb.exe
2464	WNoJJVH.exe
1464	cIkMOHX.exe
1936	lPjKZAh.exe
2216	WBMfSGT.exe
2104	DqTtrYM.exe
2492	jHVFxxQ.exe
3028	SSSwEuY.exe
2108	OqOKjbw.exe
1428	clQgqxO.exe
1924	ypVYLQp.exe
2416	aNNkJwr.exe
2760	OUWNmdv.exe
1520	lhprSZM.exe
2112	qVqqNIb.exe
2676	bXtcvig.exe
2604	nHefjbt.exe
2932	NKQQQHS.exe
1624	JbSBukX.exe
2660	eXacUmo.exe
2540	AvjNTFS.exe
1600	tOTxQJc.exe
320	DtTDjFi.exe
1444	NuHMSzg.exe
1912	sYhfmiJ.exe

Loads dropped DLL 64 IoCs

pid	Process
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2016-0-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/files/0x0007000000012116-6.dat	upx
behavioral1/files/0x0008000000017403-8.dat	upx
behavioral1/memory/2772-16-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2700-15-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2780-23-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/files/0x000800000001748f-27.dat	upx
behavioral1/files/0x000700000001752f-33.dat	upx
behavioral1/memory/2576-36-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/files/0x001600000001866d-39.dat	upx
behavioral1/files/0x0007000000018690-53.dat	upx
behavioral1/memory/3060-58-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/3064-66-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2920-72-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/files/0x0005000000019401-108.dat	upx
behavioral1/files/0x00050000000193df-101.dat	upx
behavioral1/files/0x0005000000019441-124.dat	upx
behavioral1/files/0x00050000000194d8-134.dat	upx
behavioral1/files/0x00050000000195e4-144.dat	upx
behavioral1/files/0x000500000001961d-155.dat	upx
behavioral1/files/0x0005000000019625-179.dat	upx
behavioral1/memory/2920-345-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/756-952-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/files/0x0005000000019623-191.dat	upx
behavioral1/files/0x0005000000019620-189.dat	upx
behavioral1/files/0x0005000000019639-185.dat	upx
behavioral1/files/0x0005000000019627-176.dat	upx
behavioral1/files/0x000500000001967d-195.dat	upx
behavioral1/files/0x0005000000019629-184.dat	upx
behavioral1/files/0x0005000000019621-168.dat	upx
behavioral1/files/0x000500000001961f-159.dat	upx
behavioral1/files/0x000500000001961b-149.dat	upx
behavioral1/files/0x0005000000019539-139.dat	upx
behavioral1/files/0x000500000001947e-129.dat	upx
behavioral1/files/0x000500000001942f-119.dat	upx
behavioral1/files/0x0005000000019403-114.dat	upx
behavioral1/memory/2068-85-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x002d0000000173aa-82.dat	upx
behavioral1/memory/1404-107-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/756-97-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/1232-93-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2568-92-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2576-70-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/files/0x00060000000193c4-69.dat	upx
behavioral1/files/0x00050000000193d9-90.dat	upx
behavioral1/memory/2720-80-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/files/0x00050000000193cc-78.dat	upx
behavioral1/memory/2668-64-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x000700000001879b-62.dat	upx
behavioral1/memory/2016-42-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2720-41-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2568-50-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/files/0x000a000000018678-48.dat	upx
behavioral1/memory/2668-29-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x0008000000017409-10.dat	upx
behavioral1/memory/1404-3555-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2772-3554-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2720-3584-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2568-3585-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2576-3587-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/1232-3586-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2700-3598-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/3064-3596-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2780-3593-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\iSJgUuA.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YuMnFpW.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DBFpSFQ.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eXacUmo.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fTcGguy.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jzVFwOX.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kgLBMDG.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lZbwNdk.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lnNUuQn.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PhLWwOJ.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KbmQxWI.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GlAzqCu.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lGPntYd.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\selMUyN.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nCjhniH.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SflHJNZ.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZgajvuT.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XPTBXFL.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nrkIhdz.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MMfiufG.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eOuujbW.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nhIYTNg.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mNBzNzp.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zBeIbmG.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mJxOdom.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KObojYR.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OrszLoG.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vbUkMLm.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZAPcqUE.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SMtHEXF.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mWSEzBs.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wGVrYWZ.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dhPdzPS.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CqAcOxn.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sEwsivZ.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lueOgrz.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xLNdSeb.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LtmUCkB.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ijffktW.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sYCwFPJ.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zgzpabz.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZstrVnX.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HAfTCIE.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qsnOPgQ.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OnWhlkc.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Egiujvc.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qzagqWZ.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sotrdAF.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SeISBPW.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EBCwYQt.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BVfhujK.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KZbsXpq.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bhusksU.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MtrbucD.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WdvREQl.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DwMHICb.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jntRNqH.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WMLqNur.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WgZhlqs.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KqLXgdb.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hPvByam.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PIRPXoz.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gGFDbmm.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bGqtAQN.exe	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 2700	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2016 wrote to memory of 2700	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2016 wrote to memory of 2700	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2016 wrote to memory of 2772	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2016 wrote to memory of 2772	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2016 wrote to memory of 2772	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2016 wrote to memory of 2780	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2016 wrote to memory of 2780	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2016 wrote to memory of 2780	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2016 wrote to memory of 2668	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2016 wrote to memory of 2668	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2016 wrote to memory of 2668	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2016 wrote to memory of 2576	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2016 wrote to memory of 2576	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2016 wrote to memory of 2576	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2016 wrote to memory of 2720	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2016 wrote to memory of 2720	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2016 wrote to memory of 2720	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2016 wrote to memory of 2568	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2016 wrote to memory of 2568	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2016 wrote to memory of 2568	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2016 wrote to memory of 3060	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2016 wrote to memory of 3060	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2016 wrote to memory of 3060	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2016 wrote to memory of 3064	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2016 wrote to memory of 3064	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2016 wrote to memory of 3064	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2016 wrote to memory of 2920	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2016 wrote to memory of 2920	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2016 wrote to memory of 2920	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2016 wrote to memory of 2068	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2016 wrote to memory of 2068	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2016 wrote to memory of 2068	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2016 wrote to memory of 756	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2016 wrote to memory of 756	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2016 wrote to memory of 756	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2016 wrote to memory of 1232	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2016 wrote to memory of 1232	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2016 wrote to memory of 1232	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2016 wrote to memory of 1404	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2016 wrote to memory of 1404	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2016 wrote to memory of 1404	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2016 wrote to memory of 1940	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2016 wrote to memory of 1940	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2016 wrote to memory of 1940	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2016 wrote to memory of 2856	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2016 wrote to memory of 2856	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2016 wrote to memory of 2856	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2016 wrote to memory of 1876	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2016 wrote to memory of 1876	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2016 wrote to memory of 1876	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2016 wrote to memory of 540	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2016 wrote to memory of 540	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2016 wrote to memory of 540	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2016 wrote to memory of 1228	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2016 wrote to memory of 1228	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2016 wrote to memory of 1228	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2016 wrote to memory of 2992	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2016 wrote to memory of 2992	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2016 wrote to memory of 2992	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2016 wrote to memory of 1448	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2016 wrote to memory of 1448	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2016 wrote to memory of 1448	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2016 wrote to memory of 2996	2016	2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-11_a0ac7dce707d612d819a055407798e01_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\System\zezbWiL.exe
  C:\Windows\System\zezbWiL.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\HUiaIOe.exe
  C:\Windows\System\HUiaIOe.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\pmvgeYI.exe
  C:\Windows\System\pmvgeYI.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\xfVEyEJ.exe
  C:\Windows\System\xfVEyEJ.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\YTrOUXX.exe
  C:\Windows\System\YTrOUXX.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\ZFkPmGN.exe
  C:\Windows\System\ZFkPmGN.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\UWQMdTG.exe
  C:\Windows\System\UWQMdTG.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\sDAPHRY.exe
  C:\Windows\System\sDAPHRY.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\GlAzqCu.exe
  C:\Windows\System\GlAzqCu.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\YTifnMh.exe
  C:\Windows\System\YTifnMh.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\QwqhOQw.exe
  C:\Windows\System\QwqhOQw.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\xUUJTrb.exe
  C:\Windows\System\xUUJTrb.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\HAfTCIE.exe
  C:\Windows\System\HAfTCIE.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\iCCtJtA.exe
  C:\Windows\System\iCCtJtA.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\SDrWZGH.exe
  C:\Windows\System\SDrWZGH.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\baMCoKY.exe
  C:\Windows\System\baMCoKY.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\reUWcDD.exe
  C:\Windows\System\reUWcDD.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\ZrJbANv.exe
  C:\Windows\System\ZrJbANv.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\eNlSndw.exe
  C:\Windows\System\eNlSndw.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\ruqOmYL.exe
  C:\Windows\System\ruqOmYL.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\njNzsPa.exe
  C:\Windows\System\njNzsPa.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\gZlsYcd.exe
  C:\Windows\System\gZlsYcd.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\dTebNLW.exe
  C:\Windows\System\dTebNLW.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\NUUPIhF.exe
  C:\Windows\System\NUUPIhF.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\AFWUVOm.exe
  C:\Windows\System\AFWUVOm.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\jMEJbak.exe
  C:\Windows\System\jMEJbak.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\evUUcNE.exe
  C:\Windows\System\evUUcNE.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\lwYKhUs.exe
  C:\Windows\System\lwYKhUs.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\yAYRqRm.exe
  C:\Windows\System\yAYRqRm.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\gYGfQCr.exe
  C:\Windows\System\gYGfQCr.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\oIEODwI.exe
  C:\Windows\System\oIEODwI.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\ybMjvSp.exe
  C:\Windows\System\ybMjvSp.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\TKjedJH.exe
  C:\Windows\System\TKjedJH.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\WNoJJVH.exe
  C:\Windows\System\WNoJJVH.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\WsLzRbO.exe
  C:\Windows\System\WsLzRbO.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\cIkMOHX.exe
  C:\Windows\System\cIkMOHX.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\uwkfeli.exe
  C:\Windows\System\uwkfeli.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\WBMfSGT.exe
  C:\Windows\System\WBMfSGT.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\kPeBsLT.exe
  C:\Windows\System\kPeBsLT.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\DqTtrYM.exe
  C:\Windows\System\DqTtrYM.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\JeebdwI.exe
  C:\Windows\System\JeebdwI.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\jHVFxxQ.exe
  C:\Windows\System\jHVFxxQ.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\RstqlZy.exe
  C:\Windows\System\RstqlZy.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\SSSwEuY.exe
  C:\Windows\System\SSSwEuY.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\KSRdxwk.exe
  C:\Windows\System\KSRdxwk.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\OqOKjbw.exe
  C:\Windows\System\OqOKjbw.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\rqySjyb.exe
  C:\Windows\System\rqySjyb.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\clQgqxO.exe
  C:\Windows\System\clQgqxO.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\lPjKZAh.exe
  C:\Windows\System\lPjKZAh.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\ypVYLQp.exe
  C:\Windows\System\ypVYLQp.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\aNNkJwr.exe
  C:\Windows\System\aNNkJwr.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\lhprSZM.exe
  C:\Windows\System\lhprSZM.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\OUWNmdv.exe
  C:\Windows\System\OUWNmdv.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\bXtcvig.exe
  C:\Windows\System\bXtcvig.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\qVqqNIb.exe
  C:\Windows\System\qVqqNIb.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\nHefjbt.exe
  C:\Windows\System\nHefjbt.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\NKQQQHS.exe
  C:\Windows\System\NKQQQHS.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\eXacUmo.exe
  C:\Windows\System\eXacUmo.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\JbSBukX.exe
  C:\Windows\System\JbSBukX.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\tOTxQJc.exe
  C:\Windows\System\tOTxQJc.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\AvjNTFS.exe
  C:\Windows\System\AvjNTFS.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\thItspP.exe
  C:\Windows\System\thItspP.exe
  2⤵
  PID:1704
- C:\Windows\System\DtTDjFi.exe
  C:\Windows\System\DtTDjFi.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\LuQShQl.exe
  C:\Windows\System\LuQShQl.exe
  2⤵
  PID:1220
- C:\Windows\System\NuHMSzg.exe
  C:\Windows\System\NuHMSzg.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\DBLUUla.exe
  C:\Windows\System\DBLUUla.exe
  2⤵
  PID:2188
- C:\Windows\System\sYhfmiJ.exe
  C:\Windows\System\sYhfmiJ.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\vhyhElD.exe
  C:\Windows\System\vhyhElD.exe
  2⤵
  PID:1016
- C:\Windows\System\mimEVUy.exe
  C:\Windows\System\mimEVUy.exe
  2⤵
  PID:2500
- C:\Windows\System\QccFcpx.exe
  C:\Windows\System\QccFcpx.exe
  2⤵
  PID:2160
- C:\Windows\System\xvAjYsY.exe
  C:\Windows\System\xvAjYsY.exe
  2⤵
  PID:284
- C:\Windows\System\RNWisdw.exe
  C:\Windows\System\RNWisdw.exe
  2⤵
  PID:2120
- C:\Windows\System\CTtXjyb.exe
  C:\Windows\System\CTtXjyb.exe
  2⤵
  PID:2328
- C:\Windows\System\FaStGsG.exe
  C:\Windows\System\FaStGsG.exe
  2⤵
  PID:2968
- C:\Windows\System\CaNvdil.exe
  C:\Windows\System\CaNvdil.exe
  2⤵
  PID:1208
- C:\Windows\System\znkghhd.exe
  C:\Windows\System\znkghhd.exe
  2⤵
  PID:2524
- C:\Windows\System\UuDvuVy.exe
  C:\Windows\System\UuDvuVy.exe
  2⤵
  PID:2636
- C:\Windows\System\xevyFAG.exe
  C:\Windows\System\xevyFAG.exe
  2⤵
  PID:1548
- C:\Windows\System\jjTDpLO.exe
  C:\Windows\System\jjTDpLO.exe
  2⤵
  PID:1952
- C:\Windows\System\LPqnrBq.exe
  C:\Windows\System\LPqnrBq.exe
  2⤵
  PID:1372
- C:\Windows\System\LatyWBD.exe
  C:\Windows\System\LatyWBD.exe
  2⤵
  PID:2788
- C:\Windows\System\zHkfDel.exe
  C:\Windows\System\zHkfDel.exe
  2⤵
  PID:2756
- C:\Windows\System\NAcUEvS.exe
  C:\Windows\System\NAcUEvS.exe
  2⤵
  PID:1904
- C:\Windows\System\JSOZdWZ.exe
  C:\Windows\System\JSOZdWZ.exe
  2⤵
  PID:2508
- C:\Windows\System\nEqxIlf.exe
  C:\Windows\System\nEqxIlf.exe
  2⤵
  PID:1748
- C:\Windows\System\BVfhujK.exe
  C:\Windows\System\BVfhujK.exe
  2⤵
  PID:1784
- C:\Windows\System\tJIPQJr.exe
  C:\Windows\System\tJIPQJr.exe
  2⤵
  PID:2656
- C:\Windows\System\CdBLdDH.exe
  C:\Windows\System\CdBLdDH.exe
  2⤵
  PID:1960
- C:\Windows\System\vVWJzlW.exe
  C:\Windows\System\vVWJzlW.exe
  2⤵
  PID:2616
- C:\Windows\System\JngmCdR.exe
  C:\Windows\System\JngmCdR.exe
  2⤵
  PID:3048
- C:\Windows\System\cKHIUKx.exe
  C:\Windows\System\cKHIUKx.exe
  2⤵
  PID:1900
- C:\Windows\System\GtjOrqm.exe
  C:\Windows\System\GtjOrqm.exe
  2⤵
  PID:1964
- C:\Windows\System\yayThjG.exe
  C:\Windows\System\yayThjG.exe
  2⤵
  PID:2728
- C:\Windows\System\vahjseA.exe
  C:\Windows\System\vahjseA.exe
  2⤵
  PID:352
- C:\Windows\System\vSaSCoW.exe
  C:\Windows\System\vSaSCoW.exe
  2⤵
  PID:1656
- C:\Windows\System\ciENEqI.exe
  C:\Windows\System\ciENEqI.exe
  2⤵
  PID:2808
- C:\Windows\System\bxMzFIn.exe
  C:\Windows\System\bxMzFIn.exe
  2⤵
  PID:3076
- C:\Windows\System\xsfQuuS.exe
  C:\Windows\System\xsfQuuS.exe
  2⤵
  PID:3096
- C:\Windows\System\gWzHFyu.exe
  C:\Windows\System\gWzHFyu.exe
  2⤵
  PID:3112
- C:\Windows\System\AROJQhb.exe
  C:\Windows\System\AROJQhb.exe
  2⤵
  PID:3132
- C:\Windows\System\idwECCu.exe
  C:\Windows\System\idwECCu.exe
  2⤵
  PID:3148
- C:\Windows\System\EQqZhqk.exe
  C:\Windows\System\EQqZhqk.exe
  2⤵
  PID:3164
- C:\Windows\System\qdibxjt.exe
  C:\Windows\System\qdibxjt.exe
  2⤵
  PID:3184
- C:\Windows\System\oFVlBiL.exe
  C:\Windows\System\oFVlBiL.exe
  2⤵
  PID:3204
- C:\Windows\System\xRuWJyt.exe
  C:\Windows\System\xRuWJyt.exe
  2⤵
  PID:3220
- C:\Windows\System\yxCyytv.exe
  C:\Windows\System\yxCyytv.exe
  2⤵
  PID:3236
- C:\Windows\System\sRBEjHY.exe
  C:\Windows\System\sRBEjHY.exe
  2⤵
  PID:3256
- C:\Windows\System\gbpmTuv.exe
  C:\Windows\System\gbpmTuv.exe
  2⤵
  PID:3276
- C:\Windows\System\jsTHiml.exe
  C:\Windows\System\jsTHiml.exe
  2⤵
  PID:3292
- C:\Windows\System\nTGUlxO.exe
  C:\Windows\System\nTGUlxO.exe
  2⤵
  PID:3312
- C:\Windows\System\rPvXeks.exe
  C:\Windows\System\rPvXeks.exe
  2⤵
  PID:3328
- C:\Windows\System\lpHAAbI.exe
  C:\Windows\System\lpHAAbI.exe
  2⤵
  PID:3400
- C:\Windows\System\wnOKXiT.exe
  C:\Windows\System\wnOKXiT.exe
  2⤵
  PID:3416
- C:\Windows\System\AWyYjPy.exe
  C:\Windows\System\AWyYjPy.exe
  2⤵
  PID:3436
- C:\Windows\System\FYairvg.exe
  C:\Windows\System\FYairvg.exe
  2⤵
  PID:3452
- C:\Windows\System\GpCeJYQ.exe
  C:\Windows\System\GpCeJYQ.exe
  2⤵
  PID:3468
- C:\Windows\System\HHLeEix.exe
  C:\Windows\System\HHLeEix.exe
  2⤵
  PID:3488
- C:\Windows\System\TCESBtc.exe
  C:\Windows\System\TCESBtc.exe
  2⤵
  PID:3504
- C:\Windows\System\jdQXzpc.exe
  C:\Windows\System\jdQXzpc.exe
  2⤵
  PID:3528
- C:\Windows\System\TpNstPH.exe
  C:\Windows\System\TpNstPH.exe
  2⤵
  PID:3544
- C:\Windows\System\RjQCbZu.exe
  C:\Windows\System\RjQCbZu.exe
  2⤵
  PID:3560
- C:\Windows\System\lQKUZcn.exe
  C:\Windows\System\lQKUZcn.exe
  2⤵
  PID:3580
- C:\Windows\System\pANBlJB.exe
  C:\Windows\System\pANBlJB.exe
  2⤵
  PID:3600
- C:\Windows\System\iMdHgmy.exe
  C:\Windows\System\iMdHgmy.exe
  2⤵
  PID:3620
- C:\Windows\System\vlTwPoq.exe
  C:\Windows\System\vlTwPoq.exe
  2⤵
  PID:3656
- C:\Windows\System\pdrLdUh.exe
  C:\Windows\System\pdrLdUh.exe
  2⤵
  PID:3680
- C:\Windows\System\xHyTOym.exe
  C:\Windows\System\xHyTOym.exe
  2⤵
  PID:3704
- C:\Windows\System\iczHRXR.exe
  C:\Windows\System\iczHRXR.exe
  2⤵
  PID:3724
- C:\Windows\System\kZqhNey.exe
  C:\Windows\System\kZqhNey.exe
  2⤵
  PID:3740
- C:\Windows\System\yoAUygA.exe
  C:\Windows\System\yoAUygA.exe
  2⤵
  PID:3760
- C:\Windows\System\WiPzbTt.exe
  C:\Windows\System\WiPzbTt.exe
  2⤵
  PID:3780
- C:\Windows\System\fJSbmXZ.exe
  C:\Windows\System\fJSbmXZ.exe
  2⤵
  PID:3800
- C:\Windows\System\ndmMkIT.exe
  C:\Windows\System\ndmMkIT.exe
  2⤵
  PID:3824
- C:\Windows\System\ojjwnqp.exe
  C:\Windows\System\ojjwnqp.exe
  2⤵
  PID:3848
- C:\Windows\System\MLTPzDy.exe
  C:\Windows\System\MLTPzDy.exe
  2⤵
  PID:3868
- C:\Windows\System\fhqjPFO.exe
  C:\Windows\System\fhqjPFO.exe
  2⤵
  PID:3884
- C:\Windows\System\nshvBql.exe
  C:\Windows\System\nshvBql.exe
  2⤵
  PID:3904
- C:\Windows\System\mXvdmLP.exe
  C:\Windows\System\mXvdmLP.exe
  2⤵
  PID:3924
- C:\Windows\System\olRMefk.exe
  C:\Windows\System\olRMefk.exe
  2⤵
  PID:3944
- C:\Windows\System\yFCUCZl.exe
  C:\Windows\System\yFCUCZl.exe
  2⤵
  PID:3960
- C:\Windows\System\QJoSsYW.exe
  C:\Windows\System\QJoSsYW.exe
  2⤵
  PID:3976
- C:\Windows\System\HlzeIRF.exe
  C:\Windows\System\HlzeIRF.exe
  2⤵
  PID:4008
- C:\Windows\System\CLxUspe.exe
  C:\Windows\System\CLxUspe.exe
  2⤵
  PID:4024
- C:\Windows\System\WCdSAXi.exe
  C:\Windows\System\WCdSAXi.exe
  2⤵
  PID:4056
- C:\Windows\System\laxaoTe.exe
  C:\Windows\System\laxaoTe.exe
  2⤵
  PID:4076
- C:\Windows\System\dJfkQKW.exe
  C:\Windows\System\dJfkQKW.exe
  2⤵
  PID:3016
- C:\Windows\System\wMTUyDq.exe
  C:\Windows\System\wMTUyDq.exe
  2⤵
  PID:3012
- C:\Windows\System\tWFHcSL.exe
  C:\Windows\System\tWFHcSL.exe
  2⤵
  PID:856
- C:\Windows\System\HpPVhGi.exe
  C:\Windows\System\HpPVhGi.exe
  2⤵
  PID:2140
- C:\Windows\System\UEkynzF.exe
  C:\Windows\System\UEkynzF.exe
  2⤵
  PID:1472
- C:\Windows\System\oXurQoA.exe
  C:\Windows\System\oXurQoA.exe
  2⤵
  PID:1688
- C:\Windows\System\qsnOPgQ.exe
  C:\Windows\System\qsnOPgQ.exe
  2⤵
  PID:1968
- C:\Windows\System\zgtlsyT.exe
  C:\Windows\System\zgtlsyT.exe
  2⤵
  PID:2832
- C:\Windows\System\GvcZmbd.exe
  C:\Windows\System\GvcZmbd.exe
  2⤵
  PID:676
- C:\Windows\System\ZdmfJhA.exe
  C:\Windows\System\ZdmfJhA.exe
  2⤵
  PID:3128
- C:\Windows\System\RhsioKN.exe
  C:\Windows\System\RhsioKN.exe
  2⤵
  PID:3196
- C:\Windows\System\dgcIOkR.exe
  C:\Windows\System\dgcIOkR.exe
  2⤵
  PID:3264
- C:\Windows\System\YrMszHm.exe
  C:\Windows\System\YrMszHm.exe
  2⤵
  PID:1044
- C:\Windows\System\YjeCEiI.exe
  C:\Windows\System\YjeCEiI.exe
  2⤵
  PID:2692
- C:\Windows\System\NLYQHsa.exe
  C:\Windows\System\NLYQHsa.exe
  2⤵
  PID:3344
- C:\Windows\System\iwwscPX.exe
  C:\Windows\System\iwwscPX.exe
  2⤵
  PID:3360
- C:\Windows\System\Mnmxkmw.exe
  C:\Windows\System\Mnmxkmw.exe
  2⤵
  PID:3380
- C:\Windows\System\xBQETQx.exe
  C:\Windows\System\xBQETQx.exe
  2⤵
  PID:1848
- C:\Windows\System\jlqmtAo.exe
  C:\Windows\System\jlqmtAo.exe
  2⤵
  PID:3104
- C:\Windows\System\iTVTzql.exe
  C:\Windows\System\iTVTzql.exe
  2⤵
  PID:3172
- C:\Windows\System\XVekDvv.exe
  C:\Windows\System\XVekDvv.exe
  2⤵
  PID:3216
- C:\Windows\System\WzUoeEz.exe
  C:\Windows\System\WzUoeEz.exe
  2⤵
  PID:3284
- C:\Windows\System\BViTZzh.exe
  C:\Windows\System\BViTZzh.exe
  2⤵
  PID:2732
- C:\Windows\System\DvCEglL.exe
  C:\Windows\System\DvCEglL.exe
  2⤵
  PID:752
- C:\Windows\System\tYrWVkZ.exe
  C:\Windows\System\tYrWVkZ.exe
  2⤵
  PID:3324
- C:\Windows\System\IftLnLd.exe
  C:\Windows\System\IftLnLd.exe
  2⤵
  PID:3424
- C:\Windows\System\knHEKUT.exe
  C:\Windows\System\knHEKUT.exe
  2⤵
  PID:3464
- C:\Windows\System\fcmrMrM.exe
  C:\Windows\System\fcmrMrM.exe
  2⤵
  PID:3412
- C:\Windows\System\NslXvAm.exe
  C:\Windows\System\NslXvAm.exe
  2⤵
  PID:3572
- C:\Windows\System\wuDQGGL.exe
  C:\Windows\System\wuDQGGL.exe
  2⤵
  PID:3516
- C:\Windows\System\qGGSzkq.exe
  C:\Windows\System\qGGSzkq.exe
  2⤵
  PID:3556
- C:\Windows\System\lGPntYd.exe
  C:\Windows\System\lGPntYd.exe
  2⤵
  PID:3448
- C:\Windows\System\ytzXVIe.exe
  C:\Windows\System\ytzXVIe.exe
  2⤵
  PID:3616
- C:\Windows\System\jAzbSeg.exe
  C:\Windows\System\jAzbSeg.exe
  2⤵
  PID:3640
- C:\Windows\System\dkPUbcR.exe
  C:\Windows\System\dkPUbcR.exe
  2⤵
  PID:3652
- C:\Windows\System\ZTJygPm.exe
  C:\Windows\System\ZTJygPm.exe
  2⤵
  PID:3692
- C:\Windows\System\ZwijadE.exe
  C:\Windows\System\ZwijadE.exe
  2⤵
  PID:3720
- C:\Windows\System\eNplHKO.exe
  C:\Windows\System\eNplHKO.exe
  2⤵
  PID:3756
- C:\Windows\System\vRxcTuT.exe
  C:\Windows\System\vRxcTuT.exe
  2⤵
  PID:3792
- C:\Windows\System\avWdqsT.exe
  C:\Windows\System\avWdqsT.exe
  2⤵
  PID:3776
- C:\Windows\System\YAKSdak.exe
  C:\Windows\System\YAKSdak.exe
  2⤵
  PID:3820
- C:\Windows\System\JqdrRgN.exe
  C:\Windows\System\JqdrRgN.exe
  2⤵
  PID:3876
- C:\Windows\System\xqRVPQd.exe
  C:\Windows\System\xqRVPQd.exe
  2⤵
  PID:3860
- C:\Windows\System\bAAuFnY.exe
  C:\Windows\System\bAAuFnY.exe
  2⤵
  PID:3956
- C:\Windows\System\jAwKiME.exe
  C:\Windows\System\jAwKiME.exe
  2⤵
  PID:3996
- C:\Windows\System\RHnLEIG.exe
  C:\Windows\System\RHnLEIG.exe
  2⤵
  PID:3900
- C:\Windows\System\FLIlvFw.exe
  C:\Windows\System\FLIlvFw.exe
  2⤵
  PID:3940
- C:\Windows\System\hWDSAKY.exe
  C:\Windows\System\hWDSAKY.exe
  2⤵
  PID:4044
- C:\Windows\System\YcGSJZx.exe
  C:\Windows\System\YcGSJZx.exe
  2⤵
  PID:4088
- C:\Windows\System\zmLSeTD.exe
  C:\Windows\System\zmLSeTD.exe
  2⤵
  PID:2428
- C:\Windows\System\sBkkLng.exe
  C:\Windows\System\sBkkLng.exe
  2⤵
  PID:3092
- C:\Windows\System\FajaIUY.exe
  C:\Windows\System\FajaIUY.exe
  2⤵
  PID:2348
- C:\Windows\System\fIJaZji.exe
  C:\Windows\System\fIJaZji.exe
  2⤵
  PID:3336
- C:\Windows\System\kuZHeTA.exe
  C:\Windows\System\kuZHeTA.exe
  2⤵
  PID:3376
- C:\Windows\System\wRmWXwr.exe
  C:\Windows\System\wRmWXwr.exe
  2⤵
  PID:3212
- C:\Windows\System\iEEEWPn.exe
  C:\Windows\System\iEEEWPn.exe
  2⤵
  PID:2560
- C:\Windows\System\HoZsYOp.exe
  C:\Windows\System\HoZsYOp.exe
  2⤵
  PID:3460
- C:\Windows\System\NeSmdvq.exe
  C:\Windows\System\NeSmdvq.exe
  2⤵
  PID:3612
- C:\Windows\System\zXQZfxZ.exe
  C:\Windows\System\zXQZfxZ.exe
  2⤵
  PID:3648
- C:\Windows\System\gypzrjh.exe
  C:\Windows\System\gypzrjh.exe
  2⤵
  PID:2716
- C:\Windows\System\SMtHEXF.exe
  C:\Windows\System\SMtHEXF.exe
  2⤵
  PID:3796
- C:\Windows\System\SPDFjQO.exe
  C:\Windows\System\SPDFjQO.exe
  2⤵
  PID:4064
- C:\Windows\System\hthDmwY.exe
  C:\Windows\System\hthDmwY.exe
  2⤵
  PID:2724
- C:\Windows\System\EsoPGij.exe
  C:\Windows\System\EsoPGij.exe
  2⤵
  PID:3932
- C:\Windows\System\KZbsXpq.exe
  C:\Windows\System\KZbsXpq.exe
  2⤵
  PID:1920
- C:\Windows\System\TtGKvTB.exe
  C:\Windows\System\TtGKvTB.exe
  2⤵
  PID:4084
- C:\Windows\System\zsfhSTq.exe
  C:\Windows\System\zsfhSTq.exe
  2⤵
  PID:2000
- C:\Windows\System\OMJkLKM.exe
  C:\Windows\System\OMJkLKM.exe
  2⤵
  PID:2504
- C:\Windows\System\NKXMEMs.exe
  C:\Windows\System\NKXMEMs.exe
  2⤵
  PID:3772
- C:\Windows\System\QPGnyAu.exe
  C:\Windows\System\QPGnyAu.exe
  2⤵
  PID:3952
- C:\Windows\System\WgJmupo.exe
  C:\Windows\System\WgJmupo.exe
  2⤵
  PID:4036
- C:\Windows\System\ZdOlJsY.exe
  C:\Windows\System\ZdOlJsY.exe
  2⤵
  PID:3192
- C:\Windows\System\etBeQMQ.exe
  C:\Windows\System\etBeQMQ.exe
  2⤵
  PID:3668
- C:\Windows\System\bGqtAQN.exe
  C:\Windows\System\bGqtAQN.exe
  2⤵
  PID:3596
- C:\Windows\System\tkQbdGw.exe
  C:\Windows\System\tkQbdGw.exe
  2⤵
  PID:3408
- C:\Windows\System\kcouJhb.exe
  C:\Windows\System\kcouJhb.exe
  2⤵
  PID:560
- C:\Windows\System\eHwBWRB.exe
  C:\Windows\System\eHwBWRB.exe
  2⤵
  PID:3144
- C:\Windows\System\rDZamUy.exe
  C:\Windows\System\rDZamUy.exe
  2⤵
  PID:3356
- C:\Windows\System\ttYKEKm.exe
  C:\Windows\System\ttYKEKm.exe
  2⤵
  PID:3232
- C:\Windows\System\lxKOCUP.exe
  C:\Windows\System\lxKOCUP.exe
  2⤵
  PID:2796
- C:\Windows\System\ujeMQBg.exe
  C:\Windows\System\ujeMQBg.exe
  2⤵
  PID:1180
- C:\Windows\System\LRSwHKn.exe
  C:\Windows\System\LRSwHKn.exe
  2⤵
  PID:4108
- C:\Windows\System\LtmUCkB.exe
  C:\Windows\System\LtmUCkB.exe
  2⤵
  PID:4124
- C:\Windows\System\ZKmMHdT.exe
  C:\Windows\System\ZKmMHdT.exe
  2⤵
  PID:4140
- C:\Windows\System\IGFeZNu.exe
  C:\Windows\System\IGFeZNu.exe
  2⤵
  PID:4156
- C:\Windows\System\PLVefTe.exe
  C:\Windows\System\PLVefTe.exe
  2⤵
  PID:4172
- C:\Windows\System\iqJPefd.exe
  C:\Windows\System\iqJPefd.exe
  2⤵
  PID:4188
- C:\Windows\System\zVwXTpl.exe
  C:\Windows\System\zVwXTpl.exe
  2⤵
  PID:4204
- C:\Windows\System\krlkeNN.exe
  C:\Windows\System\krlkeNN.exe
  2⤵
  PID:4220
- C:\Windows\System\rCihNPI.exe
  C:\Windows\System\rCihNPI.exe
  2⤵
  PID:4236
- C:\Windows\System\dukaVLn.exe
  C:\Windows\System\dukaVLn.exe
  2⤵
  PID:4252
- C:\Windows\System\zVZBAHS.exe
  C:\Windows\System\zVZBAHS.exe
  2⤵
  PID:4268
- C:\Windows\System\FYLWAdK.exe
  C:\Windows\System\FYLWAdK.exe
  2⤵
  PID:4284
- C:\Windows\System\YBBGVmB.exe
  C:\Windows\System\YBBGVmB.exe
  2⤵
  PID:4300
- C:\Windows\System\iPCmMJK.exe
  C:\Windows\System\iPCmMJK.exe
  2⤵
  PID:4316
- C:\Windows\System\TYrrLkM.exe
  C:\Windows\System\TYrrLkM.exe
  2⤵
  PID:4332
- C:\Windows\System\XdeLJJh.exe
  C:\Windows\System\XdeLJJh.exe
  2⤵
  PID:4348
- C:\Windows\System\GegzvfO.exe
  C:\Windows\System\GegzvfO.exe
  2⤵
  PID:4368
- C:\Windows\System\puKHFmG.exe
  C:\Windows\System\puKHFmG.exe
  2⤵
  PID:4384
- C:\Windows\System\mhTsGDh.exe
  C:\Windows\System\mhTsGDh.exe
  2⤵
  PID:4400
- C:\Windows\System\YuztKze.exe
  C:\Windows\System\YuztKze.exe
  2⤵
  PID:4416
- C:\Windows\System\nnBvYZE.exe
  C:\Windows\System\nnBvYZE.exe
  2⤵
  PID:4432
- C:\Windows\System\LRqtkMq.exe
  C:\Windows\System\LRqtkMq.exe
  2⤵
  PID:4448
- C:\Windows\System\xeLDlsZ.exe
  C:\Windows\System\xeLDlsZ.exe
  2⤵
  PID:4464
- C:\Windows\System\eQPiWCc.exe
  C:\Windows\System\eQPiWCc.exe
  2⤵
  PID:4480
- C:\Windows\System\gmprfzY.exe
  C:\Windows\System\gmprfzY.exe
  2⤵
  PID:4496
- C:\Windows\System\ePgfGgN.exe
  C:\Windows\System\ePgfGgN.exe
  2⤵
  PID:4512
- C:\Windows\System\BIqFtdV.exe
  C:\Windows\System\BIqFtdV.exe
  2⤵
  PID:4528
- C:\Windows\System\OpgNfIL.exe
  C:\Windows\System\OpgNfIL.exe
  2⤵
  PID:4544
- C:\Windows\System\LuLcijj.exe
  C:\Windows\System\LuLcijj.exe
  2⤵
  PID:4560
- C:\Windows\System\rLRWiap.exe
  C:\Windows\System\rLRWiap.exe
  2⤵
  PID:4576
- C:\Windows\System\DjOLaob.exe
  C:\Windows\System\DjOLaob.exe
  2⤵
  PID:4592
- C:\Windows\System\ahEmGGY.exe
  C:\Windows\System\ahEmGGY.exe
  2⤵
  PID:4608
- C:\Windows\System\gHTKGqI.exe
  C:\Windows\System\gHTKGqI.exe
  2⤵
  PID:4624
- C:\Windows\System\DgYpcUf.exe
  C:\Windows\System\DgYpcUf.exe
  2⤵
  PID:4640
- C:\Windows\System\efZyayq.exe
  C:\Windows\System\efZyayq.exe
  2⤵
  PID:4656
- C:\Windows\System\qIJtmOz.exe
  C:\Windows\System\qIJtmOz.exe
  2⤵
  PID:4672
- C:\Windows\System\HwBrBgY.exe
  C:\Windows\System\HwBrBgY.exe
  2⤵
  PID:4688
- C:\Windows\System\ZzXPpif.exe
  C:\Windows\System\ZzXPpif.exe
  2⤵
  PID:4704
- C:\Windows\System\GPVsKOC.exe
  C:\Windows\System\GPVsKOC.exe
  2⤵
  PID:4720
- C:\Windows\System\fifBfPX.exe
  C:\Windows\System\fifBfPX.exe
  2⤵
  PID:4736
- C:\Windows\System\CILDVTj.exe
  C:\Windows\System\CILDVTj.exe
  2⤵
  PID:4752
- C:\Windows\System\pfvxMrC.exe
  C:\Windows\System\pfvxMrC.exe
  2⤵
  PID:4768
- C:\Windows\System\QnvzkVW.exe
  C:\Windows\System\QnvzkVW.exe
  2⤵
  PID:4784
- C:\Windows\System\uheUSOB.exe
  C:\Windows\System\uheUSOB.exe
  2⤵
  PID:4800
- C:\Windows\System\kxeiyVc.exe
  C:\Windows\System\kxeiyVc.exe
  2⤵
  PID:4820
- C:\Windows\System\DVtiiAi.exe
  C:\Windows\System\DVtiiAi.exe
  2⤵
  PID:4836
- C:\Windows\System\RyxDUzQ.exe
  C:\Windows\System\RyxDUzQ.exe
  2⤵
  PID:4852
- C:\Windows\System\PNEdfgo.exe
  C:\Windows\System\PNEdfgo.exe
  2⤵
  PID:4868
- C:\Windows\System\VLyqdKj.exe
  C:\Windows\System\VLyqdKj.exe
  2⤵
  PID:4884
- C:\Windows\System\GqDgQZG.exe
  C:\Windows\System\GqDgQZG.exe
  2⤵
  PID:4900
- C:\Windows\System\RMfxsFM.exe
  C:\Windows\System\RMfxsFM.exe
  2⤵
  PID:4916
- C:\Windows\System\jntRNqH.exe
  C:\Windows\System\jntRNqH.exe
  2⤵
  PID:4932
- C:\Windows\System\lbtnhlY.exe
  C:\Windows\System\lbtnhlY.exe
  2⤵
  PID:4948
- C:\Windows\System\mcIZoxS.exe
  C:\Windows\System\mcIZoxS.exe
  2⤵
  PID:4964
- C:\Windows\System\ZiSGSua.exe
  C:\Windows\System\ZiSGSua.exe
  2⤵
  PID:4980
- C:\Windows\System\DAehEoB.exe
  C:\Windows\System\DAehEoB.exe
  2⤵
  PID:4996
- C:\Windows\System\PgqUJWK.exe
  C:\Windows\System\PgqUJWK.exe
  2⤵
  PID:5012
- C:\Windows\System\CbGLiUE.exe
  C:\Windows\System\CbGLiUE.exe
  2⤵
  PID:5028
- C:\Windows\System\TRcrpoT.exe
  C:\Windows\System\TRcrpoT.exe
  2⤵
  PID:5044
- C:\Windows\System\SOoKllI.exe
  C:\Windows\System\SOoKllI.exe
  2⤵
  PID:5060
- C:\Windows\System\weqPMQy.exe
  C:\Windows\System\weqPMQy.exe
  2⤵
  PID:5076
- C:\Windows\System\aDdpSXd.exe
  C:\Windows\System\aDdpSXd.exe
  2⤵
  PID:5092
- C:\Windows\System\PlbLZSQ.exe
  C:\Windows\System\PlbLZSQ.exe
  2⤵
  PID:5108
- C:\Windows\System\wdDhSMa.exe
  C:\Windows\System\wdDhSMa.exe
  2⤵
  PID:1328
- C:\Windows\System\wDUpIXL.exe
  C:\Windows\System\wDUpIXL.exe
  2⤵
  PID:3512
- C:\Windows\System\VPkRXZD.exe
  C:\Windows\System\VPkRXZD.exe
  2⤵
  PID:3972
- C:\Windows\System\UiQXznz.exe
  C:\Windows\System\UiQXznz.exe
  2⤵
  PID:3912
- C:\Windows\System\Kayhuti.exe
  C:\Windows\System\Kayhuti.exe
  2⤵
  PID:3812
- C:\Windows\System\mfxNbfG.exe
  C:\Windows\System\mfxNbfG.exe
  2⤵
  PID:4068
- C:\Windows\System\foQZADo.exe
  C:\Windows\System\foQZADo.exe
  2⤵
  PID:3748
- C:\Windows\System\ElohNqk.exe
  C:\Windows\System\ElohNqk.exe
  2⤵
  PID:3896
- C:\Windows\System\GMXfUaY.exe
  C:\Windows\System\GMXfUaY.exe
  2⤵
  PID:3088
- C:\Windows\System\ifMBEem.exe
  C:\Windows\System\ifMBEem.exe
  2⤵
  PID:3608
- C:\Windows\System\hovJYwY.exe
  C:\Windows\System\hovJYwY.exe
  2⤵
  PID:3392
- C:\Windows\System\yHpxmjb.exe
  C:\Windows\System\yHpxmjb.exe
  2⤵
  PID:3304
- C:\Windows\System\Ovrponm.exe
  C:\Windows\System\Ovrponm.exe
  2⤵
  PID:2008
- C:\Windows\System\FPaLrHJ.exe
  C:\Windows\System\FPaLrHJ.exe
  2⤵
  PID:4116
- C:\Windows\System\mWSEzBs.exe
  C:\Windows\System\mWSEzBs.exe
  2⤵
  PID:4148
- C:\Windows\System\nOuLslj.exe
  C:\Windows\System\nOuLslj.exe
  2⤵
  PID:4180
- C:\Windows\System\ISJqqNq.exe
  C:\Windows\System\ISJqqNq.exe
  2⤵
  PID:4244
- C:\Windows\System\UNnYOML.exe
  C:\Windows\System\UNnYOML.exe
  2⤵
  PID:4228
- C:\Windows\System\HfPlXAs.exe
  C:\Windows\System\HfPlXAs.exe
  2⤵
  PID:4276
- C:\Windows\System\XTWTNGG.exe
  C:\Windows\System\XTWTNGG.exe
  2⤵
  PID:4264
- C:\Windows\System\ZXuOThM.exe
  C:\Windows\System\ZXuOThM.exe
  2⤵
  PID:4296
- C:\Windows\System\WATVgdP.exe
  C:\Windows\System\WATVgdP.exe
  2⤵
  PID:4328
- C:\Windows\System\XKjxOKo.exe
  C:\Windows\System\XKjxOKo.exe
  2⤵
  PID:4364
- C:\Windows\System\SFqCfOb.exe
  C:\Windows\System\SFqCfOb.exe
  2⤵
  PID:4444
- C:\Windows\System\oJNAsCe.exe
  C:\Windows\System\oJNAsCe.exe
  2⤵
  PID:4428
- C:\Windows\System\KuSuPwq.exe
  C:\Windows\System\KuSuPwq.exe
  2⤵
  PID:4504
- C:\Windows\System\hHKCMQN.exe
  C:\Windows\System\hHKCMQN.exe
  2⤵
  PID:4492
- C:\Windows\System\YiUnmqo.exe
  C:\Windows\System\YiUnmqo.exe
  2⤵
  PID:4524
- C:\Windows\System\DOXMASG.exe
  C:\Windows\System\DOXMASG.exe
  2⤵
  PID:4572
- C:\Windows\System\WdWQDHR.exe
  C:\Windows\System\WdWQDHR.exe
  2⤵
  PID:4588
- C:\Windows\System\BRuBDri.exe
  C:\Windows\System\BRuBDri.exe
  2⤵
  PID:4620
- C:\Windows\System\nrRVVCH.exe
  C:\Windows\System\nrRVVCH.exe
  2⤵
  PID:4652
- C:\Windows\System\kfjJpSy.exe
  C:\Windows\System\kfjJpSy.exe
  2⤵
  PID:4684
- C:\Windows\System\RBvNIUc.exe
  C:\Windows\System\RBvNIUc.exe
  2⤵
  PID:4712
- C:\Windows\System\bWQjoZL.exe
  C:\Windows\System\bWQjoZL.exe
  2⤵
  PID:4748
- C:\Windows\System\SOfEmEg.exe
  C:\Windows\System\SOfEmEg.exe
  2⤵
  PID:4780
- C:\Windows\System\AsYUkuJ.exe
  C:\Windows\System\AsYUkuJ.exe
  2⤵
  PID:4828
- C:\Windows\System\GxwvDOk.exe
  C:\Windows\System\GxwvDOk.exe
  2⤵
  PID:4860
- C:\Windows\System\JNIKErp.exe
  C:\Windows\System\JNIKErp.exe
  2⤵
  PID:4896
- C:\Windows\System\JNtZnOh.exe
  C:\Windows\System\JNtZnOh.exe
  2⤵
  PID:4908
- C:\Windows\System\naOAkzf.exe
  C:\Windows\System\naOAkzf.exe
  2⤵
  PID:4940
- C:\Windows\System\mvxGTZu.exe
  C:\Windows\System\mvxGTZu.exe
  2⤵
  PID:4992
- C:\Windows\System\dXiZcWr.exe
  C:\Windows\System\dXiZcWr.exe
  2⤵
  PID:5024
- C:\Windows\System\zaFIOFK.exe
  C:\Windows\System\zaFIOFK.exe
  2⤵
  PID:5056
- C:\Windows\System\xidZlKm.exe
  C:\Windows\System\xidZlKm.exe
  2⤵
  PID:5072
- C:\Windows\System\selMUyN.exe
  C:\Windows\System\selMUyN.exe
  2⤵
  PID:5100
- C:\Windows\System\FTCMPrd.exe
  C:\Windows\System\FTCMPrd.exe
  2⤵
  PID:3524
- C:\Windows\System\srFoBky.exe
  C:\Windows\System\srFoBky.exe
  2⤵
  PID:3788
- C:\Windows\System\MyBJBGw.exe
  C:\Windows\System\MyBJBGw.exe
  2⤵
  PID:4072
- C:\Windows\System\yWrkEYr.exe
  C:\Windows\System\yWrkEYr.exe
  2⤵
  PID:3916
- C:\Windows\System\HveGlce.exe
  C:\Windows\System\HveGlce.exe
  2⤵
  PID:3484
- C:\Windows\System\flbYaMr.exe
  C:\Windows\System\flbYaMr.exe
  2⤵
  PID:3632
- C:\Windows\System\DMWfhtn.exe
  C:\Windows\System\DMWfhtn.exe
  2⤵
  PID:4100
- C:\Windows\System\EuLLLcL.exe
  C:\Windows\System\EuLLLcL.exe
  2⤵
  PID:4152
- C:\Windows\System\BeLqnkP.exe
  C:\Windows\System\BeLqnkP.exe
  2⤵
  PID:4232
- C:\Windows\System\HyFnGqt.exe
  C:\Windows\System\HyFnGqt.exe
  2⤵
  PID:4280
- C:\Windows\System\ODMeynQ.exe
  C:\Windows\System\ODMeynQ.exe
  2⤵
  PID:4344
- C:\Windows\System\gnLVowg.exe
  C:\Windows\System\gnLVowg.exe
  2⤵
  PID:4440
- C:\Windows\System\CMjnCfA.exe
  C:\Windows\System\CMjnCfA.exe
  2⤵
  PID:4552
- C:\Windows\System\VrQCDnF.exe
  C:\Windows\System\VrQCDnF.exe
  2⤵
  PID:4556
- C:\Windows\System\EtavbRA.exe
  C:\Windows\System\EtavbRA.exe
  2⤵
  PID:4604
- C:\Windows\System\iYeXhlW.exe
  C:\Windows\System\iYeXhlW.exe
  2⤵
  PID:4764
- C:\Windows\System\pLXHuPb.exe
  C:\Windows\System\pLXHuPb.exe
  2⤵
  PID:4668
- C:\Windows\System\GFHoCoa.exe
  C:\Windows\System\GFHoCoa.exe
  2⤵
  PID:4796
- C:\Windows\System\akUxKtw.exe
  C:\Windows\System\akUxKtw.exe
  2⤵
  PID:1676
- C:\Windows\System\dhPdzPS.exe
  C:\Windows\System\dhPdzPS.exe
  2⤵
  PID:4928
- C:\Windows\System\UVcXEUp.exe
  C:\Windows\System\UVcXEUp.exe
  2⤵
  PID:4960
- C:\Windows\System\eniouEy.exe
  C:\Windows\System\eniouEy.exe
  2⤵
  PID:4988
- C:\Windows\System\mVXAPJy.exe
  C:\Windows\System\mVXAPJy.exe
  2⤵
  PID:2972
- C:\Windows\System\bmHzvPy.exe
  C:\Windows\System\bmHzvPy.exe
  2⤵
  PID:5132
- C:\Windows\System\fTcGguy.exe
  C:\Windows\System\fTcGguy.exe
  2⤵
  PID:5148
- C:\Windows\System\nhIYTNg.exe
  C:\Windows\System\nhIYTNg.exe
  2⤵
  PID:5164
- C:\Windows\System\IWjJket.exe
  C:\Windows\System\IWjJket.exe
  2⤵
  PID:5180
- C:\Windows\System\gUiLxkn.exe
  C:\Windows\System\gUiLxkn.exe
  2⤵
  PID:5196
- C:\Windows\System\pNkXiBm.exe
  C:\Windows\System\pNkXiBm.exe
  2⤵
  PID:5212
- C:\Windows\System\JXSTZBu.exe
  C:\Windows\System\JXSTZBu.exe
  2⤵
  PID:5228
- C:\Windows\System\pBmUURz.exe
  C:\Windows\System\pBmUURz.exe
  2⤵
  PID:5244
- C:\Windows\System\rsqcVtp.exe
  C:\Windows\System\rsqcVtp.exe
  2⤵
  PID:5264
- C:\Windows\System\abvRfDN.exe
  C:\Windows\System\abvRfDN.exe
  2⤵
  PID:5280
- C:\Windows\System\wOPgtfj.exe
  C:\Windows\System\wOPgtfj.exe
  2⤵
  PID:5296
- C:\Windows\System\wIUbxMq.exe
  C:\Windows\System\wIUbxMq.exe
  2⤵
  PID:5312
- C:\Windows\System\tZGvevf.exe
  C:\Windows\System\tZGvevf.exe
  2⤵
  PID:5328
- C:\Windows\System\rUoAAEz.exe
  C:\Windows\System\rUoAAEz.exe
  2⤵
  PID:5344
- C:\Windows\System\rzSleED.exe
  C:\Windows\System\rzSleED.exe
  2⤵
  PID:5360
- C:\Windows\System\sHosblu.exe
  C:\Windows\System\sHosblu.exe
  2⤵
  PID:5376
- C:\Windows\System\RNQAsOy.exe
  C:\Windows\System\RNQAsOy.exe
  2⤵
  PID:5392
- C:\Windows\System\uNRraiw.exe
  C:\Windows\System\uNRraiw.exe
  2⤵
  PID:5408
- C:\Windows\System\YaEdhUG.exe
  C:\Windows\System\YaEdhUG.exe
  2⤵
  PID:5424
- C:\Windows\System\aLckcdf.exe
  C:\Windows\System\aLckcdf.exe
  2⤵
  PID:5440
- C:\Windows\System\VAnOgBy.exe
  C:\Windows\System\VAnOgBy.exe
  2⤵
  PID:5456
- C:\Windows\System\tamcKqG.exe
  C:\Windows\System\tamcKqG.exe
  2⤵
  PID:5472
- C:\Windows\System\ysvrlue.exe
  C:\Windows\System\ysvrlue.exe
  2⤵
  PID:5488
- C:\Windows\System\ZulLQdj.exe
  C:\Windows\System\ZulLQdj.exe
  2⤵
  PID:5504
- C:\Windows\System\rvbcUJf.exe
  C:\Windows\System\rvbcUJf.exe
  2⤵
  PID:5520
- C:\Windows\System\fTIiKyl.exe
  C:\Windows\System\fTIiKyl.exe
  2⤵
  PID:5536
- C:\Windows\System\RbaeSZn.exe
  C:\Windows\System\RbaeSZn.exe
  2⤵
  PID:5552
- C:\Windows\System\aaPdxtH.exe
  C:\Windows\System\aaPdxtH.exe
  2⤵
  PID:5568
- C:\Windows\System\ugkGwmm.exe
  C:\Windows\System\ugkGwmm.exe
  2⤵
  PID:5584
- C:\Windows\System\OnWhlkc.exe
  C:\Windows\System\OnWhlkc.exe
  2⤵
  PID:5600
- C:\Windows\System\SatQPZw.exe
  C:\Windows\System\SatQPZw.exe
  2⤵
  PID:5616
- C:\Windows\System\vyuisrM.exe
  C:\Windows\System\vyuisrM.exe
  2⤵
  PID:5632
- C:\Windows\System\AldntGM.exe
  C:\Windows\System\AldntGM.exe
  2⤵
  PID:5648
- C:\Windows\System\FxSEVvC.exe
  C:\Windows\System\FxSEVvC.exe
  2⤵
  PID:5664
- C:\Windows\System\gegWrjN.exe
  C:\Windows\System\gegWrjN.exe
  2⤵
  PID:5680
- C:\Windows\System\XCCBLPu.exe
  C:\Windows\System\XCCBLPu.exe
  2⤵
  PID:5696
- C:\Windows\System\Xrzrnbo.exe
  C:\Windows\System\Xrzrnbo.exe
  2⤵
  PID:5712
- C:\Windows\System\qaXuMZR.exe
  C:\Windows\System\qaXuMZR.exe
  2⤵
  PID:5728
- C:\Windows\System\OegjndV.exe
  C:\Windows\System\OegjndV.exe
  2⤵
  PID:5744
- C:\Windows\System\ReMybMr.exe
  C:\Windows\System\ReMybMr.exe
  2⤵
  PID:5760
- C:\Windows\System\tnKZaVY.exe
  C:\Windows\System\tnKZaVY.exe
  2⤵
  PID:5776
- C:\Windows\System\eKvbCpU.exe
  C:\Windows\System\eKvbCpU.exe
  2⤵
  PID:5792
- C:\Windows\System\czokVfk.exe
  C:\Windows\System\czokVfk.exe
  2⤵
  PID:5808
- C:\Windows\System\wRjftqo.exe
  C:\Windows\System\wRjftqo.exe
  2⤵
  PID:5824
- C:\Windows\System\gfsFtRu.exe
  C:\Windows\System\gfsFtRu.exe
  2⤵
  PID:5840
- C:\Windows\System\OPMZrUr.exe
  C:\Windows\System\OPMZrUr.exe
  2⤵
  PID:5856
- C:\Windows\System\tkrNmlt.exe
  C:\Windows\System\tkrNmlt.exe
  2⤵
  PID:5872
- C:\Windows\System\YjhVhNw.exe
  C:\Windows\System\YjhVhNw.exe
  2⤵
  PID:5888
- C:\Windows\System\BFrPAvH.exe
  C:\Windows\System\BFrPAvH.exe
  2⤵
  PID:5904
- C:\Windows\System\MmrlHqn.exe
  C:\Windows\System\MmrlHqn.exe
  2⤵
  PID:5920
- C:\Windows\System\GBGwiAk.exe
  C:\Windows\System\GBGwiAk.exe
  2⤵
  PID:5936
- C:\Windows\System\WMLqNur.exe
  C:\Windows\System\WMLqNur.exe
  2⤵
  PID:5952
- C:\Windows\System\IoBtwYO.exe
  C:\Windows\System\IoBtwYO.exe
  2⤵
  PID:5968
- C:\Windows\System\nBbwivi.exe
  C:\Windows\System\nBbwivi.exe
  2⤵
  PID:5984
- C:\Windows\System\PihHjlD.exe
  C:\Windows\System\PihHjlD.exe
  2⤵
  PID:6000
- C:\Windows\System\LarENLl.exe
  C:\Windows\System\LarENLl.exe
  2⤵
  PID:6016
- C:\Windows\System\adFICrW.exe
  C:\Windows\System\adFICrW.exe
  2⤵
  PID:6032
- C:\Windows\System\ZgajvuT.exe
  C:\Windows\System\ZgajvuT.exe
  2⤵
  PID:6048
- C:\Windows\System\KYNqwIR.exe
  C:\Windows\System\KYNqwIR.exe
  2⤵
  PID:6068
- C:\Windows\System\XgaazRY.exe
  C:\Windows\System\XgaazRY.exe
  2⤵
  PID:6084
- C:\Windows\System\JFnrvCg.exe
  C:\Windows\System\JFnrvCg.exe
  2⤵
  PID:6100
- C:\Windows\System\tGfpszQ.exe
  C:\Windows\System\tGfpszQ.exe
  2⤵
  PID:6116
- C:\Windows\System\MaxUWtb.exe
  C:\Windows\System\MaxUWtb.exe
  2⤵
  PID:6132
- C:\Windows\System\EbiDUzT.exe
  C:\Windows\System\EbiDUzT.exe
  2⤵
  PID:1568
- C:\Windows\System\pcLtzRf.exe
  C:\Windows\System\pcLtzRf.exe
  2⤵
  PID:4816
- C:\Windows\System\KfAsuPa.exe
  C:\Windows\System\KfAsuPa.exe
  2⤵
  PID:3308
- C:\Windows\System\IoRDRcU.exe
  C:\Windows\System\IoRDRcU.exe
  2⤵
  PID:2072
- C:\Windows\System\RKztVRd.exe
  C:\Windows\System\RKztVRd.exe
  2⤵
  PID:3816
- C:\Windows\System\izJjnRi.exe
  C:\Windows\System\izJjnRi.exe
  2⤵
  PID:4412
- C:\Windows\System\weJiUnd.exe
  C:\Windows\System\weJiUnd.exe
  2⤵
  PID:4488
- C:\Windows\System\kjTEieU.exe
  C:\Windows\System\kjTEieU.exe
  2⤵
  PID:4680
- C:\Windows\System\iPjPQxl.exe
  C:\Windows\System\iPjPQxl.exe
  2⤵
  PID:4812
- C:\Windows\System\ToIGTJW.exe
  C:\Windows\System\ToIGTJW.exe
  2⤵
  PID:4876
- C:\Windows\System\uohLxpl.exe
  C:\Windows\System\uohLxpl.exe
  2⤵
  PID:5020
- C:\Windows\System\TGrZlHI.exe
  C:\Windows\System\TGrZlHI.exe
  2⤵
  PID:5124
- C:\Windows\System\InUWprB.exe
  C:\Windows\System\InUWprB.exe
  2⤵
  PID:5156
- C:\Windows\System\WVeNIit.exe
  C:\Windows\System\WVeNIit.exe
  2⤵
  PID:5052
- C:\Windows\System\EHufFhW.exe
  C:\Windows\System\EHufFhW.exe
  2⤵
  PID:5208
- C:\Windows\System\vgSdMZy.exe
  C:\Windows\System\vgSdMZy.exe
  2⤵
  PID:1864
- C:\Windows\System\EqIumSR.exe
  C:\Windows\System\EqIumSR.exe
  2⤵
  PID:2976
- C:\Windows\System\XBDysgO.exe
  C:\Windows\System\XBDysgO.exe
  2⤵
  PID:5272
- C:\Windows\System\wkTHfCb.exe
  C:\Windows\System\wkTHfCb.exe
  2⤵
  PID:5288
- C:\Windows\System\gDEozUK.exe
  C:\Windows\System\gDEozUK.exe
  2⤵
  PID:5336
- C:\Windows\System\zHvDqTf.exe
  C:\Windows\System\zHvDqTf.exe
  2⤵
  PID:5352
- C:\Windows\System\yrpJTtF.exe
  C:\Windows\System\yrpJTtF.exe
  2⤵
  PID:5372
- C:\Windows\System\PUFPwQz.exe
  C:\Windows\System\PUFPwQz.exe
  2⤵
  PID:5404
- C:\Windows\System\PEnBVGn.exe
  C:\Windows\System\PEnBVGn.exe
  2⤵
  PID:5420
- C:\Windows\System\KdZqsuw.exe
  C:\Windows\System\KdZqsuw.exe
  2⤵
  PID:5452
- C:\Windows\System\GkXBlzG.exe
  C:\Windows\System\GkXBlzG.exe
  2⤵
  PID:5484
- C:\Windows\System\QHXZepO.exe
  C:\Windows\System\QHXZepO.exe
  2⤵
  PID:5516
- C:\Windows\System\hJNwges.exe
  C:\Windows\System\hJNwges.exe
  2⤵
  PID:5548
- C:\Windows\System\LjTYXfa.exe
  C:\Windows\System\LjTYXfa.exe
  2⤵
  PID:5580
- C:\Windows\System\ykWVNOr.exe
  C:\Windows\System\ykWVNOr.exe
  2⤵
  PID:1416
- C:\Windows\System\RYaDssx.exe
  C:\Windows\System\RYaDssx.exe
  2⤵
  PID:5640
- C:\Windows\System\SDVPqBT.exe
  C:\Windows\System\SDVPqBT.exe
  2⤵
  PID:5672
- C:\Windows\System\fwCBFRT.exe
  C:\Windows\System\fwCBFRT.exe
  2⤵
  PID:5692
- C:\Windows\System\DJdAuKB.exe
  C:\Windows\System\DJdAuKB.exe
  2⤵
  PID:5724
- C:\Windows\System\wGVrYWZ.exe
  C:\Windows\System\wGVrYWZ.exe
  2⤵
  PID:5784
- C:\Windows\System\mvhvulK.exe
  C:\Windows\System\mvhvulK.exe
  2⤵
  PID:5768
- C:\Windows\System\GYOgLaT.exe
  C:\Windows\System\GYOgLaT.exe
  2⤵
  PID:5820
- C:\Windows\System\mIbKgLY.exe
  C:\Windows\System\mIbKgLY.exe
  2⤵
  PID:5800
- C:\Windows\System\KQyrkCw.exe
  C:\Windows\System\KQyrkCw.exe
  2⤵
  PID:2252
- C:\Windows\System\UXUNAMK.exe
  C:\Windows\System\UXUNAMK.exe
  2⤵
  PID:5868
- C:\Windows\System\mBInBKB.exe
  C:\Windows\System\mBInBKB.exe
  2⤵
  PID:5916
- C:\Windows\System\EelDsVn.exe
  C:\Windows\System\EelDsVn.exe
  2⤵
  PID:5900
- C:\Windows\System\kWtRDvF.exe
  C:\Windows\System\kWtRDvF.exe
  2⤵
  PID:5960
- C:\Windows\System\Wqhppvn.exe
  C:\Windows\System\Wqhppvn.exe
  2⤵
  PID:5992
- C:\Windows\System\ElZfuGm.exe
  C:\Windows\System\ElZfuGm.exe
  2⤵
  PID:6040
- C:\Windows\System\hQSvEaD.exe
  C:\Windows\System\hQSvEaD.exe
  2⤵
  PID:6044
- C:\Windows\System\yGswbew.exe
  C:\Windows\System\yGswbew.exe
  2⤵
  PID:6080
- C:\Windows\System\LfbIPSF.exe
  C:\Windows\System\LfbIPSF.exe
  2⤵
  PID:6096
- C:\Windows\System\bKrjImx.exe
  C:\Windows\System\bKrjImx.exe
  2⤵
  PID:3480
- C:\Windows\System\fiZICUU.exe
  C:\Windows\System\fiZICUU.exe
  2⤵
  PID:3936
- C:\Windows\System\WOQednt.exe
  C:\Windows\System\WOQednt.exe
  2⤵
  PID:1244
- C:\Windows\System\TfCZpas.exe
  C:\Windows\System\TfCZpas.exe
  2⤵
  PID:4536
- C:\Windows\System\VCKAlbU.exe
  C:\Windows\System\VCKAlbU.exe
  2⤵
  PID:4732
- C:\Windows\System\MVTuNoO.exe
  C:\Windows\System\MVTuNoO.exe
  2⤵
  PID:4892
- C:\Windows\System\NkplFhD.exe
  C:\Windows\System\NkplFhD.exe
  2⤵
  PID:5036
- C:\Windows\System\oinCANu.exe
  C:\Windows\System\oinCANu.exe
  2⤵
  PID:5236
- C:\Windows\System\EPStzay.exe
  C:\Windows\System\EPStzay.exe
  2⤵
  PID:5224
- C:\Windows\System\LKmMKCz.exe
  C:\Windows\System\LKmMKCz.exe
  2⤵
  PID:5240
- C:\Windows\System\ASZlqwO.exe
  C:\Windows\System\ASZlqwO.exe
  2⤵
  PID:5324
- C:\Windows\System\ESeENyk.exe
  C:\Windows\System\ESeENyk.exe
  2⤵
  PID:5432
- C:\Windows\System\okJCxxe.exe
  C:\Windows\System\okJCxxe.exe
  2⤵
  PID:5480
- C:\Windows\System\VyXbhAs.exe
  C:\Windows\System\VyXbhAs.exe
  2⤵
  PID:5592
- C:\Windows\System\fppDbIY.exe
  C:\Windows\System\fppDbIY.exe
  2⤵
  PID:5564
- C:\Windows\System\SmJCbIr.exe
  C:\Windows\System\SmJCbIr.exe
  2⤵
  PID:3636
- C:\Windows\System\nRresRY.exe
  C:\Windows\System\nRresRY.exe
  2⤵
  PID:5676
- C:\Windows\System\tVnDOAM.exe
  C:\Windows\System\tVnDOAM.exe
  2⤵
  PID:5708
- C:\Windows\System\qNNdeAR.exe
  C:\Windows\System\qNNdeAR.exe
  2⤵
  PID:2548
- C:\Windows\System\WequysN.exe
  C:\Windows\System\WequysN.exe
  2⤵
  PID:5852
- C:\Windows\System\SCrPEsQ.exe
  C:\Windows\System\SCrPEsQ.exe
  2⤵
  PID:5896
- C:\Windows\System\IesZvlf.exe
  C:\Windows\System\IesZvlf.exe
  2⤵
  PID:6012
- C:\Windows\System\sVQktTb.exe
  C:\Windows\System\sVQktTb.exe
  2⤵
  PID:2948
- C:\Windows\System\mNBzNzp.exe
  C:\Windows\System\mNBzNzp.exe
  2⤵
  PID:6056
- C:\Windows\System\UPjHsOL.exe
  C:\Windows\System\UPjHsOL.exe
  2⤵
  PID:6124
- C:\Windows\System\FXlYEJD.exe
  C:\Windows\System\FXlYEJD.exe
  2⤵
  PID:4648
- C:\Windows\System\dmrMseg.exe
  C:\Windows\System\dmrMseg.exe
  2⤵
  PID:2768
- C:\Windows\System\EwORxbp.exe
  C:\Windows\System\EwORxbp.exe
  2⤵
  PID:4864
- C:\Windows\System\ArhnHoi.exe
  C:\Windows\System\ArhnHoi.exe
  2⤵
  PID:1056
- C:\Windows\System\HImtskC.exe
  C:\Windows\System\HImtskC.exe
  2⤵
  PID:5308
- C:\Windows\System\LGguFbO.exe
  C:\Windows\System\LGguFbO.exe
  2⤵
  PID:2372
- C:\Windows\System\GRKDthY.exe
  C:\Windows\System\GRKDthY.exe
  2⤵
  PID:6156
- C:\Windows\System\ZEIwFgl.exe
  C:\Windows\System\ZEIwFgl.exe
  2⤵
  PID:6172
- C:\Windows\System\KIpsTvz.exe
  C:\Windows\System\KIpsTvz.exe
  2⤵
  PID:6188
- C:\Windows\System\alSxWoI.exe
  C:\Windows\System\alSxWoI.exe
  2⤵
  PID:6204
- C:\Windows\System\ijffktW.exe
  C:\Windows\System\ijffktW.exe
  2⤵
  PID:6220
- C:\Windows\System\sPiIKIJ.exe
  C:\Windows\System\sPiIKIJ.exe
  2⤵
  PID:6236
- C:\Windows\System\Ezkxnge.exe
  C:\Windows\System\Ezkxnge.exe
  2⤵
  PID:6252
- C:\Windows\System\yhnZdES.exe
  C:\Windows\System\yhnZdES.exe
  2⤵
  PID:6268
- C:\Windows\System\FNbBvkC.exe
  C:\Windows\System\FNbBvkC.exe
  2⤵
  PID:6284
- C:\Windows\System\zkvBvjV.exe
  C:\Windows\System\zkvBvjV.exe
  2⤵
  PID:6300
- C:\Windows\System\qfSKhHO.exe
  C:\Windows\System\qfSKhHO.exe
  2⤵
  PID:6316
- C:\Windows\System\BzjioDK.exe
  C:\Windows\System\BzjioDK.exe
  2⤵
  PID:6332
- C:\Windows\System\mOcigoZ.exe
  C:\Windows\System\mOcigoZ.exe
  2⤵
  PID:6348
- C:\Windows\System\PoskmcQ.exe
  C:\Windows\System\PoskmcQ.exe
  2⤵
  PID:6364
- C:\Windows\System\aNxCEmm.exe
  C:\Windows\System\aNxCEmm.exe
  2⤵
  PID:6380
- C:\Windows\System\jzVFwOX.exe
  C:\Windows\System\jzVFwOX.exe
  2⤵
  PID:6396
- C:\Windows\System\uFxISYM.exe
  C:\Windows\System\uFxISYM.exe
  2⤵
  PID:6412
- C:\Windows\System\BxRlpgf.exe
  C:\Windows\System\BxRlpgf.exe
  2⤵
  PID:6428
- C:\Windows\System\PIQYPof.exe
  C:\Windows\System\PIQYPof.exe
  2⤵
  PID:6444
- C:\Windows\System\LUcFMNU.exe
  C:\Windows\System\LUcFMNU.exe
  2⤵
  PID:6460
- C:\Windows\System\FitMRYn.exe
  C:\Windows\System\FitMRYn.exe
  2⤵
  PID:6476
- C:\Windows\System\ZXSxtgj.exe
  C:\Windows\System\ZXSxtgj.exe
  2⤵
  PID:6492
- C:\Windows\System\eqSvzXX.exe
  C:\Windows\System\eqSvzXX.exe
  2⤵
  PID:6508
- C:\Windows\System\qVxfTUH.exe
  C:\Windows\System\qVxfTUH.exe
  2⤵
  PID:6524
- C:\Windows\System\LRMVkfi.exe
  C:\Windows\System\LRMVkfi.exe
  2⤵
  PID:6540
- C:\Windows\System\BngBWug.exe
  C:\Windows\System\BngBWug.exe
  2⤵
  PID:6556
- C:\Windows\System\FdvNZOr.exe
  C:\Windows\System\FdvNZOr.exe
  2⤵
  PID:6572
- C:\Windows\System\BKHFZvp.exe
  C:\Windows\System\BKHFZvp.exe
  2⤵
  PID:6588
- C:\Windows\System\RclmZMj.exe
  C:\Windows\System\RclmZMj.exe
  2⤵
  PID:6604
- C:\Windows\System\AlgexhO.exe
  C:\Windows\System\AlgexhO.exe
  2⤵
  PID:6620
- C:\Windows\System\dXRIgtQ.exe
  C:\Windows\System\dXRIgtQ.exe
  2⤵
  PID:6636
- C:\Windows\System\cMPHsgO.exe
  C:\Windows\System\cMPHsgO.exe
  2⤵
  PID:6652
- C:\Windows\System\IrAtaOA.exe
  C:\Windows\System\IrAtaOA.exe
  2⤵
  PID:6668
- C:\Windows\System\XPTBXFL.exe
  C:\Windows\System\XPTBXFL.exe
  2⤵
  PID:6684
- C:\Windows\System\IunAnSR.exe
  C:\Windows\System\IunAnSR.exe
  2⤵
  PID:6700
- C:\Windows\System\IDCdNHu.exe
  C:\Windows\System\IDCdNHu.exe
  2⤵
  PID:6716
- C:\Windows\System\JpMeIdE.exe
  C:\Windows\System\JpMeIdE.exe
  2⤵
  PID:6732
- C:\Windows\System\oWWHEIf.exe
  C:\Windows\System\oWWHEIf.exe
  2⤵
  PID:6752
- C:\Windows\System\DcWSpeB.exe
  C:\Windows\System\DcWSpeB.exe
  2⤵
  PID:6768
- C:\Windows\System\WPylcDG.exe
  C:\Windows\System\WPylcDG.exe
  2⤵
  PID:6784
- C:\Windows\System\FPFLbFB.exe
  C:\Windows\System\FPFLbFB.exe
  2⤵
  PID:6800
- C:\Windows\System\rvgzwyg.exe
  C:\Windows\System\rvgzwyg.exe
  2⤵
  PID:6816
- C:\Windows\System\WxGpuut.exe
  C:\Windows\System\WxGpuut.exe
  2⤵
  PID:6832
- C:\Windows\System\HWFyfFv.exe
  C:\Windows\System\HWFyfFv.exe
  2⤵
  PID:6848
- C:\Windows\System\ArWyOIs.exe
  C:\Windows\System\ArWyOIs.exe
  2⤵
  PID:6864
- C:\Windows\System\sHALFsf.exe
  C:\Windows\System\sHALFsf.exe
  2⤵
  PID:6880
- C:\Windows\System\sIMmBVT.exe
  C:\Windows\System\sIMmBVT.exe
  2⤵
  PID:6896
- C:\Windows\System\LMKBOCE.exe
  C:\Windows\System\LMKBOCE.exe
  2⤵
  PID:6912
- C:\Windows\System\TWldPHd.exe
  C:\Windows\System\TWldPHd.exe
  2⤵
  PID:6928
- C:\Windows\System\xVjtEpr.exe
  C:\Windows\System\xVjtEpr.exe
  2⤵
  PID:6944
- C:\Windows\System\mJxOdom.exe
  C:\Windows\System\mJxOdom.exe
  2⤵
  PID:6960
- C:\Windows\System\lAvongG.exe
  C:\Windows\System\lAvongG.exe
  2⤵
  PID:6976
- C:\Windows\System\ajJZjSv.exe
  C:\Windows\System\ajJZjSv.exe
  2⤵
  PID:6992
- C:\Windows\System\PbMsJVd.exe
  C:\Windows\System\PbMsJVd.exe
  2⤵
  PID:7008
- C:\Windows\System\BTgdBpo.exe
  C:\Windows\System\BTgdBpo.exe
  2⤵
  PID:7024
- C:\Windows\System\JIxPOLz.exe
  C:\Windows\System\JIxPOLz.exe
  2⤵
  PID:7040
- C:\Windows\System\QTQjVfM.exe
  C:\Windows\System\QTQjVfM.exe
  2⤵
  PID:7056
- C:\Windows\System\sHKCHlG.exe
  C:\Windows\System\sHKCHlG.exe
  2⤵
  PID:7072
- C:\Windows\System\kNdhpLx.exe
  C:\Windows\System\kNdhpLx.exe
  2⤵
  PID:7088
- C:\Windows\System\DSizNCB.exe
  C:\Windows\System\DSizNCB.exe
  2⤵
  PID:7104
- C:\Windows\System\GKrapNP.exe
  C:\Windows\System\GKrapNP.exe
  2⤵
  PID:7120
- C:\Windows\System\DwOmDdG.exe
  C:\Windows\System\DwOmDdG.exe
  2⤵
  PID:7136
- C:\Windows\System\cPXuxpx.exe
  C:\Windows\System\cPXuxpx.exe
  2⤵
  PID:7152
- C:\Windows\System\oUIZyyK.exe
  C:\Windows\System\oUIZyyK.exe
  2⤵
  PID:5612
- C:\Windows\System\xIEoSFc.exe
  C:\Windows\System\xIEoSFc.exe
  2⤵
  PID:5276
- C:\Windows\System\hlVDkPJ.exe
  C:\Windows\System\hlVDkPJ.exe
  2⤵
  PID:5656
- C:\Windows\System\TOefxoE.exe
  C:\Windows\System\TOefxoE.exe
  2⤵
  PID:5756
- C:\Windows\System\QDaeWWl.exe
  C:\Windows\System\QDaeWWl.exe
  2⤵
  PID:2552
- C:\Windows\System\ZWJeljK.exe
  C:\Windows\System\ZWJeljK.exe
  2⤵
  PID:5880
- C:\Windows\System\BJyKjYK.exe
  C:\Windows\System\BJyKjYK.exe
  2⤵
  PID:5980
- C:\Windows\System\JsbUpiG.exe
  C:\Windows\System\JsbUpiG.exe
  2⤵
  PID:6092
- C:\Windows\System\HOrYqJo.exe
  C:\Windows\System\HOrYqJo.exe
  2⤵
  PID:4424
- C:\Windows\System\BbbUPiA.exe
  C:\Windows\System\BbbUPiA.exe
  2⤵
  PID:5160
- C:\Windows\System\TxpFSpn.exe
  C:\Windows\System\TxpFSpn.exe
  2⤵
  PID:6164
- C:\Windows\System\QDjvFgK.exe
  C:\Windows\System\QDjvFgK.exe
  2⤵
  PID:6148
- C:\Windows\System\WdvREQl.exe
  C:\Windows\System\WdvREQl.exe
  2⤵
  PID:6228
- C:\Windows\System\crkoVCL.exe
  C:\Windows\System\crkoVCL.exe
  2⤵
  PID:6260
- C:\Windows\System\YLSPTUg.exe
  C:\Windows\System\YLSPTUg.exe
  2⤵
  PID:6292
- C:\Windows\System\tIgehBc.exe
  C:\Windows\System\tIgehBc.exe
  2⤵
  PID:6280
- C:\Windows\System\OuPzTwC.exe
  C:\Windows\System\OuPzTwC.exe
  2⤵
  PID:5356
- C:\Windows\System\hxRKhCg.exe
  C:\Windows\System\hxRKhCg.exe
  2⤵
  PID:6312
- C:\Windows\System\xBKgZcr.exe
  C:\Windows\System\xBKgZcr.exe
  2⤵
  PID:6344
- C:\Windows\System\CZpVEye.exe
  C:\Windows\System\CZpVEye.exe
  2⤵
  PID:6420
- C:\Windows\System\ejUZumY.exe
  C:\Windows\System\ejUZumY.exe
  2⤵
  PID:6456
- C:\Windows\System\VJvJEQt.exe
  C:\Windows\System\VJvJEQt.exe
  2⤵
  PID:2952
- C:\Windows\System\sncIEdO.exe
  C:\Windows\System\sncIEdO.exe
  2⤵
  PID:6472
- C:\Windows\System\pZbeoed.exe
  C:\Windows\System\pZbeoed.exe
  2⤵
  PID:6548
- C:\Windows\System\llZgecb.exe
  C:\Windows\System\llZgecb.exe
  2⤵
  PID:6552
- C:\Windows\System\McBqhoc.exe
  C:\Windows\System\McBqhoc.exe
  2⤵
  PID:6584
- C:\Windows\System\mAWejvH.exe
  C:\Windows\System\mAWejvH.exe
  2⤵
  PID:6616
- C:\Windows\System\TfImqQH.exe
  C:\Windows\System\TfImqQH.exe
  2⤵
  PID:6628
- C:\Windows\System\ZxbONzD.exe
  C:\Windows\System\ZxbONzD.exe
  2⤵
  PID:6664
- C:\Windows\System\CWQfRKX.exe
  C:\Windows\System\CWQfRKX.exe
  2⤵
  PID:6696
- C:\Windows\System\DLEapTN.exe
  C:\Windows\System\DLEapTN.exe
  2⤵
  PID:6728
- C:\Windows\System\ebwjSEi.exe
  C:\Windows\System\ebwjSEi.exe
  2⤵
  PID:6780
- C:\Windows\System\LpACYEd.exe
  C:\Windows\System\LpACYEd.exe
  2⤵
  PID:1608
- C:\Windows\System\dJuMexO.exe
  C:\Windows\System\dJuMexO.exe
  2⤵
  PID:6828
- C:\Windows\System\eAGsGtm.exe
  C:\Windows\System\eAGsGtm.exe
  2⤵
  PID:6860
- C:\Windows\System\NGDZHpO.exe
  C:\Windows\System\NGDZHpO.exe
  2⤵
  PID:6892
- C:\Windows\System\GWgnWqF.exe
  C:\Windows\System\GWgnWqF.exe
  2⤵
  PID:6968
- C:\Windows\System\NRNfTOR.exe
  C:\Windows\System\NRNfTOR.exe
  2⤵
  PID:6956
- C:\Windows\System\yaHlMwK.exe
  C:\Windows\System\yaHlMwK.exe
  2⤵
  PID:6984
- C:\Windows\System\Gjmkywu.exe
  C:\Windows\System\Gjmkywu.exe
  2⤵
  PID:7016
- C:\Windows\System\fZqiLCh.exe
  C:\Windows\System\fZqiLCh.exe
  2⤵
  PID:7020
- C:\Windows\System\qyVXblu.exe
  C:\Windows\System\qyVXblu.exe
  2⤵
  PID:7052
- C:\Windows\System\XKpQBbv.exe
  C:\Windows\System\XKpQBbv.exe
  2⤵
  PID:7116
- C:\Windows\System\PYIGuko.exe
  C:\Windows\System\PYIGuko.exe
  2⤵
  PID:5500
- C:\Windows\System\hetclqv.exe
  C:\Windows\System\hetclqv.exe
  2⤵
  PID:7144
- C:\Windows\System\qPMEeLQ.exe
  C:\Windows\System\qPMEeLQ.exe
  2⤵
  PID:5532
- C:\Windows\System\dmYjbOT.exe
  C:\Windows\System\dmYjbOT.exe
  2⤵
  PID:5608
- C:\Windows\System\jjROPtA.exe
  C:\Windows\System\jjROPtA.exe
  2⤵
  PID:2868
- C:\Windows\System\VTBDRZZ.exe
  C:\Windows\System\VTBDRZZ.exe
  2⤵
  PID:2556
- C:\Windows\System\ckCPctH.exe
  C:\Windows\System\ckCPctH.exe
  2⤵
  PID:5996
- C:\Windows\System\rlGRXKd.exe
  C:\Windows\System\rlGRXKd.exe
  2⤵
  PID:6248
- C:\Windows\System\dsBdDCR.exe
  C:\Windows\System\dsBdDCR.exe
  2⤵
  PID:6212
- C:\Windows\System\bnFBqjm.exe
  C:\Windows\System\bnFBqjm.exe
  2⤵
  PID:2204
- C:\Windows\System\HDjYEBZ.exe
  C:\Windows\System\HDjYEBZ.exe
  2⤵
  PID:6392
- C:\Windows\System\zGimLCx.exe
  C:\Windows\System\zGimLCx.exe
  2⤵
  PID:6452
- C:\Windows\System\SBNfQLH.exe
  C:\Windows\System\SBNfQLH.exe
  2⤵
  PID:6484
- C:\Windows\System\NlVaGxP.exe
  C:\Windows\System\NlVaGxP.exe
  2⤵
  PID:6596
- C:\Windows\System\OPXaney.exe
  C:\Windows\System\OPXaney.exe
  2⤵
  PID:6504
- C:\Windows\System\eavOCUe.exe
  C:\Windows\System\eavOCUe.exe
  2⤵
  PID:6660
- C:\Windows\System\Vbbreto.exe
  C:\Windows\System\Vbbreto.exe
  2⤵
  PID:6676
- C:\Windows\System\ePJwwWw.exe
  C:\Windows\System\ePJwwWw.exe
  2⤵
  PID:6872
- C:\Windows\System\OnDDcvq.exe
  C:\Windows\System\OnDDcvq.exe
  2⤵
  PID:6856
- C:\Windows\System\SbQkccg.exe
  C:\Windows\System\SbQkccg.exe
  2⤵
  PID:7000
- C:\Windows\System\czcSsFX.exe
  C:\Windows\System\czcSsFX.exe
  2⤵
  PID:7068
- C:\Windows\System\yVDYhaL.exe
  C:\Windows\System\yVDYhaL.exe
  2⤵
  PID:6952
- C:\Windows\System\gtaSqrf.exe
  C:\Windows\System\gtaSqrf.exe
  2⤵
  PID:7128
- C:\Windows\System\KxOlPDe.exe
  C:\Windows\System\KxOlPDe.exe
  2⤵
  PID:7164
- C:\Windows\System\WrFiMVC.exe
  C:\Windows\System\WrFiMVC.exe
  2⤵
  PID:7148
- C:\Windows\System\qmWgxHb.exe
  C:\Windows\System\qmWgxHb.exe
  2⤵
  PID:4052
- C:\Windows\System\WgZhlqs.exe
  C:\Windows\System\WgZhlqs.exe
  2⤵
  PID:2452
- C:\Windows\System\hgznina.exe
  C:\Windows\System\hgznina.exe
  2⤵
  PID:4636
- C:\Windows\System\GinhdDF.exe
  C:\Windows\System\GinhdDF.exe
  2⤵
  PID:6196
- C:\Windows\System\Shuzmjk.exe
  C:\Windows\System\Shuzmjk.exe
  2⤵
  PID:2800
- C:\Windows\System\iSJgUuA.exe
  C:\Windows\System\iSJgUuA.exe
  2⤵
  PID:6360
- C:\Windows\System\ISxhJVa.exe
  C:\Windows\System\ISxhJVa.exe
  2⤵
  PID:6536
- C:\Windows\System\rZHMdWH.exe
  C:\Windows\System\rZHMdWH.exe
  2⤵
  PID:6632
- C:\Windows\System\qMrvxIe.exe
  C:\Windows\System\qMrvxIe.exe
  2⤵
  PID:6724
- C:\Windows\System\hGgCRee.exe
  C:\Windows\System\hGgCRee.exe
  2⤵
  PID:6776
- C:\Windows\System\PPYAiMs.exe
  C:\Windows\System\PPYAiMs.exe
  2⤵
  PID:7032
- C:\Windows\System\MArrzft.exe
  C:\Windows\System\MArrzft.exe
  2⤵
  PID:7176
- C:\Windows\System\aHvdSTZ.exe
  C:\Windows\System\aHvdSTZ.exe
  2⤵
  PID:7192
- C:\Windows\System\vVrXIbe.exe
  C:\Windows\System\vVrXIbe.exe
  2⤵
  PID:7208
- C:\Windows\System\jQuLcyh.exe
  C:\Windows\System\jQuLcyh.exe
  2⤵
  PID:7224
- C:\Windows\System\xSdmMqZ.exe
  C:\Windows\System\xSdmMqZ.exe
  2⤵
  PID:7240
- C:\Windows\System\hQpXKfw.exe
  C:\Windows\System\hQpXKfw.exe
  2⤵
  PID:7256
- C:\Windows\System\vnYnuBg.exe
  C:\Windows\System\vnYnuBg.exe
  2⤵
  PID:7272
- C:\Windows\System\OsuKlxn.exe
  C:\Windows\System\OsuKlxn.exe
  2⤵
  PID:7288
- C:\Windows\System\gmksqEp.exe
  C:\Windows\System\gmksqEp.exe
  2⤵
  PID:7304
- C:\Windows\System\RhVJMQk.exe
  C:\Windows\System\RhVJMQk.exe
  2⤵
  PID:7320
- C:\Windows\System\GAKuTEB.exe
  C:\Windows\System\GAKuTEB.exe
  2⤵
  PID:7336
- C:\Windows\System\UgqUron.exe
  C:\Windows\System\UgqUron.exe
  2⤵
  PID:7352
- C:\Windows\System\DooYeXE.exe
  C:\Windows\System\DooYeXE.exe
  2⤵
  PID:7368
- C:\Windows\System\ZQiCXWo.exe
  C:\Windows\System\ZQiCXWo.exe
  2⤵
  PID:7384
- C:\Windows\System\tiRoMVc.exe
  C:\Windows\System\tiRoMVc.exe
  2⤵
  PID:7400
- C:\Windows\System\WesUzMz.exe
  C:\Windows\System\WesUzMz.exe
  2⤵
  PID:7416
- C:\Windows\System\eAswCZg.exe
  C:\Windows\System\eAswCZg.exe
  2⤵
  PID:7432
- C:\Windows\System\oSoSHIM.exe
  C:\Windows\System\oSoSHIM.exe
  2⤵
  PID:7448
- C:\Windows\System\ecgaMLO.exe
  C:\Windows\System\ecgaMLO.exe
  2⤵
  PID:7464
- C:\Windows\System\igISUVV.exe
  C:\Windows\System\igISUVV.exe
  2⤵
  PID:7480
- C:\Windows\System\UcpmvtY.exe
  C:\Windows\System\UcpmvtY.exe
  2⤵
  PID:7496
- C:\Windows\System\fVaqpdr.exe
  C:\Windows\System\fVaqpdr.exe
  2⤵
  PID:7512
- C:\Windows\System\rtNNxTj.exe
  C:\Windows\System\rtNNxTj.exe
  2⤵
  PID:7528
- C:\Windows\System\kzMZlDH.exe
  C:\Windows\System\kzMZlDH.exe
  2⤵
  PID:7544
- C:\Windows\System\RYOsIZe.exe
  C:\Windows\System\RYOsIZe.exe
  2⤵
  PID:7560
- C:\Windows\System\nqcjtXx.exe
  C:\Windows\System\nqcjtXx.exe
  2⤵
  PID:7576
- C:\Windows\System\mqssFPa.exe
  C:\Windows\System\mqssFPa.exe
  2⤵
  PID:7592
- C:\Windows\System\xQMSRVa.exe
  C:\Windows\System\xQMSRVa.exe
  2⤵
  PID:7608
- C:\Windows\System\FWuLheX.exe
  C:\Windows\System\FWuLheX.exe
  2⤵
  PID:7624
- C:\Windows\System\DreBpme.exe
  C:\Windows\System\DreBpme.exe
  2⤵
  PID:7640
- C:\Windows\System\ZqpqCAF.exe
  C:\Windows\System\ZqpqCAF.exe
  2⤵
  PID:7656
- C:\Windows\System\ECRBnrS.exe
  C:\Windows\System\ECRBnrS.exe
  2⤵
  PID:7672
- C:\Windows\System\qDPJelI.exe
  C:\Windows\System\qDPJelI.exe
  2⤵
  PID:7688
- C:\Windows\System\FwXpYJm.exe
  C:\Windows\System\FwXpYJm.exe
  2⤵
  PID:7704
- C:\Windows\System\EjHLWBj.exe
  C:\Windows\System\EjHLWBj.exe
  2⤵
  PID:7720
- C:\Windows\System\PwzALAx.exe
  C:\Windows\System\PwzALAx.exe
  2⤵
  PID:7736
- C:\Windows\System\uvxEdsd.exe
  C:\Windows\System\uvxEdsd.exe
  2⤵
  PID:7752
- C:\Windows\System\mgcsuap.exe
  C:\Windows\System\mgcsuap.exe
  2⤵
  PID:7768
- C:\Windows\System\CDzEIlI.exe
  C:\Windows\System\CDzEIlI.exe
  2⤵
  PID:7784
- C:\Windows\System\DqwHTxg.exe
  C:\Windows\System\DqwHTxg.exe
  2⤵
  PID:7800
- C:\Windows\System\eoigxlU.exe
  C:\Windows\System\eoigxlU.exe
  2⤵
  PID:7816
- C:\Windows\System\tSgtjgk.exe
  C:\Windows\System\tSgtjgk.exe
  2⤵
  PID:7832
- C:\Windows\System\TgnvKAm.exe
  C:\Windows\System\TgnvKAm.exe
  2⤵
  PID:7848
- C:\Windows\System\hMPdUwu.exe
  C:\Windows\System\hMPdUwu.exe
  2⤵
  PID:7864
- C:\Windows\System\YbcuaFf.exe
  C:\Windows\System\YbcuaFf.exe
  2⤵
  PID:7880
- C:\Windows\System\ckCDEkD.exe
  C:\Windows\System\ckCDEkD.exe
  2⤵
  PID:7900
- C:\Windows\System\TDxJLHx.exe
  C:\Windows\System\TDxJLHx.exe
  2⤵
  PID:7916
- C:\Windows\System\Zefnjzq.exe
  C:\Windows\System\Zefnjzq.exe
  2⤵
  PID:7932
- C:\Windows\System\bhusksU.exe
  C:\Windows\System\bhusksU.exe
  2⤵
  PID:7948
- C:\Windows\System\GFQzJLp.exe
  C:\Windows\System\GFQzJLp.exe
  2⤵
  PID:7964
- C:\Windows\System\bWFDCFk.exe
  C:\Windows\System\bWFDCFk.exe
  2⤵
  PID:7980
- C:\Windows\System\lBNXZwM.exe
  C:\Windows\System\lBNXZwM.exe
  2⤵
  PID:7996
- C:\Windows\System\avPdOUd.exe
  C:\Windows\System\avPdOUd.exe
  2⤵
  PID:8012
- C:\Windows\System\zarNAzN.exe
  C:\Windows\System\zarNAzN.exe
  2⤵
  PID:8032
- C:\Windows\System\YRkJVyq.exe
  C:\Windows\System\YRkJVyq.exe
  2⤵
  PID:8048
- C:\Windows\System\RIlqqKM.exe
  C:\Windows\System\RIlqqKM.exe
  2⤵
  PID:8064
- C:\Windows\System\KlHMLsu.exe
  C:\Windows\System\KlHMLsu.exe
  2⤵
  PID:8080
- C:\Windows\System\eYrKiSY.exe
  C:\Windows\System\eYrKiSY.exe
  2⤵
  PID:8096
- C:\Windows\System\GmTHTGb.exe
  C:\Windows\System\GmTHTGb.exe
  2⤵
  PID:8112
- C:\Windows\System\CZzoLyF.exe
  C:\Windows\System\CZzoLyF.exe
  2⤵
  PID:8128
- C:\Windows\System\gCJhYZE.exe
  C:\Windows\System\gCJhYZE.exe
  2⤵
  PID:8144
- C:\Windows\System\iABaHja.exe
  C:\Windows\System\iABaHja.exe
  2⤵
  PID:8160
- C:\Windows\System\iBGQBLB.exe
  C:\Windows\System\iBGQBLB.exe
  2⤵
  PID:8176
- C:\Windows\System\LALfqKd.exe
  C:\Windows\System\LALfqKd.exe
  2⤵
  PID:7084
- C:\Windows\System\GwszDAh.exe
  C:\Windows\System\GwszDAh.exe
  2⤵
  PID:5816
- C:\Windows\System\AYSwUQd.exe
  C:\Windows\System\AYSwUQd.exe
  2⤵
  PID:2584
- C:\Windows\System\urImesH.exe
  C:\Windows\System\urImesH.exe
  2⤵
  PID:6184
- C:\Windows\System\qXlnDgm.exe
  C:\Windows\System\qXlnDgm.exe
  2⤵
  PID:6356
- C:\Windows\System\vaIOgnJ.exe
  C:\Windows\System\vaIOgnJ.exe
  2⤵
  PID:6568
- C:\Windows\System\HtiHLvG.exe
  C:\Windows\System\HtiHLvG.exe
  2⤵
  PID:6692
- C:\Windows\System\bUMkAUj.exe
  C:\Windows\System\bUMkAUj.exe
  2⤵
  PID:7036
- C:\Windows\System\DPQxUoH.exe
  C:\Windows\System\DPQxUoH.exe
  2⤵
  PID:7200
- C:\Windows\System\WPdomNk.exe
  C:\Windows\System\WPdomNk.exe
  2⤵
  PID:7232
- C:\Windows\System\ODXKWlx.exe
  C:\Windows\System\ODXKWlx.exe
  2⤵
  PID:7264
- C:\Windows\System\PuUsEMZ.exe
  C:\Windows\System\PuUsEMZ.exe
  2⤵
  PID:7296
- C:\Windows\System\Egiujvc.exe
  C:\Windows\System\Egiujvc.exe
  2⤵
  PID:7328
- C:\Windows\System\RwGnCDp.exe
  C:\Windows\System\RwGnCDp.exe
  2⤵
  PID:7360
- C:\Windows\System\dcrtOEQ.exe
  C:\Windows\System\dcrtOEQ.exe
  2⤵
  PID:7392
- C:\Windows\System\ZCtlGRl.exe
  C:\Windows\System\ZCtlGRl.exe
  2⤵
  PID:2592
- C:\Windows\System\QnplzZQ.exe
  C:\Windows\System\QnplzZQ.exe
  2⤵
  PID:2448
- C:\Windows\System\tKwrbSE.exe
  C:\Windows\System\tKwrbSE.exe
  2⤵
  PID:7456
- C:\Windows\System\LdrpSqY.exe
  C:\Windows\System\LdrpSqY.exe
  2⤵
  PID:1588
- C:\Windows\System\yTfJscJ.exe
  C:\Windows\System\yTfJscJ.exe
  2⤵
  PID:7508
- C:\Windows\System\zvQtWLx.exe
  C:\Windows\System\zvQtWLx.exe
  2⤵
  PID:7540
- C:\Windows\System\lGGHDSf.exe
  C:\Windows\System\lGGHDSf.exe
  2⤵
  PID:7572
- C:\Windows\System\USGAimI.exe
  C:\Windows\System\USGAimI.exe
  2⤵
  PID:7604
- C:\Windows\System\SALuzyF.exe
  C:\Windows\System\SALuzyF.exe
  2⤵
  PID:7636
- C:\Windows\System\OyqjkZG.exe
  C:\Windows\System\OyqjkZG.exe
  2⤵
  PID:7668
- C:\Windows\System\bKfuAJJ.exe
  C:\Windows\System\bKfuAJJ.exe
  2⤵
  PID:7700
- C:\Windows\System\srdJTFp.exe
  C:\Windows\System\srdJTFp.exe
  2⤵
  PID:7728
- C:\Windows\System\KCFoJIw.exe
  C:\Windows\System\KCFoJIw.exe
  2⤵
  PID:7748
- C:\Windows\System\AtywaYh.exe
  C:\Windows\System\AtywaYh.exe
  2⤵
  PID:7780
- C:\Windows\System\BTRIYiO.exe
  C:\Windows\System\BTRIYiO.exe
  2⤵
  PID:7824
- C:\Windows\System\NiMLnon.exe
  C:\Windows\System\NiMLnon.exe
  2⤵
  PID:7856
- C:\Windows\System\pAgIKRb.exe
  C:\Windows\System\pAgIKRb.exe
  2⤵
  PID:7872
- C:\Windows\System\AMWZkbD.exe
  C:\Windows\System\AMWZkbD.exe
  2⤵
  PID:2620
- C:\Windows\System\pUCdazr.exe
  C:\Windows\System\pUCdazr.exe
  2⤵
  PID:7928
- C:\Windows\System\mUfQiiw.exe
  C:\Windows\System\mUfQiiw.exe
  2⤵
  PID:7960
- C:\Windows\System\sHdBOVR.exe
  C:\Windows\System\sHdBOVR.exe
  2⤵
  PID:2748
- C:\Windows\System\ddfEVrx.exe
  C:\Windows\System\ddfEVrx.exe
  2⤵
  PID:8008
- C:\Windows\System\kMmizDR.exe
  C:\Windows\System\kMmizDR.exe
  2⤵
  PID:8056
- C:\Windows\System\jKzRsPW.exe
  C:\Windows\System\jKzRsPW.exe
  2⤵
  PID:8088
- C:\Windows\System\vhyXYGr.exe
  C:\Windows\System\vhyXYGr.exe
  2⤵
  PID:8108
- C:\Windows\System\DzvRloJ.exe
  C:\Windows\System\DzvRloJ.exe
  2⤵
  PID:484
- C:\Windows\System\qEAfImN.exe
  C:\Windows\System\qEAfImN.exe
  2⤵
  PID:8156
- C:\Windows\System\sGqBSsC.exe
  C:\Windows\System\sGqBSsC.exe
  2⤵
  PID:8172
- C:\Windows\System\MmLuItt.exe
  C:\Windows\System\MmLuItt.exe
  2⤵
  PID:2820
- C:\Windows\System\eQWxCGn.exe
  C:\Windows\System\eQWxCGn.exe
  2⤵
  PID:6200
- C:\Windows\System\ovzkSez.exe
  C:\Windows\System\ovzkSez.exe
  2⤵
  PID:536
- C:\Windows\System\BPCcWGX.exe
  C:\Windows\System\BPCcWGX.exe
  2⤵
  PID:6468
- C:\Windows\System\yaqmuEh.exe
  C:\Windows\System\yaqmuEh.exe
  2⤵
  PID:7188
- C:\Windows\System\rrqtXJt.exe
  C:\Windows\System\rrqtXJt.exe
  2⤵
  PID:7220
- C:\Windows\System\zzRYWrP.exe
  C:\Windows\System\zzRYWrP.exe
  2⤵
  PID:7280
- C:\Windows\System\DwMHICb.exe
  C:\Windows\System\DwMHICb.exe
  2⤵
  PID:7348
- C:\Windows\System\RAQNFes.exe
  C:\Windows\System\RAQNFes.exe
  2⤵
  PID:2128
- C:\Windows\System\NDaivmK.exe
  C:\Windows\System\NDaivmK.exe
  2⤵
  PID:7460
- C:\Windows\System\nKjkjUw.exe
  C:\Windows\System\nKjkjUw.exe
  2⤵
  PID:2664
- C:\Windows\System\ooFvCyl.exe
  C:\Windows\System\ooFvCyl.exe
  2⤵
  PID:2608
- C:\Windows\System\ktWhNHs.exe
  C:\Windows\System\ktWhNHs.exe
  2⤵
  PID:7568
- C:\Windows\System\EdzsMHx.exe
  C:\Windows\System\EdzsMHx.exe
  2⤵
  PID:7632
- C:\Windows\System\GCQxKjm.exe
  C:\Windows\System\GCQxKjm.exe
  2⤵
  PID:7712
- C:\Windows\System\YOrWerw.exe
  C:\Windows\System\YOrWerw.exe
  2⤵
  PID:7744
- C:\Windows\System\uHVrUNt.exe
  C:\Windows\System\uHVrUNt.exe
  2⤵
  PID:7828
- C:\Windows\System\vIZERTq.exe
  C:\Windows\System\vIZERTq.exe
  2⤵
  PID:1576
- C:\Windows\System\nzSyHly.exe
  C:\Windows\System\nzSyHly.exe
  2⤵
  PID:7860
- C:\Windows\System\txTUERt.exe
  C:\Windows\System\txTUERt.exe
  2⤵
  PID:7944
- C:\Windows\System\ObjTYyB.exe
  C:\Windows\System\ObjTYyB.exe
  2⤵
  PID:8004
- C:\Windows\System\KWCYAQu.exe
  C:\Windows\System\KWCYAQu.exe
  2⤵
  PID:8060
- C:\Windows\System\dqtoYoH.exe
  C:\Windows\System\dqtoYoH.exe
  2⤵
  PID:8104
- C:\Windows\System\EEIWGeh.exe
  C:\Windows\System\EEIWGeh.exe
  2⤵
  PID:8140
- C:\Windows\System\wdbwRXr.exe
  C:\Windows\System\wdbwRXr.exe
  2⤵
  PID:4048
- C:\Windows\System\igWWGAd.exe
  C:\Windows\System\igWWGAd.exe
  2⤵
  PID:3004
- C:\Windows\System\eJhgnBB.exe
  C:\Windows\System\eJhgnBB.exe
  2⤵
  PID:2836
- C:\Windows\System\oUDtKKO.exe
  C:\Windows\System\oUDtKKO.exe
  2⤵
  PID:7396
- C:\Windows\System\xEKeqzC.exe
  C:\Windows\System\xEKeqzC.exe
  2⤵
  PID:7476
- C:\Windows\System\JGozpGB.exe
  C:\Windows\System\JGozpGB.exe
  2⤵
  PID:1716
- C:\Windows\System\sactvSO.exe
  C:\Windows\System\sactvSO.exe
  2⤵
  PID:7664
- C:\Windows\System\OxIsIQi.exe
  C:\Windows\System\OxIsIQi.exe
  2⤵
  PID:876
- C:\Windows\System\zgzpabz.exe
  C:\Windows\System\zgzpabz.exe
  2⤵
  PID:564
- C:\Windows\System\KObojYR.exe
  C:\Windows\System\KObojYR.exe
  2⤵
  PID:7792
- C:\Windows\System\InLVqlj.exe
  C:\Windows\System\InLVqlj.exe
  2⤵
  PID:2368
- C:\Windows\System\sKoVvNW.exe
  C:\Windows\System\sKoVvNW.exe
  2⤵
  PID:7988
- C:\Windows\System\rYfzdPD.exe
  C:\Windows\System\rYfzdPD.exe
  2⤵
  PID:2424
- C:\Windows\System\eUfUsoD.exe
  C:\Windows\System\eUfUsoD.exe
  2⤵
  PID:1224
- C:\Windows\System\EZlQyWS.exe
  C:\Windows\System\EZlQyWS.exe
  2⤵
  PID:1660
- C:\Windows\System\LscZZVh.exe
  C:\Windows\System\LscZZVh.exe
  2⤵
  PID:832
- C:\Windows\System\aYfjBRG.exe
  C:\Windows\System\aYfjBRG.exe
  2⤵
  PID:7216
- C:\Windows\System\uFTbHOO.exe
  C:\Windows\System\uFTbHOO.exe
  2⤵
  PID:444
- C:\Windows\System\UbyQGRn.exe
  C:\Windows\System\UbyQGRn.exe
  2⤵
  PID:1992
- C:\Windows\System\VQSTYzz.exe
  C:\Windows\System\VQSTYzz.exe
  2⤵
  PID:7620
- C:\Windows\System\jJEUESg.exe
  C:\Windows\System\jJEUESg.exe
  2⤵
  PID:7808
- C:\Windows\System\nugslCI.exe
  C:\Windows\System\nugslCI.exe
  2⤵
  PID:2936
- C:\Windows\System\pFEieIm.exe
  C:\Windows\System\pFEieIm.exe
  2⤵
  PID:8208
- C:\Windows\System\nmAeUkO.exe
  C:\Windows\System\nmAeUkO.exe
  2⤵
  PID:8224
- C:\Windows\System\psNRedF.exe
  C:\Windows\System\psNRedF.exe
  2⤵
  PID:8240
- C:\Windows\System\RGDqFse.exe
  C:\Windows\System\RGDqFse.exe
  2⤵
  PID:8256
- C:\Windows\System\uPUerGX.exe
  C:\Windows\System\uPUerGX.exe
  2⤵
  PID:8272
- C:\Windows\System\SWacOaT.exe
  C:\Windows\System\SWacOaT.exe
  2⤵
  PID:8324
- C:\Windows\System\MqGThER.exe
  C:\Windows\System\MqGThER.exe
  2⤵
  PID:8620
- C:\Windows\System\DOLYfmS.exe
  C:\Windows\System\DOLYfmS.exe
  2⤵
  PID:8636
- C:\Windows\System\LqpcxxM.exe
  C:\Windows\System\LqpcxxM.exe
  2⤵
  PID:8652
- C:\Windows\System\QUGuogP.exe
  C:\Windows\System\QUGuogP.exe
  2⤵
  PID:8668
- C:\Windows\System\cwwmklK.exe
  C:\Windows\System\cwwmklK.exe
  2⤵
  PID:8684
- C:\Windows\System\tGaLIfS.exe
  C:\Windows\System\tGaLIfS.exe
  2⤵
  PID:8700
- C:\Windows\System\MFDegsJ.exe
  C:\Windows\System\MFDegsJ.exe
  2⤵
  PID:8716
- C:\Windows\System\FlvkgbK.exe
  C:\Windows\System\FlvkgbK.exe
  2⤵
  PID:8732
- C:\Windows\System\Jjornwo.exe
  C:\Windows\System\Jjornwo.exe
  2⤵
  PID:8748
- C:\Windows\System\ONfyUKY.exe
  C:\Windows\System\ONfyUKY.exe
  2⤵
  PID:8764
- C:\Windows\System\KqLXgdb.exe
  C:\Windows\System\KqLXgdb.exe
  2⤵
  PID:8780
- C:\Windows\System\oiSImNY.exe
  C:\Windows\System\oiSImNY.exe
  2⤵
  PID:8796
- C:\Windows\System\VpUoOpn.exe
  C:\Windows\System\VpUoOpn.exe
  2⤵
  PID:8812
- C:\Windows\System\ZdnxUAZ.exe
  C:\Windows\System\ZdnxUAZ.exe
  2⤵
  PID:8828
- C:\Windows\System\WChmtAT.exe
  C:\Windows\System\WChmtAT.exe
  2⤵
  PID:8844
- C:\Windows\System\GDobGKX.exe
  C:\Windows\System\GDobGKX.exe
  2⤵
  PID:8860
- C:\Windows\System\jMeXQCV.exe
  C:\Windows\System\jMeXQCV.exe
  2⤵
  PID:8880
- C:\Windows\System\ttqpaiY.exe
  C:\Windows\System\ttqpaiY.exe
  2⤵
  PID:8896
- C:\Windows\System\GLNXKYV.exe
  C:\Windows\System\GLNXKYV.exe
  2⤵
  PID:8912
- C:\Windows\System\CSXnDRa.exe
  C:\Windows\System\CSXnDRa.exe
  2⤵
  PID:8928
- C:\Windows\System\SYkSNSf.exe
  C:\Windows\System\SYkSNSf.exe
  2⤵
  PID:8944
- C:\Windows\System\TNXhIep.exe
  C:\Windows\System\TNXhIep.exe
  2⤵
  PID:8960
- C:\Windows\System\bNnTwtc.exe
  C:\Windows\System\bNnTwtc.exe
  2⤵
  PID:8976
- C:\Windows\System\UyrgdBf.exe
  C:\Windows\System\UyrgdBf.exe
  2⤵
  PID:8992
- C:\Windows\System\eVeMdec.exe
  C:\Windows\System\eVeMdec.exe
  2⤵
  PID:9008
- C:\Windows\System\bbiXgcQ.exe
  C:\Windows\System\bbiXgcQ.exe
  2⤵
  PID:9024
- C:\Windows\System\CrmVaac.exe
  C:\Windows\System\CrmVaac.exe
  2⤵
  PID:9040
- C:\Windows\System\IzehOcd.exe
  C:\Windows\System\IzehOcd.exe
  2⤵
  PID:9056
- C:\Windows\System\tGJyabF.exe
  C:\Windows\System\tGJyabF.exe
  2⤵
  PID:9072
- C:\Windows\System\UekIuCW.exe
  C:\Windows\System\UekIuCW.exe
  2⤵
  PID:9088
- C:\Windows\System\HSinlah.exe
  C:\Windows\System\HSinlah.exe
  2⤵
  PID:9104
- C:\Windows\System\IEtMODe.exe
  C:\Windows\System\IEtMODe.exe
  2⤵
  PID:9120
- C:\Windows\System\XQKdUZS.exe
  C:\Windows\System\XQKdUZS.exe
  2⤵
  PID:9136
- C:\Windows\System\ZRGQARV.exe
  C:\Windows\System\ZRGQARV.exe
  2⤵
  PID:9152
- C:\Windows\System\edysPLH.exe
  C:\Windows\System\edysPLH.exe
  2⤵
  PID:9168
- C:\Windows\System\OjsBrUe.exe
  C:\Windows\System\OjsBrUe.exe
  2⤵
  PID:9184
- C:\Windows\System\xpOjROe.exe
  C:\Windows\System\xpOjROe.exe
  2⤵
  PID:9200
- C:\Windows\System\dxumYhc.exe
  C:\Windows\System\dxumYhc.exe
  2⤵
  PID:344
- C:\Windows\System\bXlRSsK.exe
  C:\Windows\System\bXlRSsK.exe
  2⤵
  PID:7696
- C:\Windows\System\NfepOMW.exe
  C:\Windows\System\NfepOMW.exe
  2⤵
  PID:8232
- C:\Windows\System\sjzsngD.exe
  C:\Windows\System\sjzsngD.exe
  2⤵
  PID:1888
- C:\Windows\System\OrszLoG.exe
  C:\Windows\System\OrszLoG.exe
  2⤵
  PID:7380
- C:\Windows\System\lmzBqdu.exe
  C:\Windows\System\lmzBqdu.exe
  2⤵
  PID:2848
- C:\Windows\System\LBLtxYx.exe
  C:\Windows\System\LBLtxYx.exe
  2⤵
  PID:7924
- C:\Windows\System\oEDvNRU.exe
  C:\Windows\System\oEDvNRU.exe
  2⤵
  PID:1504
- C:\Windows\System\pcIOftD.exe
  C:\Windows\System\pcIOftD.exe
  2⤵
  PID:7524
- C:\Windows\System\cuybhLW.exe
  C:\Windows\System\cuybhLW.exe
  2⤵
  PID:8216
- C:\Windows\System\zAizZRz.exe
  C:\Windows\System\zAizZRz.exe
  2⤵
  PID:8280
- C:\Windows\System\ieUcDFO.exe
  C:\Windows\System\ieUcDFO.exe
  2⤵
  PID:8300
- C:\Windows\System\ASphLjo.exe
  C:\Windows\System\ASphLjo.exe
  2⤵
  PID:8284
- C:\Windows\System\vhnECFE.exe
  C:\Windows\System\vhnECFE.exe
  2⤵
  PID:8344
- C:\Windows\System\dmosoli.exe
  C:\Windows\System\dmosoli.exe
  2⤵
  PID:8360
- C:\Windows\System\tzLvEcK.exe
  C:\Windows\System\tzLvEcK.exe
  2⤵
  PID:8376
- C:\Windows\System\jPBGkin.exe
  C:\Windows\System\jPBGkin.exe
  2⤵
  PID:8392
- C:\Windows\System\MDZdZIf.exe
  C:\Windows\System\MDZdZIf.exe
  2⤵
  PID:8520
- C:\Windows\System\tzqBIbR.exe
  C:\Windows\System\tzqBIbR.exe
  2⤵
  PID:8492
- C:\Windows\System\tewKqHU.exe
  C:\Windows\System\tewKqHU.exe
  2⤵
  PID:8488
- C:\Windows\System\IOHGnWR.exe
  C:\Windows\System\IOHGnWR.exe
  2⤵
  PID:8456
- C:\Windows\System\qVysCOS.exe
  C:\Windows\System\qVysCOS.exe
  2⤵
  PID:8448
- C:\Windows\System\DwKbmgv.exe
  C:\Windows\System\DwKbmgv.exe
  2⤵
  PID:8436
- C:\Windows\System\hrXdZQB.exe
  C:\Windows\System\hrXdZQB.exe
  2⤵
  PID:8544
- C:\Windows\System\gNKwpCD.exe
  C:\Windows\System\gNKwpCD.exe
  2⤵
  PID:8548
- C:\Windows\System\dihfdcY.exe
  C:\Windows\System\dihfdcY.exe
  2⤵
  PID:8400
- C:\Windows\System\rvBTDbt.exe
  C:\Windows\System\rvBTDbt.exe
  2⤵
  PID:8552
- C:\Windows\System\oyPVkoo.exe
  C:\Windows\System\oyPVkoo.exe
  2⤵
  PID:8568
- C:\Windows\System\xmmovVx.exe
  C:\Windows\System\xmmovVx.exe
  2⤵
  PID:8584
- C:\Windows\System\YCZBQeo.exe
  C:\Windows\System\YCZBQeo.exe
  2⤵
  PID:2268
- C:\Windows\System\FCwZNXz.exe
  C:\Windows\System\FCwZNXz.exe
  2⤵
  PID:2308
- C:\Windows\System\vbUkMLm.exe
  C:\Windows\System\vbUkMLm.exe
  2⤵
  PID:8608
- C:\Windows\System\WCHjKlP.exe
  C:\Windows\System\WCHjKlP.exe
  2⤵
  PID:8616
- C:\Windows\System\SJqNNqW.exe
  C:\Windows\System\SJqNNqW.exe
  2⤵
  PID:8680
- C:\Windows\System\qCktFrR.exe
  C:\Windows\System\qCktFrR.exe
  2⤵
  PID:8660
- C:\Windows\System\tsYvKbI.exe
  C:\Windows\System\tsYvKbI.exe
  2⤵
  PID:8724
- C:\Windows\System\NEbxJvj.exe
  C:\Windows\System\NEbxJvj.exe
  2⤵
  PID:8712
- C:\Windows\System\pIOOegZ.exe
  C:\Windows\System\pIOOegZ.exe
  2⤵
  PID:8808
- C:\Windows\System\SkEfJXm.exe
  C:\Windows\System\SkEfJXm.exe
  2⤵
  PID:8760
- C:\Windows\System\VBmbnhX.exe
  C:\Windows\System\VBmbnhX.exe
  2⤵
  PID:8792
- C:\Windows\System\NsLRFQP.exe
  C:\Windows\System\NsLRFQP.exe
  2⤵
  PID:8904
- C:\Windows\System\SYmtljY.exe
  C:\Windows\System\SYmtljY.exe
  2⤵
  PID:8968
- C:\Windows\System\bEitXut.exe
  C:\Windows\System\bEitXut.exe
  2⤵
  PID:8888
- C:\Windows\System\hiIFKJi.exe
  C:\Windows\System\hiIFKJi.exe
  2⤵
  PID:9016
- C:\Windows\System\HkrLZqB.exe
  C:\Windows\System\HkrLZqB.exe
  2⤵
  PID:9000
- C:\Windows\System\EkBnnBO.exe
  C:\Windows\System\EkBnnBO.exe
  2⤵
  PID:9100
- C:\Windows\System\bkIedeN.exe
  C:\Windows\System\bkIedeN.exe
  2⤵
  PID:9020
- C:\Windows\System\EpINPpA.exe
  C:\Windows\System\EpINPpA.exe
  2⤵
  PID:9132
- C:\Windows\System\GSBUVDE.exe
  C:\Windows\System\GSBUVDE.exe
  2⤵
  PID:9192
- C:\Windows\System\QSAOpPU.exe
  C:\Windows\System\QSAOpPU.exe
  2⤵
  PID:9084
- C:\Windows\System\UiCLuqd.exe
  C:\Windows\System\UiCLuqd.exe
  2⤵
  PID:1072
- C:\Windows\System\FbNQsFE.exe
  C:\Windows\System\FbNQsFE.exe
  2⤵
  PID:8040
- C:\Windows\System\KvNAdUe.exe
  C:\Windows\System\KvNAdUe.exe
  2⤵
  PID:9176
- C:\Windows\System\tWUigoW.exe
  C:\Windows\System\tWUigoW.exe
  2⤵
  PID:8292
- C:\Windows\System\ZHzRZPr.exe
  C:\Windows\System\ZHzRZPr.exe
  2⤵
  PID:8372
- C:\Windows\System\IxMXqkI.exe
  C:\Windows\System\IxMXqkI.exe
  2⤵
  PID:8500
- C:\Windows\System\wHDQYbT.exe
  C:\Windows\System\wHDQYbT.exe
  2⤵
  PID:2364
- C:\Windows\System\VtYRTlk.exe
  C:\Windows\System\VtYRTlk.exe
  2⤵
  PID:8200
- C:\Windows\System\vHMOtza.exe
  C:\Windows\System\vHMOtza.exe
  2⤵
  PID:7812
- C:\Windows\System\eoEMKBb.exe
  C:\Windows\System\eoEMKBb.exe
  2⤵
  PID:8352
- C:\Windows\System\LlPxptm.exe
  C:\Windows\System\LlPxptm.exe
  2⤵
  PID:8516
- C:\Windows\System\wZomcKa.exe
  C:\Windows\System\wZomcKa.exe
  2⤵
  PID:8460
- C:\Windows\System\ZRnEFIU.exe
  C:\Windows\System\ZRnEFIU.exe
  2⤵
  PID:8424
- C:\Windows\System\iWCUzIj.exe
  C:\Windows\System\iWCUzIj.exe
  2⤵
  PID:8396
- C:\Windows\System\ZUJCKDf.exe
  C:\Windows\System\ZUJCKDf.exe
  2⤵
  PID:8564
- C:\Windows\System\xRzCpxP.exe
  C:\Windows\System\xRzCpxP.exe
  2⤵
  PID:8600
- C:\Windows\System\eoloRNM.exe
  C:\Windows\System\eoloRNM.exe
  2⤵
  PID:8580
- C:\Windows\System\llTJkWQ.exe
  C:\Windows\System\llTJkWQ.exe
  2⤵
  PID:2152
- C:\Windows\System\OMIVKse.exe
  C:\Windows\System\OMIVKse.exe
  2⤵
  PID:7344
- C:\Windows\System\DDWbrgx.exe
  C:\Windows\System\DDWbrgx.exe
  2⤵
  PID:8772
- C:\Windows\System\txpresY.exe
  C:\Windows\System\txpresY.exe
  2⤵
  PID:8876
- C:\Windows\System\HlvzuqU.exe
  C:\Windows\System\HlvzuqU.exe
  2⤵
  PID:9036
- C:\Windows\System\qhHsmnV.exe
  C:\Windows\System\qhHsmnV.exe
  2⤵
  PID:9080
- C:\Windows\System\LnMesLy.exe
  C:\Windows\System\LnMesLy.exe
  2⤵
  PID:9148
- C:\Windows\System\WccIZRa.exe
  C:\Windows\System\WccIZRa.exe
  2⤵
  PID:9212
- C:\Windows\System\crUqENt.exe
  C:\Windows\System\crUqENt.exe
  2⤵
  PID:8788
- C:\Windows\System\dWoPkxJ.exe
  C:\Windows\System\dWoPkxJ.exe
  2⤵
  PID:8924
- C:\Windows\System\FyVxoDL.exe
  C:\Windows\System\FyVxoDL.exe
  2⤵
  PID:9128
- C:\Windows\System\cXzQaTU.exe
  C:\Windows\System\cXzQaTU.exe
  2⤵
  PID:1304
- C:\Windows\System\hasxNnJ.exe
  C:\Windows\System\hasxNnJ.exe
  2⤵
  PID:8496
- C:\Windows\System\RnVdVXB.exe
  C:\Windows\System\RnVdVXB.exe
  2⤵
  PID:8312
- C:\Windows\System\WuWOsdo.exe
  C:\Windows\System\WuWOsdo.exe
  2⤵
  PID:8404
- C:\Windows\System\hPvByam.exe
  C:\Windows\System\hPvByam.exe
  2⤵
  PID:8744
- C:\Windows\System\ubGAapg.exe
  C:\Windows\System\ubGAapg.exe
  2⤵
  PID:324
- C:\Windows\System\lcPaDVY.exe
  C:\Windows\System\lcPaDVY.exe
  2⤵
  PID:9232
- C:\Windows\System\vGpxPPo.exe
  C:\Windows\System\vGpxPPo.exe
  2⤵
  PID:9248
- C:\Windows\System\NanRaVV.exe
  C:\Windows\System\NanRaVV.exe
  2⤵
  PID:9264
- C:\Windows\System\DrVPuLv.exe
  C:\Windows\System\DrVPuLv.exe
  2⤵
  PID:9280
- C:\Windows\System\wAAqsoY.exe
  C:\Windows\System\wAAqsoY.exe
  2⤵
  PID:9296
- C:\Windows\System\uUoJrvJ.exe
  C:\Windows\System\uUoJrvJ.exe
  2⤵
  PID:9312
- C:\Windows\System\ntMENTz.exe
  C:\Windows\System\ntMENTz.exe
  2⤵
  PID:9328
- C:\Windows\System\RGmEmFL.exe
  C:\Windows\System\RGmEmFL.exe
  2⤵
  PID:9344
- C:\Windows\System\zLxvJiS.exe
  C:\Windows\System\zLxvJiS.exe
  2⤵
  PID:9360
- C:\Windows\System\uPBcSeq.exe
  C:\Windows\System\uPBcSeq.exe
  2⤵
  PID:9376
- C:\Windows\System\bsUMmEH.exe
  C:\Windows\System\bsUMmEH.exe
  2⤵
  PID:9392
- C:\Windows\System\ueYYNQE.exe
  C:\Windows\System\ueYYNQE.exe
  2⤵
  PID:9408
- C:\Windows\System\RGffXHF.exe
  C:\Windows\System\RGffXHF.exe
  2⤵
  PID:9424
- C:\Windows\System\NIIcClg.exe
  C:\Windows\System\NIIcClg.exe
  2⤵
  PID:9440
- C:\Windows\System\PblpkSq.exe
  C:\Windows\System\PblpkSq.exe
  2⤵
  PID:9456
- C:\Windows\System\jAjfJYS.exe
  C:\Windows\System\jAjfJYS.exe
  2⤵
  PID:9472
- C:\Windows\System\zkMiDLg.exe
  C:\Windows\System\zkMiDLg.exe
  2⤵
  PID:9488
- C:\Windows\System\AgSXVzh.exe
  C:\Windows\System\AgSXVzh.exe
  2⤵
  PID:9504
- C:\Windows\System\ZtafQfa.exe
  C:\Windows\System\ZtafQfa.exe
  2⤵
  PID:9520
- C:\Windows\System\EPMsJzy.exe
  C:\Windows\System\EPMsJzy.exe
  2⤵
  PID:9536
- C:\Windows\System\qmhNWti.exe
  C:\Windows\System\qmhNWti.exe
  2⤵
  PID:9552
- C:\Windows\System\zBlzPvW.exe
  C:\Windows\System\zBlzPvW.exe
  2⤵
  PID:9568
- C:\Windows\System\TTAEKta.exe
  C:\Windows\System\TTAEKta.exe
  2⤵
  PID:9584
- C:\Windows\System\dOFLLZc.exe
  C:\Windows\System\dOFLLZc.exe
  2⤵
  PID:9600
- C:\Windows\System\QIcrvGI.exe
  C:\Windows\System\QIcrvGI.exe
  2⤵
  PID:9616
- C:\Windows\System\yaBGqlF.exe
  C:\Windows\System\yaBGqlF.exe
  2⤵
  PID:9632
- C:\Windows\System\hEoSvci.exe
  C:\Windows\System\hEoSvci.exe
  2⤵
  PID:9648
- C:\Windows\System\caBCWrM.exe
  C:\Windows\System\caBCWrM.exe
  2⤵
  PID:9664
- C:\Windows\System\QWDHxso.exe
  C:\Windows\System\QWDHxso.exe
  2⤵
  PID:9684
- C:\Windows\System\WPpxOel.exe
  C:\Windows\System\WPpxOel.exe
  2⤵
  PID:9700
- C:\Windows\System\nqOsYHs.exe
  C:\Windows\System\nqOsYHs.exe
  2⤵
  PID:9716
- C:\Windows\System\iFPouqo.exe
  C:\Windows\System\iFPouqo.exe
  2⤵
  PID:9732
- C:\Windows\System\MXJoYTP.exe
  C:\Windows\System\MXJoYTP.exe
  2⤵
  PID:9748
- C:\Windows\System\wyndoJx.exe
  C:\Windows\System\wyndoJx.exe
  2⤵
  PID:9764
- C:\Windows\System\LijkvKy.exe
  C:\Windows\System\LijkvKy.exe
  2⤵
  PID:9780
- C:\Windows\System\XmVCrlK.exe
  C:\Windows\System\XmVCrlK.exe
  2⤵
  PID:9796
- C:\Windows\System\lzkFMEJ.exe
  C:\Windows\System\lzkFMEJ.exe
  2⤵
  PID:9812
- C:\Windows\System\ZTZzxYc.exe
  C:\Windows\System\ZTZzxYc.exe
  2⤵
  PID:9828
- C:\Windows\System\VAUmLvI.exe
  C:\Windows\System\VAUmLvI.exe
  2⤵
  PID:9844
- C:\Windows\System\ugVuNXx.exe
  C:\Windows\System\ugVuNXx.exe
  2⤵
  PID:9860
- C:\Windows\System\JzcJIwT.exe
  C:\Windows\System\JzcJIwT.exe
  2⤵
  PID:9876
- C:\Windows\System\ZWTGGLk.exe
  C:\Windows\System\ZWTGGLk.exe
  2⤵
  PID:9892
- C:\Windows\System\uPZuppa.exe
  C:\Windows\System\uPZuppa.exe
  2⤵
  PID:9908
- C:\Windows\System\DgWoztq.exe
  C:\Windows\System\DgWoztq.exe
  2⤵
  PID:9924
- C:\Windows\System\WramvGM.exe
  C:\Windows\System\WramvGM.exe
  2⤵
  PID:9940
- C:\Windows\System\NxszPOK.exe
  C:\Windows\System\NxszPOK.exe
  2⤵
  PID:9956
- C:\Windows\System\biUYEdg.exe
  C:\Windows\System\biUYEdg.exe
  2⤵
  PID:9972
- C:\Windows\System\rDlfttB.exe
  C:\Windows\System\rDlfttB.exe
  2⤵
  PID:9988
- C:\Windows\System\nXRtnYE.exe
  C:\Windows\System\nXRtnYE.exe
  2⤵
  PID:10004
- C:\Windows\System\LhizxRi.exe
  C:\Windows\System\LhizxRi.exe
  2⤵
  PID:10020
- C:\Windows\System\hQCgKej.exe
  C:\Windows\System\hQCgKej.exe
  2⤵
  PID:10036
- C:\Windows\System\XDTqpmC.exe
  C:\Windows\System\XDTqpmC.exe
  2⤵
  PID:10052
- C:\Windows\System\BpdaUTA.exe
  C:\Windows\System\BpdaUTA.exe
  2⤵
  PID:10068
- C:\Windows\System\rgxUDQO.exe
  C:\Windows\System\rgxUDQO.exe
  2⤵
  PID:10084
- C:\Windows\System\kFTeHfw.exe
  C:\Windows\System\kFTeHfw.exe
  2⤵
  PID:10100
- C:\Windows\System\qzagqWZ.exe
  C:\Windows\System\qzagqWZ.exe
  2⤵
  PID:10116
- C:\Windows\System\mnDNetY.exe
  C:\Windows\System\mnDNetY.exe
  2⤵
  PID:10132
- C:\Windows\System\DBoNUpG.exe
  C:\Windows\System\DBoNUpG.exe
  2⤵
  PID:10148
- C:\Windows\System\lvgkkNq.exe
  C:\Windows\System\lvgkkNq.exe
  2⤵
  PID:10164
- C:\Windows\System\nellfgu.exe
  C:\Windows\System\nellfgu.exe
  2⤵
  PID:10180
- C:\Windows\System\lTMkdSH.exe
  C:\Windows\System\lTMkdSH.exe
  2⤵
  PID:10196
- C:\Windows\System\RgRkWqZ.exe
  C:\Windows\System\RgRkWqZ.exe
  2⤵
  PID:10212
- C:\Windows\System\sotrdAF.exe
  C:\Windows\System\sotrdAF.exe
  2⤵
  PID:10228
- C:\Windows\System\TGjOrgE.exe
  C:\Windows\System\TGjOrgE.exe
  2⤵
  PID:9144
- C:\Windows\System\xzTxZQa.exe
  C:\Windows\System\xzTxZQa.exe
  2⤵
  PID:9052
- C:\Windows\System\wFYcJAx.exe
  C:\Windows\System\wFYcJAx.exe
  2⤵
  PID:8428
- C:\Windows\System\sbefXHM.exe
  C:\Windows\System\sbefXHM.exe
  2⤵
  PID:8452
- C:\Windows\System\yoQLsNs.exe
  C:\Windows\System\yoQLsNs.exe
  2⤵
  PID:8596
- C:\Windows\System\qhQsWQP.exe
  C:\Windows\System\qhQsWQP.exe
  2⤵
  PID:8644
- C:\Windows\System\clzSYbb.exe
  C:\Windows\System\clzSYbb.exe
  2⤵
  PID:8756
- C:\Windows\System\MokviDm.exe
  C:\Windows\System\MokviDm.exe
  2⤵
  PID:9208
- C:\Windows\System\VNwDdPc.exe
  C:\Windows\System\VNwDdPc.exe
  2⤵
  PID:9116
- C:\Windows\System\ddUHNvp.exe
  C:\Windows\System\ddUHNvp.exe
  2⤵
  PID:9228
- C:\Windows\System\qsCxJtY.exe
  C:\Windows\System\qsCxJtY.exe
  2⤵
  PID:9276
- C:\Windows\System\ehTnfBb.exe
  C:\Windows\System\ehTnfBb.exe
  2⤵
  PID:9288
- C:\Windows\System\VPEXnRZ.exe
  C:\Windows\System\VPEXnRZ.exe
  2⤵
  PID:9260
- C:\Windows\System\ZstrVnX.exe
  C:\Windows\System\ZstrVnX.exe
  2⤵
  PID:9324
- C:\Windows\System\CqAcOxn.exe
  C:\Windows\System\CqAcOxn.exe
  2⤵
  PID:9404
- C:\Windows\System\zuHDFsa.exe
  C:\Windows\System\zuHDFsa.exe
  2⤵
  PID:8872
- C:\Windows\System\SjEfnpQ.exe
  C:\Windows\System\SjEfnpQ.exe
  2⤵
  PID:9500
- C:\Windows\System\dtNFTes.exe
  C:\Windows\System\dtNFTes.exe
  2⤵
  PID:9388
- C:\Windows\System\vQniugE.exe
  C:\Windows\System\vQniugE.exe
  2⤵
  PID:9484
- C:\Windows\System\GaJHqzW.exe
  C:\Windows\System\GaJHqzW.exe
  2⤵
  PID:9560
- C:\Windows\System\wZfgANI.exe
  C:\Windows\System\wZfgANI.exe
  2⤵
  PID:9624
- C:\Windows\System\ygyeeHJ.exe
  C:\Windows\System\ygyeeHJ.exe
  2⤵
  PID:9692
- C:\Windows\System\ytbCyxQ.exe
  C:\Windows\System\ytbCyxQ.exe
  2⤵
  PID:9756
- C:\Windows\System\rqMuffN.exe
  C:\Windows\System\rqMuffN.exe
  2⤵
  PID:9820
- C:\Windows\System\viNMsji.exe
  C:\Windows\System\viNMsji.exe
  2⤵
  PID:9708
- C:\Windows\System\xBCxyUL.exe
  C:\Windows\System\xBCxyUL.exe
  2⤵
  PID:9612
- C:\Windows\System\opbOrcz.exe
  C:\Windows\System\opbOrcz.exe
  2⤵
  PID:9680
- C:\Windows\System\ZkyaMyy.exe
  C:\Windows\System\ZkyaMyy.exe
  2⤵
  PID:9776
- C:\Windows\System\thHRMcH.exe
  C:\Windows\System\thHRMcH.exe
  2⤵
  PID:9852
- C:\Windows\System\GdTiqbp.exe
  C:\Windows\System\GdTiqbp.exe
  2⤵
  PID:9916
- C:\Windows\System\HjAlqOb.exe
  C:\Windows\System\HjAlqOb.exe
  2⤵
  PID:9948
- C:\Windows\System\jcyvwCD.exe
  C:\Windows\System\jcyvwCD.exe
  2⤵
  PID:10016
- C:\Windows\System\tOjgIwx.exe
  C:\Windows\System\tOjgIwx.exe
  2⤵
  PID:10076
- C:\Windows\System\KJGugNi.exe
  C:\Windows\System\KJGugNi.exe
  2⤵
  PID:10140
- C:\Windows\System\zjjbWhE.exe
  C:\Windows\System\zjjbWhE.exe
  2⤵
  PID:9932
- C:\Windows\System\sYCwFPJ.exe
  C:\Windows\System\sYCwFPJ.exe
  2⤵
  PID:9996
- C:\Windows\System\lgKbmAW.exe
  C:\Windows\System\lgKbmAW.exe
  2⤵
  PID:10060
- C:\Windows\System\IOcVZuw.exe
  C:\Windows\System\IOcVZuw.exe
  2⤵
  PID:10124
- C:\Windows\System\iQxwWVo.exe
  C:\Windows\System\iQxwWVo.exe
  2⤵
  PID:10188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AFWUVOm.exe

Filesize
6.0MB

MD5
3f8a045278aed2c9d3b80c013938b3a8

SHA1
1528f8e06773ffbcbac1b172b858a392dacab57e

SHA256
18a0106892e587df3f1f8b0c2ae56ddf9da70733fe43d12a3d71eefe0d404e08

SHA512
5dcd7ae5417d97dbcd628c869ae73f47ee1764d6e3295c92164a2a19021c2d4ddaf8601f47795830184ac4e761cc0dd99d35c3288fde8ea848b057ecc2d2cfa8

Download Submit
C:\Windows\system\GlAzqCu.exe

Filesize
6.0MB

MD5
d19645d351d2d9f1945f1fc0669f47cf

SHA1
066cee55014bb7be4977e1b723e964971f0fd2b6

SHA256
91ea82dbd9609e19e83644f0acdbf0917041e6990da0badadaf484b154a0d6e4

SHA512
785febbecbadf3cfecebb0f5bc8c11e49d16d30842f6ac2834f2f68f1430c5ffcf9a04af1dc8fc48c1bc15588edac7f03061edfa8adcb79b7d78b1a397fc4356

Download Submit
C:\Windows\system\HAfTCIE.exe

Filesize
6.0MB

MD5
110a8850e9e2dbd341e89259f14040e3

SHA1
232dcfbf153f823bc5ddec437fed8949c1c6c9b5

SHA256
b4aef4053cf98c75860191b7d2d344062765202283d2e6b753d9382f2efc6743

SHA512
da538552d44296803cac5586fb182fcd0f4710604e1fea52d56c25c36c50b3ee66e9d7c5362b2abca7a5bc95cf98f84e77cefe7cb9ea7065be8405dbba4d3976

Download Submit
C:\Windows\system\NUUPIhF.exe

Filesize
6.0MB

MD5
eb0f16d39cfce0872ee879a02867fcc4

SHA1
472a9264a80720c17e249154c249c43bfdc10e68

SHA256
eaf77e274c89650dab44bce090b4eb3a424248a8fe3dee1e8e4cde801d4d4edd

SHA512
b05ad96d79f3c00c9d36c3133467ec539b72abf94d8df8fb6583db5496d4f3d0d3a7a4471fce9401348eca17d01b35c8e6a414ddfffa79067fc90778188e6353

Download Submit
C:\Windows\system\QwqhOQw.exe

Filesize
6.0MB

MD5
35e09c2d589e7506d1106302f38372de

SHA1
ee91c5adf12ae1f2e40aefef31d5ea12bf6b7b3e

SHA256
31385f4f17ee4155df6136916f24af8269e5336a07c6c123a28d78756f973d82

SHA512
a3f132bfd1929ba54c7a84afbb0edd186ab7e4551a0456a2796cdade8b0a3db8a857bdc238b57686028028746f327827cb359b0e1519d58c72ecb6ddac06d8af

Download Submit
C:\Windows\system\SDrWZGH.exe

Filesize
6.0MB

MD5
e23350d986ab983be9bf974f7bb5eccc

SHA1
af4923d83b4f36156c72bc72a0e82c435a0dbf11

SHA256
d10c76ac131c6e767bcafdf16be72dc8ffdddc0bed1d6f7e0cc9c1a75e512a35

SHA512
2bec30aeff9b8097aadff229cc4bcb20bf586fbf06e1e3b3d55342df55d3f7656dda55c5228b8110bf4408614058c6e1c622c3fd9958ce381606d890866352f0

Download Submit
C:\Windows\system\TKjedJH.exe

Filesize
6.0MB

MD5
1ff545d279b49e213ffea972c5ace1e1

SHA1
5d86f8ae419eb141fc8b517747125eaf3fe2cdb6

SHA256
eb437225c6b6115b91a86e3f5a57b5ee38f359aef502ecec7cc7c9f0dca65217

SHA512
26f0319b917235d58718596193dc3ddaa660326703ca5f778369610884bb1902ef88961e7ec45e57448bb137af6b7c1917e0a916682a58ef5d94eb1f18feb8d0

Download Submit
C:\Windows\system\UWQMdTG.exe

Filesize
6.0MB

MD5
5e6a2b0b6757b3fe55532d1e9b25d792

SHA1
30c838c3662442e1ddd5257363619d6257afebd8

SHA256
2aa849474bad833fd116f4baa31b1e1f868ca504333224987716e9ed98ffaba3

SHA512
bbaa841807aae3a45cad8c798cb84ceb2db53e5a33cc20e5d978878b5231231a8587c1b8ad5c6914c58b2809c798f77138938674c57d0a51b9cf4304f6bcaced

Download Submit
C:\Windows\system\YTifnMh.exe

Filesize
6.0MB

MD5
fb5df53552767e95252fa55a7c772c4a

SHA1
ab289a1066cc854349bee40ee2186124832c673d

SHA256
76a76116aee95cfbf989805c592f1d558128dad60a92e691d1a0a63542934278

SHA512
2a23bc2118810db7a046ea0d88ee347226d8fe8ea4d9d6c26deabe05533a2271fe5b5a798046425a96b78e4f8b09a1dd51a65acdde160ad15f795d9bd0c196b4

Download Submit
C:\Windows\system\YTrOUXX.exe

Filesize
6.0MB

MD5
117e183b06b2a8671fee33d95a1b7950

SHA1
550d4ea9a6582c16f2ec0eae0d86e74600ac4fe0

SHA256
ab09a167a5650abba1ae550a38f5b8dfc5d533b7930017d5ccf78a4a13ae4476

SHA512
556d37a2b1a6c6128bf9cd0032f7d5622bd1972a0c84d919bc5d73640f6039484b489b35787f1854a115a239a861ab824b091300db0d5cdeb65675d07bd75d2a

Download Submit
C:\Windows\system\ZFkPmGN.exe

Filesize
6.0MB

MD5
76e0f2d42f1ef7b55dbaa53515c08367

SHA1
b9bf314517de017f3dd45f20467430cfbaf71dff

SHA256
4c2a6eed9c390e2d7a31ab7135adc797dca2f8de55e40b75e1bc2c7a4fb31ad1

SHA512
19936f8ce1f1376e0a2cae7f76fb150aa8aa236117c946c87659aea16c937c2a6db4dcf5b54f0373d6fcdf5542aaf8d4a0a656fe77488bcc07ba8159cfa782b2

Download Submit
C:\Windows\system\ZrJbANv.exe

Filesize
6.0MB

MD5
91157e52645543a04b2cf8261db3f687

SHA1
43d68832b1859fd9bfa77b8396820b264c6d769c

SHA256
127b8e16a81a2c545e929facdd1c79da643e1533950667c50a0fa5262821bd74

SHA512
2c9ec7e198b0a99c918dadf84aaf3d5191418d5d136128c6656b682c93c900467a829527bfae624232fe8c60a82b9b3c01263ec0afb8c7b085ebc0550556ab7b

Download Submit
C:\Windows\system\baMCoKY.exe

Filesize
6.0MB

MD5
deda563f1e7bdf6235f36780957b4821

SHA1
60ef637a123063bd81278c3cb920f922b00caafc

SHA256
b061c61f9daddeca17ab3b6658b939335ac65740fc10f90dfdab1ed0efe6aa7a

SHA512
d2fdf5abfc99e158e4120f8800dba08fa01929ff9f8329950fe1bdbc02492ef33dc57c35ca61a10f64d808a4bc9a51784376f1b0a0247fe8e029425e9a5b0c03

Download Submit
C:\Windows\system\dTebNLW.exe

Filesize
6.0MB

MD5
2a8923e4bc3cf814c5bbee9f712312d8

SHA1
b5537123045afe47ef8fe9ac250b11487a0e3c51

SHA256
3ee30072f91119b008f7290ffa1f285ffebc189f4d29130c62953b4695d58ff5

SHA512
12bc36ba7adf324e63404c6345ba1b452b41c9bac6a90b310bd5359eeda27d04684fccb422d81bc9ec6ccf1a7a6e0287e602d967950a76db21665b6acac900b5

Download Submit
C:\Windows\system\eNlSndw.exe

Filesize
6.0MB

MD5
0b64b28adf92b9833602211c321ede0d

SHA1
ec405d2519c49f23f94c3ddbcdb67c86d9477f99

SHA256
fb975297d53d5728029c480ff10fa1dccc017f31ebf927a645716e0c8f75e538

SHA512
82ceaffc86c008dc9bd893b9102d46f7a806e23a3e6de7304b84c821b1eb2f7626c161c4ae50eba52cd2f4469ef27888418649843943ee68bc74c3d3d246cbe4

Download Submit
C:\Windows\system\evUUcNE.exe

Filesize
6.0MB

MD5
95f1d514a090df5861f156f03c288f98

SHA1
5955e77d79e63bc9604c34a2b20a8457dd7a39fd

SHA256
d3f296bd57b3252848d724a35d5a09e5ffdc9b02bdc9ec408c343a9eb7c681d2

SHA512
400d453dc8333e860bcaca0c40f50e154e00a65da812c8f6953360d32d2db3b386569a0131cc44bfb58287c985ce35da0b95a32420451296fd3452acc24cc2b7

Download Submit
C:\Windows\system\gZlsYcd.exe

Filesize
6.0MB

MD5
041b7d69d7b898c50bc2b16e3d3bb1b8

SHA1
bdcc3b00083000cfbea417d008db9a313456a6d1

SHA256
4a10e74f5be24a6e914804c6c2d72de3dfbe47f42d65ec470dac43d24d625dbe

SHA512
5d80617ec0eb3709a422af2731eb7fc488bd2e97c9e67eee8b238ffe39763b9c79caa8daf6a9d2f695abf240db39ed4d0e6da89f00566bcecd78e7e3f123a854

Download Submit
C:\Windows\system\iCCtJtA.exe

Filesize
6.0MB

MD5
a009de20f59fab4cafcc6317c6c1bfdc

SHA1
6ba393882b7982d06314681b1e53818cdc982b2c

SHA256
dc7b9232a296fc905bab476c931810a956cb2dad400df1d0ca72704ac48ecdd9

SHA512
b2e709ae3371ca836b92d524ae4b446af5d9427cc7f7f0d4a6d4fe1c6f8fd3dc2672b5646790bb4374f39045bd7f6a43f6afac26d43e2180964cadf51bd8ef17

Download Submit
C:\Windows\system\jMEJbak.exe

Filesize
6.0MB

MD5
96bc31c455cc1bb76ffd68385dd600f9

SHA1
8b3dd848783641fea0c08c41afa66ca5d9077de6

SHA256
ff330d1473469569fcb92d58a55305a280dc6b82535da63adcb123abacf5d593

SHA512
906f41eff7a84f01b51c28cb0e83c692060f23707869e98040819d2bc5a8ad7482acd9fdb8cee2791e5b9ac006322ac84128efbbf05f69b63192e94335b02637

Download Submit
C:\Windows\system\lwYKhUs.exe

Filesize
6.0MB

MD5
d8d989d44fd7656ab26c08bbcef51f58

SHA1
695da1e0d0e02ac50339af249fda95d92c37bb79

SHA256
34ad7e3f9b2fb66f57c77879de73f62cf1aaf302b07ac372b345263d1e72ba18

SHA512
a185e3e41f68dea1c8ddd425eadf1be163ec8ffa86076c8b80e9b0257f9cd9097388a81c22736f38a9d692e880995dd6b8babcd54227812aacc00bb7fefb619e

Download Submit
C:\Windows\system\njNzsPa.exe

Filesize
6.0MB

MD5
1f8988ad23f087c3066f6fcdf0cd1c1f

SHA1
88a9c855c627660cea4c23c6837399fec8daef98

SHA256
b53c525a2c48d5c82312de9f66f71618155dcdb16a3f005e1ec9732de1e2f513

SHA512
9e93238ebefd9b26c75bac92d479644b08140f761cff9eaa6e0ff05593718a62b637d05cdce9494d7f90bedd37ed0118ffa24afaa9048e49f7d1dddfca2b0a10

Download Submit
C:\Windows\system\oIEODwI.exe

Filesize
6.0MB

MD5
76a120c9c18a0a896ac419e04c4155c0

SHA1
f918952e477d4b9089963334c4dd521d46218856

SHA256
572e7c283ae3d37c2f391a4182d2e0f5381dbd89a84c97568be2d35f8abb6b87

SHA512
d58068a29c9b72081b94d75f6e9adedf529c0d30b930088add338578121f6e04887a084660decff0681371e83ca2f03cc56469a45ab6260ccdd9941edd8b81f6

Download Submit
C:\Windows\system\pmvgeYI.exe

Filesize
6.0MB

MD5
9b056d09483f4c5b37b6c4306dfba801

SHA1
9fb5f1b13f56915995aafab2f4f741aa16d09252

SHA256
030fea6cf840e1204f21d2de1edbbd9ace2758ff811ccb69b58c7dc4b921a3f5

SHA512
aa294abebd53d1af83447282b99670c615bbed477d62e76c8ee5c3d895817ab8f2335b22cb850dc73ce2f390fbbb85d14f711ff6c593baaf6dda789f9dea99a9

Download Submit
C:\Windows\system\reUWcDD.exe

Filesize
6.0MB

MD5
187c4deb489e84d36f5ae6198f960233

SHA1
91fa6133e5aab6bd6d76afdd960576bc6f6c60f7

SHA256
f67d37a62fcb334a99b38a0757e71f012e7304682725e8873482e7c172051e49

SHA512
7c860d41a2e7fe933913f10f7f2d9ae90b8f210120aabb41156dd3ed4cb375cff1211950fcd9f5295b5e2bac2274a0eda716794f8736a2d8e9e0ae0751f8e3db

Download Submit
C:\Windows\system\ruqOmYL.exe

Filesize
6.0MB

MD5
7a99137e61a42053730ae5c9445cd3ac

SHA1
3baf05a3482b27d603d484a7f451d3fee5e30fe1

SHA256
172dae8596dab6b64adf461f0886c24dfa0d2f7ef1d19d14d0c20749dc6df81a

SHA512
a47e5bfb9b506db7be327377229dcce7834f80855190de198cc16c90fb48c244945ebca41b71c297ed319b191ea27d32d17e812e771702e1d00cbafd3792ea35

Download Submit
C:\Windows\system\xfVEyEJ.exe

Filesize
6.0MB

MD5
9dfcd2b77581c67f3761c1422968db21

SHA1
639e47741d9e4adf524acce74e920c5e2de7ca47

SHA256
058f9cfe0f4ec1884364673abd94f7aa812c57b11896157c50ff0123409f6e02

SHA512
21c5974402b636ffdb1bdf7105779cfc9725c922473b5e538ef663ee6a58a2f74f96fe38640592e01075498901ad4debbfaa1ee63f4306c2d776b5b2dc6f0f2a

Download Submit
C:\Windows\system\yAYRqRm.exe

Filesize
6.0MB

MD5
20a0d7bf915b8099dd6ad5920c274807

SHA1
d41506835b32a0100109671befee4b12604adbe3

SHA256
9a90d21376c6c58e39462700542093505b6784bc400570c8acdede4c68ff1f97

SHA512
7039fd0c2522049de497c12310f043eff4826fce3041783214442b62918710db33a4d5bed1bee569c9588220382718a7fc682dabce2a68e21e9dea7c22b346ce

Download Submit
C:\Windows\system\zezbWiL.exe

Filesize
6.0MB

MD5
74fa86affcd3d866b4771737c089c2b0

SHA1
b7a46403a70c9e48ef0a4a28496cab1eb15ffec1

SHA256
25cb4950a56e3e62d80d732f5e9d5d4d3a220e0859120b248b72d419078c7aed

SHA512
894a20d0d3ee0007cc40159ed790175cde5946522c929164a4c2e5b160cba5313e77f3740fef04a34c8067730998ef51d2c20b0fbeb67b2faeb8abe15c5cf9bf

Download Submit
\Windows\system\HUiaIOe.exe

Filesize
6.0MB

MD5
c302b29efc4bd78b9b5da2cbc957330a

SHA1
ce341b09079490aa93e3d1121fcef289629c4fee

SHA256
51a075dcada45fa126b26ed049d42cc609c37acbed6453bcb1d0c800211d2062

SHA512
b16070b912ce2a4c9036214d4d669c96a2bccc0da339933f586b2a3b9a4df6e5d6c8695db40c822391701c8a63525e044bce6f513efe49e73a6aa2c0fe312d3c

Download Submit
\Windows\system\gYGfQCr.exe

Filesize
6.0MB

MD5
6a1981eabd527c0892d41de4f785611c

SHA1
c1dcba6aada916e009d2329455eec330e10a27e8

SHA256
b5d995ba3634a2811688980fbde5eed93b1473a3625d51d7a2e8e1e91fa38129

SHA512
e397c5bf462480edfafda44682707e94a39de82a8e4aa41c2b9890659e60bed08e6cc5cf358817999860f1e76aabf1393921c8339d193bf260e00435cbfc90e7

Download Submit
\Windows\system\sDAPHRY.exe

Filesize
6.0MB

MD5
033385fa553ad45929552e5facf596ce

SHA1
47d780e84fded377ad3af79207ea0d3fe7459a5b

SHA256
57f32a1a3e2531cc1c843da2841e209a4dd7ed90926941b483276f899f9a7be8

SHA512
061516a6440f9a83b8225de3d94af638b026c5ba3b60acf8507e11ac858d781323c2bedb8964f556a4e80d17c69f7d18f4e53027b8aeb6c620ec3d3d49131b36

Download Submit
\Windows\system\xUUJTrb.exe

Filesize
6.0MB

MD5
ef26657d80bec985f2058d2aa4248413

SHA1
eb4499053c87ce47cd7bb7a063430f495ac14357

SHA256
abd278f37ee20ee63da3394fdd36b638c82549e0e7f4074360296745a0813186

SHA512
09292d994d5fd20762e7b6ac5eedba34cadfbb503d4288246c18646c466e2ede039f59730c6ce717e6c786db2ba07534ded1f240142a6e44012a1e21c8aaf1a6

Download Submit
\Windows\system\ybMjvSp.exe

Filesize
6.0MB

MD5
60746b0a19d7e77d0fef026f099daa3c

SHA1
c6175a4bbe28c28cb5f25d12fb48a7cc20f679d6

SHA256
2a7090d33940353a3a41ff66d95bcafc2811b73d4e83c4a0aaeb680e3f7bb5cb

SHA512
8c7740431098a5d8ba8ad829b1d17556033ec206886eb91ed879cc14f92b948ad21b22a1b6cf80426fc91946d1873e2089e70b5122a5c4010d3f6d4384e853fe

Download Submit
memory/756-952-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/756-97-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/756-3612-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/1232-93-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/1232-3586-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/1404-3555-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1404-107-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-34-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-11-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-43-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-0-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2016-344-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-111-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-110-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-1096-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-953-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2016-106-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-22-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-96-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-532-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-71-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-28-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-744-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-13-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2016-49-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-89-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-81-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-42-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2016-533-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-65-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-57-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-85-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-50-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-3585-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-92-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-70-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-3587-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-36-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-64-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2668-3613-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2668-29-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2700-15-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-3598-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3584-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-41-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-80-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-3554-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2772-16-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3593-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-23-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-72-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2920-345-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/3060-58-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-3611-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-3596-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/3064-66-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download