cobaltstrike | d89379de5a43e6c495228f1cb6ca35fdef0133b5d1b4be945e0badb50699c935

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-11-2024 21:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

50268b55282fd87196da3f0748b1874b
SHA1

bbc2214540c9f85dd52d615c728089f48760ce1f
SHA256

d89379de5a43e6c495228f1cb6ca35fdef0133b5d1b4be945e0badb50699c935
SHA512

4adaee16303388a5e28a69bbf1812fc56fbed0771fa657fcb780f6db48cbc66e07f6cbc087f8bf0123838bb95e49aef3037d33de0de2470152de36a23531928e
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUg:T+q56utgpPF8u/7g

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012266-6.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ce7-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d36-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d47-25.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d63-33.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018742-61.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878c-74.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a9-107.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193ac-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019496-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019438-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019467-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019456-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942c-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939d-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019379-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019279-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018781-91.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018731-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925e-88.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018bf3-70.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926a-94.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000016d72-45.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019227-77.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d69-37.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dd9-59.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d6d-52.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 55 IoCs

miner

resource	yara_rule
behavioral1/memory/2156-0-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/files/0x000b000000012266-6.dat	xmrig
behavioral1/files/0x0009000000016ce7-8.dat	xmrig
behavioral1/memory/1988-15-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/1952-14-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d36-10.dat	xmrig
behavioral1/files/0x0008000000016d47-25.dat	xmrig
behavioral1/memory/2232-29-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d63-33.dat	xmrig
behavioral1/memory/2712-36-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/files/0x0005000000018742-61.dat	xmrig
behavioral1/files/0x000500000001878c-74.dat	xmrig
behavioral1/files/0x00050000000192a9-107.dat	xmrig
behavioral1/files/0x00050000000193ac-125.dat	xmrig
behavioral1/files/0x000500000001945c-141.dat	xmrig
behavioral1/memory/2580-220-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2708-219-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2136-217-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2332-216-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2672-214-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2744-213-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2156-209-0x00000000024C0000-0x0000000002814000-memory.dmp	xmrig
behavioral1/files/0x0005000000019496-149.dat	xmrig
behavioral1/files/0x0005000000019438-133.dat	xmrig
behavioral1/files/0x0005000000019467-146.dat	xmrig
behavioral1/files/0x0005000000019456-137.dat	xmrig
behavioral1/files/0x000500000001942c-129.dat	xmrig
behavioral1/files/0x000500000001939d-117.dat	xmrig
behavioral1/files/0x00050000000193a4-121.dat	xmrig
behavioral1/files/0x0005000000019379-113.dat	xmrig
behavioral1/files/0x0005000000019284-105.dat	xmrig
behavioral1/files/0x0005000000019279-101.dat	xmrig
behavioral1/files/0x0005000000018781-91.dat	xmrig
behavioral1/files/0x0007000000018731-90.dat	xmrig
behavioral1/files/0x000500000001925e-88.dat	xmrig
behavioral1/files/0x0005000000019261-86.dat	xmrig
behavioral1/files/0x000500000001922c-80.dat	xmrig
behavioral1/memory/2156-72-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/files/0x0006000000018bf3-70.dat	xmrig
behavioral1/files/0x000500000001926a-94.dat	xmrig
behavioral1/files/0x000a000000016d72-45.dat	xmrig
behavioral1/files/0x0005000000019227-77.dat	xmrig
behavioral1/files/0x0007000000016d69-37.dat	xmrig
behavioral1/files/0x0008000000016dd9-59.dat	xmrig
behavioral1/files/0x0007000000016d6d-52.dat	xmrig
behavioral1/memory/2884-51-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2344-28-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2708-3544-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2344-3549-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2884-3550-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2232-3553-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/1952-3552-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2332-3704-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2580-3713-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2136-4155-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1988	rscJfEj.exe
1952	OMWMDZG.exe
2344	cyoAzCX.exe
2232	daGTwEA.exe
2712	vNpoZgT.exe
2884	SrFJxeE.exe
2708	SdZJSSv.exe
2744	UzYhzcg.exe
2672	DFycRzP.exe
2580	QbEmrnn.exe
2332	whfhRTV.exe
2136	Ylysxgd.exe
672	JNIQUut.exe
2612	IDQfsIv.exe
2900	AcVfVQg.exe
1028	qiTORom.exe
2628	ovFNLpQ.exe
2756	ovQEFGR.exe
1188	YkAJMBs.exe
2924	GHwxXIT.exe
1724	FIBmqok.exe
2796	HgxsdIi.exe
2792	HUeeICd.exe
680	nzkZhXk.exe
776	tpHupVh.exe
2768	XXyOdDn.exe
656	PPDXGdf.exe
308	KeXQmOd.exe
1540	xnFDXVp.exe
1740	pesSRxI.exe
3020	FwdFWWb.exe
2328	JAfpkeA.exe
2680	mqRQSCe.exe
2052	xIhCTJx.exe
1908	LgPuFVv.exe
2064	TUxmDxi.exe
2204	RbmALOB.exe
1996	WROLYPZ.exe
3040	PkXAGJD.exe
1488	JhnTHms.exe
408	OuMlsAG.exe
2564	njGUemP.exe
356	dPLvBPE.exe
916	doeddSw.exe
1768	NtudvLn.exe
1684	waQkebG.exe
2192	rtQgzVz.exe
1748	HrgrzNR.exe
676	yodCAak.exe
1484	hotiNte.exe
1680	JtKCDXZ.exe
1276	wjIhyzB.exe
1304	xtRUkkE.exe
1588	NUtzNlX.exe
2908	yHoQgmd.exe
2780	VrIzFDm.exe
2120	bhYyzTp.exe
1692	UEAPygj.exe
3048	UPjCeEJ.exe
2880	WzPLYga.exe
2604	GVStaOW.exe
2904	QBGJCJf.exe
2588	rgsCnDU.exe
2572	isClnyd.exe

Loads dropped DLL 64 IoCs

pid	Process
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 55 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2156-0-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/files/0x000b000000012266-6.dat	upx
behavioral1/files/0x0009000000016ce7-8.dat	upx
behavioral1/memory/1988-15-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/1952-14-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/files/0x0008000000016d36-10.dat	upx
behavioral1/files/0x0008000000016d47-25.dat	upx
behavioral1/memory/2232-29-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x0007000000016d63-33.dat	upx
behavioral1/memory/2712-36-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/files/0x0005000000018742-61.dat	upx
behavioral1/files/0x000500000001878c-74.dat	upx
behavioral1/files/0x00050000000192a9-107.dat	upx
behavioral1/files/0x00050000000193ac-125.dat	upx
behavioral1/files/0x000500000001945c-141.dat	upx
behavioral1/memory/2580-220-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2708-219-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2136-217-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2332-216-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2672-214-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2744-213-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2156-209-0x00000000024C0000-0x0000000002814000-memory.dmp	upx
behavioral1/files/0x0005000000019496-149.dat	upx
behavioral1/files/0x0005000000019438-133.dat	upx
behavioral1/files/0x0005000000019467-146.dat	upx
behavioral1/files/0x0005000000019456-137.dat	upx
behavioral1/files/0x000500000001942c-129.dat	upx
behavioral1/files/0x000500000001939d-117.dat	upx
behavioral1/files/0x00050000000193a4-121.dat	upx
behavioral1/files/0x0005000000019379-113.dat	upx
behavioral1/files/0x0005000000019284-105.dat	upx
behavioral1/files/0x0005000000019279-101.dat	upx
behavioral1/files/0x0005000000018781-91.dat	upx
behavioral1/files/0x0007000000018731-90.dat	upx
behavioral1/files/0x000500000001925e-88.dat	upx
behavioral1/files/0x0005000000019261-86.dat	upx
behavioral1/files/0x000500000001922c-80.dat	upx
behavioral1/memory/2156-72-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/files/0x0006000000018bf3-70.dat	upx
behavioral1/files/0x000500000001926a-94.dat	upx
behavioral1/files/0x000a000000016d72-45.dat	upx
behavioral1/files/0x0005000000019227-77.dat	upx
behavioral1/files/0x0007000000016d69-37.dat	upx
behavioral1/files/0x0008000000016dd9-59.dat	upx
behavioral1/files/0x0007000000016d6d-52.dat	upx
behavioral1/memory/2884-51-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2344-28-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2708-3544-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2344-3549-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2884-3550-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2232-3553-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/1952-3552-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2332-3704-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2580-3713-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2136-4155-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\TisItBG.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ySKBXKm.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\REuEjRE.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JrMHGKA.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ytDuUZO.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zqJCWyO.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KUJBpWN.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qhbObZL.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yApyknz.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sZgchMx.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ySAoEct.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WROLYPZ.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hpNtIgP.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kCHZvZw.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lAwlPRQ.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dgtxNMD.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QCJKRUP.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DwJVhmw.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fNKqFQv.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SAJfiTJ.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sHaVKgW.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rvEJWVP.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kJvdWrn.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qbCizYd.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EzdAhFm.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WrwCkhI.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GXwrFSn.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xTStgHY.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lqaeQxO.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cLmzijQ.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZtXbFxO.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rgsCnDU.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GtWXspn.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qbMWZlI.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ScLfzPk.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BLurpal.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wFHWHSh.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sNYIFDI.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XBGVGzW.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VBNeGSj.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nETMgur.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UZyccvS.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KElDarH.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\whfhRTV.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hNeeWNw.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EftrSqz.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NCsyadj.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZIMyRog.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vikNSmS.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vhSDLrK.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ObmPrnX.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cENjomw.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aWURCRy.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RiHReVq.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FbUpnjQ.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vQNcKnx.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ALpfNXG.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WazNfpt.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CTBZoAF.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lcBOSYa.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TnDdZxd.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MmZjKiC.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GwrbEbJ.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UAnikRz.exe	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 1988	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2156 wrote to memory of 1988	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2156 wrote to memory of 1988	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2156 wrote to memory of 1952	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2156 wrote to memory of 1952	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2156 wrote to memory of 1952	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2156 wrote to memory of 2344	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2156 wrote to memory of 2344	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2156 wrote to memory of 2344	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2156 wrote to memory of 2232	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2156 wrote to memory of 2232	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2156 wrote to memory of 2232	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2156 wrote to memory of 2712	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2156 wrote to memory of 2712	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2156 wrote to memory of 2712	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2156 wrote to memory of 2884	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2156 wrote to memory of 2884	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2156 wrote to memory of 2884	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2156 wrote to memory of 2708	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2156 wrote to memory of 2708	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2156 wrote to memory of 2708	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2156 wrote to memory of 2136	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2156 wrote to memory of 2136	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2156 wrote to memory of 2136	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2156 wrote to memory of 2744	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2156 wrote to memory of 2744	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2156 wrote to memory of 2744	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2156 wrote to memory of 2612	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2156 wrote to memory of 2612	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2156 wrote to memory of 2612	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2156 wrote to memory of 2672	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2156 wrote to memory of 2672	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2156 wrote to memory of 2672	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2156 wrote to memory of 2900	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2156 wrote to memory of 2900	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2156 wrote to memory of 2900	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2156 wrote to memory of 2580	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2156 wrote to memory of 2580	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2156 wrote to memory of 2580	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2156 wrote to memory of 2628	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2156 wrote to memory of 2628	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2156 wrote to memory of 2628	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2156 wrote to memory of 2332	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2156 wrote to memory of 2332	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2156 wrote to memory of 2332	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2156 wrote to memory of 2756	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2156 wrote to memory of 2756	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2156 wrote to memory of 2756	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2156 wrote to memory of 672	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2156 wrote to memory of 672	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2156 wrote to memory of 672	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2156 wrote to memory of 1188	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2156 wrote to memory of 1188	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2156 wrote to memory of 1188	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2156 wrote to memory of 1028	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2156 wrote to memory of 1028	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2156 wrote to memory of 1028	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2156 wrote to memory of 2924	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2156 wrote to memory of 2924	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2156 wrote to memory of 2924	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2156 wrote to memory of 1724	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2156 wrote to memory of 1724	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2156 wrote to memory of 1724	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2156 wrote to memory of 2792	2156	2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-11_50268b55282fd87196da3f0748b1874b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Windows\System\rscJfEj.exe
  C:\Windows\System\rscJfEj.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\OMWMDZG.exe
  C:\Windows\System\OMWMDZG.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\cyoAzCX.exe
  C:\Windows\System\cyoAzCX.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\daGTwEA.exe
  C:\Windows\System\daGTwEA.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\vNpoZgT.exe
  C:\Windows\System\vNpoZgT.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\SrFJxeE.exe
  C:\Windows\System\SrFJxeE.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\SdZJSSv.exe
  C:\Windows\System\SdZJSSv.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\Ylysxgd.exe
  C:\Windows\System\Ylysxgd.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\UzYhzcg.exe
  C:\Windows\System\UzYhzcg.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\IDQfsIv.exe
  C:\Windows\System\IDQfsIv.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\DFycRzP.exe
  C:\Windows\System\DFycRzP.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\AcVfVQg.exe
  C:\Windows\System\AcVfVQg.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\QbEmrnn.exe
  C:\Windows\System\QbEmrnn.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\ovFNLpQ.exe
  C:\Windows\System\ovFNLpQ.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\whfhRTV.exe
  C:\Windows\System\whfhRTV.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\ovQEFGR.exe
  C:\Windows\System\ovQEFGR.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\JNIQUut.exe
  C:\Windows\System\JNIQUut.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\YkAJMBs.exe
  C:\Windows\System\YkAJMBs.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\qiTORom.exe
  C:\Windows\System\qiTORom.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\GHwxXIT.exe
  C:\Windows\System\GHwxXIT.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\FIBmqok.exe
  C:\Windows\System\FIBmqok.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\HUeeICd.exe
  C:\Windows\System\HUeeICd.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\HgxsdIi.exe
  C:\Windows\System\HgxsdIi.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\nzkZhXk.exe
  C:\Windows\System\nzkZhXk.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\tpHupVh.exe
  C:\Windows\System\tpHupVh.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\XXyOdDn.exe
  C:\Windows\System\XXyOdDn.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\PPDXGdf.exe
  C:\Windows\System\PPDXGdf.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\KeXQmOd.exe
  C:\Windows\System\KeXQmOd.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\xnFDXVp.exe
  C:\Windows\System\xnFDXVp.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\pesSRxI.exe
  C:\Windows\System\pesSRxI.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\FwdFWWb.exe
  C:\Windows\System\FwdFWWb.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\JAfpkeA.exe
  C:\Windows\System\JAfpkeA.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\mqRQSCe.exe
  C:\Windows\System\mqRQSCe.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\TUxmDxi.exe
  C:\Windows\System\TUxmDxi.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\xIhCTJx.exe
  C:\Windows\System\xIhCTJx.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\RbmALOB.exe
  C:\Windows\System\RbmALOB.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\LgPuFVv.exe
  C:\Windows\System\LgPuFVv.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\WROLYPZ.exe
  C:\Windows\System\WROLYPZ.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\PkXAGJD.exe
  C:\Windows\System\PkXAGJD.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\JhnTHms.exe
  C:\Windows\System\JhnTHms.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\OuMlsAG.exe
  C:\Windows\System\OuMlsAG.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\rtQgzVz.exe
  C:\Windows\System\rtQgzVz.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\njGUemP.exe
  C:\Windows\System\njGUemP.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\HrgrzNR.exe
  C:\Windows\System\HrgrzNR.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\dPLvBPE.exe
  C:\Windows\System\dPLvBPE.exe
  2⤵
  - Executes dropped EXE
  PID:356
- C:\Windows\System\yodCAak.exe
  C:\Windows\System\yodCAak.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\doeddSw.exe
  C:\Windows\System\doeddSw.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\hotiNte.exe
  C:\Windows\System\hotiNte.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\NtudvLn.exe
  C:\Windows\System\NtudvLn.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\JtKCDXZ.exe
  C:\Windows\System\JtKCDXZ.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\waQkebG.exe
  C:\Windows\System\waQkebG.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\wjIhyzB.exe
  C:\Windows\System\wjIhyzB.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\xtRUkkE.exe
  C:\Windows\System\xtRUkkE.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\bhYyzTp.exe
  C:\Windows\System\bhYyzTp.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\NUtzNlX.exe
  C:\Windows\System\NUtzNlX.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\UEAPygj.exe
  C:\Windows\System\UEAPygj.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\yHoQgmd.exe
  C:\Windows\System\yHoQgmd.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\UPjCeEJ.exe
  C:\Windows\System\UPjCeEJ.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\VrIzFDm.exe
  C:\Windows\System\VrIzFDm.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\kMGkywP.exe
  C:\Windows\System\kMGkywP.exe
  2⤵
  PID:2872
- C:\Windows\System\WzPLYga.exe
  C:\Windows\System\WzPLYga.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\McqoOMA.exe
  C:\Windows\System\McqoOMA.exe
  2⤵
  PID:2620
- C:\Windows\System\GVStaOW.exe
  C:\Windows\System\GVStaOW.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\hXTUywN.exe
  C:\Windows\System\hXTUywN.exe
  2⤵
  PID:2652
- C:\Windows\System\QBGJCJf.exe
  C:\Windows\System\QBGJCJf.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\lqorunM.exe
  C:\Windows\System\lqorunM.exe
  2⤵
  PID:2608
- C:\Windows\System\rgsCnDU.exe
  C:\Windows\System\rgsCnDU.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\wkQjWFy.exe
  C:\Windows\System\wkQjWFy.exe
  2⤵
  PID:2084
- C:\Windows\System\isClnyd.exe
  C:\Windows\System\isClnyd.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\VMHAwCp.exe
  C:\Windows\System\VMHAwCp.exe
  2⤵
  PID:2920
- C:\Windows\System\pIkfdoj.exe
  C:\Windows\System\pIkfdoj.exe
  2⤵
  PID:2800
- C:\Windows\System\iNVrGxq.exe
  C:\Windows\System\iNVrGxq.exe
  2⤵
  PID:2020
- C:\Windows\System\STbIzOp.exe
  C:\Windows\System\STbIzOp.exe
  2⤵
  PID:1636
- C:\Windows\System\seUIuOB.exe
  C:\Windows\System\seUIuOB.exe
  2⤵
  PID:2976
- C:\Windows\System\GXwrFSn.exe
  C:\Windows\System\GXwrFSn.exe
  2⤵
  PID:2300
- C:\Windows\System\bDLeTQn.exe
  C:\Windows\System\bDLeTQn.exe
  2⤵
  PID:2292
- C:\Windows\System\PgwTTyj.exe
  C:\Windows\System\PgwTTyj.exe
  2⤵
  PID:2076
- C:\Windows\System\nrHaGVB.exe
  C:\Windows\System\nrHaGVB.exe
  2⤵
  PID:3036
- C:\Windows\System\eKsXHlV.exe
  C:\Windows\System\eKsXHlV.exe
  2⤵
  PID:2980
- C:\Windows\System\LQThYzO.exe
  C:\Windows\System\LQThYzO.exe
  2⤵
  PID:840
- C:\Windows\System\dADDxQB.exe
  C:\Windows\System\dADDxQB.exe
  2⤵
  PID:932
- C:\Windows\System\kRWwryN.exe
  C:\Windows\System\kRWwryN.exe
  2⤵
  PID:2252
- C:\Windows\System\dlxPgGI.exe
  C:\Windows\System\dlxPgGI.exe
  2⤵
  PID:2116
- C:\Windows\System\WhymphU.exe
  C:\Windows\System\WhymphU.exe
  2⤵
  PID:3008
- C:\Windows\System\OJoiPUT.exe
  C:\Windows\System\OJoiPUT.exe
  2⤵
  PID:2320
- C:\Windows\System\MYtMVUS.exe
  C:\Windows\System\MYtMVUS.exe
  2⤵
  PID:2624
- C:\Windows\System\miTerxY.exe
  C:\Windows\System\miTerxY.exe
  2⤵
  PID:2540
- C:\Windows\System\zqjUuDo.exe
  C:\Windows\System\zqjUuDo.exe
  2⤵
  PID:2260
- C:\Windows\System\ExMRLbI.exe
  C:\Windows\System\ExMRLbI.exe
  2⤵
  PID:2876
- C:\Windows\System\xnLFZFk.exe
  C:\Windows\System\xnLFZFk.exe
  2⤵
  PID:2724
- C:\Windows\System\hBFunMj.exe
  C:\Windows\System\hBFunMj.exe
  2⤵
  PID:2704
- C:\Windows\System\KJbvHJB.exe
  C:\Windows\System\KJbvHJB.exe
  2⤵
  PID:2188
- C:\Windows\System\yniTnvX.exe
  C:\Windows\System\yniTnvX.exe
  2⤵
  PID:3068
- C:\Windows\System\NyUfnJi.exe
  C:\Windows\System\NyUfnJi.exe
  2⤵
  PID:828
- C:\Windows\System\iLwLibP.exe
  C:\Windows\System\iLwLibP.exe
  2⤵
  PID:1760
- C:\Windows\System\tbxFqsP.exe
  C:\Windows\System\tbxFqsP.exe
  2⤵
  PID:3060
- C:\Windows\System\jRQlDBg.exe
  C:\Windows\System\jRQlDBg.exe
  2⤵
  PID:2600
- C:\Windows\System\PhVywbs.exe
  C:\Windows\System\PhVywbs.exe
  2⤵
  PID:2936
- C:\Windows\System\xKfqOLt.exe
  C:\Windows\System\xKfqOLt.exe
  2⤵
  PID:2928
- C:\Windows\System\cXKIuNO.exe
  C:\Windows\System\cXKIuNO.exe
  2⤵
  PID:1924
- C:\Windows\System\GoTnftm.exe
  C:\Windows\System\GoTnftm.exe
  2⤵
  PID:768
- C:\Windows\System\BhZLtyH.exe
  C:\Windows\System\BhZLtyH.exe
  2⤵
  PID:976
- C:\Windows\System\EUpcssA.exe
  C:\Windows\System\EUpcssA.exe
  2⤵
  PID:2340
- C:\Windows\System\tEEQjXM.exe
  C:\Windows\System\tEEQjXM.exe
  2⤵
  PID:2748
- C:\Windows\System\uLaCjUY.exe
  C:\Windows\System\uLaCjUY.exe
  2⤵
  PID:1108
- C:\Windows\System\aWURCRy.exe
  C:\Windows\System\aWURCRy.exe
  2⤵
  PID:2040
- C:\Windows\System\hfbXvLY.exe
  C:\Windows\System\hfbXvLY.exe
  2⤵
  PID:2360
- C:\Windows\System\xTStgHY.exe
  C:\Windows\System\xTStgHY.exe
  2⤵
  PID:2400
- C:\Windows\System\SLdVcTX.exe
  C:\Windows\System\SLdVcTX.exe
  2⤵
  PID:2888
- C:\Windows\System\oZqRmAV.exe
  C:\Windows\System\oZqRmAV.exe
  2⤵
  PID:1676
- C:\Windows\System\fEZloPa.exe
  C:\Windows\System\fEZloPa.exe
  2⤵
  PID:1664
- C:\Windows\System\cbkkAUR.exe
  C:\Windows\System\cbkkAUR.exe
  2⤵
  PID:3028
- C:\Windows\System\lnDWqll.exe
  C:\Windows\System\lnDWqll.exe
  2⤵
  PID:1044
- C:\Windows\System\CQHnBoJ.exe
  C:\Windows\System\CQHnBoJ.exe
  2⤵
  PID:1756
- C:\Windows\System\URICfOD.exe
  C:\Windows\System\URICfOD.exe
  2⤵
  PID:1480
- C:\Windows\System\sHCHhDL.exe
  C:\Windows\System\sHCHhDL.exe
  2⤵
  PID:2452
- C:\Windows\System\lbosiDh.exe
  C:\Windows\System\lbosiDh.exe
  2⤵
  PID:2912
- C:\Windows\System\WXNNKBw.exe
  C:\Windows\System\WXNNKBw.exe
  2⤵
  PID:2636
- C:\Windows\System\yjqtjDQ.exe
  C:\Windows\System\yjqtjDQ.exe
  2⤵
  PID:1784
- C:\Windows\System\eeCsCQi.exe
  C:\Windows\System\eeCsCQi.exe
  2⤵
  PID:2960
- C:\Windows\System\LjYuTFQ.exe
  C:\Windows\System\LjYuTFQ.exe
  2⤵
  PID:912
- C:\Windows\System\yrhByQz.exe
  C:\Windows\System\yrhByQz.exe
  2⤵
  PID:1284
- C:\Windows\System\uyeemEK.exe
  C:\Windows\System\uyeemEK.exe
  2⤵
  PID:2472
- C:\Windows\System\PrGeiFY.exe
  C:\Windows\System\PrGeiFY.exe
  2⤵
  PID:2088
- C:\Windows\System\dKKFvWU.exe
  C:\Windows\System\dKKFvWU.exe
  2⤵
  PID:1708
- C:\Windows\System\iMCHTOi.exe
  C:\Windows\System\iMCHTOi.exe
  2⤵
  PID:2512
- C:\Windows\System\QLGnfRr.exe
  C:\Windows\System\QLGnfRr.exe
  2⤵
  PID:2568
- C:\Windows\System\VYNUtuV.exe
  C:\Windows\System\VYNUtuV.exe
  2⤵
  PID:1820
- C:\Windows\System\FvyndfI.exe
  C:\Windows\System\FvyndfI.exe
  2⤵
  PID:2728
- C:\Windows\System\OuyxJNZ.exe
  C:\Windows\System\OuyxJNZ.exe
  2⤵
  PID:1468
- C:\Windows\System\QKUZVtI.exe
  C:\Windows\System\QKUZVtI.exe
  2⤵
  PID:948
- C:\Windows\System\HTozTgU.exe
  C:\Windows\System\HTozTgU.exe
  2⤵
  PID:3064
- C:\Windows\System\qVqShxN.exe
  C:\Windows\System\qVqShxN.exe
  2⤵
  PID:1544
- C:\Windows\System\QbAgCUB.exe
  C:\Windows\System\QbAgCUB.exe
  2⤵
  PID:1248
- C:\Windows\System\kshjzEj.exe
  C:\Windows\System\kshjzEj.exe
  2⤵
  PID:2080
- C:\Windows\System\LvByVya.exe
  C:\Windows\System\LvByVya.exe
  2⤵
  PID:488
- C:\Windows\System\NkTMibT.exe
  C:\Windows\System\NkTMibT.exe
  2⤵
  PID:2144
- C:\Windows\System\CpcqqgZ.exe
  C:\Windows\System\CpcqqgZ.exe
  2⤵
  PID:1752
- C:\Windows\System\IcdRGRJ.exe
  C:\Windows\System\IcdRGRJ.exe
  2⤵
  PID:2804
- C:\Windows\System\snzbQqn.exe
  C:\Windows\System\snzbQqn.exe
  2⤵
  PID:1040
- C:\Windows\System\uolnkpM.exe
  C:\Windows\System\uolnkpM.exe
  2⤵
  PID:1268
- C:\Windows\System\HNTDkhm.exe
  C:\Windows\System\HNTDkhm.exe
  2⤵
  PID:1272
- C:\Windows\System\FwcLUxN.exe
  C:\Windows\System\FwcLUxN.exe
  2⤵
  PID:2024
- C:\Windows\System\Tcpesgu.exe
  C:\Windows\System\Tcpesgu.exe
  2⤵
  PID:604
- C:\Windows\System\iUldxyd.exe
  C:\Windows\System\iUldxyd.exe
  2⤵
  PID:2984
- C:\Windows\System\IMsrTjJ.exe
  C:\Windows\System\IMsrTjJ.exe
  2⤵
  PID:556
- C:\Windows\System\mgDfAlZ.exe
  C:\Windows\System\mgDfAlZ.exe
  2⤵
  PID:1504
- C:\Windows\System\bwaYpNI.exe
  C:\Windows\System\bwaYpNI.exe
  2⤵
  PID:1408
- C:\Windows\System\WoEmtNl.exe
  C:\Windows\System\WoEmtNl.exe
  2⤵
  PID:1772
- C:\Windows\System\LFLvFpy.exe
  C:\Windows\System\LFLvFpy.exe
  2⤵
  PID:2832
- C:\Windows\System\lRyCEhN.exe
  C:\Windows\System\lRyCEhN.exe
  2⤵
  PID:2676
- C:\Windows\System\xfHTFUB.exe
  C:\Windows\System\xfHTFUB.exe
  2⤵
  PID:2304
- C:\Windows\System\ftMCNIP.exe
  C:\Windows\System\ftMCNIP.exe
  2⤵
  PID:2368
- C:\Windows\System\ahsDCcn.exe
  C:\Windows\System\ahsDCcn.exe
  2⤵
  PID:3084
- C:\Windows\System\hubyekc.exe
  C:\Windows\System\hubyekc.exe
  2⤵
  PID:3100
- C:\Windows\System\rHaIvYy.exe
  C:\Windows\System\rHaIvYy.exe
  2⤵
  PID:3120
- C:\Windows\System\KNjvIVk.exe
  C:\Windows\System\KNjvIVk.exe
  2⤵
  PID:3136
- C:\Windows\System\NmDdLAc.exe
  C:\Windows\System\NmDdLAc.exe
  2⤵
  PID:3152
- C:\Windows\System\QfNmkqP.exe
  C:\Windows\System\QfNmkqP.exe
  2⤵
  PID:3168
- C:\Windows\System\xxXFZwc.exe
  C:\Windows\System\xxXFZwc.exe
  2⤵
  PID:3184
- C:\Windows\System\SRFoXDW.exe
  C:\Windows\System\SRFoXDW.exe
  2⤵
  PID:3200
- C:\Windows\System\ehybSxk.exe
  C:\Windows\System\ehybSxk.exe
  2⤵
  PID:3216
- C:\Windows\System\EHZKLJo.exe
  C:\Windows\System\EHZKLJo.exe
  2⤵
  PID:3232
- C:\Windows\System\FkPWgMy.exe
  C:\Windows\System\FkPWgMy.exe
  2⤵
  PID:3248
- C:\Windows\System\JrMHGKA.exe
  C:\Windows\System\JrMHGKA.exe
  2⤵
  PID:3264
- C:\Windows\System\SafcJou.exe
  C:\Windows\System\SafcJou.exe
  2⤵
  PID:3280
- C:\Windows\System\WYxvGNI.exe
  C:\Windows\System\WYxvGNI.exe
  2⤵
  PID:3296
- C:\Windows\System\HeOFYlv.exe
  C:\Windows\System\HeOFYlv.exe
  2⤵
  PID:3312
- C:\Windows\System\kkuRiai.exe
  C:\Windows\System\kkuRiai.exe
  2⤵
  PID:3328
- C:\Windows\System\YygWeyP.exe
  C:\Windows\System\YygWeyP.exe
  2⤵
  PID:3344
- C:\Windows\System\mKNJwdD.exe
  C:\Windows\System\mKNJwdD.exe
  2⤵
  PID:3360
- C:\Windows\System\cjVhIDs.exe
  C:\Windows\System\cjVhIDs.exe
  2⤵
  PID:3376
- C:\Windows\System\GeAjDKg.exe
  C:\Windows\System\GeAjDKg.exe
  2⤵
  PID:3392
- C:\Windows\System\uahJMkT.exe
  C:\Windows\System\uahJMkT.exe
  2⤵
  PID:3408
- C:\Windows\System\PwBRSXE.exe
  C:\Windows\System\PwBRSXE.exe
  2⤵
  PID:3424
- C:\Windows\System\jlbdBwG.exe
  C:\Windows\System\jlbdBwG.exe
  2⤵
  PID:3440
- C:\Windows\System\OpCAwWb.exe
  C:\Windows\System\OpCAwWb.exe
  2⤵
  PID:3456
- C:\Windows\System\DLLfzCU.exe
  C:\Windows\System\DLLfzCU.exe
  2⤵
  PID:3472
- C:\Windows\System\TisItBG.exe
  C:\Windows\System\TisItBG.exe
  2⤵
  PID:3488
- C:\Windows\System\Fkfeweu.exe
  C:\Windows\System\Fkfeweu.exe
  2⤵
  PID:3504
- C:\Windows\System\BzkPYSM.exe
  C:\Windows\System\BzkPYSM.exe
  2⤵
  PID:3520
- C:\Windows\System\NyAubli.exe
  C:\Windows\System\NyAubli.exe
  2⤵
  PID:3536
- C:\Windows\System\oCoHjxp.exe
  C:\Windows\System\oCoHjxp.exe
  2⤵
  PID:3552
- C:\Windows\System\enHIUdL.exe
  C:\Windows\System\enHIUdL.exe
  2⤵
  PID:3572
- C:\Windows\System\ZQqKkrb.exe
  C:\Windows\System\ZQqKkrb.exe
  2⤵
  PID:3588
- C:\Windows\System\PrKDcNw.exe
  C:\Windows\System\PrKDcNw.exe
  2⤵
  PID:3604
- C:\Windows\System\KUJBpWN.exe
  C:\Windows\System\KUJBpWN.exe
  2⤵
  PID:3620
- C:\Windows\System\GCsqlpc.exe
  C:\Windows\System\GCsqlpc.exe
  2⤵
  PID:3636
- C:\Windows\System\iEhCjlz.exe
  C:\Windows\System\iEhCjlz.exe
  2⤵
  PID:3652
- C:\Windows\System\JRTkYXc.exe
  C:\Windows\System\JRTkYXc.exe
  2⤵
  PID:3672
- C:\Windows\System\WpgTTbR.exe
  C:\Windows\System\WpgTTbR.exe
  2⤵
  PID:3688
- C:\Windows\System\ZfLkcXk.exe
  C:\Windows\System\ZfLkcXk.exe
  2⤵
  PID:3704
- C:\Windows\System\whgfbVw.exe
  C:\Windows\System\whgfbVw.exe
  2⤵
  PID:3720
- C:\Windows\System\XlFnyEo.exe
  C:\Windows\System\XlFnyEo.exe
  2⤵
  PID:3736
- C:\Windows\System\tGUXgDC.exe
  C:\Windows\System\tGUXgDC.exe
  2⤵
  PID:3752
- C:\Windows\System\EOmintH.exe
  C:\Windows\System\EOmintH.exe
  2⤵
  PID:3768
- C:\Windows\System\sVzCtYT.exe
  C:\Windows\System\sVzCtYT.exe
  2⤵
  PID:3792
- C:\Windows\System\lqaeQxO.exe
  C:\Windows\System\lqaeQxO.exe
  2⤵
  PID:3812
- C:\Windows\System\lMcckLz.exe
  C:\Windows\System\lMcckLz.exe
  2⤵
  PID:3828
- C:\Windows\System\nFspZIT.exe
  C:\Windows\System\nFspZIT.exe
  2⤵
  PID:3844
- C:\Windows\System\KaqSwLN.exe
  C:\Windows\System\KaqSwLN.exe
  2⤵
  PID:3860
- C:\Windows\System\nitXjPv.exe
  C:\Windows\System\nitXjPv.exe
  2⤵
  PID:3876
- C:\Windows\System\RMaLUOK.exe
  C:\Windows\System\RMaLUOK.exe
  2⤵
  PID:3892
- C:\Windows\System\pTuNsYr.exe
  C:\Windows\System\pTuNsYr.exe
  2⤵
  PID:3908
- C:\Windows\System\DLGyeWk.exe
  C:\Windows\System\DLGyeWk.exe
  2⤵
  PID:3928
- C:\Windows\System\ZmtbBHn.exe
  C:\Windows\System\ZmtbBHn.exe
  2⤵
  PID:3944
- C:\Windows\System\tyuEQgl.exe
  C:\Windows\System\tyuEQgl.exe
  2⤵
  PID:3960
- C:\Windows\System\tjgXKug.exe
  C:\Windows\System\tjgXKug.exe
  2⤵
  PID:3976
- C:\Windows\System\EQFkZSa.exe
  C:\Windows\System\EQFkZSa.exe
  2⤵
  PID:3992
- C:\Windows\System\mFXVIly.exe
  C:\Windows\System\mFXVIly.exe
  2⤵
  PID:4008
- C:\Windows\System\XEmTNlL.exe
  C:\Windows\System\XEmTNlL.exe
  2⤵
  PID:4024
- C:\Windows\System\ZfjwVXI.exe
  C:\Windows\System\ZfjwVXI.exe
  2⤵
  PID:4040
- C:\Windows\System\tdMNcOZ.exe
  C:\Windows\System\tdMNcOZ.exe
  2⤵
  PID:4056
- C:\Windows\System\EGLpRhX.exe
  C:\Windows\System\EGLpRhX.exe
  2⤵
  PID:4072
- C:\Windows\System\uhwMwTy.exe
  C:\Windows\System\uhwMwTy.exe
  2⤵
  PID:4088
- C:\Windows\System\TnDdZxd.exe
  C:\Windows\System\TnDdZxd.exe
  2⤵
  PID:1552
- C:\Windows\System\EeJEjvS.exe
  C:\Windows\System\EeJEjvS.exe
  2⤵
  PID:1472
- C:\Windows\System\vyZtUbZ.exe
  C:\Windows\System\vyZtUbZ.exe
  2⤵
  PID:2172
- C:\Windows\System\FdytdIM.exe
  C:\Windows\System\FdytdIM.exe
  2⤵
  PID:3108
- C:\Windows\System\pPLrRdG.exe
  C:\Windows\System\pPLrRdG.exe
  2⤵
  PID:568
- C:\Windows\System\piYaPZu.exe
  C:\Windows\System\piYaPZu.exe
  2⤵
  PID:2432
- C:\Windows\System\jTTZvaX.exe
  C:\Windows\System\jTTZvaX.exe
  2⤵
  PID:2276
- C:\Windows\System\rgwnunH.exe
  C:\Windows\System\rgwnunH.exe
  2⤵
  PID:3076
- C:\Windows\System\YFtdOgk.exe
  C:\Windows\System\YFtdOgk.exe
  2⤵
  PID:3208
- C:\Windows\System\lhgUbMN.exe
  C:\Windows\System\lhgUbMN.exe
  2⤵
  PID:3272
- C:\Windows\System\VjmnmIy.exe
  C:\Windows\System\VjmnmIy.exe
  2⤵
  PID:3340
- C:\Windows\System\vjjSorF.exe
  C:\Windows\System\vjjSorF.exe
  2⤵
  PID:984
- C:\Windows\System\iRSFqhO.exe
  C:\Windows\System\iRSFqhO.exe
  2⤵
  PID:3096
- C:\Windows\System\WQRrScH.exe
  C:\Windows\System\WQRrScH.exe
  2⤵
  PID:1252
- C:\Windows\System\rvOjIQx.exe
  C:\Windows\System\rvOjIQx.exe
  2⤵
  PID:736
- C:\Windows\System\BlfSPdY.exe
  C:\Windows\System\BlfSPdY.exe
  2⤵
  PID:1916
- C:\Windows\System\Nfcdzbr.exe
  C:\Windows\System\Nfcdzbr.exe
  2⤵
  PID:2968
- C:\Windows\System\bXwykng.exe
  C:\Windows\System\bXwykng.exe
  2⤵
  PID:644
- C:\Windows\System\ZEFnzQa.exe
  C:\Windows\System\ZEFnzQa.exe
  2⤵
  PID:3320
- C:\Windows\System\zGmzTPw.exe
  C:\Windows\System\zGmzTPw.exe
  2⤵
  PID:3384
- C:\Windows\System\AfWWUVL.exe
  C:\Windows\System\AfWWUVL.exe
  2⤵
  PID:3436
- C:\Windows\System\tkTwYjS.exe
  C:\Windows\System\tkTwYjS.exe
  2⤵
  PID:3496
- C:\Windows\System\GEeYMcA.exe
  C:\Windows\System\GEeYMcA.exe
  2⤵
  PID:3164
- C:\Windows\System\rsAUwpK.exe
  C:\Windows\System\rsAUwpK.exe
  2⤵
  PID:3228
- C:\Windows\System\xVeRjwN.exe
  C:\Windows\System\xVeRjwN.exe
  2⤵
  PID:3528
- C:\Windows\System\NfvodVp.exe
  C:\Windows\System\NfvodVp.exe
  2⤵
  PID:3560
- C:\Windows\System\kQIXnow.exe
  C:\Windows\System\kQIXnow.exe
  2⤵
  PID:3416
- C:\Windows\System\ZKYSpYP.exe
  C:\Windows\System\ZKYSpYP.exe
  2⤵
  PID:3628
- C:\Windows\System\oxiehcE.exe
  C:\Windows\System\oxiehcE.exe
  2⤵
  PID:3644
- C:\Windows\System\HuYWMOp.exe
  C:\Windows\System\HuYWMOp.exe
  2⤵
  PID:3580
- C:\Windows\System\uVBUIYF.exe
  C:\Windows\System\uVBUIYF.exe
  2⤵
  PID:3648
- C:\Windows\System\cqdUbQr.exe
  C:\Windows\System\cqdUbQr.exe
  2⤵
  PID:3700
- C:\Windows\System\VeBVufR.exe
  C:\Windows\System\VeBVufR.exe
  2⤵
  PID:3764
- C:\Windows\System\QhTnxcC.exe
  C:\Windows\System\QhTnxcC.exe
  2⤵
  PID:3684
- C:\Windows\System\uFPcGzm.exe
  C:\Windows\System\uFPcGzm.exe
  2⤵
  PID:3840
- C:\Windows\System\KhLMxFi.exe
  C:\Windows\System\KhLMxFi.exe
  2⤵
  PID:3748
- C:\Windows\System\zmggwfB.exe
  C:\Windows\System\zmggwfB.exe
  2⤵
  PID:3824
- C:\Windows\System\bZwDMdY.exe
  C:\Windows\System\bZwDMdY.exe
  2⤵
  PID:3904
- C:\Windows\System\dKPzPaX.exe
  C:\Windows\System\dKPzPaX.exe
  2⤵
  PID:3940
- C:\Windows\System\eowtaEA.exe
  C:\Windows\System\eowtaEA.exe
  2⤵
  PID:4036
- C:\Windows\System\jlpYlqc.exe
  C:\Windows\System\jlpYlqc.exe
  2⤵
  PID:300
- C:\Windows\System\wrdYHVQ.exe
  C:\Windows\System\wrdYHVQ.exe
  2⤵
  PID:3952
- C:\Windows\System\DDjxMPR.exe
  C:\Windows\System\DDjxMPR.exe
  2⤵
  PID:3984
- C:\Windows\System\VJtsfyh.exe
  C:\Windows\System\VJtsfyh.exe
  2⤵
  PID:2164
- C:\Windows\System\WpDimmx.exe
  C:\Windows\System\WpDimmx.exe
  2⤵
  PID:1236
- C:\Windows\System\pEoimYE.exe
  C:\Windows\System\pEoimYE.exe
  2⤵
  PID:3276
- C:\Windows\System\bpTytNK.exe
  C:\Windows\System\bpTytNK.exe
  2⤵
  PID:4052
- C:\Windows\System\fNKqFQv.exe
  C:\Windows\System\fNKqFQv.exe
  2⤵
  PID:3368
- C:\Windows\System\OsgPCDq.exe
  C:\Windows\System\OsgPCDq.exe
  2⤵
  PID:3080
- C:\Windows\System\nhXKmdn.exe
  C:\Windows\System\nhXKmdn.exe
  2⤵
  PID:2584
- C:\Windows\System\EilfBTv.exe
  C:\Windows\System\EilfBTv.exe
  2⤵
  PID:3304
- C:\Windows\System\BCIdAWs.exe
  C:\Windows\System\BCIdAWs.exe
  2⤵
  PID:2696
- C:\Windows\System\EAitMgu.exe
  C:\Windows\System\EAitMgu.exe
  2⤵
  PID:3400
- C:\Windows\System\rAbdVKW.exe
  C:\Windows\System\rAbdVKW.exe
  2⤵
  PID:3260
- C:\Windows\System\nphktjd.exe
  C:\Windows\System\nphktjd.exe
  2⤵
  PID:864
- C:\Windows\System\WdZLnhx.exe
  C:\Windows\System\WdZLnhx.exe
  2⤵
  PID:3612
- C:\Windows\System\KhrbsBw.exe
  C:\Windows\System\KhrbsBw.exe
  2⤵
  PID:3732
- C:\Windows\System\rlTYvxa.exe
  C:\Windows\System\rlTYvxa.exe
  2⤵
  PID:4068
- C:\Windows\System\IipbfQa.exe
  C:\Windows\System\IipbfQa.exe
  2⤵
  PID:4004
- C:\Windows\System\ygcKLxj.exe
  C:\Windows\System\ygcKLxj.exe
  2⤵
  PID:988
- C:\Windows\System\MfDlAIN.exe
  C:\Windows\System\MfDlAIN.exe
  2⤵
  PID:3464
- C:\Windows\System\zdkYsgv.exe
  C:\Windows\System\zdkYsgv.exe
  2⤵
  PID:3564
- C:\Windows\System\FQlIXDY.exe
  C:\Windows\System\FQlIXDY.exe
  2⤵
  PID:3696
- C:\Windows\System\YRYjfcb.exe
  C:\Windows\System\YRYjfcb.exe
  2⤵
  PID:3744
- C:\Windows\System\UKGnjzX.exe
  C:\Windows\System\UKGnjzX.exe
  2⤵
  PID:3916
- C:\Windows\System\VoowXdl.exe
  C:\Windows\System\VoowXdl.exe
  2⤵
  PID:3176
- C:\Windows\System\yNvWfDA.exe
  C:\Windows\System\yNvWfDA.exe
  2⤵
  PID:2660
- C:\Windows\System\YrkoWte.exe
  C:\Windows\System\YrkoWte.exe
  2⤵
  PID:3160
- C:\Windows\System\ojWgDET.exe
  C:\Windows\System\ojWgDET.exe
  2⤵
  PID:3836
- C:\Windows\System\keBJqBO.exe
  C:\Windows\System\keBJqBO.exe
  2⤵
  PID:4080
- C:\Windows\System\RlWXmax.exe
  C:\Windows\System\RlWXmax.exe
  2⤵
  PID:3288
- C:\Windows\System\glBSPfr.exe
  C:\Windows\System\glBSPfr.exe
  2⤵
  PID:4048
- C:\Windows\System\GxXkPtZ.exe
  C:\Windows\System\GxXkPtZ.exe
  2⤵
  PID:3808
- C:\Windows\System\aaeKdfn.exe
  C:\Windows\System\aaeKdfn.exe
  2⤵
  PID:3532
- C:\Windows\System\GIjSSMS.exe
  C:\Windows\System\GIjSSMS.exe
  2⤵
  PID:3712
- C:\Windows\System\IJepiag.exe
  C:\Windows\System\IJepiag.exe
  2⤵
  PID:2760
- C:\Windows\System\pDwKSMX.exe
  C:\Windows\System\pDwKSMX.exe
  2⤵
  PID:2176
- C:\Windows\System\Hoyfcqh.exe
  C:\Windows\System\Hoyfcqh.exe
  2⤵
  PID:2364
- C:\Windows\System\lpofafP.exe
  C:\Windows\System\lpofafP.exe
  2⤵
  PID:4032
- C:\Windows\System\CSQEvQZ.exe
  C:\Windows\System\CSQEvQZ.exe
  2⤵
  PID:684
- C:\Windows\System\SaNtmGt.exe
  C:\Windows\System\SaNtmGt.exe
  2⤵
  PID:2476
- C:\Windows\System\DZMFdSn.exe
  C:\Windows\System\DZMFdSn.exe
  2⤵
  PID:3872
- C:\Windows\System\NiZjuCv.exe
  C:\Windows\System\NiZjuCv.exe
  2⤵
  PID:4104
- C:\Windows\System\bycBHic.exe
  C:\Windows\System\bycBHic.exe
  2⤵
  PID:4120
- C:\Windows\System\pRqFTWv.exe
  C:\Windows\System\pRqFTWv.exe
  2⤵
  PID:4136
- C:\Windows\System\LxDJaAj.exe
  C:\Windows\System\LxDJaAj.exe
  2⤵
  PID:4152
- C:\Windows\System\rrNcQyu.exe
  C:\Windows\System\rrNcQyu.exe
  2⤵
  PID:4168
- C:\Windows\System\FZBwEVY.exe
  C:\Windows\System\FZBwEVY.exe
  2⤵
  PID:4184
- C:\Windows\System\RwhGiVu.exe
  C:\Windows\System\RwhGiVu.exe
  2⤵
  PID:4200
- C:\Windows\System\huyttDk.exe
  C:\Windows\System\huyttDk.exe
  2⤵
  PID:4216
- C:\Windows\System\fLgvYTr.exe
  C:\Windows\System\fLgvYTr.exe
  2⤵
  PID:4232
- C:\Windows\System\KJlrGpL.exe
  C:\Windows\System\KJlrGpL.exe
  2⤵
  PID:4248
- C:\Windows\System\gPzRxgr.exe
  C:\Windows\System\gPzRxgr.exe
  2⤵
  PID:4264
- C:\Windows\System\dYYdQuU.exe
  C:\Windows\System\dYYdQuU.exe
  2⤵
  PID:4280
- C:\Windows\System\UxkcklM.exe
  C:\Windows\System\UxkcklM.exe
  2⤵
  PID:4296
- C:\Windows\System\ULQNxbc.exe
  C:\Windows\System\ULQNxbc.exe
  2⤵
  PID:4312
- C:\Windows\System\IYbZORn.exe
  C:\Windows\System\IYbZORn.exe
  2⤵
  PID:4328
- C:\Windows\System\UDVyNPZ.exe
  C:\Windows\System\UDVyNPZ.exe
  2⤵
  PID:4344
- C:\Windows\System\NCsyadj.exe
  C:\Windows\System\NCsyadj.exe
  2⤵
  PID:4360
- C:\Windows\System\YYifmcx.exe
  C:\Windows\System\YYifmcx.exe
  2⤵
  PID:4376
- C:\Windows\System\QCSXdYy.exe
  C:\Windows\System\QCSXdYy.exe
  2⤵
  PID:4392
- C:\Windows\System\ronQidA.exe
  C:\Windows\System\ronQidA.exe
  2⤵
  PID:4412
- C:\Windows\System\SAJfiTJ.exe
  C:\Windows\System\SAJfiTJ.exe
  2⤵
  PID:4428
- C:\Windows\System\HzzFAkO.exe
  C:\Windows\System\HzzFAkO.exe
  2⤵
  PID:4444
- C:\Windows\System\NFPrIhL.exe
  C:\Windows\System\NFPrIhL.exe
  2⤵
  PID:4460
- C:\Windows\System\hPzjbLF.exe
  C:\Windows\System\hPzjbLF.exe
  2⤵
  PID:4476
- C:\Windows\System\uTernbk.exe
  C:\Windows\System\uTernbk.exe
  2⤵
  PID:4492
- C:\Windows\System\kiBdABD.exe
  C:\Windows\System\kiBdABD.exe
  2⤵
  PID:4508
- C:\Windows\System\VipcQRk.exe
  C:\Windows\System\VipcQRk.exe
  2⤵
  PID:4524
- C:\Windows\System\lhdSwZq.exe
  C:\Windows\System\lhdSwZq.exe
  2⤵
  PID:4540
- C:\Windows\System\iqhHAfn.exe
  C:\Windows\System\iqhHAfn.exe
  2⤵
  PID:4556
- C:\Windows\System\CvNLkAk.exe
  C:\Windows\System\CvNLkAk.exe
  2⤵
  PID:4572
- C:\Windows\System\wTUpQmg.exe
  C:\Windows\System\wTUpQmg.exe
  2⤵
  PID:4588
- C:\Windows\System\VkmriGq.exe
  C:\Windows\System\VkmriGq.exe
  2⤵
  PID:4604
- C:\Windows\System\ogxvkot.exe
  C:\Windows\System\ogxvkot.exe
  2⤵
  PID:4620
- C:\Windows\System\AjmDkIk.exe
  C:\Windows\System\AjmDkIk.exe
  2⤵
  PID:4636
- C:\Windows\System\MmZjKiC.exe
  C:\Windows\System\MmZjKiC.exe
  2⤵
  PID:4652
- C:\Windows\System\fPZcZUi.exe
  C:\Windows\System\fPZcZUi.exe
  2⤵
  PID:4668
- C:\Windows\System\WsLrFzD.exe
  C:\Windows\System\WsLrFzD.exe
  2⤵
  PID:4684
- C:\Windows\System\wtTgtVB.exe
  C:\Windows\System\wtTgtVB.exe
  2⤵
  PID:4700
- C:\Windows\System\nVPXPYy.exe
  C:\Windows\System\nVPXPYy.exe
  2⤵
  PID:4716
- C:\Windows\System\LXTnZSW.exe
  C:\Windows\System\LXTnZSW.exe
  2⤵
  PID:4732
- C:\Windows\System\FtAUmrv.exe
  C:\Windows\System\FtAUmrv.exe
  2⤵
  PID:4748
- C:\Windows\System\RiHReVq.exe
  C:\Windows\System\RiHReVq.exe
  2⤵
  PID:4764
- C:\Windows\System\sHaVKgW.exe
  C:\Windows\System\sHaVKgW.exe
  2⤵
  PID:4780
- C:\Windows\System\EsgOpPn.exe
  C:\Windows\System\EsgOpPn.exe
  2⤵
  PID:4796
- C:\Windows\System\TCGRsIx.exe
  C:\Windows\System\TCGRsIx.exe
  2⤵
  PID:4812
- C:\Windows\System\kWZwBAh.exe
  C:\Windows\System\kWZwBAh.exe
  2⤵
  PID:4828
- C:\Windows\System\UvKldhP.exe
  C:\Windows\System\UvKldhP.exe
  2⤵
  PID:4844
- C:\Windows\System\wCiWKRU.exe
  C:\Windows\System\wCiWKRU.exe
  2⤵
  PID:4860
- C:\Windows\System\dDwffIa.exe
  C:\Windows\System\dDwffIa.exe
  2⤵
  PID:4876
- C:\Windows\System\GozuLSS.exe
  C:\Windows\System\GozuLSS.exe
  2⤵
  PID:4892
- C:\Windows\System\QsbmNOQ.exe
  C:\Windows\System\QsbmNOQ.exe
  2⤵
  PID:4908
- C:\Windows\System\JJuUTRN.exe
  C:\Windows\System\JJuUTRN.exe
  2⤵
  PID:4924
- C:\Windows\System\tTTahpo.exe
  C:\Windows\System\tTTahpo.exe
  2⤵
  PID:4940
- C:\Windows\System\JGlezqY.exe
  C:\Windows\System\JGlezqY.exe
  2⤵
  PID:4956
- C:\Windows\System\EmxLqGl.exe
  C:\Windows\System\EmxLqGl.exe
  2⤵
  PID:4972
- C:\Windows\System\LklSuBK.exe
  C:\Windows\System\LklSuBK.exe
  2⤵
  PID:4988
- C:\Windows\System\bvsyohk.exe
  C:\Windows\System\bvsyohk.exe
  2⤵
  PID:5004
- C:\Windows\System\JtQkOSV.exe
  C:\Windows\System\JtQkOSV.exe
  2⤵
  PID:5020
- C:\Windows\System\keXQKXg.exe
  C:\Windows\System\keXQKXg.exe
  2⤵
  PID:5036
- C:\Windows\System\DaPGShw.exe
  C:\Windows\System\DaPGShw.exe
  2⤵
  PID:5052
- C:\Windows\System\VAAZfcq.exe
  C:\Windows\System\VAAZfcq.exe
  2⤵
  PID:5068
- C:\Windows\System\vIavyhl.exe
  C:\Windows\System\vIavyhl.exe
  2⤵
  PID:5084
- C:\Windows\System\ZMjhLOm.exe
  C:\Windows\System\ZMjhLOm.exe
  2⤵
  PID:5100
- C:\Windows\System\sNSdJQR.exe
  C:\Windows\System\sNSdJQR.exe
  2⤵
  PID:5116
- C:\Windows\System\IhyvNZq.exe
  C:\Windows\System\IhyvNZq.exe
  2⤵
  PID:4100
- C:\Windows\System\lMCqcmJ.exe
  C:\Windows\System\lMCqcmJ.exe
  2⤵
  PID:4164
- C:\Windows\System\UPzmlqb.exe
  C:\Windows\System\UPzmlqb.exe
  2⤵
  PID:4224
- C:\Windows\System\IMOORqn.exe
  C:\Windows\System\IMOORqn.exe
  2⤵
  PID:3148
- C:\Windows\System\drGFrmv.exe
  C:\Windows\System\drGFrmv.exe
  2⤵
  PID:4180
- C:\Windows\System\cLgtkZD.exe
  C:\Windows\System\cLgtkZD.exe
  2⤵
  PID:4208
- C:\Windows\System\hxgtSeZ.exe
  C:\Windows\System\hxgtSeZ.exe
  2⤵
  PID:4400
- C:\Windows\System\uCrUIEa.exe
  C:\Windows\System\uCrUIEa.exe
  2⤵
  PID:4308
- C:\Windows\System\BmhaivT.exe
  C:\Windows\System\BmhaivT.exe
  2⤵
  PID:4372
- C:\Windows\System\vGlIsSQ.exe
  C:\Windows\System\vGlIsSQ.exe
  2⤵
  PID:4292
- C:\Windows\System\tqytdXl.exe
  C:\Windows\System\tqytdXl.exe
  2⤵
  PID:4356
- C:\Windows\System\Nograbp.exe
  C:\Windows\System\Nograbp.exe
  2⤵
  PID:4388
- C:\Windows\System\TaOlnun.exe
  C:\Windows\System\TaOlnun.exe
  2⤵
  PID:4440
- C:\Windows\System\GkdJjEq.exe
  C:\Windows\System\GkdJjEq.exe
  2⤵
  PID:4488
- C:\Windows\System\RIRYHgW.exe
  C:\Windows\System\RIRYHgW.exe
  2⤵
  PID:4548
- C:\Windows\System\FOCfEQd.exe
  C:\Windows\System\FOCfEQd.exe
  2⤵
  PID:4584
- C:\Windows\System\rRuaPoO.exe
  C:\Windows\System\rRuaPoO.exe
  2⤵
  PID:4468
- C:\Windows\System\iGtdRwi.exe
  C:\Windows\System\iGtdRwi.exe
  2⤵
  PID:4500
- C:\Windows\System\fgSIifT.exe
  C:\Windows\System\fgSIifT.exe
  2⤵
  PID:4596
- C:\Windows\System\ulGdxmu.exe
  C:\Windows\System\ulGdxmu.exe
  2⤵
  PID:4660
- C:\Windows\System\FbUpnjQ.exe
  C:\Windows\System\FbUpnjQ.exe
  2⤵
  PID:4712
- C:\Windows\System\yLnCaGI.exe
  C:\Windows\System\yLnCaGI.exe
  2⤵
  PID:4772
- C:\Windows\System\SEFlbQz.exe
  C:\Windows\System\SEFlbQz.exe
  2⤵
  PID:4836
- C:\Windows\System\nTwwuxR.exe
  C:\Windows\System\nTwwuxR.exe
  2⤵
  PID:4900
- C:\Windows\System\sexQIcC.exe
  C:\Windows\System\sexQIcC.exe
  2⤵
  PID:4856
- C:\Windows\System\WuaSjdc.exe
  C:\Windows\System\WuaSjdc.exe
  2⤵
  PID:4888
- C:\Windows\System\dHavRyq.exe
  C:\Windows\System\dHavRyq.exe
  2⤵
  PID:4696
- C:\Windows\System\hFOlPun.exe
  C:\Windows\System\hFOlPun.exe
  2⤵
  PID:4968
- C:\Windows\System\yLaCzEU.exe
  C:\Windows\System\yLaCzEU.exe
  2⤵
  PID:5032
- C:\Windows\System\WNPtrHt.exe
  C:\Windows\System\WNPtrHt.exe
  2⤵
  PID:5092
- C:\Windows\System\eQMCHic.exe
  C:\Windows\System\eQMCHic.exe
  2⤵
  PID:3616
- C:\Windows\System\pIrmiJE.exe
  C:\Windows\System\pIrmiJE.exe
  2⤵
  PID:4952
- C:\Windows\System\zdmnsFh.exe
  C:\Windows\System\zdmnsFh.exe
  2⤵
  PID:5016
- C:\Windows\System\WKoQaOP.exe
  C:\Windows\System\WKoQaOP.exe
  2⤵
  PID:5080
- C:\Windows\System\hUySTfm.exe
  C:\Windows\System\hUySTfm.exe
  2⤵
  PID:4132
- C:\Windows\System\aaCCLyQ.exe
  C:\Windows\System\aaCCLyQ.exe
  2⤵
  PID:4112
- C:\Windows\System\PoTfLBA.exe
  C:\Windows\System\PoTfLBA.exe
  2⤵
  PID:4336
- C:\Windows\System\cRLHOMC.exe
  C:\Windows\System\cRLHOMC.exe
  2⤵
  PID:4552
- C:\Windows\System\aUarEMu.exe
  C:\Windows\System\aUarEMu.exe
  2⤵
  PID:4424
- C:\Windows\System\VBNeGSj.exe
  C:\Windows\System\VBNeGSj.exe
  2⤵
  PID:2548
- C:\Windows\System\RGPtnTz.exe
  C:\Windows\System\RGPtnTz.exe
  2⤵
  PID:4384
- C:\Windows\System\nalcqbK.exe
  C:\Windows\System\nalcqbK.exe
  2⤵
  PID:4288
- C:\Windows\System\GwCBDSK.exe
  C:\Windows\System\GwCBDSK.exe
  2⤵
  PID:4644
- C:\Windows\System\FCIcPLZ.exe
  C:\Windows\System\FCIcPLZ.exe
  2⤵
  PID:4680
- C:\Windows\System\rFIzlnC.exe
  C:\Windows\System\rFIzlnC.exe
  2⤵
  PID:4808
- C:\Windows\System\MMRiLar.exe
  C:\Windows\System\MMRiLar.exe
  2⤵
  PID:4744
- C:\Windows\System\jXqqYou.exe
  C:\Windows\System\jXqqYou.exe
  2⤵
  PID:5000
- C:\Windows\System\ERiFpEf.exe
  C:\Windows\System\ERiFpEf.exe
  2⤵
  PID:5096
- C:\Windows\System\OwGIVRu.exe
  C:\Windows\System\OwGIVRu.exe
  2⤵
  PID:5112
- C:\Windows\System\XXCoGNI.exe
  C:\Windows\System\XXCoGNI.exe
  2⤵
  PID:4240
- C:\Windows\System\hZOqJjR.exe
  C:\Windows\System\hZOqJjR.exe
  2⤵
  PID:4536
- C:\Windows\System\mqECRzm.exe
  C:\Windows\System\mqECRzm.exe
  2⤵
  PID:4804
- C:\Windows\System\CeKOGvj.exe
  C:\Windows\System\CeKOGvj.exe
  2⤵
  PID:4884
- C:\Windows\System\clywiXo.exe
  C:\Windows\System\clywiXo.exe
  2⤵
  PID:1620
- C:\Windows\System\AbrGyEz.exe
  C:\Windows\System\AbrGyEz.exe
  2⤵
  PID:5124
- C:\Windows\System\emXLLaE.exe
  C:\Windows\System\emXLLaE.exe
  2⤵
  PID:5140
- C:\Windows\System\vSZNTOt.exe
  C:\Windows\System\vSZNTOt.exe
  2⤵
  PID:5156
- C:\Windows\System\RZvPLjI.exe
  C:\Windows\System\RZvPLjI.exe
  2⤵
  PID:5172
- C:\Windows\System\xJtFFwk.exe
  C:\Windows\System\xJtFFwk.exe
  2⤵
  PID:5188
- C:\Windows\System\PrYxWBu.exe
  C:\Windows\System\PrYxWBu.exe
  2⤵
  PID:5204
- C:\Windows\System\ePqRwdd.exe
  C:\Windows\System\ePqRwdd.exe
  2⤵
  PID:5220
- C:\Windows\System\eLLAYpy.exe
  C:\Windows\System\eLLAYpy.exe
  2⤵
  PID:5236
- C:\Windows\System\cUeYpyV.exe
  C:\Windows\System\cUeYpyV.exe
  2⤵
  PID:5252
- C:\Windows\System\GtWXspn.exe
  C:\Windows\System\GtWXspn.exe
  2⤵
  PID:5268
- C:\Windows\System\zLijisH.exe
  C:\Windows\System\zLijisH.exe
  2⤵
  PID:5284
- C:\Windows\System\bRETGmF.exe
  C:\Windows\System\bRETGmF.exe
  2⤵
  PID:5300
- C:\Windows\System\MdvgKdn.exe
  C:\Windows\System\MdvgKdn.exe
  2⤵
  PID:5316
- C:\Windows\System\AtFiVwk.exe
  C:\Windows\System\AtFiVwk.exe
  2⤵
  PID:5332
- C:\Windows\System\AbWMxul.exe
  C:\Windows\System\AbWMxul.exe
  2⤵
  PID:5352
- C:\Windows\System\QStAznR.exe
  C:\Windows\System\QStAznR.exe
  2⤵
  PID:5368
- C:\Windows\System\VlAhHEC.exe
  C:\Windows\System\VlAhHEC.exe
  2⤵
  PID:5384
- C:\Windows\System\kSSNGnp.exe
  C:\Windows\System\kSSNGnp.exe
  2⤵
  PID:5408
- C:\Windows\System\XPyVdXS.exe
  C:\Windows\System\XPyVdXS.exe
  2⤵
  PID:5424
- C:\Windows\System\SGidbHA.exe
  C:\Windows\System\SGidbHA.exe
  2⤵
  PID:5440
- C:\Windows\System\ziMOXpg.exe
  C:\Windows\System\ziMOXpg.exe
  2⤵
  PID:5456
- C:\Windows\System\dOQZBBY.exe
  C:\Windows\System\dOQZBBY.exe
  2⤵
  PID:5472
- C:\Windows\System\TEtlmUe.exe
  C:\Windows\System\TEtlmUe.exe
  2⤵
  PID:5488
- C:\Windows\System\ZCEicXU.exe
  C:\Windows\System\ZCEicXU.exe
  2⤵
  PID:5504
- C:\Windows\System\mrrnBzv.exe
  C:\Windows\System\mrrnBzv.exe
  2⤵
  PID:5520
- C:\Windows\System\sFNROxk.exe
  C:\Windows\System\sFNROxk.exe
  2⤵
  PID:5536
- C:\Windows\System\JLEDBEa.exe
  C:\Windows\System\JLEDBEa.exe
  2⤵
  PID:5552
- C:\Windows\System\WDwTIwp.exe
  C:\Windows\System\WDwTIwp.exe
  2⤵
  PID:5568
- C:\Windows\System\HhUPiuQ.exe
  C:\Windows\System\HhUPiuQ.exe
  2⤵
  PID:5584
- C:\Windows\System\waOlBYx.exe
  C:\Windows\System\waOlBYx.exe
  2⤵
  PID:5600
- C:\Windows\System\wmGJQKX.exe
  C:\Windows\System\wmGJQKX.exe
  2⤵
  PID:5616
- C:\Windows\System\BsaUmeD.exe
  C:\Windows\System\BsaUmeD.exe
  2⤵
  PID:5632
- C:\Windows\System\eKwMXQa.exe
  C:\Windows\System\eKwMXQa.exe
  2⤵
  PID:5648
- C:\Windows\System\bffGBhS.exe
  C:\Windows\System\bffGBhS.exe
  2⤵
  PID:5664
- C:\Windows\System\SrksNxh.exe
  C:\Windows\System\SrksNxh.exe
  2⤵
  PID:5680
- C:\Windows\System\IJHeGWu.exe
  C:\Windows\System\IJHeGWu.exe
  2⤵
  PID:5696
- C:\Windows\System\rUxoafl.exe
  C:\Windows\System\rUxoafl.exe
  2⤵
  PID:5712
- C:\Windows\System\IHHsLQK.exe
  C:\Windows\System\IHHsLQK.exe
  2⤵
  PID:5728
- C:\Windows\System\QspeBzp.exe
  C:\Windows\System\QspeBzp.exe
  2⤵
  PID:5752
- C:\Windows\System\vACgxAN.exe
  C:\Windows\System\vACgxAN.exe
  2⤵
  PID:5768
- C:\Windows\System\SoMHPaB.exe
  C:\Windows\System\SoMHPaB.exe
  2⤵
  PID:5784
- C:\Windows\System\uEbnBLT.exe
  C:\Windows\System\uEbnBLT.exe
  2⤵
  PID:5800
- C:\Windows\System\xRrXVOM.exe
  C:\Windows\System\xRrXVOM.exe
  2⤵
  PID:5820
- C:\Windows\System\sRuAYoE.exe
  C:\Windows\System\sRuAYoE.exe
  2⤵
  PID:5840
- C:\Windows\System\bPoHcfC.exe
  C:\Windows\System\bPoHcfC.exe
  2⤵
  PID:5860
- C:\Windows\System\XrQkmpp.exe
  C:\Windows\System\XrQkmpp.exe
  2⤵
  PID:5876
- C:\Windows\System\VIWNlZm.exe
  C:\Windows\System\VIWNlZm.exe
  2⤵
  PID:5892
- C:\Windows\System\AGRPuZG.exe
  C:\Windows\System\AGRPuZG.exe
  2⤵
  PID:5908
- C:\Windows\System\lRRCSkl.exe
  C:\Windows\System\lRRCSkl.exe
  2⤵
  PID:5928
- C:\Windows\System\DnWAmYw.exe
  C:\Windows\System\DnWAmYw.exe
  2⤵
  PID:5944
- C:\Windows\System\AqauQzZ.exe
  C:\Windows\System\AqauQzZ.exe
  2⤵
  PID:5960
- C:\Windows\System\sKAuMwN.exe
  C:\Windows\System\sKAuMwN.exe
  2⤵
  PID:5976
- C:\Windows\System\YGUwDLf.exe
  C:\Windows\System\YGUwDLf.exe
  2⤵
  PID:5992
- C:\Windows\System\QOQWDrB.exe
  C:\Windows\System\QOQWDrB.exe
  2⤵
  PID:6012
- C:\Windows\System\HddPZpP.exe
  C:\Windows\System\HddPZpP.exe
  2⤵
  PID:6028
- C:\Windows\System\dOUyHDk.exe
  C:\Windows\System\dOUyHDk.exe
  2⤵
  PID:6048
- C:\Windows\System\KdLfRYy.exe
  C:\Windows\System\KdLfRYy.exe
  2⤵
  PID:6064
- C:\Windows\System\BlEeSiL.exe
  C:\Windows\System\BlEeSiL.exe
  2⤵
  PID:6080
- C:\Windows\System\XvfQTPM.exe
  C:\Windows\System\XvfQTPM.exe
  2⤵
  PID:6096
- C:\Windows\System\nRdZyfk.exe
  C:\Windows\System\nRdZyfk.exe
  2⤵
  PID:4148
- C:\Windows\System\Qvozszm.exe
  C:\Windows\System\Qvozszm.exe
  2⤵
  PID:5280
- C:\Windows\System\ZNFUHBh.exe
  C:\Windows\System\ZNFUHBh.exe
  2⤵
  PID:4160
- C:\Windows\System\MqjdCfN.exe
  C:\Windows\System\MqjdCfN.exe
  2⤵
  PID:5168
- C:\Windows\System\skuPQTp.exe
  C:\Windows\System\skuPQTp.exe
  2⤵
  PID:4760
- C:\Windows\System\LSmcjGe.exe
  C:\Windows\System\LSmcjGe.exe
  2⤵
  PID:5132
- C:\Windows\System\qhbObZL.exe
  C:\Windows\System\qhbObZL.exe
  2⤵
  PID:5196
- C:\Windows\System\qrmrXPf.exe
  C:\Windows\System\qrmrXPf.exe
  2⤵
  PID:5260
- C:\Windows\System\reFdQYt.exe
  C:\Windows\System\reFdQYt.exe
  2⤵
  PID:5324
- C:\Windows\System\PhZKjrl.exe
  C:\Windows\System\PhZKjrl.exe
  2⤵
  PID:5380
- C:\Windows\System\FrRUXJy.exe
  C:\Windows\System\FrRUXJy.exe
  2⤵
  PID:5416
- C:\Windows\System\UveynLR.exe
  C:\Windows\System\UveynLR.exe
  2⤵
  PID:5484
- C:\Windows\System\WqFCZgv.exe
  C:\Windows\System\WqFCZgv.exe
  2⤵
  PID:5500
- C:\Windows\System\HTAvfDO.exe
  C:\Windows\System\HTAvfDO.exe
  2⤵
  PID:5436
- C:\Windows\System\FakaLcC.exe
  C:\Windows\System\FakaLcC.exe
  2⤵
  PID:5360
- C:\Windows\System\swTakIH.exe
  C:\Windows\System\swTakIH.exe
  2⤵
  PID:5548
- C:\Windows\System\MZOXFHj.exe
  C:\Windows\System\MZOXFHj.exe
  2⤵
  PID:5640
- C:\Windows\System\QctoOOU.exe
  C:\Windows\System\QctoOOU.exe
  2⤵
  PID:5564
- C:\Windows\System\YexFOvb.exe
  C:\Windows\System\YexFOvb.exe
  2⤵
  PID:5656
- C:\Windows\System\wjTJHzr.exe
  C:\Windows\System\wjTJHzr.exe
  2⤵
  PID:5592
- C:\Windows\System\hxMxVvM.exe
  C:\Windows\System\hxMxVvM.exe
  2⤵
  PID:5720
- C:\Windows\System\LkTcpvO.exe
  C:\Windows\System\LkTcpvO.exe
  2⤵
  PID:5736
- C:\Windows\System\vHHHodA.exe
  C:\Windows\System\vHHHodA.exe
  2⤵
  PID:5780
- C:\Windows\System\cKTrREz.exe
  C:\Windows\System\cKTrREz.exe
  2⤵
  PID:5764
- C:\Windows\System\JNXlvOq.exe
  C:\Windows\System\JNXlvOq.exe
  2⤵
  PID:5884
- C:\Windows\System\eGreBdz.exe
  C:\Windows\System\eGreBdz.exe
  2⤵
  PID:5924
- C:\Windows\System\AUIWJgB.exe
  C:\Windows\System\AUIWJgB.exe
  2⤵
  PID:5796
- C:\Windows\System\MOTVHat.exe
  C:\Windows\System\MOTVHat.exe
  2⤵
  PID:5832
- C:\Windows\System\BMJpsdt.exe
  C:\Windows\System\BMJpsdt.exe
  2⤵
  PID:5956
- C:\Windows\System\mJVSUTu.exe
  C:\Windows\System\mJVSUTu.exe
  2⤵
  PID:5988
- C:\Windows\System\zBqdrAQ.exe
  C:\Windows\System\zBqdrAQ.exe
  2⤵
  PID:6000
- C:\Windows\System\BElrEUe.exe
  C:\Windows\System\BElrEUe.exe
  2⤵
  PID:6036
- C:\Windows\System\uSHYYdG.exe
  C:\Windows\System\uSHYYdG.exe
  2⤵
  PID:6060
- C:\Windows\System\McJXEGZ.exe
  C:\Windows\System\McJXEGZ.exe
  2⤵
  PID:1548
- C:\Windows\System\FRJQfKL.exe
  C:\Windows\System\FRJQfKL.exe
  2⤵
  PID:5152
- C:\Windows\System\JWLaQEu.exe
  C:\Windows\System\JWLaQEu.exe
  2⤵
  PID:6132
- C:\Windows\System\FROkqul.exe
  C:\Windows\System\FROkqul.exe
  2⤵
  PID:4228
- C:\Windows\System\pCWCBRL.exe
  C:\Windows\System\pCWCBRL.exe
  2⤵
  PID:4792
- C:\Windows\System\PQclirL.exe
  C:\Windows\System\PQclirL.exe
  2⤵
  PID:5148
- C:\Windows\System\unfFIDH.exe
  C:\Windows\System\unfFIDH.exe
  2⤵
  PID:5216
- C:\Windows\System\ISXmioO.exe
  C:\Windows\System\ISXmioO.exe
  2⤵
  PID:4632
- C:\Windows\System\NaijRVk.exe
  C:\Windows\System\NaijRVk.exe
  2⤵
  PID:1372
- C:\Windows\System\yApyknz.exe
  C:\Windows\System\yApyknz.exe
  2⤵
  PID:4868
- C:\Windows\System\yqWciFT.exe
  C:\Windows\System\yqWciFT.exe
  2⤵
  PID:5232
- C:\Windows\System\FgUCiIC.exe
  C:\Windows\System\FgUCiIC.exe
  2⤵
  PID:5396
- C:\Windows\System\auIYJcl.exe
  C:\Windows\System\auIYJcl.exe
  2⤵
  PID:5400
- C:\Windows\System\IJIpDkJ.exe
  C:\Windows\System\IJIpDkJ.exe
  2⤵
  PID:5404
- C:\Windows\System\OfrKrpo.exe
  C:\Windows\System\OfrKrpo.exe
  2⤵
  PID:5692
- C:\Windows\System\YxEYkja.exe
  C:\Windows\System\YxEYkja.exe
  2⤵
  PID:4920
- C:\Windows\System\PuNisVH.exe
  C:\Windows\System\PuNisVH.exe
  2⤵
  PID:5420
- C:\Windows\System\YOZmpwb.exe
  C:\Windows\System\YOZmpwb.exe
  2⤵
  PID:5580
- C:\Windows\System\QVDkKUY.exe
  C:\Windows\System\QVDkKUY.exe
  2⤵
  PID:5900
- C:\Windows\System\mbKoyRr.exe
  C:\Windows\System\mbKoyRr.exe
  2⤵
  PID:5828
- C:\Windows\System\DVJpAhF.exe
  C:\Windows\System\DVJpAhF.exe
  2⤵
  PID:5856
- C:\Windows\System\DfkHxWF.exe
  C:\Windows\System\DfkHxWF.exe
  2⤵
  PID:5968
- C:\Windows\System\qRpiTYx.exe
  C:\Windows\System\qRpiTYx.exe
  2⤵
  PID:5972
- C:\Windows\System\grrcTDy.exe
  C:\Windows\System\grrcTDy.exe
  2⤵
  PID:6092
- C:\Windows\System\kIZEqik.exe
  C:\Windows\System\kIZEqik.exe
  2⤵
  PID:4964
- C:\Windows\System\TwFTHHc.exe
  C:\Windows\System\TwFTHHc.exe
  2⤵
  PID:5344
- C:\Windows\System\Rdzooqw.exe
  C:\Windows\System\Rdzooqw.exe
  2⤵
  PID:4520
- C:\Windows\System\IAkDHOW.exe
  C:\Windows\System\IAkDHOW.exe
  2⤵
  PID:5248
- C:\Windows\System\veDUrIs.exe
  C:\Windows\System\veDUrIs.exe
  2⤵
  PID:5276
- C:\Windows\System\DlIlfaz.exe
  C:\Windows\System\DlIlfaz.exe
  2⤵
  PID:5392
- C:\Windows\System\nNBkPmE.exe
  C:\Windows\System\nNBkPmE.exe
  2⤵
  PID:5452
- C:\Windows\System\nJsejLL.exe
  C:\Windows\System\nJsejLL.exe
  2⤵
  PID:6112
- C:\Windows\System\MmXSzhE.exe
  C:\Windows\System\MmXSzhE.exe
  2⤵
  PID:5496
- C:\Windows\System\wkTyvvu.exe
  C:\Windows\System\wkTyvvu.exe
  2⤵
  PID:5920
- C:\Windows\System\zGWFeGc.exe
  C:\Windows\System\zGWFeGc.exe
  2⤵
  PID:5740
- C:\Windows\System\BnoIdal.exe
  C:\Windows\System\BnoIdal.exe
  2⤵
  PID:5076
- C:\Windows\System\qbMWZlI.exe
  C:\Windows\System\qbMWZlI.exe
  2⤵
  PID:4564
- C:\Windows\System\PdtjanG.exe
  C:\Windows\System\PdtjanG.exe
  2⤵
  PID:5916
- C:\Windows\System\suXxAKs.exe
  C:\Windows\System\suXxAKs.exe
  2⤵
  PID:6040
- C:\Windows\System\lXAPHVt.exe
  C:\Windows\System\lXAPHVt.exe
  2⤵
  PID:5212
- C:\Windows\System\ytDuUZO.exe
  C:\Windows\System\ytDuUZO.exe
  2⤵
  PID:5936
- C:\Windows\System\mOumtuk.exe
  C:\Windows\System\mOumtuk.exe
  2⤵
  PID:5624
- C:\Windows\System\XXEFKFg.exe
  C:\Windows\System\XXEFKFg.exe
  2⤵
  PID:5852
- C:\Windows\System\rKimqBU.exe
  C:\Windows\System\rKimqBU.exe
  2⤵
  PID:6156
- C:\Windows\System\ENmagBl.exe
  C:\Windows\System\ENmagBl.exe
  2⤵
  PID:6172
- C:\Windows\System\tnJPcaN.exe
  C:\Windows\System\tnJPcaN.exe
  2⤵
  PID:6188
- C:\Windows\System\RQYBjhQ.exe
  C:\Windows\System\RQYBjhQ.exe
  2⤵
  PID:6204
- C:\Windows\System\UnMTpBX.exe
  C:\Windows\System\UnMTpBX.exe
  2⤵
  PID:6220
- C:\Windows\System\yghNFuo.exe
  C:\Windows\System\yghNFuo.exe
  2⤵
  PID:6236
- C:\Windows\System\aNVBUbp.exe
  C:\Windows\System\aNVBUbp.exe
  2⤵
  PID:6252
- C:\Windows\System\iRHHPop.exe
  C:\Windows\System\iRHHPop.exe
  2⤵
  PID:6268
- C:\Windows\System\nRmIOXD.exe
  C:\Windows\System\nRmIOXD.exe
  2⤵
  PID:6284
- C:\Windows\System\QlDrseH.exe
  C:\Windows\System\QlDrseH.exe
  2⤵
  PID:6300
- C:\Windows\System\TRnvZOT.exe
  C:\Windows\System\TRnvZOT.exe
  2⤵
  PID:6316
- C:\Windows\System\roUFqVq.exe
  C:\Windows\System\roUFqVq.exe
  2⤵
  PID:6332
- C:\Windows\System\DeIwIVe.exe
  C:\Windows\System\DeIwIVe.exe
  2⤵
  PID:6348
- C:\Windows\System\OaFHqga.exe
  C:\Windows\System\OaFHqga.exe
  2⤵
  PID:6364
- C:\Windows\System\vQNcKnx.exe
  C:\Windows\System\vQNcKnx.exe
  2⤵
  PID:6380
- C:\Windows\System\yoiYzSg.exe
  C:\Windows\System\yoiYzSg.exe
  2⤵
  PID:6396
- C:\Windows\System\eDcpDmz.exe
  C:\Windows\System\eDcpDmz.exe
  2⤵
  PID:6412
- C:\Windows\System\hyQUZwg.exe
  C:\Windows\System\hyQUZwg.exe
  2⤵
  PID:6428
- C:\Windows\System\QplKfFU.exe
  C:\Windows\System\QplKfFU.exe
  2⤵
  PID:6444
- C:\Windows\System\kjvTwtT.exe
  C:\Windows\System\kjvTwtT.exe
  2⤵
  PID:6460
- C:\Windows\System\ZQqpujO.exe
  C:\Windows\System\ZQqpujO.exe
  2⤵
  PID:6476
- C:\Windows\System\urXhPya.exe
  C:\Windows\System\urXhPya.exe
  2⤵
  PID:6492
- C:\Windows\System\hWxMVNL.exe
  C:\Windows\System\hWxMVNL.exe
  2⤵
  PID:6508
- C:\Windows\System\fOtFLEt.exe
  C:\Windows\System\fOtFLEt.exe
  2⤵
  PID:6524
- C:\Windows\System\rvFaVMA.exe
  C:\Windows\System\rvFaVMA.exe
  2⤵
  PID:6540
- C:\Windows\System\XxlzkfW.exe
  C:\Windows\System\XxlzkfW.exe
  2⤵
  PID:6556
- C:\Windows\System\Rqjfeso.exe
  C:\Windows\System\Rqjfeso.exe
  2⤵
  PID:6572
- C:\Windows\System\ySKBXKm.exe
  C:\Windows\System\ySKBXKm.exe
  2⤵
  PID:6588
- C:\Windows\System\oWESgOJ.exe
  C:\Windows\System\oWESgOJ.exe
  2⤵
  PID:6604
- C:\Windows\System\xVxbUHz.exe
  C:\Windows\System\xVxbUHz.exe
  2⤵
  PID:6620
- C:\Windows\System\bAOgbey.exe
  C:\Windows\System\bAOgbey.exe
  2⤵
  PID:6636
- C:\Windows\System\uxKULWU.exe
  C:\Windows\System\uxKULWU.exe
  2⤵
  PID:6652
- C:\Windows\System\hoAwauH.exe
  C:\Windows\System\hoAwauH.exe
  2⤵
  PID:6668
- C:\Windows\System\JbhAbJE.exe
  C:\Windows\System\JbhAbJE.exe
  2⤵
  PID:6684
- C:\Windows\System\fHUxUHI.exe
  C:\Windows\System\fHUxUHI.exe
  2⤵
  PID:6704
- C:\Windows\System\WoYAzwT.exe
  C:\Windows\System\WoYAzwT.exe
  2⤵
  PID:6720
- C:\Windows\System\QRmEBTT.exe
  C:\Windows\System\QRmEBTT.exe
  2⤵
  PID:6736
- C:\Windows\System\jyxemGf.exe
  C:\Windows\System\jyxemGf.exe
  2⤵
  PID:6752
- C:\Windows\System\QBLDWkY.exe
  C:\Windows\System\QBLDWkY.exe
  2⤵
  PID:6768
- C:\Windows\System\zqJCWyO.exe
  C:\Windows\System\zqJCWyO.exe
  2⤵
  PID:6784
- C:\Windows\System\xNIAJsv.exe
  C:\Windows\System\xNIAJsv.exe
  2⤵
  PID:6800
- C:\Windows\System\oYMEUvE.exe
  C:\Windows\System\oYMEUvE.exe
  2⤵
  PID:6816
- C:\Windows\System\MPBwbJu.exe
  C:\Windows\System\MPBwbJu.exe
  2⤵
  PID:6832
- C:\Windows\System\bngOjmv.exe
  C:\Windows\System\bngOjmv.exe
  2⤵
  PID:6848
- C:\Windows\System\QQieGOJ.exe
  C:\Windows\System\QQieGOJ.exe
  2⤵
  PID:6864
- C:\Windows\System\xjzexQR.exe
  C:\Windows\System\xjzexQR.exe
  2⤵
  PID:6880
- C:\Windows\System\EitsxNY.exe
  C:\Windows\System\EitsxNY.exe
  2⤵
  PID:6896
- C:\Windows\System\cSUzyNO.exe
  C:\Windows\System\cSUzyNO.exe
  2⤵
  PID:6912
- C:\Windows\System\okeDOVc.exe
  C:\Windows\System\okeDOVc.exe
  2⤵
  PID:6928
- C:\Windows\System\gCHQuBB.exe
  C:\Windows\System\gCHQuBB.exe
  2⤵
  PID:6944
- C:\Windows\System\KKKBbde.exe
  C:\Windows\System\KKKBbde.exe
  2⤵
  PID:6960
- C:\Windows\System\OJPcglW.exe
  C:\Windows\System\OJPcglW.exe
  2⤵
  PID:6976
- C:\Windows\System\ZYLTlrz.exe
  C:\Windows\System\ZYLTlrz.exe
  2⤵
  PID:6992
- C:\Windows\System\QBFrkFJ.exe
  C:\Windows\System\QBFrkFJ.exe
  2⤵
  PID:7008
- C:\Windows\System\OhNnpKF.exe
  C:\Windows\System\OhNnpKF.exe
  2⤵
  PID:7024
- C:\Windows\System\PiPSRnQ.exe
  C:\Windows\System\PiPSRnQ.exe
  2⤵
  PID:7040
- C:\Windows\System\zjgzmji.exe
  C:\Windows\System\zjgzmji.exe
  2⤵
  PID:7056
- C:\Windows\System\oMbrYll.exe
  C:\Windows\System\oMbrYll.exe
  2⤵
  PID:7072
- C:\Windows\System\Fxxxsjx.exe
  C:\Windows\System\Fxxxsjx.exe
  2⤵
  PID:7088
- C:\Windows\System\hQcDOVy.exe
  C:\Windows\System\hQcDOVy.exe
  2⤵
  PID:7104
- C:\Windows\System\zyHQXkm.exe
  C:\Windows\System\zyHQXkm.exe
  2⤵
  PID:7120
- C:\Windows\System\mOfnsaE.exe
  C:\Windows\System\mOfnsaE.exe
  2⤵
  PID:7136
- C:\Windows\System\DXkMoPE.exe
  C:\Windows\System\DXkMoPE.exe
  2⤵
  PID:7152
- C:\Windows\System\jIYGIJj.exe
  C:\Windows\System\jIYGIJj.exe
  2⤵
  PID:5868
- C:\Windows\System\FCRYpdB.exe
  C:\Windows\System\FCRYpdB.exe
  2⤵
  PID:5296
- C:\Windows\System\shdMpPG.exe
  C:\Windows\System\shdMpPG.exe
  2⤵
  PID:5608
- C:\Windows\System\bdoKBCT.exe
  C:\Windows\System\bdoKBCT.exe
  2⤵
  PID:6180
- C:\Windows\System\tCJfHis.exe
  C:\Windows\System\tCJfHis.exe
  2⤵
  PID:5348
- C:\Windows\System\MwCXvrl.exe
  C:\Windows\System\MwCXvrl.exe
  2⤵
  PID:6152
- C:\Windows\System\BFDkPQM.exe
  C:\Windows\System\BFDkPQM.exe
  2⤵
  PID:6264
- C:\Windows\System\kSUoznI.exe
  C:\Windows\System\kSUoznI.exe
  2⤵
  PID:6328
- C:\Windows\System\UKVvKjn.exe
  C:\Windows\System\UKVvKjn.exe
  2⤵
  PID:6356
- C:\Windows\System\TVNEaBR.exe
  C:\Windows\System\TVNEaBR.exe
  2⤵
  PID:6340
- C:\Windows\System\JBaVhmT.exe
  C:\Windows\System\JBaVhmT.exe
  2⤵
  PID:6376
- C:\Windows\System\pHpJMdu.exe
  C:\Windows\System\pHpJMdu.exe
  2⤵
  PID:6408
- C:\Windows\System\yBVzxTk.exe
  C:\Windows\System\yBVzxTk.exe
  2⤵
  PID:6456
- C:\Windows\System\ouREGog.exe
  C:\Windows\System\ouREGog.exe
  2⤵
  PID:6516
- C:\Windows\System\EEwBSZS.exe
  C:\Windows\System\EEwBSZS.exe
  2⤵
  PID:6580
- C:\Windows\System\QiBgEOT.exe
  C:\Windows\System\QiBgEOT.exe
  2⤵
  PID:6644
- C:\Windows\System\KDcIflo.exe
  C:\Windows\System\KDcIflo.exe
  2⤵
  PID:6596
- C:\Windows\System\BLGneuq.exe
  C:\Windows\System\BLGneuq.exe
  2⤵
  PID:6536
- C:\Windows\System\jhmjWBY.exe
  C:\Windows\System\jhmjWBY.exe
  2⤵
  PID:6632
- C:\Windows\System\uaWNHaP.exe
  C:\Windows\System\uaWNHaP.exe
  2⤵
  PID:6712
- C:\Windows\System\DFNeWyy.exe
  C:\Windows\System\DFNeWyy.exe
  2⤵
  PID:6776
- C:\Windows\System\DUVZlhX.exe
  C:\Windows\System\DUVZlhX.exe
  2⤵
  PID:6840
- C:\Windows\System\GyoMgIM.exe
  C:\Windows\System\GyoMgIM.exe
  2⤵
  PID:6732
- C:\Windows\System\VqxPlIy.exe
  C:\Windows\System\VqxPlIy.exe
  2⤵
  PID:6664
- C:\Windows\System\VfdlivY.exe
  C:\Windows\System\VfdlivY.exe
  2⤵
  PID:6792
- C:\Windows\System\llaCTof.exe
  C:\Windows\System\llaCTof.exe
  2⤵
  PID:6856
- C:\Windows\System\MXIVjBz.exe
  C:\Windows\System\MXIVjBz.exe
  2⤵
  PID:6936
- C:\Windows\System\jlcqOsF.exe
  C:\Windows\System\jlcqOsF.exe
  2⤵
  PID:7000
- C:\Windows\System\doJEIZs.exe
  C:\Windows\System\doJEIZs.exe
  2⤵
  PID:7036
- C:\Windows\System\KERNSgZ.exe
  C:\Windows\System\KERNSgZ.exe
  2⤵
  PID:6924
- C:\Windows\System\hxCZunf.exe
  C:\Windows\System\hxCZunf.exe
  2⤵
  PID:7064
- C:\Windows\System\bqEOaer.exe
  C:\Windows\System\bqEOaer.exe
  2⤵
  PID:7020
- C:\Windows\System\qIXuyVC.exe
  C:\Windows\System\qIXuyVC.exe
  2⤵
  PID:7096
- C:\Windows\System\tpilBXI.exe
  C:\Windows\System\tpilBXI.exe
  2⤵
  PID:7160
- C:\Windows\System\HvVofgM.exe
  C:\Windows\System\HvVofgM.exe
  2⤵
  PID:7116
- C:\Windows\System\DFVmAFL.exe
  C:\Windows\System\DFVmAFL.exe
  2⤵
  PID:7148
- C:\Windows\System\xbFrMzw.exe
  C:\Windows\System\xbFrMzw.exe
  2⤵
  PID:4936
- C:\Windows\System\TDoAzkL.exe
  C:\Windows\System\TDoAzkL.exe
  2⤵
  PID:6276
- C:\Windows\System\hnGQcyg.exe
  C:\Windows\System\hnGQcyg.exe
  2⤵
  PID:6452
- C:\Windows\System\cqdsUxD.exe
  C:\Windows\System\cqdsUxD.exe
  2⤵
  PID:6552
- C:\Windows\System\ZhGQpvJ.exe
  C:\Windows\System\ZhGQpvJ.exe
  2⤵
  PID:6628
- C:\Windows\System\hoJRSlA.exe
  C:\Windows\System\hoJRSlA.exe
  2⤵
  PID:6748
- C:\Windows\System\ExoKyRI.exe
  C:\Windows\System\ExoKyRI.exe
  2⤵
  PID:6148
- C:\Windows\System\qLbyxUn.exe
  C:\Windows\System\qLbyxUn.exe
  2⤵
  PID:6404
- C:\Windows\System\gHohgVc.exe
  C:\Windows\System\gHohgVc.exe
  2⤵
  PID:6808
- C:\Windows\System\yPxzjia.exe
  C:\Windows\System\yPxzjia.exe
  2⤵
  PID:6504
- C:\Windows\System\rvEJWVP.exe
  C:\Windows\System\rvEJWVP.exe
  2⤵
  PID:6696
- C:\Windows\System\FeaVwnH.exe
  C:\Windows\System\FeaVwnH.exe
  2⤵
  PID:6876
- C:\Windows\System\cwfoPjz.exe
  C:\Windows\System\cwfoPjz.exe
  2⤵
  PID:6764
- C:\Windows\System\xQfsgJj.exe
  C:\Windows\System\xQfsgJj.exe
  2⤵
  PID:6920
- C:\Windows\System\AssQmHg.exe
  C:\Windows\System\AssQmHg.exe
  2⤵
  PID:7112
- C:\Windows\System\OnGXana.exe
  C:\Windows\System\OnGXana.exe
  2⤵
  PID:6388
- C:\Windows\System\AQhrugO.exe
  C:\Windows\System\AQhrugO.exe
  2⤵
  PID:7128
- C:\Windows\System\vifkxvS.exe
  C:\Windows\System\vifkxvS.exe
  2⤵
  PID:6548
- C:\Windows\System\itsVVZH.exe
  C:\Windows\System\itsVVZH.exe
  2⤵
  PID:6312
- C:\Windows\System\PIzMjWm.exe
  C:\Windows\System\PIzMjWm.exe
  2⤵
  PID:6324
- C:\Windows\System\RMTaCfX.exe
  C:\Windows\System\RMTaCfX.exe
  2⤵
  PID:6952
- C:\Windows\System\WAivJbX.exe
  C:\Windows\System\WAivJbX.exe
  2⤵
  PID:6500
- C:\Windows\System\BbmIJaL.exe
  C:\Windows\System\BbmIJaL.exe
  2⤵
  PID:6660
- C:\Windows\System\ICbBprU.exe
  C:\Windows\System\ICbBprU.exe
  2⤵
  PID:7068
- C:\Windows\System\lRxwtgb.exe
  C:\Windows\System\lRxwtgb.exe
  2⤵
  PID:6212
- C:\Windows\System\jgCVFbe.exe
  C:\Windows\System\jgCVFbe.exe
  2⤵
  PID:7184
- C:\Windows\System\LclaEVV.exe
  C:\Windows\System\LclaEVV.exe
  2⤵
  PID:7200
- C:\Windows\System\qeWpgpi.exe
  C:\Windows\System\qeWpgpi.exe
  2⤵
  PID:7216
- C:\Windows\System\IKPsZjP.exe
  C:\Windows\System\IKPsZjP.exe
  2⤵
  PID:7232
- C:\Windows\System\cPSfYHG.exe
  C:\Windows\System\cPSfYHG.exe
  2⤵
  PID:7248
- C:\Windows\System\kUndvNl.exe
  C:\Windows\System\kUndvNl.exe
  2⤵
  PID:7264
- C:\Windows\System\yfIypuC.exe
  C:\Windows\System\yfIypuC.exe
  2⤵
  PID:7280
- C:\Windows\System\EbamIgm.exe
  C:\Windows\System\EbamIgm.exe
  2⤵
  PID:7296
- C:\Windows\System\uLEahKp.exe
  C:\Windows\System\uLEahKp.exe
  2⤵
  PID:7312
- C:\Windows\System\ZWwxtVB.exe
  C:\Windows\System\ZWwxtVB.exe
  2⤵
  PID:7332
- C:\Windows\System\sekTMAK.exe
  C:\Windows\System\sekTMAK.exe
  2⤵
  PID:7348
- C:\Windows\System\ktVVtFm.exe
  C:\Windows\System\ktVVtFm.exe
  2⤵
  PID:7364
- C:\Windows\System\fmfuJxI.exe
  C:\Windows\System\fmfuJxI.exe
  2⤵
  PID:7380
- C:\Windows\System\cLmzijQ.exe
  C:\Windows\System\cLmzijQ.exe
  2⤵
  PID:7396
- C:\Windows\System\TyIEPrh.exe
  C:\Windows\System\TyIEPrh.exe
  2⤵
  PID:7412
- C:\Windows\System\gwfQQev.exe
  C:\Windows\System\gwfQQev.exe
  2⤵
  PID:7432
- C:\Windows\System\woyHeQk.exe
  C:\Windows\System\woyHeQk.exe
  2⤵
  PID:7448
- C:\Windows\System\eJaVlpd.exe
  C:\Windows\System\eJaVlpd.exe
  2⤵
  PID:7464
- C:\Windows\System\cAGJgeW.exe
  C:\Windows\System\cAGJgeW.exe
  2⤵
  PID:7480
- C:\Windows\System\ijsVmen.exe
  C:\Windows\System\ijsVmen.exe
  2⤵
  PID:7496
- C:\Windows\System\wPJPXkE.exe
  C:\Windows\System\wPJPXkE.exe
  2⤵
  PID:7512
- C:\Windows\System\JehEQvZ.exe
  C:\Windows\System\JehEQvZ.exe
  2⤵
  PID:7528
- C:\Windows\System\hkZOFMn.exe
  C:\Windows\System\hkZOFMn.exe
  2⤵
  PID:7544
- C:\Windows\System\BVgBosf.exe
  C:\Windows\System\BVgBosf.exe
  2⤵
  PID:7560
- C:\Windows\System\kvJCZAT.exe
  C:\Windows\System\kvJCZAT.exe
  2⤵
  PID:7576
- C:\Windows\System\eOfBowq.exe
  C:\Windows\System\eOfBowq.exe
  2⤵
  PID:7592
- C:\Windows\System\HJVVOci.exe
  C:\Windows\System\HJVVOci.exe
  2⤵
  PID:7608
- C:\Windows\System\RpITzIs.exe
  C:\Windows\System\RpITzIs.exe
  2⤵
  PID:7624
- C:\Windows\System\ZsdjAXO.exe
  C:\Windows\System\ZsdjAXO.exe
  2⤵
  PID:7640
- C:\Windows\System\JfqukIL.exe
  C:\Windows\System\JfqukIL.exe
  2⤵
  PID:7656
- C:\Windows\System\XcnyJnu.exe
  C:\Windows\System\XcnyJnu.exe
  2⤵
  PID:7672
- C:\Windows\System\CstHaFY.exe
  C:\Windows\System\CstHaFY.exe
  2⤵
  PID:7688
- C:\Windows\System\URPsqbY.exe
  C:\Windows\System\URPsqbY.exe
  2⤵
  PID:7708
- C:\Windows\System\HxNNLeO.exe
  C:\Windows\System\HxNNLeO.exe
  2⤵
  PID:7724
- C:\Windows\System\qjqDHuW.exe
  C:\Windows\System\qjqDHuW.exe
  2⤵
  PID:7740
- C:\Windows\System\gknRdnT.exe
  C:\Windows\System\gknRdnT.exe
  2⤵
  PID:7760
- C:\Windows\System\TuiXLjq.exe
  C:\Windows\System\TuiXLjq.exe
  2⤵
  PID:7776
- C:\Windows\System\UZyccvS.exe
  C:\Windows\System\UZyccvS.exe
  2⤵
  PID:7792
- C:\Windows\System\UsdlnNy.exe
  C:\Windows\System\UsdlnNy.exe
  2⤵
  PID:7808
- C:\Windows\System\YFvYJHP.exe
  C:\Windows\System\YFvYJHP.exe
  2⤵
  PID:7824
- C:\Windows\System\VEDHaBk.exe
  C:\Windows\System\VEDHaBk.exe
  2⤵
  PID:7840
- C:\Windows\System\LxlXFwY.exe
  C:\Windows\System\LxlXFwY.exe
  2⤵
  PID:7860
- C:\Windows\System\mFrELun.exe
  C:\Windows\System\mFrELun.exe
  2⤵
  PID:7896
- C:\Windows\System\jHlBPGr.exe
  C:\Windows\System\jHlBPGr.exe
  2⤵
  PID:7912
- C:\Windows\System\GzbzPBR.exe
  C:\Windows\System\GzbzPBR.exe
  2⤵
  PID:7932
- C:\Windows\System\vhsEkUn.exe
  C:\Windows\System\vhsEkUn.exe
  2⤵
  PID:7964
- C:\Windows\System\ZUkyhxE.exe
  C:\Windows\System\ZUkyhxE.exe
  2⤵
  PID:7980
- C:\Windows\System\gVXUeoG.exe
  C:\Windows\System\gVXUeoG.exe
  2⤵
  PID:7996
- C:\Windows\System\QZEUlOl.exe
  C:\Windows\System\QZEUlOl.exe
  2⤵
  PID:8012
- C:\Windows\System\KTPWfJM.exe
  C:\Windows\System\KTPWfJM.exe
  2⤵
  PID:8028
- C:\Windows\System\xUTVQhU.exe
  C:\Windows\System\xUTVQhU.exe
  2⤵
  PID:8044
- C:\Windows\System\VuQLDcZ.exe
  C:\Windows\System\VuQLDcZ.exe
  2⤵
  PID:8060
- C:\Windows\System\DwyKldN.exe
  C:\Windows\System\DwyKldN.exe
  2⤵
  PID:8076
- C:\Windows\System\aZxfPxh.exe
  C:\Windows\System\aZxfPxh.exe
  2⤵
  PID:8096
- C:\Windows\System\AlEyEnG.exe
  C:\Windows\System\AlEyEnG.exe
  2⤵
  PID:8120
- C:\Windows\System\FegitlV.exe
  C:\Windows\System\FegitlV.exe
  2⤵
  PID:8136
- C:\Windows\System\bCSUdpD.exe
  C:\Windows\System\bCSUdpD.exe
  2⤵
  PID:8156
- C:\Windows\System\BGippPo.exe
  C:\Windows\System\BGippPo.exe
  2⤵
  PID:8172
- C:\Windows\System\vWhsWmV.exe
  C:\Windows\System\vWhsWmV.exe
  2⤵
  PID:6104
- C:\Windows\System\HqcyPqi.exe
  C:\Windows\System\HqcyPqi.exe
  2⤵
  PID:6968
- C:\Windows\System\DKSNYVo.exe
  C:\Windows\System\DKSNYVo.exe
  2⤵
  PID:7224
- C:\Windows\System\VQtNmrr.exe
  C:\Windows\System\VQtNmrr.exe
  2⤵
  PID:7288
- C:\Windows\System\VDouBAP.exe
  C:\Windows\System\VDouBAP.exe
  2⤵
  PID:6744
- C:\Windows\System\IkntyIa.exe
  C:\Windows\System\IkntyIa.exe
  2⤵
  PID:7176
- C:\Windows\System\GQCqven.exe
  C:\Windows\System\GQCqven.exe
  2⤵
  PID:6372
- C:\Windows\System\Syyiafi.exe
  C:\Windows\System\Syyiafi.exe
  2⤵
  PID:7272
- C:\Windows\System\tgQORAH.exe
  C:\Windows\System\tgQORAH.exe
  2⤵
  PID:7180
- C:\Windows\System\ngXUJhX.exe
  C:\Windows\System\ngXUJhX.exe
  2⤵
  PID:7404
- C:\Windows\System\ohpkqID.exe
  C:\Windows\System\ohpkqID.exe
  2⤵
  PID:7456
- C:\Windows\System\KeqPqJf.exe
  C:\Windows\System\KeqPqJf.exe
  2⤵
  PID:7492
- C:\Windows\System\xfHYsPp.exe
  C:\Windows\System\xfHYsPp.exe
  2⤵
  PID:7552
- C:\Windows\System\KqnnnOC.exe
  C:\Windows\System\KqnnnOC.exe
  2⤵
  PID:7648
- C:\Windows\System\LFLBpdn.exe
  C:\Windows\System\LFLBpdn.exe
  2⤵
  PID:7508
- C:\Windows\System\DMejqBG.exe
  C:\Windows\System\DMejqBG.exe
  2⤵
  PID:7604
- C:\Windows\System\ERwFSae.exe
  C:\Windows\System\ERwFSae.exe
  2⤵
  PID:7684
- C:\Windows\System\NwPMrJE.exe
  C:\Windows\System\NwPMrJE.exe
  2⤵
  PID:7784
- C:\Windows\System\hEelAIs.exe
  C:\Windows\System\hEelAIs.exe
  2⤵
  PID:7700
- C:\Windows\System\vZmcxoc.exe
  C:\Windows\System\vZmcxoc.exe
  2⤵
  PID:7848
- C:\Windows\System\jGKJtDY.exe
  C:\Windows\System\jGKJtDY.exe
  2⤵
  PID:7804
- C:\Windows\System\aacBpJF.exe
  C:\Windows\System\aacBpJF.exe
  2⤵
  PID:7868
- C:\Windows\System\LtDhqxe.exe
  C:\Windows\System\LtDhqxe.exe
  2⤵
  PID:7940
- C:\Windows\System\iUOrIsY.exe
  C:\Windows\System\iUOrIsY.exe
  2⤵
  PID:7928
- C:\Windows\System\UczxoPI.exe
  C:\Windows\System\UczxoPI.exe
  2⤵
  PID:7956
- C:\Windows\System\ggaEQmP.exe
  C:\Windows\System\ggaEQmP.exe
  2⤵
  PID:8024
- C:\Windows\System\EkfYcwa.exe
  C:\Windows\System\EkfYcwa.exe
  2⤵
  PID:7976
- C:\Windows\System\tCvtsdx.exe
  C:\Windows\System\tCvtsdx.exe
  2⤵
  PID:8040
- C:\Windows\System\JDLAvCz.exe
  C:\Windows\System\JDLAvCz.exe
  2⤵
  PID:8128
- C:\Windows\System\JEqIobH.exe
  C:\Windows\System\JEqIobH.exe
  2⤵
  PID:6892
- C:\Windows\System\QJYVqQt.exe
  C:\Windows\System\QJYVqQt.exe
  2⤵
  PID:7260
- C:\Windows\System\IrAQXsX.exe
  C:\Windows\System\IrAQXsX.exe
  2⤵
  PID:7356
- C:\Windows\System\VfNMIdc.exe
  C:\Windows\System\VfNMIdc.exe
  2⤵
  PID:4352
- C:\Windows\System\uHsLXMb.exe
  C:\Windows\System\uHsLXMb.exe
  2⤵
  PID:7488
- C:\Windows\System\qIPaEVJ.exe
  C:\Windows\System\qIPaEVJ.exe
  2⤵
  PID:7540
- C:\Windows\System\oepaqrw.exe
  C:\Windows\System\oepaqrw.exe
  2⤵
  PID:7756
- C:\Windows\System\MTdxeYY.exe
  C:\Windows\System\MTdxeYY.exe
  2⤵
  PID:7428
- C:\Windows\System\LWcaNum.exe
  C:\Windows\System\LWcaNum.exe
  2⤵
  PID:7920
- C:\Windows\System\ZVIzrbp.exe
  C:\Windows\System\ZVIzrbp.exe
  2⤵
  PID:8132
- C:\Windows\System\mlTePLC.exe
  C:\Windows\System\mlTePLC.exe
  2⤵
  PID:7472
- C:\Windows\System\wLnwFvs.exe
  C:\Windows\System\wLnwFvs.exe
  2⤵
  PID:7620
- C:\Windows\System\rJUBaoR.exe
  C:\Windows\System\rJUBaoR.exe
  2⤵
  PID:8004
- C:\Windows\System\yUUjMhX.exe
  C:\Windows\System\yUUjMhX.exe
  2⤵
  PID:7836
- C:\Windows\System\cGfLejP.exe
  C:\Windows\System\cGfLejP.exe
  2⤵
  PID:8208
- C:\Windows\System\OIDSiER.exe
  C:\Windows\System\OIDSiER.exe
  2⤵
  PID:8228
- C:\Windows\System\NmYekUA.exe
  C:\Windows\System\NmYekUA.exe
  2⤵
  PID:8252
- C:\Windows\System\CHdimfj.exe
  C:\Windows\System\CHdimfj.exe
  2⤵
  PID:8272
- C:\Windows\System\vbnseBt.exe
  C:\Windows\System\vbnseBt.exe
  2⤵
  PID:8292
- C:\Windows\System\HvhUTIC.exe
  C:\Windows\System\HvhUTIC.exe
  2⤵
  PID:8312
- C:\Windows\System\SzKvoPJ.exe
  C:\Windows\System\SzKvoPJ.exe
  2⤵
  PID:8336
- C:\Windows\System\sLovPHX.exe
  C:\Windows\System\sLovPHX.exe
  2⤵
  PID:8360
- C:\Windows\System\hvcZDbM.exe
  C:\Windows\System\hvcZDbM.exe
  2⤵
  PID:8384
- C:\Windows\System\ZiLIhpS.exe
  C:\Windows\System\ZiLIhpS.exe
  2⤵
  PID:8404
- C:\Windows\System\mTTfBfn.exe
  C:\Windows\System\mTTfBfn.exe
  2⤵
  PID:8420
- C:\Windows\System\JVHgQDD.exe
  C:\Windows\System\JVHgQDD.exe
  2⤵
  PID:8444
- C:\Windows\System\KEwAffi.exe
  C:\Windows\System\KEwAffi.exe
  2⤵
  PID:8464
- C:\Windows\System\EmzsdYT.exe
  C:\Windows\System\EmzsdYT.exe
  2⤵
  PID:8480
- C:\Windows\System\bxXbPfu.exe
  C:\Windows\System\bxXbPfu.exe
  2⤵
  PID:8496
- C:\Windows\System\WWyudrj.exe
  C:\Windows\System\WWyudrj.exe
  2⤵
  PID:8512
- C:\Windows\System\khRmZoM.exe
  C:\Windows\System\khRmZoM.exe
  2⤵
  PID:8528
- C:\Windows\System\LYtHhWv.exe
  C:\Windows\System\LYtHhWv.exe
  2⤵
  PID:8544
- C:\Windows\System\SfaABml.exe
  C:\Windows\System\SfaABml.exe
  2⤵
  PID:8768
- C:\Windows\System\nZujDuK.exe
  C:\Windows\System\nZujDuK.exe
  2⤵
  PID:8784
- C:\Windows\System\BDueEvC.exe
  C:\Windows\System\BDueEvC.exe
  2⤵
  PID:8804
- C:\Windows\System\OHHAjPX.exe
  C:\Windows\System\OHHAjPX.exe
  2⤵
  PID:8820
- C:\Windows\System\bAchnPa.exe
  C:\Windows\System\bAchnPa.exe
  2⤵
  PID:8836
- C:\Windows\System\IgABWqV.exe
  C:\Windows\System\IgABWqV.exe
  2⤵
  PID:8852
- C:\Windows\System\cYwddkO.exe
  C:\Windows\System\cYwddkO.exe
  2⤵
  PID:8868
- C:\Windows\System\elWVZdn.exe
  C:\Windows\System\elWVZdn.exe
  2⤵
  PID:8884
- C:\Windows\System\PSoiftb.exe
  C:\Windows\System\PSoiftb.exe
  2⤵
  PID:8900
- C:\Windows\System\RTdzaPP.exe
  C:\Windows\System\RTdzaPP.exe
  2⤵
  PID:8916
- C:\Windows\System\VBocswQ.exe
  C:\Windows\System\VBocswQ.exe
  2⤵
  PID:8936
- C:\Windows\System\rtBjnTt.exe
  C:\Windows\System\rtBjnTt.exe
  2⤵
  PID:8952
- C:\Windows\System\WXGxUxS.exe
  C:\Windows\System\WXGxUxS.exe
  2⤵
  PID:8968
- C:\Windows\System\Bkrjfop.exe
  C:\Windows\System\Bkrjfop.exe
  2⤵
  PID:8984
- C:\Windows\System\QqJYrJi.exe
  C:\Windows\System\QqJYrJi.exe
  2⤵
  PID:9004
- C:\Windows\System\qbMLugN.exe
  C:\Windows\System\qbMLugN.exe
  2⤵
  PID:9020
- C:\Windows\System\XAVdmtk.exe
  C:\Windows\System\XAVdmtk.exe
  2⤵
  PID:9040
- C:\Windows\System\QKuUupk.exe
  C:\Windows\System\QKuUupk.exe
  2⤵
  PID:9056
- C:\Windows\System\NubLxXe.exe
  C:\Windows\System\NubLxXe.exe
  2⤵
  PID:9072
- C:\Windows\System\LnNnIEE.exe
  C:\Windows\System\LnNnIEE.exe
  2⤵
  PID:9088
- C:\Windows\System\LoDJkQP.exe
  C:\Windows\System\LoDJkQP.exe
  2⤵
  PID:9104
- C:\Windows\System\cGgmxGD.exe
  C:\Windows\System\cGgmxGD.exe
  2⤵
  PID:9120
- C:\Windows\System\lsSOdGW.exe
  C:\Windows\System\lsSOdGW.exe
  2⤵
  PID:9140
- C:\Windows\System\oWybLuI.exe
  C:\Windows\System\oWybLuI.exe
  2⤵
  PID:9156
- C:\Windows\System\KPuaXpI.exe
  C:\Windows\System\KPuaXpI.exe
  2⤵
  PID:9172
- C:\Windows\System\BhVYcuy.exe
  C:\Windows\System\BhVYcuy.exe
  2⤵
  PID:9192
- C:\Windows\System\PrMSdts.exe
  C:\Windows\System\PrMSdts.exe
  2⤵
  PID:7720
- C:\Windows\System\jCosKVc.exe
  C:\Windows\System\jCosKVc.exe
  2⤵
  PID:8236
- C:\Windows\System\fNXhBcv.exe
  C:\Windows\System\fNXhBcv.exe
  2⤵
  PID:8280
- C:\Windows\System\ueffAQh.exe
  C:\Windows\System\ueffAQh.exe
  2⤵
  PID:8372
- C:\Windows\System\xZSCFJX.exe
  C:\Windows\System\xZSCFJX.exe
  2⤵
  PID:8416
- C:\Windows\System\GKyowSU.exe
  C:\Windows\System\GKyowSU.exe
  2⤵
  PID:8152
- C:\Windows\System\FmsCUyt.exe
  C:\Windows\System\FmsCUyt.exe
  2⤵
  PID:8184
- C:\Windows\System\oJAFQYV.exe
  C:\Windows\System\oJAFQYV.exe
  2⤵
  PID:7344
- C:\Windows\System\StHYmlp.exe
  C:\Windows\System\StHYmlp.exe
  2⤵
  PID:7440
- C:\Windows\System\yLdFbCR.exe
  C:\Windows\System\yLdFbCR.exe
  2⤵
  PID:7680
- C:\Windows\System\tmfcDfn.exe
  C:\Windows\System\tmfcDfn.exe
  2⤵
  PID:8536
- C:\Windows\System\YdiWkOA.exe
  C:\Windows\System\YdiWkOA.exe
  2⤵
  PID:8056
- C:\Windows\System\LTtiubs.exe
  C:\Windows\System\LTtiubs.exe
  2⤵
  PID:8092
- C:\Windows\System\icMojjZ.exe
  C:\Windows\System\icMojjZ.exe
  2⤵
  PID:7800
- C:\Windows\System\DUQVVbW.exe
  C:\Windows\System\DUQVVbW.exe
  2⤵
  PID:8260
- C:\Windows\System\ljpNNkQ.exe
  C:\Windows\System\ljpNNkQ.exe
  2⤵
  PID:7196
- C:\Windows\System\CvaxKDZ.exe
  C:\Windows\System\CvaxKDZ.exe
  2⤵
  PID:7388
- C:\Windows\System\mNNMklv.exe
  C:\Windows\System\mNNMklv.exe
  2⤵
  PID:7524
- C:\Windows\System\vGkzLzf.exe
  C:\Windows\System\vGkzLzf.exe
  2⤵
  PID:7668
- C:\Windows\System\yDxYJCt.exe
  C:\Windows\System\yDxYJCt.exe
  2⤵
  PID:8020
- C:\Windows\System\PCYKlLJ.exe
  C:\Windows\System\PCYKlLJ.exe
  2⤵
  PID:7052
- C:\Windows\System\OcfEbKI.exe
  C:\Windows\System\OcfEbKI.exe
  2⤵
  PID:8224
- C:\Windows\System\KJNbImj.exe
  C:\Windows\System\KJNbImj.exe
  2⤵
  PID:8556
- C:\Windows\System\ylgIUZp.exe
  C:\Windows\System\ylgIUZp.exe
  2⤵
  PID:8584
- C:\Windows\System\IpOThtG.exe
  C:\Windows\System\IpOThtG.exe
  2⤵
  PID:8604
- C:\Windows\System\MQPUFWD.exe
  C:\Windows\System\MQPUFWD.exe
  2⤵
  PID:8520
- C:\Windows\System\DHuftwk.exe
  C:\Windows\System\DHuftwk.exe
  2⤵
  PID:8264
- C:\Windows\System\DUzJCsQ.exe
  C:\Windows\System\DUzJCsQ.exe
  2⤵
  PID:8348
- C:\Windows\System\PsYWYPr.exe
  C:\Windows\System\PsYWYPr.exe
  2⤵
  PID:8432
- C:\Windows\System\uhUXTvf.exe
  C:\Windows\System\uhUXTvf.exe
  2⤵
  PID:8976
- C:\Windows\System\QfaFyoZ.exe
  C:\Windows\System\QfaFyoZ.exe
  2⤵
  PID:9188
- C:\Windows\System\QYPAxxK.exe
  C:\Windows\System\QYPAxxK.exe
  2⤵
  PID:8320
- C:\Windows\System\kJvdWrn.exe
  C:\Windows\System\kJvdWrn.exe
  2⤵
  PID:9012
- C:\Windows\System\XBZwfko.exe
  C:\Windows\System\XBZwfko.exe
  2⤵
  PID:9116
- C:\Windows\System\vsJwdJU.exe
  C:\Windows\System\vsJwdJU.exe
  2⤵
  PID:9016
- C:\Windows\System\SUhUgvC.exe
  C:\Windows\System\SUhUgvC.exe
  2⤵
  PID:8944
- C:\Windows\System\ubidgzN.exe
  C:\Windows\System\ubidgzN.exe
  2⤵
  PID:8880
- C:\Windows\System\OLzCWvn.exe
  C:\Windows\System\OLzCWvn.exe
  2⤵
  PID:8780
- C:\Windows\System\ZqgaCno.exe
  C:\Windows\System\ZqgaCno.exe
  2⤵
  PID:8144
- C:\Windows\System\SPSndNX.exe
  C:\Windows\System\SPSndNX.exe
  2⤵
  PID:7636
- C:\Windows\System\ytgOqqQ.exe
  C:\Windows\System\ytgOqqQ.exe
  2⤵
  PID:7748
- C:\Windows\System\YSVwERq.exe
  C:\Windows\System\YSVwERq.exe
  2⤵
  PID:8540
- C:\Windows\System\QUmhXfW.exe
  C:\Windows\System\QUmhXfW.exe
  2⤵
  PID:8440
- C:\Windows\System\TWlCLyr.exe
  C:\Windows\System\TWlCLyr.exe
  2⤵
  PID:7256
- C:\Windows\System\yTvVxTS.exe
  C:\Windows\System\yTvVxTS.exe
  2⤵
  PID:8576
- C:\Windows\System\RILSTMe.exe
  C:\Windows\System\RILSTMe.exe
  2⤵
  PID:7520
- C:\Windows\System\xnKyuOL.exe
  C:\Windows\System\xnKyuOL.exe
  2⤵
  PID:8580
- C:\Windows\System\SNlHLzR.exe
  C:\Windows\System\SNlHLzR.exe
  2⤵
  PID:8632
- C:\Windows\System\mhVgNjG.exe
  C:\Windows\System\mhVgNjG.exe
  2⤵
  PID:8648
- C:\Windows\System\ElcPzPG.exe
  C:\Windows\System\ElcPzPG.exe
  2⤵
  PID:8668
- C:\Windows\System\jPzgKXq.exe
  C:\Windows\System\jPzgKXq.exe
  2⤵
  PID:8684
- C:\Windows\System\srOffSu.exe
  C:\Windows\System\srOffSu.exe
  2⤵
  PID:8700
- C:\Windows\System\BxsoYNc.exe
  C:\Windows\System\BxsoYNc.exe
  2⤵
  PID:8716
- C:\Windows\System\YznAnfw.exe
  C:\Windows\System\YznAnfw.exe
  2⤵
  PID:8600
- C:\Windows\System\HRaKLJM.exe
  C:\Windows\System\HRaKLJM.exe
  2⤵
  PID:8756
- C:\Windows\System\oxUmYaO.exe
  C:\Windows\System\oxUmYaO.exe
  2⤵
  PID:8744
- C:\Windows\System\hpNtIgP.exe
  C:\Windows\System\hpNtIgP.exe
  2⤵
  PID:8560
- C:\Windows\System\uzFMQnU.exe
  C:\Windows\System\uzFMQnU.exe
  2⤵
  PID:8664
- C:\Windows\System\SkqUwKh.exe
  C:\Windows\System\SkqUwKh.exe
  2⤵
  PID:8832
- C:\Windows\System\cRYoSWu.exe
  C:\Windows\System\cRYoSWu.exe
  2⤵
  PID:8896
- C:\Windows\System\yPeuSkv.exe
  C:\Windows\System\yPeuSkv.exe
  2⤵
  PID:8960
- C:\Windows\System\uzQXbwM.exe
  C:\Windows\System\uzQXbwM.exe
  2⤵
  PID:9000
- C:\Windows\System\tGkKKWi.exe
  C:\Windows\System\tGkKKWi.exe
  2⤵
  PID:9064
- C:\Windows\System\qbCizYd.exe
  C:\Windows\System\qbCizYd.exe
  2⤵
  PID:9128
- C:\Windows\System\RHcfmNk.exe
  C:\Windows\System\RHcfmNk.exe
  2⤵
  PID:9168
- C:\Windows\System\ALpfNXG.exe
  C:\Windows\System\ALpfNXG.exe
  2⤵
  PID:9204
- C:\Windows\System\vWRwVqn.exe
  C:\Windows\System\vWRwVqn.exe
  2⤵
  PID:8412
- C:\Windows\System\BQRQWyn.exe
  C:\Windows\System\BQRQWyn.exe
  2⤵
  PID:8552
- C:\Windows\System\jfVXXQw.exe
  C:\Windows\System\jfVXXQw.exe
  2⤵
  PID:7856
- C:\Windows\System\wVwyDJc.exe
  C:\Windows\System\wVwyDJc.exe
  2⤵
  PID:7616
- C:\Windows\System\IyTQuuU.exe
  C:\Windows\System\IyTQuuU.exe
  2⤵
  PID:8116
- C:\Windows\System\OwMYblX.exe
  C:\Windows\System\OwMYblX.exe
  2⤵
  PID:9148
- C:\Windows\System\evMesuX.exe
  C:\Windows\System\evMesuX.exe
  2⤵
  PID:8344
- C:\Windows\System\KCqvPwn.exe
  C:\Windows\System\KCqvPwn.exe
  2⤵
  PID:8288
- C:\Windows\System\cdMDGQq.exe
  C:\Windows\System\cdMDGQq.exe
  2⤵
  PID:7816
- C:\Windows\System\DWgMKtc.exe
  C:\Windows\System\DWgMKtc.exe
  2⤵
  PID:8356
- C:\Windows\System\FvgKKMh.exe
  C:\Windows\System\FvgKKMh.exe
  2⤵
  PID:8368
- C:\Windows\System\hRueXWH.exe
  C:\Windows\System\hRueXWH.exe
  2⤵
  PID:8848
- C:\Windows\System\zLMHSsQ.exe
  C:\Windows\System\zLMHSsQ.exe
  2⤵
  PID:7408
- C:\Windows\System\QsbjAVh.exe
  C:\Windows\System\QsbjAVh.exe
  2⤵
  PID:7952
- C:\Windows\System\TtIJkSB.exe
  C:\Windows\System\TtIJkSB.exe
  2⤵
  PID:1584
- C:\Windows\System\OBQMAXV.exe
  C:\Windows\System\OBQMAXV.exe
  2⤵
  PID:8640
- C:\Windows\System\JceTbdB.exe
  C:\Windows\System\JceTbdB.exe
  2⤵
  PID:8708
- C:\Windows\System\PCnfoam.exe
  C:\Windows\System\PCnfoam.exe
  2⤵
  PID:8800
- C:\Windows\System\yAlAlgm.exe
  C:\Windows\System\yAlAlgm.exe
  2⤵
  PID:9032
- C:\Windows\System\mkNAEqM.exe
  C:\Windows\System\mkNAEqM.exe
  2⤵
  PID:9164
- C:\Windows\System\KrrEZso.exe
  C:\Windows\System\KrrEZso.exe
  2⤵
  PID:7992
- C:\Windows\System\dFzSSEg.exe
  C:\Windows\System\dFzSSEg.exe
  2⤵
  PID:8200
- C:\Windows\System\elsQzTn.exe
  C:\Windows\System\elsQzTn.exe
  2⤵
  PID:8620
- C:\Windows\System\EvOfzFz.exe
  C:\Windows\System\EvOfzFz.exe
  2⤵
  PID:8736
- C:\Windows\System\gUfMQSv.exe
  C:\Windows\System\gUfMQSv.exe
  2⤵
  PID:7696
- C:\Windows\System\sZgchMx.exe
  C:\Windows\System\sZgchMx.exe
  2⤵
  PID:8616
- C:\Windows\System\bEdPZYo.exe
  C:\Windows\System\bEdPZYo.exe
  2⤵
  PID:8992
- C:\Windows\System\hMnclAB.exe
  C:\Windows\System\hMnclAB.exe
  2⤵
  PID:9208
- C:\Windows\System\RtSHfkC.exe
  C:\Windows\System\RtSHfkC.exe
  2⤵
  PID:8104
- C:\Windows\System\vuaMGTA.exe
  C:\Windows\System\vuaMGTA.exe
  2⤵
  PID:9152
- C:\Windows\System\SgUugaJ.exe
  C:\Windows\System\SgUugaJ.exe
  2⤵
  PID:8776
- C:\Windows\System\YsuTfZP.exe
  C:\Windows\System\YsuTfZP.exe
  2⤵
  PID:7372
- C:\Windows\System\TsYUzCC.exe
  C:\Windows\System\TsYUzCC.exe
  2⤵
  PID:7444
- C:\Windows\System\nauHTzp.exe
  C:\Windows\System\nauHTzp.exe
  2⤵
  PID:7948
- C:\Windows\System\yQbbxDM.exe
  C:\Windows\System\yQbbxDM.exe
  2⤵
  PID:9084
- C:\Windows\System\nrEqhHz.exe
  C:\Windows\System\nrEqhHz.exe
  2⤵
  PID:8928
- C:\Windows\System\MrnsBWN.exe
  C:\Windows\System\MrnsBWN.exe
  2⤵
  PID:7880
- C:\Windows\System\QHCZRsa.exe
  C:\Windows\System\QHCZRsa.exe
  2⤵
  PID:8660
- C:\Windows\System\ZXxKDQC.exe
  C:\Windows\System\ZXxKDQC.exe
  2⤵
  PID:7772
- C:\Windows\System\ScLfzPk.exe
  C:\Windows\System\ScLfzPk.exe
  2⤵
  PID:7988
- C:\Windows\System\BLurpal.exe
  C:\Windows\System\BLurpal.exe
  2⤵
  PID:7588
- C:\Windows\System\WmLJftU.exe
  C:\Windows\System\WmLJftU.exe
  2⤵
  PID:8248
- C:\Windows\System\HoCtFuh.exe
  C:\Windows\System\HoCtFuh.exe
  2⤵
  PID:7972
- C:\Windows\System\EzdAhFm.exe
  C:\Windows\System\EzdAhFm.exe
  2⤵
  PID:8460
- C:\Windows\System\JaYeiFw.exe
  C:\Windows\System\JaYeiFw.exe
  2⤵
  PID:8764
- C:\Windows\System\rFcelhZ.exe
  C:\Windows\System\rFcelhZ.exe
  2⤵
  PID:8860
- C:\Windows\System\otQxMhT.exe
  C:\Windows\System\otQxMhT.exe
  2⤵
  PID:9136
- C:\Windows\System\wTCDTAE.exe
  C:\Windows\System\wTCDTAE.exe
  2⤵
  PID:8592
- C:\Windows\System\FryZcYq.exe
  C:\Windows\System\FryZcYq.exe
  2⤵
  PID:9100
- C:\Windows\System\DSEVCvo.exe
  C:\Windows\System\DSEVCvo.exe
  2⤵
  PID:8680
- C:\Windows\System\NSzxDLH.exe
  C:\Windows\System\NSzxDLH.exe
  2⤵
  PID:8656
- C:\Windows\System\vwNjzpr.exe
  C:\Windows\System\vwNjzpr.exe
  2⤵
  PID:7664
- C:\Windows\System\qcgagqb.exe
  C:\Windows\System\qcgagqb.exe
  2⤵
  PID:8676
- C:\Windows\System\XjjIHTb.exe
  C:\Windows\System\XjjIHTb.exe
  2⤵
  PID:9220
- C:\Windows\System\VEisyXA.exe
  C:\Windows\System\VEisyXA.exe
  2⤵
  PID:9240
- C:\Windows\System\fNpNpGH.exe
  C:\Windows\System\fNpNpGH.exe
  2⤵
  PID:9268
- C:\Windows\System\WxGQnmU.exe
  C:\Windows\System\WxGQnmU.exe
  2⤵
  PID:9284
- C:\Windows\System\BoGVyNy.exe
  C:\Windows\System\BoGVyNy.exe
  2⤵
  PID:9300
- C:\Windows\System\GwrbEbJ.exe
  C:\Windows\System\GwrbEbJ.exe
  2⤵
  PID:9316
- C:\Windows\System\xktZeUP.exe
  C:\Windows\System\xktZeUP.exe
  2⤵
  PID:9332
- C:\Windows\System\MMqaeTO.exe
  C:\Windows\System\MMqaeTO.exe
  2⤵
  PID:9348
- C:\Windows\System\XcMDffi.exe
  C:\Windows\System\XcMDffi.exe
  2⤵
  PID:9364
- C:\Windows\System\YDDqdkY.exe
  C:\Windows\System\YDDqdkY.exe
  2⤵
  PID:9380
- C:\Windows\System\FfKuVKn.exe
  C:\Windows\System\FfKuVKn.exe
  2⤵
  PID:9396
- C:\Windows\System\kFtEEdH.exe
  C:\Windows\System\kFtEEdH.exe
  2⤵
  PID:9420
- C:\Windows\System\JmFugeC.exe
  C:\Windows\System\JmFugeC.exe
  2⤵
  PID:9440
- C:\Windows\System\FXsrShG.exe
  C:\Windows\System\FXsrShG.exe
  2⤵
  PID:9456
- C:\Windows\System\vpAxnmJ.exe
  C:\Windows\System\vpAxnmJ.exe
  2⤵
  PID:9476
- C:\Windows\System\jFdmJOa.exe
  C:\Windows\System\jFdmJOa.exe
  2⤵
  PID:9496
- C:\Windows\System\oFPHLyT.exe
  C:\Windows\System\oFPHLyT.exe
  2⤵
  PID:9512
- C:\Windows\System\LGHyINd.exe
  C:\Windows\System\LGHyINd.exe
  2⤵
  PID:9528
- C:\Windows\System\NruQYTw.exe
  C:\Windows\System\NruQYTw.exe
  2⤵
  PID:9544
- C:\Windows\System\IeHYEcO.exe
  C:\Windows\System\IeHYEcO.exe
  2⤵
  PID:9560
- C:\Windows\System\sbfAQiL.exe
  C:\Windows\System\sbfAQiL.exe
  2⤵
  PID:9576
- C:\Windows\System\WazNfpt.exe
  C:\Windows\System\WazNfpt.exe
  2⤵
  PID:9592
- C:\Windows\System\SCiBnix.exe
  C:\Windows\System\SCiBnix.exe
  2⤵
  PID:9608
- C:\Windows\System\BSIhJXp.exe
  C:\Windows\System\BSIhJXp.exe
  2⤵
  PID:9624
- C:\Windows\System\XkRcMfU.exe
  C:\Windows\System\XkRcMfU.exe
  2⤵
  PID:9648
- C:\Windows\System\mrIDeDN.exe
  C:\Windows\System\mrIDeDN.exe
  2⤵
  PID:9664
- C:\Windows\System\GRCMZil.exe
  C:\Windows\System\GRCMZil.exe
  2⤵
  PID:9680
- C:\Windows\System\jjGBCVD.exe
  C:\Windows\System\jjGBCVD.exe
  2⤵
  PID:9696
- C:\Windows\System\tqUrnso.exe
  C:\Windows\System\tqUrnso.exe
  2⤵
  PID:9712
- C:\Windows\System\vBSyOxR.exe
  C:\Windows\System\vBSyOxR.exe
  2⤵
  PID:9728
- C:\Windows\System\EamKcRb.exe
  C:\Windows\System\EamKcRb.exe
  2⤵
  PID:9744
- C:\Windows\System\lIdIcWU.exe
  C:\Windows\System\lIdIcWU.exe
  2⤵
  PID:9760
- C:\Windows\System\Qhukyze.exe
  C:\Windows\System\Qhukyze.exe
  2⤵
  PID:9776
- C:\Windows\System\ZIMyRog.exe
  C:\Windows\System\ZIMyRog.exe
  2⤵
  PID:9796
- C:\Windows\System\jlUWrFg.exe
  C:\Windows\System\jlUWrFg.exe
  2⤵
  PID:9812
- C:\Windows\System\vFnHTMC.exe
  C:\Windows\System\vFnHTMC.exe
  2⤵
  PID:9828
- C:\Windows\System\JHTpKuf.exe
  C:\Windows\System\JHTpKuf.exe
  2⤵
  PID:9844
- C:\Windows\System\vONrMis.exe
  C:\Windows\System\vONrMis.exe
  2⤵
  PID:9860
- C:\Windows\System\xkRzakT.exe
  C:\Windows\System\xkRzakT.exe
  2⤵
  PID:9876
- C:\Windows\System\laSFeOF.exe
  C:\Windows\System\laSFeOF.exe
  2⤵
  PID:9900
- C:\Windows\System\hmWPNyv.exe
  C:\Windows\System\hmWPNyv.exe
  2⤵
  PID:9916
- C:\Windows\System\COHmBcj.exe
  C:\Windows\System\COHmBcj.exe
  2⤵
  PID:9932
- C:\Windows\System\wFHWHSh.exe
  C:\Windows\System\wFHWHSh.exe
  2⤵
  PID:9948
- C:\Windows\System\lVFoMJh.exe
  C:\Windows\System\lVFoMJh.exe
  2⤵
  PID:9964
- C:\Windows\System\eNiYARX.exe
  C:\Windows\System\eNiYARX.exe
  2⤵
  PID:9980
- C:\Windows\System\VHMFOQt.exe
  C:\Windows\System\VHMFOQt.exe
  2⤵
  PID:9996
- C:\Windows\System\lgjIMCU.exe
  C:\Windows\System\lgjIMCU.exe
  2⤵
  PID:10012
- C:\Windows\System\xjyhUQI.exe
  C:\Windows\System\xjyhUQI.exe
  2⤵
  PID:10028
- C:\Windows\System\CmlYysr.exe
  C:\Windows\System\CmlYysr.exe
  2⤵
  PID:10044
- C:\Windows\System\kCHZvZw.exe
  C:\Windows\System\kCHZvZw.exe
  2⤵
  PID:10060
- C:\Windows\System\jdCKvSE.exe
  C:\Windows\System\jdCKvSE.exe
  2⤵
  PID:10088
- C:\Windows\System\AEAuebZ.exe
  C:\Windows\System\AEAuebZ.exe
  2⤵
  PID:10104
- C:\Windows\System\vikNSmS.exe
  C:\Windows\System\vikNSmS.exe
  2⤵
  PID:10124
- C:\Windows\System\QsSQfVS.exe
  C:\Windows\System\QsSQfVS.exe
  2⤵
  PID:10144
- C:\Windows\System\ZrCUJdm.exe
  C:\Windows\System\ZrCUJdm.exe
  2⤵
  PID:10164
- C:\Windows\System\pwKufzD.exe
  C:\Windows\System\pwKufzD.exe
  2⤵
  PID:10180
- C:\Windows\System\nEwFvXc.exe
  C:\Windows\System\nEwFvXc.exe
  2⤵
  PID:10200
- C:\Windows\System\SmVYrul.exe
  C:\Windows\System\SmVYrul.exe
  2⤵
  PID:10220
- C:\Windows\System\fIQDlRl.exe
  C:\Windows\System\fIQDlRl.exe
  2⤵
  PID:9228
- C:\Windows\System\vkbHwsK.exe
  C:\Windows\System\vkbHwsK.exe
  2⤵
  PID:9248
- C:\Windows\System\Aakkoiq.exe
  C:\Windows\System\Aakkoiq.exe
  2⤵
  PID:9308
- C:\Windows\System\krOVjgx.exe
  C:\Windows\System\krOVjgx.exe
  2⤵
  PID:9292
- C:\Windows\System\gecDzlL.exe
  C:\Windows\System\gecDzlL.exe
  2⤵
  PID:9344
- C:\Windows\System\lWOObbb.exe
  C:\Windows\System\lWOObbb.exe
  2⤵
  PID:9404
- C:\Windows\System\drWpvVu.exe
  C:\Windows\System\drWpvVu.exe
  2⤵
  PID:9416
- C:\Windows\System\zxFNvZG.exe
  C:\Windows\System\zxFNvZG.exe
  2⤵
  PID:9452
- C:\Windows\System\rLKSniT.exe
  C:\Windows\System\rLKSniT.exe
  2⤵
  PID:9472
- C:\Windows\System\zLBGNpP.exe
  C:\Windows\System\zLBGNpP.exe
  2⤵
  PID:9536
- C:\Windows\System\zozXtLx.exe
  C:\Windows\System\zozXtLx.exe
  2⤵
  PID:9584
- C:\Windows\System\uInjYLJ.exe
  C:\Windows\System\uInjYLJ.exe
  2⤵
  PID:9600
- C:\Windows\System\lGfkRzf.exe
  C:\Windows\System\lGfkRzf.exe
  2⤵
  PID:9656
- C:\Windows\System\lAwlPRQ.exe
  C:\Windows\System\lAwlPRQ.exe
  2⤵
  PID:9720
- C:\Windows\System\HAqQEmV.exe
  C:\Windows\System\HAqQEmV.exe
  2⤵
  PID:9784
- C:\Windows\System\UAnikRz.exe
  C:\Windows\System\UAnikRz.exe
  2⤵
  PID:9820
- C:\Windows\System\NhcBChx.exe
  C:\Windows\System\NhcBChx.exe
  2⤵
  PID:9640
- C:\Windows\System\eEchSQP.exe
  C:\Windows\System\eEchSQP.exe
  2⤵
  PID:9924
- C:\Windows\System\qqrqpCJ.exe
  C:\Windows\System\qqrqpCJ.exe
  2⤵
  PID:9960
- C:\Windows\System\SqsrayS.exe
  C:\Windows\System\SqsrayS.exe
  2⤵
  PID:8948
- C:\Windows\System\Umullyd.exe
  C:\Windows\System\Umullyd.exe
  2⤵
  PID:9676
- C:\Windows\System\oHcXVMe.exe
  C:\Windows\System\oHcXVMe.exe
  2⤵
  PID:9836
- C:\Windows\System\NVgBBQd.exe
  C:\Windows\System\NVgBBQd.exe
  2⤵
  PID:9808
- C:\Windows\System\RxZHYfo.exe
  C:\Windows\System\RxZHYfo.exe
  2⤵
  PID:9872
- C:\Windows\System\TbPxrCf.exe
  C:\Windows\System\TbPxrCf.exe
  2⤵
  PID:10068
- C:\Windows\System\yWMmRSa.exe
  C:\Windows\System\yWMmRSa.exe
  2⤵
  PID:10096
- C:\Windows\System\JFRtZKn.exe
  C:\Windows\System\JFRtZKn.exe
  2⤵
  PID:10116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AcVfVQg.exe

Filesize
6.0MB

MD5
cb722b5c74c35217df9d1ee381d8e457

SHA1
96ccb392a51df4c3ee28acad12586aa02d6b1481

SHA256
16ef4e4d3fadbb9509c2d233de04ec6c3e8563c0ff96261f0e65891da922b950

SHA512
88b15a0125379c9737953e89ce8fec60606b562230d1bab96d8039a7c05a03fd07278bf9d1505bb658034f787136877010909fde1506fc9631e7a9a51a0643e4

Download Submit
C:\Windows\system\DFycRzP.exe

Filesize
6.0MB

MD5
fa7a3023c7d65c37e00b7d6759462d46

SHA1
d17ce2c05cb5eb70c8a7a5c4ee4e95a6eae71899

SHA256
fcaafca6f574becb5a6cf6394c967766cd0f66fd1234a8e6d9c6fd49c4f42ae8

SHA512
d3721a3d401fd0ba993dab24f88996c64bcbf04f396bb4990742f8c9ba19bf7eb9544eaf3acaf5ce0907482bdb87b6c4917c59730cabdfb6645636575775766f

Download Submit
C:\Windows\system\FIBmqok.exe

Filesize
6.0MB

MD5
73bc30a0feca3f138a61e0f1e4b71f09

SHA1
ef4c1847e64738af3e361637a7541232c7a6ec19

SHA256
e002f712ffa5aa35fe5ccd684ac9cd8642a5d1c0dfa4866a0d70cc92664fafda

SHA512
e3edcd85bba0d3b0ede03214c0981a16dadfb79a57fe244b901e3312121af7f7741b0e220e65fdee72af1882242304f14f59a93a20bcc6b747278804986e9bf3

Download Submit
C:\Windows\system\FwdFWWb.exe

Filesize
6.0MB

MD5
f820f64854bacb697ae78ccd74f7fcda

SHA1
f69d317e6b8ad76dacaeae451f24dabb1dda92fd

SHA256
4239b5c80e33e2b8c3bee379e4aecb2c60b39191d92b34e12cb2264fae6e0b5e

SHA512
3ab69e09fea414bb29dada4a3d9d763ee7ece5502bdecb7c291cbdd7026c256f0f34eeb4d5dbd29670d4476fab2d1a6599ebeadee59aa1837054d2a12bc7828f

Download Submit
C:\Windows\system\GHwxXIT.exe

Filesize
6.0MB

MD5
12fce1c1898dfd02df53cd064267874a

SHA1
9217b1357de996b6087a6b23c83f519c44864a60

SHA256
c9c9c83aa0bf734c1a936a364963ae2933cc8539001b6c69070fb01270193283

SHA512
8c6205f3cf50bb8931045bc2f671517abe61c7f69f80cce76bcf9dda96852804c9ddd17bd84c7fb23a807a01f411d900a19e57d8628db9c7515c8f308e869f07

Download Submit
C:\Windows\system\HgxsdIi.exe

Filesize
6.0MB

MD5
9499997caf6adb1fbe0513f36199bd1b

SHA1
9a40c7318e0b136e3359e03e8d5e086bab1bf577

SHA256
ad7ef4d117712f4dcd1b2057c80ff9bb8704ca45c9f62e401d8a7201b00301d0

SHA512
2232bc3e6c555b6880114a7a0a0e597db6329c04d07f210301012e4df259c1d4f2b07ccdd84c35f8f8b27135abfc3d4638ca3ecb228729a58cb476f641526697

Download Submit
C:\Windows\system\IDQfsIv.exe

Filesize
6.0MB

MD5
965991b1c09c7d8a32e79a61e0d63251

SHA1
8d2d51a8f47de7b4ff50daebea30d98db5ba5169

SHA256
bd0e1089f1101385d4f15b0c76024e09a565749e1b950ceea23798d8121f6633

SHA512
2ab67013c79ffa160eddf064e70743c8f0243c7974bdb39b1fe90cf900a08a8d54a2a295f9520b48407433d3b02b9ed15fb87f39e226f2ddd2590dad98566b8e

Download Submit
C:\Windows\system\JAfpkeA.exe

Filesize
6.0MB

MD5
2ed1c379655ca62f394e436bc49d381e

SHA1
e0076d0d2d193a74a196940ae90cea9a3caa2d8f

SHA256
be655a5773d139d2073419560cd005948d0a67f0fba158e395af1081f08dba9e

SHA512
257a94618b081cf81c65afe8ae14a92854996e0ab70cbb23c8fd0780ef19f65d6756377d343563c5e4665239ef3df25fe921d0091e5b8a235f79b687238bddd5

Download Submit
C:\Windows\system\JNIQUut.exe

Filesize
6.0MB

MD5
3cd9e161ba4b7b95e9d8c0cf14099c62

SHA1
606d7a34231c5e592043ba9ef214e4568d4b8ddc

SHA256
06d59c0859c1fe00c0b2bf283184dcdd72cc2d1dcbcb60bfb3ae4e522ff83094

SHA512
ba53ee00bb9ec1bef44496b470d0e589374423800755df1136b0c7bc628cddd96b63766f0c3f9654bf7af4828b0c2eedd6d6b7d6f396c8f6b56aa51d9b8ecd3b

Download Submit
C:\Windows\system\KeXQmOd.exe

Filesize
6.0MB

MD5
1d7fa85683381a124d3f396334f06294

SHA1
b709d9f55ea7e12bbf56d4c675a4173c729d7823

SHA256
be34a829b04905eb7ffad47963ee6dace19875f59c575ed35d050d4f81c43796

SHA512
f197cfdc1a502ed03f6cf4cb77d7f5444d9033e8080f511f5aea654b459945176550523c92e0e54f1c9086454fff9843e68b45c322b8440d8461b08f4189d8ad

Download Submit
C:\Windows\system\PPDXGdf.exe

Filesize
6.0MB

MD5
2f2d704747da2ebdf683a5c0662d6709

SHA1
36dc297bedfe815d30ce3d83509133e2a8103c3c

SHA256
8b518c3002c9ae39155501c31e1cd9aa1c9d40ea2cc1b6bcd8a2ad35ca8b0f06

SHA512
250a00ed6c15d2af0148a828cb7426a1fb543c02155f0f00b8e3e358b0a01f2fd6f6017cafee7fece3a93dcab7a9881afd90c20427f4fad2e7394196b1f7d829

Download Submit
C:\Windows\system\QbEmrnn.exe

Filesize
6.0MB

MD5
73b691c6f0dd3f7f8d9e303a7856fc34

SHA1
d21f649faa1d22aaf790a031fefce4b9ad6b3a41

SHA256
e554af1257526126851822e6529015fc90cd726a22a0c03cc92acbe5cc8d17a1

SHA512
ddd5d5b0a673215219b242f8b9dcc5c110e5433fe418e303bf2b55aeec6ebc3b9ad7da6a26e0c5bca56bceb6cf0428b073da36154e83cff235e502c0409c465f

Download Submit
C:\Windows\system\SdZJSSv.exe

Filesize
6.0MB

MD5
e88bfdb85a0ecc02b6f18464c395d24a

SHA1
b82819596365f37ed9ee121557d3529bf6f8f7d1

SHA256
0acc54acfa556dffbb5307240e0a7278be3e0f88257f9a6e0bb7ed5f8d2ab9bc

SHA512
fa0e7de7dd270c8847d05becc56696d3007c66063e8050514ad9e6ceba4ee27d609149e0c7b7fd7e1615b1640b8e0ccb1994fe9bb7e42d69871288c9f04285bd

Download Submit
C:\Windows\system\UzYhzcg.exe

Filesize
6.0MB

MD5
831f7a04b0ee8b26b24d0059b78f794a

SHA1
542f3335e42e433f504fbcbba3b4a8f5828b23a1

SHA256
2ecf4408ec9b3a44f30c6bea0dd86808ec0c33afc61e98b8660fdc7d5dc67546

SHA512
3ca5f495dad66edccb0d086df2650b384d54ca4e60c75ca6ae008de700e2e041a27b628f9798b28576a468a91ea89d94f25e1dc80f2f00b9dac46adda86d15cc

Download Submit
C:\Windows\system\XXyOdDn.exe

Filesize
6.0MB

MD5
acc9da6a9cd26880cfe93461771abaa9

SHA1
1a5cf2ba9cfc6bf1761963030c0010c9ccc368f9

SHA256
e37de05508a79f1a3ae7d349f6f019b17031de7ec8b86ed6c5885f5b429307ca

SHA512
9b509cda065fba1dfc2a71dfde767aea94b565cd577d1d175cd8ab439f6b4f6a7d65a6ebbeeb756dc9cb4d5b2a738bddf6c3cb1eb35ed9551154bf10b3f67357

Download Submit
C:\Windows\system\cyoAzCX.exe

Filesize
6.0MB

MD5
6fe3e878fab7e2e8b63b2375cb4b91b2

SHA1
c554f271de7f5e97b5f1a4b4feb14e1b55ddeae7

SHA256
a391a3aa732eece83dfe9dd46fbc140d1cb76ec4f8baaec2324ef0d124b8c46c

SHA512
88359c8323faded9bf87a80bba1f55d87a892f3a7cdfe461fea5d035c86034d4bdb32c764bbb7114214caad500323dc1ddbcd2852c8e32a25c843f772747f81c

Download Submit
C:\Windows\system\daGTwEA.exe

Filesize
6.0MB

MD5
2d4770a4606d2d003f94319c40995320

SHA1
8a56db2a8c8d6db225776d860d1103489f3e2282

SHA256
00734493cfa5623c9090360c98b327d22b788c821119ee76f5dc1533dac534c4

SHA512
d39d171f25bd712ea82f43f058cff468d6631fcb1b3f98775cc0976716fa47f32f6dcad587e2b9d778ef95e859e45acb76fe3bd4b4a876dde8269bc5c1b46a7d

Download Submit
C:\Windows\system\nzkZhXk.exe

Filesize
6.0MB

MD5
66b42a442b3262b8061a5b8d2d71da6d

SHA1
8bce95c3887e12c2242cf9f5aa927b69cd4ccd1a

SHA256
71fd36b607cf86ec5a73f14b254ed0566bb5dc081273848c8d9c9057658e2987

SHA512
4b50fa279d1803d82e657a39b2e7d409f2183fe9c6cbb9300fb39882f012630a5cea0371a872010fa9e5d4ee84e66ee05d954965ae48269cf0cc933fc2b8d9cb

Download Submit
C:\Windows\system\pesSRxI.exe

Filesize
6.0MB

MD5
5541694eb0f542a797059356b1aa044d

SHA1
f115003afc50090b73b7ae0f89bfb7a42fde16c2

SHA256
3694af10482e1950026e612ea1d2ece2c2da50ef66122be7599a3500de483776

SHA512
f72156c5f78e9cc2b1c76aa070b1ed4033e1f8dbc87087dc9f40d692508008032168fc4e6ec5a3b77461647b4714dd00e9b72d21b3f86ff6d47134aa5d62c648

Download Submit
C:\Windows\system\qiTORom.exe

Filesize
6.0MB

MD5
4973501c26de2fe7a7abd73543042936

SHA1
20a7a3887900b48d428e813abc04876054a54672

SHA256
e31fe9a04cb842907c82957bc517640198d28dd75fc55d24da72d6761dbad235

SHA512
ac0d3c518c6f41cb7bac2d1250bf1c0a65fef2a243cdbdd3d7fb94f3a41c6c092e897ae5ad82255b845b634749344f0d38acde445ec0196889fb5d1ace40d185

Download Submit
C:\Windows\system\rscJfEj.exe

Filesize
6.0MB

MD5
dc900401c39204586017378375e0a999

SHA1
fa0ac002172ef2a49b96ec5561fe9bd1240cc67f

SHA256
800c14037f4a11abfeebd02819a4de9aaa5a976095a1c98cb12cf89ec6f1eae0

SHA512
44a073bbc96198f2d998512b3db2f6c17284e01dec485420d85f211a9b7e4963dbf7c313a2823cea255c711f20a81ac52db2965cd2688dea8a864768f01ec762

Download Submit
C:\Windows\system\tpHupVh.exe

Filesize
6.0MB

MD5
a145d11ac6531fd2cad96691c71a3990

SHA1
76c57a7d4f180e03cdcbe1d07034b6393d68b75a

SHA256
7db6d30a9a7e8acc102546b22dcc93c3496ab4af2d4c4d2926e5c814146bbffb

SHA512
8df4b1410b2e98a523e14878a694dc1dd370c130092878e37b5abddd0d78ab3e1ee3e30b66cae0a48edf93080ac8364f665cedf73d961888cfff5b239fffa300

Download Submit
C:\Windows\system\vNpoZgT.exe

Filesize
6.0MB

MD5
1df7a0dce3904ccffa3a7cb8b97905e7

SHA1
ddfc7186af77a385b31c12fa0e593e9706da17d9

SHA256
484a8bed39d1f499ae955680b6757450e976b8020d69d024619c31328183c4ef

SHA512
50b479af6ef0cbc6cd603b43f450189011aa59b8d5e1298502a45135e8dda0ce04e02c84a3e993bb1058c124d2ace212d79ee5ad310d1ce36705db01c8c71d4b

Download Submit
C:\Windows\system\whfhRTV.exe

Filesize
6.0MB

MD5
29e04ba9aef5ec8ef0d7394ecd03fabe

SHA1
66e4eb6a000e82d5a491a2c4372b1a7d98ba7b35

SHA256
6ae5632173d241d4d9f5d668b35f018d8180d0b15565e36b0123f09a7667d831

SHA512
2d41fe46e8e034fd829dd3865d6684261d648ac9e7deccb1ddec8c3254db18e577e9a39aaf48b6ecfd34deb426bdcf6daf8b0a340d2b8568c4167372cc1161a5

Download Submit
C:\Windows\system\xnFDXVp.exe

Filesize
6.0MB

MD5
064361dd27ba404a999751d4b2f902d4

SHA1
d2d812bd96331235062273a16ef1d6876269816d

SHA256
1f00db36ff983c7dd0e8dda50e36e124672681bfb525d64ae354f1514c8ff832

SHA512
d86fcd8338f262fcd2a43a9b340738303d54fdc14196878a9c19ec3508eb5339178db0af05022aa21e52b1c4ced5acdf8449a75dc708676477000d726eb2a970

Download Submit
\Windows\system\HUeeICd.exe

Filesize
6.0MB

MD5
a446edbd40074510d5325c2c1a562e71

SHA1
a4d2bcc6b54a0d248cd2123399cc1eb9a3b8b6d4

SHA256
0b632470d160887ce0ea01a7ef22bb7b8070884fcc151565f529056a8375a498

SHA512
05d0b51cc6636b0607f14b6ca428ac6ae2f2e8ecf8db65eb8cb6d712a419dba89211885963e429eda89b16af3e6e4cc101b76dcfdd2a3be08ab25a353d5506f3

Download Submit
\Windows\system\OMWMDZG.exe

Filesize
6.0MB

MD5
fb7e4e11ce645df5c25ea9a2224bfb8e

SHA1
627ab489d4f0dfaec27ef943e3e5ce1bb91dbfb8

SHA256
475fe164788a5c7d40c8a10b7155d85b762e240037da75a88e3bbc48b35d763c

SHA512
228f1a4e41945694f9bb339e3d89c905e6a36361da6a287c3afa0afcace90cb07fd88e5616a98e13544b050d285e284f4a76b6268fe61190601b857561c11e95

Download Submit
\Windows\system\SrFJxeE.exe

Filesize
6.0MB

MD5
78f570eb184827c679e64e0a72c2d719

SHA1
efc096f076b9d950369c9e6609c1379176ec5dd2

SHA256
4f31abb62acf2d381777061ca64f18ec7fc5a3fb16f200371cc5b540c2e5644f

SHA512
711636a2fc282e7007ad873242020a42a2d2d64e36f6c156c7587e7b5ee27408c7fed0a6434c37da73cc82373be47b9129b38b32735af17868633adb02ec14bc

Download Submit
\Windows\system\YkAJMBs.exe

Filesize
6.0MB

MD5
7054a3e5bc5209291d273b92dcc83044

SHA1
860579c64d263d0886da7fd0181e5ca9ca3c05b6

SHA256
100a03d7db4b76925e3be88bfeb2bf137c040f5984650b05f546655022c0fda4

SHA512
f30d2e2369619e2e0b64dc8f2cf4ce596d2d7c8bb6088db623bca6272bdc44ce3a3bf9d0a4723d944a17b64879d5a3a456dc0cc0129034c1193f84dde2d44cd8

Download Submit
\Windows\system\Ylysxgd.exe

Filesize
6.0MB

MD5
304f798c8fbaec82dffe9a1c021d37f7

SHA1
eefad543c8543595a4db61e45b7d391fa64fc8cd

SHA256
bfe85cfffc23bc64c9cbdea4c52b687a0d7ee72921a861e90368872124cc9832

SHA512
733ea83d1ddd6e7dd40b4d2e890ab2f9913df43169d1ee4762283449b1e59ea1ecc283b23a9e339a0630cc209e9b51ee1eb64d80164566e5741c1d17e064ae19

Download Submit
\Windows\system\ovFNLpQ.exe

Filesize
6.0MB

MD5
88b6a51be1851cb3340ba1ebf74a7d34

SHA1
8db93bc49865370658266312159b61c542a21df0

SHA256
d4cc6886e59a7324cb4da0f9785f044a6c9a77747bf90e7b1bc8332a4b8468fb

SHA512
3dad7ea3a306149eefb051ee6d5905dddd784880d7d8c6bc08b06242a1501ecae781cbd27b5e51ed6e8d16ba9847dc65a7dc1ead4216a932c54883495894ed73

Download Submit
\Windows\system\ovQEFGR.exe

Filesize
6.0MB

MD5
2e17bbd80e339b147983e4e863931d97

SHA1
5b35b0c4a3f2061d6c86b42d3c5c03f199d3bd41

SHA256
d1e3119d40a21c50ce0c6694f584cf1f506ae1daf6a772030f29ef2115eb3a16

SHA512
cc6e68bfb518d9eb0adcaabdf94cd1f4df8fd73dc3dc11d60d8c6ad318923ebcd7aa7a49ca111c29ff118f8627e9df2f6916742a18f375907bcd857199c2e190

Download Submit
memory/1952-14-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/1952-3552-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/1988-15-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2136-217-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2136-4155-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2156-415-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2156-447-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2156-212-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2156-0-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2156-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2156-209-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2156-35-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2156-72-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2156-211-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2156-215-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2156-210-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2156-13-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2156-218-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2156-400-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2156-401-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2156-22-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2156-23-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-3553-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-29-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-3704-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2332-216-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2344-28-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2344-3549-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3713-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2580-220-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2672-214-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3544-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2708-219-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2712-36-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2744-213-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2884-3550-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2884-51-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download