cobaltstrike | efa8fdadd54e679fd359b0ee6e139d34dda547534a696eacfb7c5ce1ade0258f

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15-11-2024 03:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

f66a755d5487c180c91738f67ca9737f
SHA1

7c74c8598d809775372677a049627d0eb396c85c
SHA256

efa8fdadd54e679fd359b0ee6e139d34dda547534a696eacfb7c5ce1ade0258f
SHA512

93f326e827acdbb5f3f8da9245027d64bf793ec5898b24c34e1d7570b8c3b32bb56cba1f162bee317fd071925a083b14a910341f7ad1885041f694197bcee90a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUO:T+q56utgpPF8u/7O

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a0000000122ce-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d07-7.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d19-16.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d48-25.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d68-31.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191fd-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019238-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938b-171.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c8-191.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-186.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b7-181.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019399-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019280-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925d-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-145.dat	cobalt_reflective_dll
behavioral1/files/0x0031000000015ccc-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019220-132.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190c9-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878d-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001867d-116.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000018657-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-106.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190c6-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186c8-87.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018662-77.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c9b-65.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015da1-55.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000015d78-46.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d70-38.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2112-0-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x000a0000000122ce-3.dat	xmrig
behavioral1/files/0x0008000000015d07-7.dat	xmrig
behavioral1/files/0x0008000000015d19-16.dat	xmrig
behavioral1/memory/2852-21-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015d48-25.dat	xmrig
behavioral1/memory/2876-27-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2928-11-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2920-19-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x0007000000015d68-31.dat	xmrig
behavioral1/memory/1648-33-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2900-99-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2920-56-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x00050000000191fd-122.dat	xmrig
behavioral1/files/0x0005000000019217-127.dat	xmrig
behavioral1/files/0x0005000000019238-141.dat	xmrig
behavioral1/files/0x000500000001938b-171.dat	xmrig
behavioral1/files/0x00050000000193c8-191.dat	xmrig
behavioral1/memory/2112-902-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2112-756-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/memory/3024-522-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2112-521-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/memory/2528-197-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x00050000000193c1-186.dat	xmrig
behavioral1/files/0x00050000000193b7-181.dat	xmrig
behavioral1/files/0x0005000000019399-176.dat	xmrig
behavioral1/files/0x0005000000019280-166.dat	xmrig
behavioral1/files/0x0005000000019278-161.dat	xmrig
behavioral1/files/0x000500000001925d-148.dat	xmrig
behavioral1/files/0x0005000000019263-154.dat	xmrig
behavioral1/files/0x0005000000019240-145.dat	xmrig
behavioral1/files/0x0031000000015ccc-136.dat	xmrig
behavioral1/files/0x0005000000019220-132.dat	xmrig
behavioral1/files/0x00060000000190c9-120.dat	xmrig
behavioral1/files/0x000500000001878d-118.dat	xmrig
behavioral1/files/0x000500000001867d-116.dat	xmrig
behavioral1/files/0x0014000000018657-113.dat	xmrig
behavioral1/memory/2112-110-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/2000-109-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/1648-108-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/files/0x00050000000191f3-106.dat	xmrig
behavioral1/files/0x00060000000190c6-105.dat	xmrig
behavioral1/files/0x00050000000186c8-87.dat	xmrig
behavioral1/files/0x000d000000018662-77.dat	xmrig
behavioral1/memory/2876-74-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c9b-65.dat	xmrig
behavioral1/memory/3024-64-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015da1-55.dat	xmrig
behavioral1/memory/1216-72-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2656-50-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/files/0x000a000000015d78-46.dat	xmrig
behavioral1/memory/2112-42-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2528-41-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x0007000000015d70-38.dat	xmrig
behavioral1/memory/2928-4003-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2920-4006-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/1648-4005-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2852-4004-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2528-4009-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/1216-4008-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2656-4007-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2876-4010-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/3024-4013-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2000-4012-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2928	CHuUkxa.exe
2852	rOEyHpl.exe
2920	MJzEMYz.exe
2876	BeSDYCH.exe
1648	IrhNRgI.exe
2528	vRQWVyW.exe
2656	nlcUBog.exe
3024	XVjkXib.exe
1216	SgmZcZp.exe
2900	DrTfdiI.exe
2000	fWUntUn.exe
600	ZjWXoLQ.exe
780	OQYMaak.exe
1872	EsOYkfG.exe
3008	npDEhlA.exe
2784	kQypBYn.exe
1448	SpmADum.exe
2768	XwznEIl.exe
2160	ggmXhLs.exe
2516	ZqZeCGK.exe
2360	MbtUpDB.exe
2128	rlNjIdo.exe
2204	ClZNGqe.exe
1616	DcRCbvh.exe
2148	RAzsLOK.exe
2120	DwHHmgh.exe
892	wYbHstn.exe
560	qzVjTkJ.exe
2488	OpcyKie.exe
920	AgqTrBX.exe
1260	JTHoRWV.exe
2356	wsIodLG.exe
2432	zaQIhmS.exe
352	nhyIIkd.exe
580	iEKPJRJ.exe
1664	ebZtFnI.exe
2972	FVqMZky.exe
2072	YnPzzBl.exe
2020	QJdBcXZ.exe
2424	hQWwSgw.exe
2924	imOeMou.exe
1600	lRSVrwW.exe
1092	AjZfFvk.exe
1556	sRlfooR.exe
3044	DYJEIRd.exe
1992	DKCLTJs.exe
1904	AJszPAE.exe
2060	SfChtfk.exe
2744	cGxClmh.exe
1632	wqjqLFn.exe
2828	eeLfWqt.exe
2820	NKQLiuz.exe
2916	omVupVj.exe
2536	OuIaDPF.exe
2552	ThwQJPc.exe
2996	JFoPsCX.exe
1836	aTVRxej.exe
1860	DZZeQcC.exe
2260	UxboPzo.exe
2776	xZASpQc.exe
1928	bKSiHUU.exe
2800	jwzQZQs.exe
2932	qvILqOo.exe
2412	YneHHhR.exe

Loads dropped DLL 64 IoCs

pid	Process
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 61 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2112-0-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/files/0x000a0000000122ce-3.dat	upx
behavioral1/files/0x0008000000015d07-7.dat	upx
behavioral1/files/0x0008000000015d19-16.dat	upx
behavioral1/memory/2852-21-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x0007000000015d48-25.dat	upx
behavioral1/memory/2876-27-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2928-11-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2920-19-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x0007000000015d68-31.dat	upx
behavioral1/memory/1648-33-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2900-99-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2920-56-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x00050000000191fd-122.dat	upx
behavioral1/files/0x0005000000019217-127.dat	upx
behavioral1/files/0x0005000000019238-141.dat	upx
behavioral1/files/0x000500000001938b-171.dat	upx
behavioral1/files/0x00050000000193c8-191.dat	upx
behavioral1/memory/3024-522-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2528-197-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x00050000000193c1-186.dat	upx
behavioral1/files/0x00050000000193b7-181.dat	upx
behavioral1/files/0x0005000000019399-176.dat	upx
behavioral1/files/0x0005000000019280-166.dat	upx
behavioral1/files/0x0005000000019278-161.dat	upx
behavioral1/files/0x000500000001925d-148.dat	upx
behavioral1/files/0x0005000000019263-154.dat	upx
behavioral1/files/0x0005000000019240-145.dat	upx
behavioral1/files/0x0031000000015ccc-136.dat	upx
behavioral1/files/0x0005000000019220-132.dat	upx
behavioral1/files/0x00060000000190c9-120.dat	upx
behavioral1/files/0x000500000001878d-118.dat	upx
behavioral1/files/0x000500000001867d-116.dat	upx
behavioral1/files/0x0014000000018657-113.dat	upx
behavioral1/memory/2000-109-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/1648-108-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/files/0x00050000000191f3-106.dat	upx
behavioral1/files/0x00060000000190c6-105.dat	upx
behavioral1/files/0x00050000000186c8-87.dat	upx
behavioral1/files/0x000d000000018662-77.dat	upx
behavioral1/memory/2876-74-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/files/0x0008000000016c9b-65.dat	upx
behavioral1/memory/3024-64-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/files/0x0008000000015da1-55.dat	upx
behavioral1/memory/1216-72-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2656-50-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/files/0x000a000000015d78-46.dat	upx
behavioral1/memory/2112-42-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2528-41-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x0007000000015d70-38.dat	upx
behavioral1/memory/2928-4003-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2920-4006-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/1648-4005-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2852-4004-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2528-4009-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/1216-4008-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2656-4007-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2876-4010-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/3024-4013-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2000-4012-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2900-4011-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\NUJnSBj.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qLyzzHo.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CkdfbKy.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FlVdIOh.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kZBIsAw.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BmLfLEa.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PPKCuaX.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mZkJWHp.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NjLEPTQ.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yCrJTJN.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LrUNaOD.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\scHyusq.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PIyhuzP.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IeriuGf.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lJpcRRB.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HBOPEPL.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kTqJDBQ.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xfZKnvx.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OpcyKie.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kKdFazp.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VLUcEVA.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NpIZNxw.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DrTfdiI.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nCoUNWp.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nrQRUDU.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MqjRyKb.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\caNRQfQ.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xSUPocI.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NJVJoeS.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jwJEFJf.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FDjgaJM.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kZigXHW.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UgdyDOi.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FoiyNaf.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iZFJSyj.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\afamiFx.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YrRnNlX.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aCQzAlo.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jUjNrIW.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qNiNTvP.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LrFaCFB.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JTHoRWV.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DsMiWRo.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rhOHCFH.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rTEnLKG.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RkllfXw.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XXMjqIf.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hOSbNqv.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MlIXXoK.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OuvGCoO.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QjmNjvW.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OTKJGEk.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lciHbLe.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QPuBlOL.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wAZldFX.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WKJBErt.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YphftCR.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ngjdAiB.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WyYLegK.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LMEfDpx.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yVVpGdU.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\REOSRVe.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sPxJtjF.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vseKqQi.exe	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2928	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2112 wrote to memory of 2928	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2112 wrote to memory of 2928	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2112 wrote to memory of 2920	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2112 wrote to memory of 2920	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2112 wrote to memory of 2920	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2112 wrote to memory of 2852	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2112 wrote to memory of 2852	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2112 wrote to memory of 2852	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2112 wrote to memory of 2876	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2112 wrote to memory of 2876	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2112 wrote to memory of 2876	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2112 wrote to memory of 1648	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2112 wrote to memory of 1648	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2112 wrote to memory of 1648	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2112 wrote to memory of 2528	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2112 wrote to memory of 2528	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2112 wrote to memory of 2528	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2112 wrote to memory of 2656	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2112 wrote to memory of 2656	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2112 wrote to memory of 2656	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2112 wrote to memory of 3024	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2112 wrote to memory of 3024	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2112 wrote to memory of 3024	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2112 wrote to memory of 1216	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2112 wrote to memory of 1216	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2112 wrote to memory of 1216	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2112 wrote to memory of 1872	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2112 wrote to memory of 1872	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2112 wrote to memory of 1872	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2112 wrote to memory of 2900	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2112 wrote to memory of 2900	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2112 wrote to memory of 2900	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2112 wrote to memory of 3008	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2112 wrote to memory of 3008	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2112 wrote to memory of 3008	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2112 wrote to memory of 2000	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2112 wrote to memory of 2000	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2112 wrote to memory of 2000	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2112 wrote to memory of 2784	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2112 wrote to memory of 2784	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2112 wrote to memory of 2784	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2112 wrote to memory of 600	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2112 wrote to memory of 600	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2112 wrote to memory of 600	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2112 wrote to memory of 1448	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2112 wrote to memory of 1448	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2112 wrote to memory of 1448	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2112 wrote to memory of 780	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2112 wrote to memory of 780	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2112 wrote to memory of 780	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2112 wrote to memory of 2768	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2112 wrote to memory of 2768	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2112 wrote to memory of 2768	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2112 wrote to memory of 2160	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2112 wrote to memory of 2160	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2112 wrote to memory of 2160	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2112 wrote to memory of 2516	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2112 wrote to memory of 2516	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2112 wrote to memory of 2516	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2112 wrote to memory of 2360	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2112 wrote to memory of 2360	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2112 wrote to memory of 2360	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2112 wrote to memory of 2128	2112	2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-15_f66a755d5487c180c91738f67ca9737f_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Windows\System\CHuUkxa.exe
  C:\Windows\System\CHuUkxa.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\MJzEMYz.exe
  C:\Windows\System\MJzEMYz.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\rOEyHpl.exe
  C:\Windows\System\rOEyHpl.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\BeSDYCH.exe
  C:\Windows\System\BeSDYCH.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\IrhNRgI.exe
  C:\Windows\System\IrhNRgI.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\vRQWVyW.exe
  C:\Windows\System\vRQWVyW.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\nlcUBog.exe
  C:\Windows\System\nlcUBog.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\XVjkXib.exe
  C:\Windows\System\XVjkXib.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\SgmZcZp.exe
  C:\Windows\System\SgmZcZp.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\EsOYkfG.exe
  C:\Windows\System\EsOYkfG.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\DrTfdiI.exe
  C:\Windows\System\DrTfdiI.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\npDEhlA.exe
  C:\Windows\System\npDEhlA.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\fWUntUn.exe
  C:\Windows\System\fWUntUn.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\kQypBYn.exe
  C:\Windows\System\kQypBYn.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\ZjWXoLQ.exe
  C:\Windows\System\ZjWXoLQ.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\SpmADum.exe
  C:\Windows\System\SpmADum.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\OQYMaak.exe
  C:\Windows\System\OQYMaak.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\XwznEIl.exe
  C:\Windows\System\XwznEIl.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\ggmXhLs.exe
  C:\Windows\System\ggmXhLs.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\ZqZeCGK.exe
  C:\Windows\System\ZqZeCGK.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\MbtUpDB.exe
  C:\Windows\System\MbtUpDB.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\rlNjIdo.exe
  C:\Windows\System\rlNjIdo.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\ClZNGqe.exe
  C:\Windows\System\ClZNGqe.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\RAzsLOK.exe
  C:\Windows\System\RAzsLOK.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\DcRCbvh.exe
  C:\Windows\System\DcRCbvh.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\DwHHmgh.exe
  C:\Windows\System\DwHHmgh.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\wYbHstn.exe
  C:\Windows\System\wYbHstn.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\qzVjTkJ.exe
  C:\Windows\System\qzVjTkJ.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\OpcyKie.exe
  C:\Windows\System\OpcyKie.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\AgqTrBX.exe
  C:\Windows\System\AgqTrBX.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\JTHoRWV.exe
  C:\Windows\System\JTHoRWV.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\wsIodLG.exe
  C:\Windows\System\wsIodLG.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\zaQIhmS.exe
  C:\Windows\System\zaQIhmS.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\nhyIIkd.exe
  C:\Windows\System\nhyIIkd.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\iEKPJRJ.exe
  C:\Windows\System\iEKPJRJ.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\ebZtFnI.exe
  C:\Windows\System\ebZtFnI.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\FVqMZky.exe
  C:\Windows\System\FVqMZky.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\YnPzzBl.exe
  C:\Windows\System\YnPzzBl.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\QJdBcXZ.exe
  C:\Windows\System\QJdBcXZ.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\hQWwSgw.exe
  C:\Windows\System\hQWwSgw.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\imOeMou.exe
  C:\Windows\System\imOeMou.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\lRSVrwW.exe
  C:\Windows\System\lRSVrwW.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\AjZfFvk.exe
  C:\Windows\System\AjZfFvk.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\sRlfooR.exe
  C:\Windows\System\sRlfooR.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\DYJEIRd.exe
  C:\Windows\System\DYJEIRd.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\DKCLTJs.exe
  C:\Windows\System\DKCLTJs.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\AJszPAE.exe
  C:\Windows\System\AJszPAE.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\SfChtfk.exe
  C:\Windows\System\SfChtfk.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\cGxClmh.exe
  C:\Windows\System\cGxClmh.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\wqjqLFn.exe
  C:\Windows\System\wqjqLFn.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\eeLfWqt.exe
  C:\Windows\System\eeLfWqt.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\NKQLiuz.exe
  C:\Windows\System\NKQLiuz.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\omVupVj.exe
  C:\Windows\System\omVupVj.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\OuIaDPF.exe
  C:\Windows\System\OuIaDPF.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\ThwQJPc.exe
  C:\Windows\System\ThwQJPc.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\JFoPsCX.exe
  C:\Windows\System\JFoPsCX.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\aTVRxej.exe
  C:\Windows\System\aTVRxej.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\DZZeQcC.exe
  C:\Windows\System\DZZeQcC.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\UxboPzo.exe
  C:\Windows\System\UxboPzo.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\xZASpQc.exe
  C:\Windows\System\xZASpQc.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\bKSiHUU.exe
  C:\Windows\System\bKSiHUU.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\jwzQZQs.exe
  C:\Windows\System\jwzQZQs.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\qvILqOo.exe
  C:\Windows\System\qvILqOo.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\YneHHhR.exe
  C:\Windows\System\YneHHhR.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\AjKVPtV.exe
  C:\Windows\System\AjKVPtV.exe
  2⤵
  PID:2212
- C:\Windows\System\fytbGos.exe
  C:\Windows\System\fytbGos.exe
  2⤵
  PID:2092
- C:\Windows\System\qwlLxZB.exe
  C:\Windows\System\qwlLxZB.exe
  2⤵
  PID:1952
- C:\Windows\System\sLnsPlj.exe
  C:\Windows\System\sLnsPlj.exe
  2⤵
  PID:1788
- C:\Windows\System\igaFRkP.exe
  C:\Windows\System\igaFRkP.exe
  2⤵
  PID:2592
- C:\Windows\System\JATBmfE.exe
  C:\Windows\System\JATBmfE.exe
  2⤵
  PID:864
- C:\Windows\System\EbFRWNq.exe
  C:\Windows\System\EbFRWNq.exe
  2⤵
  PID:1980
- C:\Windows\System\pqIBRRX.exe
  C:\Windows\System\pqIBRRX.exe
  2⤵
  PID:588
- C:\Windows\System\EwbOBsw.exe
  C:\Windows\System\EwbOBsw.exe
  2⤵
  PID:2380
- C:\Windows\System\ZMrKdJo.exe
  C:\Windows\System\ZMrKdJo.exe
  2⤵
  PID:2452
- C:\Windows\System\hLKVdIQ.exe
  C:\Windows\System\hLKVdIQ.exe
  2⤵
  PID:2428
- C:\Windows\System\okeRPXR.exe
  C:\Windows\System\okeRPXR.exe
  2⤵
  PID:2980
- C:\Windows\System\fklMgVn.exe
  C:\Windows\System\fklMgVn.exe
  2⤵
  PID:2968
- C:\Windows\System\vvhvOLL.exe
  C:\Windows\System\vvhvOLL.exe
  2⤵
  PID:1568
- C:\Windows\System\ynLukNf.exe
  C:\Windows\System\ynLukNf.exe
  2⤵
  PID:2460
- C:\Windows\System\ZTCNqxP.exe
  C:\Windows\System\ZTCNqxP.exe
  2⤵
  PID:1516
- C:\Windows\System\gpQvjYk.exe
  C:\Windows\System\gpQvjYk.exe
  2⤵
  PID:2288
- C:\Windows\System\YrRnNlX.exe
  C:\Windows\System\YrRnNlX.exe
  2⤵
  PID:2640
- C:\Windows\System\XeGVDLY.exe
  C:\Windows\System\XeGVDLY.exe
  2⤵
  PID:2824
- C:\Windows\System\bspTJxB.exe
  C:\Windows\System\bspTJxB.exe
  2⤵
  PID:576
- C:\Windows\System\SoqYvrk.exe
  C:\Windows\System\SoqYvrk.exe
  2⤵
  PID:2376
- C:\Windows\System\PcoUuwk.exe
  C:\Windows\System\PcoUuwk.exe
  2⤵
  PID:2384
- C:\Windows\System\hsgpuXf.exe
  C:\Windows\System\hsgpuXf.exe
  2⤵
  PID:1416
- C:\Windows\System\hgdOnGE.exe
  C:\Windows\System\hgdOnGE.exe
  2⤵
  PID:332
- C:\Windows\System\oNYYSdN.exe
  C:\Windows\System\oNYYSdN.exe
  2⤵
  PID:712
- C:\Windows\System\fXyCuwm.exe
  C:\Windows\System\fXyCuwm.exe
  2⤵
  PID:844
- C:\Windows\System\JYXuMiV.exe
  C:\Windows\System\JYXuMiV.exe
  2⤵
  PID:2464
- C:\Windows\System\yzXnUhE.exe
  C:\Windows\System\yzXnUhE.exe
  2⤵
  PID:784
- C:\Windows\System\fNqQzPc.exe
  C:\Windows\System\fNqQzPc.exe
  2⤵
  PID:1464
- C:\Windows\System\ajiNTQh.exe
  C:\Windows\System\ajiNTQh.exe
  2⤵
  PID:1168
- C:\Windows\System\DusyQDm.exe
  C:\Windows\System\DusyQDm.exe
  2⤵
  PID:1584
- C:\Windows\System\EXsJlmj.exe
  C:\Windows\System\EXsJlmj.exe
  2⤵
  PID:2476
- C:\Windows\System\VwvHKlt.exe
  C:\Windows\System\VwvHKlt.exe
  2⤵
  PID:2284
- C:\Windows\System\cZjnJEX.exe
  C:\Windows\System\cZjnJEX.exe
  2⤵
  PID:3088
- C:\Windows\System\aFYeVmC.exe
  C:\Windows\System\aFYeVmC.exe
  2⤵
  PID:3104
- C:\Windows\System\lJpcRRB.exe
  C:\Windows\System\lJpcRRB.exe
  2⤵
  PID:3120
- C:\Windows\System\CKNeKeD.exe
  C:\Windows\System\CKNeKeD.exe
  2⤵
  PID:3140
- C:\Windows\System\jwJEFJf.exe
  C:\Windows\System\jwJEFJf.exe
  2⤵
  PID:3156
- C:\Windows\System\MasddlK.exe
  C:\Windows\System\MasddlK.exe
  2⤵
  PID:3172
- C:\Windows\System\UMnIPfN.exe
  C:\Windows\System\UMnIPfN.exe
  2⤵
  PID:3200
- C:\Windows\System\cukRcHq.exe
  C:\Windows\System\cukRcHq.exe
  2⤵
  PID:3216
- C:\Windows\System\yiVwhcf.exe
  C:\Windows\System\yiVwhcf.exe
  2⤵
  PID:3232
- C:\Windows\System\pTxqSbb.exe
  C:\Windows\System\pTxqSbb.exe
  2⤵
  PID:3248
- C:\Windows\System\MwisiSA.exe
  C:\Windows\System\MwisiSA.exe
  2⤵
  PID:3264
- C:\Windows\System\ItGYhxK.exe
  C:\Windows\System\ItGYhxK.exe
  2⤵
  PID:3292
- C:\Windows\System\xHuaEkH.exe
  C:\Windows\System\xHuaEkH.exe
  2⤵
  PID:3312
- C:\Windows\System\yaHgZxc.exe
  C:\Windows\System\yaHgZxc.exe
  2⤵
  PID:3368
- C:\Windows\System\lpfDdTs.exe
  C:\Windows\System\lpfDdTs.exe
  2⤵
  PID:3384
- C:\Windows\System\TtFDPfV.exe
  C:\Windows\System\TtFDPfV.exe
  2⤵
  PID:3400
- C:\Windows\System\XMGyyCK.exe
  C:\Windows\System\XMGyyCK.exe
  2⤵
  PID:3416
- C:\Windows\System\uSMxmFW.exe
  C:\Windows\System\uSMxmFW.exe
  2⤵
  PID:3440
- C:\Windows\System\sejmCMi.exe
  C:\Windows\System\sejmCMi.exe
  2⤵
  PID:3456
- C:\Windows\System\CNwbTGW.exe
  C:\Windows\System\CNwbTGW.exe
  2⤵
  PID:3480
- C:\Windows\System\SLHpoRQ.exe
  C:\Windows\System\SLHpoRQ.exe
  2⤵
  PID:3508
- C:\Windows\System\pbpUpVX.exe
  C:\Windows\System\pbpUpVX.exe
  2⤵
  PID:3528
- C:\Windows\System\yoCsDme.exe
  C:\Windows\System\yoCsDme.exe
  2⤵
  PID:3552
- C:\Windows\System\OsBSgdW.exe
  C:\Windows\System\OsBSgdW.exe
  2⤵
  PID:3568
- C:\Windows\System\TVCekqy.exe
  C:\Windows\System\TVCekqy.exe
  2⤵
  PID:3592
- C:\Windows\System\ktpxElF.exe
  C:\Windows\System\ktpxElF.exe
  2⤵
  PID:3608
- C:\Windows\System\MguiNdJ.exe
  C:\Windows\System\MguiNdJ.exe
  2⤵
  PID:3624
- C:\Windows\System\yEVbrhz.exe
  C:\Windows\System\yEVbrhz.exe
  2⤵
  PID:3648
- C:\Windows\System\sPxJtjF.exe
  C:\Windows\System\sPxJtjF.exe
  2⤵
  PID:3672
- C:\Windows\System\xkMGDBZ.exe
  C:\Windows\System\xkMGDBZ.exe
  2⤵
  PID:3688
- C:\Windows\System\kDIpsde.exe
  C:\Windows\System\kDIpsde.exe
  2⤵
  PID:3716
- C:\Windows\System\ejgbCeU.exe
  C:\Windows\System\ejgbCeU.exe
  2⤵
  PID:3732
- C:\Windows\System\qlmVCIj.exe
  C:\Windows\System\qlmVCIj.exe
  2⤵
  PID:3752
- C:\Windows\System\kfrFfBk.exe
  C:\Windows\System\kfrFfBk.exe
  2⤵
  PID:3772
- C:\Windows\System\USvNBeb.exe
  C:\Windows\System\USvNBeb.exe
  2⤵
  PID:3792
- C:\Windows\System\jFAMTLM.exe
  C:\Windows\System\jFAMTLM.exe
  2⤵
  PID:3816
- C:\Windows\System\hvMMiNf.exe
  C:\Windows\System\hvMMiNf.exe
  2⤵
  PID:3836
- C:\Windows\System\TLVmTsB.exe
  C:\Windows\System\TLVmTsB.exe
  2⤵
  PID:3852
- C:\Windows\System\fJJBYnC.exe
  C:\Windows\System\fJJBYnC.exe
  2⤵
  PID:3868
- C:\Windows\System\lguBJUK.exe
  C:\Windows\System\lguBJUK.exe
  2⤵
  PID:3896
- C:\Windows\System\laomPLg.exe
  C:\Windows\System\laomPLg.exe
  2⤵
  PID:3920
- C:\Windows\System\asMloGN.exe
  C:\Windows\System\asMloGN.exe
  2⤵
  PID:3940
- C:\Windows\System\nSkvMOa.exe
  C:\Windows\System\nSkvMOa.exe
  2⤵
  PID:3960
- C:\Windows\System\uTXfIxa.exe
  C:\Windows\System\uTXfIxa.exe
  2⤵
  PID:3976
- C:\Windows\System\osvKTjU.exe
  C:\Windows\System\osvKTjU.exe
  2⤵
  PID:3996
- C:\Windows\System\sZuJdUb.exe
  C:\Windows\System\sZuJdUb.exe
  2⤵
  PID:4024
- C:\Windows\System\ESuIarb.exe
  C:\Windows\System\ESuIarb.exe
  2⤵
  PID:4044
- C:\Windows\System\BZfODoF.exe
  C:\Windows\System\BZfODoF.exe
  2⤵
  PID:4068
- C:\Windows\System\NYYuflE.exe
  C:\Windows\System\NYYuflE.exe
  2⤵
  PID:4084
- C:\Windows\System\sVjHCxe.exe
  C:\Windows\System\sVjHCxe.exe
  2⤵
  PID:904
- C:\Windows\System\XNXkTqd.exe
  C:\Windows\System\XNXkTqd.exe
  2⤵
  PID:2864
- C:\Windows\System\MrEzOep.exe
  C:\Windows\System\MrEzOep.exe
  2⤵
  PID:684
- C:\Windows\System\pHGBdQk.exe
  C:\Windows\System\pHGBdQk.exe
  2⤵
  PID:1572
- C:\Windows\System\KZqAWNs.exe
  C:\Windows\System\KZqAWNs.exe
  2⤵
  PID:2152
- C:\Windows\System\thDyoxQ.exe
  C:\Windows\System\thDyoxQ.exe
  2⤵
  PID:1668
- C:\Windows\System\XhpVlVO.exe
  C:\Windows\System\XhpVlVO.exe
  2⤵
  PID:1020
- C:\Windows\System\HMpQbnJ.exe
  C:\Windows\System\HMpQbnJ.exe
  2⤵
  PID:2728
- C:\Windows\System\hwcgiZy.exe
  C:\Windows\System\hwcgiZy.exe
  2⤵
  PID:3084
- C:\Windows\System\HWSghvA.exe
  C:\Windows\System\HWSghvA.exe
  2⤵
  PID:3152
- C:\Windows\System\oHdAesx.exe
  C:\Windows\System\oHdAesx.exe
  2⤵
  PID:2532
- C:\Windows\System\RdeyLDx.exe
  C:\Windows\System\RdeyLDx.exe
  2⤵
  PID:1120
- C:\Windows\System\aYYPuIY.exe
  C:\Windows\System\aYYPuIY.exe
  2⤵
  PID:3300
- C:\Windows\System\sjwPDIY.exe
  C:\Windows\System\sjwPDIY.exe
  2⤵
  PID:2764
- C:\Windows\System\YytzSUk.exe
  C:\Windows\System\YytzSUk.exe
  2⤵
  PID:1844
- C:\Windows\System\tuqbUzc.exe
  C:\Windows\System\tuqbUzc.exe
  2⤵
  PID:3448
- C:\Windows\System\uSeADVK.exe
  C:\Windows\System\uSeADVK.exe
  2⤵
  PID:3272
- C:\Windows\System\WyYLegK.exe
  C:\Windows\System\WyYLegK.exe
  2⤵
  PID:1612
- C:\Windows\System\zFqCEbw.exe
  C:\Windows\System\zFqCEbw.exe
  2⤵
  PID:3168
- C:\Windows\System\EdKxAqn.exe
  C:\Windows\System\EdKxAqn.exe
  2⤵
  PID:1476
- C:\Windows\System\FKpOFQr.exe
  C:\Windows\System\FKpOFQr.exe
  2⤵
  PID:3324
- C:\Windows\System\QFdXwBd.exe
  C:\Windows\System\QFdXwBd.exe
  2⤵
  PID:3344
- C:\Windows\System\bZVjUzT.exe
  C:\Windows\System\bZVjUzT.exe
  2⤵
  PID:3496
- C:\Windows\System\rINMDDr.exe
  C:\Windows\System\rINMDDr.exe
  2⤵
  PID:3544
- C:\Windows\System\KRvLNjM.exe
  C:\Windows\System\KRvLNjM.exe
  2⤵
  PID:3428
- C:\Windows\System\WyxpnhX.exe
  C:\Windows\System\WyxpnhX.exe
  2⤵
  PID:3580
- C:\Windows\System\ZKQmYdf.exe
  C:\Windows\System\ZKQmYdf.exe
  2⤵
  PID:3468
- C:\Windows\System\wAZldFX.exe
  C:\Windows\System\wAZldFX.exe
  2⤵
  PID:3516
- C:\Windows\System\sKidfTJ.exe
  C:\Windows\System\sKidfTJ.exe
  2⤵
  PID:3668
- C:\Windows\System\QFGbyLT.exe
  C:\Windows\System\QFGbyLT.exe
  2⤵
  PID:3696
- C:\Windows\System\kqfFeYK.exe
  C:\Windows\System\kqfFeYK.exe
  2⤵
  PID:3740
- C:\Windows\System\OfZzjKQ.exe
  C:\Windows\System\OfZzjKQ.exe
  2⤵
  PID:3684
- C:\Windows\System\mAJhNbN.exe
  C:\Windows\System\mAJhNbN.exe
  2⤵
  PID:3760
- C:\Windows\System\sBEpGjG.exe
  C:\Windows\System\sBEpGjG.exe
  2⤵
  PID:3788
- C:\Windows\System\wkZzPPX.exe
  C:\Windows\System\wkZzPPX.exe
  2⤵
  PID:3860
- C:\Windows\System\ZDooYsR.exe
  C:\Windows\System\ZDooYsR.exe
  2⤵
  PID:3864
- C:\Windows\System\YwvbMzO.exe
  C:\Windows\System\YwvbMzO.exe
  2⤵
  PID:3880
- C:\Windows\System\YTdbjUj.exe
  C:\Windows\System\YTdbjUj.exe
  2⤵
  PID:3916
- C:\Windows\System\LMEfDpx.exe
  C:\Windows\System\LMEfDpx.exe
  2⤵
  PID:4032
- C:\Windows\System\ffEkOXx.exe
  C:\Windows\System\ffEkOXx.exe
  2⤵
  PID:3932
- C:\Windows\System\kqNTHyx.exe
  C:\Windows\System\kqNTHyx.exe
  2⤵
  PID:4020
- C:\Windows\System\UnLXeAH.exe
  C:\Windows\System\UnLXeAH.exe
  2⤵
  PID:4052
- C:\Windows\System\NwsCgVp.exe
  C:\Windows\System\NwsCgVp.exe
  2⤵
  PID:1524
- C:\Windows\System\GNNbdfj.exe
  C:\Windows\System\GNNbdfj.exe
  2⤵
  PID:2080
- C:\Windows\System\ZbTpjRO.exe
  C:\Windows\System\ZbTpjRO.exe
  2⤵
  PID:1740
- C:\Windows\System\kwvUzBN.exe
  C:\Windows\System\kwvUzBN.exe
  2⤵
  PID:1328
- C:\Windows\System\HTdcMMw.exe
  C:\Windows\System\HTdcMMw.exe
  2⤵
  PID:3148
- C:\Windows\System\FlVdIOh.exe
  C:\Windows\System\FlVdIOh.exe
  2⤵
  PID:3184
- C:\Windows\System\tPCmoUN.exe
  C:\Windows\System\tPCmoUN.exe
  2⤵
  PID:3192
- C:\Windows\System\hshSLrA.exe
  C:\Windows\System\hshSLrA.exe
  2⤵
  PID:2880
- C:\Windows\System\jIKNiJb.exe
  C:\Windows\System\jIKNiJb.exe
  2⤵
  PID:3376
- C:\Windows\System\fhsnSAW.exe
  C:\Windows\System\fhsnSAW.exe
  2⤵
  PID:3380
- C:\Windows\System\nDICLcQ.exe
  C:\Windows\System\nDICLcQ.exe
  2⤵
  PID:3136
- C:\Windows\System\UtrWQln.exe
  C:\Windows\System\UtrWQln.exe
  2⤵
  PID:3096
- C:\Windows\System\LzwLJpy.exe
  C:\Windows\System\LzwLJpy.exe
  2⤵
  PID:3244
- C:\Windows\System\WEicuck.exe
  C:\Windows\System\WEicuck.exe
  2⤵
  PID:3320
- C:\Windows\System\GScYIWG.exe
  C:\Windows\System\GScYIWG.exe
  2⤵
  PID:3360
- C:\Windows\System\cwtQutI.exe
  C:\Windows\System\cwtQutI.exe
  2⤵
  PID:3396
- C:\Windows\System\VnFRKEM.exe
  C:\Windows\System\VnFRKEM.exe
  2⤵
  PID:3616
- C:\Windows\System\ygbJohC.exe
  C:\Windows\System\ygbJohC.exe
  2⤵
  PID:3600
- C:\Windows\System\LzPNVJw.exe
  C:\Windows\System\LzPNVJw.exe
  2⤵
  PID:3620
- C:\Windows\System\eeHZkct.exe
  C:\Windows\System\eeHZkct.exe
  2⤵
  PID:3712
- C:\Windows\System\PMlCLMu.exe
  C:\Windows\System\PMlCLMu.exe
  2⤵
  PID:3780
- C:\Windows\System\pWQuHVn.exe
  C:\Windows\System\pWQuHVn.exe
  2⤵
  PID:3892
- C:\Windows\System\qWtCfnT.exe
  C:\Windows\System\qWtCfnT.exe
  2⤵
  PID:3828
- C:\Windows\System\UFUpJEB.exe
  C:\Windows\System\UFUpJEB.exe
  2⤵
  PID:3984
- C:\Windows\System\mXvrnoW.exe
  C:\Windows\System\mXvrnoW.exe
  2⤵
  PID:3972
- C:\Windows\System\AkTGCmE.exe
  C:\Windows\System\AkTGCmE.exe
  2⤵
  PID:4064
- C:\Windows\System\MeOUBYJ.exe
  C:\Windows\System\MeOUBYJ.exe
  2⤵
  PID:2032
- C:\Windows\System\QnyMonj.exe
  C:\Windows\System\QnyMonj.exe
  2⤵
  PID:2832
- C:\Windows\System\rFdaERL.exe
  C:\Windows\System\rFdaERL.exe
  2⤵
  PID:792
- C:\Windows\System\CaFfmyf.exe
  C:\Windows\System\CaFfmyf.exe
  2⤵
  PID:3260
- C:\Windows\System\IymrJrx.exe
  C:\Windows\System\IymrJrx.exe
  2⤵
  PID:1364
- C:\Windows\System\GcdAFew.exe
  C:\Windows\System\GcdAFew.exe
  2⤵
  PID:1696
- C:\Windows\System\pJdSyww.exe
  C:\Windows\System\pJdSyww.exe
  2⤵
  PID:940
- C:\Windows\System\uyrUfIJ.exe
  C:\Windows\System\uyrUfIJ.exe
  2⤵
  PID:3288
- C:\Windows\System\sWmlgvO.exe
  C:\Windows\System\sWmlgvO.exe
  2⤵
  PID:3436
- C:\Windows\System\DpxUfRe.exe
  C:\Windows\System\DpxUfRe.exe
  2⤵
  PID:3520
- C:\Windows\System\SapySVZ.exe
  C:\Windows\System\SapySVZ.exe
  2⤵
  PID:3632
- C:\Windows\System\FgwiRxT.exe
  C:\Windows\System\FgwiRxT.exe
  2⤵
  PID:3636
- C:\Windows\System\hRZEqcN.exe
  C:\Windows\System\hRZEqcN.exe
  2⤵
  PID:3812
- C:\Windows\System\lydONkf.exe
  C:\Windows\System\lydONkf.exe
  2⤵
  PID:3908
- C:\Windows\System\fcGgduu.exe
  C:\Windows\System\fcGgduu.exe
  2⤵
  PID:4012
- C:\Windows\System\vseKqQi.exe
  C:\Windows\System\vseKqQi.exe
  2⤵
  PID:4108
- C:\Windows\System\MqxPRoN.exe
  C:\Windows\System\MqxPRoN.exe
  2⤵
  PID:4124
- C:\Windows\System\DsvfAyf.exe
  C:\Windows\System\DsvfAyf.exe
  2⤵
  PID:4144
- C:\Windows\System\csotIpp.exe
  C:\Windows\System\csotIpp.exe
  2⤵
  PID:4164
- C:\Windows\System\PPxwgxW.exe
  C:\Windows\System\PPxwgxW.exe
  2⤵
  PID:4184
- C:\Windows\System\DsMiWRo.exe
  C:\Windows\System\DsMiWRo.exe
  2⤵
  PID:4204
- C:\Windows\System\JInbsOs.exe
  C:\Windows\System\JInbsOs.exe
  2⤵
  PID:4228
- C:\Windows\System\WZrzdbm.exe
  C:\Windows\System\WZrzdbm.exe
  2⤵
  PID:4256
- C:\Windows\System\lUGoJTX.exe
  C:\Windows\System\lUGoJTX.exe
  2⤵
  PID:4284
- C:\Windows\System\BNTTVqK.exe
  C:\Windows\System\BNTTVqK.exe
  2⤵
  PID:4304
- C:\Windows\System\OOlhZJt.exe
  C:\Windows\System\OOlhZJt.exe
  2⤵
  PID:4320
- C:\Windows\System\fnwyrDs.exe
  C:\Windows\System\fnwyrDs.exe
  2⤵
  PID:4336
- C:\Windows\System\ckdjmRR.exe
  C:\Windows\System\ckdjmRR.exe
  2⤵
  PID:4360
- C:\Windows\System\pfboQxo.exe
  C:\Windows\System\pfboQxo.exe
  2⤵
  PID:4380
- C:\Windows\System\WakcKnf.exe
  C:\Windows\System\WakcKnf.exe
  2⤵
  PID:4400
- C:\Windows\System\toKtVWq.exe
  C:\Windows\System\toKtVWq.exe
  2⤵
  PID:4420
- C:\Windows\System\NCEngsG.exe
  C:\Windows\System\NCEngsG.exe
  2⤵
  PID:4440
- C:\Windows\System\GwxDPaq.exe
  C:\Windows\System\GwxDPaq.exe
  2⤵
  PID:4460
- C:\Windows\System\pAYldav.exe
  C:\Windows\System\pAYldav.exe
  2⤵
  PID:4480
- C:\Windows\System\uDpddOB.exe
  C:\Windows\System\uDpddOB.exe
  2⤵
  PID:4500
- C:\Windows\System\qNOJWnW.exe
  C:\Windows\System\qNOJWnW.exe
  2⤵
  PID:4520
- C:\Windows\System\fksIHWz.exe
  C:\Windows\System\fksIHWz.exe
  2⤵
  PID:4536
- C:\Windows\System\aVPrGHR.exe
  C:\Windows\System\aVPrGHR.exe
  2⤵
  PID:4556
- C:\Windows\System\MlIXXoK.exe
  C:\Windows\System\MlIXXoK.exe
  2⤵
  PID:4576
- C:\Windows\System\dpgdlIB.exe
  C:\Windows\System\dpgdlIB.exe
  2⤵
  PID:4592
- C:\Windows\System\jKhFvTt.exe
  C:\Windows\System\jKhFvTt.exe
  2⤵
  PID:4620
- C:\Windows\System\bmqCHbD.exe
  C:\Windows\System\bmqCHbD.exe
  2⤵
  PID:4640
- C:\Windows\System\tVlytPx.exe
  C:\Windows\System\tVlytPx.exe
  2⤵
  PID:4660
- C:\Windows\System\npYPLcJ.exe
  C:\Windows\System\npYPLcJ.exe
  2⤵
  PID:4676
- C:\Windows\System\aoVxiPx.exe
  C:\Windows\System\aoVxiPx.exe
  2⤵
  PID:4692
- C:\Windows\System\tmGbpWS.exe
  C:\Windows\System\tmGbpWS.exe
  2⤵
  PID:4716
- C:\Windows\System\nQlsDjd.exe
  C:\Windows\System\nQlsDjd.exe
  2⤵
  PID:4740
- C:\Windows\System\bynzyda.exe
  C:\Windows\System\bynzyda.exe
  2⤵
  PID:4764
- C:\Windows\System\NuVrDMI.exe
  C:\Windows\System\NuVrDMI.exe
  2⤵
  PID:4780
- C:\Windows\System\tqdOrNe.exe
  C:\Windows\System\tqdOrNe.exe
  2⤵
  PID:4796
- C:\Windows\System\qtxtUDF.exe
  C:\Windows\System\qtxtUDF.exe
  2⤵
  PID:4816
- C:\Windows\System\iYJcIky.exe
  C:\Windows\System\iYJcIky.exe
  2⤵
  PID:4840
- C:\Windows\System\nCoUNWp.exe
  C:\Windows\System\nCoUNWp.exe
  2⤵
  PID:4860
- C:\Windows\System\qxMCyyb.exe
  C:\Windows\System\qxMCyyb.exe
  2⤵
  PID:4880
- C:\Windows\System\zoQxtaA.exe
  C:\Windows\System\zoQxtaA.exe
  2⤵
  PID:4896
- C:\Windows\System\asiQpnZ.exe
  C:\Windows\System\asiQpnZ.exe
  2⤵
  PID:4924
- C:\Windows\System\tAwksPO.exe
  C:\Windows\System\tAwksPO.exe
  2⤵
  PID:4952
- C:\Windows\System\MQkBEUi.exe
  C:\Windows\System\MQkBEUi.exe
  2⤵
  PID:4968
- C:\Windows\System\uGRZfCU.exe
  C:\Windows\System\uGRZfCU.exe
  2⤵
  PID:4984
- C:\Windows\System\lFEVNTh.exe
  C:\Windows\System\lFEVNTh.exe
  2⤵
  PID:5004
- C:\Windows\System\fXATRgz.exe
  C:\Windows\System\fXATRgz.exe
  2⤵
  PID:5020
- C:\Windows\System\KIrWSPq.exe
  C:\Windows\System\KIrWSPq.exe
  2⤵
  PID:5036
- C:\Windows\System\zoWSpRs.exe
  C:\Windows\System\zoWSpRs.exe
  2⤵
  PID:5064
- C:\Windows\System\BVHDsJF.exe
  C:\Windows\System\BVHDsJF.exe
  2⤵
  PID:5088
- C:\Windows\System\RatEkwk.exe
  C:\Windows\System\RatEkwk.exe
  2⤵
  PID:5104
- C:\Windows\System\XmydohM.exe
  C:\Windows\System\XmydohM.exe
  2⤵
  PID:4016
- C:\Windows\System\NYXzPyF.exe
  C:\Windows\System\NYXzPyF.exe
  2⤵
  PID:3196
- C:\Windows\System\FlqpnfQ.exe
  C:\Windows\System\FlqpnfQ.exe
  2⤵
  PID:3988
- C:\Windows\System\UtYlaJX.exe
  C:\Windows\System\UtYlaJX.exe
  2⤵
  PID:3408
- C:\Windows\System\LeapkrI.exe
  C:\Windows\System\LeapkrI.exe
  2⤵
  PID:3080
- C:\Windows\System\hYpKIvS.exe
  C:\Windows\System\hYpKIvS.exe
  2⤵
  PID:3340
- C:\Windows\System\UKcWmBN.exe
  C:\Windows\System\UKcWmBN.exe
  2⤵
  PID:1428
- C:\Windows\System\mmfSeXw.exe
  C:\Windows\System\mmfSeXw.exe
  2⤵
  PID:3476
- C:\Windows\System\uIrjgJY.exe
  C:\Windows\System\uIrjgJY.exe
  2⤵
  PID:3228
- C:\Windows\System\FWwKqvO.exe
  C:\Windows\System\FWwKqvO.exe
  2⤵
  PID:4180
- C:\Windows\System\ugkwPvk.exe
  C:\Windows\System\ugkwPvk.exe
  2⤵
  PID:4220
- C:\Windows\System\ckpanJC.exe
  C:\Windows\System\ckpanJC.exe
  2⤵
  PID:2708
- C:\Windows\System\RxSdphZ.exe
  C:\Windows\System\RxSdphZ.exe
  2⤵
  PID:4272
- C:\Windows\System\LUogfZo.exe
  C:\Windows\System\LUogfZo.exe
  2⤵
  PID:4200
- C:\Windows\System\jGIsjrz.exe
  C:\Windows\System\jGIsjrz.exe
  2⤵
  PID:3832
- C:\Windows\System\hZYsVhn.exe
  C:\Windows\System\hZYsVhn.exe
  2⤵
  PID:4248
- C:\Windows\System\iXyeZyI.exe
  C:\Windows\System\iXyeZyI.exe
  2⤵
  PID:4344
- C:\Windows\System\OhGHLgT.exe
  C:\Windows\System\OhGHLgT.exe
  2⤵
  PID:4292
- C:\Windows\System\GvhVqLL.exe
  C:\Windows\System\GvhVqLL.exe
  2⤵
  PID:4428
- C:\Windows\System\HgfIcWm.exe
  C:\Windows\System\HgfIcWm.exe
  2⤵
  PID:4368
- C:\Windows\System\SIsstrh.exe
  C:\Windows\System\SIsstrh.exe
  2⤵
  PID:4412
- C:\Windows\System\yJyyHlX.exe
  C:\Windows\System\yJyyHlX.exe
  2⤵
  PID:4416
- C:\Windows\System\ATCzKOQ.exe
  C:\Windows\System\ATCzKOQ.exe
  2⤵
  PID:4548
- C:\Windows\System\HHSNqGY.exe
  C:\Windows\System\HHSNqGY.exe
  2⤵
  PID:4636
- C:\Windows\System\gkNZWPJ.exe
  C:\Windows\System\gkNZWPJ.exe
  2⤵
  PID:4532
- C:\Windows\System\riQgREG.exe
  C:\Windows\System\riQgREG.exe
  2⤵
  PID:4700
- C:\Windows\System\axWMDvQ.exe
  C:\Windows\System\axWMDvQ.exe
  2⤵
  PID:4604
- C:\Windows\System\MnOcyRB.exe
  C:\Windows\System\MnOcyRB.exe
  2⤵
  PID:4708
- C:\Windows\System\FDjgaJM.exe
  C:\Windows\System\FDjgaJM.exe
  2⤵
  PID:4788
- C:\Windows\System\eizoIRk.exe
  C:\Windows\System\eizoIRk.exe
  2⤵
  PID:4832
- C:\Windows\System\rcjfzpP.exe
  C:\Windows\System\rcjfzpP.exe
  2⤵
  PID:4688
- C:\Windows\System\xwNbSDr.exe
  C:\Windows\System\xwNbSDr.exe
  2⤵
  PID:4736
- C:\Windows\System\lyQwtfa.exe
  C:\Windows\System\lyQwtfa.exe
  2⤵
  PID:4908
- C:\Windows\System\LuAiUUt.exe
  C:\Windows\System\LuAiUUt.exe
  2⤵
  PID:4960
- C:\Windows\System\kNRMPmC.exe
  C:\Windows\System\kNRMPmC.exe
  2⤵
  PID:4852
- C:\Windows\System\WTBTdlI.exe
  C:\Windows\System\WTBTdlI.exe
  2⤵
  PID:4808
- C:\Windows\System\xaxopcZ.exe
  C:\Windows\System\xaxopcZ.exe
  2⤵
  PID:4944
- C:\Windows\System\avAacfR.exe
  C:\Windows\System\avAacfR.exe
  2⤵
  PID:5032
- C:\Windows\System\WlSnQKU.exe
  C:\Windows\System\WlSnQKU.exe
  2⤵
  PID:5076
- C:\Windows\System\yVVpGdU.exe
  C:\Windows\System\yVVpGdU.exe
  2⤵
  PID:5048
- C:\Windows\System\FZeyZFE.exe
  C:\Windows\System\FZeyZFE.exe
  2⤵
  PID:3936
- C:\Windows\System\BmLfLEa.exe
  C:\Windows\System\BmLfLEa.exe
  2⤵
  PID:5016
- C:\Windows\System\VLUcEVA.exe
  C:\Windows\System\VLUcEVA.exe
  2⤵
  PID:3728
- C:\Windows\System\HadOugs.exe
  C:\Windows\System\HadOugs.exe
  2⤵
  PID:3208
- C:\Windows\System\irhdKGw.exe
  C:\Windows\System\irhdKGw.exe
  2⤵
  PID:3768
- C:\Windows\System\PFlKWTi.exe
  C:\Windows\System\PFlKWTi.exe
  2⤵
  PID:3524
- C:\Windows\System\cyMihCj.exe
  C:\Windows\System\cyMihCj.exe
  2⤵
  PID:4136
- C:\Windows\System\IllAHuB.exe
  C:\Windows\System\IllAHuB.exe
  2⤵
  PID:4156
- C:\Windows\System\JEdALlh.exe
  C:\Windows\System\JEdALlh.exe
  2⤵
  PID:4312
- C:\Windows\System\POEEfnW.exe
  C:\Windows\System\POEEfnW.exe
  2⤵
  PID:2716
- C:\Windows\System\ltAWuHW.exe
  C:\Windows\System\ltAWuHW.exe
  2⤵
  PID:4396
- C:\Windows\System\bGhuwpn.exe
  C:\Windows\System\bGhuwpn.exe
  2⤵
  PID:4276
- C:\Windows\System\KNKPrwW.exe
  C:\Windows\System\KNKPrwW.exe
  2⤵
  PID:4244
- C:\Windows\System\heEmijH.exe
  C:\Windows\System\heEmijH.exe
  2⤵
  PID:4456
- C:\Windows\System\oXnPNOg.exe
  C:\Windows\System\oXnPNOg.exe
  2⤵
  PID:4496
- C:\Windows\System\kczUUJw.exe
  C:\Windows\System\kczUUJw.exe
  2⤵
  PID:2392
- C:\Windows\System\OKSSiLV.exe
  C:\Windows\System\OKSSiLV.exe
  2⤵
  PID:4516
- C:\Windows\System\XbEBada.exe
  C:\Windows\System\XbEBada.exe
  2⤵
  PID:4588
- C:\Windows\System\tldyopm.exe
  C:\Windows\System\tldyopm.exe
  2⤵
  PID:4656
- C:\Windows\System\suLjpol.exe
  C:\Windows\System\suLjpol.exe
  2⤵
  PID:4564
- C:\Windows\System\zTRsUjM.exe
  C:\Windows\System\zTRsUjM.exe
  2⤵
  PID:4712
- C:\Windows\System\POqzteG.exe
  C:\Windows\System\POqzteG.exe
  2⤵
  PID:2652
- C:\Windows\System\TNRRddD.exe
  C:\Windows\System\TNRRddD.exe
  2⤵
  PID:4732
- C:\Windows\System\HxqYeZn.exe
  C:\Windows\System\HxqYeZn.exe
  2⤵
  PID:5084
- C:\Windows\System\BHfLLts.exe
  C:\Windows\System\BHfLLts.exe
  2⤵
  PID:2952
- C:\Windows\System\NpIZNxw.exe
  C:\Windows\System\NpIZNxw.exe
  2⤵
  PID:4964
- C:\Windows\System\cdTpJYf.exe
  C:\Windows\System\cdTpJYf.exe
  2⤵
  PID:5000
- C:\Windows\System\SgLVtCz.exe
  C:\Windows\System\SgLVtCz.exe
  2⤵
  PID:3824
- C:\Windows\System\pvZFMUS.exe
  C:\Windows\System\pvZFMUS.exe
  2⤵
  PID:5012
- C:\Windows\System\NZiUvxW.exe
  C:\Windows\System\NZiUvxW.exe
  2⤵
  PID:4140
- C:\Windows\System\oKTNdYe.exe
  C:\Windows\System\oKTNdYe.exe
  2⤵
  PID:4196
- C:\Windows\System\CCLorsH.exe
  C:\Windows\System\CCLorsH.exe
  2⤵
  PID:4104
- C:\Windows\System\hTBLvcI.exe
  C:\Windows\System\hTBLvcI.exe
  2⤵
  PID:2320
- C:\Windows\System\ZRSidSX.exe
  C:\Windows\System\ZRSidSX.exe
  2⤵
  PID:4468
- C:\Windows\System\lcUDaHp.exe
  C:\Windows\System\lcUDaHp.exe
  2⤵
  PID:3000
- C:\Windows\System\HdNGmGu.exe
  C:\Windows\System\HdNGmGu.exe
  2⤵
  PID:4544
- C:\Windows\System\nrQRUDU.exe
  C:\Windows\System\nrQRUDU.exe
  2⤵
  PID:4756
- C:\Windows\System\PqKeKMk.exe
  C:\Windows\System\PqKeKMk.exe
  2⤵
  PID:4868
- C:\Windows\System\RcANQLE.exe
  C:\Windows\System\RcANQLE.exe
  2⤵
  PID:2348
- C:\Windows\System\zSVdIcu.exe
  C:\Windows\System\zSVdIcu.exe
  2⤵
  PID:4652
- C:\Windows\System\McNvsyE.exe
  C:\Windows\System\McNvsyE.exe
  2⤵
  PID:2596
- C:\Windows\System\OuvGCoO.exe
  C:\Windows\System\OuvGCoO.exe
  2⤵
  PID:5072
- C:\Windows\System\CFHQhLD.exe
  C:\Windows\System\CFHQhLD.exe
  2⤵
  PID:5060
- C:\Windows\System\HBOPEPL.exe
  C:\Windows\System\HBOPEPL.exe
  2⤵
  PID:4992
- C:\Windows\System\hrXORqG.exe
  C:\Windows\System\hrXORqG.exe
  2⤵
  PID:5132
- C:\Windows\System\yiWfDRb.exe
  C:\Windows\System\yiWfDRb.exe
  2⤵
  PID:5152
- C:\Windows\System\ZCVCZWl.exe
  C:\Windows\System\ZCVCZWl.exe
  2⤵
  PID:5184
- C:\Windows\System\LZRjzou.exe
  C:\Windows\System\LZRjzou.exe
  2⤵
  PID:5232
- C:\Windows\System\GbxMogM.exe
  C:\Windows\System\GbxMogM.exe
  2⤵
  PID:5252
- C:\Windows\System\NBGmiRM.exe
  C:\Windows\System\NBGmiRM.exe
  2⤵
  PID:5272
- C:\Windows\System\HMrElgK.exe
  C:\Windows\System\HMrElgK.exe
  2⤵
  PID:5292
- C:\Windows\System\eYdbFRE.exe
  C:\Windows\System\eYdbFRE.exe
  2⤵
  PID:5312
- C:\Windows\System\TTwrFrm.exe
  C:\Windows\System\TTwrFrm.exe
  2⤵
  PID:5332
- C:\Windows\System\XdaKhTR.exe
  C:\Windows\System\XdaKhTR.exe
  2⤵
  PID:5352
- C:\Windows\System\SyMSmgV.exe
  C:\Windows\System\SyMSmgV.exe
  2⤵
  PID:5372
- C:\Windows\System\aCQzAlo.exe
  C:\Windows\System\aCQzAlo.exe
  2⤵
  PID:5388
- C:\Windows\System\BJBFuPL.exe
  C:\Windows\System\BJBFuPL.exe
  2⤵
  PID:5412
- C:\Windows\System\Svfodzm.exe
  C:\Windows\System\Svfodzm.exe
  2⤵
  PID:5432
- C:\Windows\System\TNhUbhE.exe
  C:\Windows\System\TNhUbhE.exe
  2⤵
  PID:5452
- C:\Windows\System\xkWkQXs.exe
  C:\Windows\System\xkWkQXs.exe
  2⤵
  PID:5468
- C:\Windows\System\uWOFgWU.exe
  C:\Windows\System\uWOFgWU.exe
  2⤵
  PID:5492
- C:\Windows\System\kaRAuYL.exe
  C:\Windows\System\kaRAuYL.exe
  2⤵
  PID:5512
- C:\Windows\System\porWaeg.exe
  C:\Windows\System\porWaeg.exe
  2⤵
  PID:5532
- C:\Windows\System\XyYJFBn.exe
  C:\Windows\System\XyYJFBn.exe
  2⤵
  PID:5552
- C:\Windows\System\YWPMNyw.exe
  C:\Windows\System\YWPMNyw.exe
  2⤵
  PID:5572
- C:\Windows\System\mvkxAlY.exe
  C:\Windows\System\mvkxAlY.exe
  2⤵
  PID:5592
- C:\Windows\System\CeICSJG.exe
  C:\Windows\System\CeICSJG.exe
  2⤵
  PID:5608
- C:\Windows\System\fZFBbst.exe
  C:\Windows\System\fZFBbst.exe
  2⤵
  PID:5628
- C:\Windows\System\YzPiPqX.exe
  C:\Windows\System\YzPiPqX.exe
  2⤵
  PID:5648
- C:\Windows\System\rneNKvi.exe
  C:\Windows\System\rneNKvi.exe
  2⤵
  PID:5668
- C:\Windows\System\zRkiEpl.exe
  C:\Windows\System\zRkiEpl.exe
  2⤵
  PID:5688
- C:\Windows\System\BGbBulL.exe
  C:\Windows\System\BGbBulL.exe
  2⤵
  PID:5708
- C:\Windows\System\NrsoAYS.exe
  C:\Windows\System\NrsoAYS.exe
  2⤵
  PID:5728
- C:\Windows\System\qCGyGLv.exe
  C:\Windows\System\qCGyGLv.exe
  2⤵
  PID:5748
- C:\Windows\System\kLbmvJh.exe
  C:\Windows\System\kLbmvJh.exe
  2⤵
  PID:5768
- C:\Windows\System\acKbFvv.exe
  C:\Windows\System\acKbFvv.exe
  2⤵
  PID:5784
- C:\Windows\System\jUjNrIW.exe
  C:\Windows\System\jUjNrIW.exe
  2⤵
  PID:5804
- C:\Windows\System\byoGZzJ.exe
  C:\Windows\System\byoGZzJ.exe
  2⤵
  PID:5820
- C:\Windows\System\fMMzYjz.exe
  C:\Windows\System\fMMzYjz.exe
  2⤵
  PID:5840
- C:\Windows\System\YHwMmJK.exe
  C:\Windows\System\YHwMmJK.exe
  2⤵
  PID:5868
- C:\Windows\System\TCZyRSn.exe
  C:\Windows\System\TCZyRSn.exe
  2⤵
  PID:5888
- C:\Windows\System\ScOpRgh.exe
  C:\Windows\System\ScOpRgh.exe
  2⤵
  PID:5904
- C:\Windows\System\lXbMZlt.exe
  C:\Windows\System\lXbMZlt.exe
  2⤵
  PID:5924
- C:\Windows\System\kZigXHW.exe
  C:\Windows\System\kZigXHW.exe
  2⤵
  PID:5944
- C:\Windows\System\JQmtYgW.exe
  C:\Windows\System\JQmtYgW.exe
  2⤵
  PID:5964
- C:\Windows\System\QiGKLNG.exe
  C:\Windows\System\QiGKLNG.exe
  2⤵
  PID:5984
- C:\Windows\System\AIxeSqm.exe
  C:\Windows\System\AIxeSqm.exe
  2⤵
  PID:6008
- C:\Windows\System\evaAMDG.exe
  C:\Windows\System\evaAMDG.exe
  2⤵
  PID:6024
- C:\Windows\System\PUIvXFD.exe
  C:\Windows\System\PUIvXFD.exe
  2⤵
  PID:6044
- C:\Windows\System\eaAmmdX.exe
  C:\Windows\System\eaAmmdX.exe
  2⤵
  PID:6064
- C:\Windows\System\aexDVMx.exe
  C:\Windows\System\aexDVMx.exe
  2⤵
  PID:6084
- C:\Windows\System\VRmzZSS.exe
  C:\Windows\System\VRmzZSS.exe
  2⤵
  PID:6100
- C:\Windows\System\FWfaTWc.exe
  C:\Windows\System\FWfaTWc.exe
  2⤵
  PID:6120
- C:\Windows\System\NzvhAWi.exe
  C:\Windows\System\NzvhAWi.exe
  2⤵
  PID:4980
- C:\Windows\System\GsVbQcg.exe
  C:\Windows\System\GsVbQcg.exe
  2⤵
  PID:4192
- C:\Windows\System\YUhSYLb.exe
  C:\Windows\System\YUhSYLb.exe
  2⤵
  PID:4916
- C:\Windows\System\LIEGjub.exe
  C:\Windows\System\LIEGjub.exe
  2⤵
  PID:3948
- C:\Windows\System\LLmOsel.exe
  C:\Windows\System\LLmOsel.exe
  2⤵
  PID:4996
- C:\Windows\System\hiRYAaL.exe
  C:\Windows\System\hiRYAaL.exe
  2⤵
  PID:2608
- C:\Windows\System\tbScKSh.exe
  C:\Windows\System\tbScKSh.exe
  2⤵
  PID:4824
- C:\Windows\System\qNiNTvP.exe
  C:\Windows\System\qNiNTvP.exe
  2⤵
  PID:4432
- C:\Windows\System\mQkjHVT.exe
  C:\Windows\System\mQkjHVT.exe
  2⤵
  PID:5164
- C:\Windows\System\NBsDlMx.exe
  C:\Windows\System\NBsDlMx.exe
  2⤵
  PID:4724
- C:\Windows\System\XLpefny.exe
  C:\Windows\System\XLpefny.exe
  2⤵
  PID:5148
- C:\Windows\System\CGCSAgW.exe
  C:\Windows\System\CGCSAgW.exe
  2⤵
  PID:4672
- C:\Windows\System\QGCJQlW.exe
  C:\Windows\System\QGCJQlW.exe
  2⤵
  PID:5196
- C:\Windows\System\JXdVLva.exe
  C:\Windows\System\JXdVLva.exe
  2⤵
  PID:5240
- C:\Windows\System\STttmuT.exe
  C:\Windows\System\STttmuT.exe
  2⤵
  PID:5280
- C:\Windows\System\hexgZSs.exe
  C:\Windows\System\hexgZSs.exe
  2⤵
  PID:5228
- C:\Windows\System\REOSRVe.exe
  C:\Windows\System\REOSRVe.exe
  2⤵
  PID:5324
- C:\Windows\System\bDHBJTb.exe
  C:\Windows\System\bDHBJTb.exe
  2⤵
  PID:5304
- C:\Windows\System\gJJYkiJ.exe
  C:\Windows\System\gJJYkiJ.exe
  2⤵
  PID:5400
- C:\Windows\System\TzOYYAh.exe
  C:\Windows\System\TzOYYAh.exe
  2⤵
  PID:5384
- C:\Windows\System\NjLEPTQ.exe
  C:\Windows\System\NjLEPTQ.exe
  2⤵
  PID:5428
- C:\Windows\System\dQlKRUn.exe
  C:\Windows\System\dQlKRUn.exe
  2⤵
  PID:5480
- C:\Windows\System\Iydrtkf.exe
  C:\Windows\System\Iydrtkf.exe
  2⤵
  PID:1708
- C:\Windows\System\ZyUrPzA.exe
  C:\Windows\System\ZyUrPzA.exe
  2⤵
  PID:1660
- C:\Windows\System\XRcGnsp.exe
  C:\Windows\System\XRcGnsp.exe
  2⤵
  PID:5524
- C:\Windows\System\zqMqRLE.exe
  C:\Windows\System\zqMqRLE.exe
  2⤵
  PID:5500
- C:\Windows\System\IQJDSYe.exe
  C:\Windows\System\IQJDSYe.exe
  2⤵
  PID:5544
- C:\Windows\System\NhuRlqL.exe
  C:\Windows\System\NhuRlqL.exe
  2⤵
  PID:5600
- C:\Windows\System\qMQhzHY.exe
  C:\Windows\System\qMQhzHY.exe
  2⤵
  PID:5676
- C:\Windows\System\ZvVzDuV.exe
  C:\Windows\System\ZvVzDuV.exe
  2⤵
  PID:5716
- C:\Windows\System\jNQzlRy.exe
  C:\Windows\System\jNQzlRy.exe
  2⤵
  PID:5664
- C:\Windows\System\tyKuXRx.exe
  C:\Windows\System\tyKuXRx.exe
  2⤵
  PID:2788
- C:\Windows\System\JrnbSNn.exe
  C:\Windows\System\JrnbSNn.exe
  2⤵
  PID:5696
- C:\Windows\System\eKSYJeo.exe
  C:\Windows\System\eKSYJeo.exe
  2⤵
  PID:5884
- C:\Windows\System\emBFnOH.exe
  C:\Windows\System\emBFnOH.exe
  2⤵
  PID:5916
- C:\Windows\System\eTMgqVe.exe
  C:\Windows\System\eTMgqVe.exe
  2⤵
  PID:5736
- C:\Windows\System\drwDwMb.exe
  C:\Windows\System\drwDwMb.exe
  2⤵
  PID:5960
- C:\Windows\System\QuNqeES.exe
  C:\Windows\System\QuNqeES.exe
  2⤵
  PID:5852
- C:\Windows\System\riaGecx.exe
  C:\Windows\System\riaGecx.exe
  2⤵
  PID:6000
- C:\Windows\System\UeQIHAD.exe
  C:\Windows\System\UeQIHAD.exe
  2⤵
  PID:5936
- C:\Windows\System\iyvXQOo.exe
  C:\Windows\System\iyvXQOo.exe
  2⤵
  PID:6056
- C:\Windows\System\rvPhHlW.exe
  C:\Windows\System\rvPhHlW.exe
  2⤵
  PID:6108
- C:\Windows\System\cuMeVmJ.exe
  C:\Windows\System\cuMeVmJ.exe
  2⤵
  PID:4392
- C:\Windows\System\lYNeTKt.exe
  C:\Windows\System\lYNeTKt.exe
  2⤵
  PID:5972
- C:\Windows\System\mdzJQBF.exe
  C:\Windows\System\mdzJQBF.exe
  2⤵
  PID:6136
- C:\Windows\System\XqspVKX.exe
  C:\Windows\System\XqspVKX.exe
  2⤵
  PID:4920
- C:\Windows\System\efAWoEW.exe
  C:\Windows\System\efAWoEW.exe
  2⤵
  PID:2600
- C:\Windows\System\HmSrLsy.exe
  C:\Windows\System\HmSrLsy.exe
  2⤵
  PID:4492
- C:\Windows\System\kmRgVDJ.exe
  C:\Windows\System\kmRgVDJ.exe
  2⤵
  PID:4160
- C:\Windows\System\wxqazNU.exe
  C:\Windows\System\wxqazNU.exe
  2⤵
  PID:4892
- C:\Windows\System\iNsAxSa.exe
  C:\Windows\System\iNsAxSa.exe
  2⤵
  PID:4940
- C:\Windows\System\ASoPdrI.exe
  C:\Windows\System\ASoPdrI.exe
  2⤵
  PID:4616
- C:\Windows\System\iDytrpB.exe
  C:\Windows\System\iDytrpB.exe
  2⤵
  PID:5208
- C:\Windows\System\gNdVUNn.exe
  C:\Windows\System\gNdVUNn.exe
  2⤵
  PID:5144
- C:\Windows\System\YyCkjey.exe
  C:\Windows\System\YyCkjey.exe
  2⤵
  PID:5192
- C:\Windows\System\YphftCR.exe
  C:\Windows\System\YphftCR.exe
  2⤵
  PID:5348
- C:\Windows\System\cSHHuMp.exe
  C:\Windows\System\cSHHuMp.exe
  2⤵
  PID:1504
- C:\Windows\System\pCNUbIN.exe
  C:\Windows\System\pCNUbIN.exe
  2⤵
  PID:1644
- C:\Windows\System\LAtBaHu.exe
  C:\Windows\System\LAtBaHu.exe
  2⤵
  PID:5264
- C:\Windows\System\hvxGwIY.exe
  C:\Windows\System\hvxGwIY.exe
  2⤵
  PID:5568
- C:\Windows\System\lbuMXWn.exe
  C:\Windows\System\lbuMXWn.exe
  2⤵
  PID:5604
- C:\Windows\System\bwAHmXJ.exe
  C:\Windows\System\bwAHmXJ.exe
  2⤵
  PID:2636
- C:\Windows\System\vgvcHdY.exe
  C:\Windows\System\vgvcHdY.exe
  2⤵
  PID:5464
- C:\Windows\System\XxwHRGG.exe
  C:\Windows\System\XxwHRGG.exe
  2⤵
  PID:5740
- C:\Windows\System\IGlXzSj.exe
  C:\Windows\System\IGlXzSj.exe
  2⤵
  PID:5640
- C:\Windows\System\RmtZexD.exe
  C:\Windows\System\RmtZexD.exe
  2⤵
  PID:5656
- C:\Windows\System\cCmEEuQ.exe
  C:\Windows\System\cCmEEuQ.exe
  2⤵
  PID:5792
- C:\Windows\System\BaDAZnU.exe
  C:\Windows\System\BaDAZnU.exe
  2⤵
  PID:3020
- C:\Windows\System\jxVmefc.exe
  C:\Windows\System\jxVmefc.exe
  2⤵
  PID:6016
- C:\Windows\System\rcScrxp.exe
  C:\Windows\System\rcScrxp.exe
  2⤵
  PID:1500
- C:\Windows\System\PWTksFy.exe
  C:\Windows\System\PWTksFy.exe
  2⤵
  PID:4888
- C:\Windows\System\fppwtXb.exe
  C:\Windows\System\fppwtXb.exe
  2⤵
  PID:5368
- C:\Windows\System\hEkNSFU.exe
  C:\Windows\System\hEkNSFU.exe
  2⤵
  PID:2856
- C:\Windows\System\KhOVdrs.exe
  C:\Windows\System\KhOVdrs.exe
  2⤵
  PID:2400
- C:\Windows\System\UzTPGMu.exe
  C:\Windows\System\UzTPGMu.exe
  2⤵
  PID:2704
- C:\Windows\System\rhOHCFH.exe
  C:\Windows\System\rhOHCFH.exe
  2⤵
  PID:1876
- C:\Windows\System\bIofWne.exe
  C:\Windows\System\bIofWne.exe
  2⤵
  PID:5700
- C:\Windows\System\LrUNaOD.exe
  C:\Windows\System\LrUNaOD.exe
  2⤵
  PID:5816
- C:\Windows\System\JrexRRh.exe
  C:\Windows\System\JrexRRh.exe
  2⤵
  PID:2644
- C:\Windows\System\rnKSEnT.exe
  C:\Windows\System\rnKSEnT.exe
  2⤵
  PID:3304
- C:\Windows\System\kzPrMUs.exe
  C:\Windows\System\kzPrMUs.exe
  2⤵
  PID:6132
- C:\Windows\System\afDNsZF.exe
  C:\Windows\System\afDNsZF.exe
  2⤵
  PID:5588
- C:\Windows\System\DxZvwmF.exe
  C:\Windows\System\DxZvwmF.exe
  2⤵
  PID:5124
- C:\Windows\System\DEMbdvd.exe
  C:\Windows\System\DEMbdvd.exe
  2⤵
  PID:5520
- C:\Windows\System\OonCnXQ.exe
  C:\Windows\System\OonCnXQ.exe
  2⤵
  PID:5616
- C:\Windows\System\lxTmqsm.exe
  C:\Windows\System\lxTmqsm.exe
  2⤵
  PID:5140
- C:\Windows\System\uJGynqo.exe
  C:\Windows\System\uJGynqo.exe
  2⤵
  PID:5220
- C:\Windows\System\CVvrhkr.exe
  C:\Windows\System\CVvrhkr.exe
  2⤵
  PID:5204
- C:\Windows\System\vucsTQL.exe
  C:\Windows\System\vucsTQL.exe
  2⤵
  PID:2420
- C:\Windows\System\emvpnYM.exe
  C:\Windows\System\emvpnYM.exe
  2⤵
  PID:2144
- C:\Windows\System\kZBIsAw.exe
  C:\Windows\System\kZBIsAw.exe
  2⤵
  PID:5796
- C:\Windows\System\xygblRu.exe
  C:\Windows\System\xygblRu.exe
  2⤵
  PID:5812
- C:\Windows\System\jDnbgUS.exe
  C:\Windows\System\jDnbgUS.exe
  2⤵
  PID:2456
- C:\Windows\System\aqCIerR.exe
  C:\Windows\System\aqCIerR.exe
  2⤵
  PID:3992
- C:\Windows\System\dcmksFP.exe
  C:\Windows\System\dcmksFP.exe
  2⤵
  PID:3504
- C:\Windows\System\GIEbKJJ.exe
  C:\Windows\System\GIEbKJJ.exe
  2⤵
  PID:484
- C:\Windows\System\KMFdsNu.exe
  C:\Windows\System\KMFdsNu.exe
  2⤵
  PID:5900
- C:\Windows\System\kkrzrId.exe
  C:\Windows\System\kkrzrId.exe
  2⤵
  PID:4572
- C:\Windows\System\qieZujI.exe
  C:\Windows\System\qieZujI.exe
  2⤵
  PID:2588
- C:\Windows\System\fqGCdwO.exe
  C:\Windows\System\fqGCdwO.exe
  2⤵
  PID:5440
- C:\Windows\System\mFOVdgO.exe
  C:\Windows\System\mFOVdgO.exe
  2⤵
  PID:5176
- C:\Windows\System\kMjNMCF.exe
  C:\Windows\System\kMjNMCF.exe
  2⤵
  PID:5484
- C:\Windows\System\jnEJPuk.exe
  C:\Windows\System\jnEJPuk.exe
  2⤵
  PID:628
- C:\Windows\System\aQLWMPL.exe
  C:\Windows\System\aQLWMPL.exe
  2⤵
  PID:5756
- C:\Windows\System\xKsmsYh.exe
  C:\Windows\System\xKsmsYh.exe
  2⤵
  PID:6036
- C:\Windows\System\pBEFRmR.exe
  C:\Windows\System\pBEFRmR.exe
  2⤵
  PID:2332
- C:\Windows\System\cGYwHDP.exe
  C:\Windows\System\cGYwHDP.exe
  2⤵
  PID:5980
- C:\Windows\System\wpmGgHY.exe
  C:\Windows\System\wpmGgHY.exe
  2⤵
  PID:5564
- C:\Windows\System\kjKUOLX.exe
  C:\Windows\System\kjKUOLX.exe
  2⤵
  PID:6116
- C:\Windows\System\eCRBtyM.exe
  C:\Windows\System\eCRBtyM.exe
  2⤵
  PID:5448
- C:\Windows\System\gzOCcRw.exe
  C:\Windows\System\gzOCcRw.exe
  2⤵
  PID:444
- C:\Windows\System\HrUJyGr.exe
  C:\Windows\System\HrUJyGr.exe
  2⤵
  PID:5508
- C:\Windows\System\FUuxHpY.exe
  C:\Windows\System\FUuxHpY.exe
  2⤵
  PID:6164
- C:\Windows\System\WdoaqoQ.exe
  C:\Windows\System\WdoaqoQ.exe
  2⤵
  PID:6184
- C:\Windows\System\uavkfwi.exe
  C:\Windows\System\uavkfwi.exe
  2⤵
  PID:6200
- C:\Windows\System\RoUTEAH.exe
  C:\Windows\System\RoUTEAH.exe
  2⤵
  PID:6216
- C:\Windows\System\kKdFazp.exe
  C:\Windows\System\kKdFazp.exe
  2⤵
  PID:6232
- C:\Windows\System\mVQowUE.exe
  C:\Windows\System\mVQowUE.exe
  2⤵
  PID:6248
- C:\Windows\System\rALKgXA.exe
  C:\Windows\System\rALKgXA.exe
  2⤵
  PID:6264
- C:\Windows\System\GpbJlJk.exe
  C:\Windows\System\GpbJlJk.exe
  2⤵
  PID:6280
- C:\Windows\System\UgdyDOi.exe
  C:\Windows\System\UgdyDOi.exe
  2⤵
  PID:6296
- C:\Windows\System\tPmKDXF.exe
  C:\Windows\System\tPmKDXF.exe
  2⤵
  PID:6312
- C:\Windows\System\qtOBvDj.exe
  C:\Windows\System\qtOBvDj.exe
  2⤵
  PID:6328
- C:\Windows\System\CrTTziU.exe
  C:\Windows\System\CrTTziU.exe
  2⤵
  PID:6344
- C:\Windows\System\JCXeocE.exe
  C:\Windows\System\JCXeocE.exe
  2⤵
  PID:6396
- C:\Windows\System\JwjdFVR.exe
  C:\Windows\System\JwjdFVR.exe
  2⤵
  PID:6412
- C:\Windows\System\lXPWTLU.exe
  C:\Windows\System\lXPWTLU.exe
  2⤵
  PID:6428
- C:\Windows\System\abAUwfy.exe
  C:\Windows\System\abAUwfy.exe
  2⤵
  PID:6444
- C:\Windows\System\jifMMZw.exe
  C:\Windows\System\jifMMZw.exe
  2⤵
  PID:6460
- C:\Windows\System\CbcQAbm.exe
  C:\Windows\System\CbcQAbm.exe
  2⤵
  PID:6476
- C:\Windows\System\pzNygup.exe
  C:\Windows\System\pzNygup.exe
  2⤵
  PID:6492
- C:\Windows\System\WpXnBQk.exe
  C:\Windows\System\WpXnBQk.exe
  2⤵
  PID:6512
- C:\Windows\System\oZaqgGE.exe
  C:\Windows\System\oZaqgGE.exe
  2⤵
  PID:6556
- C:\Windows\System\SUolzDF.exe
  C:\Windows\System\SUolzDF.exe
  2⤵
  PID:6604
- C:\Windows\System\capaHXm.exe
  C:\Windows\System\capaHXm.exe
  2⤵
  PID:6620
- C:\Windows\System\uhkUjJk.exe
  C:\Windows\System\uhkUjJk.exe
  2⤵
  PID:6640
- C:\Windows\System\sBoKSJM.exe
  C:\Windows\System\sBoKSJM.exe
  2⤵
  PID:6668
- C:\Windows\System\FoiyNaf.exe
  C:\Windows\System\FoiyNaf.exe
  2⤵
  PID:6684
- C:\Windows\System\UDAZUar.exe
  C:\Windows\System\UDAZUar.exe
  2⤵
  PID:6700
- C:\Windows\System\QRAvSyD.exe
  C:\Windows\System\QRAvSyD.exe
  2⤵
  PID:6716
- C:\Windows\System\QWpaAKW.exe
  C:\Windows\System\QWpaAKW.exe
  2⤵
  PID:6732
- C:\Windows\System\SgXbOsW.exe
  C:\Windows\System\SgXbOsW.exe
  2⤵
  PID:6748
- C:\Windows\System\wXSbWTa.exe
  C:\Windows\System\wXSbWTa.exe
  2⤵
  PID:6800
- C:\Windows\System\foZkItK.exe
  C:\Windows\System\foZkItK.exe
  2⤵
  PID:6852
- C:\Windows\System\fDBidGs.exe
  C:\Windows\System\fDBidGs.exe
  2⤵
  PID:6868
- C:\Windows\System\czFUPwR.exe
  C:\Windows\System\czFUPwR.exe
  2⤵
  PID:6884
- C:\Windows\System\ngjdAiB.exe
  C:\Windows\System\ngjdAiB.exe
  2⤵
  PID:6900
- C:\Windows\System\gnucYKE.exe
  C:\Windows\System\gnucYKE.exe
  2⤵
  PID:6916
- C:\Windows\System\hABEjDU.exe
  C:\Windows\System\hABEjDU.exe
  2⤵
  PID:6932
- C:\Windows\System\yrWQZig.exe
  C:\Windows\System\yrWQZig.exe
  2⤵
  PID:6948
- C:\Windows\System\nyvbfDn.exe
  C:\Windows\System\nyvbfDn.exe
  2⤵
  PID:6964
- C:\Windows\System\oCQOTCf.exe
  C:\Windows\System\oCQOTCf.exe
  2⤵
  PID:6980
- C:\Windows\System\mMEVJgP.exe
  C:\Windows\System\mMEVJgP.exe
  2⤵
  PID:6996
- C:\Windows\System\yBclJKY.exe
  C:\Windows\System\yBclJKY.exe
  2⤵
  PID:7056
- C:\Windows\System\Rhooxxf.exe
  C:\Windows\System\Rhooxxf.exe
  2⤵
  PID:7072
- C:\Windows\System\cAXXPmH.exe
  C:\Windows\System\cAXXPmH.exe
  2⤵
  PID:7088
- C:\Windows\System\WKJBErt.exe
  C:\Windows\System\WKJBErt.exe
  2⤵
  PID:7104
- C:\Windows\System\zSPIdSc.exe
  C:\Windows\System\zSPIdSc.exe
  2⤵
  PID:7120
- C:\Windows\System\qwFYUNf.exe
  C:\Windows\System\qwFYUNf.exe
  2⤵
  PID:7136
- C:\Windows\System\EaowADv.exe
  C:\Windows\System\EaowADv.exe
  2⤵
  PID:7152
- C:\Windows\System\DvYlrsI.exe
  C:\Windows\System\DvYlrsI.exe
  2⤵
  PID:5560
- C:\Windows\System\XMQFYKm.exe
  C:\Windows\System\XMQFYKm.exe
  2⤵
  PID:5320
- C:\Windows\System\YQIxDeq.exe
  C:\Windows\System\YQIxDeq.exe
  2⤵
  PID:5860
- C:\Windows\System\hdIypia.exe
  C:\Windows\System\hdIypia.exe
  2⤵
  PID:2504
- C:\Windows\System\czOvhNS.exe
  C:\Windows\System\czOvhNS.exe
  2⤵
  PID:6172
- C:\Windows\System\taNykDK.exe
  C:\Windows\System\taNykDK.exe
  2⤵
  PID:6272
- C:\Windows\System\uiGvJUB.exe
  C:\Windows\System\uiGvJUB.exe
  2⤵
  PID:2224
- C:\Windows\System\yNtQLAA.exe
  C:\Windows\System\yNtQLAA.exe
  2⤵
  PID:6308
- C:\Windows\System\nAyMRJM.exe
  C:\Windows\System\nAyMRJM.exe
  2⤵
  PID:5096
- C:\Windows\System\BVEZLcg.exe
  C:\Windows\System\BVEZLcg.exe
  2⤵
  PID:6568
- C:\Windows\System\GpyRdtS.exe
  C:\Windows\System\GpyRdtS.exe
  2⤵
  PID:6584
- C:\Windows\System\nosUbjk.exe
  C:\Windows\System\nosUbjk.exe
  2⤵
  PID:6600
- C:\Windows\System\QhYLIDX.exe
  C:\Windows\System\QhYLIDX.exe
  2⤵
  PID:6680
- C:\Windows\System\EPuciqL.exe
  C:\Windows\System\EPuciqL.exe
  2⤵
  PID:5932
- C:\Windows\System\LYyJxsU.exe
  C:\Windows\System\LYyJxsU.exe
  2⤵
  PID:6160
- C:\Windows\System\CnEvpAx.exe
  C:\Windows\System\CnEvpAx.exe
  2⤵
  PID:6228
- C:\Windows\System\OXsXjTB.exe
  C:\Windows\System\OXsXjTB.exe
  2⤵
  PID:6320
- C:\Windows\System\CJvBRYO.exe
  C:\Windows\System\CJvBRYO.exe
  2⤵
  PID:6020
- C:\Windows\System\PqkMdoe.exe
  C:\Windows\System\PqkMdoe.exe
  2⤵
  PID:5328
- C:\Windows\System\VbhZLoh.exe
  C:\Windows\System\VbhZLoh.exe
  2⤵
  PID:6424
- C:\Windows\System\QjmNjvW.exe
  C:\Windows\System\QjmNjvW.exe
  2⤵
  PID:6488
- C:\Windows\System\ZJDOaaT.exe
  C:\Windows\System\ZJDOaaT.exe
  2⤵
  PID:6532
- C:\Windows\System\OTBSKsF.exe
  C:\Windows\System\OTBSKsF.exe
  2⤵
  PID:6612
- C:\Windows\System\kEXDBaU.exe
  C:\Windows\System\kEXDBaU.exe
  2⤵
  PID:6660
- C:\Windows\System\ruobWmW.exe
  C:\Windows\System\ruobWmW.exe
  2⤵
  PID:6724
- C:\Windows\System\qfDIysF.exe
  C:\Windows\System\qfDIysF.exe
  2⤵
  PID:1832
- C:\Windows\System\WsKZIdc.exe
  C:\Windows\System\WsKZIdc.exe
  2⤵
  PID:6812
- C:\Windows\System\zMuaUzL.exe
  C:\Windows\System\zMuaUzL.exe
  2⤵
  PID:6828
- C:\Windows\System\LsaYRDN.exe
  C:\Windows\System\LsaYRDN.exe
  2⤵
  PID:6784
- C:\Windows\System\igjRieS.exe
  C:\Windows\System\igjRieS.exe
  2⤵
  PID:6840
- C:\Windows\System\eDZaIkn.exe
  C:\Windows\System\eDZaIkn.exe
  2⤵
  PID:2548
- C:\Windows\System\TgGxGtC.exe
  C:\Windows\System\TgGxGtC.exe
  2⤵
  PID:268
- C:\Windows\System\xPTTCsr.exe
  C:\Windows\System\xPTTCsr.exe
  2⤵
  PID:2256
- C:\Windows\System\AbyHRmB.exe
  C:\Windows\System\AbyHRmB.exe
  2⤵
  PID:272
- C:\Windows\System\QMnFUcT.exe
  C:\Windows\System\QMnFUcT.exe
  2⤵
  PID:1124
- C:\Windows\System\fCEsmEn.exe
  C:\Windows\System\fCEsmEn.exe
  2⤵
  PID:6864
- C:\Windows\System\bcGCSFc.exe
  C:\Windows\System\bcGCSFc.exe
  2⤵
  PID:6988
- C:\Windows\System\ENPJpkY.exe
  C:\Windows\System\ENPJpkY.exe
  2⤵
  PID:6844
- C:\Windows\System\lTgjQNQ.exe
  C:\Windows\System\lTgjQNQ.exe
  2⤵
  PID:6880
- C:\Windows\System\KMFglcB.exe
  C:\Windows\System\KMFglcB.exe
  2⤵
  PID:7100
- C:\Windows\System\SHUlkTf.exe
  C:\Windows\System\SHUlkTf.exe
  2⤵
  PID:6976
- C:\Windows\System\dWhMRjO.exe
  C:\Windows\System\dWhMRjO.exe
  2⤵
  PID:7020
- C:\Windows\System\wVQWqFd.exe
  C:\Windows\System\wVQWqFd.exe
  2⤵
  PID:7132
- C:\Windows\System\RaOMLSV.exe
  C:\Windows\System\RaOMLSV.exe
  2⤵
  PID:6080
- C:\Windows\System\mzotBus.exe
  C:\Windows\System\mzotBus.exe
  2⤵
  PID:5800
- C:\Windows\System\gdvKUdt.exe
  C:\Windows\System\gdvKUdt.exe
  2⤵
  PID:7036
- C:\Windows\System\qBcPlsF.exe
  C:\Windows\System\qBcPlsF.exe
  2⤵
  PID:7008
- C:\Windows\System\scHyusq.exe
  C:\Windows\System\scHyusq.exe
  2⤵
  PID:6740
- C:\Windows\System\mUsrbwv.exe
  C:\Windows\System\mUsrbwv.exe
  2⤵
  PID:7144
- C:\Windows\System\iyisFBw.exe
  C:\Windows\System\iyisFBw.exe
  2⤵
  PID:6324
- C:\Windows\System\GSsfEAO.exe
  C:\Windows\System\GSsfEAO.exe
  2⤵
  PID:6484
- C:\Windows\System\IqJbJHF.exe
  C:\Windows\System\IqJbJHF.exe
  2⤵
  PID:2556
- C:\Windows\System\dvNObJt.exe
  C:\Windows\System\dvNObJt.exe
  2⤵
  PID:6780
- C:\Windows\System\OTKJGEk.exe
  C:\Windows\System\OTKJGEk.exe
  2⤵
  PID:1896
- C:\Windows\System\kzRmlnZ.exe
  C:\Windows\System\kzRmlnZ.exe
  2⤵
  PID:7032
- C:\Windows\System\rHgOhZr.exe
  C:\Windows\System\rHgOhZr.exe
  2⤵
  PID:6944
- C:\Windows\System\BzJfhiz.exe
  C:\Windows\System\BzJfhiz.exe
  2⤵
  PID:6436
- C:\Windows\System\snMJXlc.exe
  C:\Windows\System\snMJXlc.exe
  2⤵
  PID:6500
- C:\Windows\System\AANNOLP.exe
  C:\Windows\System\AANNOLP.exe
  2⤵
  PID:5760
- C:\Windows\System\KEisfLH.exe
  C:\Windows\System\KEisfLH.exe
  2⤵
  PID:6792
- C:\Windows\System\XcODtLx.exe
  C:\Windows\System\XcODtLx.exe
  2⤵
  PID:1840
- C:\Windows\System\EnVljdB.exe
  C:\Windows\System\EnVljdB.exe
  2⤵
  PID:6360
- C:\Windows\System\opJZGoh.exe
  C:\Windows\System\opJZGoh.exe
  2⤵
  PID:6652
- C:\Windows\System\PnYJdtR.exe
  C:\Windows\System\PnYJdtR.exe
  2⤵
  PID:6820
- C:\Windows\System\fSYrsSE.exe
  C:\Windows\System\fSYrsSE.exe
  2⤵
  PID:1000
- C:\Windows\System\pIiEROs.exe
  C:\Windows\System\pIiEROs.exe
  2⤵
  PID:2404
- C:\Windows\System\sWyJxXU.exe
  C:\Windows\System\sWyJxXU.exe
  2⤵
  PID:6860
- C:\Windows\System\mOrBrMb.exe
  C:\Windows\System\mOrBrMb.exe
  2⤵
  PID:6912
- C:\Windows\System\swyeIHq.exe
  C:\Windows\System\swyeIHq.exe
  2⤵
  PID:2104
- C:\Windows\System\tmsMpsu.exe
  C:\Windows\System\tmsMpsu.exe
  2⤵
  PID:5172
- C:\Windows\System\tmZyJlF.exe
  C:\Windows\System\tmZyJlF.exe
  2⤵
  PID:5540
- C:\Windows\System\XptmrNa.exe
  C:\Windows\System\XptmrNa.exe
  2⤵
  PID:6576
- C:\Windows\System\RyJgodq.exe
  C:\Windows\System\RyJgodq.exe
  2⤵
  PID:6288
- C:\Windows\System\mJCJIzo.exe
  C:\Windows\System\mJCJIzo.exe
  2⤵
  PID:6956
- C:\Windows\System\GfDrHde.exe
  C:\Windows\System\GfDrHde.exe
  2⤵
  PID:1228
- C:\Windows\System\SvKxzmo.exe
  C:\Windows\System\SvKxzmo.exe
  2⤵
  PID:6940
- C:\Windows\System\piECpQW.exe
  C:\Windows\System\piECpQW.exe
  2⤵
  PID:6544
- C:\Windows\System\VmYVxMw.exe
  C:\Windows\System\VmYVxMw.exe
  2⤵
  PID:6876
- C:\Windows\System\xSFChHH.exe
  C:\Windows\System\xSFChHH.exe
  2⤵
  PID:6508
- C:\Windows\System\iXTdoQz.exe
  C:\Windows\System\iXTdoQz.exe
  2⤵
  PID:7052
- C:\Windows\System\CTXDQkh.exe
  C:\Windows\System\CTXDQkh.exe
  2⤵
  PID:6524
- C:\Windows\System\kTqJDBQ.exe
  C:\Windows\System\kTqJDBQ.exe
  2⤵
  PID:7016
- C:\Windows\System\CmNdqkQ.exe
  C:\Windows\System\CmNdqkQ.exe
  2⤵
  PID:6156
- C:\Windows\System\ZneZJzG.exe
  C:\Windows\System\ZneZJzG.exe
  2⤵
  PID:6768
- C:\Windows\System\lAiKRXL.exe
  C:\Windows\System\lAiKRXL.exe
  2⤵
  PID:6504
- C:\Windows\System\inHxtck.exe
  C:\Windows\System\inHxtck.exe
  2⤵
  PID:6896
- C:\Windows\System\tDzUWno.exe
  C:\Windows\System\tDzUWno.exe
  2⤵
  PID:5836
- C:\Windows\System\FiGFkvF.exe
  C:\Windows\System\FiGFkvF.exe
  2⤵
  PID:6656
- C:\Windows\System\uGrbuOd.exe
  C:\Windows\System\uGrbuOd.exe
  2⤵
  PID:6924
- C:\Windows\System\VXuSGpe.exe
  C:\Windows\System\VXuSGpe.exe
  2⤵
  PID:6832
- C:\Windows\System\ATlCRYb.exe
  C:\Windows\System\ATlCRYb.exe
  2⤵
  PID:6456
- C:\Windows\System\vGyvbXA.exe
  C:\Windows\System\vGyvbXA.exe
  2⤵
  PID:6808
- C:\Windows\System\zmZyxzP.exe
  C:\Windows\System\zmZyxzP.exe
  2⤵
  PID:3028
- C:\Windows\System\iyHvILz.exe
  C:\Windows\System\iyHvILz.exe
  2⤵
  PID:7096
- C:\Windows\System\jNnVCIs.exe
  C:\Windows\System\jNnVCIs.exe
  2⤵
  PID:6564
- C:\Windows\System\ZtXnPgy.exe
  C:\Windows\System\ZtXnPgy.exe
  2⤵
  PID:4004
- C:\Windows\System\XZXwtBl.exe
  C:\Windows\System\XZXwtBl.exe
  2⤵
  PID:7184
- C:\Windows\System\VSGtuvy.exe
  C:\Windows\System\VSGtuvy.exe
  2⤵
  PID:7200
- C:\Windows\System\QLsDHXl.exe
  C:\Windows\System\QLsDHXl.exe
  2⤵
  PID:7216
- C:\Windows\System\sHBoNuM.exe
  C:\Windows\System\sHBoNuM.exe
  2⤵
  PID:7232
- C:\Windows\System\YjRnryI.exe
  C:\Windows\System\YjRnryI.exe
  2⤵
  PID:7248
- C:\Windows\System\mLerFER.exe
  C:\Windows\System\mLerFER.exe
  2⤵
  PID:7264
- C:\Windows\System\yCrJTJN.exe
  C:\Windows\System\yCrJTJN.exe
  2⤵
  PID:7284
- C:\Windows\System\ElBYikv.exe
  C:\Windows\System\ElBYikv.exe
  2⤵
  PID:7304
- C:\Windows\System\YKFCcNc.exe
  C:\Windows\System\YKFCcNc.exe
  2⤵
  PID:7328
- C:\Windows\System\TnPqIhe.exe
  C:\Windows\System\TnPqIhe.exe
  2⤵
  PID:7352
- C:\Windows\System\HCicvJD.exe
  C:\Windows\System\HCicvJD.exe
  2⤵
  PID:7368
- C:\Windows\System\KkdviJO.exe
  C:\Windows\System\KkdviJO.exe
  2⤵
  PID:7396
- C:\Windows\System\qUahesq.exe
  C:\Windows\System\qUahesq.exe
  2⤵
  PID:7412
- C:\Windows\System\BcfoQlW.exe
  C:\Windows\System\BcfoQlW.exe
  2⤵
  PID:7428
- C:\Windows\System\kkitFsI.exe
  C:\Windows\System\kkitFsI.exe
  2⤵
  PID:7456
- C:\Windows\System\LPbFFUr.exe
  C:\Windows\System\LPbFFUr.exe
  2⤵
  PID:7472
- C:\Windows\System\ErbbjYk.exe
  C:\Windows\System\ErbbjYk.exe
  2⤵
  PID:7488
- C:\Windows\System\rwSwXjp.exe
  C:\Windows\System\rwSwXjp.exe
  2⤵
  PID:7512
- C:\Windows\System\JnfFrTL.exe
  C:\Windows\System\JnfFrTL.exe
  2⤵
  PID:7532
- C:\Windows\System\PvoQrAR.exe
  C:\Windows\System\PvoQrAR.exe
  2⤵
  PID:7552
- C:\Windows\System\zalpqAj.exe
  C:\Windows\System\zalpqAj.exe
  2⤵
  PID:7572
- C:\Windows\System\yrqbclX.exe
  C:\Windows\System\yrqbclX.exe
  2⤵
  PID:7588
- C:\Windows\System\VCLPguG.exe
  C:\Windows\System\VCLPguG.exe
  2⤵
  PID:7604
- C:\Windows\System\NueHWps.exe
  C:\Windows\System\NueHWps.exe
  2⤵
  PID:7620
- C:\Windows\System\IUKPaft.exe
  C:\Windows\System\IUKPaft.exe
  2⤵
  PID:7640
- C:\Windows\System\nQGRMZi.exe
  C:\Windows\System\nQGRMZi.exe
  2⤵
  PID:7656
- C:\Windows\System\ReNdqnX.exe
  C:\Windows\System\ReNdqnX.exe
  2⤵
  PID:7676
- C:\Windows\System\BkGNEad.exe
  C:\Windows\System\BkGNEad.exe
  2⤵
  PID:7764
- C:\Windows\System\GtCxZnp.exe
  C:\Windows\System\GtCxZnp.exe
  2⤵
  PID:7784
- C:\Windows\System\IRAkqXI.exe
  C:\Windows\System\IRAkqXI.exe
  2⤵
  PID:7800
- C:\Windows\System\gHlBleu.exe
  C:\Windows\System\gHlBleu.exe
  2⤵
  PID:7820
- C:\Windows\System\ISmnHNQ.exe
  C:\Windows\System\ISmnHNQ.exe
  2⤵
  PID:7836
- C:\Windows\System\vHETOrQ.exe
  C:\Windows\System\vHETOrQ.exe
  2⤵
  PID:7852
- C:\Windows\System\sKgHyLT.exe
  C:\Windows\System\sKgHyLT.exe
  2⤵
  PID:7868
- C:\Windows\System\FTuWqAe.exe
  C:\Windows\System\FTuWqAe.exe
  2⤵
  PID:7884
- C:\Windows\System\WAzhfAY.exe
  C:\Windows\System\WAzhfAY.exe
  2⤵
  PID:7900
- C:\Windows\System\lUoQraL.exe
  C:\Windows\System\lUoQraL.exe
  2⤵
  PID:7916
- C:\Windows\System\AOARnPV.exe
  C:\Windows\System\AOARnPV.exe
  2⤵
  PID:7936
- C:\Windows\System\MfRUqNT.exe
  C:\Windows\System\MfRUqNT.exe
  2⤵
  PID:7960
- C:\Windows\System\ltscSTc.exe
  C:\Windows\System\ltscSTc.exe
  2⤵
  PID:7980
- C:\Windows\System\DCpyYcO.exe
  C:\Windows\System\DCpyYcO.exe
  2⤵
  PID:7996
- C:\Windows\System\pkkFNUB.exe
  C:\Windows\System\pkkFNUB.exe
  2⤵
  PID:8016
- C:\Windows\System\PAbpICH.exe
  C:\Windows\System\PAbpICH.exe
  2⤵
  PID:8036
- C:\Windows\System\sIxIktK.exe
  C:\Windows\System\sIxIktK.exe
  2⤵
  PID:8052
- C:\Windows\System\MqjRyKb.exe
  C:\Windows\System\MqjRyKb.exe
  2⤵
  PID:8072
- C:\Windows\System\rtjQiKR.exe
  C:\Windows\System\rtjQiKR.exe
  2⤵
  PID:8088
- C:\Windows\System\TiaKiYA.exe
  C:\Windows\System\TiaKiYA.exe
  2⤵
  PID:8104
- C:\Windows\System\nxRwapa.exe
  C:\Windows\System\nxRwapa.exe
  2⤵
  PID:8120
- C:\Windows\System\mMqKjgM.exe
  C:\Windows\System\mMqKjgM.exe
  2⤵
  PID:8136
- C:\Windows\System\XczxVPn.exe
  C:\Windows\System\XczxVPn.exe
  2⤵
  PID:8152
- C:\Windows\System\XEHpLSN.exe
  C:\Windows\System\XEHpLSN.exe
  2⤵
  PID:8168
- C:\Windows\System\ElIbUVV.exe
  C:\Windows\System\ElIbUVV.exe
  2⤵
  PID:7280
- C:\Windows\System\EghSucl.exe
  C:\Windows\System\EghSucl.exe
  2⤵
  PID:7360
- C:\Windows\System\UCcjqwh.exe
  C:\Windows\System\UCcjqwh.exe
  2⤵
  PID:7404
- C:\Windows\System\wgSIMeO.exe
  C:\Windows\System\wgSIMeO.exe
  2⤵
  PID:7480
- C:\Windows\System\rTEnLKG.exe
  C:\Windows\System\rTEnLKG.exe
  2⤵
  PID:7528
- C:\Windows\System\gHWwMFK.exe
  C:\Windows\System\gHWwMFK.exe
  2⤵
  PID:7600
- C:\Windows\System\pxkARML.exe
  C:\Windows\System\pxkARML.exe
  2⤵
  PID:6468
- C:\Windows\System\AdyLhMR.exe
  C:\Windows\System\AdyLhMR.exe
  2⤵
  PID:7664
- C:\Windows\System\DVyWneD.exe
  C:\Windows\System\DVyWneD.exe
  2⤵
  PID:6404
- C:\Windows\System\YOhQQIq.exe
  C:\Windows\System\YOhQQIq.exe
  2⤵
  PID:7192
- C:\Windows\System\ixoEQCe.exe
  C:\Windows\System\ixoEQCe.exe
  2⤵
  PID:6196
- C:\Windows\System\QzpWnoZ.exe
  C:\Windows\System\QzpWnoZ.exe
  2⤵
  PID:2016
- C:\Windows\System\tkmgMkj.exe
  C:\Windows\System\tkmgMkj.exe
  2⤵
  PID:7684
- C:\Windows\System\xwLHSWZ.exe
  C:\Windows\System\xwLHSWZ.exe
  2⤵
  PID:7256
- C:\Windows\System\ywNQHUH.exe
  C:\Windows\System\ywNQHUH.exe
  2⤵
  PID:7340
- C:\Windows\System\utneuiw.exe
  C:\Windows\System\utneuiw.exe
  2⤵
  PID:7384
- C:\Windows\System\oyvqSsM.exe
  C:\Windows\System\oyvqSsM.exe
  2⤵
  PID:7468
- C:\Windows\System\KViHEEi.exe
  C:\Windows\System\KViHEEi.exe
  2⤵
  PID:7744
- C:\Windows\System\vXSvbrB.exe
  C:\Windows\System\vXSvbrB.exe
  2⤵
  PID:7584
- C:\Windows\System\ClXabJp.exe
  C:\Windows\System\ClXabJp.exe
  2⤵
  PID:7696
- C:\Windows\System\HHHovhJ.exe
  C:\Windows\System\HHHovhJ.exe
  2⤵
  PID:7712
- C:\Windows\System\FCjVReM.exe
  C:\Windows\System\FCjVReM.exe
  2⤵
  PID:7780
- C:\Windows\System\jboFrsr.exe
  C:\Windows\System\jboFrsr.exe
  2⤵
  PID:7752
- C:\Windows\System\TfTCgKi.exe
  C:\Windows\System\TfTCgKi.exe
  2⤵
  PID:7692
- C:\Windows\System\aXcNWnh.exe
  C:\Windows\System\aXcNWnh.exe
  2⤵
  PID:7816
- C:\Windows\System\UbWYnvM.exe
  C:\Windows\System\UbWYnvM.exe
  2⤵
  PID:7956
- C:\Windows\System\SEwQVsJ.exe
  C:\Windows\System\SEwQVsJ.exe
  2⤵
  PID:8028
- C:\Windows\System\RkllfXw.exe
  C:\Windows\System\RkllfXw.exe
  2⤵
  PID:8064
- C:\Windows\System\DhmLvKI.exe
  C:\Windows\System\DhmLvKI.exe
  2⤵
  PID:8176
- C:\Windows\System\Fqmstwg.exe
  C:\Windows\System\Fqmstwg.exe
  2⤵
  PID:7932
- C:\Windows\System\xNdgopK.exe
  C:\Windows\System\xNdgopK.exe
  2⤵
  PID:8008
- C:\Windows\System\vnlAOLu.exe
  C:\Windows\System\vnlAOLu.exe
  2⤵
  PID:8144
- C:\Windows\System\rVUvDLf.exe
  C:\Windows\System\rVUvDLf.exe
  2⤵
  PID:7068
- C:\Windows\System\LjvjpQK.exe
  C:\Windows\System\LjvjpQK.exe
  2⤵
  PID:7176
- C:\Windows\System\NcPMUdB.exe
  C:\Windows\System\NcPMUdB.exe
  2⤵
  PID:7112
- C:\Windows\System\ROqCgkF.exe
  C:\Windows\System\ROqCgkF.exe
  2⤵
  PID:7320
- C:\Windows\System\gFQfrei.exe
  C:\Windows\System\gFQfrei.exe
  2⤵
  PID:6260
- C:\Windows\System\yJECsMZ.exe
  C:\Windows\System\yJECsMZ.exe
  2⤵
  PID:7596
- C:\Windows\System\NUjeUuU.exe
  C:\Windows\System\NUjeUuU.exe
  2⤵
  PID:6224
- C:\Windows\System\wTAyCLQ.exe
  C:\Windows\System\wTAyCLQ.exe
  2⤵
  PID:7728
- C:\Windows\System\DKCvTBS.exe
  C:\Windows\System\DKCvTBS.exe
  2⤵
  PID:7504
- C:\Windows\System\uZgYQFW.exe
  C:\Windows\System\uZgYQFW.exe
  2⤵
  PID:7812
- C:\Windows\System\UprqXcr.exe
  C:\Windows\System\UprqXcr.exe
  2⤵
  PID:7760
- C:\Windows\System\dqiDbXh.exe
  C:\Windows\System\dqiDbXh.exe
  2⤵
  PID:8024
- C:\Windows\System\HhjkIFr.exe
  C:\Windows\System\HhjkIFr.exe
  2⤵
  PID:2944
- C:\Windows\System\mZkJWHp.exe
  C:\Windows\System\mZkJWHp.exe
  2⤵
  PID:7296
- C:\Windows\System\EooGfRa.exe
  C:\Windows\System\EooGfRa.exe
  2⤵
  PID:7544
- C:\Windows\System\EPgOrae.exe
  C:\Windows\System\EPgOrae.exe
  2⤵
  PID:7748
- C:\Windows\System\eLrAQPT.exe
  C:\Windows\System\eLrAQPT.exe
  2⤵
  PID:7272
- C:\Windows\System\gsYjWCU.exe
  C:\Windows\System\gsYjWCU.exe
  2⤵
  PID:8116
- C:\Windows\System\TwUQYeq.exe
  C:\Windows\System\TwUQYeq.exe
  2⤵
  PID:7832
- C:\Windows\System\SNZolYQ.exe
  C:\Windows\System\SNZolYQ.exe
  2⤵
  PID:7924
- C:\Windows\System\OjuSoTz.exe
  C:\Windows\System\OjuSoTz.exe
  2⤵
  PID:7896
- C:\Windows\System\wbJauPi.exe
  C:\Windows\System\wbJauPi.exe
  2⤵
  PID:8084
- C:\Windows\System\WiXluRK.exe
  C:\Windows\System\WiXluRK.exe
  2⤵
  PID:8004
- C:\Windows\System\uoJbhzE.exe
  C:\Windows\System\uoJbhzE.exe
  2⤵
  PID:7212
- C:\Windows\System\ampckLf.exe
  C:\Windows\System\ampckLf.exe
  2⤵
  PID:7652
- C:\Windows\System\FQJROJj.exe
  C:\Windows\System\FQJROJj.exe
  2⤵
  PID:7540
- C:\Windows\System\oOXVgHY.exe
  C:\Windows\System\oOXVgHY.exe
  2⤵
  PID:7704
- C:\Windows\System\YOnXYFs.exe
  C:\Windows\System\YOnXYFs.exe
  2⤵
  PID:8188
- C:\Windows\System\zLZKcvq.exe
  C:\Windows\System\zLZKcvq.exe
  2⤵
  PID:7452
- C:\Windows\System\xKafIvZ.exe
  C:\Windows\System\xKafIvZ.exe
  2⤵
  PID:7448
- C:\Windows\System\wlbJeWa.exe
  C:\Windows\System\wlbJeWa.exe
  2⤵
  PID:7992
- C:\Windows\System\JuwKoYI.exe
  C:\Windows\System\JuwKoYI.exe
  2⤵
  PID:7508
- C:\Windows\System\TLKzhmX.exe
  C:\Windows\System\TLKzhmX.exe
  2⤵
  PID:7520
- C:\Windows\System\cHmHCzA.exe
  C:\Windows\System\cHmHCzA.exe
  2⤵
  PID:8048
- C:\Windows\System\JGVGpLE.exe
  C:\Windows\System\JGVGpLE.exe
  2⤵
  PID:7208
- C:\Windows\System\aGhiQkr.exe
  C:\Windows\System\aGhiQkr.exe
  2⤵
  PID:7892
- C:\Windows\System\LchONSw.exe
  C:\Windows\System\LchONSw.exe
  2⤵
  PID:8060
- C:\Windows\System\yBPQjcu.exe
  C:\Windows\System\yBPQjcu.exe
  2⤵
  PID:7672
- C:\Windows\System\nLcqzLu.exe
  C:\Windows\System\nLcqzLu.exe
  2⤵
  PID:6636
- C:\Windows\System\BmKoRhI.exe
  C:\Windows\System\BmKoRhI.exe
  2⤵
  PID:7708
- C:\Windows\System\rZjHEEy.exe
  C:\Windows\System\rZjHEEy.exe
  2⤵
  PID:8196
- C:\Windows\System\nqhrwHd.exe
  C:\Windows\System\nqhrwHd.exe
  2⤵
  PID:8216
- C:\Windows\System\SxOmuNr.exe
  C:\Windows\System\SxOmuNr.exe
  2⤵
  PID:8232
- C:\Windows\System\ArIpRen.exe
  C:\Windows\System\ArIpRen.exe
  2⤵
  PID:8248
- C:\Windows\System\nWMCxZd.exe
  C:\Windows\System\nWMCxZd.exe
  2⤵
  PID:8268
- C:\Windows\System\jxEotiU.exe
  C:\Windows\System\jxEotiU.exe
  2⤵
  PID:8288
- C:\Windows\System\eaSHDfc.exe
  C:\Windows\System\eaSHDfc.exe
  2⤵
  PID:8308
- C:\Windows\System\yfpAEfs.exe
  C:\Windows\System\yfpAEfs.exe
  2⤵
  PID:8324
- C:\Windows\System\YFeNkpS.exe
  C:\Windows\System\YFeNkpS.exe
  2⤵
  PID:8392
- C:\Windows\System\IHypypU.exe
  C:\Windows\System\IHypypU.exe
  2⤵
  PID:8420
- C:\Windows\System\qSIxhUH.exe
  C:\Windows\System\qSIxhUH.exe
  2⤵
  PID:8440
- C:\Windows\System\UPopLLI.exe
  C:\Windows\System\UPopLLI.exe
  2⤵
  PID:8460
- C:\Windows\System\KHWuIer.exe
  C:\Windows\System\KHWuIer.exe
  2⤵
  PID:8484
- C:\Windows\System\EjHzNEs.exe
  C:\Windows\System\EjHzNEs.exe
  2⤵
  PID:8508
- C:\Windows\System\UyqwBFJ.exe
  C:\Windows\System\UyqwBFJ.exe
  2⤵
  PID:8524
- C:\Windows\System\JIglgkv.exe
  C:\Windows\System\JIglgkv.exe
  2⤵
  PID:8540
- C:\Windows\System\bapHbmw.exe
  C:\Windows\System\bapHbmw.exe
  2⤵
  PID:8556
- C:\Windows\System\XyuuQDE.exe
  C:\Windows\System\XyuuQDE.exe
  2⤵
  PID:8572
- C:\Windows\System\epEDqiI.exe
  C:\Windows\System\epEDqiI.exe
  2⤵
  PID:8588
- C:\Windows\System\hjYytgK.exe
  C:\Windows\System\hjYytgK.exe
  2⤵
  PID:8604
- C:\Windows\System\eLCscKP.exe
  C:\Windows\System\eLCscKP.exe
  2⤵
  PID:8620
- C:\Windows\System\pxWQOFA.exe
  C:\Windows\System\pxWQOFA.exe
  2⤵
  PID:8636
- C:\Windows\System\SmaPohQ.exe
  C:\Windows\System\SmaPohQ.exe
  2⤵
  PID:8652
- C:\Windows\System\pwpApeU.exe
  C:\Windows\System\pwpApeU.exe
  2⤵
  PID:8668
- C:\Windows\System\YQzifBx.exe
  C:\Windows\System\YQzifBx.exe
  2⤵
  PID:8684
- C:\Windows\System\gnpWRkV.exe
  C:\Windows\System\gnpWRkV.exe
  2⤵
  PID:8700
- C:\Windows\System\JLKIjiP.exe
  C:\Windows\System\JLKIjiP.exe
  2⤵
  PID:8716
- C:\Windows\System\UrPbXJY.exe
  C:\Windows\System\UrPbXJY.exe
  2⤵
  PID:8736
- C:\Windows\System\oYqTEow.exe
  C:\Windows\System\oYqTEow.exe
  2⤵
  PID:8756
- C:\Windows\System\TzDqJQm.exe
  C:\Windows\System\TzDqJQm.exe
  2⤵
  PID:8780
- C:\Windows\System\MsVDiZS.exe
  C:\Windows\System\MsVDiZS.exe
  2⤵
  PID:8804
- C:\Windows\System\IZvHrjq.exe
  C:\Windows\System\IZvHrjq.exe
  2⤵
  PID:8824
- C:\Windows\System\gsomjAb.exe
  C:\Windows\System\gsomjAb.exe
  2⤵
  PID:8840
- C:\Windows\System\cRTiZgL.exe
  C:\Windows\System\cRTiZgL.exe
  2⤵
  PID:8868
- C:\Windows\System\ZKgvBLL.exe
  C:\Windows\System\ZKgvBLL.exe
  2⤵
  PID:8888
- C:\Windows\System\MvSSYfb.exe
  C:\Windows\System\MvSSYfb.exe
  2⤵
  PID:8904
- C:\Windows\System\aEyNQKF.exe
  C:\Windows\System\aEyNQKF.exe
  2⤵
  PID:8924
- C:\Windows\System\bFTtPFe.exe
  C:\Windows\System\bFTtPFe.exe
  2⤵
  PID:8996
- C:\Windows\System\oqynPim.exe
  C:\Windows\System\oqynPim.exe
  2⤵
  PID:9012
- C:\Windows\System\iIANbqV.exe
  C:\Windows\System\iIANbqV.exe
  2⤵
  PID:9028
- C:\Windows\System\dmAWEkb.exe
  C:\Windows\System\dmAWEkb.exe
  2⤵
  PID:9044
- C:\Windows\System\qHcShUS.exe
  C:\Windows\System\qHcShUS.exe
  2⤵
  PID:9060
- C:\Windows\System\EEauyTg.exe
  C:\Windows\System\EEauyTg.exe
  2⤵
  PID:9076
- C:\Windows\System\ntakjwG.exe
  C:\Windows\System\ntakjwG.exe
  2⤵
  PID:9092
- C:\Windows\System\dReBWUP.exe
  C:\Windows\System\dReBWUP.exe
  2⤵
  PID:9108
- C:\Windows\System\sTCWqwL.exe
  C:\Windows\System\sTCWqwL.exe
  2⤵
  PID:9124
- C:\Windows\System\yriRdeW.exe
  C:\Windows\System\yriRdeW.exe
  2⤵
  PID:9140
- C:\Windows\System\DFZLpPO.exe
  C:\Windows\System\DFZLpPO.exe
  2⤵
  PID:9156
- C:\Windows\System\nHhkWux.exe
  C:\Windows\System\nHhkWux.exe
  2⤵
  PID:9172
- C:\Windows\System\QELAofF.exe
  C:\Windows\System\QELAofF.exe
  2⤵
  PID:9188
- C:\Windows\System\pshGApT.exe
  C:\Windows\System\pshGApT.exe
  2⤵
  PID:9204
- C:\Windows\System\rsklNOa.exe
  C:\Windows\System\rsklNOa.exe
  2⤵
  PID:8208
- C:\Windows\System\oJnJyFh.exe
  C:\Windows\System\oJnJyFh.exe
  2⤵
  PID:8320
- C:\Windows\System\vlyhjbe.exe
  C:\Windows\System\vlyhjbe.exe
  2⤵
  PID:7292
- C:\Windows\System\NnwbkIP.exe
  C:\Windows\System\NnwbkIP.exe
  2⤵
  PID:8160
- C:\Windows\System\qSdezPr.exe
  C:\Windows\System\qSdezPr.exe
  2⤵
  PID:2772
- C:\Windows\System\SlKAnjE.exe
  C:\Windows\System\SlKAnjE.exe
  2⤵
  PID:7444
- C:\Windows\System\yrnwlKG.exe
  C:\Windows\System\yrnwlKG.exe
  2⤵
  PID:8400
- C:\Windows\System\XmpTFxa.exe
  C:\Windows\System\XmpTFxa.exe
  2⤵
  PID:8228
- C:\Windows\System\kjcwTHf.exe
  C:\Windows\System\kjcwTHf.exe
  2⤵
  PID:8348
- C:\Windows\System\IYHuwRM.exe
  C:\Windows\System\IYHuwRM.exe
  2⤵
  PID:8368
- C:\Windows\System\GgfhZgF.exe
  C:\Windows\System\GgfhZgF.exe
  2⤵
  PID:8384
- C:\Windows\System\caNRQfQ.exe
  C:\Windows\System\caNRQfQ.exe
  2⤵
  PID:8416
- C:\Windows\System\uOUPISn.exe
  C:\Windows\System\uOUPISn.exe
  2⤵
  PID:8448
- C:\Windows\System\YxLJDmw.exe
  C:\Windows\System\YxLJDmw.exe
  2⤵
  PID:8468
- C:\Windows\System\KusfFbr.exe
  C:\Windows\System\KusfFbr.exe
  2⤵
  PID:8532
- C:\Windows\System\UcUlgMt.exe
  C:\Windows\System\UcUlgMt.exe
  2⤵
  PID:8552
- C:\Windows\System\eERkNjH.exe
  C:\Windows\System\eERkNjH.exe
  2⤵
  PID:8680
- C:\Windows\System\QWCnqxG.exe
  C:\Windows\System\QWCnqxG.exe
  2⤵
  PID:8748
- C:\Windows\System\bmSvzDa.exe
  C:\Windows\System\bmSvzDa.exe
  2⤵
  PID:8648
- C:\Windows\System\XnCzeGw.exe
  C:\Windows\System\XnCzeGw.exe
  2⤵
  PID:8772
- C:\Windows\System\oOdHAZP.exe
  C:\Windows\System\oOdHAZP.exe
  2⤵
  PID:8764
- C:\Windows\System\kuBkleS.exe
  C:\Windows\System\kuBkleS.exe
  2⤵
  PID:8792
- C:\Windows\System\pMzaCTd.exe
  C:\Windows\System\pMzaCTd.exe
  2⤵
  PID:8676
- C:\Windows\System\mEhuRhU.exe
  C:\Windows\System\mEhuRhU.exe
  2⤵
  PID:8912
- C:\Windows\System\LucRXWI.exe
  C:\Windows\System\LucRXWI.exe
  2⤵
  PID:8812
- C:\Windows\System\fuRVwdM.exe
  C:\Windows\System\fuRVwdM.exe
  2⤵
  PID:8932
- C:\Windows\System\nVMFcdq.exe
  C:\Windows\System\nVMFcdq.exe
  2⤵
  PID:8956
- C:\Windows\System\QdICJoh.exe
  C:\Windows\System\QdICJoh.exe
  2⤵
  PID:8972
- C:\Windows\System\xSUPocI.exe
  C:\Windows\System\xSUPocI.exe
  2⤵
  PID:8496
- C:\Windows\System\UvHDPnE.exe
  C:\Windows\System\UvHDPnE.exe
  2⤵
  PID:9020
- C:\Windows\System\nYlDpoA.exe
  C:\Windows\System\nYlDpoA.exe
  2⤵
  PID:9036
- C:\Windows\System\DPggzjK.exe
  C:\Windows\System\DPggzjK.exe
  2⤵
  PID:9152
- C:\Windows\System\NjARmMx.exe
  C:\Windows\System\NjARmMx.exe
  2⤵
  PID:9068
- C:\Windows\System\nJDCJgU.exe
  C:\Windows\System\nJDCJgU.exe
  2⤵
  PID:9136
- C:\Windows\System\iIKYuWS.exe
  C:\Windows\System\iIKYuWS.exe
  2⤵
  PID:8204
- C:\Windows\System\HdVaKrU.exe
  C:\Windows\System\HdVaKrU.exe
  2⤵
  PID:9200
- C:\Windows\System\okqrUEA.exe
  C:\Windows\System\okqrUEA.exe
  2⤵
  PID:8244
- C:\Windows\System\HIXhNfF.exe
  C:\Windows\System\HIXhNfF.exe
  2⤵
  PID:8100
- C:\Windows\System\zDzXsCY.exe
  C:\Windows\System\zDzXsCY.exe
  2⤵
  PID:8336
- C:\Windows\System\NxmTnvA.exe
  C:\Windows\System\NxmTnvA.exe
  2⤵
  PID:7276
- C:\Windows\System\ecykzsL.exe
  C:\Windows\System\ecykzsL.exe
  2⤵
  PID:8344
- C:\Windows\System\KUGqCHy.exe
  C:\Windows\System\KUGqCHy.exe
  2⤵
  PID:7316
- C:\Windows\System\UldCNYB.exe
  C:\Windows\System\UldCNYB.exe
  2⤵
  PID:8304
- C:\Windows\System\tvVAxrY.exe
  C:\Windows\System\tvVAxrY.exe
  2⤵
  PID:8380
- C:\Windows\System\BllOmko.exe
  C:\Windows\System\BllOmko.exe
  2⤵
  PID:8480
- C:\Windows\System\bXwNOpl.exe
  C:\Windows\System\bXwNOpl.exe
  2⤵
  PID:8628
- C:\Windows\System\XXMjqIf.exe
  C:\Windows\System\XXMjqIf.exe
  2⤵
  PID:8500
- C:\Windows\System\NYuteyo.exe
  C:\Windows\System\NYuteyo.exe
  2⤵
  PID:8728
- C:\Windows\System\aRYXISI.exe
  C:\Windows\System\aRYXISI.exe
  2⤵
  PID:8612
- C:\Windows\System\IUAHHBA.exe
  C:\Windows\System\IUAHHBA.exe
  2⤵
  PID:8896
- C:\Windows\System\GJAYzlS.exe
  C:\Windows\System\GJAYzlS.exe
  2⤵
  PID:8664
- C:\Windows\System\nUVELOu.exe
  C:\Windows\System\nUVELOu.exe
  2⤵
  PID:8964
- C:\Windows\System\FZZcEMp.exe
  C:\Windows\System\FZZcEMp.exe
  2⤵
  PID:9116
- C:\Windows\System\vEKwiqS.exe
  C:\Windows\System\vEKwiqS.exe
  2⤵
  PID:9132
- C:\Windows\System\NHWFBhp.exe
  C:\Windows\System\NHWFBhp.exe
  2⤵
  PID:8948
- C:\Windows\System\pIEOBQe.exe
  C:\Windows\System\pIEOBQe.exe
  2⤵
  PID:7424
- C:\Windows\System\PKdLguC.exe
  C:\Windows\System\PKdLguC.exe
  2⤵
  PID:8256
- C:\Windows\System\NYPdPtQ.exe
  C:\Windows\System\NYPdPtQ.exe
  2⤵
  PID:8364
- C:\Windows\System\YXfWyTG.exe
  C:\Windows\System\YXfWyTG.exe
  2⤵
  PID:8452
- C:\Windows\System\ItiXqGo.exe
  C:\Windows\System\ItiXqGo.exe
  2⤵
  PID:6240
- C:\Windows\System\dZaUvHw.exe
  C:\Windows\System\dZaUvHw.exe
  2⤵
  PID:9168
- C:\Windows\System\fkEsqvn.exe
  C:\Windows\System\fkEsqvn.exe
  2⤵
  PID:9056
- C:\Windows\System\gPQuZqJ.exe
  C:\Windows\System\gPQuZqJ.exe
  2⤵
  PID:8332
- C:\Windows\System\KCPAOkM.exe
  C:\Windows\System\KCPAOkM.exe
  2⤵
  PID:1492
- C:\Windows\System\eQOkGST.exe
  C:\Windows\System\eQOkGST.exe
  2⤵
  PID:8436
- C:\Windows\System\fKAmxjP.exe
  C:\Windows\System\fKAmxjP.exe
  2⤵
  PID:8520
- C:\Windows\System\jznpgQf.exe
  C:\Windows\System\jznpgQf.exe
  2⤵
  PID:8796
- C:\Windows\System\LfTEcFL.exe
  C:\Windows\System\LfTEcFL.exe
  2⤵
  PID:8564
- C:\Windows\System\sblyHmW.exe
  C:\Windows\System\sblyHmW.exe
  2⤵
  PID:8852
- C:\Windows\System\yTdtnLE.exe
  C:\Windows\System\yTdtnLE.exe
  2⤵
  PID:7616
- C:\Windows\System\GeyUPga.exe
  C:\Windows\System\GeyUPga.exe
  2⤵
  PID:8980
- C:\Windows\System\lzCJIJU.exe
  C:\Windows\System\lzCJIJU.exe
  2⤵
  PID:7952
- C:\Windows\System\biVHBda.exe
  C:\Windows\System\biVHBda.exe
  2⤵
  PID:8880
- C:\Windows\System\RxRCrhe.exe
  C:\Windows\System\RxRCrhe.exe
  2⤵
  PID:8900
- C:\Windows\System\TkFLbOc.exe
  C:\Windows\System\TkFLbOc.exe
  2⤵
  PID:8732
- C:\Windows\System\AFmOTqh.exe
  C:\Windows\System\AFmOTqh.exe
  2⤵
  PID:9220
- C:\Windows\System\dByENCv.exe
  C:\Windows\System\dByENCv.exe
  2⤵
  PID:9236
- C:\Windows\System\WrnMNLZ.exe
  C:\Windows\System\WrnMNLZ.exe
  2⤵
  PID:9252
- C:\Windows\System\FwLSeoG.exe
  C:\Windows\System\FwLSeoG.exe
  2⤵
  PID:9268
- C:\Windows\System\bOBNOlx.exe
  C:\Windows\System\bOBNOlx.exe
  2⤵
  PID:9292
- C:\Windows\System\bpsthTW.exe
  C:\Windows\System\bpsthTW.exe
  2⤵
  PID:9328
- C:\Windows\System\klMtQXS.exe
  C:\Windows\System\klMtQXS.exe
  2⤵
  PID:9360
- C:\Windows\System\pqFKeMt.exe
  C:\Windows\System\pqFKeMt.exe
  2⤵
  PID:9416
- C:\Windows\System\iThicRl.exe
  C:\Windows\System\iThicRl.exe
  2⤵
  PID:9436
- C:\Windows\System\DwJXNRH.exe
  C:\Windows\System\DwJXNRH.exe
  2⤵
  PID:9456
- C:\Windows\System\DxGpRHx.exe
  C:\Windows\System\DxGpRHx.exe
  2⤵
  PID:9476
- C:\Windows\System\JLZYlXF.exe
  C:\Windows\System\JLZYlXF.exe
  2⤵
  PID:9492
- C:\Windows\System\ZHXlemQ.exe
  C:\Windows\System\ZHXlemQ.exe
  2⤵
  PID:9516
- C:\Windows\System\boiiPqU.exe
  C:\Windows\System\boiiPqU.exe
  2⤵
  PID:9536
- C:\Windows\System\rmIvanw.exe
  C:\Windows\System\rmIvanw.exe
  2⤵
  PID:9552
- C:\Windows\System\kftAdzx.exe
  C:\Windows\System\kftAdzx.exe
  2⤵
  PID:9576
- C:\Windows\System\snJglxm.exe
  C:\Windows\System\snJglxm.exe
  2⤵
  PID:9592
- C:\Windows\System\PglHWMb.exe
  C:\Windows\System\PglHWMb.exe
  2⤵
  PID:9616
- C:\Windows\System\zkPazhk.exe
  C:\Windows\System\zkPazhk.exe
  2⤵
  PID:9644
- C:\Windows\System\zAwpPtg.exe
  C:\Windows\System\zAwpPtg.exe
  2⤵
  PID:9664
- C:\Windows\System\QmVumYv.exe
  C:\Windows\System\QmVumYv.exe
  2⤵
  PID:9684
- C:\Windows\System\CXjfjUE.exe
  C:\Windows\System\CXjfjUE.exe
  2⤵
  PID:9704
- C:\Windows\System\QEFGrxY.exe
  C:\Windows\System\QEFGrxY.exe
  2⤵
  PID:9728
- C:\Windows\System\JisNjxR.exe
  C:\Windows\System\JisNjxR.exe
  2⤵
  PID:9744
- C:\Windows\System\BCPdork.exe
  C:\Windows\System\BCPdork.exe
  2⤵
  PID:9764
- C:\Windows\System\utQNlhG.exe
  C:\Windows\System\utQNlhG.exe
  2⤵
  PID:9784
- C:\Windows\System\EWsPrrx.exe
  C:\Windows\System\EWsPrrx.exe
  2⤵
  PID:9800
- C:\Windows\System\JgeaJfC.exe
  C:\Windows\System\JgeaJfC.exe
  2⤵
  PID:9820
- C:\Windows\System\goDpwqv.exe
  C:\Windows\System\goDpwqv.exe
  2⤵
  PID:9836
- C:\Windows\System\yInYzpf.exe
  C:\Windows\System\yInYzpf.exe
  2⤵
  PID:9852
- C:\Windows\System\PAmXuVP.exe
  C:\Windows\System\PAmXuVP.exe
  2⤵
  PID:9868
- C:\Windows\System\aTmHdYh.exe
  C:\Windows\System\aTmHdYh.exe
  2⤵
  PID:9888
- C:\Windows\System\kyXKQDj.exe
  C:\Windows\System\kyXKQDj.exe
  2⤵
  PID:9908
- C:\Windows\System\WqzOJUR.exe
  C:\Windows\System\WqzOJUR.exe
  2⤵
  PID:9924
- C:\Windows\System\EUGrZCo.exe
  C:\Windows\System\EUGrZCo.exe
  2⤵
  PID:9940
- C:\Windows\System\mGdHXSR.exe
  C:\Windows\System\mGdHXSR.exe
  2⤵
  PID:9960
- C:\Windows\System\gmxBwoH.exe
  C:\Windows\System\gmxBwoH.exe
  2⤵
  PID:9980
- C:\Windows\System\CdQlkiF.exe
  C:\Windows\System\CdQlkiF.exe
  2⤵
  PID:10000
- C:\Windows\System\nFTccni.exe
  C:\Windows\System\nFTccni.exe
  2⤵
  PID:10020
- C:\Windows\System\EIoEmOz.exe
  C:\Windows\System\EIoEmOz.exe
  2⤵
  PID:10036
- C:\Windows\System\qdYBWkP.exe
  C:\Windows\System\qdYBWkP.exe
  2⤵
  PID:10072
- C:\Windows\System\IPjdWwg.exe
  C:\Windows\System\IPjdWwg.exe
  2⤵
  PID:10108
- C:\Windows\System\HkmbwKp.exe
  C:\Windows\System\HkmbwKp.exe
  2⤵
  PID:10132
- C:\Windows\System\LIcaKFu.exe
  C:\Windows\System\LIcaKFu.exe
  2⤵
  PID:10152
- C:\Windows\System\SSeIpFD.exe
  C:\Windows\System\SSeIpFD.exe
  2⤵
  PID:10172
- C:\Windows\System\YWLqqoj.exe
  C:\Windows\System\YWLqqoj.exe
  2⤵
  PID:10188
- C:\Windows\System\NUJnSBj.exe
  C:\Windows\System\NUJnSBj.exe
  2⤵
  PID:10204
- C:\Windows\System\BiSLGsR.exe
  C:\Windows\System\BiSLGsR.exe
  2⤵
  PID:10220
- C:\Windows\System\UnYhJTH.exe
  C:\Windows\System\UnYhJTH.exe
  2⤵
  PID:10236
- C:\Windows\System\hvTHziR.exe
  C:\Windows\System\hvTHziR.exe
  2⤵
  PID:9248
- C:\Windows\System\wwKXlmS.exe
  C:\Windows\System\wwKXlmS.exe
  2⤵
  PID:8516
- C:\Windows\System\YHBVcEI.exe
  C:\Windows\System\YHBVcEI.exe
  2⤵
  PID:8944
- C:\Windows\System\eGKIKKA.exe
  C:\Windows\System\eGKIKKA.exe
  2⤵
  PID:9196
- C:\Windows\System\qLyzzHo.exe
  C:\Windows\System\qLyzzHo.exe
  2⤵
  PID:8240
- C:\Windows\System\xrqlXrp.exe
  C:\Windows\System\xrqlXrp.exe
  2⤵
  PID:9004
- C:\Windows\System\lheSQbU.exe
  C:\Windows\System\lheSQbU.exe
  2⤵
  PID:8952
- C:\Windows\System\mikVrPn.exe
  C:\Windows\System\mikVrPn.exe
  2⤵
  PID:8788
- C:\Windows\System\mhxNpFY.exe
  C:\Windows\System\mhxNpFY.exe
  2⤵
  PID:9264
- C:\Windows\System\bLiCmxg.exe
  C:\Windows\System\bLiCmxg.exe
  2⤵
  PID:9336
- C:\Windows\System\yFJCetB.exe
  C:\Windows\System\yFJCetB.exe
  2⤵
  PID:9340
- C:\Windows\System\iwHSghF.exe
  C:\Windows\System\iwHSghF.exe
  2⤵
  PID:9348
- C:\Windows\System\YsxdLoa.exe
  C:\Windows\System\YsxdLoa.exe
  2⤵
  PID:9372
- C:\Windows\System\TyTIzNV.exe
  C:\Windows\System\TyTIzNV.exe
  2⤵
  PID:9404
- C:\Windows\System\KXtmBhQ.exe
  C:\Windows\System\KXtmBhQ.exe
  2⤵
  PID:8568
- C:\Windows\System\OnKzOHO.exe
  C:\Windows\System\OnKzOHO.exe
  2⤵
  PID:9472
- C:\Windows\System\YAJYnqF.exe
  C:\Windows\System\YAJYnqF.exe
  2⤵
  PID:9508
- C:\Windows\System\uYrDQxK.exe
  C:\Windows\System\uYrDQxK.exe
  2⤵
  PID:9612
- C:\Windows\System\cnOfVIg.exe
  C:\Windows\System\cnOfVIg.exe
  2⤵
  PID:9628
- C:\Windows\System\edOSoVr.exe
  C:\Windows\System\edOSoVr.exe
  2⤵
  PID:9672
- C:\Windows\System\hVOrlwu.exe
  C:\Windows\System\hVOrlwu.exe
  2⤵
  PID:9712
- C:\Windows\System\QlfVcMB.exe
  C:\Windows\System\QlfVcMB.exe
  2⤵
  PID:9752
- C:\Windows\System\GQKtuex.exe
  C:\Windows\System\GQKtuex.exe
  2⤵
  PID:9828
- C:\Windows\System\bCLFidq.exe
  C:\Windows\System\bCLFidq.exe
  2⤵
  PID:9932
- C:\Windows\System\qHttEDp.exe
  C:\Windows\System\qHttEDp.exe
  2⤵
  PID:10008
- C:\Windows\System\YDaeIWl.exe
  C:\Windows\System\YDaeIWl.exe
  2⤵
  PID:10012
- C:\Windows\System\JfbAxvA.exe
  C:\Windows\System\JfbAxvA.exe
  2⤵
  PID:9876
- C:\Windows\System\UnxGlOq.exe
  C:\Windows\System\UnxGlOq.exe
  2⤵
  PID:10048
- C:\Windows\System\JaTzawx.exe
  C:\Windows\System\JaTzawx.exe
  2⤵
  PID:9780
- C:\Windows\System\TmdjuJC.exe
  C:\Windows\System\TmdjuJC.exe
  2⤵
  PID:9880
- C:\Windows\System\ucknrLU.exe
  C:\Windows\System\ucknrLU.exe
  2⤵
  PID:9948
- C:\Windows\System\jAlidmP.exe
  C:\Windows\System\jAlidmP.exe
  2⤵
  PID:664
- C:\Windows\System\esHNByl.exe
  C:\Windows\System\esHNByl.exe
  2⤵
  PID:10104
- C:\Windows\System\LQeCmYh.exe
  C:\Windows\System\LQeCmYh.exe
  2⤵
  PID:2612
- C:\Windows\System\PYXeXNS.exe
  C:\Windows\System\PYXeXNS.exe
  2⤵
  PID:10120
- C:\Windows\System\gviTOPi.exe
  C:\Windows\System\gviTOPi.exe
  2⤵
  PID:10200
- C:\Windows\System\xNMabKc.exe
  C:\Windows\System\xNMabKc.exe
  2⤵
  PID:7688
- C:\Windows\System\wMToEtO.exe
  C:\Windows\System\wMToEtO.exe
  2⤵
  PID:8376
- C:\Windows\System\iUBBPUN.exe
  C:\Windows\System\iUBBPUN.exe
  2⤵
  PID:9352
- C:\Windows\System\ZrnotXE.exe
  C:\Windows\System\ZrnotXE.exe
  2⤵
  PID:9212
- C:\Windows\System\QbDJfpb.exe
  C:\Windows\System\QbDJfpb.exe
  2⤵
  PID:9452
- C:\Windows\System\OEZzozG.exe
  C:\Windows\System\OEZzozG.exe
  2⤵
  PID:9400
- C:\Windows\System\PyOjXoy.exe
  C:\Windows\System\PyOjXoy.exe
  2⤵
  PID:9532
- C:\Windows\System\eUVpnBB.exe
  C:\Windows\System\eUVpnBB.exe
  2⤵
  PID:8504
- C:\Windows\System\PIyhuzP.exe
  C:\Windows\System\PIyhuzP.exe
  2⤵
  PID:9468
- C:\Windows\System\QKGSTCG.exe
  C:\Windows\System\QKGSTCG.exe
  2⤵
  PID:9072
- C:\Windows\System\ZACsgyJ.exe
  C:\Windows\System\ZACsgyJ.exe
  2⤵
  PID:9376
- C:\Windows\System\JUYTeEu.exe
  C:\Windows\System\JUYTeEu.exe
  2⤵
  PID:9432
- C:\Windows\System\jYCtTAx.exe
  C:\Windows\System\jYCtTAx.exe
  2⤵
  PID:9588
- C:\Windows\System\flSinwv.exe
  C:\Windows\System\flSinwv.exe
  2⤵
  PID:9600
- C:\Windows\System\NebVrgC.exe
  C:\Windows\System\NebVrgC.exe
  2⤵
  PID:9660
- C:\Windows\System\zOovTSR.exe
  C:\Windows\System\zOovTSR.exe
  2⤵
  PID:9680
- C:\Windows\System\boDDUTf.exe
  C:\Windows\System\boDDUTf.exe
  2⤵
  PID:9792
- C:\Windows\System\lciHbLe.exe
  C:\Windows\System\lciHbLe.exe
  2⤵
  PID:9896
- C:\Windows\System\DqrjJpV.exe
  C:\Windows\System\DqrjJpV.exe
  2⤵
  PID:9740
- C:\Windows\System\MeZeirh.exe
  C:\Windows\System\MeZeirh.exe
  2⤵
  PID:9848
- C:\Windows\System\DPSIKgK.exe
  C:\Windows\System\DPSIKgK.exe
  2⤵
  PID:9776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AgqTrBX.exe

Filesize
6.0MB

MD5
2e405186bbca18b335006f7a75102fb0

SHA1
3095ff248f6d0413262ae7da5d8460a3dc4234f3

SHA256
dbaef21dbc5ab4837c15c61399c0ead544aee7ebfe14ca39ec19556422fa0ca9

SHA512
e5c0e5b51a85c44446f0d608caca7feb75cf3cfc192634bddc1c01a69cbb691925591681cb7fbc270dee6855e3ce4c58f1101bf65e07b9262cd3a78e501d9d55

Download Submit
C:\Windows\system\BeSDYCH.exe

Filesize
6.0MB

MD5
9d58f9bb194f6d3f1a4458f42489691d

SHA1
48c836ee6a386a339780af11218c28eda73ce409

SHA256
d0629dc08019d071962e693016d4de6999f749e75c9c47e9ce01932f7b1aeaa6

SHA512
45a5b464ff26b8fbe5a63914bf5c6628baad417855369e2f9ece84cf88da63342dd723759b1e6970d3981bd25abc10c1e0c259e67264c61d97488982805c410d

Download Submit
C:\Windows\system\ClZNGqe.exe

Filesize
6.0MB

MD5
02cbba79d3ed910d04ba0fda24ab61d4

SHA1
060e28ddcd3f879a737a178da6c2460039dc11e5

SHA256
1f68a01701f33ad0736a2c737a5744064be940ae996dee6670972f9fdd43fbec

SHA512
0da053e83ce573373969cbcbf159b25bfdcf5fb3f61b3e09f5a1bbf213d63001554e50bf6be81c9d46607be1854b472790eeac8bdfd28a87f6d13dfbadf2415c

Download Submit
C:\Windows\system\DcRCbvh.exe

Filesize
6.0MB

MD5
7b239612bf94f0ee887c310315b296cc

SHA1
2e624d4abc543e7ea9c96e32844bfdab47091d8a

SHA256
32533571400e1407378aaeedbaff20c6e42079b32f74a8f3b5359ff00ad897f7

SHA512
d153416797af8416dc8464d4af1d46c015326ad9209277a16a9af3f1118c81d90ed29603e78a6f04eb56ce39d934ee0873f80260bdcbd092074627f32431e22e

Download Submit
C:\Windows\system\DrTfdiI.exe

Filesize
6.0MB

MD5
c54993e34fbc0fd532166018d6bfa259

SHA1
b1b1c385e80bd7154688ebb8684086b7a7efc929

SHA256
b14a3c3f0760a3ee8c3a949f2c9cadcc70b915a95e60460cf7284b3f5d361e89

SHA512
d04340b82c823a8acd40697f0f70855ada6a8a91256b18a935508a605b9385d755bbb7ed4c885a3b0164070649db9cb3d576b04a5a2be54eb4f5f2652d75ef12

Download Submit
C:\Windows\system\DwHHmgh.exe

Filesize
6.0MB

MD5
5e415f0c1c880a1a6bc179bd395ebe8a

SHA1
d54ec39bbe92f409d842af81f2cdb14cad56632d

SHA256
c1c4a68cef6c7912abcd3538cdef327ef85b14934f8e3cecbe32416711313609

SHA512
8b23ac847448f58aa03ca991432e12ba6971cc932071f1bd7b1372ca4065b11b4367f53516853e37f4301f3ed90913e67b9fd1d63c9c830cead83b70a4e5410c

Download Submit
C:\Windows\system\EsOYkfG.exe

Filesize
6.0MB

MD5
51398a024098b82e85866147ebbc72ef

SHA1
9de0f9ce65475678a92580a4e4c0938c2075c00b

SHA256
3591fdb00aef5d5a64eb95dcc27fc246e479ab49e1b812d5be9bf2b54ddd5f06

SHA512
4bfd5dc422d2da5a3fdabfde1d99cb85977a812d1c9d1a6603129e5ab6f5ceca1599fb5aa6daa6b93913dc62292230beaaa19395eb5a96ba9300f1f827db7205

Download Submit
C:\Windows\system\IrhNRgI.exe

Filesize
6.0MB

MD5
18f31c626910aefa6f6b0fa5782e550c

SHA1
bc4d3741e063609c2b62183878722746315850dd

SHA256
7586266c828fc022d59c9e97bd94b59a87256a30dfaf62553df4f2a1f4b3eb1c

SHA512
df74378a0b686bec2690bcf9fb956bb3647ac88fcdfb1c93766b5f4c9db41a15277fbf31b2c68b7db8371a9e6a5714bf5afa52a15fc2f7bce9299a7657585795

Download Submit
C:\Windows\system\JTHoRWV.exe

Filesize
6.0MB

MD5
d0846463e573a7ae575345100c08415f

SHA1
fe7f194f9c6825229bb47b636658b8414d81d220

SHA256
0a0bcabd9bb3eae00faf0590ed92d4b9393b8169edb65e1d61ba51397ee5116b

SHA512
f1f40b9bac8e792f349eadd62794ba81ad7ac4f9503a6b2b2c0fc5c1c2099e3f1d137ddedbf1392a36bf9f869bba69cee6dcda6c6c19e4bcb880ca1c85c234fd

Download Submit
C:\Windows\system\MbtUpDB.exe

Filesize
6.0MB

MD5
9c0024b5562f846d67d1db18ffa87850

SHA1
531b8fdf7588a3a04f9ec400fba4bf26799aaf80

SHA256
41b58c02c0804d49d39610b5d38bde093068eef968863cc0526249543800670b

SHA512
5669d7bed178f775da6595b04004a7e6c4918505c884572fc738d741811952c9e9aa5bd4867f17c592ee9c5c3b0d0b6c8bd90091ab0aba86841b7c8a0c264565

Download Submit
C:\Windows\system\OQYMaak.exe

Filesize
6.0MB

MD5
664463ad548fc3c3a5d3ff766512ae3f

SHA1
c28091b512e8533ec3ba4f7170512bbc5964b189

SHA256
65d473645c0b91475baf221bab50bbe36a9bc975de46cec8691dc76000392d4a

SHA512
848838fbb963b963548438747d0a1bb9c8960105d9246ca8b17c91ad7478f38156d02e34aff48518e5caffa03b5766d36776ec2eff9d42572bb2b95ec8d1f3bd

Download Submit
C:\Windows\system\OpcyKie.exe

Filesize
6.0MB

MD5
fadb5a79a64cf03161be844e993f2cb5

SHA1
a43587e8154917e41fa1159946f593aa7ae4da6f

SHA256
15cda572be400e1725ba7714b766f706f81a65db2c19125bee9b1523ccd096e6

SHA512
f1a95a62ff3fc12a6f34a77ab1ef8f490b0af6751c8128533bd4982790b460e6abd5e0d00543ea7a8c70812b9dd9776ee418650b61024630ddbfeb83b297693f

Download Submit
C:\Windows\system\SgmZcZp.exe

Filesize
6.0MB

MD5
cf9ae10b7e1df99f4192a769897ac642

SHA1
35ea6673e186c3abb826492e05b99acf68ced4e9

SHA256
482bb30bad6ccca6561ede522866c3a312b4831cd58171a5b9d54677609f6376

SHA512
996b0602ddc11745fa9fb30fc5961f844f2a6a9c87ba3e2de27b8b6d529263d95a9cb80cf3249504ef691d0d616e345eae9676eb2a1d5e4bf8266f2e760e74d9

Download Submit
C:\Windows\system\SpmADum.exe

Filesize
6.0MB

MD5
7bce9a9b3bd9fce5edd7314d501de4c2

SHA1
8498a1b10600582950f289e442cc2f98f2b0e53f

SHA256
21191b825d2651d2683f22a6e7d05723e331ca67f5906042c6db3007636265d1

SHA512
c9a05060eb32902509eea95c394b92b273bd76f98fb004f2cd05c43f75db1bfa769fc39f67ad140655cf6d497afb1bc0359f1aed8e9ea14de1abfa4a5fb829dd

Download Submit
C:\Windows\system\XVjkXib.exe

Filesize
6.0MB

MD5
8b21ccc25bdb6a9025cc691b057f73d0

SHA1
6ae35d5c232addc8fb2b236e3e6b8532172575f1

SHA256
cb74fd2a779d74a133a41413b049abb950815a97246ce7ee6aee133ad3b2ac72

SHA512
24fe58f43ee1362f4f4dba9a230bf5554113ae5d198e7ebcf5887351f831ab6acb5637261ead91fd089d81f141db026745001f98fb86c92ec33efac4b09f6656

Download Submit
C:\Windows\system\XwznEIl.exe

Filesize
6.0MB

MD5
9c6fe52417d87d2808de685da97784e7

SHA1
fe3609ba77b51ecf63bc6f076806dca2489531ff

SHA256
d3d87691cafeaadbe725baf15437b679bed3f95ba3463ea6766629b6ba741da2

SHA512
c0dc6296a3b2d94b77fc0615cafc6f751eefb73cf802e1f8b4523daa4addcbda57ee8c4c582633ef2ba2af70f57e019b4e275db3b2ddf282a7c108fd1388ca0e

Download Submit
C:\Windows\system\ZjWXoLQ.exe

Filesize
6.0MB

MD5
4067da4e8835ea36b04676d843bb2f5e

SHA1
fb8456d74d4ee1e18f2c2488941605d516286881

SHA256
c78f04a6019662c437ba5d4842c0e5755ed1c80aca524f1f3722a74d1d26fa27

SHA512
c2e4c7bfba7ba8a3d67c5a3fbe4e620eb97a0a0c81d4aa7187e603108359ef6b6b3da1726e5c761f29a3b2c2754f1a0970ba9fbcd5bfb03ad77c63935fc34773

Download Submit
C:\Windows\system\ZqZeCGK.exe

Filesize
6.0MB

MD5
286e597b7f97cd42087399198fb89aff

SHA1
f133d3fc8d8a1d1e135e3960515ddebbf69887ea

SHA256
471a60e8b9ac74f765540c259e754b2bb03b19cec941e8063c898e247d695c9e

SHA512
3f9394ac6581e77f6309df564224a2e86d04762ac79ff8fc7297addb9a96d5e772e247235613104f9dcf952dc97e3d5305cf6ee66b75519ec22f45f99770ad40

Download Submit
C:\Windows\system\fWUntUn.exe

Filesize
6.0MB

MD5
187fc1306f648eebd15a4db708649cb3

SHA1
fe0b69e0846130769a0881e45f276fe731505a6a

SHA256
fb3df91f86271e0a230178d308c55a7e8c7edf56912b93949ed61f26f8ab0190

SHA512
955c6012af7bee1603ba753d6f139d9572a0949e5008c28834c66ec20f4c6ab2ca156d9dbf9ecf78e8fee75760c0e146615d63a8a374b629a4fdd4894a1b7e9b

Download Submit
C:\Windows\system\ggmXhLs.exe

Filesize
6.0MB

MD5
8e3c7b39d1d40325651492ed077616f1

SHA1
38c19351dadec3895e9fcf7b4fdf479b31ce8bcd

SHA256
c137f27432f075abac3e13540c0008c6d46f44ee6fada10ca0b29b2a862bb44c

SHA512
7fb2f22b655af484c7bc001880763658b77de067661dc45f5ae967eb571052851a6d93f7d3ed9f4e6746cf91437faddb76da461cec45f29606458db1b2a9a44c

Download Submit
C:\Windows\system\kQypBYn.exe

Filesize
6.0MB

MD5
0bc8eff81f2f21a9f7eb1d789f190df7

SHA1
45d311991c38d04edd392baa603eb25b4c312b3e

SHA256
2ecc6c436cf5f481e71d6b55dea49ef9a84ee9e63294ba5904d68d380b59afa6

SHA512
84665a51b24971e988fcc375d7b311e83fb87711ea4263e1cc6ab64d51e7747f3f93cec37192a78cbe5f90032e052371b713781a964d62806d9131a26961fbb6

Download Submit
C:\Windows\system\nlcUBog.exe

Filesize
6.0MB

MD5
66638cb1a973733833696e5ee5f1614a

SHA1
1f577274910d019ddd19f214b5ac68e9507acb24

SHA256
4b3e352dec6ad8c753cb849ceab2ee168e2d3d3e84aed0bcc7769f020b4ae07e

SHA512
10ac33f51de57b65dd937b941dde8734393ee72e70b78ce41b288801a9d4368b71a059a5f446aca02611d670ee842e736ad13a1678c7d2e1d2d3f46c77ade491

Download Submit
C:\Windows\system\npDEhlA.exe

Filesize
6.0MB

MD5
66929ed68e70139ff7fac20bcfdacfdf

SHA1
30a94b96e2e4fb952f15512eaadb91a62d07b04c

SHA256
0232e5d7a79082d48bf9a9e93d049e7bb4e235fd0bbb575769826af50f7222ca

SHA512
4cfff8176fda4312bc5426ae48aaaf54d7c710fc8f9b4fdc606c6f9d4814f46485673c26dbb27833c0483b848e10e1f69246950f8ee52b592864a50778d87da2

Download Submit
C:\Windows\system\qzVjTkJ.exe

Filesize
6.0MB

MD5
18158a1badb4d6268c120a595b2a7120

SHA1
0c7a87beee9368a243102d46a85a84f49a34f3eb

SHA256
92b3cba10a0968a24f9a3704f98eb46bd5ac4d84d01cfaa3df03482f680e518d

SHA512
181b5266add9f3506c7c8f76c91f38ef5e66ab868c843adb8710d070931851115f46e99d8b31b38aefcca42ee612883be0f10f6c6c38ff0a426d59007f216b24

Download Submit
C:\Windows\system\rOEyHpl.exe

Filesize
6.0MB

MD5
0d557467431046c5236d55579a102073

SHA1
2efe3c3042dfab3b1ca822800e1b56ffeece8f0b

SHA256
b2d9f3eeac49c1ad31c55d4d2cac85ebc1e91da507c9e6056224b5501a768173

SHA512
e55d99007aa4e430af2b3567850c96b785cb23d204ee020150aa3cec9bd3839020f11bab5c32085c3642b96b9d822fd1ae727bb54118ab6c23762a5d2ef52cbf

Download Submit
C:\Windows\system\rlNjIdo.exe

Filesize
6.0MB

MD5
b644ba18101f26e2aa8206f5524b6be5

SHA1
d94f9cec34fd5a94d65ae33781091400c2f826f2

SHA256
0979d5ab1981e471bbf4b238504cef415512881a7b56ae62bdafd9aaa03bcac3

SHA512
00589f5444ba4ca9f1fdf90baa47d711a58725b65cef1481b34a46f154af6af30960c9978737d55e605cef4f1c347f3a0a02fa84d004351f6ddf51e54f271dd2

Download Submit
C:\Windows\system\vRQWVyW.exe

Filesize
6.0MB

MD5
86b1335b7e14af41837ea07d56a56c4c

SHA1
4a1afe394ffc9294cacfe8c898e5f19c05fbd935

SHA256
791ade29ad2afcffbfed2ebeb4a6d898faf7722013c7aa7ddec7a74fee6790fd

SHA512
739812c3c9ef68ac5873fb429a159842a7180b91ba10e6dd19a60b7df5606b36e1819230ba083333215bc13a88d65fc13707764c897bfd3cda5baf625297198a

Download Submit
C:\Windows\system\wYbHstn.exe

Filesize
6.0MB

MD5
722adc0fea624819d48096d3c0e9b5ce

SHA1
584d7426132737d485528acf556ea37084094349

SHA256
9457a8ab0b3ea62e8d1388e1c3e51bb05eccc68a32caa691b40a1e181b4418c9

SHA512
d6134523ec17b272e1d6b232f4bee22c38285e1f17334681446d0a733442c18e6253d1d96c7a74940ec3e187369d24914b32cfc76db8aca222e63516d7dc2c7f

Download Submit
C:\Windows\system\wsIodLG.exe

Filesize
6.0MB

MD5
a5484b9aa6ed16dd43fd6cee29dd4775

SHA1
1b3984cf0e63101a392ca180ba7f596713167b55

SHA256
3f07fafc6a843c29b8d689105a764f35c2fc0b2e7bd000cc9b281b95d7431d95

SHA512
35179fb0775a0de215de8ce53d29b2fa374c023ce8610469a691386ea4bc7c3de22d289ed698778a1db47b98d479c4fae4e8947c1d30f58221c6e99731bab21b

Download Submit
\Windows\system\CHuUkxa.exe

Filesize
6.0MB

MD5
1d61e542a87bb634cd492847569f2b22

SHA1
3fce1132c26858d46c41ac6f61e7750d784480ad

SHA256
ee2433bc4ed212d6fca1e83155e148c295e69323e6eda9fe06e9b3196fff8754

SHA512
44feac8cddec0b5baa42c4a7676463f94e5462d1eddb574192a1b0b8f915f92f3074f07fa70f8a46dab9c02d3d049c4646d5b83515129fe74f8cad395e2ff975

Download Submit
\Windows\system\MJzEMYz.exe

Filesize
6.0MB

MD5
13f430efcec07f34a7b98c612083ec28

SHA1
9c83a48f5668d3efc711e68e2b8003825bb26777

SHA256
30ad68ebaaf29c206dca2cf02e40142de3ceb3d83003fd409cef6ff0909774d2

SHA512
49b61622e1e8bf6257e0e553ef054bfc220d117735fb14a0fa5647e47731106f2ac82ce41f4fa1ba59abe05e4a35635a6cec5e4b102d52a08fd9011d02380ae6

Download Submit
\Windows\system\RAzsLOK.exe

Filesize
6.0MB

MD5
057e405b52bcc49a992c4527736813b7

SHA1
08573b4c877d4aeed807062b23f8141c4139e1ef

SHA256
053619a910fd00bf6e06ff11cc5a8ec7f654dfca70806d479200d4383a5ccfe1

SHA512
4a2eb0eed369553a63a7c7b4d58c668d7541e5548ad11d52cf6a8bb650c1c32c3c7857605bedaa23c726923d3215521981db517b6e2daeb62b26e2de4a5273b1

Download Submit
memory/1216-72-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/1216-4008-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/1648-4005-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1648-33-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1648-108-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2000-4012-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2000-109-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2112-42-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-92-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-40-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2112-521-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-15-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2112-448-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2112-112-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2112-111-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2112-110-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2112-32-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2112-0-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-756-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-26-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2112-104-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2112-86-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-51-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-60-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-68-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2112-67-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-1028-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-902-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2112-905-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-49-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2112-82-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2528-41-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2528-197-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2528-4009-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2656-50-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2656-4007-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2852-4004-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-21-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-74-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2876-27-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2876-4010-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2900-4011-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2900-99-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2920-4006-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2920-19-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2920-56-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2928-4003-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2928-11-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-64-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-4013-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-522-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download