cobaltstrike | 547bdea28426c808b1c47ed827664a6fabd3312958353d3562bacdcc477ed47a

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 03:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

80790719d1d93dd9cc08c93026320274
SHA1

933523458c2ae8855badf3bffb9abbc32f405942
SHA256

547bdea28426c808b1c47ed827664a6fabd3312958353d3562bacdcc477ed47a
SHA512

17b63bebf597936981ab5e6979a0de0288dd53a641d7efe8ad59b48d14fa48e4fde50611dd7d88166fbed2fa66a56c3ea4560151af50984f9ce7af93787ea49d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU9:T+q56utgpPF8u/79

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral1/files/0x000a00000001225c-6.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018b05-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b50-16.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b54-21.dat	cobalt_reflective_dll
behavioral1/files/0x0003000000018334-30.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018b71-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b89-40.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-45.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-55.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-71.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fd4-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a309-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b6-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f8-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a400-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ab-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03c-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3fd-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f6-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a049-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fdd-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-87.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-93.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-50.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b59-26.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 59 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/392-0-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/files/0x000a00000001225c-6.dat	xmrig
behavioral1/files/0x0009000000018b05-8.dat	xmrig
behavioral1/files/0x0007000000018b50-16.dat	xmrig
behavioral1/files/0x0007000000018b54-21.dat	xmrig
behavioral1/files/0x0003000000018334-30.dat	xmrig
behavioral1/files/0x0009000000018b71-36.dat	xmrig
behavioral1/files/0x0007000000018b89-40.dat	xmrig
behavioral1/files/0x000500000001975a-45.dat	xmrig
behavioral1/files/0x00050000000197fd-55.dat	xmrig
behavioral1/files/0x0005000000019820-60.dat	xmrig
behavioral1/files/0x0005000000019bf5-71.dat	xmrig
behavioral1/files/0x0005000000019bf9-80.dat	xmrig
behavioral1/files/0x0005000000019d6d-100.dat	xmrig
behavioral1/files/0x0005000000019fd4-110.dat	xmrig
behavioral1/files/0x000500000001a309-134.dat	xmrig
behavioral1/files/0x000500000001a0b6-147.dat	xmrig
behavioral1/files/0x000500000001a3f8-143.dat	xmrig
behavioral1/memory/2756-1577-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2856-1666-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2636-1686-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2456-1689-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2724-1692-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2756-1691-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2736-1688-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2848-1687-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2864-1685-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2932-1674-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2468-1669-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2724-1659-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2848-1522-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2736-1462-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2636-1392-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2456-1326-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2864-1254-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2596-1702-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2552-1720-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2932-1188-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/392-1788-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2856-1035-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2468-901-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/392-1862-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2196-1959-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2788-1986-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a400-159.dat	xmrig
behavioral1/files/0x000500000001a3ab-132.dat	xmrig
behavioral1/files/0x000500000001a03c-127.dat	xmrig
behavioral1/files/0x000500000001a3fd-151.dat	xmrig
behavioral1/files/0x000500000001a3f6-139.dat	xmrig
behavioral1/files/0x000500000001a049-124.dat	xmrig
behavioral1/files/0x0005000000019fdd-114.dat	xmrig
behavioral1/files/0x0005000000019e92-105.dat	xmrig
behavioral1/files/0x0005000000019d61-87.dat	xmrig
behavioral1/files/0x0005000000019d62-93.dat	xmrig
behavioral1/files/0x0005000000019c3c-85.dat	xmrig
behavioral1/files/0x0005000000019bf6-75.dat	xmrig
behavioral1/files/0x000500000001998d-65.dat	xmrig
behavioral1/files/0x0005000000019761-50.dat	xmrig
behavioral1/files/0x0007000000018b59-26.dat	xmrig

Executes dropped EXE 64 IoCs

Processes:

eVdMCKu.exemTnvwbA.exejZQazFC.exeNxUywLj.exeycwhgfN.exejAEFUJJ.exelHkneHK.exebsdrRVJ.exeeweAZpC.exekMgDPKE.execnwHQWu.exevNzKvGw.exeowgYPso.exeJtlxpuU.exehiBsAxx.exeLbMGvxb.exeInjmdOU.exeTsURCVI.exeZaphdnG.exendIXoNC.exerWgutXp.exeTGnDmrn.exeZnipoVb.exetemvdrV.exeXQZsjIm.exezkEvMOy.exerWZZeOG.execSvtSUK.exeAVHtxtr.exeFiZaupz.exeBdnQHdA.exeFIrsqYq.exeqhUBxmK.exeGpqNDxM.exeLyBYSnG.exeTEGfFbX.exeoYpPqpr.exeNEgZdsm.exeImptxFr.exeIXRKPib.exeKicertU.exeZRRwwvC.exeWfBaUye.exeKbJAQtc.exekmEknmt.exexfxtVKL.exeaaCDTZj.exeIpEqvca.exeErjQXQj.exekKRuWMD.exezyzzvuV.exeMnTNUYn.exeTIneFdu.exeTkujSxL.exeKzcqSUv.exeJVDuWhJ.exejIrCkDE.exebwqlBLn.exeKKBxqVM.exesKpenki.exenGnuBBX.exeIUWlDZu.exeSuCoZvV.exeBhUiWwr.exe

pid	Process
2552	eVdMCKu.exe
2468	mTnvwbA.exe
2856	jZQazFC.exe
2932	NxUywLj.exe
2864	ycwhgfN.exe
2456	jAEFUJJ.exe
2636	lHkneHK.exe
2736	bsdrRVJ.exe
2848	eweAZpC.exe
2756	kMgDPKE.exe
2724	cnwHQWu.exe
2788	vNzKvGw.exe
2596	owgYPso.exe
2196	JtlxpuU.exe
2304	hiBsAxx.exe
2416	LbMGvxb.exe
580	InjmdOU.exe
2888	TsURCVI.exe
2960	ZaphdnG.exe
2200	ndIXoNC.exe
2700	rWgutXp.exe
1400	TGnDmrn.exe
2024	ZnipoVb.exe
1812	temvdrV.exe
2248	XQZsjIm.exe
1272	zkEvMOy.exe
2504	rWZZeOG.exe
1840	cSvtSUK.exe
2492	AVHtxtr.exe
2240	FiZaupz.exe
2260	BdnQHdA.exe
2080	FIrsqYq.exe
848	qhUBxmK.exe
1124	GpqNDxM.exe
1408	LyBYSnG.exe
660	TEGfFbX.exe
1076	oYpPqpr.exe
2604	NEgZdsm.exe
1832	ImptxFr.exe
288	IXRKPib.exe
2284	KicertU.exe
2164	ZRRwwvC.exe
2032	WfBaUye.exe
2564	KbJAQtc.exe
1372	kmEknmt.exe
1820	xfxtVKL.exe
1772	aaCDTZj.exe
1640	IpEqvca.exe
2008	ErjQXQj.exe
2680	kKRuWMD.exe
1632	zyzzvuV.exe
1560	MnTNUYn.exe
1528	TIneFdu.exe
2324	TkujSxL.exe
2256	KzcqSUv.exe
1540	JVDuWhJ.exe
1620	jIrCkDE.exe
1596	bwqlBLn.exe
1388	KKBxqVM.exe
2144	sKpenki.exe
2892	nGnuBBX.exe
2408	IUWlDZu.exe
2944	SuCoZvV.exe
2740	BhUiWwr.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe

pid	Process
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 57 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/392-0-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/files/0x000a00000001225c-6.dat	upx
behavioral1/files/0x0009000000018b05-8.dat	upx
behavioral1/files/0x0007000000018b50-16.dat	upx
behavioral1/files/0x0007000000018b54-21.dat	upx
behavioral1/files/0x0003000000018334-30.dat	upx
behavioral1/files/0x0009000000018b71-36.dat	upx
behavioral1/files/0x0007000000018b89-40.dat	upx
behavioral1/files/0x000500000001975a-45.dat	upx
behavioral1/files/0x00050000000197fd-55.dat	upx
behavioral1/files/0x0005000000019820-60.dat	upx
behavioral1/files/0x0005000000019bf5-71.dat	upx
behavioral1/files/0x0005000000019bf9-80.dat	upx
behavioral1/files/0x0005000000019d6d-100.dat	upx
behavioral1/files/0x0005000000019fd4-110.dat	upx
behavioral1/files/0x000500000001a309-134.dat	upx
behavioral1/files/0x000500000001a0b6-147.dat	upx
behavioral1/files/0x000500000001a3f8-143.dat	upx
behavioral1/memory/2756-1577-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2856-1666-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2636-1686-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2456-1689-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2724-1692-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2756-1691-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2736-1688-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2848-1687-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2864-1685-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2932-1674-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2468-1669-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2724-1659-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2848-1522-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2736-1462-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2636-1392-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2456-1326-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2864-1254-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2596-1702-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2552-1720-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2932-1188-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2856-1035-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2468-901-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2196-1959-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2788-1986-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x000500000001a400-159.dat	upx
behavioral1/files/0x000500000001a3ab-132.dat	upx
behavioral1/files/0x000500000001a03c-127.dat	upx
behavioral1/files/0x000500000001a3fd-151.dat	upx
behavioral1/files/0x000500000001a3f6-139.dat	upx
behavioral1/files/0x000500000001a049-124.dat	upx
behavioral1/files/0x0005000000019fdd-114.dat	upx
behavioral1/files/0x0005000000019e92-105.dat	upx
behavioral1/files/0x0005000000019d61-87.dat	upx
behavioral1/files/0x0005000000019d62-93.dat	upx
behavioral1/files/0x0005000000019c3c-85.dat	upx
behavioral1/files/0x0005000000019bf6-75.dat	upx
behavioral1/files/0x000500000001998d-65.dat	upx
behavioral1/files/0x0005000000019761-50.dat	upx
behavioral1/files/0x0007000000018b59-26.dat	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\jgTANSl.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AWnwYeM.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OKHMpgR.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\splRjgc.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XLcWJRf.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qywcXzZ.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJOeAos.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pzLYENV.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LpetTmR.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QTWLFRp.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CMOJEOd.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IrPkqcc.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gWWlPZp.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sOpEtXy.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IrvYunz.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PRnhCGv.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ByNcFEe.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wFWXAmC.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MoZJyik.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tCgPpGv.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PtyDUuf.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LUuwTYc.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ARZHwJe.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qQTssLy.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LFRFgwu.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bQnSLeC.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AWePIui.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\neTEvRT.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZhgnBaa.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\akzcSbX.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BTGiweV.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TCgpjrv.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oDqkyyi.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GiEbDew.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KeZSUoT.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CqHJOVH.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RsjSwZM.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KsAKwGn.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KwXNChw.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uzDsoCL.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lUOocYI.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LQdKRso.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GUnNcUd.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qLxuMXR.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uQcoKgA.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\octKeIn.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kPkfGKV.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JUsAkhQ.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RMkvCwe.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fsqTfSj.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gqfFyhJ.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pNqfNJF.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZUIlaRV.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hERDAwF.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ereVlAz.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GmEvVKq.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mrTurOF.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BCbGkTd.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oYNSHrB.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xwdKYnA.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GCCYDAy.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GklpOFZ.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KzHTIsA.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FBvOHeB.exe	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 392 wrote to memory of 2552	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 392 wrote to memory of 2552	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 392 wrote to memory of 2552	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 392 wrote to memory of 2468	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 392 wrote to memory of 2468	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 392 wrote to memory of 2468	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 392 wrote to memory of 2856	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 392 wrote to memory of 2856	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 392 wrote to memory of 2856	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 392 wrote to memory of 2932	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 392 wrote to memory of 2932	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 392 wrote to memory of 2932	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 392 wrote to memory of 2864	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 392 wrote to memory of 2864	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 392 wrote to memory of 2864	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 392 wrote to memory of 2456	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 392 wrote to memory of 2456	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 392 wrote to memory of 2456	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 392 wrote to memory of 2636	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 392 wrote to memory of 2636	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 392 wrote to memory of 2636	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 392 wrote to memory of 2736	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 392 wrote to memory of 2736	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 392 wrote to memory of 2736	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 392 wrote to memory of 2848	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 392 wrote to memory of 2848	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 392 wrote to memory of 2848	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 392 wrote to memory of 2756	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 392 wrote to memory of 2756	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 392 wrote to memory of 2756	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 392 wrote to memory of 2724	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 392 wrote to memory of 2724	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 392 wrote to memory of 2724	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 392 wrote to memory of 2788	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 392 wrote to memory of 2788	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 392 wrote to memory of 2788	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 392 wrote to memory of 2596	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 392 wrote to memory of 2596	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 392 wrote to memory of 2596	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 392 wrote to memory of 2196	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 392 wrote to memory of 2196	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 392 wrote to memory of 2196	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 392 wrote to memory of 2304	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 392 wrote to memory of 2304	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 392 wrote to memory of 2304	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 392 wrote to memory of 2416	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 392 wrote to memory of 2416	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 392 wrote to memory of 2416	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 392 wrote to memory of 580	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 392 wrote to memory of 580	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 392 wrote to memory of 580	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 392 wrote to memory of 2960	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 392 wrote to memory of 2960	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 392 wrote to memory of 2960	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 392 wrote to memory of 2888	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 392 wrote to memory of 2888	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 392 wrote to memory of 2888	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 392 wrote to memory of 2200	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 392 wrote to memory of 2200	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 392 wrote to memory of 2200	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 392 wrote to memory of 2700	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 392 wrote to memory of 2700	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 392 wrote to memory of 2700	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 392 wrote to memory of 1400	392	2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-23_80790719d1d93dd9cc08c93026320274_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:392
- C:\Windows\System\eVdMCKu.exe
  C:\Windows\System\eVdMCKu.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\mTnvwbA.exe
  C:\Windows\System\mTnvwbA.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\jZQazFC.exe
  C:\Windows\System\jZQazFC.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\NxUywLj.exe
  C:\Windows\System\NxUywLj.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\ycwhgfN.exe
  C:\Windows\System\ycwhgfN.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\jAEFUJJ.exe
  C:\Windows\System\jAEFUJJ.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\lHkneHK.exe
  C:\Windows\System\lHkneHK.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\bsdrRVJ.exe
  C:\Windows\System\bsdrRVJ.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\eweAZpC.exe
  C:\Windows\System\eweAZpC.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\kMgDPKE.exe
  C:\Windows\System\kMgDPKE.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\cnwHQWu.exe
  C:\Windows\System\cnwHQWu.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\vNzKvGw.exe
  C:\Windows\System\vNzKvGw.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\owgYPso.exe
  C:\Windows\System\owgYPso.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\JtlxpuU.exe
  C:\Windows\System\JtlxpuU.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\hiBsAxx.exe
  C:\Windows\System\hiBsAxx.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\LbMGvxb.exe
  C:\Windows\System\LbMGvxb.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\InjmdOU.exe
  C:\Windows\System\InjmdOU.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\ZaphdnG.exe
  C:\Windows\System\ZaphdnG.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\TsURCVI.exe
  C:\Windows\System\TsURCVI.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\ndIXoNC.exe
  C:\Windows\System\ndIXoNC.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\rWgutXp.exe
  C:\Windows\System\rWgutXp.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\TGnDmrn.exe
  C:\Windows\System\TGnDmrn.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\ZnipoVb.exe
  C:\Windows\System\ZnipoVb.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\XQZsjIm.exe
  C:\Windows\System\XQZsjIm.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\temvdrV.exe
  C:\Windows\System\temvdrV.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\cSvtSUK.exe
  C:\Windows\System\cSvtSUK.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\zkEvMOy.exe
  C:\Windows\System\zkEvMOy.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\FiZaupz.exe
  C:\Windows\System\FiZaupz.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\rWZZeOG.exe
  C:\Windows\System\rWZZeOG.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\BdnQHdA.exe
  C:\Windows\System\BdnQHdA.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\AVHtxtr.exe
  C:\Windows\System\AVHtxtr.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\FIrsqYq.exe
  C:\Windows\System\FIrsqYq.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\qhUBxmK.exe
  C:\Windows\System\qhUBxmK.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\GpqNDxM.exe
  C:\Windows\System\GpqNDxM.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\LyBYSnG.exe
  C:\Windows\System\LyBYSnG.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\TEGfFbX.exe
  C:\Windows\System\TEGfFbX.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System\oYpPqpr.exe
  C:\Windows\System\oYpPqpr.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\NEgZdsm.exe
  C:\Windows\System\NEgZdsm.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\ImptxFr.exe
  C:\Windows\System\ImptxFr.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\WfBaUye.exe
  C:\Windows\System\WfBaUye.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\IXRKPib.exe
  C:\Windows\System\IXRKPib.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\KbJAQtc.exe
  C:\Windows\System\KbJAQtc.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\KicertU.exe
  C:\Windows\System\KicertU.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\xfxtVKL.exe
  C:\Windows\System\xfxtVKL.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\ZRRwwvC.exe
  C:\Windows\System\ZRRwwvC.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\IpEqvca.exe
  C:\Windows\System\IpEqvca.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\kmEknmt.exe
  C:\Windows\System\kmEknmt.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\ErjQXQj.exe
  C:\Windows\System\ErjQXQj.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\aaCDTZj.exe
  C:\Windows\System\aaCDTZj.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\MnTNUYn.exe
  C:\Windows\System\MnTNUYn.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\kKRuWMD.exe
  C:\Windows\System\kKRuWMD.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\TIneFdu.exe
  C:\Windows\System\TIneFdu.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\zyzzvuV.exe
  C:\Windows\System\zyzzvuV.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\TkujSxL.exe
  C:\Windows\System\TkujSxL.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\KzcqSUv.exe
  C:\Windows\System\KzcqSUv.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\JVDuWhJ.exe
  C:\Windows\System\JVDuWhJ.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\jIrCkDE.exe
  C:\Windows\System\jIrCkDE.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\bwqlBLn.exe
  C:\Windows\System\bwqlBLn.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\KKBxqVM.exe
  C:\Windows\System\KKBxqVM.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\nGnuBBX.exe
  C:\Windows\System\nGnuBBX.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\sKpenki.exe
  C:\Windows\System\sKpenki.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\SuCoZvV.exe
  C:\Windows\System\SuCoZvV.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\IUWlDZu.exe
  C:\Windows\System\IUWlDZu.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\BhUiWwr.exe
  C:\Windows\System\BhUiWwr.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\DgAgHlN.exe
  C:\Windows\System\DgAgHlN.exe
  2⤵
  PID:2904
- C:\Windows\System\ICAEwnM.exe
  C:\Windows\System\ICAEwnM.exe
  2⤵
  PID:2744
- C:\Windows\System\nzaUfpX.exe
  C:\Windows\System\nzaUfpX.exe
  2⤵
  PID:2616
- C:\Windows\System\QmqDltn.exe
  C:\Windows\System\QmqDltn.exe
  2⤵
  PID:2692
- C:\Windows\System\LtDdNGJ.exe
  C:\Windows\System\LtDdNGJ.exe
  2⤵
  PID:2612
- C:\Windows\System\LBsukOX.exe
  C:\Windows\System\LBsukOX.exe
  2⤵
  PID:2100
- C:\Windows\System\mOqfCBJ.exe
  C:\Windows\System\mOqfCBJ.exe
  2⤵
  PID:3052
- C:\Windows\System\erRObAS.exe
  C:\Windows\System\erRObAS.exe
  2⤵
  PID:540
- C:\Windows\System\wiSCwOF.exe
  C:\Windows\System\wiSCwOF.exe
  2⤵
  PID:436
- C:\Windows\System\EyKAnRP.exe
  C:\Windows\System\EyKAnRP.exe
  2⤵
  PID:2764
- C:\Windows\System\WipHujK.exe
  C:\Windows\System\WipHujK.exe
  2⤵
  PID:2244
- C:\Windows\System\yywKCEg.exe
  C:\Windows\System\yywKCEg.exe
  2⤵
  PID:2036
- C:\Windows\System\RtmBuiC.exe
  C:\Windows\System\RtmBuiC.exe
  2⤵
  PID:2192
- C:\Windows\System\ZENnKJI.exe
  C:\Windows\System\ZENnKJI.exe
  2⤵
  PID:2672
- C:\Windows\System\FueQcwF.exe
  C:\Windows\System\FueQcwF.exe
  2⤵
  PID:2056
- C:\Windows\System\hYxNVbR.exe
  C:\Windows\System\hYxNVbR.exe
  2⤵
  PID:952
- C:\Windows\System\HhIUGhI.exe
  C:\Windows\System\HhIUGhI.exe
  2⤵
  PID:1220
- C:\Windows\System\vReNAvU.exe
  C:\Windows\System\vReNAvU.exe
  2⤵
  PID:1776
- C:\Windows\System\RMkvCwe.exe
  C:\Windows\System\RMkvCwe.exe
  2⤵
  PID:1052
- C:\Windows\System\mzZITyk.exe
  C:\Windows\System\mzZITyk.exe
  2⤵
  PID:112
- C:\Windows\System\jivAMBX.exe
  C:\Windows\System\jivAMBX.exe
  2⤵
  PID:1552
- C:\Windows\System\lnIHugU.exe
  C:\Windows\System\lnIHugU.exe
  2⤵
  PID:2020
- C:\Windows\System\AbHJpkf.exe
  C:\Windows\System\AbHJpkf.exe
  2⤵
  PID:924
- C:\Windows\System\yysOfwp.exe
  C:\Windows\System\yysOfwp.exe
  2⤵
  PID:640
- C:\Windows\System\hnJVZux.exe
  C:\Windows\System\hnJVZux.exe
  2⤵
  PID:844
- C:\Windows\System\BcKzBlp.exe
  C:\Windows\System\BcKzBlp.exe
  2⤵
  PID:1512
- C:\Windows\System\dDCumwt.exe
  C:\Windows\System\dDCumwt.exe
  2⤵
  PID:2476
- C:\Windows\System\eLWuJVY.exe
  C:\Windows\System\eLWuJVY.exe
  2⤵
  PID:884
- C:\Windows\System\hyzQTUy.exe
  C:\Windows\System\hyzQTUy.exe
  2⤵
  PID:524
- C:\Windows\System\DkhiNkF.exe
  C:\Windows\System\DkhiNkF.exe
  2⤵
  PID:2384
- C:\Windows\System\NtuQxYw.exe
  C:\Windows\System\NtuQxYw.exe
  2⤵
  PID:1708
- C:\Windows\System\mwftidZ.exe
  C:\Windows\System\mwftidZ.exe
  2⤵
  PID:3000
- C:\Windows\System\EpdYwfb.exe
  C:\Windows\System\EpdYwfb.exe
  2⤵
  PID:2804
- C:\Windows\System\ueuuLob.exe
  C:\Windows\System\ueuuLob.exe
  2⤵
  PID:2916
- C:\Windows\System\yrmyNaO.exe
  C:\Windows\System\yrmyNaO.exe
  2⤵
  PID:2356
- C:\Windows\System\PGSggzq.exe
  C:\Windows\System\PGSggzq.exe
  2⤵
  PID:2800
- C:\Windows\System\RdVtVVw.exe
  C:\Windows\System\RdVtVVw.exe
  2⤵
  PID:2348
- C:\Windows\System\mtlhfPm.exe
  C:\Windows\System\mtlhfPm.exe
  2⤵
  PID:1296
- C:\Windows\System\QUiCtHF.exe
  C:\Windows\System\QUiCtHF.exe
  2⤵
  PID:2168
- C:\Windows\System\WbTKVYi.exe
  C:\Windows\System\WbTKVYi.exe
  2⤵
  PID:2716
- C:\Windows\System\tHFROvW.exe
  C:\Windows\System\tHFROvW.exe
  2⤵
  PID:3036
- C:\Windows\System\SxTTJdZ.exe
  C:\Windows\System\SxTTJdZ.exe
  2⤵
  PID:1848
- C:\Windows\System\PQFkeOd.exe
  C:\Windows\System\PQFkeOd.exe
  2⤵
  PID:2808
- C:\Windows\System\HmDrwJX.exe
  C:\Windows\System\HmDrwJX.exe
  2⤵
  PID:1096
- C:\Windows\System\tHahikv.exe
  C:\Windows\System\tHahikv.exe
  2⤵
  PID:1804
- C:\Windows\System\DWruwiP.exe
  C:\Windows\System\DWruwiP.exe
  2⤵
  PID:2268
- C:\Windows\System\pTvohfT.exe
  C:\Windows\System\pTvohfT.exe
  2⤵
  PID:1724
- C:\Windows\System\icgZSPh.exe
  C:\Windows\System\icgZSPh.exe
  2⤵
  PID:2460
- C:\Windows\System\uFZNaSF.exe
  C:\Windows\System\uFZNaSF.exe
  2⤵
  PID:696
- C:\Windows\System\cIHpqzp.exe
  C:\Windows\System\cIHpqzp.exe
  2⤵
  PID:2656
- C:\Windows\System\wQQJWdk.exe
  C:\Windows\System\wQQJWdk.exe
  2⤵
  PID:1624
- C:\Windows\System\jbqGOvD.exe
  C:\Windows\System\jbqGOvD.exe
  2⤵
  PID:1132
- C:\Windows\System\gezwzpQ.exe
  C:\Windows\System\gezwzpQ.exe
  2⤵
  PID:2828
- C:\Windows\System\leSeIbr.exe
  C:\Windows\System\leSeIbr.exe
  2⤵
  PID:1676
- C:\Windows\System\Euknbnv.exe
  C:\Windows\System\Euknbnv.exe
  2⤵
  PID:1608
- C:\Windows\System\ZShJmzA.exe
  C:\Windows\System\ZShJmzA.exe
  2⤵
  PID:3048
- C:\Windows\System\jUucwiB.exe
  C:\Windows\System\jUucwiB.exe
  2⤵
  PID:2924
- C:\Windows\System\kLNlmYg.exe
  C:\Windows\System\kLNlmYg.exe
  2⤵
  PID:2576
- C:\Windows\System\ElTLtPF.exe
  C:\Windows\System\ElTLtPF.exe
  2⤵
  PID:2652
- C:\Windows\System\omfgBxd.exe
  C:\Windows\System\omfgBxd.exe
  2⤵
  PID:2784
- C:\Windows\System\gsmOzui.exe
  C:\Windows\System\gsmOzui.exe
  2⤵
  PID:2444
- C:\Windows\System\PnMMXnv.exe
  C:\Windows\System\PnMMXnv.exe
  2⤵
  PID:2212
- C:\Windows\System\usWoFZh.exe
  C:\Windows\System\usWoFZh.exe
  2⤵
  PID:572
- C:\Windows\System\xdpRTef.exe
  C:\Windows\System\xdpRTef.exe
  2⤵
  PID:2280
- C:\Windows\System\KsHqYAR.exe
  C:\Windows\System\KsHqYAR.exe
  2⤵
  PID:932
- C:\Windows\System\zdXyzMv.exe
  C:\Windows\System\zdXyzMv.exe
  2⤵
  PID:1752
- C:\Windows\System\DlRWkmP.exe
  C:\Windows\System\DlRWkmP.exe
  2⤵
  PID:1048
- C:\Windows\System\pECCiTQ.exe
  C:\Windows\System\pECCiTQ.exe
  2⤵
  PID:2540
- C:\Windows\System\djUBZGk.exe
  C:\Windows\System\djUBZGk.exe
  2⤵
  PID:2572
- C:\Windows\System\VAPeVSZ.exe
  C:\Windows\System\VAPeVSZ.exe
  2⤵
  PID:3064
- C:\Windows\System\yrXOGfw.exe
  C:\Windows\System\yrXOGfw.exe
  2⤵
  PID:340
- C:\Windows\System\UFRKjax.exe
  C:\Windows\System\UFRKjax.exe
  2⤵
  PID:3084
- C:\Windows\System\LtlubYR.exe
  C:\Windows\System\LtlubYR.exe
  2⤵
  PID:3104
- C:\Windows\System\gAoaZlJ.exe
  C:\Windows\System\gAoaZlJ.exe
  2⤵
  PID:3124
- C:\Windows\System\LsgjiYB.exe
  C:\Windows\System\LsgjiYB.exe
  2⤵
  PID:3144
- C:\Windows\System\fUtZors.exe
  C:\Windows\System\fUtZors.exe
  2⤵
  PID:3164
- C:\Windows\System\AdpeLKm.exe
  C:\Windows\System\AdpeLKm.exe
  2⤵
  PID:3184
- C:\Windows\System\HEbALjJ.exe
  C:\Windows\System\HEbALjJ.exe
  2⤵
  PID:3204
- C:\Windows\System\bQWzIzL.exe
  C:\Windows\System\bQWzIzL.exe
  2⤵
  PID:3224
- C:\Windows\System\CgHFSzB.exe
  C:\Windows\System\CgHFSzB.exe
  2⤵
  PID:3240
- C:\Windows\System\MBYqbfo.exe
  C:\Windows\System\MBYqbfo.exe
  2⤵
  PID:3264
- C:\Windows\System\CUNKdZi.exe
  C:\Windows\System\CUNKdZi.exe
  2⤵
  PID:3284
- C:\Windows\System\vYNvoLn.exe
  C:\Windows\System\vYNvoLn.exe
  2⤵
  PID:3304
- C:\Windows\System\aXyIfuP.exe
  C:\Windows\System\aXyIfuP.exe
  2⤵
  PID:3320
- C:\Windows\System\caHDcZP.exe
  C:\Windows\System\caHDcZP.exe
  2⤵
  PID:3340
- C:\Windows\System\QVlRzID.exe
  C:\Windows\System\QVlRzID.exe
  2⤵
  PID:3360
- C:\Windows\System\usbbOin.exe
  C:\Windows\System\usbbOin.exe
  2⤵
  PID:3380
- C:\Windows\System\MoZJyik.exe
  C:\Windows\System\MoZJyik.exe
  2⤵
  PID:3396
- C:\Windows\System\bLXBtsz.exe
  C:\Windows\System\bLXBtsz.exe
  2⤵
  PID:3424
- C:\Windows\System\mLeVqmD.exe
  C:\Windows\System\mLeVqmD.exe
  2⤵
  PID:3444
- C:\Windows\System\seBGSbw.exe
  C:\Windows\System\seBGSbw.exe
  2⤵
  PID:3460
- C:\Windows\System\apJMFUS.exe
  C:\Windows\System\apJMFUS.exe
  2⤵
  PID:3476
- C:\Windows\System\TrqtPZW.exe
  C:\Windows\System\TrqtPZW.exe
  2⤵
  PID:3500
- C:\Windows\System\LoXObLw.exe
  C:\Windows\System\LoXObLw.exe
  2⤵
  PID:3516
- C:\Windows\System\YNzRJWK.exe
  C:\Windows\System\YNzRJWK.exe
  2⤵
  PID:3540
- C:\Windows\System\fTFrANz.exe
  C:\Windows\System\fTFrANz.exe
  2⤵
  PID:3564
- C:\Windows\System\wqVCPXW.exe
  C:\Windows\System\wqVCPXW.exe
  2⤵
  PID:3580
- C:\Windows\System\OTLYZce.exe
  C:\Windows\System\OTLYZce.exe
  2⤵
  PID:3596
- C:\Windows\System\cKbRNqq.exe
  C:\Windows\System\cKbRNqq.exe
  2⤵
  PID:3624
- C:\Windows\System\BJgKPDl.exe
  C:\Windows\System\BJgKPDl.exe
  2⤵
  PID:3640
- C:\Windows\System\jqKLNqp.exe
  C:\Windows\System\jqKLNqp.exe
  2⤵
  PID:3660
- C:\Windows\System\dJuYtBj.exe
  C:\Windows\System\dJuYtBj.exe
  2⤵
  PID:3684
- C:\Windows\System\qgnuZpl.exe
  C:\Windows\System\qgnuZpl.exe
  2⤵
  PID:3704
- C:\Windows\System\znCaYUB.exe
  C:\Windows\System\znCaYUB.exe
  2⤵
  PID:3728
- C:\Windows\System\shnPtMj.exe
  C:\Windows\System\shnPtMj.exe
  2⤵
  PID:3748
- C:\Windows\System\GPSUHKp.exe
  C:\Windows\System\GPSUHKp.exe
  2⤵
  PID:3768
- C:\Windows\System\pacrPla.exe
  C:\Windows\System\pacrPla.exe
  2⤵
  PID:3784
- C:\Windows\System\XfjQung.exe
  C:\Windows\System\XfjQung.exe
  2⤵
  PID:3800
- C:\Windows\System\NeQSSfX.exe
  C:\Windows\System\NeQSSfX.exe
  2⤵
  PID:3824
- C:\Windows\System\IpmsVgk.exe
  C:\Windows\System\IpmsVgk.exe
  2⤵
  PID:3840
- C:\Windows\System\PJIiHHf.exe
  C:\Windows\System\PJIiHHf.exe
  2⤵
  PID:3860
- C:\Windows\System\TUbDYjH.exe
  C:\Windows\System\TUbDYjH.exe
  2⤵
  PID:3884
- C:\Windows\System\AGbWxqg.exe
  C:\Windows\System\AGbWxqg.exe
  2⤵
  PID:3900
- C:\Windows\System\ctNnjIL.exe
  C:\Windows\System\ctNnjIL.exe
  2⤵
  PID:3928
- C:\Windows\System\wxrdjrl.exe
  C:\Windows\System\wxrdjrl.exe
  2⤵
  PID:3948
- C:\Windows\System\MPEaEVB.exe
  C:\Windows\System\MPEaEVB.exe
  2⤵
  PID:3968
- C:\Windows\System\panJZuK.exe
  C:\Windows\System\panJZuK.exe
  2⤵
  PID:3988
- C:\Windows\System\ChUgXJM.exe
  C:\Windows\System\ChUgXJM.exe
  2⤵
  PID:4008
- C:\Windows\System\VCEWJtU.exe
  C:\Windows\System\VCEWJtU.exe
  2⤵
  PID:4028
- C:\Windows\System\WOAEDUu.exe
  C:\Windows\System\WOAEDUu.exe
  2⤵
  PID:4048
- C:\Windows\System\MHIiIIn.exe
  C:\Windows\System\MHIiIIn.exe
  2⤵
  PID:4072
- C:\Windows\System\BxJxEPH.exe
  C:\Windows\System\BxJxEPH.exe
  2⤵
  PID:4088
- C:\Windows\System\nkHZpXq.exe
  C:\Windows\System\nkHZpXq.exe
  2⤵
  PID:1940
- C:\Windows\System\SQecUsX.exe
  C:\Windows\System\SQecUsX.exe
  2⤵
  PID:1988
- C:\Windows\System\ISQbypl.exe
  C:\Windows\System\ISQbypl.exe
  2⤵
  PID:2988
- C:\Windows\System\XDaRRda.exe
  C:\Windows\System\XDaRRda.exe
  2⤵
  PID:1636
- C:\Windows\System\mmBosSF.exe
  C:\Windows\System\mmBosSF.exe
  2⤵
  PID:1244
- C:\Windows\System\WEvymCX.exe
  C:\Windows\System\WEvymCX.exe
  2⤵
  PID:3080
- C:\Windows\System\nTdLJeq.exe
  C:\Windows\System\nTdLJeq.exe
  2⤵
  PID:2228
- C:\Windows\System\FMnIULO.exe
  C:\Windows\System\FMnIULO.exe
  2⤵
  PID:3152
- C:\Windows\System\vHNdUpT.exe
  C:\Windows\System\vHNdUpT.exe
  2⤵
  PID:3192
- C:\Windows\System\VouoLhC.exe
  C:\Windows\System\VouoLhC.exe
  2⤵
  PID:3176
- C:\Windows\System\fkOrmJu.exe
  C:\Windows\System\fkOrmJu.exe
  2⤵
  PID:3276
- C:\Windows\System\iIaItKg.exe
  C:\Windows\System\iIaItKg.exe
  2⤵
  PID:3260
- C:\Windows\System\LOHXucp.exe
  C:\Windows\System\LOHXucp.exe
  2⤵
  PID:3316
- C:\Windows\System\jbziZww.exe
  C:\Windows\System\jbziZww.exe
  2⤵
  PID:3300
- C:\Windows\System\NdgtCJm.exe
  C:\Windows\System\NdgtCJm.exe
  2⤵
  PID:3392
- C:\Windows\System\oZoJgDL.exe
  C:\Windows\System\oZoJgDL.exe
  2⤵
  PID:3372
- C:\Windows\System\BqrccAH.exe
  C:\Windows\System\BqrccAH.exe
  2⤵
  PID:3468
- C:\Windows\System\HcZfWlm.exe
  C:\Windows\System\HcZfWlm.exe
  2⤵
  PID:3508
- C:\Windows\System\qhxIuci.exe
  C:\Windows\System\qhxIuci.exe
  2⤵
  PID:3484
- C:\Windows\System\HGWncxk.exe
  C:\Windows\System\HGWncxk.exe
  2⤵
  PID:3488
- C:\Windows\System\ezdsEVt.exe
  C:\Windows\System\ezdsEVt.exe
  2⤵
  PID:3536
- C:\Windows\System\MQuFoMk.exe
  C:\Windows\System\MQuFoMk.exe
  2⤵
  PID:3668
- C:\Windows\System\LTMRoaq.exe
  C:\Windows\System\LTMRoaq.exe
  2⤵
  PID:3680
- C:\Windows\System\UmRjQcb.exe
  C:\Windows\System\UmRjQcb.exe
  2⤵
  PID:3608
- C:\Windows\System\OsHflNn.exe
  C:\Windows\System\OsHflNn.exe
  2⤵
  PID:3620
- C:\Windows\System\lYVLahQ.exe
  C:\Windows\System\lYVLahQ.exe
  2⤵
  PID:3692
- C:\Windows\System\NGQiXXf.exe
  C:\Windows\System\NGQiXXf.exe
  2⤵
  PID:3736
- C:\Windows\System\axueLsj.exe
  C:\Windows\System\axueLsj.exe
  2⤵
  PID:3836
- C:\Windows\System\eDKgDFd.exe
  C:\Windows\System\eDKgDFd.exe
  2⤵
  PID:3808
- C:\Windows\System\fqTleVt.exe
  C:\Windows\System\fqTleVt.exe
  2⤵
  PID:3852
- C:\Windows\System\AAcwdel.exe
  C:\Windows\System\AAcwdel.exe
  2⤵
  PID:3924
- C:\Windows\System\btfTiOQ.exe
  C:\Windows\System\btfTiOQ.exe
  2⤵
  PID:3944
- C:\Windows\System\mhaXUse.exe
  C:\Windows\System\mhaXUse.exe
  2⤵
  PID:4004
- C:\Windows\System\QRcaAnx.exe
  C:\Windows\System\QRcaAnx.exe
  2⤵
  PID:3980
- C:\Windows\System\lDXuEfg.exe
  C:\Windows\System\lDXuEfg.exe
  2⤵
  PID:4016
- C:\Windows\System\uXQhVCf.exe
  C:\Windows\System\uXQhVCf.exe
  2⤵
  PID:1668
- C:\Windows\System\hAUBVcA.exe
  C:\Windows\System\hAUBVcA.exe
  2⤵
  PID:4068
- C:\Windows\System\burBERc.exe
  C:\Windows\System\burBERc.exe
  2⤵
  PID:2480
- C:\Windows\System\rBxSbIm.exe
  C:\Windows\System\rBxSbIm.exe
  2⤵
  PID:2000
- C:\Windows\System\zXlfYmH.exe
  C:\Windows\System\zXlfYmH.exe
  2⤵
  PID:3068
- C:\Windows\System\GmhYAgR.exe
  C:\Windows\System\GmhYAgR.exe
  2⤵
  PID:3232
- C:\Windows\System\htRQTGe.exe
  C:\Windows\System\htRQTGe.exe
  2⤵
  PID:3352
- C:\Windows\System\RTsfcls.exe
  C:\Windows\System\RTsfcls.exe
  2⤵
  PID:3356
- C:\Windows\System\PaOmIrt.exe
  C:\Windows\System\PaOmIrt.exe
  2⤵
  PID:3420
- C:\Windows\System\PRnhCGv.exe
  C:\Windows\System\PRnhCGv.exe
  2⤵
  PID:3280
- C:\Windows\System\LXqnJSn.exe
  C:\Windows\System\LXqnJSn.exe
  2⤵
  PID:3328
- C:\Windows\System\BdxrUZh.exe
  C:\Windows\System\BdxrUZh.exe
  2⤵
  PID:3572
- C:\Windows\System\WcCdQNM.exe
  C:\Windows\System\WcCdQNM.exe
  2⤵
  PID:3408
- C:\Windows\System\DLkOGFV.exe
  C:\Windows\System\DLkOGFV.exe
  2⤵
  PID:3716
- C:\Windows\System\pqDilAu.exe
  C:\Windows\System\pqDilAu.exe
  2⤵
  PID:3648
- C:\Windows\System\lMOgkgu.exe
  C:\Windows\System\lMOgkgu.exe
  2⤵
  PID:3780
- C:\Windows\System\TOLBTBf.exe
  C:\Windows\System\TOLBTBf.exe
  2⤵
  PID:3820
- C:\Windows\System\YVxrpjI.exe
  C:\Windows\System\YVxrpjI.exe
  2⤵
  PID:4000
- C:\Windows\System\pouqLVY.exe
  C:\Windows\System\pouqLVY.exe
  2⤵
  PID:3616
- C:\Windows\System\Qckltig.exe
  C:\Windows\System\Qckltig.exe
  2⤵
  PID:4056
- C:\Windows\System\JpPIdWP.exe
  C:\Windows\System\JpPIdWP.exe
  2⤵
  PID:3196
- C:\Windows\System\knoZyUJ.exe
  C:\Windows\System\knoZyUJ.exe
  2⤵
  PID:3248
- C:\Windows\System\UVRABeo.exe
  C:\Windows\System\UVRABeo.exe
  2⤵
  PID:3412
- C:\Windows\System\eGhGlYj.exe
  C:\Windows\System\eGhGlYj.exe
  2⤵
  PID:2288
- C:\Windows\System\BpmkRrS.exe
  C:\Windows\System\BpmkRrS.exe
  2⤵
  PID:3916
- C:\Windows\System\UYfZiXP.exe
  C:\Windows\System\UYfZiXP.exe
  2⤵
  PID:3920
- C:\Windows\System\GNlYveX.exe
  C:\Windows\System\GNlYveX.exe
  2⤵
  PID:3816
- C:\Windows\System\gvoioWW.exe
  C:\Windows\System\gvoioWW.exe
  2⤵
  PID:2484
- C:\Windows\System\yvjvcXO.exe
  C:\Windows\System\yvjvcXO.exe
  2⤵
  PID:3696
- C:\Windows\System\paocQNV.exe
  C:\Windows\System\paocQNV.exe
  2⤵
  PID:4148
- C:\Windows\System\XLwCEOi.exe
  C:\Windows\System\XLwCEOi.exe
  2⤵
  PID:4164
- C:\Windows\System\AwbMamn.exe
  C:\Windows\System\AwbMamn.exe
  2⤵
  PID:4184
- C:\Windows\System\YMiGPMH.exe
  C:\Windows\System\YMiGPMH.exe
  2⤵
  PID:4200
- C:\Windows\System\dpMQWpr.exe
  C:\Windows\System\dpMQWpr.exe
  2⤵
  PID:4224
- C:\Windows\System\njSODPy.exe
  C:\Windows\System\njSODPy.exe
  2⤵
  PID:4240
- C:\Windows\System\fWKLbEd.exe
  C:\Windows\System\fWKLbEd.exe
  2⤵
  PID:4260
- C:\Windows\System\PyXHDMv.exe
  C:\Windows\System\PyXHDMv.exe
  2⤵
  PID:4276
- C:\Windows\System\MgqBeeF.exe
  C:\Windows\System\MgqBeeF.exe
  2⤵
  PID:4292
- C:\Windows\System\WNpVpbq.exe
  C:\Windows\System\WNpVpbq.exe
  2⤵
  PID:4312
- C:\Windows\System\NYlgmUX.exe
  C:\Windows\System\NYlgmUX.exe
  2⤵
  PID:4328
- C:\Windows\System\QyHliOR.exe
  C:\Windows\System\QyHliOR.exe
  2⤵
  PID:4356
- C:\Windows\System\eSnXPdj.exe
  C:\Windows\System\eSnXPdj.exe
  2⤵
  PID:4372
- C:\Windows\System\VkKTZlq.exe
  C:\Windows\System\VkKTZlq.exe
  2⤵
  PID:4392
- C:\Windows\System\dAJvBqg.exe
  C:\Windows\System\dAJvBqg.exe
  2⤵
  PID:4440
- C:\Windows\System\QqRgaPv.exe
  C:\Windows\System\QqRgaPv.exe
  2⤵
  PID:4476
- C:\Windows\System\SvHZVpU.exe
  C:\Windows\System\SvHZVpU.exe
  2⤵
  PID:4496
- C:\Windows\System\MFILxqp.exe
  C:\Windows\System\MFILxqp.exe
  2⤵
  PID:4516
- C:\Windows\System\cBPbHLQ.exe
  C:\Windows\System\cBPbHLQ.exe
  2⤵
  PID:4536
- C:\Windows\System\ZFzhtqX.exe
  C:\Windows\System\ZFzhtqX.exe
  2⤵
  PID:4552
- C:\Windows\System\cMzQoaB.exe
  C:\Windows\System\cMzQoaB.exe
  2⤵
  PID:4576
- C:\Windows\System\SATGhjv.exe
  C:\Windows\System\SATGhjv.exe
  2⤵
  PID:4596
- C:\Windows\System\USTsakQ.exe
  C:\Windows\System\USTsakQ.exe
  2⤵
  PID:4612
- C:\Windows\System\PguZiGz.exe
  C:\Windows\System\PguZiGz.exe
  2⤵
  PID:4628
- C:\Windows\System\gfioPsK.exe
  C:\Windows\System\gfioPsK.exe
  2⤵
  PID:4648
- C:\Windows\System\SjUsNMm.exe
  C:\Windows\System\SjUsNMm.exe
  2⤵
  PID:4668
- C:\Windows\System\aqCadKS.exe
  C:\Windows\System\aqCadKS.exe
  2⤵
  PID:4696
- C:\Windows\System\SCdesXz.exe
  C:\Windows\System\SCdesXz.exe
  2⤵
  PID:4716
- C:\Windows\System\LQVAVmA.exe
  C:\Windows\System\LQVAVmA.exe
  2⤵
  PID:4732
- C:\Windows\System\ZsGdlue.exe
  C:\Windows\System\ZsGdlue.exe
  2⤵
  PID:4752
- C:\Windows\System\PjQVREF.exe
  C:\Windows\System\PjQVREF.exe
  2⤵
  PID:4772
- C:\Windows\System\QzBnLTE.exe
  C:\Windows\System\QzBnLTE.exe
  2⤵
  PID:4788
- C:\Windows\System\JPnlYLz.exe
  C:\Windows\System\JPnlYLz.exe
  2⤵
  PID:4816
- C:\Windows\System\MHemEtd.exe
  C:\Windows\System\MHemEtd.exe
  2⤵
  PID:4832
- C:\Windows\System\MCwzcPx.exe
  C:\Windows\System\MCwzcPx.exe
  2⤵
  PID:4848
- C:\Windows\System\aeMPggI.exe
  C:\Windows\System\aeMPggI.exe
  2⤵
  PID:4868
- C:\Windows\System\REQEGuo.exe
  C:\Windows\System\REQEGuo.exe
  2⤵
  PID:4896
- C:\Windows\System\gBuAXcJ.exe
  C:\Windows\System\gBuAXcJ.exe
  2⤵
  PID:4912
- C:\Windows\System\QCjBGTH.exe
  C:\Windows\System\QCjBGTH.exe
  2⤵
  PID:4936
- C:\Windows\System\PTxeGVc.exe
  C:\Windows\System\PTxeGVc.exe
  2⤵
  PID:4952
- C:\Windows\System\NlNIRDr.exe
  C:\Windows\System\NlNIRDr.exe
  2⤵
  PID:4968
- C:\Windows\System\PcSYKGM.exe
  C:\Windows\System\PcSYKGM.exe
  2⤵
  PID:4984
- C:\Windows\System\fbsfEeT.exe
  C:\Windows\System\fbsfEeT.exe
  2⤵
  PID:5000
- C:\Windows\System\ilxqHsE.exe
  C:\Windows\System\ilxqHsE.exe
  2⤵
  PID:5016
- C:\Windows\System\Nsqyimx.exe
  C:\Windows\System\Nsqyimx.exe
  2⤵
  PID:5032
- C:\Windows\System\kLzoBpt.exe
  C:\Windows\System\kLzoBpt.exe
  2⤵
  PID:5052
- C:\Windows\System\kmHunWM.exe
  C:\Windows\System\kmHunWM.exe
  2⤵
  PID:5080
- C:\Windows\System\aIYWTyO.exe
  C:\Windows\System\aIYWTyO.exe
  2⤵
  PID:3936
- C:\Windows\System\oVNVIHE.exe
  C:\Windows\System\oVNVIHE.exe
  2⤵
  PID:3160
- C:\Windows\System\aidEHme.exe
  C:\Windows\System\aidEHme.exe
  2⤵
  PID:3172
- C:\Windows\System\KRCDkiE.exe
  C:\Windows\System\KRCDkiE.exe
  2⤵
  PID:1716
- C:\Windows\System\IoEMcSf.exe
  C:\Windows\System\IoEMcSf.exe
  2⤵
  PID:3960
- C:\Windows\System\bvgqIiW.exe
  C:\Windows\System\bvgqIiW.exe
  2⤵
  PID:3416
- C:\Windows\System\HUTZtJA.exe
  C:\Windows\System\HUTZtJA.exe
  2⤵
  PID:3744
- C:\Windows\System\agkCgKK.exe
  C:\Windows\System\agkCgKK.exe
  2⤵
  PID:4020
- C:\Windows\System\hNjzSKn.exe
  C:\Windows\System\hNjzSKn.exe
  2⤵
  PID:3524
- C:\Windows\System\NDSewWw.exe
  C:\Windows\System\NDSewWw.exe
  2⤵
  PID:3856
- C:\Windows\System\KhBxWDY.exe
  C:\Windows\System\KhBxWDY.exe
  2⤵
  PID:4108
- C:\Windows\System\nxsUPYI.exe
  C:\Windows\System\nxsUPYI.exe
  2⤵
  PID:4128
- C:\Windows\System\ukLPkMe.exe
  C:\Windows\System\ukLPkMe.exe
  2⤵
  PID:4156
- C:\Windows\System\hfNqwRa.exe
  C:\Windows\System\hfNqwRa.exe
  2⤵
  PID:4268
- C:\Windows\System\DVvctCj.exe
  C:\Windows\System\DVvctCj.exe
  2⤵
  PID:2920
- C:\Windows\System\RQYRorK.exe
  C:\Windows\System\RQYRorK.exe
  2⤵
  PID:4100
- C:\Windows\System\AxRInFA.exe
  C:\Windows\System\AxRInFA.exe
  2⤵
  PID:4380
- C:\Windows\System\oAjQFYc.exe
  C:\Windows\System\oAjQFYc.exe
  2⤵
  PID:4220
- C:\Windows\System\WjOUoZz.exe
  C:\Windows\System\WjOUoZz.exe
  2⤵
  PID:4364
- C:\Windows\System\cOjWZhQ.exe
  C:\Windows\System\cOjWZhQ.exe
  2⤵
  PID:4208
- C:\Windows\System\oCRZmOI.exe
  C:\Windows\System\oCRZmOI.exe
  2⤵
  PID:4420
- C:\Windows\System\NKhSYpZ.exe
  C:\Windows\System\NKhSYpZ.exe
  2⤵
  PID:4436
- C:\Windows\System\UNKonbc.exe
  C:\Windows\System\UNKonbc.exe
  2⤵
  PID:4484
- C:\Windows\System\hoqFQqN.exe
  C:\Windows\System\hoqFQqN.exe
  2⤵
  PID:4524
- C:\Windows\System\GYluour.exe
  C:\Windows\System\GYluour.exe
  2⤵
  PID:4528
- C:\Windows\System\NpEVygn.exe
  C:\Windows\System\NpEVygn.exe
  2⤵
  PID:4660
- C:\Windows\System\dlTcSsq.exe
  C:\Windows\System\dlTcSsq.exe
  2⤵
  PID:4704
- C:\Windows\System\XcRGfGH.exe
  C:\Windows\System\XcRGfGH.exe
  2⤵
  PID:4780
- C:\Windows\System\lSUxutb.exe
  C:\Windows\System\lSUxutb.exe
  2⤵
  PID:4908
- C:\Windows\System\UsdaYah.exe
  C:\Windows\System\UsdaYah.exe
  2⤵
  PID:4944
- C:\Windows\System\QeSRErn.exe
  C:\Windows\System\QeSRErn.exe
  2⤵
  PID:4688
- C:\Windows\System\ggeMxys.exe
  C:\Windows\System\ggeMxys.exe
  2⤵
  PID:4692
- C:\Windows\System\xrnACEj.exe
  C:\Windows\System\xrnACEj.exe
  2⤵
  PID:4724
- C:\Windows\System\MQhXwIR.exe
  C:\Windows\System\MQhXwIR.exe
  2⤵
  PID:4796
- C:\Windows\System\LsOCQPp.exe
  C:\Windows\System\LsOCQPp.exe
  2⤵
  PID:4812
- C:\Windows\System\OEZOWEK.exe
  C:\Windows\System\OEZOWEK.exe
  2⤵
  PID:4932
- C:\Windows\System\pGjOzjY.exe
  C:\Windows\System\pGjOzjY.exe
  2⤵
  PID:5028
- C:\Windows\System\sagTFgt.exe
  C:\Windows\System\sagTFgt.exe
  2⤵
  PID:4960
- C:\Windows\System\AoYDUIV.exe
  C:\Windows\System\AoYDUIV.exe
  2⤵
  PID:4876
- C:\Windows\System\rDZRcNc.exe
  C:\Windows\System\rDZRcNc.exe
  2⤵
  PID:5092
- C:\Windows\System\ByNcFEe.exe
  C:\Windows\System\ByNcFEe.exe
  2⤵
  PID:5112
- C:\Windows\System\LdGVohx.exe
  C:\Windows\System\LdGVohx.exe
  2⤵
  PID:5076
- C:\Windows\System\tcGohvV.exe
  C:\Windows\System\tcGohvV.exe
  2⤵
  PID:3760
- C:\Windows\System\XZuqAHY.exe
  C:\Windows\System\XZuqAHY.exe
  2⤵
  PID:3120
- C:\Windows\System\FdrgRmt.exe
  C:\Windows\System\FdrgRmt.exe
  2⤵
  PID:2648
- C:\Windows\System\weGWXEE.exe
  C:\Windows\System\weGWXEE.exe
  2⤵
  PID:2184
- C:\Windows\System\EVmSmxG.exe
  C:\Windows\System\EVmSmxG.exe
  2⤵
  PID:3376
- C:\Windows\System\rDYVtFR.exe
  C:\Windows\System\rDYVtFR.exe
  2⤵
  PID:3436
- C:\Windows\System\lZInLqI.exe
  C:\Windows\System\lZInLqI.exe
  2⤵
  PID:4304
- C:\Windows\System\kxCfqTD.exe
  C:\Windows\System\kxCfqTD.exe
  2⤵
  PID:4344
- C:\Windows\System\GDLwcMK.exe
  C:\Windows\System\GDLwcMK.exe
  2⤵
  PID:4196
- C:\Windows\System\yGXmekm.exe
  C:\Windows\System\yGXmekm.exe
  2⤵
  PID:4320
- C:\Windows\System\pczbKea.exe
  C:\Windows\System\pczbKea.exe
  2⤵
  PID:4452
- C:\Windows\System\eWnVGvZ.exe
  C:\Windows\System\eWnVGvZ.exe
  2⤵
  PID:4340
- C:\Windows\System\dDzkzgg.exe
  C:\Windows\System\dDzkzgg.exe
  2⤵
  PID:4400
- C:\Windows\System\KoZPefJ.exe
  C:\Windows\System\KoZPefJ.exe
  2⤵
  PID:4564
- C:\Windows\System\sXFljvg.exe
  C:\Windows\System\sXFljvg.exe
  2⤵
  PID:4548
- C:\Windows\System\jXCQYwV.exe
  C:\Windows\System\jXCQYwV.exe
  2⤵
  PID:4904
- C:\Windows\System\octKeIn.exe
  C:\Windows\System\octKeIn.exe
  2⤵
  PID:5040
- C:\Windows\System\lTVTnkY.exe
  C:\Windows\System\lTVTnkY.exe
  2⤵
  PID:5024
- C:\Windows\System\sZHlJtU.exe
  C:\Windows\System\sZHlJtU.exe
  2⤵
  PID:4888
- C:\Windows\System\GFUiLHA.exe
  C:\Windows\System\GFUiLHA.exe
  2⤵
  PID:5108
- C:\Windows\System\FGSyOyN.exe
  C:\Windows\System\FGSyOyN.exe
  2⤵
  PID:2936
- C:\Windows\System\pVPszaU.exe
  C:\Windows\System\pVPszaU.exe
  2⤵
  PID:3632
- C:\Windows\System\fdOUQIv.exe
  C:\Windows\System\fdOUQIv.exe
  2⤵
  PID:4604
- C:\Windows\System\GljyIfi.exe
  C:\Windows\System\GljyIfi.exe
  2⤵
  PID:4976
- C:\Windows\System\sknUWna.exe
  C:\Windows\System\sknUWna.exe
  2⤵
  PID:2860
- C:\Windows\System\emrymZO.exe
  C:\Windows\System\emrymZO.exe
  2⤵
  PID:4880
- C:\Windows\System\vUcGuLR.exe
  C:\Windows\System\vUcGuLR.exe
  2⤵
  PID:4928
- C:\Windows\System\YuLMiOq.exe
  C:\Windows\System\YuLMiOq.exe
  2⤵
  PID:5072
- C:\Windows\System\hbZZlHg.exe
  C:\Windows\System\hbZZlHg.exe
  2⤵
  PID:4384
- C:\Windows\System\nWMyMFU.exe
  C:\Windows\System\nWMyMFU.exe
  2⤵
  PID:592
- C:\Windows\System\iAoiswq.exe
  C:\Windows\System\iAoiswq.exe
  2⤵
  PID:3136
- C:\Windows\System\CkJkDNy.exe
  C:\Windows\System\CkJkDNy.exe
  2⤵
  PID:4684
- C:\Windows\System\yaZcAsy.exe
  C:\Windows\System\yaZcAsy.exe
  2⤵
  PID:3672
- C:\Windows\System\wAUjbOD.exe
  C:\Windows\System\wAUjbOD.exe
  2⤵
  PID:2732
- C:\Windows\System\FnPBXRm.exe
  C:\Windows\System\FnPBXRm.exe
  2⤵
  PID:4588
- C:\Windows\System\IRmVGCX.exe
  C:\Windows\System\IRmVGCX.exe
  2⤵
  PID:4084
- C:\Windows\System\McpyFHv.exe
  C:\Windows\System\McpyFHv.exe
  2⤵
  PID:2768
- C:\Windows\System\JbnOdQf.exe
  C:\Windows\System\JbnOdQf.exe
  2⤵
  PID:4748
- C:\Windows\System\ZyBuvlI.exe
  C:\Windows\System\ZyBuvlI.exe
  2⤵
  PID:4120
- C:\Windows\System\LWSFRRB.exe
  C:\Windows\System\LWSFRRB.exe
  2⤵
  PID:1064
- C:\Windows\System\vCacoWh.exe
  C:\Windows\System\vCacoWh.exe
  2⤵
  PID:5044
- C:\Windows\System\JjYRWVI.exe
  C:\Windows\System\JjYRWVI.exe
  2⤵
  PID:4180
- C:\Windows\System\izAGcwm.exe
  C:\Windows\System\izAGcwm.exe
  2⤵
  PID:5064
- C:\Windows\System\glSXvoF.exe
  C:\Windows\System\glSXvoF.exe
  2⤵
  PID:4680
- C:\Windows\System\hLnysPh.exe
  C:\Windows\System\hLnysPh.exe
  2⤵
  PID:3312
- C:\Windows\System\cflKSzN.exe
  C:\Windows\System\cflKSzN.exe
  2⤵
  PID:4544
- C:\Windows\System\MhtvLCf.exe
  C:\Windows\System\MhtvLCf.exe
  2⤵
  PID:4080
- C:\Windows\System\ZdbhMEc.exe
  C:\Windows\System\ZdbhMEc.exe
  2⤵
  PID:5132
- C:\Windows\System\ztwWIMg.exe
  C:\Windows\System\ztwWIMg.exe
  2⤵
  PID:5156
- C:\Windows\System\pMGxnNb.exe
  C:\Windows\System\pMGxnNb.exe
  2⤵
  PID:5176
- C:\Windows\System\kfcfvQV.exe
  C:\Windows\System\kfcfvQV.exe
  2⤵
  PID:5192
- C:\Windows\System\fMLvgmN.exe
  C:\Windows\System\fMLvgmN.exe
  2⤵
  PID:5212
- C:\Windows\System\vSfHYfH.exe
  C:\Windows\System\vSfHYfH.exe
  2⤵
  PID:5232
- C:\Windows\System\oNOLIiU.exe
  C:\Windows\System\oNOLIiU.exe
  2⤵
  PID:5256
- C:\Windows\System\tfqwJvh.exe
  C:\Windows\System\tfqwJvh.exe
  2⤵
  PID:5280
- C:\Windows\System\qVnmcsk.exe
  C:\Windows\System\qVnmcsk.exe
  2⤵
  PID:5304
- C:\Windows\System\RFErHAy.exe
  C:\Windows\System\RFErHAy.exe
  2⤵
  PID:5328
- C:\Windows\System\hrZNTGb.exe
  C:\Windows\System\hrZNTGb.exe
  2⤵
  PID:5348
- C:\Windows\System\jNSpJnW.exe
  C:\Windows\System\jNSpJnW.exe
  2⤵
  PID:5368
- C:\Windows\System\aGdpVsP.exe
  C:\Windows\System\aGdpVsP.exe
  2⤵
  PID:5384
- C:\Windows\System\KHKOxqd.exe
  C:\Windows\System\KHKOxqd.exe
  2⤵
  PID:5408
- C:\Windows\System\EOBMRaN.exe
  C:\Windows\System\EOBMRaN.exe
  2⤵
  PID:5428
- C:\Windows\System\crMXrJp.exe
  C:\Windows\System\crMXrJp.exe
  2⤵
  PID:5448
- C:\Windows\System\msYrjPa.exe
  C:\Windows\System\msYrjPa.exe
  2⤵
  PID:5468
- C:\Windows\System\iOHzYWQ.exe
  C:\Windows\System\iOHzYWQ.exe
  2⤵
  PID:5488
- C:\Windows\System\QTWLFRp.exe
  C:\Windows\System\QTWLFRp.exe
  2⤵
  PID:5504
- C:\Windows\System\dmFNShs.exe
  C:\Windows\System\dmFNShs.exe
  2⤵
  PID:5528
- C:\Windows\System\WmTHQdl.exe
  C:\Windows\System\WmTHQdl.exe
  2⤵
  PID:5548
- C:\Windows\System\bJkbBBN.exe
  C:\Windows\System\bJkbBBN.exe
  2⤵
  PID:5564
- C:\Windows\System\epjAiyv.exe
  C:\Windows\System\epjAiyv.exe
  2⤵
  PID:5584
- C:\Windows\System\PyUfxiy.exe
  C:\Windows\System\PyUfxiy.exe
  2⤵
  PID:5604
- C:\Windows\System\PnOiaIe.exe
  C:\Windows\System\PnOiaIe.exe
  2⤵
  PID:5624
- C:\Windows\System\KIvhTxs.exe
  C:\Windows\System\KIvhTxs.exe
  2⤵
  PID:5640
- C:\Windows\System\ZNvYhzu.exe
  C:\Windows\System\ZNvYhzu.exe
  2⤵
  PID:5672
- C:\Windows\System\yfJOxDl.exe
  C:\Windows\System\yfJOxDl.exe
  2⤵
  PID:5692
- C:\Windows\System\OmlVbLX.exe
  C:\Windows\System\OmlVbLX.exe
  2⤵
  PID:5712
- C:\Windows\System\PZVMyBf.exe
  C:\Windows\System\PZVMyBf.exe
  2⤵
  PID:5732
- C:\Windows\System\nYezGWM.exe
  C:\Windows\System\nYezGWM.exe
  2⤵
  PID:5748
- C:\Windows\System\cmHuxxX.exe
  C:\Windows\System\cmHuxxX.exe
  2⤵
  PID:5780
- C:\Windows\System\KxTVmDp.exe
  C:\Windows\System\KxTVmDp.exe
  2⤵
  PID:5800
- C:\Windows\System\fxIAtrs.exe
  C:\Windows\System\fxIAtrs.exe
  2⤵
  PID:5820
- C:\Windows\System\kHiZMQF.exe
  C:\Windows\System\kHiZMQF.exe
  2⤵
  PID:5840
- C:\Windows\System\MMVjgeK.exe
  C:\Windows\System\MMVjgeK.exe
  2⤵
  PID:5860
- C:\Windows\System\QUGVEfB.exe
  C:\Windows\System\QUGVEfB.exe
  2⤵
  PID:5880
- C:\Windows\System\GklpOFZ.exe
  C:\Windows\System\GklpOFZ.exe
  2⤵
  PID:5896
- C:\Windows\System\sRecaWt.exe
  C:\Windows\System\sRecaWt.exe
  2⤵
  PID:5920
- C:\Windows\System\rRObYDD.exe
  C:\Windows\System\rRObYDD.exe
  2⤵
  PID:5940
- C:\Windows\System\UiOXpsb.exe
  C:\Windows\System\UiOXpsb.exe
  2⤵
  PID:5956
- C:\Windows\System\Bscbdfs.exe
  C:\Windows\System\Bscbdfs.exe
  2⤵
  PID:5976
- C:\Windows\System\bzifarq.exe
  C:\Windows\System\bzifarq.exe
  2⤵
  PID:5996
- C:\Windows\System\AtznDor.exe
  C:\Windows\System\AtznDor.exe
  2⤵
  PID:6024
- C:\Windows\System\rftZRYy.exe
  C:\Windows\System\rftZRYy.exe
  2⤵
  PID:6040
- C:\Windows\System\jiMJkeK.exe
  C:\Windows\System\jiMJkeK.exe
  2⤵
  PID:6064
- C:\Windows\System\dFiBoYQ.exe
  C:\Windows\System\dFiBoYQ.exe
  2⤵
  PID:6080
- C:\Windows\System\TwuxNrg.exe
  C:\Windows\System\TwuxNrg.exe
  2⤵
  PID:6104
- C:\Windows\System\GsxGxiv.exe
  C:\Windows\System\GsxGxiv.exe
  2⤵
  PID:6120
- C:\Windows\System\QlHmWYE.exe
  C:\Windows\System\QlHmWYE.exe
  2⤵
  PID:6136
- C:\Windows\System\lnBaOFq.exe
  C:\Windows\System\lnBaOFq.exe
  2⤵
  PID:4140
- C:\Windows\System\bhetKuc.exe
  C:\Windows\System\bhetKuc.exe
  2⤵
  PID:5104
- C:\Windows\System\RPiDfrF.exe
  C:\Windows\System\RPiDfrF.exe
  2⤵
  PID:3096
- C:\Windows\System\ZSNjvGh.exe
  C:\Windows\System\ZSNjvGh.exe
  2⤵
  PID:1984
- C:\Windows\System\bESCxdq.exe
  C:\Windows\System\bESCxdq.exe
  2⤵
  PID:4760
- C:\Windows\System\jLqVOWl.exe
  C:\Windows\System\jLqVOWl.exe
  2⤵
  PID:3044
- C:\Windows\System\GXHauIO.exe
  C:\Windows\System\GXHauIO.exe
  2⤵
  PID:5140
- C:\Windows\System\OGGSoAU.exe
  C:\Windows\System\OGGSoAU.exe
  2⤵
  PID:5144
- C:\Windows\System\xfTItej.exe
  C:\Windows\System\xfTItej.exe
  2⤵
  PID:5184
- C:\Windows\System\yBCTDdC.exe
  C:\Windows\System\yBCTDdC.exe
  2⤵
  PID:1148
- C:\Windows\System\ZJWWNSN.exe
  C:\Windows\System\ZJWWNSN.exe
  2⤵
  PID:5272
- C:\Windows\System\SFpoQWB.exe
  C:\Windows\System\SFpoQWB.exe
  2⤵
  PID:5240
- C:\Windows\System\aUbGgsH.exe
  C:\Windows\System\aUbGgsH.exe
  2⤵
  PID:1996
- C:\Windows\System\zmxHUky.exe
  C:\Windows\System\zmxHUky.exe
  2⤵
  PID:5316
- C:\Windows\System\GFzDlSo.exe
  C:\Windows\System\GFzDlSo.exe
  2⤵
  PID:5356
- C:\Windows\System\nshzuIX.exe
  C:\Windows\System\nshzuIX.exe
  2⤵
  PID:5392
- C:\Windows\System\wrVNBtJ.exe
  C:\Windows\System\wrVNBtJ.exe
  2⤵
  PID:5336
- C:\Windows\System\YKjEgnt.exe
  C:\Windows\System\YKjEgnt.exe
  2⤵
  PID:5436
- C:\Windows\System\ZhgnBaa.exe
  C:\Windows\System\ZhgnBaa.exe
  2⤵
  PID:5476
- C:\Windows\System\mXZOnYH.exe
  C:\Windows\System\mXZOnYH.exe
  2⤵
  PID:5524
- C:\Windows\System\KYFAsWy.exe
  C:\Windows\System\KYFAsWy.exe
  2⤵
  PID:5464
- C:\Windows\System\ereVlAz.exe
  C:\Windows\System\ereVlAz.exe
  2⤵
  PID:5500
- C:\Windows\System\sBbxvCT.exe
  C:\Windows\System\sBbxvCT.exe
  2⤵
  PID:2852
- C:\Windows\System\lcYMOtw.exe
  C:\Windows\System\lcYMOtw.exe
  2⤵
  PID:5632
- C:\Windows\System\TGqefOn.exe
  C:\Windows\System\TGqefOn.exe
  2⤵
  PID:5688
- C:\Windows\System\rxVzyYg.exe
  C:\Windows\System\rxVzyYg.exe
  2⤵
  PID:5612
- C:\Windows\System\fcsUaFO.exe
  C:\Windows\System\fcsUaFO.exe
  2⤵
  PID:5756
- C:\Windows\System\FhKsYOt.exe
  C:\Windows\System\FhKsYOt.exe
  2⤵
  PID:5764
- C:\Windows\System\MaaiXPb.exe
  C:\Windows\System\MaaiXPb.exe
  2⤵
  PID:5816
- C:\Windows\System\LsNbXzC.exe
  C:\Windows\System\LsNbXzC.exe
  2⤵
  PID:5792
- C:\Windows\System\QOXBjHb.exe
  C:\Windows\System\QOXBjHb.exe
  2⤵
  PID:5856
- C:\Windows\System\RGjwUwK.exe
  C:\Windows\System\RGjwUwK.exe
  2⤵
  PID:1572
- C:\Windows\System\quwtlhF.exe
  C:\Windows\System\quwtlhF.exe
  2⤵
  PID:5904
- C:\Windows\System\PEaozYd.exe
  C:\Windows\System\PEaozYd.exe
  2⤵
  PID:5972
- C:\Windows\System\mwuPyic.exe
  C:\Windows\System\mwuPyic.exe
  2⤵
  PID:6016
- C:\Windows\System\aaSpbnr.exe
  C:\Windows\System\aaSpbnr.exe
  2⤵
  PID:6052
- C:\Windows\System\bJQlDiu.exe
  C:\Windows\System\bJQlDiu.exe
  2⤵
  PID:6100
- C:\Windows\System\UCqVIwE.exe
  C:\Windows\System\UCqVIwE.exe
  2⤵
  PID:6036
- C:\Windows\System\GUnNcUd.exe
  C:\Windows\System\GUnNcUd.exe
  2⤵
  PID:6076
- C:\Windows\System\QvOhUXM.exe
  C:\Windows\System\QvOhUXM.exe
  2⤵
  PID:6116
- C:\Windows\System\bbIcLvN.exe
  C:\Windows\System\bbIcLvN.exe
  2⤵
  PID:3552
- C:\Windows\System\hEassUt.exe
  C:\Windows\System\hEassUt.exe
  2⤵
  PID:2952
- C:\Windows\System\UnjsvYH.exe
  C:\Windows\System\UnjsvYH.exe
  2⤵
  PID:4884
- C:\Windows\System\sDshXBs.exe
  C:\Windows\System\sDshXBs.exe
  2⤵
  PID:3020
- C:\Windows\System\qOSqmxt.exe
  C:\Windows\System\qOSqmxt.exe
  2⤵
  PID:3016
- C:\Windows\System\hFmThWi.exe
  C:\Windows\System\hFmThWi.exe
  2⤵
  PID:5124
- C:\Windows\System\lbeDVLA.exe
  C:\Windows\System\lbeDVLA.exe
  2⤵
  PID:5288
- C:\Windows\System\bFWQdBV.exe
  C:\Windows\System\bFWQdBV.exe
  2⤵
  PID:5244
- C:\Windows\System\eatavhV.exe
  C:\Windows\System\eatavhV.exe
  2⤵
  PID:2072
- C:\Windows\System\mzljfOY.exe
  C:\Windows\System\mzljfOY.exe
  2⤵
  PID:5520
- C:\Windows\System\lkKSlmm.exe
  C:\Windows\System\lkKSlmm.exe
  2⤵
  PID:5320
- C:\Windows\System\zimMsJQ.exe
  C:\Windows\System\zimMsJQ.exe
  2⤵
  PID:5380
- C:\Windows\System\iTBHKNf.exe
  C:\Windows\System\iTBHKNf.exe
  2⤵
  PID:5576
- C:\Windows\System\McuCdNa.exe
  C:\Windows\System\McuCdNa.exe
  2⤵
  PID:5536
- C:\Windows\System\iCmMxbP.exe
  C:\Windows\System\iCmMxbP.exe
  2⤵
  PID:5596
- C:\Windows\System\QdINwwG.exe
  C:\Windows\System\QdINwwG.exe
  2⤵
  PID:5668
- C:\Windows\System\XjlrVKa.exe
  C:\Windows\System\XjlrVKa.exe
  2⤵
  PID:2872
- C:\Windows\System\oldeRIq.exe
  C:\Windows\System\oldeRIq.exe
  2⤵
  PID:5796
- C:\Windows\System\dNCcUHU.exe
  C:\Windows\System\dNCcUHU.exe
  2⤵
  PID:2424
- C:\Windows\System\KsAKwGn.exe
  C:\Windows\System\KsAKwGn.exe
  2⤵
  PID:5888
- C:\Windows\System\xCULEfU.exe
  C:\Windows\System\xCULEfU.exe
  2⤵
  PID:5932
- C:\Windows\System\EutRQoR.exe
  C:\Windows\System\EutRQoR.exe
  2⤵
  PID:5952
- C:\Windows\System\fkStdhb.exe
  C:\Windows\System\fkStdhb.exe
  2⤵
  PID:6004
- C:\Windows\System\NetSMUM.exe
  C:\Windows\System\NetSMUM.exe
  2⤵
  PID:6088
- C:\Windows\System\fpfSiOM.exe
  C:\Windows\System\fpfSiOM.exe
  2⤵
  PID:6072
- C:\Windows\System\KYIghCv.exe
  C:\Windows\System\KYIghCv.exe
  2⤵
  PID:4996
- C:\Windows\System\EchQZwP.exe
  C:\Windows\System\EchQZwP.exe
  2⤵
  PID:4640
- C:\Windows\System\yYSqIHD.exe
  C:\Windows\System\yYSqIHD.exe
  2⤵
  PID:5168
- C:\Windows\System\zmnZuNR.exe
  C:\Windows\System\zmnZuNR.exe
  2⤵
  PID:4348
- C:\Windows\System\cXglrNE.exe
  C:\Windows\System\cXglrNE.exe
  2⤵
  PID:3060
- C:\Windows\System\NksrNsu.exe
  C:\Windows\System\NksrNsu.exe
  2⤵
  PID:2684
- C:\Windows\System\rHdnwNI.exe
  C:\Windows\System\rHdnwNI.exe
  2⤵
  PID:2996
- C:\Windows\System\qIWoKKS.exe
  C:\Windows\System\qIWoKKS.exe
  2⤵
  PID:2272
- C:\Windows\System\MgrCiOa.exe
  C:\Windows\System\MgrCiOa.exe
  2⤵
  PID:5456
- C:\Windows\System\LDlMoAf.exe
  C:\Windows\System\LDlMoAf.exe
  2⤵
  PID:2448
- C:\Windows\System\suZjKWA.exe
  C:\Windows\System\suZjKWA.exe
  2⤵
  PID:3004
- C:\Windows\System\KGdEOUy.exe
  C:\Windows\System\KGdEOUy.exe
  2⤵
  PID:5708
- C:\Windows\System\iTmZQTv.exe
  C:\Windows\System\iTmZQTv.exe
  2⤵
  PID:5252
- C:\Windows\System\PRlVHVH.exe
  C:\Windows\System\PRlVHVH.exe
  2⤵
  PID:5876
- C:\Windows\System\tQYSfAK.exe
  C:\Windows\System\tQYSfAK.exe
  2⤵
  PID:5992
- C:\Windows\System\qGAVpkT.exe
  C:\Windows\System\qGAVpkT.exe
  2⤵
  PID:2104
- C:\Windows\System\bXlHxBm.exe
  C:\Windows\System\bXlHxBm.exe
  2⤵
  PID:5660
- C:\Windows\System\ZUIlaRV.exe
  C:\Windows\System\ZUIlaRV.exe
  2⤵
  PID:5224
- C:\Windows\System\JzAOsTp.exe
  C:\Windows\System\JzAOsTp.exe
  2⤵
  PID:4740
- C:\Windows\System\HtvgEtF.exe
  C:\Windows\System\HtvgEtF.exe
  2⤵
  PID:5400
- C:\Windows\System\KOnXTqg.exe
  C:\Windows\System\KOnXTqg.exe
  2⤵
  PID:5376
- C:\Windows\System\PNIdMaJ.exe
  C:\Windows\System\PNIdMaJ.exe
  2⤵
  PID:1144
- C:\Windows\System\XLcWJRf.exe
  C:\Windows\System\XLcWJRf.exe
  2⤵
  PID:5740
- C:\Windows\System\ycvjMQj.exe
  C:\Windows\System\ycvjMQj.exe
  2⤵
  PID:1720
- C:\Windows\System\KzHTIsA.exe
  C:\Windows\System\KzHTIsA.exe
  2⤵
  PID:5912
- C:\Windows\System\BXbzKRG.exe
  C:\Windows\System\BXbzKRG.exe
  2⤵
  PID:1160
- C:\Windows\System\bgzwmXk.exe
  C:\Windows\System\bgzwmXk.exe
  2⤵
  PID:5264
- C:\Windows\System\aHBbtUH.exe
  C:\Windows\System\aHBbtUH.exe
  2⤵
  PID:4572
- C:\Windows\System\WxWUduf.exe
  C:\Windows\System\WxWUduf.exe
  2⤵
  PID:1704
- C:\Windows\System\PHKAWkr.exe
  C:\Windows\System\PHKAWkr.exe
  2⤵
  PID:6020
- C:\Windows\System\rLaUoqc.exe
  C:\Windows\System\rLaUoqc.exe
  2⤵
  PID:2712
- C:\Windows\System\PsjrGTp.exe
  C:\Windows\System\PsjrGTp.exe
  2⤵
  PID:4252
- C:\Windows\System\UsBOsyO.exe
  C:\Windows\System\UsBOsyO.exe
  2⤵
  PID:1612
- C:\Windows\System\cTZNQaL.exe
  C:\Windows\System\cTZNQaL.exe
  2⤵
  PID:5680
- C:\Windows\System\JyCwOSg.exe
  C:\Windows\System\JyCwOSg.exe
  2⤵
  PID:5540
- C:\Windows\System\OWxdbOe.exe
  C:\Windows\System\OWxdbOe.exe
  2⤵
  PID:2608
- C:\Windows\System\SvkKqkc.exe
  C:\Windows\System\SvkKqkc.exe
  2⤵
  PID:5776
- C:\Windows\System\pdBhFVK.exe
  C:\Windows\System\pdBhFVK.exe
  2⤵
  PID:4216
- C:\Windows\System\wHpUUYI.exe
  C:\Windows\System\wHpUUYI.exe
  2⤵
  PID:5656
- C:\Windows\System\StywYVn.exe
  C:\Windows\System\StywYVn.exe
  2⤵
  PID:4236
- C:\Windows\System\yybAydG.exe
  C:\Windows\System\yybAydG.exe
  2⤵
  PID:6008
- C:\Windows\System\kBbpAov.exe
  C:\Windows\System\kBbpAov.exe
  2⤵
  PID:5292
- C:\Windows\System\RAgjBGh.exe
  C:\Windows\System\RAgjBGh.exe
  2⤵
  PID:4644
- C:\Windows\System\PdJDiby.exe
  C:\Windows\System\PdJDiby.exe
  2⤵
  PID:2264
- C:\Windows\System\yYelkEn.exe
  C:\Windows\System\yYelkEn.exe
  2⤵
  PID:4664
- C:\Windows\System\EdalXpX.exe
  C:\Windows\System\EdalXpX.exe
  2⤵
  PID:6012
- C:\Windows\System\yRnCtLb.exe
  C:\Windows\System\yRnCtLb.exe
  2⤵
  PID:6152
- C:\Windows\System\xZlxYdt.exe
  C:\Windows\System\xZlxYdt.exe
  2⤵
  PID:6168
- C:\Windows\System\iZdqbyM.exe
  C:\Windows\System\iZdqbyM.exe
  2⤵
  PID:6184
- C:\Windows\System\kZSSyml.exe
  C:\Windows\System\kZSSyml.exe
  2⤵
  PID:6200
- C:\Windows\System\EAEsILy.exe
  C:\Windows\System\EAEsILy.exe
  2⤵
  PID:6216
- C:\Windows\System\tvWxigv.exe
  C:\Windows\System\tvWxigv.exe
  2⤵
  PID:6236
- C:\Windows\System\dUkmcgp.exe
  C:\Windows\System\dUkmcgp.exe
  2⤵
  PID:6252
- C:\Windows\System\tCkmnbX.exe
  C:\Windows\System\tCkmnbX.exe
  2⤵
  PID:6276
- C:\Windows\System\FUDxUsC.exe
  C:\Windows\System\FUDxUsC.exe
  2⤵
  PID:6292
- C:\Windows\System\sXtIiCt.exe
  C:\Windows\System\sXtIiCt.exe
  2⤵
  PID:6308
- C:\Windows\System\upOkXbz.exe
  C:\Windows\System\upOkXbz.exe
  2⤵
  PID:6332
- C:\Windows\System\MpyiuFi.exe
  C:\Windows\System\MpyiuFi.exe
  2⤵
  PID:6352
- C:\Windows\System\EThMmsw.exe
  C:\Windows\System\EThMmsw.exe
  2⤵
  PID:6368
- C:\Windows\System\ARZHwJe.exe
  C:\Windows\System\ARZHwJe.exe
  2⤵
  PID:6388
- C:\Windows\System\dRxyxit.exe
  C:\Windows\System\dRxyxit.exe
  2⤵
  PID:6404
- C:\Windows\System\IXAobpT.exe
  C:\Windows\System\IXAobpT.exe
  2⤵
  PID:6424
- C:\Windows\System\LEqOGMN.exe
  C:\Windows\System\LEqOGMN.exe
  2⤵
  PID:6444
- C:\Windows\System\cKuTlxd.exe
  C:\Windows\System\cKuTlxd.exe
  2⤵
  PID:6464
- C:\Windows\System\wdlpIeH.exe
  C:\Windows\System\wdlpIeH.exe
  2⤵
  PID:6484
- C:\Windows\System\OevEwkz.exe
  C:\Windows\System\OevEwkz.exe
  2⤵
  PID:6500
- C:\Windows\System\TixVqZc.exe
  C:\Windows\System\TixVqZc.exe
  2⤵
  PID:6520
- C:\Windows\System\ZqDWDJm.exe
  C:\Windows\System\ZqDWDJm.exe
  2⤵
  PID:6544
- C:\Windows\System\OoXheBi.exe
  C:\Windows\System\OoXheBi.exe
  2⤵
  PID:6560
- C:\Windows\System\FBvOHeB.exe
  C:\Windows\System\FBvOHeB.exe
  2⤵
  PID:6584
- C:\Windows\System\jmObgqV.exe
  C:\Windows\System\jmObgqV.exe
  2⤵
  PID:6624
- C:\Windows\System\zUzspTT.exe
  C:\Windows\System\zUzspTT.exe
  2⤵
  PID:6640
- C:\Windows\System\EhTPlyM.exe
  C:\Windows\System\EhTPlyM.exe
  2⤵
  PID:6664
- C:\Windows\System\YCSkLmi.exe
  C:\Windows\System\YCSkLmi.exe
  2⤵
  PID:6680
- C:\Windows\System\hDNLykb.exe
  C:\Windows\System\hDNLykb.exe
  2⤵
  PID:6700
- C:\Windows\System\hKhhIJy.exe
  C:\Windows\System\hKhhIJy.exe
  2⤵
  PID:6728
- C:\Windows\System\RnVnlMI.exe
  C:\Windows\System\RnVnlMI.exe
  2⤵
  PID:6744
- C:\Windows\System\wEzkYRd.exe
  C:\Windows\System\wEzkYRd.exe
  2⤵
  PID:6768
- C:\Windows\System\VZfclAQ.exe
  C:\Windows\System\VZfclAQ.exe
  2⤵
  PID:6784
- C:\Windows\System\FZNafcT.exe
  C:\Windows\System\FZNafcT.exe
  2⤵
  PID:6808
- C:\Windows\System\BZKtDGZ.exe
  C:\Windows\System\BZKtDGZ.exe
  2⤵
  PID:6844
- C:\Windows\System\nYbnDAk.exe
  C:\Windows\System\nYbnDAk.exe
  2⤵
  PID:6864
- C:\Windows\System\YHFKzAz.exe
  C:\Windows\System\YHFKzAz.exe
  2⤵
  PID:6880
- C:\Windows\System\WgcHkQZ.exe
  C:\Windows\System\WgcHkQZ.exe
  2⤵
  PID:6908
- C:\Windows\System\rZlBYWI.exe
  C:\Windows\System\rZlBYWI.exe
  2⤵
  PID:6924
- C:\Windows\System\ZwyVfDt.exe
  C:\Windows\System\ZwyVfDt.exe
  2⤵
  PID:6948
- C:\Windows\System\SRCsEMg.exe
  C:\Windows\System\SRCsEMg.exe
  2⤵
  PID:6964
- C:\Windows\System\lCCkgoV.exe
  C:\Windows\System\lCCkgoV.exe
  2⤵
  PID:6992
- C:\Windows\System\jrzvSrZ.exe
  C:\Windows\System\jrzvSrZ.exe
  2⤵
  PID:7008
- C:\Windows\System\aAlwDNo.exe
  C:\Windows\System\aAlwDNo.exe
  2⤵
  PID:7024
- C:\Windows\System\iZAEdWv.exe
  C:\Windows\System\iZAEdWv.exe
  2⤵
  PID:7048
- C:\Windows\System\ZznrHkT.exe
  C:\Windows\System\ZznrHkT.exe
  2⤵
  PID:7080
- C:\Windows\System\RFxJVcb.exe
  C:\Windows\System\RFxJVcb.exe
  2⤵
  PID:7096
- C:\Windows\System\mYrgEsG.exe
  C:\Windows\System\mYrgEsG.exe
  2⤵
  PID:7112
- C:\Windows\System\eOknEzn.exe
  C:\Windows\System\eOknEzn.exe
  2⤵
  PID:7140
- C:\Windows\System\ltmuCqX.exe
  C:\Windows\System\ltmuCqX.exe
  2⤵
  PID:7156
- C:\Windows\System\GygvpHN.exe
  C:\Windows\System\GygvpHN.exe
  2⤵
  PID:2536
- C:\Windows\System\RwblDOQ.exe
  C:\Windows\System\RwblDOQ.exe
  2⤵
  PID:6208
- C:\Windows\System\wRHbDLZ.exe
  C:\Windows\System\wRHbDLZ.exe
  2⤵
  PID:6320
- C:\Windows\System\rphbIWg.exe
  C:\Windows\System\rphbIWg.exe
  2⤵
  PID:2204
- C:\Windows\System\YHwxGpA.exe
  C:\Windows\System\YHwxGpA.exe
  2⤵
  PID:6224
- C:\Windows\System\MhtKgrP.exe
  C:\Windows\System\MhtKgrP.exe
  2⤵
  PID:6396
- C:\Windows\System\nFeNsAK.exe
  C:\Windows\System\nFeNsAK.exe
  2⤵
  PID:6440
- C:\Windows\System\djttiJw.exe
  C:\Windows\System\djttiJw.exe
  2⤵
  PID:6300
- C:\Windows\System\BOSXFWZ.exe
  C:\Windows\System\BOSXFWZ.exe
  2⤵
  PID:6376
- C:\Windows\System\iCjlRQs.exe
  C:\Windows\System\iCjlRQs.exe
  2⤵
  PID:6608
- C:\Windows\System\TBpxiAV.exe
  C:\Windows\System\TBpxiAV.exe
  2⤵
  PID:6420
- C:\Windows\System\mezjmRp.exe
  C:\Windows\System\mezjmRp.exe
  2⤵
  PID:6508
- C:\Windows\System\bqHvUgI.exe
  C:\Windows\System\bqHvUgI.exe
  2⤵
  PID:6592
- C:\Windows\System\zaccCFt.exe
  C:\Windows\System\zaccCFt.exe
  2⤵
  PID:6264
- C:\Windows\System\DEvXpoP.exe
  C:\Windows\System\DEvXpoP.exe
  2⤵
  PID:6616
- C:\Windows\System\zTGAzJP.exe
  C:\Windows\System\zTGAzJP.exe
  2⤵
  PID:6656
- C:\Windows\System\kPkfGKV.exe
  C:\Windows\System\kPkfGKV.exe
  2⤵
  PID:6384
- C:\Windows\System\tpMELVx.exe
  C:\Windows\System\tpMELVx.exe
  2⤵
  PID:6580
- C:\Windows\System\ZaLEuyv.exe
  C:\Windows\System\ZaLEuyv.exe
  2⤵
  PID:6780
- C:\Windows\System\jkbByTT.exe
  C:\Windows\System\jkbByTT.exe
  2⤵
  PID:6836
- C:\Windows\System\umnjGkX.exe
  C:\Windows\System\umnjGkX.exe
  2⤵
  PID:6756
- C:\Windows\System\rlmlARZ.exe
  C:\Windows\System\rlmlARZ.exe
  2⤵
  PID:6764
- C:\Windows\System\scZPrnP.exe
  C:\Windows\System\scZPrnP.exe
  2⤵
  PID:6860
- C:\Windows\System\JLDyQcT.exe
  C:\Windows\System\JLDyQcT.exe
  2⤵
  PID:6888
- C:\Windows\System\lYCEVfo.exe
  C:\Windows\System\lYCEVfo.exe
  2⤵
  PID:6944
- C:\Windows\System\OHuilCu.exe
  C:\Windows\System\OHuilCu.exe
  2⤵
  PID:7000
- C:\Windows\System\zAMiXQM.exe
  C:\Windows\System\zAMiXQM.exe
  2⤵
  PID:7036
- C:\Windows\System\dNIOsfR.exe
  C:\Windows\System\dNIOsfR.exe
  2⤵
  PID:7064
- C:\Windows\System\KruIkas.exe
  C:\Windows\System\KruIkas.exe
  2⤵
  PID:7056
- C:\Windows\System\qywcXzZ.exe
  C:\Windows\System\qywcXzZ.exe
  2⤵
  PID:7088
- C:\Windows\System\EoqDADT.exe
  C:\Windows\System\EoqDADT.exe
  2⤵
  PID:7132
- C:\Windows\System\KkPwGlZ.exe
  C:\Windows\System\KkPwGlZ.exe
  2⤵
  PID:6288
- C:\Windows\System\kvqtDao.exe
  C:\Windows\System\kvqtDao.exe
  2⤵
  PID:6316
- C:\Windows\System\epBWeEp.exe
  C:\Windows\System\epBWeEp.exe
  2⤵
  PID:6432
- C:\Windows\System\NsQInZv.exe
  C:\Windows\System\NsQInZv.exe
  2⤵
  PID:3528
- C:\Windows\System\RsjSwZM.exe
  C:\Windows\System\RsjSwZM.exe
  2⤵
  PID:5720
- C:\Windows\System\gfbCPvz.exe
  C:\Windows\System\gfbCPvz.exe
  2⤵
  PID:6304
- C:\Windows\System\sdvFLFv.exe
  C:\Windows\System\sdvFLFv.exe
  2⤵
  PID:6568
- C:\Windows\System\wffBkKn.exe
  C:\Windows\System\wffBkKn.exe
  2⤵
  PID:6572
- C:\Windows\System\wHxhWlo.exe
  C:\Windows\System\wHxhWlo.exe
  2⤵
  PID:6456
- C:\Windows\System\SwqTMnX.exe
  C:\Windows\System\SwqTMnX.exe
  2⤵
  PID:6612
- C:\Windows\System\MzcfOAq.exe
  C:\Windows\System\MzcfOAq.exe
  2⤵
  PID:6496
- C:\Windows\System\ncHokjM.exe
  C:\Windows\System\ncHokjM.exe
  2⤵
  PID:6724
- C:\Windows\System\BwFoWUD.exe
  C:\Windows\System\BwFoWUD.exe
  2⤵
  PID:6796
- C:\Windows\System\MLQZdLg.exe
  C:\Windows\System\MLQZdLg.exe
  2⤵
  PID:6988
- C:\Windows\System\xzHTCsq.exe
  C:\Windows\System\xzHTCsq.exe
  2⤵
  PID:6904
- C:\Windows\System\nZssAXK.exe
  C:\Windows\System\nZssAXK.exe
  2⤵
  PID:6976
- C:\Windows\System\wPKjUlP.exe
  C:\Windows\System\wPKjUlP.exe
  2⤵
  PID:7072
- C:\Windows\System\AJOeAos.exe
  C:\Windows\System\AJOeAos.exe
  2⤵
  PID:7124
- C:\Windows\System\butahvg.exe
  C:\Windows\System\butahvg.exe
  2⤵
  PID:6176
- C:\Windows\System\ciebYuP.exe
  C:\Windows\System\ciebYuP.exe
  2⤵
  PID:6360
- C:\Windows\System\qwcRgOK.exe
  C:\Windows\System\qwcRgOK.exe
  2⤵
  PID:7148
- C:\Windows\System\UoNknro.exe
  C:\Windows\System\UoNknro.exe
  2⤵
  PID:6416
- C:\Windows\System\PjNiICh.exe
  C:\Windows\System\PjNiICh.exe
  2⤵
  PID:6460
- C:\Windows\System\xkgYYsV.exe
  C:\Windows\System\xkgYYsV.exe
  2⤵
  PID:6344
- C:\Windows\System\orinmBe.exe
  C:\Windows\System\orinmBe.exe
  2⤵
  PID:6540
- C:\Windows\System\pEngMSY.exe
  C:\Windows\System\pEngMSY.exe
  2⤵
  PID:6740
- C:\Windows\System\cCCcAUW.exe
  C:\Windows\System\cCCcAUW.exe
  2⤵
  PID:6688
- C:\Windows\System\sDrIPLk.exe
  C:\Windows\System\sDrIPLk.exe
  2⤵
  PID:6804
- C:\Windows\System\XklFOfs.exe
  C:\Windows\System\XklFOfs.exe
  2⤵
  PID:1960
- C:\Windows\System\MVBDjHF.exe
  C:\Windows\System\MVBDjHF.exe
  2⤵
  PID:6900
- C:\Windows\System\eNdNjwA.exe
  C:\Windows\System\eNdNjwA.exe
  2⤵
  PID:6984
- C:\Windows\System\MbCUkgM.exe
  C:\Windows\System\MbCUkgM.exe
  2⤵
  PID:6980
- C:\Windows\System\fWzJADJ.exe
  C:\Windows\System\fWzJADJ.exe
  2⤵
  PID:7044
- C:\Windows\System\vhKfDhk.exe
  C:\Windows\System\vhKfDhk.exe
  2⤵
  PID:5580
- C:\Windows\System\cGsxdiy.exe
  C:\Windows\System\cGsxdiy.exe
  2⤵
  PID:6284
- C:\Windows\System\YBgHjCc.exe
  C:\Windows\System\YBgHjCc.exe
  2⤵
  PID:6212
- C:\Windows\System\bdYdxhO.exe
  C:\Windows\System\bdYdxhO.exe
  2⤵
  PID:6576
- C:\Windows\System\SWVUFsz.exe
  C:\Windows\System\SWVUFsz.exe
  2⤵
  PID:6712
- C:\Windows\System\ARlbsor.exe
  C:\Windows\System\ARlbsor.exe
  2⤵
  PID:6636
- C:\Windows\System\UVzYYol.exe
  C:\Windows\System\UVzYYol.exe
  2⤵
  PID:6696
- C:\Windows\System\EEKGqnc.exe
  C:\Windows\System\EEKGqnc.exe
  2⤵
  PID:6856
- C:\Windows\System\eARoNyU.exe
  C:\Windows\System\eARoNyU.exe
  2⤵
  PID:6180
- C:\Windows\System\qkZkKTr.exe
  C:\Windows\System\qkZkKTr.exe
  2⤵
  PID:7032
- C:\Windows\System\lxbIiQU.exe
  C:\Windows\System\lxbIiQU.exe
  2⤵
  PID:5152
- C:\Windows\System\wYsemvN.exe
  C:\Windows\System\wYsemvN.exe
  2⤵
  PID:6604
- C:\Windows\System\pXlaPJX.exe
  C:\Windows\System\pXlaPJX.exe
  2⤵
  PID:7120
- C:\Windows\System\mHGsoqW.exe
  C:\Windows\System\mHGsoqW.exe
  2⤵
  PID:6776
- C:\Windows\System\KYqLVFQ.exe
  C:\Windows\System\KYqLVFQ.exe
  2⤵
  PID:5200
- C:\Windows\System\ixxwdsQ.exe
  C:\Windows\System\ixxwdsQ.exe
  2⤵
  PID:7192
- C:\Windows\System\okBjdxf.exe
  C:\Windows\System\okBjdxf.exe
  2⤵
  PID:7208
- C:\Windows\System\NNSFMnW.exe
  C:\Windows\System\NNSFMnW.exe
  2⤵
  PID:7228
- C:\Windows\System\PnLOmLT.exe
  C:\Windows\System\PnLOmLT.exe
  2⤵
  PID:7244
- C:\Windows\System\fDrYedB.exe
  C:\Windows\System\fDrYedB.exe
  2⤵
  PID:7260
- C:\Windows\System\fZjgGzD.exe
  C:\Windows\System\fZjgGzD.exe
  2⤵
  PID:7276
- C:\Windows\System\OcWcelS.exe
  C:\Windows\System\OcWcelS.exe
  2⤵
  PID:7292
- C:\Windows\System\hSnhqeN.exe
  C:\Windows\System\hSnhqeN.exe
  2⤵
  PID:7308
- C:\Windows\System\eihRpwE.exe
  C:\Windows\System\eihRpwE.exe
  2⤵
  PID:7324
- C:\Windows\System\fsqTfSj.exe
  C:\Windows\System\fsqTfSj.exe
  2⤵
  PID:7340
- C:\Windows\System\tCYZVTH.exe
  C:\Windows\System\tCYZVTH.exe
  2⤵
  PID:7356
- C:\Windows\System\iifFBaH.exe
  C:\Windows\System\iifFBaH.exe
  2⤵
  PID:7372
- C:\Windows\System\UbMHYRF.exe
  C:\Windows\System\UbMHYRF.exe
  2⤵
  PID:7388
- C:\Windows\System\TgdCFwW.exe
  C:\Windows\System\TgdCFwW.exe
  2⤵
  PID:7404
- C:\Windows\System\rJYtejb.exe
  C:\Windows\System\rJYtejb.exe
  2⤵
  PID:7420
- C:\Windows\System\qOVUeGy.exe
  C:\Windows\System\qOVUeGy.exe
  2⤵
  PID:7436
- C:\Windows\System\MpUiUrw.exe
  C:\Windows\System\MpUiUrw.exe
  2⤵
  PID:7452
- C:\Windows\System\lLuMbFK.exe
  C:\Windows\System\lLuMbFK.exe
  2⤵
  PID:7468
- C:\Windows\System\nnpzczD.exe
  C:\Windows\System\nnpzczD.exe
  2⤵
  PID:7484
- C:\Windows\System\GdQpRaO.exe
  C:\Windows\System\GdQpRaO.exe
  2⤵
  PID:7500
- C:\Windows\System\YnRQBsL.exe
  C:\Windows\System\YnRQBsL.exe
  2⤵
  PID:7516
- C:\Windows\System\SvpnnHU.exe
  C:\Windows\System\SvpnnHU.exe
  2⤵
  PID:7532
- C:\Windows\System\MtsIYOR.exe
  C:\Windows\System\MtsIYOR.exe
  2⤵
  PID:7548
- C:\Windows\System\cGUqFij.exe
  C:\Windows\System\cGUqFij.exe
  2⤵
  PID:7564
- C:\Windows\System\VOQzSSg.exe
  C:\Windows\System\VOQzSSg.exe
  2⤵
  PID:7580
- C:\Windows\System\ehoOLKH.exe
  C:\Windows\System\ehoOLKH.exe
  2⤵
  PID:7596
- C:\Windows\System\BuQRRZD.exe
  C:\Windows\System\BuQRRZD.exe
  2⤵
  PID:7612
- C:\Windows\System\lUOpUkp.exe
  C:\Windows\System\lUOpUkp.exe
  2⤵
  PID:7628
- C:\Windows\System\TfwaJUS.exe
  C:\Windows\System\TfwaJUS.exe
  2⤵
  PID:7648
- C:\Windows\System\wjFVDPg.exe
  C:\Windows\System\wjFVDPg.exe
  2⤵
  PID:7664
- C:\Windows\System\vdEXfkX.exe
  C:\Windows\System\vdEXfkX.exe
  2⤵
  PID:7680
- C:\Windows\System\zGpTiCp.exe
  C:\Windows\System\zGpTiCp.exe
  2⤵
  PID:7696
- C:\Windows\System\zlBZasy.exe
  C:\Windows\System\zlBZasy.exe
  2⤵
  PID:7712
- C:\Windows\System\ViNRmZw.exe
  C:\Windows\System\ViNRmZw.exe
  2⤵
  PID:7728
- C:\Windows\System\dijZaZO.exe
  C:\Windows\System\dijZaZO.exe
  2⤵
  PID:7744
- C:\Windows\System\XpNELKf.exe
  C:\Windows\System\XpNELKf.exe
  2⤵
  PID:7760
- C:\Windows\System\Rtolcko.exe
  C:\Windows\System\Rtolcko.exe
  2⤵
  PID:7776
- C:\Windows\System\laiYPya.exe
  C:\Windows\System\laiYPya.exe
  2⤵
  PID:7792
- C:\Windows\System\uuNQoGQ.exe
  C:\Windows\System\uuNQoGQ.exe
  2⤵
  PID:7808
- C:\Windows\System\JlBebXI.exe
  C:\Windows\System\JlBebXI.exe
  2⤵
  PID:7824
- C:\Windows\System\fgslmbL.exe
  C:\Windows\System\fgslmbL.exe
  2⤵
  PID:7840
- C:\Windows\System\qfitnBn.exe
  C:\Windows\System\qfitnBn.exe
  2⤵
  PID:7856
- C:\Windows\System\FPOSuPh.exe
  C:\Windows\System\FPOSuPh.exe
  2⤵
  PID:7872
- C:\Windows\System\rkXevZo.exe
  C:\Windows\System\rkXevZo.exe
  2⤵
  PID:7888
- C:\Windows\System\rztxsrD.exe
  C:\Windows\System\rztxsrD.exe
  2⤵
  PID:7904
- C:\Windows\System\vdOJLbf.exe
  C:\Windows\System\vdOJLbf.exe
  2⤵
  PID:7920
- C:\Windows\System\RCFmwjp.exe
  C:\Windows\System\RCFmwjp.exe
  2⤵
  PID:7936
- C:\Windows\System\nNOPZNR.exe
  C:\Windows\System\nNOPZNR.exe
  2⤵
  PID:7952
- C:\Windows\System\dfSOsKW.exe
  C:\Windows\System\dfSOsKW.exe
  2⤵
  PID:7968
- C:\Windows\System\GaABUGR.exe
  C:\Windows\System\GaABUGR.exe
  2⤵
  PID:7984
- C:\Windows\System\kvYPnpg.exe
  C:\Windows\System\kvYPnpg.exe
  2⤵
  PID:8000
- C:\Windows\System\PbPAdOT.exe
  C:\Windows\System\PbPAdOT.exe
  2⤵
  PID:8016
- C:\Windows\System\sHiczgm.exe
  C:\Windows\System\sHiczgm.exe
  2⤵
  PID:8032
- C:\Windows\System\UVfAlkt.exe
  C:\Windows\System\UVfAlkt.exe
  2⤵
  PID:8048
- C:\Windows\System\odPtTaZ.exe
  C:\Windows\System\odPtTaZ.exe
  2⤵
  PID:8064
- C:\Windows\System\CCyLVkN.exe
  C:\Windows\System\CCyLVkN.exe
  2⤵
  PID:8084
- C:\Windows\System\bxPcxer.exe
  C:\Windows\System\bxPcxer.exe
  2⤵
  PID:8100
- C:\Windows\System\qjTkwlF.exe
  C:\Windows\System\qjTkwlF.exe
  2⤵
  PID:8116
- C:\Windows\System\cnHdDiH.exe
  C:\Windows\System\cnHdDiH.exe
  2⤵
  PID:8132
- C:\Windows\System\qNebfSm.exe
  C:\Windows\System\qNebfSm.exe
  2⤵
  PID:8148
- C:\Windows\System\DEkILYO.exe
  C:\Windows\System\DEkILYO.exe
  2⤵
  PID:8164
- C:\Windows\System\axktwYi.exe
  C:\Windows\System\axktwYi.exe
  2⤵
  PID:8180
- C:\Windows\System\GfVYghi.exe
  C:\Windows\System\GfVYghi.exe
  2⤵
  PID:6832
- C:\Windows\System\caxReZa.exe
  C:\Windows\System\caxReZa.exe
  2⤵
  PID:6960
- C:\Windows\System\BXYscgJ.exe
  C:\Windows\System\BXYscgJ.exe
  2⤵
  PID:7200
- C:\Windows\System\LeOeFYS.exe
  C:\Windows\System\LeOeFYS.exe
  2⤵
  PID:7236
- C:\Windows\System\KwXNChw.exe
  C:\Windows\System\KwXNChw.exe
  2⤵
  PID:7288
- C:\Windows\System\VQUfMSb.exe
  C:\Windows\System\VQUfMSb.exe
  2⤵
  PID:7380
- C:\Windows\System\hTmxmzY.exe
  C:\Windows\System\hTmxmzY.exe
  2⤵
  PID:7336
- C:\Windows\System\MbAmkjb.exe
  C:\Windows\System\MbAmkjb.exe
  2⤵
  PID:7428
- C:\Windows\System\oGjsmqL.exe
  C:\Windows\System\oGjsmqL.exe
  2⤵
  PID:7556
- C:\Windows\System\gqfFyhJ.exe
  C:\Windows\System\gqfFyhJ.exe
  2⤵
  PID:7672
- C:\Windows\System\vRdccWY.exe
  C:\Windows\System\vRdccWY.exe
  2⤵
  PID:7592
- C:\Windows\System\rVElqQn.exe
  C:\Windows\System\rVElqQn.exe
  2⤵
  PID:7768
- C:\Windows\System\THuzkod.exe
  C:\Windows\System\THuzkod.exe
  2⤵
  PID:7624
- C:\Windows\System\cvEdSVB.exe
  C:\Windows\System\cvEdSVB.exe
  2⤵
  PID:7692
- C:\Windows\System\JKezBKC.exe
  C:\Windows\System\JKezBKC.exe
  2⤵
  PID:7756
- C:\Windows\System\ECQYhXk.exe
  C:\Windows\System\ECQYhXk.exe
  2⤵
  PID:7944
- C:\Windows\System\QvmGWEI.exe
  C:\Windows\System\QvmGWEI.exe
  2⤵
  PID:7992
- C:\Windows\System\HtfPQcy.exe
  C:\Windows\System\HtfPQcy.exe
  2⤵
  PID:8056
- C:\Windows\System\iFPAOqW.exe
  C:\Windows\System\iFPAOqW.exe
  2⤵
  PID:7588
- C:\Windows\System\xhMBuLV.exe
  C:\Windows\System\xhMBuLV.exe
  2⤵
  PID:7752
- C:\Windows\System\PidqHCi.exe
  C:\Windows\System\PidqHCi.exe
  2⤵
  PID:7416
- C:\Windows\System\UpGuWpR.exe
  C:\Windows\System\UpGuWpR.exe
  2⤵
  PID:7448
- C:\Windows\System\sAPVyLv.exe
  C:\Windows\System\sAPVyLv.exe
  2⤵
  PID:7540
- C:\Windows\System\saLJQcc.exe
  C:\Windows\System\saLJQcc.exe
  2⤵
  PID:7608
- C:\Windows\System\DEGQUdl.exe
  C:\Windows\System\DEGQUdl.exe
  2⤵
  PID:7220
- C:\Windows\System\CunKhGH.exe
  C:\Windows\System\CunKhGH.exe
  2⤵
  PID:7820
- C:\Windows\System\uVkBXff.exe
  C:\Windows\System\uVkBXff.exe
  2⤵
  PID:7900
- C:\Windows\System\dzZDfGQ.exe
  C:\Windows\System\dzZDfGQ.exe
  2⤵
  PID:7884
- C:\Windows\System\YGfSQSm.exe
  C:\Windows\System\YGfSQSm.exe
  2⤵
  PID:7816
- C:\Windows\System\uIBzySt.exe
  C:\Windows\System\uIBzySt.exe
  2⤵
  PID:8096
- C:\Windows\System\ggifrrV.exe
  C:\Windows\System\ggifrrV.exe
  2⤵
  PID:8008
- C:\Windows\System\TOLALEi.exe
  C:\Windows\System\TOLALEi.exe
  2⤵
  PID:8076
- C:\Windows\System\oYmnWeq.exe
  C:\Windows\System\oYmnWeq.exe
  2⤵
  PID:8160
- C:\Windows\System\JoFJIsl.exe
  C:\Windows\System\JoFJIsl.exe
  2⤵
  PID:8172
- C:\Windows\System\eDxInBI.exe
  C:\Windows\System\eDxInBI.exe
  2⤵
  PID:7184
- C:\Windows\System\NhgrbxW.exe
  C:\Windows\System\NhgrbxW.exe
  2⤵
  PID:8080
- C:\Windows\System\uPrCUrZ.exe
  C:\Windows\System\uPrCUrZ.exe
  2⤵
  PID:7348
- C:\Windows\System\HvxykMS.exe
  C:\Windows\System\HvxykMS.exe
  2⤵
  PID:7268
- C:\Windows\System\WhGAwmH.exe
  C:\Windows\System\WhGAwmH.exe
  2⤵
  PID:7464
- C:\Windows\System\akzcSbX.exe
  C:\Windows\System\akzcSbX.exe
  2⤵
  PID:7708
- C:\Windows\System\lQfSRgj.exe
  C:\Windows\System\lQfSRgj.exe
  2⤵
  PID:7400
- C:\Windows\System\TkdAHBQ.exe
  C:\Windows\System\TkdAHBQ.exe
  2⤵
  PID:7512
- C:\Windows\System\mFWZYfn.exe
  C:\Windows\System\mFWZYfn.exe
  2⤵
  PID:7572
- C:\Windows\System\ZrUARXj.exe
  C:\Windows\System\ZrUARXj.exe
  2⤵
  PID:7660
- C:\Windows\System\AMhMbKW.exe
  C:\Windows\System\AMhMbKW.exe
  2⤵
  PID:556
- C:\Windows\System\yxFMMBE.exe
  C:\Windows\System\yxFMMBE.exe
  2⤵
  PID:1920
- C:\Windows\System\dPpJDaH.exe
  C:\Windows\System\dPpJDaH.exe
  2⤵
  PID:7916
- C:\Windows\System\XIsMSxc.exe
  C:\Windows\System\XIsMSxc.exe
  2⤵
  PID:7928
- C:\Windows\System\IqVXEzC.exe
  C:\Windows\System\IqVXEzC.exe
  2⤵
  PID:8188
- C:\Windows\System\FJuypFA.exe
  C:\Windows\System\FJuypFA.exe
  2⤵
  PID:7736
- C:\Windows\System\jwZCiCF.exe
  C:\Windows\System\jwZCiCF.exe
  2⤵
  PID:8156
- C:\Windows\System\DgIpamX.exe
  C:\Windows\System\DgIpamX.exe
  2⤵
  PID:8144
- C:\Windows\System\fossiMM.exe
  C:\Windows\System\fossiMM.exe
  2⤵
  PID:7256
- C:\Windows\System\bKPlZUE.exe
  C:\Windows\System\bKPlZUE.exe
  2⤵
  PID:7300
- C:\Windows\System\QnsvgjG.exe
  C:\Windows\System\QnsvgjG.exe
  2⤵
  PID:7528
- C:\Windows\System\GISUXqH.exe
  C:\Windows\System\GISUXqH.exe
  2⤵
  PID:7444
- C:\Windows\System\bkhzkFD.exe
  C:\Windows\System\bkhzkFD.exe
  2⤵
  PID:7964
- C:\Windows\System\vVdYCoe.exe
  C:\Windows\System\vVdYCoe.exe
  2⤵
  PID:7880
- C:\Windows\System\CCibtyG.exe
  C:\Windows\System\CCibtyG.exe
  2⤵
  PID:8072
- C:\Windows\System\LAkjDUa.exe
  C:\Windows\System\LAkjDUa.exe
  2⤵
  PID:8108
- C:\Windows\System\JswUtIM.exe
  C:\Windows\System\JswUtIM.exe
  2⤵
  PID:7788
- C:\Windows\System\IlzbyRU.exe
  C:\Windows\System\IlzbyRU.exe
  2⤵
  PID:7644
- C:\Windows\System\ZSAUnRQ.exe
  C:\Windows\System\ZSAUnRQ.exe
  2⤵
  PID:7188
- C:\Windows\System\LuJezgA.exe
  C:\Windows\System\LuJezgA.exe
  2⤵
  PID:7804
- C:\Windows\System\JziNmpZ.exe
  C:\Windows\System\JziNmpZ.exe
  2⤵
  PID:7724
- C:\Windows\System\jFCWupJ.exe
  C:\Windows\System\jFCWupJ.exe
  2⤵
  PID:7176
- C:\Windows\System\sUMZeVI.exe
  C:\Windows\System\sUMZeVI.exe
  2⤵
  PID:8212
- C:\Windows\System\zOOvhWK.exe
  C:\Windows\System\zOOvhWK.exe
  2⤵
  PID:8228
- C:\Windows\System\hIPHHnL.exe
  C:\Windows\System\hIPHHnL.exe
  2⤵
  PID:8244
- C:\Windows\System\ekjKwCx.exe
  C:\Windows\System\ekjKwCx.exe
  2⤵
  PID:8260
- C:\Windows\System\tdoZGZU.exe
  C:\Windows\System\tdoZGZU.exe
  2⤵
  PID:8276
- C:\Windows\System\FFzxYwa.exe
  C:\Windows\System\FFzxYwa.exe
  2⤵
  PID:8292
- C:\Windows\System\zhxdZFD.exe
  C:\Windows\System\zhxdZFD.exe
  2⤵
  PID:8308
- C:\Windows\System\mzDnqfN.exe
  C:\Windows\System\mzDnqfN.exe
  2⤵
  PID:8324
- C:\Windows\System\RkuYhdH.exe
  C:\Windows\System\RkuYhdH.exe
  2⤵
  PID:8340
- C:\Windows\System\RJeVIKc.exe
  C:\Windows\System\RJeVIKc.exe
  2⤵
  PID:8356
- C:\Windows\System\vCfYDRs.exe
  C:\Windows\System\vCfYDRs.exe
  2⤵
  PID:8372
- C:\Windows\System\HbiVVqu.exe
  C:\Windows\System\HbiVVqu.exe
  2⤵
  PID:8388
- C:\Windows\System\cgryhWQ.exe
  C:\Windows\System\cgryhWQ.exe
  2⤵
  PID:8404
- C:\Windows\System\azpQecV.exe
  C:\Windows\System\azpQecV.exe
  2⤵
  PID:8420
- C:\Windows\System\CZtktbn.exe
  C:\Windows\System\CZtktbn.exe
  2⤵
  PID:8436
- C:\Windows\System\CygYnDf.exe
  C:\Windows\System\CygYnDf.exe
  2⤵
  PID:8456
- C:\Windows\System\QyHUxTY.exe
  C:\Windows\System\QyHUxTY.exe
  2⤵
  PID:8472
- C:\Windows\System\TkOZiCm.exe
  C:\Windows\System\TkOZiCm.exe
  2⤵
  PID:8492
- C:\Windows\System\VWwwRBX.exe
  C:\Windows\System\VWwwRBX.exe
  2⤵
  PID:8524
- C:\Windows\System\GmEvVKq.exe
  C:\Windows\System\GmEvVKq.exe
  2⤵
  PID:8540
- C:\Windows\System\PXQRclM.exe
  C:\Windows\System\PXQRclM.exe
  2⤵
  PID:8556
- C:\Windows\System\qQTssLy.exe
  C:\Windows\System\qQTssLy.exe
  2⤵
  PID:8572
- C:\Windows\System\jIZNmhR.exe
  C:\Windows\System\jIZNmhR.exe
  2⤵
  PID:8592
- C:\Windows\System\SLdQOFZ.exe
  C:\Windows\System\SLdQOFZ.exe
  2⤵
  PID:8608
- C:\Windows\System\AIpkTLp.exe
  C:\Windows\System\AIpkTLp.exe
  2⤵
  PID:8624
- C:\Windows\System\NqCfGpP.exe
  C:\Windows\System\NqCfGpP.exe
  2⤵
  PID:8640
- C:\Windows\System\CMOJEOd.exe
  C:\Windows\System\CMOJEOd.exe
  2⤵
  PID:8656
- C:\Windows\System\kjvlPLg.exe
  C:\Windows\System\kjvlPLg.exe
  2⤵
  PID:8672
- C:\Windows\System\PezGCxm.exe
  C:\Windows\System\PezGCxm.exe
  2⤵
  PID:8688
- C:\Windows\System\LZKNBYr.exe
  C:\Windows\System\LZKNBYr.exe
  2⤵
  PID:8704
- C:\Windows\System\etFQrxV.exe
  C:\Windows\System\etFQrxV.exe
  2⤵
  PID:8720
- C:\Windows\System\GkIxXaf.exe
  C:\Windows\System\GkIxXaf.exe
  2⤵
  PID:8736
- C:\Windows\System\FoazBot.exe
  C:\Windows\System\FoazBot.exe
  2⤵
  PID:8752
- C:\Windows\System\uqWQpWJ.exe
  C:\Windows\System\uqWQpWJ.exe
  2⤵
  PID:8768
- C:\Windows\System\IafhRVU.exe
  C:\Windows\System\IafhRVU.exe
  2⤵
  PID:8784
- C:\Windows\System\TuqhMLw.exe
  C:\Windows\System\TuqhMLw.exe
  2⤵
  PID:8800
- C:\Windows\System\ieQhQLM.exe
  C:\Windows\System\ieQhQLM.exe
  2⤵
  PID:8816
- C:\Windows\System\UlihnFQ.exe
  C:\Windows\System\UlihnFQ.exe
  2⤵
  PID:8832
- C:\Windows\System\rudJZgQ.exe
  C:\Windows\System\rudJZgQ.exe
  2⤵
  PID:8848
- C:\Windows\System\wYcYLHl.exe
  C:\Windows\System\wYcYLHl.exe
  2⤵
  PID:8864
- C:\Windows\System\aBRdQBW.exe
  C:\Windows\System\aBRdQBW.exe
  2⤵
  PID:8880
- C:\Windows\System\qhqtHFt.exe
  C:\Windows\System\qhqtHFt.exe
  2⤵
  PID:8896
- C:\Windows\System\xQzbkYw.exe
  C:\Windows\System\xQzbkYw.exe
  2⤵
  PID:8912
- C:\Windows\System\pxnyAPz.exe
  C:\Windows\System\pxnyAPz.exe
  2⤵
  PID:8928
- C:\Windows\System\ZxQjRoE.exe
  C:\Windows\System\ZxQjRoE.exe
  2⤵
  PID:8944
- C:\Windows\System\SvzwyNx.exe
  C:\Windows\System\SvzwyNx.exe
  2⤵
  PID:8960
- C:\Windows\System\UpyiddZ.exe
  C:\Windows\System\UpyiddZ.exe
  2⤵
  PID:8976
- C:\Windows\System\ZiZzKRI.exe
  C:\Windows\System\ZiZzKRI.exe
  2⤵
  PID:8996
- C:\Windows\System\lwBcGgE.exe
  C:\Windows\System\lwBcGgE.exe
  2⤵
  PID:9012
- C:\Windows\System\eQbgLSS.exe
  C:\Windows\System\eQbgLSS.exe
  2⤵
  PID:9028
- C:\Windows\System\kcmjhiC.exe
  C:\Windows\System\kcmjhiC.exe
  2⤵
  PID:9044
- C:\Windows\System\bQFHXQp.exe
  C:\Windows\System\bQFHXQp.exe
  2⤵
  PID:9060
- C:\Windows\System\qswYxxQ.exe
  C:\Windows\System\qswYxxQ.exe
  2⤵
  PID:9076
- C:\Windows\System\NPCtUOf.exe
  C:\Windows\System\NPCtUOf.exe
  2⤵
  PID:9096
- C:\Windows\System\vbFSrOt.exe
  C:\Windows\System\vbFSrOt.exe
  2⤵
  PID:9112
- C:\Windows\System\KNPzarE.exe
  C:\Windows\System\KNPzarE.exe
  2⤵
  PID:9128
- C:\Windows\System\OWuGQJg.exe
  C:\Windows\System\OWuGQJg.exe
  2⤵
  PID:9144
- C:\Windows\System\fSsgbbZ.exe
  C:\Windows\System\fSsgbbZ.exe
  2⤵
  PID:9164
- C:\Windows\System\jHgvifu.exe
  C:\Windows\System\jHgvifu.exe
  2⤵
  PID:9188
- C:\Windows\System\CMYQgaA.exe
  C:\Windows\System\CMYQgaA.exe
  2⤵
  PID:9212
- C:\Windows\System\VBbOoRz.exe
  C:\Windows\System\VBbOoRz.exe
  2⤵
  PID:8220
- C:\Windows\System\BTGiweV.exe
  C:\Windows\System\BTGiweV.exe
  2⤵
  PID:7896
- C:\Windows\System\JroKuQL.exe
  C:\Windows\System\JroKuQL.exe
  2⤵
  PID:8268
- C:\Windows\System\puPGDFx.exe
  C:\Windows\System\puPGDFx.exe
  2⤵
  PID:8300
- C:\Windows\System\nhmClNT.exe
  C:\Windows\System\nhmClNT.exe
  2⤵
  PID:8316
- C:\Windows\System\CrKfgwX.exe
  C:\Windows\System\CrKfgwX.exe
  2⤵
  PID:8336
- C:\Windows\System\fqWwJgs.exe
  C:\Windows\System\fqWwJgs.exe
  2⤵
  PID:8428
- C:\Windows\System\YwKRLQz.exe
  C:\Windows\System\YwKRLQz.exe
  2⤵
  PID:8380
- C:\Windows\System\HxCcrWp.exe
  C:\Windows\System\HxCcrWp.exe
  2⤵
  PID:7252
- C:\Windows\System\iGSUSHY.exe
  C:\Windows\System\iGSUSHY.exe
  2⤵
  PID:2068
- C:\Windows\System\yiEOpei.exe
  C:\Windows\System\yiEOpei.exe
  2⤵
  PID:2116
- C:\Windows\System\ZaulpFf.exe
  C:\Windows\System\ZaulpFf.exe
  2⤵
  PID:2108
- C:\Windows\System\aKEAdRO.exe
  C:\Windows\System\aKEAdRO.exe
  2⤵
  PID:2092
- C:\Windows\System\BpXILMe.exe
  C:\Windows\System\BpXILMe.exe
  2⤵
  PID:8508
- C:\Windows\System\VuKfvVw.exe
  C:\Windows\System\VuKfvVw.exe
  2⤵
  PID:8520
- C:\Windows\System\fnReegy.exe
  C:\Windows\System\fnReegy.exe
  2⤵
  PID:8580
- C:\Windows\System\lefLmrE.exe
  C:\Windows\System\lefLmrE.exe
  2⤵
  PID:8488
- C:\Windows\System\cnHMuXk.exe
  C:\Windows\System\cnHMuXk.exe
  2⤵
  PID:8648
- C:\Windows\System\bXNzJDy.exe
  C:\Windows\System\bXNzJDy.exe
  2⤵
  PID:8568
- C:\Windows\System\XQBpBcq.exe
  C:\Windows\System\XQBpBcq.exe
  2⤵
  PID:8632
- C:\Windows\System\ueAjiic.exe
  C:\Windows\System\ueAjiic.exe
  2⤵
  PID:8712
- C:\Windows\System\UxvgyMn.exe
  C:\Windows\System\UxvgyMn.exe
  2⤵
  PID:8696
- C:\Windows\System\ZIyUEbt.exe
  C:\Windows\System\ZIyUEbt.exe
  2⤵
  PID:8780
- C:\Windows\System\rxUFStG.exe
  C:\Windows\System\rxUFStG.exe
  2⤵
  PID:8728
- C:\Windows\System\IrsvJTG.exe
  C:\Windows\System\IrsvJTG.exe
  2⤵
  PID:8840
- C:\Windows\System\dLPzJzQ.exe
  C:\Windows\System\dLPzJzQ.exe
  2⤵
  PID:8828
- C:\Windows\System\rSxbvjL.exe
  C:\Windows\System\rSxbvjL.exe
  2⤵
  PID:1584
- C:\Windows\System\kTbNLQk.exe
  C:\Windows\System\kTbNLQk.exe
  2⤵
  PID:8904
- C:\Windows\System\lmDQlYW.exe
  C:\Windows\System\lmDQlYW.exe
  2⤵
  PID:8936
- C:\Windows\System\UUWaSkG.exe
  C:\Windows\System\UUWaSkG.exe
  2⤵
  PID:8968
- C:\Windows\System\xYHqHiq.exe
  C:\Windows\System\xYHqHiq.exe
  2⤵
  PID:8992
- C:\Windows\System\bXxYhYm.exe
  C:\Windows\System\bXxYhYm.exe
  2⤵
  PID:9072
- C:\Windows\System\PyfYpEL.exe
  C:\Windows\System\PyfYpEL.exe
  2⤵
  PID:9020
- C:\Windows\System\CPyiFlg.exe
  C:\Windows\System\CPyiFlg.exe
  2⤵
  PID:9140
- C:\Windows\System\vzdiuCT.exe
  C:\Windows\System\vzdiuCT.exe
  2⤵
  PID:9120
- C:\Windows\System\smacpse.exe
  C:\Windows\System\smacpse.exe
  2⤵
  PID:9052
- C:\Windows\System\UNgbOwe.exe
  C:\Windows\System\UNgbOwe.exe
  2⤵
  PID:9160
- C:\Windows\System\OUSHfGR.exe
  C:\Windows\System\OUSHfGR.exe
  2⤵
  PID:8044
- C:\Windows\System\BjaUHip.exe
  C:\Windows\System\BjaUHip.exe
  2⤵
  PID:8236
- C:\Windows\System\XrMEFEh.exe
  C:\Windows\System\XrMEFEh.exe
  2⤵
  PID:8288
- C:\Windows\System\HwNxBEF.exe
  C:\Windows\System\HwNxBEF.exe
  2⤵
  PID:8396
- C:\Windows\System\hPSqjVo.exe
  C:\Windows\System\hPSqjVo.exe
  2⤵
  PID:8352
- C:\Windows\System\SwdZnNw.exe
  C:\Windows\System\SwdZnNw.exe
  2⤵
  PID:8416
- C:\Windows\System\GVHaWFj.exe
  C:\Windows\System\GVHaWFj.exe
  2⤵
  PID:2112
- C:\Windows\System\VBOmPJs.exe
  C:\Windows\System\VBOmPJs.exe
  2⤵
  PID:1172
- C:\Windows\System\KBamGfE.exe
  C:\Windows\System\KBamGfE.exe
  2⤵
  PID:8684
- C:\Windows\System\stIquKm.exe
  C:\Windows\System\stIquKm.exe
  2⤵
  PID:8620
- C:\Windows\System\MBKRuiU.exe
  C:\Windows\System\MBKRuiU.exe
  2⤵
  PID:8604
- C:\Windows\System\cQqzUCu.exe
  C:\Windows\System\cQqzUCu.exe
  2⤵
  PID:8732
- C:\Windows\System\axgMBKg.exe
  C:\Windows\System\axgMBKg.exe
  2⤵
  PID:1484
- C:\Windows\System\glNVlAo.exe
  C:\Windows\System\glNVlAo.exe
  2⤵
  PID:8872
- C:\Windows\System\jSDWegl.exe
  C:\Windows\System\jSDWegl.exe
  2⤵
  PID:8952
- C:\Windows\System\zDbWQMP.exe
  C:\Windows\System\zDbWQMP.exe
  2⤵
  PID:9136
- C:\Windows\System\gKeytiG.exe
  C:\Windows\System\gKeytiG.exe
  2⤵
  PID:9176
- C:\Windows\System\cVLVXgc.exe
  C:\Windows\System\cVLVXgc.exe
  2⤵
  PID:9108
- C:\Windows\System\LiTavdh.exe
  C:\Windows\System\LiTavdh.exe
  2⤵
  PID:8536
- C:\Windows\System\ZHUTTrP.exe
  C:\Windows\System\ZHUTTrP.exe
  2⤵
  PID:8616
- C:\Windows\System\Tlznfjq.exe
  C:\Windows\System\Tlznfjq.exe
  2⤵
  PID:8468
- C:\Windows\System\rVqmFNN.exe
  C:\Windows\System\rVqmFNN.exe
  2⤵
  PID:9004
- C:\Windows\System\ngItnyr.exe
  C:\Windows\System\ngItnyr.exe
  2⤵
  PID:9324
- C:\Windows\System\ZSXChFQ.exe
  C:\Windows\System\ZSXChFQ.exe
  2⤵
  PID:9360
- C:\Windows\System\FOjAHCJ.exe
  C:\Windows\System\FOjAHCJ.exe
  2⤵
  PID:9380
- C:\Windows\System\IEXcYQh.exe
  C:\Windows\System\IEXcYQh.exe
  2⤵
  PID:9396
- C:\Windows\System\pbPxzlc.exe
  C:\Windows\System\pbPxzlc.exe
  2⤵
  PID:9428
- C:\Windows\System\risfltv.exe
  C:\Windows\System\risfltv.exe
  2⤵
  PID:9448
- C:\Windows\System\TTNMTSl.exe
  C:\Windows\System\TTNMTSl.exe
  2⤵
  PID:9464
- C:\Windows\System\xmekQvU.exe
  C:\Windows\System\xmekQvU.exe
  2⤵
  PID:9480
- C:\Windows\System\QkGobBy.exe
  C:\Windows\System\QkGobBy.exe
  2⤵
  PID:9516
- C:\Windows\System\bStlPpF.exe
  C:\Windows\System\bStlPpF.exe
  2⤵
  PID:9532
- C:\Windows\System\HPoxYSd.exe
  C:\Windows\System\HPoxYSd.exe
  2⤵
  PID:9548
- C:\Windows\System\fFtwPhR.exe
  C:\Windows\System\fFtwPhR.exe
  2⤵
  PID:9600
- C:\Windows\System\iYfMAgw.exe
  C:\Windows\System\iYfMAgw.exe
  2⤵
  PID:9628
- C:\Windows\System\UCmlbfb.exe
  C:\Windows\System\UCmlbfb.exe
  2⤵
  PID:9652
- C:\Windows\System\kjrLmsm.exe
  C:\Windows\System\kjrLmsm.exe
  2⤵
  PID:9668
- C:\Windows\System\FwQQIUg.exe
  C:\Windows\System\FwQQIUg.exe
  2⤵
  PID:9684
- C:\Windows\System\zKngBvx.exe
  C:\Windows\System\zKngBvx.exe
  2⤵
  PID:9704
- C:\Windows\System\IoLxCUX.exe
  C:\Windows\System\IoLxCUX.exe
  2⤵
  PID:9720
- C:\Windows\System\wYHGBhB.exe
  C:\Windows\System\wYHGBhB.exe
  2⤵
  PID:9740
- C:\Windows\System\aINcWoO.exe
  C:\Windows\System\aINcWoO.exe
  2⤵
  PID:9756
- C:\Windows\System\KzhDlEG.exe
  C:\Windows\System\KzhDlEG.exe
  2⤵
  PID:9792
- C:\Windows\System\tTbbHTQ.exe
  C:\Windows\System\tTbbHTQ.exe
  2⤵
  PID:9808
- C:\Windows\System\FruwoXr.exe
  C:\Windows\System\FruwoXr.exe
  2⤵
  PID:9824
- C:\Windows\System\xMGuIup.exe
  C:\Windows\System\xMGuIup.exe
  2⤵
  PID:9840
- C:\Windows\System\aMkckiJ.exe
  C:\Windows\System\aMkckiJ.exe
  2⤵
  PID:9860
- C:\Windows\System\wJuEpWk.exe
  C:\Windows\System\wJuEpWk.exe
  2⤵
  PID:9880
- C:\Windows\System\uvHBSJm.exe
  C:\Windows\System\uvHBSJm.exe
  2⤵
  PID:9896
- C:\Windows\System\rwvEzlr.exe
  C:\Windows\System\rwvEzlr.exe
  2⤵
  PID:9936
- C:\Windows\System\JdxsZNu.exe
  C:\Windows\System\JdxsZNu.exe
  2⤵
  PID:9952
- C:\Windows\System\LFbYjxS.exe
  C:\Windows\System\LFbYjxS.exe
  2⤵
  PID:9968
- C:\Windows\System\TYBrpSN.exe
  C:\Windows\System\TYBrpSN.exe
  2⤵
  PID:9984
- C:\Windows\System\XJLpVDl.exe
  C:\Windows\System\XJLpVDl.exe
  2⤵
  PID:10000
- C:\Windows\System\sEQFwDo.exe
  C:\Windows\System\sEQFwDo.exe
  2⤵
  PID:10016
- C:\Windows\System\TjDsNbG.exe
  C:\Windows\System\TjDsNbG.exe
  2⤵
  PID:10032
- C:\Windows\System\tCgPpGv.exe
  C:\Windows\System\tCgPpGv.exe
  2⤵
  PID:10048
- C:\Windows\System\PRcLXSj.exe
  C:\Windows\System\PRcLXSj.exe
  2⤵
  PID:10064
- C:\Windows\System\VtIUKQv.exe
  C:\Windows\System\VtIUKQv.exe
  2⤵
  PID:10080
- C:\Windows\System\mAuQkKu.exe
  C:\Windows\System\mAuQkKu.exe
  2⤵
  PID:10096
- C:\Windows\System\yJjADbk.exe
  C:\Windows\System\yJjADbk.exe
  2⤵
  PID:10112
- C:\Windows\System\BsvgkIo.exe
  C:\Windows\System\BsvgkIo.exe
  2⤵
  PID:10128
- C:\Windows\System\VdDeANx.exe
  C:\Windows\System\VdDeANx.exe
  2⤵
  PID:10156
- C:\Windows\System\ztAHpRp.exe
  C:\Windows\System\ztAHpRp.exe
  2⤵
  PID:10172
- C:\Windows\System\kEGxFFh.exe
  C:\Windows\System\kEGxFFh.exe
  2⤵
  PID:10188
- C:\Windows\System\oJcMZDH.exe
  C:\Windows\System\oJcMZDH.exe
  2⤵
  PID:10204
- C:\Windows\System\zVjkRiW.exe
  C:\Windows\System\zVjkRiW.exe
  2⤵
  PID:10220
- C:\Windows\System\OkBAOpc.exe
  C:\Windows\System\OkBAOpc.exe
  2⤵
  PID:10236
- C:\Windows\System\jHLIknW.exe
  C:\Windows\System\jHLIknW.exe
  2⤵
  PID:8988
- C:\Windows\System\phShiYY.exe
  C:\Windows\System\phShiYY.exe
  2⤵
  PID:9208
- C:\Windows\System\DBgzmTu.exe
  C:\Windows\System\DBgzmTu.exe
  2⤵
  PID:1084
- C:\Windows\System\BJAzfeF.exe
  C:\Windows\System\BJAzfeF.exe
  2⤵
  PID:8480
- C:\Windows\System\Liyxtos.exe
  C:\Windows\System\Liyxtos.exe
  2⤵
  PID:9036
- C:\Windows\System\uzpHYQO.exe
  C:\Windows\System\uzpHYQO.exe
  2⤵
  PID:8764
- C:\Windows\System\jpHFPbN.exe
  C:\Windows\System\jpHFPbN.exe
  2⤵
  PID:1112
- C:\Windows\System\cZrGjwd.exe
  C:\Windows\System\cZrGjwd.exe
  2⤵
  PID:9156
- C:\Windows\System\CjtVCRq.exe
  C:\Windows\System\CjtVCRq.exe
  2⤵
  PID:9204
- C:\Windows\System\wYwwflN.exe
  C:\Windows\System\wYwwflN.exe
  2⤵
  PID:9232
- C:\Windows\System\wuEtjEX.exe
  C:\Windows\System\wuEtjEX.exe
  2⤵
  PID:9248
- C:\Windows\System\WrFhRhc.exe
  C:\Windows\System\WrFhRhc.exe
  2⤵
  PID:9268
- C:\Windows\System\DdbnvKr.exe
  C:\Windows\System\DdbnvKr.exe
  2⤵
  PID:9284
- C:\Windows\System\RrQVeKv.exe
  C:\Windows\System\RrQVeKv.exe
  2⤵
  PID:9300
- C:\Windows\System\jXfNtcU.exe
  C:\Windows\System\jXfNtcU.exe
  2⤵
  PID:9320
- C:\Windows\System\XsrGQxf.exe
  C:\Windows\System\XsrGQxf.exe
  2⤵
  PID:9340
- C:\Windows\System\qeSBgqN.exe
  C:\Windows\System\qeSBgqN.exe
  2⤵
  PID:9336
- C:\Windows\System\TUcXUNQ.exe
  C:\Windows\System\TUcXUNQ.exe
  2⤵
  PID:9392
- C:\Windows\System\TzVSoQQ.exe
  C:\Windows\System\TzVSoQQ.exe
  2⤵
  PID:9412
- C:\Windows\System\VahOUuI.exe
  C:\Windows\System\VahOUuI.exe
  2⤵
  PID:9416
- C:\Windows\System\Vshnqgm.exe
  C:\Windows\System\Vshnqgm.exe
  2⤵
  PID:9456
- C:\Windows\System\LiqzxuB.exe
  C:\Windows\System\LiqzxuB.exe
  2⤵
  PID:9492
- C:\Windows\System\LOLTpFb.exe
  C:\Windows\System\LOLTpFb.exe
  2⤵
  PID:9544
- C:\Windows\System\rZBPSNM.exe
  C:\Windows\System\rZBPSNM.exe
  2⤵
  PID:9576
- C:\Windows\System\NHpSVAg.exe
  C:\Windows\System\NHpSVAg.exe
  2⤵
  PID:9596
- C:\Windows\System\pNqfNJF.exe
  C:\Windows\System\pNqfNJF.exe
  2⤵
  PID:9644
- C:\Windows\System\GFdhkcc.exe
  C:\Windows\System\GFdhkcc.exe
  2⤵
  PID:9676
- C:\Windows\System\eWpfLky.exe
  C:\Windows\System\eWpfLky.exe
  2⤵
  PID:9716
- C:\Windows\System\qLxuMXR.exe
  C:\Windows\System\qLxuMXR.exe
  2⤵
  PID:9696
- C:\Windows\System\kWWiRKk.exe
  C:\Windows\System\kWWiRKk.exe
  2⤵
  PID:9736
- C:\Windows\System\YDdQalX.exe
  C:\Windows\System\YDdQalX.exe
  2⤵
  PID:9784
- C:\Windows\System\OpaFAHO.exe
  C:\Windows\System\OpaFAHO.exe
  2⤵
  PID:9868
- C:\Windows\System\lEooQOq.exe
  C:\Windows\System\lEooQOq.exe
  2⤵
  PID:9912
- C:\Windows\System\UlFPZLp.exe
  C:\Windows\System\UlFPZLp.exe
  2⤵
  PID:9816
- C:\Windows\System\fhATacF.exe
  C:\Windows\System\fhATacF.exe
  2⤵
  PID:9892
- C:\Windows\System\xhYzOYc.exe
  C:\Windows\System\xhYzOYc.exe
  2⤵
  PID:9992
- C:\Windows\System\Ukuigqa.exe
  C:\Windows\System\Ukuigqa.exe
  2⤵
  PID:9948
- C:\Windows\System\IrPkqcc.exe
  C:\Windows\System\IrPkqcc.exe
  2⤵
  PID:10044
- C:\Windows\System\pbeevKE.exe
  C:\Windows\System\pbeevKE.exe
  2⤵
  PID:10088
- C:\Windows\System\acepoWe.exe
  C:\Windows\System\acepoWe.exe
  2⤵
  PID:10164
- C:\Windows\System\fDqhwht.exe
  C:\Windows\System\fDqhwht.exe
  2⤵
  PID:10200
- C:\Windows\System\PEgalte.exe
  C:\Windows\System\PEgalte.exe
  2⤵
  PID:10180
- C:\Windows\System\kdLJfva.exe
  C:\Windows\System\kdLJfva.exe
  2⤵
  PID:10140
- C:\Windows\System\rgVdHYH.exe
  C:\Windows\System\rgVdHYH.exe
  2⤵
  PID:9068
- C:\Windows\System\Kjqlmnu.exe
  C:\Windows\System\Kjqlmnu.exe
  2⤵
  PID:10216
- C:\Windows\System\AKfeCLP.exe
  C:\Windows\System\AKfeCLP.exe
  2⤵
  PID:8444
- C:\Windows\System\MonHCOQ.exe
  C:\Windows\System\MonHCOQ.exe
  2⤵
  PID:8256
- C:\Windows\System\sgyoACa.exe
  C:\Windows\System\sgyoACa.exe
  2⤵
  PID:8776
- C:\Windows\System\CqcYfxS.exe
  C:\Windows\System\CqcYfxS.exe
  2⤵
  PID:9224
- C:\Windows\System\DXBHFoS.exe
  C:\Windows\System\DXBHFoS.exe
  2⤵
  PID:8600
- C:\Windows\System\miHTxpF.exe
  C:\Windows\System\miHTxpF.exe
  2⤵
  PID:9292
- C:\Windows\System\wtvdzfW.exe
  C:\Windows\System\wtvdzfW.exe
  2⤵
  PID:9280
- C:\Windows\System\ADOfxEQ.exe
  C:\Windows\System\ADOfxEQ.exe
  2⤵
  PID:9692
- C:\Windows\System\TgEazdK.exe
  C:\Windows\System\TgEazdK.exe
  2⤵
  PID:9664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AVHtxtr.exe

Filesize
6.0MB

MD5
8275807d90f6957c225aa2d8c93daa1f

SHA1
97be7fe179578f98b178bdf01f873fc76d7a3f2f

SHA256
d5b74a063adfe10ed98d5a7ed2616bdf26082750404fc8c042a213f6ed36e34f

SHA512
340185296e1da8e98b52d4fa8329eb9a6b48966b9e7f7b9bcd3d97ad859a1e731ba41ffcfda8b70cd684b93665ae7a36717438040938756c4bd785ddd2dd251d

Download Submit
C:\Windows\system\FIrsqYq.exe

Filesize
6.0MB

MD5
f809dbe5b5c5c30e673e3c49a47b93bd

SHA1
58c83c3542dee732a010b9d6a2d7b4e664a67246

SHA256
98d126bf4c0ca692728ba69dccfd0c19a90e23bd731c99f82a1a6e6fe82669d2

SHA512
4626afad5ea27571044e8900b67c44ba346161ce3da0452d91445024cb5e7b8e95f02da651307ac41b0938622f380ef5c494d0157491ffd1dd33fa7ffe11d1fb

Download Submit
C:\Windows\system\InjmdOU.exe

Filesize
6.0MB

MD5
c2a9bf9a7de9c29e62dcb62490d54dd8

SHA1
b800e0ea9f05449a888730f2424c8fc0d5a14690

SHA256
37de19c70b56371ea550641b01fa8d4bf7584d9c3548b9d73b742b9b63d834c9

SHA512
af43606805d86bd5a855a18f1cd971fabcf9a38caf9d4210b4a73c461ce27d7c0f0b3cafedaba4afbcfadd5ce4dfda5945d907589477c698615e00b4ad9de23c

Download Submit
C:\Windows\system\JtlxpuU.exe

Filesize
6.0MB

MD5
bd873a1b32715542fbb30380acd6e41b

SHA1
4e0d84e58823b8df1b8e17dfc05806130c430a1f

SHA256
8d8ac249edfd56035532af82c4282a843f2fd82fdc7ad87cf7eaa7707149c31b

SHA512
a3d1ab5d7bf513a385e392e4c013cffef8595e184896d728632c3262731ff75a6346696dbfbd1ab71355eb8022005d8bca8ceea2c335bc289d01a634090a5f93

Download Submit
C:\Windows\system\LbMGvxb.exe

Filesize
6.0MB

MD5
ec5c5c7878f8b0e74bb029a95aa2b4ad

SHA1
7748e8ac870a1351ec40f598f3c7d2c7f2f8e551

SHA256
6e307f239fadd845ba02b2e48127dfc1e7914bc6f6b6211db913b4a282e8ea2a

SHA512
e85863fa450a0dc9bec2cce6b4473a152167e85ea29e04302f49d1b0c6e5bac5b711a1fd24fd377d2128d2ef2e52cd5ff8bdb091448ffa85d938c71262186209

Download Submit
C:\Windows\system\NxUywLj.exe

Filesize
6.0MB

MD5
46a40f43d2b94a5ca87f764cc0de61d3

SHA1
18cc1deacea55cd0875d553bc93112530fc73452

SHA256
4948430b06ae905f113ec2d94a3df6e1ab8d3088e55b19e315c897fee9f77e39

SHA512
1f9dae413521e8baa603088cb876267cdd7e97935c9d28f6062733e722d7ea380b4bc59ed2cdb751aa3fe9025239a6dc00c422a7cac8c9e9dd31be746f1bc1ce

Download Submit
C:\Windows\system\TGnDmrn.exe

Filesize
6.0MB

MD5
7b41a06112ede0997f0d2e4cdd02ec45

SHA1
c31eebd699f35b108ab7da49eed95b9724d37a42

SHA256
dd74bd3b7f68587339d8abba1c799f236d31b43f86a5f8a8e048a4faffeab4ba

SHA512
b44510b70c4c36c28cf1850c7da56667007a9c1a072ec0ffc4f8dd7bc2da6523b899fa63498245b3fe6c4d37f7188f73e9e71f40cf874e04a143b94199cd0f46

Download Submit
C:\Windows\system\TsURCVI.exe

Filesize
6.0MB

MD5
8ff222fa4d7bb61e9171e180a2c41f87

SHA1
00fd13e049736744ef47951f3cc322b0e93ead84

SHA256
cc8a1fdc6c480779f07bbb573d0f685db7237ef1710321323491750064fc8665

SHA512
fd759a1545adf6d1d57ddea22fdaa90072dc811939384900db5118ebcd3664c5f77e78c7484c6f4f8ad2f67aae83b8458b3deade091018941e5cdb4d780638ab

Download Submit
C:\Windows\system\XQZsjIm.exe

Filesize
6.0MB

MD5
54761fc492b33de61d4955e5020e48eb

SHA1
2e8997ea2e6b1b5fae6c57f8d6a9934ce25de694

SHA256
5f44d52ece2e28221e2866b980e6da4d763d823417023b3f1d615e5753b68bbe

SHA512
2b64445e7367ba3f4f0ad2182950d1453c30795e4ff92144dc82b19ed2df015c753d6ee627149412a712db6697e4717c264cfdf3159ed5b7cb6a556405c063af

Download Submit
C:\Windows\system\ZnipoVb.exe

Filesize
6.0MB

MD5
34aebb4b13ac1423c755e86b52536f48

SHA1
4aa299f5a07fdfa7f87150691c526cc1ac438b9d

SHA256
6b830215e95424a0e3f1867fa16c6e5041afb777ef907eed68ccd31eff35536d

SHA512
5b4c089875bbc4425c3256caad799e9910334a3157506cba264d4052dd79bf27cace0dbfc28f95a4558351aecf1aafc1a0899f985a37750d9a6a7726929de10e

Download Submit
C:\Windows\system\bsdrRVJ.exe

Filesize
6.0MB

MD5
494d9429bf6c3dfd06a1ee62dc078c1f

SHA1
783aa0de67ce20bed853bf4e156c3d043283bb32

SHA256
78207ab3b677e36e2b8d946d8771c68c48dd19456b742d2621fc9645d8383c94

SHA512
9add93cab2d6e2433c969739d4c1a16ba8c71a2c3e18f4ff136c0f6030581385700dd3868af7b30a3f59b4afeaa49bde10f29798442b5ed29b31dc14edacee17

Download Submit
C:\Windows\system\cSvtSUK.exe

Filesize
6.0MB

MD5
0986ea28e7b23d56c8ea35d28b088f10

SHA1
64b8dcb42238018de6920e2f5e43b160527d62ef

SHA256
fbd28b597bc49bca74372b1469cc75d2e3feb4d3ad091dd63bc46358a54f54e9

SHA512
39af7e120ba298fa4e0ce81a0df0290ff3786e3abf57ed7cac260e3e76d5796c5ab31a9bf27bf63f6d717bcb4e16c207cc1dd6f0a45034f035a3c83a565de79e

Download Submit
C:\Windows\system\cnwHQWu.exe

Filesize
6.0MB

MD5
312f9b4566439f8656b65b6e196db16b

SHA1
4246adb44fe7237d93ac60153a2cb31da49588c8

SHA256
7497e8645af5d31a557516fdda063870163dc1864f29972efc1b5bb70ac8cfc8

SHA512
894cb829f8c6a9ce60ad883c402e4cdfcddf1f35eeeed25ae38d50ff8a094dcc7077b4c7b9073339df52398cbcff9f504867b3f03e6c0d571a0bef854b93f0ab

Download Submit
C:\Windows\system\eVdMCKu.exe

Filesize
6.0MB

MD5
7870f6de0133b2ff908468a7fb2b7e84

SHA1
0f89d8e976899609d5dfd911fbe613e3bf311bf5

SHA256
0f602fc4ec2db26c4d32e7bf0bcb255b57c10454dae62223030a7fab324674eb

SHA512
9c48b68a7660fc0d74091687faa40dfacb05a3662bac80f121af70061f48a58281cf96707f89e6824de7ca4077c49c471b9ba6579bbd4bf69256354126d6ad5d

Download Submit
C:\Windows\system\eweAZpC.exe

Filesize
6.0MB

MD5
22fd8f151a56dffdd82fd7b083da4f3c

SHA1
42e6856498671ca92a00dba2c519f4c40961e603

SHA256
ae6655803c59499d352ef65725935e7f4b42e72377eee70ed4699ddca465d82a

SHA512
312c16f9ec8df4752e40c56c43010aa93314cf6d3d9bbd8c8d1ea8c7d1e3aa952ce8243306de3e0d32bdcb511aa389920d502e7422705233822bec9f33490c25

Download Submit
C:\Windows\system\hiBsAxx.exe

Filesize
6.0MB

MD5
92df20f83d85ddc22911a97aa1ede66f

SHA1
cee48dbd272f09000c54680f7338a3834d5fda40

SHA256
1e2b6d521f1ee8b4a66e871cc9b7fbd9bbd8caa368fd5c605b12a4ad6675ed04

SHA512
d9374d28fadc688591d73459efb52c83562ff3db87d03acd5b97d036274761da99536d8b85fc2804f44005a8183ec4c6e9911fddc24416d97bc0ef9c16240935

Download Submit
C:\Windows\system\jAEFUJJ.exe

Filesize
6.0MB

MD5
8c8c5b5b2e47ddac0834726ddf4e376d

SHA1
cc9886871e0d944660474c3a49d866e7557909f0

SHA256
a2f350bb34fd3fcad4908f27e7894441edbcbd1997f4a5f5d33720839e0aba58

SHA512
83461cbf226aafd0c6f9e167e0860a1442a23cfbe2fc3adb11b1f6362986e9cc71666d84c6c49da3841c748d41bfda75d64606e1795d324dca47eec561c1e1b6

Download Submit
C:\Windows\system\jZQazFC.exe

Filesize
6.0MB

MD5
94b15a63dc6d5b9bacdd936bd19b1ce3

SHA1
5b1c92702e58f8f83094eeb9e17c29557f891066

SHA256
ee440c47f44a050439164aa79e5fd399fa96370afaf6fb00236fdd58dacb11a2

SHA512
f750bc8f4192384828dadf1342c21c16a826b80faecac36036ebd57f4819a8f5ae69f90f618d3c8196780cda6a9c03795e1f2d38299fdccb06669d206604bd5e

Download Submit
C:\Windows\system\kMgDPKE.exe

Filesize
6.0MB

MD5
87a604e21427712e685c0fa4d9dfed2d

SHA1
cde535974088a6ec315350afcbb664d1f8fbd217

SHA256
bd03aa71f5956bf60fc6a0e1ab1e02a66aaaf6d5f3b4f68bcac2098c685f81a6

SHA512
4d6f310ca80475877683f3eb67762aa583623d22d90dce52db34838989b2792fe9ba9320c3ca1d2817e49c6b14c1426a5bfcb076fb7ea67fb084251f5a6c045d

Download Submit
C:\Windows\system\lHkneHK.exe

Filesize
6.0MB

MD5
f13d878980b155f574db6474a23114cf

SHA1
3b01700f906be61056b552fe7eccbc08472e5a92

SHA256
fd97e96500e87834d648b207ee159800c7b2aff7d2f6078e1989593421a2d5de

SHA512
f72a58a2c43c7764dbbd0760b8114e2116c89673551560fcc7b7fbeca97fac7cee56bd04dfcfd34f5ddd65833b23599f85cd87716ff0c5ae5020380e54246234

Download Submit
C:\Windows\system\ndIXoNC.exe

Filesize
6.0MB

MD5
3e6c2d6c612bc0fdde5ba1b3c6903c93

SHA1
0d1214ddaf450a169c5d958c7db7729c3558ea08

SHA256
e7af39f669509f6397047741dac901567a7aa5bce36b91ab62d7a012f44993ed

SHA512
137afdfb58d25b35c29cb824cd3c05456a49c6f1b281165e5dbe2075067a857f916c876842c21e689f0e8474009e60b57575a43b5ea617497ae2492f9ddbafd6

Download Submit
C:\Windows\system\owgYPso.exe

Filesize
6.0MB

MD5
63973f32048fb2df08ed36c39f10b53f

SHA1
02f60fd20a1b95c0dde812598071dfc748a1aa13

SHA256
592a1addac30898bf3b0d709f4f11b395d1488add3a6b1d2a6313ab86b5a2ee5

SHA512
0eeed5a8281664eaa2fee354bd317b3946c707e939abc0a2a67af0391a253e2d0a0dc0556d56264edf49810ac1c0b8d47c086b831955fffb46a54e8bc2fd14e3

Download Submit
C:\Windows\system\rWZZeOG.exe

Filesize
6.0MB

MD5
2a09db71d68485a8358bb568918edaa1

SHA1
e7f158e16415cf0772e00616b3ac77aef9c311eb

SHA256
17497fb47b9e091c68f0e0f7eab805784aacdfca3795ce2c494d588cee339bc2

SHA512
573aaabe29c30371d274d89b76ff72f446542899282afa740f7b0431a816b5d3779ac2c97cfeeeef26097e33d68b33b1e15d8ae009daf2d6d4a26c2234b04434

Download Submit
C:\Windows\system\rWgutXp.exe

Filesize
6.0MB

MD5
cd638dc1fbba898dcf654bfc9ba96a2c

SHA1
e6980dd04cdc657adecba6dea50581367c7c6184

SHA256
fbf3930c0c901d54ddf07c2c56fc04405434cc41f30ed37b07098eae3f98aafd

SHA512
4e88f84aab53186911ccfaa0a5d35197de005d21d8f83cfd4b48779095bb0fa15b2fa8e7dfb78b7bf4806fe9b8e2d5706d0bbf4859160db1c18920c1f10f3687

Download Submit
C:\Windows\system\temvdrV.exe

Filesize
6.0MB

MD5
0f4fa79a34146f5bbdd283f5f3692669

SHA1
0179216a4ef6821547ea9f5eed68fa8b75fe48b1

SHA256
44bd884208bdac2fd712ef217d57275708f370b1a9f9811b1f13ed0abb55989b

SHA512
9c3232deb9e0561fe58b0e1e3e85a64bfaee618d150388f3c48f07cdec58d8e11fadfafa91a59e3e4b2b07c3a2758dc5743117f738750dc86d762f6246cde0a7

Download Submit
C:\Windows\system\vNzKvGw.exe

Filesize
6.0MB

MD5
24c96bf4a6071df75398c16c922eddd9

SHA1
6c1e83124c9bc953843258af9138eb8002e1f990

SHA256
e007eb15aa9d204fca79ef8cb3bfbda0cd426bc139ea02b35cafdfe8e7632716

SHA512
97dd7699b85e00b1febe59e91e8202c623678237ee5a1208c6dddf53ca5f97a2dca4cca2d9733c6c8cd7b5ba9970d3c8c6ca53c6cccaefcb6798340476c4664f

Download Submit
C:\Windows\system\ycwhgfN.exe

Filesize
6.0MB

MD5
9e265b90f91faca7e4a33dbc65b6c531

SHA1
b79c3eb26263a6507517a837876ded953c47f167

SHA256
4908280f353102b8b6d6b4659e98e479a7a9a0775748d010a095bc7ba588806d

SHA512
52bb9e34b29d7d221568eed309be0c1d731c6f415238a1fdd9155beef6dc7a723d73bfe1481a9dea6e339172b7c036e3e380146c8638ccc9ce738db79f5c04d8

Download Submit
C:\Windows\system\zkEvMOy.exe

Filesize
6.0MB

MD5
e0bd183d1059ef4abc148659566a3f2f

SHA1
64305cd4222875267750fb2bb2a34acf8d635e71

SHA256
5279821986a576b8a75dfd70bf9b9e13f8c52cfc73ae159e6014450203021380

SHA512
d87dc432c5ed6e869d181486c039fbada17c4ec0fecc137f224b4d87f9be4f96a8cfe987811055034cc2d0ba596c31ee04d08f0b5dfa81d25820b8d35304a5a5

Download Submit
\Windows\system\BdnQHdA.exe

Filesize
6.0MB

MD5
1b7797fbf5707535aa8b8af3a85ea460

SHA1
f7b67705db68d57091c8200cc3995e955bdf4c31

SHA256
cc2057b855d7feb5226f5cdc2c15704b87910e0e38edd5c7c826ec882f7d04e8

SHA512
07d6fd8f2781a232aad7a0811a388dca1bd32097de4277535a37b2da79bd3345036252410823f0ebd4beef6ed0b673bc271b567fff7d8c57dfe538b8aba71632

Download Submit
\Windows\system\FiZaupz.exe

Filesize
6.0MB

MD5
0684a4c9fd650a868bfcab3149463ec0

SHA1
db0cfd91eb0914065585d225fd0a6b12f3e1f4d2

SHA256
92954d8147210ebae960bfc4d2413468b95ec46c9e6aa6b0a8e512cef344557b

SHA512
aa267a2cd12a717699043d2d5b94ac3fa4c80bcfe68c69f804130fdcc7b469546bd65de8b374b856ecda6495b0ad2be8e4907cdc2a0b119e9c4957845089fe59

Download Submit
\Windows\system\ZaphdnG.exe

Filesize
6.0MB

MD5
07e00fdc41592103cedd905fc6dc2d67

SHA1
16f2ed15c5f0c8d374ae8a112b67f94c6593d970

SHA256
df42ec32c662d0a38b754563a5bc37e7961c2a001b69b7f42f6f222d33e2adbc

SHA512
4014bb8f29f1bcbec96003941ff5cf61f3b00718aafe149f2daf12a99aec8220a106f5165fa441ba101265c5f34b35cd6eee443218e6794f6eadbfceb7fd9698

Download Submit
\Windows\system\mTnvwbA.exe

Filesize
6.0MB

MD5
fe832bf58781aa4a860f6ddfcbf12146

SHA1
2b08e72cdca0a97b6c204c9dff9c019f1d0d7b47

SHA256
a3670cb6d814e9b3236656f51d10b0c9c6723c002cda667f64f0a0aab1173d94

SHA512
76fb0e924e30064e390d51eeeb0b5c687ba4433034553646e3ab535d92ae9387ba51b871d115a3063df52246ca60bcb2c080988fe32936bc5cd69057b1dcb42a

Download Submit
memory/392-1936-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/392-905-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/392-1523-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/392-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/392-1463-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/392-805-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/392-1393-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/392-1862-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/392-1328-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/392-831-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/392-1255-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/392-0-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/392-1893-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/392-1580-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/392-1189-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/392-1038-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/392-1788-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2196-1959-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2456-1689-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2456-1326-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2468-901-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2468-1669-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2552-1720-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2596-1702-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-1686-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-1392-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-1692-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2724-1659-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2736-1688-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2736-1462-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1691-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1577-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2788-1986-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-1687-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-1522-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-1035-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-1666-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-1685-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-1254-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-1674-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-1188-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download