cobaltstrike | 71ada800b8392131c9f6d1f4ea56196835f8c16c882f99d79179bebdff17a9be

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10-12-2024 03:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

5f72f0be6e60c3d203aaa8ef9aad6681
SHA1

404e2c7a6a021e3df530c365b52169feaec79a6b
SHA256

71ada800b8392131c9f6d1f4ea56196835f8c16c882f99d79179bebdff17a9be
SHA512

8d4dc15d83c27bb107d43f27f929496abd745e5266a68f9be5b88a0dc805b83501fae5ec572c7311ad76a68284407fa18397d9928ca3125a12daa3da3538c556
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUF:T+q56utgpPF8u/7F

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d000000014348-6.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000019080-8.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f0-51.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf2-163.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018741-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019931-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019665-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e0-150.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ce-149.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ca-148.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-147.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c4-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958b-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948d-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d0-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195cc-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c8-104.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-103.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c2-86.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-77.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-66.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e6-55.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000191d1-54.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d1-43.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c0b-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf0-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bec-156.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a0-139.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019219-41.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000191ad-30.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000191cf-26.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001919c-25.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 59 IoCs

miner

resource	yara_rule
behavioral1/memory/2032-0-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/files/0x000d000000014348-6.dat	xmrig
behavioral1/files/0x0009000000019080-8.dat	xmrig
behavioral1/files/0x00050000000193f0-51.dat	xmrig
behavioral1/memory/2032-484-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2780-485-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2728-486-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/files/0x0005000000019bf2-163.dat	xmrig
behavioral1/files/0x0008000000018741-157.dat	xmrig
behavioral1/files/0x0005000000019931-152.dat	xmrig
behavioral1/files/0x0005000000019665-151.dat	xmrig
behavioral1/files/0x00050000000195e0-150.dat	xmrig
behavioral1/files/0x00050000000195ce-149.dat	xmrig
behavioral1/files/0x00050000000195ca-148.dat	xmrig
behavioral1/files/0x00050000000195c7-147.dat	xmrig
behavioral1/files/0x00050000000195c4-146.dat	xmrig
behavioral1/files/0x000500000001958b-145.dat	xmrig
behavioral1/files/0x000500000001948d-144.dat	xmrig
behavioral1/files/0x0005000000019624-134.dat	xmrig
behavioral1/files/0x00050000000195d0-125.dat	xmrig
behavioral1/memory/2676-124-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2648-116-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2832-114-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195cc-113.dat	xmrig
behavioral1/files/0x00050000000195c8-104.dat	xmrig
behavioral1/files/0x00050000000195c6-103.dat	xmrig
behavioral1/files/0x00050000000195c2-86.dat	xmrig
behavioral1/files/0x00050000000194e2-77.dat	xmrig
behavioral1/memory/2732-76-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/files/0x000500000001945c-66.dat	xmrig
behavioral1/memory/2916-56-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x00050000000193e6-55.dat	xmrig
behavioral1/files/0x00060000000191d1-54.dat	xmrig
behavioral1/files/0x00050000000193d1-43.dat	xmrig
behavioral1/files/0x0005000000019c0b-170.dat	xmrig
behavioral1/files/0x0005000000019bf0-168.dat	xmrig
behavioral1/files/0x0005000000019bec-156.dat	xmrig
behavioral1/files/0x00050000000196a0-139.dat	xmrig
behavioral1/memory/2032-120-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2728-70-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2816-60-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2032-36-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2340-49-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/files/0x0008000000019219-41.dat	xmrig
behavioral1/memory/3036-34-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2780-31-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/files/0x00060000000191ad-30.dat	xmrig
behavioral1/files/0x00060000000191cf-26.dat	xmrig
behavioral1/files/0x000800000001919c-25.dat	xmrig
behavioral1/memory/2536-20-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2816-3439-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2780-3443-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/3036-3442-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2732-3447-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2832-3446-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2916-3449-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2728-3450-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2648-3755-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2676-3754-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3036	xoWipWh.exe
2536	UUocFuj.exe
2340	cEbOGDs.exe
2780	pFZbjJt.exe
2916	yReamQg.exe
2816	IENmlFU.exe
2728	ILXVgpo.exe
2732	OlhRMfi.exe
2832	SJjeWkN.exe
2648	OTUrtil.exe
2676	EftpnJA.exe
2756	siSeolX.exe
2380	BUIYNsO.exe
1484	xngXKvH.exe
1808	CVoWePB.exe
2784	jPwZWSf.exe
2424	boqTYJS.exe
2984	RAwPKZm.exe
2892	zWqefWw.exe
2628	NOzOenb.exe
2604	JmYeCXQ.exe
2908	WVAivoM.exe
580	AtgLBZu.exe
2948	hxSqAzU.exe
2588	KAijEwy.exe
2160	ixEvMXm.exe
1876	cMSMJgL.exe
680	MLtUdqb.exe
2364	LPqqmlj.exe
1064	uAuYaty.exe
1224	HzAXbdK.exe
344	AYDxnYg.exe
1688	MLmgYId.exe
108	NQUFoVj.exe
2004	lbGfQWx.exe
1328	jCcMIuI.exe
3068	ySnaoIj.exe
1540	VadxJUH.exe
1196	pKCkCDQ.exe
1696	XAxcGUr.exe
1008	xQFEqnK.exe
1120	RKhPbHI.exe
1724	kTshuFd.exe
1912	GXRkvIK.exe
788	YBuUeQr.exe
1780	inBcSom.exe
2368	QWhzuMo.exe
2516	wIqkaVU.exe
1396	tlAGWZk.exe
2092	EqGbDgE.exe
1500	LyWjbth.exe
2544	dLSEUih.exe
1644	jkwSXBo.exe
2524	KnxFaNm.exe
1044	tbnkFjy.exe
1684	JEcSxRS.exe
2088	KXwqDyj.exe
2372	dmmBNQy.exe
1756	wJXXGJQ.exe
1564	nFGOODJ.exe
720	aiuxWjA.exe
328	bTEdGZF.exe
2108	dAfoGKH.exe
2452	RwnZPGc.exe

Loads dropped DLL 64 IoCs

pid	Process
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 57 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2032-0-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x000d000000014348-6.dat	upx
behavioral1/files/0x0009000000019080-8.dat	upx
behavioral1/files/0x00050000000193f0-51.dat	upx
behavioral1/memory/2032-484-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2780-485-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2728-486-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/files/0x0005000000019bf2-163.dat	upx
behavioral1/files/0x0008000000018741-157.dat	upx
behavioral1/files/0x0005000000019931-152.dat	upx
behavioral1/files/0x0005000000019665-151.dat	upx
behavioral1/files/0x00050000000195e0-150.dat	upx
behavioral1/files/0x00050000000195ce-149.dat	upx
behavioral1/files/0x00050000000195ca-148.dat	upx
behavioral1/files/0x00050000000195c7-147.dat	upx
behavioral1/files/0x00050000000195c4-146.dat	upx
behavioral1/files/0x000500000001958b-145.dat	upx
behavioral1/files/0x000500000001948d-144.dat	upx
behavioral1/files/0x0005000000019624-134.dat	upx
behavioral1/files/0x00050000000195d0-125.dat	upx
behavioral1/memory/2676-124-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2648-116-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2832-114-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/files/0x00050000000195cc-113.dat	upx
behavioral1/files/0x00050000000195c8-104.dat	upx
behavioral1/files/0x00050000000195c6-103.dat	upx
behavioral1/files/0x00050000000195c2-86.dat	upx
behavioral1/files/0x00050000000194e2-77.dat	upx
behavioral1/memory/2732-76-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/files/0x000500000001945c-66.dat	upx
behavioral1/memory/2916-56-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x00050000000193e6-55.dat	upx
behavioral1/files/0x00060000000191d1-54.dat	upx
behavioral1/files/0x00050000000193d1-43.dat	upx
behavioral1/files/0x0005000000019c0b-170.dat	upx
behavioral1/files/0x0005000000019bf0-168.dat	upx
behavioral1/files/0x0005000000019bec-156.dat	upx
behavioral1/files/0x00050000000196a0-139.dat	upx
behavioral1/memory/2728-70-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2816-60-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2340-49-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/files/0x0008000000019219-41.dat	upx
behavioral1/memory/3036-34-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2780-31-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/files/0x00060000000191ad-30.dat	upx
behavioral1/files/0x00060000000191cf-26.dat	upx
behavioral1/files/0x000800000001919c-25.dat	upx
behavioral1/memory/2536-20-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2816-3439-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2780-3443-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/3036-3442-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2732-3447-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2832-3446-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2916-3449-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2728-3450-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2648-3755-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2676-3754-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\XYuhrzN.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ltvVwCr.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ivIKEmz.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OvNFEZo.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NwLPvSa.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HKBAMiP.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bQmzkqb.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eAJPCWy.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YLYnEKR.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NGpayzn.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lDiEkoI.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XbTgpAc.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KecJmMi.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fkraXaN.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lbGfQWx.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hzcRIsL.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QXsSKsg.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hYZxXsc.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NtYFvTS.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EqGbDgE.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RdITUPD.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uWeKAGY.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OTUrtil.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pIqIvyW.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NZqQKQD.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WDWBXgU.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NdOZCvh.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QZYfdvJ.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AkPHfFR.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DagiwcL.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HrdqiSl.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WBvwsqa.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\azrXQCr.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fLDPpsJ.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BVysXLo.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NRdaQhE.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IcGdYWY.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wimBRnF.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XAmsoFw.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XCPXBLO.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\etKnEcK.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gGwipcF.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zRkzUNt.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TfCqDwF.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XPeYetH.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RkQlGVt.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DezNpWd.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DmaXCJq.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zFftpfE.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fQdwXDv.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wdFksKY.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Xyemios.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zuzyoCz.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GhAgjPk.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rRIWlrH.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vdEnreE.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CtpJFPC.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MteNtEi.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gsJVHOQ.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xvlUiMO.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WyIAAOe.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGtBakt.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EaOzuVT.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZzzwPWD.exe	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 3036	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2032 wrote to memory of 3036	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2032 wrote to memory of 3036	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2032 wrote to memory of 2536	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2032 wrote to memory of 2536	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2032 wrote to memory of 2536	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2032 wrote to memory of 2340	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2032 wrote to memory of 2340	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2032 wrote to memory of 2340	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2032 wrote to memory of 2916	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2032 wrote to memory of 2916	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2032 wrote to memory of 2916	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2032 wrote to memory of 2780	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2032 wrote to memory of 2780	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2032 wrote to memory of 2780	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2032 wrote to memory of 2728	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2032 wrote to memory of 2728	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2032 wrote to memory of 2728	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2032 wrote to memory of 2816	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2032 wrote to memory of 2816	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2032 wrote to memory of 2816	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2032 wrote to memory of 2756	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2032 wrote to memory of 2756	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2032 wrote to memory of 2756	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2032 wrote to memory of 2732	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2032 wrote to memory of 2732	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2032 wrote to memory of 2732	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2032 wrote to memory of 2892	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2032 wrote to memory of 2892	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2032 wrote to memory of 2892	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2032 wrote to memory of 2832	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2032 wrote to memory of 2832	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2032 wrote to memory of 2832	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2032 wrote to memory of 2628	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2032 wrote to memory of 2628	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2032 wrote to memory of 2628	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2032 wrote to memory of 2648	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2032 wrote to memory of 2648	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2032 wrote to memory of 2648	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2032 wrote to memory of 2604	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2032 wrote to memory of 2604	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2032 wrote to memory of 2604	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2032 wrote to memory of 2676	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2032 wrote to memory of 2676	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2032 wrote to memory of 2676	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2032 wrote to memory of 2908	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2032 wrote to memory of 2908	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2032 wrote to memory of 2908	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2032 wrote to memory of 2380	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2032 wrote to memory of 2380	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2032 wrote to memory of 2380	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2032 wrote to memory of 580	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2032 wrote to memory of 580	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2032 wrote to memory of 580	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2032 wrote to memory of 1484	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2032 wrote to memory of 1484	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2032 wrote to memory of 1484	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2032 wrote to memory of 2948	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2032 wrote to memory of 2948	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2032 wrote to memory of 2948	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2032 wrote to memory of 1808	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2032 wrote to memory of 1808	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2032 wrote to memory of 1808	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2032 wrote to memory of 2588	2032	2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-10_5f72f0be6e60c3d203aaa8ef9aad6681_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Windows\System\xoWipWh.exe
  C:\Windows\System\xoWipWh.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\UUocFuj.exe
  C:\Windows\System\UUocFuj.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\cEbOGDs.exe
  C:\Windows\System\cEbOGDs.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\yReamQg.exe
  C:\Windows\System\yReamQg.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\pFZbjJt.exe
  C:\Windows\System\pFZbjJt.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\ILXVgpo.exe
  C:\Windows\System\ILXVgpo.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\IENmlFU.exe
  C:\Windows\System\IENmlFU.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\siSeolX.exe
  C:\Windows\System\siSeolX.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\OlhRMfi.exe
  C:\Windows\System\OlhRMfi.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\zWqefWw.exe
  C:\Windows\System\zWqefWw.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\SJjeWkN.exe
  C:\Windows\System\SJjeWkN.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\NOzOenb.exe
  C:\Windows\System\NOzOenb.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\OTUrtil.exe
  C:\Windows\System\OTUrtil.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\JmYeCXQ.exe
  C:\Windows\System\JmYeCXQ.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\EftpnJA.exe
  C:\Windows\System\EftpnJA.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\WVAivoM.exe
  C:\Windows\System\WVAivoM.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\BUIYNsO.exe
  C:\Windows\System\BUIYNsO.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\AtgLBZu.exe
  C:\Windows\System\AtgLBZu.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\xngXKvH.exe
  C:\Windows\System\xngXKvH.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\hxSqAzU.exe
  C:\Windows\System\hxSqAzU.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\CVoWePB.exe
  C:\Windows\System\CVoWePB.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\KAijEwy.exe
  C:\Windows\System\KAijEwy.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\jPwZWSf.exe
  C:\Windows\System\jPwZWSf.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\ixEvMXm.exe
  C:\Windows\System\ixEvMXm.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\boqTYJS.exe
  C:\Windows\System\boqTYJS.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\cMSMJgL.exe
  C:\Windows\System\cMSMJgL.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\RAwPKZm.exe
  C:\Windows\System\RAwPKZm.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\MLtUdqb.exe
  C:\Windows\System\MLtUdqb.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\LPqqmlj.exe
  C:\Windows\System\LPqqmlj.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\NQUFoVj.exe
  C:\Windows\System\NQUFoVj.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\uAuYaty.exe
  C:\Windows\System\uAuYaty.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\lbGfQWx.exe
  C:\Windows\System\lbGfQWx.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\HzAXbdK.exe
  C:\Windows\System\HzAXbdK.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\jCcMIuI.exe
  C:\Windows\System\jCcMIuI.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\AYDxnYg.exe
  C:\Windows\System\AYDxnYg.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\ySnaoIj.exe
  C:\Windows\System\ySnaoIj.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\MLmgYId.exe
  C:\Windows\System\MLmgYId.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\VadxJUH.exe
  C:\Windows\System\VadxJUH.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\pKCkCDQ.exe
  C:\Windows\System\pKCkCDQ.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\XAxcGUr.exe
  C:\Windows\System\XAxcGUr.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\xQFEqnK.exe
  C:\Windows\System\xQFEqnK.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\GXRkvIK.exe
  C:\Windows\System\GXRkvIK.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\RKhPbHI.exe
  C:\Windows\System\RKhPbHI.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\YBuUeQr.exe
  C:\Windows\System\YBuUeQr.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\kTshuFd.exe
  C:\Windows\System\kTshuFd.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\inBcSom.exe
  C:\Windows\System\inBcSom.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\QWhzuMo.exe
  C:\Windows\System\QWhzuMo.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\wIqkaVU.exe
  C:\Windows\System\wIqkaVU.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\tlAGWZk.exe
  C:\Windows\System\tlAGWZk.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\EqGbDgE.exe
  C:\Windows\System\EqGbDgE.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\LyWjbth.exe
  C:\Windows\System\LyWjbth.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\dLSEUih.exe
  C:\Windows\System\dLSEUih.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\jkwSXBo.exe
  C:\Windows\System\jkwSXBo.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\KnxFaNm.exe
  C:\Windows\System\KnxFaNm.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\tbnkFjy.exe
  C:\Windows\System\tbnkFjy.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\JEcSxRS.exe
  C:\Windows\System\JEcSxRS.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\KXwqDyj.exe
  C:\Windows\System\KXwqDyj.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\dmmBNQy.exe
  C:\Windows\System\dmmBNQy.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\wJXXGJQ.exe
  C:\Windows\System\wJXXGJQ.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\nFGOODJ.exe
  C:\Windows\System\nFGOODJ.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\aiuxWjA.exe
  C:\Windows\System\aiuxWjA.exe
  2⤵
  - Executes dropped EXE
  PID:720
- C:\Windows\System\bTEdGZF.exe
  C:\Windows\System\bTEdGZF.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\dAfoGKH.exe
  C:\Windows\System\dAfoGKH.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\RwnZPGc.exe
  C:\Windows\System\RwnZPGc.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\raKXqdf.exe
  C:\Windows\System\raKXqdf.exe
  2⤵
  PID:2556
- C:\Windows\System\kLEuBix.exe
  C:\Windows\System\kLEuBix.exe
  2⤵
  PID:2804
- C:\Windows\System\HNWVnJw.exe
  C:\Windows\System\HNWVnJw.exe
  2⤵
  PID:2900
- C:\Windows\System\khsUAZl.exe
  C:\Windows\System\khsUAZl.exe
  2⤵
  PID:2904
- C:\Windows\System\UdSJDff.exe
  C:\Windows\System\UdSJDff.exe
  2⤵
  PID:688
- C:\Windows\System\FzeBxlV.exe
  C:\Windows\System\FzeBxlV.exe
  2⤵
  PID:1576
- C:\Windows\System\WyIAAOe.exe
  C:\Windows\System\WyIAAOe.exe
  2⤵
  PID:2128
- C:\Windows\System\OMSeFog.exe
  C:\Windows\System\OMSeFog.exe
  2⤵
  PID:1028
- C:\Windows\System\gnhwnaB.exe
  C:\Windows\System\gnhwnaB.exe
  2⤵
  PID:2584
- C:\Windows\System\BCARvoc.exe
  C:\Windows\System\BCARvoc.exe
  2⤵
  PID:2724
- C:\Windows\System\tvliFEz.exe
  C:\Windows\System\tvliFEz.exe
  2⤵
  PID:1400
- C:\Windows\System\VqnpUVS.exe
  C:\Windows\System\VqnpUVS.exe
  2⤵
  PID:2620
- C:\Windows\System\wdfYeIh.exe
  C:\Windows\System\wdfYeIh.exe
  2⤵
  PID:2464
- C:\Windows\System\FMizJbU.exe
  C:\Windows\System\FMizJbU.exe
  2⤵
  PID:2688
- C:\Windows\System\sPKzGKN.exe
  C:\Windows\System\sPKzGKN.exe
  2⤵
  PID:340
- C:\Windows\System\FdZsBDN.exe
  C:\Windows\System\FdZsBDN.exe
  2⤵
  PID:2312
- C:\Windows\System\GnExAVY.exe
  C:\Windows\System\GnExAVY.exe
  2⤵
  PID:672
- C:\Windows\System\UXhMRqN.exe
  C:\Windows\System\UXhMRqN.exe
  2⤵
  PID:1904
- C:\Windows\System\tstvEga.exe
  C:\Windows\System\tstvEga.exe
  2⤵
  PID:1956
- C:\Windows\System\xTujbFo.exe
  C:\Windows\System\xTujbFo.exe
  2⤵
  PID:2568
- C:\Windows\System\DagiwcL.exe
  C:\Windows\System\DagiwcL.exe
  2⤵
  PID:964
- C:\Windows\System\WkFEwqM.exe
  C:\Windows\System\WkFEwqM.exe
  2⤵
  PID:704
- C:\Windows\System\ZDbIEHy.exe
  C:\Windows\System\ZDbIEHy.exe
  2⤵
  PID:1532
- C:\Windows\System\rRIWlrH.exe
  C:\Windows\System\rRIWlrH.exe
  2⤵
  PID:2416
- C:\Windows\System\xbALcEv.exe
  C:\Windows\System\xbALcEv.exe
  2⤵
  PID:1492
- C:\Windows\System\TsNryII.exe
  C:\Windows\System\TsNryII.exe
  2⤵
  PID:632
- C:\Windows\System\TZjGNfT.exe
  C:\Windows\System\TZjGNfT.exe
  2⤵
  PID:2016
- C:\Windows\System\sfClPDM.exe
  C:\Windows\System\sfClPDM.exe
  2⤵
  PID:2280
- C:\Windows\System\cgwzaww.exe
  C:\Windows\System\cgwzaww.exe
  2⤵
  PID:1584
- C:\Windows\System\VETTaFR.exe
  C:\Windows\System\VETTaFR.exe
  2⤵
  PID:1592
- C:\Windows\System\FUjiQYX.exe
  C:\Windows\System\FUjiQYX.exe
  2⤵
  PID:2180
- C:\Windows\System\zNObsBO.exe
  C:\Windows\System\zNObsBO.exe
  2⤵
  PID:2824
- C:\Windows\System\kgWqoXH.exe
  C:\Windows\System\kgWqoXH.exe
  2⤵
  PID:3008
- C:\Windows\System\oAANNWi.exe
  C:\Windows\System\oAANNWi.exe
  2⤵
  PID:2624
- C:\Windows\System\rEVIFGw.exe
  C:\Windows\System\rEVIFGw.exe
  2⤵
  PID:1928
- C:\Windows\System\IQXTXYH.exe
  C:\Windows\System\IQXTXYH.exe
  2⤵
  PID:1860
- C:\Windows\System\tzUDrYl.exe
  C:\Windows\System\tzUDrYl.exe
  2⤵
  PID:2952
- C:\Windows\System\yrNAPTP.exe
  C:\Windows\System\yrNAPTP.exe
  2⤵
  PID:2912
- C:\Windows\System\EBwyOSb.exe
  C:\Windows\System\EBwyOSb.exe
  2⤵
  PID:2460
- C:\Windows\System\ptszBDL.exe
  C:\Windows\System\ptszBDL.exe
  2⤵
  PID:1760
- C:\Windows\System\FSCHvIC.exe
  C:\Windows\System\FSCHvIC.exe
  2⤵
  PID:2572
- C:\Windows\System\HEfxzsr.exe
  C:\Windows\System\HEfxzsr.exe
  2⤵
  PID:780
- C:\Windows\System\GAfBNBp.exe
  C:\Windows\System\GAfBNBp.exe
  2⤵
  PID:3080
- C:\Windows\System\OElpCvo.exe
  C:\Windows\System\OElpCvo.exe
  2⤵
  PID:3096
- C:\Windows\System\ihpqQkp.exe
  C:\Windows\System\ihpqQkp.exe
  2⤵
  PID:3112
- C:\Windows\System\MlnWTNE.exe
  C:\Windows\System\MlnWTNE.exe
  2⤵
  PID:3128
- C:\Windows\System\XVYfdfo.exe
  C:\Windows\System\XVYfdfo.exe
  2⤵
  PID:3144
- C:\Windows\System\mtnMjyb.exe
  C:\Windows\System\mtnMjyb.exe
  2⤵
  PID:3160
- C:\Windows\System\SFWamRS.exe
  C:\Windows\System\SFWamRS.exe
  2⤵
  PID:3176
- C:\Windows\System\XjWwUtX.exe
  C:\Windows\System\XjWwUtX.exe
  2⤵
  PID:3192
- C:\Windows\System\zbiXzeY.exe
  C:\Windows\System\zbiXzeY.exe
  2⤵
  PID:3208
- C:\Windows\System\grnzjnE.exe
  C:\Windows\System\grnzjnE.exe
  2⤵
  PID:3224
- C:\Windows\System\PWBoJAk.exe
  C:\Windows\System\PWBoJAk.exe
  2⤵
  PID:3240
- C:\Windows\System\thpIqve.exe
  C:\Windows\System\thpIqve.exe
  2⤵
  PID:3256
- C:\Windows\System\YiGjaBi.exe
  C:\Windows\System\YiGjaBi.exe
  2⤵
  PID:3272
- C:\Windows\System\bsIEkhs.exe
  C:\Windows\System\bsIEkhs.exe
  2⤵
  PID:3288
- C:\Windows\System\FSRuJjh.exe
  C:\Windows\System\FSRuJjh.exe
  2⤵
  PID:3304
- C:\Windows\System\KrOalaR.exe
  C:\Windows\System\KrOalaR.exe
  2⤵
  PID:3320
- C:\Windows\System\JILQhdW.exe
  C:\Windows\System\JILQhdW.exe
  2⤵
  PID:3336
- C:\Windows\System\YxGQLOb.exe
  C:\Windows\System\YxGQLOb.exe
  2⤵
  PID:3352
- C:\Windows\System\vqoVwuR.exe
  C:\Windows\System\vqoVwuR.exe
  2⤵
  PID:3368
- C:\Windows\System\ILXsXWs.exe
  C:\Windows\System\ILXsXWs.exe
  2⤵
  PID:3384
- C:\Windows\System\njRUUoz.exe
  C:\Windows\System\njRUUoz.exe
  2⤵
  PID:3400
- C:\Windows\System\yDYLLrP.exe
  C:\Windows\System\yDYLLrP.exe
  2⤵
  PID:3416
- C:\Windows\System\YEVpPmH.exe
  C:\Windows\System\YEVpPmH.exe
  2⤵
  PID:3432
- C:\Windows\System\NwLPvSa.exe
  C:\Windows\System\NwLPvSa.exe
  2⤵
  PID:3448
- C:\Windows\System\KcnManv.exe
  C:\Windows\System\KcnManv.exe
  2⤵
  PID:3464
- C:\Windows\System\lJNMfRs.exe
  C:\Windows\System\lJNMfRs.exe
  2⤵
  PID:3480
- C:\Windows\System\gGwipcF.exe
  C:\Windows\System\gGwipcF.exe
  2⤵
  PID:3496
- C:\Windows\System\lfYyzrk.exe
  C:\Windows\System\lfYyzrk.exe
  2⤵
  PID:3512
- C:\Windows\System\rJGiiuO.exe
  C:\Windows\System\rJGiiuO.exe
  2⤵
  PID:3528
- C:\Windows\System\ogDRlDs.exe
  C:\Windows\System\ogDRlDs.exe
  2⤵
  PID:3544
- C:\Windows\System\VRODXgO.exe
  C:\Windows\System\VRODXgO.exe
  2⤵
  PID:3560
- C:\Windows\System\scLLqau.exe
  C:\Windows\System\scLLqau.exe
  2⤵
  PID:3576
- C:\Windows\System\AKUpKgh.exe
  C:\Windows\System\AKUpKgh.exe
  2⤵
  PID:3592
- C:\Windows\System\UBmOqpg.exe
  C:\Windows\System\UBmOqpg.exe
  2⤵
  PID:3608
- C:\Windows\System\DSWORjk.exe
  C:\Windows\System\DSWORjk.exe
  2⤵
  PID:3624
- C:\Windows\System\oLsFIub.exe
  C:\Windows\System\oLsFIub.exe
  2⤵
  PID:3640
- C:\Windows\System\qMDJxMM.exe
  C:\Windows\System\qMDJxMM.exe
  2⤵
  PID:3656
- C:\Windows\System\OouKZii.exe
  C:\Windows\System\OouKZii.exe
  2⤵
  PID:3672
- C:\Windows\System\FloPJtB.exe
  C:\Windows\System\FloPJtB.exe
  2⤵
  PID:3688
- C:\Windows\System\vjIvPTH.exe
  C:\Windows\System\vjIvPTH.exe
  2⤵
  PID:3704
- C:\Windows\System\FkIaiaw.exe
  C:\Windows\System\FkIaiaw.exe
  2⤵
  PID:3720
- C:\Windows\System\exFJvld.exe
  C:\Windows\System\exFJvld.exe
  2⤵
  PID:3736
- C:\Windows\System\FFGJFKh.exe
  C:\Windows\System\FFGJFKh.exe
  2⤵
  PID:3752
- C:\Windows\System\UvXVdLn.exe
  C:\Windows\System\UvXVdLn.exe
  2⤵
  PID:3768
- C:\Windows\System\JeGPvuT.exe
  C:\Windows\System\JeGPvuT.exe
  2⤵
  PID:3784
- C:\Windows\System\NQisZnQ.exe
  C:\Windows\System\NQisZnQ.exe
  2⤵
  PID:3800
- C:\Windows\System\mqJYved.exe
  C:\Windows\System\mqJYved.exe
  2⤵
  PID:3816
- C:\Windows\System\WGtBakt.exe
  C:\Windows\System\WGtBakt.exe
  2⤵
  PID:3832
- C:\Windows\System\KUEJnpX.exe
  C:\Windows\System\KUEJnpX.exe
  2⤵
  PID:3848
- C:\Windows\System\CjCfObf.exe
  C:\Windows\System\CjCfObf.exe
  2⤵
  PID:3868
- C:\Windows\System\OotjRjk.exe
  C:\Windows\System\OotjRjk.exe
  2⤵
  PID:3884
- C:\Windows\System\cjmDJzx.exe
  C:\Windows\System\cjmDJzx.exe
  2⤵
  PID:3900
- C:\Windows\System\KBvVPNO.exe
  C:\Windows\System\KBvVPNO.exe
  2⤵
  PID:3916
- C:\Windows\System\NpzrTEL.exe
  C:\Windows\System\NpzrTEL.exe
  2⤵
  PID:3932
- C:\Windows\System\koriNDO.exe
  C:\Windows\System\koriNDO.exe
  2⤵
  PID:3948
- C:\Windows\System\BpVWtuz.exe
  C:\Windows\System\BpVWtuz.exe
  2⤵
  PID:3964
- C:\Windows\System\OWcKKBj.exe
  C:\Windows\System\OWcKKBj.exe
  2⤵
  PID:3980
- C:\Windows\System\wimBRnF.exe
  C:\Windows\System\wimBRnF.exe
  2⤵
  PID:3996
- C:\Windows\System\PivyxwI.exe
  C:\Windows\System\PivyxwI.exe
  2⤵
  PID:4012
- C:\Windows\System\tlBkpVE.exe
  C:\Windows\System\tlBkpVE.exe
  2⤵
  PID:4028
- C:\Windows\System\awSZsLT.exe
  C:\Windows\System\awSZsLT.exe
  2⤵
  PID:4044
- C:\Windows\System\UQMaCCj.exe
  C:\Windows\System\UQMaCCj.exe
  2⤵
  PID:4060
- C:\Windows\System\zQaEZnv.exe
  C:\Windows\System\zQaEZnv.exe
  2⤵
  PID:4076
- C:\Windows\System\hLPkdFL.exe
  C:\Windows\System\hLPkdFL.exe
  2⤵
  PID:4092
- C:\Windows\System\zFftpfE.exe
  C:\Windows\System\zFftpfE.exe
  2⤵
  PID:960
- C:\Windows\System\igNiXcm.exe
  C:\Windows\System\igNiXcm.exe
  2⤵
  PID:1156
- C:\Windows\System\xJbDBig.exe
  C:\Windows\System\xJbDBig.exe
  2⤵
  PID:304
- C:\Windows\System\cgBYoZP.exe
  C:\Windows\System\cgBYoZP.exe
  2⤵
  PID:2508
- C:\Windows\System\pgmklNm.exe
  C:\Windows\System\pgmklNm.exe
  2⤵
  PID:2344
- C:\Windows\System\otSDbjW.exe
  C:\Windows\System\otSDbjW.exe
  2⤵
  PID:3040
- C:\Windows\System\AWDmvkV.exe
  C:\Windows\System\AWDmvkV.exe
  2⤵
  PID:2836
- C:\Windows\System\gunPTiB.exe
  C:\Windows\System\gunPTiB.exe
  2⤵
  PID:1800
- C:\Windows\System\jZoChfO.exe
  C:\Windows\System\jZoChfO.exe
  2⤵
  PID:2856
- C:\Windows\System\JnYQnGk.exe
  C:\Windows\System\JnYQnGk.exe
  2⤵
  PID:2696
- C:\Windows\System\TaollMD.exe
  C:\Windows\System\TaollMD.exe
  2⤵
  PID:3088
- C:\Windows\System\LPdcHrQ.exe
  C:\Windows\System\LPdcHrQ.exe
  2⤵
  PID:3120
- C:\Windows\System\RGFYHNQ.exe
  C:\Windows\System\RGFYHNQ.exe
  2⤵
  PID:3152
- C:\Windows\System\dZoddlJ.exe
  C:\Windows\System\dZoddlJ.exe
  2⤵
  PID:3172
- C:\Windows\System\XNWkvNQ.exe
  C:\Windows\System\XNWkvNQ.exe
  2⤵
  PID:3216
- C:\Windows\System\XJfFoBE.exe
  C:\Windows\System\XJfFoBE.exe
  2⤵
  PID:3248
- C:\Windows\System\jclxOWU.exe
  C:\Windows\System\jclxOWU.exe
  2⤵
  PID:3268
- C:\Windows\System\AKCXkan.exe
  C:\Windows\System\AKCXkan.exe
  2⤵
  PID:3300
- C:\Windows\System\ldPUcat.exe
  C:\Windows\System\ldPUcat.exe
  2⤵
  PID:3332
- C:\Windows\System\IGmsxhB.exe
  C:\Windows\System\IGmsxhB.exe
  2⤵
  PID:3364
- C:\Windows\System\PyIpTst.exe
  C:\Windows\System\PyIpTst.exe
  2⤵
  PID:3552
- C:\Windows\System\akyUtcu.exe
  C:\Windows\System\akyUtcu.exe
  2⤵
  PID:3600
- C:\Windows\System\rLVMhBU.exe
  C:\Windows\System\rLVMhBU.exe
  2⤵
  PID:3664
- C:\Windows\System\fjqrdSc.exe
  C:\Windows\System\fjqrdSc.exe
  2⤵
  PID:3712
- C:\Windows\System\tuNpIKy.exe
  C:\Windows\System\tuNpIKy.exe
  2⤵
  PID:3780
- C:\Windows\System\xViBiGB.exe
  C:\Windows\System\xViBiGB.exe
  2⤵
  PID:3812
- C:\Windows\System\MWYHimu.exe
  C:\Windows\System\MWYHimu.exe
  2⤵
  PID:3856
- C:\Windows\System\rrWBxQY.exe
  C:\Windows\System\rrWBxQY.exe
  2⤵
  PID:3892
- C:\Windows\System\aIPOikH.exe
  C:\Windows\System\aIPOikH.exe
  2⤵
  PID:3924
- C:\Windows\System\PnWroaE.exe
  C:\Windows\System\PnWroaE.exe
  2⤵
  PID:3956
- C:\Windows\System\kvWgXod.exe
  C:\Windows\System\kvWgXod.exe
  2⤵
  PID:3976
- C:\Windows\System\IxEUIUB.exe
  C:\Windows\System\IxEUIUB.exe
  2⤵
  PID:4020
- C:\Windows\System\vAVfOZL.exe
  C:\Windows\System\vAVfOZL.exe
  2⤵
  PID:4052
- C:\Windows\System\hEdVxbv.exe
  C:\Windows\System\hEdVxbv.exe
  2⤵
  PID:4084
- C:\Windows\System\CVACrNs.exe
  C:\Windows\System\CVACrNs.exe
  2⤵
  PID:2116
- C:\Windows\System\GVlgMyT.exe
  C:\Windows\System\GVlgMyT.exe
  2⤵
  PID:896
- C:\Windows\System\wtLNBhA.exe
  C:\Windows\System\wtLNBhA.exe
  2⤵
  PID:3124
- C:\Windows\System\iIqrspn.exe
  C:\Windows\System\iIqrspn.exe
  2⤵
  PID:3188
- C:\Windows\System\zzXfCKD.exe
  C:\Windows\System\zzXfCKD.exe
  2⤵
  PID:3232
- C:\Windows\System\ossmsUN.exe
  C:\Windows\System\ossmsUN.exe
  2⤵
  PID:3316
- C:\Windows\System\SmphVXG.exe
  C:\Windows\System\SmphVXG.exe
  2⤵
  PID:3380
- C:\Windows\System\nvsgEzI.exe
  C:\Windows\System\nvsgEzI.exe
  2⤵
  PID:1032
- C:\Windows\System\geWzdXW.exe
  C:\Windows\System\geWzdXW.exe
  2⤵
  PID:2752
- C:\Windows\System\uPYMSiv.exe
  C:\Windows\System\uPYMSiv.exe
  2⤵
  PID:2500
- C:\Windows\System\AqEkDbi.exe
  C:\Windows\System\AqEkDbi.exe
  2⤵
  PID:2136
- C:\Windows\System\jpOtfrl.exe
  C:\Windows\System\jpOtfrl.exe
  2⤵
  PID:2700
- C:\Windows\System\xaWCkFh.exe
  C:\Windows\System\xaWCkFh.exe
  2⤵
  PID:1608
- C:\Windows\System\KxniUgR.exe
  C:\Windows\System\KxniUgR.exe
  2⤵
  PID:2772
- C:\Windows\System\uSmLUjW.exe
  C:\Windows\System\uSmLUjW.exe
  2⤵
  PID:3020
- C:\Windows\System\HkybxVD.exe
  C:\Windows\System\HkybxVD.exe
  2⤵
  PID:2404
- C:\Windows\System\ANbyzXQ.exe
  C:\Windows\System\ANbyzXQ.exe
  2⤵
  PID:1864
- C:\Windows\System\FLEnZLL.exe
  C:\Windows\System\FLEnZLL.exe
  2⤵
  PID:2712
- C:\Windows\System\WmrQCpT.exe
  C:\Windows\System\WmrQCpT.exe
  2⤵
  PID:1516
- C:\Windows\System\knGqwHc.exe
  C:\Windows\System\knGqwHc.exe
  2⤵
  PID:2172
- C:\Windows\System\ToBUDVG.exe
  C:\Windows\System\ToBUDVG.exe
  2⤵
  PID:2176
- C:\Windows\System\jrjizeg.exe
  C:\Windows\System\jrjizeg.exe
  2⤵
  PID:3456
- C:\Windows\System\aXGjlTq.exe
  C:\Windows\System\aXGjlTq.exe
  2⤵
  PID:712
- C:\Windows\System\XYFgxMk.exe
  C:\Windows\System\XYFgxMk.exe
  2⤵
  PID:2080
- C:\Windows\System\mGskVrb.exe
  C:\Windows\System\mGskVrb.exe
  2⤵
  PID:3536
- C:\Windows\System\fbtFXAP.exe
  C:\Windows\System\fbtFXAP.exe
  2⤵
  PID:1060
- C:\Windows\System\fTDZGJt.exe
  C:\Windows\System\fTDZGJt.exe
  2⤵
  PID:3648
- C:\Windows\System\jBWUWFP.exe
  C:\Windows\System\jBWUWFP.exe
  2⤵
  PID:2008
- C:\Windows\System\QCFhoQW.exe
  C:\Windows\System\QCFhoQW.exe
  2⤵
  PID:3696
- C:\Windows\System\nEJnSFn.exe
  C:\Windows\System\nEJnSFn.exe
  2⤵
  PID:1164
- C:\Windows\System\tEZlVtY.exe
  C:\Windows\System\tEZlVtY.exe
  2⤵
  PID:2768
- C:\Windows\System\VPwhwry.exe
  C:\Windows\System\VPwhwry.exe
  2⤵
  PID:2828
- C:\Windows\System\pXUCYVz.exe
  C:\Windows\System\pXUCYVz.exe
  2⤵
  PID:2976
- C:\Windows\System\LvWYOSg.exe
  C:\Windows\System\LvWYOSg.exe
  2⤵
  PID:2880
- C:\Windows\System\GONGJJp.exe
  C:\Windows\System\GONGJJp.exe
  2⤵
  PID:2292
- C:\Windows\System\QHGtVkw.exe
  C:\Windows\System\QHGtVkw.exe
  2⤵
  PID:3796
- C:\Windows\System\GigEIwC.exe
  C:\Windows\System\GigEIwC.exe
  2⤵
  PID:3744
- C:\Windows\System\NTahJgH.exe
  C:\Windows\System\NTahJgH.exe
  2⤵
  PID:3908
- C:\Windows\System\tiITOFf.exe
  C:\Windows\System\tiITOFf.exe
  2⤵
  PID:3988
- C:\Windows\System\wkVRUPm.exe
  C:\Windows\System\wkVRUPm.exe
  2⤵
  PID:1880
- C:\Windows\System\AsQVoAq.exe
  C:\Windows\System\AsQVoAq.exe
  2⤵
  PID:2872
- C:\Windows\System\AhsplNE.exe
  C:\Windows\System\AhsplNE.exe
  2⤵
  PID:1908
- C:\Windows\System\hablCYM.exe
  C:\Windows\System\hablCYM.exe
  2⤵
  PID:3104
- C:\Windows\System\flCidtF.exe
  C:\Windows\System\flCidtF.exe
  2⤵
  PID:2640
- C:\Windows\System\zUrCViI.exe
  C:\Windows\System\zUrCViI.exe
  2⤵
  PID:4068
- C:\Windows\System\tymgeve.exe
  C:\Windows\System\tymgeve.exe
  2⤵
  PID:2844
- C:\Windows\System\NCAsCat.exe
  C:\Windows\System\NCAsCat.exe
  2⤵
  PID:3168
- C:\Windows\System\auqLNho.exe
  C:\Windows\System\auqLNho.exe
  2⤵
  PID:2600
- C:\Windows\System\MpYPjpF.exe
  C:\Windows\System\MpYPjpF.exe
  2⤵
  PID:2796
- C:\Windows\System\TmIVDeH.exe
  C:\Windows\System\TmIVDeH.exe
  2⤵
  PID:1092
- C:\Windows\System\CZOfLjh.exe
  C:\Windows\System\CZOfLjh.exe
  2⤵
  PID:1036
- C:\Windows\System\MnVUmNs.exe
  C:\Windows\System\MnVUmNs.exe
  2⤵
  PID:3540
- C:\Windows\System\NpbQMif.exe
  C:\Windows\System\NpbQMif.exe
  2⤵
  PID:2060
- C:\Windows\System\xwUykSo.exe
  C:\Windows\System\xwUykSo.exe
  2⤵
  PID:1284
- C:\Windows\System\ahpmJwx.exe
  C:\Windows\System\ahpmJwx.exe
  2⤵
  PID:3620
- C:\Windows\System\DCefiSv.exe
  C:\Windows\System\DCefiSv.exe
  2⤵
  PID:3680
- C:\Windows\System\hbynGUr.exe
  C:\Windows\System\hbynGUr.exe
  2⤵
  PID:2864
- C:\Windows\System\ETXUsiy.exe
  C:\Windows\System\ETXUsiy.exe
  2⤵
  PID:3652
- C:\Windows\System\oDdqGjm.exe
  C:\Windows\System\oDdqGjm.exe
  2⤵
  PID:592
- C:\Windows\System\HLPtNSc.exe
  C:\Windows\System\HLPtNSc.exe
  2⤵
  PID:2560
- C:\Windows\System\ClNmMul.exe
  C:\Windows\System\ClNmMul.exe
  2⤵
  PID:3760
- C:\Windows\System\ITOFgbL.exe
  C:\Windows\System\ITOFgbL.exe
  2⤵
  PID:2076
- C:\Windows\System\vgLkNhg.exe
  C:\Windows\System\vgLkNhg.exe
  2⤵
  PID:2792
- C:\Windows\System\FUkkRjE.exe
  C:\Windows\System\FUkkRjE.exe
  2⤵
  PID:708
- C:\Windows\System\yOTpQAy.exe
  C:\Windows\System\yOTpQAy.exe
  2⤵
  PID:1600
- C:\Windows\System\OISMcBB.exe
  C:\Windows\System\OISMcBB.exe
  2⤵
  PID:1652
- C:\Windows\System\MtPZdMa.exe
  C:\Windows\System\MtPZdMa.exe
  2⤵
  PID:2760
- C:\Windows\System\QDfjKMn.exe
  C:\Windows\System\QDfjKMn.exe
  2⤵
  PID:892
- C:\Windows\System\USWnHCG.exe
  C:\Windows\System\USWnHCG.exe
  2⤵
  PID:2224
- C:\Windows\System\ZcqMflL.exe
  C:\Windows\System\ZcqMflL.exe
  2⤵
  PID:2964
- C:\Windows\System\fucuDtD.exe
  C:\Windows\System\fucuDtD.exe
  2⤵
  PID:1416
- C:\Windows\System\KlTgpzZ.exe
  C:\Windows\System\KlTgpzZ.exe
  2⤵
  PID:3776
- C:\Windows\System\HBrtrdP.exe
  C:\Windows\System\HBrtrdP.exe
  2⤵
  PID:2684
- C:\Windows\System\FbFcgDV.exe
  C:\Windows\System\FbFcgDV.exe
  2⤵
  PID:4108
- C:\Windows\System\aCKejnG.exe
  C:\Windows\System\aCKejnG.exe
  2⤵
  PID:4124
- C:\Windows\System\qTjxAMO.exe
  C:\Windows\System\qTjxAMO.exe
  2⤵
  PID:4140
- C:\Windows\System\TtKtVbK.exe
  C:\Windows\System\TtKtVbK.exe
  2⤵
  PID:4156
- C:\Windows\System\qXvyRZR.exe
  C:\Windows\System\qXvyRZR.exe
  2⤵
  PID:4172
- C:\Windows\System\qVmErSV.exe
  C:\Windows\System\qVmErSV.exe
  2⤵
  PID:4188
- C:\Windows\System\XUOLhci.exe
  C:\Windows\System\XUOLhci.exe
  2⤵
  PID:4204
- C:\Windows\System\DhWAzak.exe
  C:\Windows\System\DhWAzak.exe
  2⤵
  PID:4220
- C:\Windows\System\JPWNSBG.exe
  C:\Windows\System\JPWNSBG.exe
  2⤵
  PID:4236
- C:\Windows\System\FabJNyZ.exe
  C:\Windows\System\FabJNyZ.exe
  2⤵
  PID:4252
- C:\Windows\System\YgrztqI.exe
  C:\Windows\System\YgrztqI.exe
  2⤵
  PID:4268
- C:\Windows\System\EJFaClw.exe
  C:\Windows\System\EJFaClw.exe
  2⤵
  PID:4284
- C:\Windows\System\hfkwIeh.exe
  C:\Windows\System\hfkwIeh.exe
  2⤵
  PID:4300
- C:\Windows\System\rhIvDOY.exe
  C:\Windows\System\rhIvDOY.exe
  2⤵
  PID:4316
- C:\Windows\System\Rubtlat.exe
  C:\Windows\System\Rubtlat.exe
  2⤵
  PID:4332
- C:\Windows\System\RBCyUjC.exe
  C:\Windows\System\RBCyUjC.exe
  2⤵
  PID:4348
- C:\Windows\System\vdEnreE.exe
  C:\Windows\System\vdEnreE.exe
  2⤵
  PID:4364
- C:\Windows\System\KuImcuN.exe
  C:\Windows\System\KuImcuN.exe
  2⤵
  PID:4380
- C:\Windows\System\rsRBZYO.exe
  C:\Windows\System\rsRBZYO.exe
  2⤵
  PID:4396
- C:\Windows\System\fQdwXDv.exe
  C:\Windows\System\fQdwXDv.exe
  2⤵
  PID:4412
- C:\Windows\System\FwcFuGX.exe
  C:\Windows\System\FwcFuGX.exe
  2⤵
  PID:4428
- C:\Windows\System\HtYIHgT.exe
  C:\Windows\System\HtYIHgT.exe
  2⤵
  PID:4444
- C:\Windows\System\WDWBXgU.exe
  C:\Windows\System\WDWBXgU.exe
  2⤵
  PID:4460
- C:\Windows\System\ZDZdKjN.exe
  C:\Windows\System\ZDZdKjN.exe
  2⤵
  PID:4476
- C:\Windows\System\gezhZKf.exe
  C:\Windows\System\gezhZKf.exe
  2⤵
  PID:4492
- C:\Windows\System\NdOZCvh.exe
  C:\Windows\System\NdOZCvh.exe
  2⤵
  PID:4508
- C:\Windows\System\EqoHGlv.exe
  C:\Windows\System\EqoHGlv.exe
  2⤵
  PID:4524
- C:\Windows\System\KDIHeLQ.exe
  C:\Windows\System\KDIHeLQ.exe
  2⤵
  PID:4540
- C:\Windows\System\CKjTShl.exe
  C:\Windows\System\CKjTShl.exe
  2⤵
  PID:4556
- C:\Windows\System\KGdMKTF.exe
  C:\Windows\System\KGdMKTF.exe
  2⤵
  PID:4572
- C:\Windows\System\XUFUpvh.exe
  C:\Windows\System\XUFUpvh.exe
  2⤵
  PID:4588
- C:\Windows\System\RtWAmYR.exe
  C:\Windows\System\RtWAmYR.exe
  2⤵
  PID:4604
- C:\Windows\System\DPXwwxh.exe
  C:\Windows\System\DPXwwxh.exe
  2⤵
  PID:4620
- C:\Windows\System\orNoMUx.exe
  C:\Windows\System\orNoMUx.exe
  2⤵
  PID:4636
- C:\Windows\System\nLuOvmu.exe
  C:\Windows\System\nLuOvmu.exe
  2⤵
  PID:4652
- C:\Windows\System\GgbiZkj.exe
  C:\Windows\System\GgbiZkj.exe
  2⤵
  PID:4668
- C:\Windows\System\cZzKGaH.exe
  C:\Windows\System\cZzKGaH.exe
  2⤵
  PID:4684
- C:\Windows\System\LzgzZvi.exe
  C:\Windows\System\LzgzZvi.exe
  2⤵
  PID:4700
- C:\Windows\System\nLeIgyT.exe
  C:\Windows\System\nLeIgyT.exe
  2⤵
  PID:4716
- C:\Windows\System\XAmsoFw.exe
  C:\Windows\System\XAmsoFw.exe
  2⤵
  PID:4732
- C:\Windows\System\EaOzuVT.exe
  C:\Windows\System\EaOzuVT.exe
  2⤵
  PID:4748
- C:\Windows\System\YrgDrPG.exe
  C:\Windows\System\YrgDrPG.exe
  2⤵
  PID:4764
- C:\Windows\System\WdPPpyq.exe
  C:\Windows\System\WdPPpyq.exe
  2⤵
  PID:4780
- C:\Windows\System\ikmdvNU.exe
  C:\Windows\System\ikmdvNU.exe
  2⤵
  PID:4796
- C:\Windows\System\LYXUHSx.exe
  C:\Windows\System\LYXUHSx.exe
  2⤵
  PID:4812
- C:\Windows\System\DjPeIPH.exe
  C:\Windows\System\DjPeIPH.exe
  2⤵
  PID:4828
- C:\Windows\System\waqqTAX.exe
  C:\Windows\System\waqqTAX.exe
  2⤵
  PID:4844
- C:\Windows\System\LnVJcec.exe
  C:\Windows\System\LnVJcec.exe
  2⤵
  PID:4860
- C:\Windows\System\snApErV.exe
  C:\Windows\System\snApErV.exe
  2⤵
  PID:4876
- C:\Windows\System\IOuwjde.exe
  C:\Windows\System\IOuwjde.exe
  2⤵
  PID:4892
- C:\Windows\System\PxxxxBv.exe
  C:\Windows\System\PxxxxBv.exe
  2⤵
  PID:4908
- C:\Windows\System\fwsFVTS.exe
  C:\Windows\System\fwsFVTS.exe
  2⤵
  PID:4924
- C:\Windows\System\xPGMXdI.exe
  C:\Windows\System\xPGMXdI.exe
  2⤵
  PID:4940
- C:\Windows\System\kvbYiSB.exe
  C:\Windows\System\kvbYiSB.exe
  2⤵
  PID:4956
- C:\Windows\System\PEaMFey.exe
  C:\Windows\System\PEaMFey.exe
  2⤵
  PID:4972
- C:\Windows\System\qaMnvjx.exe
  C:\Windows\System\qaMnvjx.exe
  2⤵
  PID:4992
- C:\Windows\System\trPeJFc.exe
  C:\Windows\System\trPeJFc.exe
  2⤵
  PID:5008
- C:\Windows\System\CSfTDxa.exe
  C:\Windows\System\CSfTDxa.exe
  2⤵
  PID:5024
- C:\Windows\System\WQeuqDn.exe
  C:\Windows\System\WQeuqDn.exe
  2⤵
  PID:5040
- C:\Windows\System\DBUkdMf.exe
  C:\Windows\System\DBUkdMf.exe
  2⤵
  PID:5056
- C:\Windows\System\PqVpJbk.exe
  C:\Windows\System\PqVpJbk.exe
  2⤵
  PID:5072
- C:\Windows\System\FscfIHs.exe
  C:\Windows\System\FscfIHs.exe
  2⤵
  PID:5088
- C:\Windows\System\kQVBemj.exe
  C:\Windows\System\kQVBemj.exe
  2⤵
  PID:5104
- C:\Windows\System\faFRsnA.exe
  C:\Windows\System\faFRsnA.exe
  2⤵
  PID:3860
- C:\Windows\System\csihvmJ.exe
  C:\Windows\System\csihvmJ.exe
  2⤵
  PID:3092
- C:\Windows\System\ezURoEg.exe
  C:\Windows\System\ezURoEg.exe
  2⤵
  PID:3396
- C:\Windows\System\lsJYMMK.exe
  C:\Windows\System\lsJYMMK.exe
  2⤵
  PID:2316
- C:\Windows\System\zYCdmrZ.exe
  C:\Windows\System\zYCdmrZ.exe
  2⤵
  PID:1680
- C:\Windows\System\XXdehWd.exe
  C:\Windows\System\XXdehWd.exe
  2⤵
  PID:4136
- C:\Windows\System\XbTgpAc.exe
  C:\Windows\System\XbTgpAc.exe
  2⤵
  PID:4200
- C:\Windows\System\BBFtdCd.exe
  C:\Windows\System\BBFtdCd.exe
  2⤵
  PID:4132
- C:\Windows\System\rXPluSn.exe
  C:\Windows\System\rXPluSn.exe
  2⤵
  PID:4292
- C:\Windows\System\ovLMXZL.exe
  C:\Windows\System\ovLMXZL.exe
  2⤵
  PID:4356
- C:\Windows\System\qHvLeWd.exe
  C:\Windows\System\qHvLeWd.exe
  2⤵
  PID:4420
- C:\Windows\System\RGlMrBg.exe
  C:\Windows\System\RGlMrBg.exe
  2⤵
  PID:4484
- C:\Windows\System\AqpWJrI.exe
  C:\Windows\System\AqpWJrI.exe
  2⤵
  PID:4520
- C:\Windows\System\ASZawGZ.exe
  C:\Windows\System\ASZawGZ.exe
  2⤵
  PID:4580
- C:\Windows\System\ECJewdG.exe
  C:\Windows\System\ECJewdG.exe
  2⤵
  PID:4644
- C:\Windows\System\pdlemTU.exe
  C:\Windows\System\pdlemTU.exe
  2⤵
  PID:4116
- C:\Windows\System\FyGyqPN.exe
  C:\Windows\System\FyGyqPN.exe
  2⤵
  PID:4180
- C:\Windows\System\HIjSbmu.exe
  C:\Windows\System\HIjSbmu.exe
  2⤵
  PID:4648
- C:\Windows\System\UlNFbxu.exe
  C:\Windows\System\UlNFbxu.exe
  2⤵
  PID:4280
- C:\Windows\System\UKbVugp.exe
  C:\Windows\System\UKbVugp.exe
  2⤵
  PID:4344
- C:\Windows\System\BjwbKlS.exe
  C:\Windows\System\BjwbKlS.exe
  2⤵
  PID:4440
- C:\Windows\System\VVtWkqD.exe
  C:\Windows\System\VVtWkqD.exe
  2⤵
  PID:4680
- C:\Windows\System\OAViveK.exe
  C:\Windows\System\OAViveK.exe
  2⤵
  PID:4772
- C:\Windows\System\OPQWJkH.exe
  C:\Windows\System\OPQWJkH.exe
  2⤵
  PID:4500
- C:\Windows\System\BapXXyI.exe
  C:\Windows\System\BapXXyI.exe
  2⤵
  PID:4564
- C:\Windows\System\FtHTobz.exe
  C:\Windows\System\FtHTobz.exe
  2⤵
  PID:4628
- C:\Windows\System\rgQOzDI.exe
  C:\Windows\System\rgQOzDI.exe
  2⤵
  PID:4692
- C:\Windows\System\wooEZmE.exe
  C:\Windows\System\wooEZmE.exe
  2⤵
  PID:4840
- C:\Windows\System\UYJrtgI.exe
  C:\Windows\System\UYJrtgI.exe
  2⤵
  PID:4696
- C:\Windows\System\MLhUNGm.exe
  C:\Windows\System\MLhUNGm.exe
  2⤵
  PID:4760
- C:\Windows\System\FbMYAZW.exe
  C:\Windows\System\FbMYAZW.exe
  2⤵
  PID:4932
- C:\Windows\System\INxgbQO.exe
  C:\Windows\System\INxgbQO.exe
  2⤵
  PID:4852
- C:\Windows\System\DftmCwP.exe
  C:\Windows\System\DftmCwP.exe
  2⤵
  PID:4920
- C:\Windows\System\JFqbrfz.exe
  C:\Windows\System\JFqbrfz.exe
  2⤵
  PID:4888
- C:\Windows\System\CfPbwDo.exe
  C:\Windows\System\CfPbwDo.exe
  2⤵
  PID:4980
- C:\Windows\System\KbsVMOm.exe
  C:\Windows\System\KbsVMOm.exe
  2⤵
  PID:5096
- C:\Windows\System\kzLTJRC.exe
  C:\Windows\System\kzLTJRC.exe
  2⤵
  PID:5016
- C:\Windows\System\UiRmVoB.exe
  C:\Windows\System\UiRmVoB.exe
  2⤵
  PID:5048
- C:\Windows\System\GaSQyzH.exe
  C:\Windows\System\GaSQyzH.exe
  2⤵
  PID:4100
- C:\Windows\System\igtKKtc.exe
  C:\Windows\System\igtKKtc.exe
  2⤵
  PID:4324
- C:\Windows\System\PZKRtlv.exe
  C:\Windows\System\PZKRtlv.exe
  2⤵
  PID:3156
- C:\Windows\System\AGzLlix.exe
  C:\Windows\System\AGzLlix.exe
  2⤵
  PID:4456
- C:\Windows\System\xnFLLWA.exe
  C:\Windows\System\xnFLLWA.exe
  2⤵
  PID:1812
- C:\Windows\System\EUSSfLE.exe
  C:\Windows\System\EUSSfLE.exe
  2⤵
  PID:4260
- C:\Windows\System\xLQDqLD.exe
  C:\Windows\System\xLQDqLD.exe
  2⤵
  PID:4404
- C:\Windows\System\LZQSAHp.exe
  C:\Windows\System\LZQSAHp.exe
  2⤵
  PID:4408
- C:\Windows\System\kzOlWSh.exe
  C:\Windows\System\kzOlWSh.exe
  2⤵
  PID:4712
- C:\Windows\System\cDSCkUo.exe
  C:\Windows\System\cDSCkUo.exe
  2⤵
  PID:4872
- C:\Windows\System\VdWnBco.exe
  C:\Windows\System\VdWnBco.exe
  2⤵
  PID:4376
- C:\Windows\System\vfETQGS.exe
  C:\Windows\System\vfETQGS.exe
  2⤵
  PID:4532
- C:\Windows\System\XeyTJOh.exe
  C:\Windows\System\XeyTJOh.exe
  2⤵
  PID:4900
- C:\Windows\System\kOldgZK.exe
  C:\Windows\System\kOldgZK.exe
  2⤵
  PID:4916
- C:\Windows\System\SmPNLpW.exe
  C:\Windows\System\SmPNLpW.exe
  2⤵
  PID:4340
- C:\Windows\System\XisHJMK.exe
  C:\Windows\System\XisHJMK.exe
  2⤵
  PID:4824
- C:\Windows\System\OfhAGKB.exe
  C:\Windows\System\OfhAGKB.exe
  2⤵
  PID:4600
- C:\Windows\System\hEoeOOK.exe
  C:\Windows\System\hEoeOOK.exe
  2⤵
  PID:5068
- C:\Windows\System\HXWNZlf.exe
  C:\Windows\System\HXWNZlf.exe
  2⤵
  PID:5080
- C:\Windows\System\fiPFykR.exe
  C:\Windows\System\fiPFykR.exe
  2⤵
  PID:4452
- C:\Windows\System\fvmqUMf.exe
  C:\Windows\System\fvmqUMf.exe
  2⤵
  PID:4612
- C:\Windows\System\pnuwcuW.exe
  C:\Windows\System\pnuwcuW.exe
  2⤵
  PID:4616
- C:\Windows\System\NQeDQEi.exe
  C:\Windows\System\NQeDQEi.exe
  2⤵
  PID:2616
- C:\Windows\System\CqXmCUl.exe
  C:\Windows\System\CqXmCUl.exe
  2⤵
  PID:5112
- C:\Windows\System\UBdOEVh.exe
  C:\Windows\System\UBdOEVh.exe
  2⤵
  PID:4248
- C:\Windows\System\oyiIByX.exe
  C:\Windows\System\oyiIByX.exe
  2⤵
  PID:3748
- C:\Windows\System\POSJvFY.exe
  C:\Windows\System\POSJvFY.exe
  2⤵
  PID:4596
- C:\Windows\System\FkfrCEn.exe
  C:\Windows\System\FkfrCEn.exe
  2⤵
  PID:2740
- C:\Windows\System\wzOyaQk.exe
  C:\Windows\System\wzOyaQk.exe
  2⤵
  PID:4728
- C:\Windows\System\ujOfqBJ.exe
  C:\Windows\System\ujOfqBJ.exe
  2⤵
  PID:4676
- C:\Windows\System\SgSnQUi.exe
  C:\Windows\System\SgSnQUi.exe
  2⤵
  PID:4196
- C:\Windows\System\FykozCg.exe
  C:\Windows\System\FykozCg.exe
  2⤵
  PID:5128
- C:\Windows\System\tTmQiLv.exe
  C:\Windows\System\tTmQiLv.exe
  2⤵
  PID:5144
- C:\Windows\System\yCUgHef.exe
  C:\Windows\System\yCUgHef.exe
  2⤵
  PID:5160
- C:\Windows\System\LvqhQyC.exe
  C:\Windows\System\LvqhQyC.exe
  2⤵
  PID:5176
- C:\Windows\System\pPRUcgB.exe
  C:\Windows\System\pPRUcgB.exe
  2⤵
  PID:5192
- C:\Windows\System\uNurLzv.exe
  C:\Windows\System\uNurLzv.exe
  2⤵
  PID:5208
- C:\Windows\System\KPtYxkf.exe
  C:\Windows\System\KPtYxkf.exe
  2⤵
  PID:5224
- C:\Windows\System\XvtDxUR.exe
  C:\Windows\System\XvtDxUR.exe
  2⤵
  PID:5240
- C:\Windows\System\kepfyvF.exe
  C:\Windows\System\kepfyvF.exe
  2⤵
  PID:5256
- C:\Windows\System\GFvJbUo.exe
  C:\Windows\System\GFvJbUo.exe
  2⤵
  PID:5272
- C:\Windows\System\EHPJEyM.exe
  C:\Windows\System\EHPJEyM.exe
  2⤵
  PID:5288
- C:\Windows\System\ONkNezP.exe
  C:\Windows\System\ONkNezP.exe
  2⤵
  PID:5304
- C:\Windows\System\ASpKnHu.exe
  C:\Windows\System\ASpKnHu.exe
  2⤵
  PID:5320
- C:\Windows\System\IIVUDeB.exe
  C:\Windows\System\IIVUDeB.exe
  2⤵
  PID:5336
- C:\Windows\System\FlRYuIk.exe
  C:\Windows\System\FlRYuIk.exe
  2⤵
  PID:5352
- C:\Windows\System\Cliojga.exe
  C:\Windows\System\Cliojga.exe
  2⤵
  PID:5368
- C:\Windows\System\hlPatTW.exe
  C:\Windows\System\hlPatTW.exe
  2⤵
  PID:5384
- C:\Windows\System\SKDDzBw.exe
  C:\Windows\System\SKDDzBw.exe
  2⤵
  PID:5400
- C:\Windows\System\oWCkVNo.exe
  C:\Windows\System\oWCkVNo.exe
  2⤵
  PID:5416
- C:\Windows\System\jCKAaRp.exe
  C:\Windows\System\jCKAaRp.exe
  2⤵
  PID:5432
- C:\Windows\System\bcnqYPB.exe
  C:\Windows\System\bcnqYPB.exe
  2⤵
  PID:5448
- C:\Windows\System\jkpripk.exe
  C:\Windows\System\jkpripk.exe
  2⤵
  PID:5464
- C:\Windows\System\VBdADXO.exe
  C:\Windows\System\VBdADXO.exe
  2⤵
  PID:5480
- C:\Windows\System\RRIwAHm.exe
  C:\Windows\System\RRIwAHm.exe
  2⤵
  PID:5496
- C:\Windows\System\TWFAXwr.exe
  C:\Windows\System\TWFAXwr.exe
  2⤵
  PID:5512
- C:\Windows\System\wmYItTC.exe
  C:\Windows\System\wmYItTC.exe
  2⤵
  PID:5528
- C:\Windows\System\LBlBecR.exe
  C:\Windows\System\LBlBecR.exe
  2⤵
  PID:5544
- C:\Windows\System\WjCnBMd.exe
  C:\Windows\System\WjCnBMd.exe
  2⤵
  PID:5560
- C:\Windows\System\BIUUqgQ.exe
  C:\Windows\System\BIUUqgQ.exe
  2⤵
  PID:5576
- C:\Windows\System\SXAorzw.exe
  C:\Windows\System\SXAorzw.exe
  2⤵
  PID:5592
- C:\Windows\System\zBnbcjZ.exe
  C:\Windows\System\zBnbcjZ.exe
  2⤵
  PID:5608
- C:\Windows\System\kvTVtMU.exe
  C:\Windows\System\kvTVtMU.exe
  2⤵
  PID:5624
- C:\Windows\System\YlpaGbu.exe
  C:\Windows\System\YlpaGbu.exe
  2⤵
  PID:5640
- C:\Windows\System\yjeVKgv.exe
  C:\Windows\System\yjeVKgv.exe
  2⤵
  PID:5656
- C:\Windows\System\xEouaai.exe
  C:\Windows\System\xEouaai.exe
  2⤵
  PID:5672
- C:\Windows\System\jcvtQhW.exe
  C:\Windows\System\jcvtQhW.exe
  2⤵
  PID:5688
- C:\Windows\System\OSUjhOc.exe
  C:\Windows\System\OSUjhOc.exe
  2⤵
  PID:5704
- C:\Windows\System\wOSFQml.exe
  C:\Windows\System\wOSFQml.exe
  2⤵
  PID:5720
- C:\Windows\System\QuiIwBd.exe
  C:\Windows\System\QuiIwBd.exe
  2⤵
  PID:5736
- C:\Windows\System\rCiCnar.exe
  C:\Windows\System\rCiCnar.exe
  2⤵
  PID:5752
- C:\Windows\System\ztuPDHt.exe
  C:\Windows\System\ztuPDHt.exe
  2⤵
  PID:5768
- C:\Windows\System\yIDnORm.exe
  C:\Windows\System\yIDnORm.exe
  2⤵
  PID:5784
- C:\Windows\System\qrmHSKf.exe
  C:\Windows\System\qrmHSKf.exe
  2⤵
  PID:5800
- C:\Windows\System\wdFksKY.exe
  C:\Windows\System\wdFksKY.exe
  2⤵
  PID:5816
- C:\Windows\System\YoNVRvd.exe
  C:\Windows\System\YoNVRvd.exe
  2⤵
  PID:5832
- C:\Windows\System\dxSDLEV.exe
  C:\Windows\System\dxSDLEV.exe
  2⤵
  PID:5848
- C:\Windows\System\GYbLpAs.exe
  C:\Windows\System\GYbLpAs.exe
  2⤵
  PID:5864
- C:\Windows\System\EBefSuH.exe
  C:\Windows\System\EBefSuH.exe
  2⤵
  PID:5880
- C:\Windows\System\trfJBrT.exe
  C:\Windows\System\trfJBrT.exe
  2⤵
  PID:5896
- C:\Windows\System\QZYfdvJ.exe
  C:\Windows\System\QZYfdvJ.exe
  2⤵
  PID:5916
- C:\Windows\System\MbGgopE.exe
  C:\Windows\System\MbGgopE.exe
  2⤵
  PID:5932
- C:\Windows\System\tTWCNEE.exe
  C:\Windows\System\tTWCNEE.exe
  2⤵
  PID:5948
- C:\Windows\System\DpfAlRI.exe
  C:\Windows\System\DpfAlRI.exe
  2⤵
  PID:5964
- C:\Windows\System\vltCvFO.exe
  C:\Windows\System\vltCvFO.exe
  2⤵
  PID:5980
- C:\Windows\System\VMgaaiG.exe
  C:\Windows\System\VMgaaiG.exe
  2⤵
  PID:5996
- C:\Windows\System\hfIfkGO.exe
  C:\Windows\System\hfIfkGO.exe
  2⤵
  PID:6012
- C:\Windows\System\hdpthOi.exe
  C:\Windows\System\hdpthOi.exe
  2⤵
  PID:6028
- C:\Windows\System\sbYtmzB.exe
  C:\Windows\System\sbYtmzB.exe
  2⤵
  PID:6044
- C:\Windows\System\zRkzUNt.exe
  C:\Windows\System\zRkzUNt.exe
  2⤵
  PID:6060
- C:\Windows\System\EnDoeko.exe
  C:\Windows\System\EnDoeko.exe
  2⤵
  PID:6076
- C:\Windows\System\FwbKHHC.exe
  C:\Windows\System\FwbKHHC.exe
  2⤵
  PID:6092
- C:\Windows\System\CMXfMVJ.exe
  C:\Windows\System\CMXfMVJ.exe
  2⤵
  PID:6108
- C:\Windows\System\OAIUTlF.exe
  C:\Windows\System\OAIUTlF.exe
  2⤵
  PID:6124
- C:\Windows\System\nUVtfVE.exe
  C:\Windows\System\nUVtfVE.exe
  2⤵
  PID:6140
- C:\Windows\System\gGMiMzv.exe
  C:\Windows\System\gGMiMzv.exe
  2⤵
  PID:5156
- C:\Windows\System\jNjmhOB.exe
  C:\Windows\System\jNjmhOB.exe
  2⤵
  PID:4552
- C:\Windows\System\GTDYIom.exe
  C:\Windows\System\GTDYIom.exe
  2⤵
  PID:4740
- C:\Windows\System\kNutwak.exe
  C:\Windows\System\kNutwak.exe
  2⤵
  PID:4952
- C:\Windows\System\xLtBDwx.exe
  C:\Windows\System\xLtBDwx.exe
  2⤵
  PID:5136
- C:\Windows\System\oaFzYfG.exe
  C:\Windows\System\oaFzYfG.exe
  2⤵
  PID:5248
- C:\Windows\System\vdijhIW.exe
  C:\Windows\System\vdijhIW.exe
  2⤵
  PID:5280
- C:\Windows\System\AQhpyuk.exe
  C:\Windows\System\AQhpyuk.exe
  2⤵
  PID:5236
- C:\Windows\System\YlCMLwQ.exe
  C:\Windows\System\YlCMLwQ.exe
  2⤵
  PID:5268
- C:\Windows\System\xWaOxLt.exe
  C:\Windows\System\xWaOxLt.exe
  2⤵
  PID:5300
- C:\Windows\System\KecJmMi.exe
  C:\Windows\System\KecJmMi.exe
  2⤵
  PID:5380
- C:\Windows\System\PKrYlgQ.exe
  C:\Windows\System\PKrYlgQ.exe
  2⤵
  PID:5440
- C:\Windows\System\VFrokbD.exe
  C:\Windows\System\VFrokbD.exe
  2⤵
  PID:5424
- C:\Windows\System\HMpFDCu.exe
  C:\Windows\System\HMpFDCu.exe
  2⤵
  PID:5428
- C:\Windows\System\PbGKxbu.exe
  C:\Windows\System\PbGKxbu.exe
  2⤵
  PID:5568
- C:\Windows\System\dkhOYaA.exe
  C:\Windows\System\dkhOYaA.exe
  2⤵
  PID:5604
- C:\Windows\System\xPzixEQ.exe
  C:\Windows\System\xPzixEQ.exe
  2⤵
  PID:5492
- C:\Windows\System\qdAHpgq.exe
  C:\Windows\System\qdAHpgq.exe
  2⤵
  PID:5668
- C:\Windows\System\NDgzExu.exe
  C:\Windows\System\NDgzExu.exe
  2⤵
  PID:5556
- C:\Windows\System\tldpUwj.exe
  C:\Windows\System\tldpUwj.exe
  2⤵
  PID:5588
- C:\Windows\System\FXjrwFg.exe
  C:\Windows\System\FXjrwFg.exe
  2⤵
  PID:5652
- C:\Windows\System\yDlechp.exe
  C:\Windows\System\yDlechp.exe
  2⤵
  PID:5728
- C:\Windows\System\PvEroVq.exe
  C:\Windows\System\PvEroVq.exe
  2⤵
  PID:5764
- C:\Windows\System\ZacmQcV.exe
  C:\Windows\System\ZacmQcV.exe
  2⤵
  PID:5828
- C:\Windows\System\azrXQCr.exe
  C:\Windows\System\azrXQCr.exe
  2⤵
  PID:5780
- C:\Windows\System\vwKCwlC.exe
  C:\Windows\System\vwKCwlC.exe
  2⤵
  PID:5844
- C:\Windows\System\mqUXFqG.exe
  C:\Windows\System\mqUXFqG.exe
  2⤵
  PID:5924
- C:\Windows\System\dCpjmUv.exe
  C:\Windows\System\dCpjmUv.exe
  2⤵
  PID:6020
- C:\Windows\System\EKadTmW.exe
  C:\Windows\System\EKadTmW.exe
  2⤵
  PID:5940
- C:\Windows\System\kkFCkGH.exe
  C:\Windows\System\kkFCkGH.exe
  2⤵
  PID:5908
- C:\Windows\System\gFgQCoY.exe
  C:\Windows\System\gFgQCoY.exe
  2⤵
  PID:6008
- C:\Windows\System\XPeYetH.exe
  C:\Windows\System\XPeYetH.exe
  2⤵
  PID:6036
- C:\Windows\System\dDuJrqy.exe
  C:\Windows\System\dDuJrqy.exe
  2⤵
  PID:6084
- C:\Windows\System\HegJENv.exe
  C:\Windows\System\HegJENv.exe
  2⤵
  PID:5124
- C:\Windows\System\FyWqWxS.exe
  C:\Windows\System\FyWqWxS.exe
  2⤵
  PID:5064
- C:\Windows\System\QJekVtw.exe
  C:\Windows\System\QJekVtw.exe
  2⤵
  PID:5316
- C:\Windows\System\PjNFiLV.exe
  C:\Windows\System\PjNFiLV.exe
  2⤵
  PID:6104
- C:\Windows\System\SlOUqJv.exe
  C:\Windows\System\SlOUqJv.exe
  2⤵
  PID:5216
- C:\Windows\System\AmFovmy.exe
  C:\Windows\System\AmFovmy.exe
  2⤵
  PID:5168
- C:\Windows\System\HRHfgMg.exe
  C:\Windows\System\HRHfgMg.exe
  2⤵
  PID:5376
- C:\Windows\System\zPSKSwY.exe
  C:\Windows\System\zPSKSwY.exe
  2⤵
  PID:5536
- C:\Windows\System\tAJcmob.exe
  C:\Windows\System\tAJcmob.exe
  2⤵
  PID:5524
- C:\Windows\System\bwtBIeA.exe
  C:\Windows\System\bwtBIeA.exe
  2⤵
  PID:5632
- C:\Windows\System\HvRAmQQ.exe
  C:\Windows\System\HvRAmQQ.exe
  2⤵
  PID:5600
- C:\Windows\System\boZdyeN.exe
  C:\Windows\System\boZdyeN.exe
  2⤵
  PID:5364
- C:\Windows\System\xFmdBci.exe
  C:\Windows\System\xFmdBci.exe
  2⤵
  PID:5892
- C:\Windows\System\MteNtEi.exe
  C:\Windows\System\MteNtEi.exe
  2⤵
  PID:5664
- C:\Windows\System\BkMhRYB.exe
  C:\Windows\System\BkMhRYB.exe
  2⤵
  PID:5744
- C:\Windows\System\kKYdEGz.exe
  C:\Windows\System\kKYdEGz.exe
  2⤵
  PID:5824
- C:\Windows\System\CyRMmIx.exe
  C:\Windows\System\CyRMmIx.exe
  2⤵
  PID:5840
- C:\Windows\System\XEvQalz.exe
  C:\Windows\System\XEvQalz.exe
  2⤵
  PID:5200
- C:\Windows\System\PIrxlvR.exe
  C:\Windows\System\PIrxlvR.exe
  2⤵
  PID:6100
- C:\Windows\System\pxzlDww.exe
  C:\Windows\System\pxzlDww.exe
  2⤵
  PID:5220
- C:\Windows\System\BizDSZq.exe
  C:\Windows\System\BizDSZq.exe
  2⤵
  PID:5204
- C:\Windows\System\pQkSGZE.exe
  C:\Windows\System\pQkSGZE.exe
  2⤵
  PID:5620
- C:\Windows\System\MeFnAic.exe
  C:\Windows\System\MeFnAic.exe
  2⤵
  PID:5460
- C:\Windows\System\QhGoHUa.exe
  C:\Windows\System\QhGoHUa.exe
  2⤵
  PID:5648
- C:\Windows\System\cAdjTpB.exe
  C:\Windows\System\cAdjTpB.exe
  2⤵
  PID:5716
- C:\Windows\System\QMFMHKM.exe
  C:\Windows\System\QMFMHKM.exe
  2⤵
  PID:5988
- C:\Windows\System\uvXOKyX.exe
  C:\Windows\System\uvXOKyX.exe
  2⤵
  PID:5976
- C:\Windows\System\HxXWHVz.exe
  C:\Windows\System\HxXWHVz.exe
  2⤵
  PID:6052
- C:\Windows\System\GcTmHFQ.exe
  C:\Windows\System\GcTmHFQ.exe
  2⤵
  PID:5188
- C:\Windows\System\IIvBnCU.exe
  C:\Windows\System\IIvBnCU.exe
  2⤵
  PID:5488
- C:\Windows\System\AwMNTvI.exe
  C:\Windows\System\AwMNTvI.exe
  2⤵
  PID:5888
- C:\Windows\System\jsnWngt.exe
  C:\Windows\System\jsnWngt.exe
  2⤵
  PID:5472
- C:\Windows\System\SRxIzZi.exe
  C:\Windows\System\SRxIzZi.exe
  2⤵
  PID:6156
- C:\Windows\System\IAxdjRK.exe
  C:\Windows\System\IAxdjRK.exe
  2⤵
  PID:6172
- C:\Windows\System\hdAfXqu.exe
  C:\Windows\System\hdAfXqu.exe
  2⤵
  PID:6188
- C:\Windows\System\zkmXOLL.exe
  C:\Windows\System\zkmXOLL.exe
  2⤵
  PID:6204
- C:\Windows\System\JrHAXBj.exe
  C:\Windows\System\JrHAXBj.exe
  2⤵
  PID:6220
- C:\Windows\System\lyxavPd.exe
  C:\Windows\System\lyxavPd.exe
  2⤵
  PID:6236
- C:\Windows\System\whwUfHs.exe
  C:\Windows\System\whwUfHs.exe
  2⤵
  PID:6252
- C:\Windows\System\pSpDTYL.exe
  C:\Windows\System\pSpDTYL.exe
  2⤵
  PID:6268
- C:\Windows\System\wxYXNqy.exe
  C:\Windows\System\wxYXNqy.exe
  2⤵
  PID:6284
- C:\Windows\System\GxtpcrW.exe
  C:\Windows\System\GxtpcrW.exe
  2⤵
  PID:6300
- C:\Windows\System\JFEWekO.exe
  C:\Windows\System\JFEWekO.exe
  2⤵
  PID:6316
- C:\Windows\System\obpOmKH.exe
  C:\Windows\System\obpOmKH.exe
  2⤵
  PID:6332
- C:\Windows\System\lsJrdfE.exe
  C:\Windows\System\lsJrdfE.exe
  2⤵
  PID:6348
- C:\Windows\System\azIwuLQ.exe
  C:\Windows\System\azIwuLQ.exe
  2⤵
  PID:6364
- C:\Windows\System\rDCZhxj.exe
  C:\Windows\System\rDCZhxj.exe
  2⤵
  PID:6380
- C:\Windows\System\mDhcjlH.exe
  C:\Windows\System\mDhcjlH.exe
  2⤵
  PID:6396
- C:\Windows\System\HXxiNbj.exe
  C:\Windows\System\HXxiNbj.exe
  2⤵
  PID:6412
- C:\Windows\System\JHNHVrG.exe
  C:\Windows\System\JHNHVrG.exe
  2⤵
  PID:6428
- C:\Windows\System\nhloILk.exe
  C:\Windows\System\nhloILk.exe
  2⤵
  PID:6444
- C:\Windows\System\lyuQChV.exe
  C:\Windows\System\lyuQChV.exe
  2⤵
  PID:6460
- C:\Windows\System\UKOasct.exe
  C:\Windows\System\UKOasct.exe
  2⤵
  PID:6476
- C:\Windows\System\lHsdXHH.exe
  C:\Windows\System\lHsdXHH.exe
  2⤵
  PID:6492
- C:\Windows\System\MXnukjG.exe
  C:\Windows\System\MXnukjG.exe
  2⤵
  PID:6508
- C:\Windows\System\mzqFvvL.exe
  C:\Windows\System\mzqFvvL.exe
  2⤵
  PID:6524
- C:\Windows\System\QzmzCTm.exe
  C:\Windows\System\QzmzCTm.exe
  2⤵
  PID:6540
- C:\Windows\System\vnSmtFn.exe
  C:\Windows\System\vnSmtFn.exe
  2⤵
  PID:6556
- C:\Windows\System\ZPxTyxw.exe
  C:\Windows\System\ZPxTyxw.exe
  2⤵
  PID:6576
- C:\Windows\System\exAokjZ.exe
  C:\Windows\System\exAokjZ.exe
  2⤵
  PID:6592
- C:\Windows\System\CtpJFPC.exe
  C:\Windows\System\CtpJFPC.exe
  2⤵
  PID:6608
- C:\Windows\System\CkuEbVH.exe
  C:\Windows\System\CkuEbVH.exe
  2⤵
  PID:6624
- C:\Windows\System\JTFgQxk.exe
  C:\Windows\System\JTFgQxk.exe
  2⤵
  PID:6640
- C:\Windows\System\WipgJBr.exe
  C:\Windows\System\WipgJBr.exe
  2⤵
  PID:6656
- C:\Windows\System\InrwuaW.exe
  C:\Windows\System\InrwuaW.exe
  2⤵
  PID:6672
- C:\Windows\System\ZnkMbLn.exe
  C:\Windows\System\ZnkMbLn.exe
  2⤵
  PID:6688
- C:\Windows\System\ecLihVm.exe
  C:\Windows\System\ecLihVm.exe
  2⤵
  PID:6704
- C:\Windows\System\vnZHTLo.exe
  C:\Windows\System\vnZHTLo.exe
  2⤵
  PID:6720
- C:\Windows\System\iwSsJub.exe
  C:\Windows\System\iwSsJub.exe
  2⤵
  PID:6736
- C:\Windows\System\sTZcxwi.exe
  C:\Windows\System\sTZcxwi.exe
  2⤵
  PID:6752
- C:\Windows\System\KYoRhUn.exe
  C:\Windows\System\KYoRhUn.exe
  2⤵
  PID:6768
- C:\Windows\System\ATnRHlj.exe
  C:\Windows\System\ATnRHlj.exe
  2⤵
  PID:6784
- C:\Windows\System\pvpgvAc.exe
  C:\Windows\System\pvpgvAc.exe
  2⤵
  PID:6800
- C:\Windows\System\DJDVXpX.exe
  C:\Windows\System\DJDVXpX.exe
  2⤵
  PID:6816
- C:\Windows\System\rfOovbH.exe
  C:\Windows\System\rfOovbH.exe
  2⤵
  PID:6832
- C:\Windows\System\RdITUPD.exe
  C:\Windows\System\RdITUPD.exe
  2⤵
  PID:6848
- C:\Windows\System\UgRzFnR.exe
  C:\Windows\System\UgRzFnR.exe
  2⤵
  PID:6864
- C:\Windows\System\XofeQIc.exe
  C:\Windows\System\XofeQIc.exe
  2⤵
  PID:6880
- C:\Windows\System\UPRhpFd.exe
  C:\Windows\System\UPRhpFd.exe
  2⤵
  PID:6896
- C:\Windows\System\kLOaVtz.exe
  C:\Windows\System\kLOaVtz.exe
  2⤵
  PID:6912
- C:\Windows\System\RkQlGVt.exe
  C:\Windows\System\RkQlGVt.exe
  2⤵
  PID:6928
- C:\Windows\System\IMUlBoA.exe
  C:\Windows\System\IMUlBoA.exe
  2⤵
  PID:6944
- C:\Windows\System\GwvoibW.exe
  C:\Windows\System\GwvoibW.exe
  2⤵
  PID:6960
- C:\Windows\System\rYKDbNG.exe
  C:\Windows\System\rYKDbNG.exe
  2⤵
  PID:6976
- C:\Windows\System\SjFdmOk.exe
  C:\Windows\System\SjFdmOk.exe
  2⤵
  PID:6992
- C:\Windows\System\tZhWMBP.exe
  C:\Windows\System\tZhWMBP.exe
  2⤵
  PID:7008
- C:\Windows\System\KZilZow.exe
  C:\Windows\System\KZilZow.exe
  2⤵
  PID:7024
- C:\Windows\System\JAYlsdS.exe
  C:\Windows\System\JAYlsdS.exe
  2⤵
  PID:7040
- C:\Windows\System\UKUcunx.exe
  C:\Windows\System\UKUcunx.exe
  2⤵
  PID:7056
- C:\Windows\System\UXBmvRV.exe
  C:\Windows\System\UXBmvRV.exe
  2⤵
  PID:7072
- C:\Windows\System\QJQDGsi.exe
  C:\Windows\System\QJQDGsi.exe
  2⤵
  PID:7088
- C:\Windows\System\MKawsUR.exe
  C:\Windows\System\MKawsUR.exe
  2⤵
  PID:7104
- C:\Windows\System\oZcdHHp.exe
  C:\Windows\System\oZcdHHp.exe
  2⤵
  PID:7120
- C:\Windows\System\GNNFhjq.exe
  C:\Windows\System\GNNFhjq.exe
  2⤵
  PID:7136
- C:\Windows\System\HADKPnu.exe
  C:\Windows\System\HADKPnu.exe
  2⤵
  PID:7152
- C:\Windows\System\GNyqFZf.exe
  C:\Windows\System\GNyqFZf.exe
  2⤵
  PID:5912
- C:\Windows\System\RbVwwgk.exe
  C:\Windows\System\RbVwwgk.exe
  2⤵
  PID:6116
- C:\Windows\System\ktffWTF.exe
  C:\Windows\System\ktffWTF.exe
  2⤵
  PID:6232
- C:\Windows\System\HncRYeM.exe
  C:\Windows\System\HncRYeM.exe
  2⤵
  PID:5856
- C:\Windows\System\QEOmdDK.exe
  C:\Windows\System\QEOmdDK.exe
  2⤵
  PID:6152
- C:\Windows\System\dBZTVNl.exe
  C:\Windows\System\dBZTVNl.exe
  2⤵
  PID:6216
- C:\Windows\System\MZmftzn.exe
  C:\Windows\System\MZmftzn.exe
  2⤵
  PID:6296
- C:\Windows\System\WmjoNKa.exe
  C:\Windows\System\WmjoNKa.exe
  2⤵
  PID:6244
- C:\Windows\System\GpRtJZK.exe
  C:\Windows\System\GpRtJZK.exe
  2⤵
  PID:6392
- C:\Windows\System\oSenUVC.exe
  C:\Windows\System\oSenUVC.exe
  2⤵
  PID:6280
- C:\Windows\System\ZARIIcj.exe
  C:\Windows\System\ZARIIcj.exe
  2⤵
  PID:6344
- C:\Windows\System\PyPPyEv.exe
  C:\Windows\System\PyPPyEv.exe
  2⤵
  PID:6424
- C:\Windows\System\puCqdeD.exe
  C:\Windows\System\puCqdeD.exe
  2⤵
  PID:6488
- C:\Windows\System\pfcaOrk.exe
  C:\Windows\System\pfcaOrk.exe
  2⤵
  PID:6552
- C:\Windows\System\pBTgyLC.exe
  C:\Windows\System\pBTgyLC.exe
  2⤵
  PID:6472
- C:\Windows\System\bmcNorg.exe
  C:\Windows\System\bmcNorg.exe
  2⤵
  PID:6532
- C:\Windows\System\sxUGAiZ.exe
  C:\Windows\System\sxUGAiZ.exe
  2⤵
  PID:6616
- C:\Windows\System\xmBJkuR.exe
  C:\Windows\System\xmBJkuR.exe
  2⤵
  PID:6604
- C:\Windows\System\gntJOLs.exe
  C:\Windows\System\gntJOLs.exe
  2⤵
  PID:6652
- C:\Windows\System\fkraXaN.exe
  C:\Windows\System\fkraXaN.exe
  2⤵
  PID:6716
- C:\Windows\System\vCxTzsA.exe
  C:\Windows\System\vCxTzsA.exe
  2⤵
  PID:6728
- C:\Windows\System\oCOeEox.exe
  C:\Windows\System\oCOeEox.exe
  2⤵
  PID:6744
- C:\Windows\System\MOXyFsb.exe
  C:\Windows\System\MOXyFsb.exe
  2⤵
  PID:6780
- C:\Windows\System\xchaNtA.exe
  C:\Windows\System\xchaNtA.exe
  2⤵
  PID:6844
- C:\Windows\System\HYLqJZT.exe
  C:\Windows\System\HYLqJZT.exe
  2⤵
  PID:6764
- C:\Windows\System\ttjcbpJ.exe
  C:\Windows\System\ttjcbpJ.exe
  2⤵
  PID:6856
- C:\Windows\System\WEVWyLr.exe
  C:\Windows\System\WEVWyLr.exe
  2⤵
  PID:6904
- C:\Windows\System\OuHeJVl.exe
  C:\Windows\System\OuHeJVl.exe
  2⤵
  PID:6968
- C:\Windows\System\iwJsNOC.exe
  C:\Windows\System\iwJsNOC.exe
  2⤵
  PID:7032
- C:\Windows\System\uliSXSg.exe
  C:\Windows\System\uliSXSg.exe
  2⤵
  PID:7096
- C:\Windows\System\kAiLGON.exe
  C:\Windows\System\kAiLGON.exe
  2⤵
  PID:7160
- C:\Windows\System\pfHGaWO.exe
  C:\Windows\System\pfHGaWO.exe
  2⤵
  PID:6956
- C:\Windows\System\cAWVnsL.exe
  C:\Windows\System\cAWVnsL.exe
  2⤵
  PID:7020
- C:\Windows\System\OSUTpHe.exe
  C:\Windows\System\OSUTpHe.exe
  2⤵
  PID:7112
- C:\Windows\System\jwZeQKW.exe
  C:\Windows\System\jwZeQKW.exe
  2⤵
  PID:7164
- C:\Windows\System\MaOrMho.exe
  C:\Windows\System\MaOrMho.exe
  2⤵
  PID:6264
- C:\Windows\System\SzlrZRs.exe
  C:\Windows\System\SzlrZRs.exe
  2⤵
  PID:6388
- C:\Windows\System\RQmVEVE.exe
  C:\Windows\System\RQmVEVE.exe
  2⤵
  PID:6484
- C:\Windows\System\NTGTyiH.exe
  C:\Windows\System\NTGTyiH.exe
  2⤵
  PID:5872
- C:\Windows\System\YXcHjto.exe
  C:\Windows\System\YXcHjto.exe
  2⤵
  PID:6184
- C:\Windows\System\KliPWqp.exe
  C:\Windows\System\KliPWqp.exe
  2⤵
  PID:6404
- C:\Windows\System\FTzfcHs.exe
  C:\Windows\System\FTzfcHs.exe
  2⤵
  PID:6376
- C:\Windows\System\NSmBrxX.exe
  C:\Windows\System\NSmBrxX.exe
  2⤵
  PID:6584
- C:\Windows\System\kiiqqdO.exe
  C:\Windows\System\kiiqqdO.exe
  2⤵
  PID:6748
- C:\Windows\System\uGHBXuv.exe
  C:\Windows\System\uGHBXuv.exe
  2⤵
  PID:6568
- C:\Windows\System\uAULhHS.exe
  C:\Windows\System\uAULhHS.exe
  2⤵
  PID:6876
- C:\Windows\System\btdSFER.exe
  C:\Windows\System\btdSFER.exe
  2⤵
  PID:7004
- C:\Windows\System\CWDZJYX.exe
  C:\Windows\System\CWDZJYX.exe
  2⤵
  PID:7128
- C:\Windows\System\QuihyYL.exe
  C:\Windows\System\QuihyYL.exe
  2⤵
  PID:7016
- C:\Windows\System\VtwpYyw.exe
  C:\Windows\System\VtwpYyw.exe
  2⤵
  PID:2876
- C:\Windows\System\QoBXBle.exe
  C:\Windows\System\QoBXBle.exe
  2⤵
  PID:6468
- C:\Windows\System\VWzCbSf.exe
  C:\Windows\System\VWzCbSf.exe
  2⤵
  PID:6828
- C:\Windows\System\jclKfli.exe
  C:\Windows\System\jclKfli.exe
  2⤵
  PID:6924
- C:\Windows\System\yxDRaCE.exe
  C:\Windows\System\yxDRaCE.exe
  2⤵
  PID:6196
- C:\Windows\System\rBgROdh.exe
  C:\Windows\System\rBgROdh.exe
  2⤵
  PID:6456
- C:\Windows\System\XAeoKRd.exe
  C:\Windows\System\XAeoKRd.exe
  2⤵
  PID:6548
- C:\Windows\System\yIjCPjB.exe
  C:\Windows\System\yIjCPjB.exe
  2⤵
  PID:6988
- C:\Windows\System\hTMMMeY.exe
  C:\Windows\System\hTMMMeY.exe
  2⤵
  PID:6696
- C:\Windows\System\HKBAMiP.exe
  C:\Windows\System\HKBAMiP.exe
  2⤵
  PID:6840
- C:\Windows\System\LBnHArl.exe
  C:\Windows\System\LBnHArl.exe
  2⤵
  PID:7148
- C:\Windows\System\HrdqiSl.exe
  C:\Windows\System\HrdqiSl.exe
  2⤵
  PID:6340
- C:\Windows\System\pKDSTjj.exe
  C:\Windows\System\pKDSTjj.exe
  2⤵
  PID:6668
- C:\Windows\System\ARYgiQY.exe
  C:\Windows\System\ARYgiQY.exe
  2⤵
  PID:7176
- C:\Windows\System\UYhkDdF.exe
  C:\Windows\System\UYhkDdF.exe
  2⤵
  PID:7192
- C:\Windows\System\LrQpinN.exe
  C:\Windows\System\LrQpinN.exe
  2⤵
  PID:7208
- C:\Windows\System\pnbEDvM.exe
  C:\Windows\System\pnbEDvM.exe
  2⤵
  PID:7224
- C:\Windows\System\cjgOBYc.exe
  C:\Windows\System\cjgOBYc.exe
  2⤵
  PID:7240
- C:\Windows\System\qgteAby.exe
  C:\Windows\System\qgteAby.exe
  2⤵
  PID:7256
- C:\Windows\System\cRSHGmr.exe
  C:\Windows\System\cRSHGmr.exe
  2⤵
  PID:7272
- C:\Windows\System\XCPXBLO.exe
  C:\Windows\System\XCPXBLO.exe
  2⤵
  PID:7288
- C:\Windows\System\gqgYwrd.exe
  C:\Windows\System\gqgYwrd.exe
  2⤵
  PID:7304
- C:\Windows\System\bDZewbK.exe
  C:\Windows\System\bDZewbK.exe
  2⤵
  PID:7320
- C:\Windows\System\EGDPeuB.exe
  C:\Windows\System\EGDPeuB.exe
  2⤵
  PID:7336
- C:\Windows\System\sJbiGli.exe
  C:\Windows\System\sJbiGli.exe
  2⤵
  PID:7352
- C:\Windows\System\TjVfQgi.exe
  C:\Windows\System\TjVfQgi.exe
  2⤵
  PID:7368
- C:\Windows\System\OanPBJv.exe
  C:\Windows\System\OanPBJv.exe
  2⤵
  PID:7384
- C:\Windows\System\pNHLEwe.exe
  C:\Windows\System\pNHLEwe.exe
  2⤵
  PID:7400
- C:\Windows\System\QjLywES.exe
  C:\Windows\System\QjLywES.exe
  2⤵
  PID:7416
- C:\Windows\System\RdtgwrD.exe
  C:\Windows\System\RdtgwrD.exe
  2⤵
  PID:7432
- C:\Windows\System\btNmaXX.exe
  C:\Windows\System\btNmaXX.exe
  2⤵
  PID:7448
- C:\Windows\System\bxhqzQW.exe
  C:\Windows\System\bxhqzQW.exe
  2⤵
  PID:7464
- C:\Windows\System\LsiCehV.exe
  C:\Windows\System\LsiCehV.exe
  2⤵
  PID:7480
- C:\Windows\System\xDaXYlP.exe
  C:\Windows\System\xDaXYlP.exe
  2⤵
  PID:7496
- C:\Windows\System\OljkNyt.exe
  C:\Windows\System\OljkNyt.exe
  2⤵
  PID:7512
- C:\Windows\System\ZpUCaQA.exe
  C:\Windows\System\ZpUCaQA.exe
  2⤵
  PID:7528
- C:\Windows\System\bZdoMvI.exe
  C:\Windows\System\bZdoMvI.exe
  2⤵
  PID:7544
- C:\Windows\System\oaymSqH.exe
  C:\Windows\System\oaymSqH.exe
  2⤵
  PID:7560
- C:\Windows\System\gxgwTww.exe
  C:\Windows\System\gxgwTww.exe
  2⤵
  PID:7576
- C:\Windows\System\QsleJzW.exe
  C:\Windows\System\QsleJzW.exe
  2⤵
  PID:7592
- C:\Windows\System\ixCQmoE.exe
  C:\Windows\System\ixCQmoE.exe
  2⤵
  PID:7608
- C:\Windows\System\QpjMnzw.exe
  C:\Windows\System\QpjMnzw.exe
  2⤵
  PID:7624
- C:\Windows\System\TXHbWiy.exe
  C:\Windows\System\TXHbWiy.exe
  2⤵
  PID:7640
- C:\Windows\System\lnuNrGp.exe
  C:\Windows\System\lnuNrGp.exe
  2⤵
  PID:7656
- C:\Windows\System\AmdzRDK.exe
  C:\Windows\System\AmdzRDK.exe
  2⤵
  PID:7672
- C:\Windows\System\HzICMDT.exe
  C:\Windows\System\HzICMDT.exe
  2⤵
  PID:7688
- C:\Windows\System\ALtsVlK.exe
  C:\Windows\System\ALtsVlK.exe
  2⤵
  PID:7708
- C:\Windows\System\ScwuXga.exe
  C:\Windows\System\ScwuXga.exe
  2⤵
  PID:7724
- C:\Windows\System\AbCUQkI.exe
  C:\Windows\System\AbCUQkI.exe
  2⤵
  PID:7740
- C:\Windows\System\YVXqqgH.exe
  C:\Windows\System\YVXqqgH.exe
  2⤵
  PID:7756
- C:\Windows\System\XlSoxWF.exe
  C:\Windows\System\XlSoxWF.exe
  2⤵
  PID:7772
- C:\Windows\System\OcUgnsV.exe
  C:\Windows\System\OcUgnsV.exe
  2⤵
  PID:7788
- C:\Windows\System\bQmzkqb.exe
  C:\Windows\System\bQmzkqb.exe
  2⤵
  PID:7804
- C:\Windows\System\PehNVQa.exe
  C:\Windows\System\PehNVQa.exe
  2⤵
  PID:7820
- C:\Windows\System\IDVrmFf.exe
  C:\Windows\System\IDVrmFf.exe
  2⤵
  PID:7836
- C:\Windows\System\AdjMwTo.exe
  C:\Windows\System\AdjMwTo.exe
  2⤵
  PID:7852
- C:\Windows\System\RdeSXOA.exe
  C:\Windows\System\RdeSXOA.exe
  2⤵
  PID:7868
- C:\Windows\System\OPEHTAc.exe
  C:\Windows\System\OPEHTAc.exe
  2⤵
  PID:7884
- C:\Windows\System\VCDoIwY.exe
  C:\Windows\System\VCDoIwY.exe
  2⤵
  PID:7900
- C:\Windows\System\qzaUOQE.exe
  C:\Windows\System\qzaUOQE.exe
  2⤵
  PID:7916
- C:\Windows\System\SozPhWI.exe
  C:\Windows\System\SozPhWI.exe
  2⤵
  PID:7932
- C:\Windows\System\XQhahIu.exe
  C:\Windows\System\XQhahIu.exe
  2⤵
  PID:7948
- C:\Windows\System\OZLXfpv.exe
  C:\Windows\System\OZLXfpv.exe
  2⤵
  PID:7964
- C:\Windows\System\JPYDIwW.exe
  C:\Windows\System\JPYDIwW.exe
  2⤵
  PID:7980
- C:\Windows\System\KgyQpDa.exe
  C:\Windows\System\KgyQpDa.exe
  2⤵
  PID:7996
- C:\Windows\System\mpRGxpG.exe
  C:\Windows\System\mpRGxpG.exe
  2⤵
  PID:8012
- C:\Windows\System\ieGLuFr.exe
  C:\Windows\System\ieGLuFr.exe
  2⤵
  PID:8028
- C:\Windows\System\BzHnYyj.exe
  C:\Windows\System\BzHnYyj.exe
  2⤵
  PID:8044
- C:\Windows\System\EbkpTXh.exe
  C:\Windows\System\EbkpTXh.exe
  2⤵
  PID:8060
- C:\Windows\System\JOpyhFy.exe
  C:\Windows\System\JOpyhFy.exe
  2⤵
  PID:8076
- C:\Windows\System\CoeMAbk.exe
  C:\Windows\System\CoeMAbk.exe
  2⤵
  PID:8092
- C:\Windows\System\fbsqpKQ.exe
  C:\Windows\System\fbsqpKQ.exe
  2⤵
  PID:8108
- C:\Windows\System\vCSTBEn.exe
  C:\Windows\System\vCSTBEn.exe
  2⤵
  PID:8124
- C:\Windows\System\ZFlYilj.exe
  C:\Windows\System\ZFlYilj.exe
  2⤵
  PID:8140
- C:\Windows\System\qvTWMKT.exe
  C:\Windows\System\qvTWMKT.exe
  2⤵
  PID:8156
- C:\Windows\System\GEguRmv.exe
  C:\Windows\System\GEguRmv.exe
  2⤵
  PID:8172
- C:\Windows\System\ZzzwPWD.exe
  C:\Windows\System\ZzzwPWD.exe
  2⤵
  PID:8188
- C:\Windows\System\cCsCxim.exe
  C:\Windows\System\cCsCxim.exe
  2⤵
  PID:7204
- C:\Windows\System\gEjndCu.exe
  C:\Windows\System\gEjndCu.exe
  2⤵
  PID:7188
- C:\Windows\System\XYLzhUe.exe
  C:\Windows\System\XYLzhUe.exe
  2⤵
  PID:7052
- C:\Windows\System\CuaXYut.exe
  C:\Windows\System\CuaXYut.exe
  2⤵
  PID:6068
- C:\Windows\System\eAJPCWy.exe
  C:\Windows\System\eAJPCWy.exe
  2⤵
  PID:6504
- C:\Windows\System\JmIKnPH.exe
  C:\Windows\System\JmIKnPH.exe
  2⤵
  PID:7184
- C:\Windows\System\eeZYifC.exe
  C:\Windows\System\eeZYifC.exe
  2⤵
  PID:7300
- C:\Windows\System\sssPNrX.exe
  C:\Windows\System\sssPNrX.exe
  2⤵
  PID:7364
- C:\Windows\System\UhUPPra.exe
  C:\Windows\System\UhUPPra.exe
  2⤵
  PID:7380
- C:\Windows\System\LtvUvCb.exe
  C:\Windows\System\LtvUvCb.exe
  2⤵
  PID:7316
- C:\Windows\System\jWrAZUv.exe
  C:\Windows\System\jWrAZUv.exe
  2⤵
  PID:7412
- C:\Windows\System\VvZkScq.exe
  C:\Windows\System\VvZkScq.exe
  2⤵
  PID:7460
- C:\Windows\System\jGZnMie.exe
  C:\Windows\System\jGZnMie.exe
  2⤵
  PID:7492
- C:\Windows\System\GrxmOSI.exe
  C:\Windows\System\GrxmOSI.exe
  2⤵
  PID:7588
- C:\Windows\System\soPZzBu.exe
  C:\Windows\System\soPZzBu.exe
  2⤵
  PID:7652
- C:\Windows\System\tHRfrcp.exe
  C:\Windows\System\tHRfrcp.exe
  2⤵
  PID:7748
- C:\Windows\System\FbIHqEL.exe
  C:\Windows\System\FbIHqEL.exe
  2⤵
  PID:7812
- C:\Windows\System\UVOESJH.exe
  C:\Windows\System\UVOESJH.exe
  2⤵
  PID:7844
- C:\Windows\System\OnUaFpY.exe
  C:\Windows\System\OnUaFpY.exe
  2⤵
  PID:7504
- C:\Windows\System\GQwnSBe.exe
  C:\Windows\System\GQwnSBe.exe
  2⤵
  PID:7912
- C:\Windows\System\ksijKhg.exe
  C:\Windows\System\ksijKhg.exe
  2⤵
  PID:7976
- C:\Windows\System\jUIVpdV.exe
  C:\Windows\System\jUIVpdV.exe
  2⤵
  PID:8040
- C:\Windows\System\ppebJvu.exe
  C:\Windows\System\ppebJvu.exe
  2⤵
  PID:7476
- C:\Windows\System\RlkrGAU.exe
  C:\Windows\System\RlkrGAU.exe
  2⤵
  PID:7568
- C:\Windows\System\QpEiZMu.exe
  C:\Windows\System\QpEiZMu.exe
  2⤵
  PID:7632
- C:\Windows\System\nnGyJuq.exe
  C:\Windows\System\nnGyJuq.exe
  2⤵
  PID:7700
- C:\Windows\System\KGhalGp.exe
  C:\Windows\System\KGhalGp.exe
  2⤵
  PID:7764
- C:\Windows\System\QDPXcCT.exe
  C:\Windows\System\QDPXcCT.exe
  2⤵
  PID:7832
- C:\Windows\System\takaxub.exe
  C:\Windows\System\takaxub.exe
  2⤵
  PID:8132
- C:\Windows\System\hyIkqna.exe
  C:\Windows\System\hyIkqna.exe
  2⤵
  PID:7924
- C:\Windows\System\WeyYeNO.exe
  C:\Windows\System\WeyYeNO.exe
  2⤵
  PID:7988
- C:\Windows\System\hXhBtvn.exe
  C:\Windows\System\hXhBtvn.exe
  2⤵
  PID:8052
- C:\Windows\System\fLDPpsJ.exe
  C:\Windows\System\fLDPpsJ.exe
  2⤵
  PID:8164
- C:\Windows\System\hTzoFrQ.exe
  C:\Windows\System\hTzoFrQ.exe
  2⤵
  PID:7200
- C:\Windows\System\CholinR.exe
  C:\Windows\System\CholinR.exe
  2⤵
  PID:8120
- C:\Windows\System\HLqhZuH.exe
  C:\Windows\System\HLqhZuH.exe
  2⤵
  PID:7084
- C:\Windows\System\bTULpwJ.exe
  C:\Windows\System\bTULpwJ.exe
  2⤵
  PID:7348
- C:\Windows\System\XnjLFOW.exe
  C:\Windows\System\XnjLFOW.exe
  2⤵
  PID:8184
- C:\Windows\System\aVrePSd.exe
  C:\Windows\System\aVrePSd.exe
  2⤵
  PID:7236
- C:\Windows\System\jwpPUef.exe
  C:\Windows\System\jwpPUef.exe
  2⤵
  PID:6732
- C:\Windows\System\iqOyrqm.exe
  C:\Windows\System\iqOyrqm.exe
  2⤵
  PID:7312
- C:\Windows\System\bexcekj.exe
  C:\Windows\System\bexcekj.exe
  2⤵
  PID:7584
- C:\Windows\System\gIidpAd.exe
  C:\Windows\System\gIidpAd.exe
  2⤵
  PID:7784
- C:\Windows\System\nirjISY.exe
  C:\Windows\System\nirjISY.exe
  2⤵
  PID:7472
- C:\Windows\System\NRdaQhE.exe
  C:\Windows\System\NRdaQhE.exe
  2⤵
  PID:7880
- C:\Windows\System\fRFIRna.exe
  C:\Windows\System\fRFIRna.exe
  2⤵
  PID:7600
- C:\Windows\System\wMgFqXL.exe
  C:\Windows\System\wMgFqXL.exe
  2⤵
  PID:7864
- C:\Windows\System\RAJBLrU.exe
  C:\Windows\System\RAJBLrU.exe
  2⤵
  PID:8104
- C:\Windows\System\YpnsTFL.exe
  C:\Windows\System\YpnsTFL.exe
  2⤵
  PID:7800
- C:\Windows\System\dwgOcos.exe
  C:\Windows\System\dwgOcos.exe
  2⤵
  PID:8084
- C:\Windows\System\OSIUGLB.exe
  C:\Windows\System\OSIUGLB.exe
  2⤵
  PID:8168
- C:\Windows\System\DBNbdpR.exe
  C:\Windows\System\DBNbdpR.exe
  2⤵
  PID:7268
- C:\Windows\System\PtsCxWA.exe
  C:\Windows\System\PtsCxWA.exe
  2⤵
  PID:7376
- C:\Windows\System\isOcfxH.exe
  C:\Windows\System\isOcfxH.exe
  2⤵
  PID:7696
- C:\Windows\System\HTpoJKa.exe
  C:\Windows\System\HTpoJKa.exe
  2⤵
  PID:7780
- C:\Windows\System\JZdboHk.exe
  C:\Windows\System\JZdboHk.exe
  2⤵
  PID:7908
- C:\Windows\System\rSnbUpI.exe
  C:\Windows\System\rSnbUpI.exe
  2⤵
  PID:8116
- C:\Windows\System\TfCqDwF.exe
  C:\Windows\System\TfCqDwF.exe
  2⤵
  PID:7000
- C:\Windows\System\dUbFtAX.exe
  C:\Windows\System\dUbFtAX.exe
  2⤵
  PID:7284
- C:\Windows\System\yTtisXJ.exe
  C:\Windows\System\yTtisXJ.exe
  2⤵
  PID:8036
- C:\Windows\System\NVdaAKF.exe
  C:\Windows\System\NVdaAKF.exe
  2⤵
  PID:7540
- C:\Windows\System\erBhPVl.exe
  C:\Windows\System\erBhPVl.exe
  2⤵
  PID:6356
- C:\Windows\System\etKnEcK.exe
  C:\Windows\System\etKnEcK.exe
  2⤵
  PID:8024
- C:\Windows\System\gEGHFWs.exe
  C:\Windows\System\gEGHFWs.exe
  2⤵
  PID:7668
- C:\Windows\System\QOSvDvo.exe
  C:\Windows\System\QOSvDvo.exe
  2⤵
  PID:7440
- C:\Windows\System\HMsDjxt.exe
  C:\Windows\System\HMsDjxt.exe
  2⤵
  PID:7556
- C:\Windows\System\FXosHan.exe
  C:\Windows\System\FXosHan.exe
  2⤵
  PID:7796
- C:\Windows\System\DezNpWd.exe
  C:\Windows\System\DezNpWd.exe
  2⤵
  PID:7620
- C:\Windows\System\beqArjN.exe
  C:\Windows\System\beqArjN.exe
  2⤵
  PID:8200
- C:\Windows\System\RvkVYIv.exe
  C:\Windows\System\RvkVYIv.exe
  2⤵
  PID:8216
- C:\Windows\System\vKgXMyW.exe
  C:\Windows\System\vKgXMyW.exe
  2⤵
  PID:8232
- C:\Windows\System\zKRxeOz.exe
  C:\Windows\System\zKRxeOz.exe
  2⤵
  PID:8248
- C:\Windows\System\BrWeIrg.exe
  C:\Windows\System\BrWeIrg.exe
  2⤵
  PID:8264
- C:\Windows\System\VnRcrva.exe
  C:\Windows\System\VnRcrva.exe
  2⤵
  PID:8280
- C:\Windows\System\CjcvjxY.exe
  C:\Windows\System\CjcvjxY.exe
  2⤵
  PID:8296
- C:\Windows\System\byxNNUN.exe
  C:\Windows\System\byxNNUN.exe
  2⤵
  PID:8312
- C:\Windows\System\dWokatQ.exe
  C:\Windows\System\dWokatQ.exe
  2⤵
  PID:8328
- C:\Windows\System\STEkiHf.exe
  C:\Windows\System\STEkiHf.exe
  2⤵
  PID:8344
- C:\Windows\System\WzoUEHk.exe
  C:\Windows\System\WzoUEHk.exe
  2⤵
  PID:8360
- C:\Windows\System\NvnBbKS.exe
  C:\Windows\System\NvnBbKS.exe
  2⤵
  PID:8376
- C:\Windows\System\CbMZxgQ.exe
  C:\Windows\System\CbMZxgQ.exe
  2⤵
  PID:8392
- C:\Windows\System\hsaseJF.exe
  C:\Windows\System\hsaseJF.exe
  2⤵
  PID:8408
- C:\Windows\System\JscFyPQ.exe
  C:\Windows\System\JscFyPQ.exe
  2⤵
  PID:8424
- C:\Windows\System\pGsXtUK.exe
  C:\Windows\System\pGsXtUK.exe
  2⤵
  PID:8440
- C:\Windows\System\LoNUiXq.exe
  C:\Windows\System\LoNUiXq.exe
  2⤵
  PID:8456
- C:\Windows\System\gFrJsBY.exe
  C:\Windows\System\gFrJsBY.exe
  2⤵
  PID:8472
- C:\Windows\System\Ppwhkzi.exe
  C:\Windows\System\Ppwhkzi.exe
  2⤵
  PID:8488
- C:\Windows\System\NFTQzbm.exe
  C:\Windows\System\NFTQzbm.exe
  2⤵
  PID:8504
- C:\Windows\System\tabobut.exe
  C:\Windows\System\tabobut.exe
  2⤵
  PID:8520
- C:\Windows\System\gFXqkNp.exe
  C:\Windows\System\gFXqkNp.exe
  2⤵
  PID:8536
- C:\Windows\System\NeDkakP.exe
  C:\Windows\System\NeDkakP.exe
  2⤵
  PID:8552
- C:\Windows\System\XTxZRRd.exe
  C:\Windows\System\XTxZRRd.exe
  2⤵
  PID:8568
- C:\Windows\System\AEWarWI.exe
  C:\Windows\System\AEWarWI.exe
  2⤵
  PID:8584
- C:\Windows\System\ffvYowp.exe
  C:\Windows\System\ffvYowp.exe
  2⤵
  PID:8600
- C:\Windows\System\uhqbGbk.exe
  C:\Windows\System\uhqbGbk.exe
  2⤵
  PID:8616
- C:\Windows\System\NxoBAcZ.exe
  C:\Windows\System\NxoBAcZ.exe
  2⤵
  PID:8632
- C:\Windows\System\TaMAESa.exe
  C:\Windows\System\TaMAESa.exe
  2⤵
  PID:8648
- C:\Windows\System\JAcpVrr.exe
  C:\Windows\System\JAcpVrr.exe
  2⤵
  PID:8668
- C:\Windows\System\BVysXLo.exe
  C:\Windows\System\BVysXLo.exe
  2⤵
  PID:8684
- C:\Windows\System\nRYowjl.exe
  C:\Windows\System\nRYowjl.exe
  2⤵
  PID:8700
- C:\Windows\System\FlUNAhN.exe
  C:\Windows\System\FlUNAhN.exe
  2⤵
  PID:8716
- C:\Windows\System\POjWEPm.exe
  C:\Windows\System\POjWEPm.exe
  2⤵
  PID:8732
- C:\Windows\System\UySiiDu.exe
  C:\Windows\System\UySiiDu.exe
  2⤵
  PID:8748
- C:\Windows\System\iUXXBLN.exe
  C:\Windows\System\iUXXBLN.exe
  2⤵
  PID:8764
- C:\Windows\System\BYMDHMB.exe
  C:\Windows\System\BYMDHMB.exe
  2⤵
  PID:8780
- C:\Windows\System\NKICiQd.exe
  C:\Windows\System\NKICiQd.exe
  2⤵
  PID:8796
- C:\Windows\System\zgeAMGr.exe
  C:\Windows\System\zgeAMGr.exe
  2⤵
  PID:8812
- C:\Windows\System\FcyUFuf.exe
  C:\Windows\System\FcyUFuf.exe
  2⤵
  PID:8828
- C:\Windows\System\Xyemios.exe
  C:\Windows\System\Xyemios.exe
  2⤵
  PID:8844
- C:\Windows\System\WRKooSo.exe
  C:\Windows\System\WRKooSo.exe
  2⤵
  PID:8860
- C:\Windows\System\tBWWTtf.exe
  C:\Windows\System\tBWWTtf.exe
  2⤵
  PID:8876
- C:\Windows\System\WBvwsqa.exe
  C:\Windows\System\WBvwsqa.exe
  2⤵
  PID:8892
- C:\Windows\System\hlGlgtL.exe
  C:\Windows\System\hlGlgtL.exe
  2⤵
  PID:8908
- C:\Windows\System\zAsefBG.exe
  C:\Windows\System\zAsefBG.exe
  2⤵
  PID:8924
- C:\Windows\System\EwxRqro.exe
  C:\Windows\System\EwxRqro.exe
  2⤵
  PID:8940
- C:\Windows\System\pIqIvyW.exe
  C:\Windows\System\pIqIvyW.exe
  2⤵
  PID:8956
- C:\Windows\System\zGosPdj.exe
  C:\Windows\System\zGosPdj.exe
  2⤵
  PID:8972
- C:\Windows\System\UcEPUlO.exe
  C:\Windows\System\UcEPUlO.exe
  2⤵
  PID:8988
- C:\Windows\System\arrTvTW.exe
  C:\Windows\System\arrTvTW.exe
  2⤵
  PID:9004
- C:\Windows\System\ZrKurFh.exe
  C:\Windows\System\ZrKurFh.exe
  2⤵
  PID:9020
- C:\Windows\System\GIfotRY.exe
  C:\Windows\System\GIfotRY.exe
  2⤵
  PID:9036
- C:\Windows\System\YblYiPf.exe
  C:\Windows\System\YblYiPf.exe
  2⤵
  PID:9052
- C:\Windows\System\YLYnEKR.exe
  C:\Windows\System\YLYnEKR.exe
  2⤵
  PID:9068
- C:\Windows\System\FaWPKWn.exe
  C:\Windows\System\FaWPKWn.exe
  2⤵
  PID:9084
- C:\Windows\System\PEEQvJE.exe
  C:\Windows\System\PEEQvJE.exe
  2⤵
  PID:9100
- C:\Windows\System\bFxiBgP.exe
  C:\Windows\System\bFxiBgP.exe
  2⤵
  PID:9116
- C:\Windows\System\GSIoEkv.exe
  C:\Windows\System\GSIoEkv.exe
  2⤵
  PID:9132
- C:\Windows\System\lNhnnIH.exe
  C:\Windows\System\lNhnnIH.exe
  2⤵
  PID:9148
- C:\Windows\System\YcKbEIV.exe
  C:\Windows\System\YcKbEIV.exe
  2⤵
  PID:9164
- C:\Windows\System\MVpgtJl.exe
  C:\Windows\System\MVpgtJl.exe
  2⤵
  PID:9180
- C:\Windows\System\LUOEEzM.exe
  C:\Windows\System\LUOEEzM.exe
  2⤵
  PID:9200
- C:\Windows\System\tJtqgFd.exe
  C:\Windows\System\tJtqgFd.exe
  2⤵
  PID:8260
- C:\Windows\System\Kcejkmu.exe
  C:\Windows\System\Kcejkmu.exe
  2⤵
  PID:8368
- C:\Windows\System\CWyLQYI.exe
  C:\Windows\System\CWyLQYI.exe
  2⤵
  PID:8272
- C:\Windows\System\WXOrWUw.exe
  C:\Windows\System\WXOrWUw.exe
  2⤵
  PID:8340
- C:\Windows\System\uMdUjmk.exe
  C:\Windows\System\uMdUjmk.exe
  2⤵
  PID:8448
- C:\Windows\System\GWNEYzQ.exe
  C:\Windows\System\GWNEYzQ.exe
  2⤵
  PID:8516
- C:\Windows\System\mYKgnuT.exe
  C:\Windows\System\mYKgnuT.exe
  2⤵
  PID:8436
- C:\Windows\System\KfTagei.exe
  C:\Windows\System\KfTagei.exe
  2⤵
  PID:8500
- C:\Windows\System\NQqhXAs.exe
  C:\Windows\System\NQqhXAs.exe
  2⤵
  PID:8564
- C:\Windows\System\fVnvEXk.exe
  C:\Windows\System\fVnvEXk.exe
  2⤵
  PID:8596
- C:\Windows\System\nhNtYQD.exe
  C:\Windows\System\nhNtYQD.exe
  2⤵
  PID:8712
- C:\Windows\System\OyfUdAD.exe
  C:\Windows\System\OyfUdAD.exe
  2⤵
  PID:8744
- C:\Windows\System\gsJVHOQ.exe
  C:\Windows\System\gsJVHOQ.exe
  2⤵
  PID:8804
- C:\Windows\System\gCOmARo.exe
  C:\Windows\System\gCOmARo.exe
  2⤵
  PID:8792
- C:\Windows\System\gzykPkw.exe
  C:\Windows\System\gzykPkw.exe
  2⤵
  PID:8868
- C:\Windows\System\SyyTBcB.exe
  C:\Windows\System\SyyTBcB.exe
  2⤵
  PID:8932
- C:\Windows\System\FfSCXoW.exe
  C:\Windows\System\FfSCXoW.exe
  2⤵
  PID:8996
- C:\Windows\System\fZYihsy.exe
  C:\Windows\System\fZYihsy.exe
  2⤵
  PID:8856
- C:\Windows\System\mNcwmJs.exe
  C:\Windows\System\mNcwmJs.exe
  2⤵
  PID:9096
- C:\Windows\System\EFZsdCf.exe
  C:\Windows\System\EFZsdCf.exe
  2⤵
  PID:9160
- C:\Windows\System\AdxlKAh.exe
  C:\Windows\System\AdxlKAh.exe
  2⤵
  PID:8980
- C:\Windows\System\TVTmDdY.exe
  C:\Windows\System\TVTmDdY.exe
  2⤵
  PID:8916
- C:\Windows\System\fuszknu.exe
  C:\Windows\System\fuszknu.exe
  2⤵
  PID:9012
- C:\Windows\System\wkGSvKC.exe
  C:\Windows\System\wkGSvKC.exe
  2⤵
  PID:9080
- C:\Windows\System\jZRKYYX.exe
  C:\Windows\System\jZRKYYX.exe
  2⤵
  PID:9172
- C:\Windows\System\ixHPCEW.exe
  C:\Windows\System\ixHPCEW.exe
  2⤵
  PID:8196
- C:\Windows\System\uaDreVZ.exe
  C:\Windows\System\uaDreVZ.exe
  2⤵
  PID:8256
- C:\Windows\System\hAOHOiQ.exe
  C:\Windows\System\hAOHOiQ.exe
  2⤵
  PID:7080
- C:\Windows\System\DauStwt.exe
  C:\Windows\System\DauStwt.exe
  2⤵
  PID:8388
- C:\Windows\System\YXHEifz.exe
  C:\Windows\System\YXHEifz.exe
  2⤵
  PID:8304
- C:\Windows\System\UoJaKVM.exe
  C:\Windows\System\UoJaKVM.exe
  2⤵
  PID:8240
- C:\Windows\System\SzpeXTy.exe
  C:\Windows\System\SzpeXTy.exe
  2⤵
  PID:8484
- C:\Windows\System\nMbvztq.exe
  C:\Windows\System\nMbvztq.exe
  2⤵
  PID:8644
- C:\Windows\System\ZOEEUFH.exe
  C:\Windows\System\ZOEEUFH.exe
  2⤵
  PID:8608
- C:\Windows\System\IcYAxsT.exe
  C:\Windows\System\IcYAxsT.exe
  2⤵
  PID:8628
- C:\Windows\System\ljFizVt.exe
  C:\Windows\System\ljFizVt.exe
  2⤵
  PID:8776
- C:\Windows\System\XYuhrzN.exe
  C:\Windows\System\XYuhrzN.exe
  2⤵
  PID:8760
- C:\Windows\System\QpcOyKL.exe
  C:\Windows\System\QpcOyKL.exe
  2⤵
  PID:9028
- C:\Windows\System\puzSayQ.exe
  C:\Windows\System\puzSayQ.exe
  2⤵
  PID:8528
- C:\Windows\System\HzHmynM.exe
  C:\Windows\System\HzHmynM.exe
  2⤵
  PID:8696
- C:\Windows\System\fZuQvCm.exe
  C:\Windows\System\fZuQvCm.exe
  2⤵
  PID:9044
- C:\Windows\System\wkbnMhP.exe
  C:\Windows\System\wkbnMhP.exe
  2⤵
  PID:9192
- C:\Windows\System\NQrbalN.exe
  C:\Windows\System\NQrbalN.exe
  2⤵
  PID:8948
- C:\Windows\System\sKIhsxe.exe
  C:\Windows\System\sKIhsxe.exe
  2⤵
  PID:8224
- C:\Windows\System\CZxcbTp.exe
  C:\Windows\System\CZxcbTp.exe
  2⤵
  PID:8208
- C:\Windows\System\zuzyoCz.exe
  C:\Windows\System\zuzyoCz.exe
  2⤵
  PID:1012
- C:\Windows\System\fboPKFP.exe
  C:\Windows\System\fboPKFP.exe
  2⤵
  PID:8356
- C:\Windows\System\PcXEAju.exe
  C:\Windows\System\PcXEAju.exe
  2⤵
  PID:8884
- C:\Windows\System\PWZxcoU.exe
  C:\Windows\System\PWZxcoU.exe
  2⤵
  PID:8404
- C:\Windows\System\lTTiRbk.exe
  C:\Windows\System\lTTiRbk.exe
  2⤵
  PID:9144
- C:\Windows\System\ePnerFJ.exe
  C:\Windows\System\ePnerFJ.exe
  2⤵
  PID:8548
- C:\Windows\System\FjUSVDg.exe
  C:\Windows\System\FjUSVDg.exe
  2⤵
  PID:8352
- C:\Windows\System\XFqmxlP.exe
  C:\Windows\System\XFqmxlP.exe
  2⤵
  PID:9156
- C:\Windows\System\CgkbBll.exe
  C:\Windows\System\CgkbBll.exe
  2⤵
  PID:9260
- C:\Windows\System\WDoweHn.exe
  C:\Windows\System\WDoweHn.exe
  2⤵
  PID:9284
- C:\Windows\System\owCQGZD.exe
  C:\Windows\System\owCQGZD.exe
  2⤵
  PID:9304
- C:\Windows\System\FUJwTpV.exe
  C:\Windows\System\FUJwTpV.exe
  2⤵
  PID:9332
- C:\Windows\System\xUCHqbN.exe
  C:\Windows\System\xUCHqbN.exe
  2⤵
  PID:9356
- C:\Windows\System\IWmvyrw.exe
  C:\Windows\System\IWmvyrw.exe
  2⤵
  PID:9372
- C:\Windows\System\cvdksHB.exe
  C:\Windows\System\cvdksHB.exe
  2⤵
  PID:9448
- C:\Windows\System\tbLdFJk.exe
  C:\Windows\System\tbLdFJk.exe
  2⤵
  PID:9468
- C:\Windows\System\VUnGPqe.exe
  C:\Windows\System\VUnGPqe.exe
  2⤵
  PID:9492
- C:\Windows\System\ApirkUq.exe
  C:\Windows\System\ApirkUq.exe
  2⤵
  PID:9512
- C:\Windows\System\uTigLNk.exe
  C:\Windows\System\uTigLNk.exe
  2⤵
  PID:9532
- C:\Windows\System\AOZyNNs.exe
  C:\Windows\System\AOZyNNs.exe
  2⤵
  PID:9552
- C:\Windows\System\oFabyjc.exe
  C:\Windows\System\oFabyjc.exe
  2⤵
  PID:9576
- C:\Windows\System\HeSEHRf.exe
  C:\Windows\System\HeSEHRf.exe
  2⤵
  PID:9592
- C:\Windows\System\IYVMFTz.exe
  C:\Windows\System\IYVMFTz.exe
  2⤵
  PID:9612
- C:\Windows\System\WKdNlJG.exe
  C:\Windows\System\WKdNlJG.exe
  2⤵
  PID:9628
- C:\Windows\System\wIuxukd.exe
  C:\Windows\System\wIuxukd.exe
  2⤵
  PID:9648
- C:\Windows\System\mSbaMsB.exe
  C:\Windows\System\mSbaMsB.exe
  2⤵
  PID:9668
- C:\Windows\System\zwvwnEe.exe
  C:\Windows\System\zwvwnEe.exe
  2⤵
  PID:9688
- C:\Windows\System\cQVBTQT.exe
  C:\Windows\System\cQVBTQT.exe
  2⤵
  PID:9708
- C:\Windows\System\jlGzOHh.exe
  C:\Windows\System\jlGzOHh.exe
  2⤵
  PID:9724
- C:\Windows\System\gRYKNFW.exe
  C:\Windows\System\gRYKNFW.exe
  2⤵
  PID:9740
- C:\Windows\System\UJntCTU.exe
  C:\Windows\System\UJntCTU.exe
  2⤵
  PID:9760
- C:\Windows\System\lYWFEUA.exe
  C:\Windows\System\lYWFEUA.exe
  2⤵
  PID:9776
- C:\Windows\System\qqKmNdH.exe
  C:\Windows\System\qqKmNdH.exe
  2⤵
  PID:9792
- C:\Windows\System\lbKSski.exe
  C:\Windows\System\lbKSski.exe
  2⤵
  PID:9808
- C:\Windows\System\zDVAfaR.exe
  C:\Windows\System\zDVAfaR.exe
  2⤵
  PID:9824
- C:\Windows\System\mhGgvPh.exe
  C:\Windows\System\mhGgvPh.exe
  2⤵
  PID:9840
- C:\Windows\System\HSrliWc.exe
  C:\Windows\System\HSrliWc.exe
  2⤵
  PID:9860
- C:\Windows\System\IKGCalW.exe
  C:\Windows\System\IKGCalW.exe
  2⤵
  PID:9880
- C:\Windows\System\YdLUFLm.exe
  C:\Windows\System\YdLUFLm.exe
  2⤵
  PID:9896
- C:\Windows\System\tNjTlre.exe
  C:\Windows\System\tNjTlre.exe
  2⤵
  PID:9912
- C:\Windows\System\FWZfuHi.exe
  C:\Windows\System\FWZfuHi.exe
  2⤵
  PID:9928
- C:\Windows\System\xcFRMfB.exe
  C:\Windows\System\xcFRMfB.exe
  2⤵
  PID:9944
- C:\Windows\System\ckfbaVj.exe
  C:\Windows\System\ckfbaVj.exe
  2⤵
  PID:9960
- C:\Windows\System\HBquaXN.exe
  C:\Windows\System\HBquaXN.exe
  2⤵
  PID:9980
- C:\Windows\System\jjbxKFF.exe
  C:\Windows\System\jjbxKFF.exe
  2⤵
  PID:9996
- C:\Windows\System\ScNtVGY.exe
  C:\Windows\System\ScNtVGY.exe
  2⤵
  PID:10012
- C:\Windows\System\WrVtjzZ.exe
  C:\Windows\System\WrVtjzZ.exe
  2⤵
  PID:10028
- C:\Windows\System\wzQIVZq.exe
  C:\Windows\System\wzQIVZq.exe
  2⤵
  PID:10044
- C:\Windows\System\pSjDXlU.exe
  C:\Windows\System\pSjDXlU.exe
  2⤵
  PID:10060
- C:\Windows\System\JhdNMRT.exe
  C:\Windows\System\JhdNMRT.exe
  2⤵
  PID:10076
- C:\Windows\System\rUqnles.exe
  C:\Windows\System\rUqnles.exe
  2⤵
  PID:10092
- C:\Windows\System\oGYpECj.exe
  C:\Windows\System\oGYpECj.exe
  2⤵
  PID:10112
- C:\Windows\System\JkQBwbW.exe
  C:\Windows\System\JkQBwbW.exe
  2⤵
  PID:10128
- C:\Windows\System\WwuJBBC.exe
  C:\Windows\System\WwuJBBC.exe
  2⤵
  PID:10144
- C:\Windows\System\ckDXUNN.exe
  C:\Windows\System\ckDXUNN.exe
  2⤵
  PID:10160
- C:\Windows\System\nQwgRIv.exe
  C:\Windows\System\nQwgRIv.exe
  2⤵
  PID:10176
- C:\Windows\System\lPSlsZt.exe
  C:\Windows\System\lPSlsZt.exe
  2⤵
  PID:10192
- C:\Windows\System\QySekvl.exe
  C:\Windows\System\QySekvl.exe
  2⤵
  PID:10208
- C:\Windows\System\oHLQTFN.exe
  C:\Windows\System\oHLQTFN.exe
  2⤵
  PID:9240
- C:\Windows\System\DsAXdqw.exe
  C:\Windows\System\DsAXdqw.exe
  2⤵
  PID:9228
- C:\Windows\System\TNAlqAz.exe
  C:\Windows\System\TNAlqAz.exe
  2⤵
  PID:8676
- C:\Windows\System\JhvBCsG.exe
  C:\Windows\System\JhvBCsG.exe
  2⤵
  PID:8836
- C:\Windows\System\acdxqPF.exe
  C:\Windows\System\acdxqPF.exe
  2⤵
  PID:8468
- C:\Windows\System\ZhmJmmO.exe
  C:\Windows\System\ZhmJmmO.exe
  2⤵
  PID:9208
- C:\Windows\System\CWSumHe.exe
  C:\Windows\System\CWSumHe.exe
  2⤵
  PID:9476
- C:\Windows\System\OfPdZOp.exe
  C:\Windows\System\OfPdZOp.exe
  2⤵
  PID:9524
- C:\Windows\System\CpXPlHk.exe
  C:\Windows\System\CpXPlHk.exe
  2⤵
  PID:9600
- C:\Windows\System\KFxcYaF.exe
  C:\Windows\System\KFxcYaF.exe
  2⤵
  PID:9640
- C:\Windows\System\ekdaXKX.exe
  C:\Windows\System\ekdaXKX.exe
  2⤵
  PID:9716
- C:\Windows\System\ELULwZE.exe
  C:\Windows\System\ELULwZE.exe
  2⤵
  PID:9504
- C:\Windows\System\OHZvllw.exe
  C:\Windows\System\OHZvllw.exe
  2⤵
  PID:9624
- C:\Windows\System\kbijFED.exe
  C:\Windows\System\kbijFED.exe
  2⤵
  PID:9816
- C:\Windows\System\TaDNjap.exe
  C:\Windows\System\TaDNjap.exe
  2⤵
  PID:9732
- C:\Windows\System\wTfkKjQ.exe
  C:\Windows\System\wTfkKjQ.exe
  2⤵
  PID:9852
- C:\Windows\System\YXltCbx.exe
  C:\Windows\System\YXltCbx.exe
  2⤵
  PID:9920
- C:\Windows\System\xvlUiMO.exe
  C:\Windows\System\xvlUiMO.exe
  2⤵
  PID:9800
- C:\Windows\System\pzNgyrX.exe
  C:\Windows\System\pzNgyrX.exe
  2⤵
  PID:9936
- C:\Windows\System\GolrlCx.exe
  C:\Windows\System\GolrlCx.exe
  2⤵
  PID:9968
- C:\Windows\System\NhGIxbu.exe
  C:\Windows\System\NhGIxbu.exe
  2⤵
  PID:10052
- C:\Windows\System\HUFnJcq.exe
  C:\Windows\System\HUFnJcq.exe
  2⤵
  PID:10184
- C:\Windows\System\LCKtFoK.exe
  C:\Windows\System\LCKtFoK.exe
  2⤵
  PID:10036
- C:\Windows\System\bmGCkZi.exe
  C:\Windows\System\bmGCkZi.exe
  2⤵
  PID:10136
- C:\Windows\System\tZgChPY.exe
  C:\Windows\System\tZgChPY.exe
  2⤵
  PID:10200
- C:\Windows\System\PxXGKFL.exe
  C:\Windows\System\PxXGKFL.exe
  2⤵
  PID:10228
- C:\Windows\System\sfWnVCA.exe
  C:\Windows\System\sfWnVCA.exe
  2⤵
  PID:9224
- C:\Windows\System\leDBcqD.exe
  C:\Windows\System\leDBcqD.exe
  2⤵
  PID:9236
- C:\Windows\System\dyuucMx.exe
  C:\Windows\System\dyuucMx.exe
  2⤵
  PID:9256
- C:\Windows\System\SslOLeq.exe
  C:\Windows\System\SslOLeq.exe
  2⤵
  PID:9344
- C:\Windows\System\ivgxPwN.exe
  C:\Windows\System\ivgxPwN.exe
  2⤵
  PID:9432
- C:\Windows\System\wIbZqLp.exe
  C:\Windows\System\wIbZqLp.exe
  2⤵
  PID:9388
- C:\Windows\System\EQdGdaL.exe
  C:\Windows\System\EQdGdaL.exe
  2⤵
  PID:9396
- C:\Windows\System\ziaXuAZ.exe
  C:\Windows\System\ziaXuAZ.exe
  2⤵
  PID:9408
- C:\Windows\System\FBETlOY.exe
  C:\Windows\System\FBETlOY.exe
  2⤵
  PID:9436
- C:\Windows\System\TbkJNOx.exe
  C:\Windows\System\TbkJNOx.exe
  2⤵
  PID:9140
- C:\Windows\System\WBqUgcO.exe
  C:\Windows\System\WBqUgcO.exe
  2⤵
  PID:8660
- C:\Windows\System\VdDLBce.exe
  C:\Windows\System\VdDLBce.exe
  2⤵
  PID:8324
- C:\Windows\System\ltvVwCr.exe
  C:\Windows\System\ltvVwCr.exe
  2⤵
  PID:9568
- C:\Windows\System\qXFJyro.exe
  C:\Windows\System\qXFJyro.exe
  2⤵
  PID:9520
- C:\Windows\System\cqOdrsF.exe
  C:\Windows\System\cqOdrsF.exe
  2⤵
  PID:9680
- C:\Windows\System\MJDJyns.exe
  C:\Windows\System\MJDJyns.exe
  2⤵
  PID:9272
- C:\Windows\System\tjehmXc.exe
  C:\Windows\System\tjehmXc.exe
  2⤵
  PID:9324
- C:\Windows\System\nKZrNBp.exe
  C:\Windows\System\nKZrNBp.exe
  2⤵
  PID:9540
- C:\Windows\System\TyPKbmn.exe
  C:\Windows\System\TyPKbmn.exe
  2⤵
  PID:9316
- C:\Windows\System\lChvlYR.exe
  C:\Windows\System\lChvlYR.exe
  2⤵
  PID:9368
- C:\Windows\System\wBlbkGo.exe
  C:\Windows\System\wBlbkGo.exe
  2⤵
  PID:9748
- C:\Windows\System\ayaNdZx.exe
  C:\Windows\System\ayaNdZx.exe
  2⤵
  PID:9752
- C:\Windows\System\MyZjXMt.exe
  C:\Windows\System\MyZjXMt.exe
  2⤵
  PID:9700
- C:\Windows\System\HkVNKCW.exe
  C:\Windows\System\HkVNKCW.exe
  2⤵
  PID:9736
- C:\Windows\System\edbUyQX.exe
  C:\Windows\System\edbUyQX.exe
  2⤵
  PID:9836
- C:\Windows\System\abFPorG.exe
  C:\Windows\System\abFPorG.exe
  2⤵
  PID:9976
- C:\Windows\System\iboAkLs.exe
  C:\Windows\System\iboAkLs.exe
  2⤵
  PID:9876
- C:\Windows\System\EhynHNi.exe
  C:\Windows\System\EhynHNi.exe
  2⤵
  PID:10120
- C:\Windows\System\PUxdufw.exe
  C:\Windows\System\PUxdufw.exe
  2⤵
  PID:10168
- C:\Windows\System\NGpayzn.exe
  C:\Windows\System\NGpayzn.exe
  2⤵
  PID:10068
- C:\Windows\System\JKIXvKe.exe
  C:\Windows\System\JKIXvKe.exe
  2⤵
  PID:9232
- C:\Windows\System\VqiGbgg.exe
  C:\Windows\System\VqiGbgg.exe
  2⤵
  PID:9424
- C:\Windows\System\minuREj.exe
  C:\Windows\System\minuREj.exe
  2⤵
  PID:9428
- C:\Windows\System\QSCpzmu.exe
  C:\Windows\System\QSCpzmu.exe
  2⤵
  PID:7972
- C:\Windows\System\TNEahsL.exe
  C:\Windows\System\TNEahsL.exe
  2⤵
  PID:9564
- C:\Windows\System\eIxXgwi.exe
  C:\Windows\System\eIxXgwi.exe
  2⤵
  PID:9636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AtgLBZu.exe

Filesize
6.0MB

MD5
7ebf428d9043cd7e7b0ac85eb57793de

SHA1
66c4ca6c30fc23836cd3eadce117ee841a3ea27f

SHA256
2c0264007345fcfa82922db887bd4d89ee5bc2f93e71a5351145dd4863bbc5ea

SHA512
c70279ab80bf567b0c22794a60384a3c9dfe170723c77123f2134bf546c38f19732bf620e67ef96386e79fff603ee45f09344d2a199d044834e45935cd8b2f82

Download Submit
C:\Windows\system\BUIYNsO.exe

Filesize
6.0MB

MD5
93502f4fc9be70807ad0762205059f65

SHA1
5fbe7e594556e52f258d8f73b64e28cfa840dc0d

SHA256
bbf5fbecc7a4ce53f259ea2a5358daff3d7fa27afb722f2d1d8973782229a321

SHA512
29a0996a4b46f7fe47af1c45d7b0c0cea10baef2574dbc92f89e01eb44511ac8a9a1fc83ccc7cfa56c3cc307a0dea1a88f5a54388bb08c1e23907ef05ab64860

Download Submit
C:\Windows\system\CVoWePB.exe

Filesize
6.0MB

MD5
9b4a3e42361532d40f18d49282be3aef

SHA1
e28db406a975762835ec4c497f81e7f1370094ed

SHA256
978a31a9691a38b00143ebb49b0dbd6cabaf6f6949520630f51946b015c3f102

SHA512
9bb9cc38794010e37750874a408daa5f27e6ad22940fc4507496e07a8e81107b8aaceab9aa406b667014241d10d815f96975b37a387d9e00303c38de62fa9690

Download Submit
C:\Windows\system\EftpnJA.exe

Filesize
6.0MB

MD5
f5a844b1f97de6b238f097b9c6e2b4ea

SHA1
bf2baec10a35585c8a0783143bb3589cb40fe1aa

SHA256
3e481bfed432fd1037d91720dfc12b9380666dde72528031179d5160f8a9bc83

SHA512
86ff9e4c41690f318a07f128407229b9f5aeb95eeb1d689028041c999366227cc8ac3a032e88da1f882a7ae28ac162d4afbc8d2ddca6822f58bd4be311160de0

Download Submit
C:\Windows\system\HzAXbdK.exe

Filesize
6.0MB

MD5
a2b756ea3b7f062319fea0df1fcaf128

SHA1
6d9098e8124779bd71158452b84a6f654a671f30

SHA256
4a7eb8e5b6280e58745850d9b41e177ce52ce3e385f14e87356a762e3ac20cac

SHA512
998d6a764dd93fc9ba457a1575ccc032ed12a47428f6e510666849b8013f2b91f31b949c9b26993a3e2361ad63c6479207aae2884c2cf5b939aeb492ec21e91d

Download Submit
C:\Windows\system\IENmlFU.exe

Filesize
6.0MB

MD5
982e313fb77a4e29bdc887baa7bd9744

SHA1
899e413fcbc175bb583e781b8cfb362481891776

SHA256
5335b216b3732e292d8279438fa2dc41d1f79be87a37144042042b0b45633803

SHA512
3cbdda9bfe1dcf46ba9876d4e16ec32af25342d93c9a4f1981df55df19850479361bfcf582cd5360246b78c98a1855c97324bb591492c379e422b9b76e016bc8

Download Submit
C:\Windows\system\ILXVgpo.exe

Filesize
6.0MB

MD5
60a20a9dda75864ad2466d1dbddf93ab

SHA1
014aa84f72378feb026f8589f124f8e1f5c784c9

SHA256
2092e199ef959bcb57514026feba07f4a3b4becbddd669c1cbf0fe6edf8ffeb4

SHA512
6182d510c3b4d0aad3dbef6540795499eaf1610b3cdac1f9cd84097b5574d9c83ef2f0fa483aa55883c6cd99d6ede6f924ac6985cacbd529e9c685f146142ca0

Download Submit
C:\Windows\system\JmYeCXQ.exe

Filesize
6.0MB

MD5
fbddf71bc96729bce69a4d339fc78933

SHA1
e6da920356b5054b2b677daadb067b6779b90e08

SHA256
928949275bf0ff101d1b160c4b4fad8eb38b14b362f28bdee0152a925eac145e

SHA512
fc2e939a00a6451ea213118aee5289c81c65d3d13dfb473573b6b94bf181fe4c1f83d82a53818cdf33273be1ffaf49d3f6faecd993a85497bf93e32d2b9f69db

Download Submit
C:\Windows\system\KAijEwy.exe

Filesize
6.0MB

MD5
50cb0f4f5a5e6536e58daac250250997

SHA1
8ba146b90d411f514637613fd1c740b105b33d9b

SHA256
077526e6c94f18392943757f2138b316c319a0661c9403d3db0824d91d2d2cc8

SHA512
858dd970e66d76de0190bd55369d29f3396ec903a0fd6fc3e91762b8d6e7b7b2a35b4285d6de66ee2d16aee913c48c3cb15c6abb29c4d4e57cb7f2444f0f8f41

Download Submit
C:\Windows\system\LPqqmlj.exe

Filesize
6.0MB

MD5
91c8e856dc99848d4d85ccf06ef6a02e

SHA1
5bb552174e6947ad11bf89593e7a174c1518810c

SHA256
0b378b234888dc1debf324a31c35f2547e0f43453bd0755ad77ea15b7e90789c

SHA512
0d707c69c38022c21cbba7d2d8db4fff959156c25e030c405b9eacc397cb52dee71ac3fbe54fe208333feaa6882a84e44b1a0b1d18c6b8fbc52ad8b32b8a90d0

Download Submit
C:\Windows\system\MLtUdqb.exe

Filesize
6.0MB

MD5
dfd5ac1ce3c35ea733fce2d0ed921563

SHA1
b2d77373349f3bd6ca6498da70c3ee399bd7cfed

SHA256
9df7d453fc6e70ecafb0075db16ff401f34f5a806a56f8c0324d2000b8a832d0

SHA512
b38929fae6f0b460bb0e71672d4d37107e0c015186627a365b8a237a6b7ee47794f72b8ade94a2d2ec3c372984898f3acde8200aee3d8e68cd80a85c14f57d9c

Download Submit
C:\Windows\system\NOzOenb.exe

Filesize
6.0MB

MD5
a680f92c0f08b465af260cf42c276673

SHA1
00f39e144f6d74e00e428f8f8e9619a82c8fbe78

SHA256
8aa3a3a8320453371e4c7e14ea89158ee71527fede79246b2eb1a456279447b2

SHA512
500cc3128e6e96416101232f523f67de16b2fa8664cc941819542c939d428b0ad9d4128ecfef8500876e2cdf65783da4971e66018e62fd34e810e059bf429a72

Download Submit
C:\Windows\system\OTUrtil.exe

Filesize
6.0MB

MD5
004be2224ca08db77c996d4831bfa770

SHA1
b5c97bc6362f5d8b05e8c944474fc2eaec03aa82

SHA256
0abc74f1167192dafc8b48de439b161a681b5af53f26798ce4b05970ea258b9d

SHA512
5483ec535722d16f9ae471802e3beda6940a79fb1967b35c7d8c8b8c12df597848f88638a2c945296226a6ff16697d515df5010587a82e997852f50d7fba0367

Download Submit
C:\Windows\system\OlhRMfi.exe

Filesize
6.0MB

MD5
b2644ee1d79f9e3bbc82c49bb8ab05bc

SHA1
10c72692bd7e9e8531d27a503b878faa026921d8

SHA256
d4845d6c188b801f1eea66338a20e42bb64758392ef1036a61fbda7252bcbe60

SHA512
44e5f0bfbfdc2ee0f5f59e715f23180835f8daced18845176cd7acc0fe95ce8bd8db18adabaae1631343c0ce7652f0da17d2c2d5acaeb7d01961b291f98191b4

Download Submit
C:\Windows\system\RAwPKZm.exe

Filesize
6.0MB

MD5
eca6c13bfa130d7831748ec796b2d35c

SHA1
2ee2c1cbe9fa157c1c3338d886d8377ca2c4113e

SHA256
0c0f48ba0f7d1c584f14f252ab1539e48235166f2372a8264b0fc4775c3952d7

SHA512
63ea34d0db01bc632d4c27bc4e825c25df965ebe5c4dbb1992ece0093f51e3b4a22dfdeb695059922126735ece3becc53d1ae38fdd78129e292bf0e4ebe12fe4

Download Submit
C:\Windows\system\SJjeWkN.exe

Filesize
6.0MB

MD5
84af885f6eadf8c98e03b0c0061aff06

SHA1
ec76e2910148b372c5b2e594103352497e85e311

SHA256
cc693b342c51a94c2d7d10287b8cb4203de6d20ba910e0a9680f15eb0c50c76e

SHA512
5069da0938430c3c7c0d030357b129df2ff279bd0fb4a5789cc24d2036555e6797b6389741576e9c096cdcf4698721cf5c416be85279da79ae5cad76044a4b2e

Download Submit
C:\Windows\system\WVAivoM.exe

Filesize
6.0MB

MD5
9f5b0163b903817c42d054287f4e8058

SHA1
29e80b5f4a707833a6a7ca5a621c3c22d1228d30

SHA256
fe91d423804c6e212dc7f8f87c1f77feae6dcfd2cdfbd822e9cc254c15a168a9

SHA512
e12d84f276c79e40a7366adf5df53a9f45e3020c62b10a9aa33905b8d9ab522732f7e981806c4b589866817547b348d4efe8ae811252908720d6ed35701c03d1

Download Submit
C:\Windows\system\boqTYJS.exe

Filesize
6.0MB

MD5
7eb533bab449ccbd65be87e8e1aa075b

SHA1
397feac5f3e76cf8f7b6ceed6ebd0e09b11a2fad

SHA256
d61e4f89a77756112f5f3712beee40455f6d88dddc7a703f33546183341bed51

SHA512
33507c5c966904a03a3d931bd42b34d21aef83cb18373cfd357a397d5ca1b6731b0a1adb60ec8b257a12d5987cba78168a604bba169851d333b3b4e3e9e1f3c4

Download Submit
C:\Windows\system\cEbOGDs.exe

Filesize
6.0MB

MD5
25a9b0996c428243961003c7cd68ac7e

SHA1
f08372b1d5c493793feebec7cf348525c434255f

SHA256
304d49a0d8f0ff9826ed75bf37d8c5c34751258aa7a91651b9594f9571a16aa0

SHA512
22b1c00b0b8f66f0c0b94875a56f23f6b5730ce1341543dce8f75246f69f0c0e72a6f9ee0cb27d165b8ab34ecacdbbcc2efc74b0a66bff3df17e2565c755c752

Download Submit
C:\Windows\system\cMSMJgL.exe

Filesize
6.0MB

MD5
b82f66f00ad584d78b99323aa772b03d

SHA1
8ce2d7eb3c81b8f2a1a3c320043bd86cf9bdf079

SHA256
a8c9107dbf76ed774ec200f457e94780cfdf24cd2fd0ce8e14184c13b509284a

SHA512
b54d0562a31012a177f0968cc5c8adc3b6d61f9f10b6baf5d4ab18e61af24bea4e01242ce814e8eefb217030ddef937a9561e2ad0fbb9c5135c8ac6514c86911

Download Submit
C:\Windows\system\hxSqAzU.exe

Filesize
6.0MB

MD5
689bb2dc5da179f4d68c41ee3d13ae0a

SHA1
6d3727b338c3ddb5db5ed3eb941cf34749a8420d

SHA256
3fa19e6351865647d5c21740b3d1aefc280cdaf6ecf0f49492d38accaa856141

SHA512
e86f555224c1bf07e07f5f2d22cbdf1d6d51ff7399a456b2c715a3008a1bab117467b3a838516b9a6f213706ace6d9228f3584f0d36c67b3f540274b3c7328cd

Download Submit
C:\Windows\system\ixEvMXm.exe

Filesize
6.0MB

MD5
b6db1e98368fcf15c79a5f9fdca16e15

SHA1
a024263c1f3d1af43f0d067a6ae87dd91ae5e4d4

SHA256
2fd931736b8163276dbe98f9b574630aa74ea7bcb93b8991a3cae7e0d545e71c

SHA512
fa94c052c1f24568321fa5d8b6cd03a9a84611ef3169a3de5f2d70de8e1339670b15daffc6cb08a851178ebe18cb69cf9516c057a4f899ee1248324ec1a3075d

Download Submit
C:\Windows\system\jPwZWSf.exe

Filesize
6.0MB

MD5
a7fe414a078f13d6f8362d8708a79d9b

SHA1
472b00f4945656a2f3acad8aebe8f8ccd3f05614

SHA256
7687e18a9a77864bed0dd1df0e5723ee3e1e7be0e1ba2b2be0ae1dd51a29d346

SHA512
347bc2b29dcad640437b9a21e17c1bc708a7a0d2e59e77a739805ac9573a1cd4aaeb8fc6cb84544d8a2527bd2ce6aa5a1cd7b49f69be8859e51f7e7f92c0e534

Download Submit
C:\Windows\system\pFZbjJt.exe

Filesize
6.0MB

MD5
672438a8f31645e9cb3b6b415ca46c2a

SHA1
0d18d89b825786972e49ccba992676e83fca3b74

SHA256
3f4efcfde2338cfa6062eb0e78a41733363f0e70c34f383a75dbd90c919ed5a1

SHA512
a1b715431e9736fbb25d17478e25ed31cdb2e022a210714dc9fbfc22cc373a8ea252932b44611f1150189f04226f20e42583a14a6e33f2f5255f009e019c1544

Download Submit
C:\Windows\system\uAuYaty.exe

Filesize
6.0MB

MD5
2f71f8c702507963345e052d4f7c4704

SHA1
8c441fed07b9f459c95e5aa50c521d661261af9b

SHA256
06b5cfb3ced9e73270443dad5b67092212f482a660f9e3f3f5cebb71dfeaebcb

SHA512
44d00f40925ae6e08b944e50d035f414da9df1ed246d7a22cb8b1381e2a6428e92c6599f3d7168421bbc83d6d0282350bcef28f369f4ac8e66a845636cf84726

Download Submit
C:\Windows\system\xngXKvH.exe

Filesize
6.0MB

MD5
cb94762c747e52b01322e430fea36022

SHA1
ba5094c81c48330a1f5b4b193fe1f9b2d344525d

SHA256
4f87543349aeb198354088eaca33806ad41341bba123b8585599801e8a2a3066

SHA512
d144fdf9c7910236297efd637f839fd86bcdaca2b1ef11467512ceecc7cdbad3e821296758b729358a7535b35c9fc0690a61fd0bfc945e0b432ffd10de110868

Download Submit
C:\Windows\system\xoWipWh.exe

Filesize
6.0MB

MD5
7acbbed1905bb017be1eec8a64874b7f

SHA1
9ec3269fddf0f35b3e91ecca47225c6358490fb1

SHA256
2c9b1b8cdbf423aa2ef054b316008bef88a8d198bd23ca8955531609ca8dd269

SHA512
ede309e47d7141ae02fcc8a7cbdae375d906afa0d8727fde27f9c2b2e9a53a0b2da2ee88bdc06182d97a41aa44357d2a5c8e5e12d602485835eb7fc176e9c2a7

Download Submit
C:\Windows\system\yReamQg.exe

Filesize
6.0MB

MD5
7eca548591422c37378a4027800349d4

SHA1
834916ff6b2a1fbce33cfceb4938cba95624d96d

SHA256
340f8e8dc525509c774cb23136eea7c883a8076d673cbe9cd515282941e09a97

SHA512
9169232ad936b4d0c6bf69177f78875bba08551728fcfc6f642cee25290d4dd36a006e0dcaad12959a6b3ef24049eb42ffeba3cac40883c2599c1e9d09dba07d

Download Submit
\Windows\system\NQUFoVj.exe

Filesize
6.0MB

MD5
b2a343e7f3b4dd547ea1f205ea7f4fe4

SHA1
774b4374aa0617d280d009bb17e8cf6b44391f78

SHA256
a00677952939a02754c2743bd5cb5562672639b2cb4ae91b0d06a8ee9993a569

SHA512
4045d76009083230d2405eb9f687226bf8177803b52cf023dfd473f2c03f1b72b37c197923a2c0590529e583a7f8a871bf0577247dd858864c60773f2d8c8f60

Download Submit
\Windows\system\UUocFuj.exe

Filesize
6.0MB

MD5
e685958f23e9eadd6001b64f8ad30293

SHA1
dd11b8635de3b04f85930c890b10d175fc8de82c

SHA256
f5da5ba1f2f35bcdbd148c48118db7d9be8dcaa2824672d932cab5babc99471f

SHA512
74f6a882169bf1e27c8095571f90c42ed7fc6f85650f7dc31343abc75a65a29e9ffe94996b0179da8fa3adde085a83d9daef9e0ae3ca3a0dc5af553e74a94138

Download Submit
\Windows\system\lbGfQWx.exe

Filesize
6.0MB

MD5
78c2066d868b05e1b9dd8877ed7753b7

SHA1
a1256a8945ef8c58592d3198c6a370550c0e1ea7

SHA256
b2b369f471a66914f2cf724f4ab6ee3a3e7361a2f82456b21ca0ed42f97b1c50

SHA512
b7325db448d204a7196357e7a447aae74437999d00a1b5354ed096e09fa02786246687cc4a7acd678665c16aaca756f7225a74cc76489b21a7fe2969e152cad3

Download Submit
\Windows\system\siSeolX.exe

Filesize
6.0MB

MD5
2a8fcbe3ebec465467ce78898cee128a

SHA1
b22e464ac6f7cc3b2d763a4508ca9770d05c563f

SHA256
49161a33e72821f848deae0da8d7aad03ce0341543cd44e06610286e6fffd12a

SHA512
be3de0b4b6a8177d872429b068e5b179477ea9a8cf038c75d17a5b1dc80a50561115cb0b1b90e1899c51795e7a490bf7e3ee36f441946cfcc1e7bc35fe2c7a37

Download Submit
\Windows\system\zWqefWw.exe

Filesize
6.0MB

MD5
50a2788698433cfcbdeebb0e6f161e5b

SHA1
5e87c6fa7f1af1202d5024f54d431577abe83754

SHA256
f3ef89c1f8008c4610f5f7332aad99a1b49929b5848ff1eded0f475b44649d2a

SHA512
ac7636eaa838bbc470a7933eaf3cef5ab36900e5b85e1d483fdd4f5674d59bdbd36662f2fcf82ebb996900619f630d001ffae276cae304b7bbf281a88f0e34a4

Download Submit
memory/2032-105-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2032-487-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2032-27-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2032-78-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2032-484-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2032-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2032-0-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2032-64-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2032-42-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2032-94-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2032-129-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2032-87-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2032-12-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2032-36-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2032-24-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2032-115-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2032-137-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2032-120-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2032-109-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2032-91-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2032-82-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2032-133-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-49-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2536-20-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-116-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2648-3755-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2676-124-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-3754-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-486-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2728-70-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3450-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2732-3447-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-76-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3443-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2780-31-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2780-485-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2816-60-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3439-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2832-114-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-3446-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-56-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2916-3449-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/3036-3442-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-34-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download