cobaltstrike | 46aa510da84c11305bddf6498dc09f5f4d92924c726a65088a7bd28bd643e060

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-12-2024 05:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

24b61fa4c47d45318067672825a88e93
SHA1

a8e0d8a5b6485d8f8ad0d87efd1a9e861117ae08
SHA256

46aa510da84c11305bddf6498dc09f5f4d92924c726a65088a7bd28bd643e060
SHA512

32e4ce9eb1c3251d46a7a149b24b4cc17fd58667064ab1aa0cfb6eb3da66e7e89811060ca86871b9c48821f15e80eee45f87099b4ef419782b87357d8e19f496
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUX:T+q56utgpPF8u/7X

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00090000000120f9-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018bf3-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019227-11.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001922c-24.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001925e-34.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001926a-40.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001939d-59.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019284-56.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019279-50.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957e-68.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-99.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001967f-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001970b-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dcb-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d3d-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c58-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c54-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c73-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c56-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000199b9-153.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196c0-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962b-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001963b-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-108.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-104.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-89.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-93.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e6-83.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-78.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018742-73.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1356-0-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/files/0x00090000000120f9-3.dat	xmrig
behavioral1/files/0x0009000000018bf3-10.dat	xmrig
behavioral1/files/0x0007000000019227-11.dat	xmrig
behavioral1/memory/2412-23-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/files/0x000700000001922c-24.dat	xmrig
behavioral1/memory/1000-22-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2908-30-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x000700000001925e-34.dat	xmrig
behavioral1/files/0x000600000001926a-40.dat	xmrig
behavioral1/memory/2584-37-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2988-55-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/1356-57-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/files/0x000700000001939d-59.dat	xmrig
behavioral1/memory/2056-58-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/files/0x0006000000019284-56.dat	xmrig
behavioral1/files/0x0006000000019279-50.dat	xmrig
behavioral1/memory/2852-49-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/files/0x000500000001957e-68.dat	xmrig
behavioral1/files/0x0005000000019621-99.dat	xmrig
behavioral1/files/0x000500000001967f-138.dat	xmrig
behavioral1/files/0x000500000001970b-148.dat	xmrig
behavioral1/files/0x0005000000019dcb-179.dat	xmrig
behavioral1/memory/2708-488-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2852-1035-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2584-875-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2908-581-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2672-496-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/868-494-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2108-492-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2244-490-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2640-477-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d3d-171.dat	xmrig
behavioral1/files/0x0005000000019c58-164.dat	xmrig
behavioral1/files/0x0005000000019c54-156.dat	xmrig
behavioral1/files/0x0005000000019d62-178.dat	xmrig
behavioral1/files/0x0005000000019c73-170.dat	xmrig
behavioral1/files/0x0005000000019c56-161.dat	xmrig
behavioral1/files/0x00050000000199b9-153.dat	xmrig
behavioral1/files/0x00050000000196c0-143.dat	xmrig
behavioral1/files/0x000500000001962b-128.dat	xmrig
behavioral1/files/0x000500000001963b-133.dat	xmrig
behavioral1/files/0x0005000000019627-118.dat	xmrig
behavioral1/files/0x0005000000019629-124.dat	xmrig
behavioral1/files/0x0005000000019623-108.dat	xmrig
behavioral1/files/0x0005000000019625-114.dat	xmrig
behavioral1/files/0x0005000000019622-104.dat	xmrig
behavioral1/files/0x000500000001961d-89.dat	xmrig
behavioral1/files/0x000500000001961f-93.dat	xmrig
behavioral1/files/0x00050000000195e6-83.dat	xmrig
behavioral1/files/0x00050000000195a7-78.dat	xmrig
behavioral1/files/0x0007000000018742-73.dat	xmrig
behavioral1/memory/2164-20-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2056-2179-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/1000-3466-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2988-3475-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2584-3474-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2412-3468-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2908-3467-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/868-3520-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2244-3519-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2640-3521-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2708-3518-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2852-3517-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2412	NbgCoaI.exe
2164	OrIHjkS.exe
1000	vCgJWbl.exe
2908	kVAXxpZ.exe
2584	ZTkizNV.exe
2852	moNTtFM.exe
2988	NngwsFq.exe
2056	ecUoHCr.exe
2672	fwWBqZw.exe
2640	PeNiyPa.exe
2708	BgYEiVo.exe
2244	tcWLysn.exe
2108	wdvDhCq.exe
868	tSMlEBw.exe
2736	daCKGfo.exe
2920	yPCLSXp.exe
1548	OgrmJjH.exe
1352	auuYoYM.exe
1640	vKwnRNf.exe
1728	THdtiXt.exe
1940	cCxBpcg.exe
2916	aorDirg.exe
336	pjkCBBa.exe
820	pmhrPIh.exe
2928	ocWVBah.exe
2444	BBCEldn.exe
2136	lgpxGGL.exe
1452	cXpTOnD.exe
1060	fhdGkzr.exe
3040	VZjWvaD.exe
972	bjpGggk.exe
2312	cvscwaI.exe
1468	zSrqECn.exe
1072	sEVybir.exe
1132	CsbMjcA.exe
1928	iaqtDbx.exe
940	UVORotu.exe
1296	DThdDpV.exe
912	ICCpZdv.exe
1464	PItPOMH.exe
1724	EVSoDVi.exe
1572	RCCeanX.exe
1852	GkSmahn.exe
2092	DueIDhf.exe
108	aGZhUbC.exe
2992	Gutwhxz.exe
1684	DaDQXjL.exe
648	JNnilcW.exe
1760	sVHlHzV.exe
988	XOtsjrZ.exe
2524	GVnGGkK.exe
1532	YnrjSgI.exe
2556	QWJWCjz.exe
816	uUNZEMd.exe
2028	UPyLiDY.exe
2132	BdGsFhK.exe
2188	lWELQEg.exe
2884	UnglHeS.exe
2760	LHfOaCF.exe
2692	ZIDBdcl.exe
2700	cMVYpfN.exe
2360	LjGldly.exe
1748	TidroQw.exe
2696	OgDtdEO.exe

Loads dropped DLL 64 IoCs

pid	Process
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1356-0-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/files/0x00090000000120f9-3.dat	upx
behavioral1/files/0x0009000000018bf3-10.dat	upx
behavioral1/files/0x0007000000019227-11.dat	upx
behavioral1/memory/2412-23-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/files/0x000700000001922c-24.dat	upx
behavioral1/memory/1000-22-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2908-30-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x000700000001925e-34.dat	upx
behavioral1/files/0x000600000001926a-40.dat	upx
behavioral1/memory/2584-37-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2988-55-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/1356-57-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/files/0x000700000001939d-59.dat	upx
behavioral1/memory/2056-58-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/files/0x0006000000019284-56.dat	upx
behavioral1/files/0x0006000000019279-50.dat	upx
behavioral1/memory/2852-49-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/files/0x000500000001957e-68.dat	upx
behavioral1/files/0x0005000000019621-99.dat	upx
behavioral1/files/0x000500000001967f-138.dat	upx
behavioral1/files/0x000500000001970b-148.dat	upx
behavioral1/files/0x0005000000019dcb-179.dat	upx
behavioral1/memory/2708-488-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2852-1035-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2584-875-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2908-581-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2672-496-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/868-494-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2108-492-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2244-490-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2640-477-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/files/0x0005000000019d3d-171.dat	upx
behavioral1/files/0x0005000000019c58-164.dat	upx
behavioral1/files/0x0005000000019c54-156.dat	upx
behavioral1/files/0x0005000000019d62-178.dat	upx
behavioral1/files/0x0005000000019c73-170.dat	upx
behavioral1/files/0x0005000000019c56-161.dat	upx
behavioral1/files/0x00050000000199b9-153.dat	upx
behavioral1/files/0x00050000000196c0-143.dat	upx
behavioral1/files/0x000500000001962b-128.dat	upx
behavioral1/files/0x000500000001963b-133.dat	upx
behavioral1/files/0x0005000000019627-118.dat	upx
behavioral1/files/0x0005000000019629-124.dat	upx
behavioral1/files/0x0005000000019623-108.dat	upx
behavioral1/files/0x0005000000019625-114.dat	upx
behavioral1/files/0x0005000000019622-104.dat	upx
behavioral1/files/0x000500000001961d-89.dat	upx
behavioral1/files/0x000500000001961f-93.dat	upx
behavioral1/files/0x00050000000195e6-83.dat	upx
behavioral1/files/0x00050000000195a7-78.dat	upx
behavioral1/files/0x0007000000018742-73.dat	upx
behavioral1/memory/2164-20-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/1356-17-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2056-2179-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/1000-3466-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2988-3475-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2584-3474-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2412-3468-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2908-3467-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/868-3520-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2244-3519-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2640-3521-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2708-3518-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\omCxtKB.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BGnRfsp.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MNbbGNV.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OgrmJjH.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lMKMxjQ.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qgmGKMF.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpmeMLf.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YIawnpW.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AAlPSnk.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HiLcZPY.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fxeicjX.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\USVqDuB.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xcrviHQ.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jFjnVxw.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ugXsbpr.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iCJyxss.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mbCRKIi.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\obdpSdQ.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wuDdGkv.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KmxPyFg.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kQbMDMx.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CQlIkXc.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fNItOzv.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AxBaGcU.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BMseOIq.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AiOapHi.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rlXKeZn.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KtsAELY.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DUgZshx.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oxgZkRB.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rYwgfei.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\StHWxnA.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zJOTtyE.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NcQYvtz.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OAEYTfF.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mvRfBBl.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bNWuPSW.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RnMZCtb.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GleUVWF.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZaCJtUv.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MYCTaSj.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ThhkCvz.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZDnRWHH.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DLqVBEA.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tIyTnyY.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OrIHjkS.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NmqoAIJ.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cUDjCND.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QSPxqbu.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NApSpYw.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FXuuFTl.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bwAOqpu.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vDFPFIe.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EHPyvTR.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WvhkNri.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\znLBSvc.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kVAXxpZ.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mQayuFy.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kJlNvSt.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hPaZbAx.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wpsGyRJ.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vlvbivL.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nDgVRPs.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rkLOKjm.exe	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1356 wrote to memory of 2412	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1356 wrote to memory of 2412	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1356 wrote to memory of 2412	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1356 wrote to memory of 2164	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1356 wrote to memory of 2164	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1356 wrote to memory of 2164	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1356 wrote to memory of 1000	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1356 wrote to memory of 1000	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1356 wrote to memory of 1000	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1356 wrote to memory of 2908	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1356 wrote to memory of 2908	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1356 wrote to memory of 2908	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1356 wrote to memory of 2584	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1356 wrote to memory of 2584	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1356 wrote to memory of 2584	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1356 wrote to memory of 2852	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1356 wrote to memory of 2852	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1356 wrote to memory of 2852	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1356 wrote to memory of 2988	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1356 wrote to memory of 2988	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1356 wrote to memory of 2988	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1356 wrote to memory of 2056	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1356 wrote to memory of 2056	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1356 wrote to memory of 2056	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1356 wrote to memory of 2672	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1356 wrote to memory of 2672	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1356 wrote to memory of 2672	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1356 wrote to memory of 2640	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1356 wrote to memory of 2640	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1356 wrote to memory of 2640	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1356 wrote to memory of 2708	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1356 wrote to memory of 2708	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1356 wrote to memory of 2708	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1356 wrote to memory of 2244	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1356 wrote to memory of 2244	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1356 wrote to memory of 2244	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1356 wrote to memory of 2108	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1356 wrote to memory of 2108	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1356 wrote to memory of 2108	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1356 wrote to memory of 868	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1356 wrote to memory of 868	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1356 wrote to memory of 868	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1356 wrote to memory of 2736	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1356 wrote to memory of 2736	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1356 wrote to memory of 2736	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1356 wrote to memory of 2920	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1356 wrote to memory of 2920	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1356 wrote to memory of 2920	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1356 wrote to memory of 1548	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1356 wrote to memory of 1548	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1356 wrote to memory of 1548	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1356 wrote to memory of 1352	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1356 wrote to memory of 1352	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1356 wrote to memory of 1352	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1356 wrote to memory of 1640	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1356 wrote to memory of 1640	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1356 wrote to memory of 1640	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1356 wrote to memory of 1728	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1356 wrote to memory of 1728	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1356 wrote to memory of 1728	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1356 wrote to memory of 1940	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1356 wrote to memory of 1940	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1356 wrote to memory of 1940	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1356 wrote to memory of 2916	1356	2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-11_24b61fa4c47d45318067672825a88e93_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1356
- C:\Windows\System\NbgCoaI.exe
  C:\Windows\System\NbgCoaI.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\OrIHjkS.exe
  C:\Windows\System\OrIHjkS.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\vCgJWbl.exe
  C:\Windows\System\vCgJWbl.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\kVAXxpZ.exe
  C:\Windows\System\kVAXxpZ.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\ZTkizNV.exe
  C:\Windows\System\ZTkizNV.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\moNTtFM.exe
  C:\Windows\System\moNTtFM.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\NngwsFq.exe
  C:\Windows\System\NngwsFq.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\ecUoHCr.exe
  C:\Windows\System\ecUoHCr.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\fwWBqZw.exe
  C:\Windows\System\fwWBqZw.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\PeNiyPa.exe
  C:\Windows\System\PeNiyPa.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\BgYEiVo.exe
  C:\Windows\System\BgYEiVo.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\tcWLysn.exe
  C:\Windows\System\tcWLysn.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\wdvDhCq.exe
  C:\Windows\System\wdvDhCq.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\tSMlEBw.exe
  C:\Windows\System\tSMlEBw.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\daCKGfo.exe
  C:\Windows\System\daCKGfo.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\yPCLSXp.exe
  C:\Windows\System\yPCLSXp.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\OgrmJjH.exe
  C:\Windows\System\OgrmJjH.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\auuYoYM.exe
  C:\Windows\System\auuYoYM.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\vKwnRNf.exe
  C:\Windows\System\vKwnRNf.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\THdtiXt.exe
  C:\Windows\System\THdtiXt.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\cCxBpcg.exe
  C:\Windows\System\cCxBpcg.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\aorDirg.exe
  C:\Windows\System\aorDirg.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\pjkCBBa.exe
  C:\Windows\System\pjkCBBa.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\pmhrPIh.exe
  C:\Windows\System\pmhrPIh.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\ocWVBah.exe
  C:\Windows\System\ocWVBah.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\BBCEldn.exe
  C:\Windows\System\BBCEldn.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\lgpxGGL.exe
  C:\Windows\System\lgpxGGL.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\cvscwaI.exe
  C:\Windows\System\cvscwaI.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\cXpTOnD.exe
  C:\Windows\System\cXpTOnD.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\sEVybir.exe
  C:\Windows\System\sEVybir.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\fhdGkzr.exe
  C:\Windows\System\fhdGkzr.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\CsbMjcA.exe
  C:\Windows\System\CsbMjcA.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\VZjWvaD.exe
  C:\Windows\System\VZjWvaD.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\iaqtDbx.exe
  C:\Windows\System\iaqtDbx.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\bjpGggk.exe
  C:\Windows\System\bjpGggk.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\UVORotu.exe
  C:\Windows\System\UVORotu.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\zSrqECn.exe
  C:\Windows\System\zSrqECn.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\DThdDpV.exe
  C:\Windows\System\DThdDpV.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\ICCpZdv.exe
  C:\Windows\System\ICCpZdv.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\PItPOMH.exe
  C:\Windows\System\PItPOMH.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\EVSoDVi.exe
  C:\Windows\System\EVSoDVi.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\RCCeanX.exe
  C:\Windows\System\RCCeanX.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\aGZhUbC.exe
  C:\Windows\System\aGZhUbC.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\GkSmahn.exe
  C:\Windows\System\GkSmahn.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\Gutwhxz.exe
  C:\Windows\System\Gutwhxz.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\DueIDhf.exe
  C:\Windows\System\DueIDhf.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\DaDQXjL.exe
  C:\Windows\System\DaDQXjL.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\JNnilcW.exe
  C:\Windows\System\JNnilcW.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\XOtsjrZ.exe
  C:\Windows\System\XOtsjrZ.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\sVHlHzV.exe
  C:\Windows\System\sVHlHzV.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\uUNZEMd.exe
  C:\Windows\System\uUNZEMd.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\GVnGGkK.exe
  C:\Windows\System\GVnGGkK.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\UPyLiDY.exe
  C:\Windows\System\UPyLiDY.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\YnrjSgI.exe
  C:\Windows\System\YnrjSgI.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\BdGsFhK.exe
  C:\Windows\System\BdGsFhK.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\QWJWCjz.exe
  C:\Windows\System\QWJWCjz.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\lWELQEg.exe
  C:\Windows\System\lWELQEg.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\UnglHeS.exe
  C:\Windows\System\UnglHeS.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\LHfOaCF.exe
  C:\Windows\System\LHfOaCF.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\ZIDBdcl.exe
  C:\Windows\System\ZIDBdcl.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\cMVYpfN.exe
  C:\Windows\System\cMVYpfN.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\LjGldly.exe
  C:\Windows\System\LjGldly.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\TidroQw.exe
  C:\Windows\System\TidroQw.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\OgDtdEO.exe
  C:\Windows\System\OgDtdEO.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\IkBilbE.exe
  C:\Windows\System\IkBilbE.exe
  2⤵
  PID:1932
- C:\Windows\System\jHOfDfk.exe
  C:\Windows\System\jHOfDfk.exe
  2⤵
  PID:1840
- C:\Windows\System\olpzzMv.exe
  C:\Windows\System\olpzzMv.exe
  2⤵
  PID:2468
- C:\Windows\System\RPAEeKI.exe
  C:\Windows\System\RPAEeKI.exe
  2⤵
  PID:2940
- C:\Windows\System\OGcmxUO.exe
  C:\Windows\System\OGcmxUO.exe
  2⤵
  PID:1216
- C:\Windows\System\TsJIWAg.exe
  C:\Windows\System\TsJIWAg.exe
  2⤵
  PID:2456
- C:\Windows\System\teyyTPl.exe
  C:\Windows\System\teyyTPl.exe
  2⤵
  PID:276
- C:\Windows\System\wjaAvvG.exe
  C:\Windows\System\wjaAvvG.exe
  2⤵
  PID:1588
- C:\Windows\System\mFTkANv.exe
  C:\Windows\System\mFTkANv.exe
  2⤵
  PID:1560
- C:\Windows\System\NhrYAOD.exe
  C:\Windows\System\NhrYAOD.exe
  2⤵
  PID:1288
- C:\Windows\System\nYwuVLg.exe
  C:\Windows\System\nYwuVLg.exe
  2⤵
  PID:2256
- C:\Windows\System\hohFYXl.exe
  C:\Windows\System\hohFYXl.exe
  2⤵
  PID:1992
- C:\Windows\System\pZVihaw.exe
  C:\Windows\System\pZVihaw.exe
  2⤵
  PID:1404
- C:\Windows\System\VhgBGTq.exe
  C:\Windows\System\VhgBGTq.exe
  2⤵
  PID:2464
- C:\Windows\System\LSaFMDp.exe
  C:\Windows\System\LSaFMDp.exe
  2⤵
  PID:1976
- C:\Windows\System\XGYgygl.exe
  C:\Windows\System\XGYgygl.exe
  2⤵
  PID:1788
- C:\Windows\System\qTAchuT.exe
  C:\Windows\System\qTAchuT.exe
  2⤵
  PID:1980
- C:\Windows\System\xAsKFCQ.exe
  C:\Windows\System\xAsKFCQ.exe
  2⤵
  PID:2484
- C:\Windows\System\Jurihfe.exe
  C:\Windows\System\Jurihfe.exe
  2⤵
  PID:3004
- C:\Windows\System\fWIZthi.exe
  C:\Windows\System\fWIZthi.exe
  2⤵
  PID:1872
- C:\Windows\System\oHoahpq.exe
  C:\Windows\System\oHoahpq.exe
  2⤵
  PID:2260
- C:\Windows\System\PqcCeVL.exe
  C:\Windows\System\PqcCeVL.exe
  2⤵
  PID:2744
- C:\Windows\System\WJALkHG.exe
  C:\Windows\System\WJALkHG.exe
  2⤵
  PID:1228
- C:\Windows\System\iQHlFpi.exe
  C:\Windows\System\iQHlFpi.exe
  2⤵
  PID:2452
- C:\Windows\System\FFxwHLI.exe
  C:\Windows\System\FFxwHLI.exe
  2⤵
  PID:408
- C:\Windows\System\bZDFlpv.exe
  C:\Windows\System\bZDFlpv.exe
  2⤵
  PID:1496
- C:\Windows\System\LIdyfBu.exe
  C:\Windows\System\LIdyfBu.exe
  2⤵
  PID:2392
- C:\Windows\System\GLiEOFu.exe
  C:\Windows\System\GLiEOFu.exe
  2⤵
  PID:1800
- C:\Windows\System\oZeAfOO.exe
  C:\Windows\System\oZeAfOO.exe
  2⤵
  PID:1904
- C:\Windows\System\NmqoAIJ.exe
  C:\Windows\System\NmqoAIJ.exe
  2⤵
  PID:1536
- C:\Windows\System\yQxrair.exe
  C:\Windows\System\yQxrair.exe
  2⤵
  PID:1256
- C:\Windows\System\QFcWbAA.exe
  C:\Windows\System\QFcWbAA.exe
  2⤵
  PID:1592
- C:\Windows\System\DtzfYtk.exe
  C:\Windows\System\DtzfYtk.exe
  2⤵
  PID:3060
- C:\Windows\System\PRQfDHJ.exe
  C:\Windows\System\PRQfDHJ.exe
  2⤵
  PID:1540
- C:\Windows\System\gNTLSqs.exe
  C:\Windows\System\gNTLSqs.exe
  2⤵
  PID:2512
- C:\Windows\System\QuCPOid.exe
  C:\Windows\System\QuCPOid.exe
  2⤵
  PID:2960
- C:\Windows\System\ryzbyQb.exe
  C:\Windows\System\ryzbyQb.exe
  2⤵
  PID:856
- C:\Windows\System\zaVgwwZ.exe
  C:\Windows\System\zaVgwwZ.exe
  2⤵
  PID:1408
- C:\Windows\System\NFZqWJt.exe
  C:\Windows\System\NFZqWJt.exe
  2⤵
  PID:2156
- C:\Windows\System\pfQNfzA.exe
  C:\Windows\System\pfQNfzA.exe
  2⤵
  PID:3044
- C:\Windows\System\dPNDvwQ.exe
  C:\Windows\System\dPNDvwQ.exe
  2⤵
  PID:1140
- C:\Windows\System\BLGQcBA.exe
  C:\Windows\System\BLGQcBA.exe
  2⤵
  PID:2252
- C:\Windows\System\KQwnhpi.exe
  C:\Windows\System\KQwnhpi.exe
  2⤵
  PID:2656
- C:\Windows\System\QZsvGOQ.exe
  C:\Windows\System\QZsvGOQ.exe
  2⤵
  PID:3000
- C:\Windows\System\rVMxCBu.exe
  C:\Windows\System\rVMxCBu.exe
  2⤵
  PID:1520
- C:\Windows\System\PmLHHZj.exe
  C:\Windows\System\PmLHHZj.exe
  2⤵
  PID:1920
- C:\Windows\System\gejlxSU.exe
  C:\Windows\System\gejlxSU.exe
  2⤵
  PID:2160
- C:\Windows\System\ceBcEsZ.exe
  C:\Windows\System\ceBcEsZ.exe
  2⤵
  PID:2848
- C:\Windows\System\CkmPzql.exe
  C:\Windows\System\CkmPzql.exe
  2⤵
  PID:1784
- C:\Windows\System\XvFFpye.exe
  C:\Windows\System\XvFFpye.exe
  2⤵
  PID:2420
- C:\Windows\System\kHdmhnt.exe
  C:\Windows\System\kHdmhnt.exe
  2⤵
  PID:2236
- C:\Windows\System\NuOEICa.exe
  C:\Windows\System\NuOEICa.exe
  2⤵
  PID:2376
- C:\Windows\System\yBUVgHV.exe
  C:\Windows\System\yBUVgHV.exe
  2⤵
  PID:1720
- C:\Windows\System\cUDjCND.exe
  C:\Windows\System\cUDjCND.exe
  2⤵
  PID:1688
- C:\Windows\System\gLHsmAc.exe
  C:\Windows\System\gLHsmAc.exe
  2⤵
  PID:3080
- C:\Windows\System\yojesNC.exe
  C:\Windows\System\yojesNC.exe
  2⤵
  PID:3100
- C:\Windows\System\nIAsgWS.exe
  C:\Windows\System\nIAsgWS.exe
  2⤵
  PID:3116
- C:\Windows\System\gwsSnRR.exe
  C:\Windows\System\gwsSnRR.exe
  2⤵
  PID:3132
- C:\Windows\System\nFrgqkM.exe
  C:\Windows\System\nFrgqkM.exe
  2⤵
  PID:3152
- C:\Windows\System\UIqBZdK.exe
  C:\Windows\System\UIqBZdK.exe
  2⤵
  PID:3168
- C:\Windows\System\UmYvrie.exe
  C:\Windows\System\UmYvrie.exe
  2⤵
  PID:3184
- C:\Windows\System\aWVKUde.exe
  C:\Windows\System\aWVKUde.exe
  2⤵
  PID:3200
- C:\Windows\System\gjJhBWx.exe
  C:\Windows\System\gjJhBWx.exe
  2⤵
  PID:3216
- C:\Windows\System\jTrABWi.exe
  C:\Windows\System\jTrABWi.exe
  2⤵
  PID:3232
- C:\Windows\System\yHNxSWO.exe
  C:\Windows\System\yHNxSWO.exe
  2⤵
  PID:3248
- C:\Windows\System\syNMcoi.exe
  C:\Windows\System\syNMcoi.exe
  2⤵
  PID:3264
- C:\Windows\System\WvrHlGN.exe
  C:\Windows\System\WvrHlGN.exe
  2⤵
  PID:3280
- C:\Windows\System\MnrXPjc.exe
  C:\Windows\System\MnrXPjc.exe
  2⤵
  PID:3300
- C:\Windows\System\Ykewikh.exe
  C:\Windows\System\Ykewikh.exe
  2⤵
  PID:3384
- C:\Windows\System\qJJsLmQ.exe
  C:\Windows\System\qJJsLmQ.exe
  2⤵
  PID:3400
- C:\Windows\System\gmnCOsu.exe
  C:\Windows\System\gmnCOsu.exe
  2⤵
  PID:3464
- C:\Windows\System\SiFQNmQ.exe
  C:\Windows\System\SiFQNmQ.exe
  2⤵
  PID:3480
- C:\Windows\System\wgzyKVk.exe
  C:\Windows\System\wgzyKVk.exe
  2⤵
  PID:3496
- C:\Windows\System\scFeQnL.exe
  C:\Windows\System\scFeQnL.exe
  2⤵
  PID:3512
- C:\Windows\System\eUtJerY.exe
  C:\Windows\System\eUtJerY.exe
  2⤵
  PID:3528
- C:\Windows\System\UiVBeSI.exe
  C:\Windows\System\UiVBeSI.exe
  2⤵
  PID:3544
- C:\Windows\System\KcleDLJ.exe
  C:\Windows\System\KcleDLJ.exe
  2⤵
  PID:3560
- C:\Windows\System\iFyzbdd.exe
  C:\Windows\System\iFyzbdd.exe
  2⤵
  PID:3576
- C:\Windows\System\PUBPDaz.exe
  C:\Windows\System\PUBPDaz.exe
  2⤵
  PID:3592
- C:\Windows\System\kMYKonP.exe
  C:\Windows\System\kMYKonP.exe
  2⤵
  PID:3608
- C:\Windows\System\nQFoxdT.exe
  C:\Windows\System\nQFoxdT.exe
  2⤵
  PID:3624
- C:\Windows\System\haSkUCz.exe
  C:\Windows\System\haSkUCz.exe
  2⤵
  PID:3640
- C:\Windows\System\EdHmbHn.exe
  C:\Windows\System\EdHmbHn.exe
  2⤵
  PID:3656
- C:\Windows\System\MqGwDbr.exe
  C:\Windows\System\MqGwDbr.exe
  2⤵
  PID:3672
- C:\Windows\System\XLkBawi.exe
  C:\Windows\System\XLkBawi.exe
  2⤵
  PID:3688
- C:\Windows\System\myIDWar.exe
  C:\Windows\System\myIDWar.exe
  2⤵
  PID:3704
- C:\Windows\System\uwmGswj.exe
  C:\Windows\System\uwmGswj.exe
  2⤵
  PID:3720
- C:\Windows\System\PetwEPC.exe
  C:\Windows\System\PetwEPC.exe
  2⤵
  PID:3736
- C:\Windows\System\rDDgymF.exe
  C:\Windows\System\rDDgymF.exe
  2⤵
  PID:3752
- C:\Windows\System\pkWjEza.exe
  C:\Windows\System\pkWjEza.exe
  2⤵
  PID:3768
- C:\Windows\System\yQbkjOp.exe
  C:\Windows\System\yQbkjOp.exe
  2⤵
  PID:3784
- C:\Windows\System\nwHjAIl.exe
  C:\Windows\System\nwHjAIl.exe
  2⤵
  PID:3800
- C:\Windows\System\orlWKDR.exe
  C:\Windows\System\orlWKDR.exe
  2⤵
  PID:3816
- C:\Windows\System\wKalNOp.exe
  C:\Windows\System\wKalNOp.exe
  2⤵
  PID:3832
- C:\Windows\System\OQdLPBd.exe
  C:\Windows\System\OQdLPBd.exe
  2⤵
  PID:3848
- C:\Windows\System\DmTxemj.exe
  C:\Windows\System\DmTxemj.exe
  2⤵
  PID:3864
- C:\Windows\System\YLPLpBC.exe
  C:\Windows\System\YLPLpBC.exe
  2⤵
  PID:3880
- C:\Windows\System\oMImCkA.exe
  C:\Windows\System\oMImCkA.exe
  2⤵
  PID:3896
- C:\Windows\System\KDiUuVH.exe
  C:\Windows\System\KDiUuVH.exe
  2⤵
  PID:3912
- C:\Windows\System\LRZYjnS.exe
  C:\Windows\System\LRZYjnS.exe
  2⤵
  PID:3928
- C:\Windows\System\KKvdmnL.exe
  C:\Windows\System\KKvdmnL.exe
  2⤵
  PID:3944
- C:\Windows\System\EWQstiC.exe
  C:\Windows\System\EWQstiC.exe
  2⤵
  PID:3960
- C:\Windows\System\UCjefIo.exe
  C:\Windows\System\UCjefIo.exe
  2⤵
  PID:3976
- C:\Windows\System\ThDzKGw.exe
  C:\Windows\System\ThDzKGw.exe
  2⤵
  PID:3992
- C:\Windows\System\PDHooJj.exe
  C:\Windows\System\PDHooJj.exe
  2⤵
  PID:4008
- C:\Windows\System\RsHXbpo.exe
  C:\Windows\System\RsHXbpo.exe
  2⤵
  PID:4024
- C:\Windows\System\eZMipki.exe
  C:\Windows\System\eZMipki.exe
  2⤵
  PID:4040
- C:\Windows\System\XvYbvnh.exe
  C:\Windows\System\XvYbvnh.exe
  2⤵
  PID:4056
- C:\Windows\System\wckzQTc.exe
  C:\Windows\System\wckzQTc.exe
  2⤵
  PID:4072
- C:\Windows\System\eXHgSsx.exe
  C:\Windows\System\eXHgSsx.exe
  2⤵
  PID:4088
- C:\Windows\System\MuZsUev.exe
  C:\Windows\System\MuZsUev.exe
  2⤵
  PID:588
- C:\Windows\System\DOvataH.exe
  C:\Windows\System\DOvataH.exe
  2⤵
  PID:2768
- C:\Windows\System\vkecrIm.exe
  C:\Windows\System\vkecrIm.exe
  2⤵
  PID:572
- C:\Windows\System\vlvbivL.exe
  C:\Windows\System\vlvbivL.exe
  2⤵
  PID:1472
- C:\Windows\System\HOdcczc.exe
  C:\Windows\System\HOdcczc.exe
  2⤵
  PID:3192
- C:\Windows\System\aFwojUA.exe
  C:\Windows\System\aFwojUA.exe
  2⤵
  PID:1996
- C:\Windows\System\nPivJdB.exe
  C:\Windows\System\nPivJdB.exe
  2⤵
  PID:3140
- C:\Windows\System\qLrNaqM.exe
  C:\Windows\System\qLrNaqM.exe
  2⤵
  PID:3208
- C:\Windows\System\ZLzygbI.exe
  C:\Windows\System\ZLzygbI.exe
  2⤵
  PID:3244
- C:\Windows\System\XJBjdAP.exe
  C:\Windows\System\XJBjdAP.exe
  2⤵
  PID:3316
- C:\Windows\System\TLcIAwu.exe
  C:\Windows\System\TLcIAwu.exe
  2⤵
  PID:3332
- C:\Windows\System\UJtMBZY.exe
  C:\Windows\System\UJtMBZY.exe
  2⤵
  PID:2824
- C:\Windows\System\LerWxzv.exe
  C:\Windows\System\LerWxzv.exe
  2⤵
  PID:348
- C:\Windows\System\VGkvSqc.exe
  C:\Windows\System\VGkvSqc.exe
  2⤵
  PID:3368
- C:\Windows\System\wATfgIu.exe
  C:\Windows\System\wATfgIu.exe
  2⤵
  PID:3256
- C:\Windows\System\mCCSYIU.exe
  C:\Windows\System\mCCSYIU.exe
  2⤵
  PID:3164
- C:\Windows\System\oSAyTpL.exe
  C:\Windows\System\oSAyTpL.exe
  2⤵
  PID:3228
- C:\Windows\System\cBUPPeB.exe
  C:\Windows\System\cBUPPeB.exe
  2⤵
  PID:3460
- C:\Windows\System\tIIyDqU.exe
  C:\Windows\System\tIIyDqU.exe
  2⤵
  PID:3524
- C:\Windows\System\pQZFwaT.exe
  C:\Windows\System\pQZFwaT.exe
  2⤵
  PID:3556
- C:\Windows\System\vMDLGym.exe
  C:\Windows\System\vMDLGym.exe
  2⤵
  PID:3540
- C:\Windows\System\ZhKtBsa.exe
  C:\Windows\System\ZhKtBsa.exe
  2⤵
  PID:3476
- C:\Windows\System\ZOBiVCc.exe
  C:\Windows\System\ZOBiVCc.exe
  2⤵
  PID:3620
- C:\Windows\System\WEveNwm.exe
  C:\Windows\System\WEveNwm.exe
  2⤵
  PID:3684
- C:\Windows\System\oLiJGFA.exe
  C:\Windows\System\oLiJGFA.exe
  2⤵
  PID:3748
- C:\Windows\System\ElhOCDu.exe
  C:\Windows\System\ElhOCDu.exe
  2⤵
  PID:3808
- C:\Windows\System\rszXAdu.exe
  C:\Windows\System\rszXAdu.exe
  2⤵
  PID:3872
- C:\Windows\System\SDYdryS.exe
  C:\Windows\System\SDYdryS.exe
  2⤵
  PID:3936
- C:\Windows\System\oXLkdxf.exe
  C:\Windows\System\oXLkdxf.exe
  2⤵
  PID:3600
- C:\Windows\System\ldvgklU.exe
  C:\Windows\System\ldvgklU.exe
  2⤵
  PID:3636
- C:\Windows\System\USVqDuB.exe
  C:\Windows\System\USVqDuB.exe
  2⤵
  PID:3700
- C:\Windows\System\azwzMKZ.exe
  C:\Windows\System\azwzMKZ.exe
  2⤵
  PID:4032
- C:\Windows\System\uETIVJy.exe
  C:\Windows\System\uETIVJy.exe
  2⤵
  PID:3792
- C:\Windows\System\ljloAcR.exe
  C:\Windows\System\ljloAcR.exe
  2⤵
  PID:3824
- C:\Windows\System\nDtPxvR.exe
  C:\Windows\System\nDtPxvR.exe
  2⤵
  PID:3796
- C:\Windows\System\lUlQFUm.exe
  C:\Windows\System\lUlQFUm.exe
  2⤵
  PID:4020
- C:\Windows\System\KPzuUQk.exe
  C:\Windows\System\KPzuUQk.exe
  2⤵
  PID:4084
- C:\Windows\System\scXaaFi.exe
  C:\Windows\System\scXaaFi.exe
  2⤵
  PID:3924
- C:\Windows\System\LfhwloG.exe
  C:\Windows\System\LfhwloG.exe
  2⤵
  PID:3988
- C:\Windows\System\YTbaWnM.exe
  C:\Windows\System\YTbaWnM.exe
  2⤵
  PID:2328
- C:\Windows\System\oNcUndR.exe
  C:\Windows\System\oNcUndR.exe
  2⤵
  PID:2304
- C:\Windows\System\BfwXuHl.exe
  C:\Windows\System\BfwXuHl.exe
  2⤵
  PID:3492
- C:\Windows\System\gTwgUqv.exe
  C:\Windows\System\gTwgUqv.exe
  2⤵
  PID:3588
- C:\Windows\System\omCxtKB.exe
  C:\Windows\System\omCxtKB.exe
  2⤵
  PID:2844
- C:\Windows\System\AXGKAsG.exe
  C:\Windows\System\AXGKAsG.exe
  2⤵
  PID:2776
- C:\Windows\System\FWzVqCR.exe
  C:\Windows\System\FWzVqCR.exe
  2⤵
  PID:3972
- C:\Windows\System\IQBEIBG.exe
  C:\Windows\System\IQBEIBG.exe
  2⤵
  PID:3696
- C:\Windows\System\ujtovPx.exe
  C:\Windows\System\ujtovPx.exe
  2⤵
  PID:3860
- C:\Windows\System\BqfSkbH.exe
  C:\Windows\System\BqfSkbH.exe
  2⤵
  PID:3888
- C:\Windows\System\XeqVvxC.exe
  C:\Windows\System\XeqVvxC.exe
  2⤵
  PID:4104
- C:\Windows\System\KaRFmop.exe
  C:\Windows\System\KaRFmop.exe
  2⤵
  PID:4120
- C:\Windows\System\Rqwtnve.exe
  C:\Windows\System\Rqwtnve.exe
  2⤵
  PID:4136
- C:\Windows\System\rAuOsOO.exe
  C:\Windows\System\rAuOsOO.exe
  2⤵
  PID:4152
- C:\Windows\System\rmrDVLM.exe
  C:\Windows\System\rmrDVLM.exe
  2⤵
  PID:4168
- C:\Windows\System\amQXAbt.exe
  C:\Windows\System\amQXAbt.exe
  2⤵
  PID:4188
- C:\Windows\System\IEyoqwY.exe
  C:\Windows\System\IEyoqwY.exe
  2⤵
  PID:4216
- C:\Windows\System\ysogxXc.exe
  C:\Windows\System\ysogxXc.exe
  2⤵
  PID:4240
- C:\Windows\System\xQsvkQb.exe
  C:\Windows\System\xQsvkQb.exe
  2⤵
  PID:4256
- C:\Windows\System\PsrUYTf.exe
  C:\Windows\System\PsrUYTf.exe
  2⤵
  PID:4272
- C:\Windows\System\CNRegnD.exe
  C:\Windows\System\CNRegnD.exe
  2⤵
  PID:4288
- C:\Windows\System\zWZuPcE.exe
  C:\Windows\System\zWZuPcE.exe
  2⤵
  PID:4304
- C:\Windows\System\NXYuvvs.exe
  C:\Windows\System\NXYuvvs.exe
  2⤵
  PID:4320
- C:\Windows\System\JeleNLm.exe
  C:\Windows\System\JeleNLm.exe
  2⤵
  PID:4336
- C:\Windows\System\ryWkyzw.exe
  C:\Windows\System\ryWkyzw.exe
  2⤵
  PID:4352
- C:\Windows\System\xlTmCdi.exe
  C:\Windows\System\xlTmCdi.exe
  2⤵
  PID:4368
- C:\Windows\System\SmLcRRk.exe
  C:\Windows\System\SmLcRRk.exe
  2⤵
  PID:4384
- C:\Windows\System\COOAHus.exe
  C:\Windows\System\COOAHus.exe
  2⤵
  PID:4400
- C:\Windows\System\nGHUAeP.exe
  C:\Windows\System\nGHUAeP.exe
  2⤵
  PID:4416
- C:\Windows\System\mQayuFy.exe
  C:\Windows\System\mQayuFy.exe
  2⤵
  PID:4432
- C:\Windows\System\ZOgnBtv.exe
  C:\Windows\System\ZOgnBtv.exe
  2⤵
  PID:4448
- C:\Windows\System\tZSvnAM.exe
  C:\Windows\System\tZSvnAM.exe
  2⤵
  PID:4464
- C:\Windows\System\XPuWnfl.exe
  C:\Windows\System\XPuWnfl.exe
  2⤵
  PID:4480
- C:\Windows\System\zJOTtyE.exe
  C:\Windows\System\zJOTtyE.exe
  2⤵
  PID:4496
- C:\Windows\System\EmJEchA.exe
  C:\Windows\System\EmJEchA.exe
  2⤵
  PID:4512
- C:\Windows\System\RXGTxFm.exe
  C:\Windows\System\RXGTxFm.exe
  2⤵
  PID:4528
- C:\Windows\System\MpHPpfh.exe
  C:\Windows\System\MpHPpfh.exe
  2⤵
  PID:4544
- C:\Windows\System\UDwcJwM.exe
  C:\Windows\System\UDwcJwM.exe
  2⤵
  PID:4560
- C:\Windows\System\tBOomST.exe
  C:\Windows\System\tBOomST.exe
  2⤵
  PID:4576
- C:\Windows\System\ZJkcqLt.exe
  C:\Windows\System\ZJkcqLt.exe
  2⤵
  PID:4592
- C:\Windows\System\AEndvfv.exe
  C:\Windows\System\AEndvfv.exe
  2⤵
  PID:4608
- C:\Windows\System\qvmiAPu.exe
  C:\Windows\System\qvmiAPu.exe
  2⤵
  PID:4624
- C:\Windows\System\izlbzwf.exe
  C:\Windows\System\izlbzwf.exe
  2⤵
  PID:4640
- C:\Windows\System\DGOyYdQ.exe
  C:\Windows\System\DGOyYdQ.exe
  2⤵
  PID:4656
- C:\Windows\System\iWKHGWK.exe
  C:\Windows\System\iWKHGWK.exe
  2⤵
  PID:4672
- C:\Windows\System\xyPjpQm.exe
  C:\Windows\System\xyPjpQm.exe
  2⤵
  PID:4688
- C:\Windows\System\cYwqvks.exe
  C:\Windows\System\cYwqvks.exe
  2⤵
  PID:4704
- C:\Windows\System\HnBgGCC.exe
  C:\Windows\System\HnBgGCC.exe
  2⤵
  PID:4720
- C:\Windows\System\tdpqahV.exe
  C:\Windows\System\tdpqahV.exe
  2⤵
  PID:4736
- C:\Windows\System\iCJXZta.exe
  C:\Windows\System\iCJXZta.exe
  2⤵
  PID:4752
- C:\Windows\System\fbDfYVX.exe
  C:\Windows\System\fbDfYVX.exe
  2⤵
  PID:4768
- C:\Windows\System\wnBnjcw.exe
  C:\Windows\System\wnBnjcw.exe
  2⤵
  PID:4784
- C:\Windows\System\kJlNvSt.exe
  C:\Windows\System\kJlNvSt.exe
  2⤵
  PID:4800
- C:\Windows\System\ySXMCRt.exe
  C:\Windows\System\ySXMCRt.exe
  2⤵
  PID:4816
- C:\Windows\System\YlUKrnx.exe
  C:\Windows\System\YlUKrnx.exe
  2⤵
  PID:4832
- C:\Windows\System\NlDfZyk.exe
  C:\Windows\System\NlDfZyk.exe
  2⤵
  PID:4848
- C:\Windows\System\wLBjCXS.exe
  C:\Windows\System\wLBjCXS.exe
  2⤵
  PID:4864
- C:\Windows\System\udgHEsT.exe
  C:\Windows\System\udgHEsT.exe
  2⤵
  PID:4880
- C:\Windows\System\akfzLGi.exe
  C:\Windows\System\akfzLGi.exe
  2⤵
  PID:4896
- C:\Windows\System\BIwMJVU.exe
  C:\Windows\System\BIwMJVU.exe
  2⤵
  PID:4912
- C:\Windows\System\aNyodTU.exe
  C:\Windows\System\aNyodTU.exe
  2⤵
  PID:4928
- C:\Windows\System\BFNuOPA.exe
  C:\Windows\System\BFNuOPA.exe
  2⤵
  PID:4944
- C:\Windows\System\ucsGVqh.exe
  C:\Windows\System\ucsGVqh.exe
  2⤵
  PID:4960
- C:\Windows\System\aSPkHKg.exe
  C:\Windows\System\aSPkHKg.exe
  2⤵
  PID:4976
- C:\Windows\System\fSKtvPa.exe
  C:\Windows\System\fSKtvPa.exe
  2⤵
  PID:4992
- C:\Windows\System\wYIEmtM.exe
  C:\Windows\System\wYIEmtM.exe
  2⤵
  PID:5008
- C:\Windows\System\yghTypM.exe
  C:\Windows\System\yghTypM.exe
  2⤵
  PID:5024
- C:\Windows\System\bwAOqpu.exe
  C:\Windows\System\bwAOqpu.exe
  2⤵
  PID:5040
- C:\Windows\System\qgmIIeO.exe
  C:\Windows\System\qgmIIeO.exe
  2⤵
  PID:5056
- C:\Windows\System\eWtNQoL.exe
  C:\Windows\System\eWtNQoL.exe
  2⤵
  PID:5072
- C:\Windows\System\ZaCJtUv.exe
  C:\Windows\System\ZaCJtUv.exe
  2⤵
  PID:5088
- C:\Windows\System\VdWjLdj.exe
  C:\Windows\System\VdWjLdj.exe
  2⤵
  PID:5104
- C:\Windows\System\pugWpjX.exe
  C:\Windows\System\pugWpjX.exe
  2⤵
  PID:3344
- C:\Windows\System\CGJSWov.exe
  C:\Windows\System\CGJSWov.exe
  2⤵
  PID:3504
- C:\Windows\System\ONaRGRH.exe
  C:\Windows\System\ONaRGRH.exe
  2⤵
  PID:4080
- C:\Windows\System\zjnDUrZ.exe
  C:\Windows\System\zjnDUrZ.exe
  2⤵
  PID:3096
- C:\Windows\System\aQCOWos.exe
  C:\Windows\System\aQCOWos.exe
  2⤵
  PID:4148
- C:\Windows\System\BxjBYQX.exe
  C:\Windows\System\BxjBYQX.exe
  2⤵
  PID:4224
- C:\Windows\System\lAcxLsn.exe
  C:\Windows\System\lAcxLsn.exe
  2⤵
  PID:4016
- C:\Windows\System\FFbiUOO.exe
  C:\Windows\System\FFbiUOO.exe
  2⤵
  PID:3780
- C:\Windows\System\ibHeUZg.exe
  C:\Windows\System\ibHeUZg.exe
  2⤵
  PID:4328
- C:\Windows\System\tUFeCpe.exe
  C:\Windows\System\tUFeCpe.exe
  2⤵
  PID:3568
- C:\Windows\System\QyGPLHt.exe
  C:\Windows\System\QyGPLHt.exe
  2⤵
  PID:3764
- C:\Windows\System\KLDzwIB.exe
  C:\Windows\System\KLDzwIB.exe
  2⤵
  PID:3904
- C:\Windows\System\uRASIyV.exe
  C:\Windows\System\uRASIyV.exe
  2⤵
  PID:4360
- C:\Windows\System\XTbODPe.exe
  C:\Windows\System\XTbODPe.exe
  2⤵
  PID:4424
- C:\Windows\System\VYvekrk.exe
  C:\Windows\System\VYvekrk.exe
  2⤵
  PID:2184
- C:\Windows\System\jowhoEy.exe
  C:\Windows\System\jowhoEy.exe
  2⤵
  PID:4488
- C:\Windows\System\SSQLxNg.exe
  C:\Windows\System\SSQLxNg.exe
  2⤵
  PID:2604
- C:\Windows\System\pNnPhvX.exe
  C:\Windows\System\pNnPhvX.exe
  2⤵
  PID:3212
- C:\Windows\System\iKPUiiV.exe
  C:\Windows\System\iKPUiiV.exe
  2⤵
  PID:3328
- C:\Windows\System\LFAvPMv.exe
  C:\Windows\System\LFAvPMv.exe
  2⤵
  PID:2264
- C:\Windows\System\cLwDgKT.exe
  C:\Windows\System\cLwDgKT.exe
  2⤵
  PID:3380
- C:\Windows\System\QClhJRQ.exe
  C:\Windows\System\QClhJRQ.exe
  2⤵
  PID:4520
- C:\Windows\System\KtsAELY.exe
  C:\Windows\System\KtsAELY.exe
  2⤵
  PID:4068
- C:\Windows\System\zeXnwgW.exe
  C:\Windows\System\zeXnwgW.exe
  2⤵
  PID:4128
- C:\Windows\System\NNAGznw.exe
  C:\Windows\System\NNAGznw.exe
  2⤵
  PID:4196
- C:\Windows\System\oEwTaMC.exe
  C:\Windows\System\oEwTaMC.exe
  2⤵
  PID:4212
- C:\Windows\System\KHjvBzI.exe
  C:\Windows\System\KHjvBzI.exe
  2⤵
  PID:4280
- C:\Windows\System\JywIRCQ.exe
  C:\Windows\System\JywIRCQ.exe
  2⤵
  PID:4344
- C:\Windows\System\NRbqrHi.exe
  C:\Windows\System\NRbqrHi.exe
  2⤵
  PID:4408
- C:\Windows\System\wMakgfB.exe
  C:\Windows\System\wMakgfB.exe
  2⤵
  PID:4552
- C:\Windows\System\SeSIzRf.exe
  C:\Windows\System\SeSIzRf.exe
  2⤵
  PID:4508
- C:\Windows\System\puVpPYs.exe
  C:\Windows\System\puVpPYs.exe
  2⤵
  PID:4568
- C:\Windows\System\RETyHVH.exe
  C:\Windows\System\RETyHVH.exe
  2⤵
  PID:4600
- C:\Windows\System\elIIWMm.exe
  C:\Windows\System\elIIWMm.exe
  2⤵
  PID:4632
- C:\Windows\System\vxEPBYs.exe
  C:\Windows\System\vxEPBYs.exe
  2⤵
  PID:4664
- C:\Windows\System\mpIIZrM.exe
  C:\Windows\System\mpIIZrM.exe
  2⤵
  PID:4696
- C:\Windows\System\UItNaMF.exe
  C:\Windows\System\UItNaMF.exe
  2⤵
  PID:4728
- C:\Windows\System\TbpkGXB.exe
  C:\Windows\System\TbpkGXB.exe
  2⤵
  PID:4760
- C:\Windows\System\SBchdgI.exe
  C:\Windows\System\SBchdgI.exe
  2⤵
  PID:4792
- C:\Windows\System\VwaDxPj.exe
  C:\Windows\System\VwaDxPj.exe
  2⤵
  PID:4824
- C:\Windows\System\HfNODTR.exe
  C:\Windows\System\HfNODTR.exe
  2⤵
  PID:4856
- C:\Windows\System\jvvIUuu.exe
  C:\Windows\System\jvvIUuu.exe
  2⤵
  PID:4888
- C:\Windows\System\ZwJaxxy.exe
  C:\Windows\System\ZwJaxxy.exe
  2⤵
  PID:4920
- C:\Windows\System\IWzNZXA.exe
  C:\Windows\System\IWzNZXA.exe
  2⤵
  PID:4952
- C:\Windows\System\jTHtyAv.exe
  C:\Windows\System\jTHtyAv.exe
  2⤵
  PID:4984
- C:\Windows\System\VBccJqL.exe
  C:\Windows\System\VBccJqL.exe
  2⤵
  PID:5016
- C:\Windows\System\FQwiJMA.exe
  C:\Windows\System\FQwiJMA.exe
  2⤵
  PID:5048
- C:\Windows\System\vqGsJMC.exe
  C:\Windows\System\vqGsJMC.exe
  2⤵
  PID:5080
- C:\Windows\System\kcYVYvM.exe
  C:\Windows\System\kcYVYvM.exe
  2⤵
  PID:5112
- C:\Windows\System\tAgRaes.exe
  C:\Windows\System\tAgRaes.exe
  2⤵
  PID:3128
- C:\Windows\System\gyrXXGe.exe
  C:\Windows\System\gyrXXGe.exe
  2⤵
  PID:4116
- C:\Windows\System\tyeUKbM.exe
  C:\Windows\System\tyeUKbM.exe
  2⤵
  PID:3292
- C:\Windows\System\uxHFygA.exe
  C:\Windows\System\uxHFygA.exe
  2⤵
  PID:3776
- C:\Windows\System\YLAbLbj.exe
  C:\Windows\System\YLAbLbj.exe
  2⤵
  PID:3296
- C:\Windows\System\epztkHm.exe
  C:\Windows\System\epztkHm.exe
  2⤵
  PID:3032
- C:\Windows\System\aNOYuay.exe
  C:\Windows\System\aNOYuay.exe
  2⤵
  PID:2280
- C:\Windows\System\dfXaHXK.exe
  C:\Windows\System\dfXaHXK.exe
  2⤵
  PID:4460
- C:\Windows\System\eAArCWQ.exe
  C:\Windows\System\eAArCWQ.exe
  2⤵
  PID:3240
- C:\Windows\System\YBTPggJ.exe
  C:\Windows\System\YBTPggJ.exe
  2⤵
  PID:3272
- C:\Windows\System\MXHetAj.exe
  C:\Windows\System\MXHetAj.exe
  2⤵
  PID:3376
- C:\Windows\System\pGMspxi.exe
  C:\Windows\System\pGMspxi.exe
  2⤵
  PID:4100
- C:\Windows\System\NYCJllL.exe
  C:\Windows\System\NYCJllL.exe
  2⤵
  PID:4208
- C:\Windows\System\IQckbSy.exe
  C:\Windows\System\IQckbSy.exe
  2⤵
  PID:4316
- C:\Windows\System\xKhPRTX.exe
  C:\Windows\System\xKhPRTX.exe
  2⤵
  PID:4444
- C:\Windows\System\PDuSywp.exe
  C:\Windows\System\PDuSywp.exe
  2⤵
  PID:4540
- C:\Windows\System\tTySkOv.exe
  C:\Windows\System\tTySkOv.exe
  2⤵
  PID:4620
- C:\Windows\System\NdYGrwk.exe
  C:\Windows\System\NdYGrwk.exe
  2⤵
  PID:4684
- C:\Windows\System\NJsaNpK.exe
  C:\Windows\System\NJsaNpK.exe
  2⤵
  PID:4748
- C:\Windows\System\PClanaM.exe
  C:\Windows\System\PClanaM.exe
  2⤵
  PID:4812
- C:\Windows\System\rauFqcI.exe
  C:\Windows\System\rauFqcI.exe
  2⤵
  PID:4844
- C:\Windows\System\afMeADf.exe
  C:\Windows\System\afMeADf.exe
  2⤵
  PID:4924
- C:\Windows\System\VovtCmL.exe
  C:\Windows\System\VovtCmL.exe
  2⤵
  PID:4972
- C:\Windows\System\OsLONqY.exe
  C:\Windows\System\OsLONqY.exe
  2⤵
  PID:5052
- C:\Windows\System\rKlxYHk.exe
  C:\Windows\System\rKlxYHk.exe
  2⤵
  PID:5100
- C:\Windows\System\vDFPFIe.exe
  C:\Windows\System\vDFPFIe.exe
  2⤵
  PID:3760
- C:\Windows\System\HoKElQf.exe
  C:\Windows\System\HoKElQf.exe
  2⤵
  PID:4236
- C:\Windows\System\PdJDByK.exe
  C:\Windows\System\PdJDByK.exe
  2⤵
  PID:4000
- C:\Windows\System\MYCTaSj.exe
  C:\Windows\System\MYCTaSj.exe
  2⤵
  PID:4456
- C:\Windows\System\HMtCsrF.exe
  C:\Windows\System\HMtCsrF.exe
  2⤵
  PID:2740
- C:\Windows\System\QSPxqbu.exe
  C:\Windows\System\QSPxqbu.exe
  2⤵
  PID:3616
- C:\Windows\System\zEhoJDR.exe
  C:\Windows\System\zEhoJDR.exe
  2⤵
  PID:4252
- C:\Windows\System\eeXuMtF.exe
  C:\Windows\System\eeXuMtF.exe
  2⤵
  PID:4604
- C:\Windows\System\VphwOFM.exe
  C:\Windows\System\VphwOFM.exe
  2⤵
  PID:4652
- C:\Windows\System\OqSUoxo.exe
  C:\Windows\System\OqSUoxo.exe
  2⤵
  PID:4780
- C:\Windows\System\EHPyvTR.exe
  C:\Windows\System\EHPyvTR.exe
  2⤵
  PID:5132
- C:\Windows\System\vksJXic.exe
  C:\Windows\System\vksJXic.exe
  2⤵
  PID:5148
- C:\Windows\System\NdUlDPl.exe
  C:\Windows\System\NdUlDPl.exe
  2⤵
  PID:5164
- C:\Windows\System\JvJLrDE.exe
  C:\Windows\System\JvJLrDE.exe
  2⤵
  PID:5180
- C:\Windows\System\CQlIkXc.exe
  C:\Windows\System\CQlIkXc.exe
  2⤵
  PID:5196
- C:\Windows\System\kWhFgyd.exe
  C:\Windows\System\kWhFgyd.exe
  2⤵
  PID:5212
- C:\Windows\System\oENFcbz.exe
  C:\Windows\System\oENFcbz.exe
  2⤵
  PID:5228
- C:\Windows\System\ThhkCvz.exe
  C:\Windows\System\ThhkCvz.exe
  2⤵
  PID:5244
- C:\Windows\System\lFLGvYK.exe
  C:\Windows\System\lFLGvYK.exe
  2⤵
  PID:5260
- C:\Windows\System\lMKMxjQ.exe
  C:\Windows\System\lMKMxjQ.exe
  2⤵
  PID:5276
- C:\Windows\System\WUCebpI.exe
  C:\Windows\System\WUCebpI.exe
  2⤵
  PID:5292
- C:\Windows\System\uCoXuqt.exe
  C:\Windows\System\uCoXuqt.exe
  2⤵
  PID:5308
- C:\Windows\System\cGTSTjl.exe
  C:\Windows\System\cGTSTjl.exe
  2⤵
  PID:5324
- C:\Windows\System\klIlYxj.exe
  C:\Windows\System\klIlYxj.exe
  2⤵
  PID:5340
- C:\Windows\System\oepQtZI.exe
  C:\Windows\System\oepQtZI.exe
  2⤵
  PID:5356
- C:\Windows\System\obItXCe.exe
  C:\Windows\System\obItXCe.exe
  2⤵
  PID:5372
- C:\Windows\System\tNAFwjU.exe
  C:\Windows\System\tNAFwjU.exe
  2⤵
  PID:5388
- C:\Windows\System\RrQeiof.exe
  C:\Windows\System\RrQeiof.exe
  2⤵
  PID:5412
- C:\Windows\System\mXgfqcE.exe
  C:\Windows\System\mXgfqcE.exe
  2⤵
  PID:5428
- C:\Windows\System\nRIfSCL.exe
  C:\Windows\System\nRIfSCL.exe
  2⤵
  PID:5444
- C:\Windows\System\WvhkNri.exe
  C:\Windows\System\WvhkNri.exe
  2⤵
  PID:5460
- C:\Windows\System\WawuUxw.exe
  C:\Windows\System\WawuUxw.exe
  2⤵
  PID:5476
- C:\Windows\System\keFhbHN.exe
  C:\Windows\System\keFhbHN.exe
  2⤵
  PID:5492
- C:\Windows\System\yPDhkJW.exe
  C:\Windows\System\yPDhkJW.exe
  2⤵
  PID:5508
- C:\Windows\System\NBGyyMP.exe
  C:\Windows\System\NBGyyMP.exe
  2⤵
  PID:5524
- C:\Windows\System\QzOxWtD.exe
  C:\Windows\System\QzOxWtD.exe
  2⤵
  PID:5540
- C:\Windows\System\IAIlgSD.exe
  C:\Windows\System\IAIlgSD.exe
  2⤵
  PID:5556
- C:\Windows\System\wEqmjYz.exe
  C:\Windows\System\wEqmjYz.exe
  2⤵
  PID:5572
- C:\Windows\System\fnPRKXk.exe
  C:\Windows\System\fnPRKXk.exe
  2⤵
  PID:5588
- C:\Windows\System\RcEudIj.exe
  C:\Windows\System\RcEudIj.exe
  2⤵
  PID:5604
- C:\Windows\System\tbPTqHh.exe
  C:\Windows\System\tbPTqHh.exe
  2⤵
  PID:5620
- C:\Windows\System\UGHrKQt.exe
  C:\Windows\System\UGHrKQt.exe
  2⤵
  PID:5636
- C:\Windows\System\yhuemPM.exe
  C:\Windows\System\yhuemPM.exe
  2⤵
  PID:5652
- C:\Windows\System\LZldKdV.exe
  C:\Windows\System\LZldKdV.exe
  2⤵
  PID:5668
- C:\Windows\System\MsGHenI.exe
  C:\Windows\System\MsGHenI.exe
  2⤵
  PID:5684
- C:\Windows\System\SAXpcPz.exe
  C:\Windows\System\SAXpcPz.exe
  2⤵
  PID:5700
- C:\Windows\System\oxolUvW.exe
  C:\Windows\System\oxolUvW.exe
  2⤵
  PID:5716
- C:\Windows\System\KunNdJJ.exe
  C:\Windows\System\KunNdJJ.exe
  2⤵
  PID:5732
- C:\Windows\System\JFpEAJy.exe
  C:\Windows\System\JFpEAJy.exe
  2⤵
  PID:5748
- C:\Windows\System\IYSmomE.exe
  C:\Windows\System\IYSmomE.exe
  2⤵
  PID:5764
- C:\Windows\System\bEYMwNi.exe
  C:\Windows\System\bEYMwNi.exe
  2⤵
  PID:5780
- C:\Windows\System\QPFdtsT.exe
  C:\Windows\System\QPFdtsT.exe
  2⤵
  PID:5796
- C:\Windows\System\VbJqGPJ.exe
  C:\Windows\System\VbJqGPJ.exe
  2⤵
  PID:5812
- C:\Windows\System\GXwLFmW.exe
  C:\Windows\System\GXwLFmW.exe
  2⤵
  PID:5828
- C:\Windows\System\zVOCUrV.exe
  C:\Windows\System\zVOCUrV.exe
  2⤵
  PID:5844
- C:\Windows\System\zeGsGyF.exe
  C:\Windows\System\zeGsGyF.exe
  2⤵
  PID:5860
- C:\Windows\System\xcrviHQ.exe
  C:\Windows\System\xcrviHQ.exe
  2⤵
  PID:5876
- C:\Windows\System\WKolqQg.exe
  C:\Windows\System\WKolqQg.exe
  2⤵
  PID:5892
- C:\Windows\System\lTVUmGo.exe
  C:\Windows\System\lTVUmGo.exe
  2⤵
  PID:5908
- C:\Windows\System\xStZmmw.exe
  C:\Windows\System\xStZmmw.exe
  2⤵
  PID:5924
- C:\Windows\System\ddUdHzQ.exe
  C:\Windows\System\ddUdHzQ.exe
  2⤵
  PID:5940
- C:\Windows\System\ZDnRWHH.exe
  C:\Windows\System\ZDnRWHH.exe
  2⤵
  PID:5956
- C:\Windows\System\xbvqbjq.exe
  C:\Windows\System\xbvqbjq.exe
  2⤵
  PID:5972
- C:\Windows\System\jFjnVxw.exe
  C:\Windows\System\jFjnVxw.exe
  2⤵
  PID:5988
- C:\Windows\System\RENJYuX.exe
  C:\Windows\System\RENJYuX.exe
  2⤵
  PID:6004
- C:\Windows\System\NqpcWJH.exe
  C:\Windows\System\NqpcWJH.exe
  2⤵
  PID:6020
- C:\Windows\System\DcuIJNu.exe
  C:\Windows\System\DcuIJNu.exe
  2⤵
  PID:6036
- C:\Windows\System\BgicGUX.exe
  C:\Windows\System\BgicGUX.exe
  2⤵
  PID:6052
- C:\Windows\System\HAyopeT.exe
  C:\Windows\System\HAyopeT.exe
  2⤵
  PID:6068
- C:\Windows\System\uHgtZId.exe
  C:\Windows\System\uHgtZId.exe
  2⤵
  PID:6084
- C:\Windows\System\qwOcNJr.exe
  C:\Windows\System\qwOcNJr.exe
  2⤵
  PID:6100
- C:\Windows\System\OZiQHDA.exe
  C:\Windows\System\OZiQHDA.exe
  2⤵
  PID:6116
- C:\Windows\System\NcQYvtz.exe
  C:\Windows\System\NcQYvtz.exe
  2⤵
  PID:6132
- C:\Windows\System\jtbQwKO.exe
  C:\Windows\System\jtbQwKO.exe
  2⤵
  PID:4956
- C:\Windows\System\trmxUTb.exe
  C:\Windows\System\trmxUTb.exe
  2⤵
  PID:2644
- C:\Windows\System\GlJRHJo.exe
  C:\Windows\System\GlJRHJo.exe
  2⤵
  PID:3668
- C:\Windows\System\afanqYf.exe
  C:\Windows\System\afanqYf.exe
  2⤵
  PID:4228
- C:\Windows\System\jLcIrDc.exe
  C:\Windows\System\jLcIrDc.exe
  2⤵
  PID:3572
- C:\Windows\System\dNtJIjl.exe
  C:\Windows\System\dNtJIjl.exe
  2⤵
  PID:2896
- C:\Windows\System\xAGmSnF.exe
  C:\Windows\System\xAGmSnF.exe
  2⤵
  PID:4536
- C:\Windows\System\hcIdBtB.exe
  C:\Windows\System\hcIdBtB.exe
  2⤵
  PID:4668
- C:\Windows\System\XbVPzTb.exe
  C:\Windows\System\XbVPzTb.exe
  2⤵
  PID:5128
- C:\Windows\System\qIliNvp.exe
  C:\Windows\System\qIliNvp.exe
  2⤵
  PID:5160
- C:\Windows\System\ugXsbpr.exe
  C:\Windows\System\ugXsbpr.exe
  2⤵
  PID:5236
- C:\Windows\System\IxtLMgS.exe
  C:\Windows\System\IxtLMgS.exe
  2⤵
  PID:5220
- C:\Windows\System\LvgaGay.exe
  C:\Windows\System\LvgaGay.exe
  2⤵
  PID:5268
- C:\Windows\System\MFJtnZL.exe
  C:\Windows\System\MFJtnZL.exe
  2⤵
  PID:5300
- C:\Windows\System\xzsgaeO.exe
  C:\Windows\System\xzsgaeO.exe
  2⤵
  PID:5288
- C:\Windows\System\CaWqHXT.exe
  C:\Windows\System\CaWqHXT.exe
  2⤵
  PID:5364
- C:\Windows\System\oycNULV.exe
  C:\Windows\System\oycNULV.exe
  2⤵
  PID:5396
- C:\Windows\System\qGtUczV.exe
  C:\Windows\System\qGtUczV.exe
  2⤵
  PID:5420
- C:\Windows\System\nDkITOR.exe
  C:\Windows\System\nDkITOR.exe
  2⤵
  PID:5452
- C:\Windows\System\nQjURfK.exe
  C:\Windows\System\nQjURfK.exe
  2⤵
  PID:5484
- C:\Windows\System\JioDaaS.exe
  C:\Windows\System\JioDaaS.exe
  2⤵
  PID:5532
- C:\Windows\System\rZsIDUQ.exe
  C:\Windows\System\rZsIDUQ.exe
  2⤵
  PID:5548
- C:\Windows\System\SKhUMZG.exe
  C:\Windows\System\SKhUMZG.exe
  2⤵
  PID:5580
- C:\Windows\System\LDBwYej.exe
  C:\Windows\System\LDBwYej.exe
  2⤵
  PID:5612
- C:\Windows\System\OObwHXI.exe
  C:\Windows\System\OObwHXI.exe
  2⤵
  PID:5660
- C:\Windows\System\seeoVhH.exe
  C:\Windows\System\seeoVhH.exe
  2⤵
  PID:5676
- C:\Windows\System\jlcDllO.exe
  C:\Windows\System\jlcDllO.exe
  2⤵
  PID:5708
- C:\Windows\System\pBHnLfk.exe
  C:\Windows\System\pBHnLfk.exe
  2⤵
  PID:5740
- C:\Windows\System\OhQZjJU.exe
  C:\Windows\System\OhQZjJU.exe
  2⤵
  PID:5772
- C:\Windows\System\PPpcjTl.exe
  C:\Windows\System\PPpcjTl.exe
  2⤵
  PID:5820
- C:\Windows\System\ECelIKy.exe
  C:\Windows\System\ECelIKy.exe
  2⤵
  PID:5852
- C:\Windows\System\rvdILmP.exe
  C:\Windows\System\rvdILmP.exe
  2⤵
  PID:5868
- C:\Windows\System\sHwwndr.exe
  C:\Windows\System\sHwwndr.exe
  2⤵
  PID:5916
- C:\Windows\System\PtSckjv.exe
  C:\Windows\System\PtSckjv.exe
  2⤵
  PID:5932
- C:\Windows\System\iSKIyty.exe
  C:\Windows\System\iSKIyty.exe
  2⤵
  PID:5952
- C:\Windows\System\xhwvegj.exe
  C:\Windows\System\xhwvegj.exe
  2⤵
  PID:5984
- C:\Windows\System\SOpGoyn.exe
  C:\Windows\System\SOpGoyn.exe
  2⤵
  PID:6016
- C:\Windows\System\mFcgFyU.exe
  C:\Windows\System\mFcgFyU.exe
  2⤵
  PID:6048
- C:\Windows\System\ExVhZdk.exe
  C:\Windows\System\ExVhZdk.exe
  2⤵
  PID:6080
- C:\Windows\System\XBBGzQm.exe
  C:\Windows\System\XBBGzQm.exe
  2⤵
  PID:6112
- C:\Windows\System\ZmPHrwP.exe
  C:\Windows\System\ZmPHrwP.exe
  2⤵
  PID:2084
- C:\Windows\System\qxcdlyN.exe
  C:\Windows\System\qxcdlyN.exe
  2⤵
  PID:5020
- C:\Windows\System\DYAmrNV.exe
  C:\Windows\System\DYAmrNV.exe
  2⤵
  PID:4332
- C:\Windows\System\zwmylAO.exe
  C:\Windows\System\zwmylAO.exe
  2⤵
  PID:3412
- C:\Windows\System\vjlYrHg.exe
  C:\Windows\System\vjlYrHg.exe
  2⤵
  PID:4796
- C:\Windows\System\NtesufW.exe
  C:\Windows\System\NtesufW.exe
  2⤵
  PID:5172
- C:\Windows\System\SeFpkTI.exe
  C:\Windows\System\SeFpkTI.exe
  2⤵
  PID:5192
- C:\Windows\System\AuGtDpj.exe
  C:\Windows\System\AuGtDpj.exe
  2⤵
  PID:5284
- C:\Windows\System\hvzCodc.exe
  C:\Windows\System\hvzCodc.exe
  2⤵
  PID:5348
- C:\Windows\System\iQqabbr.exe
  C:\Windows\System\iQqabbr.exe
  2⤵
  PID:2356
- C:\Windows\System\DyWBVVP.exe
  C:\Windows\System\DyWBVVP.exe
  2⤵
  PID:5504
- C:\Windows\System\KoWjhqG.exe
  C:\Windows\System\KoWjhqG.exe
  2⤵
  PID:5536
- C:\Windows\System\VJJydbh.exe
  C:\Windows\System\VJJydbh.exe
  2⤵
  PID:5584
- C:\Windows\System\NXJAxLV.exe
  C:\Windows\System\NXJAxLV.exe
  2⤵
  PID:5696
- C:\Windows\System\JSlUTqt.exe
  C:\Windows\System\JSlUTqt.exe
  2⤵
  PID:5728
- C:\Windows\System\wFiTaKm.exe
  C:\Windows\System\wFiTaKm.exe
  2⤵
  PID:5792
- C:\Windows\System\WBuSfck.exe
  C:\Windows\System\WBuSfck.exe
  2⤵
  PID:5888
- C:\Windows\System\wPwaPJC.exe
  C:\Windows\System\wPwaPJC.exe
  2⤵
  PID:5948
- C:\Windows\System\qzkKMbi.exe
  C:\Windows\System\qzkKMbi.exe
  2⤵
  PID:6012
- C:\Windows\System\SjGZihO.exe
  C:\Windows\System\SjGZihO.exe
  2⤵
  PID:6044
- C:\Windows\System\sIWymOX.exe
  C:\Windows\System\sIWymOX.exe
  2⤵
  PID:6076
- C:\Windows\System\QZGapzC.exe
  C:\Windows\System\QZGapzC.exe
  2⤵
  PID:6128
- C:\Windows\System\QCwwKxZ.exe
  C:\Windows\System\QCwwKxZ.exe
  2⤵
  PID:3124
- C:\Windows\System\gKglbLZ.exe
  C:\Windows\System\gKglbLZ.exe
  2⤵
  PID:5124
- C:\Windows\System\zpnfpTw.exe
  C:\Windows\System\zpnfpTw.exe
  2⤵
  PID:5204
- C:\Windows\System\hrmRuIX.exe
  C:\Windows\System\hrmRuIX.exe
  2⤵
  PID:5332
- C:\Windows\System\KKPWtme.exe
  C:\Windows\System\KKPWtme.exe
  2⤵
  PID:5472
- C:\Windows\System\NWbNxUD.exe
  C:\Windows\System\NWbNxUD.exe
  2⤵
  PID:5600
- C:\Windows\System\NXIOqsA.exe
  C:\Windows\System\NXIOqsA.exe
  2⤵
  PID:5712
- C:\Windows\System\aUglhGv.exe
  C:\Windows\System\aUglhGv.exe
  2⤵
  PID:5776
- C:\Windows\System\YAiirFG.exe
  C:\Windows\System\YAiirFG.exe
  2⤵
  PID:5920
- C:\Windows\System\jXtBNFL.exe
  C:\Windows\System\jXtBNFL.exe
  2⤵
  PID:6064
- C:\Windows\System\OqwkkbI.exe
  C:\Windows\System\OqwkkbI.exe
  2⤵
  PID:4144
- C:\Windows\System\HbIXdbE.exe
  C:\Windows\System\HbIXdbE.exe
  2⤵
  PID:6160
- C:\Windows\System\DUgZshx.exe
  C:\Windows\System\DUgZshx.exe
  2⤵
  PID:6176
- C:\Windows\System\YfviVfq.exe
  C:\Windows\System\YfviVfq.exe
  2⤵
  PID:6192
- C:\Windows\System\vWtZVUC.exe
  C:\Windows\System\vWtZVUC.exe
  2⤵
  PID:6208
- C:\Windows\System\DVuOzuv.exe
  C:\Windows\System\DVuOzuv.exe
  2⤵
  PID:6224
- C:\Windows\System\ryDHIWJ.exe
  C:\Windows\System\ryDHIWJ.exe
  2⤵
  PID:6240
- C:\Windows\System\ATAMrYW.exe
  C:\Windows\System\ATAMrYW.exe
  2⤵
  PID:6256
- C:\Windows\System\muLvKlx.exe
  C:\Windows\System\muLvKlx.exe
  2⤵
  PID:6272
- C:\Windows\System\obChHiN.exe
  C:\Windows\System\obChHiN.exe
  2⤵
  PID:6288
- C:\Windows\System\VHZPfSp.exe
  C:\Windows\System\VHZPfSp.exe
  2⤵
  PID:6304
- C:\Windows\System\rZxPfSd.exe
  C:\Windows\System\rZxPfSd.exe
  2⤵
  PID:6320
- C:\Windows\System\bCssLsN.exe
  C:\Windows\System\bCssLsN.exe
  2⤵
  PID:6336
- C:\Windows\System\TkOAkIU.exe
  C:\Windows\System\TkOAkIU.exe
  2⤵
  PID:6352
- C:\Windows\System\djkUDAJ.exe
  C:\Windows\System\djkUDAJ.exe
  2⤵
  PID:6368
- C:\Windows\System\afvsjbs.exe
  C:\Windows\System\afvsjbs.exe
  2⤵
  PID:6384
- C:\Windows\System\EbuOmpD.exe
  C:\Windows\System\EbuOmpD.exe
  2⤵
  PID:6400
- C:\Windows\System\DPzCuUK.exe
  C:\Windows\System\DPzCuUK.exe
  2⤵
  PID:6416
- C:\Windows\System\ifNtPrF.exe
  C:\Windows\System\ifNtPrF.exe
  2⤵
  PID:6432
- C:\Windows\System\NtQDafF.exe
  C:\Windows\System\NtQDafF.exe
  2⤵
  PID:6448
- C:\Windows\System\UqiIWMr.exe
  C:\Windows\System\UqiIWMr.exe
  2⤵
  PID:6464
- C:\Windows\System\thnCqSO.exe
  C:\Windows\System\thnCqSO.exe
  2⤵
  PID:6480
- C:\Windows\System\FCornPL.exe
  C:\Windows\System\FCornPL.exe
  2⤵
  PID:6496
- C:\Windows\System\dALxVHY.exe
  C:\Windows\System\dALxVHY.exe
  2⤵
  PID:6520
- C:\Windows\System\vuvUXdi.exe
  C:\Windows\System\vuvUXdi.exe
  2⤵
  PID:6620
- C:\Windows\System\zpfakpe.exe
  C:\Windows\System\zpfakpe.exe
  2⤵
  PID:6636
- C:\Windows\System\FacDRbi.exe
  C:\Windows\System\FacDRbi.exe
  2⤵
  PID:6652
- C:\Windows\System\TXZalHD.exe
  C:\Windows\System\TXZalHD.exe
  2⤵
  PID:6672
- C:\Windows\System\KUrwGma.exe
  C:\Windows\System\KUrwGma.exe
  2⤵
  PID:6688
- C:\Windows\System\ifiJdJq.exe
  C:\Windows\System\ifiJdJq.exe
  2⤵
  PID:6708
- C:\Windows\System\ZSPgJnU.exe
  C:\Windows\System\ZSPgJnU.exe
  2⤵
  PID:6724
- C:\Windows\System\hkuBjQB.exe
  C:\Windows\System\hkuBjQB.exe
  2⤵
  PID:6744
- C:\Windows\System\ROswOiO.exe
  C:\Windows\System\ROswOiO.exe
  2⤵
  PID:6760
- C:\Windows\System\NORuNiy.exe
  C:\Windows\System\NORuNiy.exe
  2⤵
  PID:6776
- C:\Windows\System\OmIzrnC.exe
  C:\Windows\System\OmIzrnC.exe
  2⤵
  PID:6792
- C:\Windows\System\wrlpAwQ.exe
  C:\Windows\System\wrlpAwQ.exe
  2⤵
  PID:6808
- C:\Windows\System\YKeNHJu.exe
  C:\Windows\System\YKeNHJu.exe
  2⤵
  PID:6824
- C:\Windows\System\JSBwsCA.exe
  C:\Windows\System\JSBwsCA.exe
  2⤵
  PID:6844
- C:\Windows\System\jEkdiHM.exe
  C:\Windows\System\jEkdiHM.exe
  2⤵
  PID:6860
- C:\Windows\System\kQbMDMx.exe
  C:\Windows\System\kQbMDMx.exe
  2⤵
  PID:6876
- C:\Windows\System\GrShWzI.exe
  C:\Windows\System\GrShWzI.exe
  2⤵
  PID:6892
- C:\Windows\System\woRBDfB.exe
  C:\Windows\System\woRBDfB.exe
  2⤵
  PID:6908
- C:\Windows\System\ZeLfVul.exe
  C:\Windows\System\ZeLfVul.exe
  2⤵
  PID:6924
- C:\Windows\System\RIUPbde.exe
  C:\Windows\System\RIUPbde.exe
  2⤵
  PID:6940
- C:\Windows\System\yLQXNjv.exe
  C:\Windows\System\yLQXNjv.exe
  2⤵
  PID:6956
- C:\Windows\System\wxjgKfZ.exe
  C:\Windows\System\wxjgKfZ.exe
  2⤵
  PID:6972
- C:\Windows\System\RZqsRDP.exe
  C:\Windows\System\RZqsRDP.exe
  2⤵
  PID:6988
- C:\Windows\System\rRIJucN.exe
  C:\Windows\System\rRIJucN.exe
  2⤵
  PID:7012
- C:\Windows\System\pLuQcMK.exe
  C:\Windows\System\pLuQcMK.exe
  2⤵
  PID:7032
- C:\Windows\System\pOQVLDB.exe
  C:\Windows\System\pOQVLDB.exe
  2⤵
  PID:7068
- C:\Windows\System\DLqVBEA.exe
  C:\Windows\System\DLqVBEA.exe
  2⤵
  PID:7100
- C:\Windows\System\WPhhjHy.exe
  C:\Windows\System\WPhhjHy.exe
  2⤵
  PID:7124
- C:\Windows\System\qJJceyg.exe
  C:\Windows\System\qJJceyg.exe
  2⤵
  PID:7140
- C:\Windows\System\PEgcRwa.exe
  C:\Windows\System\PEgcRwa.exe
  2⤵
  PID:7156
- C:\Windows\System\UtxohGO.exe
  C:\Windows\System\UtxohGO.exe
  2⤵
  PID:5084
- C:\Windows\System\AsSvlzJ.exe
  C:\Windows\System\AsSvlzJ.exe
  2⤵
  PID:4200
- C:\Windows\System\YbqIeTA.exe
  C:\Windows\System\YbqIeTA.exe
  2⤵
  PID:5456
- C:\Windows\System\SCQqviL.exe
  C:\Windows\System\SCQqviL.exe
  2⤵
  PID:5520
- C:\Windows\System\Bzuntos.exe
  C:\Windows\System\Bzuntos.exe
  2⤵
  PID:5760
- C:\Windows\System\nDgVRPs.exe
  C:\Windows\System\nDgVRPs.exe
  2⤵
  PID:5980
- C:\Windows\System\zzuRHQb.exe
  C:\Windows\System\zzuRHQb.exe
  2⤵
  PID:6140
- C:\Windows\System\pZXDmhC.exe
  C:\Windows\System\pZXDmhC.exe
  2⤵
  PID:6156
- C:\Windows\System\GysQRVs.exe
  C:\Windows\System\GysQRVs.exe
  2⤵
  PID:3452
- C:\Windows\System\lPeFWmL.exe
  C:\Windows\System\lPeFWmL.exe
  2⤵
  PID:6232
- C:\Windows\System\CfeAxaa.exe
  C:\Windows\System\CfeAxaa.exe
  2⤵
  PID:6236
- C:\Windows\System\oxgZkRB.exe
  C:\Windows\System\oxgZkRB.exe
  2⤵
  PID:6268
- C:\Windows\System\QfrjLaW.exe
  C:\Windows\System\QfrjLaW.exe
  2⤵
  PID:6284
- C:\Windows\System\GWMtWVi.exe
  C:\Windows\System\GWMtWVi.exe
  2⤵
  PID:6332
- C:\Windows\System\liEZyPF.exe
  C:\Windows\System\liEZyPF.exe
  2⤵
  PID:6364
- C:\Windows\System\kcLyHjP.exe
  C:\Windows\System\kcLyHjP.exe
  2⤵
  PID:2832
- C:\Windows\System\gfZDOCm.exe
  C:\Windows\System\gfZDOCm.exe
  2⤵
  PID:3440
- C:\Windows\System\yTQneuX.exe
  C:\Windows\System\yTQneuX.exe
  2⤵
  PID:6440
- C:\Windows\System\yhUMgKG.exe
  C:\Windows\System\yhUMgKG.exe
  2⤵
  PID:6472
- C:\Windows\System\CjFyPCV.exe
  C:\Windows\System\CjFyPCV.exe
  2⤵
  PID:6492
- C:\Windows\System\seIzocR.exe
  C:\Windows\System\seIzocR.exe
  2⤵
  PID:2968
- C:\Windows\System\tJbwxtV.exe
  C:\Windows\System\tJbwxtV.exe
  2⤵
  PID:2880
- C:\Windows\System\hFumrMO.exe
  C:\Windows\System\hFumrMO.exe
  2⤵
  PID:6536
- C:\Windows\System\UwQVqfM.exe
  C:\Windows\System\UwQVqfM.exe
  2⤵
  PID:6560
- C:\Windows\System\WvfPfnO.exe
  C:\Windows\System\WvfPfnO.exe
  2⤵
  PID:6568
- C:\Windows\System\tnGFwpB.exe
  C:\Windows\System\tnGFwpB.exe
  2⤵
  PID:6584
- C:\Windows\System\AtEnZqI.exe
  C:\Windows\System\AtEnZqI.exe
  2⤵
  PID:6600
- C:\Windows\System\SHtJZwA.exe
  C:\Windows\System\SHtJZwA.exe
  2⤵
  PID:6616
- C:\Windows\System\toWcqOz.exe
  C:\Windows\System\toWcqOz.exe
  2⤵
  PID:6632
- C:\Windows\System\iCJyxss.exe
  C:\Windows\System\iCJyxss.exe
  2⤵
  PID:6716
- C:\Windows\System\mCuwPhm.exe
  C:\Windows\System\mCuwPhm.exe
  2⤵
  PID:6696
- C:\Windows\System\yFDvUVR.exe
  C:\Windows\System\yFDvUVR.exe
  2⤵
  PID:6752
- C:\Windows\System\oTkjSwB.exe
  C:\Windows\System\oTkjSwB.exe
  2⤵
  PID:6820
- C:\Windows\System\mojnCZY.exe
  C:\Windows\System\mojnCZY.exe
  2⤵
  PID:6768
- C:\Windows\System\TjGbAlm.exe
  C:\Windows\System\TjGbAlm.exe
  2⤵
  PID:6884
- C:\Windows\System\EQdhaoj.exe
  C:\Windows\System\EQdhaoj.exe
  2⤵
  PID:6804
- C:\Windows\System\BXcHbiJ.exe
  C:\Windows\System\BXcHbiJ.exe
  2⤵
  PID:6840
- C:\Windows\System\YjBbILx.exe
  C:\Windows\System\YjBbILx.exe
  2⤵
  PID:6872
- C:\Windows\System\nFnfqYB.exe
  C:\Windows\System\nFnfqYB.exe
  2⤵
  PID:2080
- C:\Windows\System\QyAIKMq.exe
  C:\Windows\System\QyAIKMq.exe
  2⤵
  PID:6980
- C:\Windows\System\HpHtlSc.exe
  C:\Windows\System\HpHtlSc.exe
  2⤵
  PID:7020
- C:\Windows\System\YDswiqb.exe
  C:\Windows\System\YDswiqb.exe
  2⤵
  PID:7084
- C:\Windows\System\uYUXpnf.exe
  C:\Windows\System\uYUXpnf.exe
  2⤵
  PID:7096
- C:\Windows\System\EKgQeuP.exe
  C:\Windows\System\EKgQeuP.exe
  2⤵
  PID:7044
- C:\Windows\System\JjuRdfH.exe
  C:\Windows\System\JjuRdfH.exe
  2⤵
  PID:7108
- C:\Windows\System\IDoKDQs.exe
  C:\Windows\System\IDoKDQs.exe
  2⤵
  PID:7148
- C:\Windows\System\ptJLBVC.exe
  C:\Windows\System\ptJLBVC.exe
  2⤵
  PID:5188
- C:\Windows\System\ThXTCBD.exe
  C:\Windows\System\ThXTCBD.exe
  2⤵
  PID:5616
- C:\Windows\System\foxfoXZ.exe
  C:\Windows\System\foxfoXZ.exe
  2⤵
  PID:3968
- C:\Windows\System\MONXEBa.exe
  C:\Windows\System\MONXEBa.exe
  2⤵
  PID:3432
- C:\Windows\System\lMjjsbO.exe
  C:\Windows\System\lMjjsbO.exe
  2⤵
  PID:6204
- C:\Windows\System\KYMccvK.exe
  C:\Windows\System\KYMccvK.exe
  2⤵
  PID:6296
- C:\Windows\System\kRGBckK.exe
  C:\Windows\System\kRGBckK.exe
  2⤵
  PID:2180
- C:\Windows\System\OXdOVDW.exe
  C:\Windows\System\OXdOVDW.exe
  2⤵
  PID:6360
- C:\Windows\System\CApRkyc.exe
  C:\Windows\System\CApRkyc.exe
  2⤵
  PID:1936
- C:\Windows\System\QhADkOm.exe
  C:\Windows\System\QhADkOm.exe
  2⤵
  PID:6328
- C:\Windows\System\zdOuTzm.exe
  C:\Windows\System\zdOuTzm.exe
  2⤵
  PID:3436
- C:\Windows\System\LZksQjr.exe
  C:\Windows\System\LZksQjr.exe
  2⤵
  PID:2788
- C:\Windows\System\fimHRrV.exe
  C:\Windows\System\fimHRrV.exe
  2⤵
  PID:6564
- C:\Windows\System\GIVcNyO.exe
  C:\Windows\System\GIVcNyO.exe
  2⤵
  PID:6392
- C:\Windows\System\UyGUUCl.exe
  C:\Windows\System\UyGUUCl.exe
  2⤵
  PID:6628
- C:\Windows\System\dRIrsNw.exe
  C:\Windows\System\dRIrsNw.exe
  2⤵
  PID:6428
- C:\Windows\System\MpNmYXo.exe
  C:\Windows\System\MpNmYXo.exe
  2⤵
  PID:6816
- C:\Windows\System\JtSnFEE.exe
  C:\Windows\System\JtSnFEE.exe
  2⤵
  PID:6612
- C:\Windows\System\mVRREuI.exe
  C:\Windows\System\mVRREuI.exe
  2⤵
  PID:5408
- C:\Windows\System\UmQSNYx.exe
  C:\Windows\System\UmQSNYx.exe
  2⤵
  PID:6488
- C:\Windows\System\UaoMHTJ.exe
  C:\Windows\System\UaoMHTJ.exe
  2⤵
  PID:1716
- C:\Windows\System\rByMDCG.exe
  C:\Windows\System\rByMDCG.exe
  2⤵
  PID:444
- C:\Windows\System\hPaZbAx.exe
  C:\Windows\System\hPaZbAx.exe
  2⤵
  PID:6936
- C:\Windows\System\WCDMUaW.exe
  C:\Windows\System\WCDMUaW.exe
  2⤵
  PID:6580
- C:\Windows\System\ZrQgDFE.exe
  C:\Windows\System\ZrQgDFE.exe
  2⤵
  PID:2232
- C:\Windows\System\SjEovnT.exe
  C:\Windows\System\SjEovnT.exe
  2⤵
  PID:7080
- C:\Windows\System\euahHuU.exe
  C:\Windows\System\euahHuU.exe
  2⤵
  PID:7004
- C:\Windows\System\ImZjCYT.exe
  C:\Windows\System\ImZjCYT.exe
  2⤵
  PID:7056
- C:\Windows\System\htEuqRS.exe
  C:\Windows\System\htEuqRS.exe
  2⤵
  PID:1628
- C:\Windows\System\FXJfMFC.exe
  C:\Windows\System\FXJfMFC.exe
  2⤵
  PID:3428
- C:\Windows\System\BGTCdpO.exe
  C:\Windows\System\BGTCdpO.exe
  2⤵
  PID:2272
- C:\Windows\System\CvgtfXM.exe
  C:\Windows\System\CvgtfXM.exe
  2⤵
  PID:6408
- C:\Windows\System\mtzZCAX.exe
  C:\Windows\System\mtzZCAX.exe
  2⤵
  PID:920
- C:\Windows\System\ETrsbYV.exe
  C:\Windows\System\ETrsbYV.exe
  2⤵
  PID:6784
- C:\Windows\System\eSuLceD.exe
  C:\Windows\System\eSuLceD.exe
  2⤵
  PID:6184
- C:\Windows\System\EmkXLdE.exe
  C:\Windows\System\EmkXLdE.exe
  2⤵
  PID:6252
- C:\Windows\System\AAlPSnk.exe
  C:\Windows\System\AAlPSnk.exe
  2⤵
  PID:6512
- C:\Windows\System\UvlrWrT.exe
  C:\Windows\System\UvlrWrT.exe
  2⤵
  PID:6856
- C:\Windows\System\CJznQnn.exe
  C:\Windows\System\CJznQnn.exe
  2⤵
  PID:2756
- C:\Windows\System\FKXNYPq.exe
  C:\Windows\System\FKXNYPq.exe
  2⤵
  PID:6544
- C:\Windows\System\UYFclFf.exe
  C:\Windows\System\UYFclFf.exe
  2⤵
  PID:6528
- C:\Windows\System\AnwWNfm.exe
  C:\Windows\System\AnwWNfm.exe
  2⤵
  PID:7024
- C:\Windows\System\qMgVfFb.exe
  C:\Windows\System\qMgVfFb.exe
  2⤵
  PID:7092
- C:\Windows\System\ATinrxQ.exe
  C:\Windows\System\ATinrxQ.exe
  2⤵
  PID:6000
- C:\Windows\System\uVtGcjx.exe
  C:\Windows\System\uVtGcjx.exe
  2⤵
  PID:2336
- C:\Windows\System\pTQouzG.exe
  C:\Windows\System\pTQouzG.exe
  2⤵
  PID:2860
- C:\Windows\System\UgsMIEw.exe
  C:\Windows\System\UgsMIEw.exe
  2⤵
  PID:1660
- C:\Windows\System\qEJTMrI.exe
  C:\Windows\System\qEJTMrI.exe
  2⤵
  PID:6552
- C:\Windows\System\YmmZRzk.exe
  C:\Windows\System\YmmZRzk.exe
  2⤵
  PID:2204
- C:\Windows\System\dyHimvh.exe
  C:\Windows\System\dyHimvh.exe
  2⤵
  PID:6596
- C:\Windows\System\BeoyKNY.exe
  C:\Windows\System\BeoyKNY.exe
  2⤵
  PID:7120
- C:\Windows\System\IzMauNE.exe
  C:\Windows\System\IzMauNE.exe
  2⤵
  PID:2728
- C:\Windows\System\uhUoVFY.exe
  C:\Windows\System\uhUoVFY.exe
  2⤵
  PID:5856
- C:\Windows\System\RnMZCtb.exe
  C:\Windows\System\RnMZCtb.exe
  2⤵
  PID:6576
- C:\Windows\System\YjBrSSQ.exe
  C:\Windows\System\YjBrSSQ.exe
  2⤵
  PID:6788
- C:\Windows\System\mcYDsuD.exe
  C:\Windows\System\mcYDsuD.exe
  2⤵
  PID:6608
- C:\Windows\System\jLYDUYa.exe
  C:\Windows\System\jLYDUYa.exe
  2⤵
  PID:2784
- C:\Windows\System\RXmOwaf.exe
  C:\Windows\System\RXmOwaf.exe
  2⤵
  PID:3444
- C:\Windows\System\EhKCNUi.exe
  C:\Windows\System\EhKCNUi.exe
  2⤵
  PID:1620
- C:\Windows\System\eiYTmtY.exe
  C:\Windows\System\eiYTmtY.exe
  2⤵
  PID:7008
- C:\Windows\System\iTWVQox.exe
  C:\Windows\System\iTWVQox.exe
  2⤵
  PID:3448
- C:\Windows\System\zyzWOpb.exe
  C:\Windows\System\zyzWOpb.exe
  2⤵
  PID:1736
- C:\Windows\System\QLQwKJG.exe
  C:\Windows\System\QLQwKJG.exe
  2⤵
  PID:3052
- C:\Windows\System\JVyuWUo.exe
  C:\Windows\System\JVyuWUo.exe
  2⤵
  PID:7184
- C:\Windows\System\egxCpTS.exe
  C:\Windows\System\egxCpTS.exe
  2⤵
  PID:7200
- C:\Windows\System\TalBZDc.exe
  C:\Windows\System\TalBZDc.exe
  2⤵
  PID:7220
- C:\Windows\System\VBeHCyk.exe
  C:\Windows\System\VBeHCyk.exe
  2⤵
  PID:7240
- C:\Windows\System\kUJbAri.exe
  C:\Windows\System\kUJbAri.exe
  2⤵
  PID:7288
- C:\Windows\System\aSAoKMh.exe
  C:\Windows\System\aSAoKMh.exe
  2⤵
  PID:7312
- C:\Windows\System\AIsEMuC.exe
  C:\Windows\System\AIsEMuC.exe
  2⤵
  PID:7332
- C:\Windows\System\uQejJAy.exe
  C:\Windows\System\uQejJAy.exe
  2⤵
  PID:7356
- C:\Windows\System\hGhoAFw.exe
  C:\Windows\System\hGhoAFw.exe
  2⤵
  PID:7372
- C:\Windows\System\GleUVWF.exe
  C:\Windows\System\GleUVWF.exe
  2⤵
  PID:7392
- C:\Windows\System\vicxLxQ.exe
  C:\Windows\System\vicxLxQ.exe
  2⤵
  PID:7408
- C:\Windows\System\vjtbFfe.exe
  C:\Windows\System\vjtbFfe.exe
  2⤵
  PID:7424
- C:\Windows\System\utwQZsE.exe
  C:\Windows\System\utwQZsE.exe
  2⤵
  PID:7440
- C:\Windows\System\ySJOyCx.exe
  C:\Windows\System\ySJOyCx.exe
  2⤵
  PID:7456
- C:\Windows\System\HOjvBDz.exe
  C:\Windows\System\HOjvBDz.exe
  2⤵
  PID:7472
- C:\Windows\System\BsfwUee.exe
  C:\Windows\System\BsfwUee.exe
  2⤵
  PID:7488
- C:\Windows\System\WgxIFLq.exe
  C:\Windows\System\WgxIFLq.exe
  2⤵
  PID:7504
- C:\Windows\System\OdyhUms.exe
  C:\Windows\System\OdyhUms.exe
  2⤵
  PID:7520
- C:\Windows\System\dHbWexu.exe
  C:\Windows\System\dHbWexu.exe
  2⤵
  PID:7536
- C:\Windows\System\iOdSMfc.exe
  C:\Windows\System\iOdSMfc.exe
  2⤵
  PID:7552
- C:\Windows\System\wrXtgzo.exe
  C:\Windows\System\wrXtgzo.exe
  2⤵
  PID:7568
- C:\Windows\System\mfVjMvb.exe
  C:\Windows\System\mfVjMvb.exe
  2⤵
  PID:7584
- C:\Windows\System\YwSOcwA.exe
  C:\Windows\System\YwSOcwA.exe
  2⤵
  PID:7600
- C:\Windows\System\sjXojBZ.exe
  C:\Windows\System\sjXojBZ.exe
  2⤵
  PID:7616
- C:\Windows\System\UiWBTBN.exe
  C:\Windows\System\UiWBTBN.exe
  2⤵
  PID:7632
- C:\Windows\System\UxAkozR.exe
  C:\Windows\System\UxAkozR.exe
  2⤵
  PID:7648
- C:\Windows\System\tWFrUBc.exe
  C:\Windows\System\tWFrUBc.exe
  2⤵
  PID:7664
- C:\Windows\System\PzzwdSc.exe
  C:\Windows\System\PzzwdSc.exe
  2⤵
  PID:7680
- C:\Windows\System\aQRZjoK.exe
  C:\Windows\System\aQRZjoK.exe
  2⤵
  PID:7696
- C:\Windows\System\GJoLnwW.exe
  C:\Windows\System\GJoLnwW.exe
  2⤵
  PID:7712
- C:\Windows\System\qZbazaB.exe
  C:\Windows\System\qZbazaB.exe
  2⤵
  PID:7728
- C:\Windows\System\vkwpUhJ.exe
  C:\Windows\System\vkwpUhJ.exe
  2⤵
  PID:7744
- C:\Windows\System\UeANBQb.exe
  C:\Windows\System\UeANBQb.exe
  2⤵
  PID:7760
- C:\Windows\System\TIASjGE.exe
  C:\Windows\System\TIASjGE.exe
  2⤵
  PID:7776
- C:\Windows\System\pdBBQkc.exe
  C:\Windows\System\pdBBQkc.exe
  2⤵
  PID:7792
- C:\Windows\System\fiedfle.exe
  C:\Windows\System\fiedfle.exe
  2⤵
  PID:7808
- C:\Windows\System\aaqDdbk.exe
  C:\Windows\System\aaqDdbk.exe
  2⤵
  PID:7824
- C:\Windows\System\AOGOsjQ.exe
  C:\Windows\System\AOGOsjQ.exe
  2⤵
  PID:7840
- C:\Windows\System\WOKOSXV.exe
  C:\Windows\System\WOKOSXV.exe
  2⤵
  PID:7856
- C:\Windows\System\tQcAect.exe
  C:\Windows\System\tQcAect.exe
  2⤵
  PID:7872
- C:\Windows\System\sYbQeRs.exe
  C:\Windows\System\sYbQeRs.exe
  2⤵
  PID:7888
- C:\Windows\System\OrozkkO.exe
  C:\Windows\System\OrozkkO.exe
  2⤵
  PID:7904
- C:\Windows\System\KLnpbOJ.exe
  C:\Windows\System\KLnpbOJ.exe
  2⤵
  PID:7920
- C:\Windows\System\jmtxUrK.exe
  C:\Windows\System\jmtxUrK.exe
  2⤵
  PID:7936
- C:\Windows\System\EnDNAXz.exe
  C:\Windows\System\EnDNAXz.exe
  2⤵
  PID:7952
- C:\Windows\System\KGZMvoA.exe
  C:\Windows\System\KGZMvoA.exe
  2⤵
  PID:7968
- C:\Windows\System\hbxZhyy.exe
  C:\Windows\System\hbxZhyy.exe
  2⤵
  PID:7984
- C:\Windows\System\XljogyY.exe
  C:\Windows\System\XljogyY.exe
  2⤵
  PID:8000
- C:\Windows\System\cYYbkjq.exe
  C:\Windows\System\cYYbkjq.exe
  2⤵
  PID:8016
- C:\Windows\System\DxomiTg.exe
  C:\Windows\System\DxomiTg.exe
  2⤵
  PID:8032
- C:\Windows\System\tNxvRlv.exe
  C:\Windows\System\tNxvRlv.exe
  2⤵
  PID:8048
- C:\Windows\System\JuHQtVM.exe
  C:\Windows\System\JuHQtVM.exe
  2⤵
  PID:8064
- C:\Windows\System\DeGyDDP.exe
  C:\Windows\System\DeGyDDP.exe
  2⤵
  PID:8080
- C:\Windows\System\HJNMSsD.exe
  C:\Windows\System\HJNMSsD.exe
  2⤵
  PID:8096
- C:\Windows\System\ytJmccT.exe
  C:\Windows\System\ytJmccT.exe
  2⤵
  PID:8112
- C:\Windows\System\cKSsjha.exe
  C:\Windows\System\cKSsjha.exe
  2⤵
  PID:8128
- C:\Windows\System\zTeSXoe.exe
  C:\Windows\System\zTeSXoe.exe
  2⤵
  PID:8144
- C:\Windows\System\ULqfxJP.exe
  C:\Windows\System\ULqfxJP.exe
  2⤵
  PID:8160
- C:\Windows\System\vNGHtkJ.exe
  C:\Windows\System\vNGHtkJ.exe
  2⤵
  PID:8176
- C:\Windows\System\zftoZqh.exe
  C:\Windows\System\zftoZqh.exe
  2⤵
  PID:7116
- C:\Windows\System\MYIHZmU.exe
  C:\Windows\System\MYIHZmU.exe
  2⤵
  PID:7208
- C:\Windows\System\sIUxrYs.exe
  C:\Windows\System\sIUxrYs.exe
  2⤵
  PID:6984
- C:\Windows\System\ztAuQhD.exe
  C:\Windows\System\ztAuQhD.exe
  2⤵
  PID:7236
- C:\Windows\System\kAsPIUR.exe
  C:\Windows\System\kAsPIUR.exe
  2⤵
  PID:7284
- C:\Windows\System\YhDVmQJ.exe
  C:\Windows\System\YhDVmQJ.exe
  2⤵
  PID:7264
- C:\Windows\System\UTaNYKw.exe
  C:\Windows\System\UTaNYKw.exe
  2⤵
  PID:7320
- C:\Windows\System\dUFxrdF.exe
  C:\Windows\System\dUFxrdF.exe
  2⤵
  PID:7308
- C:\Windows\System\ZMejJNv.exe
  C:\Windows\System\ZMejJNv.exe
  2⤵
  PID:7348
- C:\Windows\System\IlRsqPS.exe
  C:\Windows\System\IlRsqPS.exe
  2⤵
  PID:7368
- C:\Windows\System\CzjsUIB.exe
  C:\Windows\System\CzjsUIB.exe
  2⤵
  PID:7404
- C:\Windows\System\abGoGGJ.exe
  C:\Windows\System\abGoGGJ.exe
  2⤵
  PID:2600
- C:\Windows\System\RaDGjux.exe
  C:\Windows\System\RaDGjux.exe
  2⤵
  PID:7464
- C:\Windows\System\OsoMuGr.exe
  C:\Windows\System\OsoMuGr.exe
  2⤵
  PID:7448
- C:\Windows\System\jqIfwII.exe
  C:\Windows\System\jqIfwII.exe
  2⤵
  PID:7532
- C:\Windows\System\kJbilgU.exe
  C:\Windows\System\kJbilgU.exe
  2⤵
  PID:7564
- C:\Windows\System\lusSrvr.exe
  C:\Windows\System\lusSrvr.exe
  2⤵
  PID:1752
- C:\Windows\System\BoikDOU.exe
  C:\Windows\System\BoikDOU.exe
  2⤵
  PID:7628
- C:\Windows\System\rxGTjEG.exe
  C:\Windows\System\rxGTjEG.exe
  2⤵
  PID:7688
- C:\Windows\System\dzeEnFT.exe
  C:\Windows\System\dzeEnFT.exe
  2⤵
  PID:2680
- C:\Windows\System\bWNEvMV.exe
  C:\Windows\System\bWNEvMV.exe
  2⤵
  PID:7544
- C:\Windows\System\IlKrPgG.exe
  C:\Windows\System\IlKrPgG.exe
  2⤵
  PID:7608
- C:\Windows\System\FkMAJji.exe
  C:\Windows\System\FkMAJji.exe
  2⤵
  PID:1168
- C:\Windows\System\PngbWpe.exe
  C:\Windows\System\PngbWpe.exe
  2⤵
  PID:2364
- C:\Windows\System\RibtfLx.exe
  C:\Windows\System\RibtfLx.exe
  2⤵
  PID:7672
- C:\Windows\System\gAItEXD.exe
  C:\Windows\System\gAItEXD.exe
  2⤵
  PID:7704
- C:\Windows\System\emKgdCO.exe
  C:\Windows\System\emKgdCO.exe
  2⤵
  PID:7708
- C:\Windows\System\BGnRfsp.exe
  C:\Windows\System\BGnRfsp.exe
  2⤵
  PID:7768
- C:\Windows\System\QuCQaoh.exe
  C:\Windows\System\QuCQaoh.exe
  2⤵
  PID:7864
- C:\Windows\System\YUsFnEp.exe
  C:\Windows\System\YUsFnEp.exe
  2⤵
  PID:7900
- C:\Windows\System\OAEYTfF.exe
  C:\Windows\System\OAEYTfF.exe
  2⤵
  PID:7916
- C:\Windows\System\ffBJNbX.exe
  C:\Windows\System\ffBJNbX.exe
  2⤵
  PID:640
- C:\Windows\System\nqHikFa.exe
  C:\Windows\System\nqHikFa.exe
  2⤵
  PID:7960
- C:\Windows\System\AKyPzGk.exe
  C:\Windows\System\AKyPzGk.exe
  2⤵
  PID:7992
- C:\Windows\System\tXwHAuw.exe
  C:\Windows\System\tXwHAuw.exe
  2⤵
  PID:8040
- C:\Windows\System\UfSCsRI.exe
  C:\Windows\System\UfSCsRI.exe
  2⤵
  PID:8044
- C:\Windows\System\ECXcyHv.exe
  C:\Windows\System\ECXcyHv.exe
  2⤵
  PID:8108
- C:\Windows\System\UqyPiCb.exe
  C:\Windows\System\UqyPiCb.exe
  2⤵
  PID:8092
- C:\Windows\System\YeVAzmA.exe
  C:\Windows\System\YeVAzmA.exe
  2⤵
  PID:8120
- C:\Windows\System\ccPpMII.exe
  C:\Windows\System\ccPpMII.exe
  2⤵
  PID:8172
- C:\Windows\System\KjFldsK.exe
  C:\Windows\System\KjFldsK.exe
  2⤵
  PID:7176
- C:\Windows\System\wxlgqRD.exe
  C:\Windows\System\wxlgqRD.exe
  2⤵
  PID:7252
- C:\Windows\System\bdBGazk.exe
  C:\Windows\System\bdBGazk.exe
  2⤵
  PID:2268
- C:\Windows\System\spkUFUy.exe
  C:\Windows\System\spkUFUy.exe
  2⤵
  PID:7272
- C:\Windows\System\vWdOOqO.exe
  C:\Windows\System\vWdOOqO.exe
  2⤵
  PID:7344
- C:\Windows\System\QZpxxCI.exe
  C:\Windows\System\QZpxxCI.exe
  2⤵
  PID:7340
- C:\Windows\System\detraFJ.exe
  C:\Windows\System\detraFJ.exe
  2⤵
  PID:7436
- C:\Windows\System\yVWTNIB.exe
  C:\Windows\System\yVWTNIB.exe
  2⤵
  PID:7624
- C:\Windows\System\yCVDwAK.exe
  C:\Windows\System\yCVDwAK.exe
  2⤵
  PID:7656
- C:\Windows\System\naJXwCs.exe
  C:\Windows\System\naJXwCs.exe
  2⤵
  PID:7724
- C:\Windows\System\RJNgfIk.exe
  C:\Windows\System\RJNgfIk.exe
  2⤵
  PID:7756
- C:\Windows\System\saOBTIm.exe
  C:\Windows\System\saOBTIm.exe
  2⤵
  PID:7820
- C:\Windows\System\fNItOzv.exe
  C:\Windows\System\fNItOzv.exe
  2⤵
  PID:7880
- C:\Windows\System\oCbybik.exe
  C:\Windows\System\oCbybik.exe
  2⤵
  PID:7740
- C:\Windows\System\JtfAJtA.exe
  C:\Windows\System\JtfAJtA.exe
  2⤵
  PID:2952
- C:\Windows\System\kyTMbDZ.exe
  C:\Windows\System\kyTMbDZ.exe
  2⤵
  PID:7932
- C:\Windows\System\WlhoNkJ.exe
  C:\Windows\System\WlhoNkJ.exe
  2⤵
  PID:7980
- C:\Windows\System\RpJqCyc.exe
  C:\Windows\System\RpJqCyc.exe
  2⤵
  PID:8028
- C:\Windows\System\OSVybrO.exe
  C:\Windows\System\OSVybrO.exe
  2⤵
  PID:8088
- C:\Windows\System\LDOnVkO.exe
  C:\Windows\System\LDOnVkO.exe
  2⤵
  PID:8060
- C:\Windows\System\oNJKzxe.exe
  C:\Windows\System\oNJKzxe.exe
  2⤵
  PID:2424
- C:\Windows\System\WsPLDnr.exe
  C:\Windows\System\WsPLDnr.exe
  2⤵
  PID:7216
- C:\Windows\System\csmvLcW.exe
  C:\Windows\System\csmvLcW.exe
  2⤵
  PID:7256
- C:\Windows\System\QRNWWlk.exe
  C:\Windows\System\QRNWWlk.exe
  2⤵
  PID:7304
- C:\Windows\System\gDHyZcB.exe
  C:\Windows\System\gDHyZcB.exe
  2⤵
  PID:7500
- C:\Windows\System\jiSMGVE.exe
  C:\Windows\System\jiSMGVE.exe
  2⤵
  PID:7676
- C:\Windows\System\gSKUbAs.exe
  C:\Windows\System\gSKUbAs.exe
  2⤵
  PID:7400
- C:\Windows\System\SlCWIbp.exe
  C:\Windows\System\SlCWIbp.exe
  2⤵
  PID:7660
- C:\Windows\System\foNXNRP.exe
  C:\Windows\System\foNXNRP.exe
  2⤵
  PID:7644
- C:\Windows\System\dGTKRuA.exe
  C:\Windows\System\dGTKRuA.exe
  2⤵
  PID:7964
- C:\Windows\System\thkhkDW.exe
  C:\Windows\System\thkhkDW.exe
  2⤵
  PID:7172
- C:\Windows\System\GgdkuDQ.exe
  C:\Windows\System\GgdkuDQ.exe
  2⤵
  PID:7496
- C:\Windows\System\nYExgsk.exe
  C:\Windows\System\nYExgsk.exe
  2⤵
  PID:8104
- C:\Windows\System\dhWRCBU.exe
  C:\Windows\System\dhWRCBU.exe
  2⤵
  PID:7296
- C:\Windows\System\vNeOOom.exe
  C:\Windows\System\vNeOOom.exe
  2⤵
  PID:7692
- C:\Windows\System\QmxSSso.exe
  C:\Windows\System\QmxSSso.exe
  2⤵
  PID:1908
- C:\Windows\System\ckymNRA.exe
  C:\Windows\System\ckymNRA.exe
  2⤵
  PID:7328
- C:\Windows\System\ynaXRAD.exe
  C:\Windows\System\ynaXRAD.exe
  2⤵
  PID:8196
- C:\Windows\System\YuEjxjq.exe
  C:\Windows\System\YuEjxjq.exe
  2⤵
  PID:8212
- C:\Windows\System\vJNBXyA.exe
  C:\Windows\System\vJNBXyA.exe
  2⤵
  PID:8228
- C:\Windows\System\qzVwauG.exe
  C:\Windows\System\qzVwauG.exe
  2⤵
  PID:8244
- C:\Windows\System\BzNVHyT.exe
  C:\Windows\System\BzNVHyT.exe
  2⤵
  PID:8260
- C:\Windows\System\DQLfJed.exe
  C:\Windows\System\DQLfJed.exe
  2⤵
  PID:8276
- C:\Windows\System\KYadkpK.exe
  C:\Windows\System\KYadkpK.exe
  2⤵
  PID:8292
- C:\Windows\System\kkIRYHo.exe
  C:\Windows\System\kkIRYHo.exe
  2⤵
  PID:8308
- C:\Windows\System\tvCtspT.exe
  C:\Windows\System\tvCtspT.exe
  2⤵
  PID:8324
- C:\Windows\System\bjMtutk.exe
  C:\Windows\System\bjMtutk.exe
  2⤵
  PID:8340
- C:\Windows\System\vkXqvED.exe
  C:\Windows\System\vkXqvED.exe
  2⤵
  PID:8356
- C:\Windows\System\xrxmjma.exe
  C:\Windows\System\xrxmjma.exe
  2⤵
  PID:8372
- C:\Windows\System\QtChqVE.exe
  C:\Windows\System\QtChqVE.exe
  2⤵
  PID:8388
- C:\Windows\System\galTmEL.exe
  C:\Windows\System\galTmEL.exe
  2⤵
  PID:8404
- C:\Windows\System\iwloNVN.exe
  C:\Windows\System\iwloNVN.exe
  2⤵
  PID:8420
- C:\Windows\System\oZZMutf.exe
  C:\Windows\System\oZZMutf.exe
  2⤵
  PID:8436
- C:\Windows\System\ePlcXyK.exe
  C:\Windows\System\ePlcXyK.exe
  2⤵
  PID:8460
- C:\Windows\System\RmyNxBB.exe
  C:\Windows\System\RmyNxBB.exe
  2⤵
  PID:8476
- C:\Windows\System\OaAyjoa.exe
  C:\Windows\System\OaAyjoa.exe
  2⤵
  PID:8492
- C:\Windows\System\RuzzWtk.exe
  C:\Windows\System\RuzzWtk.exe
  2⤵
  PID:8512
- C:\Windows\System\vcQyNWM.exe
  C:\Windows\System\vcQyNWM.exe
  2⤵
  PID:8536
- C:\Windows\System\iGedWMW.exe
  C:\Windows\System\iGedWMW.exe
  2⤵
  PID:8552
- C:\Windows\System\xMXWTyy.exe
  C:\Windows\System\xMXWTyy.exe
  2⤵
  PID:8568
- C:\Windows\System\CgaNdHh.exe
  C:\Windows\System\CgaNdHh.exe
  2⤵
  PID:8584
- C:\Windows\System\XoIPYyM.exe
  C:\Windows\System\XoIPYyM.exe
  2⤵
  PID:8600
- C:\Windows\System\WkYmckn.exe
  C:\Windows\System\WkYmckn.exe
  2⤵
  PID:8616
- C:\Windows\System\uZcTFrZ.exe
  C:\Windows\System\uZcTFrZ.exe
  2⤵
  PID:8632
- C:\Windows\System\jvkxAan.exe
  C:\Windows\System\jvkxAan.exe
  2⤵
  PID:8648
- C:\Windows\System\ajtiRqN.exe
  C:\Windows\System\ajtiRqN.exe
  2⤵
  PID:8668
- C:\Windows\System\DuvagfK.exe
  C:\Windows\System\DuvagfK.exe
  2⤵
  PID:8684
- C:\Windows\System\KUgoyeu.exe
  C:\Windows\System\KUgoyeu.exe
  2⤵
  PID:8700
- C:\Windows\System\GwUokai.exe
  C:\Windows\System\GwUokai.exe
  2⤵
  PID:8720
- C:\Windows\System\jvfKUDY.exe
  C:\Windows\System\jvfKUDY.exe
  2⤵
  PID:8736
- C:\Windows\System\wkUDLPD.exe
  C:\Windows\System\wkUDLPD.exe
  2⤵
  PID:8752
- C:\Windows\System\EUAnfGS.exe
  C:\Windows\System\EUAnfGS.exe
  2⤵
  PID:8768
- C:\Windows\System\AMMtsWD.exe
  C:\Windows\System\AMMtsWD.exe
  2⤵
  PID:8784
- C:\Windows\System\vlxntrt.exe
  C:\Windows\System\vlxntrt.exe
  2⤵
  PID:8800
- C:\Windows\System\lavnGsd.exe
  C:\Windows\System\lavnGsd.exe
  2⤵
  PID:8816
- C:\Windows\System\PBdvKyo.exe
  C:\Windows\System\PBdvKyo.exe
  2⤵
  PID:8832
- C:\Windows\System\PwKCuld.exe
  C:\Windows\System\PwKCuld.exe
  2⤵
  PID:8852
- C:\Windows\System\mRsrfRv.exe
  C:\Windows\System\mRsrfRv.exe
  2⤵
  PID:8868
- C:\Windows\System\IfnGiIo.exe
  C:\Windows\System\IfnGiIo.exe
  2⤵
  PID:8884
- C:\Windows\System\uoQvWQs.exe
  C:\Windows\System\uoQvWQs.exe
  2⤵
  PID:8900
- C:\Windows\System\KECjtkY.exe
  C:\Windows\System\KECjtkY.exe
  2⤵
  PID:8916
- C:\Windows\System\fQSOAbd.exe
  C:\Windows\System\fQSOAbd.exe
  2⤵
  PID:8932
- C:\Windows\System\jBMjRiL.exe
  C:\Windows\System\jBMjRiL.exe
  2⤵
  PID:8948
- C:\Windows\System\xNdwDSD.exe
  C:\Windows\System\xNdwDSD.exe
  2⤵
  PID:8964
- C:\Windows\System\YkpcIyi.exe
  C:\Windows\System\YkpcIyi.exe
  2⤵
  PID:8980
- C:\Windows\System\TKErnBF.exe
  C:\Windows\System\TKErnBF.exe
  2⤵
  PID:8996
- C:\Windows\System\VEmFYFx.exe
  C:\Windows\System\VEmFYFx.exe
  2⤵
  PID:9012
- C:\Windows\System\ifMIsGp.exe
  C:\Windows\System\ifMIsGp.exe
  2⤵
  PID:9028
- C:\Windows\System\PEPGeZD.exe
  C:\Windows\System\PEPGeZD.exe
  2⤵
  PID:9044
- C:\Windows\System\FssaJtK.exe
  C:\Windows\System\FssaJtK.exe
  2⤵
  PID:9060
- C:\Windows\System\CuCaKEC.exe
  C:\Windows\System\CuCaKEC.exe
  2⤵
  PID:9076
- C:\Windows\System\uPdaOOC.exe
  C:\Windows\System\uPdaOOC.exe
  2⤵
  PID:9092
- C:\Windows\System\jjjorow.exe
  C:\Windows\System\jjjorow.exe
  2⤵
  PID:9108
- C:\Windows\System\pVqmVFI.exe
  C:\Windows\System\pVqmVFI.exe
  2⤵
  PID:9124
- C:\Windows\System\PHQKblj.exe
  C:\Windows\System\PHQKblj.exe
  2⤵
  PID:9140
- C:\Windows\System\QiHuxwn.exe
  C:\Windows\System\QiHuxwn.exe
  2⤵
  PID:9156
- C:\Windows\System\jHuxqGl.exe
  C:\Windows\System\jHuxqGl.exe
  2⤵
  PID:9176
- C:\Windows\System\RCFzcwe.exe
  C:\Windows\System\RCFzcwe.exe
  2⤵
  PID:9204
- C:\Windows\System\rkwCgvM.exe
  C:\Windows\System\rkwCgvM.exe
  2⤵
  PID:8220
- C:\Windows\System\SQRnkLZ.exe
  C:\Windows\System\SQRnkLZ.exe
  2⤵
  PID:880
- C:\Windows\System\zeRnQOi.exe
  C:\Windows\System\zeRnQOi.exe
  2⤵
  PID:8320
- C:\Windows\System\vUThwow.exe
  C:\Windows\System\vUThwow.exe
  2⤵
  PID:8204
- C:\Windows\System\RShTcsc.exe
  C:\Windows\System\RShTcsc.exe
  2⤵
  PID:2620
- C:\Windows\System\QcmeacG.exe
  C:\Windows\System\QcmeacG.exe
  2⤵
  PID:8208
- C:\Windows\System\ceedINB.exe
  C:\Windows\System\ceedINB.exe
  2⤵
  PID:8272
- C:\Windows\System\kuBbOMG.exe
  C:\Windows\System\kuBbOMG.exe
  2⤵
  PID:8300
- C:\Windows\System\UCvFDMN.exe
  C:\Windows\System\UCvFDMN.exe
  2⤵
  PID:8368
- C:\Windows\System\chLfavY.exe
  C:\Windows\System\chLfavY.exe
  2⤵
  PID:8400
- C:\Windows\System\CBgHsMW.exe
  C:\Windows\System\CBgHsMW.exe
  2⤵
  PID:8432
- C:\Windows\System\dcROapV.exe
  C:\Windows\System\dcROapV.exe
  2⤵
  PID:8484
- C:\Windows\System\eastAFQ.exe
  C:\Windows\System\eastAFQ.exe
  2⤵
  PID:8520
- C:\Windows\System\BjNZwHl.exe
  C:\Windows\System\BjNZwHl.exe
  2⤵
  PID:8472
- C:\Windows\System\ApRXeBt.exe
  C:\Windows\System\ApRXeBt.exe
  2⤵
  PID:8548
- C:\Windows\System\lZRSHNY.exe
  C:\Windows\System\lZRSHNY.exe
  2⤵
  PID:8624
- C:\Windows\System\owYuHnM.exe
  C:\Windows\System\owYuHnM.exe
  2⤵
  PID:8660
- C:\Windows\System\nFAAgAM.exe
  C:\Windows\System\nFAAgAM.exe
  2⤵
  PID:8608
- C:\Windows\System\YomoZvY.exe
  C:\Windows\System\YomoZvY.exe
  2⤵
  PID:8708
- C:\Windows\System\WRllnzY.exe
  C:\Windows\System\WRllnzY.exe
  2⤵
  PID:8640
- C:\Windows\System\sshDNoP.exe
  C:\Windows\System\sshDNoP.exe
  2⤵
  PID:8792
- C:\Windows\System\ErKxQlT.exe
  C:\Windows\System\ErKxQlT.exe
  2⤵
  PID:8860
- C:\Windows\System\NApSpYw.exe
  C:\Windows\System\NApSpYw.exe
  2⤵
  PID:8896
- C:\Windows\System\OWfmZvl.exe
  C:\Windows\System\OWfmZvl.exe
  2⤵
  PID:8808
- C:\Windows\System\tfkOEJy.exe
  C:\Windows\System\tfkOEJy.exe
  2⤵
  PID:8776
- C:\Windows\System\ngETckL.exe
  C:\Windows\System\ngETckL.exe
  2⤵
  PID:8848
- C:\Windows\System\jpzCjUB.exe
  C:\Windows\System\jpzCjUB.exe
  2⤵
  PID:8908
- C:\Windows\System\ggBnFvC.exe
  C:\Windows\System\ggBnFvC.exe
  2⤵
  PID:8944
- C:\Windows\System\YpIdIjS.exe
  C:\Windows\System\YpIdIjS.exe
  2⤵
  PID:8972
- C:\Windows\System\GzJouKv.exe
  C:\Windows\System\GzJouKv.exe
  2⤵
  PID:9052
- C:\Windows\System\CAJrjEN.exe
  C:\Windows\System\CAJrjEN.exe
  2⤵
  PID:9088
- C:\Windows\System\hZCwyYe.exe
  C:\Windows\System\hZCwyYe.exe
  2⤵
  PID:9068
- C:\Windows\System\CgNYPOw.exe
  C:\Windows\System\CgNYPOw.exe
  2⤵
  PID:9132
- C:\Windows\System\YmcUleN.exe
  C:\Windows\System\YmcUleN.exe
  2⤵
  PID:2732
- C:\Windows\System\BicmQMO.exe
  C:\Windows\System\BicmQMO.exe
  2⤵
  PID:9192
- C:\Windows\System\rykYzwW.exe
  C:\Windows\System\rykYzwW.exe
  2⤵
  PID:8348
- C:\Windows\System\HiLcZPY.exe
  C:\Windows\System\HiLcZPY.exe
  2⤵
  PID:9196
- C:\Windows\System\AxBaGcU.exe
  C:\Windows\System\AxBaGcU.exe
  2⤵
  PID:5368
- C:\Windows\System\noCBxqx.exe
  C:\Windows\System\noCBxqx.exe
  2⤵
  PID:8412
- C:\Windows\System\mvRfBBl.exe
  C:\Windows\System\mvRfBBl.exe
  2⤵
  PID:8288
- C:\Windows\System\QcFNajb.exe
  C:\Windows\System\QcFNajb.exe
  2⤵
  PID:8456
- C:\Windows\System\nUdVcDu.exe
  C:\Windows\System\nUdVcDu.exe
  2⤵
  PID:8696
- C:\Windows\System\iMwAJdy.exe
  C:\Windows\System\iMwAJdy.exe
  2⤵
  PID:8824
- C:\Windows\System\CqpPGLw.exe
  C:\Windows\System\CqpPGLw.exe
  2⤵
  PID:8844
- C:\Windows\System\iaURuVm.exe
  C:\Windows\System\iaURuVm.exe
  2⤵
  PID:9036
- C:\Windows\System\NcUQBdZ.exe
  C:\Windows\System\NcUQBdZ.exe
  2⤵
  PID:9164
- C:\Windows\System\XyPNQbj.exe
  C:\Windows\System\XyPNQbj.exe
  2⤵
  PID:7836
- C:\Windows\System\iWfQwep.exe
  C:\Windows\System\iWfQwep.exe
  2⤵
  PID:8380
- C:\Windows\System\aCGbOEp.exe
  C:\Windows\System\aCGbOEp.exe
  2⤵
  PID:8692
- C:\Windows\System\OqsTkFg.exe
  C:\Windows\System\OqsTkFg.exe
  2⤵
  PID:8840
- C:\Windows\System\ofXfQZJ.exe
  C:\Windows\System\ofXfQZJ.exe
  2⤵
  PID:8240
- C:\Windows\System\CucpXSE.exe
  C:\Windows\System\CucpXSE.exe
  2⤵
  PID:8892
- C:\Windows\System\ubgXHTn.exe
  C:\Windows\System\ubgXHTn.exe
  2⤵
  PID:8580
- C:\Windows\System\rydtNbK.exe
  C:\Windows\System\rydtNbK.exe
  2⤵
  PID:8760
- C:\Windows\System\cDrMmFJ.exe
  C:\Windows\System\cDrMmFJ.exe
  2⤵
  PID:8812
- C:\Windows\System\Yxwkenw.exe
  C:\Windows\System\Yxwkenw.exe
  2⤵
  PID:8976
- C:\Windows\System\qUtqCgo.exe
  C:\Windows\System\qUtqCgo.exe
  2⤵
  PID:9172
- C:\Windows\System\ZOVHmjT.exe
  C:\Windows\System\ZOVHmjT.exe
  2⤵
  PID:7928
- C:\Windows\System\raixQgc.exe
  C:\Windows\System\raixQgc.exe
  2⤵
  PID:8712
- C:\Windows\System\DxMxZbw.exe
  C:\Windows\System\DxMxZbw.exe
  2⤵
  PID:8256
- C:\Windows\System\IAkPPVP.exe
  C:\Windows\System\IAkPPVP.exe
  2⤵
  PID:9148
- C:\Windows\System\NhVCcFo.exe
  C:\Windows\System\NhVCcFo.exe
  2⤵
  PID:8524
- C:\Windows\System\pyDgRYY.exe
  C:\Windows\System\pyDgRYY.exe
  2⤵
  PID:8864
- C:\Windows\System\VulJsln.exe
  C:\Windows\System\VulJsln.exe
  2⤵
  PID:9024
- C:\Windows\System\xNFKzzj.exe
  C:\Windows\System\xNFKzzj.exe
  2⤵
  PID:8364
- C:\Windows\System\tXimEIG.exe
  C:\Windows\System\tXimEIG.exe
  2⤵
  PID:8680
- C:\Windows\System\qnREhNy.exe
  C:\Windows\System\qnREhNy.exe
  2⤵
  PID:9220
- C:\Windows\System\vSwZfxC.exe
  C:\Windows\System\vSwZfxC.exe
  2⤵
  PID:9236
- C:\Windows\System\euKsNzN.exe
  C:\Windows\System\euKsNzN.exe
  2⤵
  PID:9252
- C:\Windows\System\vDvvsCU.exe
  C:\Windows\System\vDvvsCU.exe
  2⤵
  PID:9268
- C:\Windows\System\NWagrcq.exe
  C:\Windows\System\NWagrcq.exe
  2⤵
  PID:9284
- C:\Windows\System\QsKJTjv.exe
  C:\Windows\System\QsKJTjv.exe
  2⤵
  PID:9300
- C:\Windows\System\cRjysdZ.exe
  C:\Windows\System\cRjysdZ.exe
  2⤵
  PID:9316
- C:\Windows\System\JhCtjye.exe
  C:\Windows\System\JhCtjye.exe
  2⤵
  PID:9332
- C:\Windows\System\AXqOJbT.exe
  C:\Windows\System\AXqOJbT.exe
  2⤵
  PID:9348
- C:\Windows\System\ypDhkdo.exe
  C:\Windows\System\ypDhkdo.exe
  2⤵
  PID:9364
- C:\Windows\System\FEibUnA.exe
  C:\Windows\System\FEibUnA.exe
  2⤵
  PID:9380
- C:\Windows\System\pMrxBGE.exe
  C:\Windows\System\pMrxBGE.exe
  2⤵
  PID:9396
- C:\Windows\System\hmBZuwh.exe
  C:\Windows\System\hmBZuwh.exe
  2⤵
  PID:9416
- C:\Windows\System\JpRTuOc.exe
  C:\Windows\System\JpRTuOc.exe
  2⤵
  PID:9432
- C:\Windows\System\WwebFFz.exe
  C:\Windows\System\WwebFFz.exe
  2⤵
  PID:9448
- C:\Windows\System\VqFMSor.exe
  C:\Windows\System\VqFMSor.exe
  2⤵
  PID:9464
- C:\Windows\System\oOwxqLV.exe
  C:\Windows\System\oOwxqLV.exe
  2⤵
  PID:9480
- C:\Windows\System\ovURPVg.exe
  C:\Windows\System\ovURPVg.exe
  2⤵
  PID:9496
- C:\Windows\System\zmBhmtN.exe
  C:\Windows\System\zmBhmtN.exe
  2⤵
  PID:9512
- C:\Windows\System\MNbbGNV.exe
  C:\Windows\System\MNbbGNV.exe
  2⤵
  PID:9528
- C:\Windows\System\ccjIHGd.exe
  C:\Windows\System\ccjIHGd.exe
  2⤵
  PID:9544
- C:\Windows\System\IDgLIes.exe
  C:\Windows\System\IDgLIes.exe
  2⤵
  PID:9560
- C:\Windows\System\qGJipLj.exe
  C:\Windows\System\qGJipLj.exe
  2⤵
  PID:9576
- C:\Windows\System\Bwjobwb.exe
  C:\Windows\System\Bwjobwb.exe
  2⤵
  PID:9592
- C:\Windows\System\FuwbvnB.exe
  C:\Windows\System\FuwbvnB.exe
  2⤵
  PID:9608
- C:\Windows\System\OdlJLzi.exe
  C:\Windows\System\OdlJLzi.exe
  2⤵
  PID:9624
- C:\Windows\System\xvVVOQz.exe
  C:\Windows\System\xvVVOQz.exe
  2⤵
  PID:9640
- C:\Windows\System\LokvrFH.exe
  C:\Windows\System\LokvrFH.exe
  2⤵
  PID:9656
- C:\Windows\System\ryCXuiJ.exe
  C:\Windows\System\ryCXuiJ.exe
  2⤵
  PID:9672
- C:\Windows\System\znceycP.exe
  C:\Windows\System\znceycP.exe
  2⤵
  PID:9688
- C:\Windows\System\zEJEhBc.exe
  C:\Windows\System\zEJEhBc.exe
  2⤵
  PID:9704
- C:\Windows\System\PYqhnks.exe
  C:\Windows\System\PYqhnks.exe
  2⤵
  PID:9720
- C:\Windows\System\srFGLvU.exe
  C:\Windows\System\srFGLvU.exe
  2⤵
  PID:9736
- C:\Windows\System\aPUmGIJ.exe
  C:\Windows\System\aPUmGIJ.exe
  2⤵
  PID:9752
- C:\Windows\System\mLvtFkJ.exe
  C:\Windows\System\mLvtFkJ.exe
  2⤵
  PID:9768
- C:\Windows\System\ejQwVGz.exe
  C:\Windows\System\ejQwVGz.exe
  2⤵
  PID:9784
- C:\Windows\System\JNgPujI.exe
  C:\Windows\System\JNgPujI.exe
  2⤵
  PID:9800
- C:\Windows\System\qZjrbaA.exe
  C:\Windows\System\qZjrbaA.exe
  2⤵
  PID:9816
- C:\Windows\System\FYpBiWq.exe
  C:\Windows\System\FYpBiWq.exe
  2⤵
  PID:9832
- C:\Windows\System\zyqrQtL.exe
  C:\Windows\System\zyqrQtL.exe
  2⤵
  PID:9848
- C:\Windows\System\iiwHpyf.exe
  C:\Windows\System\iiwHpyf.exe
  2⤵
  PID:9864
- C:\Windows\System\wpsGyRJ.exe
  C:\Windows\System\wpsGyRJ.exe
  2⤵
  PID:9880
- C:\Windows\System\NompHvr.exe
  C:\Windows\System\NompHvr.exe
  2⤵
  PID:9896
- C:\Windows\System\GizYQmy.exe
  C:\Windows\System\GizYQmy.exe
  2⤵
  PID:9912
- C:\Windows\System\DVmRodw.exe
  C:\Windows\System\DVmRodw.exe
  2⤵
  PID:9928
- C:\Windows\System\oPVlpOY.exe
  C:\Windows\System\oPVlpOY.exe
  2⤵
  PID:9944
- C:\Windows\System\sBIxIqY.exe
  C:\Windows\System\sBIxIqY.exe
  2⤵
  PID:9960
- C:\Windows\System\sDxFDrk.exe
  C:\Windows\System\sDxFDrk.exe
  2⤵
  PID:9976
- C:\Windows\System\YRJvyer.exe
  C:\Windows\System\YRJvyer.exe
  2⤵
  PID:9992
- C:\Windows\System\YoymDnE.exe
  C:\Windows\System\YoymDnE.exe
  2⤵
  PID:10008
- C:\Windows\System\TzWhAjc.exe
  C:\Windows\System\TzWhAjc.exe
  2⤵
  PID:10024
- C:\Windows\System\CDWUTHZ.exe
  C:\Windows\System\CDWUTHZ.exe
  2⤵
  PID:10040
- C:\Windows\System\YfyOvKd.exe
  C:\Windows\System\YfyOvKd.exe
  2⤵
  PID:10056
- C:\Windows\System\jaVPWrh.exe
  C:\Windows\System\jaVPWrh.exe
  2⤵
  PID:10072
- C:\Windows\System\tTYlWDs.exe
  C:\Windows\System\tTYlWDs.exe
  2⤵
  PID:10088
- C:\Windows\System\tQqpEWj.exe
  C:\Windows\System\tQqpEWj.exe
  2⤵
  PID:10104
- C:\Windows\System\nxyDjRk.exe
  C:\Windows\System\nxyDjRk.exe
  2⤵
  PID:10120
- C:\Windows\System\bXOCVty.exe
  C:\Windows\System\bXOCVty.exe
  2⤵
  PID:10136
- C:\Windows\System\WlKteji.exe
  C:\Windows\System\WlKteji.exe
  2⤵
  PID:10152
- C:\Windows\System\keSZnae.exe
  C:\Windows\System\keSZnae.exe
  2⤵
  PID:10168
- C:\Windows\System\JwIiEqU.exe
  C:\Windows\System\JwIiEqU.exe
  2⤵
  PID:10188
- C:\Windows\System\GplsLwL.exe
  C:\Windows\System\GplsLwL.exe
  2⤵
  PID:10204
- C:\Windows\System\hUJIxVc.exe
  C:\Windows\System\hUJIxVc.exe
  2⤵
  PID:10220
- C:\Windows\System\TAshuiy.exe
  C:\Windows\System\TAshuiy.exe
  2⤵
  PID:10236
- C:\Windows\System\FgrpIBq.exe
  C:\Windows\System\FgrpIBq.exe
  2⤵
  PID:9232
- C:\Windows\System\tGbAaRB.exe
  C:\Windows\System\tGbAaRB.exe
  2⤵
  PID:9008
- C:\Windows\System\TJxyBzF.exe
  C:\Windows\System\TJxyBzF.exe
  2⤵
  PID:9360
- C:\Windows\System\NZitDjk.exe
  C:\Windows\System\NZitDjk.exe
  2⤵
  PID:7580
- C:\Windows\System\osxWKWs.exe
  C:\Windows\System\osxWKWs.exe
  2⤵
  PID:9372
- C:\Windows\System\UCwMaEk.exe
  C:\Windows\System\UCwMaEk.exe
  2⤵
  PID:8880
- C:\Windows\System\qqpNKCP.exe
  C:\Windows\System\qqpNKCP.exe
  2⤵
  PID:9280
- C:\Windows\System\DNZIaPe.exe
  C:\Windows\System\DNZIaPe.exe
  2⤵
  PID:9376
- C:\Windows\System\irgtADP.exe
  C:\Windows\System\irgtADP.exe
  2⤵
  PID:9460
- C:\Windows\System\FhgvaVs.exe
  C:\Windows\System\FhgvaVs.exe
  2⤵
  PID:9408
- C:\Windows\System\faNFWCz.exe
  C:\Windows\System\faNFWCz.exe
  2⤵
  PID:9508
- C:\Windows\System\oCkpmlY.exe
  C:\Windows\System\oCkpmlY.exe
  2⤵
  PID:9444
- C:\Windows\System\LHgTKrv.exe
  C:\Windows\System\LHgTKrv.exe
  2⤵
  PID:9524
- C:\Windows\System\WgGKDhn.exe
  C:\Windows\System\WgGKDhn.exe
  2⤵
  PID:9584
- C:\Windows\System\DNDijmS.exe
  C:\Windows\System\DNDijmS.exe
  2⤵
  PID:9648
- C:\Windows\System\WjiOSqh.exe
  C:\Windows\System\WjiOSqh.exe
  2⤵
  PID:9716
- C:\Windows\System\ssXrddh.exe
  C:\Windows\System\ssXrddh.exe
  2⤵
  PID:9744
- C:\Windows\System\tIyTnyY.exe
  C:\Windows\System\tIyTnyY.exe
  2⤵
  PID:9572
- C:\Windows\System\mTHgSgN.exe
  C:\Windows\System\mTHgSgN.exe
  2⤵
  PID:9600
- C:\Windows\System\hRDgkJA.exe
  C:\Windows\System\hRDgkJA.exe
  2⤵
  PID:9700
- C:\Windows\System\sVbBWkP.exe
  C:\Windows\System\sVbBWkP.exe
  2⤵
  PID:9764
- C:\Windows\System\DjdcoOa.exe
  C:\Windows\System\DjdcoOa.exe
  2⤵
  PID:9840
- C:\Windows\System\mGpkDXd.exe
  C:\Windows\System\mGpkDXd.exe
  2⤵
  PID:9856
- C:\Windows\System\GMPuxhO.exe
  C:\Windows\System\GMPuxhO.exe
  2⤵
  PID:9904
- C:\Windows\System\HzztRjw.exe
  C:\Windows\System\HzztRjw.exe
  2⤵
  PID:9892
- C:\Windows\System\vwTpRme.exe
  C:\Windows\System\vwTpRme.exe
  2⤵
  PID:9968
- C:\Windows\System\znLBSvc.exe
  C:\Windows\System\znLBSvc.exe
  2⤵
  PID:9952
- C:\Windows\System\fxeicjX.exe
  C:\Windows\System\fxeicjX.exe
  2⤵
  PID:10068
- C:\Windows\System\jrtyZPF.exe
  C:\Windows\System\jrtyZPF.exe
  2⤵
  PID:10100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BBCEldn.exe

Filesize
6.0MB

MD5
1cfde62e120ad774dc98a2af78e6d341

SHA1
230e30b4c71127395763263d8b7c7343b7424d9e

SHA256
ecafbff723e6eb9bdea4be9573efcbc422259358b0149e5fa1e5d95b90cc959e

SHA512
26eea23f642a9cde6e2d960ecd39466b86fec644fb6b913b9dd942b8905b939d24ee12469332c4f3f657f3fbc37bdaddc30f9d6142be16cff791f7115f0653eb

Download Submit
C:\Windows\system\BgYEiVo.exe

Filesize
6.0MB

MD5
a1b8478ffdb22a6b5b86889dd1f20996

SHA1
8642043fa9d0fd237703d5334fb38d1a654c1517

SHA256
50f90fd9eb2cb9039247b45ec316c036b5545944f559dbdf330e1ec149850021

SHA512
fce78798f644873618e8275df2b919092a1e2cbef3a054679644780906ac3fc72fe73107d78ffec438375c495c3c7281a5af01807c4711da296bfd22a3ed7b5c

Download Submit
C:\Windows\system\NngwsFq.exe

Filesize
6.0MB

MD5
4923c93018ac352c1b2d71bd3a9983f8

SHA1
84cd9b1c07fbdda2c028ebe3ec81593178e0a510

SHA256
3b0a91fe8970a110be1dee83efa2f752dbbc52f679c036aee508b51b16d9a097

SHA512
812b4a1612a65b16234c46de8fe3472a23fe4d840098e323b163fbd37d8b2346b933586273646fd3c49d17d562871563942d332abab2206a731b50e756813a08

Download Submit
C:\Windows\system\OgrmJjH.exe

Filesize
6.0MB

MD5
bc7d4dbfcfe8d1194ea71118c143ba7a

SHA1
ec92d53c4bc0d8873a2f2f6de88bc089894ed19d

SHA256
b6fe790dccdf8bb262c19823f0753d879d3a3472eaf6000a0be849d90db553c9

SHA512
37d77f0577b4f806a035e916dc226308bb98f8126945acb90f79d0d857467908d39ac561096d4243127439f74844a8eb13072edb89731153230c2c5ea7817062

Download Submit
C:\Windows\system\OrIHjkS.exe

Filesize
6.0MB

MD5
35fdc1b413908647975373b1a24e8fbc

SHA1
f653c020649f7790fae0689aa6054b148da604f5

SHA256
c5a3d815a5bf52a520ae016e019249d6d295644805230ba7f346f4f9ddae5468

SHA512
67c455ddedffb81a0b00e0726a9dea1bd96dd209dc1acaa70fe766721e39cc5f132f155718ae84ef1fbe51a3cf03c6e866eabdb818f599803e073c5b5dd0c303

Download Submit
C:\Windows\system\PeNiyPa.exe

Filesize
6.0MB

MD5
4b8297a89ec308a54515e6f644211eb4

SHA1
b4d47bbfe2d9fe13b6f0f884bf7700344c8dbd18

SHA256
52dbba09f5ca72ec879ad4541b53fa75acd282a23afa635e5b3182bccb3f68c0

SHA512
9166e32c17014b9aba329ff47bb26ab735ee7284376ec9bf4ed44796ea5e29b6d612d70769460e3792be6b426f90dfb87c0850d254dede427d91cafa9721f000

Download Submit
C:\Windows\system\THdtiXt.exe

Filesize
6.0MB

MD5
04221603a1e1bacbafea44280f90f20f

SHA1
13ca39f825043ee80257b7065fbc7c196c0ccdb2

SHA256
97989d425213f876059f733304ffa5a8c2d5e2a202f99a189e8b6615630ec0d0

SHA512
792e7f81322e005c4f682fd4408f5872d597f8ce063cb96568b99713a522b71465a838ff97cb49b34c2ab7ddf51313fda6f3b3de326199125d8de3ae19a2a046

Download Submit
C:\Windows\system\VZjWvaD.exe

Filesize
6.0MB

MD5
900419046e1d9f880b1baf93e602b5c7

SHA1
ae04cb5065309f9cc8cd4060c27c304453ee7ac3

SHA256
c0599a52d8660645e60f2450bfd4901cc73c34a224f71c316644def454b0967b

SHA512
e918d192a3d11fa020ebc5d39259ab4764b4eba8e7522200b0d0d6a3d8aa03a23f609cb160db09ffe82d624040aa63f3f89ac5ab32a4909317083a7024d503b8

Download Submit
C:\Windows\system\ZTkizNV.exe

Filesize
6.0MB

MD5
763068974accfbea85ae459ae1f575b4

SHA1
4e9a1ed36d86fa7a0cea5d2c568b802af8e0c6c4

SHA256
b9a1974e7e4f8a5803f10badbfe7cb25d716513669d2ee18d403a8842a35aec7

SHA512
5c3c01484edbd0070a10b797fac54fa5fd0c9d8a448c886c3220541de1ac95926ecb3908bdb73a343e21c38af12ade1e3d249997070d116b22a4b8e1c17163e8

Download Submit
C:\Windows\system\aorDirg.exe

Filesize
6.0MB

MD5
40ea170bdfebf97e13153c01043a6b7a

SHA1
b3ac1c0c563a0e6859b5f2b3014b863bb2455cd7

SHA256
2cd7acb6b17298b11e7662724bcbdd03c1339d52f2d78fea3dff87c69fe4cba1

SHA512
cb0d5f781d600af8e28b54150e2f409f7bbf2df65669f9b65444802bb831d32a10fd2f0aa46cc177482629c4c4b3baac5151cfe8399a415d5181d0ae1a092cae

Download Submit
C:\Windows\system\auuYoYM.exe

Filesize
6.0MB

MD5
3562dc56d2fc54d57f02be42998d3da5

SHA1
45802591ff8b3580818e4ab645c5c42fbfd4525d

SHA256
ee311f6789053141ff04e61482b45a482145ae6b271c78793d7184c1bf9243a1

SHA512
7262761774c3ce12d1076598e9cb157afa3118562ed6fe60bfe672211ef1b1fe0a1d5558e7948b737352e5209904d4b876e9573921c302a0a7318cb03b3f1692

Download Submit
C:\Windows\system\cCxBpcg.exe

Filesize
6.0MB

MD5
b68d613056dbd885c8dfe36ad9c119ff

SHA1
aa50c09c4c281ffb07874a2831d421794002e963

SHA256
83f6d1994878d5654d3ea39756358961a385e984eb4d2383d0bbd85a82752e87

SHA512
552f2098c14a575cafddf663081766f9c16a4b67cd25cf40f3291c519c628cc639423cb525d6eaf49970a6911560b1978369a2a02347b82a9737adae04004fd1

Download Submit
C:\Windows\system\cXpTOnD.exe

Filesize
6.0MB

MD5
8b86bea00ba655b4d8f2505d7efc40c3

SHA1
a49b9005cd4e262599d09f0daf859fe43eec6517

SHA256
6470f590f0c256c0fd04a4d99319179aadefd8a15bfa15671954473e3daa241f

SHA512
54f8b4bfa91dd14ad6806bc44ed8e3bbda9fe17b182cec39f4171c8e1870426dda4287487e2047bac3092f9c139b1430cb1758b005c273ad25bc4003be26e0f9

Download Submit
C:\Windows\system\daCKGfo.exe

Filesize
6.0MB

MD5
104146d979b5c5e5763ff324f557f50b

SHA1
43afda7ddb303de43206b4a8e7c8034a2903aba9

SHA256
6778b772171ef775cd925e6c931edebf0132aa29ad0c3e04cf0b456d41f8ff89

SHA512
5638d9b4e61dbdbc6ac7fe4cea0a3b1ac5833bb12d72e769f024664f897db1f75abcaf79d9463844f8b4e4efee924eb4e84ceb32f9c5395fc9eda3642978a4bb

Download Submit
C:\Windows\system\ecUoHCr.exe

Filesize
6.0MB

MD5
a333026247b65a1586904ebdf6c24aa7

SHA1
5bd1ab921222e78f52db56db5d76620f0989506b

SHA256
080566507722b03f8608a3b229cf4cc5758d1ce737c3eda2973fe0bd5aecce67

SHA512
ed015c6bebcca081fee5bb7e33a18bd2e5ef6b5b30491030122c0a747d8872592eebe93e757a693830392e1865553e04b2815763890dc12001f3de37a8e1a1af

Download Submit
C:\Windows\system\fhdGkzr.exe

Filesize
6.0MB

MD5
a04d3c8a572480f7b3ac09c270949621

SHA1
c9245e824652f5c0baa52a164bccd4723334329a

SHA256
d03d08ae340b8cbb2ab576bcfbc4092714ad4cc229cc661c8f0a1ee5c7174371

SHA512
dcd9a41db84a11d229c9ea363a09afc2c1546e4ce9b8aa777a0ce1431ab546ff9582ae80bccf1c999433d3ba366af19c6f3960f4155294967b00f531e97d3785

Download Submit
C:\Windows\system\lgpxGGL.exe

Filesize
6.0MB

MD5
7f7967d88de41a10b3b73baa6199d00e

SHA1
b3e79f94b2899e37b5a7a3e3ec10c54671245b5f

SHA256
76cb44351c6cab3af8581ee87c82c51ddea2c38f2f2a4087b26c2540a5a0c98f

SHA512
6b5603effbe637ab2b5b7b2c4043408cc2eff6cc118392df278e58bc6023e0d4d3155e7825b8f2c411d3a0ba26560ceb5e8c80a99b1d6564fd2d9ebec6762212

Download Submit
C:\Windows\system\moNTtFM.exe

Filesize
6.0MB

MD5
444e0d7bce459b5cb7d05d449bb38661

SHA1
05b5c66a591a108afca1a0288429a98544f9093a

SHA256
810cdd9e5934a1c685f29889b5d7a73d74b65eebde3911819497f99d9af551ba

SHA512
4ee7b605a038c645312cd1bb381d33bb816551c7e1e21e7a479110e81323e4f07ffbbef4ccbc6a1dd4a364273c397b28d0a2d36c176ab2202eb24b967fa23486

Download Submit
C:\Windows\system\ocWVBah.exe

Filesize
6.0MB

MD5
17b0c6367518e88d81b42940f3092920

SHA1
94dc2666c524e4e3b5dbff2d450f85cc257e1115

SHA256
dc2b9714a818c6f2b30d341864e4fe5d07373c44b0b32365124eeec241ecf319

SHA512
7ff1cb15192cd0f04f0af17877b3c099fc58af68099a60a993281e2f6802a7e0b13feeafc1e6832f549b1a805f6f4a80e57ab10e9df8fe511faf6a92d37ddea1

Download Submit
C:\Windows\system\pjkCBBa.exe

Filesize
6.0MB

MD5
29e20c7231a8d1f6cc23396ab01fcfb8

SHA1
6b0e1854a226b7016995d3f664134fbdabcb8814

SHA256
b816d10f8feb669412a3689ea1864b4f458334607a16d2b5a74bdd9ef228e755

SHA512
59bee160cb1ae9fb2464e977bff547732c00fb954b5e9ea584aa9a8317ff885a280ed1185e4a4a6c5f453bd414231a6e01c9d45eb346508e7bb8a5151cdf1437

Download Submit
C:\Windows\system\pmhrPIh.exe

Filesize
6.0MB

MD5
285370ea0097d85029202429e2dd0fc7

SHA1
9d491275a0037bd0b711606980c05178b7743aa2

SHA256
36500dba37626aa1b50f8872ae3d8e3cc6d1d5c582dd7b474f8316f0195bcd58

SHA512
9539eb02dc41989cc23cc8853cd23d5891c12afa7c10681b7de7a34de4856947a062f70a6b0451f7f7081cc18afcbf301097392d56568d5d4be7a01b0e727457

Download Submit
C:\Windows\system\tSMlEBw.exe

Filesize
6.0MB

MD5
c373a5554fbff2ca194690f6a056e123

SHA1
26a5466d4913ce71c9e8e7937bc328f6454a335a

SHA256
57b5f3203c24303ecfbdc8e92992b5676ff6f4c36a7189ab89df3c34f69ac564

SHA512
864f4c554d64e7e55382dff53e929158469b4379f6eff78fd09301446263b92f60d91ad5307ccb71b03b1b349443def93e402d4bd3c9c485d482fc78bcccb8e1

Download Submit
C:\Windows\system\tcWLysn.exe

Filesize
6.0MB

MD5
d6eb4f08ea03e00d88092033542d3f18

SHA1
82c426c5c8cf23f8fa251e7ae45c76b0fbb01405

SHA256
a9fae32b60a7bb991307d475f92fee2e384218a33e0740e3bbfa4708514a33f5

SHA512
44580d79128a34624f46fe2555e393b7268e69331398fbb0b8f2d592184a01708a30b2a90a1f19579f79b2cb8f9e523872c3b54cb926c132049d519fe9580be2

Download Submit
C:\Windows\system\vKwnRNf.exe

Filesize
6.0MB

MD5
11e079ea6d064008c97f42cc21a116a5

SHA1
4cbe6fd389a063295dab08a0480ef227fbcbda3a

SHA256
d9396b53ecc1edd20ee1b94d28940b224efdccc62933f60d7b0f320dfecfacc1

SHA512
7c0525673c5c081836efd18a2aa5ed414fc6baf9ab26909a1dda611ce8084b988392555293f652d10da59976d7d39cccd5a9a0347d7a949215b5de0af2ae9206

Download Submit
C:\Windows\system\wdvDhCq.exe

Filesize
6.0MB

MD5
3aa49ac5961cdd0e5cbf6a8534bd9c93

SHA1
61bbac7889dfebd35379e3dc521a7046fe759fdc

SHA256
1c7dfd403991236635e425ec969795fb00ef31e29d09a3db441fa7e3cc0083f5

SHA512
b42000a124ae2fcca435207de686bf404770c63b1232329df871aa029dc95d90dda6255b148aeb9fc2187f8d108767cd0a29f71cd84e4dbfb04967c0872299fc

Download Submit
C:\Windows\system\yPCLSXp.exe

Filesize
6.0MB

MD5
40dd37560f49d95210f9e5984d2c5f23

SHA1
479fc0d2f60cc672a139eda2a2b8173d5e356e7a

SHA256
0bdfddb8f86559b042dbda8bca9267cf2a7de2fffa1f80af8edf8d220142e233

SHA512
93acab352a6029d6b5b391557142ab1c4f969cceb5f08b2ccb3709c21d36e61415a22ba37c2264fe90f88abcc5276f8c6eadc6e4015482da84ef0f05fdb7e9c4

Download Submit
\Windows\system\CsbMjcA.exe

Filesize
6.0MB

MD5
82503691ecfc9a58d879642d5e251a30

SHA1
392b5f62279994467eda3a4074186f88b7b1c34f

SHA256
f8a71e8d44c79e5c0101353f764c516ee8cc7a0a9cc1d22cb5c30ba5541babb6

SHA512
5300c0ffd157d083d4f64d160cdddb4a1630018717198721676067ac148590b9c699b0b14eb3f175d4f7907477a5240160a0290f61f01fbde6c89d5442792dd4

Download Submit
\Windows\system\NbgCoaI.exe

Filesize
6.0MB

MD5
d6c6c2eef45edbd6ac5201e2a6671aef

SHA1
50cffed77d95f6698b6df122136929c2422c61f8

SHA256
b10b00212785718b0b60682a077fafc5518ceb29b01cc2d7d94eeeffd46a9960

SHA512
4f926931c31dd27b9a0b74e7c981ae3defa8cf102f5549bbabfb7f1bed6000e2fbc81003e28b4216e5cd3c03b5d47433a50ebed65ea8014b57103fdc5c66b050

Download Submit
\Windows\system\cvscwaI.exe

Filesize
6.0MB

MD5
c5936384a3d55ab29d3e15f2052a1e4d

SHA1
33ea9f4e32dc92d48f7f31c5f65afafb0b5c55aa

SHA256
eb624c53dc90eea40ab8373816842a7af6f5fc53c847cd5a6b3641b040fb5765

SHA512
105a52643674d8c146d8491bee52914bbb63b33dae422e18501d0fd9cc5600a41272b61219408848da7a5345ba5c4c5b4b5f06ed9a3fa1efbde32162eeca74ad

Download Submit
\Windows\system\fwWBqZw.exe

Filesize
6.0MB

MD5
2cfa4821d869b12b75e5933f87d93a73

SHA1
8a18af35296dcc6c17f9ed39b54ebd7e9926b5ff

SHA256
fe803acd307adad8ea58495b932beb061e2d52bf353fe5272a91586dde0a2d64

SHA512
4ecccb4d5888f4443fead99266584251713c7e93ac92d9218f7b98e86bed6010b9bb88d9df1dfc0635d495e553377aa757ae0348473be69e95e54bfca491fce9

Download Submit
\Windows\system\iaqtDbx.exe

Filesize
6.0MB

MD5
e0340a2cdf7056ad6b8cf28a2bccceb8

SHA1
5593289042392d2670773f2b56eb6697fe446996

SHA256
380d78af2cdfbcf6f33f9abaa57d6d539172cca1981979dade5f986b95906317

SHA512
4ec2515249b35f2aaeba849f5b2937f0fdb85ecc1df2825e389f1ddc73729a25c79dbc44e268641d5658507a67797e96ea05b943a2a0dd061195897ef253ffe2

Download Submit
\Windows\system\kVAXxpZ.exe

Filesize
6.0MB

MD5
ea58dbd15183c15ff22ae3cd22010251

SHA1
1fc8919e59aa2b7cd0d76eecea0d85cd3e6c3f4d

SHA256
aca21fd420ad54058bfd9557d37d2008d336d0499b5a07d528cf0876113572c3

SHA512
26c4811868caa160c45d06dfc3cf287a66ab0098deb6945bef8bcaac3321d44137e920763f92df6d4da3a0668934ebb7dde7a702c16bd2e6afecdcd05f17c7a1

Download Submit
\Windows\system\sEVybir.exe

Filesize
6.0MB

MD5
a847cc13c10d82778410f3f58756c815

SHA1
cf3619c5cd173ccb90547592c73fb5f7578f3d31

SHA256
6d339390349b6640305167be61a4ea4ba81236843791e5ca475fe5e9d75cdd13

SHA512
9457f049cbe9233f61bbd466a2e116113bf511ed9d2a9f81bb85aa303a5cf4fb6592330f1c719ab6b938395507435fda2ea7c051a38a85f6f1adc913bc7c5a35

Download Submit
\Windows\system\vCgJWbl.exe

Filesize
6.0MB

MD5
c2dbc62fb3e3942282698049625c6355

SHA1
67a224cdf25efc2d296503f9daf75e36688aaec1

SHA256
e28d4c8f4264347f0f5f799397e1a13f79657234f6767f5fafcf747c7a17bfe8

SHA512
87783f12c1bf457062b4be711431da7b33204bde20cf4579756b37e8b20d5d94675ccb4d022f42bb24f029c39dfa5a0ce1702b4dc0107302cd9aa8dd3a7cea95

Download Submit
memory/868-3520-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/868-494-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/1000-22-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/1000-3466-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/1356-476-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1356-19-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/1356-580-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1356-493-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/1356-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1356-491-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/1356-2853-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1356-487-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/1356-2852-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/1356-0-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/1356-473-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1356-2851-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/1356-872-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1356-2850-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1356-1034-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1356-2849-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/1356-495-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1356-2848-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1356-489-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1356-62-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/1356-2847-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1356-51-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/1356-53-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1356-17-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/1356-57-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/1356-21-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/1356-43-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1356-35-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1356-28-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2056-58-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2056-3522-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2056-2179-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2108-492-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2108-3516-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-20-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2164-3498-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2244-3519-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2244-490-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2412-23-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2412-3468-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2584-3474-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2584-37-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2584-875-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2640-3521-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2640-477-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2672-496-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3501-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3518-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2708-488-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2852-1035-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2852-3517-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2852-49-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2908-3467-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-30-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-581-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-3475-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2988-55-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download