cobaltstrike | a644a3eaa3dcaa2f414de8507e6a02500d2a0c7c8cd933d73e724cff186bff40

Analysis

max time kernel
145s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17-12-2024 13:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

81ce8d71fbf377cb9b0720bfae3cdf5c
SHA1

4a66bde666525fdc2f655efb3a4afda8dcb0a79e
SHA256

a644a3eaa3dcaa2f414de8507e6a02500d2a0c7c8cd933d73e724cff186bff40
SHA512

1162b1c10c754cce9622e8e09beb04cf668a4235435d6a9e44932b4af5d92f4ee32ad554971ab6f31ac764847fe011f3e689478e02f28410a9a8df061bd9581a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUb:T+q56utgpPF8u/7b

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016df8-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016edc-15.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016f02-21.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000174b4-26.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000174f8-30.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000175f7-40.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924f-45.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001927a-60.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-71.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019358-85.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d0-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f9-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019510-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019508-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019502-150.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e1-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d5-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c3-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ad-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019428-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193dc-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939f-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-80.dat	cobalt_reflective_dll
behavioral1/files/0x0033000000016dd9-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019299-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-55.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-50.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017570-36.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 45 IoCs

miner

resource	yara_rule
behavioral1/memory/2996-0-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/files/0x0008000000016df8-11.dat	xmrig
behavioral1/files/0x0008000000016edc-15.dat	xmrig
behavioral1/files/0x0008000000016f02-21.dat	xmrig
behavioral1/files/0x00070000000174b4-26.dat	xmrig
behavioral1/files/0x00070000000174f8-30.dat	xmrig
behavioral1/files/0x00080000000175f7-40.dat	xmrig
behavioral1/files/0x000500000001924f-45.dat	xmrig
behavioral1/files/0x000500000001927a-60.dat	xmrig
behavioral1/files/0x00050000000192a1-71.dat	xmrig
behavioral1/files/0x0005000000019358-85.dat	xmrig
behavioral1/files/0x000500000001938e-90.dat	xmrig
behavioral1/files/0x00050000000193d0-105.dat	xmrig
behavioral1/files/0x00050000000193f9-115.dat	xmrig
behavioral1/files/0x0005000000019510-160.dat	xmrig
behavioral1/files/0x0005000000019508-155.dat	xmrig
behavioral1/files/0x0005000000019502-150.dat	xmrig
behavioral1/files/0x00050000000194e1-145.dat	xmrig
behavioral1/files/0x00050000000194d5-140.dat	xmrig
behavioral1/files/0x00050000000194c3-135.dat	xmrig
behavioral1/files/0x00050000000194ad-130.dat	xmrig
behavioral1/files/0x0005000000019428-125.dat	xmrig
behavioral1/files/0x0005000000019426-120.dat	xmrig
behavioral1/files/0x00050000000193dc-110.dat	xmrig
behavioral1/files/0x00050000000193cc-100.dat	xmrig
behavioral1/files/0x000500000001939f-95.dat	xmrig
behavioral1/files/0x0005000000019354-80.dat	xmrig
behavioral1/files/0x0033000000016dd9-75.dat	xmrig
behavioral1/files/0x0005000000019299-65.dat	xmrig
behavioral1/files/0x0005000000019274-55.dat	xmrig
behavioral1/files/0x0005000000019261-50.dat	xmrig
behavioral1/files/0x0007000000017570-36.dat	xmrig
behavioral1/memory/2732-1982-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2776-2183-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2660-2286-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2804-2454-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2808-2496-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2996-2948-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2804-2972-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2808-2969-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2732-2970-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2660-2968-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2776-2978-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2996-3018-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2732	LQhqxig.exe
2776	zBxGUmz.exe
2660	eGozLhH.exe
2804	cVOtqRR.exe
2808	tDlxbKs.exe
2860	KfHphQF.exe
2688	kcICQMh.exe
2608	IjHYwgu.exe
2564	fWixlnj.exe
2672	yAVaugA.exe
2348	DUjKkIW.exe
1588	ZdskbKZ.exe
1032	ePMVWCn.exe
988	EyMsrgS.exe
2640	VVYqhLw.exe
2868	pfEBpWY.exe
884	cgZQIzf.exe
864	pGqQaDH.exe
1504	fjXkeyo.exe
1996	YWVPLeW.exe
2076	KTXhCkl.exe
776	bPtaBXj.exe
1820	uzhblmU.exe
1132	LZXxjCs.exe
2420	JVTDnCB.exe
1396	zPJtwai.exe
2180	roqzFxX.exe
2528	HQMIOSi.exe
2196	HolnQSl.exe
1236	okiLpyZ.exe
2236	pbULsTz.exe
1772	LTslyEH.exe
1140	fapdYqV.exe
1648	IESLMJs.exe
868	UUvOcIN.exe
800	FFwGvnB.exe
2460	rrzZRGh.exe
1764	EdDgRxG.exe
1544	OzzSdUO.exe
2272	guKTDVx.exe
1516	xzUNwrJ.exe
1720	TKfEHYh.exe
1556	dSpQJcM.exe
1328	WLFSmPo.exe
3012	KaSgiLT.exe
3008	DRXUOBB.exe
2900	GxIwgZR.exe
2056	BunwlVN.exe
2132	WVijmfJ.exe
268	wtIHnWE.exe
2440	KyoiJeS.exe
1304	sKtbDQQ.exe
2024	OTIQAJS.exe
2028	nMvIAnJ.exe
3040	aHWIWFC.exe
1276	pTGemwc.exe
2692	XaOSkKD.exe
1604	lpIdILN.exe
2744	uuXzNCz.exe
2812	JOhCjjI.exe
2712	tbdsYHR.exe
2724	qhSpcdh.exe
2560	IqhMiAl.exe
2984	dTAgNRM.exe

Loads dropped DLL 64 IoCs

pid	Process
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 44 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2996-0-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/files/0x0008000000016df8-11.dat	upx
behavioral1/files/0x0008000000016edc-15.dat	upx
behavioral1/files/0x0008000000016f02-21.dat	upx
behavioral1/files/0x00070000000174b4-26.dat	upx
behavioral1/files/0x00070000000174f8-30.dat	upx
behavioral1/files/0x00080000000175f7-40.dat	upx
behavioral1/files/0x000500000001924f-45.dat	upx
behavioral1/files/0x000500000001927a-60.dat	upx
behavioral1/files/0x00050000000192a1-71.dat	upx
behavioral1/files/0x0005000000019358-85.dat	upx
behavioral1/files/0x000500000001938e-90.dat	upx
behavioral1/files/0x00050000000193d0-105.dat	upx
behavioral1/files/0x00050000000193f9-115.dat	upx
behavioral1/files/0x0005000000019510-160.dat	upx
behavioral1/files/0x0005000000019508-155.dat	upx
behavioral1/files/0x0005000000019502-150.dat	upx
behavioral1/files/0x00050000000194e1-145.dat	upx
behavioral1/files/0x00050000000194d5-140.dat	upx
behavioral1/files/0x00050000000194c3-135.dat	upx
behavioral1/files/0x00050000000194ad-130.dat	upx
behavioral1/files/0x0005000000019428-125.dat	upx
behavioral1/files/0x0005000000019426-120.dat	upx
behavioral1/files/0x00050000000193dc-110.dat	upx
behavioral1/files/0x00050000000193cc-100.dat	upx
behavioral1/files/0x000500000001939f-95.dat	upx
behavioral1/files/0x0005000000019354-80.dat	upx
behavioral1/files/0x0033000000016dd9-75.dat	upx
behavioral1/files/0x0005000000019299-65.dat	upx
behavioral1/files/0x0005000000019274-55.dat	upx
behavioral1/files/0x0005000000019261-50.dat	upx
behavioral1/files/0x0007000000017570-36.dat	upx
behavioral1/memory/2732-1982-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2776-2183-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2660-2286-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2804-2454-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2808-2496-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2996-2948-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2804-2972-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2808-2969-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2732-2970-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2660-2968-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2776-2978-0x000000013FD30000-0x0000000140084000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\aCROLSe.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wFWrvzb.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yWettHO.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WmVuoZm.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UKMUvaT.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PocJKhb.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lPbSLjN.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xSuSqor.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DZNxzMr.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mEngszT.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fpQFtTA.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\diEJqQh.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TIVFNaU.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YqufPgh.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WdmSxhh.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ygfsVdB.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LOHWAbS.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NgzfXMb.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LAoBlMd.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XJqXfTA.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UaAoHwa.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pPktvhv.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jyWXFkT.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lgSQYXo.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BzzmGDV.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cFkZXpH.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aXfQrnk.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eGASeji.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uurBDWO.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iuRISNI.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WzlQVnQ.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yREDyAh.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iOIarVD.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hDBTTvs.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FifzNMP.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aGvWlNI.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FagoftR.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uhzEiwY.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qeNjyBC.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EhfNnDI.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eFUswdF.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LmdSReG.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aluwnpq.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DRXUOBB.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FtkUeKf.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IAVMhUJ.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BhCEarT.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AdOrDUu.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sesFYNH.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lMtvZXR.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\noQZsdc.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fHoPkxR.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PJFDldY.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CRxMCHa.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tDlxbKs.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KaSgiLT.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gkPpFSf.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EJapBHK.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\afqoMbJ.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CfSJuWT.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rUoaCcI.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Oktfoaq.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GCFzTDn.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LRUAiJz.exe	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 2732	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2996 wrote to memory of 2732	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2996 wrote to memory of 2732	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2996 wrote to memory of 2776	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2996 wrote to memory of 2776	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2996 wrote to memory of 2776	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2996 wrote to memory of 2660	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2996 wrote to memory of 2660	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2996 wrote to memory of 2660	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2996 wrote to memory of 2804	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2996 wrote to memory of 2804	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2996 wrote to memory of 2804	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2996 wrote to memory of 2808	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2996 wrote to memory of 2808	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2996 wrote to memory of 2808	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2996 wrote to memory of 2860	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2996 wrote to memory of 2860	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2996 wrote to memory of 2860	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2996 wrote to memory of 2688	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2996 wrote to memory of 2688	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2996 wrote to memory of 2688	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2996 wrote to memory of 2608	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2996 wrote to memory of 2608	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2996 wrote to memory of 2608	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2996 wrote to memory of 2564	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2996 wrote to memory of 2564	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2996 wrote to memory of 2564	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2996 wrote to memory of 2672	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2996 wrote to memory of 2672	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2996 wrote to memory of 2672	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2996 wrote to memory of 2348	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2996 wrote to memory of 2348	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2996 wrote to memory of 2348	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2996 wrote to memory of 1588	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2996 wrote to memory of 1588	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2996 wrote to memory of 1588	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2996 wrote to memory of 1032	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2996 wrote to memory of 1032	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2996 wrote to memory of 1032	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2996 wrote to memory of 988	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2996 wrote to memory of 988	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2996 wrote to memory of 988	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2996 wrote to memory of 2640	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2996 wrote to memory of 2640	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2996 wrote to memory of 2640	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2996 wrote to memory of 2868	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2996 wrote to memory of 2868	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2996 wrote to memory of 2868	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2996 wrote to memory of 884	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2996 wrote to memory of 884	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2996 wrote to memory of 884	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2996 wrote to memory of 864	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2996 wrote to memory of 864	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2996 wrote to memory of 864	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2996 wrote to memory of 1504	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2996 wrote to memory of 1504	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2996 wrote to memory of 1504	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2996 wrote to memory of 1996	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2996 wrote to memory of 1996	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2996 wrote to memory of 1996	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2996 wrote to memory of 2076	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2996 wrote to memory of 2076	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2996 wrote to memory of 2076	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2996 wrote to memory of 776	2996	2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-17_81ce8d71fbf377cb9b0720bfae3cdf5c_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Windows\System\LQhqxig.exe
  C:\Windows\System\LQhqxig.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\zBxGUmz.exe
  C:\Windows\System\zBxGUmz.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\eGozLhH.exe
  C:\Windows\System\eGozLhH.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\cVOtqRR.exe
  C:\Windows\System\cVOtqRR.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\tDlxbKs.exe
  C:\Windows\System\tDlxbKs.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\KfHphQF.exe
  C:\Windows\System\KfHphQF.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\kcICQMh.exe
  C:\Windows\System\kcICQMh.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\IjHYwgu.exe
  C:\Windows\System\IjHYwgu.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\fWixlnj.exe
  C:\Windows\System\fWixlnj.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\yAVaugA.exe
  C:\Windows\System\yAVaugA.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\DUjKkIW.exe
  C:\Windows\System\DUjKkIW.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\ZdskbKZ.exe
  C:\Windows\System\ZdskbKZ.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\ePMVWCn.exe
  C:\Windows\System\ePMVWCn.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\EyMsrgS.exe
  C:\Windows\System\EyMsrgS.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\VVYqhLw.exe
  C:\Windows\System\VVYqhLw.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\pfEBpWY.exe
  C:\Windows\System\pfEBpWY.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\cgZQIzf.exe
  C:\Windows\System\cgZQIzf.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\pGqQaDH.exe
  C:\Windows\System\pGqQaDH.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\fjXkeyo.exe
  C:\Windows\System\fjXkeyo.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\YWVPLeW.exe
  C:\Windows\System\YWVPLeW.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\KTXhCkl.exe
  C:\Windows\System\KTXhCkl.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\bPtaBXj.exe
  C:\Windows\System\bPtaBXj.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\uzhblmU.exe
  C:\Windows\System\uzhblmU.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\LZXxjCs.exe
  C:\Windows\System\LZXxjCs.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\JVTDnCB.exe
  C:\Windows\System\JVTDnCB.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\zPJtwai.exe
  C:\Windows\System\zPJtwai.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\roqzFxX.exe
  C:\Windows\System\roqzFxX.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\HQMIOSi.exe
  C:\Windows\System\HQMIOSi.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\HolnQSl.exe
  C:\Windows\System\HolnQSl.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\okiLpyZ.exe
  C:\Windows\System\okiLpyZ.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\pbULsTz.exe
  C:\Windows\System\pbULsTz.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\LTslyEH.exe
  C:\Windows\System\LTslyEH.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\fapdYqV.exe
  C:\Windows\System\fapdYqV.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\IESLMJs.exe
  C:\Windows\System\IESLMJs.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\UUvOcIN.exe
  C:\Windows\System\UUvOcIN.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\FFwGvnB.exe
  C:\Windows\System\FFwGvnB.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\rrzZRGh.exe
  C:\Windows\System\rrzZRGh.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\EdDgRxG.exe
  C:\Windows\System\EdDgRxG.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\OzzSdUO.exe
  C:\Windows\System\OzzSdUO.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\guKTDVx.exe
  C:\Windows\System\guKTDVx.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\xzUNwrJ.exe
  C:\Windows\System\xzUNwrJ.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\TKfEHYh.exe
  C:\Windows\System\TKfEHYh.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\dSpQJcM.exe
  C:\Windows\System\dSpQJcM.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\WLFSmPo.exe
  C:\Windows\System\WLFSmPo.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\KaSgiLT.exe
  C:\Windows\System\KaSgiLT.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\DRXUOBB.exe
  C:\Windows\System\DRXUOBB.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\GxIwgZR.exe
  C:\Windows\System\GxIwgZR.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\BunwlVN.exe
  C:\Windows\System\BunwlVN.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\WVijmfJ.exe
  C:\Windows\System\WVijmfJ.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\wtIHnWE.exe
  C:\Windows\System\wtIHnWE.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\KyoiJeS.exe
  C:\Windows\System\KyoiJeS.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\sKtbDQQ.exe
  C:\Windows\System\sKtbDQQ.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\OTIQAJS.exe
  C:\Windows\System\OTIQAJS.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\nMvIAnJ.exe
  C:\Windows\System\nMvIAnJ.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\aHWIWFC.exe
  C:\Windows\System\aHWIWFC.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\pTGemwc.exe
  C:\Windows\System\pTGemwc.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\XaOSkKD.exe
  C:\Windows\System\XaOSkKD.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\lpIdILN.exe
  C:\Windows\System\lpIdILN.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\uuXzNCz.exe
  C:\Windows\System\uuXzNCz.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\JOhCjjI.exe
  C:\Windows\System\JOhCjjI.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\tbdsYHR.exe
  C:\Windows\System\tbdsYHR.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\qhSpcdh.exe
  C:\Windows\System\qhSpcdh.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\IqhMiAl.exe
  C:\Windows\System\IqhMiAl.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\dTAgNRM.exe
  C:\Windows\System\dTAgNRM.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\yTJUeas.exe
  C:\Windows\System\yTJUeas.exe
  2⤵
  PID:2552
- C:\Windows\System\DYRESVb.exe
  C:\Windows\System\DYRESVb.exe
  2⤵
  PID:1096
- C:\Windows\System\CblSzAf.exe
  C:\Windows\System\CblSzAf.exe
  2⤵
  PID:2800
- C:\Windows\System\eAiReZj.exe
  C:\Windows\System\eAiReZj.exe
  2⤵
  PID:2444
- C:\Windows\System\KulfOKC.exe
  C:\Windows\System\KulfOKC.exe
  2⤵
  PID:2964
- C:\Windows\System\eWjWMBu.exe
  C:\Windows\System\eWjWMBu.exe
  2⤵
  PID:1984
- C:\Windows\System\WINEIgo.exe
  C:\Windows\System\WINEIgo.exe
  2⤵
  PID:1156
- C:\Windows\System\AsKUdOw.exe
  C:\Windows\System\AsKUdOw.exe
  2⤵
  PID:1272
- C:\Windows\System\nQwBnHY.exe
  C:\Windows\System\nQwBnHY.exe
  2⤵
  PID:2244
- C:\Windows\System\fiiSzvE.exe
  C:\Windows\System\fiiSzvE.exe
  2⤵
  PID:2772
- C:\Windows\System\cydViYW.exe
  C:\Windows\System\cydViYW.exe
  2⤵
  PID:2312
- C:\Windows\System\fkhabHY.exe
  C:\Windows\System\fkhabHY.exe
  2⤵
  PID:912
- C:\Windows\System\MWYfjBw.exe
  C:\Windows\System\MWYfjBw.exe
  2⤵
  PID:2408
- C:\Windows\System\fIOYmjX.exe
  C:\Windows\System\fIOYmjX.exe
  2⤵
  PID:1856
- C:\Windows\System\xCODXJe.exe
  C:\Windows\System\xCODXJe.exe
  2⤵
  PID:1512
- C:\Windows\System\FaaQXTJ.exe
  C:\Windows\System\FaaQXTJ.exe
  2⤵
  PID:2484
- C:\Windows\System\RcuvQNy.exe
  C:\Windows\System\RcuvQNy.exe
  2⤵
  PID:1688
- C:\Windows\System\YqufPgh.exe
  C:\Windows\System\YqufPgh.exe
  2⤵
  PID:2364
- C:\Windows\System\RIyumdo.exe
  C:\Windows\System\RIyumdo.exe
  2⤵
  PID:2084
- C:\Windows\System\KkIlYhe.exe
  C:\Windows\System\KkIlYhe.exe
  2⤵
  PID:784
- C:\Windows\System\SyRIzdh.exe
  C:\Windows\System\SyRIzdh.exe
  2⤵
  PID:2320
- C:\Windows\System\pUbartb.exe
  C:\Windows\System\pUbartb.exe
  2⤵
  PID:1804
- C:\Windows\System\yotGZpw.exe
  C:\Windows\System\yotGZpw.exe
  2⤵
  PID:2508
- C:\Windows\System\bqpSOmM.exe
  C:\Windows\System\bqpSOmM.exe
  2⤵
  PID:2892
- C:\Windows\System\LRUAiJz.exe
  C:\Windows\System\LRUAiJz.exe
  2⤵
  PID:1120
- C:\Windows\System\pPYnAvV.exe
  C:\Windows\System\pPYnAvV.exe
  2⤵
  PID:2036
- C:\Windows\System\FtBQWAu.exe
  C:\Windows\System\FtBQWAu.exe
  2⤵
  PID:304
- C:\Windows\System\TGbcrRy.exe
  C:\Windows\System\TGbcrRy.exe
  2⤵
  PID:2824
- C:\Windows\System\Mspunfp.exe
  C:\Windows\System\Mspunfp.exe
  2⤵
  PID:1596
- C:\Windows\System\uQGdhov.exe
  C:\Windows\System\uQGdhov.exe
  2⤵
  PID:2700
- C:\Windows\System\HFfYeul.exe
  C:\Windows\System\HFfYeul.exe
  2⤵
  PID:2556
- C:\Windows\System\ZbtEoux.exe
  C:\Windows\System\ZbtEoux.exe
  2⤵
  PID:2544
- C:\Windows\System\qxxqWvR.exe
  C:\Windows\System\qxxqWvR.exe
  2⤵
  PID:3064
- C:\Windows\System\MQHlZKG.exe
  C:\Windows\System\MQHlZKG.exe
  2⤵
  PID:2988
- C:\Windows\System\OqShmxv.exe
  C:\Windows\System\OqShmxv.exe
  2⤵
  PID:2848
- C:\Windows\System\zzkwvbY.exe
  C:\Windows\System\zzkwvbY.exe
  2⤵
  PID:2004
- C:\Windows\System\nwqVIWY.exe
  C:\Windows\System\nwqVIWY.exe
  2⤵
  PID:2060
- C:\Windows\System\dUsjdWg.exe
  C:\Windows\System\dUsjdWg.exe
  2⤵
  PID:1992
- C:\Windows\System\SoHIEco.exe
  C:\Windows\System\SoHIEco.exe
  2⤵
  PID:2476
- C:\Windows\System\BXWnKFW.exe
  C:\Windows\System\BXWnKFW.exe
  2⤵
  PID:2156
- C:\Windows\System\XbldRJu.exe
  C:\Windows\System\XbldRJu.exe
  2⤵
  PID:2500
- C:\Windows\System\HvFusfG.exe
  C:\Windows\System\HvFusfG.exe
  2⤵
  PID:1704
- C:\Windows\System\JmflnkA.exe
  C:\Windows\System\JmflnkA.exe
  2⤵
  PID:1960
- C:\Windows\System\uoRAyiy.exe
  C:\Windows\System\uoRAyiy.exe
  2⤵
  PID:1660
- C:\Windows\System\gaIeBtu.exe
  C:\Windows\System\gaIeBtu.exe
  2⤵
  PID:2040
- C:\Windows\System\BRTIVDu.exe
  C:\Windows\System\BRTIVDu.exe
  2⤵
  PID:2896
- C:\Windows\System\LFSzsEw.exe
  C:\Windows\System\LFSzsEw.exe
  2⤵
  PID:1560
- C:\Windows\System\YQZZDCa.exe
  C:\Windows\System\YQZZDCa.exe
  2⤵
  PID:1780
- C:\Windows\System\DsoYvOR.exe
  C:\Windows\System\DsoYvOR.exe
  2⤵
  PID:1280
- C:\Windows\System\wuFYlJo.exe
  C:\Windows\System\wuFYlJo.exe
  2⤵
  PID:2680
- C:\Windows\System\ljkHzHc.exe
  C:\Windows\System\ljkHzHc.exe
  2⤵
  PID:2332
- C:\Windows\System\xUQIZoB.exe
  C:\Windows\System\xUQIZoB.exe
  2⤵
  PID:3088
- C:\Windows\System\ByOgcGq.exe
  C:\Windows\System\ByOgcGq.exe
  2⤵
  PID:3108
- C:\Windows\System\RRNSLOH.exe
  C:\Windows\System\RRNSLOH.exe
  2⤵
  PID:3124
- C:\Windows\System\MrJvoHZ.exe
  C:\Windows\System\MrJvoHZ.exe
  2⤵
  PID:3148
- C:\Windows\System\SKDXLpr.exe
  C:\Windows\System\SKDXLpr.exe
  2⤵
  PID:3168
- C:\Windows\System\XTFXBjQ.exe
  C:\Windows\System\XTFXBjQ.exe
  2⤵
  PID:3188
- C:\Windows\System\OgZMIUJ.exe
  C:\Windows\System\OgZMIUJ.exe
  2⤵
  PID:3208
- C:\Windows\System\XdmuKxb.exe
  C:\Windows\System\XdmuKxb.exe
  2⤵
  PID:3228
- C:\Windows\System\jSWOvMU.exe
  C:\Windows\System\jSWOvMU.exe
  2⤵
  PID:3248
- C:\Windows\System\rEOSpWz.exe
  C:\Windows\System\rEOSpWz.exe
  2⤵
  PID:3264
- C:\Windows\System\aCROLSe.exe
  C:\Windows\System\aCROLSe.exe
  2⤵
  PID:3284
- C:\Windows\System\iANfdRB.exe
  C:\Windows\System\iANfdRB.exe
  2⤵
  PID:3304
- C:\Windows\System\CaIYIDG.exe
  C:\Windows\System\CaIYIDG.exe
  2⤵
  PID:3328
- C:\Windows\System\DWyQlgu.exe
  C:\Windows\System\DWyQlgu.exe
  2⤵
  PID:3348
- C:\Windows\System\YwEJZnj.exe
  C:\Windows\System\YwEJZnj.exe
  2⤵
  PID:3368
- C:\Windows\System\dWRDfaY.exe
  C:\Windows\System\dWRDfaY.exe
  2⤵
  PID:3388
- C:\Windows\System\oPSKLSQ.exe
  C:\Windows\System\oPSKLSQ.exe
  2⤵
  PID:3404
- C:\Windows\System\JGgZmlt.exe
  C:\Windows\System\JGgZmlt.exe
  2⤵
  PID:3428
- C:\Windows\System\LGVDZYB.exe
  C:\Windows\System\LGVDZYB.exe
  2⤵
  PID:3452
- C:\Windows\System\Jbwuhfe.exe
  C:\Windows\System\Jbwuhfe.exe
  2⤵
  PID:3472
- C:\Windows\System\DlkQOvT.exe
  C:\Windows\System\DlkQOvT.exe
  2⤵
  PID:3492
- C:\Windows\System\ECbtrRg.exe
  C:\Windows\System\ECbtrRg.exe
  2⤵
  PID:3512
- C:\Windows\System\LlnSkht.exe
  C:\Windows\System\LlnSkht.exe
  2⤵
  PID:3532
- C:\Windows\System\gSmkNMX.exe
  C:\Windows\System\gSmkNMX.exe
  2⤵
  PID:3552
- C:\Windows\System\RDEhekK.exe
  C:\Windows\System\RDEhekK.exe
  2⤵
  PID:3572
- C:\Windows\System\nmbggJO.exe
  C:\Windows\System\nmbggJO.exe
  2⤵
  PID:3592
- C:\Windows\System\XGdwTYI.exe
  C:\Windows\System\XGdwTYI.exe
  2⤵
  PID:3612
- C:\Windows\System\iPdoIFU.exe
  C:\Windows\System\iPdoIFU.exe
  2⤵
  PID:3628
- C:\Windows\System\WDIiZfS.exe
  C:\Windows\System\WDIiZfS.exe
  2⤵
  PID:3652
- C:\Windows\System\SXMzjVV.exe
  C:\Windows\System\SXMzjVV.exe
  2⤵
  PID:3676
- C:\Windows\System\JYxwzEo.exe
  C:\Windows\System\JYxwzEo.exe
  2⤵
  PID:3692
- C:\Windows\System\taomugl.exe
  C:\Windows\System\taomugl.exe
  2⤵
  PID:3712
- C:\Windows\System\bVvgHVx.exe
  C:\Windows\System\bVvgHVx.exe
  2⤵
  PID:3736
- C:\Windows\System\YPHVsxd.exe
  C:\Windows\System\YPHVsxd.exe
  2⤵
  PID:3756
- C:\Windows\System\rEKPcZP.exe
  C:\Windows\System\rEKPcZP.exe
  2⤵
  PID:3772
- C:\Windows\System\raSRzay.exe
  C:\Windows\System\raSRzay.exe
  2⤵
  PID:3796
- C:\Windows\System\lebWNxW.exe
  C:\Windows\System\lebWNxW.exe
  2⤵
  PID:3812
- C:\Windows\System\aFxdnJw.exe
  C:\Windows\System\aFxdnJw.exe
  2⤵
  PID:3836
- C:\Windows\System\ddlQEUG.exe
  C:\Windows\System\ddlQEUG.exe
  2⤵
  PID:3856
- C:\Windows\System\NPrADjL.exe
  C:\Windows\System\NPrADjL.exe
  2⤵
  PID:3876
- C:\Windows\System\MbDcqBx.exe
  C:\Windows\System\MbDcqBx.exe
  2⤵
  PID:3892
- C:\Windows\System\LGcAqEp.exe
  C:\Windows\System\LGcAqEp.exe
  2⤵
  PID:3916
- C:\Windows\System\MMnGzLA.exe
  C:\Windows\System\MMnGzLA.exe
  2⤵
  PID:3936
- C:\Windows\System\ReYVHwz.exe
  C:\Windows\System\ReYVHwz.exe
  2⤵
  PID:3956
- C:\Windows\System\twRmfsY.exe
  C:\Windows\System\twRmfsY.exe
  2⤵
  PID:3976
- C:\Windows\System\DXDcOGi.exe
  C:\Windows\System\DXDcOGi.exe
  2⤵
  PID:3996
- C:\Windows\System\TdgAtOe.exe
  C:\Windows\System\TdgAtOe.exe
  2⤵
  PID:4012
- C:\Windows\System\GRHBwxG.exe
  C:\Windows\System\GRHBwxG.exe
  2⤵
  PID:4032
- C:\Windows\System\GOofaRC.exe
  C:\Windows\System\GOofaRC.exe
  2⤵
  PID:4052
- C:\Windows\System\psUUEBz.exe
  C:\Windows\System\psUUEBz.exe
  2⤵
  PID:4076
- C:\Windows\System\GzWyXiN.exe
  C:\Windows\System\GzWyXiN.exe
  2⤵
  PID:4092
- C:\Windows\System\XpkDEJF.exe
  C:\Windows\System\XpkDEJF.exe
  2⤵
  PID:2516
- C:\Windows\System\pSqiSUc.exe
  C:\Windows\System\pSqiSUc.exe
  2⤵
  PID:2728
- C:\Windows\System\BWPFRRB.exe
  C:\Windows\System\BWPFRRB.exe
  2⤵
  PID:1904
- C:\Windows\System\uNpWNVw.exe
  C:\Windows\System\uNpWNVw.exe
  2⤵
  PID:1676
- C:\Windows\System\ghktSsy.exe
  C:\Windows\System\ghktSsy.exe
  2⤵
  PID:2368
- C:\Windows\System\TJmYnCI.exe
  C:\Windows\System\TJmYnCI.exe
  2⤵
  PID:852
- C:\Windows\System\sHJiEGf.exe
  C:\Windows\System\sHJiEGf.exe
  2⤵
  PID:1788
- C:\Windows\System\PoFFZba.exe
  C:\Windows\System\PoFFZba.exe
  2⤵
  PID:688
- C:\Windows\System\niaeqQb.exe
  C:\Windows\System\niaeqQb.exe
  2⤵
  PID:1352
- C:\Windows\System\wkGUYnd.exe
  C:\Windows\System\wkGUYnd.exe
  2⤵
  PID:2336
- C:\Windows\System\osXWHyh.exe
  C:\Windows\System\osXWHyh.exe
  2⤵
  PID:2704
- C:\Windows\System\zMFVonG.exe
  C:\Windows\System\zMFVonG.exe
  2⤵
  PID:1712
- C:\Windows\System\eWsXVbY.exe
  C:\Windows\System\eWsXVbY.exe
  2⤵
  PID:3100
- C:\Windows\System\PdNxBpd.exe
  C:\Windows\System\PdNxBpd.exe
  2⤵
  PID:3156
- C:\Windows\System\SJHSZGG.exe
  C:\Windows\System\SJHSZGG.exe
  2⤵
  PID:3184
- C:\Windows\System\eJUiZHo.exe
  C:\Windows\System\eJUiZHo.exe
  2⤵
  PID:3216
- C:\Windows\System\uWMztur.exe
  C:\Windows\System\uWMztur.exe
  2⤵
  PID:3220
- C:\Windows\System\uWGulfr.exe
  C:\Windows\System\uWGulfr.exe
  2⤵
  PID:3276
- C:\Windows\System\bphJZuF.exe
  C:\Windows\System\bphJZuF.exe
  2⤵
  PID:3292
- C:\Windows\System\ZRCDwAT.exe
  C:\Windows\System\ZRCDwAT.exe
  2⤵
  PID:3340
- C:\Windows\System\bqIXfHg.exe
  C:\Windows\System\bqIXfHg.exe
  2⤵
  PID:3376
- C:\Windows\System\FYeOJvi.exe
  C:\Windows\System\FYeOJvi.exe
  2⤵
  PID:3412
- C:\Windows\System\jLrjmtf.exe
  C:\Windows\System\jLrjmtf.exe
  2⤵
  PID:3440
- C:\Windows\System\GIUsYgn.exe
  C:\Windows\System\GIUsYgn.exe
  2⤵
  PID:3488
- C:\Windows\System\wFWrvzb.exe
  C:\Windows\System\wFWrvzb.exe
  2⤵
  PID:3504
- C:\Windows\System\OeIvCwy.exe
  C:\Windows\System\OeIvCwy.exe
  2⤵
  PID:3540
- C:\Windows\System\LwIfVUY.exe
  C:\Windows\System\LwIfVUY.exe
  2⤵
  PID:3600
- C:\Windows\System\caqMLNF.exe
  C:\Windows\System\caqMLNF.exe
  2⤵
  PID:3584
- C:\Windows\System\JalzrRG.exe
  C:\Windows\System\JalzrRG.exe
  2⤵
  PID:3624
- C:\Windows\System\jpXXfcM.exe
  C:\Windows\System\jpXXfcM.exe
  2⤵
  PID:3688
- C:\Windows\System\nIiRKct.exe
  C:\Windows\System\nIiRKct.exe
  2⤵
  PID:3700
- C:\Windows\System\UVvooMU.exe
  C:\Windows\System\UVvooMU.exe
  2⤵
  PID:3748
- C:\Windows\System\vKQVJGL.exe
  C:\Windows\System\vKQVJGL.exe
  2⤵
  PID:3792
- C:\Windows\System\MhZiwwM.exe
  C:\Windows\System\MhZiwwM.exe
  2⤵
  PID:3852
- C:\Windows\System\gLYCikf.exe
  C:\Windows\System\gLYCikf.exe
  2⤵
  PID:3820
- C:\Windows\System\gnngVCg.exe
  C:\Windows\System\gnngVCg.exe
  2⤵
  PID:3868
- C:\Windows\System\tDHkvLV.exe
  C:\Windows\System\tDHkvLV.exe
  2⤵
  PID:3924
- C:\Windows\System\PaflqsL.exe
  C:\Windows\System\PaflqsL.exe
  2⤵
  PID:3944
- C:\Windows\System\UtdUhIC.exe
  C:\Windows\System\UtdUhIC.exe
  2⤵
  PID:3992
- C:\Windows\System\EvtWTPz.exe
  C:\Windows\System\EvtWTPz.exe
  2⤵
  PID:4040
- C:\Windows\System\TrVyDms.exe
  C:\Windows\System\TrVyDms.exe
  2⤵
  PID:4028
- C:\Windows\System\mOkiOYx.exe
  C:\Windows\System\mOkiOYx.exe
  2⤵
  PID:4072
- C:\Windows\System\fSgDXaW.exe
  C:\Windows\System\fSgDXaW.exe
  2⤵
  PID:2720
- C:\Windows\System\hLTnQcA.exe
  C:\Windows\System\hLTnQcA.exe
  2⤵
  PID:1028
- C:\Windows\System\PVZpqyn.exe
  C:\Windows\System\PVZpqyn.exe
  2⤵
  PID:556
- C:\Windows\System\BCYbIje.exe
  C:\Windows\System\BCYbIje.exe
  2⤵
  PID:848
- C:\Windows\System\AdQRlcq.exe
  C:\Windows\System\AdQRlcq.exe
  2⤵
  PID:1584
- C:\Windows\System\AMeJaHB.exe
  C:\Windows\System\AMeJaHB.exe
  2⤵
  PID:2064
- C:\Windows\System\ryEhbwM.exe
  C:\Windows\System\ryEhbwM.exe
  2⤵
  PID:1800
- C:\Windows\System\ROUBxcB.exe
  C:\Windows\System\ROUBxcB.exe
  2⤵
  PID:3120
- C:\Windows\System\UkMPOuk.exe
  C:\Windows\System\UkMPOuk.exe
  2⤵
  PID:3204
- C:\Windows\System\HZyoMdQ.exe
  C:\Windows\System\HZyoMdQ.exe
  2⤵
  PID:3244
- C:\Windows\System\EWYWdFQ.exe
  C:\Windows\System\EWYWdFQ.exe
  2⤵
  PID:3240
- C:\Windows\System\EXRVfHj.exe
  C:\Windows\System\EXRVfHj.exe
  2⤵
  PID:3344
- C:\Windows\System\MGmBJpX.exe
  C:\Windows\System\MGmBJpX.exe
  2⤵
  PID:3364
- C:\Windows\System\LjBFbss.exe
  C:\Windows\System\LjBFbss.exe
  2⤵
  PID:3448
- C:\Windows\System\jnJPVev.exe
  C:\Windows\System\jnJPVev.exe
  2⤵
  PID:3500
- C:\Windows\System\HzsuGRU.exe
  C:\Windows\System\HzsuGRU.exe
  2⤵
  PID:3564
- C:\Windows\System\zNWqISN.exe
  C:\Windows\System\zNWqISN.exe
  2⤵
  PID:3588
- C:\Windows\System\snLvytm.exe
  C:\Windows\System\snLvytm.exe
  2⤵
  PID:3640
- C:\Windows\System\zvMNrhn.exe
  C:\Windows\System\zvMNrhn.exe
  2⤵
  PID:3704
- C:\Windows\System\gveXXoU.exe
  C:\Windows\System\gveXXoU.exe
  2⤵
  PID:3780
- C:\Windows\System\mlKlQfE.exe
  C:\Windows\System\mlKlQfE.exe
  2⤵
  PID:3788
- C:\Windows\System\GilhfXi.exe
  C:\Windows\System\GilhfXi.exe
  2⤵
  PID:3928
- C:\Windows\System\bifevYW.exe
  C:\Windows\System\bifevYW.exe
  2⤵
  PID:3912
- C:\Windows\System\XmxHJjr.exe
  C:\Windows\System\XmxHJjr.exe
  2⤵
  PID:3984
- C:\Windows\System\gdKqCPE.exe
  C:\Windows\System\gdKqCPE.exe
  2⤵
  PID:4088
- C:\Windows\System\aVkmvyr.exe
  C:\Windows\System\aVkmvyr.exe
  2⤵
  PID:1944
- C:\Windows\System\VRIvwfF.exe
  C:\Windows\System\VRIvwfF.exe
  2⤵
  PID:2928
- C:\Windows\System\rqjsPdA.exe
  C:\Windows\System\rqjsPdA.exe
  2⤵
  PID:1532
- C:\Windows\System\DOIVjbl.exe
  C:\Windows\System\DOIVjbl.exe
  2⤵
  PID:1552
- C:\Windows\System\VzPPgUl.exe
  C:\Windows\System\VzPPgUl.exe
  2⤵
  PID:2380
- C:\Windows\System\wGPHimC.exe
  C:\Windows\System\wGPHimC.exe
  2⤵
  PID:3160
- C:\Windows\System\jheOiTw.exe
  C:\Windows\System\jheOiTw.exe
  2⤵
  PID:3260
- C:\Windows\System\BGPUcAk.exe
  C:\Windows\System\BGPUcAk.exe
  2⤵
  PID:3384
- C:\Windows\System\ngNoasY.exe
  C:\Windows\System\ngNoasY.exe
  2⤵
  PID:3380
- C:\Windows\System\RzjJXvJ.exe
  C:\Windows\System\RzjJXvJ.exe
  2⤵
  PID:3684
- C:\Windows\System\kqWnrQw.exe
  C:\Windows\System\kqWnrQw.exe
  2⤵
  PID:3636
- C:\Windows\System\lfokyVU.exe
  C:\Windows\System\lfokyVU.exe
  2⤵
  PID:3732
- C:\Windows\System\cYZmBFw.exe
  C:\Windows\System\cYZmBFw.exe
  2⤵
  PID:3784
- C:\Windows\System\lctYZox.exe
  C:\Windows\System\lctYZox.exe
  2⤵
  PID:3832
- C:\Windows\System\jAVMKXc.exe
  C:\Windows\System\jAVMKXc.exe
  2⤵
  PID:3972
- C:\Windows\System\YOPPveM.exe
  C:\Windows\System\YOPPveM.exe
  2⤵
  PID:1724
- C:\Windows\System\ygfsVdB.exe
  C:\Windows\System\ygfsVdB.exe
  2⤵
  PID:2176
- C:\Windows\System\MIlvhZe.exe
  C:\Windows\System\MIlvhZe.exe
  2⤵
  PID:1776
- C:\Windows\System\wnOLJkL.exe
  C:\Windows\System\wnOLJkL.exe
  2⤵
  PID:4100
- C:\Windows\System\JruDzoT.exe
  C:\Windows\System\JruDzoT.exe
  2⤵
  PID:4124
- C:\Windows\System\uENHgwb.exe
  C:\Windows\System\uENHgwb.exe
  2⤵
  PID:4140
- C:\Windows\System\BucTqmF.exe
  C:\Windows\System\BucTqmF.exe
  2⤵
  PID:4160
- C:\Windows\System\bXWsBNu.exe
  C:\Windows\System\bXWsBNu.exe
  2⤵
  PID:4180
- C:\Windows\System\nuDAVVM.exe
  C:\Windows\System\nuDAVVM.exe
  2⤵
  PID:4204
- C:\Windows\System\CJbpaPw.exe
  C:\Windows\System\CJbpaPw.exe
  2⤵
  PID:4220
- C:\Windows\System\AMvynaR.exe
  C:\Windows\System\AMvynaR.exe
  2⤵
  PID:4240
- C:\Windows\System\lOSdBMz.exe
  C:\Windows\System\lOSdBMz.exe
  2⤵
  PID:4264
- C:\Windows\System\bAsAymL.exe
  C:\Windows\System\bAsAymL.exe
  2⤵
  PID:4280
- C:\Windows\System\xPrGVGG.exe
  C:\Windows\System\xPrGVGG.exe
  2⤵
  PID:4304
- C:\Windows\System\SVFhKMz.exe
  C:\Windows\System\SVFhKMz.exe
  2⤵
  PID:4324
- C:\Windows\System\SqZqtlB.exe
  C:\Windows\System\SqZqtlB.exe
  2⤵
  PID:4340
- C:\Windows\System\UsCbSkd.exe
  C:\Windows\System\UsCbSkd.exe
  2⤵
  PID:4364
- C:\Windows\System\cKmRywY.exe
  C:\Windows\System\cKmRywY.exe
  2⤵
  PID:4380
- C:\Windows\System\lCfQFmt.exe
  C:\Windows\System\lCfQFmt.exe
  2⤵
  PID:4400
- C:\Windows\System\CMTFdVD.exe
  C:\Windows\System\CMTFdVD.exe
  2⤵
  PID:4420
- C:\Windows\System\UkyCGia.exe
  C:\Windows\System\UkyCGia.exe
  2⤵
  PID:4444
- C:\Windows\System\AoqQlHq.exe
  C:\Windows\System\AoqQlHq.exe
  2⤵
  PID:4460
- C:\Windows\System\kCjMJts.exe
  C:\Windows\System\kCjMJts.exe
  2⤵
  PID:4484
- C:\Windows\System\Mmniwsh.exe
  C:\Windows\System\Mmniwsh.exe
  2⤵
  PID:4500
- C:\Windows\System\tVQHSMn.exe
  C:\Windows\System\tVQHSMn.exe
  2⤵
  PID:4524
- C:\Windows\System\OQYKwzZ.exe
  C:\Windows\System\OQYKwzZ.exe
  2⤵
  PID:4540
- C:\Windows\System\YjVCfce.exe
  C:\Windows\System\YjVCfce.exe
  2⤵
  PID:4564
- C:\Windows\System\aXeXTDr.exe
  C:\Windows\System\aXeXTDr.exe
  2⤵
  PID:4588
- C:\Windows\System\yREDyAh.exe
  C:\Windows\System\yREDyAh.exe
  2⤵
  PID:4604
- C:\Windows\System\yrHLTSb.exe
  C:\Windows\System\yrHLTSb.exe
  2⤵
  PID:4628
- C:\Windows\System\wHDuhot.exe
  C:\Windows\System\wHDuhot.exe
  2⤵
  PID:4648
- C:\Windows\System\XNwaBzU.exe
  C:\Windows\System\XNwaBzU.exe
  2⤵
  PID:4668
- C:\Windows\System\DbERjBP.exe
  C:\Windows\System\DbERjBP.exe
  2⤵
  PID:4684
- C:\Windows\System\DClyJdf.exe
  C:\Windows\System\DClyJdf.exe
  2⤵
  PID:4708
- C:\Windows\System\wgBrSrT.exe
  C:\Windows\System\wgBrSrT.exe
  2⤵
  PID:4724
- C:\Windows\System\YjYubuM.exe
  C:\Windows\System\YjYubuM.exe
  2⤵
  PID:4748
- C:\Windows\System\PzToAKa.exe
  C:\Windows\System\PzToAKa.exe
  2⤵
  PID:4768
- C:\Windows\System\tltcuTI.exe
  C:\Windows\System\tltcuTI.exe
  2⤵
  PID:4788
- C:\Windows\System\scsqOPu.exe
  C:\Windows\System\scsqOPu.exe
  2⤵
  PID:4808
- C:\Windows\System\wzWRpJJ.exe
  C:\Windows\System\wzWRpJJ.exe
  2⤵
  PID:4828
- C:\Windows\System\LyuJIEX.exe
  C:\Windows\System\LyuJIEX.exe
  2⤵
  PID:4848
- C:\Windows\System\vzqrvBL.exe
  C:\Windows\System\vzqrvBL.exe
  2⤵
  PID:4864
- C:\Windows\System\PJFDldY.exe
  C:\Windows\System\PJFDldY.exe
  2⤵
  PID:4888
- C:\Windows\System\PhBvCVV.exe
  C:\Windows\System\PhBvCVV.exe
  2⤵
  PID:4908
- C:\Windows\System\RTnFMpi.exe
  C:\Windows\System\RTnFMpi.exe
  2⤵
  PID:4928
- C:\Windows\System\vsKOBJR.exe
  C:\Windows\System\vsKOBJR.exe
  2⤵
  PID:4948
- C:\Windows\System\sKumfwR.exe
  C:\Windows\System\sKumfwR.exe
  2⤵
  PID:4968
- C:\Windows\System\DwDDphL.exe
  C:\Windows\System\DwDDphL.exe
  2⤵
  PID:4984
- C:\Windows\System\eELQWHK.exe
  C:\Windows\System\eELQWHK.exe
  2⤵
  PID:5008
- C:\Windows\System\xrLEEPr.exe
  C:\Windows\System\xrLEEPr.exe
  2⤵
  PID:5028
- C:\Windows\System\Qnvbnax.exe
  C:\Windows\System\Qnvbnax.exe
  2⤵
  PID:5044
- C:\Windows\System\beOQZVE.exe
  C:\Windows\System\beOQZVE.exe
  2⤵
  PID:5068
- C:\Windows\System\EvHfnDp.exe
  C:\Windows\System\EvHfnDp.exe
  2⤵
  PID:5088
- C:\Windows\System\MxHNdrj.exe
  C:\Windows\System\MxHNdrj.exe
  2⤵
  PID:5108
- C:\Windows\System\VBdngST.exe
  C:\Windows\System\VBdngST.exe
  2⤵
  PID:3104
- C:\Windows\System\ggtOEeY.exe
  C:\Windows\System\ggtOEeY.exe
  2⤵
  PID:3400
- C:\Windows\System\uRwTALy.exe
  C:\Windows\System\uRwTALy.exe
  2⤵
  PID:3508
- C:\Windows\System\CSTFJhY.exe
  C:\Windows\System\CSTFJhY.exe
  2⤵
  PID:3544
- C:\Windows\System\zptpFrH.exe
  C:\Windows\System\zptpFrH.exe
  2⤵
  PID:2960
- C:\Windows\System\SmQlYIb.exe
  C:\Windows\System\SmQlYIb.exe
  2⤵
  PID:3900
- C:\Windows\System\GufDHUr.exe
  C:\Windows\System\GufDHUr.exe
  2⤵
  PID:2588
- C:\Windows\System\mEzCGpD.exe
  C:\Windows\System\mEzCGpD.exe
  2⤵
  PID:1836
- C:\Windows\System\QSPJCGx.exe
  C:\Windows\System\QSPJCGx.exe
  2⤵
  PID:4112
- C:\Windows\System\uPuwcku.exe
  C:\Windows\System\uPuwcku.exe
  2⤵
  PID:4116
- C:\Windows\System\wvpuEgX.exe
  C:\Windows\System\wvpuEgX.exe
  2⤵
  PID:4176
- C:\Windows\System\xwWINNR.exe
  C:\Windows\System\xwWINNR.exe
  2⤵
  PID:4200
- C:\Windows\System\vlFJWnW.exe
  C:\Windows\System\vlFJWnW.exe
  2⤵
  PID:4232
- C:\Windows\System\SJndzWI.exe
  C:\Windows\System\SJndzWI.exe
  2⤵
  PID:4288
- C:\Windows\System\NJpWUfJ.exe
  C:\Windows\System\NJpWUfJ.exe
  2⤵
  PID:4312
- C:\Windows\System\mlLrJhe.exe
  C:\Windows\System\mlLrJhe.exe
  2⤵
  PID:4376
- C:\Windows\System\YGIwQDC.exe
  C:\Windows\System\YGIwQDC.exe
  2⤵
  PID:4408
- C:\Windows\System\mXMZYWc.exe
  C:\Windows\System\mXMZYWc.exe
  2⤵
  PID:3948
- C:\Windows\System\fjstOAw.exe
  C:\Windows\System\fjstOAw.exe
  2⤵
  PID:4452
- C:\Windows\System\Duwdcsc.exe
  C:\Windows\System\Duwdcsc.exe
  2⤵
  PID:4468
- C:\Windows\System\djpLXwV.exe
  C:\Windows\System\djpLXwV.exe
  2⤵
  PID:4532
- C:\Windows\System\ILFYRyV.exe
  C:\Windows\System\ILFYRyV.exe
  2⤵
  PID:4548
- C:\Windows\System\EGEeCIN.exe
  C:\Windows\System\EGEeCIN.exe
  2⤵
  PID:4560
- C:\Windows\System\WdEJMVL.exe
  C:\Windows\System\WdEJMVL.exe
  2⤵
  PID:4596
- C:\Windows\System\VLDtKXG.exe
  C:\Windows\System\VLDtKXG.exe
  2⤵
  PID:4664
- C:\Windows\System\vhVuTNg.exe
  C:\Windows\System\vhVuTNg.exe
  2⤵
  PID:4676
- C:\Windows\System\RJFRhTj.exe
  C:\Windows\System\RJFRhTj.exe
  2⤵
  PID:4696
- C:\Windows\System\FWUYcoV.exe
  C:\Windows\System\FWUYcoV.exe
  2⤵
  PID:4720
- C:\Windows\System\TjqSElJ.exe
  C:\Windows\System\TjqSElJ.exe
  2⤵
  PID:4764
- C:\Windows\System\sutKaEX.exe
  C:\Windows\System\sutKaEX.exe
  2⤵
  PID:4824
- C:\Windows\System\SanPYJM.exe
  C:\Windows\System\SanPYJM.exe
  2⤵
  PID:4844
- C:\Windows\System\YgxuhtM.exe
  C:\Windows\System\YgxuhtM.exe
  2⤵
  PID:4872
- C:\Windows\System\FKhHcyj.exe
  C:\Windows\System\FKhHcyj.exe
  2⤵
  PID:4904
- C:\Windows\System\ILmfKrC.exe
  C:\Windows\System\ILmfKrC.exe
  2⤵
  PID:4920
- C:\Windows\System\ibGceZu.exe
  C:\Windows\System\ibGceZu.exe
  2⤵
  PID:4964
- C:\Windows\System\eCEihSH.exe
  C:\Windows\System\eCEihSH.exe
  2⤵
  PID:5000
- C:\Windows\System\qaFeXBH.exe
  C:\Windows\System\qaFeXBH.exe
  2⤵
  PID:5020
- C:\Windows\System\wblslMP.exe
  C:\Windows\System\wblslMP.exe
  2⤵
  PID:5060
- C:\Windows\System\aXfQrnk.exe
  C:\Windows\System\aXfQrnk.exe
  2⤵
  PID:5100
- C:\Windows\System\tehWWjg.exe
  C:\Windows\System\tehWWjg.exe
  2⤵
  PID:3140
- C:\Windows\System\VLEDOyR.exe
  C:\Windows\System\VLEDOyR.exe
  2⤵
  PID:3604
- C:\Windows\System\gFXqYVt.exe
  C:\Windows\System\gFXqYVt.exe
  2⤵
  PID:3664
- C:\Windows\System\dJhkmSN.exe
  C:\Windows\System\dJhkmSN.exe
  2⤵
  PID:3848
- C:\Windows\System\FJwPNlH.exe
  C:\Windows\System\FJwPNlH.exe
  2⤵
  PID:4064
- C:\Windows\System\SDpPwtv.exe
  C:\Windows\System\SDpPwtv.exe
  2⤵
  PID:4136
- C:\Windows\System\JDvsoPU.exe
  C:\Windows\System\JDvsoPU.exe
  2⤵
  PID:4148
- C:\Windows\System\EtcpkCC.exe
  C:\Windows\System\EtcpkCC.exe
  2⤵
  PID:4252
- C:\Windows\System\bQhISru.exe
  C:\Windows\System\bQhISru.exe
  2⤵
  PID:4300
- C:\Windows\System\HkYtNtJ.exe
  C:\Windows\System\HkYtNtJ.exe
  2⤵
  PID:4392
- C:\Windows\System\qNkvQmE.exe
  C:\Windows\System\qNkvQmE.exe
  2⤵
  PID:4416
- C:\Windows\System\kffweIs.exe
  C:\Windows\System\kffweIs.exe
  2⤵
  PID:4480
- C:\Windows\System\YdYXPIS.exe
  C:\Windows\System\YdYXPIS.exe
  2⤵
  PID:4508
- C:\Windows\System\tOkgDID.exe
  C:\Windows\System\tOkgDID.exe
  2⤵
  PID:4620
- C:\Windows\System\iSSMTXN.exe
  C:\Windows\System\iSSMTXN.exe
  2⤵
  PID:4692
- C:\Windows\System\lfTYwLV.exe
  C:\Windows\System\lfTYwLV.exe
  2⤵
  PID:4732
- C:\Windows\System\pmTzOec.exe
  C:\Windows\System\pmTzOec.exe
  2⤵
  PID:4740
- C:\Windows\System\BuPfOew.exe
  C:\Windows\System\BuPfOew.exe
  2⤵
  PID:4796
- C:\Windows\System\lMIOlgE.exe
  C:\Windows\System\lMIOlgE.exe
  2⤵
  PID:4804
- C:\Windows\System\FmUOQgb.exe
  C:\Windows\System\FmUOQgb.exe
  2⤵
  PID:4916
- C:\Windows\System\diEJqQh.exe
  C:\Windows\System\diEJqQh.exe
  2⤵
  PID:4940
- C:\Windows\System\huyHtke.exe
  C:\Windows\System\huyHtke.exe
  2⤵
  PID:5016
- C:\Windows\System\IqmZZWn.exe
  C:\Windows\System\IqmZZWn.exe
  2⤵
  PID:4996
- C:\Windows\System\uhVriTl.exe
  C:\Windows\System\uhVriTl.exe
  2⤵
  PID:3200
- C:\Windows\System\CcEwYks.exe
  C:\Windows\System\CcEwYks.exe
  2⤵
  PID:3724
- C:\Windows\System\qYgVgML.exe
  C:\Windows\System\qYgVgML.exe
  2⤵
  PID:336
- C:\Windows\System\rkvZOuO.exe
  C:\Windows\System\rkvZOuO.exe
  2⤵
  PID:4172
- C:\Windows\System\UXqPasD.exe
  C:\Windows\System\UXqPasD.exe
  2⤵
  PID:4276
- C:\Windows\System\XNRxIqx.exe
  C:\Windows\System\XNRxIqx.exe
  2⤵
  PID:4228
- C:\Windows\System\ipqFAGm.exe
  C:\Windows\System\ipqFAGm.exe
  2⤵
  PID:4372
- C:\Windows\System\oCUYuKt.exe
  C:\Windows\System\oCUYuKt.exe
  2⤵
  PID:4496
- C:\Windows\System\VSKWBvE.exe
  C:\Windows\System\VSKWBvE.exe
  2⤵
  PID:4552
- C:\Windows\System\xjpzqbq.exe
  C:\Windows\System\xjpzqbq.exe
  2⤵
  PID:4736
- C:\Windows\System\rsSuFno.exe
  C:\Windows\System\rsSuFno.exe
  2⤵
  PID:4700
- C:\Windows\System\kAjEmEm.exe
  C:\Windows\System\kAjEmEm.exe
  2⤵
  PID:4836
- C:\Windows\System\NzFhSrN.exe
  C:\Windows\System\NzFhSrN.exe
  2⤵
  PID:1988
- C:\Windows\System\rpECaEy.exe
  C:\Windows\System\rpECaEy.exe
  2⤵
  PID:5004
- C:\Windows\System\RyUiMYK.exe
  C:\Windows\System\RyUiMYK.exe
  2⤵
  PID:5084
- C:\Windows\System\dnNvISM.exe
  C:\Windows\System\dnNvISM.exe
  2⤵
  PID:5132
- C:\Windows\System\rgnfiUv.exe
  C:\Windows\System\rgnfiUv.exe
  2⤵
  PID:5152
- C:\Windows\System\btfDoAM.exe
  C:\Windows\System\btfDoAM.exe
  2⤵
  PID:5168
- C:\Windows\System\uewRQmq.exe
  C:\Windows\System\uewRQmq.exe
  2⤵
  PID:5192
- C:\Windows\System\Mzdfriv.exe
  C:\Windows\System\Mzdfriv.exe
  2⤵
  PID:5212
- C:\Windows\System\QoSjdkf.exe
  C:\Windows\System\QoSjdkf.exe
  2⤵
  PID:5232
- C:\Windows\System\xBnoDJl.exe
  C:\Windows\System\xBnoDJl.exe
  2⤵
  PID:5248
- C:\Windows\System\ARCfwhu.exe
  C:\Windows\System\ARCfwhu.exe
  2⤵
  PID:5276
- C:\Windows\System\rISTrRf.exe
  C:\Windows\System\rISTrRf.exe
  2⤵
  PID:5292
- C:\Windows\System\oFDyeiA.exe
  C:\Windows\System\oFDyeiA.exe
  2⤵
  PID:5312
- C:\Windows\System\HDSYauv.exe
  C:\Windows\System\HDSYauv.exe
  2⤵
  PID:5332
- C:\Windows\System\UBqiMYU.exe
  C:\Windows\System\UBqiMYU.exe
  2⤵
  PID:5356
- C:\Windows\System\uxjkhtM.exe
  C:\Windows\System\uxjkhtM.exe
  2⤵
  PID:5376
- C:\Windows\System\yxRLavD.exe
  C:\Windows\System\yxRLavD.exe
  2⤵
  PID:5396
- C:\Windows\System\xoFmehT.exe
  C:\Windows\System\xoFmehT.exe
  2⤵
  PID:5416
- C:\Windows\System\zVUKDrr.exe
  C:\Windows\System\zVUKDrr.exe
  2⤵
  PID:5432
- C:\Windows\System\PYnjxoV.exe
  C:\Windows\System\PYnjxoV.exe
  2⤵
  PID:5456
- C:\Windows\System\CxzDdHD.exe
  C:\Windows\System\CxzDdHD.exe
  2⤵
  PID:5472
- C:\Windows\System\hEgNDRs.exe
  C:\Windows\System\hEgNDRs.exe
  2⤵
  PID:5492
- C:\Windows\System\yZpPhYE.exe
  C:\Windows\System\yZpPhYE.exe
  2⤵
  PID:5516
- C:\Windows\System\GGDQIyk.exe
  C:\Windows\System\GGDQIyk.exe
  2⤵
  PID:5536
- C:\Windows\System\YZRSVqN.exe
  C:\Windows\System\YZRSVqN.exe
  2⤵
  PID:5552
- C:\Windows\System\oCPSuhC.exe
  C:\Windows\System\oCPSuhC.exe
  2⤵
  PID:5576
- C:\Windows\System\biHNbmA.exe
  C:\Windows\System\biHNbmA.exe
  2⤵
  PID:5596
- C:\Windows\System\ODJhUfn.exe
  C:\Windows\System\ODJhUfn.exe
  2⤵
  PID:5616
- C:\Windows\System\QbpIwBx.exe
  C:\Windows\System\QbpIwBx.exe
  2⤵
  PID:5632
- C:\Windows\System\DRsWThI.exe
  C:\Windows\System\DRsWThI.exe
  2⤵
  PID:5656
- C:\Windows\System\yPtdklU.exe
  C:\Windows\System\yPtdklU.exe
  2⤵
  PID:5672
- C:\Windows\System\WXapsLj.exe
  C:\Windows\System\WXapsLj.exe
  2⤵
  PID:5692
- C:\Windows\System\ErgQXsr.exe
  C:\Windows\System\ErgQXsr.exe
  2⤵
  PID:5716
- C:\Windows\System\mJerykI.exe
  C:\Windows\System\mJerykI.exe
  2⤵
  PID:5732
- C:\Windows\System\TDXlSOA.exe
  C:\Windows\System\TDXlSOA.exe
  2⤵
  PID:5756
- C:\Windows\System\lHUPcSL.exe
  C:\Windows\System\lHUPcSL.exe
  2⤵
  PID:5776
- C:\Windows\System\XmnCLej.exe
  C:\Windows\System\XmnCLej.exe
  2⤵
  PID:5796
- C:\Windows\System\CtLIhpM.exe
  C:\Windows\System\CtLIhpM.exe
  2⤵
  PID:5812
- C:\Windows\System\xssRWUX.exe
  C:\Windows\System\xssRWUX.exe
  2⤵
  PID:5836
- C:\Windows\System\HlAHbWL.exe
  C:\Windows\System\HlAHbWL.exe
  2⤵
  PID:5856
- C:\Windows\System\AcdMDpx.exe
  C:\Windows\System\AcdMDpx.exe
  2⤵
  PID:5876
- C:\Windows\System\MtpBoqZ.exe
  C:\Windows\System\MtpBoqZ.exe
  2⤵
  PID:5892
- C:\Windows\System\uUGbqbj.exe
  C:\Windows\System\uUGbqbj.exe
  2⤵
  PID:5912
- C:\Windows\System\QjPpykU.exe
  C:\Windows\System\QjPpykU.exe
  2⤵
  PID:5936
- C:\Windows\System\cROGJFp.exe
  C:\Windows\System\cROGJFp.exe
  2⤵
  PID:5956
- C:\Windows\System\igylUsm.exe
  C:\Windows\System\igylUsm.exe
  2⤵
  PID:5972
- C:\Windows\System\uexQvZm.exe
  C:\Windows\System\uexQvZm.exe
  2⤵
  PID:6000
- C:\Windows\System\hlQbttD.exe
  C:\Windows\System\hlQbttD.exe
  2⤵
  PID:6016
- C:\Windows\System\UATdPvD.exe
  C:\Windows\System\UATdPvD.exe
  2⤵
  PID:6040
- C:\Windows\System\MTRsIkj.exe
  C:\Windows\System\MTRsIkj.exe
  2⤵
  PID:6056
- C:\Windows\System\gjrMseI.exe
  C:\Windows\System\gjrMseI.exe
  2⤵
  PID:6076
- C:\Windows\System\pJAnvZF.exe
  C:\Windows\System\pJAnvZF.exe
  2⤵
  PID:6100
- C:\Windows\System\DFTaaDC.exe
  C:\Windows\System\DFTaaDC.exe
  2⤵
  PID:6116
- C:\Windows\System\IOurlTR.exe
  C:\Windows\System\IOurlTR.exe
  2⤵
  PID:6136
- C:\Windows\System\ojELzLH.exe
  C:\Windows\System\ojELzLH.exe
  2⤵
  PID:4336
- C:\Windows\System\MOczMBZ.exe
  C:\Windows\System\MOczMBZ.exe
  2⤵
  PID:4256
- C:\Windows\System\eNOvNTQ.exe
  C:\Windows\System\eNOvNTQ.exe
  2⤵
  PID:4296
- C:\Windows\System\RimcfbP.exe
  C:\Windows\System\RimcfbP.exe
  2⤵
  PID:4492
- C:\Windows\System\YaqDaBS.exe
  C:\Windows\System\YaqDaBS.exe
  2⤵
  PID:4636
- C:\Windows\System\WyEMTKZ.exe
  C:\Windows\System\WyEMTKZ.exe
  2⤵
  PID:4616
- C:\Windows\System\fYIbeVJ.exe
  C:\Windows\System\fYIbeVJ.exe
  2⤵
  PID:5056
- C:\Windows\System\HFBlQeT.exe
  C:\Windows\System\HFBlQeT.exe
  2⤵
  PID:5064
- C:\Windows\System\SCCRfBL.exe
  C:\Windows\System\SCCRfBL.exe
  2⤵
  PID:3324
- C:\Windows\System\LOHWAbS.exe
  C:\Windows\System\LOHWAbS.exe
  2⤵
  PID:5176
- C:\Windows\System\OLqFKtu.exe
  C:\Windows\System\OLqFKtu.exe
  2⤵
  PID:5208
- C:\Windows\System\elavXAX.exe
  C:\Windows\System\elavXAX.exe
  2⤵
  PID:5228
- C:\Windows\System\leuFyNr.exe
  C:\Windows\System\leuFyNr.exe
  2⤵
  PID:5264
- C:\Windows\System\PEViHXD.exe
  C:\Windows\System\PEViHXD.exe
  2⤵
  PID:5324
- C:\Windows\System\kaEWQuf.exe
  C:\Windows\System\kaEWQuf.exe
  2⤵
  PID:5344
- C:\Windows\System\oVXLCVp.exe
  C:\Windows\System\oVXLCVp.exe
  2⤵
  PID:5404
- C:\Windows\System\cuRImnS.exe
  C:\Windows\System\cuRImnS.exe
  2⤵
  PID:5392
- C:\Windows\System\HSRRCqP.exe
  C:\Windows\System\HSRRCqP.exe
  2⤵
  PID:5428
- C:\Windows\System\gRUtfPp.exe
  C:\Windows\System\gRUtfPp.exe
  2⤵
  PID:5464
- C:\Windows\System\NhKGCNn.exe
  C:\Windows\System\NhKGCNn.exe
  2⤵
  PID:5524
- C:\Windows\System\RweuBKd.exe
  C:\Windows\System\RweuBKd.exe
  2⤵
  PID:5544
- C:\Windows\System\yRQjfqL.exe
  C:\Windows\System\yRQjfqL.exe
  2⤵
  PID:5604
- C:\Windows\System\uBeIfbl.exe
  C:\Windows\System\uBeIfbl.exe
  2⤵
  PID:5608
- C:\Windows\System\FFZQpdP.exe
  C:\Windows\System\FFZQpdP.exe
  2⤵
  PID:5628
- C:\Windows\System\zWmgcip.exe
  C:\Windows\System\zWmgcip.exe
  2⤵
  PID:5668
- C:\Windows\System\InBUvQd.exe
  C:\Windows\System\InBUvQd.exe
  2⤵
  PID:5724
- C:\Windows\System\LRezJMX.exe
  C:\Windows\System\LRezJMX.exe
  2⤵
  PID:5744
- C:\Windows\System\HApqHty.exe
  C:\Windows\System\HApqHty.exe
  2⤵
  PID:5752
- C:\Windows\System\eZhNmty.exe
  C:\Windows\System\eZhNmty.exe
  2⤵
  PID:5788
- C:\Windows\System\ZRLBGiL.exe
  C:\Windows\System\ZRLBGiL.exe
  2⤵
  PID:5824
- C:\Windows\System\TJhZbgD.exe
  C:\Windows\System\TJhZbgD.exe
  2⤵
  PID:5872
- C:\Windows\System\RoBVzug.exe
  C:\Windows\System\RoBVzug.exe
  2⤵
  PID:5904
- C:\Windows\System\brmDZkC.exe
  C:\Windows\System\brmDZkC.exe
  2⤵
  PID:5924
- C:\Windows\System\SjsLPFo.exe
  C:\Windows\System\SjsLPFo.exe
  2⤵
  PID:5968
- C:\Windows\System\hqVRueD.exe
  C:\Windows\System\hqVRueD.exe
  2⤵
  PID:5992
- C:\Windows\System\EQmsnHv.exe
  C:\Windows\System\EQmsnHv.exe
  2⤵
  PID:6024
- C:\Windows\System\qFByATn.exe
  C:\Windows\System\qFByATn.exe
  2⤵
  PID:6072
- C:\Windows\System\ImOnKXB.exe
  C:\Windows\System\ImOnKXB.exe
  2⤵
  PID:6108
- C:\Windows\System\NIbuaDL.exe
  C:\Windows\System\NIbuaDL.exe
  2⤵
  PID:6132
- C:\Windows\System\RXZCqJP.exe
  C:\Windows\System\RXZCqJP.exe
  2⤵
  PID:4188
- C:\Windows\System\bOsUhyO.exe
  C:\Windows\System\bOsUhyO.exe
  2⤵
  PID:1628
- C:\Windows\System\HqvykQz.exe
  C:\Windows\System\HqvykQz.exe
  2⤵
  PID:4584
- C:\Windows\System\LtbEvMj.exe
  C:\Windows\System\LtbEvMj.exe
  2⤵
  PID:4704
- C:\Windows\System\sjbxnrn.exe
  C:\Windows\System\sjbxnrn.exe
  2⤵
  PID:5040
- C:\Windows\System\GWFKAny.exe
  C:\Windows\System\GWFKAny.exe
  2⤵
  PID:5148
- C:\Windows\System\eSvatyC.exe
  C:\Windows\System\eSvatyC.exe
  2⤵
  PID:5200
- C:\Windows\System\FohRjZi.exe
  C:\Windows\System\FohRjZi.exe
  2⤵
  PID:5272
- C:\Windows\System\YTepZBx.exe
  C:\Windows\System\YTepZBx.exe
  2⤵
  PID:5364
- C:\Windows\System\rfihpNA.exe
  C:\Windows\System\rfihpNA.exe
  2⤵
  PID:5372
- C:\Windows\System\KeApyRk.exe
  C:\Windows\System\KeApyRk.exe
  2⤵
  PID:5452
- C:\Windows\System\FVQtdot.exe
  C:\Windows\System\FVQtdot.exe
  2⤵
  PID:5504
- C:\Windows\System\JmaCdZe.exe
  C:\Windows\System\JmaCdZe.exe
  2⤵
  PID:5560
- C:\Windows\System\gIAFIxI.exe
  C:\Windows\System\gIAFIxI.exe
  2⤵
  PID:5588
- C:\Windows\System\kHZHnhW.exe
  C:\Windows\System\kHZHnhW.exe
  2⤵
  PID:5260
- C:\Windows\System\ppYutqS.exe
  C:\Windows\System\ppYutqS.exe
  2⤵
  PID:2708
- C:\Windows\System\XZxPdLv.exe
  C:\Windows\System\XZxPdLv.exe
  2⤵
  PID:5740
- C:\Windows\System\HNPaCaX.exe
  C:\Windows\System\HNPaCaX.exe
  2⤵
  PID:5808
- C:\Windows\System\fvbXhbK.exe
  C:\Windows\System\fvbXhbK.exe
  2⤵
  PID:5852
- C:\Windows\System\nmuAqDb.exe
  C:\Windows\System\nmuAqDb.exe
  2⤵
  PID:5888
- C:\Windows\System\FiRaJwX.exe
  C:\Windows\System\FiRaJwX.exe
  2⤵
  PID:5964
- C:\Windows\System\hqYNjQT.exe
  C:\Windows\System\hqYNjQT.exe
  2⤵
  PID:6028
- C:\Windows\System\hoqKfSb.exe
  C:\Windows\System\hoqKfSb.exe
  2⤵
  PID:6092
- C:\Windows\System\WifcBax.exe
  C:\Windows\System\WifcBax.exe
  2⤵
  PID:3424
- C:\Windows\System\HzpHEbQ.exe
  C:\Windows\System\HzpHEbQ.exe
  2⤵
  PID:4436
- C:\Windows\System\hWJpLLd.exe
  C:\Windows\System\hWJpLLd.exe
  2⤵
  PID:4800
- C:\Windows\System\XKMojvd.exe
  C:\Windows\System\XKMojvd.exe
  2⤵
  PID:4896
- C:\Windows\System\HqWgQnj.exe
  C:\Windows\System\HqWgQnj.exe
  2⤵
  PID:5204
- C:\Windows\System\OpuOqjO.exe
  C:\Windows\System\OpuOqjO.exe
  2⤵
  PID:5328
- C:\Windows\System\QtBHdDP.exe
  C:\Windows\System\QtBHdDP.exe
  2⤵
  PID:5388
- C:\Windows\System\EFeEdHZ.exe
  C:\Windows\System\EFeEdHZ.exe
  2⤵
  PID:5480
- C:\Windows\System\CAlbcLX.exe
  C:\Windows\System\CAlbcLX.exe
  2⤵
  PID:5572
- C:\Windows\System\tfiYNPA.exe
  C:\Windows\System\tfiYNPA.exe
  2⤵
  PID:5652
- C:\Windows\System\pnrMych.exe
  C:\Windows\System\pnrMych.exe
  2⤵
  PID:5768
- C:\Windows\System\BWKWKvo.exe
  C:\Windows\System\BWKWKvo.exe
  2⤵
  PID:6160
- C:\Windows\System\rycmtzu.exe
  C:\Windows\System\rycmtzu.exe
  2⤵
  PID:6180
- C:\Windows\System\Tuyqzyy.exe
  C:\Windows\System\Tuyqzyy.exe
  2⤵
  PID:6200
- C:\Windows\System\PnQXICK.exe
  C:\Windows\System\PnQXICK.exe
  2⤵
  PID:6220
- C:\Windows\System\mxVKPvV.exe
  C:\Windows\System\mxVKPvV.exe
  2⤵
  PID:6240
- C:\Windows\System\Ogkclfc.exe
  C:\Windows\System\Ogkclfc.exe
  2⤵
  PID:6260
- C:\Windows\System\MkIRagS.exe
  C:\Windows\System\MkIRagS.exe
  2⤵
  PID:6280
- C:\Windows\System\uZICOlI.exe
  C:\Windows\System\uZICOlI.exe
  2⤵
  PID:6300
- C:\Windows\System\xmcFeBk.exe
  C:\Windows\System\xmcFeBk.exe
  2⤵
  PID:6320
- C:\Windows\System\FtkUeKf.exe
  C:\Windows\System\FtkUeKf.exe
  2⤵
  PID:6340
- C:\Windows\System\grwaydL.exe
  C:\Windows\System\grwaydL.exe
  2⤵
  PID:6360
- C:\Windows\System\ZQdnZCk.exe
  C:\Windows\System\ZQdnZCk.exe
  2⤵
  PID:6380
- C:\Windows\System\VJPbxxL.exe
  C:\Windows\System\VJPbxxL.exe
  2⤵
  PID:6400
- C:\Windows\System\mfAWXcv.exe
  C:\Windows\System\mfAWXcv.exe
  2⤵
  PID:6420
- C:\Windows\System\qSaNzel.exe
  C:\Windows\System\qSaNzel.exe
  2⤵
  PID:6440
- C:\Windows\System\OTMqGWK.exe
  C:\Windows\System\OTMqGWK.exe
  2⤵
  PID:6460
- C:\Windows\System\jyWXFkT.exe
  C:\Windows\System\jyWXFkT.exe
  2⤵
  PID:6480
- C:\Windows\System\YsMGaTi.exe
  C:\Windows\System\YsMGaTi.exe
  2⤵
  PID:6500
- C:\Windows\System\DVgOhRu.exe
  C:\Windows\System\DVgOhRu.exe
  2⤵
  PID:6520
- C:\Windows\System\muFvdLp.exe
  C:\Windows\System\muFvdLp.exe
  2⤵
  PID:6540
- C:\Windows\System\kywsKVE.exe
  C:\Windows\System\kywsKVE.exe
  2⤵
  PID:6564
- C:\Windows\System\sLTeNBE.exe
  C:\Windows\System\sLTeNBE.exe
  2⤵
  PID:6584
- C:\Windows\System\qfexFVU.exe
  C:\Windows\System\qfexFVU.exe
  2⤵
  PID:6604
- C:\Windows\System\pazoHxu.exe
  C:\Windows\System\pazoHxu.exe
  2⤵
  PID:6628
- C:\Windows\System\IKMRRTg.exe
  C:\Windows\System\IKMRRTg.exe
  2⤵
  PID:6648
- C:\Windows\System\bLKQFfc.exe
  C:\Windows\System\bLKQFfc.exe
  2⤵
  PID:6668
- C:\Windows\System\KXLJElM.exe
  C:\Windows\System\KXLJElM.exe
  2⤵
  PID:6688
- C:\Windows\System\mxGyJvf.exe
  C:\Windows\System\mxGyJvf.exe
  2⤵
  PID:6708
- C:\Windows\System\yFQCSpe.exe
  C:\Windows\System\yFQCSpe.exe
  2⤵
  PID:6728
- C:\Windows\System\HOjTHly.exe
  C:\Windows\System\HOjTHly.exe
  2⤵
  PID:6748
- C:\Windows\System\ARCnTjp.exe
  C:\Windows\System\ARCnTjp.exe
  2⤵
  PID:6768
- C:\Windows\System\cpknHQb.exe
  C:\Windows\System\cpknHQb.exe
  2⤵
  PID:6788
- C:\Windows\System\SnEWkVj.exe
  C:\Windows\System\SnEWkVj.exe
  2⤵
  PID:6808
- C:\Windows\System\qKwdZOv.exe
  C:\Windows\System\qKwdZOv.exe
  2⤵
  PID:6828
- C:\Windows\System\RLjeUSC.exe
  C:\Windows\System\RLjeUSC.exe
  2⤵
  PID:6848
- C:\Windows\System\bxuSeTR.exe
  C:\Windows\System\bxuSeTR.exe
  2⤵
  PID:6868
- C:\Windows\System\ztGGRgn.exe
  C:\Windows\System\ztGGRgn.exe
  2⤵
  PID:6888
- C:\Windows\System\ULnafgx.exe
  C:\Windows\System\ULnafgx.exe
  2⤵
  PID:6908
- C:\Windows\System\XEKqcmM.exe
  C:\Windows\System\XEKqcmM.exe
  2⤵
  PID:6948
- C:\Windows\System\KPqLCsH.exe
  C:\Windows\System\KPqLCsH.exe
  2⤵
  PID:6972
- C:\Windows\System\yNuvalZ.exe
  C:\Windows\System\yNuvalZ.exe
  2⤵
  PID:6992
- C:\Windows\System\qZkuupf.exe
  C:\Windows\System\qZkuupf.exe
  2⤵
  PID:7016
- C:\Windows\System\hEFZbTo.exe
  C:\Windows\System\hEFZbTo.exe
  2⤵
  PID:7032
- C:\Windows\System\IpQJzTO.exe
  C:\Windows\System\IpQJzTO.exe
  2⤵
  PID:7052
- C:\Windows\System\vzlmGtD.exe
  C:\Windows\System\vzlmGtD.exe
  2⤵
  PID:7076
- C:\Windows\System\wqBcibU.exe
  C:\Windows\System\wqBcibU.exe
  2⤵
  PID:7096
- C:\Windows\System\BuaiYgr.exe
  C:\Windows\System\BuaiYgr.exe
  2⤵
  PID:7116
- C:\Windows\System\UYsAgdT.exe
  C:\Windows\System\UYsAgdT.exe
  2⤵
  PID:7136
- C:\Windows\System\TcVNhor.exe
  C:\Windows\System\TcVNhor.exe
  2⤵
  PID:7156
- C:\Windows\System\qzXUWJl.exe
  C:\Windows\System\qzXUWJl.exe
  2⤵
  PID:5820
- C:\Windows\System\gaAyHkQ.exe
  C:\Windows\System\gaAyHkQ.exe
  2⤵
  PID:5932
- C:\Windows\System\cmIcqhQ.exe
  C:\Windows\System\cmIcqhQ.exe
  2⤵
  PID:5988
- C:\Windows\System\iDGxCgn.exe
  C:\Windows\System\iDGxCgn.exe
  2⤵
  PID:6096
- C:\Windows\System\LtCcJFx.exe
  C:\Windows\System\LtCcJFx.exe
  2⤵
  PID:4108
- C:\Windows\System\eERMlkT.exe
  C:\Windows\System\eERMlkT.exe
  2⤵
  PID:4860
- C:\Windows\System\ioQBOZH.exe
  C:\Windows\System\ioQBOZH.exe
  2⤵
  PID:5164
- C:\Windows\System\NnkDpFa.exe
  C:\Windows\System\NnkDpFa.exe
  2⤵
  PID:5256
- C:\Windows\System\trgxcNa.exe
  C:\Windows\System\trgxcNa.exe
  2⤵
  PID:5444
- C:\Windows\System\GhhCNPC.exe
  C:\Windows\System\GhhCNPC.exe
  2⤵
  PID:5584
- C:\Windows\System\eWkLQJd.exe
  C:\Windows\System\eWkLQJd.exe
  2⤵
  PID:2908
- C:\Windows\System\CYtteCw.exe
  C:\Windows\System\CYtteCw.exe
  2⤵
  PID:6152
- C:\Windows\System\oSBpldr.exe
  C:\Windows\System\oSBpldr.exe
  2⤵
  PID:6208
- C:\Windows\System\EVMTXas.exe
  C:\Windows\System\EVMTXas.exe
  2⤵
  PID:6232
- C:\Windows\System\IcpjwNu.exe
  C:\Windows\System\IcpjwNu.exe
  2⤵
  PID:6276
- C:\Windows\System\FUEZUtz.exe
  C:\Windows\System\FUEZUtz.exe
  2⤵
  PID:6308
- C:\Windows\System\QdnHSoZ.exe
  C:\Windows\System\QdnHSoZ.exe
  2⤵
  PID:6348
- C:\Windows\System\zQCkwZa.exe
  C:\Windows\System\zQCkwZa.exe
  2⤵
  PID:6372
- C:\Windows\System\TFsQqWi.exe
  C:\Windows\System\TFsQqWi.exe
  2⤵
  PID:6416
- C:\Windows\System\ZufaGnm.exe
  C:\Windows\System\ZufaGnm.exe
  2⤵
  PID:6456
- C:\Windows\System\DFfNHkW.exe
  C:\Windows\System\DFfNHkW.exe
  2⤵
  PID:6496
- C:\Windows\System\NPPWEcx.exe
  C:\Windows\System\NPPWEcx.exe
  2⤵
  PID:6528
- C:\Windows\System\pcIOIQi.exe
  C:\Windows\System\pcIOIQi.exe
  2⤵
  PID:6552
- C:\Windows\System\hAqnJwz.exe
  C:\Windows\System\hAqnJwz.exe
  2⤵
  PID:6592
- C:\Windows\System\CJpgkAL.exe
  C:\Windows\System\CJpgkAL.exe
  2⤵
  PID:6620
- C:\Windows\System\QClJdNr.exe
  C:\Windows\System\QClJdNr.exe
  2⤵
  PID:6644
- C:\Windows\System\aejzymR.exe
  C:\Windows\System\aejzymR.exe
  2⤵
  PID:6664
- C:\Windows\System\oVDEqhy.exe
  C:\Windows\System\oVDEqhy.exe
  2⤵
  PID:6716
- C:\Windows\System\QjxiIhi.exe
  C:\Windows\System\QjxiIhi.exe
  2⤵
  PID:6764
- C:\Windows\System\wiPOXET.exe
  C:\Windows\System\wiPOXET.exe
  2⤵
  PID:6796
- C:\Windows\System\lYWcbsu.exe
  C:\Windows\System\lYWcbsu.exe
  2⤵
  PID:6776
- C:\Windows\System\AMWpraK.exe
  C:\Windows\System\AMWpraK.exe
  2⤵
  PID:6876
- C:\Windows\System\BPrTdkc.exe
  C:\Windows\System\BPrTdkc.exe
  2⤵
  PID:6816
- C:\Windows\System\NgzfXMb.exe
  C:\Windows\System\NgzfXMb.exe
  2⤵
  PID:6980
- C:\Windows\System\ktcMkYP.exe
  C:\Windows\System\ktcMkYP.exe
  2⤵
  PID:6988
- C:\Windows\System\fzeLDHo.exe
  C:\Windows\System\fzeLDHo.exe
  2⤵
  PID:6956
- C:\Windows\System\ePAOTKu.exe
  C:\Windows\System\ePAOTKu.exe
  2⤵
  PID:6960
- C:\Windows\System\jexvBxi.exe
  C:\Windows\System\jexvBxi.exe
  2⤵
  PID:7112
- C:\Windows\System\uvGSSUZ.exe
  C:\Windows\System\uvGSSUZ.exe
  2⤵
  PID:7044
- C:\Windows\System\JyzdndO.exe
  C:\Windows\System\JyzdndO.exe
  2⤵
  PID:5884
- C:\Windows\System\JAAAbiY.exe
  C:\Windows\System\JAAAbiY.exe
  2⤵
  PID:7088
- C:\Windows\System\eAYYObr.exe
  C:\Windows\System\eAYYObr.exe
  2⤵
  PID:6052
- C:\Windows\System\BWiZGfI.exe
  C:\Windows\System\BWiZGfI.exe
  2⤵
  PID:5864
- C:\Windows\System\YgIJQBf.exe
  C:\Windows\System\YgIJQBf.exe
  2⤵
  PID:5244
- C:\Windows\System\MXjbZPm.exe
  C:\Windows\System\MXjbZPm.exe
  2⤵
  PID:5532
- C:\Windows\System\eLJEXvn.exe
  C:\Windows\System\eLJEXvn.exe
  2⤵
  PID:2780
- C:\Windows\System\tnMLkkI.exe
  C:\Windows\System\tnMLkkI.exe
  2⤵
  PID:5468
- C:\Windows\System\rWjApyg.exe
  C:\Windows\System\rWjApyg.exe
  2⤵
  PID:6212
- C:\Windows\System\ZrRXwVm.exe
  C:\Windows\System\ZrRXwVm.exe
  2⤵
  PID:2716
- C:\Windows\System\bVTqVcX.exe
  C:\Windows\System\bVTqVcX.exe
  2⤵
  PID:6196
- C:\Windows\System\afqoMbJ.exe
  C:\Windows\System\afqoMbJ.exe
  2⤵
  PID:6352
- C:\Windows\System\ELmSrYc.exe
  C:\Windows\System\ELmSrYc.exe
  2⤵
  PID:6252
- C:\Windows\System\uFUSDfS.exe
  C:\Windows\System\uFUSDfS.exe
  2⤵
  PID:6436
- C:\Windows\System\ahzpJdT.exe
  C:\Windows\System\ahzpJdT.exe
  2⤵
  PID:6472
- C:\Windows\System\oJKgFxr.exe
  C:\Windows\System\oJKgFxr.exe
  2⤵
  PID:6516
- C:\Windows\System\hukHZcc.exe
  C:\Windows\System\hukHZcc.exe
  2⤵
  PID:6580
- C:\Windows\System\LIGkUTR.exe
  C:\Windows\System\LIGkUTR.exe
  2⤵
  PID:2864
- C:\Windows\System\bpLTQgn.exe
  C:\Windows\System\bpLTQgn.exe
  2⤵
  PID:6636
- C:\Windows\System\noQxOhh.exe
  C:\Windows\System\noQxOhh.exe
  2⤵
  PID:6660
- C:\Windows\System\ajWlkqn.exe
  C:\Windows\System\ajWlkqn.exe
  2⤵
  PID:6696
- C:\Windows\System\aEqCOTz.exe
  C:\Windows\System\aEqCOTz.exe
  2⤵
  PID:6840
- C:\Windows\System\vzsZtPu.exe
  C:\Windows\System\vzsZtPu.exe
  2⤵
  PID:6820
- C:\Windows\System\pCxPvCq.exe
  C:\Windows\System\pCxPvCq.exe
  2⤵
  PID:2976
- C:\Windows\System\WejapQs.exe
  C:\Windows\System\WejapQs.exe
  2⤵
  PID:764
- C:\Windows\System\VUJhcFL.exe
  C:\Windows\System\VUJhcFL.exe
  2⤵
  PID:760
- C:\Windows\System\mgiRRPJ.exe
  C:\Windows\System\mgiRRPJ.exe
  2⤵
  PID:2936
- C:\Windows\System\aAXulmV.exe
  C:\Windows\System\aAXulmV.exe
  2⤵
  PID:2932
- C:\Windows\System\DlSsekC.exe
  C:\Windows\System\DlSsekC.exe
  2⤵
  PID:1616
- C:\Windows\System\ruBLlAJ.exe
  C:\Windows\System\ruBLlAJ.exe
  2⤵
  PID:2140
- C:\Windows\System\ppbNRPp.exe
  C:\Windows\System\ppbNRPp.exe
  2⤵
  PID:2300
- C:\Windows\System\IJHIXFg.exe
  C:\Windows\System\IJHIXFg.exe
  2⤵
  PID:2220
- C:\Windows\System\wGCEIPY.exe
  C:\Windows\System\wGCEIPY.exe
  2⤵
  PID:1708
- C:\Windows\System\PjrLqhn.exe
  C:\Windows\System\PjrLqhn.exe
  2⤵
  PID:6896
- C:\Windows\System\POfxJOs.exe
  C:\Windows\System\POfxJOs.exe
  2⤵
  PID:2136
- C:\Windows\System\OYdUnnF.exe
  C:\Windows\System\OYdUnnF.exe
  2⤵
  PID:7148
- C:\Windows\System\FWFepiu.exe
  C:\Windows\System\FWFepiu.exe
  2⤵
  PID:7164
- C:\Windows\System\sJIObiQ.exe
  C:\Windows\System\sJIObiQ.exe
  2⤵
  PID:6064
- C:\Windows\System\DucCXSv.exe
  C:\Windows\System\DucCXSv.exe
  2⤵
  PID:6448
- C:\Windows\System\zUtzkgO.exe
  C:\Windows\System\zUtzkgO.exe
  2⤵
  PID:5792
- C:\Windows\System\jUVbGgT.exe
  C:\Windows\System\jUVbGgT.exe
  2⤵
  PID:5528
- C:\Windows\System\lAvNkWY.exe
  C:\Windows\System\lAvNkWY.exe
  2⤵
  PID:6508
- C:\Windows\System\RwFRyLY.exe
  C:\Windows\System\RwFRyLY.exe
  2⤵
  PID:6408
- C:\Windows\System\xesQUSz.exe
  C:\Windows\System\xesQUSz.exe
  2⤵
  PID:6572
- C:\Windows\System\EGmnbaS.exe
  C:\Windows\System\EGmnbaS.exe
  2⤵
  PID:6556
- C:\Windows\System\KrdFppl.exe
  C:\Windows\System\KrdFppl.exe
  2⤵
  PID:6328
- C:\Windows\System\KWqdUNQ.exe
  C:\Windows\System\KWqdUNQ.exe
  2⤵
  PID:6236
- C:\Windows\System\fbkSRuy.exe
  C:\Windows\System\fbkSRuy.exe
  2⤵
  PID:6720
- C:\Windows\System\DPsdtPi.exe
  C:\Windows\System\DPsdtPi.exe
  2⤵
  PID:6800
- C:\Windows\System\zUDwAnO.exe
  C:\Windows\System\zUDwAnO.exe
  2⤵
  PID:6744
- C:\Windows\System\PcRCwYN.exe
  C:\Windows\System\PcRCwYN.exe
  2⤵
  PID:2496
- C:\Windows\System\iOIarVD.exe
  C:\Windows\System\iOIarVD.exe
  2⤵
  PID:1448
- C:\Windows\System\oMFGITE.exe
  C:\Windows\System\oMFGITE.exe
  2⤵
  PID:2432
- C:\Windows\System\RNZsFZa.exe
  C:\Windows\System\RNZsFZa.exe
  2⤵
  PID:5848
- C:\Windows\System\dvaoxnU.exe
  C:\Windows\System\dvaoxnU.exe
  2⤵
  PID:2480
- C:\Windows\System\BYagpHg.exe
  C:\Windows\System\BYagpHg.exe
  2⤵
  PID:2872
- C:\Windows\System\sCBpKZq.exe
  C:\Windows\System\sCBpKZq.exe
  2⤵
  PID:1936
- C:\Windows\System\OyocmzJ.exe
  C:\Windows\System\OyocmzJ.exe
  2⤵
  PID:7028
- C:\Windows\System\CRxMCHa.exe
  C:\Windows\System\CRxMCHa.exe
  2⤵
  PID:7060
- C:\Windows\System\dOfHTlN.exe
  C:\Windows\System\dOfHTlN.exe
  2⤵
  PID:6188
- C:\Windows\System\GXlLfGT.exe
  C:\Windows\System\GXlLfGT.exe
  2⤵
  PID:7084
- C:\Windows\System\KZkAhGu.exe
  C:\Windows\System\KZkAhGu.exe
  2⤵
  PID:6396
- C:\Windows\System\YIRcMvv.exe
  C:\Windows\System\YIRcMvv.exe
  2⤵
  PID:6296
- C:\Windows\System\gtHwIlz.exe
  C:\Windows\System\gtHwIlz.exe
  2⤵
  PID:6640
- C:\Windows\System\rgxkmfo.exe
  C:\Windows\System\rgxkmfo.exe
  2⤵
  PID:6736
- C:\Windows\System\fRkkSKv.exe
  C:\Windows\System\fRkkSKv.exe
  2⤵
  PID:6916
- C:\Windows\System\Ufoevwr.exe
  C:\Windows\System\Ufoevwr.exe
  2⤵
  PID:796
- C:\Windows\System\zNxGLeO.exe
  C:\Windows\System\zNxGLeO.exe
  2⤵
  PID:2876
- C:\Windows\System\vWoZkue.exe
  C:\Windows\System\vWoZkue.exe
  2⤵
  PID:7012
- C:\Windows\System\DZNxzMr.exe
  C:\Windows\System\DZNxzMr.exe
  2⤵
  PID:6900
- C:\Windows\System\JQBSMwT.exe
  C:\Windows\System\JQBSMwT.exe
  2⤵
  PID:2092
- C:\Windows\System\nZGcHWX.exe
  C:\Windows\System\nZGcHWX.exe
  2⤵
  PID:6512
- C:\Windows\System\uyilhyP.exe
  C:\Windows\System\uyilhyP.exe
  2⤵
  PID:2596
- C:\Windows\System\ggAtiKv.exe
  C:\Windows\System\ggAtiKv.exe
  2⤵
  PID:5440
- C:\Windows\System\woVEKKJ.exe
  C:\Windows\System\woVEKKJ.exe
  2⤵
  PID:6780
- C:\Windows\System\fmGEWzP.exe
  C:\Windows\System\fmGEWzP.exe
  2⤵
  PID:2388
- C:\Windows\System\FJPXvVk.exe
  C:\Windows\System\FJPXvVk.exe
  2⤵
  PID:7180
- C:\Windows\System\ijwRPtr.exe
  C:\Windows\System\ijwRPtr.exe
  2⤵
  PID:7196
- C:\Windows\System\JBJroVK.exe
  C:\Windows\System\JBJroVK.exe
  2⤵
  PID:7216
- C:\Windows\System\PQrrXfN.exe
  C:\Windows\System\PQrrXfN.exe
  2⤵
  PID:7272
- C:\Windows\System\LghNtiM.exe
  C:\Windows\System\LghNtiM.exe
  2⤵
  PID:7288
- C:\Windows\System\kcxXVzm.exe
  C:\Windows\System\kcxXVzm.exe
  2⤵
  PID:7304
- C:\Windows\System\mPtcNBf.exe
  C:\Windows\System\mPtcNBf.exe
  2⤵
  PID:7320
- C:\Windows\System\vAvKJbp.exe
  C:\Windows\System\vAvKJbp.exe
  2⤵
  PID:7336
- C:\Windows\System\JuwRjoD.exe
  C:\Windows\System\JuwRjoD.exe
  2⤵
  PID:7352
- C:\Windows\System\pVVtDrQ.exe
  C:\Windows\System\pVVtDrQ.exe
  2⤵
  PID:7368
- C:\Windows\System\szfNcsY.exe
  C:\Windows\System\szfNcsY.exe
  2⤵
  PID:7384
- C:\Windows\System\nMzvYks.exe
  C:\Windows\System\nMzvYks.exe
  2⤵
  PID:7400
- C:\Windows\System\bhvSmAX.exe
  C:\Windows\System\bhvSmAX.exe
  2⤵
  PID:7416
- C:\Windows\System\YpkzAiT.exe
  C:\Windows\System\YpkzAiT.exe
  2⤵
  PID:7436
- C:\Windows\System\xrjzgyV.exe
  C:\Windows\System\xrjzgyV.exe
  2⤵
  PID:7456
- C:\Windows\System\GnVahLU.exe
  C:\Windows\System\GnVahLU.exe
  2⤵
  PID:7472
- C:\Windows\System\BzAldql.exe
  C:\Windows\System\BzAldql.exe
  2⤵
  PID:7492
- C:\Windows\System\gkPpFSf.exe
  C:\Windows\System\gkPpFSf.exe
  2⤵
  PID:7508
- C:\Windows\System\YZhHiMl.exe
  C:\Windows\System\YZhHiMl.exe
  2⤵
  PID:7532
- C:\Windows\System\GfIxWrc.exe
  C:\Windows\System\GfIxWrc.exe
  2⤵
  PID:7552
- C:\Windows\System\yjkAGoH.exe
  C:\Windows\System\yjkAGoH.exe
  2⤵
  PID:7568
- C:\Windows\System\lIfmeus.exe
  C:\Windows\System\lIfmeus.exe
  2⤵
  PID:7584
- C:\Windows\System\WmVuoZm.exe
  C:\Windows\System\WmVuoZm.exe
  2⤵
  PID:7604
- C:\Windows\System\ccaVKcq.exe
  C:\Windows\System\ccaVKcq.exe
  2⤵
  PID:7628
- C:\Windows\System\DgqArQQ.exe
  C:\Windows\System\DgqArQQ.exe
  2⤵
  PID:7644
- C:\Windows\System\ySHFZTi.exe
  C:\Windows\System\ySHFZTi.exe
  2⤵
  PID:7724
- C:\Windows\System\SQAbucp.exe
  C:\Windows\System\SQAbucp.exe
  2⤵
  PID:7740
- C:\Windows\System\DUtcmNx.exe
  C:\Windows\System\DUtcmNx.exe
  2⤵
  PID:7756
- C:\Windows\System\fFOjRmE.exe
  C:\Windows\System\fFOjRmE.exe
  2⤵
  PID:7776
- C:\Windows\System\HaIfxyt.exe
  C:\Windows\System\HaIfxyt.exe
  2⤵
  PID:7792
- C:\Windows\System\hmHhvhO.exe
  C:\Windows\System\hmHhvhO.exe
  2⤵
  PID:7812
- C:\Windows\System\pYHuKqR.exe
  C:\Windows\System\pYHuKqR.exe
  2⤵
  PID:7828
- C:\Windows\System\IyWcbGV.exe
  C:\Windows\System\IyWcbGV.exe
  2⤵
  PID:7848
- C:\Windows\System\HTXHnpZ.exe
  C:\Windows\System\HTXHnpZ.exe
  2⤵
  PID:7864
- C:\Windows\System\zYLIyFV.exe
  C:\Windows\System\zYLIyFV.exe
  2⤵
  PID:7884
- C:\Windows\System\qFyCfEm.exe
  C:\Windows\System\qFyCfEm.exe
  2⤵
  PID:7900
- C:\Windows\System\LwwxNhu.exe
  C:\Windows\System\LwwxNhu.exe
  2⤵
  PID:7916
- C:\Windows\System\gDuhCnd.exe
  C:\Windows\System\gDuhCnd.exe
  2⤵
  PID:7932
- C:\Windows\System\wWIuYvr.exe
  C:\Windows\System\wWIuYvr.exe
  2⤵
  PID:7948
- C:\Windows\System\ErBDYhi.exe
  C:\Windows\System\ErBDYhi.exe
  2⤵
  PID:7964
- C:\Windows\System\jHbshap.exe
  C:\Windows\System\jHbshap.exe
  2⤵
  PID:8048
- C:\Windows\System\vEwtapn.exe
  C:\Windows\System\vEwtapn.exe
  2⤵
  PID:8064
- C:\Windows\System\HfhWRgb.exe
  C:\Windows\System\HfhWRgb.exe
  2⤵
  PID:8080
- C:\Windows\System\ccTAOUa.exe
  C:\Windows\System\ccTAOUa.exe
  2⤵
  PID:8104
- C:\Windows\System\WrzkgvQ.exe
  C:\Windows\System\WrzkgvQ.exe
  2⤵
  PID:8120
- C:\Windows\System\MUxVybV.exe
  C:\Windows\System\MUxVybV.exe
  2⤵
  PID:8136
- C:\Windows\System\cHiDcqp.exe
  C:\Windows\System\cHiDcqp.exe
  2⤵
  PID:8164
- C:\Windows\System\QkwsqVM.exe
  C:\Windows\System\QkwsqVM.exe
  2⤵
  PID:8180
- C:\Windows\System\GOuAkKR.exe
  C:\Windows\System\GOuAkKR.exe
  2⤵
  PID:6008
- C:\Windows\System\dIIhTOy.exe
  C:\Windows\System\dIIhTOy.exe
  2⤵
  PID:7172
- C:\Windows\System\tTGeEbg.exe
  C:\Windows\System\tTGeEbg.exe
  2⤵
  PID:1072
- C:\Windows\System\myQHwnt.exe
  C:\Windows\System\myQHwnt.exe
  2⤵
  PID:6700
- C:\Windows\System\gTDWdAA.exe
  C:\Windows\System\gTDWdAA.exe
  2⤵
  PID:7232
- C:\Windows\System\llwtnwi.exe
  C:\Windows\System\llwtnwi.exe
  2⤵
  PID:7248
- C:\Windows\System\tPPLZFw.exe
  C:\Windows\System\tPPLZFw.exe
  2⤵
  PID:7256
- C:\Windows\System\eKjiIpJ.exe
  C:\Windows\System\eKjiIpJ.exe
  2⤵
  PID:6332
- C:\Windows\System\NoClyNl.exe
  C:\Windows\System\NoClyNl.exe
  2⤵
  PID:7332
- C:\Windows\System\kkbixYa.exe
  C:\Windows\System\kkbixYa.exe
  2⤵
  PID:7396
- C:\Windows\System\olipESb.exe
  C:\Windows\System\olipESb.exe
  2⤵
  PID:7468
- C:\Windows\System\QXxdUNK.exe
  C:\Windows\System\QXxdUNK.exe
  2⤵
  PID:1036
- C:\Windows\System\HQcJuSj.exe
  C:\Windows\System\HQcJuSj.exe
  2⤵
  PID:7540
- C:\Windows\System\kQAgqtc.exe
  C:\Windows\System\kQAgqtc.exe
  2⤵
  PID:7612
- C:\Windows\System\zYnIDXc.exe
  C:\Windows\System\zYnIDXc.exe
  2⤵
  PID:7312
- C:\Windows\System\izEgwqB.exe
  C:\Windows\System\izEgwqB.exe
  2⤵
  PID:7680
- C:\Windows\System\vvKdBMb.exe
  C:\Windows\System\vvKdBMb.exe
  2⤵
  PID:7696
- C:\Windows\System\woLyTjK.exe
  C:\Windows\System\woLyTjK.exe
  2⤵
  PID:7212
- C:\Windows\System\EdRLZnH.exe
  C:\Windows\System\EdRLZnH.exe
  2⤵
  PID:7348
- C:\Windows\System\GqWGmfO.exe
  C:\Windows\System\GqWGmfO.exe
  2⤵
  PID:7528
- C:\Windows\System\KMdnRkZ.exe
  C:\Windows\System\KMdnRkZ.exe
  2⤵
  PID:7284
- C:\Windows\System\JXUGgEi.exe
  C:\Windows\System\JXUGgEi.exe
  2⤵
  PID:7480
- C:\Windows\System\sWWrPmh.exe
  C:\Windows\System\sWWrPmh.exe
  2⤵
  PID:7636
- C:\Windows\System\iaxjwkz.exe
  C:\Windows\System\iaxjwkz.exe
  2⤵
  PID:7892
- C:\Windows\System\BRbqVBx.exe
  C:\Windows\System\BRbqVBx.exe
  2⤵
  PID:7764
- C:\Windows\System\LTkYQPG.exe
  C:\Windows\System\LTkYQPG.exe
  2⤵
  PID:7152
- C:\Windows\System\CnoSBKO.exe
  C:\Windows\System\CnoSBKO.exe
  2⤵
  PID:7836
- C:\Windows\System\JeyHcnm.exe
  C:\Windows\System\JeyHcnm.exe
  2⤵
  PID:7876
- C:\Windows\System\pbbouYL.exe
  C:\Windows\System\pbbouYL.exe
  2⤵
  PID:7940
- C:\Windows\System\clkxvRf.exe
  C:\Windows\System\clkxvRf.exe
  2⤵
  PID:7980
- C:\Windows\System\aUIzukp.exe
  C:\Windows\System\aUIzukp.exe
  2⤵
  PID:8012
- C:\Windows\System\HcaJEfY.exe
  C:\Windows\System\HcaJEfY.exe
  2⤵
  PID:7984
- C:\Windows\System\uRbVRNj.exe
  C:\Windows\System\uRbVRNj.exe
  2⤵
  PID:8100
- C:\Windows\System\cUrdqoK.exe
  C:\Windows\System\cUrdqoK.exe
  2⤵
  PID:8132
- C:\Windows\System\bNZCKvG.exe
  C:\Windows\System\bNZCKvG.exe
  2⤵
  PID:7124
- C:\Windows\System\YHaiXWX.exe
  C:\Windows\System\YHaiXWX.exe
  2⤵
  PID:2580
- C:\Windows\System\iRpThJr.exe
  C:\Windows\System\iRpThJr.exe
  2⤵
  PID:8072
- C:\Windows\System\bTwNddw.exe
  C:\Windows\System\bTwNddw.exe
  2⤵
  PID:8152
- C:\Windows\System\gftaMMu.exe
  C:\Windows\System\gftaMMu.exe
  2⤵
  PID:1432
- C:\Windows\System\AiCEtpT.exe
  C:\Windows\System\AiCEtpT.exe
  2⤵
  PID:7224
- C:\Windows\System\WKAnKAw.exe
  C:\Windows\System\WKAnKAw.exe
  2⤵
  PID:7264
- C:\Windows\System\uQkjjsV.exe
  C:\Windows\System\uQkjjsV.exe
  2⤵
  PID:7392
- C:\Windows\System\AMuEvfW.exe
  C:\Windows\System\AMuEvfW.exe
  2⤵
  PID:7576
- C:\Windows\System\jErSuXH.exe
  C:\Windows\System\jErSuXH.exe
  2⤵
  PID:7428
- C:\Windows\System\GLhyDYS.exe
  C:\Windows\System\GLhyDYS.exe
  2⤵
  PID:7672
- C:\Windows\System\wtTmsTi.exe
  C:\Windows\System\wtTmsTi.exe
  2⤵
  PID:7448
- C:\Windows\System\vaQDEGN.exe
  C:\Windows\System\vaQDEGN.exe
  2⤵
  PID:7408
- C:\Windows\System\rTFKhdE.exe
  C:\Windows\System\rTFKhdE.exe
  2⤵
  PID:7708
- C:\Windows\System\DlbOQrE.exe
  C:\Windows\System\DlbOQrE.exe
  2⤵
  PID:7788
- C:\Windows\System\mMUsiwC.exe
  C:\Windows\System\mMUsiwC.exe
  2⤵
  PID:7596
- C:\Windows\System\EKVwKpu.exe
  C:\Windows\System\EKVwKpu.exe
  2⤵
  PID:7860
- C:\Windows\System\lfhoUpl.exe
  C:\Windows\System\lfhoUpl.exe
  2⤵
  PID:7912
- C:\Windows\System\qHgDATg.exe
  C:\Windows\System\qHgDATg.exe
  2⤵
  PID:7808
- C:\Windows\System\ZGbKCuH.exe
  C:\Windows\System\ZGbKCuH.exe
  2⤵
  PID:7240
- C:\Windows\System\vbORXmz.exe
  C:\Windows\System\vbORXmz.exe
  2⤵
  PID:2832
- C:\Windows\System\fqUfBLq.exe
  C:\Windows\System\fqUfBLq.exe
  2⤵
  PID:7972
- C:\Windows\System\DObbwgd.exe
  C:\Windows\System\DObbwgd.exe
  2⤵
  PID:7204
- C:\Windows\System\YNKZvsx.exe
  C:\Windows\System\YNKZvsx.exe
  2⤵
  PID:2536
- C:\Windows\System\dyWRXLu.exe
  C:\Windows\System\dyWRXLu.exe
  2⤵
  PID:8024
- C:\Windows\System\oHpYoKL.exe
  C:\Windows\System\oHpYoKL.exe
  2⤵
  PID:7464
- C:\Windows\System\NtQyXNy.exe
  C:\Windows\System\NtQyXNy.exe
  2⤵
  PID:7660
- C:\Windows\System\FagoftR.exe
  C:\Windows\System\FagoftR.exe
  2⤵
  PID:7328
- C:\Windows\System\BfpRCgi.exe
  C:\Windows\System\BfpRCgi.exe
  2⤵
  PID:7376
- C:\Windows\System\pARtWZI.exe
  C:\Windows\System\pARtWZI.exe
  2⤵
  PID:7444
- C:\Windows\System\BqzNoYG.exe
  C:\Windows\System\BqzNoYG.exe
  2⤵
  PID:7956
- C:\Windows\System\xIiUReE.exe
  C:\Windows\System\xIiUReE.exe
  2⤵
  PID:7960
- C:\Windows\System\SgQJzcj.exe
  C:\Windows\System\SgQJzcj.exe
  2⤵
  PID:7856
- C:\Windows\System\wbeGPTK.exe
  C:\Windows\System\wbeGPTK.exe
  2⤵
  PID:7908
- C:\Windows\System\bgjOUZd.exe
  C:\Windows\System\bgjOUZd.exe
  2⤵
  PID:7524
- C:\Windows\System\EoWvbwH.exe
  C:\Windows\System\EoWvbwH.exe
  2⤵
  PID:7924
- C:\Windows\System\DVdKuyu.exe
  C:\Windows\System\DVdKuyu.exe
  2⤵
  PID:8176
- C:\Windows\System\vwxAxoZ.exe
  C:\Windows\System\vwxAxoZ.exe
  2⤵
  PID:7716
- C:\Windows\System\omRympj.exe
  C:\Windows\System\omRympj.exe
  2⤵
  PID:8188
- C:\Windows\System\jdwubVt.exe
  C:\Windows\System\jdwubVt.exe
  2⤵
  PID:6844
- C:\Windows\System\TRYUqyS.exe
  C:\Windows\System\TRYUqyS.exe
  2⤵
  PID:6596
- C:\Windows\System\upOfUKQ.exe
  C:\Windows\System\upOfUKQ.exe
  2⤵
  PID:7824
- C:\Windows\System\vjFzeSw.exe
  C:\Windows\System\vjFzeSw.exe
  2⤵
  PID:8060
- C:\Windows\System\vMVXodV.exe
  C:\Windows\System\vMVXodV.exe
  2⤵
  PID:7976
- C:\Windows\System\omIkRxE.exe
  C:\Windows\System\omIkRxE.exe
  2⤵
  PID:8212
- C:\Windows\System\stuiPhx.exe
  C:\Windows\System\stuiPhx.exe
  2⤵
  PID:8228
- C:\Windows\System\MEisewt.exe
  C:\Windows\System\MEisewt.exe
  2⤵
  PID:8244
- C:\Windows\System\gyZLvVy.exe
  C:\Windows\System\gyZLvVy.exe
  2⤵
  PID:8260
- C:\Windows\System\DFdnYLb.exe
  C:\Windows\System\DFdnYLb.exe
  2⤵
  PID:8280
- C:\Windows\System\tbNNEcf.exe
  C:\Windows\System\tbNNEcf.exe
  2⤵
  PID:8296
- C:\Windows\System\PpMHYWT.exe
  C:\Windows\System\PpMHYWT.exe
  2⤵
  PID:8312
- C:\Windows\System\utlSuva.exe
  C:\Windows\System\utlSuva.exe
  2⤵
  PID:8332
- C:\Windows\System\sUixRSj.exe
  C:\Windows\System\sUixRSj.exe
  2⤵
  PID:8348
- C:\Windows\System\XKGuQgh.exe
  C:\Windows\System\XKGuQgh.exe
  2⤵
  PID:8364
- C:\Windows\System\tPTbpPr.exe
  C:\Windows\System\tPTbpPr.exe
  2⤵
  PID:8380
- C:\Windows\System\eKqNRqc.exe
  C:\Windows\System\eKqNRqc.exe
  2⤵
  PID:8404
- C:\Windows\System\ASBMUhm.exe
  C:\Windows\System\ASBMUhm.exe
  2⤵
  PID:8420
- C:\Windows\System\SPDEWlO.exe
  C:\Windows\System\SPDEWlO.exe
  2⤵
  PID:8440
- C:\Windows\System\eealnQk.exe
  C:\Windows\System\eealnQk.exe
  2⤵
  PID:8536
- C:\Windows\System\nYZbUuO.exe
  C:\Windows\System\nYZbUuO.exe
  2⤵
  PID:8552
- C:\Windows\System\uzTWxeG.exe
  C:\Windows\System\uzTWxeG.exe
  2⤵
  PID:8572
- C:\Windows\System\HTObobF.exe
  C:\Windows\System\HTObobF.exe
  2⤵
  PID:8588
- C:\Windows\System\bmDToCU.exe
  C:\Windows\System\bmDToCU.exe
  2⤵
  PID:8604
- C:\Windows\System\ZlHjGhf.exe
  C:\Windows\System\ZlHjGhf.exe
  2⤵
  PID:8620
- C:\Windows\System\GBxVgvB.exe
  C:\Windows\System\GBxVgvB.exe
  2⤵
  PID:8636
- C:\Windows\System\yYdMijh.exe
  C:\Windows\System\yYdMijh.exe
  2⤵
  PID:8652
- C:\Windows\System\ApNFwWZ.exe
  C:\Windows\System\ApNFwWZ.exe
  2⤵
  PID:8668
- C:\Windows\System\CfSJuWT.exe
  C:\Windows\System\CfSJuWT.exe
  2⤵
  PID:8684
- C:\Windows\System\TVxUUCy.exe
  C:\Windows\System\TVxUUCy.exe
  2⤵
  PID:8700
- C:\Windows\System\ntxqkiK.exe
  C:\Windows\System\ntxqkiK.exe
  2⤵
  PID:8716
- C:\Windows\System\sjMDDpL.exe
  C:\Windows\System\sjMDDpL.exe
  2⤵
  PID:8732
- C:\Windows\System\IAVMhUJ.exe
  C:\Windows\System\IAVMhUJ.exe
  2⤵
  PID:8748
- C:\Windows\System\cokdtUS.exe
  C:\Windows\System\cokdtUS.exe
  2⤵
  PID:8772
- C:\Windows\System\SbuQUSx.exe
  C:\Windows\System\SbuQUSx.exe
  2⤵
  PID:8788
- C:\Windows\System\WUoAOBm.exe
  C:\Windows\System\WUoAOBm.exe
  2⤵
  PID:8804
- C:\Windows\System\KmqyqeN.exe
  C:\Windows\System\KmqyqeN.exe
  2⤵
  PID:8864
- C:\Windows\System\HfdDqja.exe
  C:\Windows\System\HfdDqja.exe
  2⤵
  PID:8880
- C:\Windows\System\gQSevQY.exe
  C:\Windows\System\gQSevQY.exe
  2⤵
  PID:8896
- C:\Windows\System\yQqtPfa.exe
  C:\Windows\System\yQqtPfa.exe
  2⤵
  PID:8912
- C:\Windows\System\zvDnkwJ.exe
  C:\Windows\System\zvDnkwJ.exe
  2⤵
  PID:8928
- C:\Windows\System\KrQYcsK.exe
  C:\Windows\System\KrQYcsK.exe
  2⤵
  PID:8952
- C:\Windows\System\UkiGnTr.exe
  C:\Windows\System\UkiGnTr.exe
  2⤵
  PID:8980
- C:\Windows\System\KrvIghj.exe
  C:\Windows\System\KrvIghj.exe
  2⤵
  PID:8996
- C:\Windows\System\zsAMERI.exe
  C:\Windows\System\zsAMERI.exe
  2⤵
  PID:9012
- C:\Windows\System\ExQGnIA.exe
  C:\Windows\System\ExQGnIA.exe
  2⤵
  PID:9028
- C:\Windows\System\JTLVzGf.exe
  C:\Windows\System\JTLVzGf.exe
  2⤵
  PID:9044
- C:\Windows\System\LsTGZyA.exe
  C:\Windows\System\LsTGZyA.exe
  2⤵
  PID:9060
- C:\Windows\System\izPsUHU.exe
  C:\Windows\System\izPsUHU.exe
  2⤵
  PID:9076
- C:\Windows\System\HVABgwB.exe
  C:\Windows\System\HVABgwB.exe
  2⤵
  PID:9092
- C:\Windows\System\ceYmNTP.exe
  C:\Windows\System\ceYmNTP.exe
  2⤵
  PID:9108
- C:\Windows\System\XZpeOmu.exe
  C:\Windows\System\XZpeOmu.exe
  2⤵
  PID:9124
- C:\Windows\System\XokrrEz.exe
  C:\Windows\System\XokrrEz.exe
  2⤵
  PID:9140
- C:\Windows\System\bsRxZKs.exe
  C:\Windows\System\bsRxZKs.exe
  2⤵
  PID:9160
- C:\Windows\System\oidwRpS.exe
  C:\Windows\System\oidwRpS.exe
  2⤵
  PID:9176
- C:\Windows\System\VlmveUb.exe
  C:\Windows\System\VlmveUb.exe
  2⤵
  PID:9192
- C:\Windows\System\EHHuMVj.exe
  C:\Windows\System\EHHuMVj.exe
  2⤵
  PID:9208
- C:\Windows\System\wSMdwDi.exe
  C:\Windows\System\wSMdwDi.exe
  2⤵
  PID:7592
- C:\Windows\System\WruKjFB.exe
  C:\Windows\System\WruKjFB.exe
  2⤵
  PID:8116
- C:\Windows\System\cTHtDBH.exe
  C:\Windows\System\cTHtDBH.exe
  2⤵
  PID:7132
- C:\Windows\System\WjsthpA.exe
  C:\Windows\System\WjsthpA.exe
  2⤵
  PID:8240
- C:\Windows\System\ksSwkit.exe
  C:\Windows\System\ksSwkit.exe
  2⤵
  PID:7732
- C:\Windows\System\DwRZDWT.exe
  C:\Windows\System\DwRZDWT.exe
  2⤵
  PID:8172
- C:\Windows\System\XHZgtHk.exe
  C:\Windows\System\XHZgtHk.exe
  2⤵
  PID:8208
- C:\Windows\System\gIdEJdm.exe
  C:\Windows\System\gIdEJdm.exe
  2⤵
  PID:8220
- C:\Windows\System\uhzEiwY.exe
  C:\Windows\System\uhzEiwY.exe
  2⤵
  PID:8288
- C:\Windows\System\kyHBxUZ.exe
  C:\Windows\System\kyHBxUZ.exe
  2⤵
  PID:8376
- C:\Windows\System\IYdsjZV.exe
  C:\Windows\System\IYdsjZV.exe
  2⤵
  PID:8372
- C:\Windows\System\PLznlOo.exe
  C:\Windows\System\PLznlOo.exe
  2⤵
  PID:8392
- C:\Windows\System\TmPGeJB.exe
  C:\Windows\System\TmPGeJB.exe
  2⤵
  PID:8416
- C:\Windows\System\nNmKuUS.exe
  C:\Windows\System\nNmKuUS.exe
  2⤵
  PID:8448
- C:\Windows\System\qhnncnu.exe
  C:\Windows\System\qhnncnu.exe
  2⤵
  PID:8464
- C:\Windows\System\iyepkuX.exe
  C:\Windows\System\iyepkuX.exe
  2⤵
  PID:8480
- C:\Windows\System\jgvkqwP.exe
  C:\Windows\System\jgvkqwP.exe
  2⤵
  PID:8496
- C:\Windows\System\sRONEDq.exe
  C:\Windows\System\sRONEDq.exe
  2⤵
  PID:8320
- C:\Windows\System\LsLRULb.exe
  C:\Windows\System\LsLRULb.exe
  2⤵
  PID:8520
- C:\Windows\System\QnrKNUw.exe
  C:\Windows\System\QnrKNUw.exe
  2⤵
  PID:8712
- C:\Windows\System\nalOvWr.exe
  C:\Windows\System\nalOvWr.exe
  2⤵
  PID:8616
- C:\Windows\System\KgCkzlh.exe
  C:\Windows\System\KgCkzlh.exe
  2⤵
  PID:8664
- C:\Windows\System\IpYpjmk.exe
  C:\Windows\System\IpYpjmk.exe
  2⤵
  PID:8708
- C:\Windows\System\IfHVPNw.exe
  C:\Windows\System\IfHVPNw.exe
  2⤵
  PID:8764
- C:\Windows\System\iJkqWqa.exe
  C:\Windows\System\iJkqWqa.exe
  2⤵
  PID:8812
- C:\Windows\System\sYBuyYS.exe
  C:\Windows\System\sYBuyYS.exe
  2⤵
  PID:8784
- C:\Windows\System\JKUFovq.exe
  C:\Windows\System\JKUFovq.exe
  2⤵
  PID:8836
- C:\Windows\System\rUoaCcI.exe
  C:\Windows\System\rUoaCcI.exe
  2⤵
  PID:8852
- C:\Windows\System\MbCMXYA.exe
  C:\Windows\System\MbCMXYA.exe
  2⤵
  PID:8920
- C:\Windows\System\hsxPrKP.exe
  C:\Windows\System\hsxPrKP.exe
  2⤵
  PID:8968
- C:\Windows\System\BfgFpVQ.exe
  C:\Windows\System\BfgFpVQ.exe
  2⤵
  PID:9008
- C:\Windows\System\VduNKCo.exe
  C:\Windows\System\VduNKCo.exe
  2⤵
  PID:8872
- C:\Windows\System\OcfFsRP.exe
  C:\Windows\System\OcfFsRP.exe
  2⤵
  PID:8860
- C:\Windows\System\YkNyMBX.exe
  C:\Windows\System\YkNyMBX.exe
  2⤵
  PID:9056
- C:\Windows\System\ASwpnmL.exe
  C:\Windows\System\ASwpnmL.exe
  2⤵
  PID:9020
- C:\Windows\System\AuNCEgd.exe
  C:\Windows\System\AuNCEgd.exe
  2⤵
  PID:9156
- C:\Windows\System\dqMKzUo.exe
  C:\Windows\System\dqMKzUo.exe
  2⤵
  PID:9132
- C:\Windows\System\zKbOcKK.exe
  C:\Windows\System\zKbOcKK.exe
  2⤵
  PID:9200
- C:\Windows\System\jksfjAi.exe
  C:\Windows\System\jksfjAi.exe
  2⤵
  PID:9184
- C:\Windows\System\UaAoHwa.exe
  C:\Windows\System\UaAoHwa.exe
  2⤵
  PID:8028
- C:\Windows\System\XUQPuzG.exe
  C:\Windows\System\XUQPuzG.exe
  2⤵
  PID:9088
- C:\Windows\System\CyyyBQB.exe
  C:\Windows\System\CyyyBQB.exe
  2⤵
  PID:8472
- C:\Windows\System\ZCaclGG.exe
  C:\Windows\System\ZCaclGG.exe
  2⤵
  PID:9116
- C:\Windows\System\IjDfVSY.exe
  C:\Windows\System\IjDfVSY.exe
  2⤵
  PID:8328
- C:\Windows\System\xpgHPkw.exe
  C:\Windows\System\xpgHPkw.exe
  2⤵
  PID:8200
- C:\Windows\System\qnmICqS.exe
  C:\Windows\System\qnmICqS.exe
  2⤵
  PID:8456
- C:\Windows\System\GbpYVEK.exe
  C:\Windows\System\GbpYVEK.exe
  2⤵
  PID:8512
- C:\Windows\System\mzqFKnA.exe
  C:\Windows\System\mzqFKnA.exe
  2⤵
  PID:8580
- C:\Windows\System\LAoBlMd.exe
  C:\Windows\System\LAoBlMd.exe
  2⤵
  PID:8544
- C:\Windows\System\nNnIcbw.exe
  C:\Windows\System\nNnIcbw.exe
  2⤵
  PID:8728
- C:\Windows\System\FtBsZuz.exe
  C:\Windows\System\FtBsZuz.exe
  2⤵
  PID:8680
- C:\Windows\System\QyPrEfE.exe
  C:\Windows\System\QyPrEfE.exe
  2⤵
  PID:8800
- C:\Windows\System\EIMePSe.exe
  C:\Windows\System\EIMePSe.exe
  2⤵
  PID:8648
- C:\Windows\System\VdFyoIp.exe
  C:\Windows\System\VdFyoIp.exe
  2⤵
  PID:8796
- C:\Windows\System\uaprsPe.exe
  C:\Windows\System\uaprsPe.exe
  2⤵
  PID:8960
- C:\Windows\System\vHshleB.exe
  C:\Windows\System\vHshleB.exe
  2⤵
  PID:8964
- C:\Windows\System\OAjNWWW.exe
  C:\Windows\System\OAjNWWW.exe
  2⤵
  PID:8824
- C:\Windows\System\UdMEIYL.exe
  C:\Windows\System\UdMEIYL.exe
  2⤵
  PID:9148
- C:\Windows\System\DegxFXD.exe
  C:\Windows\System\DegxFXD.exe
  2⤵
  PID:9120
- C:\Windows\System\RtxyJRh.exe
  C:\Windows\System\RtxyJRh.exe
  2⤵
  PID:7668
- C:\Windows\System\gHjkcvj.exe
  C:\Windows\System\gHjkcvj.exe
  2⤵
  PID:8112
- C:\Windows\System\BBQhJEJ.exe
  C:\Windows\System\BBQhJEJ.exe
  2⤵
  PID:8276
- C:\Windows\System\cvleKxi.exe
  C:\Windows\System\cvleKxi.exe
  2⤵
  PID:8356
- C:\Windows\System\pTgziQr.exe
  C:\Windows\System\pTgziQr.exe
  2⤵
  PID:7280
- C:\Windows\System\FjQBnjM.exe
  C:\Windows\System\FjQBnjM.exe
  2⤵
  PID:7844
- C:\Windows\System\sDmDZQM.exe
  C:\Windows\System\sDmDZQM.exe
  2⤵
  PID:8628
- C:\Windows\System\jfxKeNC.exe
  C:\Windows\System\jfxKeNC.exe
  2⤵
  PID:8564
- C:\Windows\System\RGYolck.exe
  C:\Windows\System\RGYolck.exe
  2⤵
  PID:8528
- C:\Windows\System\npqFepu.exe
  C:\Windows\System\npqFepu.exe
  2⤵
  PID:8756
- C:\Windows\System\celVUIJ.exe
  C:\Windows\System\celVUIJ.exe
  2⤵
  PID:8840
- C:\Windows\System\ukeapfY.exe
  C:\Windows\System\ukeapfY.exe
  2⤵
  PID:9004
- C:\Windows\System\YcUMXwM.exe
  C:\Windows\System\YcUMXwM.exe
  2⤵
  PID:7316
- C:\Windows\System\xlbkEsh.exe
  C:\Windows\System\xlbkEsh.exe
  2⤵
  PID:8308
- C:\Windows\System\KiuAQJV.exe
  C:\Windows\System\KiuAQJV.exe
  2⤵
  PID:8548
- C:\Windows\System\EjNsooR.exe
  C:\Windows\System\EjNsooR.exe
  2⤵
  PID:9228
- C:\Windows\System\nKiMTGe.exe
  C:\Windows\System\nKiMTGe.exe
  2⤵
  PID:9264
- C:\Windows\System\hEWeMyj.exe
  C:\Windows\System\hEWeMyj.exe
  2⤵
  PID:9292
- C:\Windows\System\ZaOOkCU.exe
  C:\Windows\System\ZaOOkCU.exe
  2⤵
  PID:9316
- C:\Windows\System\LmdSReG.exe
  C:\Windows\System\LmdSReG.exe
  2⤵
  PID:9332
- C:\Windows\System\jXzPQXB.exe
  C:\Windows\System\jXzPQXB.exe
  2⤵
  PID:9352
- C:\Windows\System\azdlFTx.exe
  C:\Windows\System\azdlFTx.exe
  2⤵
  PID:9368
- C:\Windows\System\XdUmWXd.exe
  C:\Windows\System\XdUmWXd.exe
  2⤵
  PID:9408
- C:\Windows\System\IFMyBYz.exe
  C:\Windows\System\IFMyBYz.exe
  2⤵
  PID:9428
- C:\Windows\System\hNjvuiS.exe
  C:\Windows\System\hNjvuiS.exe
  2⤵
  PID:9464
- C:\Windows\System\PzPRteT.exe
  C:\Windows\System\PzPRteT.exe
  2⤵
  PID:9484
- C:\Windows\System\jbCAzEK.exe
  C:\Windows\System\jbCAzEK.exe
  2⤵
  PID:9516
- C:\Windows\System\gLanPvY.exe
  C:\Windows\System\gLanPvY.exe
  2⤵
  PID:9640
- C:\Windows\System\gOHzkvF.exe
  C:\Windows\System\gOHzkvF.exe
  2⤵
  PID:9764
- C:\Windows\System\ZQTMpBR.exe
  C:\Windows\System\ZQTMpBR.exe
  2⤵
  PID:9784
- C:\Windows\System\mJnYEQd.exe
  C:\Windows\System\mJnYEQd.exe
  2⤵
  PID:9800
- C:\Windows\System\Oktfoaq.exe
  C:\Windows\System\Oktfoaq.exe
  2⤵
  PID:9816
- C:\Windows\System\frTKnTR.exe
  C:\Windows\System\frTKnTR.exe
  2⤵
  PID:9836
- C:\Windows\System\QdTsqFQ.exe
  C:\Windows\System\QdTsqFQ.exe
  2⤵
  PID:9852
- C:\Windows\System\iOIqLxW.exe
  C:\Windows\System\iOIqLxW.exe
  2⤵
  PID:9868
- C:\Windows\System\vbagUpf.exe
  C:\Windows\System\vbagUpf.exe
  2⤵
  PID:9884
- C:\Windows\System\LVkBDHK.exe
  C:\Windows\System\LVkBDHK.exe
  2⤵
  PID:9900
- C:\Windows\System\tnGlSoY.exe
  C:\Windows\System\tnGlSoY.exe
  2⤵
  PID:9916
- C:\Windows\System\KsehLpf.exe
  C:\Windows\System\KsehLpf.exe
  2⤵
  PID:9932
- C:\Windows\System\aReAuyz.exe
  C:\Windows\System\aReAuyz.exe
  2⤵
  PID:9948
- C:\Windows\System\fVKjRjv.exe
  C:\Windows\System\fVKjRjv.exe
  2⤵
  PID:9996
- C:\Windows\System\RIeJran.exe
  C:\Windows\System\RIeJran.exe
  2⤵
  PID:10028
- C:\Windows\System\WUIdTWL.exe
  C:\Windows\System\WUIdTWL.exe
  2⤵
  PID:10044
- C:\Windows\System\GlGbIps.exe
  C:\Windows\System\GlGbIps.exe
  2⤵
  PID:10060
- C:\Windows\System\bJvOFjU.exe
  C:\Windows\System\bJvOFjU.exe
  2⤵
  PID:10076
- C:\Windows\System\GABSxDs.exe
  C:\Windows\System\GABSxDs.exe
  2⤵
  PID:10092
- C:\Windows\System\KQHOXHd.exe
  C:\Windows\System\KQHOXHd.exe
  2⤵
  PID:10108
- C:\Windows\System\RVPPsvM.exe
  C:\Windows\System\RVPPsvM.exe
  2⤵
  PID:10124
- C:\Windows\System\VgFcKNe.exe
  C:\Windows\System\VgFcKNe.exe
  2⤵
  PID:10140
- C:\Windows\System\GKTNpkj.exe
  C:\Windows\System\GKTNpkj.exe
  2⤵
  PID:10156
- C:\Windows\System\fbZgBIc.exe
  C:\Windows\System\fbZgBIc.exe
  2⤵
  PID:10172
- C:\Windows\System\SRpEIqK.exe
  C:\Windows\System\SRpEIqK.exe
  2⤵
  PID:10188
- C:\Windows\System\kGkSptR.exe
  C:\Windows\System\kGkSptR.exe
  2⤵
  PID:10204
- C:\Windows\System\hhavLWj.exe
  C:\Windows\System\hhavLWj.exe
  2⤵
  PID:10220
- C:\Windows\System\zaJDXYs.exe
  C:\Windows\System\zaJDXYs.exe
  2⤵
  PID:10236
- C:\Windows\System\lEyXlvw.exe
  C:\Windows\System\lEyXlvw.exe
  2⤵
  PID:8432
- C:\Windows\System\ukHqPaL.exe
  C:\Windows\System\ukHqPaL.exe
  2⤵
  PID:8340
- C:\Windows\System\puAIrLy.exe
  C:\Windows\System\puAIrLy.exe
  2⤵
  PID:8820
- C:\Windows\System\slueiyE.exe
  C:\Windows\System\slueiyE.exe
  2⤵
  PID:8504
- C:\Windows\System\WMoLJpg.exe
  C:\Windows\System\WMoLJpg.exe
  2⤵
  PID:9272
- C:\Windows\System\WlbEHky.exe
  C:\Windows\System\WlbEHky.exe
  2⤵
  PID:9360
- C:\Windows\System\IHTWXpW.exe
  C:\Windows\System\IHTWXpW.exe
  2⤵
  PID:9304
- C:\Windows\System\oUGKZAV.exe
  C:\Windows\System\oUGKZAV.exe
  2⤵
  PID:9444
- C:\Windows\System\CNnTMLc.exe
  C:\Windows\System\CNnTMLc.exe
  2⤵
  PID:7656
- C:\Windows\System\PCzSZPB.exe
  C:\Windows\System\PCzSZPB.exe
  2⤵
  PID:9500
- C:\Windows\System\PocJKhb.exe
  C:\Windows\System\PocJKhb.exe
  2⤵
  PID:9528
- C:\Windows\System\oOiSVLs.exe
  C:\Windows\System\oOiSVLs.exe
  2⤵
  PID:9544
- C:\Windows\System\kmCZEUt.exe
  C:\Windows\System\kmCZEUt.exe
  2⤵
  PID:9564
- C:\Windows\System\oMICRPU.exe
  C:\Windows\System\oMICRPU.exe
  2⤵
  PID:9580
- C:\Windows\System\bHqKkSV.exe
  C:\Windows\System\bHqKkSV.exe
  2⤵
  PID:9600
- C:\Windows\System\KTIsaVi.exe
  C:\Windows\System\KTIsaVi.exe
  2⤵
  PID:9616
- C:\Windows\System\oFPqRFq.exe
  C:\Windows\System\oFPqRFq.exe
  2⤵
  PID:9648
- C:\Windows\System\DtZXXFS.exe
  C:\Windows\System\DtZXXFS.exe
  2⤵
  PID:9660
- C:\Windows\System\ksigcxj.exe
  C:\Windows\System\ksigcxj.exe
  2⤵
  PID:9676
- C:\Windows\System\MBHLCWd.exe
  C:\Windows\System\MBHLCWd.exe
  2⤵
  PID:9692
- C:\Windows\System\xQIhEdU.exe
  C:\Windows\System\xQIhEdU.exe
  2⤵
  PID:9708
- C:\Windows\System\NnKwaQj.exe
  C:\Windows\System\NnKwaQj.exe
  2⤵
  PID:9724
- C:\Windows\System\FlNBwBN.exe
  C:\Windows\System\FlNBwBN.exe
  2⤵
  PID:9740
- C:\Windows\System\cDhoGSM.exe
  C:\Windows\System\cDhoGSM.exe
  2⤵
  PID:9748
- C:\Windows\System\ZXTORat.exe
  C:\Windows\System\ZXTORat.exe
  2⤵
  PID:9792
- C:\Windows\System\PpDtXbs.exe
  C:\Windows\System\PpDtXbs.exe
  2⤵
  PID:9808
- C:\Windows\System\kvQNqaC.exe
  C:\Windows\System\kvQNqaC.exe
  2⤵
  PID:9876
- C:\Windows\System\MiZALcP.exe
  C:\Windows\System\MiZALcP.exe
  2⤵
  PID:9940
- C:\Windows\System\lSAuoYW.exe
  C:\Windows\System\lSAuoYW.exe
  2⤵
  PID:9968
- C:\Windows\System\dWaCNjA.exe
  C:\Windows\System\dWaCNjA.exe
  2⤵
  PID:10012
- C:\Windows\System\ueJfLcD.exe
  C:\Windows\System\ueJfLcD.exe
  2⤵
  PID:10016
- C:\Windows\System\WyPMaCv.exe
  C:\Windows\System\WyPMaCv.exe
  2⤵
  PID:10072
- C:\Windows\System\UjlexJp.exe
  C:\Windows\System\UjlexJp.exe
  2⤵
  PID:10164
- C:\Windows\System\vSrRWOi.exe
  C:\Windows\System\vSrRWOi.exe
  2⤵
  PID:10200
- C:\Windows\System\dtILLRh.exe
  C:\Windows\System\dtILLRh.exe
  2⤵
  PID:10084
- C:\Windows\System\nPgLeIw.exe
  C:\Windows\System\nPgLeIw.exe
  2⤵
  PID:10116
- C:\Windows\System\kYaStuj.exe
  C:\Windows\System\kYaStuj.exe
  2⤵
  PID:7176
- C:\Windows\System\ujeEtFU.exe
  C:\Windows\System\ujeEtFU.exe
  2⤵
  PID:9312
- C:\Windows\System\riIYneu.exe
  C:\Windows\System\riIYneu.exe
  2⤵
  PID:8292
- C:\Windows\System\YJjqkuT.exe
  C:\Windows\System\YJjqkuT.exe
  2⤵
  PID:9308
- C:\Windows\System\CMBoGEq.exe
  C:\Windows\System\CMBoGEq.exe
  2⤵
  PID:9244
- C:\Windows\System\XdsHqBm.exe
  C:\Windows\System\XdsHqBm.exe
  2⤵
  PID:8388
- C:\Windows\System\SlcLZCF.exe
  C:\Windows\System\SlcLZCF.exe
  2⤵
  PID:9376
- C:\Windows\System\gxmcbsr.exe
  C:\Windows\System\gxmcbsr.exe
  2⤵
  PID:9388
- C:\Windows\System\wTNjKTN.exe
  C:\Windows\System\wTNjKTN.exe
  2⤵
  PID:9760
- C:\Windows\System\DoirsnG.exe
  C:\Windows\System\DoirsnG.exe
  2⤵
  PID:9476
- C:\Windows\System\VFyTylB.exe
  C:\Windows\System\VFyTylB.exe
  2⤵
  PID:9524
- C:\Windows\System\oDUFFPj.exe
  C:\Windows\System\oDUFFPj.exe
  2⤵
  PID:9556
- C:\Windows\System\SSEpGyY.exe
  C:\Windows\System\SSEpGyY.exe
  2⤵
  PID:9704
- C:\Windows\System\WjDVUlf.exe
  C:\Windows\System\WjDVUlf.exe
  2⤵
  PID:9608
- C:\Windows\System\PnTUQLn.exe
  C:\Windows\System\PnTUQLn.exe
  2⤵
  PID:9656
- C:\Windows\System\LIwLbNq.exe
  C:\Windows\System\LIwLbNq.exe
  2⤵
  PID:9720
- C:\Windows\System\JNdsIDx.exe
  C:\Windows\System\JNdsIDx.exe
  2⤵
  PID:9864
- C:\Windows\System\HKViQSM.exe
  C:\Windows\System\HKViQSM.exe
  2⤵
  PID:9848
- C:\Windows\System\CvPundC.exe
  C:\Windows\System\CvPundC.exe
  2⤵
  PID:9824
- C:\Windows\System\SSpmUrj.exe
  C:\Windows\System\SSpmUrj.exe
  2⤵
  PID:10232
- C:\Windows\System\ECzQPrb.exe
  C:\Windows\System\ECzQPrb.exe
  2⤵
  PID:9988
- C:\Windows\System\LdQJSYv.exe
  C:\Windows\System\LdQJSYv.exe
  2⤵
  PID:10196
- C:\Windows\System\sMAlzwH.exe
  C:\Windows\System\sMAlzwH.exe
  2⤵
  PID:10180
- C:\Windows\System\exkzgGA.exe
  C:\Windows\System\exkzgGA.exe
  2⤵
  PID:8676
- C:\Windows\System\eHbRmmt.exe
  C:\Windows\System\eHbRmmt.exe
  2⤵
  PID:9280
- C:\Windows\System\LxlZwMb.exe
  C:\Windows\System\LxlZwMb.exe
  2⤵
  PID:9328
- C:\Windows\System\WCwJkNF.exe
  C:\Windows\System\WCwJkNF.exe
  2⤵
  PID:9400
- C:\Windows\System\eGhDcfw.exe
  C:\Windows\System\eGhDcfw.exe
  2⤵
  PID:9496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DUjKkIW.exe

Filesize
6.0MB

MD5
f93cea265e1faa2a4ca617766a07c0c7

SHA1
2ccb13cc49a3ae8fbeb744543aac14b5806674ad

SHA256
97c68c2074dc70342fb0753811d4be7ca34766376a666f5e8747f874ae31a750

SHA512
e1dba4377b5b6ee3723a43aa43ce02bac77eb3d668a86d67ec8f2277d2fdbe13794023025da8b19f226b51e71e8e51260ee567e70c416c19f9060f9e2744e5a3

Download Submit
C:\Windows\system\EyMsrgS.exe

Filesize
6.0MB

MD5
9a5d20b4da5073c3b3fb6ff6b1f3a006

SHA1
bb10818cb696c2fd3966ea935742af5b0a2d5dd7

SHA256
5f223525941995ff6fb7f2b1dc353f42c0560db79c30443b33558db791b4294c

SHA512
5c1a7f9773a32ff08b2971af08a8afacaf7708e7d15fb1d2821b89871d2705aec0b55637d46bd0dbb9377ad240309b335dc64e48f3404736790286ba3a000f1c

Download Submit
C:\Windows\system\HQMIOSi.exe

Filesize
6.0MB

MD5
ccb750f3f679de6c8a349f2229785ab6

SHA1
95e07d540ddff7a14added44f9564a9384c6c6cf

SHA256
26817b6986b8e0fc275c6935ff28c97347021f3b3c6ccd5ac6fa1a654e46f145

SHA512
866809d476d49fa6e1241ed414ed8a762241797e4f6e878ded2ec7ea096ad4f94aa00a6e8ff3d78af6fc4e1bde6a5c779ad216294078505893cf4b20fdcf54c9

Download Submit
C:\Windows\system\HolnQSl.exe

Filesize
6.0MB

MD5
b0ebd1dcff90a3240cea12cce452d83d

SHA1
22643fd2ad521308c2abe7b364abcfb3d0f0cae1

SHA256
6c6d14f0e1d058d31f53a27e450d6b7b087c3b408c89341f9fd89faf10890a04

SHA512
eade3badff042c4ea9900a240360a3e079f304d918961a570927adb9469fbcf06b950475ba264b3c9b1fcfbe8d629aebbdb1b37f7b1c210650ee5bd141d1a5a1

Download Submit
C:\Windows\system\IjHYwgu.exe

Filesize
6.0MB

MD5
0f8f170fecf0f0ec1cba66a78c54218c

SHA1
1680cbb0f700347e57f5eaa3a92f7b6029a8c4b3

SHA256
0444e27fd07e39a0b3cf028e8f868a817b2e22d419354c34e62d1036bbcb329b

SHA512
d8fac296e947420a54352f7acbfea8702b0612c49ca8de0639fdf3d574570c66b84e976216c3474ad60d5e488f20270d2d0891399ee3437c6a401777d8b1b9c1

Download Submit
C:\Windows\system\JVTDnCB.exe

Filesize
6.0MB

MD5
2b59d3162f8eea35493f818e53bc37ba

SHA1
2382ff3d9d8d716bf0288f4cfacfe271a0192f39

SHA256
79b9526093d40116f135888170227dc4f107ac53ee1bc0d1f2d25b91432bab8b

SHA512
4f796c918dc8aa7c222f7556b555aa75670d6800430c28ad85d2efd3f977746913a80bf9b78c26f5c8e8310e99df8e2a9ff18881e162f7dadf4159c66ad8bce0

Download Submit
C:\Windows\system\KTXhCkl.exe

Filesize
6.0MB

MD5
90344a7c145f4bf228a08a0f1fe32fdd

SHA1
622fead8a2a2142cb72d4ae20372109c2ac6883f

SHA256
1185f7a561429e4c61d9d7a2d9ab6e4842709d6dfada03c289e8a83970504b38

SHA512
b67d196210686150a3933f358c8835917b518e235702e790fd37e43a3da568170e0e3e72693ad6d6b6d69354cdc98ee41d42614fa85178b399f61da8e3a31635

Download Submit
C:\Windows\system\KfHphQF.exe

Filesize
6.0MB

MD5
5082c2b6fe877c7d6f41ac7226504ce3

SHA1
831e73422d8539b1b73c2fe8bbd8a3d103e8dc16

SHA256
500982d98c1d770405c189da4c7a9f31d137fb5b87fddc9d415bdc2466f39738

SHA512
5d05971dde01f7c282eb40fbf94b4371c4e92675377f723b02eb6c4f55cb669ec2e1a6acc842b6d5d78931e3fbc41212ba68f3bd3824dc2e5cd376c596cdde41

Download Submit
C:\Windows\system\LTslyEH.exe

Filesize
6.0MB

MD5
859d49885eed622f490fa8aee5f166b9

SHA1
737540af05ec90ab9a00c3b893354ba6860a0281

SHA256
9943c4d5684760dcac7b541a15a1bd89087aeb5ff196912d5be7f56f18826e9e

SHA512
452187988bd981ea6a93ef1e7e52a56ad7310795abdf4f947efe7f918b550d5931b5f3f63b5f862a5865a45a34f5a8fcb438cb27721c3a01806761762f710da5

Download Submit
C:\Windows\system\LZXxjCs.exe

Filesize
6.0MB

MD5
b7da93f5a147fe421c4d8a0b773e8b30

SHA1
5cf11987cdd0b78194df307a3de57273f945bccf

SHA256
39b6ea6e129e11f5fe22888c8feeb8df29e16cea2e208938c27538172e0ded0b

SHA512
26950e60e6b6bedd1634caa896b644959e036171ab75df164fa69010480fd3bee63e736f5dfdf536a9e12b46a73c0598cf575e693d5cc033dcc9551252f50124

Download Submit
C:\Windows\system\VVYqhLw.exe

Filesize
6.0MB

MD5
149fee62774431b7efe12dae58f9c187

SHA1
4bcd5ec46105d220635c481ad7e04df49d374c38

SHA256
133d340dff0561d2ac517163598862f3d9525f4802ae7004e4642bf9fc87d0f3

SHA512
11b6ce345c175dfb13efa033b47914ad92976549059704049a2d8bbd8cf5dbe1133b52970c92a0d4060df90c407a59db481b445741cfd73e621911f1660992ef

Download Submit
C:\Windows\system\YWVPLeW.exe

Filesize
6.0MB

MD5
c1114ec46fd84aa21be4132a3acf6760

SHA1
26332c2369984686489b622538e0d1265a216260

SHA256
fe4d765e513656e7a0e025584a7d483d9157e263f8f6882da52a13485aa98439

SHA512
e47f8c60da2fa874c61d72412f81bfe3d4fdec1acac0f3c4aa8e6730e049c8de12edb35239f9c065ae86b96f28a899f0cb44c67a2d63724ed1dc2c730e2d4cb6

Download Submit
C:\Windows\system\ZdskbKZ.exe

Filesize
6.0MB

MD5
816e0adbee4708dea226580136440813

SHA1
64cfa108866a19c992c1a174a3207b36d4eceec8

SHA256
01826a41131d76a0c10a3197cb322956ce3fe7eea8a7f939ea75fe36f78b3331

SHA512
e337a4a5e77a843f3c82b99d3ebf8fcc012f035153c509f9618aa2bfe491e09c813f859168f954298b5f6faf761440687bcbb2decd102ed53f9903040cbc55ae

Download Submit
C:\Windows\system\bPtaBXj.exe

Filesize
6.0MB

MD5
6a712a62d1bcd072a615308ea42d72b8

SHA1
27a0fb5759c49dbe36d5f95d3af956aa642ea6ba

SHA256
0f87f5eef31aa32d414b093ed055820edc40fb15e86e9940321a2fc9c4cf4d87

SHA512
31a4d870618ca2c5baa4d2b254ade0c777efcbf16f0af87678b7859156eced7b42724dcd890bfe167093eb09eddb1f1a33248cbae8bf81f58ae4cc1b312dcd12

Download Submit
C:\Windows\system\cVOtqRR.exe

Filesize
6.0MB

MD5
d5651fd07457962c23ade4c8b6c1bf36

SHA1
2b7551037090c7f0bb920aa2cab326c1f7e1cd19

SHA256
98aa8fe428248a99e09aedbfb55200b432d6fe4423d77bddbb8c1de3f5bceb12

SHA512
94c933ef3ede0a9254d847ae1a75cb4b8dbd92d97740cd1e095e1260989946c58b846f35a691aa3fef52e999648b34fa93d4e34f5ea9d4f3ee5c7f73f2afa30f

Download Submit
C:\Windows\system\cgZQIzf.exe

Filesize
6.0MB

MD5
3dbd244d8e3b706202e5dd2804525aa8

SHA1
2ab0e254b404c304ef3f0c1d7c919f645651486e

SHA256
621489603c289b1c3b967431499a1a9bcd3997791ef21c4356fe96b9fff09448

SHA512
3dab0b074dcdbc316242f2a66ca63086706543668eb98a39d6527bc1bbea28ae3e9a7dde0c2c19dd9a903cdff3d81632b9de9a0e16755c0f1f13a7ee73aead31

Download Submit
C:\Windows\system\eGozLhH.exe

Filesize
6.0MB

MD5
8a8223eb49b228741c49ae34e79fadfa

SHA1
8ae0a0c83d9c2bec7a63e8001ccfe4b66c48af48

SHA256
cc598d28b0e5ac95c886466d2a2d23bf517a79f115b493d2315624c67f78fe44

SHA512
13c3a643c3cc57fe0c434237ecfca4e987eef3a1e3625cd664d7a313f3598f4da4d70c4f91b082b39172c4f26afc85f1a5a19f0fcc5326d64c48b04d05702b4b

Download Submit
C:\Windows\system\ePMVWCn.exe

Filesize
6.0MB

MD5
9b958786fbb98f71f12536b4c14586b9

SHA1
877ee14436d1e1e4db780d54aeaae20f13e03ae2

SHA256
1bca72e6b842dea3eed92701009a977a4307a5e76009319d6afcf21e594283cc

SHA512
e19a3acbe04133955124cee3f1927ecd3b5f2537067a82bcd2bdc76d22e3e724c66c46337c5ad067c23a263cc4b9cbd5dceb3fded799787fc871ec1999d28c68

Download Submit
C:\Windows\system\fWixlnj.exe

Filesize
6.0MB

MD5
53abe50e79a848bd709cc839dba1c1a4

SHA1
ae4068db285bf8f139eaa9a6aba0ff97e70aabb6

SHA256
1a28515c738119108bc3159a969de536933e34ba2a6c81de16accff5ef593461

SHA512
7d0eca6c40fb25d4f04e6313894e4e781dddca90d589f25823ba08cada178b4bd65daf6e7a2572bbacd50629325f689776e8cdbabe03cf91b2811024d7a5f485

Download Submit
C:\Windows\system\fjXkeyo.exe

Filesize
6.0MB

MD5
c156ed39831493e1e6c82ce887be7244

SHA1
86748b6411322d7bec1e42126f32844b1ee4c71f

SHA256
eea29120a2128145498a4cecb493aa6e4d95b2f845d513128fa59c2bf79d59e3

SHA512
cf9dec77877c2d52a9dc76ec54081a1309669c783a05513b8ffbec52efdadb39450352aebc0666ec323532b7b92d96db4405a8fa76dd143e34066f83d4455c82

Download Submit
C:\Windows\system\kcICQMh.exe

Filesize
6.0MB

MD5
220fc8b55e011daaf99d671888a6f532

SHA1
951b2c86853f150da589666f18952b6c2d2f35c8

SHA256
e320b7fc3e4001eb8d9267b701ad69de710ca5601532377b58caeb7a73baeeaa

SHA512
958c6bef6b6b4bf125465b52c0de71084ed22a869d56914a98b0e54af412017c0443c2fbfa1d423adf9053d66747b1f91e3f28427eaea0f28a8410168264ee2a

Download Submit
C:\Windows\system\okiLpyZ.exe

Filesize
6.0MB

MD5
de851875e504c809bd9e40c5400bb862

SHA1
e42994210c5cbe3c9cc666d5d74a29ced53452ff

SHA256
f3af4fa60db1fa4291d11e47b562d1f2306e9408a6ffda63792bead1d7caddf8

SHA512
33d0e4fb0d47b92b9245dffd968701d94b0a0051be9f152f55237e1d0fb764333ee4901d9434a6d8ba8b6f98d11c6e9d6b62672905485688b0ee03d30511416f

Download Submit
C:\Windows\system\pGqQaDH.exe

Filesize
6.0MB

MD5
0f110ce9675b16c083d053cdd22af77d

SHA1
9d83b8c1864f22a2caed6c53aff0d23d1e0b5f16

SHA256
85b97c1fe8cc5c2cbc5e82eab2f2cd41bdefae6acc44df70a6d0c4ef349cff9c

SHA512
1a02872a714728279b3ec5f82b818e018eade673b1f7b7fa86e89f0580fbe5c405302635ff92f6d94e78ad26e9d60567d15596723b7f254caf9c3c6ed383c0f9

Download Submit
C:\Windows\system\pbULsTz.exe

Filesize
6.0MB

MD5
49b4eb768979fc059621c2863d15c3a0

SHA1
de3d66ed18cb722842271743458c518140cad325

SHA256
9842599b160e8de4b26769c40323fa2e1b1a8e218390293f0740db91b232d51a

SHA512
b3d296d7391eaaa70dfa74d3a37ffc2cc61011a2cb0595e2711ceb0a27437b2b40da59b3e58484fa04d0fea2842abefa9b903bcd55043de6ea961474f76f7cbe

Download Submit
C:\Windows\system\pfEBpWY.exe

Filesize
6.0MB

MD5
fc7f3cdda6aef87e111afaeca26a8dce

SHA1
53d724674291b5f6ebb5965408cca64f064e933a

SHA256
cf7dd460b655f4cb202bdb8e59abec705a8c6ad0c345acd388e20cdb71e3691e

SHA512
96f4b776c94e9b6a6d6e6d03f75adb534bab1aa4745a37eaeb9702e5f3e6d0679942af0ed3086338232b43cbaa4475e4177952b34522b69720ba47339d01db4d

Download Submit
C:\Windows\system\roqzFxX.exe

Filesize
6.0MB

MD5
b9b3e971352a335127bb6847edb3517a

SHA1
02aeb26bba70275e3a135934235ec895fa1b5d99

SHA256
9fe6de7b45f81021fb3136935d2b003da7c381394c5dd989eac114f9655b700d

SHA512
e95769c3bdbf0a605f0e3962f010b8d7daa0b8f26745c30bb463164676ac4c7fad183e086a02aaee966d9c47194f91fd290b25dd53ed41b0929139e513949334

Download Submit
C:\Windows\system\tDlxbKs.exe

Filesize
6.0MB

MD5
2f444bd0ca44dfcfe481cdad1b2da339

SHA1
dda638fbb71aff52fcdccafc3775d8a0928b6fa9

SHA256
c06ae21db468d922c530b1783148895f3217dfdcdcd81621b1520a1cb8328af1

SHA512
0b8b067ed027e374892f9a8f3f9f6ba3b376fca812669203c5359229f581a63560dc8f0637bf2d3cde3866e6f21511b94f391ec2ab78fe496caf0085f97d5dc8

Download Submit
C:\Windows\system\uzhblmU.exe

Filesize
6.0MB

MD5
90906ce7f2036368c0cc0fb40a284455

SHA1
f44b3a1c53b97ad76fdcfe528454f2a6a6913757

SHA256
fb7a3140eef6b222f1fd3e4bfb6c49afc715f46397450fb44592af19f1585e3d

SHA512
b4bc50fc1ad313b8199bd1a519cf2d14015e275ead3d86df7eb16be48beb9eb01caf39ad3f54815c0423e1a56c60efc8cfd07236e3d6b1e8c24f54e3671e4d22

Download Submit
C:\Windows\system\yAVaugA.exe

Filesize
6.0MB

MD5
b94e3cb56cd7ca61a94882ea8a8efc5f

SHA1
da601af7ebb1ea8f58200f8f4c837f0b817e665b

SHA256
a352d9fdd8978f193f996439e76a6e1c96aa7b0f1c4472ee8db2ab98a314111b

SHA512
22725b9a8a20df3154860ed052ff804224a7d0f1416ea8ef3fddfa1a726eb81229a5d42d0158cdccc8957ab24049230ae8fd1261f10be73647629de3968d75a2

Download Submit
C:\Windows\system\zBxGUmz.exe

Filesize
6.0MB

MD5
4a2bf178332844da4c988f3f9d589379

SHA1
7c01336af09a52157f91e7ae2de423eace57333f

SHA256
0c142f359fd98ca7bf4907173370bcb8f5189e6688f17cf406f5da557d80f46e

SHA512
4142b143bc1294e80826ca92f0b7d897745e266914895731ccb4615b5f8f4835d79d08c9f7173fc92234427c224895d5a9327a14b9dba7fa561896c3343a00d4

Download Submit
C:\Windows\system\zPJtwai.exe

Filesize
6.0MB

MD5
35785207e57470c8d39bcea90f835ca1

SHA1
effb06add7932a2c63230fdeee836d68ef5f9ba4

SHA256
ae348e1bc40fcb3e7403949a93bb783a178eba7ab5ff59f7f28f577201abb913

SHA512
f6a40221bd522d2c1b7789d6979a1426b524e9e24c19f67a9507400da77cab76c0ca04c610aa1521b31ea5f058445c016847f4c04b1e47faaa6eb47b061c205b

Download Submit
\Windows\system\LQhqxig.exe

Filesize
6.0MB

MD5
f7efb0e8bf219a685876c3c313a7d91b

SHA1
5a59959c43f59b0078c914cd5407dd758a118544

SHA256
3ff3527041561c2f2e4b9a47971fd7ba82b36a49677caf8aeeaa17fc21ea2f6b

SHA512
6d284c70f9fd05721a9866e34210b03e0a0a9eb06f31bf907dc3edd8852d1f5ef2994fb2cf69dd67c404c3552c794f6615f854adc09b86dc0002616d24d7cf62

Download Submit
memory/2660-2286-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-2968-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-1982-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2732-2970-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2776-2183-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2776-2978-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2804-2972-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-2454-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-2969-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2808-2496-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2996-2949-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2996-2184-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-2948-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-2490-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2996-1-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/2996-0-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-2287-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-2990-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-3018-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2996-2980-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download