cobaltstrike | 17c31f8c2e613ca5d3e2828c09d3b7159cf55b50a7fc72ca14f24e6fbed67f56

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
19/12/2024, 04:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

624703783bdf5caf61a2e3fd015ef0f0
SHA1

7b44f02213f2c35f23c5dc7d434fffeab092ce71
SHA256

17c31f8c2e613ca5d3e2828c09d3b7159cf55b50a7fc72ca14f24e6fbed67f56
SHA512

e84bcd1ded27e115c9b2658140260632d0b788637c26e7f95ae910f2211757159715a18e9da856178b9b4cc2aac0e18c3eba00dad8ab6f53144a1a045aaec4fe
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU0:T+q56utgpPF8u/70

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000016d4a-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d4e-20.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000120fe-16.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d55-23.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d21-28.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d71-38.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dc6-45.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016dc9-53.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dd1-61.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e3-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e7-75.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019570-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001956c-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019524-94.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001954e-102.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f3-87.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958e-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d6-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019604-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019605-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019606-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019608-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960a-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961c-165.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a1-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-192.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-198.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019926-187.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961e-172.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1804-0-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d4a-9.dat	xmrig
behavioral1/memory/792-21-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d4e-20.dat	xmrig
behavioral1/memory/2564-19-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2448-17-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fe-16.dat	xmrig
behavioral1/files/0x0007000000016d55-23.dat	xmrig
behavioral1/memory/1804-26-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d21-28.dat	xmrig
behavioral1/memory/2900-36-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d71-38.dat	xmrig
behavioral1/memory/1804-35-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2212-32-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2844-44-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/files/0x0007000000016dc6-45.dat	xmrig
behavioral1/memory/792-48-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2848-51-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/1804-49-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x0009000000016dc9-53.dat	xmrig
behavioral1/memory/2484-60-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2212-56-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/files/0x0008000000016dd1-61.dat	xmrig
behavioral1/memory/2976-65-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2900-63-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/1880-71-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/files/0x00050000000194e3-70.dat	xmrig
behavioral1/files/0x00050000000194e7-75.dat	xmrig
behavioral1/memory/1804-76-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194ef-80.dat	xmrig
behavioral1/memory/2328-108-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2484-107-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019570-114.dat	xmrig
behavioral1/memory/1412-113-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/files/0x000500000001956c-109.dat	xmrig
behavioral1/files/0x0005000000019524-94.dat	xmrig
behavioral1/memory/2848-82-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/1804-103-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001954e-102.dat	xmrig
behavioral1/memory/1804-101-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/memory/2220-92-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2664-88-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194f3-87.dat	xmrig
behavioral1/memory/2976-119-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/files/0x000500000001958e-124.dat	xmrig
behavioral1/files/0x00050000000195d6-130.dat	xmrig
behavioral1/memory/1880-133-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/files/0x0005000000019604-135.dat	xmrig
behavioral1/files/0x0005000000019605-140.dat	xmrig
behavioral1/files/0x0005000000019606-145.dat	xmrig
behavioral1/files/0x0005000000019608-150.dat	xmrig
behavioral1/files/0x000500000001960c-162.dat	xmrig
behavioral1/files/0x000500000001960a-158.dat	xmrig
behavioral1/files/0x000500000001961c-165.dat	xmrig
behavioral1/files/0x00050000000196a1-182.dat	xmrig
behavioral1/files/0x0005000000019c34-192.dat	xmrig
behavioral1/files/0x0005000000019c3c-198.dat	xmrig
behavioral1/memory/1804-340-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2220-339-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2664-274-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019926-187.dat	xmrig
behavioral1/files/0x0005000000019667-177.dat	xmrig
behavioral1/files/0x000500000001961e-172.dat	xmrig
behavioral1/memory/2448-2760-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2448	ceeATNf.exe
2564	nIGAwqx.exe
792	rZkYidG.exe
2212	jYfhCSL.exe
2900	yxxhWAn.exe
2844	UlZEKHP.exe
2848	SqdLzCT.exe
2484	ymmXyyM.exe
2976	SPDQioI.exe
1880	BopGluu.exe
2664	tgiMkDe.exe
2220	JulYomc.exe
2328	YExXgYR.exe
1412	cpNSpJB.exe
1092	NRhDYIR.exe
2360	poiGyye.exe
2824	tqeZapY.exe
2916	NFBhqYh.exe
1944	sRgWoGx.exe
1860	YBqsunI.exe
1576	zStLnWj.exe
1636	TiFdKyI.exe
2192	OrTyhGN.exe
2052	RLQskAs.exe
2556	nUpbPPc.exe
2532	aFOiJcH.exe
2312	Ntzvwhc.exe
1568	tDLTyOD.exe
1748	JrLtDUU.exe
1548	AObgZzr.exe
1248	ojwPjkP.exe
952	CaVLiCe.exe
1244	EhONlbb.exe
376	fjlKOYg.exe
1740	ZoYvrue.exe
688	RGAJCmd.exe
1016	IjBuDCx.exe
1400	qkcDKKy.exe
968	IOiQKSJ.exe
2100	eqQwFbr.exe
760	soFcxcC.exe
572	DapPino.exe
544	rMRSFTi.exe
2232	gaiSHBK.exe
3048	VCbxOEA.exe
1080	fWGrykr.exe
2580	JTecJfF.exe
2508	eDMTafh.exe
2240	gfHONJL.exe
828	yKHDVFD.exe
2452	toguHxq.exe
1612	tCFENXG.exe
492	xVfqsLo.exe
2716	fKxrnYy.exe
2780	DuxxCfy.exe
1724	fmAtsST.exe
2044	mDPvffu.exe
2060	IunwNLQ.exe
264	HJbZQHf.exe
2640	yitlmbC.exe
2840	qibmOvI.exe
2644	hCByBBh.exe
2892	fOtolFm.exe
2744	EdJaeeh.exe

Loads dropped DLL 64 IoCs

pid	Process
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1804-0-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x0008000000016d4a-9.dat	upx
behavioral1/memory/792-21-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x0007000000016d4e-20.dat	upx
behavioral1/memory/2564-19-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2448-17-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/files/0x00080000000120fe-16.dat	upx
behavioral1/files/0x0007000000016d55-23.dat	upx
behavioral1/files/0x0009000000016d21-28.dat	upx
behavioral1/memory/2900-36-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/files/0x0007000000016d71-38.dat	upx
behavioral1/memory/1804-35-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2212-32-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2844-44-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/files/0x0007000000016dc6-45.dat	upx
behavioral1/memory/792-48-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2848-51-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x0009000000016dc9-53.dat	upx
behavioral1/memory/2484-60-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2212-56-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/files/0x0008000000016dd1-61.dat	upx
behavioral1/memory/2976-65-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2900-63-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/1880-71-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x00050000000194e3-70.dat	upx
behavioral1/files/0x00050000000194e7-75.dat	upx
behavioral1/files/0x00050000000194ef-80.dat	upx
behavioral1/memory/2328-108-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2484-107-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/files/0x0005000000019570-114.dat	upx
behavioral1/memory/1412-113-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/files/0x000500000001956c-109.dat	upx
behavioral1/files/0x0005000000019524-94.dat	upx
behavioral1/memory/2848-82-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x000500000001954e-102.dat	upx
behavioral1/memory/2220-92-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2664-88-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/files/0x00050000000194f3-87.dat	upx
behavioral1/memory/2976-119-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/files/0x000500000001958e-124.dat	upx
behavioral1/files/0x00050000000195d6-130.dat	upx
behavioral1/memory/1880-133-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x0005000000019604-135.dat	upx
behavioral1/files/0x0005000000019605-140.dat	upx
behavioral1/files/0x0005000000019606-145.dat	upx
behavioral1/files/0x0005000000019608-150.dat	upx
behavioral1/files/0x000500000001960c-162.dat	upx
behavioral1/files/0x000500000001960a-158.dat	upx
behavioral1/files/0x000500000001961c-165.dat	upx
behavioral1/files/0x00050000000196a1-182.dat	upx
behavioral1/files/0x0005000000019c34-192.dat	upx
behavioral1/files/0x0005000000019c3c-198.dat	upx
behavioral1/memory/2220-339-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2664-274-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/files/0x0005000000019926-187.dat	upx
behavioral1/files/0x0005000000019667-177.dat	upx
behavioral1/files/0x000500000001961e-172.dat	upx
behavioral1/memory/2448-2760-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2564-2767-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/792-2771-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2212-2834-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2900-2842-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2844-3005-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2848-3004-0x000000013FE40000-0x0000000140194000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\SxDARWG.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SaCUyVo.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IqSHdMe.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CmNOYsS.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qfSTqZT.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wqmUyhT.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kiYAFuP.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kZfACaJ.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JzqoJfH.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hXUfSiX.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BnzDWkh.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SOMNUhM.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ESIVuIm.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SkmNezx.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DbsSOnx.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HdlufkB.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QeoVPea.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bqRmgqd.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rVCbbck.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jbTfAHT.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WXNJRvM.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CRNvGGk.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NRhDYIR.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Tannmto.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DisGUbQ.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uNrrWii.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iPiFgoB.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gFPDQLT.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YgREsJU.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SMwpuCb.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qrTGDmh.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xEKkxik.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dtjfGAK.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fdJgKFc.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lsvOCOm.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WMcZaNg.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BopGluu.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DGZKUnT.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LbPkJuR.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sCTJvSg.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JIeiJCj.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GJuXhks.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mtvbFhL.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qNpqNEX.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vgOVPMR.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fCmSERo.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NzjKgwm.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NQDmRJe.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jqlRqKp.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GITNEWR.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PotrHWm.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\brfrqiK.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YVPQoTQ.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EBaddqg.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IbIFDab.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGQjEvG.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ymLWFSH.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hrFhksT.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bXiBUeH.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LBaPDfj.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DaEoIxK.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ufCrZyN.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AEtdHry.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rGzOGHl.exe	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 2564	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1804 wrote to memory of 2564	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1804 wrote to memory of 2564	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1804 wrote to memory of 2448	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1804 wrote to memory of 2448	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1804 wrote to memory of 2448	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1804 wrote to memory of 792	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1804 wrote to memory of 792	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1804 wrote to memory of 792	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1804 wrote to memory of 2212	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1804 wrote to memory of 2212	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1804 wrote to memory of 2212	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1804 wrote to memory of 2900	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1804 wrote to memory of 2900	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1804 wrote to memory of 2900	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1804 wrote to memory of 2844	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1804 wrote to memory of 2844	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1804 wrote to memory of 2844	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1804 wrote to memory of 2848	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1804 wrote to memory of 2848	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1804 wrote to memory of 2848	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1804 wrote to memory of 2484	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1804 wrote to memory of 2484	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1804 wrote to memory of 2484	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1804 wrote to memory of 2976	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1804 wrote to memory of 2976	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1804 wrote to memory of 2976	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1804 wrote to memory of 1880	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1804 wrote to memory of 1880	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1804 wrote to memory of 1880	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1804 wrote to memory of 2664	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1804 wrote to memory of 2664	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1804 wrote to memory of 2664	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1804 wrote to memory of 2328	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1804 wrote to memory of 2328	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1804 wrote to memory of 2328	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1804 wrote to memory of 2220	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1804 wrote to memory of 2220	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1804 wrote to memory of 2220	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1804 wrote to memory of 1092	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1804 wrote to memory of 1092	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1804 wrote to memory of 1092	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1804 wrote to memory of 1412	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1804 wrote to memory of 1412	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1804 wrote to memory of 1412	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1804 wrote to memory of 2360	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1804 wrote to memory of 2360	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1804 wrote to memory of 2360	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1804 wrote to memory of 2824	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1804 wrote to memory of 2824	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1804 wrote to memory of 2824	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1804 wrote to memory of 2916	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1804 wrote to memory of 2916	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1804 wrote to memory of 2916	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1804 wrote to memory of 1944	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1804 wrote to memory of 1944	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1804 wrote to memory of 1944	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1804 wrote to memory of 1860	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1804 wrote to memory of 1860	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1804 wrote to memory of 1860	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1804 wrote to memory of 1576	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1804 wrote to memory of 1576	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1804 wrote to memory of 1576	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1804 wrote to memory of 1636	1804	2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-19_624703783bdf5caf61a2e3fd015ef0f0_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Windows\System\nIGAwqx.exe
  C:\Windows\System\nIGAwqx.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\ceeATNf.exe
  C:\Windows\System\ceeATNf.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\rZkYidG.exe
  C:\Windows\System\rZkYidG.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\jYfhCSL.exe
  C:\Windows\System\jYfhCSL.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\yxxhWAn.exe
  C:\Windows\System\yxxhWAn.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\UlZEKHP.exe
  C:\Windows\System\UlZEKHP.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\SqdLzCT.exe
  C:\Windows\System\SqdLzCT.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\ymmXyyM.exe
  C:\Windows\System\ymmXyyM.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\SPDQioI.exe
  C:\Windows\System\SPDQioI.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\BopGluu.exe
  C:\Windows\System\BopGluu.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\tgiMkDe.exe
  C:\Windows\System\tgiMkDe.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\YExXgYR.exe
  C:\Windows\System\YExXgYR.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\JulYomc.exe
  C:\Windows\System\JulYomc.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\NRhDYIR.exe
  C:\Windows\System\NRhDYIR.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\cpNSpJB.exe
  C:\Windows\System\cpNSpJB.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\poiGyye.exe
  C:\Windows\System\poiGyye.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\tqeZapY.exe
  C:\Windows\System\tqeZapY.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\NFBhqYh.exe
  C:\Windows\System\NFBhqYh.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\sRgWoGx.exe
  C:\Windows\System\sRgWoGx.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\YBqsunI.exe
  C:\Windows\System\YBqsunI.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\zStLnWj.exe
  C:\Windows\System\zStLnWj.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\TiFdKyI.exe
  C:\Windows\System\TiFdKyI.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\OrTyhGN.exe
  C:\Windows\System\OrTyhGN.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\RLQskAs.exe
  C:\Windows\System\RLQskAs.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\nUpbPPc.exe
  C:\Windows\System\nUpbPPc.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\aFOiJcH.exe
  C:\Windows\System\aFOiJcH.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\Ntzvwhc.exe
  C:\Windows\System\Ntzvwhc.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\tDLTyOD.exe
  C:\Windows\System\tDLTyOD.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\JrLtDUU.exe
  C:\Windows\System\JrLtDUU.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\AObgZzr.exe
  C:\Windows\System\AObgZzr.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\ojwPjkP.exe
  C:\Windows\System\ojwPjkP.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\CaVLiCe.exe
  C:\Windows\System\CaVLiCe.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\EhONlbb.exe
  C:\Windows\System\EhONlbb.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\fjlKOYg.exe
  C:\Windows\System\fjlKOYg.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\ZoYvrue.exe
  C:\Windows\System\ZoYvrue.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\RGAJCmd.exe
  C:\Windows\System\RGAJCmd.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\IjBuDCx.exe
  C:\Windows\System\IjBuDCx.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\qkcDKKy.exe
  C:\Windows\System\qkcDKKy.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\IOiQKSJ.exe
  C:\Windows\System\IOiQKSJ.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\eqQwFbr.exe
  C:\Windows\System\eqQwFbr.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\soFcxcC.exe
  C:\Windows\System\soFcxcC.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\DapPino.exe
  C:\Windows\System\DapPino.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\rMRSFTi.exe
  C:\Windows\System\rMRSFTi.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\gaiSHBK.exe
  C:\Windows\System\gaiSHBK.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\VCbxOEA.exe
  C:\Windows\System\VCbxOEA.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\fWGrykr.exe
  C:\Windows\System\fWGrykr.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\JTecJfF.exe
  C:\Windows\System\JTecJfF.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\eDMTafh.exe
  C:\Windows\System\eDMTafh.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\gfHONJL.exe
  C:\Windows\System\gfHONJL.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\yKHDVFD.exe
  C:\Windows\System\yKHDVFD.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\toguHxq.exe
  C:\Windows\System\toguHxq.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\tCFENXG.exe
  C:\Windows\System\tCFENXG.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\xVfqsLo.exe
  C:\Windows\System\xVfqsLo.exe
  2⤵
  - Executes dropped EXE
  PID:492
- C:\Windows\System\fKxrnYy.exe
  C:\Windows\System\fKxrnYy.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\DuxxCfy.exe
  C:\Windows\System\DuxxCfy.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\fmAtsST.exe
  C:\Windows\System\fmAtsST.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\mDPvffu.exe
  C:\Windows\System\mDPvffu.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\IunwNLQ.exe
  C:\Windows\System\IunwNLQ.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\HJbZQHf.exe
  C:\Windows\System\HJbZQHf.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\yitlmbC.exe
  C:\Windows\System\yitlmbC.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\qibmOvI.exe
  C:\Windows\System\qibmOvI.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\hCByBBh.exe
  C:\Windows\System\hCByBBh.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\fOtolFm.exe
  C:\Windows\System\fOtolFm.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\EdJaeeh.exe
  C:\Windows\System\EdJaeeh.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\GMCGCOe.exe
  C:\Windows\System\GMCGCOe.exe
  2⤵
  PID:2788
- C:\Windows\System\yYrhLfH.exe
  C:\Windows\System\yYrhLfH.exe
  2⤵
  PID:808
- C:\Windows\System\vxXbYDk.exe
  C:\Windows\System\vxXbYDk.exe
  2⤵
  PID:1432
- C:\Windows\System\toVMmBm.exe
  C:\Windows\System\toVMmBm.exe
  2⤵
  PID:1924
- C:\Windows\System\NsXvxMb.exe
  C:\Windows\System\NsXvxMb.exe
  2⤵
  PID:2032
- C:\Windows\System\JZvOCkr.exe
  C:\Windows\System\JZvOCkr.exe
  2⤵
  PID:2632
- C:\Windows\System\GoCbZzx.exe
  C:\Windows\System\GoCbZzx.exe
  2⤵
  PID:536
- C:\Windows\System\ZXOMOBJ.exe
  C:\Windows\System\ZXOMOBJ.exe
  2⤵
  PID:2372
- C:\Windows\System\JtseOMH.exe
  C:\Windows\System\JtseOMH.exe
  2⤵
  PID:2968
- C:\Windows\System\enQeqoZ.exe
  C:\Windows\System\enQeqoZ.exe
  2⤵
  PID:2288
- C:\Windows\System\oyeATuz.exe
  C:\Windows\System\oyeATuz.exe
  2⤵
  PID:2964
- C:\Windows\System\RtyrGlZ.exe
  C:\Windows\System\RtyrGlZ.exe
  2⤵
  PID:1408
- C:\Windows\System\ZOryyaB.exe
  C:\Windows\System\ZOryyaB.exe
  2⤵
  PID:272
- C:\Windows\System\oXPEdkS.exe
  C:\Windows\System\oXPEdkS.exe
  2⤵
  PID:1664
- C:\Windows\System\RHgczBu.exe
  C:\Windows\System\RHgczBu.exe
  2⤵
  PID:1260
- C:\Windows\System\whqitFv.exe
  C:\Windows\System\whqitFv.exe
  2⤵
  PID:1176
- C:\Windows\System\zlnAOhU.exe
  C:\Windows\System\zlnAOhU.exe
  2⤵
  PID:1596
- C:\Windows\System\tDSbVjj.exe
  C:\Windows\System\tDSbVjj.exe
  2⤵
  PID:2168
- C:\Windows\System\QgYcvCv.exe
  C:\Windows\System\QgYcvCv.exe
  2⤵
  PID:2584
- C:\Windows\System\WzjfKQJ.exe
  C:\Windows\System\WzjfKQJ.exe
  2⤵
  PID:1476
- C:\Windows\System\ucRuMBg.exe
  C:\Windows\System\ucRuMBg.exe
  2⤵
  PID:1744
- C:\Windows\System\iqUUjzg.exe
  C:\Windows\System\iqUUjzg.exe
  2⤵
  PID:3068
- C:\Windows\System\zxZhdgz.exe
  C:\Windows\System\zxZhdgz.exe
  2⤵
  PID:548
- C:\Windows\System\NpTqoYE.exe
  C:\Windows\System\NpTqoYE.exe
  2⤵
  PID:2600
- C:\Windows\System\Brgyyhv.exe
  C:\Windows\System\Brgyyhv.exe
  2⤵
  PID:2940
- C:\Windows\System\llNRXkw.exe
  C:\Windows\System\llNRXkw.exe
  2⤵
  PID:1512
- C:\Windows\System\mhXoQiI.exe
  C:\Windows\System\mhXoQiI.exe
  2⤵
  PID:600
- C:\Windows\System\dUrhjoo.exe
  C:\Windows\System\dUrhjoo.exe
  2⤵
  PID:2572
- C:\Windows\System\tiAJxgj.exe
  C:\Windows\System\tiAJxgj.exe
  2⤵
  PID:2348
- C:\Windows\System\vsSudlQ.exe
  C:\Windows\System\vsSudlQ.exe
  2⤵
  PID:2536
- C:\Windows\System\IcrCSMr.exe
  C:\Windows\System\IcrCSMr.exe
  2⤵
  PID:2336
- C:\Windows\System\tfPANEA.exe
  C:\Windows\System\tfPANEA.exe
  2⤵
  PID:880
- C:\Windows\System\jeuvIJR.exe
  C:\Windows\System\jeuvIJR.exe
  2⤵
  PID:1788
- C:\Windows\System\GzfgLWu.exe
  C:\Windows\System\GzfgLWu.exe
  2⤵
  PID:2224
- C:\Windows\System\yeAyWYq.exe
  C:\Windows\System\yeAyWYq.exe
  2⤵
  PID:1592
- C:\Windows\System\KoqwPrh.exe
  C:\Windows\System\KoqwPrh.exe
  2⤵
  PID:2464
- C:\Windows\System\RuKbkIh.exe
  C:\Windows\System\RuKbkIh.exe
  2⤵
  PID:2412
- C:\Windows\System\JhatCBU.exe
  C:\Windows\System\JhatCBU.exe
  2⤵
  PID:2560
- C:\Windows\System\Krdqnvu.exe
  C:\Windows\System\Krdqnvu.exe
  2⤵
  PID:2888
- C:\Windows\System\eSRiMtu.exe
  C:\Windows\System\eSRiMtu.exe
  2⤵
  PID:3012
- C:\Windows\System\IeHkUFb.exe
  C:\Windows\System\IeHkUFb.exe
  2⤵
  PID:2860
- C:\Windows\System\GhfDvFL.exe
  C:\Windows\System\GhfDvFL.exe
  2⤵
  PID:3008
- C:\Windows\System\grgUXTj.exe
  C:\Windows\System\grgUXTj.exe
  2⤵
  PID:2764
- C:\Windows\System\OKugdWy.exe
  C:\Windows\System\OKugdWy.exe
  2⤵
  PID:2648
- C:\Windows\System\lgtLVfn.exe
  C:\Windows\System\lgtLVfn.exe
  2⤵
  PID:2164
- C:\Windows\System\TnFeeFU.exe
  C:\Windows\System\TnFeeFU.exe
  2⤵
  PID:2408
- C:\Windows\System\iyZeAtr.exe
  C:\Windows\System\iyZeAtr.exe
  2⤵
  PID:2148
- C:\Windows\System\XEqahTv.exe
  C:\Windows\System\XEqahTv.exe
  2⤵
  PID:2024
- C:\Windows\System\SgJBFDx.exe
  C:\Windows\System\SgJBFDx.exe
  2⤵
  PID:1656
- C:\Windows\System\uSRyGvr.exe
  C:\Windows\System\uSRyGvr.exe
  2⤵
  PID:2488
- C:\Windows\System\dptsIhu.exe
  C:\Windows\System\dptsIhu.exe
  2⤵
  PID:2700
- C:\Windows\System\DxmLmGs.exe
  C:\Windows\System\DxmLmGs.exe
  2⤵
  PID:1404
- C:\Windows\System\nPCXUUh.exe
  C:\Windows\System\nPCXUUh.exe
  2⤵
  PID:2316
- C:\Windows\System\JfZDyTD.exe
  C:\Windows\System\JfZDyTD.exe
  2⤵
  PID:2308
- C:\Windows\System\JIeiJCj.exe
  C:\Windows\System\JIeiJCj.exe
  2⤵
  PID:448
- C:\Windows\System\cylIyRl.exe
  C:\Windows\System\cylIyRl.exe
  2⤵
  PID:984
- C:\Windows\System\aBHAhRk.exe
  C:\Windows\System\aBHAhRk.exe
  2⤵
  PID:3000
- C:\Windows\System\lGpqyDN.exe
  C:\Windows\System\lGpqyDN.exe
  2⤵
  PID:1280
- C:\Windows\System\SWrFXZr.exe
  C:\Windows\System\SWrFXZr.exe
  2⤵
  PID:2616
- C:\Windows\System\XrmFipi.exe
  C:\Windows\System\XrmFipi.exe
  2⤵
  PID:1896
- C:\Windows\System\DUtGZPt.exe
  C:\Windows\System\DUtGZPt.exe
  2⤵
  PID:2204
- C:\Windows\System\dYXqkci.exe
  C:\Windows\System\dYXqkci.exe
  2⤵
  PID:1708
- C:\Windows\System\DlhjZLQ.exe
  C:\Windows\System\DlhjZLQ.exe
  2⤵
  PID:956
- C:\Windows\System\KyWVkxn.exe
  C:\Windows\System\KyWVkxn.exe
  2⤵
  PID:288
- C:\Windows\System\RfeQSnq.exe
  C:\Windows\System\RfeQSnq.exe
  2⤵
  PID:2612
- C:\Windows\System\WCaMSAX.exe
  C:\Windows\System\WCaMSAX.exe
  2⤵
  PID:1712
- C:\Windows\System\xrYPcQu.exe
  C:\Windows\System\xrYPcQu.exe
  2⤵
  PID:2280
- C:\Windows\System\hHrYUov.exe
  C:\Windows\System\hHrYUov.exe
  2⤵
  PID:2428
- C:\Windows\System\pLamuDP.exe
  C:\Windows\System\pLamuDP.exe
  2⤵
  PID:1584
- C:\Windows\System\YEOEjZq.exe
  C:\Windows\System\YEOEjZq.exe
  2⤵
  PID:1952
- C:\Windows\System\qLLowdg.exe
  C:\Windows\System\qLLowdg.exe
  2⤵
  PID:2460
- C:\Windows\System\FFFPaDi.exe
  C:\Windows\System\FFFPaDi.exe
  2⤵
  PID:1672
- C:\Windows\System\PLYeYGf.exe
  C:\Windows\System\PLYeYGf.exe
  2⤵
  PID:2872
- C:\Windows\System\ADNVPos.exe
  C:\Windows\System\ADNVPos.exe
  2⤵
  PID:2676
- C:\Windows\System\IOjdAzP.exe
  C:\Windows\System\IOjdAzP.exe
  2⤵
  PID:1716
- C:\Windows\System\sAgnayg.exe
  C:\Windows\System\sAgnayg.exe
  2⤵
  PID:2708
- C:\Windows\System\CmTSUoW.exe
  C:\Windows\System\CmTSUoW.exe
  2⤵
  PID:2864
- C:\Windows\System\GrBkESZ.exe
  C:\Windows\System\GrBkESZ.exe
  2⤵
  PID:1884
- C:\Windows\System\qrTGDmh.exe
  C:\Windows\System\qrTGDmh.exe
  2⤵
  PID:1644
- C:\Windows\System\MTbIoRI.exe
  C:\Windows\System\MTbIoRI.exe
  2⤵
  PID:1936
- C:\Windows\System\sgILWWf.exe
  C:\Windows\System\sgILWWf.exe
  2⤵
  PID:2924
- C:\Windows\System\ZeRwohO.exe
  C:\Windows\System\ZeRwohO.exe
  2⤵
  PID:1752
- C:\Windows\System\dELzWqp.exe
  C:\Windows\System\dELzWqp.exe
  2⤵
  PID:2040
- C:\Windows\System\YgEFXOs.exe
  C:\Windows\System\YgEFXOs.exe
  2⤵
  PID:1948
- C:\Windows\System\GaPGwYd.exe
  C:\Windows\System\GaPGwYd.exe
  2⤵
  PID:2132
- C:\Windows\System\oBDzGtL.exe
  C:\Windows\System\oBDzGtL.exe
  2⤵
  PID:2244
- C:\Windows\System\OOYAafP.exe
  C:\Windows\System\OOYAafP.exe
  2⤵
  PID:1048
- C:\Windows\System\DGZKUnT.exe
  C:\Windows\System\DGZKUnT.exe
  2⤵
  PID:2116
- C:\Windows\System\TpKFOsY.exe
  C:\Windows\System\TpKFOsY.exe
  2⤵
  PID:1696
- C:\Windows\System\hubqgGm.exe
  C:\Windows\System\hubqgGm.exe
  2⤵
  PID:2544
- C:\Windows\System\wqmUyhT.exe
  C:\Windows\System\wqmUyhT.exe
  2⤵
  PID:1988
- C:\Windows\System\AsbmSHr.exe
  C:\Windows\System\AsbmSHr.exe
  2⤵
  PID:2756
- C:\Windows\System\PjrmiLO.exe
  C:\Windows\System\PjrmiLO.exe
  2⤵
  PID:2004
- C:\Windows\System\QuiJeog.exe
  C:\Windows\System\QuiJeog.exe
  2⤵
  PID:340
- C:\Windows\System\IADoftG.exe
  C:\Windows\System\IADoftG.exe
  2⤵
  PID:2948
- C:\Windows\System\KkbaOED.exe
  C:\Windows\System\KkbaOED.exe
  2⤵
  PID:2096
- C:\Windows\System\FKTNkUR.exe
  C:\Windows\System\FKTNkUR.exe
  2⤵
  PID:2352
- C:\Windows\System\KYIsIrY.exe
  C:\Windows\System\KYIsIrY.exe
  2⤵
  PID:2124
- C:\Windows\System\YSKjhoH.exe
  C:\Windows\System\YSKjhoH.exe
  2⤵
  PID:2092
- C:\Windows\System\zRgfOEc.exe
  C:\Windows\System\zRgfOEc.exe
  2⤵
  PID:2712
- C:\Windows\System\QtopJMF.exe
  C:\Windows\System\QtopJMF.exe
  2⤵
  PID:1492
- C:\Windows\System\NaFPsdH.exe
  C:\Windows\System\NaFPsdH.exe
  2⤵
  PID:2252
- C:\Windows\System\zWMRktQ.exe
  C:\Windows\System\zWMRktQ.exe
  2⤵
  PID:1088
- C:\Windows\System\mKxKlLl.exe
  C:\Windows\System\mKxKlLl.exe
  2⤵
  PID:2904
- C:\Windows\System\cDiSlCn.exe
  C:\Windows\System\cDiSlCn.exe
  2⤵
  PID:1980
- C:\Windows\System\bRboPvu.exe
  C:\Windows\System\bRboPvu.exe
  2⤵
  PID:2672
- C:\Windows\System\yXpcwyX.exe
  C:\Windows\System\yXpcwyX.exe
  2⤵
  PID:820
- C:\Windows\System\zIWZHwT.exe
  C:\Windows\System\zIWZHwT.exe
  2⤵
  PID:1652
- C:\Windows\System\PTyMcRz.exe
  C:\Windows\System\PTyMcRz.exe
  2⤵
  PID:2064
- C:\Windows\System\jvdYjnq.exe
  C:\Windows\System\jvdYjnq.exe
  2⤵
  PID:2276
- C:\Windows\System\qUcLokg.exe
  C:\Windows\System\qUcLokg.exe
  2⤵
  PID:740
- C:\Windows\System\BvfawZw.exe
  C:\Windows\System\BvfawZw.exe
  2⤵
  PID:2180
- C:\Windows\System\bsGLSGl.exe
  C:\Windows\System\bsGLSGl.exe
  2⤵
  PID:1620
- C:\Windows\System\PvdHasb.exe
  C:\Windows\System\PvdHasb.exe
  2⤵
  PID:892
- C:\Windows\System\rvBYEwz.exe
  C:\Windows\System\rvBYEwz.exe
  2⤵
  PID:3080
- C:\Windows\System\IvcMLKM.exe
  C:\Windows\System\IvcMLKM.exe
  2⤵
  PID:3096
- C:\Windows\System\yNIGUQS.exe
  C:\Windows\System\yNIGUQS.exe
  2⤵
  PID:3120
- C:\Windows\System\DfkldjH.exe
  C:\Windows\System\DfkldjH.exe
  2⤵
  PID:3140
- C:\Windows\System\mgrSAVO.exe
  C:\Windows\System\mgrSAVO.exe
  2⤵
  PID:3156
- C:\Windows\System\WusZkUK.exe
  C:\Windows\System\WusZkUK.exe
  2⤵
  PID:3172
- C:\Windows\System\BPsdzYZ.exe
  C:\Windows\System\BPsdzYZ.exe
  2⤵
  PID:3188
- C:\Windows\System\EjKhjaD.exe
  C:\Windows\System\EjKhjaD.exe
  2⤵
  PID:3204
- C:\Windows\System\jjszBVe.exe
  C:\Windows\System\jjszBVe.exe
  2⤵
  PID:3220
- C:\Windows\System\AuQlDVk.exe
  C:\Windows\System\AuQlDVk.exe
  2⤵
  PID:3236
- C:\Windows\System\ufiAMVW.exe
  C:\Windows\System\ufiAMVW.exe
  2⤵
  PID:3256
- C:\Windows\System\ARsmnvw.exe
  C:\Windows\System\ARsmnvw.exe
  2⤵
  PID:3272
- C:\Windows\System\eixuSSb.exe
  C:\Windows\System\eixuSSb.exe
  2⤵
  PID:3288
- C:\Windows\System\VIpSWuO.exe
  C:\Windows\System\VIpSWuO.exe
  2⤵
  PID:3304
- C:\Windows\System\nUfFuUn.exe
  C:\Windows\System\nUfFuUn.exe
  2⤵
  PID:3320
- C:\Windows\System\WKAEYUL.exe
  C:\Windows\System\WKAEYUL.exe
  2⤵
  PID:3336
- C:\Windows\System\cwfEknM.exe
  C:\Windows\System\cwfEknM.exe
  2⤵
  PID:3352
- C:\Windows\System\tZJuYcr.exe
  C:\Windows\System\tZJuYcr.exe
  2⤵
  PID:3368
- C:\Windows\System\yScYWsX.exe
  C:\Windows\System\yScYWsX.exe
  2⤵
  PID:3388
- C:\Windows\System\PCMuCUL.exe
  C:\Windows\System\PCMuCUL.exe
  2⤵
  PID:3404
- C:\Windows\System\Iufccnu.exe
  C:\Windows\System\Iufccnu.exe
  2⤵
  PID:3420
- C:\Windows\System\eHdPtQP.exe
  C:\Windows\System\eHdPtQP.exe
  2⤵
  PID:3436
- C:\Windows\System\HDxDHzC.exe
  C:\Windows\System\HDxDHzC.exe
  2⤵
  PID:3452
- C:\Windows\System\HbEJGHP.exe
  C:\Windows\System\HbEJGHP.exe
  2⤵
  PID:3468
- C:\Windows\System\QWjzRHw.exe
  C:\Windows\System\QWjzRHw.exe
  2⤵
  PID:3484
- C:\Windows\System\bqGqfFY.exe
  C:\Windows\System\bqGqfFY.exe
  2⤵
  PID:3500
- C:\Windows\System\kvgzMNE.exe
  C:\Windows\System\kvgzMNE.exe
  2⤵
  PID:3516
- C:\Windows\System\OrDMkoO.exe
  C:\Windows\System\OrDMkoO.exe
  2⤵
  PID:3532
- C:\Windows\System\OeGrPTT.exe
  C:\Windows\System\OeGrPTT.exe
  2⤵
  PID:3548
- C:\Windows\System\sGOjeti.exe
  C:\Windows\System\sGOjeti.exe
  2⤵
  PID:3564
- C:\Windows\System\ZVuZAff.exe
  C:\Windows\System\ZVuZAff.exe
  2⤵
  PID:3580
- C:\Windows\System\ISuaJRk.exe
  C:\Windows\System\ISuaJRk.exe
  2⤵
  PID:3596
- C:\Windows\System\LcPMPQX.exe
  C:\Windows\System\LcPMPQX.exe
  2⤵
  PID:3612
- C:\Windows\System\lHtuqEI.exe
  C:\Windows\System\lHtuqEI.exe
  2⤵
  PID:3652
- C:\Windows\System\fBzMTda.exe
  C:\Windows\System\fBzMTda.exe
  2⤵
  PID:3672
- C:\Windows\System\WKPWWjT.exe
  C:\Windows\System\WKPWWjT.exe
  2⤵
  PID:3692
- C:\Windows\System\cZnKUDd.exe
  C:\Windows\System\cZnKUDd.exe
  2⤵
  PID:3708
- C:\Windows\System\lRpgCgy.exe
  C:\Windows\System\lRpgCgy.exe
  2⤵
  PID:3724
- C:\Windows\System\Aqtjzbj.exe
  C:\Windows\System\Aqtjzbj.exe
  2⤵
  PID:3740
- C:\Windows\System\rfaUEWc.exe
  C:\Windows\System\rfaUEWc.exe
  2⤵
  PID:3756
- C:\Windows\System\bXiBUeH.exe
  C:\Windows\System\bXiBUeH.exe
  2⤵
  PID:3772
- C:\Windows\System\fDHARKU.exe
  C:\Windows\System\fDHARKU.exe
  2⤵
  PID:3788
- C:\Windows\System\DowZvBW.exe
  C:\Windows\System\DowZvBW.exe
  2⤵
  PID:3808
- C:\Windows\System\ApueMjC.exe
  C:\Windows\System\ApueMjC.exe
  2⤵
  PID:3848
- C:\Windows\System\aXjLNKz.exe
  C:\Windows\System\aXjLNKz.exe
  2⤵
  PID:3868
- C:\Windows\System\jWpZfTp.exe
  C:\Windows\System\jWpZfTp.exe
  2⤵
  PID:3884
- C:\Windows\System\idXWlPv.exe
  C:\Windows\System\idXWlPv.exe
  2⤵
  PID:3916
- C:\Windows\System\zGfVvKz.exe
  C:\Windows\System\zGfVvKz.exe
  2⤵
  PID:3932
- C:\Windows\System\cGuumbX.exe
  C:\Windows\System\cGuumbX.exe
  2⤵
  PID:3948
- C:\Windows\System\ewbOGfc.exe
  C:\Windows\System\ewbOGfc.exe
  2⤵
  PID:3964
- C:\Windows\System\nlJaBTp.exe
  C:\Windows\System\nlJaBTp.exe
  2⤵
  PID:3984
- C:\Windows\System\nVQBjRN.exe
  C:\Windows\System\nVQBjRN.exe
  2⤵
  PID:4000
- C:\Windows\System\XIGLnjd.exe
  C:\Windows\System\XIGLnjd.exe
  2⤵
  PID:4020
- C:\Windows\System\UyeXOTE.exe
  C:\Windows\System\UyeXOTE.exe
  2⤵
  PID:4036
- C:\Windows\System\OqJxuFZ.exe
  C:\Windows\System\OqJxuFZ.exe
  2⤵
  PID:4052
- C:\Windows\System\ERxbevV.exe
  C:\Windows\System\ERxbevV.exe
  2⤵
  PID:4068
- C:\Windows\System\KDYCADE.exe
  C:\Windows\System\KDYCADE.exe
  2⤵
  PID:4084
- C:\Windows\System\LBaPDfj.exe
  C:\Windows\System\LBaPDfj.exe
  2⤵
  PID:1764
- C:\Windows\System\ZOBmqtW.exe
  C:\Windows\System\ZOBmqtW.exe
  2⤵
  PID:3088
- C:\Windows\System\xWNVuhG.exe
  C:\Windows\System\xWNVuhG.exe
  2⤵
  PID:3108
- C:\Windows\System\RNjUxLS.exe
  C:\Windows\System\RNjUxLS.exe
  2⤵
  PID:3128
- C:\Windows\System\hGBoRhG.exe
  C:\Windows\System\hGBoRhG.exe
  2⤵
  PID:3164
- C:\Windows\System\bWvRsyL.exe
  C:\Windows\System\bWvRsyL.exe
  2⤵
  PID:3232
- C:\Windows\System\qlviFUk.exe
  C:\Windows\System\qlviFUk.exe
  2⤵
  PID:3184
- C:\Windows\System\txqCPZz.exe
  C:\Windows\System\txqCPZz.exe
  2⤵
  PID:3300
- C:\Windows\System\VEVKOnq.exe
  C:\Windows\System\VEVKOnq.exe
  2⤵
  PID:3364
- C:\Windows\System\iszXCbI.exe
  C:\Windows\System\iszXCbI.exe
  2⤵
  PID:3248
- C:\Windows\System\IWkghQA.exe
  C:\Windows\System\IWkghQA.exe
  2⤵
  PID:3312
- C:\Windows\System\yaAOVlE.exe
  C:\Windows\System\yaAOVlE.exe
  2⤵
  PID:3376
- C:\Windows\System\FfpbIAn.exe
  C:\Windows\System\FfpbIAn.exe
  2⤵
  PID:3400
- C:\Windows\System\LKVZrkr.exe
  C:\Windows\System\LKVZrkr.exe
  2⤵
  PID:3492
- C:\Windows\System\IJQLDAC.exe
  C:\Windows\System\IJQLDAC.exe
  2⤵
  PID:3444
- C:\Windows\System\gEsvGwy.exe
  C:\Windows\System\gEsvGwy.exe
  2⤵
  PID:3560
- C:\Windows\System\cozMNcE.exe
  C:\Windows\System\cozMNcE.exe
  2⤵
  PID:3592
- C:\Windows\System\uKAEGWw.exe
  C:\Windows\System\uKAEGWw.exe
  2⤵
  PID:3624
- C:\Windows\System\WQWiAyl.exe
  C:\Windows\System\WQWiAyl.exe
  2⤵
  PID:3644
- C:\Windows\System\IPxUQJF.exe
  C:\Windows\System\IPxUQJF.exe
  2⤵
  PID:3680
- C:\Windows\System\ISyUqfR.exe
  C:\Windows\System\ISyUqfR.exe
  2⤵
  PID:3700
- C:\Windows\System\nwPWwhm.exe
  C:\Windows\System\nwPWwhm.exe
  2⤵
  PID:3716
- C:\Windows\System\YRkHhbz.exe
  C:\Windows\System\YRkHhbz.exe
  2⤵
  PID:3780
- C:\Windows\System\IDsXXRv.exe
  C:\Windows\System\IDsXXRv.exe
  2⤵
  PID:3796
- C:\Windows\System\ApsdwtA.exe
  C:\Windows\System\ApsdwtA.exe
  2⤵
  PID:3820
- C:\Windows\System\obcHqkD.exe
  C:\Windows\System\obcHqkD.exe
  2⤵
  PID:3836
- C:\Windows\System\AiPDNWW.exe
  C:\Windows\System\AiPDNWW.exe
  2⤵
  PID:3880
- C:\Windows\System\WTcIxKW.exe
  C:\Windows\System\WTcIxKW.exe
  2⤵
  PID:3912
- C:\Windows\System\wCoVLTk.exe
  C:\Windows\System\wCoVLTk.exe
  2⤵
  PID:3900
- C:\Windows\System\LRRnbar.exe
  C:\Windows\System\LRRnbar.exe
  2⤵
  PID:3956
- C:\Windows\System\jABGBwW.exe
  C:\Windows\System\jABGBwW.exe
  2⤵
  PID:4028
- C:\Windows\System\GDubVGc.exe
  C:\Windows\System\GDubVGc.exe
  2⤵
  PID:3940
- C:\Windows\System\EfcaSMX.exe
  C:\Windows\System\EfcaSMX.exe
  2⤵
  PID:3980
- C:\Windows\System\LpYmsZV.exe
  C:\Windows\System\LpYmsZV.exe
  2⤵
  PID:4016
- C:\Windows\System\egJkFHq.exe
  C:\Windows\System\egJkFHq.exe
  2⤵
  PID:4080
- C:\Windows\System\NAdIhZy.exe
  C:\Windows\System\NAdIhZy.exe
  2⤵
  PID:2492
- C:\Windows\System\fFEvkDb.exe
  C:\Windows\System\fFEvkDb.exe
  2⤵
  PID:1256
- C:\Windows\System\RhffjNq.exe
  C:\Windows\System\RhffjNq.exe
  2⤵
  PID:3180
- C:\Windows\System\TCVFuQC.exe
  C:\Windows\System\TCVFuQC.exe
  2⤵
  PID:3360
- C:\Windows\System\esSrYAu.exe
  C:\Windows\System\esSrYAu.exe
  2⤵
  PID:3216
- C:\Windows\System\RFPgZrw.exe
  C:\Windows\System\RFPgZrw.exe
  2⤵
  PID:3200
- C:\Windows\System\ZcijlVD.exe
  C:\Windows\System\ZcijlVD.exe
  2⤵
  PID:2956
- C:\Windows\System\eiDoqeq.exe
  C:\Windows\System\eiDoqeq.exe
  2⤵
  PID:3116
- C:\Windows\System\aTSbIHO.exe
  C:\Windows\System\aTSbIHO.exe
  2⤵
  PID:3508
- C:\Windows\System\oAvPUch.exe
  C:\Windows\System\oAvPUch.exe
  2⤵
  PID:3608
- C:\Windows\System\bVkKSno.exe
  C:\Windows\System\bVkKSno.exe
  2⤵
  PID:3732
- C:\Windows\System\BVQYAFj.exe
  C:\Windows\System\BVQYAFj.exe
  2⤵
  PID:3832
- C:\Windows\System\nBVDdHj.exe
  C:\Windows\System\nBVDdHj.exe
  2⤵
  PID:3636
- C:\Windows\System\MEfxtzH.exe
  C:\Windows\System\MEfxtzH.exe
  2⤵
  PID:3924
- C:\Windows\System\HOMRCFl.exe
  C:\Windows\System\HOMRCFl.exe
  2⤵
  PID:3688
- C:\Windows\System\osaYLHW.exe
  C:\Windows\System\osaYLHW.exe
  2⤵
  PID:3844
- C:\Windows\System\YJgZwsa.exe
  C:\Windows\System\YJgZwsa.exe
  2⤵
  PID:3992
- C:\Windows\System\xEhuzhY.exe
  C:\Windows\System\xEhuzhY.exe
  2⤵
  PID:4064
- C:\Windows\System\bCcHPjE.exe
  C:\Windows\System\bCcHPjE.exe
  2⤵
  PID:4076
- C:\Windows\System\eMwYqTZ.exe
  C:\Windows\System\eMwYqTZ.exe
  2⤵
  PID:3332
- C:\Windows\System\MPcSGMs.exe
  C:\Windows\System\MPcSGMs.exe
  2⤵
  PID:3396
- C:\Windows\System\VRZcyCn.exe
  C:\Windows\System\VRZcyCn.exe
  2⤵
  PID:3284
- C:\Windows\System\YWMjkIu.exe
  C:\Windows\System\YWMjkIu.exe
  2⤵
  PID:4012
- C:\Windows\System\oyiWrjh.exe
  C:\Windows\System\oyiWrjh.exe
  2⤵
  PID:3604
- C:\Windows\System\GAlcTWE.exe
  C:\Windows\System\GAlcTWE.exe
  2⤵
  PID:3804
- C:\Windows\System\vUeZlWY.exe
  C:\Windows\System\vUeZlWY.exe
  2⤵
  PID:3800
- C:\Windows\System\AMHLxMs.exe
  C:\Windows\System\AMHLxMs.exe
  2⤵
  PID:4092
- C:\Windows\System\DOJHcSs.exe
  C:\Windows\System\DOJHcSs.exe
  2⤵
  PID:3892
- C:\Windows\System\ixRBcXt.exe
  C:\Windows\System\ixRBcXt.exe
  2⤵
  PID:4048
- C:\Windows\System\WNGroak.exe
  C:\Windows\System\WNGroak.exe
  2⤵
  PID:3528
- C:\Windows\System\RSyqsEy.exe
  C:\Windows\System\RSyqsEy.exe
  2⤵
  PID:3168
- C:\Windows\System\anhjVcJ.exe
  C:\Windows\System\anhjVcJ.exe
  2⤵
  PID:3768
- C:\Windows\System\kgaFvjb.exe
  C:\Windows\System\kgaFvjb.exe
  2⤵
  PID:3512
- C:\Windows\System\qdGAypb.exe
  C:\Windows\System\qdGAypb.exe
  2⤵
  PID:3136
- C:\Windows\System\WrBnIym.exe
  C:\Windows\System\WrBnIym.exe
  2⤵
  PID:3860
- C:\Windows\System\mrEDAWo.exe
  C:\Windows\System\mrEDAWo.exe
  2⤵
  PID:3908
- C:\Windows\System\ZgKStBI.exe
  C:\Windows\System\ZgKStBI.exe
  2⤵
  PID:3660
- C:\Windows\System\kbefnAu.exe
  C:\Windows\System\kbefnAu.exe
  2⤵
  PID:4060
- C:\Windows\System\eAoJgwF.exe
  C:\Windows\System\eAoJgwF.exe
  2⤵
  PID:4112
- C:\Windows\System\kzwieZU.exe
  C:\Windows\System\kzwieZU.exe
  2⤵
  PID:4128
- C:\Windows\System\BHhyjlz.exe
  C:\Windows\System\BHhyjlz.exe
  2⤵
  PID:4144
- C:\Windows\System\JUovPYh.exe
  C:\Windows\System\JUovPYh.exe
  2⤵
  PID:4172
- C:\Windows\System\chOpsQP.exe
  C:\Windows\System\chOpsQP.exe
  2⤵
  PID:4192
- C:\Windows\System\VbhuSJo.exe
  C:\Windows\System\VbhuSJo.exe
  2⤵
  PID:4208
- C:\Windows\System\HmJBbiS.exe
  C:\Windows\System\HmJBbiS.exe
  2⤵
  PID:4224
- C:\Windows\System\HctDMZa.exe
  C:\Windows\System\HctDMZa.exe
  2⤵
  PID:4240
- C:\Windows\System\GKghbKy.exe
  C:\Windows\System\GKghbKy.exe
  2⤵
  PID:4256
- C:\Windows\System\DSsZiuY.exe
  C:\Windows\System\DSsZiuY.exe
  2⤵
  PID:4272
- C:\Windows\System\WZuBsuZ.exe
  C:\Windows\System\WZuBsuZ.exe
  2⤵
  PID:4296
- C:\Windows\System\NZhYKNv.exe
  C:\Windows\System\NZhYKNv.exe
  2⤵
  PID:4312
- C:\Windows\System\PjUfaIo.exe
  C:\Windows\System\PjUfaIo.exe
  2⤵
  PID:4328
- C:\Windows\System\bKuCRsU.exe
  C:\Windows\System\bKuCRsU.exe
  2⤵
  PID:4344
- C:\Windows\System\RmrktaJ.exe
  C:\Windows\System\RmrktaJ.exe
  2⤵
  PID:4360
- C:\Windows\System\DgOjxeo.exe
  C:\Windows\System\DgOjxeo.exe
  2⤵
  PID:4376
- C:\Windows\System\PnuHsvU.exe
  C:\Windows\System\PnuHsvU.exe
  2⤵
  PID:4392
- C:\Windows\System\NZCIKCT.exe
  C:\Windows\System\NZCIKCT.exe
  2⤵
  PID:4408
- C:\Windows\System\HDBfrdQ.exe
  C:\Windows\System\HDBfrdQ.exe
  2⤵
  PID:4424
- C:\Windows\System\DaEoIxK.exe
  C:\Windows\System\DaEoIxK.exe
  2⤵
  PID:4440
- C:\Windows\System\ieaPcte.exe
  C:\Windows\System\ieaPcte.exe
  2⤵
  PID:4456
- C:\Windows\System\UBtuvEh.exe
  C:\Windows\System\UBtuvEh.exe
  2⤵
  PID:4472
- C:\Windows\System\pQWpkjB.exe
  C:\Windows\System\pQWpkjB.exe
  2⤵
  PID:4488
- C:\Windows\System\lWzIxzH.exe
  C:\Windows\System\lWzIxzH.exe
  2⤵
  PID:4504
- C:\Windows\System\rvuCWnf.exe
  C:\Windows\System\rvuCWnf.exe
  2⤵
  PID:4520
- C:\Windows\System\ZNbDnqb.exe
  C:\Windows\System\ZNbDnqb.exe
  2⤵
  PID:4536
- C:\Windows\System\rwFEHjY.exe
  C:\Windows\System\rwFEHjY.exe
  2⤵
  PID:4552
- C:\Windows\System\WpEWkbh.exe
  C:\Windows\System\WpEWkbh.exe
  2⤵
  PID:4568
- C:\Windows\System\LzFlrov.exe
  C:\Windows\System\LzFlrov.exe
  2⤵
  PID:4584
- C:\Windows\System\vCPyqGl.exe
  C:\Windows\System\vCPyqGl.exe
  2⤵
  PID:4604
- C:\Windows\System\vdmjcsc.exe
  C:\Windows\System\vdmjcsc.exe
  2⤵
  PID:4624
- C:\Windows\System\XaQdSKp.exe
  C:\Windows\System\XaQdSKp.exe
  2⤵
  PID:4640
- C:\Windows\System\VoCcDnF.exe
  C:\Windows\System\VoCcDnF.exe
  2⤵
  PID:4656
- C:\Windows\System\eZHiAae.exe
  C:\Windows\System\eZHiAae.exe
  2⤵
  PID:4672
- C:\Windows\System\XfhZYTU.exe
  C:\Windows\System\XfhZYTU.exe
  2⤵
  PID:4688
- C:\Windows\System\xssghTZ.exe
  C:\Windows\System\xssghTZ.exe
  2⤵
  PID:4704
- C:\Windows\System\mPqPNfo.exe
  C:\Windows\System\mPqPNfo.exe
  2⤵
  PID:4720
- C:\Windows\System\dzAuSft.exe
  C:\Windows\System\dzAuSft.exe
  2⤵
  PID:4736
- C:\Windows\System\MIersNj.exe
  C:\Windows\System\MIersNj.exe
  2⤵
  PID:4752
- C:\Windows\System\lYfaTTE.exe
  C:\Windows\System\lYfaTTE.exe
  2⤵
  PID:4772
- C:\Windows\System\Yshbhgx.exe
  C:\Windows\System\Yshbhgx.exe
  2⤵
  PID:4788
- C:\Windows\System\rRWRPTI.exe
  C:\Windows\System\rRWRPTI.exe
  2⤵
  PID:4804
- C:\Windows\System\dtsGEiP.exe
  C:\Windows\System\dtsGEiP.exe
  2⤵
  PID:4820
- C:\Windows\System\dDfVGhj.exe
  C:\Windows\System\dDfVGhj.exe
  2⤵
  PID:4836
- C:\Windows\System\qaoPSYK.exe
  C:\Windows\System\qaoPSYK.exe
  2⤵
  PID:4856
- C:\Windows\System\ljPdXwk.exe
  C:\Windows\System\ljPdXwk.exe
  2⤵
  PID:4876
- C:\Windows\System\mowveYs.exe
  C:\Windows\System\mowveYs.exe
  2⤵
  PID:4892
- C:\Windows\System\SqsWsVs.exe
  C:\Windows\System\SqsWsVs.exe
  2⤵
  PID:4908
- C:\Windows\System\iTZLWoa.exe
  C:\Windows\System\iTZLWoa.exe
  2⤵
  PID:4924
- C:\Windows\System\cCNfZgv.exe
  C:\Windows\System\cCNfZgv.exe
  2⤵
  PID:4940
- C:\Windows\System\dfktsWV.exe
  C:\Windows\System\dfktsWV.exe
  2⤵
  PID:4956
- C:\Windows\System\fpvJgHr.exe
  C:\Windows\System\fpvJgHr.exe
  2⤵
  PID:4972
- C:\Windows\System\UtyIknS.exe
  C:\Windows\System\UtyIknS.exe
  2⤵
  PID:4988
- C:\Windows\System\fwcVVzg.exe
  C:\Windows\System\fwcVVzg.exe
  2⤵
  PID:5004
- C:\Windows\System\QeoVPea.exe
  C:\Windows\System\QeoVPea.exe
  2⤵
  PID:5020
- C:\Windows\System\xEKkxik.exe
  C:\Windows\System\xEKkxik.exe
  2⤵
  PID:5036
- C:\Windows\System\lTdrQKB.exe
  C:\Windows\System\lTdrQKB.exe
  2⤵
  PID:5052
- C:\Windows\System\PXVsiIC.exe
  C:\Windows\System\PXVsiIC.exe
  2⤵
  PID:5068
- C:\Windows\System\RSBiWMF.exe
  C:\Windows\System\RSBiWMF.exe
  2⤵
  PID:5084
- C:\Windows\System\jqlRqKp.exe
  C:\Windows\System\jqlRqKp.exe
  2⤵
  PID:5104
- C:\Windows\System\IPLEojk.exe
  C:\Windows\System\IPLEojk.exe
  2⤵
  PID:3540
- C:\Windows\System\WGeohHV.exe
  C:\Windows\System\WGeohHV.exe
  2⤵
  PID:1168
- C:\Windows\System\yYcbjoI.exe
  C:\Windows\System\yYcbjoI.exe
  2⤵
  PID:4108
- C:\Windows\System\HRsMAZk.exe
  C:\Windows\System\HRsMAZk.exe
  2⤵
  PID:4156
- C:\Windows\System\lIQNBzW.exe
  C:\Windows\System\lIQNBzW.exe
  2⤵
  PID:4200
- C:\Windows\System\DbMnNrB.exe
  C:\Windows\System\DbMnNrB.exe
  2⤵
  PID:4188
- C:\Windows\System\DPiRvWp.exe
  C:\Windows\System\DPiRvWp.exe
  2⤵
  PID:4264
- C:\Windows\System\CitNGCG.exe
  C:\Windows\System\CitNGCG.exe
  2⤵
  PID:4252
- C:\Windows\System\xeHkCoi.exe
  C:\Windows\System\xeHkCoi.exe
  2⤵
  PID:4292
- C:\Windows\System\kCYWAQK.exe
  C:\Windows\System\kCYWAQK.exe
  2⤵
  PID:4288
- C:\Windows\System\LRlguOe.exe
  C:\Windows\System\LRlguOe.exe
  2⤵
  PID:4372
- C:\Windows\System\VDLpYKe.exe
  C:\Windows\System\VDLpYKe.exe
  2⤵
  PID:4432
- C:\Windows\System\EzjIvoP.exe
  C:\Windows\System\EzjIvoP.exe
  2⤵
  PID:4436
- C:\Windows\System\QyTIUbC.exe
  C:\Windows\System\QyTIUbC.exe
  2⤵
  PID:4496
- C:\Windows\System\GrqTIqP.exe
  C:\Windows\System\GrqTIqP.exe
  2⤵
  PID:4528
- C:\Windows\System\jsCWwju.exe
  C:\Windows\System\jsCWwju.exe
  2⤵
  PID:4388
- C:\Windows\System\XsxHePH.exe
  C:\Windows\System\XsxHePH.exe
  2⤵
  PID:4512
- C:\Windows\System\znuYUzB.exe
  C:\Windows\System\znuYUzB.exe
  2⤵
  PID:3544
- C:\Windows\System\zmgDmds.exe
  C:\Windows\System\zmgDmds.exe
  2⤵
  PID:4612
- C:\Windows\System\kOVAUAq.exe
  C:\Windows\System\kOVAUAq.exe
  2⤵
  PID:4616
- C:\Windows\System\cFySKsY.exe
  C:\Windows\System\cFySKsY.exe
  2⤵
  PID:4648
- C:\Windows\System\ZKtxQGK.exe
  C:\Windows\System\ZKtxQGK.exe
  2⤵
  PID:4712
- C:\Windows\System\PqPCDZI.exe
  C:\Windows\System\PqPCDZI.exe
  2⤵
  PID:4744
- C:\Windows\System\UWnRMWv.exe
  C:\Windows\System\UWnRMWv.exe
  2⤵
  PID:4800
- C:\Windows\System\ZKLKqxL.exe
  C:\Windows\System\ZKLKqxL.exe
  2⤵
  PID:4784
- C:\Windows\System\HzWaULh.exe
  C:\Windows\System\HzWaULh.exe
  2⤵
  PID:4864
- C:\Windows\System\pycZvPy.exe
  C:\Windows\System\pycZvPy.exe
  2⤵
  PID:4920
- C:\Windows\System\tLtDhsG.exe
  C:\Windows\System\tLtDhsG.exe
  2⤵
  PID:4964
- C:\Windows\System\QuedsEx.exe
  C:\Windows\System\QuedsEx.exe
  2⤵
  PID:5028
- C:\Windows\System\DQJCOir.exe
  C:\Windows\System\DQJCOir.exe
  2⤵
  PID:4884
- C:\Windows\System\IbIFDab.exe
  C:\Windows\System\IbIFDab.exe
  2⤵
  PID:5012
- C:\Windows\System\qSFqjGz.exe
  C:\Windows\System\qSFqjGz.exe
  2⤵
  PID:5064
- C:\Windows\System\RgXKsra.exe
  C:\Windows\System\RgXKsra.exe
  2⤵
  PID:3268
- C:\Windows\System\MgiFFGc.exe
  C:\Windows\System\MgiFFGc.exe
  2⤵
  PID:5048
- C:\Windows\System\MDtlSqD.exe
  C:\Windows\System\MDtlSqD.exe
  2⤵
  PID:4140
- C:\Windows\System\ipmFgec.exe
  C:\Windows\System\ipmFgec.exe
  2⤵
  PID:4180
- C:\Windows\System\CZNDboe.exe
  C:\Windows\System\CZNDboe.exe
  2⤵
  PID:4220
- C:\Windows\System\BKzjIOR.exe
  C:\Windows\System\BKzjIOR.exe
  2⤵
  PID:4308
- C:\Windows\System\qSwmSxJ.exe
  C:\Windows\System\qSwmSxJ.exe
  2⤵
  PID:4248
- C:\Windows\System\PcWmVAo.exe
  C:\Windows\System\PcWmVAo.exe
  2⤵
  PID:4544
- C:\Windows\System\ELSxawe.exe
  C:\Windows\System\ELSxawe.exe
  2⤵
  PID:4104
- C:\Windows\System\imWdULb.exe
  C:\Windows\System\imWdULb.exe
  2⤵
  PID:4548
- C:\Windows\System\jrEdnrz.exe
  C:\Windows\System\jrEdnrz.exe
  2⤵
  PID:4164
- C:\Windows\System\omYGWJX.exe
  C:\Windows\System\omYGWJX.exe
  2⤵
  PID:4516
- C:\Windows\System\ffpvmml.exe
  C:\Windows\System\ffpvmml.exe
  2⤵
  PID:4684
- C:\Windows\System\tZeCpxl.exe
  C:\Windows\System\tZeCpxl.exe
  2⤵
  PID:4480
- C:\Windows\System\hTozxdC.exe
  C:\Windows\System\hTozxdC.exe
  2⤵
  PID:4768
- C:\Windows\System\xPLeYIa.exe
  C:\Windows\System\xPLeYIa.exe
  2⤵
  PID:4796
- C:\Windows\System\NddTzBr.exe
  C:\Windows\System\NddTzBr.exe
  2⤵
  PID:4848
- C:\Windows\System\WGQjEvG.exe
  C:\Windows\System\WGQjEvG.exe
  2⤵
  PID:4816
- C:\Windows\System\tqHLUmh.exe
  C:\Windows\System\tqHLUmh.exe
  2⤵
  PID:4980
- C:\Windows\System\DtWXgBu.exe
  C:\Windows\System\DtWXgBu.exe
  2⤵
  PID:5100
- C:\Windows\System\xhIobPb.exe
  C:\Windows\System\xhIobPb.exe
  2⤵
  PID:5080
- C:\Windows\System\ENUfDTE.exe
  C:\Windows\System\ENUfDTE.exe
  2⤵
  PID:4324
- C:\Windows\System\CpsiePp.exe
  C:\Windows\System\CpsiePp.exe
  2⤵
  PID:4632
- C:\Windows\System\ksfTqLb.exe
  C:\Windows\System\ksfTqLb.exe
  2⤵
  PID:4576
- C:\Windows\System\wcpCJXz.exe
  C:\Windows\System\wcpCJXz.exe
  2⤵
  PID:4668
- C:\Windows\System\sWgBmnT.exe
  C:\Windows\System\sWgBmnT.exe
  2⤵
  PID:4916
- C:\Windows\System\OdGDIDD.exe
  C:\Windows\System\OdGDIDD.exe
  2⤵
  PID:5136
- C:\Windows\System\udfQwDS.exe
  C:\Windows\System\udfQwDS.exe
  2⤵
  PID:5152
- C:\Windows\System\jweiTqp.exe
  C:\Windows\System\jweiTqp.exe
  2⤵
  PID:5168
- C:\Windows\System\bpasXoA.exe
  C:\Windows\System\bpasXoA.exe
  2⤵
  PID:5196
- C:\Windows\System\aSZSjpK.exe
  C:\Windows\System\aSZSjpK.exe
  2⤵
  PID:5212
- C:\Windows\System\SWyEZnr.exe
  C:\Windows\System\SWyEZnr.exe
  2⤵
  PID:5232
- C:\Windows\System\qBppGEF.exe
  C:\Windows\System\qBppGEF.exe
  2⤵
  PID:5252
- C:\Windows\System\sinEKzJ.exe
  C:\Windows\System\sinEKzJ.exe
  2⤵
  PID:5268
- C:\Windows\System\sskRTNt.exe
  C:\Windows\System\sskRTNt.exe
  2⤵
  PID:5284
- C:\Windows\System\YCGMWMF.exe
  C:\Windows\System\YCGMWMF.exe
  2⤵
  PID:5320
- C:\Windows\System\ItZSZWw.exe
  C:\Windows\System\ItZSZWw.exe
  2⤵
  PID:5336
- C:\Windows\System\GZcNMWN.exe
  C:\Windows\System\GZcNMWN.exe
  2⤵
  PID:5360
- C:\Windows\System\AxjPrPZ.exe
  C:\Windows\System\AxjPrPZ.exe
  2⤵
  PID:5376
- C:\Windows\System\AhtYLeQ.exe
  C:\Windows\System\AhtYLeQ.exe
  2⤵
  PID:5392
- C:\Windows\System\kiYAFuP.exe
  C:\Windows\System\kiYAFuP.exe
  2⤵
  PID:5412
- C:\Windows\System\LBtEudl.exe
  C:\Windows\System\LBtEudl.exe
  2⤵
  PID:5428
- C:\Windows\System\UFXUFFq.exe
  C:\Windows\System\UFXUFFq.exe
  2⤵
  PID:5448
- C:\Windows\System\GJuXhks.exe
  C:\Windows\System\GJuXhks.exe
  2⤵
  PID:5464
- C:\Windows\System\jIckKpd.exe
  C:\Windows\System\jIckKpd.exe
  2⤵
  PID:5500
- C:\Windows\System\rpFOocp.exe
  C:\Windows\System\rpFOocp.exe
  2⤵
  PID:5516
- C:\Windows\System\BDnMSIg.exe
  C:\Windows\System\BDnMSIg.exe
  2⤵
  PID:5536
- C:\Windows\System\SkmNezx.exe
  C:\Windows\System\SkmNezx.exe
  2⤵
  PID:5552
- C:\Windows\System\xsSPvWF.exe
  C:\Windows\System\xsSPvWF.exe
  2⤵
  PID:5568
- C:\Windows\System\ptgTDFh.exe
  C:\Windows\System\ptgTDFh.exe
  2⤵
  PID:5588
- C:\Windows\System\XyYberr.exe
  C:\Windows\System\XyYberr.exe
  2⤵
  PID:5608
- C:\Windows\System\wiMeMeG.exe
  C:\Windows\System\wiMeMeG.exe
  2⤵
  PID:5624
- C:\Windows\System\VDQejwN.exe
  C:\Windows\System\VDQejwN.exe
  2⤵
  PID:5640
- C:\Windows\System\gLsxbDg.exe
  C:\Windows\System\gLsxbDg.exe
  2⤵
  PID:5656
- C:\Windows\System\CHMRoCj.exe
  C:\Windows\System\CHMRoCj.exe
  2⤵
  PID:5672
- C:\Windows\System\pzUYwNt.exe
  C:\Windows\System\pzUYwNt.exe
  2⤵
  PID:5716
- C:\Windows\System\qpJlVVC.exe
  C:\Windows\System\qpJlVVC.exe
  2⤵
  PID:5740
- C:\Windows\System\vWmBIUE.exe
  C:\Windows\System\vWmBIUE.exe
  2⤵
  PID:5756
- C:\Windows\System\zJRWUVz.exe
  C:\Windows\System\zJRWUVz.exe
  2⤵
  PID:5772
- C:\Windows\System\ckgRLYT.exe
  C:\Windows\System\ckgRLYT.exe
  2⤵
  PID:5788
- C:\Windows\System\mlUIJsH.exe
  C:\Windows\System\mlUIJsH.exe
  2⤵
  PID:5808
- C:\Windows\System\BqLYmmN.exe
  C:\Windows\System\BqLYmmN.exe
  2⤵
  PID:5828
- C:\Windows\System\MRwIkVF.exe
  C:\Windows\System\MRwIkVF.exe
  2⤵
  PID:5844
- C:\Windows\System\YPJUGcF.exe
  C:\Windows\System\YPJUGcF.exe
  2⤵
  PID:5860
- C:\Windows\System\SzVHOmQ.exe
  C:\Windows\System\SzVHOmQ.exe
  2⤵
  PID:5876
- C:\Windows\System\fGAGXlS.exe
  C:\Windows\System\fGAGXlS.exe
  2⤵
  PID:5892
- C:\Windows\System\fuecAKy.exe
  C:\Windows\System\fuecAKy.exe
  2⤵
  PID:5916
- C:\Windows\System\DnMRbXe.exe
  C:\Windows\System\DnMRbXe.exe
  2⤵
  PID:5956
- C:\Windows\System\zWuDncc.exe
  C:\Windows\System\zWuDncc.exe
  2⤵
  PID:5980
- C:\Windows\System\HmnYkTC.exe
  C:\Windows\System\HmnYkTC.exe
  2⤵
  PID:5996
- C:\Windows\System\VQjOxuU.exe
  C:\Windows\System\VQjOxuU.exe
  2⤵
  PID:6020
- C:\Windows\System\alyqYwY.exe
  C:\Windows\System\alyqYwY.exe
  2⤵
  PID:6036
- C:\Windows\System\JaxublB.exe
  C:\Windows\System\JaxublB.exe
  2⤵
  PID:6052
- C:\Windows\System\UCmStyC.exe
  C:\Windows\System\UCmStyC.exe
  2⤵
  PID:6068
- C:\Windows\System\OjRxWrD.exe
  C:\Windows\System\OjRxWrD.exe
  2⤵
  PID:6088
- C:\Windows\System\DbsSOnx.exe
  C:\Windows\System\DbsSOnx.exe
  2⤵
  PID:6104
- C:\Windows\System\yzXYfSh.exe
  C:\Windows\System\yzXYfSh.exe
  2⤵
  PID:6124
- C:\Windows\System\uzHWDmD.exe
  C:\Windows\System\uzHWDmD.exe
  2⤵
  PID:4748
- C:\Windows\System\IxRQvxA.exe
  C:\Windows\System\IxRQvxA.exe
  2⤵
  PID:4852
- C:\Windows\System\LvesWtV.exe
  C:\Windows\System\LvesWtV.exe
  2⤵
  PID:4932
- C:\Windows\System\rSuDgvJ.exe
  C:\Windows\System\rSuDgvJ.exe
  2⤵
  PID:5124
- C:\Windows\System\UXLDgAF.exe
  C:\Windows\System\UXLDgAF.exe
  2⤵
  PID:4936
- C:\Windows\System\dtjfGAK.exe
  C:\Windows\System\dtjfGAK.exe
  2⤵
  PID:5176
- C:\Windows\System\PKVEEyf.exe
  C:\Windows\System\PKVEEyf.exe
  2⤵
  PID:5192
- C:\Windows\System\VTZjMgv.exe
  C:\Windows\System\VTZjMgv.exe
  2⤵
  PID:5228
- C:\Windows\System\brfrqiK.exe
  C:\Windows\System\brfrqiK.exe
  2⤵
  PID:5264
- C:\Windows\System\DunPhAy.exe
  C:\Windows\System\DunPhAy.exe
  2⤵
  PID:5240
- C:\Windows\System\CjhTLJj.exe
  C:\Windows\System\CjhTLJj.exe
  2⤵
  PID:5280
- C:\Windows\System\HdlufkB.exe
  C:\Windows\System\HdlufkB.exe
  2⤵
  PID:5356
- C:\Windows\System\uFzWZGP.exe
  C:\Windows\System\uFzWZGP.exe
  2⤵
  PID:5456
- C:\Windows\System\WoZflDI.exe
  C:\Windows\System\WoZflDI.exe
  2⤵
  PID:5508
- C:\Windows\System\fsvsdAO.exe
  C:\Windows\System\fsvsdAO.exe
  2⤵
  PID:5580
- C:\Windows\System\ytpfeNx.exe
  C:\Windows\System\ytpfeNx.exe
  2⤵
  PID:5368
- C:\Windows\System\luiIyFx.exe
  C:\Windows\System\luiIyFx.exe
  2⤵
  PID:5484
- C:\Windows\System\WhYtYDN.exe
  C:\Windows\System\WhYtYDN.exe
  2⤵
  PID:5560
- C:\Windows\System\iYVsbaN.exe
  C:\Windows\System\iYVsbaN.exe
  2⤵
  PID:5648
- C:\Windows\System\ymLWFSH.exe
  C:\Windows\System\ymLWFSH.exe
  2⤵
  PID:5692
- C:\Windows\System\QiJVmNa.exe
  C:\Windows\System\QiJVmNa.exe
  2⤵
  PID:5528
- C:\Windows\System\wBaiDdu.exe
  C:\Windows\System\wBaiDdu.exe
  2⤵
  PID:5596
- C:\Windows\System\RpkQybz.exe
  C:\Windows\System\RpkQybz.exe
  2⤵
  PID:5636
- C:\Windows\System\AbFRQGa.exe
  C:\Windows\System\AbFRQGa.exe
  2⤵
  PID:5752
- C:\Windows\System\PqgelVX.exe
  C:\Windows\System\PqgelVX.exe
  2⤵
  PID:5820
- C:\Windows\System\xvFiACW.exe
  C:\Windows\System\xvFiACW.exe
  2⤵
  PID:5888
- C:\Windows\System\PgyNIJS.exe
  C:\Windows\System\PgyNIJS.exe
  2⤵
  PID:5936
- C:\Windows\System\PwRydrJ.exe
  C:\Windows\System\PwRydrJ.exe
  2⤵
  PID:5764
- C:\Windows\System\fxxAaGr.exe
  C:\Windows\System\fxxAaGr.exe
  2⤵
  PID:5836
- C:\Windows\System\uNrrWii.exe
  C:\Windows\System\uNrrWii.exe
  2⤵
  PID:5904
- C:\Windows\System\vRwVfWp.exe
  C:\Windows\System\vRwVfWp.exe
  2⤵
  PID:5988
- C:\Windows\System\wCuSlxv.exe
  C:\Windows\System\wCuSlxv.exe
  2⤵
  PID:6004
- C:\Windows\System\GDEQeaK.exe
  C:\Windows\System\GDEQeaK.exe
  2⤵
  PID:6008
- C:\Windows\System\AlLsxyi.exe
  C:\Windows\System\AlLsxyi.exe
  2⤵
  PID:6016
- C:\Windows\System\zNvGLeg.exe
  C:\Windows\System\zNvGLeg.exe
  2⤵
  PID:6080
- C:\Windows\System\miDSVXN.exe
  C:\Windows\System\miDSVXN.exe
  2⤵
  PID:6120
- C:\Windows\System\nvAnway.exe
  C:\Windows\System\nvAnway.exe
  2⤵
  PID:4168
- C:\Windows\System\jTBkFoq.exe
  C:\Windows\System\jTBkFoq.exe
  2⤵
  PID:4448
- C:\Windows\System\QtbvsNE.exe
  C:\Windows\System\QtbvsNE.exe
  2⤵
  PID:5132
- C:\Windows\System\QmkfnPS.exe
  C:\Windows\System\QmkfnPS.exe
  2⤵
  PID:5188
- C:\Windows\System\LRPhvAT.exe
  C:\Windows\System\LRPhvAT.exe
  2⤵
  PID:5060
- C:\Windows\System\AulXdsD.exe
  C:\Windows\System\AulXdsD.exe
  2⤵
  PID:4952
- C:\Windows\System\cJvUenT.exe
  C:\Windows\System\cJvUenT.exe
  2⤵
  PID:5332
- C:\Windows\System\TSqIauz.exe
  C:\Windows\System\TSqIauz.exe
  2⤵
  PID:5308
- C:\Windows\System\PNERXoY.exe
  C:\Windows\System\PNERXoY.exe
  2⤵
  PID:5472
- C:\Windows\System\twPIoLR.exe
  C:\Windows\System\twPIoLR.exe
  2⤵
  PID:5408
- C:\Windows\System\urCqWOy.exe
  C:\Windows\System\urCqWOy.exe
  2⤵
  PID:5704
- C:\Windows\System\WFlWFqR.exe
  C:\Windows\System\WFlWFqR.exe
  2⤵
  PID:5532
- C:\Windows\System\tSieMvx.exe
  C:\Windows\System\tSieMvx.exe
  2⤵
  PID:5736
- C:\Windows\System\kZfACaJ.exe
  C:\Windows\System\kZfACaJ.exe
  2⤵
  PID:5604
- C:\Windows\System\aNjLodj.exe
  C:\Windows\System\aNjLodj.exe
  2⤵
  PID:5784
- C:\Windows\System\yRDrCzf.exe
  C:\Windows\System\yRDrCzf.exe
  2⤵
  PID:5800
- C:\Windows\System\SYEshzx.exe
  C:\Windows\System\SYEshzx.exe
  2⤵
  PID:6060
- C:\Windows\System\bFRFOZZ.exe
  C:\Windows\System\bFRFOZZ.exe
  2⤵
  PID:4100
- C:\Windows\System\vgOVPMR.exe
  C:\Windows\System\vgOVPMR.exe
  2⤵
  PID:5900
- C:\Windows\System\aAkVuyi.exe
  C:\Windows\System\aAkVuyi.exe
  2⤵
  PID:5328
- C:\Windows\System\QgLRNgx.exe
  C:\Windows\System\QgLRNgx.exe
  2⤵
  PID:5352
- C:\Windows\System\XRzyBNB.exe
  C:\Windows\System\XRzyBNB.exe
  2⤵
  PID:5388
- C:\Windows\System\JLBYPGk.exe
  C:\Windows\System\JLBYPGk.exe
  2⤵
  PID:5964
- C:\Windows\System\CcUaGgv.exe
  C:\Windows\System\CcUaGgv.exe
  2⤵
  PID:5164
- C:\Windows\System\DqNBZAN.exe
  C:\Windows\System\DqNBZAN.exe
  2⤵
  PID:4560
- C:\Windows\System\rbJCLGj.exe
  C:\Windows\System\rbJCLGj.exe
  2⤵
  PID:5440
- C:\Windows\System\BzFVbpp.exe
  C:\Windows\System\BzFVbpp.exe
  2⤵
  PID:5700
- C:\Windows\System\zrLzzFl.exe
  C:\Windows\System\zrLzzFl.exe
  2⤵
  PID:5712
- C:\Windows\System\KwfmbJX.exe
  C:\Windows\System\KwfmbJX.exe
  2⤵
  PID:5944
- C:\Windows\System\mVaozWv.exe
  C:\Windows\System\mVaozWv.exe
  2⤵
  PID:6028
- C:\Windows\System\agubWlI.exe
  C:\Windows\System\agubWlI.exe
  2⤵
  PID:5872
- C:\Windows\System\DOrWLda.exe
  C:\Windows\System\DOrWLda.exe
  2⤵
  PID:4232
- C:\Windows\System\LzwUbAM.exe
  C:\Windows\System\LzwUbAM.exe
  2⤵
  PID:4636
- C:\Windows\System\WseerfP.exe
  C:\Windows\System\WseerfP.exe
  2⤵
  PID:4984
- C:\Windows\System\qGQppAf.exe
  C:\Windows\System\qGQppAf.exe
  2⤵
  PID:4336
- C:\Windows\System\SGdjLoE.exe
  C:\Windows\System\SGdjLoE.exe
  2⤵
  PID:5768
- C:\Windows\System\YLzfHav.exe
  C:\Windows\System\YLzfHav.exe
  2⤵
  PID:5616
- C:\Windows\System\LdyDBRZ.exe
  C:\Windows\System\LdyDBRZ.exe
  2⤵
  PID:5868
- C:\Windows\System\VblEbjz.exe
  C:\Windows\System\VblEbjz.exe
  2⤵
  PID:6152
- C:\Windows\System\BukvilB.exe
  C:\Windows\System\BukvilB.exe
  2⤵
  PID:6172
- C:\Windows\System\aFkJAbz.exe
  C:\Windows\System\aFkJAbz.exe
  2⤵
  PID:6192
- C:\Windows\System\TPrdZBJ.exe
  C:\Windows\System\TPrdZBJ.exe
  2⤵
  PID:6208
- C:\Windows\System\nrcrSWA.exe
  C:\Windows\System\nrcrSWA.exe
  2⤵
  PID:6256
- C:\Windows\System\GITNEWR.exe
  C:\Windows\System\GITNEWR.exe
  2⤵
  PID:6280
- C:\Windows\System\DuXMqGM.exe
  C:\Windows\System\DuXMqGM.exe
  2⤵
  PID:6296
- C:\Windows\System\FiQVHpe.exe
  C:\Windows\System\FiQVHpe.exe
  2⤵
  PID:6312
- C:\Windows\System\jemLkwb.exe
  C:\Windows\System\jemLkwb.exe
  2⤵
  PID:6328
- C:\Windows\System\OdRmFNb.exe
  C:\Windows\System\OdRmFNb.exe
  2⤵
  PID:6344
- C:\Windows\System\YvqstGL.exe
  C:\Windows\System\YvqstGL.exe
  2⤵
  PID:6360
- C:\Windows\System\QSmolvr.exe
  C:\Windows\System\QSmolvr.exe
  2⤵
  PID:6380
- C:\Windows\System\ZnacyGU.exe
  C:\Windows\System\ZnacyGU.exe
  2⤵
  PID:6404
- C:\Windows\System\xNfaveo.exe
  C:\Windows\System\xNfaveo.exe
  2⤵
  PID:6420
- C:\Windows\System\MiIKvtz.exe
  C:\Windows\System\MiIKvtz.exe
  2⤵
  PID:6436
- C:\Windows\System\EiGQXEP.exe
  C:\Windows\System\EiGQXEP.exe
  2⤵
  PID:6480
- C:\Windows\System\wQaQkXk.exe
  C:\Windows\System\wQaQkXk.exe
  2⤵
  PID:6496
- C:\Windows\System\tRCJySe.exe
  C:\Windows\System\tRCJySe.exe
  2⤵
  PID:6516
- C:\Windows\System\lqSVSxC.exe
  C:\Windows\System\lqSVSxC.exe
  2⤵
  PID:6532
- C:\Windows\System\leFODiC.exe
  C:\Windows\System\leFODiC.exe
  2⤵
  PID:6548
- C:\Windows\System\uIvWDhY.exe
  C:\Windows\System\uIvWDhY.exe
  2⤵
  PID:6572
- C:\Windows\System\dBHGCfh.exe
  C:\Windows\System\dBHGCfh.exe
  2⤵
  PID:6588
- C:\Windows\System\XLSuENe.exe
  C:\Windows\System\XLSuENe.exe
  2⤵
  PID:6616
- C:\Windows\System\myAYFEn.exe
  C:\Windows\System\myAYFEn.exe
  2⤵
  PID:6632
- C:\Windows\System\AibMjDn.exe
  C:\Windows\System\AibMjDn.exe
  2⤵
  PID:6648
- C:\Windows\System\HPoRUvT.exe
  C:\Windows\System\HPoRUvT.exe
  2⤵
  PID:6664
- C:\Windows\System\eWvSBKb.exe
  C:\Windows\System\eWvSBKb.exe
  2⤵
  PID:6696
- C:\Windows\System\pVRwoDh.exe
  C:\Windows\System\pVRwoDh.exe
  2⤵
  PID:6712
- C:\Windows\System\TzGfGNc.exe
  C:\Windows\System\TzGfGNc.exe
  2⤵
  PID:6728
- C:\Windows\System\HNbCqwT.exe
  C:\Windows\System\HNbCqwT.exe
  2⤵
  PID:6744
- C:\Windows\System\wDuEQax.exe
  C:\Windows\System\wDuEQax.exe
  2⤵
  PID:6760
- C:\Windows\System\WlPxUpx.exe
  C:\Windows\System\WlPxUpx.exe
  2⤵
  PID:6780
- C:\Windows\System\ovEWcAp.exe
  C:\Windows\System\ovEWcAp.exe
  2⤵
  PID:6800
- C:\Windows\System\iFbiksv.exe
  C:\Windows\System\iFbiksv.exe
  2⤵
  PID:6816
- C:\Windows\System\plMfdHU.exe
  C:\Windows\System\plMfdHU.exe
  2⤵
  PID:6832
- C:\Windows\System\pUgVoyS.exe
  C:\Windows\System\pUgVoyS.exe
  2⤵
  PID:6848
- C:\Windows\System\gEVXtUL.exe
  C:\Windows\System\gEVXtUL.exe
  2⤵
  PID:6864
- C:\Windows\System\OqDBNyL.exe
  C:\Windows\System\OqDBNyL.exe
  2⤵
  PID:6920
- C:\Windows\System\xJAwuxD.exe
  C:\Windows\System\xJAwuxD.exe
  2⤵
  PID:6940
- C:\Windows\System\eEzfmCf.exe
  C:\Windows\System\eEzfmCf.exe
  2⤵
  PID:6956
- C:\Windows\System\iLYcoQF.exe
  C:\Windows\System\iLYcoQF.exe
  2⤵
  PID:6972
- C:\Windows\System\umdrSIw.exe
  C:\Windows\System\umdrSIw.exe
  2⤵
  PID:6988
- C:\Windows\System\bfynxzE.exe
  C:\Windows\System\bfynxzE.exe
  2⤵
  PID:7008
- C:\Windows\System\MFnUGTw.exe
  C:\Windows\System\MFnUGTw.exe
  2⤵
  PID:7024
- C:\Windows\System\vncBAmn.exe
  C:\Windows\System\vncBAmn.exe
  2⤵
  PID:7040
- C:\Windows\System\umJsDLY.exe
  C:\Windows\System\umJsDLY.exe
  2⤵
  PID:7056
- C:\Windows\System\UZQdMai.exe
  C:\Windows\System\UZQdMai.exe
  2⤵
  PID:7072
- C:\Windows\System\onmaiwY.exe
  C:\Windows\System\onmaiwY.exe
  2⤵
  PID:7092
- C:\Windows\System\vdGvYkE.exe
  C:\Windows\System\vdGvYkE.exe
  2⤵
  PID:7140
- C:\Windows\System\FkTaWKf.exe
  C:\Windows\System\FkTaWKf.exe
  2⤵
  PID:7160
- C:\Windows\System\LYlpwQg.exe
  C:\Windows\System\LYlpwQg.exe
  2⤵
  PID:6100
- C:\Windows\System\RUOVvDw.exe
  C:\Windows\System\RUOVvDw.exe
  2⤵
  PID:5884
- C:\Windows\System\yROopZS.exe
  C:\Windows\System\yROopZS.exe
  2⤵
  PID:5276
- C:\Windows\System\xcFLGyd.exe
  C:\Windows\System\xcFLGyd.exe
  2⤵
  PID:6148
- C:\Windows\System\dsoRAkq.exe
  C:\Windows\System\dsoRAkq.exe
  2⤵
  PID:6188
- C:\Windows\System\PjPQPKp.exe
  C:\Windows\System\PjPQPKp.exe
  2⤵
  PID:6236
- C:\Windows\System\uaNteQD.exe
  C:\Windows\System\uaNteQD.exe
  2⤵
  PID:6248
- C:\Windows\System\jkExvJl.exe
  C:\Windows\System\jkExvJl.exe
  2⤵
  PID:5304
- C:\Windows\System\DJgXaHf.exe
  C:\Windows\System\DJgXaHf.exe
  2⤵
  PID:6264
- C:\Windows\System\AUrKbaA.exe
  C:\Windows\System\AUrKbaA.exe
  2⤵
  PID:6288
- C:\Windows\System\FNHpIqE.exe
  C:\Windows\System\FNHpIqE.exe
  2⤵
  PID:6340
- C:\Windows\System\kGeleXB.exe
  C:\Windows\System\kGeleXB.exe
  2⤵
  PID:6412
- C:\Windows\System\lhqGtSR.exe
  C:\Windows\System\lhqGtSR.exe
  2⤵
  PID:6352
- C:\Windows\System\CyuumkD.exe
  C:\Windows\System\CyuumkD.exe
  2⤵
  PID:6396
- C:\Windows\System\hXUfSiX.exe
  C:\Windows\System\hXUfSiX.exe
  2⤵
  PID:6444
- C:\Windows\System\OFTPujQ.exe
  C:\Windows\System\OFTPujQ.exe
  2⤵
  PID:6464
- C:\Windows\System\adDOCXL.exe
  C:\Windows\System\adDOCXL.exe
  2⤵
  PID:6448
- C:\Windows\System\dMTcwqH.exe
  C:\Windows\System\dMTcwqH.exe
  2⤵
  PID:6512
- C:\Windows\System\KDFmAcA.exe
  C:\Windows\System\KDFmAcA.exe
  2⤵
  PID:6600
- C:\Windows\System\XbudEeq.exe
  C:\Windows\System\XbudEeq.exe
  2⤵
  PID:6568
- C:\Windows\System\kcTUwMJ.exe
  C:\Windows\System\kcTUwMJ.exe
  2⤵
  PID:6580
- C:\Windows\System\THEPncF.exe
  C:\Windows\System\THEPncF.exe
  2⤵
  PID:6688
- C:\Windows\System\GNZaEAO.exe
  C:\Windows\System\GNZaEAO.exe
  2⤵
  PID:6736
- C:\Windows\System\JInSCAC.exe
  C:\Windows\System\JInSCAC.exe
  2⤵
  PID:6808
- C:\Windows\System\VZBVfVQ.exe
  C:\Windows\System\VZBVfVQ.exe
  2⤵
  PID:6884
- C:\Windows\System\BosDLFw.exe
  C:\Windows\System\BosDLFw.exe
  2⤵
  PID:6776
- C:\Windows\System\EjUDUPu.exe
  C:\Windows\System\EjUDUPu.exe
  2⤵
  PID:6912
- C:\Windows\System\wMXgEoK.exe
  C:\Windows\System\wMXgEoK.exe
  2⤵
  PID:6792
- C:\Windows\System\swVWSht.exe
  C:\Windows\System\swVWSht.exe
  2⤵
  PID:6860
- C:\Windows\System\PsUlPcR.exe
  C:\Windows\System\PsUlPcR.exe
  2⤵
  PID:6948
- C:\Windows\System\GxUwvUi.exe
  C:\Windows\System\GxUwvUi.exe
  2⤵
  PID:7020
- C:\Windows\System\etkLdVZ.exe
  C:\Windows\System\etkLdVZ.exe
  2⤵
  PID:7088
- C:\Windows\System\wfyIkmZ.exe
  C:\Windows\System\wfyIkmZ.exe
  2⤵
  PID:7036
- C:\Windows\System\uHKgjpL.exe
  C:\Windows\System\uHKgjpL.exe
  2⤵
  PID:7104
- C:\Windows\System\lBWjcMQ.exe
  C:\Windows\System\lBWjcMQ.exe
  2⤵
  PID:7120
- C:\Windows\System\XIirLLM.exe
  C:\Windows\System\XIirLLM.exe
  2⤵
  PID:5804
- C:\Windows\System\EKlPTkI.exe
  C:\Windows\System\EKlPTkI.exe
  2⤵
  PID:5372
- C:\Windows\System\bKdgOQV.exe
  C:\Windows\System\bKdgOQV.exe
  2⤵
  PID:6116
- C:\Windows\System\zghMODP.exe
  C:\Windows\System\zghMODP.exe
  2⤵
  PID:6076
- C:\Windows\System\ubhQRJn.exe
  C:\Windows\System\ubhQRJn.exe
  2⤵
  PID:5548
- C:\Windows\System\LyHOlQg.exe
  C:\Windows\System\LyHOlQg.exe
  2⤵
  PID:6220
- C:\Windows\System\DjzRVtQ.exe
  C:\Windows\System\DjzRVtQ.exe
  2⤵
  PID:5852
- C:\Windows\System\YzhzVeO.exe
  C:\Windows\System\YzhzVeO.exe
  2⤵
  PID:6320
- C:\Windows\System\IZbPAwE.exe
  C:\Windows\System\IZbPAwE.exe
  2⤵
  PID:6432
- C:\Windows\System\pTuDeVs.exe
  C:\Windows\System\pTuDeVs.exe
  2⤵
  PID:6476
- C:\Windows\System\qmsbYES.exe
  C:\Windows\System\qmsbYES.exe
  2⤵
  PID:6272
- C:\Windows\System\BhUWdvP.exe
  C:\Windows\System\BhUWdvP.exe
  2⤵
  PID:6612
- C:\Windows\System\lIZIOac.exe
  C:\Windows\System\lIZIOac.exe
  2⤵
  PID:6460
- C:\Windows\System\wtGGbYv.exe
  C:\Windows\System\wtGGbYv.exe
  2⤵
  PID:6556
- C:\Windows\System\BNfLDlL.exe
  C:\Windows\System\BNfLDlL.exe
  2⤵
  PID:6704
- C:\Windows\System\cwMASzn.exe
  C:\Windows\System\cwMASzn.exe
  2⤵
  PID:6872
- C:\Windows\System\YHcGHmR.exe
  C:\Windows\System\YHcGHmR.exe
  2⤵
  PID:6388
- C:\Windows\System\bvLteUj.exe
  C:\Windows\System\bvLteUj.exe
  2⤵
  PID:6904
- C:\Windows\System\QGLiqsP.exe
  C:\Windows\System\QGLiqsP.exe
  2⤵
  PID:7032
- C:\Windows\System\fCmSERo.exe
  C:\Windows\System\fCmSERo.exe
  2⤵
  PID:6788
- C:\Windows\System\QmzLAxY.exe
  C:\Windows\System\QmzLAxY.exe
  2⤵
  PID:6876
- C:\Windows\System\FfKNNpA.exe
  C:\Windows\System\FfKNNpA.exe
  2⤵
  PID:6968
- C:\Windows\System\uZuRxsP.exe
  C:\Windows\System\uZuRxsP.exe
  2⤵
  PID:6756
- C:\Windows\System\VBKEWYP.exe
  C:\Windows\System\VBKEWYP.exe
  2⤵
  PID:6184
- C:\Windows\System\TypCIqa.exe
  C:\Windows\System\TypCIqa.exe
  2⤵
  PID:7132
- C:\Windows\System\jVsRzFR.exe
  C:\Windows\System\jVsRzFR.exe
  2⤵
  PID:5948
- C:\Windows\System\VRyFMgh.exe
  C:\Windows\System\VRyFMgh.exe
  2⤵
  PID:6168
- C:\Windows\System\FsEMBTY.exe
  C:\Windows\System\FsEMBTY.exe
  2⤵
  PID:6304
- C:\Windows\System\MrTCvet.exe
  C:\Windows\System\MrTCvet.exe
  2⤵
  PID:6308
- C:\Windows\System\wdcXiXe.exe
  C:\Windows\System\wdcXiXe.exe
  2⤵
  PID:6604
- C:\Windows\System\AGdprTQ.exe
  C:\Windows\System\AGdprTQ.exe
  2⤵
  PID:6660
- C:\Windows\System\SiTHkMW.exe
  C:\Windows\System\SiTHkMW.exe
  2⤵
  PID:6708
- C:\Windows\System\EVlVQKB.exe
  C:\Windows\System\EVlVQKB.exe
  2⤵
  PID:6672
- C:\Windows\System\USxgqbH.exe
  C:\Windows\System\USxgqbH.exe
  2⤵
  PID:6896
- C:\Windows\System\kIHYRYk.exe
  C:\Windows\System\kIHYRYk.exe
  2⤵
  PID:6984
- C:\Windows\System\LkWvsqO.exe
  C:\Windows\System\LkWvsqO.exe
  2⤵
  PID:7112
- C:\Windows\System\vJWfXgC.exe
  C:\Windows\System\vJWfXgC.exe
  2⤵
  PID:5420
- C:\Windows\System\oTNEPIP.exe
  C:\Windows\System\oTNEPIP.exe
  2⤵
  PID:6544
- C:\Windows\System\jpSgSXd.exe
  C:\Windows\System\jpSgSXd.exe
  2⤵
  PID:7004
- C:\Windows\System\ObyJrVT.exe
  C:\Windows\System\ObyJrVT.exe
  2⤵
  PID:7100
- C:\Windows\System\IiCQsEq.exe
  C:\Windows\System\IiCQsEq.exe
  2⤵
  PID:7052
- C:\Windows\System\pHOlAnC.exe
  C:\Windows\System\pHOlAnC.exe
  2⤵
  PID:7128
- C:\Windows\System\wTqGVjz.exe
  C:\Windows\System\wTqGVjz.exe
  2⤵
  PID:6640
- C:\Windows\System\bYIPUlX.exe
  C:\Windows\System\bYIPUlX.exe
  2⤵
  PID:6508
- C:\Windows\System\GCfPEex.exe
  C:\Windows\System\GCfPEex.exe
  2⤵
  PID:6824
- C:\Windows\System\YSMwTJK.exe
  C:\Windows\System\YSMwTJK.exe
  2⤵
  PID:7156
- C:\Windows\System\tQhpLek.exe
  C:\Windows\System\tQhpLek.exe
  2⤵
  PID:6772
- C:\Windows\System\njqBEnr.exe
  C:\Windows\System\njqBEnr.exe
  2⤵
  PID:7080
- C:\Windows\System\hyUvIdm.exe
  C:\Windows\System\hyUvIdm.exe
  2⤵
  PID:6228
- C:\Windows\System\VtoDiPx.exe
  C:\Windows\System\VtoDiPx.exe
  2⤵
  PID:5404
- C:\Windows\System\AJsWUou.exe
  C:\Windows\System\AJsWUou.exe
  2⤵
  PID:6856
- C:\Windows\System\VEuYIzY.exe
  C:\Windows\System\VEuYIzY.exe
  2⤵
  PID:6684
- C:\Windows\System\HElpssb.exe
  C:\Windows\System\HElpssb.exe
  2⤵
  PID:6844
- C:\Windows\System\gHarYzG.exe
  C:\Windows\System\gHarYzG.exe
  2⤵
  PID:6936
- C:\Windows\System\sTdQoAe.exe
  C:\Windows\System\sTdQoAe.exe
  2⤵
  PID:7172
- C:\Windows\System\WqOmzTv.exe
  C:\Windows\System\WqOmzTv.exe
  2⤵
  PID:7188
- C:\Windows\System\QbFYxhU.exe
  C:\Windows\System\QbFYxhU.exe
  2⤵
  PID:7204
- C:\Windows\System\iZNGWSy.exe
  C:\Windows\System\iZNGWSy.exe
  2⤵
  PID:7220
- C:\Windows\System\BldTHkx.exe
  C:\Windows\System\BldTHkx.exe
  2⤵
  PID:7236
- C:\Windows\System\UyElFDU.exe
  C:\Windows\System\UyElFDU.exe
  2⤵
  PID:7252
- C:\Windows\System\WTFckZz.exe
  C:\Windows\System\WTFckZz.exe
  2⤵
  PID:7268
- C:\Windows\System\sJbJiaE.exe
  C:\Windows\System\sJbJiaE.exe
  2⤵
  PID:7288
- C:\Windows\System\PtwLCWz.exe
  C:\Windows\System\PtwLCWz.exe
  2⤵
  PID:7312
- C:\Windows\System\LKJkdFP.exe
  C:\Windows\System\LKJkdFP.exe
  2⤵
  PID:7332
- C:\Windows\System\vYkGqzS.exe
  C:\Windows\System\vYkGqzS.exe
  2⤵
  PID:7352
- C:\Windows\System\EQscAcs.exe
  C:\Windows\System\EQscAcs.exe
  2⤵
  PID:7368
- C:\Windows\System\zdOEMQe.exe
  C:\Windows\System\zdOEMQe.exe
  2⤵
  PID:7384
- C:\Windows\System\CStykye.exe
  C:\Windows\System\CStykye.exe
  2⤵
  PID:7400
- C:\Windows\System\JGenift.exe
  C:\Windows\System\JGenift.exe
  2⤵
  PID:7420
- C:\Windows\System\pWCXgVe.exe
  C:\Windows\System\pWCXgVe.exe
  2⤵
  PID:7436
- C:\Windows\System\Tannmto.exe
  C:\Windows\System\Tannmto.exe
  2⤵
  PID:7460
- C:\Windows\System\BBgfpLX.exe
  C:\Windows\System\BBgfpLX.exe
  2⤵
  PID:7476
- C:\Windows\System\iaiBlmh.exe
  C:\Windows\System\iaiBlmh.exe
  2⤵
  PID:7492
- C:\Windows\System\cVemuoa.exe
  C:\Windows\System\cVemuoa.exe
  2⤵
  PID:7508
- C:\Windows\System\eFOUhPh.exe
  C:\Windows\System\eFOUhPh.exe
  2⤵
  PID:7576
- C:\Windows\System\zVVXxhN.exe
  C:\Windows\System\zVVXxhN.exe
  2⤵
  PID:7592
- C:\Windows\System\fJuWONQ.exe
  C:\Windows\System\fJuWONQ.exe
  2⤵
  PID:7612
- C:\Windows\System\waOnbMg.exe
  C:\Windows\System\waOnbMg.exe
  2⤵
  PID:7628
- C:\Windows\System\zaAOxOx.exe
  C:\Windows\System\zaAOxOx.exe
  2⤵
  PID:7652
- C:\Windows\System\UnPJIyU.exe
  C:\Windows\System\UnPJIyU.exe
  2⤵
  PID:7668
- C:\Windows\System\XhSQEIU.exe
  C:\Windows\System\XhSQEIU.exe
  2⤵
  PID:7684
- C:\Windows\System\tnWavbW.exe
  C:\Windows\System\tnWavbW.exe
  2⤵
  PID:7708
- C:\Windows\System\VSrcjCm.exe
  C:\Windows\System\VSrcjCm.exe
  2⤵
  PID:7724
- C:\Windows\System\lamaveu.exe
  C:\Windows\System\lamaveu.exe
  2⤵
  PID:7744
- C:\Windows\System\hguOnoO.exe
  C:\Windows\System\hguOnoO.exe
  2⤵
  PID:7760
- C:\Windows\System\AwgoXDL.exe
  C:\Windows\System\AwgoXDL.exe
  2⤵
  PID:7776
- C:\Windows\System\JSIfUfT.exe
  C:\Windows\System\JSIfUfT.exe
  2⤵
  PID:7796
- C:\Windows\System\jtYKaIl.exe
  C:\Windows\System\jtYKaIl.exe
  2⤵
  PID:7820
- C:\Windows\System\xhqIZUA.exe
  C:\Windows\System\xhqIZUA.exe
  2⤵
  PID:7840
- C:\Windows\System\hrFhksT.exe
  C:\Windows\System\hrFhksT.exe
  2⤵
  PID:7876
- C:\Windows\System\gxaZYok.exe
  C:\Windows\System\gxaZYok.exe
  2⤵
  PID:7892
- C:\Windows\System\AwJPUCJ.exe
  C:\Windows\System\AwJPUCJ.exe
  2⤵
  PID:7908
- C:\Windows\System\dFfOlei.exe
  C:\Windows\System\dFfOlei.exe
  2⤵
  PID:7924
- C:\Windows\System\aLEKsMW.exe
  C:\Windows\System\aLEKsMW.exe
  2⤵
  PID:7948
- C:\Windows\System\ocbnRWd.exe
  C:\Windows\System\ocbnRWd.exe
  2⤵
  PID:7968
- C:\Windows\System\uxYlcBU.exe
  C:\Windows\System\uxYlcBU.exe
  2⤵
  PID:7988
- C:\Windows\System\MXDFZVy.exe
  C:\Windows\System\MXDFZVy.exe
  2⤵
  PID:8008
- C:\Windows\System\trirdHq.exe
  C:\Windows\System\trirdHq.exe
  2⤵
  PID:8024
- C:\Windows\System\PotrHWm.exe
  C:\Windows\System\PotrHWm.exe
  2⤵
  PID:8044
- C:\Windows\System\NDRcKFO.exe
  C:\Windows\System\NDRcKFO.exe
  2⤵
  PID:8060
- C:\Windows\System\xtTiBZq.exe
  C:\Windows\System\xtTiBZq.exe
  2⤵
  PID:8076
- C:\Windows\System\ypJfbBG.exe
  C:\Windows\System\ypJfbBG.exe
  2⤵
  PID:8092
- C:\Windows\System\wavvELH.exe
  C:\Windows\System\wavvELH.exe
  2⤵
  PID:8124
- C:\Windows\System\iPiFgoB.exe
  C:\Windows\System\iPiFgoB.exe
  2⤵
  PID:8140
- C:\Windows\System\oXASpHz.exe
  C:\Windows\System\oXASpHz.exe
  2⤵
  PID:8180
- C:\Windows\System\FfFHAIR.exe
  C:\Windows\System\FfFHAIR.exe
  2⤵
  PID:7180
- C:\Windows\System\BdeJxad.exe
  C:\Windows\System\BdeJxad.exe
  2⤵
  PID:7216
- C:\Windows\System\FyfJymr.exe
  C:\Windows\System\FyfJymr.exe
  2⤵
  PID:7284
- C:\Windows\System\GXzKmRv.exe
  C:\Windows\System\GXzKmRv.exe
  2⤵
  PID:7360
- C:\Windows\System\qPjQHnr.exe
  C:\Windows\System\qPjQHnr.exe
  2⤵
  PID:7428
- C:\Windows\System\RShfcIa.exe
  C:\Windows\System\RShfcIa.exe
  2⤵
  PID:7500
- C:\Windows\System\BlbLoDP.exe
  C:\Windows\System\BlbLoDP.exe
  2⤵
  PID:7380
- C:\Windows\System\dXIybCq.exe
  C:\Windows\System\dXIybCq.exe
  2⤵
  PID:7484
- C:\Windows\System\UQhGdKe.exe
  C:\Windows\System\UQhGdKe.exe
  2⤵
  PID:7532
- C:\Windows\System\xLgImli.exe
  C:\Windows\System\xLgImli.exe
  2⤵
  PID:7416
- C:\Windows\System\xYKjrRX.exe
  C:\Windows\System\xYKjrRX.exe
  2⤵
  PID:7488
- C:\Windows\System\YokQzpN.exe
  C:\Windows\System\YokQzpN.exe
  2⤵
  PID:7340
- C:\Windows\System\faOzwkb.exe
  C:\Windows\System\faOzwkb.exe
  2⤵
  PID:7540
- C:\Windows\System\MeDHcPn.exe
  C:\Windows\System\MeDHcPn.exe
  2⤵
  PID:7552
- C:\Windows\System\zMkYTNu.exe
  C:\Windows\System\zMkYTNu.exe
  2⤵
  PID:7572
- C:\Windows\System\dfeWIwS.exe
  C:\Windows\System\dfeWIwS.exe
  2⤵
  PID:7588
- C:\Windows\System\UpWOYAQ.exe
  C:\Windows\System\UpWOYAQ.exe
  2⤵
  PID:7696
- C:\Windows\System\mtvbFhL.exe
  C:\Windows\System\mtvbFhL.exe
  2⤵
  PID:7608
- C:\Windows\System\kMeZaNm.exe
  C:\Windows\System\kMeZaNm.exe
  2⤵
  PID:7636
- C:\Windows\System\NQDmRJe.exe
  C:\Windows\System\NQDmRJe.exe
  2⤵
  PID:7648
- C:\Windows\System\pMTPPZD.exe
  C:\Windows\System\pMTPPZD.exe
  2⤵
  PID:7720
- C:\Windows\System\OMRwIyM.exe
  C:\Windows\System\OMRwIyM.exe
  2⤵
  PID:7604
- C:\Windows\System\kgQUcJM.exe
  C:\Windows\System\kgQUcJM.exe
  2⤵
  PID:7644
- C:\Windows\System\owzfVFA.exe
  C:\Windows\System\owzfVFA.exe
  2⤵
  PID:7680
- C:\Windows\System\PIHFqNi.exe
  C:\Windows\System\PIHFqNi.exe
  2⤵
  PID:7836
- C:\Windows\System\KyTvDcB.exe
  C:\Windows\System\KyTvDcB.exe
  2⤵
  PID:7932
- C:\Windows\System\nBPNGju.exe
  C:\Windows\System\nBPNGju.exe
  2⤵
  PID:7984
- C:\Windows\System\PXwodOt.exe
  C:\Windows\System\PXwodOt.exe
  2⤵
  PID:8052
- C:\Windows\System\ALDCuQf.exe
  C:\Windows\System\ALDCuQf.exe
  2⤵
  PID:8036
- C:\Windows\System\MRlcSof.exe
  C:\Windows\System\MRlcSof.exe
  2⤵
  PID:7960
- C:\Windows\System\xnLbjYJ.exe
  C:\Windows\System\xnLbjYJ.exe
  2⤵
  PID:8100
- C:\Windows\System\tfTFyTa.exe
  C:\Windows\System\tfTFyTa.exe
  2⤵
  PID:8152
- C:\Windows\System\rvFAOQC.exe
  C:\Windows\System\rvFAOQC.exe
  2⤵
  PID:7276
- C:\Windows\System\RjUwvXe.exe
  C:\Windows\System\RjUwvXe.exe
  2⤵
  PID:7376
- C:\Windows\System\mNJWQdE.exe
  C:\Windows\System\mNJWQdE.exe
  2⤵
  PID:7344
- C:\Windows\System\sIoXzFy.exe
  C:\Windows\System\sIoXzFy.exe
  2⤵
  PID:7568
- C:\Windows\System\yMkiTOI.exe
  C:\Windows\System\yMkiTOI.exe
  2⤵
  PID:7600
- C:\Windows\System\OcnLeRX.exe
  C:\Windows\System\OcnLeRX.exe
  2⤵
  PID:7640
- C:\Windows\System\ipWRYeo.exe
  C:\Windows\System\ipWRYeo.exe
  2⤵
  PID:7940
- C:\Windows\System\vLnchFW.exe
  C:\Windows\System\vLnchFW.exe
  2⤵
  PID:7848
- C:\Windows\System\CmhmpuW.exe
  C:\Windows\System\CmhmpuW.exe
  2⤵
  PID:5400
- C:\Windows\System\IZXiCFm.exe
  C:\Windows\System\IZXiCFm.exe
  2⤵
  PID:7700
- C:\Windows\System\smtgSJV.exe
  C:\Windows\System\smtgSJV.exe
  2⤵
  PID:7676
- C:\Windows\System\OkQBSfK.exe
  C:\Windows\System\OkQBSfK.exe
  2⤵
  PID:7232
- C:\Windows\System\kJcUJTm.exe
  C:\Windows\System\kJcUJTm.exe
  2⤵
  PID:7472
- C:\Windows\System\RYLylQS.exe
  C:\Windows\System\RYLylQS.exe
  2⤵
  PID:8000
- C:\Windows\System\ooSFqfB.exe
  C:\Windows\System\ooSFqfB.exe
  2⤵
  PID:8112
- C:\Windows\System\dCFpMdS.exe
  C:\Windows\System\dCFpMdS.exe
  2⤵
  PID:8176
- C:\Windows\System\TspYica.exe
  C:\Windows\System\TspYica.exe
  2⤵
  PID:6376
- C:\Windows\System\LYGrgFK.exe
  C:\Windows\System\LYGrgFK.exe
  2⤵
  PID:8084
- C:\Windows\System\hYhTXLJ.exe
  C:\Windows\System\hYhTXLJ.exe
  2⤵
  PID:7244
- C:\Windows\System\iFTdkDU.exe
  C:\Windows\System\iFTdkDU.exe
  2⤵
  PID:7452
- C:\Windows\System\yCbDIEZ.exe
  C:\Windows\System\yCbDIEZ.exe
  2⤵
  PID:7816
- C:\Windows\System\pLiebXF.exe
  C:\Windows\System\pLiebXF.exe
  2⤵
  PID:7828
- C:\Windows\System\svNIimk.exe
  C:\Windows\System\svNIimk.exe
  2⤵
  PID:7304
- C:\Windows\System\RKzXqua.exe
  C:\Windows\System\RKzXqua.exe
  2⤵
  PID:7804
- C:\Windows\System\CuzmJQv.exe
  C:\Windows\System\CuzmJQv.exe
  2⤵
  PID:7864
- C:\Windows\System\enqaHFm.exe
  C:\Windows\System\enqaHFm.exe
  2⤵
  PID:7548
- C:\Windows\System\cqemPIu.exe
  C:\Windows\System\cqemPIu.exe
  2⤵
  PID:7920
- C:\Windows\System\KbdjhyL.exe
  C:\Windows\System\KbdjhyL.exe
  2⤵
  PID:8132
- C:\Windows\System\GUXivHN.exe
  C:\Windows\System\GUXivHN.exe
  2⤵
  PID:8032
- C:\Windows\System\dcCoSVc.exe
  C:\Windows\System\dcCoSVc.exe
  2⤵
  PID:8056
- C:\Windows\System\OVNMCsk.exe
  C:\Windows\System\OVNMCsk.exe
  2⤵
  PID:8016
- C:\Windows\System\ylvppSh.exe
  C:\Windows\System\ylvppSh.exe
  2⤵
  PID:7888
- C:\Windows\System\vlFVFyq.exe
  C:\Windows\System\vlFVFyq.exe
  2⤵
  PID:7732
- C:\Windows\System\hjeLVSB.exe
  C:\Windows\System\hjeLVSB.exe
  2⤵
  PID:7788
- C:\Windows\System\JInNOmr.exe
  C:\Windows\System\JInNOmr.exe
  2⤵
  PID:7260
- C:\Windows\System\gWvVptI.exe
  C:\Windows\System\gWvVptI.exe
  2⤵
  PID:8164
- C:\Windows\System\uppBWGn.exe
  C:\Windows\System\uppBWGn.exe
  2⤵
  PID:6524
- C:\Windows\System\WgbDtFg.exe
  C:\Windows\System\WgbDtFg.exe
  2⤵
  PID:8156
- C:\Windows\System\RuoFava.exe
  C:\Windows\System\RuoFava.exe
  2⤵
  PID:8148
- C:\Windows\System\lzCvuqz.exe
  C:\Windows\System\lzCvuqz.exe
  2⤵
  PID:7624
- C:\Windows\System\unakyqu.exe
  C:\Windows\System\unakyqu.exe
  2⤵
  PID:8160
- C:\Windows\System\MbEuZiL.exe
  C:\Windows\System\MbEuZiL.exe
  2⤵
  PID:8208
- C:\Windows\System\TRYfUBB.exe
  C:\Windows\System\TRYfUBB.exe
  2⤵
  PID:8228
- C:\Windows\System\QmmTUyq.exe
  C:\Windows\System\QmmTUyq.exe
  2⤵
  PID:8248
- C:\Windows\System\oJvYXLh.exe
  C:\Windows\System\oJvYXLh.exe
  2⤵
  PID:8264
- C:\Windows\System\BScITkh.exe
  C:\Windows\System\BScITkh.exe
  2⤵
  PID:8284
- C:\Windows\System\gFPDQLT.exe
  C:\Windows\System\gFPDQLT.exe
  2⤵
  PID:8300
- C:\Windows\System\KgIZbac.exe
  C:\Windows\System\KgIZbac.exe
  2⤵
  PID:8320
- C:\Windows\System\JjXtCmd.exe
  C:\Windows\System\JjXtCmd.exe
  2⤵
  PID:8336
- C:\Windows\System\KDtcUKA.exe
  C:\Windows\System\KDtcUKA.exe
  2⤵
  PID:8380
- C:\Windows\System\VGamrFt.exe
  C:\Windows\System\VGamrFt.exe
  2⤵
  PID:8396
- C:\Windows\System\vQNzbev.exe
  C:\Windows\System\vQNzbev.exe
  2⤵
  PID:8416
- C:\Windows\System\HfBznSO.exe
  C:\Windows\System\HfBznSO.exe
  2⤵
  PID:8440
- C:\Windows\System\pjkSCRV.exe
  C:\Windows\System\pjkSCRV.exe
  2⤵
  PID:8456
- C:\Windows\System\AiLwUzo.exe
  C:\Windows\System\AiLwUzo.exe
  2⤵
  PID:8472
- C:\Windows\System\tRohXRD.exe
  C:\Windows\System\tRohXRD.exe
  2⤵
  PID:8496
- C:\Windows\System\mnSZoaG.exe
  C:\Windows\System\mnSZoaG.exe
  2⤵
  PID:8524
- C:\Windows\System\UWIBYdO.exe
  C:\Windows\System\UWIBYdO.exe
  2⤵
  PID:8540
- C:\Windows\System\hZLOujG.exe
  C:\Windows\System\hZLOujG.exe
  2⤵
  PID:8560
- C:\Windows\System\MKWaJJE.exe
  C:\Windows\System\MKWaJJE.exe
  2⤵
  PID:8580
- C:\Windows\System\oNejvep.exe
  C:\Windows\System\oNejvep.exe
  2⤵
  PID:8604
- C:\Windows\System\zBltdOb.exe
  C:\Windows\System\zBltdOb.exe
  2⤵
  PID:8620
- C:\Windows\System\YDjmFPS.exe
  C:\Windows\System\YDjmFPS.exe
  2⤵
  PID:8636
- C:\Windows\System\yhOzZDc.exe
  C:\Windows\System\yhOzZDc.exe
  2⤵
  PID:8668
- C:\Windows\System\ByVmcEQ.exe
  C:\Windows\System\ByVmcEQ.exe
  2⤵
  PID:8688
- C:\Windows\System\LgGNvIB.exe
  C:\Windows\System\LgGNvIB.exe
  2⤵
  PID:8704
- C:\Windows\System\GxGmSoO.exe
  C:\Windows\System\GxGmSoO.exe
  2⤵
  PID:8720
- C:\Windows\System\kXCYNBm.exe
  C:\Windows\System\kXCYNBm.exe
  2⤵
  PID:8740
- C:\Windows\System\IiVaCns.exe
  C:\Windows\System\IiVaCns.exe
  2⤵
  PID:8756
- C:\Windows\System\SCkmivZ.exe
  C:\Windows\System\SCkmivZ.exe
  2⤵
  PID:8772
- C:\Windows\System\YBppcDN.exe
  C:\Windows\System\YBppcDN.exe
  2⤵
  PID:8788
- C:\Windows\System\oTSCZct.exe
  C:\Windows\System\oTSCZct.exe
  2⤵
  PID:8804
- C:\Windows\System\unYqYjx.exe
  C:\Windows\System\unYqYjx.exe
  2⤵
  PID:8824
- C:\Windows\System\vOccCsN.exe
  C:\Windows\System\vOccCsN.exe
  2⤵
  PID:8844
- C:\Windows\System\gfCYXGc.exe
  C:\Windows\System\gfCYXGc.exe
  2⤵
  PID:8864
- C:\Windows\System\ywrbPuI.exe
  C:\Windows\System\ywrbPuI.exe
  2⤵
  PID:8892
- C:\Windows\System\CynOGSC.exe
  C:\Windows\System\CynOGSC.exe
  2⤵
  PID:8908
- C:\Windows\System\iWVrKla.exe
  C:\Windows\System\iWVrKla.exe
  2⤵
  PID:8936
- C:\Windows\System\gqxzsYr.exe
  C:\Windows\System\gqxzsYr.exe
  2⤵
  PID:8952
- C:\Windows\System\BnzDWkh.exe
  C:\Windows\System\BnzDWkh.exe
  2⤵
  PID:8968
- C:\Windows\System\EPGbJZE.exe
  C:\Windows\System\EPGbJZE.exe
  2⤵
  PID:8984
- C:\Windows\System\MKyNKvJ.exe
  C:\Windows\System\MKyNKvJ.exe
  2⤵
  PID:9012
- C:\Windows\System\KcixRTC.exe
  C:\Windows\System\KcixRTC.exe
  2⤵
  PID:9032
- C:\Windows\System\SoubtII.exe
  C:\Windows\System\SoubtII.exe
  2⤵
  PID:9072
- C:\Windows\System\DisGUbQ.exe
  C:\Windows\System\DisGUbQ.exe
  2⤵
  PID:9092
- C:\Windows\System\XbUUUbe.exe
  C:\Windows\System\XbUUUbe.exe
  2⤵
  PID:9108
- C:\Windows\System\GQaVAUW.exe
  C:\Windows\System\GQaVAUW.exe
  2⤵
  PID:9128
- C:\Windows\System\MNimJmT.exe
  C:\Windows\System\MNimJmT.exe
  2⤵
  PID:9152
- C:\Windows\System\KZMMDCO.exe
  C:\Windows\System\KZMMDCO.exe
  2⤵
  PID:9172
- C:\Windows\System\AcLMANU.exe
  C:\Windows\System\AcLMANU.exe
  2⤵
  PID:9192
- C:\Windows\System\lOZqDpF.exe
  C:\Windows\System\lOZqDpF.exe
  2⤵
  PID:8004
- C:\Windows\System\foKdNDX.exe
  C:\Windows\System\foKdNDX.exe
  2⤵
  PID:8256
- C:\Windows\System\uMPQiJJ.exe
  C:\Windows\System\uMPQiJJ.exe
  2⤵
  PID:8332
- C:\Windows\System\ISXzyie.exe
  C:\Windows\System\ISXzyie.exe
  2⤵
  PID:8316
- C:\Windows\System\NvBbBUi.exe
  C:\Windows\System\NvBbBUi.exe
  2⤵
  PID:8244
- C:\Windows\System\JnOVAXy.exe
  C:\Windows\System\JnOVAXy.exe
  2⤵
  PID:8360
- C:\Windows\System\ceFzLRl.exe
  C:\Windows\System\ceFzLRl.exe
  2⤵
  PID:8368
- C:\Windows\System\VbOdjXH.exe
  C:\Windows\System\VbOdjXH.exe
  2⤵
  PID:8424
- C:\Windows\System\qLmWiUk.exe
  C:\Windows\System\qLmWiUk.exe
  2⤵
  PID:8428
- C:\Windows\System\mXjIulb.exe
  C:\Windows\System\mXjIulb.exe
  2⤵
  PID:8464
- C:\Windows\System\LkgMtRf.exe
  C:\Windows\System\LkgMtRf.exe
  2⤵
  PID:8484
- C:\Windows\System\BnDtAMq.exe
  C:\Windows\System\BnDtAMq.exe
  2⤵
  PID:7904
- C:\Windows\System\wRxzRoe.exe
  C:\Windows\System\wRxzRoe.exe
  2⤵
  PID:8556
- C:\Windows\System\jZmJbJo.exe
  C:\Windows\System\jZmJbJo.exe
  2⤵
  PID:8516
- C:\Windows\System\MPriHnz.exe
  C:\Windows\System\MPriHnz.exe
  2⤵
  PID:8632
- C:\Windows\System\vuBrFbL.exe
  C:\Windows\System\vuBrFbL.exe
  2⤵
  PID:8656
- C:\Windows\System\mGvZZgU.exe
  C:\Windows\System\mGvZZgU.exe
  2⤵
  PID:8712
- C:\Windows\System\bythRAZ.exe
  C:\Windows\System\bythRAZ.exe
  2⤵
  PID:8716
- C:\Windows\System\WRDjWpG.exe
  C:\Windows\System\WRDjWpG.exe
  2⤵
  PID:8784
- C:\Windows\System\HHPqibq.exe
  C:\Windows\System\HHPqibq.exe
  2⤵
  PID:8860
- C:\Windows\System\PcFAOmL.exe
  C:\Windows\System\PcFAOmL.exe
  2⤵
  PID:8948
- C:\Windows\System\Wxdqdfz.exe
  C:\Windows\System\Wxdqdfz.exe
  2⤵
  PID:8768
- C:\Windows\System\aIEXqFT.exe
  C:\Windows\System\aIEXqFT.exe
  2⤵
  PID:9020
- C:\Windows\System\xYnUlIO.exe
  C:\Windows\System\xYnUlIO.exe
  2⤵
  PID:8872
- C:\Windows\System\zOkJOAP.exe
  C:\Windows\System\zOkJOAP.exe
  2⤵
  PID:8992
- C:\Windows\System\pmHXCUj.exe
  C:\Windows\System\pmHXCUj.exe
  2⤵
  PID:8916
- C:\Windows\System\ijloWSO.exe
  C:\Windows\System\ijloWSO.exe
  2⤵
  PID:9004
- C:\Windows\System\GrwSOCe.exe
  C:\Windows\System\GrwSOCe.exe
  2⤵
  PID:9048
- C:\Windows\System\rmuzZFt.exe
  C:\Windows\System\rmuzZFt.exe
  2⤵
  PID:9080
- C:\Windows\System\wHshItK.exe
  C:\Windows\System\wHshItK.exe
  2⤵
  PID:9160
- C:\Windows\System\zkZdkgI.exe
  C:\Windows\System\zkZdkgI.exe
  2⤵
  PID:9184
- C:\Windows\System\VUawFTl.exe
  C:\Windows\System\VUawFTl.exe
  2⤵
  PID:9212
- C:\Windows\System\EGFhCiB.exe
  C:\Windows\System\EGFhCiB.exe
  2⤵
  PID:8296
- C:\Windows\System\AcvjJZA.exe
  C:\Windows\System\AcvjJZA.exe
  2⤵
  PID:8348
- C:\Windows\System\dPrRnfi.exe
  C:\Windows\System\dPrRnfi.exe
  2⤵
  PID:9088
- C:\Windows\System\muPFfWC.exe
  C:\Windows\System\muPFfWC.exe
  2⤵
  PID:8392
- C:\Windows\System\bJOMBmN.exe
  C:\Windows\System\bJOMBmN.exe
  2⤵
  PID:8388
- C:\Windows\System\bzrOIVB.exe
  C:\Windows\System\bzrOIVB.exe
  2⤵
  PID:8512
- C:\Windows\System\idNULZl.exe
  C:\Windows\System\idNULZl.exe
  2⤵
  PID:8568
- C:\Windows\System\YQolLxi.exe
  C:\Windows\System\YQolLxi.exe
  2⤵
  PID:8596
- C:\Windows\System\obOMrWx.exe
  C:\Windows\System\obOMrWx.exe
  2⤵
  PID:8676
- C:\Windows\System\DnUUoio.exe
  C:\Windows\System\DnUUoio.exe
  2⤵
  PID:7860
- C:\Windows\System\YVPQoTQ.exe
  C:\Windows\System\YVPQoTQ.exe
  2⤵
  PID:8904
- C:\Windows\System\XNUypMn.exe
  C:\Windows\System\XNUypMn.exe
  2⤵
  PID:8816
- C:\Windows\System\ZXxsVUR.exe
  C:\Windows\System\ZXxsVUR.exe
  2⤵
  PID:8796
- C:\Windows\System\GuvZAGw.exe
  C:\Windows\System\GuvZAGw.exe
  2⤵
  PID:8960
- C:\Windows\System\NzjKgwm.exe
  C:\Windows\System\NzjKgwm.exe
  2⤵
  PID:9052
- C:\Windows\System\WyoFHgt.exe
  C:\Windows\System\WyoFHgt.exe
  2⤵
  PID:9100
- C:\Windows\System\tBJVrSn.exe
  C:\Windows\System\tBJVrSn.exe
  2⤵
  PID:9148
- C:\Windows\System\xJuFCWA.exe
  C:\Windows\System\xJuFCWA.exe
  2⤵
  PID:9000
- C:\Windows\System\URHSSfu.exe
  C:\Windows\System\URHSSfu.exe
  2⤵
  PID:8308
- C:\Windows\System\JdRiCAq.exe
  C:\Windows\System\JdRiCAq.exe
  2⤵
  PID:8276
- C:\Windows\System\PSEIDRj.exe
  C:\Windows\System\PSEIDRj.exe
  2⤵
  PID:8468
- C:\Windows\System\zEOGIuv.exe
  C:\Windows\System\zEOGIuv.exe
  2⤵
  PID:8696
- C:\Windows\System\fGPRpGP.exe
  C:\Windows\System\fGPRpGP.exe
  2⤵
  PID:8728
- C:\Windows\System\VimrFNr.exe
  C:\Windows\System\VimrFNr.exe
  2⤵
  PID:8980
- C:\Windows\System\dSRxWhe.exe
  C:\Windows\System\dSRxWhe.exe
  2⤵
  PID:8532
- C:\Windows\System\JivKCqj.exe
  C:\Windows\System\JivKCqj.exe
  2⤵
  PID:8652
- C:\Windows\System\kKzaioU.exe
  C:\Windows\System\kKzaioU.exe
  2⤵
  PID:8832
- C:\Windows\System\rrkewdn.exe
  C:\Windows\System\rrkewdn.exe
  2⤵
  PID:8996
- C:\Windows\System\Lnomoif.exe
  C:\Windows\System\Lnomoif.exe
  2⤵
  PID:9044
- C:\Windows\System\bZXmIBo.exe
  C:\Windows\System\bZXmIBo.exe
  2⤵
  PID:8224
- C:\Windows\System\plNNtEv.exe
  C:\Windows\System\plNNtEv.exe
  2⤵
  PID:8616
- C:\Windows\System\ZDVrnVQ.exe
  C:\Windows\System\ZDVrnVQ.exe
  2⤵
  PID:8592
- C:\Windows\System\GXjznVp.exe
  C:\Windows\System\GXjznVp.exe
  2⤵
  PID:9040
- C:\Windows\System\CAYquWM.exe
  C:\Windows\System\CAYquWM.exe
  2⤵
  PID:8852
- C:\Windows\System\MxFnUUZ.exe
  C:\Windows\System\MxFnUUZ.exe
  2⤵
  PID:8964
- C:\Windows\System\QZODKGs.exe
  C:\Windows\System\QZODKGs.exe
  2⤵
  PID:9124
- C:\Windows\System\HLsNJGe.exe
  C:\Windows\System\HLsNJGe.exe
  2⤵
  PID:8840
- C:\Windows\System\weazyvo.exe
  C:\Windows\System\weazyvo.exe
  2⤵
  PID:7412
- C:\Windows\System\xWZAKBy.exe
  C:\Windows\System\xWZAKBy.exe
  2⤵
  PID:8272
- C:\Windows\System\jmqDehL.exe
  C:\Windows\System\jmqDehL.exe
  2⤵
  PID:8588
- C:\Windows\System\IjnhtZp.exe
  C:\Windows\System\IjnhtZp.exe
  2⤵
  PID:8764
- C:\Windows\System\TfbuEXo.exe
  C:\Windows\System\TfbuEXo.exe
  2⤵
  PID:9200
- C:\Windows\System\VDSNuuA.exe
  C:\Windows\System\VDSNuuA.exe
  2⤵
  PID:8412
- C:\Windows\System\RKRErrE.exe
  C:\Windows\System\RKRErrE.exe
  2⤵
  PID:9144
- C:\Windows\System\LbPkJuR.exe
  C:\Windows\System\LbPkJuR.exe
  2⤵
  PID:8820
- C:\Windows\System\iXMdzqx.exe
  C:\Windows\System\iXMdzqx.exe
  2⤵
  PID:9140
- C:\Windows\System\FbxbCcP.exe
  C:\Windows\System\FbxbCcP.exe
  2⤵
  PID:9232
- C:\Windows\System\gPtEKRo.exe
  C:\Windows\System\gPtEKRo.exe
  2⤵
  PID:9252
- C:\Windows\System\KcRdFuD.exe
  C:\Windows\System\KcRdFuD.exe
  2⤵
  PID:9268
- C:\Windows\System\GxQTIiL.exe
  C:\Windows\System\GxQTIiL.exe
  2⤵
  PID:9284
- C:\Windows\System\tOEMYqs.exe
  C:\Windows\System\tOEMYqs.exe
  2⤵
  PID:9300
- C:\Windows\System\ScENjNc.exe
  C:\Windows\System\ScENjNc.exe
  2⤵
  PID:9320
- C:\Windows\System\mBomWBY.exe
  C:\Windows\System\mBomWBY.exe
  2⤵
  PID:9344
- C:\Windows\System\GLncmGa.exe
  C:\Windows\System\GLncmGa.exe
  2⤵
  PID:9380
- C:\Windows\System\VwRmGNI.exe
  C:\Windows\System\VwRmGNI.exe
  2⤵
  PID:9396
- C:\Windows\System\kriESTz.exe
  C:\Windows\System\kriESTz.exe
  2⤵
  PID:9412
- C:\Windows\System\zZRpVde.exe
  C:\Windows\System\zZRpVde.exe
  2⤵
  PID:9436
- C:\Windows\System\dHNzaOB.exe
  C:\Windows\System\dHNzaOB.exe
  2⤵
  PID:9456
- C:\Windows\System\arPzUtp.exe
  C:\Windows\System\arPzUtp.exe
  2⤵
  PID:9472
- C:\Windows\System\kzHcaeb.exe
  C:\Windows\System\kzHcaeb.exe
  2⤵
  PID:9492
- C:\Windows\System\tFeigok.exe
  C:\Windows\System\tFeigok.exe
  2⤵
  PID:9512
- C:\Windows\System\hJqesKp.exe
  C:\Windows\System\hJqesKp.exe
  2⤵
  PID:9532
- C:\Windows\System\jUwRJyM.exe
  C:\Windows\System\jUwRJyM.exe
  2⤵
  PID:9548
- C:\Windows\System\WtXKYZi.exe
  C:\Windows\System\WtXKYZi.exe
  2⤵
  PID:9564
- C:\Windows\System\oTOVhbd.exe
  C:\Windows\System\oTOVhbd.exe
  2⤵
  PID:9580
- C:\Windows\System\fxBYfqP.exe
  C:\Windows\System\fxBYfqP.exe
  2⤵
  PID:9604
- C:\Windows\System\DGiRXuc.exe
  C:\Windows\System\DGiRXuc.exe
  2⤵
  PID:9620
- C:\Windows\System\unMGkxS.exe
  C:\Windows\System\unMGkxS.exe
  2⤵
  PID:9636
- C:\Windows\System\kryHBhG.exe
  C:\Windows\System\kryHBhG.exe
  2⤵
  PID:9656
- C:\Windows\System\lyaLeej.exe
  C:\Windows\System\lyaLeej.exe
  2⤵
  PID:9716
- C:\Windows\System\myZxOrj.exe
  C:\Windows\System\myZxOrj.exe
  2⤵
  PID:9732
- C:\Windows\System\IevwFzN.exe
  C:\Windows\System\IevwFzN.exe
  2⤵
  PID:9752
- C:\Windows\System\KAgEACQ.exe
  C:\Windows\System\KAgEACQ.exe
  2⤵
  PID:9776
- C:\Windows\System\BTWEVLI.exe
  C:\Windows\System\BTWEVLI.exe
  2⤵
  PID:9796
- C:\Windows\System\gpAHZhJ.exe
  C:\Windows\System\gpAHZhJ.exe
  2⤵
  PID:9812
- C:\Windows\System\pdNRHsh.exe
  C:\Windows\System\pdNRHsh.exe
  2⤵
  PID:9836
- C:\Windows\System\hBAnEuL.exe
  C:\Windows\System\hBAnEuL.exe
  2⤵
  PID:9856
- C:\Windows\System\OfTuuOT.exe
  C:\Windows\System\OfTuuOT.exe
  2⤵
  PID:9876
- C:\Windows\System\nurqNZE.exe
  C:\Windows\System\nurqNZE.exe
  2⤵
  PID:9900
- C:\Windows\System\LJweNwg.exe
  C:\Windows\System\LJweNwg.exe
  2⤵
  PID:9916
- C:\Windows\System\EXBrXJy.exe
  C:\Windows\System\EXBrXJy.exe
  2⤵
  PID:9936
- C:\Windows\System\rCkvlXC.exe
  C:\Windows\System\rCkvlXC.exe
  2⤵
  PID:9960
- C:\Windows\System\UsyQqHR.exe
  C:\Windows\System\UsyQqHR.exe
  2⤵
  PID:9976
- C:\Windows\System\xQfbFNW.exe
  C:\Windows\System\xQfbFNW.exe
  2⤵
  PID:10000
- C:\Windows\System\NNSpfXK.exe
  C:\Windows\System\NNSpfXK.exe
  2⤵
  PID:10016
- C:\Windows\System\qHcoMXq.exe
  C:\Windows\System\qHcoMXq.exe
  2⤵
  PID:10036
- C:\Windows\System\yyUgeQV.exe
  C:\Windows\System\yyUgeQV.exe
  2⤵
  PID:10060
- C:\Windows\System\dQiRkYr.exe
  C:\Windows\System\dQiRkYr.exe
  2⤵
  PID:10076
- C:\Windows\System\ZkfWCmT.exe
  C:\Windows\System\ZkfWCmT.exe
  2⤵
  PID:10096
- C:\Windows\System\bGXEppA.exe
  C:\Windows\System\bGXEppA.exe
  2⤵
  PID:10116
- C:\Windows\System\fPBkcwH.exe
  C:\Windows\System\fPBkcwH.exe
  2⤵
  PID:10136
- C:\Windows\System\vUurviR.exe
  C:\Windows\System\vUurviR.exe
  2⤵
  PID:10160
- C:\Windows\System\qZZDhBV.exe
  C:\Windows\System\qZZDhBV.exe
  2⤵
  PID:10176
- C:\Windows\System\gmRcSud.exe
  C:\Windows\System\gmRcSud.exe
  2⤵
  PID:10192
- C:\Windows\System\DlGPhOX.exe
  C:\Windows\System\DlGPhOX.exe
  2⤵
  PID:10212
- C:\Windows\System\ViSUyZz.exe
  C:\Windows\System\ViSUyZz.exe
  2⤵
  PID:10232
- C:\Windows\System\xUOCxwZ.exe
  C:\Windows\System\xUOCxwZ.exe
  2⤵
  PID:9264
- C:\Windows\System\ZuWKNhQ.exe
  C:\Windows\System\ZuWKNhQ.exe
  2⤵
  PID:9332
- C:\Windows\System\vOJApPc.exe
  C:\Windows\System\vOJApPc.exe
  2⤵
  PID:9316
- C:\Windows\System\txAhREC.exe
  C:\Windows\System\txAhREC.exe
  2⤵
  PID:8204
- C:\Windows\System\DVAQeUM.exe
  C:\Windows\System\DVAQeUM.exe
  2⤵
  PID:9368
- C:\Windows\System\VdovkVy.exe
  C:\Windows\System\VdovkVy.exe
  2⤵
  PID:9392
- C:\Windows\System\JllRLRu.exe
  C:\Windows\System\JllRLRu.exe
  2⤵
  PID:9464
- C:\Windows\System\ljedmrh.exe
  C:\Windows\System\ljedmrh.exe
  2⤵
  PID:9508
- C:\Windows\System\HneFvgu.exe
  C:\Windows\System\HneFvgu.exe
  2⤵
  PID:9612
- C:\Windows\System\fOXQjIQ.exe
  C:\Windows\System\fOXQjIQ.exe
  2⤵
  PID:9484
- C:\Windows\System\EfqffhA.exe
  C:\Windows\System\EfqffhA.exe
  2⤵
  PID:9520
- C:\Windows\System\pqmVFTG.exe
  C:\Windows\System\pqmVFTG.exe
  2⤵
  PID:9664
- C:\Windows\System\EwIJqoO.exe
  C:\Windows\System\EwIJqoO.exe
  2⤵
  PID:9628
- C:\Windows\System\KaEPnqm.exe
  C:\Windows\System\KaEPnqm.exe
  2⤵
  PID:9672
- C:\Windows\System\dVKBmal.exe
  C:\Windows\System\dVKBmal.exe
  2⤵
  PID:9692
- C:\Windows\System\tjKltsg.exe
  C:\Windows\System\tjKltsg.exe
  2⤵
  PID:9724
- C:\Windows\System\jiJjcim.exe
  C:\Windows\System\jiJjcim.exe
  2⤵
  PID:9764
- C:\Windows\System\nHfRIZO.exe
  C:\Windows\System\nHfRIZO.exe
  2⤵
  PID:9804
- C:\Windows\System\BXkCQhy.exe
  C:\Windows\System\BXkCQhy.exe
  2⤵
  PID:9828
- C:\Windows\System\aezzfuu.exe
  C:\Windows\System\aezzfuu.exe
  2⤵
  PID:9852
- C:\Windows\System\oZLrKJQ.exe
  C:\Windows\System\oZLrKJQ.exe
  2⤵
  PID:9832
- C:\Windows\System\XeYFOEo.exe
  C:\Windows\System\XeYFOEo.exe
  2⤵
  PID:9908
- C:\Windows\System\HyuDkVT.exe
  C:\Windows\System\HyuDkVT.exe
  2⤵
  PID:9748
- C:\Windows\System\VJQXgGW.exe
  C:\Windows\System\VJQXgGW.exe
  2⤵
  PID:9984
- C:\Windows\System\TSDDzyV.exe
  C:\Windows\System\TSDDzyV.exe
  2⤵
  PID:10044
- C:\Windows\System\ZKnjjdY.exe
  C:\Windows\System\ZKnjjdY.exe
  2⤵
  PID:10124
- C:\Windows\System\UILsyqJ.exe
  C:\Windows\System\UILsyqJ.exe
  2⤵
  PID:10168
- C:\Windows\System\bBsHMAE.exe
  C:\Windows\System\bBsHMAE.exe
  2⤵
  PID:10200
- C:\Windows\System\iyqFjjy.exe
  C:\Windows\System\iyqFjjy.exe
  2⤵
  PID:10112
- C:\Windows\System\CcNxQzM.exe
  C:\Windows\System\CcNxQzM.exe
  2⤵
  PID:10152
- C:\Windows\System\DPgInVn.exe
  C:\Windows\System\DPgInVn.exe
  2⤵
  PID:10188
- C:\Windows\System\uBZXAhO.exe
  C:\Windows\System\uBZXAhO.exe
  2⤵
  PID:10228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AObgZzr.exe

Filesize
6.0MB

MD5
5ba438e0a34f215a5835a18024f3062b

SHA1
6983c053295d8c652a4eafc0e3662e6aea610be6

SHA256
a818e478e8f19c585785deec5e2b79e056f962c6fd8638ff8f1578e4d7907819

SHA512
1197948c0b6d1b735bb3b6c881da7fa94d06095c9564697f9076d3209777883850f5e3623930385ad441921509250de787ed6491ccee3beaec875339b434e86c

Download Submit
C:\Windows\system\BopGluu.exe

Filesize
6.0MB

MD5
cbf6c4ec48105cbc637e85a20bd68474

SHA1
98322c476768f248ac0dca61f1b6cde5a93fcae1

SHA256
26ebdf39fb9d4d24be05889d78b2619bfeda5405df995c0190f0b8f2dc29ccdf

SHA512
50d0f5d77bac2212a39a2377092be4133f59e25cfb1532e2565a9b847b0b85f93a4f5a8e1d852632290df79fa995ae9a1473f3e57420df40145198c87663c2cf

Download Submit
C:\Windows\system\CaVLiCe.exe

Filesize
6.0MB

MD5
ce454e3b6ec7cb9765ea3e019ddbb613

SHA1
47abc4dddf9e1ce228d2ca9866f0e660b90ade9e

SHA256
802dfbc4c67349eaa96e30122b01cec04f47f0d7f776aca25d5121c2fa53a73a

SHA512
132f49edde4f31c900ff750f5f104d72a3f39c9ad321a0962d7052d52433485218b9ecd083648a41999bd4b71b4bcf4f39cb0ee33820e060b32893abbc168153

Download Submit
C:\Windows\system\JrLtDUU.exe

Filesize
6.0MB

MD5
ad7166ae70139f4b2dc090c6c02613a2

SHA1
a16ac59c068c3f0d80f18647f109c97ec94f6e8b

SHA256
a80cd3abf9eda6309b1b69eac38abd4dcc8b43569704ac94e66f2ca19491f5ee

SHA512
4e3f580e09a8c8ffabd3fe9e2cf6a02c2c08b77fd144ba52f2c774ce0e04a6b54e69380b8ea5c4bc0ff84667f5d69ca987117dc079420dd209477e034e7dd5f1

Download Submit
C:\Windows\system\JulYomc.exe

Filesize
6.0MB

MD5
0894b0c31c491954cea203610ec36aa4

SHA1
18875a28f4c85646d7cc60b11c20b0a59d9d7b96

SHA256
0cd1f7023dcf060d76bd58886dba4dea8b7d9ce0e117fdeaa50fc2907410ead5

SHA512
a4ac7975a954b00d474ee386c1aebeeafd411648c4b34621bc836ee51a704dfb73f4debe3fef8dc4bfade5bbe54e07ef8cf6fe2d32bde3081c470c3f392f91b6

Download Submit
C:\Windows\system\Ntzvwhc.exe

Filesize
6.0MB

MD5
ec14b4c9f3f77344d61005c2258c5720

SHA1
bbef9e8a07c0871aeec0be516e3c15b6620c2740

SHA256
6ef81871e01c717f9a49091c9a8e943fbed8f5fbb39481fcd9d7598dbea8f7fd

SHA512
27246cce4df1b33771c27eca55aa356676d146def9fab5cb6b190830d188fb36b34bb45adbfd6b7b3c567c04410b5d5d8662bd4f78d159f03333c0f89d1b2d3d

Download Submit
C:\Windows\system\RLQskAs.exe

Filesize
6.0MB

MD5
135961866851e340c69cf549a8c766dc

SHA1
5ca3f9775671784c19e0782185400e5f133eae7b

SHA256
4b3c877cd5c37cf9fefad10d5b3fc75cee177801bd9003000f6fd11cc583fe7c

SHA512
8670caad9a4c3c32053adea12692ab23d156b17ec0e1ee196154fac74724f130104fa6f89dbba578427778b1fe4566fa84775542a487797616619fe5e825bcd6

Download Submit
C:\Windows\system\ceeATNf.exe

Filesize
6.0MB

MD5
8077a991dd9c00d6f6464b62315ca866

SHA1
d83f269b857ba8051b0c3f6532c145ebad750852

SHA256
2d26ca5e257bde1b3838830f033f954831a090253faa5f1670a47d56080dd1fc

SHA512
0ae7f6048f62375a08644fd18922541a45939093051b6121524b89d62d2963cd972604ea5c4a2612415ffb0f91a4faf4ca5bd08a2e3d858943c7389ebf66021b

Download Submit
C:\Windows\system\cpNSpJB.exe

Filesize
6.0MB

MD5
6396b15116ca1b9a420d97bb7d1d685e

SHA1
13dc8ea5e68c43362db8c9dc7bc6ec07159765ae

SHA256
92c1cb626eb91c6dff04e94df5d3f739ac3f97ea3914ee49c91f7f59fe719e65

SHA512
8510fd1c4b0fd69fe4db35ff96f4d69d56e27de919bb2b0f0bc5ee3ab145a0d29b1b641d2d748ea040e58b513f1736fd0709b0be6e521e4c52618d14d46c525c

Download Submit
C:\Windows\system\nIGAwqx.exe

Filesize
6.0MB

MD5
401bc22afdff9bd21283c0a453575d71

SHA1
9cfe4e9f84bd16167ff385e1cbdc23d75e47b753

SHA256
0a7667ed499bfd7a0104a59f5f3e0d68dd395e9bef195e42b33558f1809d43b6

SHA512
059d744c55683590f4f4c6e7904bc90b16ab530e3430cdc8fe4a16b859ff3eb89de2ef5b287c57ade21e03666f39bb6afbec499b833935b04d655ae87c3930a8

Download Submit
C:\Windows\system\nUpbPPc.exe

Filesize
6.0MB

MD5
a74c729991d0a7c2ee37cc47c4f857b7

SHA1
685de6e2b4b593016e637ad1c40c241cd5a18feb

SHA256
2eb792316382c9d0818c17c76184d233f70e196a0d1a76e62a3479ac076d84a7

SHA512
a7a4f4bb193770f98c1269f711a4e5651d4c10af1f5463176c69f0897f34f9c28dee58beb482d2e5b79c7aa6d5c0e334fe1e814810956f8fada5470c1beb7674

Download Submit
C:\Windows\system\ojwPjkP.exe

Filesize
6.0MB

MD5
91fdd428fb6fd7b692c6c2bbac181d4d

SHA1
700b942037c6271249add64f7df6b7fff4811838

SHA256
0c45e05d83cc64a4b33f4923b98661ca2ad971e4de910d3e2303cddc5cb78855

SHA512
2c1716c07215e6412f06f9fdb4c43fe37dd20df01b69a3efdccbe5e19406c88625b96090d63f492f8d070046b2116da566a92c352f5458a758be280482fef75f

Download Submit
C:\Windows\system\rZkYidG.exe

Filesize
6.0MB

MD5
6f706d3d1a0a9cf73022eeccc60eee00

SHA1
147d2f9a2b7d828d93107c0785312658e3c886f6

SHA256
352374eab03a5fbf8a778cebb0752b9e658c5b74f1c8de295db30697ed381343

SHA512
d89965c081f862ef932ade689e5f786bbf8864d08c4435fe7be159010638296dfabca3a1d2c4fbc66b7b0c299724af0f5d1dc37cceb3bb4a9169e335fb380188

Download Submit
C:\Windows\system\tDLTyOD.exe

Filesize
6.0MB

MD5
eb558cf07f75cf2a2bb104afa1322c0a

SHA1
cd279256397d1d53a47719ec1c7d47a0615851f3

SHA256
51a233c6e011e02bb89ba197df46585ace9cacc07e94337ec218ff2828a95a73

SHA512
2d84fb26d590501396d61c1b204c048986ba41df3a4478abcf5e50830ac19f4db088b3eefccfe783408815fe06f408c05802c2756263e5d20a9c94ff160a45e6

Download Submit
\Windows\system\NFBhqYh.exe

Filesize
6.0MB

MD5
51ed69da153cc52debee57537c1728b3

SHA1
271f2f7713c05332273fca7556e712aa1219177b

SHA256
67e13b9a6f6d66e6e7c99d1d497b34f779119660baef83cb06513a73e5111573

SHA512
de6b837a5c78aaaa4517ed39e41e1954c28c5a8b977dbfcd0a1c5148da54ea77a5cc3545454d4fedcb9edfb6b7761a79c141b0908e0fd339fee8779783d30fe9

Download Submit
\Windows\system\NRhDYIR.exe

Filesize
6.0MB

MD5
1c3742d803722ad68cc3afc75d16a2ff

SHA1
9ede03ccbb8549c7a7a29896252a7f42a3c62f62

SHA256
2cadfbcb79e012948e0f01c70e97a98a31b01ce25b67ac930cf60a5c152276f2

SHA512
4f4ac4cd5969d514216147b6709161c2b1ccb32b8faebb3b14de2c98746fff96f8b007b4c8de58674b6100237bd12c0adf51d3c7c4ecfe23caa82a52e2822f43

Download Submit
\Windows\system\OrTyhGN.exe

Filesize
6.0MB

MD5
41a91a710b2b5c49398688137ad40abc

SHA1
24a8a3d282bb038d70d6c960a9fdbae991be525e

SHA256
efb44d3a90a9245e16b9402ed009c1a83b103730d13f419fac9c2717dd560149

SHA512
2903d46d0adcea8a71b8f6edc480af2352e6f3fa96d9503677b97086ff9e404b6187ddef7f98ef43694d768f1104644f4abd8384b41c818cb3e691c223c80ef5

Download Submit
\Windows\system\SPDQioI.exe

Filesize
6.0MB

MD5
8ad7126230c9ef2395046bbd16890a22

SHA1
fb83761fe225cec2c5b05d1832aaa5ad3f068023

SHA256
5d8258c05fb0d8c00554eba92b233aebd1203126e4c782a64d0be39c6514db81

SHA512
81331d19a0b71f0fd7c77d5ec1bbc8146ec6c808453020b647787b3022b662c424af32e0aea152677f52b3394ebd3b3069cb5344772eee4df259cb763d5f452c

Download Submit
\Windows\system\SqdLzCT.exe

Filesize
6.0MB

MD5
ebb171969d52749483559c4f9dd10f8f

SHA1
2db5a1999588e88f977ad82b1135540ccab7f778

SHA256
eb17c6d284824aa1540b751de0cbf9c0090600d4bdf9fb7ed7866ace1515b764

SHA512
e5ab6609432841391c84da553db12a2f97f6b58e916127746845c930b3cece93f50084898920435052df1a72ea3b6067a51a09302aab52fa077d27e202ab92ad

Download Submit
\Windows\system\TiFdKyI.exe

Filesize
6.0MB

MD5
e6eae624a99e6773a01a271a5f32cb61

SHA1
86bd3931c4c02aa8b7fbfdec8ecf9071d67b1f6e

SHA256
4abe1051e30bff1f407e85ac27c27bf233bf6fc01aa4992aad70b361df82037f

SHA512
81c52d54ee91cbdefd7ab263b405077a8c89e6b6f79dafbf2df23df1d4962907ea48825134917f2c456bde5687a983dca7910d1b409f8e40d31626b47c7ab664

Download Submit
\Windows\system\UlZEKHP.exe

Filesize
6.0MB

MD5
1a4ebba6236fccff637f5cce6c5d13ca

SHA1
73c5f053e080694c644ff2bcbf6558f509a36b11

SHA256
a7a19ddeb7d9dbf91849beb18576cfe171ba39a8b048d53778a9817d79e911ce

SHA512
135a43dce17146b893a3b1b37973afa88d1a6b53c52069c8ba8c78a4f1a72fb64fd6cf8574c9ee61b49dc434f4bc5bd9d34273f127753ccf4267dbefeb0f43a7

Download Submit
\Windows\system\YBqsunI.exe

Filesize
6.0MB

MD5
6df58969aa7a7ac82e2e92732067abd5

SHA1
15e891f3a6bb5e4f011734b3c01cf8db80b59332

SHA256
9b5c4c419f1b6f4bd8de58c14a68538d1fa1df261a7dcea10ed929ad90acde93

SHA512
9d6fb0373890c696befa5705626bad1e44b05c09c5a5fafb4cd37031b122552995f25662ddf8f8c580fdc5f60dc356da56d24b67f9e59cbc567e8c59f976c279

Download Submit
\Windows\system\YExXgYR.exe

Filesize
6.0MB

MD5
63629fe6b4d590f7fe0c0e4c056788c2

SHA1
b2f7a5fec3921c64cf049d1e4b373d81828076a0

SHA256
73e4f51dce52671fbf4462b4b9592fa1348e3d135fbac26fbf405083e8fe01f3

SHA512
14130c39b8ed86e662cbf71dc4d49d381ccc2d99ecafaf965755b801bb64567d5e41e72e73e78a6804da1152c50832b9385873d14c930480d420c81a92731a31

Download Submit
\Windows\system\aFOiJcH.exe

Filesize
6.0MB

MD5
e2119e3c0ff92dd0a5f24688fc254fdf

SHA1
da2be0a7ce6f2813cd1504ca07543c6ac3a0a927

SHA256
e105cb12bbc8aeb7943a7b089f283bdc1bc5ac0717c2c64b1a75ac0bc62ca5a3

SHA512
fabbe1f424da10494a94a0b554e37bf2ec7b4e09d65f59f629d3448aeeb18787c5873b7e7d75fdbd27797994c880c5929e3dd173d8eeacf98e749640d4d00f5f

Download Submit
\Windows\system\jYfhCSL.exe

Filesize
6.0MB

MD5
f3688a88114c267fee9490ab2bce40de

SHA1
1a3abb8e799cd70517ea556705a4e43292055447

SHA256
24163376fce0caecd75f37dfc8c90463c75d88f5642e0cbd663a9284b5477df6

SHA512
a07e86ef93d39cc9702bdedfd1ca77cce2adb3c235a7c804a158506fc2a6c3fce55b8582dc2719b6494b9db169b3b9c7b4e73ea66570e3f8099aaffc2a3245f6

Download Submit
\Windows\system\poiGyye.exe

Filesize
6.0MB

MD5
6b03cfe4745dc7ef39fd15222ca9013a

SHA1
38dcd637a09a5108efd13b05b47c806c8ff0b9df

SHA256
56e122b9c0ea74e4e66ab8ace6318f1ac7082a52529d620ddc9abdeef6ae18c9

SHA512
a0c90c1bc3c78079342e3cb0dcb70275c88e5f31f9de8f6e36e302410dcee82b6f1e4e822411fb0deda8a7a60c6c01f8b35da386288f5799eed8716f9d49388e

Download Submit
\Windows\system\sRgWoGx.exe

Filesize
6.0MB

MD5
3f41a2e93cd4af884bbe2897fd5f9e69

SHA1
ef038c19b8ab359fe4515f3fdccd3026e041f17c

SHA256
2da9264a235211f9ab4d288260633cbd2ee37833df7d50a62e316908101fae71

SHA512
c13fc6b55ff3e178de3db3396cb14aea49bbb16943e90cf4ec3e27beff3adc4bc29da627966f87fb2c02f20cbc43076b803a3393167a6c49262f20d0b469a5dc

Download Submit
\Windows\system\tgiMkDe.exe

Filesize
6.0MB

MD5
bfa4a0cc8cac8b0ac20f409c9635b4b8

SHA1
8b73e2e05795c7e2b227e310f33ccb91995e54cc

SHA256
f8135d80806c2f9268b03e937d208d6f6fa15f8fe81916d80a1a4f4fcc8ec431

SHA512
35d284147160cc254db3a2a119300d2fc119da4bd377a4cfb2bd7530d23d0043a45b9f70552615ceae491ee9543da224204b5a8a0243833233f2761b3ec44cb6

Download Submit
\Windows\system\tqeZapY.exe

Filesize
6.0MB

MD5
6db4f55b7edcc146b564687ce4703941

SHA1
6abe5280d6c515913cf316e051a2a23815d69f2d

SHA256
7aaf68668ed62f17f224282861b76f0447399f1ea80d19b6f26fe2d1d70c3669

SHA512
9346aa0ee18cfaea00f7d4af5756fa07ce26fed81f5566ad24c983d8a890e2b3a4e1fce19c067f3a8388904805ed582efac893002473e2b5e4d4326f8a2ae4de

Download Submit
\Windows\system\ymmXyyM.exe

Filesize
6.0MB

MD5
b8842558da55d84c6f5f5145acebe7cf

SHA1
dca69e3e3a761b058d5fa6c9df20eea2c97f5291

SHA256
155b7bb42a9e0ad45291d73267c289ef2bebb23f4f0d9fe4d3e374ce02332c10

SHA512
2ebc6a82d78ffade9fa6c9fa7511205fe0f96db55ca9789045e0e4afaf6a68a5cf50b221483bf19f0a2f33edd73f5f20c2fd5bdd6259b2b9ae4041501f99b773

Download Submit
\Windows\system\yxxhWAn.exe

Filesize
6.0MB

MD5
964eb623d1720433885b2fc13c0fd92a

SHA1
90c5f02e4d5cba402e48c2d070fda1b3b9c343f2

SHA256
bd5a824ef267a66344ece6d9c47726a852f3627fb98713d09cf771e8093e6e12

SHA512
34b7a6a56b1332434dfca289544156105fa0473e6743046e09ae961d007ffa23b1dd4bc187777695dd3e12b651e550c9805136d87b2dfdfe7af24776657d146f

Download Submit
\Windows\system\zStLnWj.exe

Filesize
6.0MB

MD5
64cd8d17a22d7f7d3692b6077b352ac1

SHA1
c279c9b486a4f2dbf79bfc31fc77375388a7dbb3

SHA256
c25cbc7488741e5215e9e6521cc15ddf58694a4c980cc6622af2744dc9d5534d

SHA512
a2b2a190c42f73a66b8e4302232ba08f84bf0ea862d6f57fc9b72d37b60328dc04477bce97e987f225e5e0f8144550c82cb7a4aaaba75be43499c454be59075f

Download Submit
memory/792-2771-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/792-21-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/792-48-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/1412-3327-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/1412-113-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/1804-49-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/1804-101-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1804-0-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/1804-35-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/1804-76-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-73-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/1804-112-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/1804-68-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1804-96-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/1804-39-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1804-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1804-103-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-6-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1804-33-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1804-106-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/1804-15-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/1804-273-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-340-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-120-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1804-58-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1804-26-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/1880-133-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1880-71-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1880-3317-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2212-56-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2212-2834-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2212-32-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2220-92-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-339-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-3322-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-3335-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2328-108-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2448-17-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2760-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2484-60-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-107-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-3011-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-2767-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-19-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-3321-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-88-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-274-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-44-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2844-3005-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2848-82-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2848-51-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2848-3004-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2900-63-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-36-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-2842-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-3030-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2976-65-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2976-119-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download