cobaltstrike | 8b76c677fa615325410ee8d32529cc8653ae2c5b1b0fda890d8e00b48daaca9e

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/12/2024, 06:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

e18888162d958355311622e74f5f0d4e
SHA1

5ed2093dd09fb120d3971c0e24ae072c8db1e457
SHA256

8b76c677fa615325410ee8d32529cc8653ae2c5b1b0fda890d8e00b48daaca9e
SHA512

509722f757032d75c3b1d0d472c0878e3ce4742b92dd295e81c94b150258862bfd867b8a65374a590bb1f8a9cf036312634c69692ca0c0fd57060d57895ecd82
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUY:T+q56utgpPF8u/7Y

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120ff-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015cf1-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d5c-27.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925c-127.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193af-170.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f8-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-185.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019494-180.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193fa-172.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c9-164.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a2-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019346-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019408-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019384-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933e-153.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192f0-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019241-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019228-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001920f-106.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903d-99.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019030-95.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d68-90.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d63-83.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018bcd-76.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018761-70.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001875d-63.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-56.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186de-51.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d7f-44.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d6d-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d64-35.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d2e-24.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015ce7-12.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1636-0-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/files/0x00080000000120ff-6.dat	xmrig
behavioral1/files/0x0008000000015cf1-11.dat	xmrig
behavioral1/files/0x0007000000015d5c-27.dat	xmrig
behavioral1/memory/2280-46-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/3052-59-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2160-85-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/files/0x000500000001925c-127.dat	xmrig
behavioral1/files/0x00050000000193af-170.dat	xmrig
behavioral1/files/0x00050000000193f8-178.dat	xmrig
behavioral1/files/0x000500000001932a-141.dat	xmrig
behavioral1/files/0x0005000000019273-185.dat	xmrig
behavioral1/memory/2552-3977-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2680-3979-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2580-3978-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2264-3976-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2324-3975-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2644-3974-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2188-3973-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2160-3972-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/1624-3971-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/3052-3970-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2072-3969-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2280-3968-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2284-3967-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2904-3966-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/1636-1491-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2264-195-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/files/0x0005000000019494-180.dat	xmrig
behavioral1/files/0x00050000000193fa-172.dat	xmrig
behavioral1/files/0x00050000000193c9-164.dat	xmrig
behavioral1/files/0x00050000000193a2-155.dat	xmrig
behavioral1/files/0x0005000000019346-148.dat	xmrig
behavioral1/files/0x0005000000019408-184.dat	xmrig
behavioral1/memory/2072-133-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/files/0x0005000000019384-162.dat	xmrig
behavioral1/files/0x000500000001933e-153.dat	xmrig
behavioral1/files/0x00050000000192f0-139.dat	xmrig
behavioral1/files/0x0005000000019241-123.dat	xmrig
behavioral1/files/0x0005000000019228-122.dat	xmrig
behavioral1/memory/2680-121-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019234-115.dat	xmrig
behavioral1/memory/2552-108-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001920f-106.dat	xmrig
behavioral1/memory/2580-101-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/files/0x000600000001903d-99.dat	xmrig
behavioral1/files/0x0006000000019030-95.dat	xmrig
behavioral1/files/0x0006000000018d68-90.dat	xmrig
behavioral1/memory/2644-87-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018d63-83.dat	xmrig
behavioral1/memory/2324-80-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/files/0x0006000000018bcd-76.dat	xmrig
behavioral1/memory/1624-72-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/files/0x0005000000018761-70.dat	xmrig
behavioral1/memory/1636-67-0x00000000022E0000-0x0000000002634000-memory.dmp	xmrig
behavioral1/memory/2188-65-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x000500000001875d-63.dat	xmrig
behavioral1/files/0x00050000000186ee-56.dat	xmrig
behavioral1/files/0x00050000000186de-51.dat	xmrig
behavioral1/files/0x0009000000015d7f-44.dat	xmrig
behavioral1/files/0x0007000000015d6d-39.dat	xmrig
behavioral1/files/0x0007000000015d64-35.dat	xmrig
behavioral1/memory/2284-25-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d2e-24.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2904	geqTIOJ.exe
2284	iiuPMqN.exe
2280	oopWTfV.exe
2072	AabltzL.exe
3052	mmMrEJw.exe
2188	pfdbDOx.exe
1624	EWhNInZ.exe
2324	SwdpbAn.exe
2160	abQuTDf.exe
2264	ySNuPmj.exe
2644	lwXMREl.exe
2580	mFpqPJE.exe
2552	rkQbUpE.exe
2680	zWHUaOK.exe
2892	ZIGwWKC.exe
2548	GcxEuHO.exe
2432	QKuifzn.exe
2512	nMUlBOf.exe
2884	WQelEDw.exe
2700	uUmYXiS.exe
796	XWQtwhR.exe
1200	KnlXiTa.exe
1480	xiAHAYS.exe
1976	baWEsxE.exe
852	jQJaqHk.exe
2504	XzKmgMx.exe
2496	gYXutqW.exe
2180	LZNgPOS.exe
1544	XOLzeGR.exe
1980	bnUYrTY.exe
2028	HVjBrPz.exe
1276	atGZEFZ.exe
2612	BltLohn.exe
1588	UFYXCAg.exe
976	XONmAuP.exe
972	zwUOieH.exe
1540	gJIIiyQ.exe
1484	KqPXvTw.exe
1724	NyzUTqF.exe
1732	tUMcPYB.exe
1140	mnKykLH.exe
2972	vKyzsev.exe
856	JdVgpuf.exe
1224	LKZlUtC.exe
1712	QCkVfYZ.exe
924	IwQPyuy.exe
268	LuYrSzR.exe
2100	RtEGQPs.exe
1672	nymTvch.exe
3016	FXTSiWs.exe
1904	dsdvPDu.exe
3064	pnnwtnV.exe
1520	IwAqovs.exe
2900	PlAJMVh.exe
2860	QUSVCkV.exe
2960	jFJJMQd.exe
2976	hilOwUu.exe
3032	SCIiHQz.exe
2836	nmsZiyJ.exe
2996	NJcMpQV.exe
1644	uHbcwYB.exe
2788	wLfUTBo.exe
1668	rfFlJEK.exe
2144	zZABrRY.exe

Loads dropped DLL 64 IoCs

pid	Process
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1636-0-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/files/0x00080000000120ff-6.dat	upx
behavioral1/files/0x0008000000015cf1-11.dat	upx
behavioral1/files/0x0007000000015d5c-27.dat	upx
behavioral1/memory/2280-46-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/3052-59-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2160-85-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/files/0x000500000001925c-127.dat	upx
behavioral1/files/0x00050000000193af-170.dat	upx
behavioral1/files/0x00050000000193f8-178.dat	upx
behavioral1/files/0x000500000001932a-141.dat	upx
behavioral1/files/0x0005000000019273-185.dat	upx
behavioral1/memory/2552-3977-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2680-3979-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2580-3978-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2264-3976-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2324-3975-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2644-3974-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2188-3973-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2160-3972-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/1624-3971-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/3052-3970-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2072-3969-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2280-3968-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2284-3967-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2904-3966-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/1636-1491-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2264-195-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/files/0x0005000000019494-180.dat	upx
behavioral1/files/0x00050000000193fa-172.dat	upx
behavioral1/files/0x00050000000193c9-164.dat	upx
behavioral1/files/0x00050000000193a2-155.dat	upx
behavioral1/files/0x0005000000019346-148.dat	upx
behavioral1/files/0x0005000000019408-184.dat	upx
behavioral1/memory/2072-133-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/files/0x0005000000019384-162.dat	upx
behavioral1/files/0x000500000001933e-153.dat	upx
behavioral1/files/0x00050000000192f0-139.dat	upx
behavioral1/files/0x0005000000019241-123.dat	upx
behavioral1/files/0x0005000000019228-122.dat	upx
behavioral1/memory/2680-121-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x0005000000019234-115.dat	upx
behavioral1/memory/2552-108-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/files/0x000500000001920f-106.dat	upx
behavioral1/memory/2580-101-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/files/0x000600000001903d-99.dat	upx
behavioral1/files/0x0006000000019030-95.dat	upx
behavioral1/files/0x0006000000018d68-90.dat	upx
behavioral1/memory/2644-87-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/files/0x0006000000018d63-83.dat	upx
behavioral1/memory/2324-80-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/files/0x0006000000018bcd-76.dat	upx
behavioral1/memory/1624-72-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/files/0x0005000000018761-70.dat	upx
behavioral1/memory/2188-65-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/files/0x000500000001875d-63.dat	upx
behavioral1/files/0x00050000000186ee-56.dat	upx
behavioral1/files/0x00050000000186de-51.dat	upx
behavioral1/files/0x0009000000015d7f-44.dat	upx
behavioral1/files/0x0007000000015d6d-39.dat	upx
behavioral1/files/0x0007000000015d64-35.dat	upx
behavioral1/memory/2284-25-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/files/0x0008000000015d2e-24.dat	upx
behavioral1/memory/2904-20-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\uGGrNIe.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VfhqDjm.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FUuHUFd.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IwiVeZu.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LlavYDU.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qePjHhb.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tdrVQUA.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xOBJfPo.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fgzNYva.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MBqSbwm.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TXGedxn.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zjGXhhE.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\goPgqsl.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CpHYPVn.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wcYdmit.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zDeKFqo.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YYXOccI.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IvNzZXI.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uYafULc.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pukloJm.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LKPnhFp.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JMMqyOA.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pnnwtnV.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kOTmDJL.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Hbhkrsy.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\csrqPjO.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xlxmYRI.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\maTHcGS.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fwZeUIp.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pvTbGcT.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RNQYGcJ.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FIKSiAP.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qzGjnIQ.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ioUvxxZ.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rpLtDuG.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RGPOwUN.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QVQzBJp.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VbDzNnZ.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zusBMHY.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fvMAviV.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fHdVvMx.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YyaohWn.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\frQmGLi.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RygbIuG.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iGeAjpD.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DwZuajO.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ITqWOhK.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vIsYMKD.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SLVRbZT.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GBVpICf.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UVwZzkt.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hiVLLdz.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qVhWWmO.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CTKjLnE.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hCkFanQ.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IDluQuC.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bCShhVp.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kdkKJkY.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uTLZzMt.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rDtnBJE.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eAKTqcJ.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uszwidf.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LXBPzsC.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Zsmufvh.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 2904	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1636 wrote to memory of 2904	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1636 wrote to memory of 2904	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1636 wrote to memory of 2284	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1636 wrote to memory of 2284	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1636 wrote to memory of 2284	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1636 wrote to memory of 2280	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1636 wrote to memory of 2280	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1636 wrote to memory of 2280	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1636 wrote to memory of 2072	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1636 wrote to memory of 2072	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1636 wrote to memory of 2072	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1636 wrote to memory of 3052	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1636 wrote to memory of 3052	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1636 wrote to memory of 3052	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1636 wrote to memory of 2188	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1636 wrote to memory of 2188	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1636 wrote to memory of 2188	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1636 wrote to memory of 1624	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1636 wrote to memory of 1624	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1636 wrote to memory of 1624	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1636 wrote to memory of 2324	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1636 wrote to memory of 2324	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1636 wrote to memory of 2324	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1636 wrote to memory of 2160	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1636 wrote to memory of 2160	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1636 wrote to memory of 2160	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1636 wrote to memory of 2264	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1636 wrote to memory of 2264	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1636 wrote to memory of 2264	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1636 wrote to memory of 2644	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1636 wrote to memory of 2644	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1636 wrote to memory of 2644	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1636 wrote to memory of 2580	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1636 wrote to memory of 2580	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1636 wrote to memory of 2580	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1636 wrote to memory of 2552	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1636 wrote to memory of 2552	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1636 wrote to memory of 2552	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1636 wrote to memory of 2680	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1636 wrote to memory of 2680	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1636 wrote to memory of 2680	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1636 wrote to memory of 2892	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1636 wrote to memory of 2892	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1636 wrote to memory of 2892	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1636 wrote to memory of 2548	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1636 wrote to memory of 2548	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1636 wrote to memory of 2548	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1636 wrote to memory of 2432	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1636 wrote to memory of 2432	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1636 wrote to memory of 2432	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1636 wrote to memory of 2512	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1636 wrote to memory of 2512	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1636 wrote to memory of 2512	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1636 wrote to memory of 2700	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1636 wrote to memory of 2700	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1636 wrote to memory of 2700	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1636 wrote to memory of 2884	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1636 wrote to memory of 2884	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1636 wrote to memory of 2884	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1636 wrote to memory of 796	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1636 wrote to memory of 796	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1636 wrote to memory of 796	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1636 wrote to memory of 1200	1636	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Windows\System32\wa0wg5.exe
"C:\Windows\System32\wa0wg5.exe"
1⤵
PID:1492

C:\Users\Admin\AppData\Local\Temp\2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Windows\System\geqTIOJ.exe
  C:\Windows\System\geqTIOJ.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\iiuPMqN.exe
  C:\Windows\System\iiuPMqN.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\oopWTfV.exe
  C:\Windows\System\oopWTfV.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\AabltzL.exe
  C:\Windows\System\AabltzL.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\mmMrEJw.exe
  C:\Windows\System\mmMrEJw.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\pfdbDOx.exe
  C:\Windows\System\pfdbDOx.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\EWhNInZ.exe
  C:\Windows\System\EWhNInZ.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\SwdpbAn.exe
  C:\Windows\System\SwdpbAn.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\abQuTDf.exe
  C:\Windows\System\abQuTDf.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\ySNuPmj.exe
  C:\Windows\System\ySNuPmj.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\lwXMREl.exe
  C:\Windows\System\lwXMREl.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\mFpqPJE.exe
  C:\Windows\System\mFpqPJE.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\rkQbUpE.exe
  C:\Windows\System\rkQbUpE.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\zWHUaOK.exe
  C:\Windows\System\zWHUaOK.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\ZIGwWKC.exe
  C:\Windows\System\ZIGwWKC.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\GcxEuHO.exe
  C:\Windows\System\GcxEuHO.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\QKuifzn.exe
  C:\Windows\System\QKuifzn.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\nMUlBOf.exe
  C:\Windows\System\nMUlBOf.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\uUmYXiS.exe
  C:\Windows\System\uUmYXiS.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\WQelEDw.exe
  C:\Windows\System\WQelEDw.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\XWQtwhR.exe
  C:\Windows\System\XWQtwhR.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\KnlXiTa.exe
  C:\Windows\System\KnlXiTa.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\XOLzeGR.exe
  C:\Windows\System\XOLzeGR.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\xiAHAYS.exe
  C:\Windows\System\xiAHAYS.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\bnUYrTY.exe
  C:\Windows\System\bnUYrTY.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\baWEsxE.exe
  C:\Windows\System\baWEsxE.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\HVjBrPz.exe
  C:\Windows\System\HVjBrPz.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\jQJaqHk.exe
  C:\Windows\System\jQJaqHk.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\atGZEFZ.exe
  C:\Windows\System\atGZEFZ.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\XzKmgMx.exe
  C:\Windows\System\XzKmgMx.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\BltLohn.exe
  C:\Windows\System\BltLohn.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\gYXutqW.exe
  C:\Windows\System\gYXutqW.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\UFYXCAg.exe
  C:\Windows\System\UFYXCAg.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\LZNgPOS.exe
  C:\Windows\System\LZNgPOS.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\XONmAuP.exe
  C:\Windows\System\XONmAuP.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\zwUOieH.exe
  C:\Windows\System\zwUOieH.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\gJIIiyQ.exe
  C:\Windows\System\gJIIiyQ.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\JdVgpuf.exe
  C:\Windows\System\JdVgpuf.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\KqPXvTw.exe
  C:\Windows\System\KqPXvTw.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\LKZlUtC.exe
  C:\Windows\System\LKZlUtC.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\NyzUTqF.exe
  C:\Windows\System\NyzUTqF.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\QCkVfYZ.exe
  C:\Windows\System\QCkVfYZ.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\tUMcPYB.exe
  C:\Windows\System\tUMcPYB.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\IwQPyuy.exe
  C:\Windows\System\IwQPyuy.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\mnKykLH.exe
  C:\Windows\System\mnKykLH.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\LuYrSzR.exe
  C:\Windows\System\LuYrSzR.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\vKyzsev.exe
  C:\Windows\System\vKyzsev.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\RtEGQPs.exe
  C:\Windows\System\RtEGQPs.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\jFJJMQd.exe
  C:\Windows\System\jFJJMQd.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\nymTvch.exe
  C:\Windows\System\nymTvch.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\hilOwUu.exe
  C:\Windows\System\hilOwUu.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\FXTSiWs.exe
  C:\Windows\System\FXTSiWs.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\SCIiHQz.exe
  C:\Windows\System\SCIiHQz.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\dsdvPDu.exe
  C:\Windows\System\dsdvPDu.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\nmsZiyJ.exe
  C:\Windows\System\nmsZiyJ.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\pnnwtnV.exe
  C:\Windows\System\pnnwtnV.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\NJcMpQV.exe
  C:\Windows\System\NJcMpQV.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\IwAqovs.exe
  C:\Windows\System\IwAqovs.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\uHbcwYB.exe
  C:\Windows\System\uHbcwYB.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\PlAJMVh.exe
  C:\Windows\System\PlAJMVh.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\wLfUTBo.exe
  C:\Windows\System\wLfUTBo.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\QUSVCkV.exe
  C:\Windows\System\QUSVCkV.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\rfFlJEK.exe
  C:\Windows\System\rfFlJEK.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\vsyEInb.exe
  C:\Windows\System\vsyEInb.exe
  2⤵
  PID:2628
- C:\Windows\System\zZABrRY.exe
  C:\Windows\System\zZABrRY.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\bneUeNy.exe
  C:\Windows\System\bneUeNy.exe
  2⤵
  PID:2776
- C:\Windows\System\tLXlRuI.exe
  C:\Windows\System\tLXlRuI.exe
  2⤵
  PID:2464
- C:\Windows\System\AoCNPgy.exe
  C:\Windows\System\AoCNPgy.exe
  2⤵
  PID:2456
- C:\Windows\System\gtGWTMG.exe
  C:\Windows\System\gtGWTMG.exe
  2⤵
  PID:2380
- C:\Windows\System\YyaohWn.exe
  C:\Windows\System\YyaohWn.exe
  2⤵
  PID:1608
- C:\Windows\System\VxWEgSc.exe
  C:\Windows\System\VxWEgSc.exe
  2⤵
  PID:2880
- C:\Windows\System\dMWNmmZ.exe
  C:\Windows\System\dMWNmmZ.exe
  2⤵
  PID:1040
- C:\Windows\System\bboOOpL.exe
  C:\Windows\System\bboOOpL.exe
  2⤵
  PID:2340
- C:\Windows\System\CWmjcYT.exe
  C:\Windows\System\CWmjcYT.exe
  2⤵
  PID:1716
- C:\Windows\System\emqZYdQ.exe
  C:\Windows\System\emqZYdQ.exe
  2⤵
  PID:276
- C:\Windows\System\XrbryBl.exe
  C:\Windows\System\XrbryBl.exe
  2⤵
  PID:1516
- C:\Windows\System\ctjmvih.exe
  C:\Windows\System\ctjmvih.exe
  2⤵
  PID:1988
- C:\Windows\System\nZlWmlL.exe
  C:\Windows\System\nZlWmlL.exe
  2⤵
  PID:1808
- C:\Windows\System\ruaTDwA.exe
  C:\Windows\System\ruaTDwA.exe
  2⤵
  PID:892
- C:\Windows\System\TyOqPZq.exe
  C:\Windows\System\TyOqPZq.exe
  2⤵
  PID:1212
- C:\Windows\System\uqvxeGC.exe
  C:\Windows\System\uqvxeGC.exe
  2⤵
  PID:968
- C:\Windows\System\nVggvvE.exe
  C:\Windows\System\nVggvvE.exe
  2⤵
  PID:2980
- C:\Windows\System\wRJPzuu.exe
  C:\Windows\System\wRJPzuu.exe
  2⤵
  PID:3048
- C:\Windows\System\EWJvMGx.exe
  C:\Windows\System\EWJvMGx.exe
  2⤵
  PID:1848
- C:\Windows\System\wcYdmit.exe
  C:\Windows\System\wcYdmit.exe
  2⤵
  PID:1804
- C:\Windows\System\wPUUInz.exe
  C:\Windows\System\wPUUInz.exe
  2⤵
  PID:2092
- C:\Windows\System\JoDzbqx.exe
  C:\Windows\System\JoDzbqx.exe
  2⤵
  PID:2532
- C:\Windows\System\PrgGIEz.exe
  C:\Windows\System\PrgGIEz.exe
  2⤵
  PID:1916
- C:\Windows\System\hCkFanQ.exe
  C:\Windows\System\hCkFanQ.exe
  2⤵
  PID:1452
- C:\Windows\System\DUMAGXt.exe
  C:\Windows\System\DUMAGXt.exe
  2⤵
  PID:592
- C:\Windows\System\oJXqjcj.exe
  C:\Windows\System\oJXqjcj.exe
  2⤵
  PID:1780
- C:\Windows\System\gdLQRUJ.exe
  C:\Windows\System\gdLQRUJ.exe
  2⤵
  PID:1836
- C:\Windows\System\nawHHMt.exe
  C:\Windows\System\nawHHMt.exe
  2⤵
  PID:2384
- C:\Windows\System\DUolpkq.exe
  C:\Windows\System\DUolpkq.exe
  2⤵
  PID:2136
- C:\Windows\System\zdcXBvI.exe
  C:\Windows\System\zdcXBvI.exe
  2⤵
  PID:2344
- C:\Windows\System\QRmpKah.exe
  C:\Windows\System\QRmpKah.exe
  2⤵
  PID:2016
- C:\Windows\System\ASNLzlr.exe
  C:\Windows\System\ASNLzlr.exe
  2⤵
  PID:2664
- C:\Windows\System\KIGZEJt.exe
  C:\Windows\System\KIGZEJt.exe
  2⤵
  PID:1436
- C:\Windows\System\ZrHwhsT.exe
  C:\Windows\System\ZrHwhsT.exe
  2⤵
  PID:1920
- C:\Windows\System\QgOQOBn.exe
  C:\Windows\System\QgOQOBn.exe
  2⤵
  PID:2356
- C:\Windows\System\WYQIyfp.exe
  C:\Windows\System\WYQIyfp.exe
  2⤵
  PID:2760
- C:\Windows\System\RZhjlxN.exe
  C:\Windows\System\RZhjlxN.exe
  2⤵
  PID:2176
- C:\Windows\System\StlHLEq.exe
  C:\Windows\System\StlHLEq.exe
  2⤵
  PID:2792
- C:\Windows\System\LcTVCOZ.exe
  C:\Windows\System\LcTVCOZ.exe
  2⤵
  PID:1500
- C:\Windows\System\VhQsUFH.exe
  C:\Windows\System\VhQsUFH.exe
  2⤵
  PID:2260
- C:\Windows\System\PebjlHA.exe
  C:\Windows\System\PebjlHA.exe
  2⤵
  PID:1240
- C:\Windows\System\hziabXg.exe
  C:\Windows\System\hziabXg.exe
  2⤵
  PID:2780
- C:\Windows\System\LCodwKN.exe
  C:\Windows\System\LCodwKN.exe
  2⤵
  PID:3028
- C:\Windows\System\BaOtdbV.exe
  C:\Windows\System\BaOtdbV.exe
  2⤵
  PID:1792
- C:\Windows\System\WtMtqPk.exe
  C:\Windows\System\WtMtqPk.exe
  2⤵
  PID:1872
- C:\Windows\System\mxSxfSZ.exe
  C:\Windows\System\mxSxfSZ.exe
  2⤵
  PID:1912
- C:\Windows\System\tLTgPCz.exe
  C:\Windows\System\tLTgPCz.exe
  2⤵
  PID:2784
- C:\Windows\System\SzVdVJI.exe
  C:\Windows\System\SzVdVJI.exe
  2⤵
  PID:1004
- C:\Windows\System\NFWigWf.exe
  C:\Windows\System\NFWigWf.exe
  2⤵
  PID:2228
- C:\Windows\System\NaZUrjQ.exe
  C:\Windows\System\NaZUrjQ.exe
  2⤵
  PID:2392
- C:\Windows\System\zTGeoIF.exe
  C:\Windows\System\zTGeoIF.exe
  2⤵
  PID:532
- C:\Windows\System\iZzbamq.exe
  C:\Windows\System\iZzbamq.exe
  2⤵
  PID:480
- C:\Windows\System\kOTmDJL.exe
  C:\Windows\System\kOTmDJL.exe
  2⤵
  PID:2076
- C:\Windows\System\kkpFITg.exe
  C:\Windows\System\kkpFITg.exe
  2⤵
  PID:1852
- C:\Windows\System\tmcuDSw.exe
  C:\Windows\System\tmcuDSw.exe
  2⤵
  PID:1304
- C:\Windows\System\eClFEwg.exe
  C:\Windows\System\eClFEwg.exe
  2⤵
  PID:2948
- C:\Windows\System\AOUTPLc.exe
  C:\Windows\System\AOUTPLc.exe
  2⤵
  PID:920
- C:\Windows\System\zDeKFqo.exe
  C:\Windows\System\zDeKFqo.exe
  2⤵
  PID:1012
- C:\Windows\System\LaMPbDl.exe
  C:\Windows\System\LaMPbDl.exe
  2⤵
  PID:2656
- C:\Windows\System\LbxqFIW.exe
  C:\Windows\System\LbxqFIW.exe
  2⤵
  PID:2204
- C:\Windows\System\EwNjbNh.exe
  C:\Windows\System\EwNjbNh.exe
  2⤵
  PID:3088
- C:\Windows\System\NkUzoEw.exe
  C:\Windows\System\NkUzoEw.exe
  2⤵
  PID:3104
- C:\Windows\System\qxXPuBQ.exe
  C:\Windows\System\qxXPuBQ.exe
  2⤵
  PID:3120
- C:\Windows\System\ALEkiMd.exe
  C:\Windows\System\ALEkiMd.exe
  2⤵
  PID:3136
- C:\Windows\System\oQMjVSC.exe
  C:\Windows\System\oQMjVSC.exe
  2⤵
  PID:3152
- C:\Windows\System\VfZGgjG.exe
  C:\Windows\System\VfZGgjG.exe
  2⤵
  PID:3168
- C:\Windows\System\uRTthCu.exe
  C:\Windows\System\uRTthCu.exe
  2⤵
  PID:3184
- C:\Windows\System\mdUKYSi.exe
  C:\Windows\System\mdUKYSi.exe
  2⤵
  PID:3200
- C:\Windows\System\Usxlzbx.exe
  C:\Windows\System\Usxlzbx.exe
  2⤵
  PID:3216
- C:\Windows\System\JclYkPh.exe
  C:\Windows\System\JclYkPh.exe
  2⤵
  PID:3232
- C:\Windows\System\zerwXCB.exe
  C:\Windows\System\zerwXCB.exe
  2⤵
  PID:3248
- C:\Windows\System\vefjfsL.exe
  C:\Windows\System\vefjfsL.exe
  2⤵
  PID:3264
- C:\Windows\System\trYpKxd.exe
  C:\Windows\System\trYpKxd.exe
  2⤵
  PID:3280
- C:\Windows\System\bufEQBi.exe
  C:\Windows\System\bufEQBi.exe
  2⤵
  PID:3296
- C:\Windows\System\BNUcIaS.exe
  C:\Windows\System\BNUcIaS.exe
  2⤵
  PID:3312
- C:\Windows\System\BnCJjio.exe
  C:\Windows\System\BnCJjio.exe
  2⤵
  PID:3328
- C:\Windows\System\NaBkepV.exe
  C:\Windows\System\NaBkepV.exe
  2⤵
  PID:3344
- C:\Windows\System\nvxbfWD.exe
  C:\Windows\System\nvxbfWD.exe
  2⤵
  PID:3360
- C:\Windows\System\zUjlHag.exe
  C:\Windows\System\zUjlHag.exe
  2⤵
  PID:3376
- C:\Windows\System\XSenNKN.exe
  C:\Windows\System\XSenNKN.exe
  2⤵
  PID:3424
- C:\Windows\System\EKNCiUc.exe
  C:\Windows\System\EKNCiUc.exe
  2⤵
  PID:3636
- C:\Windows\System\aDVdVYa.exe
  C:\Windows\System\aDVdVYa.exe
  2⤵
  PID:3652
- C:\Windows\System\bLHtIju.exe
  C:\Windows\System\bLHtIju.exe
  2⤵
  PID:3668
- C:\Windows\System\drRbrtM.exe
  C:\Windows\System\drRbrtM.exe
  2⤵
  PID:3684
- C:\Windows\System\gbWNzlY.exe
  C:\Windows\System\gbWNzlY.exe
  2⤵
  PID:3704
- C:\Windows\System\tCijQYJ.exe
  C:\Windows\System\tCijQYJ.exe
  2⤵
  PID:3720
- C:\Windows\System\NgtEOzP.exe
  C:\Windows\System\NgtEOzP.exe
  2⤵
  PID:3736
- C:\Windows\System\BDaiETd.exe
  C:\Windows\System\BDaiETd.exe
  2⤵
  PID:3752
- C:\Windows\System\UWWCOXM.exe
  C:\Windows\System\UWWCOXM.exe
  2⤵
  PID:3768
- C:\Windows\System\aefdwYm.exe
  C:\Windows\System\aefdwYm.exe
  2⤵
  PID:3784
- C:\Windows\System\mNLCYjX.exe
  C:\Windows\System\mNLCYjX.exe
  2⤵
  PID:3800
- C:\Windows\System\gxmUIbQ.exe
  C:\Windows\System\gxmUIbQ.exe
  2⤵
  PID:3816
- C:\Windows\System\KxsYipE.exe
  C:\Windows\System\KxsYipE.exe
  2⤵
  PID:3832
- C:\Windows\System\KwmilpK.exe
  C:\Windows\System\KwmilpK.exe
  2⤵
  PID:3848
- C:\Windows\System\vfWOJFu.exe
  C:\Windows\System\vfWOJFu.exe
  2⤵
  PID:3864
- C:\Windows\System\aNpccrQ.exe
  C:\Windows\System\aNpccrQ.exe
  2⤵
  PID:3880
- C:\Windows\System\pEsXGWm.exe
  C:\Windows\System\pEsXGWm.exe
  2⤵
  PID:3896
- C:\Windows\System\fOeIvtG.exe
  C:\Windows\System\fOeIvtG.exe
  2⤵
  PID:3912
- C:\Windows\System\fHGJSqz.exe
  C:\Windows\System\fHGJSqz.exe
  2⤵
  PID:3988
- C:\Windows\System\jBZVwiw.exe
  C:\Windows\System\jBZVwiw.exe
  2⤵
  PID:4004
- C:\Windows\System\aVbGVRg.exe
  C:\Windows\System\aVbGVRg.exe
  2⤵
  PID:4020
- C:\Windows\System\tzxCrpx.exe
  C:\Windows\System\tzxCrpx.exe
  2⤵
  PID:4036
- C:\Windows\System\vYUzaeK.exe
  C:\Windows\System\vYUzaeK.exe
  2⤵
  PID:4052
- C:\Windows\System\nDdRqVy.exe
  C:\Windows\System\nDdRqVy.exe
  2⤵
  PID:4068
- C:\Windows\System\bgLqYiC.exe
  C:\Windows\System\bgLqYiC.exe
  2⤵
  PID:4084
- C:\Windows\System\SPdLrFF.exe
  C:\Windows\System\SPdLrFF.exe
  2⤵
  PID:1496
- C:\Windows\System\obuymQp.exe
  C:\Windows\System\obuymQp.exe
  2⤵
  PID:2240
- C:\Windows\System\IDluQuC.exe
  C:\Windows\System\IDluQuC.exe
  2⤵
  PID:1844
- C:\Windows\System\zmerKjQ.exe
  C:\Windows\System\zmerKjQ.exe
  2⤵
  PID:3132
- C:\Windows\System\XokWZPM.exe
  C:\Windows\System\XokWZPM.exe
  2⤵
  PID:3080
- C:\Windows\System\JamMrVN.exe
  C:\Windows\System\JamMrVN.exe
  2⤵
  PID:3228
- C:\Windows\System\PwnSinf.exe
  C:\Windows\System\PwnSinf.exe
  2⤵
  PID:3176
- C:\Windows\System\MBHjyKk.exe
  C:\Windows\System\MBHjyKk.exe
  2⤵
  PID:3260
- C:\Windows\System\NuRxENJ.exe
  C:\Windows\System\NuRxENJ.exe
  2⤵
  PID:3196
- C:\Windows\System\bijKRjC.exe
  C:\Windows\System\bijKRjC.exe
  2⤵
  PID:3324
- C:\Windows\System\TZWSzkx.exe
  C:\Windows\System\TZWSzkx.exe
  2⤵
  PID:3396
- C:\Windows\System\QbxdrJt.exe
  C:\Windows\System\QbxdrJt.exe
  2⤵
  PID:3404
- C:\Windows\System\mBRCseu.exe
  C:\Windows\System\mBRCseu.exe
  2⤵
  PID:3432
- C:\Windows\System\lKtfvhN.exe
  C:\Windows\System\lKtfvhN.exe
  2⤵
  PID:3472
- C:\Windows\System\hnEyHpf.exe
  C:\Windows\System\hnEyHpf.exe
  2⤵
  PID:3476
- C:\Windows\System\JNwGfVm.exe
  C:\Windows\System\JNwGfVm.exe
  2⤵
  PID:3452
- C:\Windows\System\MYMKvAq.exe
  C:\Windows\System\MYMKvAq.exe
  2⤵
  PID:3496
- C:\Windows\System\AqFeiep.exe
  C:\Windows\System\AqFeiep.exe
  2⤵
  PID:3512
- C:\Windows\System\CosFMWm.exe
  C:\Windows\System\CosFMWm.exe
  2⤵
  PID:3536
- C:\Windows\System\ZsfuHDZ.exe
  C:\Windows\System\ZsfuHDZ.exe
  2⤵
  PID:3560
- C:\Windows\System\RBBoumK.exe
  C:\Windows\System\RBBoumK.exe
  2⤵
  PID:3576
- C:\Windows\System\JTphGdR.exe
  C:\Windows\System\JTphGdR.exe
  2⤵
  PID:3592
- C:\Windows\System\ioUvxxZ.exe
  C:\Windows\System\ioUvxxZ.exe
  2⤵
  PID:3644
- C:\Windows\System\QHSteXt.exe
  C:\Windows\System\QHSteXt.exe
  2⤵
  PID:3608
- C:\Windows\System\xQERuIu.exe
  C:\Windows\System\xQERuIu.exe
  2⤵
  PID:3676
- C:\Windows\System\qeXNCtS.exe
  C:\Windows\System\qeXNCtS.exe
  2⤵
  PID:3748
- C:\Windows\System\DGgVWLB.exe
  C:\Windows\System\DGgVWLB.exe
  2⤵
  PID:3660
- C:\Windows\System\PFjqxJk.exe
  C:\Windows\System\PFjqxJk.exe
  2⤵
  PID:3700
- C:\Windows\System\CqGjspe.exe
  C:\Windows\System\CqGjspe.exe
  2⤵
  PID:3764
- C:\Windows\System\lsaViig.exe
  C:\Windows\System\lsaViig.exe
  2⤵
  PID:3828
- C:\Windows\System\rDtnBJE.exe
  C:\Windows\System\rDtnBJE.exe
  2⤵
  PID:3892
- C:\Windows\System\slyiKlH.exe
  C:\Windows\System\slyiKlH.exe
  2⤵
  PID:3952
- C:\Windows\System\Dugaltq.exe
  C:\Windows\System\Dugaltq.exe
  2⤵
  PID:3964
- C:\Windows\System\chkRaNE.exe
  C:\Windows\System\chkRaNE.exe
  2⤵
  PID:3980
- C:\Windows\System\ZfuNdZW.exe
  C:\Windows\System\ZfuNdZW.exe
  2⤵
  PID:3876
- C:\Windows\System\hXUGGKT.exe
  C:\Windows\System\hXUGGKT.exe
  2⤵
  PID:1864
- C:\Windows\System\wHTaYeG.exe
  C:\Windows\System\wHTaYeG.exe
  2⤵
  PID:3208
- C:\Windows\System\LANqsmB.exe
  C:\Windows\System\LANqsmB.exe
  2⤵
  PID:3148
- C:\Windows\System\RZECrjR.exe
  C:\Windows\System\RZECrjR.exe
  2⤵
  PID:4032
- C:\Windows\System\cVOaoTm.exe
  C:\Windows\System\cVOaoTm.exe
  2⤵
  PID:3304
- C:\Windows\System\kfxglNk.exe
  C:\Windows\System\kfxglNk.exe
  2⤵
  PID:3368
- C:\Windows\System\UffnLEL.exe
  C:\Windows\System\UffnLEL.exe
  2⤵
  PID:3320
- C:\Windows\System\dDGYkgF.exe
  C:\Windows\System\dDGYkgF.exe
  2⤵
  PID:3160
- C:\Windows\System\tyrjUvm.exe
  C:\Windows\System\tyrjUvm.exe
  2⤵
  PID:3420
- C:\Windows\System\nKzIYUT.exe
  C:\Windows\System\nKzIYUT.exe
  2⤵
  PID:3460
- C:\Windows\System\TrHXZVG.exe
  C:\Windows\System\TrHXZVG.exe
  2⤵
  PID:3508
- C:\Windows\System\KwnEHVm.exe
  C:\Windows\System\KwnEHVm.exe
  2⤵
  PID:3556
- C:\Windows\System\wqoCjLy.exe
  C:\Windows\System\wqoCjLy.exe
  2⤵
  PID:3520
- C:\Windows\System\LHwavnr.exe
  C:\Windows\System\LHwavnr.exe
  2⤵
  PID:3620
- C:\Windows\System\SNuBPaZ.exe
  C:\Windows\System\SNuBPaZ.exe
  2⤵
  PID:3744
- C:\Windows\System\UleLWtS.exe
  C:\Windows\System\UleLWtS.exe
  2⤵
  PID:3824
- C:\Windows\System\yUrLSfz.exe
  C:\Windows\System\yUrLSfz.exe
  2⤵
  PID:3572
- C:\Windows\System\nqelCZM.exe
  C:\Windows\System\nqelCZM.exe
  2⤵
  PID:3628
- C:\Windows\System\CCmRdWt.exe
  C:\Windows\System\CCmRdWt.exe
  2⤵
  PID:3928
- C:\Windows\System\dggMoyd.exe
  C:\Windows\System\dggMoyd.exe
  2⤵
  PID:3972
- C:\Windows\System\bhiwGuy.exe
  C:\Windows\System\bhiwGuy.exe
  2⤵
  PID:3956
- C:\Windows\System\pmVHPhE.exe
  C:\Windows\System\pmVHPhE.exe
  2⤵
  PID:4016
- C:\Windows\System\rxFgBLz.exe
  C:\Windows\System\rxFgBLz.exe
  2⤵
  PID:4080
- C:\Windows\System\YGztftf.exe
  C:\Windows\System\YGztftf.exe
  2⤵
  PID:1932
- C:\Windows\System\ZHxRMFj.exe
  C:\Windows\System\ZHxRMFj.exe
  2⤵
  PID:3096
- C:\Windows\System\UEIKOHY.exe
  C:\Windows\System\UEIKOHY.exe
  2⤵
  PID:3464
- C:\Windows\System\jFrrzpu.exe
  C:\Windows\System\jFrrzpu.exe
  2⤵
  PID:3244
- C:\Windows\System\rpLtDuG.exe
  C:\Windows\System\rpLtDuG.exe
  2⤵
  PID:1612
- C:\Windows\System\lzEAUzP.exe
  C:\Windows\System\lzEAUzP.exe
  2⤵
  PID:3632
- C:\Windows\System\BUsKGVV.exe
  C:\Windows\System\BUsKGVV.exe
  2⤵
  PID:3872
- C:\Windows\System\KjGrrXt.exe
  C:\Windows\System\KjGrrXt.exe
  2⤵
  PID:3212
- C:\Windows\System\iRuxRJd.exe
  C:\Windows\System\iRuxRJd.exe
  2⤵
  PID:3408
- C:\Windows\System\BuKRJVN.exe
  C:\Windows\System\BuKRJVN.exe
  2⤵
  PID:3712
- C:\Windows\System\ZadbDOw.exe
  C:\Windows\System\ZadbDOw.exe
  2⤵
  PID:3812
- C:\Windows\System\VbDzNnZ.exe
  C:\Windows\System\VbDzNnZ.exe
  2⤵
  PID:4048
- C:\Windows\System\OdZviTj.exe
  C:\Windows\System\OdZviTj.exe
  2⤵
  PID:4028
- C:\Windows\System\GOteqFE.exe
  C:\Windows\System\GOteqFE.exe
  2⤵
  PID:4000
- C:\Windows\System\QghXbyM.exe
  C:\Windows\System\QghXbyM.exe
  2⤵
  PID:2712
- C:\Windows\System\lAzaiCI.exe
  C:\Windows\System\lAzaiCI.exe
  2⤵
  PID:3292
- C:\Windows\System\mOisike.exe
  C:\Windows\System\mOisike.exe
  2⤵
  PID:3568
- C:\Windows\System\PEVpeuj.exe
  C:\Windows\System\PEVpeuj.exe
  2⤵
  PID:1840
- C:\Windows\System\GtUfkGq.exe
  C:\Windows\System\GtUfkGq.exe
  2⤵
  PID:4100
- C:\Windows\System\YnSBpXJ.exe
  C:\Windows\System\YnSBpXJ.exe
  2⤵
  PID:4144
- C:\Windows\System\tLLItHG.exe
  C:\Windows\System\tLLItHG.exe
  2⤵
  PID:4168
- C:\Windows\System\QRBXBao.exe
  C:\Windows\System\QRBXBao.exe
  2⤵
  PID:4184
- C:\Windows\System\xvUkjQj.exe
  C:\Windows\System\xvUkjQj.exe
  2⤵
  PID:4200
- C:\Windows\System\HZqswfN.exe
  C:\Windows\System\HZqswfN.exe
  2⤵
  PID:4216
- C:\Windows\System\APHLBbJ.exe
  C:\Windows\System\APHLBbJ.exe
  2⤵
  PID:4232
- C:\Windows\System\EMPFTOS.exe
  C:\Windows\System\EMPFTOS.exe
  2⤵
  PID:4248
- C:\Windows\System\fwZeUIp.exe
  C:\Windows\System\fwZeUIp.exe
  2⤵
  PID:4264
- C:\Windows\System\ULsVfNf.exe
  C:\Windows\System\ULsVfNf.exe
  2⤵
  PID:4280
- C:\Windows\System\SsRZbCP.exe
  C:\Windows\System\SsRZbCP.exe
  2⤵
  PID:4296
- C:\Windows\System\ISYZlvK.exe
  C:\Windows\System\ISYZlvK.exe
  2⤵
  PID:4356
- C:\Windows\System\oywSoMh.exe
  C:\Windows\System\oywSoMh.exe
  2⤵
  PID:4372
- C:\Windows\System\PZZNXBr.exe
  C:\Windows\System\PZZNXBr.exe
  2⤵
  PID:4388
- C:\Windows\System\whzquwW.exe
  C:\Windows\System\whzquwW.exe
  2⤵
  PID:4404
- C:\Windows\System\yyAbvVs.exe
  C:\Windows\System\yyAbvVs.exe
  2⤵
  PID:4428
- C:\Windows\System\sSDXHkr.exe
  C:\Windows\System\sSDXHkr.exe
  2⤵
  PID:4456
- C:\Windows\System\GYgIGsd.exe
  C:\Windows\System\GYgIGsd.exe
  2⤵
  PID:4476
- C:\Windows\System\KclHqGG.exe
  C:\Windows\System\KclHqGG.exe
  2⤵
  PID:4492
- C:\Windows\System\PZhYbMv.exe
  C:\Windows\System\PZhYbMv.exe
  2⤵
  PID:4508
- C:\Windows\System\aMdSBXl.exe
  C:\Windows\System\aMdSBXl.exe
  2⤵
  PID:4524
- C:\Windows\System\ihCvzMP.exe
  C:\Windows\System\ihCvzMP.exe
  2⤵
  PID:4548
- C:\Windows\System\xLTTQnv.exe
  C:\Windows\System\xLTTQnv.exe
  2⤵
  PID:4580
- C:\Windows\System\CzKYpEi.exe
  C:\Windows\System\CzKYpEi.exe
  2⤵
  PID:4596
- C:\Windows\System\LzDCIDa.exe
  C:\Windows\System\LzDCIDa.exe
  2⤵
  PID:4612
- C:\Windows\System\fBoyXWk.exe
  C:\Windows\System\fBoyXWk.exe
  2⤵
  PID:4628
- C:\Windows\System\ADRhilS.exe
  C:\Windows\System\ADRhilS.exe
  2⤵
  PID:4644
- C:\Windows\System\oJshHGn.exe
  C:\Windows\System\oJshHGn.exe
  2⤵
  PID:4664
- C:\Windows\System\iXKuqyt.exe
  C:\Windows\System\iXKuqyt.exe
  2⤵
  PID:4684
- C:\Windows\System\LDuhiWd.exe
  C:\Windows\System\LDuhiWd.exe
  2⤵
  PID:4700
- C:\Windows\System\YFweozV.exe
  C:\Windows\System\YFweozV.exe
  2⤵
  PID:4716
- C:\Windows\System\oYCgObh.exe
  C:\Windows\System\oYCgObh.exe
  2⤵
  PID:4732
- C:\Windows\System\KejNAYI.exe
  C:\Windows\System\KejNAYI.exe
  2⤵
  PID:4756
- C:\Windows\System\wPktNjz.exe
  C:\Windows\System\wPktNjz.exe
  2⤵
  PID:4776
- C:\Windows\System\FTjJxQk.exe
  C:\Windows\System\FTjJxQk.exe
  2⤵
  PID:4792
- C:\Windows\System\TjnoGKL.exe
  C:\Windows\System\TjnoGKL.exe
  2⤵
  PID:4836
- C:\Windows\System\PGSRkJS.exe
  C:\Windows\System\PGSRkJS.exe
  2⤵
  PID:4852
- C:\Windows\System\krcfpro.exe
  C:\Windows\System\krcfpro.exe
  2⤵
  PID:4868
- C:\Windows\System\cypPWBS.exe
  C:\Windows\System\cypPWBS.exe
  2⤵
  PID:4884
- C:\Windows\System\frQmGLi.exe
  C:\Windows\System\frQmGLi.exe
  2⤵
  PID:4900
- C:\Windows\System\prBRZPg.exe
  C:\Windows\System\prBRZPg.exe
  2⤵
  PID:4916
- C:\Windows\System\IqHePgz.exe
  C:\Windows\System\IqHePgz.exe
  2⤵
  PID:4932
- C:\Windows\System\GBVpICf.exe
  C:\Windows\System\GBVpICf.exe
  2⤵
  PID:4948
- C:\Windows\System\snxvDyV.exe
  C:\Windows\System\snxvDyV.exe
  2⤵
  PID:4964
- C:\Windows\System\yWhHlwZ.exe
  C:\Windows\System\yWhHlwZ.exe
  2⤵
  PID:4984
- C:\Windows\System\xqbSYKN.exe
  C:\Windows\System\xqbSYKN.exe
  2⤵
  PID:5000
- C:\Windows\System\RZZnELr.exe
  C:\Windows\System\RZZnELr.exe
  2⤵
  PID:5016
- C:\Windows\System\mVBNoPL.exe
  C:\Windows\System\mVBNoPL.exe
  2⤵
  PID:5032
- C:\Windows\System\iEGGNLo.exe
  C:\Windows\System\iEGGNLo.exe
  2⤵
  PID:5048
- C:\Windows\System\CjeRSrp.exe
  C:\Windows\System\CjeRSrp.exe
  2⤵
  PID:5068
- C:\Windows\System\kBRiIsO.exe
  C:\Windows\System\kBRiIsO.exe
  2⤵
  PID:5096
- C:\Windows\System\Qftjrkm.exe
  C:\Windows\System\Qftjrkm.exe
  2⤵
  PID:5112
- C:\Windows\System\VWIOOVX.exe
  C:\Windows\System\VWIOOVX.exe
  2⤵
  PID:3492
- C:\Windows\System\CPWlgjq.exe
  C:\Windows\System\CPWlgjq.exe
  2⤵
  PID:3552
- C:\Windows\System\IUXzHeD.exe
  C:\Windows\System\IUXzHeD.exe
  2⤵
  PID:3932
- C:\Windows\System\VKlbQka.exe
  C:\Windows\System\VKlbQka.exe
  2⤵
  PID:4092
- C:\Windows\System\ZDlVVNE.exe
  C:\Windows\System\ZDlVVNE.exe
  2⤵
  PID:3612
- C:\Windows\System\gockJEE.exe
  C:\Windows\System\gockJEE.exe
  2⤵
  PID:3336
- C:\Windows\System\CgkMGzU.exe
  C:\Windows\System\CgkMGzU.exe
  2⤵
  PID:4196
- C:\Windows\System\rhPrQnW.exe
  C:\Windows\System\rhPrQnW.exe
  2⤵
  PID:4228
- C:\Windows\System\MzzwzKa.exe
  C:\Windows\System\MzzwzKa.exe
  2⤵
  PID:4336
- C:\Windows\System\NpdCHTT.exe
  C:\Windows\System\NpdCHTT.exe
  2⤵
  PID:4276
- C:\Windows\System\eAKTqcJ.exe
  C:\Windows\System\eAKTqcJ.exe
  2⤵
  PID:4316
- C:\Windows\System\PrAAKoC.exe
  C:\Windows\System\PrAAKoC.exe
  2⤵
  PID:4180
- C:\Windows\System\wsFngOS.exe
  C:\Windows\System\wsFngOS.exe
  2⤵
  PID:4212
- C:\Windows\System\HiRGVcj.exe
  C:\Windows\System\HiRGVcj.exe
  2⤵
  PID:1796
- C:\Windows\System\rDQtmfy.exe
  C:\Windows\System\rDQtmfy.exe
  2⤵
  PID:4368
- C:\Windows\System\kvKCZfv.exe
  C:\Windows\System\kvKCZfv.exe
  2⤵
  PID:4312
- C:\Windows\System\JqcxFIm.exe
  C:\Windows\System\JqcxFIm.exe
  2⤵
  PID:4416
- C:\Windows\System\gTxuSwT.exe
  C:\Windows\System\gTxuSwT.exe
  2⤵
  PID:4440
- C:\Windows\System\tCwfYDf.exe
  C:\Windows\System\tCwfYDf.exe
  2⤵
  PID:4472
- C:\Windows\System\UWCxrar.exe
  C:\Windows\System\UWCxrar.exe
  2⤵
  PID:4544
- C:\Windows\System\OrPbOYk.exe
  C:\Windows\System\OrPbOYk.exe
  2⤵
  PID:4516
- C:\Windows\System\eErweLF.exe
  C:\Windows\System\eErweLF.exe
  2⤵
  PID:4576
- C:\Windows\System\IzKUZZp.exe
  C:\Windows\System\IzKUZZp.exe
  2⤵
  PID:4608
- C:\Windows\System\EjkiZzG.exe
  C:\Windows\System\EjkiZzG.exe
  2⤵
  PID:4660
- C:\Windows\System\XmIxpjb.exe
  C:\Windows\System\XmIxpjb.exe
  2⤵
  PID:4724
- C:\Windows\System\yILVQiY.exe
  C:\Windows\System\yILVQiY.exe
  2⤵
  PID:4740
- C:\Windows\System\EosZczy.exe
  C:\Windows\System\EosZczy.exe
  2⤵
  PID:4804
- C:\Windows\System\QBbVElc.exe
  C:\Windows\System\QBbVElc.exe
  2⤵
  PID:4824
- C:\Windows\System\IWpzKAO.exe
  C:\Windows\System\IWpzKAO.exe
  2⤵
  PID:4940
- C:\Windows\System\LAshgSl.exe
  C:\Windows\System\LAshgSl.exe
  2⤵
  PID:4976
- C:\Windows\System\qMzMqhc.exe
  C:\Windows\System\qMzMqhc.exe
  2⤵
  PID:5040
- C:\Windows\System\FCJFard.exe
  C:\Windows\System\FCJFard.exe
  2⤵
  PID:5084
- C:\Windows\System\NKQUGpH.exe
  C:\Windows\System\NKQUGpH.exe
  2⤵
  PID:3448
- C:\Windows\System\IUSYkpb.exe
  C:\Windows\System\IUSYkpb.exe
  2⤵
  PID:4912
- C:\Windows\System\BdBcdAu.exe
  C:\Windows\System\BdBcdAu.exe
  2⤵
  PID:3444
- C:\Windows\System\RGPOwUN.exe
  C:\Windows\System\RGPOwUN.exe
  2⤵
  PID:4116
- C:\Windows\System\sxGtnZP.exe
  C:\Windows\System\sxGtnZP.exe
  2⤵
  PID:4132
- C:\Windows\System\OPTsron.exe
  C:\Windows\System\OPTsron.exe
  2⤵
  PID:4156
- C:\Windows\System\pgUzrQP.exe
  C:\Windows\System\pgUzrQP.exe
  2⤵
  PID:5056
- C:\Windows\System\QmSJXgi.exe
  C:\Windows\System\QmSJXgi.exe
  2⤵
  PID:4924
- C:\Windows\System\WVcqViE.exe
  C:\Windows\System\WVcqViE.exe
  2⤵
  PID:4992
- C:\Windows\System\btoMhiI.exe
  C:\Windows\System\btoMhiI.exe
  2⤵
  PID:5104
- C:\Windows\System\sTnWBoA.exe
  C:\Windows\System\sTnWBoA.exe
  2⤵
  PID:4164
- C:\Windows\System\hJgZOIg.exe
  C:\Windows\System\hJgZOIg.exe
  2⤵
  PID:4348
- C:\Windows\System\GEySYxn.exe
  C:\Windows\System\GEySYxn.exe
  2⤵
  PID:4324
- C:\Windows\System\NofZcjL.exe
  C:\Windows\System\NofZcjL.exe
  2⤵
  PID:4488
- C:\Windows\System\SKNXqgO.exe
  C:\Windows\System\SKNXqgO.exe
  2⤵
  PID:2544
- C:\Windows\System\mxjBiUO.exe
  C:\Windows\System\mxjBiUO.exe
  2⤵
  PID:1220
- C:\Windows\System\jqZvyut.exe
  C:\Windows\System\jqZvyut.exe
  2⤵
  PID:4436
- C:\Windows\System\bVwqrtE.exe
  C:\Windows\System\bVwqrtE.exe
  2⤵
  PID:4748
- C:\Windows\System\HgSaTph.exe
  C:\Windows\System\HgSaTph.exe
  2⤵
  PID:4568
- C:\Windows\System\jxcZaXJ.exe
  C:\Windows\System\jxcZaXJ.exe
  2⤵
  PID:4784
- C:\Windows\System\pXfNFVr.exe
  C:\Windows\System\pXfNFVr.exe
  2⤵
  PID:4844
- C:\Windows\System\iMYJnYM.exe
  C:\Windows\System\iMYJnYM.exe
  2⤵
  PID:4768
- C:\Windows\System\hGRWcbd.exe
  C:\Windows\System\hGRWcbd.exe
  2⤵
  PID:4464
- C:\Windows\System\ueEkCVC.exe
  C:\Windows\System\ueEkCVC.exe
  2⤵
  PID:5080
- C:\Windows\System\rIyFALU.exe
  C:\Windows\System\rIyFALU.exe
  2⤵
  PID:4108
- C:\Windows\System\dDQEfuD.exe
  C:\Windows\System\dDQEfuD.exe
  2⤵
  PID:3924
- C:\Windows\System\NVMjKEH.exe
  C:\Windows\System\NVMjKEH.exe
  2⤵
  PID:5064
- C:\Windows\System\AaHAKmv.exe
  C:\Windows\System\AaHAKmv.exe
  2⤵
  PID:4956
- C:\Windows\System\JcamYLd.exe
  C:\Windows\System\JcamYLd.exe
  2⤵
  PID:3112
- C:\Windows\System\JvyBXVa.exe
  C:\Windows\System\JvyBXVa.exe
  2⤵
  PID:4832
- C:\Windows\System\bBQWgze.exe
  C:\Windows\System\bBQWgze.exe
  2⤵
  PID:5008
- C:\Windows\System\CMfxjMw.exe
  C:\Windows\System\CMfxjMw.exe
  2⤵
  PID:4332
- C:\Windows\System\UdURkBt.exe
  C:\Windows\System\UdURkBt.exe
  2⤵
  PID:4960
- C:\Windows\System\oJAuJNk.exe
  C:\Windows\System\oJAuJNk.exe
  2⤵
  PID:5132
- C:\Windows\System\ptYWnzr.exe
  C:\Windows\System\ptYWnzr.exe
  2⤵
  PID:5152
- C:\Windows\System\XgjFzUc.exe
  C:\Windows\System\XgjFzUc.exe
  2⤵
  PID:5168
- C:\Windows\System\vnbfuCR.exe
  C:\Windows\System\vnbfuCR.exe
  2⤵
  PID:5184
- C:\Windows\System\DnNCSox.exe
  C:\Windows\System\DnNCSox.exe
  2⤵
  PID:5200
- C:\Windows\System\IvnsKxO.exe
  C:\Windows\System\IvnsKxO.exe
  2⤵
  PID:5216
- C:\Windows\System\VwFarZn.exe
  C:\Windows\System\VwFarZn.exe
  2⤵
  PID:5232
- C:\Windows\System\KkVbtVP.exe
  C:\Windows\System\KkVbtVP.exe
  2⤵
  PID:5256
- C:\Windows\System\CdeGsWC.exe
  C:\Windows\System\CdeGsWC.exe
  2⤵
  PID:5272
- C:\Windows\System\pXrAQPf.exe
  C:\Windows\System\pXrAQPf.exe
  2⤵
  PID:5292
- C:\Windows\System\sKlUYYi.exe
  C:\Windows\System\sKlUYYi.exe
  2⤵
  PID:5308
- C:\Windows\System\UudggMz.exe
  C:\Windows\System\UudggMz.exe
  2⤵
  PID:5328
- C:\Windows\System\atQdCQI.exe
  C:\Windows\System\atQdCQI.exe
  2⤵
  PID:5344
- C:\Windows\System\uJbXQbj.exe
  C:\Windows\System\uJbXQbj.exe
  2⤵
  PID:5368
- C:\Windows\System\jtkwaXa.exe
  C:\Windows\System\jtkwaXa.exe
  2⤵
  PID:5388
- C:\Windows\System\hbVrYXE.exe
  C:\Windows\System\hbVrYXE.exe
  2⤵
  PID:5404
- C:\Windows\System\yYyFQfN.exe
  C:\Windows\System\yYyFQfN.exe
  2⤵
  PID:5424
- C:\Windows\System\nbYJUvv.exe
  C:\Windows\System\nbYJUvv.exe
  2⤵
  PID:5512
- C:\Windows\System\yPnErbZ.exe
  C:\Windows\System\yPnErbZ.exe
  2⤵
  PID:5532
- C:\Windows\System\DtYBnVc.exe
  C:\Windows\System\DtYBnVc.exe
  2⤵
  PID:5548
- C:\Windows\System\wuKQntF.exe
  C:\Windows\System\wuKQntF.exe
  2⤵
  PID:5568
- C:\Windows\System\nCJfOVn.exe
  C:\Windows\System\nCJfOVn.exe
  2⤵
  PID:5584
- C:\Windows\System\ftLuaxF.exe
  C:\Windows\System\ftLuaxF.exe
  2⤵
  PID:5600
- C:\Windows\System\yqJnPRz.exe
  C:\Windows\System\yqJnPRz.exe
  2⤵
  PID:5616
- C:\Windows\System\PGeepNb.exe
  C:\Windows\System\PGeepNb.exe
  2⤵
  PID:5632
- C:\Windows\System\YQlKLSZ.exe
  C:\Windows\System\YQlKLSZ.exe
  2⤵
  PID:5648
- C:\Windows\System\bAxLsnl.exe
  C:\Windows\System\bAxLsnl.exe
  2⤵
  PID:5664
- C:\Windows\System\atXnQRB.exe
  C:\Windows\System\atXnQRB.exe
  2⤵
  PID:5680
- C:\Windows\System\zusBMHY.exe
  C:\Windows\System\zusBMHY.exe
  2⤵
  PID:5696
- C:\Windows\System\YDgZGhv.exe
  C:\Windows\System\YDgZGhv.exe
  2⤵
  PID:5712
- C:\Windows\System\Hbhkrsy.exe
  C:\Windows\System\Hbhkrsy.exe
  2⤵
  PID:5728
- C:\Windows\System\gSSrQBA.exe
  C:\Windows\System\gSSrQBA.exe
  2⤵
  PID:5744
- C:\Windows\System\RSKeUnv.exe
  C:\Windows\System\RSKeUnv.exe
  2⤵
  PID:5760
- C:\Windows\System\YYXOccI.exe
  C:\Windows\System\YYXOccI.exe
  2⤵
  PID:5776
- C:\Windows\System\hQewGkd.exe
  C:\Windows\System\hQewGkd.exe
  2⤵
  PID:5792
- C:\Windows\System\KLcRiQY.exe
  C:\Windows\System\KLcRiQY.exe
  2⤵
  PID:5808
- C:\Windows\System\VvXPVWn.exe
  C:\Windows\System\VvXPVWn.exe
  2⤵
  PID:5824
- C:\Windows\System\UsirpgB.exe
  C:\Windows\System\UsirpgB.exe
  2⤵
  PID:5840
- C:\Windows\System\fAhvZBF.exe
  C:\Windows\System\fAhvZBF.exe
  2⤵
  PID:5856
- C:\Windows\System\DEKcyRe.exe
  C:\Windows\System\DEKcyRe.exe
  2⤵
  PID:5872
- C:\Windows\System\ZbAeHbT.exe
  C:\Windows\System\ZbAeHbT.exe
  2⤵
  PID:5888
- C:\Windows\System\qfOFEom.exe
  C:\Windows\System\qfOFEom.exe
  2⤵
  PID:5904
- C:\Windows\System\EWJDXVw.exe
  C:\Windows\System\EWJDXVw.exe
  2⤵
  PID:5920
- C:\Windows\System\YqfjMUS.exe
  C:\Windows\System\YqfjMUS.exe
  2⤵
  PID:5936
- C:\Windows\System\xqCfsfF.exe
  C:\Windows\System\xqCfsfF.exe
  2⤵
  PID:5952
- C:\Windows\System\gAalHZF.exe
  C:\Windows\System\gAalHZF.exe
  2⤵
  PID:5968
- C:\Windows\System\NUrzgCI.exe
  C:\Windows\System\NUrzgCI.exe
  2⤵
  PID:5984
- C:\Windows\System\XEoiyfG.exe
  C:\Windows\System\XEoiyfG.exe
  2⤵
  PID:6000
- C:\Windows\System\AyrcJUY.exe
  C:\Windows\System\AyrcJUY.exe
  2⤵
  PID:6016
- C:\Windows\System\XrDTTYC.exe
  C:\Windows\System\XrDTTYC.exe
  2⤵
  PID:6032
- C:\Windows\System\jmTttRO.exe
  C:\Windows\System\jmTttRO.exe
  2⤵
  PID:6048
- C:\Windows\System\TDvQUww.exe
  C:\Windows\System\TDvQUww.exe
  2⤵
  PID:6064
- C:\Windows\System\oGOHhnw.exe
  C:\Windows\System\oGOHhnw.exe
  2⤵
  PID:6080
- C:\Windows\System\FazfzuM.exe
  C:\Windows\System\FazfzuM.exe
  2⤵
  PID:6096
- C:\Windows\System\vzJuKLW.exe
  C:\Windows\System\vzJuKLW.exe
  2⤵
  PID:6112
- C:\Windows\System\IDDyxst.exe
  C:\Windows\System\IDDyxst.exe
  2⤵
  PID:6128
- C:\Windows\System\byTOJnp.exe
  C:\Windows\System\byTOJnp.exe
  2⤵
  PID:4484
- C:\Windows\System\VqTViQh.exe
  C:\Windows\System\VqTViQh.exe
  2⤵
  PID:4572
- C:\Windows\System\wuRQpCc.exe
  C:\Windows\System\wuRQpCc.exe
  2⤵
  PID:4328
- C:\Windows\System\JOFuWtC.exe
  C:\Windows\System\JOFuWtC.exe
  2⤵
  PID:4244
- C:\Windows\System\LjSstVe.exe
  C:\Windows\System\LjSstVe.exe
  2⤵
  PID:4880
- C:\Windows\System\szzDEHA.exe
  C:\Windows\System\szzDEHA.exe
  2⤵
  PID:4680
- C:\Windows\System\IvmRwDc.exe
  C:\Windows\System\IvmRwDc.exe
  2⤵
  PID:4504
- C:\Windows\System\bmuyHjU.exe
  C:\Windows\System\bmuyHjU.exe
  2⤵
  PID:4752
- C:\Windows\System\TjUoyvW.exe
  C:\Windows\System\TjUoyvW.exe
  2⤵
  PID:4140
- C:\Windows\System\qifEpzf.exe
  C:\Windows\System\qifEpzf.exe
  2⤵
  PID:4124
- C:\Windows\System\iqbkVZK.exe
  C:\Windows\System\iqbkVZK.exe
  2⤵
  PID:5092
- C:\Windows\System\mOQJXDv.exe
  C:\Windows\System\mOQJXDv.exe
  2⤵
  PID:5160
- C:\Windows\System\ybLfJjV.exe
  C:\Windows\System\ybLfJjV.exe
  2⤵
  PID:5224
- C:\Windows\System\AdESRoo.exe
  C:\Windows\System\AdESRoo.exe
  2⤵
  PID:5304
- C:\Windows\System\utBkcaf.exe
  C:\Windows\System\utBkcaf.exe
  2⤵
  PID:5380
- C:\Windows\System\lRHAIoe.exe
  C:\Windows\System\lRHAIoe.exe
  2⤵
  PID:4744
- C:\Windows\System\FUuHUFd.exe
  C:\Windows\System\FUuHUFd.exe
  2⤵
  PID:3412
- C:\Windows\System\ovJIoME.exe
  C:\Windows\System\ovJIoME.exe
  2⤵
  PID:4828
- C:\Windows\System\bsRXzAW.exe
  C:\Windows\System\bsRXzAW.exe
  2⤵
  PID:5140
- C:\Windows\System\FkPafDk.exe
  C:\Windows\System\FkPafDk.exe
  2⤵
  PID:5452
- C:\Windows\System\QiLOJUM.exe
  C:\Windows\System\QiLOJUM.exe
  2⤵
  PID:5476
- C:\Windows\System\bCShhVp.exe
  C:\Windows\System\bCShhVp.exe
  2⤵
  PID:5496
- C:\Windows\System\tVnbBBb.exe
  C:\Windows\System\tVnbBBb.exe
  2⤵
  PID:5180
- C:\Windows\System\VdaEthw.exe
  C:\Windows\System\VdaEthw.exe
  2⤵
  PID:5240
- C:\Windows\System\FBXEdeT.exe
  C:\Windows\System\FBXEdeT.exe
  2⤵
  PID:5288
- C:\Windows\System\IwiVeZu.exe
  C:\Windows\System\IwiVeZu.exe
  2⤵
  PID:5352
- C:\Windows\System\uszwidf.exe
  C:\Windows\System\uszwidf.exe
  2⤵
  PID:5396
- C:\Windows\System\BCLrkjt.exe
  C:\Windows\System\BCLrkjt.exe
  2⤵
  PID:5544
- C:\Windows\System\CpHepas.exe
  C:\Windows\System\CpHepas.exe
  2⤵
  PID:5460
- C:\Windows\System\IDHuoWr.exe
  C:\Windows\System\IDHuoWr.exe
  2⤵
  PID:5608
- C:\Windows\System\iUQEKqC.exe
  C:\Windows\System\iUQEKqC.exe
  2⤵
  PID:5644
- C:\Windows\System\cIrOXem.exe
  C:\Windows\System\cIrOXem.exe
  2⤵
  PID:5524
- C:\Windows\System\hnpioMK.exe
  C:\Windows\System\hnpioMK.exe
  2⤵
  PID:5740
- C:\Windows\System\oyzNwDy.exe
  C:\Windows\System\oyzNwDy.exe
  2⤵
  PID:5804
- C:\Windows\System\PVuMRpq.exe
  C:\Windows\System\PVuMRpq.exe
  2⤵
  PID:5832
- C:\Windows\System\Gbzfyfo.exe
  C:\Windows\System\Gbzfyfo.exe
  2⤵
  PID:5628
- C:\Windows\System\UNJOpXF.exe
  C:\Windows\System\UNJOpXF.exe
  2⤵
  PID:5720
- C:\Windows\System\fVMqumn.exe
  C:\Windows\System\fVMqumn.exe
  2⤵
  PID:5868
- C:\Windows\System\YiOtxFS.exe
  C:\Windows\System\YiOtxFS.exe
  2⤵
  PID:5784
- C:\Windows\System\TXGedxn.exe
  C:\Windows\System\TXGedxn.exe
  2⤵
  PID:5848
- C:\Windows\System\nLUsNGv.exe
  C:\Windows\System\nLUsNGv.exe
  2⤵
  PID:5960
- C:\Windows\System\LUxHwXQ.exe
  C:\Windows\System\LUxHwXQ.exe
  2⤵
  PID:6028
- C:\Windows\System\bJvvceW.exe
  C:\Windows\System\bJvvceW.exe
  2⤵
  PID:6088
- C:\Windows\System\SEoNZoi.exe
  C:\Windows\System\SEoNZoi.exe
  2⤵
  PID:5884
- C:\Windows\System\DTvVVuf.exe
  C:\Windows\System\DTvVVuf.exe
  2⤵
  PID:6040
- C:\Windows\System\MsGeGRz.exe
  C:\Windows\System\MsGeGRz.exe
  2⤵
  PID:5976
- C:\Windows\System\mHNkxOa.exe
  C:\Windows\System\mHNkxOa.exe
  2⤵
  PID:6044
- C:\Windows\System\HsFQszP.exe
  C:\Windows\System\HsFQszP.exe
  2⤵
  PID:6108
- C:\Windows\System\VIXxxoL.exe
  C:\Windows\System\VIXxxoL.exe
  2⤵
  PID:4640
- C:\Windows\System\JoWicsS.exe
  C:\Windows\System\JoWicsS.exe
  2⤵
  PID:4500
- C:\Windows\System\UVwZzkt.exe
  C:\Windows\System\UVwZzkt.exe
  2⤵
  PID:4424
- C:\Windows\System\AfjEavy.exe
  C:\Windows\System\AfjEavy.exe
  2⤵
  PID:4624
- C:\Windows\System\dtqTlKC.exe
  C:\Windows\System\dtqTlKC.exe
  2⤵
  PID:4876
- C:\Windows\System\IFKzcPF.exe
  C:\Windows\System\IFKzcPF.exe
  2⤵
  PID:4384
- C:\Windows\System\wkMUMus.exe
  C:\Windows\System\wkMUMus.exe
  2⤵
  PID:5268
- C:\Windows\System\uOjcwSi.exe
  C:\Windows\System\uOjcwSi.exe
  2⤵
  PID:4908
- C:\Windows\System\SmpreZZ.exe
  C:\Windows\System\SmpreZZ.exe
  2⤵
  PID:5444
- C:\Windows\System\NLpPDyq.exe
  C:\Windows\System\NLpPDyq.exe
  2⤵
  PID:5376
- C:\Windows\System\maIgYQr.exe
  C:\Windows\System\maIgYQr.exe
  2⤵
  PID:4860
- C:\Windows\System\KtiUfdx.exe
  C:\Windows\System\KtiUfdx.exe
  2⤵
  PID:5320
- C:\Windows\System\RyBeMCq.exe
  C:\Windows\System\RyBeMCq.exe
  2⤵
  PID:5176
- C:\Windows\System\mZYUGWk.exe
  C:\Windows\System\mZYUGWk.exe
  2⤵
  PID:5448
- C:\Windows\System\AsFoJwU.exe
  C:\Windows\System\AsFoJwU.exe
  2⤵
  PID:5364
- C:\Windows\System\QkRMMFB.exe
  C:\Windows\System\QkRMMFB.exe
  2⤵
  PID:5736
- C:\Windows\System\RdcJDFs.exe
  C:\Windows\System\RdcJDFs.exe
  2⤵
  PID:5596
- C:\Windows\System\cAEVwre.exe
  C:\Windows\System\cAEVwre.exe
  2⤵
  PID:5560
- C:\Windows\System\ZphwfAS.exe
  C:\Windows\System\ZphwfAS.exe
  2⤵
  PID:5756
- C:\Windows\System\UIOWEQg.exe
  C:\Windows\System\UIOWEQg.exe
  2⤵
  PID:6060
- C:\Windows\System\NkrsNVd.exe
  C:\Windows\System\NkrsNVd.exe
  2⤵
  PID:5820
- C:\Windows\System\udMAcBG.exe
  C:\Windows\System\udMAcBG.exe
  2⤵
  PID:5880
- C:\Windows\System\hiVLLdz.exe
  C:\Windows\System\hiVLLdz.exe
  2⤵
  PID:6076
- C:\Windows\System\NTDFsMj.exe
  C:\Windows\System\NTDFsMj.exe
  2⤵
  PID:6092
- C:\Windows\System\EwYKafB.exe
  C:\Windows\System\EwYKafB.exe
  2⤵
  PID:5416
- C:\Windows\System\XxiDsWU.exe
  C:\Windows\System\XxiDsWU.exe
  2⤵
  PID:5264
- C:\Windows\System\vrSmzfp.exe
  C:\Windows\System\vrSmzfp.exe
  2⤵
  PID:5340
- C:\Windows\System\OAIPAux.exe
  C:\Windows\System\OAIPAux.exe
  2⤵
  PID:4468
- C:\Windows\System\oTyehVk.exe
  C:\Windows\System\oTyehVk.exe
  2⤵
  PID:5148
- C:\Windows\System\tBwvogT.exe
  C:\Windows\System\tBwvogT.exe
  2⤵
  PID:5472
- C:\Windows\System\iTdEjtZ.exe
  C:\Windows\System\iTdEjtZ.exe
  2⤵
  PID:1728
- C:\Windows\System\zjGXhhE.exe
  C:\Windows\System\zjGXhhE.exe
  2⤵
  PID:5520
- C:\Windows\System\NacvXtW.exe
  C:\Windows\System\NacvXtW.exe
  2⤵
  PID:5440
- C:\Windows\System\CBfmNiL.exe
  C:\Windows\System\CBfmNiL.exe
  2⤵
  PID:5284
- C:\Windows\System\UFTzVqL.exe
  C:\Windows\System\UFTzVqL.exe
  2⤵
  PID:4340
- C:\Windows\System\zgVjebi.exe
  C:\Windows\System\zgVjebi.exe
  2⤵
  PID:3604
- C:\Windows\System\GkTRdqu.exe
  C:\Windows\System\GkTRdqu.exe
  2⤵
  PID:5676
- C:\Windows\System\OzKPRAP.exe
  C:\Windows\System\OzKPRAP.exe
  2⤵
  PID:6056
- C:\Windows\System\sRWpVfj.exe
  C:\Windows\System\sRWpVfj.exe
  2⤵
  PID:6148
- C:\Windows\System\IjEanGT.exe
  C:\Windows\System\IjEanGT.exe
  2⤵
  PID:6164
- C:\Windows\System\vklDGfK.exe
  C:\Windows\System\vklDGfK.exe
  2⤵
  PID:6180
- C:\Windows\System\Efsgivb.exe
  C:\Windows\System\Efsgivb.exe
  2⤵
  PID:6200
- C:\Windows\System\bjCLYRH.exe
  C:\Windows\System\bjCLYRH.exe
  2⤵
  PID:6216
- C:\Windows\System\OOOVQGP.exe
  C:\Windows\System\OOOVQGP.exe
  2⤵
  PID:6236
- C:\Windows\System\zdAnJuV.exe
  C:\Windows\System\zdAnJuV.exe
  2⤵
  PID:6252
- C:\Windows\System\rgDZQkL.exe
  C:\Windows\System\rgDZQkL.exe
  2⤵
  PID:6268
- C:\Windows\System\QwlYjbW.exe
  C:\Windows\System\QwlYjbW.exe
  2⤵
  PID:6284
- C:\Windows\System\CDZwQCo.exe
  C:\Windows\System\CDZwQCo.exe
  2⤵
  PID:6300
- C:\Windows\System\FrmjEZt.exe
  C:\Windows\System\FrmjEZt.exe
  2⤵
  PID:6316
- C:\Windows\System\rJxWPgK.exe
  C:\Windows\System\rJxWPgK.exe
  2⤵
  PID:6332
- C:\Windows\System\eulScFQ.exe
  C:\Windows\System\eulScFQ.exe
  2⤵
  PID:6348
- C:\Windows\System\LlavYDU.exe
  C:\Windows\System\LlavYDU.exe
  2⤵
  PID:6364
- C:\Windows\System\zJWmIWp.exe
  C:\Windows\System\zJWmIWp.exe
  2⤵
  PID:6380
- C:\Windows\System\pvTbGcT.exe
  C:\Windows\System\pvTbGcT.exe
  2⤵
  PID:6396
- C:\Windows\System\aazUxsV.exe
  C:\Windows\System\aazUxsV.exe
  2⤵
  PID:6412
- C:\Windows\System\hhymiIs.exe
  C:\Windows\System\hhymiIs.exe
  2⤵
  PID:6428
- C:\Windows\System\fQwyYWR.exe
  C:\Windows\System\fQwyYWR.exe
  2⤵
  PID:6444
- C:\Windows\System\qBEKmmL.exe
  C:\Windows\System\qBEKmmL.exe
  2⤵
  PID:6460
- C:\Windows\System\jqwKCcn.exe
  C:\Windows\System\jqwKCcn.exe
  2⤵
  PID:6476
- C:\Windows\System\jQjVHFs.exe
  C:\Windows\System\jQjVHFs.exe
  2⤵
  PID:6492
- C:\Windows\System\BIwCyKZ.exe
  C:\Windows\System\BIwCyKZ.exe
  2⤵
  PID:6508
- C:\Windows\System\yGxhzQO.exe
  C:\Windows\System\yGxhzQO.exe
  2⤵
  PID:6524
- C:\Windows\System\AcdDWpZ.exe
  C:\Windows\System\AcdDWpZ.exe
  2⤵
  PID:6540
- C:\Windows\System\TpICbUq.exe
  C:\Windows\System\TpICbUq.exe
  2⤵
  PID:6556
- C:\Windows\System\SohDjDs.exe
  C:\Windows\System\SohDjDs.exe
  2⤵
  PID:6572
- C:\Windows\System\rOjJiOQ.exe
  C:\Windows\System\rOjJiOQ.exe
  2⤵
  PID:6588
- C:\Windows\System\tDCPnkq.exe
  C:\Windows\System\tDCPnkq.exe
  2⤵
  PID:6604
- C:\Windows\System\aHJVtsa.exe
  C:\Windows\System\aHJVtsa.exe
  2⤵
  PID:6620
- C:\Windows\System\RSfhQQq.exe
  C:\Windows\System\RSfhQQq.exe
  2⤵
  PID:6636
- C:\Windows\System\VNwxIva.exe
  C:\Windows\System\VNwxIva.exe
  2⤵
  PID:6652
- C:\Windows\System\adKCRFL.exe
  C:\Windows\System\adKCRFL.exe
  2⤵
  PID:6668
- C:\Windows\System\NlbffRE.exe
  C:\Windows\System\NlbffRE.exe
  2⤵
  PID:6688
- C:\Windows\System\qVhWWmO.exe
  C:\Windows\System\qVhWWmO.exe
  2⤵
  PID:6704
- C:\Windows\System\goPgqsl.exe
  C:\Windows\System\goPgqsl.exe
  2⤵
  PID:6720
- C:\Windows\System\CtgULAU.exe
  C:\Windows\System\CtgULAU.exe
  2⤵
  PID:6736
- C:\Windows\System\nDzENWm.exe
  C:\Windows\System\nDzENWm.exe
  2⤵
  PID:6752
- C:\Windows\System\qrsEsnq.exe
  C:\Windows\System\qrsEsnq.exe
  2⤵
  PID:6768
- C:\Windows\System\CMAypOQ.exe
  C:\Windows\System\CMAypOQ.exe
  2⤵
  PID:6784
- C:\Windows\System\kbrToYC.exe
  C:\Windows\System\kbrToYC.exe
  2⤵
  PID:6800
- C:\Windows\System\fpQhYNg.exe
  C:\Windows\System\fpQhYNg.exe
  2⤵
  PID:6816
- C:\Windows\System\SHlwggE.exe
  C:\Windows\System\SHlwggE.exe
  2⤵
  PID:6832
- C:\Windows\System\fvMAviV.exe
  C:\Windows\System\fvMAviV.exe
  2⤵
  PID:6848
- C:\Windows\System\IgvYdqx.exe
  C:\Windows\System\IgvYdqx.exe
  2⤵
  PID:6864
- C:\Windows\System\UFSPxsS.exe
  C:\Windows\System\UFSPxsS.exe
  2⤵
  PID:6880
- C:\Windows\System\LXBPzsC.exe
  C:\Windows\System\LXBPzsC.exe
  2⤵
  PID:6896
- C:\Windows\System\qyoxbIY.exe
  C:\Windows\System\qyoxbIY.exe
  2⤵
  PID:6912
- C:\Windows\System\CPRwkqZ.exe
  C:\Windows\System\CPRwkqZ.exe
  2⤵
  PID:6928
- C:\Windows\System\riGzPxI.exe
  C:\Windows\System\riGzPxI.exe
  2⤵
  PID:6944
- C:\Windows\System\jfpUtnR.exe
  C:\Windows\System\jfpUtnR.exe
  2⤵
  PID:6960
- C:\Windows\System\LYttJol.exe
  C:\Windows\System\LYttJol.exe
  2⤵
  PID:6976
- C:\Windows\System\enQFYil.exe
  C:\Windows\System\enQFYil.exe
  2⤵
  PID:6992
- C:\Windows\System\lqaxQCA.exe
  C:\Windows\System\lqaxQCA.exe
  2⤵
  PID:7008
- C:\Windows\System\SVWbfqB.exe
  C:\Windows\System\SVWbfqB.exe
  2⤵
  PID:7024
- C:\Windows\System\waiEGBG.exe
  C:\Windows\System\waiEGBG.exe
  2⤵
  PID:7040
- C:\Windows\System\aOhhDYq.exe
  C:\Windows\System\aOhhDYq.exe
  2⤵
  PID:7056
- C:\Windows\System\IHOMHig.exe
  C:\Windows\System\IHOMHig.exe
  2⤵
  PID:7072
- C:\Windows\System\fsJcHbn.exe
  C:\Windows\System\fsJcHbn.exe
  2⤵
  PID:7088
- C:\Windows\System\wPKaIaJ.exe
  C:\Windows\System\wPKaIaJ.exe
  2⤵
  PID:7104
- C:\Windows\System\rFpzykR.exe
  C:\Windows\System\rFpzykR.exe
  2⤵
  PID:7120
- C:\Windows\System\cIEEkhV.exe
  C:\Windows\System\cIEEkhV.exe
  2⤵
  PID:7136
- C:\Windows\System\nnYinvr.exe
  C:\Windows\System\nnYinvr.exe
  2⤵
  PID:7152
- C:\Windows\System\iXaRFoh.exe
  C:\Windows\System\iXaRFoh.exe
  2⤵
  PID:3004
- C:\Windows\System\CXixQwx.exe
  C:\Windows\System\CXixQwx.exe
  2⤵
  PID:5540
- C:\Windows\System\TLanvPR.exe
  C:\Windows\System\TLanvPR.exe
  2⤵
  PID:6188
- C:\Windows\System\KvrSTZG.exe
  C:\Windows\System\KvrSTZG.exe
  2⤵
  PID:6264
- C:\Windows\System\snbEHov.exe
  C:\Windows\System\snbEHov.exe
  2⤵
  PID:6296
- C:\Windows\System\qePjHhb.exe
  C:\Windows\System\qePjHhb.exe
  2⤵
  PID:6360
- C:\Windows\System\jhaHAmA.exe
  C:\Windows\System\jhaHAmA.exe
  2⤵
  PID:6420
- C:\Windows\System\PuVSiBF.exe
  C:\Windows\System\PuVSiBF.exe
  2⤵
  PID:5944
- C:\Windows\System\TomJVcn.exe
  C:\Windows\System\TomJVcn.exe
  2⤵
  PID:6208
- C:\Windows\System\CdLnJjc.exe
  C:\Windows\System\CdLnJjc.exe
  2⤵
  PID:4224
- C:\Windows\System\UnUADCg.exe
  C:\Windows\System\UnUADCg.exe
  2⤵
  PID:5488
- C:\Windows\System\yXRwjHt.exe
  C:\Windows\System\yXRwjHt.exe
  2⤵
  PID:5772
- C:\Windows\System\aYouLUZ.exe
  C:\Windows\System\aYouLUZ.exe
  2⤵
  PID:5580
- C:\Windows\System\levYICT.exe
  C:\Windows\System\levYICT.exe
  2⤵
  PID:6212
- C:\Windows\System\uRjIpMF.exe
  C:\Windows\System\uRjIpMF.exe
  2⤵
  PID:6280
- C:\Windows\System\TqYDoto.exe
  C:\Windows\System\TqYDoto.exe
  2⤵
  PID:6372
- C:\Windows\System\LfccBbM.exe
  C:\Windows\System\LfccBbM.exe
  2⤵
  PID:6440
- C:\Windows\System\qLtizjC.exe
  C:\Windows\System\qLtizjC.exe
  2⤵
  PID:6504
- C:\Windows\System\DhzYOio.exe
  C:\Windows\System\DhzYOio.exe
  2⤵
  PID:6580
- C:\Windows\System\MPPMIbL.exe
  C:\Windows\System\MPPMIbL.exe
  2⤵
  PID:6644
- C:\Windows\System\MTorOfp.exe
  C:\Windows\System\MTorOfp.exe
  2⤵
  PID:6532
- C:\Windows\System\glPQvoV.exe
  C:\Windows\System\glPQvoV.exe
  2⤵
  PID:6712
- C:\Windows\System\rHkddQU.exe
  C:\Windows\System\rHkddQU.exe
  2⤵
  PID:6568
- C:\Windows\System\HzCwNdB.exe
  C:\Windows\System\HzCwNdB.exe
  2⤵
  PID:6664
- C:\Windows\System\ygnsvDq.exe
  C:\Windows\System\ygnsvDq.exe
  2⤵
  PID:6780
- C:\Windows\System\aNqQJfT.exe
  C:\Windows\System\aNqQJfT.exe
  2⤵
  PID:6792
- C:\Windows\System\TTIWFIM.exe
  C:\Windows\System\TTIWFIM.exe
  2⤵
  PID:6728
- C:\Windows\System\FLBSIrl.exe
  C:\Windows\System\FLBSIrl.exe
  2⤵
  PID:6796
- C:\Windows\System\BNcOywS.exe
  C:\Windows\System\BNcOywS.exe
  2⤵
  PID:6856
- C:\Windows\System\lVXViWQ.exe
  C:\Windows\System\lVXViWQ.exe
  2⤵
  PID:6920
- C:\Windows\System\VCSXDqr.exe
  C:\Windows\System\VCSXDqr.exe
  2⤵
  PID:6984
- C:\Windows\System\dTEVFVU.exe
  C:\Windows\System\dTEVFVU.exe
  2⤵
  PID:6908
- C:\Windows\System\MQFfcrz.exe
  C:\Windows\System\MQFfcrz.exe
  2⤵
  PID:6972
- C:\Windows\System\zYMfAwF.exe
  C:\Windows\System\zYMfAwF.exe
  2⤵
  PID:7048
- C:\Windows\System\cegVUTR.exe
  C:\Windows\System\cegVUTR.exe
  2⤵
  PID:7112
- C:\Windows\System\cLMlHot.exe
  C:\Windows\System\cLMlHot.exe
  2⤵
  PID:7228
- C:\Windows\System\GruYmAe.exe
  C:\Windows\System\GruYmAe.exe
  2⤵
  PID:7248
- C:\Windows\System\UvjkJpW.exe
  C:\Windows\System\UvjkJpW.exe
  2⤵
  PID:7280
- C:\Windows\System\moPtPtN.exe
  C:\Windows\System\moPtPtN.exe
  2⤵
  PID:7308
- C:\Windows\System\jAIYeQq.exe
  C:\Windows\System\jAIYeQq.exe
  2⤵
  PID:7332
- C:\Windows\System\ztOvbgx.exe
  C:\Windows\System\ztOvbgx.exe
  2⤵
  PID:7356
- C:\Windows\System\ErFsizt.exe
  C:\Windows\System\ErFsizt.exe
  2⤵
  PID:7380
- C:\Windows\System\XrTYCIG.exe
  C:\Windows\System\XrTYCIG.exe
  2⤵
  PID:7400
- C:\Windows\System\sMHvRZg.exe
  C:\Windows\System\sMHvRZg.exe
  2⤵
  PID:7424
- C:\Windows\System\yMaoUDX.exe
  C:\Windows\System\yMaoUDX.exe
  2⤵
  PID:7448
- C:\Windows\System\xtwYWCU.exe
  C:\Windows\System\xtwYWCU.exe
  2⤵
  PID:7472
- C:\Windows\System\ltdfzdR.exe
  C:\Windows\System\ltdfzdR.exe
  2⤵
  PID:7496
- C:\Windows\System\gPPoWyu.exe
  C:\Windows\System\gPPoWyu.exe
  2⤵
  PID:7524
- C:\Windows\System\giOLyDn.exe
  C:\Windows\System\giOLyDn.exe
  2⤵
  PID:7548
- C:\Windows\System\DwZuajO.exe
  C:\Windows\System\DwZuajO.exe
  2⤵
  PID:7576
- C:\Windows\System\sqJGTMr.exe
  C:\Windows\System\sqJGTMr.exe
  2⤵
  PID:7600
- C:\Windows\System\HfCusJh.exe
  C:\Windows\System\HfCusJh.exe
  2⤵
  PID:7624
- C:\Windows\System\fNlZPVc.exe
  C:\Windows\System\fNlZPVc.exe
  2⤵
  PID:7652
- C:\Windows\System\SWYUxDx.exe
  C:\Windows\System\SWYUxDx.exe
  2⤵
  PID:7672
- C:\Windows\System\dOyDIbf.exe
  C:\Windows\System\dOyDIbf.exe
  2⤵
  PID:7700
- C:\Windows\System\fZmbjbd.exe
  C:\Windows\System\fZmbjbd.exe
  2⤵
  PID:7720
- C:\Windows\System\cFHasTe.exe
  C:\Windows\System\cFHasTe.exe
  2⤵
  PID:7736
- C:\Windows\System\qezBZyF.exe
  C:\Windows\System\qezBZyF.exe
  2⤵
  PID:7752
- C:\Windows\System\CwKEIqE.exe
  C:\Windows\System\CwKEIqE.exe
  2⤵
  PID:7768
- C:\Windows\System\HRZlCRQ.exe
  C:\Windows\System\HRZlCRQ.exe
  2⤵
  PID:7784
- C:\Windows\System\CTdUAdK.exe
  C:\Windows\System\CTdUAdK.exe
  2⤵
  PID:7824
- C:\Windows\System\vowPvAP.exe
  C:\Windows\System\vowPvAP.exe
  2⤵
  PID:7928
- C:\Windows\System\KeziyDM.exe
  C:\Windows\System\KeziyDM.exe
  2⤵
  PID:7948
- C:\Windows\System\FjlBHgr.exe
  C:\Windows\System\FjlBHgr.exe
  2⤵
  PID:7968
- C:\Windows\System\QVQzBJp.exe
  C:\Windows\System\QVQzBJp.exe
  2⤵
  PID:7992
- C:\Windows\System\LSLTnIC.exe
  C:\Windows\System\LSLTnIC.exe
  2⤵
  PID:8024
- C:\Windows\System\lsuOJOV.exe
  C:\Windows\System\lsuOJOV.exe
  2⤵
  PID:8064
- C:\Windows\System\ulvlLYS.exe
  C:\Windows\System\ulvlLYS.exe
  2⤵
  PID:8096
- C:\Windows\System\wUareAq.exe
  C:\Windows\System\wUareAq.exe
  2⤵
  PID:8128
- C:\Windows\System\joLrhzT.exe
  C:\Windows\System\joLrhzT.exe
  2⤵
  PID:8148
- C:\Windows\System\TciFkPL.exe
  C:\Windows\System\TciFkPL.exe
  2⤵
  PID:8164
- C:\Windows\System\kdkKJkY.exe
  C:\Windows\System\kdkKJkY.exe
  2⤵
  PID:8180
- C:\Windows\System\RfwQBgI.exe
  C:\Windows\System\RfwQBgI.exe
  2⤵
  PID:6548
- C:\Windows\System\EgVnuNl.exe
  C:\Windows\System\EgVnuNl.exe
  2⤵
  PID:7288
- C:\Windows\System\FYwaQoP.exe
  C:\Windows\System\FYwaQoP.exe
  2⤵
  PID:7344
- C:\Windows\System\FRPNyua.exe
  C:\Windows\System\FRPNyua.exe
  2⤵
  PID:7436
- C:\Windows\System\klUDFLi.exe
  C:\Windows\System\klUDFLi.exe
  2⤵
  PID:6952
- C:\Windows\System\rlbCLYW.exe
  C:\Windows\System\rlbCLYW.exe
  2⤵
  PID:6888
- C:\Windows\System\KJPQyNv.exe
  C:\Windows\System\KJPQyNv.exe
  2⤵
  PID:6968
- C:\Windows\System\KxyzOWp.exe
  C:\Windows\System\KxyzOWp.exe
  2⤵
  PID:6876
- C:\Windows\System\TrodwQO.exe
  C:\Windows\System\TrodwQO.exe
  2⤵
  PID:6224
- C:\Windows\System\zqcJOZZ.exe
  C:\Windows\System\zqcJOZZ.exe
  2⤵
  PID:6328
- C:\Windows\System\YRUtDjj.exe
  C:\Windows\System\YRUtDjj.exe
  2⤵
  PID:7100
- C:\Windows\System\PulCHhV.exe
  C:\Windows\System\PulCHhV.exe
  2⤵
  PID:5932
- C:\Windows\System\hyROPoh.exe
  C:\Windows\System\hyROPoh.exe
  2⤵
  PID:6176
- C:\Windows\System\foYnAlA.exe
  C:\Windows\System\foYnAlA.exe
  2⤵
  PID:5752
- C:\Windows\System\jFUFLbf.exe
  C:\Windows\System\jFUFLbf.exe
  2⤵
  PID:6632
- C:\Windows\System\MHRYtHN.exe
  C:\Windows\System\MHRYtHN.exe
  2⤵
  PID:6292
- C:\Windows\System\XUfgbIO.exe
  C:\Windows\System\XUfgbIO.exe
  2⤵
  PID:7176
- C:\Windows\System\EgDCaxY.exe
  C:\Windows\System\EgDCaxY.exe
  2⤵
  PID:7196
- C:\Windows\System\aOthszs.exe
  C:\Windows\System\aOthszs.exe
  2⤵
  PID:7220
- C:\Windows\System\pZwFgVD.exe
  C:\Windows\System\pZwFgVD.exe
  2⤵
  PID:7268
- C:\Windows\System\OhWlPhR.exe
  C:\Windows\System\OhWlPhR.exe
  2⤵
  PID:7324
- C:\Windows\System\uGGrNIe.exe
  C:\Windows\System\uGGrNIe.exe
  2⤵
  PID:7376
- C:\Windows\System\SgCgJBU.exe
  C:\Windows\System\SgCgJBU.exe
  2⤵
  PID:7420
- C:\Windows\System\DCtTAJh.exe
  C:\Windows\System\DCtTAJh.exe
  2⤵
  PID:7468
- C:\Windows\System\JectgBM.exe
  C:\Windows\System\JectgBM.exe
  2⤵
  PID:7568
- C:\Windows\System\tjLihGt.exe
  C:\Windows\System\tjLihGt.exe
  2⤵
  PID:7616
- C:\Windows\System\avihfUA.exe
  C:\Windows\System\avihfUA.exe
  2⤵
  PID:7668
- C:\Windows\System\vMRYzoz.exe
  C:\Windows\System\vMRYzoz.exe
  2⤵
  PID:7748
- C:\Windows\System\TvGtoAq.exe
  C:\Windows\System\TvGtoAq.exe
  2⤵
  PID:7392
- C:\Windows\System\jAsgyLJ.exe
  C:\Windows\System\jAsgyLJ.exe
  2⤵
  PID:7492
- C:\Windows\System\qYeNEZs.exe
  C:\Windows\System\qYeNEZs.exe
  2⤵
  PID:7544
- C:\Windows\System\rfkWisA.exe
  C:\Windows\System\rfkWisA.exe
  2⤵
  PID:7636
- C:\Windows\System\yOPNxPe.exe
  C:\Windows\System\yOPNxPe.exe
  2⤵
  PID:7688
- C:\Windows\System\bAUMJJI.exe
  C:\Windows\System\bAUMJJI.exe
  2⤵
  PID:7760
- C:\Windows\System\yDPJNmO.exe
  C:\Windows\System\yDPJNmO.exe
  2⤵
  PID:7808
- C:\Windows\System\EAZxaaN.exe
  C:\Windows\System\EAZxaaN.exe
  2⤵
  PID:7840
- C:\Windows\System\YlAfLwv.exe
  C:\Windows\System\YlAfLwv.exe
  2⤵
  PID:7976
- C:\Windows\System\jmUIzqj.exe
  C:\Windows\System\jmUIzqj.exe
  2⤵
  PID:8032
- C:\Windows\System\skCMLTJ.exe
  C:\Windows\System\skCMLTJ.exe
  2⤵
  PID:8056
- C:\Windows\System\Zsmufvh.exe
  C:\Windows\System\Zsmufvh.exe
  2⤵
  PID:8112
- C:\Windows\System\LNMAJsH.exe
  C:\Windows\System\LNMAJsH.exe
  2⤵
  PID:8156
- C:\Windows\System\frevSOc.exe
  C:\Windows\System\frevSOc.exe
  2⤵
  PID:7900
- C:\Windows\System\GXMkFPB.exe
  C:\Windows\System\GXMkFPB.exe
  2⤵
  PID:7856
- C:\Windows\System\JVFgHIm.exe
  C:\Windows\System\JVFgHIm.exe
  2⤵
  PID:7872
- C:\Windows\System\fvaELZp.exe
  C:\Windows\System\fvaELZp.exe
  2⤵
  PID:7888
- C:\Windows\System\QsjLCAC.exe
  C:\Windows\System\QsjLCAC.exe
  2⤵
  PID:7912
- C:\Windows\System\qCeNzpr.exe
  C:\Windows\System\qCeNzpr.exe
  2⤵
  PID:8000
- C:\Windows\System\gRngYvA.exe
  C:\Windows\System\gRngYvA.exe
  2⤵
  PID:8020
- C:\Windows\System\DjTrSKX.exe
  C:\Windows\System\DjTrSKX.exe
  2⤵
  PID:8088
- C:\Windows\System\uLQjgXP.exe
  C:\Windows\System\uLQjgXP.exe
  2⤵
  PID:7432
- C:\Windows\System\mabNSxp.exe
  C:\Windows\System\mabNSxp.exe
  2⤵
  PID:7304
- C:\Windows\System\AcHSAZa.exe
  C:\Windows\System\AcHSAZa.exe
  2⤵
  PID:7036
- C:\Windows\System\rgNsyjB.exe
  C:\Windows\System\rgNsyjB.exe
  2⤵
  PID:6840
- C:\Windows\System\NbHkgBe.exe
  C:\Windows\System\NbHkgBe.exe
  2⤵
  PID:6392
- C:\Windows\System\dAQLUHw.exe
  C:\Windows\System\dAQLUHw.exe
  2⤵
  PID:5028
- C:\Windows\System\twXDsEJ.exe
  C:\Windows\System\twXDsEJ.exe
  2⤵
  PID:6700
- C:\Windows\System\vLpJBbp.exe
  C:\Windows\System\vLpJBbp.exe
  2⤵
  PID:5800
- C:\Windows\System\susDxkK.exe
  C:\Windows\System\susDxkK.exe
  2⤵
  PID:7096
- C:\Windows\System\LbxHYxM.exe
  C:\Windows\System\LbxHYxM.exe
  2⤵
  PID:7164
- C:\Windows\System\ASuQzwv.exe
  C:\Windows\System\ASuQzwv.exe
  2⤵
  PID:6472
- C:\Windows\System\kOSrqXT.exe
  C:\Windows\System\kOSrqXT.exe
  2⤵
  PID:6488
- C:\Windows\System\tNdPqGc.exe
  C:\Windows\System\tNdPqGc.exe
  2⤵
  PID:7212
- C:\Windows\System\ohIYXmG.exe
  C:\Windows\System\ohIYXmG.exe
  2⤵
  PID:6956
- C:\Windows\System\QwCtOld.exe
  C:\Windows\System\QwCtOld.exe
  2⤵
  PID:7276
- C:\Windows\System\pBsokGu.exe
  C:\Windows\System\pBsokGu.exe
  2⤵
  PID:7068
- C:\Windows\System\VvEqbTF.exe
  C:\Windows\System\VvEqbTF.exe
  2⤵
  PID:7264
- C:\Windows\System\qaAauSs.exe
  C:\Windows\System\qaAauSs.exe
  2⤵
  PID:7464
- C:\Windows\System\WXYydmT.exe
  C:\Windows\System\WXYydmT.exe
  2⤵
  PID:7508
- C:\Windows\System\SXczYSq.exe
  C:\Windows\System\SXczYSq.exe
  2⤵
  PID:7560
- C:\Windows\System\iTepCTK.exe
  C:\Windows\System\iTepCTK.exe
  2⤵
  PID:7340
- C:\Windows\System\oDmprgV.exe
  C:\Windows\System\oDmprgV.exe
  2⤵
  PID:7644
- C:\Windows\System\ZMeRCvl.exe
  C:\Windows\System\ZMeRCvl.exe
  2⤵
  PID:7804
- C:\Windows\System\xJiTytk.exe
  C:\Windows\System\xJiTytk.exe
  2⤵
  PID:8048
- C:\Windows\System\HJnPber.exe
  C:\Windows\System\HJnPber.exe
  2⤵
  PID:7844
- C:\Windows\System\RDyrakd.exe
  C:\Windows\System\RDyrakd.exe
  2⤵
  PID:7880
- C:\Windows\System\EfNUGJg.exe
  C:\Windows\System\EfNUGJg.exe
  2⤵
  PID:7924
- C:\Windows\System\jrOPmsg.exe
  C:\Windows\System\jrOPmsg.exe
  2⤵
  PID:7812
- C:\Windows\System\IOcqkHD.exe
  C:\Windows\System\IOcqkHD.exe
  2⤵
  PID:7716
- C:\Windows\System\CCvecMA.exe
  C:\Windows\System\CCvecMA.exe
  2⤵
  PID:7632
- C:\Windows\System\RrEfDdT.exe
  C:\Windows\System\RrEfDdT.exe
  2⤵
  PID:7988
- C:\Windows\System\ecmoOyj.exe
  C:\Windows\System\ecmoOyj.exe
  2⤵
  PID:7864
- C:\Windows\System\ZIWMYWn.exe
  C:\Windows\System\ZIWMYWn.exe
  2⤵
  PID:6812
- C:\Windows\System\wmuiVOH.exe
  C:\Windows\System\wmuiVOH.exe
  2⤵
  PID:6552
- C:\Windows\System\rOeMlDO.exe
  C:\Windows\System\rOeMlDO.exe
  2⤵
  PID:7904
- C:\Windows\System\vHYOqxo.exe
  C:\Windows\System\vHYOqxo.exe
  2⤵
  PID:8140
- C:\Windows\System\EykdgjR.exe
  C:\Windows\System\EykdgjR.exe
  2⤵
  PID:5420
- C:\Windows\System\YOAqHtD.exe
  C:\Windows\System\YOAqHtD.exe
  2⤵
  PID:6536
- C:\Windows\System\yRIEwoI.exe
  C:\Windows\System\yRIEwoI.exe
  2⤵
  PID:6356
- C:\Windows\System\rEywbHC.exe
  C:\Windows\System\rEywbHC.exe
  2⤵
  PID:6248
- C:\Windows\System\qQqPzHE.exe
  C:\Windows\System\qQqPzHE.exe
  2⤵
  PID:6500
- C:\Windows\System\IqovXIv.exe
  C:\Windows\System\IqovXIv.exe
  2⤵
  PID:7460
- C:\Windows\System\BVlwGRn.exe
  C:\Windows\System\BVlwGRn.exe
  2⤵
  PID:7520
- C:\Windows\System\xPCpHGJ.exe
  C:\Windows\System\xPCpHGJ.exe
  2⤵
  PID:7584
- C:\Windows\System\kRggkzM.exe
  C:\Windows\System\kRggkzM.exe
  2⤵
  PID:6308
- C:\Windows\System\ATDJdqP.exe
  C:\Windows\System\ATDJdqP.exe
  2⤵
  PID:7208
- C:\Windows\System\rgySYfQ.exe
  C:\Windows\System\rgySYfQ.exe
  2⤵
  PID:7260
- C:\Windows\System\eVjeuPA.exe
  C:\Windows\System\eVjeuPA.exe
  2⤵
  PID:7300
- C:\Windows\System\iKHFhrp.exe
  C:\Windows\System\iKHFhrp.exe
  2⤵
  PID:7800
- C:\Windows\System\wsXsCvV.exe
  C:\Windows\System\wsXsCvV.exe
  2⤵
  PID:8076
- C:\Windows\System\qrhtaNf.exe
  C:\Windows\System\qrhtaNf.exe
  2⤵
  PID:7776
- C:\Windows\System\OwqgDUf.exe
  C:\Windows\System\OwqgDUf.exe
  2⤵
  PID:8188
- C:\Windows\System\TxnAcQD.exe
  C:\Windows\System\TxnAcQD.exe
  2⤵
  PID:7816
- C:\Windows\System\tOmEIHF.exe
  C:\Windows\System\tOmEIHF.exe
  2⤵
  PID:6436
- C:\Windows\System\FuFYqvC.exe
  C:\Windows\System\FuFYqvC.exe
  2⤵
  PID:2852
- C:\Windows\System\MTLRjuv.exe
  C:\Windows\System\MTLRjuv.exe
  2⤵
  PID:6660
- C:\Windows\System\bvQJUNy.exe
  C:\Windows\System\bvQJUNy.exe
  2⤵
  PID:6616
- C:\Windows\System\edRrdJu.exe
  C:\Windows\System\edRrdJu.exe
  2⤵
  PID:7080
- C:\Windows\System\MejOyAs.exe
  C:\Windows\System\MejOyAs.exe
  2⤵
  PID:7940
- C:\Windows\System\OyQYxMG.exe
  C:\Windows\System\OyQYxMG.exe
  2⤵
  PID:7660
- C:\Windows\System\rJcWizc.exe
  C:\Windows\System\rJcWizc.exe
  2⤵
  PID:7732
- C:\Windows\System\KJwUOYU.exe
  C:\Windows\System\KJwUOYU.exe
  2⤵
  PID:8008
- C:\Windows\System\piUobFV.exe
  C:\Windows\System\piUobFV.exe
  2⤵
  PID:7540
- C:\Windows\System\uExNTnk.exe
  C:\Windows\System\uExNTnk.exe
  2⤵
  PID:6628
- C:\Windows\System\NKfrFEY.exe
  C:\Windows\System\NKfrFEY.exe
  2⤵
  PID:6484
- C:\Windows\System\flBNBjC.exe
  C:\Windows\System\flBNBjC.exe
  2⤵
  PID:7320
- C:\Windows\System\zPIrWGd.exe
  C:\Windows\System\zPIrWGd.exe
  2⤵
  PID:8044
- C:\Windows\System\AaaiiRr.exe
  C:\Windows\System\AaaiiRr.exe
  2⤵
  PID:6748
- C:\Windows\System\EsYgBzN.exe
  C:\Windows\System\EsYgBzN.exe
  2⤵
  PID:7596
- C:\Windows\System\iZTRpXo.exe
  C:\Windows\System\iZTRpXo.exe
  2⤵
  PID:7944
- C:\Windows\System\ueSaTvW.exe
  C:\Windows\System\ueSaTvW.exe
  2⤵
  PID:7256
- C:\Windows\System\JcEAoqR.exe
  C:\Windows\System\JcEAoqR.exe
  2⤵
  PID:7484
- C:\Windows\System\tsKREeE.exe
  C:\Windows\System\tsKREeE.exe
  2⤵
  PID:7236
- C:\Windows\System\NiiCBaN.exe
  C:\Windows\System\NiiCBaN.exe
  2⤵
  PID:7488
- C:\Windows\System\cujvCWp.exe
  C:\Windows\System\cujvCWp.exe
  2⤵
  PID:7372
- C:\Windows\System\DOqOZJr.exe
  C:\Windows\System\DOqOZJr.exe
  2⤵
  PID:8208
- C:\Windows\System\JdTbLyq.exe
  C:\Windows\System\JdTbLyq.exe
  2⤵
  PID:8224
- C:\Windows\System\iOkCSNm.exe
  C:\Windows\System\iOkCSNm.exe
  2⤵
  PID:8240
- C:\Windows\System\fReeoVl.exe
  C:\Windows\System\fReeoVl.exe
  2⤵
  PID:8256
- C:\Windows\System\CiDEMks.exe
  C:\Windows\System\CiDEMks.exe
  2⤵
  PID:8272
- C:\Windows\System\GsUyzwj.exe
  C:\Windows\System\GsUyzwj.exe
  2⤵
  PID:8288
- C:\Windows\System\uNdwOns.exe
  C:\Windows\System\uNdwOns.exe
  2⤵
  PID:8304
- C:\Windows\System\cLAPvLt.exe
  C:\Windows\System\cLAPvLt.exe
  2⤵
  PID:8328
- C:\Windows\System\kbVZZPV.exe
  C:\Windows\System\kbVZZPV.exe
  2⤵
  PID:8344
- C:\Windows\System\zUQDMUr.exe
  C:\Windows\System\zUQDMUr.exe
  2⤵
  PID:8364
- C:\Windows\System\blfaTwX.exe
  C:\Windows\System\blfaTwX.exe
  2⤵
  PID:8380
- C:\Windows\System\jZVRHiL.exe
  C:\Windows\System\jZVRHiL.exe
  2⤵
  PID:8396
- C:\Windows\System\JHzYMUK.exe
  C:\Windows\System\JHzYMUK.exe
  2⤵
  PID:8412
- C:\Windows\System\jqzyZrA.exe
  C:\Windows\System\jqzyZrA.exe
  2⤵
  PID:8432
- C:\Windows\System\ChZMizd.exe
  C:\Windows\System\ChZMizd.exe
  2⤵
  PID:8448
- C:\Windows\System\yAgaIZI.exe
  C:\Windows\System\yAgaIZI.exe
  2⤵
  PID:8464
- C:\Windows\System\csrqPjO.exe
  C:\Windows\System\csrqPjO.exe
  2⤵
  PID:8480
- C:\Windows\System\KrrlAWv.exe
  C:\Windows\System\KrrlAWv.exe
  2⤵
  PID:8496
- C:\Windows\System\SXQWBap.exe
  C:\Windows\System\SXQWBap.exe
  2⤵
  PID:8512
- C:\Windows\System\RFrLLpX.exe
  C:\Windows\System\RFrLLpX.exe
  2⤵
  PID:8532
- C:\Windows\System\DbsvdVJ.exe
  C:\Windows\System\DbsvdVJ.exe
  2⤵
  PID:8548
- C:\Windows\System\OxoDEtN.exe
  C:\Windows\System\OxoDEtN.exe
  2⤵
  PID:8568
- C:\Windows\System\DEccfPd.exe
  C:\Windows\System\DEccfPd.exe
  2⤵
  PID:8584
- C:\Windows\System\rzCnVil.exe
  C:\Windows\System\rzCnVil.exe
  2⤵
  PID:8608
- C:\Windows\System\EhrFWkh.exe
  C:\Windows\System\EhrFWkh.exe
  2⤵
  PID:8624
- C:\Windows\System\IVIUSEJ.exe
  C:\Windows\System\IVIUSEJ.exe
  2⤵
  PID:8640
- C:\Windows\System\wShocKx.exe
  C:\Windows\System\wShocKx.exe
  2⤵
  PID:8656
- C:\Windows\System\AuXutXW.exe
  C:\Windows\System\AuXutXW.exe
  2⤵
  PID:8672
- C:\Windows\System\DhzSGzB.exe
  C:\Windows\System\DhzSGzB.exe
  2⤵
  PID:8688
- C:\Windows\System\yeeLfLG.exe
  C:\Windows\System\yeeLfLG.exe
  2⤵
  PID:8724
- C:\Windows\System\yyjkwbH.exe
  C:\Windows\System\yyjkwbH.exe
  2⤵
  PID:8740
- C:\Windows\System\XxgThfT.exe
  C:\Windows\System\XxgThfT.exe
  2⤵
  PID:8760
- C:\Windows\System\BNzHUgq.exe
  C:\Windows\System\BNzHUgq.exe
  2⤵
  PID:8776
- C:\Windows\System\DlacZbU.exe
  C:\Windows\System\DlacZbU.exe
  2⤵
  PID:8792
- C:\Windows\System\blPWSwr.exe
  C:\Windows\System\blPWSwr.exe
  2⤵
  PID:8808
- C:\Windows\System\CpHYPVn.exe
  C:\Windows\System\CpHYPVn.exe
  2⤵
  PID:8824
- C:\Windows\System\AAJQEBz.exe
  C:\Windows\System\AAJQEBz.exe
  2⤵
  PID:8840
- C:\Windows\System\tdrVQUA.exe
  C:\Windows\System\tdrVQUA.exe
  2⤵
  PID:8856
- C:\Windows\System\bRYtlMy.exe
  C:\Windows\System\bRYtlMy.exe
  2⤵
  PID:8872
- C:\Windows\System\RNQYGcJ.exe
  C:\Windows\System\RNQYGcJ.exe
  2⤵
  PID:8888
- C:\Windows\System\sIlqNzo.exe
  C:\Windows\System\sIlqNzo.exe
  2⤵
  PID:8904
- C:\Windows\System\lAUBsPM.exe
  C:\Windows\System\lAUBsPM.exe
  2⤵
  PID:8920
- C:\Windows\System\TnhpkbO.exe
  C:\Windows\System\TnhpkbO.exe
  2⤵
  PID:8936
- C:\Windows\System\xlGfqyG.exe
  C:\Windows\System\xlGfqyG.exe
  2⤵
  PID:8952
- C:\Windows\System\iBBfNNA.exe
  C:\Windows\System\iBBfNNA.exe
  2⤵
  PID:8968
- C:\Windows\System\OQCWzLe.exe
  C:\Windows\System\OQCWzLe.exe
  2⤵
  PID:8984
- C:\Windows\System\TkyZWqG.exe
  C:\Windows\System\TkyZWqG.exe
  2⤵
  PID:9004
- C:\Windows\System\xiXBwlS.exe
  C:\Windows\System\xiXBwlS.exe
  2⤵
  PID:9020
- C:\Windows\System\lmCaUrh.exe
  C:\Windows\System\lmCaUrh.exe
  2⤵
  PID:9036
- C:\Windows\System\AioFGGS.exe
  C:\Windows\System\AioFGGS.exe
  2⤵
  PID:9052
- C:\Windows\System\CDliJpB.exe
  C:\Windows\System\CDliJpB.exe
  2⤵
  PID:9072
- C:\Windows\System\xxylTjN.exe
  C:\Windows\System\xxylTjN.exe
  2⤵
  PID:9088
- C:\Windows\System\QBqzUUy.exe
  C:\Windows\System\QBqzUUy.exe
  2⤵
  PID:9104
- C:\Windows\System\fhuKQjj.exe
  C:\Windows\System\fhuKQjj.exe
  2⤵
  PID:9120
- C:\Windows\System\fhjzWQR.exe
  C:\Windows\System\fhjzWQR.exe
  2⤵
  PID:9136
- C:\Windows\System\zJPgocp.exe
  C:\Windows\System\zJPgocp.exe
  2⤵
  PID:9152
- C:\Windows\System\wxoHbKP.exe
  C:\Windows\System\wxoHbKP.exe
  2⤵
  PID:9168
- C:\Windows\System\lhUotyR.exe
  C:\Windows\System\lhUotyR.exe
  2⤵
  PID:9184
- C:\Windows\System\ptNfeNW.exe
  C:\Windows\System\ptNfeNW.exe
  2⤵
  PID:9200
- C:\Windows\System\KWxUXpZ.exe
  C:\Windows\System\KWxUXpZ.exe
  2⤵
  PID:7296
- C:\Windows\System\bVqfaDO.exe
  C:\Windows\System\bVqfaDO.exe
  2⤵
  PID:7532
- C:\Windows\System\pGUxAAp.exe
  C:\Windows\System\pGUxAAp.exe
  2⤵
  PID:8284
- C:\Windows\System\yzvkoXF.exe
  C:\Windows\System\yzvkoXF.exe
  2⤵
  PID:8216
- C:\Windows\System\WpjLZsv.exe
  C:\Windows\System\WpjLZsv.exe
  2⤵
  PID:8264
- C:\Windows\System\RygbIuG.exe
  C:\Windows\System\RygbIuG.exe
  2⤵
  PID:8324
- C:\Windows\System\uYafULc.exe
  C:\Windows\System\uYafULc.exe
  2⤵
  PID:8300
- C:\Windows\System\bBQpBuj.exe
  C:\Windows\System\bBQpBuj.exe
  2⤵
  PID:8388
- C:\Windows\System\jPWdsRv.exe
  C:\Windows\System\jPWdsRv.exe
  2⤵
  PID:8800
- C:\Windows\System\oPloWoz.exe
  C:\Windows\System\oPloWoz.exe
  2⤵
  PID:8836
- C:\Windows\System\nuwBspQ.exe
  C:\Windows\System\nuwBspQ.exe
  2⤵
  PID:8752
- C:\Windows\System\qFiYIjb.exe
  C:\Windows\System\qFiYIjb.exe
  2⤵
  PID:8756
- C:\Windows\System\IHacFlM.exe
  C:\Windows\System\IHacFlM.exe
  2⤵
  PID:8820
- C:\Windows\System\WjLdgHO.exe
  C:\Windows\System\WjLdgHO.exe
  2⤵
  PID:8976
- C:\Windows\System\VpFJONs.exe
  C:\Windows\System\VpFJONs.exe
  2⤵
  PID:9016
- C:\Windows\System\xWrPzVr.exe
  C:\Windows\System\xWrPzVr.exe
  2⤵
  PID:9080
- C:\Windows\System\tuCcuRF.exe
  C:\Windows\System\tuCcuRF.exe
  2⤵
  PID:9128
- C:\Windows\System\iAzShzq.exe
  C:\Windows\System\iAzShzq.exe
  2⤵
  PID:9196
- C:\Windows\System\OjkYtOg.exe
  C:\Windows\System\OjkYtOg.exe
  2⤵
  PID:9208
- C:\Windows\System\CJAfIiM.exe
  C:\Windows\System\CJAfIiM.exe
  2⤵
  PID:8320
- C:\Windows\System\CQiFOjx.exe
  C:\Windows\System\CQiFOjx.exe
  2⤵
  PID:8404
- C:\Windows\System\QDSYhNu.exe
  C:\Windows\System\QDSYhNu.exe
  2⤵
  PID:8428
- C:\Windows\System\qLUdArw.exe
  C:\Windows\System\qLUdArw.exe
  2⤵
  PID:8508
- C:\Windows\System\LeoTqVq.exe
  C:\Windows\System\LeoTqVq.exe
  2⤵
  PID:8520
- C:\Windows\System\BAAyAQK.exe
  C:\Windows\System\BAAyAQK.exe
  2⤵
  PID:8564
- C:\Windows\System\NxEDYBj.exe
  C:\Windows\System\NxEDYBj.exe
  2⤵
  PID:8648
- C:\Windows\System\KXocGAy.exe
  C:\Windows\System\KXocGAy.exe
  2⤵
  PID:8456
- C:\Windows\System\lfyNTEF.exe
  C:\Windows\System\lfyNTEF.exe
  2⤵
  PID:8664
- C:\Windows\System\MGJuxTt.exe
  C:\Windows\System\MGJuxTt.exe
  2⤵
  PID:8832
- C:\Windows\System\slXrwyB.exe
  C:\Windows\System\slXrwyB.exe
  2⤵
  PID:8864
- C:\Windows\System\qrrmkmZ.exe
  C:\Windows\System\qrrmkmZ.exe
  2⤵
  PID:9000
- C:\Windows\System\umsOAYZ.exe
  C:\Windows\System\umsOAYZ.exe
  2⤵
  PID:8928
- C:\Windows\System\msaTdYH.exe
  C:\Windows\System\msaTdYH.exe
  2⤵
  PID:8996
- C:\Windows\System\VoSlRYN.exe
  C:\Windows\System\VoSlRYN.exe
  2⤵
  PID:9060
- C:\Windows\System\mZnEoWK.exe
  C:\Windows\System\mZnEoWK.exe
  2⤵
  PID:9100
- C:\Windows\System\XDuusWL.exe
  C:\Windows\System\XDuusWL.exe
  2⤵
  PID:9084
- C:\Windows\System\fXdvQmr.exe
  C:\Windows\System\fXdvQmr.exe
  2⤵
  PID:9180
- C:\Windows\System\ywwbapG.exe
  C:\Windows\System\ywwbapG.exe
  2⤵
  PID:8232
- C:\Windows\System\DwjQyZp.exe
  C:\Windows\System\DwjQyZp.exe
  2⤵
  PID:8268
- C:\Windows\System\EKSTLHw.exe
  C:\Windows\System\EKSTLHw.exe
  2⤵
  PID:8528
- C:\Windows\System\xjSAYKl.exe
  C:\Windows\System\xjSAYKl.exe
  2⤵
  PID:8488
- C:\Windows\System\nmuCEPm.exe
  C:\Windows\System\nmuCEPm.exe
  2⤵
  PID:8556
- C:\Windows\System\YRnTYjP.exe
  C:\Windows\System\YRnTYjP.exe
  2⤵
  PID:8684
- C:\Windows\System\QMOhBLy.exe
  C:\Windows\System\QMOhBLy.exe
  2⤵
  PID:8632
- C:\Windows\System\JyJTiZk.exe
  C:\Windows\System\JyJTiZk.exe
  2⤵
  PID:8788
- C:\Windows\System\FxlvNdt.exe
  C:\Windows\System\FxlvNdt.exe
  2⤵
  PID:8900
- C:\Windows\System\MWXFwrq.exe
  C:\Windows\System\MWXFwrq.exe
  2⤵
  PID:8964
- C:\Windows\System\jYSCXJo.exe
  C:\Windows\System\jYSCXJo.exe
  2⤵
  PID:9032
- C:\Windows\System\NFywbkc.exe
  C:\Windows\System\NFywbkc.exe
  2⤵
  PID:9164
- C:\Windows\System\epKRama.exe
  C:\Windows\System\epKRama.exe
  2⤵
  PID:9176
- C:\Windows\System\NmBhIsB.exe
  C:\Windows\System\NmBhIsB.exe
  2⤵
  PID:8296
- C:\Windows\System\HgzlZCk.exe
  C:\Windows\System\HgzlZCk.exe
  2⤵
  PID:8420
- C:\Windows\System\cmmLCfN.exe
  C:\Windows\System\cmmLCfN.exe
  2⤵
  PID:8620
- C:\Windows\System\ffknZte.exe
  C:\Windows\System\ffknZte.exe
  2⤵
  PID:7132
- C:\Windows\System\XJrsuLR.exe
  C:\Windows\System\XJrsuLR.exe
  2⤵
  PID:8772
- C:\Windows\System\hkUdHGz.exe
  C:\Windows\System\hkUdHGz.exe
  2⤵
  PID:1492
- C:\Windows\System\VcYNuQL.exe
  C:\Windows\System\VcYNuQL.exe
  2⤵
  PID:8884
- C:\Windows\System\KBaRFvI.exe
  C:\Windows\System\KBaRFvI.exe
  2⤵
  PID:8948
- C:\Windows\System\CaiWdKd.exe
  C:\Windows\System\CaiWdKd.exe
  2⤵
  PID:8372
- C:\Windows\System\vCqjlUm.exe
  C:\Windows\System\vCqjlUm.exe
  2⤵
  PID:8200
- C:\Windows\System\dKJGSPR.exe
  C:\Windows\System\dKJGSPR.exe
  2⤵
  PID:7896
- C:\Windows\System\YxKVOdC.exe
  C:\Windows\System\YxKVOdC.exe
  2⤵
  PID:9224
- C:\Windows\System\vIaFxrm.exe
  C:\Windows\System\vIaFxrm.exe
  2⤵
  PID:9240
- C:\Windows\System\qBqRfoj.exe
  C:\Windows\System\qBqRfoj.exe
  2⤵
  PID:9256
- C:\Windows\System\hKVQBSj.exe
  C:\Windows\System\hKVQBSj.exe
  2⤵
  PID:9272
- C:\Windows\System\QQvRRUo.exe
  C:\Windows\System\QQvRRUo.exe
  2⤵
  PID:9288
- C:\Windows\System\lVDrjYk.exe
  C:\Windows\System\lVDrjYk.exe
  2⤵
  PID:9308
- C:\Windows\System\HkBLono.exe
  C:\Windows\System\HkBLono.exe
  2⤵
  PID:9324
- C:\Windows\System\xHCigHC.exe
  C:\Windows\System\xHCigHC.exe
  2⤵
  PID:9340
- C:\Windows\System\MEdWyDb.exe
  C:\Windows\System\MEdWyDb.exe
  2⤵
  PID:9364
- C:\Windows\System\pXlfddb.exe
  C:\Windows\System\pXlfddb.exe
  2⤵
  PID:9444
- C:\Windows\System\gsSYDYo.exe
  C:\Windows\System\gsSYDYo.exe
  2⤵
  PID:9464
- C:\Windows\System\uiPLygF.exe
  C:\Windows\System\uiPLygF.exe
  2⤵
  PID:9480
- C:\Windows\System\VaNwBRj.exe
  C:\Windows\System\VaNwBRj.exe
  2⤵
  PID:9496
- C:\Windows\System\DsdajQs.exe
  C:\Windows\System\DsdajQs.exe
  2⤵
  PID:9512
- C:\Windows\System\qTgrjCE.exe
  C:\Windows\System\qTgrjCE.exe
  2⤵
  PID:9532
- C:\Windows\System\hauhShf.exe
  C:\Windows\System\hauhShf.exe
  2⤵
  PID:9556
- C:\Windows\System\jolvgHi.exe
  C:\Windows\System\jolvgHi.exe
  2⤵
  PID:9572
- C:\Windows\System\dAzIQcW.exe
  C:\Windows\System\dAzIQcW.exe
  2⤵
  PID:9592
- C:\Windows\System\fqBAKXe.exe
  C:\Windows\System\fqBAKXe.exe
  2⤵
  PID:9612
- C:\Windows\System\yxbQOzY.exe
  C:\Windows\System\yxbQOzY.exe
  2⤵
  PID:9640
- C:\Windows\System\VoBTDMy.exe
  C:\Windows\System\VoBTDMy.exe
  2⤵
  PID:9660
- C:\Windows\System\JuJcHMO.exe
  C:\Windows\System\JuJcHMO.exe
  2⤵
  PID:9676
- C:\Windows\System\WGkkgfl.exe
  C:\Windows\System\WGkkgfl.exe
  2⤵
  PID:9696
- C:\Windows\System\PfGwXam.exe
  C:\Windows\System\PfGwXam.exe
  2⤵
  PID:9716
- C:\Windows\System\sDpzFWh.exe
  C:\Windows\System\sDpzFWh.exe
  2⤵
  PID:9732
- C:\Windows\System\vyEQTgN.exe
  C:\Windows\System\vyEQTgN.exe
  2⤵
  PID:9752
- C:\Windows\System\rtLEuxI.exe
  C:\Windows\System\rtLEuxI.exe
  2⤵
  PID:9768
- C:\Windows\System\xVsXXjY.exe
  C:\Windows\System\xVsXXjY.exe
  2⤵
  PID:9784
- C:\Windows\System\hnDbPWG.exe
  C:\Windows\System\hnDbPWG.exe
  2⤵
  PID:9804
- C:\Windows\System\aaQUdXV.exe
  C:\Windows\System\aaQUdXV.exe
  2⤵
  PID:9820
- C:\Windows\System\qKiIMIM.exe
  C:\Windows\System\qKiIMIM.exe
  2⤵
  PID:9840
- C:\Windows\System\fxyCEBB.exe
  C:\Windows\System\fxyCEBB.exe
  2⤵
  PID:9872
- C:\Windows\System\QpDWkYT.exe
  C:\Windows\System\QpDWkYT.exe
  2⤵
  PID:9888
- C:\Windows\System\VgNZOpu.exe
  C:\Windows\System\VgNZOpu.exe
  2⤵
  PID:9912
- C:\Windows\System\JdnsBIx.exe
  C:\Windows\System\JdnsBIx.exe
  2⤵
  PID:9932
- C:\Windows\System\ITqWOhK.exe
  C:\Windows\System\ITqWOhK.exe
  2⤵
  PID:9956
- C:\Windows\System\obIwPiF.exe
  C:\Windows\System\obIwPiF.exe
  2⤵
  PID:9972
- C:\Windows\System\OlcLvEN.exe
  C:\Windows\System\OlcLvEN.exe
  2⤵
  PID:9996
- C:\Windows\System\ElOLJfV.exe
  C:\Windows\System\ElOLJfV.exe
  2⤵
  PID:10016
- C:\Windows\System\ldlSzWI.exe
  C:\Windows\System\ldlSzWI.exe
  2⤵
  PID:10032
- C:\Windows\System\CErdilI.exe
  C:\Windows\System\CErdilI.exe
  2⤵
  PID:10052
- C:\Windows\System\RtTtWEK.exe
  C:\Windows\System\RtTtWEK.exe
  2⤵
  PID:10080
- C:\Windows\System\fPfLngZ.exe
  C:\Windows\System\fPfLngZ.exe
  2⤵
  PID:10100
- C:\Windows\System\ADtCmbG.exe
  C:\Windows\System\ADtCmbG.exe
  2⤵
  PID:10120
- C:\Windows\System\grisNbG.exe
  C:\Windows\System\grisNbG.exe
  2⤵
  PID:10148
- C:\Windows\System\SHxjtaj.exe
  C:\Windows\System\SHxjtaj.exe
  2⤵
  PID:10168
- C:\Windows\System\CwgWrSV.exe
  C:\Windows\System\CwgWrSV.exe
  2⤵
  PID:10184
- C:\Windows\System\IvNzZXI.exe
  C:\Windows\System\IvNzZXI.exe
  2⤵
  PID:10200
- C:\Windows\System\OPanOSo.exe
  C:\Windows\System\OPanOSo.exe
  2⤵
  PID:10220
- C:\Windows\System\RvJCDYg.exe
  C:\Windows\System\RvJCDYg.exe
  2⤵
  PID:8504
- C:\Windows\System\VPWDncO.exe
  C:\Windows\System\VPWDncO.exe
  2⤵
  PID:8912
- C:\Windows\System\VCYXbGx.exe
  C:\Windows\System\VCYXbGx.exe
  2⤵
  PID:8356
- C:\Windows\System\fVWWHDM.exe
  C:\Windows\System\fVWWHDM.exe
  2⤵
  PID:8560
- C:\Windows\System\EqgyiMn.exe
  C:\Windows\System\EqgyiMn.exe
  2⤵
  PID:9236
- C:\Windows\System\LShvxeI.exe
  C:\Windows\System\LShvxeI.exe
  2⤵
  PID:9220
- C:\Windows\System\MAISjbk.exe
  C:\Windows\System\MAISjbk.exe
  2⤵
  PID:9284
- C:\Windows\System\pukloJm.exe
  C:\Windows\System\pukloJm.exe
  2⤵
  PID:9268
- C:\Windows\System\TQEUVRw.exe
  C:\Windows\System\TQEUVRw.exe
  2⤵
  PID:9332
- C:\Windows\System\hEKMthu.exe
  C:\Windows\System\hEKMthu.exe
  2⤵
  PID:9356
- C:\Windows\System\hxsjRMl.exe
  C:\Windows\System\hxsjRMl.exe
  2⤵
  PID:9392
- C:\Windows\System\ffMDVLT.exe
  C:\Windows\System\ffMDVLT.exe
  2⤵
  PID:9428
- C:\Windows\System\UDiBCLm.exe
  C:\Windows\System\UDiBCLm.exe
  2⤵
  PID:9424
- C:\Windows\System\KolJpHD.exe
  C:\Windows\System\KolJpHD.exe
  2⤵
  PID:9472
- C:\Windows\System\xrSXTbh.exe
  C:\Windows\System\xrSXTbh.exe
  2⤵
  PID:9492
- C:\Windows\System\MmsiykU.exe
  C:\Windows\System\MmsiykU.exe
  2⤵
  PID:9544
- C:\Windows\System\ATrKIUX.exe
  C:\Windows\System\ATrKIUX.exe
  2⤵
  PID:9520
- C:\Windows\System\kTqDvAK.exe
  C:\Windows\System\kTqDvAK.exe
  2⤵
  PID:9600
- C:\Windows\System\FECWxyA.exe
  C:\Windows\System\FECWxyA.exe
  2⤵
  PID:9652
- C:\Windows\System\uqewvTn.exe
  C:\Windows\System\uqewvTn.exe
  2⤵
  PID:9656
- C:\Windows\System\ByLkXwe.exe
  C:\Windows\System\ByLkXwe.exe
  2⤵
  PID:9620
- C:\Windows\System\gPfVSid.exe
  C:\Windows\System\gPfVSid.exe
  2⤵
  PID:9800
- C:\Windows\System\FdXqyUe.exe
  C:\Windows\System\FdXqyUe.exe
  2⤵
  PID:9624
- C:\Windows\System\ieYTdSX.exe
  C:\Windows\System\ieYTdSX.exe
  2⤵
  PID:9880
- C:\Windows\System\msmsFQj.exe
  C:\Windows\System\msmsFQj.exe
  2⤵
  PID:9964
- C:\Windows\System\Qqiexfh.exe
  C:\Windows\System\Qqiexfh.exe
  2⤵
  PID:10004
- C:\Windows\System\giEWJaA.exe
  C:\Windows\System\giEWJaA.exe
  2⤵
  PID:10040
- C:\Windows\System\ThQMvPD.exe
  C:\Windows\System\ThQMvPD.exe
  2⤵
  PID:10044
- C:\Windows\System\nIWdneq.exe
  C:\Windows\System\nIWdneq.exe
  2⤵
  PID:10024
- C:\Windows\System\dlTXMIQ.exe
  C:\Windows\System\dlTXMIQ.exe
  2⤵
  PID:10092
- C:\Windows\System\YYmfrRH.exe
  C:\Windows\System\YYmfrRH.exe
  2⤵
  PID:9904
- C:\Windows\System\DXELeCI.exe
  C:\Windows\System\DXELeCI.exe
  2⤵
  PID:10108
- C:\Windows\System\njVLRnQ.exe
  C:\Windows\System\njVLRnQ.exe
  2⤵
  PID:9992
- C:\Windows\System\khyNNDL.exe
  C:\Windows\System\khyNNDL.exe
  2⤵
  PID:10076
- C:\Windows\System\kBBWwov.exe
  C:\Windows\System\kBBWwov.exe
  2⤵
  PID:10140
- C:\Windows\System\ZfOdrOe.exe
  C:\Windows\System\ZfOdrOe.exe
  2⤵
  PID:10208
- C:\Windows\System\vKXCqeX.exe
  C:\Windows\System\vKXCqeX.exe
  2⤵
  PID:9144
- C:\Windows\System\BYArZAN.exe
  C:\Windows\System\BYArZAN.exe
  2⤵
  PID:9376
- C:\Windows\System\eNZiZCL.exe
  C:\Windows\System\eNZiZCL.exe
  2⤵
  PID:9452
- C:\Windows\System\YUElOuu.exe
  C:\Windows\System\YUElOuu.exe
  2⤵
  PID:9692
- C:\Windows\System\GgrjKzr.exe
  C:\Windows\System\GgrjKzr.exe
  2⤵
  PID:9628
- C:\Windows\System\YaQteGb.exe
  C:\Windows\System\YaQteGb.exe
  2⤵
  PID:9868
- C:\Windows\System\puOOYJB.exe
  C:\Windows\System\puOOYJB.exe
  2⤵
  PID:9816
- C:\Windows\System\uncrtlB.exe
  C:\Windows\System\uncrtlB.exe
  2⤵
  PID:7612
- C:\Windows\System\aCcZuIX.exe
  C:\Windows\System\aCcZuIX.exe
  2⤵
  PID:9952
- C:\Windows\System\TjdVUra.exe
  C:\Windows\System\TjdVUra.exe
  2⤵
  PID:10060
- C:\Windows\System\krCFrQG.exe
  C:\Windows\System\krCFrQG.exe
  2⤵
  PID:10156
- C:\Windows\System\sPkElws.exe
  C:\Windows\System\sPkElws.exe
  2⤵
  PID:9540
- C:\Windows\System\ShdcTVQ.exe
  C:\Windows\System\ShdcTVQ.exe
  2⤵
  PID:9300
- C:\Windows\System\iPfCtJG.exe
  C:\Windows\System\iPfCtJG.exe
  2⤵
  PID:9984
- C:\Windows\System\FAvfwFE.exe
  C:\Windows\System\FAvfwFE.exe
  2⤵
  PID:9456
- C:\Windows\System\BFwDIKe.exe
  C:\Windows\System\BFwDIKe.exe
  2⤵
  PID:10116
- C:\Windows\System\iKSVsta.exe
  C:\Windows\System\iKSVsta.exe
  2⤵
  PID:10228
- C:\Windows\System\ENDJbEd.exe
  C:\Windows\System\ENDJbEd.exe
  2⤵
  PID:10008
- C:\Windows\System\VucyJjG.exe
  C:\Windows\System\VucyJjG.exe
  2⤵
  PID:9252
- C:\Windows\System\mmNdoMy.exe
  C:\Windows\System\mmNdoMy.exe
  2⤵
  PID:9940
- C:\Windows\System\ArdtCbY.exe
  C:\Windows\System\ArdtCbY.exe
  2⤵
  PID:9760
- C:\Windows\System\fGbgWxr.exe
  C:\Windows\System\fGbgWxr.exe
  2⤵
  PID:9580
- C:\Windows\System\qPNjCOF.exe
  C:\Windows\System\qPNjCOF.exe
  2⤵
  PID:9372
- C:\Windows\System\vrACFvH.exe
  C:\Windows\System\vrACFvH.exe
  2⤵
  PID:9924
- C:\Windows\System\jxSZUoT.exe
  C:\Windows\System\jxSZUoT.exe
  2⤵
  PID:10160
- C:\Windows\System\HejmvgO.exe
  C:\Windows\System\HejmvgO.exe
  2⤵
  PID:10068
- C:\Windows\System\kOQecqI.exe
  C:\Windows\System\kOQecqI.exe
  2⤵
  PID:9524
- C:\Windows\System\CWbkVSy.exe
  C:\Windows\System\CWbkVSy.exe
  2⤵
  PID:9404
- C:\Windows\System\bHejOuz.exe
  C:\Windows\System\bHejOuz.exe
  2⤵
  PID:9416
- C:\Windows\System\kaYQtkd.exe
  C:\Windows\System\kaYQtkd.exe
  2⤵
  PID:9860
- C:\Windows\System\wBORYax.exe
  C:\Windows\System\wBORYax.exe
  2⤵
  PID:9776
- C:\Windows\System\vIsYMKD.exe
  C:\Windows\System\vIsYMKD.exe
  2⤵
  PID:9792
- C:\Windows\System\yGwRjHT.exe
  C:\Windows\System\yGwRjHT.exe
  2⤵
  PID:8700
- C:\Windows\System\WcgDPAw.exe
  C:\Windows\System\WcgDPAw.exe
  2⤵
  PID:10180
- C:\Windows\System\KWoRYHY.exe
  C:\Windows\System\KWoRYHY.exe
  2⤵
  PID:9636
- C:\Windows\System\fRLywdF.exe
  C:\Windows\System\fRLywdF.exe
  2⤵
  PID:9668
- C:\Windows\System\VCsDcRk.exe
  C:\Windows\System\VCsDcRk.exe
  2⤵
  PID:9728
- C:\Windows\System\jHWvbJp.exe
  C:\Windows\System\jHWvbJp.exe
  2⤵
  PID:9708
- C:\Windows\System\ULrnrAA.exe
  C:\Windows\System\ULrnrAA.exe
  2⤵
  PID:9928
- C:\Windows\System\JJQJhMf.exe
  C:\Windows\System\JJQJhMf.exe
  2⤵
  PID:9460
- C:\Windows\System\daLVqQF.exe
  C:\Windows\System\daLVqQF.exe
  2⤵
  PID:9400
- C:\Windows\System\RUORjma.exe
  C:\Windows\System\RUORjma.exe
  2⤵
  PID:10248
- C:\Windows\System\CSJlfZH.exe
  C:\Windows\System\CSJlfZH.exe
  2⤵
  PID:10272
- C:\Windows\System\AlbtwmA.exe
  C:\Windows\System\AlbtwmA.exe
  2⤵
  PID:10292
- C:\Windows\System\OJGnrPF.exe
  C:\Windows\System\OJGnrPF.exe
  2⤵
  PID:10308
- C:\Windows\System\zkElDxR.exe
  C:\Windows\System\zkElDxR.exe
  2⤵
  PID:10332
- C:\Windows\System\ArDWuyL.exe
  C:\Windows\System\ArDWuyL.exe
  2⤵
  PID:10348
- C:\Windows\System\JYkXEjG.exe
  C:\Windows\System\JYkXEjG.exe
  2⤵
  PID:10368
- C:\Windows\System\AczLwzj.exe
  C:\Windows\System\AczLwzj.exe
  2⤵
  PID:10388
- C:\Windows\System\QXGAloZ.exe
  C:\Windows\System\QXGAloZ.exe
  2⤵
  PID:10412
- C:\Windows\System\ARrywSK.exe
  C:\Windows\System\ARrywSK.exe
  2⤵
  PID:10432
- C:\Windows\System\LKPnhFp.exe
  C:\Windows\System\LKPnhFp.exe
  2⤵
  PID:10452
- C:\Windows\System\IFhsMxP.exe
  C:\Windows\System\IFhsMxP.exe
  2⤵
  PID:10476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AabltzL.exe

Filesize
6.0MB

MD5
337812d87a0ba36c82ed3333f3842447

SHA1
3b44a9ef963611225e4485bbd48abf31f2f7cb4b

SHA256
1ea175831d65ae36e35114ec43fd8c0f5c56782f6acf4ac7b1137bdcfa36f46d

SHA512
5f78b34962a6293e7ed59970cd13a389fd1165138b039bb09b3ffd9bcf5e7b13e3117cf6f781215708bf7bb14d7cc6fb1a1274e3ba11b9400d532bf37882943f

Download Submit
C:\Windows\system\EWhNInZ.exe

Filesize
6.0MB

MD5
a7e11e219e5968b97389bb3adfc93942

SHA1
a8f3f7d4a4e4c6fd1c1937623743a76a28494d89

SHA256
013b392a7e88f05d3923564dfbe1d18026b499b74552c6de0d965e72df148d22

SHA512
12ff8472559bde41fbebac562a6a33f8c6d8f134b0cace27cfba855d358e4e2ad6092e0fe160bb4ca24297d9d845c9e0561ab2a0874d7ac8e66662a3d851dc55

Download Submit
C:\Windows\system\GcxEuHO.exe

Filesize
6.0MB

MD5
55283f22e9da37c4be07d2f1c708a6b0

SHA1
5cf1f85038a82deaf3b8e8fb2553003c178ac0b4

SHA256
a5035720b7943fdada684e3aa006ccc8db0f76e8922042e000c1b693138be6f7

SHA512
4ac10ac8514b4963aac1516ceb25209c0a55b3b7321b483f29e52a2d15a3a8970cddd1952ca1382e8a9a4d5676e11e89f5424bde38f6f457665fe21a2b380e59

Download Submit
C:\Windows\system\KnlXiTa.exe

Filesize
6.0MB

MD5
a8bd5be4826c5da0f62b1b4dcb66682e

SHA1
c7c99f42b7a8a30fc9e712920eeb5fdfee41c094

SHA256
52faf8d6658212196df5231de52f83202cf7159ee6c0f964b86ed5b050e6cc48

SHA512
126298d2cd887ca7c64863d71b07de59ba2eaedde1a57b66dd7b0b9c9dc939453729615576b31e7f41b32a087f4e9e1bce797b177bfbf96748db85945fc36019

Download Submit
C:\Windows\system\LZNgPOS.exe

Filesize
6.0MB

MD5
74780f3b525caf2c771ab7231fa5c07a

SHA1
5d0bc837a08541d480fc141cb43af1a26f0a50ce

SHA256
0da5a1f0aa91f0d9be9fa33461b6557c48bee02df797b59ce696aadd138715f5

SHA512
fa3f02341900534c16bb03941b1d5f73c3cab30f84fe5fdbb5ba23c163750e660f95b4714f049d54bec13f229f5e5189bf224f2bb4e35e94db1457828162921d

Download Submit
C:\Windows\system\QKuifzn.exe

Filesize
6.0MB

MD5
ab57c3a01d1cc81de3d2f9634d2414fa

SHA1
6b28edaf2c89fb83260553a9a22abf0eab33b97a

SHA256
fe53951dff6bbd0fcb1f6d6dab1c09bd6236a0808b3ac257803b3bf16bdb990b

SHA512
c80ff61c957a7f969f5314c32b08c1febb65feb9b2ad420642e6263edda1b05dcce8c36ad3abf94b51583cee977b1041ea613b360ce8c8f204f7d1c0404af5fa

Download Submit
C:\Windows\system\SwdpbAn.exe

Filesize
6.0MB

MD5
7a37ccd89a4d574ee964e11d61068e40

SHA1
73e6fca63c00a721396ff22439856f3ce61502a2

SHA256
30572f021de443dd3745c464845706964769db00ed190e8581b98a9f12852a43

SHA512
9ba20dc8a3e048dd14e5264e0e42324a4a51f9bf16bcdc7b3ee7391e5317cad27805a2bf29af01ef33104d2bdd309cfbd85230bd7451c93bee6f221b5aee440a

Download Submit
C:\Windows\system\WQelEDw.exe

Filesize
6.0MB

MD5
820ffd60b3f290f8238fbcb931a2ef48

SHA1
2d681ae0aa294e393264c01fdf370b8c41a8c5b0

SHA256
cd2607369b75b156946a4293d0dd388334fc9e911d6e097367064508d84ba5a4

SHA512
2634f02d79b95fb415e0f5634a881dd5afbf6c2d92e070f6295c2fd89d7a1a54973eb42ecc0fa7208828ffec6018fe7d29f3f74e71a76f764ebe304703300a70

Download Submit
C:\Windows\system\XOLzeGR.exe

Filesize
6.0MB

MD5
658f74a2dcac5e4edfda112f8c4e3540

SHA1
6d014410c12cfe1a239c355090b2afb17fa2ad17

SHA256
589d2f3dbae137586c99e9beb64c62e182442ca78636aa0d41beff0521f010a6

SHA512
c846db9e6492fa34e26f4ff844e5d00751678b3c73592a299e830f87c472c67dd3f9fc073e4b73af1d4be0cc4469d0f7af0f0c067c892e5051bd46cac1dcefd0

Download Submit
C:\Windows\system\XWQtwhR.exe

Filesize
6.0MB

MD5
60c261aa4cf45d9ea7df0bbc5c9b8fab

SHA1
983c43b846b3a27f0ac668f5a4b8592667f7e303

SHA256
15a194fd9693aa820d90415dcba0a5b4e3a9220c137f1c000fb9cf5b2ffbaa1a

SHA512
f5dc6d98bd4684403fd7179d845b2415b64e00d3462e77b1fd565208d7721437e99d7bda7de31603c9b304ca479f41ccf319c4b04442f16c891cc5f283c410d1

Download Submit
C:\Windows\system\XzKmgMx.exe

Filesize
6.0MB

MD5
4cebdb76ab241d548094f560298c1115

SHA1
501d3c498aed760cc1c29751b5721654c0d9cd35

SHA256
11b2c4f4cd8f6cdc72609c4a4c33322b156973a33e09d37e1725bce0a097fa47

SHA512
dcb0f9b3ca40af4f234f0c4a004fc4227f152321e50e24a8a6f200d103c180f65bbcd0b4c28df1d17b6008c49d49446764cadb102c84f277cb1c235df88a5434

Download Submit
C:\Windows\system\ZIGwWKC.exe

Filesize
6.0MB

MD5
e298a2fa67b3fc76e5ffd17853adde06

SHA1
6b4269ec91f42137947927b9f8d07d383ea002e1

SHA256
764c44d9b3edb7f38aab979ed811ecc2310184c9167545bf7f9c2a0e662fb69d

SHA512
c1f9528b829a88ec075e8dde49dc84a4e33f43b46656f9af9489da2741cb96a2a7584b508564705fa92fcf4a55f070f93147ae82b979212f4723928a1dad8c76

Download Submit
C:\Windows\system\abQuTDf.exe

Filesize
6.0MB

MD5
10123b6b81ecccdc1e46559a311c44ac

SHA1
d88bb3845e3d52ec4d328f05549365aa5a29da4b

SHA256
2ba227538faf44ed046d8cfe644ca9d32ff3a3130523b27250bb15c64a84cf46

SHA512
8dd248d7c5154b94b17db84d7ed75d5b4b06e4bdc0e8ad2a10c00e0dee9640f9b4a749eda6a77f23fa94d7afb74d691ef686a74be211473e0d31fe7664557d19

Download Submit
C:\Windows\system\baWEsxE.exe

Filesize
6.0MB

MD5
a8a00935b8d10d287e0c0312e55cdccb

SHA1
ef1777298803236ca8634b8fdfe245ee97ec1a0d

SHA256
dbf268092fa4c95c8096c0352dd8e3b58bd25bbaf6b5a7c70f9d21c94530c0aa

SHA512
ce977fda954b6f614f28858d1a26a1e6e6f55e34c30cd2cefc7885297f2a2e6d5a8007a8adad2b9ea16af55361d932bec4f274e46cffa444da012128cef36c09

Download Submit
C:\Windows\system\gYXutqW.exe

Filesize
6.0MB

MD5
7572439084565789f937bcd210d13670

SHA1
8c50806a50d2fd7506ab010663c7878fbcd8bf56

SHA256
5f21703d69275db2cfaf02aa633e50d46e00404c9264658c0db1e195bc801aad

SHA512
86ebe6d010f4affa9e202a24aed082f44711afdda6730ff10c219e7ec7d20ed3cb4d3bcfc3616a15e9d08998215ccc2eef0fbbfec5819644853b0aa14903ba89

Download Submit
C:\Windows\system\geqTIOJ.exe

Filesize
6.0MB

MD5
98c08ca417f62b1a1844694916d010c1

SHA1
54b9529b4e46e222cabdc82115aedc72c232b074

SHA256
dbcf3b351b9557ba075fb51a33e2fc6ef79da6fbdbffd912fd12f645a168eaef

SHA512
da8c0d0c99b24a1cfd87472e0ade6d9ba95e79b7dc58ee8e0bd6e535754b7c33d53d5587e051b889c3cce0539844ec37ddb11b5e076a7e90d6c6a1a393bb276f

Download Submit
C:\Windows\system\iiuPMqN.exe

Filesize
6.0MB

MD5
ba198fa4e45f699be2c3c4e3279f5c1f

SHA1
d89f602a932e52e26cc7a30fb5638e9dd8d111d7

SHA256
eb9b659f5f299d3f638945cb2eb0a5c59c5668d251d4016ccfbb9d68f40265e8

SHA512
a47c5e27e082c3cf30208992d1ff8897421b52d6cde6035aa30b4f3e59247868b271ad3aa7a655dfca5937dbaeaa302125a8f484fb4152ef35c5bed12e33c0e9

Download Submit
C:\Windows\system\jQJaqHk.exe

Filesize
6.0MB

MD5
10e8dde032d6b68e5a0679a2429321d7

SHA1
eeaded4fce558e637becca4a2a344f1c6953a613

SHA256
a7a4076e78b648019eff63f6980bf0f3c7105d5c9d809533103de2e1bd36da0a

SHA512
5d0e8b7a9895743fa632f6278ad2300e9c04036c5b8d62f06d3a23199f96fe29b104a8df5a056d319c2e491e59c52a6249c1cf4a09eddc293dc8c2f903fc5110

Download Submit
C:\Windows\system\lwXMREl.exe

Filesize
6.0MB

MD5
c729d2841c74d2ffac27d9ddc6e5e6fb

SHA1
b5c16ec4f9ac2b2c87e1fe003d4fb497bcef20e0

SHA256
e9065b5f780b4cecc34e36ce205e466803d2edffd6516f8798addf725cd24c1d

SHA512
a3d038269c00a01263ad1c5c573271059c9d7cb6864f266a40a3ac082124c5e90bbfca8cb4eebec0dc1f5e6b42294593ff445de32feef044a3a766f011837b5f

Download Submit
C:\Windows\system\mFpqPJE.exe

Filesize
6.0MB

MD5
d77cad8729de23bd6dfb100427adf6b4

SHA1
66090305ad75585ea6e292e1b6541c831db19018

SHA256
3e9f651d9b13c6865ae56efd0eeae9277c10cb2fc91693c2be7090d889cf1cac

SHA512
0bb0c29579c509ff80fa5097d25d3626893772473d3c9db2af4a003959c2f3453af4997705b3e417c4079f09d44c147959e3f2aca680ab30d6cafac1a3c3703c

Download Submit
C:\Windows\system\nMUlBOf.exe

Filesize
6.0MB

MD5
38b73c2f65682bdefa00fcb19ae353ad

SHA1
ac9ce11c0f4b857ad363a6b69d86d9bb6c1d01b8

SHA256
0ded7cd0ff4c99ebc5abe3357e3f2fce59ee89e33879ce27199eab12063a2a13

SHA512
843b4abf7e097e4758faf416f3e7101a297960eac3486c9030cf389d86641c27d08cc8dc84eadec650eb6c8e76d4cfee3ae1a6385588212e39406605760fcc16

Download Submit
C:\Windows\system\oopWTfV.exe

Filesize
6.0MB

MD5
715678cb7cf22adda9871ba135c4f878

SHA1
7a5d059db14d7aaac6746876ea5b149068b22809

SHA256
a70a7718c323aa7d263a32e1b7088a60d31ef15c05ec067e09443cd65eaba464

SHA512
5ab3eeb8ab690bf3d8b301e7b735b1ff6618f9db43e6a931cabdb06b30000e3acc0fa948beaebda259ac0d7142d32affe8e348804070b4fea3ded0421c9f6262

Download Submit
C:\Windows\system\pfdbDOx.exe

Filesize
6.0MB

MD5
ccddb743641d900ad539d7fea415ffa5

SHA1
2509b0071f1a0066662ec46d61b34a5bae4692af

SHA256
feb23e5b5e31475510d946068d596166a5e4103ca54404c7680ba760bfded871

SHA512
dff8f9e4b9c8b10f595d9d680134e40b40630e4cce040be22fe88061945742dccac77e1a34ecbf06245452727dfddfc9f4fa90d89fb518aede837b3b2a1c777d

Download Submit
C:\Windows\system\rkQbUpE.exe

Filesize
6.0MB

MD5
a3229f19300b2482e2f7f1da8c1f5bf2

SHA1
33eb23a36b4a63d067ade9d518eee5c7513a7fdb

SHA256
2862e8df5cd6f53326615b2f5cb1db7a577250c0d450aee8344349d93001563d

SHA512
0e6722de30a11ee4979c2a0ba6b9bf43a71f4c8711b68ee947331d225851764e04d713e9814229c86af6a78d50b2140848b96860bdec92abef698a316692a471

Download Submit
C:\Windows\system\uUmYXiS.exe

Filesize
6.0MB

MD5
557b4f9333685e95b297d1fb7929270d

SHA1
f1810d93bcbb13a19b89daebb0465303cb61261f

SHA256
f34b1d922aff2161ca77c030e8f68a1a191da52839172a336e37f3820a14c847

SHA512
d7356082ed0edd862355dea59b660f9d9986129a72669e48d3a41be2e13db48affd1bbf72fa95ac92174cb10ad382a047afbab295d4fa4adc2c0dd89a8a480c4

Download Submit
C:\Windows\system\xiAHAYS.exe

Filesize
6.0MB

MD5
2d7a0f0bb314487abef5e542b6d72c53

SHA1
bc7a0069d255073b61c4ab157977efbc0644cbc8

SHA256
3aa1f6e302e88fda3dfb58432db1b20088260dd2d8710ab9ebacadaa91ce0632

SHA512
d2fc223fc49bad22537a111302c37ce3a6406f4270fc01756413d0b9bd608e75107a38633c37c8efc3680f98fbea36835c6f1520e4685b1080e712f5efc5424b

Download Submit
C:\Windows\system\ySNuPmj.exe

Filesize
6.0MB

MD5
19cc43138e72f0932cc7e7871935dff6

SHA1
5be0bd94325c74a603f72cf025c7fa4955362ab5

SHA256
6d69b61d2dd04f31a97dbc135a7c050d9e75651bd0d26356e7cca24752266000

SHA512
619278284c9c832b1002d588a855a5d46abe5a7d78c27246a1b0ec70a0d136ec9f4afb4c40d1d6d5b234cd76e20af7fce4610403bc328f8dd3c40a8bef9766e2

Download Submit
C:\Windows\system\zWHUaOK.exe

Filesize
6.0MB

MD5
8ddb21b9165610d967caf837d0ad3fe7

SHA1
c00b1f05ffbb232dc3c647a7be2eb6a253152cb1

SHA256
60a8865edaba7dce591a953490acfc06c892b231284fbb9f38c0f93773844a96

SHA512
b6721ee5bfa750e603a5246ba236587410e82ad184442c66986ed68c43cb5776597457147fd812a611c96299fdc76e8c65307f23400b7931aede06946b52edcb

Download Submit
\Windows\system\BltLohn.exe

Filesize
6.0MB

MD5
e8a89ec2c46614408a9de765117a7f04

SHA1
2d5281320b242257b30e15a3932ceb33240e1b92

SHA256
e68788d8405dfad82179ffb4e4195b80fcae9e069c59f2172aa8c273e2b5b41a

SHA512
a91a6f492d74f3b13cf607ed7c45c8d446103343c6e0a6efd708bb8890e17e665b28c28a116a2059f730d6d802621f3cb67c05a79e5049f1fdf1552c6a17abaa

Download Submit
\Windows\system\HVjBrPz.exe

Filesize
6.0MB

MD5
a06f25629a8373e5802f813d4d052bfe

SHA1
63aaffe55504f4f6bd528f82ab047f7e7bf7d8c3

SHA256
9fafd4a8867c6d70097c3a108a9bd0eb672e7b1b3170c5c0f2ed659dcff099c0

SHA512
af38cc23db04dfa950056314a4863bb0b439abbae0ed487b02d5c2156c4bf05addbf90834e297e364e2c8c34d3ecde29625d127e62dd1afb97759d4018baccda

Download Submit
\Windows\system\UFYXCAg.exe

Filesize
6.0MB

MD5
bfaa13916068d094d4ed0e826f8a6d3f

SHA1
00b170990bc0a944c7a0a569abce64f3e85b8708

SHA256
5472cad5a9da7c65adaf93f148353f768085380c62479a03630e4a7eb4c11b15

SHA512
232133b0720af4d31492da8982f7ae8553c081fe90bb6766f1660aaa8ff795d7384ba31ef9c35f06c8a967486da909abe50bd08d5c8f490e70cec934a94605b5

Download Submit
\Windows\system\XONmAuP.exe

Filesize
6.0MB

MD5
140c580e15490d69ddc4b13818ade308

SHA1
c247520d7e9b5f402844f38970772b0b91a98660

SHA256
85860096e01f0096db6f6369e2601c8ba2a7b79b605ded3775cd9f6f5bab21ef

SHA512
217e7d1ec8e63115e15cb9c8120fd751ba404a12aeb66eb441334661b851d412fac1586c5a3dcbbbb40300ad206e006a26d582002354fd7acac80e1d0ecc7d02

Download Submit
\Windows\system\atGZEFZ.exe

Filesize
6.0MB

MD5
fb2465f2409781540f349a838e5fe206

SHA1
08dafb36e16c17565c5a62e5f1d3c6e69f33a659

SHA256
5f96b7be6ed04513ef48c02c4884602e0e73c386aca71d268ce494287b9ab2c1

SHA512
dfe27e5c7e656dbc36b5edc5616b1e5445c03cc609f121cb90769c2f1b956f5f1f78f7fd126336033800392cceff914b09bab9eeaddfce448719c639022c528b

Download Submit
\Windows\system\bnUYrTY.exe

Filesize
6.0MB

MD5
e31b3a9d25d549bd0a81cff15295b0e0

SHA1
0b640db084784f16d65b77e605e297fb7aa6b699

SHA256
91c2789c28beac5f15f344ef14b1062da1177690ee807a45dd1f6f7cb5ce7405

SHA512
2a9944d98bf8272582ba1abbc435d8bb1e2477beef8354ddc8d8bb27476b181b8cf62e1524646ce5edfd4ee6e802a85fa050598ca07f13be861f9a570a2ee54e

Download Submit
\Windows\system\mmMrEJw.exe

Filesize
6.0MB

MD5
eb610e3ffd2406ecc7bb7dfdb7e5161a

SHA1
ab1c96360c2ca328f88bdecf560213b65c4f6329

SHA256
6c77756bf7f605ef23818fc1cc384be19ee3cd83ceee74fcebf73ed0bf506e7c

SHA512
38aed25327ae432cee3f717af598fb3bb3c9ec712482e062cb48341d744dcee8a4eac22781d99ed2861fc396cecf303e83f655a5a3ad028943958cc8565a4be6

Download Submit
memory/1624-72-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/1624-3971-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/1636-2250-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/1636-2289-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/1636-271-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1636-223-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/1636-196-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/1636-8-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/1636-191-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/1636-0-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/1636-2290-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/1636-2291-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1636-157-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/1636-1491-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/1636-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1636-14-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/1636-2276-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/1636-53-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/1636-2272-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/1636-60-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/1636-138-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/1636-1496-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/1636-67-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/1636-2292-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/1636-131-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/1636-2042-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/1636-272-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/1636-78-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2072-133-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2072-3969-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2160-85-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2160-3972-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2188-65-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2188-3973-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2264-195-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2264-3976-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2280-46-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-3968-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-3967-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-25-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-80-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2324-3975-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2552-3977-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2552-108-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-101-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3978-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2644-87-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3974-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-3979-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-121-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-3966-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-20-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-59-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/3052-3970-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download