cobaltstrike | 5b6352f9bbcdd6d1a5b14d0247985ebd59ba41f3ff56e48ba779e4cbdb813476

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

535fab3bb47a43d490b1404ee8aae4ec
SHA1

1cc2ec4ac65262cf601c136c544f6a10e4e60130
SHA256

5b6352f9bbcdd6d1a5b14d0247985ebd59ba41f3ff56e48ba779e4cbdb813476
SHA512

b660e836c8adb7d9a1aeab2138d9c4151b92073a5d11d4baaf9989ef1fee9067ea5fa03e6e665ce35cc8536d0489959c89115ff75731e69d0f5a10235ad4b504
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUA:T+q56utgpPF8u/7A

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012118-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015f96-11.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016009-10.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001613e-19.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016334-23.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000164db-26.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de8-42.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016eb8-46.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017403-66.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017400-63.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174c3-99.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-124.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c34-136.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f65-146.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e1-156.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-161.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001904c-151.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c44-141.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a2-131.dat	cobalt_reflective_dll
behavioral1/files/0x0015000000018676-116.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018696-122.dat	cobalt_reflective_dll
behavioral1/files/0x0038000000015dc0-107.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001757f-111.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a6-97.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001746a-95.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017488-86.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f3-58.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001707c-54.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016edb-50.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016de4-38.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001686c-35.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001659b-31.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2980-0-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012118-3.dat	xmrig
behavioral1/memory/2980-9-0x0000000002390000-0x00000000026E4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015f96-11.dat	xmrig
behavioral1/files/0x0009000000016009-10.dat	xmrig
behavioral1/files/0x000800000001613e-19.dat	xmrig
behavioral1/files/0x0007000000016334-23.dat	xmrig
behavioral1/files/0x00070000000164db-26.dat	xmrig
behavioral1/files/0x0006000000016de8-42.dat	xmrig
behavioral1/files/0x0006000000016eb8-46.dat	xmrig
behavioral1/files/0x0006000000017403-66.dat	xmrig
behavioral1/files/0x0006000000017400-63.dat	xmrig
behavioral1/files/0x00060000000174c3-99.dat	xmrig
behavioral1/files/0x0005000000018697-124.dat	xmrig
behavioral1/files/0x0006000000018c34-136.dat	xmrig
behavioral1/files/0x0006000000018f65-146.dat	xmrig
behavioral1/files/0x00060000000190e1-156.dat	xmrig
behavioral1/files/0x00050000000191d2-161.dat	xmrig
behavioral1/files/0x000600000001904c-151.dat	xmrig
behavioral1/files/0x0006000000018c44-141.dat	xmrig
behavioral1/files/0x00050000000187a2-131.dat	xmrig
behavioral1/files/0x0015000000018676-116.dat	xmrig
behavioral1/files/0x0005000000018696-122.dat	xmrig
behavioral1/files/0x0038000000015dc0-107.dat	xmrig
behavioral1/files/0x000600000001757f-111.dat	xmrig
behavioral1/files/0x00060000000174a6-97.dat	xmrig
behavioral1/files/0x000600000001746a-95.dat	xmrig
behavioral1/files/0x0006000000017488-86.dat	xmrig
behavioral1/files/0x00060000000173f3-58.dat	xmrig
behavioral1/files/0x000600000001707c-54.dat	xmrig
behavioral1/files/0x0006000000016edb-50.dat	xmrig
behavioral1/files/0x0007000000016de4-38.dat	xmrig
behavioral1/files/0x000900000001686c-35.dat	xmrig
behavioral1/files/0x000700000001659b-31.dat	xmrig
behavioral1/memory/2896-1520-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2612-1601-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2980-1609-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2884-1608-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/2980-1668-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2780-1665-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2824-1673-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2980-1676-0x0000000002390000-0x00000000026E4000-memory.dmp	xmrig
behavioral1/memory/2644-1677-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2620-1679-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2980-1681-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2980-1684-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2504-1682-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/808-1692-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/3048-1712-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2960-1709-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/704-1729-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2652-1731-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2712-1734-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2980-2480-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2980-2524-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2980-2546-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2980-2534-0x0000000002390000-0x00000000026E4000-memory.dmp	xmrig
behavioral1/memory/2504-3702-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2960-3706-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2712-3700-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/3048-3699-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/704-3698-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2780-3697-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2612-3704-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2652	zwuMveC.exe
2712	oeAELQP.exe
2896	hdfymHy.exe
2612	pRutvsX.exe
2884	WFiblgm.exe
2780	ZXvhHsN.exe
2824	ZvxSeDc.exe
2644	nheYTEM.exe
2620	zFRqybc.exe
2504	bLFmJyI.exe
808	jeNsSfy.exe
2960	hztIpLn.exe
3048	mekaMKG.exe
704	tHqZwGk.exe
2576	gEcyumC.exe
2812	KBEQkLU.exe
2972	xAZJoBu.exe
2868	rGfBZbN.exe
1660	jidYVjg.exe
596	teECUuC.exe
1776	SgnAnow.exe
1800	wguDqFQ.exe
2108	diEKyId.exe
1952	QXCVXMT.exe
1796	fjnLDZR.exe
3052	yOctMJP.exe
1828	FjMJqDw.exe
2912	xsWvVVP.exe
2424	cXPxkRU.exe
2200	neDgEPX.exe
1580	TORAzUS.exe
1988	PTpDSPk.exe
1316	hJyBpFV.exe
1864	rPTWiwX.exe
2280	lTnDtWU.exe
912	zKLhMkO.exe
992	DfXhxIJ.exe
2284	dNBsUeu.exe
572	twBjUxc.exe
1552	dxSVbbL.exe
1856	rqxbbAj.exe
1524	cePrRwD.exe
1036	UuBVoLD.exe
752	YjVNTEm.exe
784	vLnlqpD.exe
2044	OGwhiIl.exe
2436	feksEoT.exe
1372	WLxmFsE.exe
1932	GIqECSb.exe
612	mSivuak.exe
2444	vidalgZ.exe
880	pkeFgwm.exe
348	tcKMmzA.exe
1512	JqaPxAA.exe
2168	uhEXzFQ.exe
2120	xnRdPAt.exe
1600	blNedCx.exe
3064	INAaZFm.exe
2696	QUtSnkK.exe
2784	jNzfgzA.exe
2556	qkgXCcA.exe
2540	GLpPpvK.exe
2560	zVMkzae.exe
2808	qPgKGCC.exe

Loads dropped DLL 64 IoCs

pid	Process
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2980-0-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/files/0x0007000000012118-3.dat	upx
behavioral1/memory/2980-9-0x0000000002390000-0x00000000026E4000-memory.dmp	upx
behavioral1/files/0x0008000000015f96-11.dat	upx
behavioral1/files/0x0009000000016009-10.dat	upx
behavioral1/files/0x000800000001613e-19.dat	upx
behavioral1/files/0x0007000000016334-23.dat	upx
behavioral1/files/0x00070000000164db-26.dat	upx
behavioral1/files/0x0006000000016de8-42.dat	upx
behavioral1/files/0x0006000000016eb8-46.dat	upx
behavioral1/files/0x0006000000017403-66.dat	upx
behavioral1/files/0x0006000000017400-63.dat	upx
behavioral1/files/0x00060000000174c3-99.dat	upx
behavioral1/files/0x0005000000018697-124.dat	upx
behavioral1/files/0x0006000000018c34-136.dat	upx
behavioral1/files/0x0006000000018f65-146.dat	upx
behavioral1/files/0x00060000000190e1-156.dat	upx
behavioral1/files/0x00050000000191d2-161.dat	upx
behavioral1/files/0x000600000001904c-151.dat	upx
behavioral1/files/0x0006000000018c44-141.dat	upx
behavioral1/files/0x00050000000187a2-131.dat	upx
behavioral1/files/0x0015000000018676-116.dat	upx
behavioral1/files/0x0005000000018696-122.dat	upx
behavioral1/files/0x0038000000015dc0-107.dat	upx
behavioral1/files/0x000600000001757f-111.dat	upx
behavioral1/files/0x00060000000174a6-97.dat	upx
behavioral1/files/0x000600000001746a-95.dat	upx
behavioral1/files/0x0006000000017488-86.dat	upx
behavioral1/files/0x00060000000173f3-58.dat	upx
behavioral1/files/0x000600000001707c-54.dat	upx
behavioral1/files/0x0006000000016edb-50.dat	upx
behavioral1/files/0x0007000000016de4-38.dat	upx
behavioral1/files/0x000900000001686c-35.dat	upx
behavioral1/files/0x000700000001659b-31.dat	upx
behavioral1/memory/2896-1520-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2612-1601-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2884-1608-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/2780-1665-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2824-1673-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2644-1677-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2620-1679-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2504-1682-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/808-1692-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/3048-1712-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2960-1709-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/704-1729-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2652-1731-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2712-1734-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2980-2480-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2504-3702-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2960-3706-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2712-3700-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/3048-3699-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/704-3698-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2780-3697-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2612-3704-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/808-3707-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2644-3703-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2884-3708-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/2652-3709-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2824-3711-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2896-3714-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2620-3713-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\NQqtBSZ.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hdfymHy.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yJVfmHy.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nCKPCqw.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XutvshM.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UrZRgwl.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XRzdxhW.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mLUJoup.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tKCaOgq.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGMKGoU.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fHYdmrY.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aDJaewO.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rOqXZbT.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AWdvJZO.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QEqYYGZ.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aUOBWeA.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lICejht.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MCuNftq.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gRiCqAc.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HEMJqqY.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JehVWNN.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jOUfYQj.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BXPBlCO.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ESZzKVz.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pgZDPoa.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DrURAle.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GMoXImr.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VuxITgd.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\osJzOuE.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CpUeQBe.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tZtCqqa.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\holvkCO.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ALJGdJr.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qiouMzi.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nbSQrBw.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dueboWr.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZQppTOs.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dJsyfUD.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dfYuXfC.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SCOSENG.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vetCHhx.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mFxVmYb.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BMJUICP.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\enhTSzu.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ueaqhVk.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eCdaNMq.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fVkWnIu.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ioPzMQU.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ncafWmr.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qzsJVhB.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kTTCqDP.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aLoFrem.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RFOanmm.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RmWssDm.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lELiSeq.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eCCaLBj.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fBiXaFw.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZutokIb.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\djwoxKm.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MmrqlWJ.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CJMSzNl.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NiDCGrd.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tPvgZsK.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\buiogPJ.exe	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 2652	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2980 wrote to memory of 2652	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2980 wrote to memory of 2652	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2980 wrote to memory of 2712	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2980 wrote to memory of 2712	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2980 wrote to memory of 2712	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2980 wrote to memory of 2896	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2980 wrote to memory of 2896	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2980 wrote to memory of 2896	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2980 wrote to memory of 2612	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2980 wrote to memory of 2612	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2980 wrote to memory of 2612	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2980 wrote to memory of 2884	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2980 wrote to memory of 2884	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2980 wrote to memory of 2884	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2980 wrote to memory of 2780	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2980 wrote to memory of 2780	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2980 wrote to memory of 2780	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2980 wrote to memory of 2824	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2980 wrote to memory of 2824	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2980 wrote to memory of 2824	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2980 wrote to memory of 2644	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2980 wrote to memory of 2644	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2980 wrote to memory of 2644	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2980 wrote to memory of 2620	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2980 wrote to memory of 2620	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2980 wrote to memory of 2620	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2980 wrote to memory of 2504	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2980 wrote to memory of 2504	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2980 wrote to memory of 2504	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2980 wrote to memory of 808	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2980 wrote to memory of 808	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2980 wrote to memory of 808	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2980 wrote to memory of 2960	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2980 wrote to memory of 2960	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2980 wrote to memory of 2960	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2980 wrote to memory of 3048	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2980 wrote to memory of 3048	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2980 wrote to memory of 3048	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2980 wrote to memory of 704	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2980 wrote to memory of 704	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2980 wrote to memory of 704	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2980 wrote to memory of 2576	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2980 wrote to memory of 2576	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2980 wrote to memory of 2576	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2980 wrote to memory of 2812	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2980 wrote to memory of 2812	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2980 wrote to memory of 2812	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2980 wrote to memory of 2868	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2980 wrote to memory of 2868	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2980 wrote to memory of 2868	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2980 wrote to memory of 2972	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2980 wrote to memory of 2972	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2980 wrote to memory of 2972	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2980 wrote to memory of 1660	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2980 wrote to memory of 1660	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2980 wrote to memory of 1660	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2980 wrote to memory of 596	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2980 wrote to memory of 596	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2980 wrote to memory of 596	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2980 wrote to memory of 1776	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2980 wrote to memory of 1776	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2980 wrote to memory of 1776	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2980 wrote to memory of 1800	2980	2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_535fab3bb47a43d490b1404ee8aae4ec_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Windows\System\zwuMveC.exe
  C:\Windows\System\zwuMveC.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\oeAELQP.exe
  C:\Windows\System\oeAELQP.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\hdfymHy.exe
  C:\Windows\System\hdfymHy.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\pRutvsX.exe
  C:\Windows\System\pRutvsX.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\WFiblgm.exe
  C:\Windows\System\WFiblgm.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\ZXvhHsN.exe
  C:\Windows\System\ZXvhHsN.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\ZvxSeDc.exe
  C:\Windows\System\ZvxSeDc.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\nheYTEM.exe
  C:\Windows\System\nheYTEM.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\zFRqybc.exe
  C:\Windows\System\zFRqybc.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\bLFmJyI.exe
  C:\Windows\System\bLFmJyI.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\jeNsSfy.exe
  C:\Windows\System\jeNsSfy.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\hztIpLn.exe
  C:\Windows\System\hztIpLn.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\mekaMKG.exe
  C:\Windows\System\mekaMKG.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\tHqZwGk.exe
  C:\Windows\System\tHqZwGk.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\gEcyumC.exe
  C:\Windows\System\gEcyumC.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\KBEQkLU.exe
  C:\Windows\System\KBEQkLU.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\rGfBZbN.exe
  C:\Windows\System\rGfBZbN.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\xAZJoBu.exe
  C:\Windows\System\xAZJoBu.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\jidYVjg.exe
  C:\Windows\System\jidYVjg.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\teECUuC.exe
  C:\Windows\System\teECUuC.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\SgnAnow.exe
  C:\Windows\System\SgnAnow.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\wguDqFQ.exe
  C:\Windows\System\wguDqFQ.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\diEKyId.exe
  C:\Windows\System\diEKyId.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\QXCVXMT.exe
  C:\Windows\System\QXCVXMT.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\fjnLDZR.exe
  C:\Windows\System\fjnLDZR.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\yOctMJP.exe
  C:\Windows\System\yOctMJP.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\FjMJqDw.exe
  C:\Windows\System\FjMJqDw.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\xsWvVVP.exe
  C:\Windows\System\xsWvVVP.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\cXPxkRU.exe
  C:\Windows\System\cXPxkRU.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\neDgEPX.exe
  C:\Windows\System\neDgEPX.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\TORAzUS.exe
  C:\Windows\System\TORAzUS.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\PTpDSPk.exe
  C:\Windows\System\PTpDSPk.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\hJyBpFV.exe
  C:\Windows\System\hJyBpFV.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\rPTWiwX.exe
  C:\Windows\System\rPTWiwX.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\lTnDtWU.exe
  C:\Windows\System\lTnDtWU.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\zKLhMkO.exe
  C:\Windows\System\zKLhMkO.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\DfXhxIJ.exe
  C:\Windows\System\DfXhxIJ.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\dNBsUeu.exe
  C:\Windows\System\dNBsUeu.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\twBjUxc.exe
  C:\Windows\System\twBjUxc.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\dxSVbbL.exe
  C:\Windows\System\dxSVbbL.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\rqxbbAj.exe
  C:\Windows\System\rqxbbAj.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\cePrRwD.exe
  C:\Windows\System\cePrRwD.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\UuBVoLD.exe
  C:\Windows\System\UuBVoLD.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\YjVNTEm.exe
  C:\Windows\System\YjVNTEm.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\vLnlqpD.exe
  C:\Windows\System\vLnlqpD.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\OGwhiIl.exe
  C:\Windows\System\OGwhiIl.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\feksEoT.exe
  C:\Windows\System\feksEoT.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\WLxmFsE.exe
  C:\Windows\System\WLxmFsE.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\GIqECSb.exe
  C:\Windows\System\GIqECSb.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\mSivuak.exe
  C:\Windows\System\mSivuak.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\vidalgZ.exe
  C:\Windows\System\vidalgZ.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\pkeFgwm.exe
  C:\Windows\System\pkeFgwm.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\tcKMmzA.exe
  C:\Windows\System\tcKMmzA.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\JqaPxAA.exe
  C:\Windows\System\JqaPxAA.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\uhEXzFQ.exe
  C:\Windows\System\uhEXzFQ.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\xnRdPAt.exe
  C:\Windows\System\xnRdPAt.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\blNedCx.exe
  C:\Windows\System\blNedCx.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\INAaZFm.exe
  C:\Windows\System\INAaZFm.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\QUtSnkK.exe
  C:\Windows\System\QUtSnkK.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\jNzfgzA.exe
  C:\Windows\System\jNzfgzA.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\qkgXCcA.exe
  C:\Windows\System\qkgXCcA.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\GLpPpvK.exe
  C:\Windows\System\GLpPpvK.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\zVMkzae.exe
  C:\Windows\System\zVMkzae.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\qPgKGCC.exe
  C:\Windows\System\qPgKGCC.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\XoxHRGr.exe
  C:\Windows\System\XoxHRGr.exe
  2⤵
  PID:2856
- C:\Windows\System\XakpVvk.exe
  C:\Windows\System\XakpVvk.exe
  2⤵
  PID:2600
- C:\Windows\System\vbGgUrS.exe
  C:\Windows\System\vbGgUrS.exe
  2⤵
  PID:2976
- C:\Windows\System\YsJevqQ.exe
  C:\Windows\System\YsJevqQ.exe
  2⤵
  PID:1484
- C:\Windows\System\NXQTdWY.exe
  C:\Windows\System\NXQTdWY.exe
  2⤵
  PID:1532
- C:\Windows\System\UQyTDPn.exe
  C:\Windows\System\UQyTDPn.exe
  2⤵
  PID:676
- C:\Windows\System\DJwLrEN.exe
  C:\Windows\System\DJwLrEN.exe
  2⤵
  PID:1764
- C:\Windows\System\LFSZBmC.exe
  C:\Windows\System\LFSZBmC.exe
  2⤵
  PID:2104
- C:\Windows\System\ANTxOvF.exe
  C:\Windows\System\ANTxOvF.exe
  2⤵
  PID:892
- C:\Windows\System\zXlpiOs.exe
  C:\Windows\System\zXlpiOs.exe
  2⤵
  PID:2232
- C:\Windows\System\DGHCaNU.exe
  C:\Windows\System\DGHCaNU.exe
  2⤵
  PID:2236
- C:\Windows\System\QLsKRDX.exe
  C:\Windows\System\QLsKRDX.exe
  2⤵
  PID:2548
- C:\Windows\System\RFEdxBV.exe
  C:\Windows\System\RFEdxBV.exe
  2⤵
  PID:580
- C:\Windows\System\jKjxUdl.exe
  C:\Windows\System\jKjxUdl.exe
  2⤵
  PID:2460
- C:\Windows\System\MAlFSdZ.exe
  C:\Windows\System\MAlFSdZ.exe
  2⤵
  PID:2484
- C:\Windows\System\tkRObRG.exe
  C:\Windows\System\tkRObRG.exe
  2⤵
  PID:1044
- C:\Windows\System\sxmafhK.exe
  C:\Windows\System\sxmafhK.exe
  2⤵
  PID:2324
- C:\Windows\System\vDwszcx.exe
  C:\Windows\System\vDwszcx.exe
  2⤵
  PID:1352
- C:\Windows\System\TZdTbZU.exe
  C:\Windows\System\TZdTbZU.exe
  2⤵
  PID:1528
- C:\Windows\System\zFqXtNd.exe
  C:\Windows\System\zFqXtNd.exe
  2⤵
  PID:1028
- C:\Windows\System\zIsufNT.exe
  C:\Windows\System\zIsufNT.exe
  2⤵
  PID:1640
- C:\Windows\System\UPZqsDZ.exe
  C:\Windows\System\UPZqsDZ.exe
  2⤵
  PID:2264
- C:\Windows\System\InliyZH.exe
  C:\Windows\System\InliyZH.exe
  2⤵
  PID:2408
- C:\Windows\System\MVybvab.exe
  C:\Windows\System\MVybvab.exe
  2⤵
  PID:2340
- C:\Windows\System\ZTDpXBv.exe
  C:\Windows\System\ZTDpXBv.exe
  2⤵
  PID:1544
- C:\Windows\System\HywCnix.exe
  C:\Windows\System\HywCnix.exe
  2⤵
  PID:1804
- C:\Windows\System\lTBuxxl.exe
  C:\Windows\System\lTBuxxl.exe
  2⤵
  PID:2208
- C:\Windows\System\ecqYWsc.exe
  C:\Windows\System\ecqYWsc.exe
  2⤵
  PID:2788
- C:\Windows\System\JBKJHoJ.exe
  C:\Windows\System\JBKJHoJ.exe
  2⤵
  PID:2076
- C:\Windows\System\DseDwxr.exe
  C:\Windows\System\DseDwxr.exe
  2⤵
  PID:2636
- C:\Windows\System\XAPxyeQ.exe
  C:\Windows\System\XAPxyeQ.exe
  2⤵
  PID:3016
- C:\Windows\System\NYRepjP.exe
  C:\Windows\System\NYRepjP.exe
  2⤵
  PID:2984
- C:\Windows\System\RBDCvEz.exe
  C:\Windows\System\RBDCvEz.exe
  2⤵
  PID:2596
- C:\Windows\System\irktFdq.exe
  C:\Windows\System\irktFdq.exe
  2⤵
  PID:1652
- C:\Windows\System\gpLvgTO.exe
  C:\Windows\System\gpLvgTO.exe
  2⤵
  PID:1560
- C:\Windows\System\tUmAYWs.exe
  C:\Windows\System\tUmAYWs.exe
  2⤵
  PID:1296
- C:\Windows\System\vHftExD.exe
  C:\Windows\System\vHftExD.exe
  2⤵
  PID:1272
- C:\Windows\System\vYnuDdt.exe
  C:\Windows\System\vYnuDdt.exe
  2⤵
  PID:2344
- C:\Windows\System\fuWAjQr.exe
  C:\Windows\System\fuWAjQr.exe
  2⤵
  PID:2112
- C:\Windows\System\uIXIOun.exe
  C:\Windows\System\uIXIOun.exe
  2⤵
  PID:1136
- C:\Windows\System\lvFhghH.exe
  C:\Windows\System\lvFhghH.exe
  2⤵
  PID:2452
- C:\Windows\System\mXqxgXH.exe
  C:\Windows\System\mXqxgXH.exe
  2⤵
  PID:1996
- C:\Windows\System\yXRTTUl.exe
  C:\Windows\System\yXRTTUl.exe
  2⤵
  PID:2276
- C:\Windows\System\QAJONih.exe
  C:\Windows\System\QAJONih.exe
  2⤵
  PID:1000
- C:\Windows\System\BtkOBts.exe
  C:\Windows\System\BtkOBts.exe
  2⤵
  PID:2396
- C:\Windows\System\RGUAIoA.exe
  C:\Windows\System\RGUAIoA.exe
  2⤵
  PID:1204
- C:\Windows\System\OFAosbu.exe
  C:\Windows\System\OFAosbu.exe
  2⤵
  PID:1844
- C:\Windows\System\zwEYSBS.exe
  C:\Windows\System\zwEYSBS.exe
  2⤵
  PID:1188
- C:\Windows\System\vetCHhx.exe
  C:\Windows\System\vetCHhx.exe
  2⤵
  PID:2664
- C:\Windows\System\AAXsPmQ.exe
  C:\Windows\System\AAXsPmQ.exe
  2⤵
  PID:2608
- C:\Windows\System\fgGTECu.exe
  C:\Windows\System\fgGTECu.exe
  2⤵
  PID:2516
- C:\Windows\System\iKnjNjN.exe
  C:\Windows\System\iKnjNjN.exe
  2⤵
  PID:2680
- C:\Windows\System\AWFpWKf.exe
  C:\Windows\System\AWFpWKf.exe
  2⤵
  PID:268
- C:\Windows\System\MfiUTeO.exe
  C:\Windows\System\MfiUTeO.exe
  2⤵
  PID:2036
- C:\Windows\System\qHfHxMA.exe
  C:\Windows\System\qHfHxMA.exe
  2⤵
  PID:1736
- C:\Windows\System\BmpuAym.exe
  C:\Windows\System\BmpuAym.exe
  2⤵
  PID:932
- C:\Windows\System\CNbrSEJ.exe
  C:\Windows\System\CNbrSEJ.exe
  2⤵
  PID:980
- C:\Windows\System\XjCnjIs.exe
  C:\Windows\System\XjCnjIs.exe
  2⤵
  PID:2204
- C:\Windows\System\NBZTcGq.exe
  C:\Windows\System\NBZTcGq.exe
  2⤵
  PID:2428
- C:\Windows\System\RtprLML.exe
  C:\Windows\System\RtprLML.exe
  2⤵
  PID:1004
- C:\Windows\System\wagqecm.exe
  C:\Windows\System\wagqecm.exe
  2⤵
  PID:888
- C:\Windows\System\zCitXrV.exe
  C:\Windows\System\zCitXrV.exe
  2⤵
  PID:1812
- C:\Windows\System\qaGyCYQ.exe
  C:\Windows\System\qaGyCYQ.exe
  2⤵
  PID:2852
- C:\Windows\System\BKGtklM.exe
  C:\Windows\System\BKGtklM.exe
  2⤵
  PID:2004
- C:\Windows\System\CvelwBi.exe
  C:\Windows\System\CvelwBi.exe
  2⤵
  PID:2272
- C:\Windows\System\TNJCNtg.exe
  C:\Windows\System\TNJCNtg.exe
  2⤵
  PID:864
- C:\Windows\System\WZOHphq.exe
  C:\Windows\System\WZOHphq.exe
  2⤵
  PID:3084
- C:\Windows\System\qZnuXIj.exe
  C:\Windows\System\qZnuXIj.exe
  2⤵
  PID:3108
- C:\Windows\System\ntoXTOR.exe
  C:\Windows\System\ntoXTOR.exe
  2⤵
  PID:3128
- C:\Windows\System\maEneqe.exe
  C:\Windows\System\maEneqe.exe
  2⤵
  PID:3148
- C:\Windows\System\jMaXDtj.exe
  C:\Windows\System\jMaXDtj.exe
  2⤵
  PID:3168
- C:\Windows\System\kAHWmuW.exe
  C:\Windows\System\kAHWmuW.exe
  2⤵
  PID:3188
- C:\Windows\System\mktnRSr.exe
  C:\Windows\System\mktnRSr.exe
  2⤵
  PID:3208
- C:\Windows\System\kLGocTL.exe
  C:\Windows\System\kLGocTL.exe
  2⤵
  PID:3228
- C:\Windows\System\qpFAYMV.exe
  C:\Windows\System\qpFAYMV.exe
  2⤵
  PID:3248
- C:\Windows\System\KdpDqOV.exe
  C:\Windows\System\KdpDqOV.exe
  2⤵
  PID:3268
- C:\Windows\System\AIFUkyr.exe
  C:\Windows\System\AIFUkyr.exe
  2⤵
  PID:3288
- C:\Windows\System\XbgIAja.exe
  C:\Windows\System\XbgIAja.exe
  2⤵
  PID:3308
- C:\Windows\System\NVBqeIY.exe
  C:\Windows\System\NVBqeIY.exe
  2⤵
  PID:3328
- C:\Windows\System\APHMPgr.exe
  C:\Windows\System\APHMPgr.exe
  2⤵
  PID:3348
- C:\Windows\System\HOJmYII.exe
  C:\Windows\System\HOJmYII.exe
  2⤵
  PID:3368
- C:\Windows\System\CdJHJkz.exe
  C:\Windows\System\CdJHJkz.exe
  2⤵
  PID:3388
- C:\Windows\System\rHHSfor.exe
  C:\Windows\System\rHHSfor.exe
  2⤵
  PID:3408
- C:\Windows\System\PqTuaQp.exe
  C:\Windows\System\PqTuaQp.exe
  2⤵
  PID:3428
- C:\Windows\System\sUFTSvl.exe
  C:\Windows\System\sUFTSvl.exe
  2⤵
  PID:3448
- C:\Windows\System\WPYcrVr.exe
  C:\Windows\System\WPYcrVr.exe
  2⤵
  PID:3468
- C:\Windows\System\JyhBrGx.exe
  C:\Windows\System\JyhBrGx.exe
  2⤵
  PID:3488
- C:\Windows\System\UUnSVdG.exe
  C:\Windows\System\UUnSVdG.exe
  2⤵
  PID:3504
- C:\Windows\System\OsaFvcV.exe
  C:\Windows\System\OsaFvcV.exe
  2⤵
  PID:3528
- C:\Windows\System\XlJJMsn.exe
  C:\Windows\System\XlJJMsn.exe
  2⤵
  PID:3544
- C:\Windows\System\VOJzlVt.exe
  C:\Windows\System\VOJzlVt.exe
  2⤵
  PID:3568
- C:\Windows\System\JZJUTMm.exe
  C:\Windows\System\JZJUTMm.exe
  2⤵
  PID:3584
- C:\Windows\System\fnmHDwN.exe
  C:\Windows\System\fnmHDwN.exe
  2⤵
  PID:3608
- C:\Windows\System\hZpAwLt.exe
  C:\Windows\System\hZpAwLt.exe
  2⤵
  PID:3628
- C:\Windows\System\lgUUlov.exe
  C:\Windows\System\lgUUlov.exe
  2⤵
  PID:3648
- C:\Windows\System\CFJxupV.exe
  C:\Windows\System\CFJxupV.exe
  2⤵
  PID:3668
- C:\Windows\System\CeBVKDP.exe
  C:\Windows\System\CeBVKDP.exe
  2⤵
  PID:3688
- C:\Windows\System\CiSsyHE.exe
  C:\Windows\System\CiSsyHE.exe
  2⤵
  PID:3708
- C:\Windows\System\rqTYxdW.exe
  C:\Windows\System\rqTYxdW.exe
  2⤵
  PID:3728
- C:\Windows\System\KXnJIkL.exe
  C:\Windows\System\KXnJIkL.exe
  2⤵
  PID:3748
- C:\Windows\System\UfxiWcU.exe
  C:\Windows\System\UfxiWcU.exe
  2⤵
  PID:3772
- C:\Windows\System\jJMAXgF.exe
  C:\Windows\System\jJMAXgF.exe
  2⤵
  PID:3792
- C:\Windows\System\cXFfNDg.exe
  C:\Windows\System\cXFfNDg.exe
  2⤵
  PID:3812
- C:\Windows\System\OIRvUWp.exe
  C:\Windows\System\OIRvUWp.exe
  2⤵
  PID:3832
- C:\Windows\System\YCVCWrn.exe
  C:\Windows\System\YCVCWrn.exe
  2⤵
  PID:3852
- C:\Windows\System\dVNIqbd.exe
  C:\Windows\System\dVNIqbd.exe
  2⤵
  PID:3872
- C:\Windows\System\gYbJQye.exe
  C:\Windows\System\gYbJQye.exe
  2⤵
  PID:3892
- C:\Windows\System\WbYHkTu.exe
  C:\Windows\System\WbYHkTu.exe
  2⤵
  PID:3912
- C:\Windows\System\kQhDhWX.exe
  C:\Windows\System\kQhDhWX.exe
  2⤵
  PID:3932
- C:\Windows\System\mrGCqcg.exe
  C:\Windows\System\mrGCqcg.exe
  2⤵
  PID:3952
- C:\Windows\System\DFUzUiC.exe
  C:\Windows\System\DFUzUiC.exe
  2⤵
  PID:3972
- C:\Windows\System\ZlFnCjW.exe
  C:\Windows\System\ZlFnCjW.exe
  2⤵
  PID:3992
- C:\Windows\System\lpSLFzX.exe
  C:\Windows\System\lpSLFzX.exe
  2⤵
  PID:4012
- C:\Windows\System\XyklqTk.exe
  C:\Windows\System\XyklqTk.exe
  2⤵
  PID:4032
- C:\Windows\System\ruEooeb.exe
  C:\Windows\System\ruEooeb.exe
  2⤵
  PID:4052
- C:\Windows\System\KuQYWRR.exe
  C:\Windows\System\KuQYWRR.exe
  2⤵
  PID:4072
- C:\Windows\System\DQJUgzQ.exe
  C:\Windows\System\DQJUgzQ.exe
  2⤵
  PID:4092
- C:\Windows\System\RmcLqHJ.exe
  C:\Windows\System\RmcLqHJ.exe
  2⤵
  PID:1816
- C:\Windows\System\tvABwDJ.exe
  C:\Windows\System\tvABwDJ.exe
  2⤵
  PID:2268
- C:\Windows\System\hQzXDGq.exe
  C:\Windows\System\hQzXDGq.exe
  2⤵
  PID:1708
- C:\Windows\System\UQATsRy.exe
  C:\Windows\System\UQATsRy.exe
  2⤵
  PID:2136
- C:\Windows\System\lMaeoZl.exe
  C:\Windows\System\lMaeoZl.exe
  2⤵
  PID:2840
- C:\Windows\System\fmzhAZK.exe
  C:\Windows\System\fmzhAZK.exe
  2⤵
  PID:3080
- C:\Windows\System\pciKSWM.exe
  C:\Windows\System\pciKSWM.exe
  2⤵
  PID:3120
- C:\Windows\System\irBOrRI.exe
  C:\Windows\System\irBOrRI.exe
  2⤵
  PID:3164
- C:\Windows\System\BTTmhXO.exe
  C:\Windows\System\BTTmhXO.exe
  2⤵
  PID:3180
- C:\Windows\System\AIvjlSA.exe
  C:\Windows\System\AIvjlSA.exe
  2⤵
  PID:3216
- C:\Windows\System\lNmdQCt.exe
  C:\Windows\System\lNmdQCt.exe
  2⤵
  PID:3220
- C:\Windows\System\PHjmKsa.exe
  C:\Windows\System\PHjmKsa.exe
  2⤵
  PID:3284
- C:\Windows\System\iIswkPM.exe
  C:\Windows\System\iIswkPM.exe
  2⤵
  PID:3304
- C:\Windows\System\WubybYQ.exe
  C:\Windows\System\WubybYQ.exe
  2⤵
  PID:3356
- C:\Windows\System\CboFXRT.exe
  C:\Windows\System\CboFXRT.exe
  2⤵
  PID:3380
- C:\Windows\System\XSMNvzi.exe
  C:\Windows\System\XSMNvzi.exe
  2⤵
  PID:3384
- C:\Windows\System\dlZpKQy.exe
  C:\Windows\System\dlZpKQy.exe
  2⤵
  PID:3440
- C:\Windows\System\ENAaMNq.exe
  C:\Windows\System\ENAaMNq.exe
  2⤵
  PID:3456
- C:\Windows\System\VDGrkvW.exe
  C:\Windows\System\VDGrkvW.exe
  2⤵
  PID:3524
- C:\Windows\System\fMxrhav.exe
  C:\Windows\System\fMxrhav.exe
  2⤵
  PID:3500
- C:\Windows\System\NOcbZTF.exe
  C:\Windows\System\NOcbZTF.exe
  2⤵
  PID:3592
- C:\Windows\System\GkFTgmi.exe
  C:\Windows\System\GkFTgmi.exe
  2⤵
  PID:3580
- C:\Windows\System\ldGmXBX.exe
  C:\Windows\System\ldGmXBX.exe
  2⤵
  PID:3620
- C:\Windows\System\ySUsiAB.exe
  C:\Windows\System\ySUsiAB.exe
  2⤵
  PID:3664
- C:\Windows\System\pSFZkgd.exe
  C:\Windows\System\pSFZkgd.exe
  2⤵
  PID:3696
- C:\Windows\System\pgViWvZ.exe
  C:\Windows\System\pgViWvZ.exe
  2⤵
  PID:3768
- C:\Windows\System\oqTnmyH.exe
  C:\Windows\System\oqTnmyH.exe
  2⤵
  PID:3800
- C:\Windows\System\QcSUONX.exe
  C:\Windows\System\QcSUONX.exe
  2⤵
  PID:3844
- C:\Windows\System\gLjjxuY.exe
  C:\Windows\System\gLjjxuY.exe
  2⤵
  PID:3824
- C:\Windows\System\bllJdRR.exe
  C:\Windows\System\bllJdRR.exe
  2⤵
  PID:3864
- C:\Windows\System\iUOALmG.exe
  C:\Windows\System\iUOALmG.exe
  2⤵
  PID:3960
- C:\Windows\System\dfYuXfC.exe
  C:\Windows\System\dfYuXfC.exe
  2⤵
  PID:3908
- C:\Windows\System\yFJMpmP.exe
  C:\Windows\System\yFJMpmP.exe
  2⤵
  PID:4008
- C:\Windows\System\FmoegCt.exe
  C:\Windows\System\FmoegCt.exe
  2⤵
  PID:4040
- C:\Windows\System\EdpuNtn.exe
  C:\Windows\System\EdpuNtn.exe
  2⤵
  PID:4024
- C:\Windows\System\EUNMKnR.exe
  C:\Windows\System\EUNMKnR.exe
  2⤵
  PID:4068
- C:\Windows\System\kgMDPrI.exe
  C:\Windows\System\kgMDPrI.exe
  2⤵
  PID:2244
- C:\Windows\System\FpxdcPp.exe
  C:\Windows\System\FpxdcPp.exe
  2⤵
  PID:2496
- C:\Windows\System\xUoGMCB.exe
  C:\Windows\System\xUoGMCB.exe
  2⤵
  PID:2916
- C:\Windows\System\VgEMWud.exe
  C:\Windows\System\VgEMWud.exe
  2⤵
  PID:3136
- C:\Windows\System\hjLgckQ.exe
  C:\Windows\System\hjLgckQ.exe
  2⤵
  PID:3116
- C:\Windows\System\xmdWcdH.exe
  C:\Windows\System\xmdWcdH.exe
  2⤵
  PID:3176
- C:\Windows\System\sNLJmRu.exe
  C:\Windows\System\sNLJmRu.exe
  2⤵
  PID:3264
- C:\Windows\System\elVHgKr.exe
  C:\Windows\System\elVHgKr.exe
  2⤵
  PID:3344
- C:\Windows\System\BdhgRKo.exe
  C:\Windows\System\BdhgRKo.exe
  2⤵
  PID:3100
- C:\Windows\System\SLRCZJW.exe
  C:\Windows\System\SLRCZJW.exe
  2⤵
  PID:3744
- C:\Windows\System\dwMlstc.exe
  C:\Windows\System\dwMlstc.exe
  2⤵
  PID:3444
- C:\Windows\System\KKQctMb.exe
  C:\Windows\System\KKQctMb.exe
  2⤵
  PID:3496
- C:\Windows\System\qXNYPaG.exe
  C:\Windows\System\qXNYPaG.exe
  2⤵
  PID:3576
- C:\Windows\System\LNEJcNy.exe
  C:\Windows\System\LNEJcNy.exe
  2⤵
  PID:3680
- C:\Windows\System\jOUfYQj.exe
  C:\Windows\System\jOUfYQj.exe
  2⤵
  PID:3716
- C:\Windows\System\yLLZwbp.exe
  C:\Windows\System\yLLZwbp.exe
  2⤵
  PID:3724
- C:\Windows\System\QuuECRi.exe
  C:\Windows\System\QuuECRi.exe
  2⤵
  PID:3736
- C:\Windows\System\iFtcEOm.exe
  C:\Windows\System\iFtcEOm.exe
  2⤵
  PID:3884
- C:\Windows\System\CbjWnob.exe
  C:\Windows\System\CbjWnob.exe
  2⤵
  PID:3920
- C:\Windows\System\PFopnNa.exe
  C:\Windows\System\PFopnNa.exe
  2⤵
  PID:3988
- C:\Windows\System\BaEackF.exe
  C:\Windows\System\BaEackF.exe
  2⤵
  PID:4000
- C:\Windows\System\mzPIQMw.exe
  C:\Windows\System\mzPIQMw.exe
  2⤵
  PID:4080
- C:\Windows\System\qiouMzi.exe
  C:\Windows\System\qiouMzi.exe
  2⤵
  PID:2000
- C:\Windows\System\lrjjLkT.exe
  C:\Windows\System\lrjjLkT.exe
  2⤵
  PID:2536
- C:\Windows\System\GUSHCKy.exe
  C:\Windows\System\GUSHCKy.exe
  2⤵
  PID:3124
- C:\Windows\System\HICiDkz.exe
  C:\Windows\System\HICiDkz.exe
  2⤵
  PID:3320
- C:\Windows\System\fjzkTvD.exe
  C:\Windows\System\fjzkTvD.exe
  2⤵
  PID:3376
- C:\Windows\System\WtaPgKh.exe
  C:\Windows\System\WtaPgKh.exe
  2⤵
  PID:3464
- C:\Windows\System\oPpExkp.exe
  C:\Windows\System\oPpExkp.exe
  2⤵
  PID:3424
- C:\Windows\System\FkpxDZn.exe
  C:\Windows\System\FkpxDZn.exe
  2⤵
  PID:3556
- C:\Windows\System\pdhyIzR.exe
  C:\Windows\System\pdhyIzR.exe
  2⤵
  PID:3756
- C:\Windows\System\HIsNCac.exe
  C:\Windows\System\HIsNCac.exe
  2⤵
  PID:3860
- C:\Windows\System\EVzdCXW.exe
  C:\Windows\System\EVzdCXW.exe
  2⤵
  PID:3924
- C:\Windows\System\lGizWpR.exe
  C:\Windows\System\lGizWpR.exe
  2⤵
  PID:3904
- C:\Windows\System\LDWfFOx.exe
  C:\Windows\System\LDWfFOx.exe
  2⤵
  PID:3948
- C:\Windows\System\YsDqrLg.exe
  C:\Windows\System\YsDqrLg.exe
  2⤵
  PID:2924
- C:\Windows\System\KmexTHf.exe
  C:\Windows\System\KmexTHf.exe
  2⤵
  PID:4104
- C:\Windows\System\bgWSUXE.exe
  C:\Windows\System\bgWSUXE.exe
  2⤵
  PID:4124
- C:\Windows\System\ErmhCNi.exe
  C:\Windows\System\ErmhCNi.exe
  2⤵
  PID:4144
- C:\Windows\System\SImVZSn.exe
  C:\Windows\System\SImVZSn.exe
  2⤵
  PID:4164
- C:\Windows\System\aHwagsC.exe
  C:\Windows\System\aHwagsC.exe
  2⤵
  PID:4184
- C:\Windows\System\VPdmLlN.exe
  C:\Windows\System\VPdmLlN.exe
  2⤵
  PID:4204
- C:\Windows\System\QLgiMqT.exe
  C:\Windows\System\QLgiMqT.exe
  2⤵
  PID:4224
- C:\Windows\System\CrtXiCJ.exe
  C:\Windows\System\CrtXiCJ.exe
  2⤵
  PID:4244
- C:\Windows\System\aWtXWeP.exe
  C:\Windows\System\aWtXWeP.exe
  2⤵
  PID:4260
- C:\Windows\System\YEUXVNr.exe
  C:\Windows\System\YEUXVNr.exe
  2⤵
  PID:4284
- C:\Windows\System\GiSihiy.exe
  C:\Windows\System\GiSihiy.exe
  2⤵
  PID:4300
- C:\Windows\System\SJBqlAv.exe
  C:\Windows\System\SJBqlAv.exe
  2⤵
  PID:4324
- C:\Windows\System\OZLXksO.exe
  C:\Windows\System\OZLXksO.exe
  2⤵
  PID:4344
- C:\Windows\System\urmurJZ.exe
  C:\Windows\System\urmurJZ.exe
  2⤵
  PID:4364
- C:\Windows\System\uOmQcjn.exe
  C:\Windows\System\uOmQcjn.exe
  2⤵
  PID:4384
- C:\Windows\System\JXXYpYl.exe
  C:\Windows\System\JXXYpYl.exe
  2⤵
  PID:4404
- C:\Windows\System\GWgdMCh.exe
  C:\Windows\System\GWgdMCh.exe
  2⤵
  PID:4424
- C:\Windows\System\PFDpidX.exe
  C:\Windows\System\PFDpidX.exe
  2⤵
  PID:4444
- C:\Windows\System\AcUnvYu.exe
  C:\Windows\System\AcUnvYu.exe
  2⤵
  PID:4468
- C:\Windows\System\gYDxDfL.exe
  C:\Windows\System\gYDxDfL.exe
  2⤵
  PID:4488
- C:\Windows\System\HxWffyM.exe
  C:\Windows\System\HxWffyM.exe
  2⤵
  PID:4508
- C:\Windows\System\vbAxpPr.exe
  C:\Windows\System\vbAxpPr.exe
  2⤵
  PID:4528
- C:\Windows\System\KRlNkQw.exe
  C:\Windows\System\KRlNkQw.exe
  2⤵
  PID:4548
- C:\Windows\System\eeoJmBa.exe
  C:\Windows\System\eeoJmBa.exe
  2⤵
  PID:4568
- C:\Windows\System\cViLcTD.exe
  C:\Windows\System\cViLcTD.exe
  2⤵
  PID:4588
- C:\Windows\System\CcnCAOJ.exe
  C:\Windows\System\CcnCAOJ.exe
  2⤵
  PID:4608
- C:\Windows\System\gDUKELQ.exe
  C:\Windows\System\gDUKELQ.exe
  2⤵
  PID:4624
- C:\Windows\System\IdemmBN.exe
  C:\Windows\System\IdemmBN.exe
  2⤵
  PID:4648
- C:\Windows\System\NLDzYhH.exe
  C:\Windows\System\NLDzYhH.exe
  2⤵
  PID:4668
- C:\Windows\System\JnCLNDn.exe
  C:\Windows\System\JnCLNDn.exe
  2⤵
  PID:4688
- C:\Windows\System\UtdLJxF.exe
  C:\Windows\System\UtdLJxF.exe
  2⤵
  PID:4708
- C:\Windows\System\LwiLPlD.exe
  C:\Windows\System\LwiLPlD.exe
  2⤵
  PID:4728
- C:\Windows\System\nGcaguo.exe
  C:\Windows\System\nGcaguo.exe
  2⤵
  PID:4748
- C:\Windows\System\AZASHXQ.exe
  C:\Windows\System\AZASHXQ.exe
  2⤵
  PID:4768
- C:\Windows\System\KOSOniq.exe
  C:\Windows\System\KOSOniq.exe
  2⤵
  PID:4788
- C:\Windows\System\gZsUPsB.exe
  C:\Windows\System\gZsUPsB.exe
  2⤵
  PID:4808
- C:\Windows\System\JnNFPDI.exe
  C:\Windows\System\JnNFPDI.exe
  2⤵
  PID:4828
- C:\Windows\System\xIkEGzR.exe
  C:\Windows\System\xIkEGzR.exe
  2⤵
  PID:4848
- C:\Windows\System\qLvXBdR.exe
  C:\Windows\System\qLvXBdR.exe
  2⤵
  PID:4868
- C:\Windows\System\jFIqmay.exe
  C:\Windows\System\jFIqmay.exe
  2⤵
  PID:4888
- C:\Windows\System\uLciTIg.exe
  C:\Windows\System\uLciTIg.exe
  2⤵
  PID:4908
- C:\Windows\System\MIqBrrF.exe
  C:\Windows\System\MIqBrrF.exe
  2⤵
  PID:4928
- C:\Windows\System\sdUrqYD.exe
  C:\Windows\System\sdUrqYD.exe
  2⤵
  PID:4948
- C:\Windows\System\WpkEuQg.exe
  C:\Windows\System\WpkEuQg.exe
  2⤵
  PID:4968
- C:\Windows\System\DiHJghP.exe
  C:\Windows\System\DiHJghP.exe
  2⤵
  PID:4988
- C:\Windows\System\AtlQVMZ.exe
  C:\Windows\System\AtlQVMZ.exe
  2⤵
  PID:5008
- C:\Windows\System\ZlsfqEZ.exe
  C:\Windows\System\ZlsfqEZ.exe
  2⤵
  PID:5028
- C:\Windows\System\mbIkAKk.exe
  C:\Windows\System\mbIkAKk.exe
  2⤵
  PID:5048
- C:\Windows\System\DvhlanQ.exe
  C:\Windows\System\DvhlanQ.exe
  2⤵
  PID:5068
- C:\Windows\System\fjBNISG.exe
  C:\Windows\System\fjBNISG.exe
  2⤵
  PID:5088
- C:\Windows\System\gePeQxN.exe
  C:\Windows\System\gePeQxN.exe
  2⤵
  PID:5108
- C:\Windows\System\sJbNYtc.exe
  C:\Windows\System\sJbNYtc.exe
  2⤵
  PID:2900
- C:\Windows\System\kRCOpms.exe
  C:\Windows\System\kRCOpms.exe
  2⤵
  PID:3316
- C:\Windows\System\buiogPJ.exe
  C:\Windows\System\buiogPJ.exe
  2⤵
  PID:3656
- C:\Windows\System\eCdaNMq.exe
  C:\Windows\System\eCdaNMq.exe
  2⤵
  PID:3624
- C:\Windows\System\aqdeWqN.exe
  C:\Windows\System\aqdeWqN.exe
  2⤵
  PID:3604
- C:\Windows\System\NKZoAdS.exe
  C:\Windows\System\NKZoAdS.exe
  2⤵
  PID:3840
- C:\Windows\System\QTBAZPO.exe
  C:\Windows\System\QTBAZPO.exe
  2⤵
  PID:2732
- C:\Windows\System\xvpAcmQ.exe
  C:\Windows\System\xvpAcmQ.exe
  2⤵
  PID:2604
- C:\Windows\System\JuLaAig.exe
  C:\Windows\System\JuLaAig.exe
  2⤵
  PID:4140
- C:\Windows\System\DmBJqjl.exe
  C:\Windows\System\DmBJqjl.exe
  2⤵
  PID:4172
- C:\Windows\System\rvmyKzX.exe
  C:\Windows\System\rvmyKzX.exe
  2⤵
  PID:4212
- C:\Windows\System\TJRXQWI.exe
  C:\Windows\System\TJRXQWI.exe
  2⤵
  PID:4240
- C:\Windows\System\yYCrWsY.exe
  C:\Windows\System\yYCrWsY.exe
  2⤵
  PID:4280
- C:\Windows\System\hSRzRVO.exe
  C:\Windows\System\hSRzRVO.exe
  2⤵
  PID:4316
- C:\Windows\System\wqRoLcC.exe
  C:\Windows\System\wqRoLcC.exe
  2⤵
  PID:4352
- C:\Windows\System\oRbObYt.exe
  C:\Windows\System\oRbObYt.exe
  2⤵
  PID:4392
- C:\Windows\System\HoRPAkx.exe
  C:\Windows\System\HoRPAkx.exe
  2⤵
  PID:4396
- C:\Windows\System\itddWSA.exe
  C:\Windows\System\itddWSA.exe
  2⤵
  PID:4416
- C:\Windows\System\UjwXOse.exe
  C:\Windows\System\UjwXOse.exe
  2⤵
  PID:4452
- C:\Windows\System\sQPqMjN.exe
  C:\Windows\System\sQPqMjN.exe
  2⤵
  PID:4524
- C:\Windows\System\dMYVvDf.exe
  C:\Windows\System\dMYVvDf.exe
  2⤵
  PID:4564
- C:\Windows\System\mZcCSUm.exe
  C:\Windows\System\mZcCSUm.exe
  2⤵
  PID:4596
- C:\Windows\System\uUfzOlQ.exe
  C:\Windows\System\uUfzOlQ.exe
  2⤵
  PID:4584
- C:\Windows\System\PojAgyA.exe
  C:\Windows\System\PojAgyA.exe
  2⤵
  PID:4640
- C:\Windows\System\DsoDlHA.exe
  C:\Windows\System\DsoDlHA.exe
  2⤵
  PID:4616
- C:\Windows\System\zPrMtuS.exe
  C:\Windows\System\zPrMtuS.exe
  2⤵
  PID:4720
- C:\Windows\System\DhcSEdQ.exe
  C:\Windows\System\DhcSEdQ.exe
  2⤵
  PID:4700
- C:\Windows\System\CttVBus.exe
  C:\Windows\System\CttVBus.exe
  2⤵
  PID:4796
- C:\Windows\System\klnBjyN.exe
  C:\Windows\System\klnBjyN.exe
  2⤵
  PID:4780
- C:\Windows\System\ojWfQLy.exe
  C:\Windows\System\ojWfQLy.exe
  2⤵
  PID:4824
- C:\Windows\System\DjlfmDd.exe
  C:\Windows\System\DjlfmDd.exe
  2⤵
  PID:4856
- C:\Windows\System\UGtbCZl.exe
  C:\Windows\System\UGtbCZl.exe
  2⤵
  PID:4924
- C:\Windows\System\hWeAtIJ.exe
  C:\Windows\System\hWeAtIJ.exe
  2⤵
  PID:4956
- C:\Windows\System\CGakbHj.exe
  C:\Windows\System\CGakbHj.exe
  2⤵
  PID:4996
- C:\Windows\System\wQFWPzP.exe
  C:\Windows\System\wQFWPzP.exe
  2⤵
  PID:4980
- C:\Windows\System\ZnvBVZI.exe
  C:\Windows\System\ZnvBVZI.exe
  2⤵
  PID:5024
- C:\Windows\System\McZxDgJ.exe
  C:\Windows\System\McZxDgJ.exe
  2⤵
  PID:5060
- C:\Windows\System\sSmsvPl.exe
  C:\Windows\System\sSmsvPl.exe
  2⤵
  PID:2716
- C:\Windows\System\OkoNlaj.exe
  C:\Windows\System\OkoNlaj.exe
  2⤵
  PID:2744
- C:\Windows\System\IUgvIjM.exe
  C:\Windows\System\IUgvIjM.exe
  2⤵
  PID:3244
- C:\Windows\System\TLTOOkb.exe
  C:\Windows\System\TLTOOkb.exe
  2⤵
  PID:3720
- C:\Windows\System\ytTnYPq.exe
  C:\Windows\System\ytTnYPq.exe
  2⤵
  PID:3540
- C:\Windows\System\JVleBwp.exe
  C:\Windows\System\JVleBwp.exe
  2⤵
  PID:3820
- C:\Windows\System\uDyueDy.exe
  C:\Windows\System\uDyueDy.exe
  2⤵
  PID:2196
- C:\Windows\System\RgSOGeU.exe
  C:\Windows\System\RgSOGeU.exe
  2⤵
  PID:4156
- C:\Windows\System\nDoLcmZ.exe
  C:\Windows\System\nDoLcmZ.exe
  2⤵
  PID:4272
- C:\Windows\System\xtOpCri.exe
  C:\Windows\System\xtOpCri.exe
  2⤵
  PID:4312
- C:\Windows\System\EBGHvxt.exe
  C:\Windows\System\EBGHvxt.exe
  2⤵
  PID:4380
- C:\Windows\System\ZjiLeyT.exe
  C:\Windows\System\ZjiLeyT.exe
  2⤵
  PID:4476
- C:\Windows\System\RlGmiqr.exe
  C:\Windows\System\RlGmiqr.exe
  2⤵
  PID:4412
- C:\Windows\System\BMPnOzg.exe
  C:\Windows\System\BMPnOzg.exe
  2⤵
  PID:4520
- C:\Windows\System\NfOctGQ.exe
  C:\Windows\System\NfOctGQ.exe
  2⤵
  PID:4576
- C:\Windows\System\EHlRaNw.exe
  C:\Windows\System\EHlRaNw.exe
  2⤵
  PID:4620
- C:\Windows\System\RdTnLBv.exe
  C:\Windows\System\RdTnLBv.exe
  2⤵
  PID:4760
- C:\Windows\System\fBTsiUt.exe
  C:\Windows\System\fBTsiUt.exe
  2⤵
  PID:4800
- C:\Windows\System\VzeYmNH.exe
  C:\Windows\System\VzeYmNH.exe
  2⤵
  PID:4776
- C:\Windows\System\NlxQAMY.exe
  C:\Windows\System\NlxQAMY.exe
  2⤵
  PID:4840
- C:\Windows\System\SLuKIqb.exe
  C:\Windows\System\SLuKIqb.exe
  2⤵
  PID:4864
- C:\Windows\System\CxestIb.exe
  C:\Windows\System\CxestIb.exe
  2⤵
  PID:4960
- C:\Windows\System\hBwDZgc.exe
  C:\Windows\System\hBwDZgc.exe
  2⤵
  PID:4944
- C:\Windows\System\pgZDPoa.exe
  C:\Windows\System\pgZDPoa.exe
  2⤵
  PID:5016
- C:\Windows\System\zyZHUpj.exe
  C:\Windows\System\zyZHUpj.exe
  2⤵
  PID:4464
- C:\Windows\System\KULvAwZ.exe
  C:\Windows\System\KULvAwZ.exe
  2⤵
  PID:3200
- C:\Windows\System\qCHeaQL.exe
  C:\Windows\System\qCHeaQL.exe
  2⤵
  PID:3416
- C:\Windows\System\hyHSuOy.exe
  C:\Windows\System\hyHSuOy.exe
  2⤵
  PID:3788
- C:\Windows\System\DGmWOJF.exe
  C:\Windows\System\DGmWOJF.exe
  2⤵
  PID:4132
- C:\Windows\System\AXgvQcb.exe
  C:\Windows\System\AXgvQcb.exe
  2⤵
  PID:4236
- C:\Windows\System\wrbSyOi.exe
  C:\Windows\System\wrbSyOi.exe
  2⤵
  PID:4332
- C:\Windows\System\ZmMCeQf.exe
  C:\Windows\System\ZmMCeQf.exe
  2⤵
  PID:4336
- C:\Windows\System\saJznut.exe
  C:\Windows\System\saJznut.exe
  2⤵
  PID:4496
- C:\Windows\System\IbEesMf.exe
  C:\Windows\System\IbEesMf.exe
  2⤵
  PID:4600
- C:\Windows\System\FHdLWbq.exe
  C:\Windows\System\FHdLWbq.exe
  2⤵
  PID:4716
- C:\Windows\System\gFOpeiM.exe
  C:\Windows\System\gFOpeiM.exe
  2⤵
  PID:4816
- C:\Windows\System\qKsBBVP.exe
  C:\Windows\System\qKsBBVP.exe
  2⤵
  PID:2796
- C:\Windows\System\GKPFVvA.exe
  C:\Windows\System\GKPFVvA.exe
  2⤵
  PID:4916
- C:\Windows\System\xgDWnen.exe
  C:\Windows\System\xgDWnen.exe
  2⤵
  PID:5084
- C:\Windows\System\gQnEGFv.exe
  C:\Windows\System\gQnEGFv.exe
  2⤵
  PID:3324
- C:\Windows\System\DYengMm.exe
  C:\Windows\System\DYengMm.exe
  2⤵
  PID:3140
- C:\Windows\System\YGbAThF.exe
  C:\Windows\System\YGbAThF.exe
  2⤵
  PID:3404
- C:\Windows\System\cnGQCug.exe
  C:\Windows\System\cnGQCug.exe
  2⤵
  PID:4100
- C:\Windows\System\iEjUKWY.exe
  C:\Windows\System\iEjUKWY.exe
  2⤵
  PID:4216
- C:\Windows\System\KXftzdE.exe
  C:\Windows\System\KXftzdE.exe
  2⤵
  PID:4356
- C:\Windows\System\UPxMLEG.exe
  C:\Windows\System\UPxMLEG.exe
  2⤵
  PID:4764
- C:\Windows\System\SHJwgzd.exe
  C:\Windows\System\SHJwgzd.exe
  2⤵
  PID:4636
- C:\Windows\System\QwAZNNl.exe
  C:\Windows\System\QwAZNNl.exe
  2⤵
  PID:4744
- C:\Windows\System\gdyNeJm.exe
  C:\Windows\System\gdyNeJm.exe
  2⤵
  PID:4984
- C:\Windows\System\PuWRjID.exe
  C:\Windows\System\PuWRjID.exe
  2⤵
  PID:5132
- C:\Windows\System\cCBgKQJ.exe
  C:\Windows\System\cCBgKQJ.exe
  2⤵
  PID:5152
- C:\Windows\System\vpmPthj.exe
  C:\Windows\System\vpmPthj.exe
  2⤵
  PID:5172
- C:\Windows\System\oVUGIit.exe
  C:\Windows\System\oVUGIit.exe
  2⤵
  PID:5192
- C:\Windows\System\zqwKqDO.exe
  C:\Windows\System\zqwKqDO.exe
  2⤵
  PID:5212
- C:\Windows\System\jKPVuvm.exe
  C:\Windows\System\jKPVuvm.exe
  2⤵
  PID:5236
- C:\Windows\System\IadSPdT.exe
  C:\Windows\System\IadSPdT.exe
  2⤵
  PID:5256
- C:\Windows\System\xnkEQPo.exe
  C:\Windows\System\xnkEQPo.exe
  2⤵
  PID:5276
- C:\Windows\System\KbCvKZl.exe
  C:\Windows\System\KbCvKZl.exe
  2⤵
  PID:5296
- C:\Windows\System\ooYgLnq.exe
  C:\Windows\System\ooYgLnq.exe
  2⤵
  PID:5316
- C:\Windows\System\JlNjnQH.exe
  C:\Windows\System\JlNjnQH.exe
  2⤵
  PID:5336
- C:\Windows\System\tKbqpyy.exe
  C:\Windows\System\tKbqpyy.exe
  2⤵
  PID:5356
- C:\Windows\System\MxXEDxG.exe
  C:\Windows\System\MxXEDxG.exe
  2⤵
  PID:5376
- C:\Windows\System\hSdjviA.exe
  C:\Windows\System\hSdjviA.exe
  2⤵
  PID:5396
- C:\Windows\System\huPBOAo.exe
  C:\Windows\System\huPBOAo.exe
  2⤵
  PID:5416
- C:\Windows\System\apZROkM.exe
  C:\Windows\System\apZROkM.exe
  2⤵
  PID:5436
- C:\Windows\System\DJkWLdO.exe
  C:\Windows\System\DJkWLdO.exe
  2⤵
  PID:5456
- C:\Windows\System\klpJTpE.exe
  C:\Windows\System\klpJTpE.exe
  2⤵
  PID:5476
- C:\Windows\System\gvnJDuy.exe
  C:\Windows\System\gvnJDuy.exe
  2⤵
  PID:5496
- C:\Windows\System\zrxPGcw.exe
  C:\Windows\System\zrxPGcw.exe
  2⤵
  PID:5516
- C:\Windows\System\VfMGeKN.exe
  C:\Windows\System\VfMGeKN.exe
  2⤵
  PID:5536
- C:\Windows\System\VjCYfpI.exe
  C:\Windows\System\VjCYfpI.exe
  2⤵
  PID:5556
- C:\Windows\System\DofesRF.exe
  C:\Windows\System\DofesRF.exe
  2⤵
  PID:5576
- C:\Windows\System\xejLoXI.exe
  C:\Windows\System\xejLoXI.exe
  2⤵
  PID:5596
- C:\Windows\System\rEsnVEF.exe
  C:\Windows\System\rEsnVEF.exe
  2⤵
  PID:5616
- C:\Windows\System\KhzdYpj.exe
  C:\Windows\System\KhzdYpj.exe
  2⤵
  PID:5636
- C:\Windows\System\brIVVsz.exe
  C:\Windows\System\brIVVsz.exe
  2⤵
  PID:5656
- C:\Windows\System\pbtgIXa.exe
  C:\Windows\System\pbtgIXa.exe
  2⤵
  PID:5676
- C:\Windows\System\gkcLgwN.exe
  C:\Windows\System\gkcLgwN.exe
  2⤵
  PID:5696
- C:\Windows\System\WxooWuI.exe
  C:\Windows\System\WxooWuI.exe
  2⤵
  PID:5716
- C:\Windows\System\ixYRICW.exe
  C:\Windows\System\ixYRICW.exe
  2⤵
  PID:5736
- C:\Windows\System\aMdTDeP.exe
  C:\Windows\System\aMdTDeP.exe
  2⤵
  PID:5756
- C:\Windows\System\AUkyNdO.exe
  C:\Windows\System\AUkyNdO.exe
  2⤵
  PID:5776
- C:\Windows\System\rQECMMG.exe
  C:\Windows\System\rQECMMG.exe
  2⤵
  PID:5796
- C:\Windows\System\BHhougV.exe
  C:\Windows\System\BHhougV.exe
  2⤵
  PID:5816
- C:\Windows\System\VHaAKZi.exe
  C:\Windows\System\VHaAKZi.exe
  2⤵
  PID:5836
- C:\Windows\System\QNLtzFF.exe
  C:\Windows\System\QNLtzFF.exe
  2⤵
  PID:5856
- C:\Windows\System\MukSIEJ.exe
  C:\Windows\System\MukSIEJ.exe
  2⤵
  PID:5876
- C:\Windows\System\MVbnLZG.exe
  C:\Windows\System\MVbnLZG.exe
  2⤵
  PID:5896
- C:\Windows\System\kywXzwA.exe
  C:\Windows\System\kywXzwA.exe
  2⤵
  PID:5916
- C:\Windows\System\fKDhRVW.exe
  C:\Windows\System\fKDhRVW.exe
  2⤵
  PID:5936
- C:\Windows\System\sZVTmJQ.exe
  C:\Windows\System\sZVTmJQ.exe
  2⤵
  PID:5956
- C:\Windows\System\jIleILJ.exe
  C:\Windows\System\jIleILJ.exe
  2⤵
  PID:5976
- C:\Windows\System\qTsmCtt.exe
  C:\Windows\System\qTsmCtt.exe
  2⤵
  PID:5996
- C:\Windows\System\QIGTdaU.exe
  C:\Windows\System\QIGTdaU.exe
  2⤵
  PID:6016
- C:\Windows\System\IFYecPb.exe
  C:\Windows\System\IFYecPb.exe
  2⤵
  PID:6036
- C:\Windows\System\YOdzwox.exe
  C:\Windows\System\YOdzwox.exe
  2⤵
  PID:6056
- C:\Windows\System\tjMhKaI.exe
  C:\Windows\System\tjMhKaI.exe
  2⤵
  PID:6076
- C:\Windows\System\TCGHwpA.exe
  C:\Windows\System\TCGHwpA.exe
  2⤵
  PID:6096
- C:\Windows\System\FQrrBNi.exe
  C:\Windows\System\FQrrBNi.exe
  2⤵
  PID:6116
- C:\Windows\System\uGjokaR.exe
  C:\Windows\System\uGjokaR.exe
  2⤵
  PID:6136
- C:\Windows\System\SCMyCwd.exe
  C:\Windows\System\SCMyCwd.exe
  2⤵
  PID:3964
- C:\Windows\System\cWRpBJI.exe
  C:\Windows\System\cWRpBJI.exe
  2⤵
  PID:4372
- C:\Windows\System\dltkyyE.exe
  C:\Windows\System\dltkyyE.exe
  2⤵
  PID:4136
- C:\Windows\System\OoYmgNx.exe
  C:\Windows\System\OoYmgNx.exe
  2⤵
  PID:4484
- C:\Windows\System\KQPGKiv.exe
  C:\Windows\System\KQPGKiv.exe
  2⤵
  PID:4920
- C:\Windows\System\WPEbuJg.exe
  C:\Windows\System\WPEbuJg.exe
  2⤵
  PID:4684
- C:\Windows\System\skWGaxK.exe
  C:\Windows\System\skWGaxK.exe
  2⤵
  PID:2656
- C:\Windows\System\jrIzmfV.exe
  C:\Windows\System\jrIzmfV.exe
  2⤵
  PID:5200
- C:\Windows\System\aUOBWeA.exe
  C:\Windows\System\aUOBWeA.exe
  2⤵
  PID:5184
- C:\Windows\System\XPmWuml.exe
  C:\Windows\System\XPmWuml.exe
  2⤵
  PID:5224
- C:\Windows\System\uErtdmp.exe
  C:\Windows\System\uErtdmp.exe
  2⤵
  PID:5232
- C:\Windows\System\YgxxmJC.exe
  C:\Windows\System\YgxxmJC.exe
  2⤵
  PID:5268
- C:\Windows\System\nboeyWe.exe
  C:\Windows\System\nboeyWe.exe
  2⤵
  PID:5328
- C:\Windows\System\xOcDEXm.exe
  C:\Windows\System\xOcDEXm.exe
  2⤵
  PID:5372
- C:\Windows\System\RDwUFgC.exe
  C:\Windows\System\RDwUFgC.exe
  2⤵
  PID:5404
- C:\Windows\System\wnISKSf.exe
  C:\Windows\System\wnISKSf.exe
  2⤵
  PID:5408
- C:\Windows\System\hzbQdEM.exe
  C:\Windows\System\hzbQdEM.exe
  2⤵
  PID:5448
- C:\Windows\System\jAIozTT.exe
  C:\Windows\System\jAIozTT.exe
  2⤵
  PID:2632
- C:\Windows\System\PQozMBh.exe
  C:\Windows\System\PQozMBh.exe
  2⤵
  PID:5472
- C:\Windows\System\XyIRtip.exe
  C:\Windows\System\XyIRtip.exe
  2⤵
  PID:5504
- C:\Windows\System\gEkotHT.exe
  C:\Windows\System\gEkotHT.exe
  2⤵
  PID:5564
- C:\Windows\System\OhaxXGf.exe
  C:\Windows\System\OhaxXGf.exe
  2⤵
  PID:5604
- C:\Windows\System\UtIFTqb.exe
  C:\Windows\System\UtIFTqb.exe
  2⤵
  PID:5608
- C:\Windows\System\baTPFtr.exe
  C:\Windows\System\baTPFtr.exe
  2⤵
  PID:5628
- C:\Windows\System\AnSNNTb.exe
  C:\Windows\System\AnSNNTb.exe
  2⤵
  PID:5684
- C:\Windows\System\VStSdYV.exe
  C:\Windows\System\VStSdYV.exe
  2⤵
  PID:5704
- C:\Windows\System\YvtDZDW.exe
  C:\Windows\System\YvtDZDW.exe
  2⤵
  PID:5728
- C:\Windows\System\jYauwXJ.exe
  C:\Windows\System\jYauwXJ.exe
  2⤵
  PID:5748
- C:\Windows\System\iFcjWTo.exe
  C:\Windows\System\iFcjWTo.exe
  2⤵
  PID:5804
- C:\Windows\System\nscdEkS.exe
  C:\Windows\System\nscdEkS.exe
  2⤵
  PID:5872
- C:\Windows\System\xRUvIcy.exe
  C:\Windows\System\xRUvIcy.exe
  2⤵
  PID:5888
- C:\Windows\System\nNWKDrm.exe
  C:\Windows\System\nNWKDrm.exe
  2⤵
  PID:5924
- C:\Windows\System\htwIByS.exe
  C:\Windows\System\htwIByS.exe
  2⤵
  PID:5944
- C:\Windows\System\ugxGdGh.exe
  C:\Windows\System\ugxGdGh.exe
  2⤵
  PID:5968
- C:\Windows\System\KZZFYCE.exe
  C:\Windows\System\KZZFYCE.exe
  2⤵
  PID:5988
- C:\Windows\System\dwhGndp.exe
  C:\Windows\System\dwhGndp.exe
  2⤵
  PID:6032
- C:\Windows\System\BmutZPn.exe
  C:\Windows\System\BmutZPn.exe
  2⤵
  PID:6064
- C:\Windows\System\cgtjdIK.exe
  C:\Windows\System\cgtjdIK.exe
  2⤵
  PID:6088
- C:\Windows\System\goSEwrx.exe
  C:\Windows\System\goSEwrx.exe
  2⤵
  PID:6108
- C:\Windows\System\LYZqABE.exe
  C:\Windows\System\LYZqABE.exe
  2⤵
  PID:2528
- C:\Windows\System\JQRvUtj.exe
  C:\Windows\System\JQRvUtj.exe
  2⤵
  PID:2508
- C:\Windows\System\wXCPYKR.exe
  C:\Windows\System\wXCPYKR.exe
  2⤵
  PID:2580
- C:\Windows\System\ZYtCCpw.exe
  C:\Windows\System\ZYtCCpw.exe
  2⤵
  PID:4580
- C:\Windows\System\HnXdANS.exe
  C:\Windows\System\HnXdANS.exe
  2⤵
  PID:4940
- C:\Windows\System\dlOZbPs.exe
  C:\Windows\System\dlOZbPs.exe
  2⤵
  PID:2144
- C:\Windows\System\EofPUyE.exe
  C:\Windows\System\EofPUyE.exe
  2⤵
  PID:5208
- C:\Windows\System\UaQtYUk.exe
  C:\Windows\System\UaQtYUk.exe
  2⤵
  PID:5292
- C:\Windows\System\Xezuwrk.exe
  C:\Windows\System\Xezuwrk.exe
  2⤵
  PID:5288
- C:\Windows\System\kWXuyKc.exe
  C:\Windows\System\kWXuyKc.exe
  2⤵
  PID:2800
- C:\Windows\System\rwyXnfp.exe
  C:\Windows\System\rwyXnfp.exe
  2⤵
  PID:5308
- C:\Windows\System\JBvHQrz.exe
  C:\Windows\System\JBvHQrz.exe
  2⤵
  PID:5388
- C:\Windows\System\ktzrGml.exe
  C:\Windows\System\ktzrGml.exe
  2⤵
  PID:5344
- C:\Windows\System\skOWtKB.exe
  C:\Windows\System\skOWtKB.exe
  2⤵
  PID:1688
- C:\Windows\System\OnGppmc.exe
  C:\Windows\System\OnGppmc.exe
  2⤵
  PID:1420
- C:\Windows\System\SUTZgDU.exe
  C:\Windows\System\SUTZgDU.exe
  2⤵
  PID:1332
- C:\Windows\System\kgiMGnt.exe
  C:\Windows\System\kgiMGnt.exe
  2⤵
  PID:5512
- C:\Windows\System\dDjTLyA.exe
  C:\Windows\System\dDjTLyA.exe
  2⤵
  PID:5544
- C:\Windows\System\FMhnAuN.exe
  C:\Windows\System\FMhnAuN.exe
  2⤵
  PID:2956
- C:\Windows\System\ChUcdrR.exe
  C:\Windows\System\ChUcdrR.exe
  2⤵
  PID:5724
- C:\Windows\System\UROgJNX.exe
  C:\Windows\System\UROgJNX.exe
  2⤵
  PID:1516
- C:\Windows\System\JSOFlVt.exe
  C:\Windows\System\JSOFlVt.exe
  2⤵
  PID:5752
- C:\Windows\System\MlzKTmH.exe
  C:\Windows\System\MlzKTmH.exe
  2⤵
  PID:2148
- C:\Windows\System\yQeMHti.exe
  C:\Windows\System\yQeMHti.exe
  2⤵
  PID:5792
- C:\Windows\System\OJQIvFI.exe
  C:\Windows\System\OJQIvFI.exe
  2⤵
  PID:2116
- C:\Windows\System\VVJfVZO.exe
  C:\Windows\System\VVJfVZO.exe
  2⤵
  PID:5848
- C:\Windows\System\mlcWLQI.exe
  C:\Windows\System\mlcWLQI.exe
  2⤵
  PID:5824
- C:\Windows\System\fHpAetm.exe
  C:\Windows\System\fHpAetm.exe
  2⤵
  PID:492
- C:\Windows\System\VrzJRyT.exe
  C:\Windows\System\VrzJRyT.exe
  2⤵
  PID:5948
- C:\Windows\System\jpjsxwt.exe
  C:\Windows\System\jpjsxwt.exe
  2⤵
  PID:6012
- C:\Windows\System\SGtNeJJ.exe
  C:\Windows\System\SGtNeJJ.exe
  2⤵
  PID:6068
- C:\Windows\System\IhHJxub.exe
  C:\Windows\System\IhHJxub.exe
  2⤵
  PID:2724
- C:\Windows\System\DnltlMi.exe
  C:\Windows\System\DnltlMi.exe
  2⤵
  PID:3060
- C:\Windows\System\eCCaLBj.exe
  C:\Windows\System\eCCaLBj.exe
  2⤵
  PID:4644
- C:\Windows\System\TOllnlH.exe
  C:\Windows\System\TOllnlH.exe
  2⤵
  PID:2040
- C:\Windows\System\AKHguiK.exe
  C:\Windows\System\AKHguiK.exe
  2⤵
  PID:2848
- C:\Windows\System\AfzlJbu.exe
  C:\Windows\System\AfzlJbu.exe
  2⤵
  PID:5312
- C:\Windows\System\ZvYCmWs.exe
  C:\Windows\System\ZvYCmWs.exe
  2⤵
  PID:5468
- C:\Windows\System\NfZmpqn.exe
  C:\Windows\System\NfZmpqn.exe
  2⤵
  PID:5532
- C:\Windows\System\zwAhWxB.exe
  C:\Windows\System\zwAhWxB.exe
  2⤵
  PID:5612
- C:\Windows\System\HLUjWjE.exe
  C:\Windows\System\HLUjWjE.exe
  2⤵
  PID:2668
- C:\Windows\System\nMbnBrt.exe
  C:\Windows\System\nMbnBrt.exe
  2⤵
  PID:832
- C:\Windows\System\YdWRyhj.exe
  C:\Windows\System\YdWRyhj.exe
  2⤵
  PID:840
- C:\Windows\System\pjEXdOG.exe
  C:\Windows\System\pjEXdOG.exe
  2⤵
  PID:5324
- C:\Windows\System\COQbpxO.exe
  C:\Windows\System\COQbpxO.exe
  2⤵
  PID:5688
- C:\Windows\System\tWwyFnf.exe
  C:\Windows\System\tWwyFnf.exe
  2⤵
  PID:3028
- C:\Windows\System\gcBXnnh.exe
  C:\Windows\System\gcBXnnh.exe
  2⤵
  PID:5784
- C:\Windows\System\wGVXEDL.exe
  C:\Windows\System\wGVXEDL.exe
  2⤵
  PID:5928
- C:\Windows\System\PBwfkFo.exe
  C:\Windows\System\PBwfkFo.exe
  2⤵
  PID:6048
- C:\Windows\System\PvhkMlQ.exe
  C:\Windows\System\PvhkMlQ.exe
  2⤵
  PID:4504
- C:\Windows\System\dupkCFH.exe
  C:\Windows\System\dupkCFH.exe
  2⤵
  PID:5248
- C:\Windows\System\NmMiKzA.exe
  C:\Windows\System\NmMiKzA.exe
  2⤵
  PID:6092
- C:\Windows\System\YeisjPy.exe
  C:\Windows\System\YeisjPy.exe
  2⤵
  PID:1936
- C:\Windows\System\lHNFJDF.exe
  C:\Windows\System\lHNFJDF.exe
  2⤵
  PID:6124
- C:\Windows\System\dtfQVev.exe
  C:\Windows\System\dtfQVev.exe
  2⤵
  PID:916
- C:\Windows\System\tBTKLMH.exe
  C:\Windows\System\tBTKLMH.exe
  2⤵
  PID:5164
- C:\Windows\System\UVMyjQr.exe
  C:\Windows\System\UVMyjQr.exe
  2⤵
  PID:5672
- C:\Windows\System\iaIGzOW.exe
  C:\Windows\System\iaIGzOW.exe
  2⤵
  PID:5100
- C:\Windows\System\qZnvjUE.exe
  C:\Windows\System\qZnvjUE.exe
  2⤵
  PID:5952
- C:\Windows\System\xovUuzM.exe
  C:\Windows\System\xovUuzM.exe
  2⤵
  PID:5432
- C:\Windows\System\AvEzRDr.exe
  C:\Windows\System\AvEzRDr.exe
  2⤵
  PID:2248
- C:\Windows\System\wQnSuqg.exe
  C:\Windows\System\wQnSuqg.exe
  2⤵
  PID:4196
- C:\Windows\System\PZFWkLL.exe
  C:\Windows\System\PZFWkLL.exe
  2⤵
  PID:2568
- C:\Windows\System\CHZLePp.exe
  C:\Windows\System\CHZLePp.exe
  2⤵
  PID:5244
- C:\Windows\System\aLoFrem.exe
  C:\Windows\System\aLoFrem.exe
  2⤵
  PID:6164
- C:\Windows\System\dBdSyor.exe
  C:\Windows\System\dBdSyor.exe
  2⤵
  PID:6180
- C:\Windows\System\EWqsOXR.exe
  C:\Windows\System\EWqsOXR.exe
  2⤵
  PID:6220
- C:\Windows\System\bplnPIu.exe
  C:\Windows\System\bplnPIu.exe
  2⤵
  PID:6240
- C:\Windows\System\hocCCJl.exe
  C:\Windows\System\hocCCJl.exe
  2⤵
  PID:6264
- C:\Windows\System\afinYXr.exe
  C:\Windows\System\afinYXr.exe
  2⤵
  PID:6280
- C:\Windows\System\FOGyYvM.exe
  C:\Windows\System\FOGyYvM.exe
  2⤵
  PID:6304
- C:\Windows\System\WvxMPCF.exe
  C:\Windows\System\WvxMPCF.exe
  2⤵
  PID:6324
- C:\Windows\System\sHxzfOv.exe
  C:\Windows\System\sHxzfOv.exe
  2⤵
  PID:6344
- C:\Windows\System\cdtBhEd.exe
  C:\Windows\System\cdtBhEd.exe
  2⤵
  PID:6364
- C:\Windows\System\BXSppYR.exe
  C:\Windows\System\BXSppYR.exe
  2⤵
  PID:6384
- C:\Windows\System\AiADjSO.exe
  C:\Windows\System\AiADjSO.exe
  2⤵
  PID:6404
- C:\Windows\System\nZPxPak.exe
  C:\Windows\System\nZPxPak.exe
  2⤵
  PID:6424
- C:\Windows\System\OPXQYbY.exe
  C:\Windows\System\OPXQYbY.exe
  2⤵
  PID:6440
- C:\Windows\System\wpVbqDG.exe
  C:\Windows\System\wpVbqDG.exe
  2⤵
  PID:6464
- C:\Windows\System\ZqrHNbv.exe
  C:\Windows\System\ZqrHNbv.exe
  2⤵
  PID:6480
- C:\Windows\System\jFndBGe.exe
  C:\Windows\System\jFndBGe.exe
  2⤵
  PID:6504
- C:\Windows\System\UjjIrVW.exe
  C:\Windows\System\UjjIrVW.exe
  2⤵
  PID:6520
- C:\Windows\System\CkCUuYE.exe
  C:\Windows\System\CkCUuYE.exe
  2⤵
  PID:6544
- C:\Windows\System\aOnonPk.exe
  C:\Windows\System\aOnonPk.exe
  2⤵
  PID:6560
- C:\Windows\System\IRVubgP.exe
  C:\Windows\System\IRVubgP.exe
  2⤵
  PID:6576
- C:\Windows\System\yPerxJu.exe
  C:\Windows\System\yPerxJu.exe
  2⤵
  PID:6596
- C:\Windows\System\vffveCn.exe
  C:\Windows\System\vffveCn.exe
  2⤵
  PID:6612
- C:\Windows\System\KgKdjuR.exe
  C:\Windows\System\KgKdjuR.exe
  2⤵
  PID:6640
- C:\Windows\System\sBkEhoQ.exe
  C:\Windows\System\sBkEhoQ.exe
  2⤵
  PID:6664
- C:\Windows\System\MEoZGwW.exe
  C:\Windows\System\MEoZGwW.exe
  2⤵
  PID:6680
- C:\Windows\System\pAlDYwm.exe
  C:\Windows\System\pAlDYwm.exe
  2⤵
  PID:6696
- C:\Windows\System\cjxqpYt.exe
  C:\Windows\System\cjxqpYt.exe
  2⤵
  PID:6712
- C:\Windows\System\jSiYXdP.exe
  C:\Windows\System\jSiYXdP.exe
  2⤵
  PID:6732
- C:\Windows\System\vkqoviI.exe
  C:\Windows\System\vkqoviI.exe
  2⤵
  PID:6748
- C:\Windows\System\gKsRdYM.exe
  C:\Windows\System\gKsRdYM.exe
  2⤵
  PID:6776
- C:\Windows\System\phJRaFP.exe
  C:\Windows\System\phJRaFP.exe
  2⤵
  PID:6792
- C:\Windows\System\EZUxoZh.exe
  C:\Windows\System\EZUxoZh.exe
  2⤵
  PID:6820
- C:\Windows\System\WufneGl.exe
  C:\Windows\System\WufneGl.exe
  2⤵
  PID:6840
- C:\Windows\System\bFZoWvk.exe
  C:\Windows\System\bFZoWvk.exe
  2⤵
  PID:6856
- C:\Windows\System\RajzmZB.exe
  C:\Windows\System\RajzmZB.exe
  2⤵
  PID:6872
- C:\Windows\System\XLeuumh.exe
  C:\Windows\System\XLeuumh.exe
  2⤵
  PID:6900
- C:\Windows\System\JMgsbTn.exe
  C:\Windows\System\JMgsbTn.exe
  2⤵
  PID:6916
- C:\Windows\System\QWlxbgN.exe
  C:\Windows\System\QWlxbgN.exe
  2⤵
  PID:6936
- C:\Windows\System\gRiCqAc.exe
  C:\Windows\System\gRiCqAc.exe
  2⤵
  PID:6952
- C:\Windows\System\JlUDPca.exe
  C:\Windows\System\JlUDPca.exe
  2⤵
  PID:6968
- C:\Windows\System\sZLiWsi.exe
  C:\Windows\System\sZLiWsi.exe
  2⤵
  PID:6984
- C:\Windows\System\gZwEHwy.exe
  C:\Windows\System\gZwEHwy.exe
  2⤵
  PID:7000
- C:\Windows\System\RBcHTjb.exe
  C:\Windows\System\RBcHTjb.exe
  2⤵
  PID:7020
- C:\Windows\System\WKJPftL.exe
  C:\Windows\System\WKJPftL.exe
  2⤵
  PID:7036
- C:\Windows\System\QrfXOyV.exe
  C:\Windows\System\QrfXOyV.exe
  2⤵
  PID:7088
- C:\Windows\System\hFTHIjg.exe
  C:\Windows\System\hFTHIjg.exe
  2⤵
  PID:7104
- C:\Windows\System\YqYaYau.exe
  C:\Windows\System\YqYaYau.exe
  2⤵
  PID:7124
- C:\Windows\System\ZBwtCUS.exe
  C:\Windows\System\ZBwtCUS.exe
  2⤵
  PID:7140
- C:\Windows\System\KmuPIZE.exe
  C:\Windows\System\KmuPIZE.exe
  2⤵
  PID:7156
- C:\Windows\System\SCaQVkI.exe
  C:\Windows\System\SCaQVkI.exe
  2⤵
  PID:5524
- C:\Windows\System\YKvEMPc.exe
  C:\Windows\System\YKvEMPc.exe
  2⤵
  PID:4292
- C:\Windows\System\mrYOpUe.exe
  C:\Windows\System\mrYOpUe.exe
  2⤵
  PID:6160
- C:\Windows\System\dPaJMeQ.exe
  C:\Windows\System\dPaJMeQ.exe
  2⤵
  PID:6188
- C:\Windows\System\VnYhPQx.exe
  C:\Windows\System\VnYhPQx.exe
  2⤵
  PID:6248
- C:\Windows\System\ClclMTg.exe
  C:\Windows\System\ClclMTg.exe
  2⤵
  PID:6260
- C:\Windows\System\DuWJwRG.exe
  C:\Windows\System\DuWJwRG.exe
  2⤵
  PID:6296
- C:\Windows\System\gvlNLnF.exe
  C:\Windows\System\gvlNLnF.exe
  2⤵
  PID:6332
- C:\Windows\System\PZOhXMy.exe
  C:\Windows\System\PZOhXMy.exe
  2⤵
  PID:6372
- C:\Windows\System\fVkWnIu.exe
  C:\Windows\System\fVkWnIu.exe
  2⤵
  PID:6360
- C:\Windows\System\uSlFkLV.exe
  C:\Windows\System\uSlFkLV.exe
  2⤵
  PID:6392
- C:\Windows\System\EUAuuCZ.exe
  C:\Windows\System\EUAuuCZ.exe
  2⤵
  PID:6456
- C:\Windows\System\IMvQYzK.exe
  C:\Windows\System\IMvQYzK.exe
  2⤵
  PID:6488
- C:\Windows\System\lBaXesx.exe
  C:\Windows\System\lBaXesx.exe
  2⤵
  PID:6476
- C:\Windows\System\aEnmzql.exe
  C:\Windows\System\aEnmzql.exe
  2⤵
  PID:6516
- C:\Windows\System\RSLGyGH.exe
  C:\Windows\System\RSLGyGH.exe
  2⤵
  PID:6536
- C:\Windows\System\cFadqBT.exe
  C:\Windows\System\cFadqBT.exe
  2⤵
  PID:6604
- C:\Windows\System\jwRnUbV.exe
  C:\Windows\System\jwRnUbV.exe
  2⤵
  PID:6556
- C:\Windows\System\vlhzyzI.exe
  C:\Windows\System\vlhzyzI.exe
  2⤵
  PID:5788
- C:\Windows\System\dTqqMvm.exe
  C:\Windows\System\dTqqMvm.exe
  2⤵
  PID:2756
- C:\Windows\System\hWTvHag.exe
  C:\Windows\System\hWTvHag.exe
  2⤵
  PID:6724
- C:\Windows\System\vDvTTGC.exe
  C:\Windows\System\vDvTTGC.exe
  2⤵
  PID:6672
- C:\Windows\System\PGuGqFs.exe
  C:\Windows\System\PGuGqFs.exe
  2⤵
  PID:6772
- C:\Windows\System\rMtFJUJ.exe
  C:\Windows\System\rMtFJUJ.exe
  2⤵
  PID:6808
- C:\Windows\System\kpQHtRw.exe
  C:\Windows\System\kpQHtRw.exe
  2⤵
  PID:6848
- C:\Windows\System\RUhefYK.exe
  C:\Windows\System\RUhefYK.exe
  2⤵
  PID:6892
- C:\Windows\System\nRlCLOe.exe
  C:\Windows\System\nRlCLOe.exe
  2⤵
  PID:6884
- C:\Windows\System\CUjcHUA.exe
  C:\Windows\System\CUjcHUA.exe
  2⤵
  PID:6912
- C:\Windows\System\noDNjzG.exe
  C:\Windows\System\noDNjzG.exe
  2⤵
  PID:7028
- C:\Windows\System\TJoqEle.exe
  C:\Windows\System\TJoqEle.exe
  2⤵
  PID:6212
- C:\Windows\System\BMngjSl.exe
  C:\Windows\System\BMngjSl.exe
  2⤵
  PID:7012
- C:\Windows\System\smwiwKY.exe
  C:\Windows\System\smwiwKY.exe
  2⤵
  PID:7060
- C:\Windows\System\jQrWefO.exe
  C:\Windows\System\jQrWefO.exe
  2⤵
  PID:7080
- C:\Windows\System\ANdrlzM.exe
  C:\Windows\System\ANdrlzM.exe
  2⤵
  PID:2368
- C:\Windows\System\kLFNUkS.exe
  C:\Windows\System\kLFNUkS.exe
  2⤵
  PID:7136
- C:\Windows\System\mizxIXR.exe
  C:\Windows\System\mizxIXR.exe
  2⤵
  PID:7152
- C:\Windows\System\wSfcKKb.exe
  C:\Windows\System\wSfcKKb.exe
  2⤵
  PID:5648
- C:\Windows\System\TvsjVJH.exe
  C:\Windows\System\TvsjVJH.exe
  2⤵
  PID:6156
- C:\Windows\System\QzSBgLd.exe
  C:\Windows\System\QzSBgLd.exe
  2⤵
  PID:6196
- C:\Windows\System\wvvoZAV.exe
  C:\Windows\System\wvvoZAV.exe
  2⤵
  PID:5584
- C:\Windows\System\EOWxbzw.exe
  C:\Windows\System\EOWxbzw.exe
  2⤵
  PID:6316
- C:\Windows\System\fpMkxqy.exe
  C:\Windows\System\fpMkxqy.exe
  2⤵
  PID:6292
- C:\Windows\System\GpXwUBC.exe
  C:\Windows\System\GpXwUBC.exe
  2⤵
  PID:6376
- C:\Windows\System\NosDeXg.exe
  C:\Windows\System\NosDeXg.exe
  2⤵
  PID:6432
- C:\Windows\System\cQLcxvL.exe
  C:\Windows\System\cQLcxvL.exe
  2⤵
  PID:6568
- C:\Windows\System\tVwxhNO.exe
  C:\Windows\System\tVwxhNO.exe
  2⤵
  PID:6592
- C:\Windows\System\Qczonxh.exe
  C:\Windows\System\Qczonxh.exe
  2⤵
  PID:6216
- C:\Windows\System\qHaqXsa.exe
  C:\Windows\System\qHaqXsa.exe
  2⤵
  PID:6628
- C:\Windows\System\nbSQrBw.exe
  C:\Windows\System\nbSQrBw.exe
  2⤵
  PID:6004
- C:\Windows\System\MzKkbrQ.exe
  C:\Windows\System\MzKkbrQ.exe
  2⤵
  PID:6788
- C:\Windows\System\rZyIVHP.exe
  C:\Windows\System\rZyIVHP.exe
  2⤵
  PID:6756
- C:\Windows\System\onLBHSH.exe
  C:\Windows\System\onLBHSH.exe
  2⤵
  PID:6768
- C:\Windows\System\FqcyAqs.exe
  C:\Windows\System\FqcyAqs.exe
  2⤵
  PID:6744
- C:\Windows\System\GFIAPYm.exe
  C:\Windows\System\GFIAPYm.exe
  2⤵
  PID:6864
- C:\Windows\System\lICejht.exe
  C:\Windows\System\lICejht.exe
  2⤵
  PID:6960
- C:\Windows\System\maliijq.exe
  C:\Windows\System\maliijq.exe
  2⤵
  PID:6944
- C:\Windows\System\NCQzbNx.exe
  C:\Windows\System\NCQzbNx.exe
  2⤵
  PID:7100
- C:\Windows\System\zkexQLp.exe
  C:\Windows\System\zkexQLp.exe
  2⤵
  PID:7148
- C:\Windows\System\mybHTfC.exe
  C:\Windows\System\mybHTfC.exe
  2⤵
  PID:6152
- C:\Windows\System\xkxDPhj.exe
  C:\Windows\System\xkxDPhj.exe
  2⤵
  PID:6148
- C:\Windows\System\MjMllTp.exe
  C:\Windows\System\MjMllTp.exe
  2⤵
  PID:6340
- C:\Windows\System\FenJhfY.exe
  C:\Windows\System\FenJhfY.exe
  2⤵
  PID:5868
- C:\Windows\System\lSLeYjx.exe
  C:\Windows\System\lSLeYjx.exe
  2⤵
  PID:6500
- C:\Windows\System\SGLgrDy.exe
  C:\Windows\System\SGLgrDy.exe
  2⤵
  PID:6608
- C:\Windows\System\bRBPZYU.exe
  C:\Windows\System\bRBPZYU.exe
  2⤵
  PID:6692
- C:\Windows\System\pcYFiLZ.exe
  C:\Windows\System\pcYFiLZ.exe
  2⤵
  PID:6992
- C:\Windows\System\IHOVhvc.exe
  C:\Windows\System\IHOVhvc.exe
  2⤵
  PID:6868
- C:\Windows\System\UoNnMJv.exe
  C:\Windows\System\UoNnMJv.exe
  2⤵
  PID:6932
- C:\Windows\System\ILlkIGF.exe
  C:\Windows\System\ILlkIGF.exe
  2⤵
  PID:7052
- C:\Windows\System\yMGSDzP.exe
  C:\Windows\System\yMGSDzP.exe
  2⤵
  PID:7008
- C:\Windows\System\EZiSVVp.exe
  C:\Windows\System\EZiSVVp.exe
  2⤵
  PID:7056
- C:\Windows\System\tXnYOiU.exe
  C:\Windows\System\tXnYOiU.exe
  2⤵
  PID:6276
- C:\Windows\System\kBizABL.exe
  C:\Windows\System\kBizABL.exe
  2⤵
  PID:6176
- C:\Windows\System\jHYnhYF.exe
  C:\Windows\System\jHYnhYF.exe
  2⤵
  PID:6708
- C:\Windows\System\VcizCke.exe
  C:\Windows\System\VcizCke.exe
  2⤵
  PID:5528
- C:\Windows\System\TdgITRY.exe
  C:\Windows\System\TdgITRY.exe
  2⤵
  PID:6448
- C:\Windows\System\PVmkAWC.exe
  C:\Windows\System\PVmkAWC.exe
  2⤵
  PID:6740
- C:\Windows\System\bTbnoLE.exe
  C:\Windows\System\bTbnoLE.exe
  2⤵
  PID:2404
- C:\Windows\System\tWVDeeq.exe
  C:\Windows\System\tWVDeeq.exe
  2⤵
  PID:6208
- C:\Windows\System\SCOSENG.exe
  C:\Windows\System\SCOSENG.exe
  2⤵
  PID:7176
- C:\Windows\System\UTgHQEt.exe
  C:\Windows\System\UTgHQEt.exe
  2⤵
  PID:7196
- C:\Windows\System\sErtdqW.exe
  C:\Windows\System\sErtdqW.exe
  2⤵
  PID:7248
- C:\Windows\System\degRofK.exe
  C:\Windows\System\degRofK.exe
  2⤵
  PID:7264
- C:\Windows\System\CJgIZzv.exe
  C:\Windows\System\CJgIZzv.exe
  2⤵
  PID:7280
- C:\Windows\System\vHQAnyG.exe
  C:\Windows\System\vHQAnyG.exe
  2⤵
  PID:7296
- C:\Windows\System\lHCMWbF.exe
  C:\Windows\System\lHCMWbF.exe
  2⤵
  PID:7312
- C:\Windows\System\vCXksPN.exe
  C:\Windows\System\vCXksPN.exe
  2⤵
  PID:7328
- C:\Windows\System\buZFcxU.exe
  C:\Windows\System\buZFcxU.exe
  2⤵
  PID:7344
- C:\Windows\System\DPOPEla.exe
  C:\Windows\System\DPOPEla.exe
  2⤵
  PID:7360
- C:\Windows\System\UoyfrnD.exe
  C:\Windows\System\UoyfrnD.exe
  2⤵
  PID:7376
- C:\Windows\System\rYjNshX.exe
  C:\Windows\System\rYjNshX.exe
  2⤵
  PID:7392
- C:\Windows\System\xrbLKlF.exe
  C:\Windows\System\xrbLKlF.exe
  2⤵
  PID:7408
- C:\Windows\System\NZswTbv.exe
  C:\Windows\System\NZswTbv.exe
  2⤵
  PID:7424
- C:\Windows\System\SPySccj.exe
  C:\Windows\System\SPySccj.exe
  2⤵
  PID:7440
- C:\Windows\System\kcmeCFR.exe
  C:\Windows\System\kcmeCFR.exe
  2⤵
  PID:7456
- C:\Windows\System\ftbsQow.exe
  C:\Windows\System\ftbsQow.exe
  2⤵
  PID:7472
- C:\Windows\System\ADSkwEY.exe
  C:\Windows\System\ADSkwEY.exe
  2⤵
  PID:7488
- C:\Windows\System\oSiBjue.exe
  C:\Windows\System\oSiBjue.exe
  2⤵
  PID:7504
- C:\Windows\System\QCKwHyV.exe
  C:\Windows\System\QCKwHyV.exe
  2⤵
  PID:7520
- C:\Windows\System\QmytoiB.exe
  C:\Windows\System\QmytoiB.exe
  2⤵
  PID:7536
- C:\Windows\System\LSZvuJB.exe
  C:\Windows\System\LSZvuJB.exe
  2⤵
  PID:7552
- C:\Windows\System\AmOhqmY.exe
  C:\Windows\System\AmOhqmY.exe
  2⤵
  PID:7568
- C:\Windows\System\nWkCrpb.exe
  C:\Windows\System\nWkCrpb.exe
  2⤵
  PID:7584
- C:\Windows\System\QRgIWez.exe
  C:\Windows\System\QRgIWez.exe
  2⤵
  PID:7608
- C:\Windows\System\XINjwDU.exe
  C:\Windows\System\XINjwDU.exe
  2⤵
  PID:7632
- C:\Windows\System\fIWHFcr.exe
  C:\Windows\System\fIWHFcr.exe
  2⤵
  PID:7672
- C:\Windows\System\ULlFDfR.exe
  C:\Windows\System\ULlFDfR.exe
  2⤵
  PID:7692
- C:\Windows\System\AiqVhvd.exe
  C:\Windows\System\AiqVhvd.exe
  2⤵
  PID:7724
- C:\Windows\System\ygklhSv.exe
  C:\Windows\System\ygklhSv.exe
  2⤵
  PID:7740
- C:\Windows\System\epAhvSR.exe
  C:\Windows\System\epAhvSR.exe
  2⤵
  PID:7756
- C:\Windows\System\CJMSzNl.exe
  C:\Windows\System\CJMSzNl.exe
  2⤵
  PID:7776
- C:\Windows\System\jzJwqIO.exe
  C:\Windows\System\jzJwqIO.exe
  2⤵
  PID:7800
- C:\Windows\System\TxkAqyv.exe
  C:\Windows\System\TxkAqyv.exe
  2⤵
  PID:7820
- C:\Windows\System\QXozEGt.exe
  C:\Windows\System\QXozEGt.exe
  2⤵
  PID:7840
- C:\Windows\System\jsXKXFE.exe
  C:\Windows\System\jsXKXFE.exe
  2⤵
  PID:7856
- C:\Windows\System\csdZIOJ.exe
  C:\Windows\System\csdZIOJ.exe
  2⤵
  PID:7876
- C:\Windows\System\XsCBevJ.exe
  C:\Windows\System\XsCBevJ.exe
  2⤵
  PID:7900
- C:\Windows\System\gdoiDzr.exe
  C:\Windows\System\gdoiDzr.exe
  2⤵
  PID:7924
- C:\Windows\System\bJQnspl.exe
  C:\Windows\System\bJQnspl.exe
  2⤵
  PID:7948
- C:\Windows\System\wOIiMXE.exe
  C:\Windows\System\wOIiMXE.exe
  2⤵
  PID:7972
- C:\Windows\System\mJdvkjG.exe
  C:\Windows\System\mJdvkjG.exe
  2⤵
  PID:7996
- C:\Windows\System\QIcxebJ.exe
  C:\Windows\System\QIcxebJ.exe
  2⤵
  PID:8016
- C:\Windows\System\VhCQBSI.exe
  C:\Windows\System\VhCQBSI.exe
  2⤵
  PID:8036
- C:\Windows\System\twyFIsr.exe
  C:\Windows\System\twyFIsr.exe
  2⤵
  PID:8052
- C:\Windows\System\UbZSKja.exe
  C:\Windows\System\UbZSKja.exe
  2⤵
  PID:8080
- C:\Windows\System\BSUFNxh.exe
  C:\Windows\System\BSUFNxh.exe
  2⤵
  PID:8104
- C:\Windows\System\UeSpTOh.exe
  C:\Windows\System\UeSpTOh.exe
  2⤵
  PID:8124
- C:\Windows\System\pxCJnWV.exe
  C:\Windows\System\pxCJnWV.exe
  2⤵
  PID:8144
- C:\Windows\System\ZwskYyH.exe
  C:\Windows\System\ZwskYyH.exe
  2⤵
  PID:8176
- C:\Windows\System\BMJUICP.exe
  C:\Windows\System\BMJUICP.exe
  2⤵
  PID:6880
- C:\Windows\System\OwyNHYv.exe
  C:\Windows\System\OwyNHYv.exe
  2⤵
  PID:6624
- C:\Windows\System\tjAZgbY.exe
  C:\Windows\System\tjAZgbY.exe
  2⤵
  PID:7208
- C:\Windows\System\gwVTWDF.exe
  C:\Windows\System\gwVTWDF.exe
  2⤵
  PID:7236
- C:\Windows\System\vHdiEgK.exe
  C:\Windows\System\vHdiEgK.exe
  2⤵
  PID:7372
- C:\Windows\System\cRCayRu.exe
  C:\Windows\System\cRCayRu.exe
  2⤵
  PID:7468
- C:\Windows\System\PzGMGXi.exe
  C:\Windows\System\PzGMGXi.exe
  2⤵
  PID:2988
- C:\Windows\System\BFPyskr.exe
  C:\Windows\System\BFPyskr.exe
  2⤵
  PID:6804
- C:\Windows\System\pnICPUp.exe
  C:\Windows\System\pnICPUp.exe
  2⤵
  PID:7560
- C:\Windows\System\EeBSSST.exe
  C:\Windows\System\EeBSSST.exe
  2⤵
  PID:7188
- C:\Windows\System\sIuNATE.exe
  C:\Windows\System\sIuNATE.exe
  2⤵
  PID:7576
- C:\Windows\System\NMjfkEj.exe
  C:\Windows\System\NMjfkEj.exe
  2⤵
  PID:7480
- C:\Windows\System\mwKkRze.exe
  C:\Windows\System\mwKkRze.exe
  2⤵
  PID:7356
- C:\Windows\System\WCPWeqn.exe
  C:\Windows\System\WCPWeqn.exe
  2⤵
  PID:7256
- C:\Windows\System\epyDtZM.exe
  C:\Windows\System\epyDtZM.exe
  2⤵
  PID:7648
- C:\Windows\System\INeyptW.exe
  C:\Windows\System\INeyptW.exe
  2⤵
  PID:7680
- C:\Windows\System\gKxmegj.exe
  C:\Windows\System\gKxmegj.exe
  2⤵
  PID:7664
- C:\Windows\System\DqEElMW.exe
  C:\Windows\System\DqEElMW.exe
  2⤵
  PID:7716
- C:\Windows\System\NQqtBSZ.exe
  C:\Windows\System\NQqtBSZ.exe
  2⤵
  PID:7752
- C:\Windows\System\vSsrfVt.exe
  C:\Windows\System\vSsrfVt.exe
  2⤵
  PID:7788
- C:\Windows\System\znywrqs.exe
  C:\Windows\System\znywrqs.exe
  2⤵
  PID:7832
- C:\Windows\System\qHSMjxY.exe
  C:\Windows\System\qHSMjxY.exe
  2⤵
  PID:7884
- C:\Windows\System\XgnehkX.exe
  C:\Windows\System\XgnehkX.exe
  2⤵
  PID:7916
- C:\Windows\System\ahyzEqn.exe
  C:\Windows\System\ahyzEqn.exe
  2⤵
  PID:7872
- C:\Windows\System\aZNrTYd.exe
  C:\Windows\System\aZNrTYd.exe
  2⤵
  PID:7960
- C:\Windows\System\OfzYDlz.exe
  C:\Windows\System\OfzYDlz.exe
  2⤵
  PID:7984
- C:\Windows\System\xfGZZhE.exe
  C:\Windows\System\xfGZZhE.exe
  2⤵
  PID:8028
- C:\Windows\System\NwkLIyS.exe
  C:\Windows\System\NwkLIyS.exe
  2⤵
  PID:8032
- C:\Windows\System\MQpyHZg.exe
  C:\Windows\System\MQpyHZg.exe
  2⤵
  PID:8076
- C:\Windows\System\pHIHgPZ.exe
  C:\Windows\System\pHIHgPZ.exe
  2⤵
  PID:8048
- C:\Windows\System\PIOsiIo.exe
  C:\Windows\System\PIOsiIo.exe
  2⤵
  PID:8160
- C:\Windows\System\hWuTErZ.exe
  C:\Windows\System\hWuTErZ.exe
  2⤵
  PID:8140
- C:\Windows\System\akuyFFk.exe
  C:\Windows\System\akuyFFk.exe
  2⤵
  PID:7112
- C:\Windows\System\YUtAkSG.exe
  C:\Windows\System\YUtAkSG.exe
  2⤵
  PID:6256
- C:\Windows\System\MkEbsIq.exe
  C:\Windows\System\MkEbsIq.exe
  2⤵
  PID:7220
- C:\Windows\System\hBrEJAU.exe
  C:\Windows\System\hBrEJAU.exe
  2⤵
  PID:7336
- C:\Windows\System\ZNZEgZp.exe
  C:\Windows\System\ZNZEgZp.exe
  2⤵
  PID:7368
- C:\Windows\System\rYyNiri.exe
  C:\Windows\System\rYyNiri.exe
  2⤵
  PID:6380
- C:\Windows\System\sDWItVQ.exe
  C:\Windows\System\sDWItVQ.exe
  2⤵
  PID:7484
- C:\Windows\System\mZFLDoo.exe
  C:\Windows\System\mZFLDoo.exe
  2⤵
  PID:7260
- C:\Windows\System\qBPKNqh.exe
  C:\Windows\System\qBPKNqh.exe
  2⤵
  PID:7532
- C:\Windows\System\DloCUKf.exe
  C:\Windows\System\DloCUKf.exe
  2⤵
  PID:7384
- C:\Windows\System\KqWpQkw.exe
  C:\Windows\System\KqWpQkw.exe
  2⤵
  PID:7732
- C:\Windows\System\HVlRxQl.exe
  C:\Windows\System\HVlRxQl.exe
  2⤵
  PID:7700
- C:\Windows\System\foZXOKe.exe
  C:\Windows\System\foZXOKe.exe
  2⤵
  PID:7712
- C:\Windows\System\akxazVL.exe
  C:\Windows\System\akxazVL.exe
  2⤵
  PID:7808
- C:\Windows\System\MWqAbti.exe
  C:\Windows\System\MWqAbti.exe
  2⤵
  PID:7912
- C:\Windows\System\rjXxoIO.exe
  C:\Windows\System\rjXxoIO.exe
  2⤵
  PID:7932
- C:\Windows\System\TPBticf.exe
  C:\Windows\System\TPBticf.exe
  2⤵
  PID:8012
- C:\Windows\System\Miypals.exe
  C:\Windows\System\Miypals.exe
  2⤵
  PID:8116
- C:\Windows\System\KOWvJpf.exe
  C:\Windows\System\KOWvJpf.exe
  2⤵
  PID:5764
- C:\Windows\System\QQQPEUW.exe
  C:\Windows\System\QQQPEUW.exe
  2⤵
  PID:8024
- C:\Windows\System\qRhClqb.exe
  C:\Windows\System\qRhClqb.exe
  2⤵
  PID:7668
- C:\Windows\System\jQxXVoP.exe
  C:\Windows\System\jQxXVoP.exe
  2⤵
  PID:8156
- C:\Windows\System\NWkQQtb.exe
  C:\Windows\System\NWkQQtb.exe
  2⤵
  PID:7288
- C:\Windows\System\vtDbHnH.exe
  C:\Windows\System\vtDbHnH.exe
  2⤵
  PID:8136
- C:\Windows\System\CPVAcDe.exe
  C:\Windows\System\CPVAcDe.exe
  2⤵
  PID:7184
- C:\Windows\System\RTLxaLe.exe
  C:\Windows\System\RTLxaLe.exe
  2⤵
  PID:7420
- C:\Windows\System\GZqOdWc.exe
  C:\Windows\System\GZqOdWc.exe
  2⤵
  PID:7656
- C:\Windows\System\jREmXCh.exe
  C:\Windows\System\jREmXCh.exe
  2⤵
  PID:7772
- C:\Windows\System\CZRFXhR.exe
  C:\Windows\System\CZRFXhR.exe
  2⤵
  PID:7708
- C:\Windows\System\EfzfmtS.exe
  C:\Windows\System\EfzfmtS.exe
  2⤵
  PID:7892
- C:\Windows\System\xDWSKzO.exe
  C:\Windows\System\xDWSKzO.exe
  2⤵
  PID:7964
- C:\Windows\System\mngZZNN.exe
  C:\Windows\System\mngZZNN.exe
  2⤵
  PID:7956
- C:\Windows\System\SphaSwO.exe
  C:\Windows\System\SphaSwO.exe
  2⤵
  PID:8096
- C:\Windows\System\grPZjzs.exe
  C:\Windows\System\grPZjzs.exe
  2⤵
  PID:7276
- C:\Windows\System\EUitglN.exe
  C:\Windows\System\EUitglN.exe
  2⤵
  PID:7516
- C:\Windows\System\OstoIoj.exe
  C:\Windows\System\OstoIoj.exe
  2⤵
  PID:7512
- C:\Windows\System\UtVskro.exe
  C:\Windows\System\UtVskro.exe
  2⤵
  PID:7688
- C:\Windows\System\tPwMLNX.exe
  C:\Windows\System\tPwMLNX.exe
  2⤵
  PID:7640
- C:\Windows\System\hnLIwtq.exe
  C:\Windows\System\hnLIwtq.exe
  2⤵
  PID:7852
- C:\Windows\System\mFxVmYb.exe
  C:\Windows\System\mFxVmYb.exe
  2⤵
  PID:8004
- C:\Windows\System\RpCgFfK.exe
  C:\Windows\System\RpCgFfK.exe
  2⤵
  PID:8172
- C:\Windows\System\XAQhgji.exe
  C:\Windows\System\XAQhgji.exe
  2⤵
  PID:7304
- C:\Windows\System\HgokldB.exe
  C:\Windows\System\HgokldB.exe
  2⤵
  PID:7432
- C:\Windows\System\owvMYSp.exe
  C:\Windows\System\owvMYSp.exe
  2⤵
  PID:7748
- C:\Windows\System\wOSmvpP.exe
  C:\Windows\System\wOSmvpP.exe
  2⤵
  PID:8204
- C:\Windows\System\xDDvpFu.exe
  C:\Windows\System\xDDvpFu.exe
  2⤵
  PID:8240
- C:\Windows\System\jpwNvLo.exe
  C:\Windows\System\jpwNvLo.exe
  2⤵
  PID:8260
- C:\Windows\System\MTqNnEC.exe
  C:\Windows\System\MTqNnEC.exe
  2⤵
  PID:8276
- C:\Windows\System\uGRFrZx.exe
  C:\Windows\System\uGRFrZx.exe
  2⤵
  PID:8308
- C:\Windows\System\tSVnfXG.exe
  C:\Windows\System\tSVnfXG.exe
  2⤵
  PID:8324
- C:\Windows\System\PpaVmtM.exe
  C:\Windows\System\PpaVmtM.exe
  2⤵
  PID:8348
- C:\Windows\System\hzjwmcB.exe
  C:\Windows\System\hzjwmcB.exe
  2⤵
  PID:8364
- C:\Windows\System\NiDCGrd.exe
  C:\Windows\System\NiDCGrd.exe
  2⤵
  PID:8384
- C:\Windows\System\jncwybw.exe
  C:\Windows\System\jncwybw.exe
  2⤵
  PID:8420
- C:\Windows\System\XutvshM.exe
  C:\Windows\System\XutvshM.exe
  2⤵
  PID:8440
- C:\Windows\System\tqWHfxL.exe
  C:\Windows\System\tqWHfxL.exe
  2⤵
  PID:8456
- C:\Windows\System\lsbpbGk.exe
  C:\Windows\System\lsbpbGk.exe
  2⤵
  PID:8472
- C:\Windows\System\ymwjlzi.exe
  C:\Windows\System\ymwjlzi.exe
  2⤵
  PID:8488
- C:\Windows\System\YlXFUqr.exe
  C:\Windows\System\YlXFUqr.exe
  2⤵
  PID:8508
- C:\Windows\System\zVHMyRF.exe
  C:\Windows\System\zVHMyRF.exe
  2⤵
  PID:8524
- C:\Windows\System\ndtHAEM.exe
  C:\Windows\System\ndtHAEM.exe
  2⤵
  PID:8548
- C:\Windows\System\BmhuDOX.exe
  C:\Windows\System\BmhuDOX.exe
  2⤵
  PID:8564
- C:\Windows\System\LuvYiam.exe
  C:\Windows\System\LuvYiam.exe
  2⤵
  PID:8588
- C:\Windows\System\KEjOyPJ.exe
  C:\Windows\System\KEjOyPJ.exe
  2⤵
  PID:8648
- C:\Windows\System\PcqdwME.exe
  C:\Windows\System\PcqdwME.exe
  2⤵
  PID:8664
- C:\Windows\System\wSYwznP.exe
  C:\Windows\System\wSYwznP.exe
  2⤵
  PID:8688
- C:\Windows\System\yTRwcCJ.exe
  C:\Windows\System\yTRwcCJ.exe
  2⤵
  PID:8704
- C:\Windows\System\AtvptTF.exe
  C:\Windows\System\AtvptTF.exe
  2⤵
  PID:8732
- C:\Windows\System\mfGksJs.exe
  C:\Windows\System\mfGksJs.exe
  2⤵
  PID:8752
- C:\Windows\System\uSCXFQO.exe
  C:\Windows\System\uSCXFQO.exe
  2⤵
  PID:8780
- C:\Windows\System\kUxYbeM.exe
  C:\Windows\System\kUxYbeM.exe
  2⤵
  PID:8796
- C:\Windows\System\lnlGMXb.exe
  C:\Windows\System\lnlGMXb.exe
  2⤵
  PID:8812
- C:\Windows\System\DjPHZzx.exe
  C:\Windows\System\DjPHZzx.exe
  2⤵
  PID:8828
- C:\Windows\System\aqlwHkE.exe
  C:\Windows\System\aqlwHkE.exe
  2⤵
  PID:8856
- C:\Windows\System\mjaoLwY.exe
  C:\Windows\System\mjaoLwY.exe
  2⤵
  PID:8876
- C:\Windows\System\pIhEFCP.exe
  C:\Windows\System\pIhEFCP.exe
  2⤵
  PID:8916
- C:\Windows\System\vHkBgTX.exe
  C:\Windows\System\vHkBgTX.exe
  2⤵
  PID:8932
- C:\Windows\System\cwNBCQm.exe
  C:\Windows\System\cwNBCQm.exe
  2⤵
  PID:8948
- C:\Windows\System\INgADwI.exe
  C:\Windows\System\INgADwI.exe
  2⤵
  PID:8964
- C:\Windows\System\wFnrIzT.exe
  C:\Windows\System\wFnrIzT.exe
  2⤵
  PID:8980
- C:\Windows\System\kWlCDVO.exe
  C:\Windows\System\kWlCDVO.exe
  2⤵
  PID:9008
- C:\Windows\System\AvZFIjM.exe
  C:\Windows\System\AvZFIjM.exe
  2⤵
  PID:9024
- C:\Windows\System\jOCwSnT.exe
  C:\Windows\System\jOCwSnT.exe
  2⤵
  PID:9040
- C:\Windows\System\PxQceRQ.exe
  C:\Windows\System\PxQceRQ.exe
  2⤵
  PID:9056
- C:\Windows\System\MQSJlUm.exe
  C:\Windows\System\MQSJlUm.exe
  2⤵
  PID:9088
- C:\Windows\System\hoVyWox.exe
  C:\Windows\System\hoVyWox.exe
  2⤵
  PID:9112
- C:\Windows\System\ghFlqEQ.exe
  C:\Windows\System\ghFlqEQ.exe
  2⤵
  PID:9128
- C:\Windows\System\YoucFUH.exe
  C:\Windows\System\YoucFUH.exe
  2⤵
  PID:9144
- C:\Windows\System\vmQqKio.exe
  C:\Windows\System\vmQqKio.exe
  2⤵
  PID:9160
- C:\Windows\System\ZKUvkuK.exe
  C:\Windows\System\ZKUvkuK.exe
  2⤵
  PID:9176
- C:\Windows\System\WUyBOYG.exe
  C:\Windows\System\WUyBOYG.exe
  2⤵
  PID:9192
- C:\Windows\System\QszlsBh.exe
  C:\Windows\System\QszlsBh.exe
  2⤵
  PID:9208
- C:\Windows\System\vUcnjSx.exe
  C:\Windows\System\vUcnjSx.exe
  2⤵
  PID:8100
- C:\Windows\System\vVUrQTQ.exe
  C:\Windows\System\vVUrQTQ.exe
  2⤵
  PID:8092
- C:\Windows\System\hxTkXVm.exe
  C:\Windows\System\hxTkXVm.exe
  2⤵
  PID:7172
- C:\Windows\System\PxSDZur.exe
  C:\Windows\System\PxSDZur.exe
  2⤵
  PID:7204
- C:\Windows\System\GYYmxzW.exe
  C:\Windows\System\GYYmxzW.exe
  2⤵
  PID:8272
- C:\Windows\System\PLoKlrc.exe
  C:\Windows\System\PLoKlrc.exe
  2⤵
  PID:8300
- C:\Windows\System\JaXDYzE.exe
  C:\Windows\System\JaXDYzE.exe
  2⤵
  PID:8360
- C:\Windows\System\ngvHyZC.exe
  C:\Windows\System\ngvHyZC.exe
  2⤵
  PID:8344
- C:\Windows\System\JDaeVwd.exe
  C:\Windows\System\JDaeVwd.exe
  2⤵
  PID:8372
- C:\Windows\System\BGWRksu.exe
  C:\Windows\System\BGWRksu.exe
  2⤵
  PID:8484
- C:\Windows\System\LOIlhpK.exe
  C:\Windows\System\LOIlhpK.exe
  2⤵
  PID:8496
- C:\Windows\System\Pkhuuyt.exe
  C:\Windows\System\Pkhuuyt.exe
  2⤵
  PID:8572
- C:\Windows\System\fYwwLKo.exe
  C:\Windows\System\fYwwLKo.exe
  2⤵
  PID:8520
- C:\Windows\System\mhJBcVI.exe
  C:\Windows\System\mhJBcVI.exe
  2⤵
  PID:8612
- C:\Windows\System\EfKOaHf.exe
  C:\Windows\System\EfKOaHf.exe
  2⤵
  PID:8728
- C:\Windows\System\KlDRgoE.exe
  C:\Windows\System\KlDRgoE.exe
  2⤵
  PID:8636
- C:\Windows\System\vCfIEdr.exe
  C:\Windows\System\vCfIEdr.exe
  2⤵
  PID:8432
- C:\Windows\System\iKybJYh.exe
  C:\Windows\System\iKybJYh.exe
  2⤵
  PID:8604
- C:\Windows\System\UcWncfZ.exe
  C:\Windows\System\UcWncfZ.exe
  2⤵
  PID:8680
- C:\Windows\System\xkTVspN.exe
  C:\Windows\System\xkTVspN.exe
  2⤵
  PID:8808
- C:\Windows\System\ublbhjt.exe
  C:\Windows\System\ublbhjt.exe
  2⤵
  PID:8628
- C:\Windows\System\HVDPcMV.exe
  C:\Windows\System\HVDPcMV.exe
  2⤵
  PID:8884
- C:\Windows\System\DQejDEc.exe
  C:\Windows\System\DQejDEc.exe
  2⤵
  PID:8892
- C:\Windows\System\BhhoGLS.exe
  C:\Windows\System\BhhoGLS.exe
  2⤵
  PID:8944
- C:\Windows\System\DxiQbBi.exe
  C:\Windows\System\DxiQbBi.exe
  2⤵
  PID:8788
- C:\Windows\System\PsKBRAx.exe
  C:\Windows\System\PsKBRAx.exe
  2⤵
  PID:8956
- C:\Windows\System\jXFqBDh.exe
  C:\Windows\System\jXFqBDh.exe
  2⤵
  PID:9104
- C:\Windows\System\gLINLBi.exe
  C:\Windows\System\gLINLBi.exe
  2⤵
  PID:8924
- C:\Windows\System\DJprHnJ.exe
  C:\Windows\System\DJprHnJ.exe
  2⤵
  PID:9172
- C:\Windows\System\mIOQhaA.exe
  C:\Windows\System\mIOQhaA.exe
  2⤵
  PID:7864
- C:\Windows\System\MtovLJv.exe
  C:\Windows\System\MtovLJv.exe
  2⤵
  PID:8988
- C:\Windows\System\TvtYfIx.exe
  C:\Windows\System\TvtYfIx.exe
  2⤵
  PID:9000
- C:\Windows\System\uGWAHAf.exe
  C:\Windows\System\uGWAHAf.exe
  2⤵
  PID:8236
- C:\Windows\System\HERomji.exe
  C:\Windows\System\HERomji.exe
  2⤵
  PID:8404
- C:\Windows\System\WAYggRk.exe
  C:\Windows\System\WAYggRk.exe
  2⤵
  PID:9076
- C:\Windows\System\ESZzKVz.exe
  C:\Windows\System\ESZzKVz.exe
  2⤵
  PID:9120
- C:\Windows\System\iqMSGGl.exe
  C:\Windows\System\iqMSGGl.exe
  2⤵
  PID:7968
- C:\Windows\System\UzsVomz.exe
  C:\Windows\System\UzsVomz.exe
  2⤵
  PID:8268
- C:\Windows\System\ioCkUjs.exe
  C:\Windows\System\ioCkUjs.exe
  2⤵
  PID:8356
- C:\Windows\System\OyDfxGC.exe
  C:\Windows\System\OyDfxGC.exe
  2⤵
  PID:8416
- C:\Windows\System\HtkszKr.exe
  C:\Windows\System\HtkszKr.exe
  2⤵
  PID:8468
- C:\Windows\System\mbRcwZj.exe
  C:\Windows\System\mbRcwZj.exe
  2⤵
  PID:8600
- C:\Windows\System\ElhKKtU.exe
  C:\Windows\System\ElhKKtU.exe
  2⤵
  PID:8620
- C:\Windows\System\AIjDfkB.exe
  C:\Windows\System\AIjDfkB.exe
  2⤵
  PID:8248
- C:\Windows\System\qPuvJke.exe
  C:\Windows\System\qPuvJke.exe
  2⤵
  PID:8684
- C:\Windows\System\ObiuMfE.exe
  C:\Windows\System\ObiuMfE.exe
  2⤵
  PID:8672
- C:\Windows\System\dOUBTnc.exe
  C:\Windows\System\dOUBTnc.exe
  2⤵
  PID:8912
- C:\Windows\System\qcIOJEj.exe
  C:\Windows\System\qcIOJEj.exe
  2⤵
  PID:8908
- C:\Windows\System\MqsrPVT.exe
  C:\Windows\System\MqsrPVT.exe
  2⤵
  PID:9048
- C:\Windows\System\UGozGff.exe
  C:\Windows\System\UGozGff.exe
  2⤵
  PID:7848
- C:\Windows\System\pILgRdS.exe
  C:\Windows\System\pILgRdS.exe
  2⤵
  PID:8996
- C:\Windows\System\IKRVdho.exe
  C:\Windows\System\IKRVdho.exe
  2⤵
  PID:7940
- C:\Windows\System\LuZFomS.exe
  C:\Windows\System\LuZFomS.exe
  2⤵
  PID:8656
- C:\Windows\System\ENypYOD.exe
  C:\Windows\System\ENypYOD.exe
  2⤵
  PID:9168
- C:\Windows\System\OfqLDmj.exe
  C:\Windows\System\OfqLDmj.exe
  2⤵
  PID:8224
- C:\Windows\System\xcwwMRs.exe
  C:\Windows\System\xcwwMRs.exe
  2⤵
  PID:9072
- C:\Windows\System\eDxCDvR.exe
  C:\Windows\System\eDxCDvR.exe
  2⤵
  PID:9068
- C:\Windows\System\hCInDXx.exe
  C:\Windows\System\hCInDXx.exe
  2⤵
  PID:8216
- C:\Windows\System\mUQcatc.exe
  C:\Windows\System\mUQcatc.exe
  2⤵
  PID:8428
- C:\Windows\System\RTvSNsS.exe
  C:\Windows\System\RTvSNsS.exe
  2⤵
  PID:8480
- C:\Windows\System\RsHrZNL.exe
  C:\Windows\System\RsHrZNL.exe
  2⤵
  PID:8608
- C:\Windows\System\msDGFiC.exe
  C:\Windows\System\msDGFiC.exe
  2⤵
  PID:8452
- C:\Windows\System\PAIXfBt.exe
  C:\Windows\System\PAIXfBt.exe
  2⤵
  PID:8712
- C:\Windows\System\YJpiKfq.exe
  C:\Windows\System\YJpiKfq.exe
  2⤵
  PID:8904
- C:\Windows\System\UbsQhhv.exe
  C:\Windows\System\UbsQhhv.exe
  2⤵
  PID:7228
- C:\Windows\System\AuMbXMA.exe
  C:\Windows\System\AuMbXMA.exe
  2⤵
  PID:9084
- C:\Windows\System\szmPzZJ.exe
  C:\Windows\System\szmPzZJ.exe
  2⤵
  PID:9184
- C:\Windows\System\ZXdViRH.exe
  C:\Windows\System\ZXdViRH.exe
  2⤵
  PID:8596
- C:\Windows\System\bkydTxo.exe
  C:\Windows\System\bkydTxo.exe
  2⤵
  PID:8804
- C:\Windows\System\hSDrRsf.exe
  C:\Windows\System\hSDrRsf.exe
  2⤵
  PID:7620
- C:\Windows\System\ApnYYUc.exe
  C:\Windows\System\ApnYYUc.exe
  2⤵
  PID:9140
- C:\Windows\System\eDYZcZa.exe
  C:\Windows\System\eDYZcZa.exe
  2⤵
  PID:8560
- C:\Windows\System\bZwgJbJ.exe
  C:\Windows\System\bZwgJbJ.exe
  2⤵
  PID:8408
- C:\Windows\System\jQPBdvW.exe
  C:\Windows\System\jQPBdvW.exe
  2⤵
  PID:8848
- C:\Windows\System\NZHLIOZ.exe
  C:\Windows\System\NZHLIOZ.exe
  2⤵
  PID:9156
- C:\Windows\System\wqteBGb.exe
  C:\Windows\System\wqteBGb.exe
  2⤵
  PID:9188
- C:\Windows\System\bNFDCZH.exe
  C:\Windows\System\bNFDCZH.exe
  2⤵
  PID:9100
- C:\Windows\System\ZaHCaha.exe
  C:\Windows\System\ZaHCaha.exe
  2⤵
  PID:8288
- C:\Windows\System\vmiLUIf.exe
  C:\Windows\System\vmiLUIf.exe
  2⤵
  PID:8724
- C:\Windows\System\SdRvVVs.exe
  C:\Windows\System\SdRvVVs.exe
  2⤵
  PID:8748
- C:\Windows\System\enhTSzu.exe
  C:\Windows\System\enhTSzu.exe
  2⤵
  PID:8976
- C:\Windows\System\KDVOxzK.exe
  C:\Windows\System\KDVOxzK.exe
  2⤵
  PID:8532
- C:\Windows\System\NLmGqdw.exe
  C:\Windows\System\NLmGqdw.exe
  2⤵
  PID:8540
- C:\Windows\System\llVarbA.exe
  C:\Windows\System\llVarbA.exe
  2⤵
  PID:8448
- C:\Windows\System\MCYMKou.exe
  C:\Windows\System\MCYMKou.exe
  2⤵
  PID:8340
- C:\Windows\System\KUPAvek.exe
  C:\Windows\System\KUPAvek.exe
  2⤵
  PID:8316
- C:\Windows\System\UsFkISh.exe
  C:\Windows\System\UsFkISh.exe
  2⤵
  PID:9236
- C:\Windows\System\bEmfvxM.exe
  C:\Windows\System\bEmfvxM.exe
  2⤵
  PID:9256
- C:\Windows\System\GQNTGlG.exe
  C:\Windows\System\GQNTGlG.exe
  2⤵
  PID:9280
- C:\Windows\System\Qavahob.exe
  C:\Windows\System\Qavahob.exe
  2⤵
  PID:9304
- C:\Windows\System\DYeQQjJ.exe
  C:\Windows\System\DYeQQjJ.exe
  2⤵
  PID:9320
- C:\Windows\System\TsHfWLN.exe
  C:\Windows\System\TsHfWLN.exe
  2⤵
  PID:9336
- C:\Windows\System\WbtSTPi.exe
  C:\Windows\System\WbtSTPi.exe
  2⤵
  PID:9360
- C:\Windows\System\XqlNSLZ.exe
  C:\Windows\System\XqlNSLZ.exe
  2⤵
  PID:9380
- C:\Windows\System\PmklPFt.exe
  C:\Windows\System\PmklPFt.exe
  2⤵
  PID:9400
- C:\Windows\System\yeCWYej.exe
  C:\Windows\System\yeCWYej.exe
  2⤵
  PID:9420
- C:\Windows\System\BCpjkOt.exe
  C:\Windows\System\BCpjkOt.exe
  2⤵
  PID:9440
- C:\Windows\System\qTkAFpK.exe
  C:\Windows\System\qTkAFpK.exe
  2⤵
  PID:9456
- C:\Windows\System\KSzdAyt.exe
  C:\Windows\System\KSzdAyt.exe
  2⤵
  PID:9476
- C:\Windows\System\iYYzYJO.exe
  C:\Windows\System\iYYzYJO.exe
  2⤵
  PID:9500
- C:\Windows\System\ShWnpYn.exe
  C:\Windows\System\ShWnpYn.exe
  2⤵
  PID:9520
- C:\Windows\System\ZAGTAWi.exe
  C:\Windows\System\ZAGTAWi.exe
  2⤵
  PID:9536
- C:\Windows\System\kmObgkp.exe
  C:\Windows\System\kmObgkp.exe
  2⤵
  PID:9560
- C:\Windows\System\eVKxxoQ.exe
  C:\Windows\System\eVKxxoQ.exe
  2⤵
  PID:9576
- C:\Windows\System\YPjRsNZ.exe
  C:\Windows\System\YPjRsNZ.exe
  2⤵
  PID:9592
- C:\Windows\System\NRQDzym.exe
  C:\Windows\System\NRQDzym.exe
  2⤵
  PID:9612
- C:\Windows\System\EuukERD.exe
  C:\Windows\System\EuukERD.exe
  2⤵
  PID:9636
- C:\Windows\System\zQLQEKa.exe
  C:\Windows\System\zQLQEKa.exe
  2⤵
  PID:9652
- C:\Windows\System\opMVNNM.exe
  C:\Windows\System\opMVNNM.exe
  2⤵
  PID:9672
- C:\Windows\System\dQctzjT.exe
  C:\Windows\System\dQctzjT.exe
  2⤵
  PID:9700
- C:\Windows\System\ZvqhqaK.exe
  C:\Windows\System\ZvqhqaK.exe
  2⤵
  PID:9716
- C:\Windows\System\leuyShI.exe
  C:\Windows\System\leuyShI.exe
  2⤵
  PID:9744
- C:\Windows\System\xIYbllF.exe
  C:\Windows\System\xIYbllF.exe
  2⤵
  PID:9760
- C:\Windows\System\fBiXaFw.exe
  C:\Windows\System\fBiXaFw.exe
  2⤵
  PID:9784
- C:\Windows\System\WDDWUbj.exe
  C:\Windows\System\WDDWUbj.exe
  2⤵
  PID:9800
- C:\Windows\System\FCDohXg.exe
  C:\Windows\System\FCDohXg.exe
  2⤵
  PID:9816
- C:\Windows\System\pYXrifP.exe
  C:\Windows\System\pYXrifP.exe
  2⤵
  PID:9836
- C:\Windows\System\lVoiyzw.exe
  C:\Windows\System\lVoiyzw.exe
  2⤵
  PID:9852
- C:\Windows\System\zucxUEV.exe
  C:\Windows\System\zucxUEV.exe
  2⤵
  PID:9868
- C:\Windows\System\YlfCCBJ.exe
  C:\Windows\System\YlfCCBJ.exe
  2⤵
  PID:9884
- C:\Windows\System\NNCPoTm.exe
  C:\Windows\System\NNCPoTm.exe
  2⤵
  PID:9900
- C:\Windows\System\bFiCVlR.exe
  C:\Windows\System\bFiCVlR.exe
  2⤵
  PID:9940
- C:\Windows\System\cDHvocv.exe
  C:\Windows\System\cDHvocv.exe
  2⤵
  PID:9964
- C:\Windows\System\zRogHcs.exe
  C:\Windows\System\zRogHcs.exe
  2⤵
  PID:9980
- C:\Windows\System\WvmqTfr.exe
  C:\Windows\System\WvmqTfr.exe
  2⤵
  PID:10000
- C:\Windows\System\exGRQcB.exe
  C:\Windows\System\exGRQcB.exe
  2⤵
  PID:10024
- C:\Windows\System\bKGkNbt.exe
  C:\Windows\System\bKGkNbt.exe
  2⤵
  PID:10040
- C:\Windows\System\xLKVfRU.exe
  C:\Windows\System\xLKVfRU.exe
  2⤵
  PID:10060
- C:\Windows\System\pJtHhGp.exe
  C:\Windows\System\pJtHhGp.exe
  2⤵
  PID:10076
- C:\Windows\System\fgXEeSJ.exe
  C:\Windows\System\fgXEeSJ.exe
  2⤵
  PID:10092
- C:\Windows\System\cgNKUDk.exe
  C:\Windows\System\cgNKUDk.exe
  2⤵
  PID:10116
- C:\Windows\System\KhAodxT.exe
  C:\Windows\System\KhAodxT.exe
  2⤵
  PID:10136
- C:\Windows\System\fSwvuzW.exe
  C:\Windows\System\fSwvuzW.exe
  2⤵
  PID:10152
- C:\Windows\System\YJcNzwC.exe
  C:\Windows\System\YJcNzwC.exe
  2⤵
  PID:10176
- C:\Windows\System\qLmEIlJ.exe
  C:\Windows\System\qLmEIlJ.exe
  2⤵
  PID:10196
- C:\Windows\System\jThuqVT.exe
  C:\Windows\System\jThuqVT.exe
  2⤵
  PID:10212
- C:\Windows\System\IjcfDTl.exe
  C:\Windows\System\IjcfDTl.exe
  2⤵
  PID:10232
- C:\Windows\System\maXsKBz.exe
  C:\Windows\System\maXsKBz.exe
  2⤵
  PID:9228
- C:\Windows\System\YoSpstY.exe
  C:\Windows\System\YoSpstY.exe
  2⤵
  PID:9292
- C:\Windows\System\BJnMxLI.exe
  C:\Windows\System\BJnMxLI.exe
  2⤵
  PID:9316
- C:\Windows\System\VPdNcPE.exe
  C:\Windows\System\VPdNcPE.exe
  2⤵
  PID:9352
- C:\Windows\System\oCqYTmL.exe
  C:\Windows\System\oCqYTmL.exe
  2⤵
  PID:9376
- C:\Windows\System\VURGxln.exe
  C:\Windows\System\VURGxln.exe
  2⤵
  PID:9396
- C:\Windows\System\IJHlBie.exe
  C:\Windows\System\IJHlBie.exe
  2⤵
  PID:9452
- C:\Windows\System\ybhPHeN.exe
  C:\Windows\System\ybhPHeN.exe
  2⤵
  PID:9472
- C:\Windows\System\fFXolNA.exe
  C:\Windows\System\fFXolNA.exe
  2⤵
  PID:9508
- C:\Windows\System\itmuPEm.exe
  C:\Windows\System\itmuPEm.exe
  2⤵
  PID:9548
- C:\Windows\System\apoPwCV.exe
  C:\Windows\System\apoPwCV.exe
  2⤵
  PID:9604
- C:\Windows\System\BGybUQX.exe
  C:\Windows\System\BGybUQX.exe
  2⤵
  PID:9584
- C:\Windows\System\tfLVodh.exe
  C:\Windows\System\tfLVodh.exe
  2⤵
  PID:9588
- C:\Windows\System\sqzLuLj.exe
  C:\Windows\System\sqzLuLj.exe
  2⤵
  PID:9668
- C:\Windows\System\ziucXPD.exe
  C:\Windows\System\ziucXPD.exe
  2⤵
  PID:9732
- C:\Windows\System\YmeWrGB.exe
  C:\Windows\System\YmeWrGB.exe
  2⤵
  PID:9712
- C:\Windows\System\LbzdIZj.exe
  C:\Windows\System\LbzdIZj.exe
  2⤵
  PID:9780
- C:\Windows\System\kkssKoo.exe
  C:\Windows\System\kkssKoo.exe
  2⤵
  PID:9848
- C:\Windows\System\DYXhPPS.exe
  C:\Windows\System\DYXhPPS.exe
  2⤵
  PID:9920
- C:\Windows\System\UrZRgwl.exe
  C:\Windows\System\UrZRgwl.exe
  2⤵
  PID:9824
- C:\Windows\System\nfuSWqC.exe
  C:\Windows\System\nfuSWqC.exe
  2⤵
  PID:9864
- C:\Windows\System\IlEtiTA.exe
  C:\Windows\System\IlEtiTA.exe
  2⤵
  PID:9956
- C:\Windows\System\eAHXasS.exe
  C:\Windows\System\eAHXasS.exe
  2⤵
  PID:9988
- C:\Windows\System\cKIBkBS.exe
  C:\Windows\System\cKIBkBS.exe
  2⤵
  PID:10020
- C:\Windows\System\UUnPMub.exe
  C:\Windows\System\UUnPMub.exe
  2⤵
  PID:10128
- C:\Windows\System\bzPTuYl.exe
  C:\Windows\System\bzPTuYl.exe
  2⤵
  PID:10168
- C:\Windows\System\DmRlJab.exe
  C:\Windows\System\DmRlJab.exe
  2⤵
  PID:9052
- C:\Windows\System\pmnCflm.exe
  C:\Windows\System\pmnCflm.exe
  2⤵
  PID:10184
- C:\Windows\System\mlNdFkc.exe
  C:\Windows\System\mlNdFkc.exe
  2⤵
  PID:9272
- C:\Windows\System\tbwAUJi.exe
  C:\Windows\System\tbwAUJi.exe
  2⤵
  PID:10100
- C:\Windows\System\oGVVito.exe
  C:\Windows\System\oGVVito.exe
  2⤵
  PID:10220
- C:\Windows\System\aEXrnSh.exe
  C:\Windows\System\aEXrnSh.exe
  2⤵
  PID:9328
- C:\Windows\System\ywtkumd.exe
  C:\Windows\System\ywtkumd.exe
  2⤵
  PID:9416
- C:\Windows\System\UPwKwzE.exe
  C:\Windows\System\UPwKwzE.exe
  2⤵
  PID:9528
- C:\Windows\System\TADKoXH.exe
  C:\Windows\System\TADKoXH.exe
  2⤵
  PID:9436
- C:\Windows\System\bwiSGBH.exe
  C:\Windows\System\bwiSGBH.exe
  2⤵
  PID:9516
- C:\Windows\System\QwUZtVF.exe
  C:\Windows\System\QwUZtVF.exe
  2⤵
  PID:9544
- C:\Windows\System\nVvIatd.exe
  C:\Windows\System\nVvIatd.exe
  2⤵
  PID:9532
- C:\Windows\System\yOzYOii.exe
  C:\Windows\System\yOzYOii.exe
  2⤵
  PID:9644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\FjMJqDw.exe

Filesize
6.0MB

MD5
8f98c0fe55bf5d48c44b021af2dea5d0

SHA1
f8b3809b6c156565e583d99fd4426c80f9c78b2f

SHA256
658f76b885d3ebb29271c103c2ef25d3e54de30435a172f74c2c0bef9001b281

SHA512
a3e43485df0c6eb6704288193a689813ef2306125393a32a516bf9c0720cc185c37a76771b4ae808a9e07d0ca82f8aec2127e37c75627e1a8f5b9b77e283f569

Download Submit
C:\Windows\system\KBEQkLU.exe

Filesize
6.0MB

MD5
a17272ab730f6734035fd3dd8f56db31

SHA1
a826d224ecc6a821b8864ccee9a921c3d818383f

SHA256
25100f53cf7e7c948f110aca06c93391726e011b8ad1bd5b1f7db9b6909c9a2c

SHA512
20037574b9da58a16a70396f0ebb44c94492aca54ffa468b6d73e4720d5bf0104ed0a3eb0c55ecbe627d7e5683427a26713c5e71f0eea133e6c91a85b0e81bda

Download Submit
C:\Windows\system\PTpDSPk.exe

Filesize
6.0MB

MD5
d5e6f90f0cf8d342ef45937d2cc9e391

SHA1
95da06140e9acb3d0dc313a569023e7b17413c6c

SHA256
c8d6c6d77c89bc1e801fcd1ec8defd72f43928380cd49d7c2b37ce11e3765443

SHA512
3f5737eb774e2479aa0fb105d6db39ce7a5bd1826720c6e043f8c7720476db466c6d759a74506fe1cc591875510b8cadd8d4d70506bf84ac981cd43517aea153

Download Submit
C:\Windows\system\QXCVXMT.exe

Filesize
6.0MB

MD5
ffa2d6c8e5fd88afb09f1130c68a37a8

SHA1
bc6393de48ae64cb683dae126285f687d67e339f

SHA256
0cfeacc348142ae11d9067e811410bb8b84b79914f59a4e16a75f567fc8001ae

SHA512
06865afef592d479a05a9513faa851e36cc3a4185b0dc87a5b4f1bf442182485b0216c297abcd67077be43bd9f5b620501bc05b629668d93a6c6eb5e8716f8d2

Download Submit
C:\Windows\system\SgnAnow.exe

Filesize
6.0MB

MD5
19e74582319ed205ea2ade6dbea91beb

SHA1
5587f923d5179f9b991088094b4d65c8863585b2

SHA256
f47a313b8dbc5a0695f54dfb5acc1cdb150be959707cddad6295ca1f95bd8a62

SHA512
6ef2bf32349f1dc9631d2c81f31a8f94cb5a693faf570376f3fe26104358eb0973710d4757bcc5021184dd94223b0c69fe30ff374f75ec53f5b1f7553c9ec0df

Download Submit
C:\Windows\system\TORAzUS.exe

Filesize
6.0MB

MD5
a09659a9e0182b95e225cd21a898784c

SHA1
d9a9619d22d5d4ba05395a418b0acbe8e1bd21ba

SHA256
1ebcb518bf74a04f0322b19ddda4366e3316c67d3070d744783db8a745077783

SHA512
b33646ad6dc9bb88529bd2e21a63102ce21b4f2b5e47c69c0174e1600fb0727dbbcc2c7bdfebbbfad77c6e71d4d537ea8e8a18b7ef37e201b4459c7e346b4ab4

Download Submit
C:\Windows\system\WFiblgm.exe

Filesize
6.0MB

MD5
c141a342b3ba33b6b78aa9a0860a8e91

SHA1
1399347c97fe5359d9ed49806b1d565abc9b7adf

SHA256
626a2ed54298b101aab29fa6e53ddbdb189a696f05b3b76f71dd77e11a6c2d82

SHA512
f77a248641db3cd21ae07679d09d998bb3b0643167264c11fc8a668e86f6ba7f57629897eca9661a38cb49ac0e400d41276f7d76136be585a562c7e633a3496d

Download Submit
C:\Windows\system\ZXvhHsN.exe

Filesize
6.0MB

MD5
07c3d1bbc50a215bd09e079ca82e2e6c

SHA1
6cd6b05abb6e6fc188cc652ee7a68753c5288080

SHA256
89286e7c5304e611a5afe2108eb2e910a0d8b7f75838bee39a856a39dc90e574

SHA512
5ea035ccc63bf2b465ab9920f8524a77b2d7b71b2651f722abd5adefe9ae4bda36e57c4e24e9e3e6d6675f1ef6f69a097c9425ac18df525924fe15eebb48e765

Download Submit
C:\Windows\system\ZvxSeDc.exe

Filesize
6.0MB

MD5
faf24755628899a0d50f395c43d9712e

SHA1
606ff042af616e4a25c8500162500c63c582ed68

SHA256
70ceab022f23053052018882b44e6f166f90e96862415a60d31da9a3191336f4

SHA512
b1f947778fda557b9f5f5595da20ebad43fd1e462fdcea3a8cc16f4d50d2cee8c2de7d8f76c38c3d0c5cf9d4d2bbcd8d2478399a65beb3af25f3962ec00476e7

Download Submit
C:\Windows\system\bLFmJyI.exe

Filesize
6.0MB

MD5
ecf5a427ad752f980796d1c0e853bbdb

SHA1
e807ee026b3b1696f1ea13f2fd2aa41eec33f477

SHA256
455a01662a9a78d8fc639b6fbd779daa08a040fef9b2fabae9c7578aef4157fa

SHA512
125b3d2fa065c662dd6a239b5f99dc84f5866c17c04d9b5034a104d37195be6186567c15bf8eae0abe3366afc498a277a584586d3673b9398b575b0398dccb0b

Download Submit
C:\Windows\system\cXPxkRU.exe

Filesize
6.0MB

MD5
33122f404f93f6407e5cd9dd511a058d

SHA1
fb674e901995c633157fb2db903ba6e9cc47802d

SHA256
c942060a5eecf1afc55be8ab552b1329d46da8a75f8e84b0d712c5c69f3ef2d6

SHA512
9b76ae93bb48c67ca45bab72ac2ffbd3198287b331db02dfe3830e9042ee859defc351b0cb712e32d83e4f2b7a9afb4f99d776e9b0872a19b0ff309b201f17b5

Download Submit
C:\Windows\system\diEKyId.exe

Filesize
6.0MB

MD5
a0f6461f5281808f9b2d24f976ff28db

SHA1
96f84070ecc48dec5648e802f61b68d70fd74dda

SHA256
c406252a42dfa4ddd3af3010c1450e0495537f6955ca2ee77356b25331091545

SHA512
3d3a61627489e08544276d07335affb9f47f553e51a43024ba71cb1699848ac58dd72009d797499fcda294fa1ffb17d0e7ab98e4b128a840e86653252803f076

Download Submit
C:\Windows\system\gEcyumC.exe

Filesize
6.0MB

MD5
20259839b303b4279df063aed5c57cee

SHA1
0df4a1034c028c20ecaa85a443fa61e6e2b3c32a

SHA256
e61a0fddc602fb8cb59eefccec39479cd746afdd97b4f6ffdf9734270efde53c

SHA512
8b9e6377983ab304d85729df942c35544bb1e7156d577167dbbe256fec1a2d699ccd3bee01fe52426efec7974bf6845180011eef68dd2d6d5f391b51840b31b1

Download Submit
C:\Windows\system\hdfymHy.exe

Filesize
6.0MB

MD5
5497a323f3fd2f759da3b1460b5327e5

SHA1
a4eb5e4f14a8003c4c3a9584803c2d8233a03e28

SHA256
e823b759fa466dabc38b48fd1da4884016c8ca451e12bcfa7cc04172a7ba2c07

SHA512
51d62b7490e8c2f7b2dfe49fba0ef43f7463d72e41c0e94e9a94ebf29ec68693480d6fcbd60bfc3825270184a2d418e575d99b0eb1af62437d9f2425ae59fafd

Download Submit
C:\Windows\system\hztIpLn.exe

Filesize
6.0MB

MD5
3cf94be12cbcdd4cd35c223f5fb62fac

SHA1
ef4ba6aaa1a349b841b094a2fe0113b0a9c70cfc

SHA256
1504f11a084f538fbf2fd8354a78589fda9a434e133b6d42988eabae3da20daa

SHA512
c2aa00dc86e7801eabe54c4fdb0fdc7905841242d5ecce33e4f9f72ce67e249eb9fc116a9d411ec58762941bc16b321b16ae037a82fe4bfb91cf6e24cc1b693e

Download Submit
C:\Windows\system\jeNsSfy.exe

Filesize
6.0MB

MD5
d31ab609e03ff29634d8118d797ad937

SHA1
a49ad79878e91b040b60bddc6b0970fac97c7489

SHA256
17c82fa352c47c22e9e8129ddd08458770884cac6307725d8d92ec422851ec00

SHA512
3642cb657b8df6f364f3aa07a650283071655563719322785dba44ba6c8b4d204c80b27483181c716af907d04f6f8396b7976c24c109aa214ef043109c9d584b

Download Submit
C:\Windows\system\jidYVjg.exe

Filesize
6.0MB

MD5
a3a0ce0e4c25b095581c57154774d29b

SHA1
35f6876ca1e179713664f32a873378f2f9197734

SHA256
faa5f5124509ab3bf71fa85c0f013d9446f313f79c415e25ebbd1b6537f40aa9

SHA512
5af02655cfe68c6e64232190506483c202ebae65945d2a30a88f0c95834a810b790bed49c7b0b5a17b96ea81de1855ff5bd556537a06d93101e1943c5dd26a10

Download Submit
C:\Windows\system\mekaMKG.exe

Filesize
6.0MB

MD5
4d4d8f8faab793157526e48a75aad22f

SHA1
54410e63ddf753aaea4cd5570a404e178bb9e530

SHA256
c5375414ad8a2938e6e2d622ee2a229a481ef13d832552bafba05c6d45f3c992

SHA512
38bb02bfa82afcf2a14b1ae3e2371096a69ab398779cfed01b471bf5468a5b76d56dd41ef896ebc89b4195f2831abae24485b378355e0bf8022df0cc6cfc91a2

Download Submit
C:\Windows\system\mfbQtft.exe

Filesize
8B

MD5
6529bb9f66d7e209965ee484aa627dcf

SHA1
f355d9846d36da12385b384ef7898bca490c0431

SHA256
71730e11024fb2ff6a46483d283c414fb5c2fa8d4813630e02ea8227fc0e90c2

SHA512
4d1256784902114844413c96932fdf621c2add353012f6d9901f18e401a0147581385de81162fc556e2656f9b0bd87bcc8a644b8e817244ba0bebc5fded1f57f

Download Submit
C:\Windows\system\neDgEPX.exe

Filesize
6.0MB

MD5
b78889b066ca6767892db3b32b700013

SHA1
f7a93b57fe5a3fc56152c0d14763eb69d228099d

SHA256
35c80a6464d897a16f616222394c5a79a6205b9a8593353ce36e914d224627b4

SHA512
cdbbd02212c3abb6e564dea1294582bf334e82c42ebd858e313a9c518916523ed620ebf8d7c1ea1b2e31fe5e802f83455149650fcdfb47b5257d607cad378f75

Download Submit
C:\Windows\system\nheYTEM.exe

Filesize
6.0MB

MD5
4a0ca52254e6c3a6505e7ab3389a7b47

SHA1
0d30ea5922ed6384fddfe5d6e1104d292bed2323

SHA256
75a47aef8c38b4f57664b273d95f4c76537a25953828f14d338fe9f2b7703ce3

SHA512
6ad3fb984c83b8b771ec480e6d29b52f2414f165635fdb432e4cb011a4acb754328521bfdc3a03b225870b5cbeeccc29ae10cc56a8c950c19324de6b0db58360

Download Submit
C:\Windows\system\oeAELQP.exe

Filesize
6.0MB

MD5
37bb96363154c4119513aa28bfe3e4ef

SHA1
4a3cf84205283bff6d8ac4f0e53153c112e3ea79

SHA256
9d506af4e00df2d10f7625c42814f74ba17db5c59e18e6bb01880fb3bb04ade9

SHA512
7fb9eaa15e2e16b1be5ace2965ebd8d33bc16cdc49c754975c8d5aa848a49b4499dbc6a1a1273ebed974dcc50eaabe4e3d8fe85bea7e41c538b9fbbda79042ac

Download Submit
C:\Windows\system\pRutvsX.exe

Filesize
6.0MB

MD5
58b7c949f036d7df388a7a7e6f22b99e

SHA1
6492c654a32c1341cefda1ad6326a375c67552cd

SHA256
3143dc0c708c203454f6882894c9d4b558b72e6c93890b227f96ff03929ce764

SHA512
b0541ebe7c7e3629dc724e0df8469f55c85f258fe448e9d4f5d6df8996adf3801f0e57e07d7eb60a60a7eabc6f4413fab8a174fa45ab316f267e81392ad699db

Download Submit
C:\Windows\system\rGfBZbN.exe

Filesize
6.0MB

MD5
fdf94c503b7ad4b1d9de7b2908c4d99a

SHA1
0e16b72d12a30cb78578f516442acbc658e482ad

SHA256
8571dec6138f9f758ff7fc13154cd34f2ca6772ce0990b64164bbed1ec4eae8a

SHA512
f03ac3e0788f968ac02678db5969d92a1d31adbcd10f14757f3d809a1ac4ed8e09fe176009a9ecda9cc89342092b6da9b37e9f140f85649d33d8d1c4451fdddb

Download Submit
C:\Windows\system\tHqZwGk.exe

Filesize
6.0MB

MD5
34a950a4cd5b5a4a257926437469f502

SHA1
4c56623dc1eb235f6c4db11c10cd1ec3d25f2a86

SHA256
54a34a6024f24e7b8ebd3044d8a830b8fdd0ae7edeca72d16d1da144b839f938

SHA512
170c4f9b3690a502f2a89f3ac088eb80bbd303de197a6d7efb6a91054291814f7c650b2c4937ff03b4bddc37d0472c62c828eb1058530ba7ce101a68f5750af6

Download Submit
C:\Windows\system\wguDqFQ.exe

Filesize
6.0MB

MD5
eae3cd98c1e3a3c228191fb19100787e

SHA1
b850a2253e65d21cfb8e1b5b658d4862e2df71ea

SHA256
a33e4f9e5b0f229db08fec3baf94f44f2a4d81d0d4318c0cf0e7be170d4be01a

SHA512
79e9f469a7d37fb5bb283999f4fd4769f5f7b0448906dc315c7fb0d432b4e82b0a9187a61f8c40206b4811f9dba6e49ecacdfc3dd167c42c07d16a63f43409e7

Download Submit
C:\Windows\system\xAZJoBu.exe

Filesize
6.0MB

MD5
8b95031b7e6d8223c566d77506701236

SHA1
cb0e5b2604ae85513792f4b4a3a7c6f9a9c6a7f9

SHA256
35aeb81c250afd2d816d1984d20cfb48919e4229185354cff4fd9b6d9040553c

SHA512
81201b56222740ce69331f0c2080f17f34aafe27253d7e19ec128b3059b508775517e552f8ab90ed64ac72a4180f63077e0fcd911208624209b4ebbe771ced28

Download Submit
C:\Windows\system\xsWvVVP.exe

Filesize
6.0MB

MD5
e52ebeb0d10e073d2e124162696059a8

SHA1
cf9f9dc205c327d10ba2cdd5d05dc86be001b54a

SHA256
a3ac8833250195a97e33f1f4c329a7027d95ab8c1d2891254381cf4b86382258

SHA512
9e09018e1d3f45c2dd0af4cd8b319eeacb18ef169787aef3c44e30741f54b5e1ed14094e9f075e13cf5546cb17221a9bdeebefcfe85a56a5eab4693f4811c5ec

Download Submit
C:\Windows\system\yOctMJP.exe

Filesize
6.0MB

MD5
99242704c816dbc571595c1768633ef3

SHA1
b040e481f0cf5f9cfdf13ee3d8dc2c2147f09fd4

SHA256
129362b303dbc0d00219080f65d8c45ba1758fc734a4941894049107fb71a8e1

SHA512
0d7b5cf64e419d61902813b7bdf121261f0150d51b1c932d5ae9f43b9d95a2c11b78873066d7bf18fddeb3af0279431e1ff9d5327b6a2d56fb2c3cdb8beacd77

Download Submit
C:\Windows\system\zFRqybc.exe

Filesize
6.0MB

MD5
4883d1af393a6c12c3d981c80592d403

SHA1
1e1dfa2a5c9c8616e8b68c9d377bab5d502da73c

SHA256
794a71b035e7dc6144f0364453aa22b2b723dfb64a4bf5ca4260583af026c691

SHA512
b95dc4a2e6598fe2cec5d385277b99e79880d8ef0770ef8ffa612ca0e13a73dae0679f38351eabddd51c9ea8213a841ebefa33fe9fa2ff6f137b117bae34d491

Download Submit
\Windows\system\fjnLDZR.exe

Filesize
6.0MB

MD5
4d0d5abdc418b72fd197d21dfd0f4f63

SHA1
5c718a6534572fa35d60f322e0a0ba35172e5502

SHA256
9385f87a541145607051cbb97b6f09e95b2d183f76bbdba21ee94ca37f568b87

SHA512
ab097c5d029d31f16b4441d712c10882abe72e93a8b614b977b1b9904dbaf615c51cb54f1c75f03560432f15d7bcd667c94d87eb0aabf9c08df3578e0f70f2ce

Download Submit
\Windows\system\teECUuC.exe

Filesize
6.0MB

MD5
b8489eb0b76d329c6490f9e041747054

SHA1
bc979c05f6e1f1d06a0346a5832e4b50baf6063a

SHA256
552f1f713ac389ab147701a1ade1b4430441923885db80e286f4514d17d8ed16

SHA512
a4b320dbd61ec0d978dba0b4b314a35570fa1d43388f61c9fabef32228a84fa6ee4b7e7c70439dfb75db6cd7b1bc8a0beef0dc9595ab3b74bddbe8a586275251

Download Submit
\Windows\system\zwuMveC.exe

Filesize
6.0MB

MD5
551766b535853e538c1d8193a7da56bf

SHA1
dfc584072f3af542140560e8217ba1c70b82be92

SHA256
1fbb1666e0d9b76c2452bd82657b79c5940fd1148e69d9fd0b713a25dd33b686

SHA512
635bbb793b381a4d67db740005cf825acaf9f151cd1d184c3b7895466aa73e269163be1013c14e8de0ce8f6cf48cc75497f9c32ddcb74a03dc70b3b64785645b

Download Submit
memory/704-3698-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/704-1729-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/808-3707-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/808-1692-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2504-3702-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2504-1682-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-1601-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2612-3704-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2620-1679-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2620-3713-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3703-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-1677-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3709-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-1731-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3700-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2712-1734-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3697-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-1665-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3711-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2824-1673-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2884-1608-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-3708-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-1520-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-3714-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-3706-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-1709-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1676-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-2549-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1710-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1-0x0000000000480000-0x0000000000490000-memory.dmp

Filesize
64KB

Download
memory/2980-2480-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-2490-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2980-2486-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-2524-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2980-2546-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-2568-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2980-2576-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2980-2555-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-2572-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2980-2564-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-2562-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-2552-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-2550-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1730-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2980-2534-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-2520-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1713-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1694-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1684-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-9-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1681-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1678-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-0-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1668-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1609-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1604-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1532-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1478-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1475-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/3048-3699-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/3048-1712-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download