cobaltstrike | 3d5a93bd1e29c6950f4364c0e3747d321fc3d8098db401e3d5effcab3a58aba7

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 04:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a70157f57f3b23d428d48cee21e5f754
SHA1

8755024d688a92d66cd1753d0390b195decb147f
SHA256

3d5a93bd1e29c6950f4364c0e3747d321fc3d8098db401e3d5effcab3a58aba7
SHA512

4dc418d6a9aa8a7fef1369c2ef6f16308d56f5793ae3b1f9ae41400343f3746a468e6d3127ba7c1c373c2b6068be3a72376443483b0bb8d61fe90c0cdf9f2d7c
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUG:T+q56utgpPF8u/7G

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000012102-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d0c-18.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000016d02-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d1f-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d27-29.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d30-37.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d38-41.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001749c-51.dat	cobalt_reflective_dll
behavioral1/files/0x0028000000016ccb-75.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194bd-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019436-71.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-106.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019616-132.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196ac-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001997c-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c38-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c36-186.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196e8-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001966c-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019612-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960e-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019618-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019614-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019610-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d9-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960a-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019537-94.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962a-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941a-65.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d40-55.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3a-194.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2752-0-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x0008000000012102-3.dat	xmrig
behavioral1/files/0x0008000000016d0c-18.dat	xmrig
behavioral1/memory/2748-14-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2932-21-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2840-13-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/files/0x000a000000016d02-10.dat	xmrig
behavioral1/files/0x0008000000016d1f-23.dat	xmrig
behavioral1/memory/2912-28-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d27-29.dat	xmrig
behavioral1/memory/2776-36-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d30-37.dat	xmrig
behavioral1/files/0x0007000000016d38-41.dat	xmrig
behavioral1/files/0x000800000001749c-51.dat	xmrig
behavioral1/memory/2752-56-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/files/0x0028000000016ccb-75.dat	xmrig
behavioral1/memory/596-79-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194bd-86.dat	xmrig
behavioral1/memory/2752-88-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/memory/2000-82-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/files/0x0005000000019441-80.dat	xmrig
behavioral1/memory/2840-74-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/files/0x0005000000019436-71.dat	xmrig
behavioral1/files/0x000500000001960c-106.dat	xmrig
behavioral1/files/0x0005000000019616-132.dat	xmrig
behavioral1/files/0x00050000000196ac-157.dat	xmrig
behavioral1/files/0x000500000001997c-162.dat	xmrig
behavioral1/files/0x0005000000019c38-170.dat	xmrig
behavioral1/files/0x000500000001960d-174.dat	xmrig
behavioral1/files/0x0005000000019c36-186.dat	xmrig
behavioral1/files/0x00050000000196e8-158.dat	xmrig
behavioral1/files/0x000500000001966c-146.dat	xmrig
behavioral1/files/0x0005000000019612-138.dat	xmrig
behavioral1/files/0x000500000001960e-137.dat	xmrig
behavioral1/files/0x0005000000019618-135.dat	xmrig
behavioral1/memory/2912-188-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019614-128.dat	xmrig
behavioral1/memory/1436-123-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019610-120.dat	xmrig
behavioral1/files/0x00050000000195d9-113.dat	xmrig
behavioral1/files/0x000500000001960a-103.dat	xmrig
behavioral1/memory/652-97-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/files/0x0005000000019537-94.dat	xmrig
behavioral1/memory/2752-156-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001962a-152.dat	xmrig
behavioral1/memory/2752-116-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/memory/2932-102-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2172-76-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/1524-69-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2776-189-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/files/0x000500000001941a-65.dat	xmrig
behavioral1/memory/2620-61-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2752-59-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d40-55.dat	xmrig
behavioral1/memory/2684-54-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2752-193-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c3a-194.dat	xmrig
behavioral1/memory/2000-389-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2748-3939-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2912-3953-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2840-3961-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2932-3968-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2620-3979-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/1524-3991-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2840	bZGKtNA.exe
2748	wEArfRk.exe
2932	jDyrZyl.exe
2912	XwTMwGt.exe
2776	ydcSzcy.exe
2620	igXKscb.exe
2684	BpUhbgS.exe
1524	gwCAZEe.exe
2172	LjCvqXJ.exe
596	MzGHIFA.exe
2000	HtaqdCv.exe
1436	zpsqcWo.exe
652	rzESDHo.exe
2164	rxUTEOb.exe
1884	jErNsfc.exe
2876	pMVWlsR.exe
2220	ZUnXhtq.exe
1948	masyBYg.exe
2460	NfWqlkD.exe
2128	GAwarDG.exe
1956	jGwOdAz.exe
1172	arnajqj.exe
2960	OPyIGBf.exe
2864	pLrbfah.exe
2872	kUCmaEQ.exe
1820	VQbMsYP.exe
1940	RhgrUeO.exe
3024	TGQhUNW.exe
2500	gdEYtCg.exe
2436	ESVbCOx.exe
2464	xDOUncL.exe
284	LPqOJVR.exe
2772	oVspAeJ.exe
1708	zTCapKk.exe
1612	rPGVdHe.exe
1812	JCRyUhT.exe
1112	bdlbQfC.exe
876	vLWyiJQ.exe
1756	qOZVPiI.exe
1892	lAxOvBo.exe
2004	DhJBalx.exe
2308	vqGfpEO.exe
2544	fKjlAxM.exe
1228	krPgYrq.exe
2692	rwMlkyC.exe
2380	uwmtRiQ.exe
2688	UCPkVxL.exe
2576	oADRnvW.exe
1896	gIGvlww.exe
2364	GiWArhG.exe
2800	cmkFHbb.exe
3000	CNzOItC.exe
2832	ZbFcWNh.exe
1920	ygnxtic.exe
1368	yTtxMbJ.exe
1668	XqQCYna.exe
2828	JDYuPHQ.exe
2636	hoOuPnK.exe
2808	jAOojlN.exe
792	kfcnYoe.exe
2068	CWGSQKm.exe
968	GdBcqEH.exe
692	pYJXPUz.exe
1624	BKBeBuM.exe

Loads dropped DLL 64 IoCs

pid	Process
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2752-0-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x0008000000012102-3.dat	upx
behavioral1/files/0x0008000000016d0c-18.dat	upx
behavioral1/memory/2748-14-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2932-21-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2840-13-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/files/0x000a000000016d02-10.dat	upx
behavioral1/files/0x0008000000016d1f-23.dat	upx
behavioral1/memory/2912-28-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/files/0x0007000000016d27-29.dat	upx
behavioral1/memory/2776-36-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/files/0x0007000000016d30-37.dat	upx
behavioral1/files/0x0007000000016d38-41.dat	upx
behavioral1/files/0x000800000001749c-51.dat	upx
behavioral1/files/0x0028000000016ccb-75.dat	upx
behavioral1/memory/596-79-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x00050000000194bd-86.dat	upx
behavioral1/memory/2752-88-0x0000000002360000-0x00000000026B4000-memory.dmp	upx
behavioral1/memory/2000-82-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/files/0x0005000000019441-80.dat	upx
behavioral1/memory/2840-74-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/files/0x0005000000019436-71.dat	upx
behavioral1/files/0x000500000001960c-106.dat	upx
behavioral1/files/0x0005000000019616-132.dat	upx
behavioral1/files/0x00050000000196ac-157.dat	upx
behavioral1/files/0x000500000001997c-162.dat	upx
behavioral1/files/0x0005000000019c38-170.dat	upx
behavioral1/files/0x000500000001960d-174.dat	upx
behavioral1/files/0x0005000000019c36-186.dat	upx
behavioral1/files/0x00050000000196e8-158.dat	upx
behavioral1/files/0x000500000001966c-146.dat	upx
behavioral1/files/0x0005000000019612-138.dat	upx
behavioral1/files/0x000500000001960e-137.dat	upx
behavioral1/files/0x0005000000019618-135.dat	upx
behavioral1/memory/2912-188-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/files/0x0005000000019614-128.dat	upx
behavioral1/memory/1436-123-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/files/0x0005000000019610-120.dat	upx
behavioral1/files/0x00050000000195d9-113.dat	upx
behavioral1/files/0x000500000001960a-103.dat	upx
behavioral1/memory/652-97-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/files/0x0005000000019537-94.dat	upx
behavioral1/memory/2752-156-0x0000000002360000-0x00000000026B4000-memory.dmp	upx
behavioral1/files/0x000500000001962a-152.dat	upx
behavioral1/memory/2932-102-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2172-76-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/1524-69-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/2776-189-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/files/0x000500000001941a-65.dat	upx
behavioral1/memory/2620-61-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2752-59-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x0007000000016d40-55.dat	upx
behavioral1/memory/2684-54-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2752-193-0x0000000002360000-0x00000000026B4000-memory.dmp	upx
behavioral1/files/0x0005000000019c3a-194.dat	upx
behavioral1/memory/2000-389-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2748-3939-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2912-3953-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2840-3961-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2932-3968-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2620-3979-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/1524-3991-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/2776-3996-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/596-4001-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\EImeuSD.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kJZERcQ.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sljfOXc.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nAWsacq.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ORPZKps.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wXwrZOC.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QMUxauV.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XYzghvK.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bbnMovu.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fhyKmPe.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BbnqGyy.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QIqZlPL.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kXLValY.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gIGvlww.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xNOBVAV.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uBunUhm.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\joUXCZx.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zKgrBXJ.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eWROrve.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DcMNgRC.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zIqWlyv.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPQFffh.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mAmGVtC.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DUFCBkh.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pWRyVAt.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ECDAqkg.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AjXldLi.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TUxCWaP.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NFSDaPz.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uSXiMoL.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XahlIco.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qLCklon.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\emNtges.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\owUOpEZ.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qFSxenM.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Olgjfao.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ehIRpQF.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JBEiuGw.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sCDPTWr.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IpRPBso.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hTpRHEy.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RenPNQT.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lJELRsF.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UCPkVxL.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yZbuDes.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WPasccX.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BKBeBuM.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fkkyKvF.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cmMYdtG.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YIurvbE.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TvmwlWl.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QyELdcg.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DLVFLof.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LQpHTje.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\masyBYg.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NePEfcZ.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wpMZpSF.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LvZunEL.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hnbWWck.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jXYlCJw.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KHtxzaz.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UzOXdml.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PRBwcKR.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uUSQWOW.exe	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2752 wrote to memory of 2840	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2752 wrote to memory of 2840	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2752 wrote to memory of 2840	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2752 wrote to memory of 2748	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2752 wrote to memory of 2748	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2752 wrote to memory of 2748	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2752 wrote to memory of 2932	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2752 wrote to memory of 2932	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2752 wrote to memory of 2932	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2752 wrote to memory of 2912	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2752 wrote to memory of 2912	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2752 wrote to memory of 2912	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2752 wrote to memory of 2776	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2752 wrote to memory of 2776	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2752 wrote to memory of 2776	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2752 wrote to memory of 2620	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2752 wrote to memory of 2620	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2752 wrote to memory of 2620	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2752 wrote to memory of 2684	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2752 wrote to memory of 2684	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2752 wrote to memory of 2684	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2752 wrote to memory of 1524	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2752 wrote to memory of 1524	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2752 wrote to memory of 1524	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2752 wrote to memory of 2172	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2752 wrote to memory of 2172	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2752 wrote to memory of 2172	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2752 wrote to memory of 596	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2752 wrote to memory of 596	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2752 wrote to memory of 596	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2752 wrote to memory of 1436	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2752 wrote to memory of 1436	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2752 wrote to memory of 1436	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2752 wrote to memory of 2000	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2752 wrote to memory of 2000	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2752 wrote to memory of 2000	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2752 wrote to memory of 652	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2752 wrote to memory of 652	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2752 wrote to memory of 652	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2752 wrote to memory of 2164	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2752 wrote to memory of 2164	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2752 wrote to memory of 2164	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2752 wrote to memory of 2960	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2752 wrote to memory of 2960	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2752 wrote to memory of 2960	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2752 wrote to memory of 1884	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2752 wrote to memory of 1884	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2752 wrote to memory of 1884	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2752 wrote to memory of 2864	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2752 wrote to memory of 2864	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2752 wrote to memory of 2864	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2752 wrote to memory of 2876	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2752 wrote to memory of 2876	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2752 wrote to memory of 2876	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2752 wrote to memory of 2872	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2752 wrote to memory of 2872	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2752 wrote to memory of 2872	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2752 wrote to memory of 2220	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2752 wrote to memory of 2220	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2752 wrote to memory of 2220	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2752 wrote to memory of 1820	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2752 wrote to memory of 1820	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2752 wrote to memory of 1820	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2752 wrote to memory of 1948	2752	2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_a70157f57f3b23d428d48cee21e5f754_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2752
- C:\Windows\System\bZGKtNA.exe
  C:\Windows\System\bZGKtNA.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\wEArfRk.exe
  C:\Windows\System\wEArfRk.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\jDyrZyl.exe
  C:\Windows\System\jDyrZyl.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\XwTMwGt.exe
  C:\Windows\System\XwTMwGt.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\ydcSzcy.exe
  C:\Windows\System\ydcSzcy.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\igXKscb.exe
  C:\Windows\System\igXKscb.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\BpUhbgS.exe
  C:\Windows\System\BpUhbgS.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\gwCAZEe.exe
  C:\Windows\System\gwCAZEe.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\LjCvqXJ.exe
  C:\Windows\System\LjCvqXJ.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\MzGHIFA.exe
  C:\Windows\System\MzGHIFA.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\zpsqcWo.exe
  C:\Windows\System\zpsqcWo.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\HtaqdCv.exe
  C:\Windows\System\HtaqdCv.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\rzESDHo.exe
  C:\Windows\System\rzESDHo.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\rxUTEOb.exe
  C:\Windows\System\rxUTEOb.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\OPyIGBf.exe
  C:\Windows\System\OPyIGBf.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\jErNsfc.exe
  C:\Windows\System\jErNsfc.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\pLrbfah.exe
  C:\Windows\System\pLrbfah.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\pMVWlsR.exe
  C:\Windows\System\pMVWlsR.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\kUCmaEQ.exe
  C:\Windows\System\kUCmaEQ.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\ZUnXhtq.exe
  C:\Windows\System\ZUnXhtq.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\VQbMsYP.exe
  C:\Windows\System\VQbMsYP.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\masyBYg.exe
  C:\Windows\System\masyBYg.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\RhgrUeO.exe
  C:\Windows\System\RhgrUeO.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\NfWqlkD.exe
  C:\Windows\System\NfWqlkD.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\TGQhUNW.exe
  C:\Windows\System\TGQhUNW.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\GAwarDG.exe
  C:\Windows\System\GAwarDG.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\gdEYtCg.exe
  C:\Windows\System\gdEYtCg.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\jGwOdAz.exe
  C:\Windows\System\jGwOdAz.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\ESVbCOx.exe
  C:\Windows\System\ESVbCOx.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\arnajqj.exe
  C:\Windows\System\arnajqj.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\xDOUncL.exe
  C:\Windows\System\xDOUncL.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\LPqOJVR.exe
  C:\Windows\System\LPqOJVR.exe
  2⤵
  - Executes dropped EXE
  PID:284
- C:\Windows\System\oVspAeJ.exe
  C:\Windows\System\oVspAeJ.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\zTCapKk.exe
  C:\Windows\System\zTCapKk.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\JCRyUhT.exe
  C:\Windows\System\JCRyUhT.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\rPGVdHe.exe
  C:\Windows\System\rPGVdHe.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\bdlbQfC.exe
  C:\Windows\System\bdlbQfC.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\vLWyiJQ.exe
  C:\Windows\System\vLWyiJQ.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\qOZVPiI.exe
  C:\Windows\System\qOZVPiI.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\lAxOvBo.exe
  C:\Windows\System\lAxOvBo.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\vqGfpEO.exe
  C:\Windows\System\vqGfpEO.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\DhJBalx.exe
  C:\Windows\System\DhJBalx.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\rwMlkyC.exe
  C:\Windows\System\rwMlkyC.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\fKjlAxM.exe
  C:\Windows\System\fKjlAxM.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\uwmtRiQ.exe
  C:\Windows\System\uwmtRiQ.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\krPgYrq.exe
  C:\Windows\System\krPgYrq.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\UCPkVxL.exe
  C:\Windows\System\UCPkVxL.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\oADRnvW.exe
  C:\Windows\System\oADRnvW.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\ygnxtic.exe
  C:\Windows\System\ygnxtic.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\gIGvlww.exe
  C:\Windows\System\gIGvlww.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\yTtxMbJ.exe
  C:\Windows\System\yTtxMbJ.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\GiWArhG.exe
  C:\Windows\System\GiWArhG.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\XqQCYna.exe
  C:\Windows\System\XqQCYna.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\cmkFHbb.exe
  C:\Windows\System\cmkFHbb.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\JDYuPHQ.exe
  C:\Windows\System\JDYuPHQ.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\CNzOItC.exe
  C:\Windows\System\CNzOItC.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\hoOuPnK.exe
  C:\Windows\System\hoOuPnK.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\ZbFcWNh.exe
  C:\Windows\System\ZbFcWNh.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\jAOojlN.exe
  C:\Windows\System\jAOojlN.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\kfcnYoe.exe
  C:\Windows\System\kfcnYoe.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\GdBcqEH.exe
  C:\Windows\System\GdBcqEH.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\CWGSQKm.exe
  C:\Windows\System\CWGSQKm.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\BKBeBuM.exe
  C:\Windows\System\BKBeBuM.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\pYJXPUz.exe
  C:\Windows\System\pYJXPUz.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\UbKjHVc.exe
  C:\Windows\System\UbKjHVc.exe
  2⤵
  PID:2468
- C:\Windows\System\eWROrve.exe
  C:\Windows\System\eWROrve.exe
  2⤵
  PID:2472
- C:\Windows\System\unuffDi.exe
  C:\Windows\System\unuffDi.exe
  2⤵
  PID:2144
- C:\Windows\System\NCuBfpv.exe
  C:\Windows\System\NCuBfpv.exe
  2⤵
  PID:2508
- C:\Windows\System\GlrkkNt.exe
  C:\Windows\System\GlrkkNt.exe
  2⤵
  PID:2300
- C:\Windows\System\eJShQrm.exe
  C:\Windows\System\eJShQrm.exe
  2⤵
  PID:2260
- C:\Windows\System\WJVbjYd.exe
  C:\Windows\System\WJVbjYd.exe
  2⤵
  PID:2060
- C:\Windows\System\BenYyRJ.exe
  C:\Windows\System\BenYyRJ.exe
  2⤵
  PID:1688
- C:\Windows\System\flnnhfK.exe
  C:\Windows\System\flnnhfK.exe
  2⤵
  PID:356
- C:\Windows\System\TGxdAyx.exe
  C:\Windows\System\TGxdAyx.exe
  2⤵
  PID:2744
- C:\Windows\System\RKMVrpx.exe
  C:\Windows\System\RKMVrpx.exe
  2⤵
  PID:2944
- C:\Windows\System\JikCGQc.exe
  C:\Windows\System\JikCGQc.exe
  2⤵
  PID:896
- C:\Windows\System\gORiXoC.exe
  C:\Windows\System\gORiXoC.exe
  2⤵
  PID:588
- C:\Windows\System\hsPBwhj.exe
  C:\Windows\System\hsPBwhj.exe
  2⤵
  PID:2292
- C:\Windows\System\nAWsacq.exe
  C:\Windows\System\nAWsacq.exe
  2⤵
  PID:2740
- C:\Windows\System\eNpasrY.exe
  C:\Windows\System\eNpasrY.exe
  2⤵
  PID:852
- C:\Windows\System\JJFvVgi.exe
  C:\Windows\System\JJFvVgi.exe
  2⤵
  PID:2632
- C:\Windows\System\UnxgujC.exe
  C:\Windows\System\UnxgujC.exe
  2⤵
  PID:2664
- C:\Windows\System\SIKXgIx.exe
  C:\Windows\System\SIKXgIx.exe
  2⤵
  PID:1320
- C:\Windows\System\ZsiBbEI.exe
  C:\Windows\System\ZsiBbEI.exe
  2⤵
  PID:2656
- C:\Windows\System\dOyHNBM.exe
  C:\Windows\System\dOyHNBM.exe
  2⤵
  PID:1264
- C:\Windows\System\uiIBqVx.exe
  C:\Windows\System\uiIBqVx.exe
  2⤵
  PID:576
- C:\Windows\System\ORPZKps.exe
  C:\Windows\System\ORPZKps.exe
  2⤵
  PID:2404
- C:\Windows\System\PINkTmQ.exe
  C:\Windows\System\PINkTmQ.exe
  2⤵
  PID:1180
- C:\Windows\System\IoQOdBm.exe
  C:\Windows\System\IoQOdBm.exe
  2⤵
  PID:1664
- C:\Windows\System\vqKXxlN.exe
  C:\Windows\System\vqKXxlN.exe
  2⤵
  PID:1916
- C:\Windows\System\KFiKPfU.exe
  C:\Windows\System\KFiKPfU.exe
  2⤵
  PID:2092
- C:\Windows\System\GnBLkiH.exe
  C:\Windows\System\GnBLkiH.exe
  2⤵
  PID:2400
- C:\Windows\System\azvkZQZ.exe
  C:\Windows\System\azvkZQZ.exe
  2⤵
  PID:2024
- C:\Windows\System\YTxcxBZ.exe
  C:\Windows\System\YTxcxBZ.exe
  2⤵
  PID:1644
- C:\Windows\System\bjYnHsP.exe
  C:\Windows\System\bjYnHsP.exe
  2⤵
  PID:2556
- C:\Windows\System\VBdUthW.exe
  C:\Windows\System\VBdUthW.exe
  2⤵
  PID:340
- C:\Windows\System\TolzZcD.exe
  C:\Windows\System\TolzZcD.exe
  2⤵
  PID:1736
- C:\Windows\System\VumYFYd.exe
  C:\Windows\System\VumYFYd.exe
  2⤵
  PID:2516
- C:\Windows\System\zZbtvmL.exe
  C:\Windows\System\zZbtvmL.exe
  2⤵
  PID:1976
- C:\Windows\System\bbnMovu.exe
  C:\Windows\System\bbnMovu.exe
  2⤵
  PID:1816
- C:\Windows\System\wVoVIVt.exe
  C:\Windows\System\wVoVIVt.exe
  2⤵
  PID:812
- C:\Windows\System\AdurOjJ.exe
  C:\Windows\System\AdurOjJ.exe
  2⤵
  PID:2860
- C:\Windows\System\DlFXhaf.exe
  C:\Windows\System\DlFXhaf.exe
  2⤵
  PID:1584
- C:\Windows\System\usUlExt.exe
  C:\Windows\System\usUlExt.exe
  2⤵
  PID:2080
- C:\Windows\System\rDmDtMY.exe
  C:\Windows\System\rDmDtMY.exe
  2⤵
  PID:2204
- C:\Windows\System\gQongHe.exe
  C:\Windows\System\gQongHe.exe
  2⤵
  PID:2964
- C:\Windows\System\lhzoFvM.exe
  C:\Windows\System\lhzoFvM.exe
  2⤵
  PID:2760
- C:\Windows\System\ZOJNLYR.exe
  C:\Windows\System\ZOJNLYR.exe
  2⤵
  PID:264
- C:\Windows\System\TewbeXU.exe
  C:\Windows\System\TewbeXU.exe
  2⤵
  PID:2276
- C:\Windows\System\OVlKRSi.exe
  C:\Windows\System\OVlKRSi.exe
  2⤵
  PID:2844
- C:\Windows\System\bvcJwWP.exe
  C:\Windows\System\bvcJwWP.exe
  2⤵
  PID:1108
- C:\Windows\System\sdVaBsH.exe
  C:\Windows\System\sdVaBsH.exe
  2⤵
  PID:2320
- C:\Windows\System\yOpOjVY.exe
  C:\Windows\System\yOpOjVY.exe
  2⤵
  PID:2804
- C:\Windows\System\mWzHeqL.exe
  C:\Windows\System\mWzHeqL.exe
  2⤵
  PID:2032
- C:\Windows\System\HtuMGXV.exe
  C:\Windows\System\HtuMGXV.exe
  2⤵
  PID:2372
- C:\Windows\System\hilIsOl.exe
  C:\Windows\System\hilIsOl.exe
  2⤵
  PID:2192
- C:\Windows\System\oPjygsT.exe
  C:\Windows\System\oPjygsT.exe
  2⤵
  PID:236
- C:\Windows\System\CXdRPXu.exe
  C:\Windows\System\CXdRPXu.exe
  2⤵
  PID:1016
- C:\Windows\System\vWSduWZ.exe
  C:\Windows\System\vWSduWZ.exe
  2⤵
  PID:1544
- C:\Windows\System\XsAzPqW.exe
  C:\Windows\System\XsAzPqW.exe
  2⤵
  PID:2552
- C:\Windows\System\iFlTxiC.exe
  C:\Windows\System\iFlTxiC.exe
  2⤵
  PID:2812
- C:\Windows\System\kMvivQW.exe
  C:\Windows\System\kMvivQW.exe
  2⤵
  PID:2236
- C:\Windows\System\DocTfqe.exe
  C:\Windows\System\DocTfqe.exe
  2⤵
  PID:1620
- C:\Windows\System\wXwrZOC.exe
  C:\Windows\System\wXwrZOC.exe
  2⤵
  PID:2792
- C:\Windows\System\UsNMZCa.exe
  C:\Windows\System\UsNMZCa.exe
  2⤵
  PID:2384
- C:\Windows\System\NePEfcZ.exe
  C:\Windows\System\NePEfcZ.exe
  2⤵
  PID:2480
- C:\Windows\System\QnnjoIj.exe
  C:\Windows\System\QnnjoIj.exe
  2⤵
  PID:2488
- C:\Windows\System\QaApxBG.exe
  C:\Windows\System\QaApxBG.exe
  2⤵
  PID:2604
- C:\Windows\System\NUoursv.exe
  C:\Windows\System\NUoursv.exe
  2⤵
  PID:1308
- C:\Windows\System\fPXLkse.exe
  C:\Windows\System\fPXLkse.exe
  2⤵
  PID:1984
- C:\Windows\System\LcVQWrZ.exe
  C:\Windows\System\LcVQWrZ.exe
  2⤵
  PID:2532
- C:\Windows\System\kOotMjZ.exe
  C:\Windows\System\kOotMjZ.exe
  2⤵
  PID:564
- C:\Windows\System\dmoTWoq.exe
  C:\Windows\System\dmoTWoq.exe
  2⤵
  PID:2112
- C:\Windows\System\OAKLHHh.exe
  C:\Windows\System\OAKLHHh.exe
  2⤵
  PID:2904
- C:\Windows\System\Pqokqgw.exe
  C:\Windows\System\Pqokqgw.exe
  2⤵
  PID:2044
- C:\Windows\System\dNgRXAR.exe
  C:\Windows\System\dNgRXAR.exe
  2⤵
  PID:1840
- C:\Windows\System\jcuSSYT.exe
  C:\Windows\System\jcuSSYT.exe
  2⤵
  PID:1456
- C:\Windows\System\xAMIkgf.exe
  C:\Windows\System\xAMIkgf.exe
  2⤵
  PID:2492
- C:\Windows\System\QUTAKTz.exe
  C:\Windows\System\QUTAKTz.exe
  2⤵
  PID:824
- C:\Windows\System\IZMdivp.exe
  C:\Windows\System\IZMdivp.exe
  2⤵
  PID:2344
- C:\Windows\System\pWRyVAt.exe
  C:\Windows\System\pWRyVAt.exe
  2⤵
  PID:2448
- C:\Windows\System\DiAePVm.exe
  C:\Windows\System\DiAePVm.exe
  2⤵
  PID:1968
- C:\Windows\System\dPkLcWg.exe
  C:\Windows\System\dPkLcWg.exe
  2⤵
  PID:2240
- C:\Windows\System\STzkYGR.exe
  C:\Windows\System\STzkYGR.exe
  2⤵
  PID:2396
- C:\Windows\System\vVcqCew.exe
  C:\Windows\System\vVcqCew.exe
  2⤵
  PID:1484
- C:\Windows\System\SfACNAI.exe
  C:\Windows\System\SfACNAI.exe
  2⤵
  PID:1124
- C:\Windows\System\xhSwuLQ.exe
  C:\Windows\System\xhSwuLQ.exe
  2⤵
  PID:2016
- C:\Windows\System\hxDrDjK.exe
  C:\Windows\System\hxDrDjK.exe
  2⤵
  PID:1616
- C:\Windows\System\EbNnLYu.exe
  C:\Windows\System\EbNnLYu.exe
  2⤵
  PID:2548
- C:\Windows\System\OlKfBvt.exe
  C:\Windows\System\OlKfBvt.exe
  2⤵
  PID:2984
- C:\Windows\System\Nigrzcx.exe
  C:\Windows\System\Nigrzcx.exe
  2⤵
  PID:1504
- C:\Windows\System\sRXUqZS.exe
  C:\Windows\System\sRXUqZS.exe
  2⤵
  PID:2340
- C:\Windows\System\FEBWcgG.exe
  C:\Windows\System\FEBWcgG.exe
  2⤵
  PID:376
- C:\Windows\System\DjzurNz.exe
  C:\Windows\System\DjzurNz.exe
  2⤵
  PID:720
- C:\Windows\System\MKsdMqq.exe
  C:\Windows\System\MKsdMqq.exe
  2⤵
  PID:1252
- C:\Windows\System\urYLqUn.exe
  C:\Windows\System\urYLqUn.exe
  2⤵
  PID:872
- C:\Windows\System\XFNXzlO.exe
  C:\Windows\System\XFNXzlO.exe
  2⤵
  PID:3036
- C:\Windows\System\nNIKpXM.exe
  C:\Windows\System\nNIKpXM.exe
  2⤵
  PID:1004
- C:\Windows\System\FdHuphn.exe
  C:\Windows\System\FdHuphn.exe
  2⤵
  PID:2408
- C:\Windows\System\SfEzJnN.exe
  C:\Windows\System\SfEzJnN.exe
  2⤵
  PID:536
- C:\Windows\System\ayToxyU.exe
  C:\Windows\System\ayToxyU.exe
  2⤵
  PID:1496
- C:\Windows\System\VCtLXLA.exe
  C:\Windows\System\VCtLXLA.exe
  2⤵
  PID:716
- C:\Windows\System\DopcSkR.exe
  C:\Windows\System\DopcSkR.exe
  2⤵
  PID:2156
- C:\Windows\System\gYdhVoh.exe
  C:\Windows\System\gYdhVoh.exe
  2⤵
  PID:1964
- C:\Windows\System\YKRhcCr.exe
  C:\Windows\System\YKRhcCr.exe
  2⤵
  PID:2524
- C:\Windows\System\PNjCwox.exe
  C:\Windows\System\PNjCwox.exe
  2⤵
  PID:924
- C:\Windows\System\sxyUpSp.exe
  C:\Windows\System\sxyUpSp.exe
  2⤵
  PID:3088
- C:\Windows\System\itOFNcg.exe
  C:\Windows\System\itOFNcg.exe
  2⤵
  PID:3104
- C:\Windows\System\TqQdstp.exe
  C:\Windows\System\TqQdstp.exe
  2⤵
  PID:3120
- C:\Windows\System\rGDTWWJ.exe
  C:\Windows\System\rGDTWWJ.exe
  2⤵
  PID:3136
- C:\Windows\System\yKahTRn.exe
  C:\Windows\System\yKahTRn.exe
  2⤵
  PID:3156
- C:\Windows\System\AZcUtXp.exe
  C:\Windows\System\AZcUtXp.exe
  2⤵
  PID:3176
- C:\Windows\System\mHKCYFy.exe
  C:\Windows\System\mHKCYFy.exe
  2⤵
  PID:3192
- C:\Windows\System\AWYixCd.exe
  C:\Windows\System\AWYixCd.exe
  2⤵
  PID:3208
- C:\Windows\System\wjDeJeY.exe
  C:\Windows\System\wjDeJeY.exe
  2⤵
  PID:3224
- C:\Windows\System\yujQgES.exe
  C:\Windows\System\yujQgES.exe
  2⤵
  PID:3240
- C:\Windows\System\qzhbTVL.exe
  C:\Windows\System\qzhbTVL.exe
  2⤵
  PID:3256
- C:\Windows\System\XDEwFSB.exe
  C:\Windows\System\XDEwFSB.exe
  2⤵
  PID:3272
- C:\Windows\System\mokUosb.exe
  C:\Windows\System\mokUosb.exe
  2⤵
  PID:3288
- C:\Windows\System\YxvPvLJ.exe
  C:\Windows\System\YxvPvLJ.exe
  2⤵
  PID:3304
- C:\Windows\System\ANpTUkG.exe
  C:\Windows\System\ANpTUkG.exe
  2⤵
  PID:3320
- C:\Windows\System\MfcZeyA.exe
  C:\Windows\System\MfcZeyA.exe
  2⤵
  PID:3336
- C:\Windows\System\GrymYRn.exe
  C:\Windows\System\GrymYRn.exe
  2⤵
  PID:3352
- C:\Windows\System\EvgeGAg.exe
  C:\Windows\System\EvgeGAg.exe
  2⤵
  PID:3368
- C:\Windows\System\fBVqpii.exe
  C:\Windows\System\fBVqpii.exe
  2⤵
  PID:3388
- C:\Windows\System\wZYhDdo.exe
  C:\Windows\System\wZYhDdo.exe
  2⤵
  PID:3404
- C:\Windows\System\dVmuvrw.exe
  C:\Windows\System\dVmuvrw.exe
  2⤵
  PID:3424
- C:\Windows\System\ASJnIAF.exe
  C:\Windows\System\ASJnIAF.exe
  2⤵
  PID:3440
- C:\Windows\System\McclUxi.exe
  C:\Windows\System\McclUxi.exe
  2⤵
  PID:3456
- C:\Windows\System\snhaJeL.exe
  C:\Windows\System\snhaJeL.exe
  2⤵
  PID:3472
- C:\Windows\System\hKfDeTJ.exe
  C:\Windows\System\hKfDeTJ.exe
  2⤵
  PID:3488
- C:\Windows\System\eJTxYYN.exe
  C:\Windows\System\eJTxYYN.exe
  2⤵
  PID:3504
- C:\Windows\System\fqXJiMC.exe
  C:\Windows\System\fqXJiMC.exe
  2⤵
  PID:3520
- C:\Windows\System\uRrAGWQ.exe
  C:\Windows\System\uRrAGWQ.exe
  2⤵
  PID:3544
- C:\Windows\System\HVZSWta.exe
  C:\Windows\System\HVZSWta.exe
  2⤵
  PID:3560
- C:\Windows\System\bQiIFGi.exe
  C:\Windows\System\bQiIFGi.exe
  2⤵
  PID:3576
- C:\Windows\System\CGqzBmI.exe
  C:\Windows\System\CGqzBmI.exe
  2⤵
  PID:3600
- C:\Windows\System\zdEtcLr.exe
  C:\Windows\System\zdEtcLr.exe
  2⤵
  PID:3704
- C:\Windows\System\wBYFXEK.exe
  C:\Windows\System\wBYFXEK.exe
  2⤵
  PID:3748
- C:\Windows\System\McsseFn.exe
  C:\Windows\System\McsseFn.exe
  2⤵
  PID:3764
- C:\Windows\System\ECDAqkg.exe
  C:\Windows\System\ECDAqkg.exe
  2⤵
  PID:3788
- C:\Windows\System\RSnQlBe.exe
  C:\Windows\System\RSnQlBe.exe
  2⤵
  PID:3812
- C:\Windows\System\Dhxpnyf.exe
  C:\Windows\System\Dhxpnyf.exe
  2⤵
  PID:3828
- C:\Windows\System\HuywBel.exe
  C:\Windows\System\HuywBel.exe
  2⤵
  PID:3852
- C:\Windows\System\UBYLvel.exe
  C:\Windows\System\UBYLvel.exe
  2⤵
  PID:3868
- C:\Windows\System\tCqysMh.exe
  C:\Windows\System\tCqysMh.exe
  2⤵
  PID:3884
- C:\Windows\System\DcMNgRC.exe
  C:\Windows\System\DcMNgRC.exe
  2⤵
  PID:3900
- C:\Windows\System\SUUbpWU.exe
  C:\Windows\System\SUUbpWU.exe
  2⤵
  PID:3924
- C:\Windows\System\tztVJUE.exe
  C:\Windows\System\tztVJUE.exe
  2⤵
  PID:3940
- C:\Windows\System\xnCiXTR.exe
  C:\Windows\System\xnCiXTR.exe
  2⤵
  PID:3956
- C:\Windows\System\IeVbgLh.exe
  C:\Windows\System\IeVbgLh.exe
  2⤵
  PID:3976
- C:\Windows\System\fZxgOWr.exe
  C:\Windows\System\fZxgOWr.exe
  2⤵
  PID:4004
- C:\Windows\System\BkrgGJd.exe
  C:\Windows\System\BkrgGJd.exe
  2⤵
  PID:4020
- C:\Windows\System\LyFkHVi.exe
  C:\Windows\System\LyFkHVi.exe
  2⤵
  PID:4036
- C:\Windows\System\jnypCjW.exe
  C:\Windows\System\jnypCjW.exe
  2⤵
  PID:4052
- C:\Windows\System\vueFtri.exe
  C:\Windows\System\vueFtri.exe
  2⤵
  PID:4068
- C:\Windows\System\HfswRkp.exe
  C:\Windows\System\HfswRkp.exe
  2⤵
  PID:4088
- C:\Windows\System\pcZRfri.exe
  C:\Windows\System\pcZRfri.exe
  2⤵
  PID:3112
- C:\Windows\System\silJDvR.exe
  C:\Windows\System\silJDvR.exe
  2⤵
  PID:3096
- C:\Windows\System\jlkaGaa.exe
  C:\Windows\System\jlkaGaa.exe
  2⤵
  PID:3188
- C:\Windows\System\PCDTzDp.exe
  C:\Windows\System\PCDTzDp.exe
  2⤵
  PID:3132
- C:\Windows\System\jWNnQyd.exe
  C:\Windows\System\jWNnQyd.exe
  2⤵
  PID:1384
- C:\Windows\System\QOsQfSb.exe
  C:\Windows\System\QOsQfSb.exe
  2⤵
  PID:3164
- C:\Windows\System\pymTSUK.exe
  C:\Windows\System\pymTSUK.exe
  2⤵
  PID:3204
- C:\Windows\System\zVQEXgB.exe
  C:\Windows\System\zVQEXgB.exe
  2⤵
  PID:3316
- C:\Windows\System\zhXzBFJ.exe
  C:\Windows\System\zhXzBFJ.exe
  2⤵
  PID:3268
- C:\Windows\System\qPSJCaE.exe
  C:\Windows\System\qPSJCaE.exe
  2⤵
  PID:2592
- C:\Windows\System\JvwGohk.exe
  C:\Windows\System\JvwGohk.exe
  2⤵
  PID:3296
- C:\Windows\System\navxMwC.exe
  C:\Windows\System\navxMwC.exe
  2⤵
  PID:3432
- C:\Windows\System\SnqpsmV.exe
  C:\Windows\System\SnqpsmV.exe
  2⤵
  PID:3436
- C:\Windows\System\GfxzkWP.exe
  C:\Windows\System\GfxzkWP.exe
  2⤵
  PID:3516
- C:\Windows\System\YaJSgkN.exe
  C:\Windows\System\YaJSgkN.exe
  2⤵
  PID:3568
- C:\Windows\System\cTMXtRV.exe
  C:\Windows\System\cTMXtRV.exe
  2⤵
  PID:3612
- C:\Windows\System\FoJoSwi.exe
  C:\Windows\System\FoJoSwi.exe
  2⤵
  PID:3636
- C:\Windows\System\uoAOiKX.exe
  C:\Windows\System\uoAOiKX.exe
  2⤵
  PID:3640
- C:\Windows\System\wpMZpSF.exe
  C:\Windows\System\wpMZpSF.exe
  2⤵
  PID:3656
- C:\Windows\System\lxEubCW.exe
  C:\Windows\System\lxEubCW.exe
  2⤵
  PID:3664
- C:\Windows\System\XhCOcVU.exe
  C:\Windows\System\XhCOcVU.exe
  2⤵
  PID:3700
- C:\Windows\System\gFTNtbr.exe
  C:\Windows\System\gFTNtbr.exe
  2⤵
  PID:3720
- C:\Windows\System\moEvbeO.exe
  C:\Windows\System\moEvbeO.exe
  2⤵
  PID:3728
- C:\Windows\System\earfuFV.exe
  C:\Windows\System\earfuFV.exe
  2⤵
  PID:3744
- C:\Windows\System\yRIjgxI.exe
  C:\Windows\System\yRIjgxI.exe
  2⤵
  PID:3784
- C:\Windows\System\QgZBLMP.exe
  C:\Windows\System\QgZBLMP.exe
  2⤵
  PID:3824
- C:\Windows\System\TaqaWkX.exe
  C:\Windows\System\TaqaWkX.exe
  2⤵
  PID:3876
- C:\Windows\System\uuEwxSL.exe
  C:\Windows\System\uuEwxSL.exe
  2⤵
  PID:3952
- C:\Windows\System\rhcgPCy.exe
  C:\Windows\System\rhcgPCy.exe
  2⤵
  PID:3964
- C:\Windows\System\lqbLscA.exe
  C:\Windows\System\lqbLscA.exe
  2⤵
  PID:3984
- C:\Windows\System\SScFRdr.exe
  C:\Windows\System\SScFRdr.exe
  2⤵
  PID:4000
- C:\Windows\System\SqLVcuZ.exe
  C:\Windows\System\SqLVcuZ.exe
  2⤵
  PID:4044
- C:\Windows\System\ArZdxcc.exe
  C:\Windows\System\ArZdxcc.exe
  2⤵
  PID:3144
- C:\Windows\System\DBPrAJw.exe
  C:\Windows\System\DBPrAJw.exe
  2⤵
  PID:4028
- C:\Windows\System\lzUNuqI.exe
  C:\Windows\System\lzUNuqI.exe
  2⤵
  PID:4032
- C:\Windows\System\LUcnoLA.exe
  C:\Windows\System\LUcnoLA.exe
  2⤵
  PID:2780
- C:\Windows\System\gilCJJs.exe
  C:\Windows\System\gilCJJs.exe
  2⤵
  PID:3284
- C:\Windows\System\ywtLnuK.exe
  C:\Windows\System\ywtLnuK.exe
  2⤵
  PID:3384
- C:\Windows\System\KHtxzaz.exe
  C:\Windows\System\KHtxzaz.exe
  2⤵
  PID:3172
- C:\Windows\System\CrMKoYN.exe
  C:\Windows\System\CrMKoYN.exe
  2⤵
  PID:3484
- C:\Windows\System\cnIqQfH.exe
  C:\Windows\System\cnIqQfH.exe
  2⤵
  PID:3552
- C:\Windows\System\NGoKmNQ.exe
  C:\Windows\System\NGoKmNQ.exe
  2⤵
  PID:3360
- C:\Windows\System\yYLezJD.exe
  C:\Windows\System\yYLezJD.exe
  2⤵
  PID:3500
- C:\Windows\System\mePUcBU.exe
  C:\Windows\System\mePUcBU.exe
  2⤵
  PID:3608
- C:\Windows\System\scEFkXo.exe
  C:\Windows\System\scEFkXo.exe
  2⤵
  PID:3624
- C:\Windows\System\DDlEnok.exe
  C:\Windows\System\DDlEnok.exe
  2⤵
  PID:3652
- C:\Windows\System\WYcjQIK.exe
  C:\Windows\System\WYcjQIK.exe
  2⤵
  PID:2992
- C:\Windows\System\tqFappY.exe
  C:\Windows\System\tqFappY.exe
  2⤵
  PID:3736
- C:\Windows\System\wRZaDjI.exe
  C:\Windows\System\wRZaDjI.exe
  2⤵
  PID:3780
- C:\Windows\System\kGvXkUc.exe
  C:\Windows\System\kGvXkUc.exe
  2⤵
  PID:3836
- C:\Windows\System\XBSRLiZ.exe
  C:\Windows\System\XBSRLiZ.exe
  2⤵
  PID:3848
- C:\Windows\System\JBEiuGw.exe
  C:\Windows\System\JBEiuGw.exe
  2⤵
  PID:3896
- C:\Windows\System\gLCdgEA.exe
  C:\Windows\System\gLCdgEA.exe
  2⤵
  PID:4012
- C:\Windows\System\LvZunEL.exe
  C:\Windows\System\LvZunEL.exe
  2⤵
  PID:3996
- C:\Windows\System\sBhPWNt.exe
  C:\Windows\System\sBhPWNt.exe
  2⤵
  PID:2888
- C:\Windows\System\YbnSYyd.exe
  C:\Windows\System\YbnSYyd.exe
  2⤵
  PID:4084
- C:\Windows\System\wSRnvsC.exe
  C:\Windows\System\wSRnvsC.exe
  2⤵
  PID:4064
- C:\Windows\System\NYgfcOE.exe
  C:\Windows\System\NYgfcOE.exe
  2⤵
  PID:3280
- C:\Windows\System\xHNcDZj.exe
  C:\Windows\System\xHNcDZj.exe
  2⤵
  PID:3348
- C:\Windows\System\kGtvJED.exe
  C:\Windows\System\kGtvJED.exe
  2⤵
  PID:3592
- C:\Windows\System\VceoYXZ.exe
  C:\Windows\System\VceoYXZ.exe
  2⤵
  PID:3528
- C:\Windows\System\blOxUvr.exe
  C:\Windows\System\blOxUvr.exe
  2⤵
  PID:3668
- C:\Windows\System\Nggyxfc.exe
  C:\Windows\System\Nggyxfc.exe
  2⤵
  PID:3916
- C:\Windows\System\SfNHhcp.exe
  C:\Windows\System\SfNHhcp.exe
  2⤵
  PID:3796
- C:\Windows\System\lWmuWLX.exe
  C:\Windows\System\lWmuWLX.exe
  2⤵
  PID:3328
- C:\Windows\System\CifuuXi.exe
  C:\Windows\System\CifuuXi.exe
  2⤵
  PID:3300
- C:\Windows\System\YUGkRwd.exe
  C:\Windows\System\YUGkRwd.exe
  2⤵
  PID:3760
- C:\Windows\System\BwoQvsq.exe
  C:\Windows\System\BwoQvsq.exe
  2⤵
  PID:3804
- C:\Windows\System\YswzmML.exe
  C:\Windows\System\YswzmML.exe
  2⤵
  PID:3252
- C:\Windows\System\zdylGrK.exe
  C:\Windows\System\zdylGrK.exe
  2⤵
  PID:332
- C:\Windows\System\SsEgceU.exe
  C:\Windows\System\SsEgceU.exe
  2⤵
  PID:3480
- C:\Windows\System\UjRzUKB.exe
  C:\Windows\System\UjRzUKB.exe
  2⤵
  PID:3416
- C:\Windows\System\IJdzfIb.exe
  C:\Windows\System\IJdzfIb.exe
  2⤵
  PID:3660
- C:\Windows\System\ovTzWJp.exe
  C:\Windows\System\ovTzWJp.exe
  2⤵
  PID:3676
- C:\Windows\System\fsKyqCG.exe
  C:\Windows\System\fsKyqCG.exe
  2⤵
  PID:3864
- C:\Windows\System\YjDjqlj.exe
  C:\Windows\System\YjDjqlj.exe
  2⤵
  PID:4100
- C:\Windows\System\mQHczAt.exe
  C:\Windows\System\mQHczAt.exe
  2⤵
  PID:4116
- C:\Windows\System\tANqBio.exe
  C:\Windows\System\tANqBio.exe
  2⤵
  PID:4140
- C:\Windows\System\RwWcrKX.exe
  C:\Windows\System\RwWcrKX.exe
  2⤵
  PID:4156
- C:\Windows\System\iGpQlqB.exe
  C:\Windows\System\iGpQlqB.exe
  2⤵
  PID:4184
- C:\Windows\System\hnbWWck.exe
  C:\Windows\System\hnbWWck.exe
  2⤵
  PID:4200
- C:\Windows\System\MFGgNYm.exe
  C:\Windows\System\MFGgNYm.exe
  2⤵
  PID:4224
- C:\Windows\System\JziqHNF.exe
  C:\Windows\System\JziqHNF.exe
  2⤵
  PID:4268
- C:\Windows\System\avRzaxX.exe
  C:\Windows\System\avRzaxX.exe
  2⤵
  PID:4284
- C:\Windows\System\WudFhFq.exe
  C:\Windows\System\WudFhFq.exe
  2⤵
  PID:4300
- C:\Windows\System\aKBMPkm.exe
  C:\Windows\System\aKBMPkm.exe
  2⤵
  PID:4316
- C:\Windows\System\mxhMHaP.exe
  C:\Windows\System\mxhMHaP.exe
  2⤵
  PID:4332
- C:\Windows\System\jTWOLto.exe
  C:\Windows\System\jTWOLto.exe
  2⤵
  PID:4348
- C:\Windows\System\MfEecFs.exe
  C:\Windows\System\MfEecFs.exe
  2⤵
  PID:4364
- C:\Windows\System\ELGPGKc.exe
  C:\Windows\System\ELGPGKc.exe
  2⤵
  PID:4384
- C:\Windows\System\PdufCJS.exe
  C:\Windows\System\PdufCJS.exe
  2⤵
  PID:4412
- C:\Windows\System\nEBXOmt.exe
  C:\Windows\System\nEBXOmt.exe
  2⤵
  PID:4440
- C:\Windows\System\nVKObGz.exe
  C:\Windows\System\nVKObGz.exe
  2⤵
  PID:4456
- C:\Windows\System\NfGDPHc.exe
  C:\Windows\System\NfGDPHc.exe
  2⤵
  PID:4476
- C:\Windows\System\IiwxJMn.exe
  C:\Windows\System\IiwxJMn.exe
  2⤵
  PID:4492
- C:\Windows\System\JOjqqlk.exe
  C:\Windows\System\JOjqqlk.exe
  2⤵
  PID:4508
- C:\Windows\System\ixGSjpK.exe
  C:\Windows\System\ixGSjpK.exe
  2⤵
  PID:4524
- C:\Windows\System\bagcxZm.exe
  C:\Windows\System\bagcxZm.exe
  2⤵
  PID:4544
- C:\Windows\System\PqtzSIL.exe
  C:\Windows\System\PqtzSIL.exe
  2⤵
  PID:4564
- C:\Windows\System\UfHPYKb.exe
  C:\Windows\System\UfHPYKb.exe
  2⤵
  PID:4580
- C:\Windows\System\VnSyUct.exe
  C:\Windows\System\VnSyUct.exe
  2⤵
  PID:4636
- C:\Windows\System\rcsJatb.exe
  C:\Windows\System\rcsJatb.exe
  2⤵
  PID:4652
- C:\Windows\System\JNPTPdO.exe
  C:\Windows\System\JNPTPdO.exe
  2⤵
  PID:4668
- C:\Windows\System\hZrrMsT.exe
  C:\Windows\System\hZrrMsT.exe
  2⤵
  PID:4684
- C:\Windows\System\JMwSDeU.exe
  C:\Windows\System\JMwSDeU.exe
  2⤵
  PID:4700
- C:\Windows\System\uEDiqcD.exe
  C:\Windows\System\uEDiqcD.exe
  2⤵
  PID:4716
- C:\Windows\System\fHtMhsb.exe
  C:\Windows\System\fHtMhsb.exe
  2⤵
  PID:4736
- C:\Windows\System\JTEuXry.exe
  C:\Windows\System\JTEuXry.exe
  2⤵
  PID:4752
- C:\Windows\System\yCpRSTO.exe
  C:\Windows\System\yCpRSTO.exe
  2⤵
  PID:4768
- C:\Windows\System\yzNDGQJ.exe
  C:\Windows\System\yzNDGQJ.exe
  2⤵
  PID:4784
- C:\Windows\System\eHcEMSQ.exe
  C:\Windows\System\eHcEMSQ.exe
  2⤵
  PID:4804
- C:\Windows\System\fkxGueQ.exe
  C:\Windows\System\fkxGueQ.exe
  2⤵
  PID:4820
- C:\Windows\System\qLCklon.exe
  C:\Windows\System\qLCklon.exe
  2⤵
  PID:4840
- C:\Windows\System\zoxCFEb.exe
  C:\Windows\System\zoxCFEb.exe
  2⤵
  PID:4864
- C:\Windows\System\wXrKbVx.exe
  C:\Windows\System\wXrKbVx.exe
  2⤵
  PID:4884
- C:\Windows\System\ulfCGok.exe
  C:\Windows\System\ulfCGok.exe
  2⤵
  PID:4900
- C:\Windows\System\ozcwrce.exe
  C:\Windows\System\ozcwrce.exe
  2⤵
  PID:4916
- C:\Windows\System\ucwudDg.exe
  C:\Windows\System\ucwudDg.exe
  2⤵
  PID:4960
- C:\Windows\System\MzikVmI.exe
  C:\Windows\System\MzikVmI.exe
  2⤵
  PID:4984
- C:\Windows\System\MhzbYQh.exe
  C:\Windows\System\MhzbYQh.exe
  2⤵
  PID:5000
- C:\Windows\System\NuPcHXy.exe
  C:\Windows\System\NuPcHXy.exe
  2⤵
  PID:5016
- C:\Windows\System\VhfgPrs.exe
  C:\Windows\System\VhfgPrs.exe
  2⤵
  PID:5040
- C:\Windows\System\vTeLbYI.exe
  C:\Windows\System\vTeLbYI.exe
  2⤵
  PID:5060
- C:\Windows\System\PTfqdVm.exe
  C:\Windows\System\PTfqdVm.exe
  2⤵
  PID:5076
- C:\Windows\System\jBRozFB.exe
  C:\Windows\System\jBRozFB.exe
  2⤵
  PID:5096
- C:\Windows\System\LdgUsyT.exe
  C:\Windows\System\LdgUsyT.exe
  2⤵
  PID:5116
- C:\Windows\System\aplNqZo.exe
  C:\Windows\System\aplNqZo.exe
  2⤵
  PID:2980
- C:\Windows\System\NackEvo.exe
  C:\Windows\System\NackEvo.exe
  2⤵
  PID:4016
- C:\Windows\System\hHWbPKx.exe
  C:\Windows\System\hHWbPKx.exe
  2⤵
  PID:3912
- C:\Windows\System\cLvNuEw.exe
  C:\Windows\System\cLvNuEw.exe
  2⤵
  PID:4164
- C:\Windows\System\WyFWXrL.exe
  C:\Windows\System\WyFWXrL.exe
  2⤵
  PID:4180
- C:\Windows\System\SahKfKE.exe
  C:\Windows\System\SahKfKE.exe
  2⤵
  PID:3712
- C:\Windows\System\dEAGavs.exe
  C:\Windows\System\dEAGavs.exe
  2⤵
  PID:4152
- C:\Windows\System\ndvVNIV.exe
  C:\Windows\System\ndvVNIV.exe
  2⤵
  PID:3452
- C:\Windows\System\fvGvubs.exe
  C:\Windows\System\fvGvubs.exe
  2⤵
  PID:4248
- C:\Windows\System\NuNGfQt.exe
  C:\Windows\System\NuNGfQt.exe
  2⤵
  PID:4260
- C:\Windows\System\YFDeWqL.exe
  C:\Windows\System\YFDeWqL.exe
  2⤵
  PID:4296
- C:\Windows\System\sCDPTWr.exe
  C:\Windows\System\sCDPTWr.exe
  2⤵
  PID:4372
- C:\Windows\System\ewRZfXd.exe
  C:\Windows\System\ewRZfXd.exe
  2⤵
  PID:4344
- C:\Windows\System\AzgmosZ.exe
  C:\Windows\System\AzgmosZ.exe
  2⤵
  PID:4428
- C:\Windows\System\maJBVWE.exe
  C:\Windows\System\maJBVWE.exe
  2⤵
  PID:4292
- C:\Windows\System\AjXldLi.exe
  C:\Windows\System\AjXldLi.exe
  2⤵
  PID:4488
- C:\Windows\System\YFEPHjv.exe
  C:\Windows\System\YFEPHjv.exe
  2⤵
  PID:4408
- C:\Windows\System\JDAYHLl.exe
  C:\Windows\System\JDAYHLl.exe
  2⤵
  PID:4520
- C:\Windows\System\ciwteRM.exe
  C:\Windows\System\ciwteRM.exe
  2⤵
  PID:4624
- C:\Windows\System\JzYgJtd.exe
  C:\Windows\System\JzYgJtd.exe
  2⤵
  PID:4592
- C:\Windows\System\VgueVhY.exe
  C:\Windows\System\VgueVhY.exe
  2⤵
  PID:4708
- C:\Windows\System\VJORlna.exe
  C:\Windows\System\VJORlna.exe
  2⤵
  PID:4676
- C:\Windows\System\mVBztVU.exe
  C:\Windows\System\mVBztVU.exe
  2⤵
  PID:4748
- C:\Windows\System\YwFitWR.exe
  C:\Windows\System\YwFitWR.exe
  2⤵
  PID:4816
- C:\Windows\System\ADCqDIP.exe
  C:\Windows\System\ADCqDIP.exe
  2⤵
  PID:4860
- C:\Windows\System\pLmQvty.exe
  C:\Windows\System\pLmQvty.exe
  2⤵
  PID:4792
- C:\Windows\System\kdQSUzH.exe
  C:\Windows\System\kdQSUzH.exe
  2⤵
  PID:4876
- C:\Windows\System\XKafLFX.exe
  C:\Windows\System\XKafLFX.exe
  2⤵
  PID:4664
- C:\Windows\System\YypcOmQ.exe
  C:\Windows\System\YypcOmQ.exe
  2⤵
  PID:4912
- C:\Windows\System\zlHgAhJ.exe
  C:\Windows\System\zlHgAhJ.exe
  2⤵
  PID:4936
- C:\Windows\System\UzOXdml.exe
  C:\Windows\System\UzOXdml.exe
  2⤵
  PID:5024
- C:\Windows\System\RSTaJvs.exe
  C:\Windows\System\RSTaJvs.exe
  2⤵
  PID:4968
- C:\Windows\System\cNDnGhW.exe
  C:\Windows\System\cNDnGhW.exe
  2⤵
  PID:4980
- C:\Windows\System\AwMDmhb.exe
  C:\Windows\System\AwMDmhb.exe
  2⤵
  PID:5072
- C:\Windows\System\aOmtOpF.exe
  C:\Windows\System\aOmtOpF.exe
  2⤵
  PID:3312
- C:\Windows\System\xeJPjrx.exe
  C:\Windows\System\xeJPjrx.exe
  2⤵
  PID:4212
- C:\Windows\System\FTPktfF.exe
  C:\Windows\System\FTPktfF.exe
  2⤵
  PID:4196
- C:\Windows\System\FzWXRQV.exe
  C:\Windows\System\FzWXRQV.exe
  2⤵
  PID:4328
- C:\Windows\System\ibpgizm.exe
  C:\Windows\System\ibpgizm.exe
  2⤵
  PID:4420
- C:\Windows\System\FlJLsQY.exe
  C:\Windows\System\FlJLsQY.exe
  2⤵
  PID:5088
- C:\Windows\System\LMlaIXn.exe
  C:\Windows\System\LMlaIXn.exe
  2⤵
  PID:3948
- C:\Windows\System\pSjnbJh.exe
  C:\Windows\System\pSjnbJh.exe
  2⤵
  PID:4472
- C:\Windows\System\sSHjGDH.exe
  C:\Windows\System\sSHjGDH.exe
  2⤵
  PID:3968
- C:\Windows\System\CRBIcEM.exe
  C:\Windows\System\CRBIcEM.exe
  2⤵
  PID:4536
- C:\Windows\System\MIJYhDP.exe
  C:\Windows\System\MIJYhDP.exe
  2⤵
  PID:4448
- C:\Windows\System\OkIKffh.exe
  C:\Windows\System\OkIKffh.exe
  2⤵
  PID:3908
- C:\Windows\System\BRskTXf.exe
  C:\Windows\System\BRskTXf.exe
  2⤵
  PID:4340
- C:\Windows\System\BpOITdy.exe
  C:\Windows\System\BpOITdy.exe
  2⤵
  PID:4632
- C:\Windows\System\kWzewBG.exe
  C:\Windows\System\kWzewBG.exe
  2⤵
  PID:4732
- C:\Windows\System\yJbKKTE.exe
  C:\Windows\System\yJbKKTE.exe
  2⤵
  PID:4612
- C:\Windows\System\KyAQsPP.exe
  C:\Windows\System\KyAQsPP.exe
  2⤵
  PID:4608
- C:\Windows\System\yZbuDes.exe
  C:\Windows\System\yZbuDes.exe
  2⤵
  PID:4800
- C:\Windows\System\ZzFNtsA.exe
  C:\Windows\System\ZzFNtsA.exe
  2⤵
  PID:4396
- C:\Windows\System\cVFmelN.exe
  C:\Windows\System\cVFmelN.exe
  2⤵
  PID:4724
- C:\Windows\System\dJgtoQs.exe
  C:\Windows\System\dJgtoQs.exe
  2⤵
  PID:5028
- C:\Windows\System\fkkyKvF.exe
  C:\Windows\System\fkkyKvF.exe
  2⤵
  PID:4948
- C:\Windows\System\YFbevlk.exe
  C:\Windows\System\YFbevlk.exe
  2⤵
  PID:4168
- C:\Windows\System\IpUnImh.exe
  C:\Windows\System\IpUnImh.exe
  2⤵
  PID:4532
- C:\Windows\System\ZWcHMRf.exe
  C:\Windows\System\ZWcHMRf.exe
  2⤵
  PID:4148
- C:\Windows\System\vqdCQeh.exe
  C:\Windows\System\vqdCQeh.exe
  2⤵
  PID:4360
- C:\Windows\System\CVxhuvX.exe
  C:\Windows\System\CVxhuvX.exe
  2⤵
  PID:2820
- C:\Windows\System\shMbFgy.exe
  C:\Windows\System\shMbFgy.exe
  2⤵
  PID:4112
- C:\Windows\System\OAJeJjQ.exe
  C:\Windows\System\OAJeJjQ.exe
  2⤵
  PID:4240
- C:\Windows\System\UDXrHCn.exe
  C:\Windows\System\UDXrHCn.exe
  2⤵
  PID:4908
- C:\Windows\System\ZKiinJl.exe
  C:\Windows\System\ZKiinJl.exe
  2⤵
  PID:4308
- C:\Windows\System\BXwIOLq.exe
  C:\Windows\System\BXwIOLq.exe
  2⤵
  PID:4780
- C:\Windows\System\qRTWEWZ.exe
  C:\Windows\System\qRTWEWZ.exe
  2⤵
  PID:4832
- C:\Windows\System\YMkkmPM.exe
  C:\Windows\System\YMkkmPM.exe
  2⤵
  PID:4692
- C:\Windows\System\YHGOoxu.exe
  C:\Windows\System\YHGOoxu.exe
  2⤵
  PID:2184
- C:\Windows\System\ZsJVYXY.exe
  C:\Windows\System\ZsJVYXY.exe
  2⤵
  PID:4956
- C:\Windows\System\mvestOB.exe
  C:\Windows\System\mvestOB.exe
  2⤵
  PID:2168
- C:\Windows\System\zAkcWyg.exe
  C:\Windows\System\zAkcWyg.exe
  2⤵
  PID:5068
- C:\Windows\System\mmHGRFS.exe
  C:\Windows\System\mmHGRFS.exe
  2⤵
  PID:4516
- C:\Windows\System\AQqvVKN.exe
  C:\Windows\System\AQqvVKN.exe
  2⤵
  PID:5008
- C:\Windows\System\fpkVqCU.exe
  C:\Windows\System\fpkVqCU.exe
  2⤵
  PID:4880
- C:\Windows\System\QJfTJOT.exe
  C:\Windows\System\QJfTJOT.exe
  2⤵
  PID:3620
- C:\Windows\System\NilzjUz.exe
  C:\Windows\System\NilzjUz.exe
  2⤵
  PID:5128
- C:\Windows\System\zwMqOgl.exe
  C:\Windows\System\zwMqOgl.exe
  2⤵
  PID:5148
- C:\Windows\System\njohVNL.exe
  C:\Windows\System\njohVNL.exe
  2⤵
  PID:5164
- C:\Windows\System\MUnqcfH.exe
  C:\Windows\System\MUnqcfH.exe
  2⤵
  PID:5224
- C:\Windows\System\ivFcHmF.exe
  C:\Windows\System\ivFcHmF.exe
  2⤵
  PID:5248
- C:\Windows\System\QyELdcg.exe
  C:\Windows\System\QyELdcg.exe
  2⤵
  PID:5268
- C:\Windows\System\lUhJfeh.exe
  C:\Windows\System\lUhJfeh.exe
  2⤵
  PID:5284
- C:\Windows\System\BwZUFsv.exe
  C:\Windows\System\BwZUFsv.exe
  2⤵
  PID:5300
- C:\Windows\System\LfMexcj.exe
  C:\Windows\System\LfMexcj.exe
  2⤵
  PID:5320
- C:\Windows\System\nDOdmim.exe
  C:\Windows\System\nDOdmim.exe
  2⤵
  PID:5336
- C:\Windows\System\TyXUotZ.exe
  C:\Windows\System\TyXUotZ.exe
  2⤵
  PID:5352
- C:\Windows\System\DoqzknQ.exe
  C:\Windows\System\DoqzknQ.exe
  2⤵
  PID:5372
- C:\Windows\System\IcCcJMc.exe
  C:\Windows\System\IcCcJMc.exe
  2⤵
  PID:5400
- C:\Windows\System\TUxCWaP.exe
  C:\Windows\System\TUxCWaP.exe
  2⤵
  PID:5424
- C:\Windows\System\QTbAVwm.exe
  C:\Windows\System\QTbAVwm.exe
  2⤵
  PID:5444
- C:\Windows\System\ZKSjrTj.exe
  C:\Windows\System\ZKSjrTj.exe
  2⤵
  PID:5460
- C:\Windows\System\lhtkkbS.exe
  C:\Windows\System\lhtkkbS.exe
  2⤵
  PID:5476
- C:\Windows\System\pTcBnFy.exe
  C:\Windows\System\pTcBnFy.exe
  2⤵
  PID:5492
- C:\Windows\System\hjTXSyB.exe
  C:\Windows\System\hjTXSyB.exe
  2⤵
  PID:5520
- C:\Windows\System\SwRMdaM.exe
  C:\Windows\System\SwRMdaM.exe
  2⤵
  PID:5544
- C:\Windows\System\GhKujMN.exe
  C:\Windows\System\GhKujMN.exe
  2⤵
  PID:5564
- C:\Windows\System\osTjlWl.exe
  C:\Windows\System\osTjlWl.exe
  2⤵
  PID:5580
- C:\Windows\System\BIrYNye.exe
  C:\Windows\System\BIrYNye.exe
  2⤵
  PID:5596
- C:\Windows\System\nLJLyoO.exe
  C:\Windows\System\nLJLyoO.exe
  2⤵
  PID:5620
- C:\Windows\System\QiDcDNn.exe
  C:\Windows\System\QiDcDNn.exe
  2⤵
  PID:5640
- C:\Windows\System\zXUZGYT.exe
  C:\Windows\System\zXUZGYT.exe
  2⤵
  PID:5656
- C:\Windows\System\EImeuSD.exe
  C:\Windows\System\EImeuSD.exe
  2⤵
  PID:5672
- C:\Windows\System\kBcAsYp.exe
  C:\Windows\System\kBcAsYp.exe
  2⤵
  PID:5688
- C:\Windows\System\vXqCFOR.exe
  C:\Windows\System\vXqCFOR.exe
  2⤵
  PID:5704
- C:\Windows\System\RJxSYVK.exe
  C:\Windows\System\RJxSYVK.exe
  2⤵
  PID:5728
- C:\Windows\System\mkTMOCb.exe
  C:\Windows\System\mkTMOCb.exe
  2⤵
  PID:5744
- C:\Windows\System\sDzPCTj.exe
  C:\Windows\System\sDzPCTj.exe
  2⤵
  PID:5760
- C:\Windows\System\ZuCUYiz.exe
  C:\Windows\System\ZuCUYiz.exe
  2⤵
  PID:5804
- C:\Windows\System\KoYGUhy.exe
  C:\Windows\System\KoYGUhy.exe
  2⤵
  PID:5824
- C:\Windows\System\wXBhbbw.exe
  C:\Windows\System\wXBhbbw.exe
  2⤵
  PID:5848
- C:\Windows\System\FJAdXlL.exe
  C:\Windows\System\FJAdXlL.exe
  2⤵
  PID:5864
- C:\Windows\System\KaKxknD.exe
  C:\Windows\System\KaKxknD.exe
  2⤵
  PID:5880
- C:\Windows\System\WPasccX.exe
  C:\Windows\System\WPasccX.exe
  2⤵
  PID:5896
- C:\Windows\System\tphEsAp.exe
  C:\Windows\System\tphEsAp.exe
  2⤵
  PID:5916
- C:\Windows\System\nHIbKGm.exe
  C:\Windows\System\nHIbKGm.exe
  2⤵
  PID:5936
- C:\Windows\System\DkFobQH.exe
  C:\Windows\System\DkFobQH.exe
  2⤵
  PID:5952
- C:\Windows\System\yVboKLQ.exe
  C:\Windows\System\yVboKLQ.exe
  2⤵
  PID:5968
- C:\Windows\System\WSFCEox.exe
  C:\Windows\System\WSFCEox.exe
  2⤵
  PID:5984
- C:\Windows\System\UpygxmS.exe
  C:\Windows\System\UpygxmS.exe
  2⤵
  PID:6000
- C:\Windows\System\aWDJvDi.exe
  C:\Windows\System\aWDJvDi.exe
  2⤵
  PID:6024
- C:\Windows\System\sYkFSEg.exe
  C:\Windows\System\sYkFSEg.exe
  2⤵
  PID:6040
- C:\Windows\System\IaNrVMp.exe
  C:\Windows\System\IaNrVMp.exe
  2⤵
  PID:6088
- C:\Windows\System\okiNFLd.exe
  C:\Windows\System\okiNFLd.exe
  2⤵
  PID:6112
- C:\Windows\System\SlmrQeD.exe
  C:\Windows\System\SlmrQeD.exe
  2⤵
  PID:6128
- C:\Windows\System\zDZFuiY.exe
  C:\Windows\System\zDZFuiY.exe
  2⤵
  PID:4648
- C:\Windows\System\JiTwNtG.exe
  C:\Windows\System\JiTwNtG.exe
  2⤵
  PID:4728
- C:\Windows\System\BksUNpv.exe
  C:\Windows\System\BksUNpv.exe
  2⤵
  PID:4132
- C:\Windows\System\XATLILn.exe
  C:\Windows\System\XATLILn.exe
  2⤵
  PID:3184
- C:\Windows\System\iiRcWMU.exe
  C:\Windows\System\iiRcWMU.exe
  2⤵
  PID:5144
- C:\Windows\System\nfSKdZb.exe
  C:\Windows\System\nfSKdZb.exe
  2⤵
  PID:5192
- C:\Windows\System\CwkUXlu.exe
  C:\Windows\System\CwkUXlu.exe
  2⤵
  PID:4256
- C:\Windows\System\bpBdDQH.exe
  C:\Windows\System\bpBdDQH.exe
  2⤵
  PID:5216
- C:\Windows\System\nWFVGea.exe
  C:\Windows\System\nWFVGea.exe
  2⤵
  PID:5084
- C:\Windows\System\BYRuylp.exe
  C:\Windows\System\BYRuylp.exe
  2⤵
  PID:5124
- C:\Windows\System\AxYKuvO.exe
  C:\Windows\System\AxYKuvO.exe
  2⤵
  PID:5236
- C:\Windows\System\TwwHhKp.exe
  C:\Windows\System\TwwHhKp.exe
  2⤵
  PID:3020
- C:\Windows\System\WEcAGJU.exe
  C:\Windows\System\WEcAGJU.exe
  2⤵
  PID:5368
- C:\Windows\System\MhKtjlw.exe
  C:\Windows\System\MhKtjlw.exe
  2⤵
  PID:5348
- C:\Windows\System\JlfYbrZ.exe
  C:\Windows\System\JlfYbrZ.exe
  2⤵
  PID:5384
- C:\Windows\System\VZrItmo.exe
  C:\Windows\System\VZrItmo.exe
  2⤵
  PID:5416
- C:\Windows\System\MRgjhLv.exe
  C:\Windows\System\MRgjhLv.exe
  2⤵
  PID:5456
- C:\Windows\System\xRKxNDV.exe
  C:\Windows\System\xRKxNDV.exe
  2⤵
  PID:5436
- C:\Windows\System\tXUeVwf.exe
  C:\Windows\System\tXUeVwf.exe
  2⤵
  PID:5396
- C:\Windows\System\vQVVUqg.exe
  C:\Windows\System\vQVVUqg.exe
  2⤵
  PID:5500
- C:\Windows\System\PkidwVn.exe
  C:\Windows\System\PkidwVn.exe
  2⤵
  PID:4576
- C:\Windows\System\OTSiVUU.exe
  C:\Windows\System\OTSiVUU.exe
  2⤵
  PID:5604
- C:\Windows\System\nSiCuJW.exe
  C:\Windows\System\nSiCuJW.exe
  2⤵
  PID:5588
- C:\Windows\System\BzTAjku.exe
  C:\Windows\System\BzTAjku.exe
  2⤵
  PID:5680
- C:\Windows\System\YBWZfwU.exe
  C:\Windows\System\YBWZfwU.exe
  2⤵
  PID:5724
- C:\Windows\System\pdbghNT.exe
  C:\Windows\System\pdbghNT.exe
  2⤵
  PID:5736
- C:\Windows\System\ubNPLYa.exe
  C:\Windows\System\ubNPLYa.exe
  2⤵
  PID:5740
- C:\Windows\System\EuOsGei.exe
  C:\Windows\System\EuOsGei.exe
  2⤵
  PID:5628
- C:\Windows\System\uMpKTWw.exe
  C:\Windows\System\uMpKTWw.exe
  2⤵
  PID:5700
- C:\Windows\System\JhmWTjU.exe
  C:\Windows\System\JhmWTjU.exe
  2⤵
  PID:5796
- C:\Windows\System\xNOBVAV.exe
  C:\Windows\System\xNOBVAV.exe
  2⤵
  PID:5876
- C:\Windows\System\MyKrVgT.exe
  C:\Windows\System\MyKrVgT.exe
  2⤵
  PID:5844
- C:\Windows\System\KhJvSfN.exe
  C:\Windows\System\KhJvSfN.exe
  2⤵
  PID:5976
- C:\Windows\System\fhyKmPe.exe
  C:\Windows\System\fhyKmPe.exe
  2⤵
  PID:6008
- C:\Windows\System\gTZlsSr.exe
  C:\Windows\System\gTZlsSr.exe
  2⤵
  PID:6060
- C:\Windows\System\wEVhOiv.exe
  C:\Windows\System\wEVhOiv.exe
  2⤵
  PID:6052
- C:\Windows\System\JGPSqKP.exe
  C:\Windows\System\JGPSqKP.exe
  2⤵
  PID:6140
- C:\Windows\System\TqGwhOs.exe
  C:\Windows\System\TqGwhOs.exe
  2⤵
  PID:6124
- C:\Windows\System\nghQdHA.exe
  C:\Windows\System\nghQdHA.exe
  2⤵
  PID:5220
- C:\Windows\System\DDgPjcx.exe
  C:\Windows\System\DDgPjcx.exe
  2⤵
  PID:5328
- C:\Windows\System\JomMQmM.exe
  C:\Windows\System\JomMQmM.exe
  2⤵
  PID:4628
- C:\Windows\System\roMHhBz.exe
  C:\Windows\System\roMHhBz.exe
  2⤵
  PID:5260
- C:\Windows\System\QwEjDvZ.exe
  C:\Windows\System\QwEjDvZ.exe
  2⤵
  PID:5296
- C:\Windows\System\mOPAjcx.exe
  C:\Windows\System\mOPAjcx.exe
  2⤵
  PID:6120
- C:\Windows\System\PaQQgJL.exe
  C:\Windows\System\PaQQgJL.exe
  2⤵
  PID:5420
- C:\Windows\System\enVvHrZ.exe
  C:\Windows\System\enVvHrZ.exe
  2⤵
  PID:5532
- C:\Windows\System\JMITAjc.exe
  C:\Windows\System\JMITAjc.exe
  2⤵
  PID:5616
- C:\Windows\System\svpnZWe.exe
  C:\Windows\System\svpnZWe.exe
  2⤵
  PID:5696
- C:\Windows\System\plowWxg.exe
  C:\Windows\System\plowWxg.exe
  2⤵
  PID:5240
- C:\Windows\System\EfPGKsM.exe
  C:\Windows\System\EfPGKsM.exe
  2⤵
  PID:5664
- C:\Windows\System\eLcJSWL.exe
  C:\Windows\System\eLcJSWL.exe
  2⤵
  PID:5316
- C:\Windows\System\qmEVxDM.exe
  C:\Windows\System\qmEVxDM.exe
  2⤵
  PID:5960
- C:\Windows\System\OcPGhNG.exe
  C:\Windows\System\OcPGhNG.exe
  2⤵
  PID:6032
- C:\Windows\System\nMZKkIR.exe
  C:\Windows\System\nMZKkIR.exe
  2⤵
  PID:5648
- C:\Windows\System\iVIKWki.exe
  C:\Windows\System\iVIKWki.exe
  2⤵
  PID:5432
- C:\Windows\System\ugPajQJ.exe
  C:\Windows\System\ugPajQJ.exe
  2⤵
  PID:1936
- C:\Windows\System\qBtTEIJ.exe
  C:\Windows\System\qBtTEIJ.exe
  2⤵
  PID:5836
- C:\Windows\System\IEbtecK.exe
  C:\Windows\System\IEbtecK.exe
  2⤵
  PID:6072
- C:\Windows\System\VJWKiqC.exe
  C:\Windows\System\VJWKiqC.exe
  2⤵
  PID:6056
- C:\Windows\System\ucGaLep.exe
  C:\Windows\System\ucGaLep.exe
  2⤵
  PID:6108
- C:\Windows\System\qYhPejb.exe
  C:\Windows\System\qYhPejb.exe
  2⤵
  PID:5136
- C:\Windows\System\hbKRnqG.exe
  C:\Windows\System\hbKRnqG.exe
  2⤵
  PID:5212
- C:\Windows\System\smAJDmF.exe
  C:\Windows\System\smAJDmF.exe
  2⤵
  PID:4400
- C:\Windows\System\yEdvomq.exe
  C:\Windows\System\yEdvomq.exe
  2⤵
  PID:5160
- C:\Windows\System\tRSMUxs.exe
  C:\Windows\System\tRSMUxs.exe
  2⤵
  PID:5452
- C:\Windows\System\BpfZkEw.exe
  C:\Windows\System\BpfZkEw.exe
  2⤵
  PID:5188
- C:\Windows\System\DWHFNBK.exe
  C:\Windows\System\DWHFNBK.exe
  2⤵
  PID:5440
- C:\Windows\System\sSbhrsE.exe
  C:\Windows\System\sSbhrsE.exe
  2⤵
  PID:5712
- C:\Windows\System\DzpCFQC.exe
  C:\Windows\System\DzpCFQC.exe
  2⤵
  PID:5820
- C:\Windows\System\uBunUhm.exe
  C:\Windows\System\uBunUhm.exe
  2⤵
  PID:5472
- C:\Windows\System\zdHmdNZ.exe
  C:\Windows\System\zdHmdNZ.exe
  2⤵
  PID:5408
- C:\Windows\System\PRBwcKR.exe
  C:\Windows\System\PRBwcKR.exe
  2⤵
  PID:5928
- C:\Windows\System\sAtedfZ.exe
  C:\Windows\System\sAtedfZ.exe
  2⤵
  PID:5996
- C:\Windows\System\PWSqCZd.exe
  C:\Windows\System\PWSqCZd.exe
  2⤵
  PID:5332
- C:\Windows\System\KkFnwVM.exe
  C:\Windows\System\KkFnwVM.exe
  2⤵
  PID:5512
- C:\Windows\System\TTdlZVm.exe
  C:\Windows\System\TTdlZVm.exe
  2⤵
  PID:6068
- C:\Windows\System\SGBrxXv.exe
  C:\Windows\System\SGBrxXv.exe
  2⤵
  PID:5364
- C:\Windows\System\gRqHYdw.exe
  C:\Windows\System\gRqHYdw.exe
  2⤵
  PID:5572
- C:\Windows\System\NluTOvA.exe
  C:\Windows\System\NluTOvA.exe
  2⤵
  PID:6100
- C:\Windows\System\ZjrQprV.exe
  C:\Windows\System\ZjrQprV.exe
  2⤵
  PID:6020
- C:\Windows\System\IKvtFgm.exe
  C:\Windows\System\IKvtFgm.exe
  2⤵
  PID:4744
- C:\Windows\System\TWpDutr.exe
  C:\Windows\System\TWpDutr.exe
  2⤵
  PID:5992
- C:\Windows\System\mcXGdRr.exe
  C:\Windows\System\mcXGdRr.exe
  2⤵
  PID:5540
- C:\Windows\System\mmysFNd.exe
  C:\Windows\System\mmysFNd.exe
  2⤵
  PID:5256
- C:\Windows\System\IzebPTu.exe
  C:\Windows\System\IzebPTu.exe
  2⤵
  PID:5944
- C:\Windows\System\wWyQPot.exe
  C:\Windows\System\wWyQPot.exe
  2⤵
  PID:5612
- C:\Windows\System\UkrhMxn.exe
  C:\Windows\System\UkrhMxn.exe
  2⤵
  PID:4620
- C:\Windows\System\IOTRZPg.exe
  C:\Windows\System\IOTRZPg.exe
  2⤵
  PID:5908
- C:\Windows\System\QvCfgHk.exe
  C:\Windows\System\QvCfgHk.exe
  2⤵
  PID:5652
- C:\Windows\System\jmFftBT.exe
  C:\Windows\System\jmFftBT.exe
  2⤵
  PID:6152
- C:\Windows\System\SbBywmg.exe
  C:\Windows\System\SbBywmg.exe
  2⤵
  PID:6168
- C:\Windows\System\FUFJdve.exe
  C:\Windows\System\FUFJdve.exe
  2⤵
  PID:6184
- C:\Windows\System\WpLxrnN.exe
  C:\Windows\System\WpLxrnN.exe
  2⤵
  PID:6200
- C:\Windows\System\yXZqZPT.exe
  C:\Windows\System\yXZqZPT.exe
  2⤵
  PID:6224
- C:\Windows\System\oFhAPOl.exe
  C:\Windows\System\oFhAPOl.exe
  2⤵
  PID:6240
- C:\Windows\System\emNtges.exe
  C:\Windows\System\emNtges.exe
  2⤵
  PID:6256
- C:\Windows\System\Jndnuga.exe
  C:\Windows\System\Jndnuga.exe
  2⤵
  PID:6272
- C:\Windows\System\dpKgQby.exe
  C:\Windows\System\dpKgQby.exe
  2⤵
  PID:6288
- C:\Windows\System\SROFiCa.exe
  C:\Windows\System\SROFiCa.exe
  2⤵
  PID:6312
- C:\Windows\System\AgLyYBm.exe
  C:\Windows\System\AgLyYBm.exe
  2⤵
  PID:6328
- C:\Windows\System\DSxQmuh.exe
  C:\Windows\System\DSxQmuh.exe
  2⤵
  PID:6344
- C:\Windows\System\AQpepEw.exe
  C:\Windows\System\AQpepEw.exe
  2⤵
  PID:6404
- C:\Windows\System\RRgaNDt.exe
  C:\Windows\System\RRgaNDt.exe
  2⤵
  PID:6424
- C:\Windows\System\zfrxGPK.exe
  C:\Windows\System\zfrxGPK.exe
  2⤵
  PID:6440
- C:\Windows\System\VEDQfKi.exe
  C:\Windows\System\VEDQfKi.exe
  2⤵
  PID:6456
- C:\Windows\System\OakvKYb.exe
  C:\Windows\System\OakvKYb.exe
  2⤵
  PID:6472
- C:\Windows\System\kcimVTk.exe
  C:\Windows\System\kcimVTk.exe
  2⤵
  PID:6488
- C:\Windows\System\DpfeaUP.exe
  C:\Windows\System\DpfeaUP.exe
  2⤵
  PID:6512
- C:\Windows\System\URlmHKw.exe
  C:\Windows\System\URlmHKw.exe
  2⤵
  PID:6548
- C:\Windows\System\lVMnBKd.exe
  C:\Windows\System\lVMnBKd.exe
  2⤵
  PID:6564
- C:\Windows\System\BqBYIya.exe
  C:\Windows\System\BqBYIya.exe
  2⤵
  PID:6580
- C:\Windows\System\SOFoFlZ.exe
  C:\Windows\System\SOFoFlZ.exe
  2⤵
  PID:6600
- C:\Windows\System\GPPvcjY.exe
  C:\Windows\System\GPPvcjY.exe
  2⤵
  PID:6620
- C:\Windows\System\xMPDHIk.exe
  C:\Windows\System\xMPDHIk.exe
  2⤵
  PID:6636
- C:\Windows\System\zvqETjr.exe
  C:\Windows\System\zvqETjr.exe
  2⤵
  PID:6664
- C:\Windows\System\sxmWnBk.exe
  C:\Windows\System\sxmWnBk.exe
  2⤵
  PID:6684
- C:\Windows\System\mqirxWk.exe
  C:\Windows\System\mqirxWk.exe
  2⤵
  PID:6704
- C:\Windows\System\XHVtopf.exe
  C:\Windows\System\XHVtopf.exe
  2⤵
  PID:6724
- C:\Windows\System\UfhZCok.exe
  C:\Windows\System\UfhZCok.exe
  2⤵
  PID:6740
- C:\Windows\System\pSTvZHL.exe
  C:\Windows\System\pSTvZHL.exe
  2⤵
  PID:6756
- C:\Windows\System\pyrcCSA.exe
  C:\Windows\System\pyrcCSA.exe
  2⤵
  PID:6780
- C:\Windows\System\CcvgLQv.exe
  C:\Windows\System\CcvgLQv.exe
  2⤵
  PID:6800
- C:\Windows\System\QDDHjtJ.exe
  C:\Windows\System\QDDHjtJ.exe
  2⤵
  PID:6820
- C:\Windows\System\liKPcsa.exe
  C:\Windows\System\liKPcsa.exe
  2⤵
  PID:6836
- C:\Windows\System\MPjUSuK.exe
  C:\Windows\System\MPjUSuK.exe
  2⤵
  PID:6852
- C:\Windows\System\QvuTBmM.exe
  C:\Windows\System\QvuTBmM.exe
  2⤵
  PID:6868
- C:\Windows\System\ybNONfw.exe
  C:\Windows\System\ybNONfw.exe
  2⤵
  PID:6888
- C:\Windows\System\joUXCZx.exe
  C:\Windows\System\joUXCZx.exe
  2⤵
  PID:6928
- C:\Windows\System\unOkWHe.exe
  C:\Windows\System\unOkWHe.exe
  2⤵
  PID:6944
- C:\Windows\System\iuoteeK.exe
  C:\Windows\System\iuoteeK.exe
  2⤵
  PID:6964
- C:\Windows\System\lLnlkRN.exe
  C:\Windows\System\lLnlkRN.exe
  2⤵
  PID:6980
- C:\Windows\System\zLrVKGy.exe
  C:\Windows\System\zLrVKGy.exe
  2⤵
  PID:6996
- C:\Windows\System\JKyMGgH.exe
  C:\Windows\System\JKyMGgH.exe
  2⤵
  PID:7012
- C:\Windows\System\MXJhyMn.exe
  C:\Windows\System\MXJhyMn.exe
  2⤵
  PID:7032
- C:\Windows\System\bPjpXfC.exe
  C:\Windows\System\bPjpXfC.exe
  2⤵
  PID:7048
- C:\Windows\System\PMfKoJq.exe
  C:\Windows\System\PMfKoJq.exe
  2⤵
  PID:7064
- C:\Windows\System\PDoNIKu.exe
  C:\Windows\System\PDoNIKu.exe
  2⤵
  PID:7096
- C:\Windows\System\HnlOhcE.exe
  C:\Windows\System\HnlOhcE.exe
  2⤵
  PID:7116
- C:\Windows\System\VqTghuy.exe
  C:\Windows\System\VqTghuy.exe
  2⤵
  PID:7148
- C:\Windows\System\yiVLOWk.exe
  C:\Windows\System\yiVLOWk.exe
  2⤵
  PID:7164
- C:\Windows\System\CGiWzui.exe
  C:\Windows\System\CGiWzui.exe
  2⤵
  PID:4852
- C:\Windows\System\GSGZSTb.exe
  C:\Windows\System\GSGZSTb.exe
  2⤵
  PID:6196
- C:\Windows\System\QBFKxdl.exe
  C:\Windows\System\QBFKxdl.exe
  2⤵
  PID:6268
- C:\Windows\System\LjMzplC.exe
  C:\Windows\System\LjMzplC.exe
  2⤵
  PID:6336
- C:\Windows\System\aTetOsb.exe
  C:\Windows\System\aTetOsb.exe
  2⤵
  PID:5872
- C:\Windows\System\uxpJHEJ.exe
  C:\Windows\System\uxpJHEJ.exe
  2⤵
  PID:6220
- C:\Windows\System\rncZsZv.exe
  C:\Windows\System\rncZsZv.exe
  2⤵
  PID:6364
- C:\Windows\System\EkGcLKX.exe
  C:\Windows\System\EkGcLKX.exe
  2⤵
  PID:6372
- C:\Windows\System\tFjvwIo.exe
  C:\Windows\System\tFjvwIo.exe
  2⤵
  PID:6388
- C:\Windows\System\CduMCaL.exe
  C:\Windows\System\CduMCaL.exe
  2⤵
  PID:6376
- C:\Windows\System\vOnJaid.exe
  C:\Windows\System\vOnJaid.exe
  2⤵
  PID:6448
- C:\Windows\System\kjeShnq.exe
  C:\Windows\System\kjeShnq.exe
  2⤵
  PID:6416
- C:\Windows\System\OdpObVJ.exe
  C:\Windows\System\OdpObVJ.exe
  2⤵
  PID:6504
- C:\Windows\System\RGklXdQ.exe
  C:\Windows\System\RGklXdQ.exe
  2⤵
  PID:6532
- C:\Windows\System\uKLkDEJ.exe
  C:\Windows\System\uKLkDEJ.exe
  2⤵
  PID:6544
- C:\Windows\System\eKwoYlc.exe
  C:\Windows\System\eKwoYlc.exe
  2⤵
  PID:6648
- C:\Windows\System\CNugKzC.exe
  C:\Windows\System\CNugKzC.exe
  2⤵
  PID:6588
- C:\Windows\System\hufHcac.exe
  C:\Windows\System\hufHcac.exe
  2⤵
  PID:6660
- C:\Windows\System\mdocOqe.exe
  C:\Windows\System\mdocOqe.exe
  2⤵
  PID:6680
- C:\Windows\System\OPeeKPx.exe
  C:\Windows\System\OPeeKPx.exe
  2⤵
  PID:6736
- C:\Windows\System\bZxXzng.exe
  C:\Windows\System\bZxXzng.exe
  2⤵
  PID:6808
- C:\Windows\System\owUOpEZ.exe
  C:\Windows\System\owUOpEZ.exe
  2⤵
  PID:6712
- C:\Windows\System\dZBhCeV.exe
  C:\Windows\System\dZBhCeV.exe
  2⤵
  PID:6796
- C:\Windows\System\GUhQITz.exe
  C:\Windows\System\GUhQITz.exe
  2⤵
  PID:6880
- C:\Windows\System\dohFpCq.exe
  C:\Windows\System\dohFpCq.exe
  2⤵
  PID:6904
- C:\Windows\System\vigpPwm.exe
  C:\Windows\System\vigpPwm.exe
  2⤵
  PID:6920
- C:\Windows\System\eijWKKi.exe
  C:\Windows\System\eijWKKi.exe
  2⤵
  PID:7004
- C:\Windows\System\AAMaDWv.exe
  C:\Windows\System\AAMaDWv.exe
  2⤵
  PID:6956
- C:\Windows\System\MIIVvQK.exe
  C:\Windows\System\MIIVvQK.exe
  2⤵
  PID:7084
- C:\Windows\System\WKBaysq.exe
  C:\Windows\System\WKBaysq.exe
  2⤵
  PID:7124
- C:\Windows\System\NOFoVTY.exe
  C:\Windows\System\NOFoVTY.exe
  2⤵
  PID:7128
- C:\Windows\System\scTpNiS.exe
  C:\Windows\System\scTpNiS.exe
  2⤵
  PID:7024
- C:\Windows\System\XSQqgno.exe
  C:\Windows\System\XSQqgno.exe
  2⤵
  PID:6236
- C:\Windows\System\zTqULMi.exe
  C:\Windows\System\zTqULMi.exe
  2⤵
  PID:5312
- C:\Windows\System\nUSaHfm.exe
  C:\Windows\System\nUSaHfm.exe
  2⤵
  PID:6012
- C:\Windows\System\mTMpIBX.exe
  C:\Windows\System\mTMpIBX.exe
  2⤵
  PID:6148
- C:\Windows\System\SUCbPbG.exe
  C:\Windows\System\SUCbPbG.exe
  2⤵
  PID:6284
- C:\Windows\System\CUsOWZP.exe
  C:\Windows\System\CUsOWZP.exe
  2⤵
  PID:6420
- C:\Windows\System\WVlrTsv.exe
  C:\Windows\System\WVlrTsv.exe
  2⤵
  PID:6176
- C:\Windows\System\lVAUWtB.exe
  C:\Windows\System\lVAUWtB.exe
  2⤵
  PID:6208
- C:\Windows\System\DPmzDUa.exe
  C:\Windows\System\DPmzDUa.exe
  2⤵
  PID:6480
- C:\Windows\System\WqpRawK.exe
  C:\Windows\System\WqpRawK.exe
  2⤵
  PID:6468
- C:\Windows\System\pZdyarb.exe
  C:\Windows\System\pZdyarb.exe
  2⤵
  PID:6560
- C:\Windows\System\FecvGnt.exe
  C:\Windows\System\FecvGnt.exe
  2⤵
  PID:6676
- C:\Windows\System\SKAJYbs.exe
  C:\Windows\System\SKAJYbs.exe
  2⤵
  PID:6716
- C:\Windows\System\dHRiLpn.exe
  C:\Windows\System\dHRiLpn.exe
  2⤵
  PID:6732
- C:\Windows\System\vDeSBVs.exe
  C:\Windows\System\vDeSBVs.exe
  2⤵
  PID:6916
- C:\Windows\System\HtBWZTB.exe
  C:\Windows\System\HtBWZTB.exe
  2⤵
  PID:6860
- C:\Windows\System\igLpEkQ.exe
  C:\Windows\System\igLpEkQ.exe
  2⤵
  PID:7044
- C:\Windows\System\XHymIUD.exe
  C:\Windows\System\XHymIUD.exe
  2⤵
  PID:7056
- C:\Windows\System\jRapgnU.exe
  C:\Windows\System\jRapgnU.exe
  2⤵
  PID:6876
- C:\Windows\System\dXyOvNv.exe
  C:\Windows\System\dXyOvNv.exe
  2⤵
  PID:7112
- C:\Windows\System\alCJFTd.exe
  C:\Windows\System\alCJFTd.exe
  2⤵
  PID:5184
- C:\Windows\System\bmHUCVM.exe
  C:\Windows\System\bmHUCVM.exe
  2⤵
  PID:5924
- C:\Windows\System\xyBYpVH.exe
  C:\Windows\System\xyBYpVH.exe
  2⤵
  PID:6252
- C:\Windows\System\xxPBpXB.exe
  C:\Windows\System\xxPBpXB.exe
  2⤵
  PID:6216
- C:\Windows\System\bHoJydA.exe
  C:\Windows\System\bHoJydA.exe
  2⤵
  PID:6412
- C:\Windows\System\wdkFqRh.exe
  C:\Windows\System\wdkFqRh.exe
  2⤵
  PID:6464
- C:\Windows\System\KMRVqGJ.exe
  C:\Windows\System\KMRVqGJ.exe
  2⤵
  PID:6776
- C:\Windows\System\IBDbPsa.exe
  C:\Windows\System\IBDbPsa.exe
  2⤵
  PID:6788
- C:\Windows\System\NtDQkMp.exe
  C:\Windows\System\NtDQkMp.exe
  2⤵
  PID:6900
- C:\Windows\System\HmZIqvn.exe
  C:\Windows\System\HmZIqvn.exe
  2⤵
  PID:6912
- C:\Windows\System\shwwIsH.exe
  C:\Windows\System\shwwIsH.exe
  2⤵
  PID:6848
- C:\Windows\System\wiZHndI.exe
  C:\Windows\System\wiZHndI.exe
  2⤵
  PID:6992
- C:\Windows\System\vtSEMdA.exe
  C:\Windows\System\vtSEMdA.exe
  2⤵
  PID:4404
- C:\Windows\System\jyOlgkG.exe
  C:\Windows\System\jyOlgkG.exe
  2⤵
  PID:6540
- C:\Windows\System\yxwTWJQ.exe
  C:\Windows\System\yxwTWJQ.exe
  2⤵
  PID:6212
- C:\Windows\System\oObuDGK.exe
  C:\Windows\System\oObuDGK.exe
  2⤵
  PID:6612
- C:\Windows\System\QkdtHVt.exe
  C:\Windows\System\QkdtHVt.exe
  2⤵
  PID:6936
- C:\Windows\System\VmPCpPX.exe
  C:\Windows\System\VmPCpPX.exe
  2⤵
  PID:6940
- C:\Windows\System\edmiRjm.exe
  C:\Windows\System\edmiRjm.exe
  2⤵
  PID:7080
- C:\Windows\System\wudVepz.exe
  C:\Windows\System\wudVepz.exe
  2⤵
  PID:5716
- C:\Windows\System\upOPDKG.exe
  C:\Windows\System\upOPDKG.exe
  2⤵
  PID:6308
- C:\Windows\System\SNmAybj.exe
  C:\Windows\System\SNmAybj.exe
  2⤵
  PID:6844
- C:\Windows\System\ttzSNKB.exe
  C:\Windows\System\ttzSNKB.exe
  2⤵
  PID:6652
- C:\Windows\System\ADyaPrg.exe
  C:\Windows\System\ADyaPrg.exe
  2⤵
  PID:6632
- C:\Windows\System\mIgpaRA.exe
  C:\Windows\System\mIgpaRA.exe
  2⤵
  PID:7144
- C:\Windows\System\JzkbQGM.exe
  C:\Windows\System\JzkbQGM.exe
  2⤵
  PID:7192
- C:\Windows\System\YjPaBVe.exe
  C:\Windows\System\YjPaBVe.exe
  2⤵
  PID:7212
- C:\Windows\System\hJnnjec.exe
  C:\Windows\System\hJnnjec.exe
  2⤵
  PID:7236
- C:\Windows\System\fLLCPEW.exe
  C:\Windows\System\fLLCPEW.exe
  2⤵
  PID:7252
- C:\Windows\System\igJJHzu.exe
  C:\Windows\System\igJJHzu.exe
  2⤵
  PID:7268
- C:\Windows\System\WpKNllx.exe
  C:\Windows\System\WpKNllx.exe
  2⤵
  PID:7296
- C:\Windows\System\prcePRt.exe
  C:\Windows\System\prcePRt.exe
  2⤵
  PID:7312
- C:\Windows\System\sXgRYAk.exe
  C:\Windows\System\sXgRYAk.exe
  2⤵
  PID:7328
- C:\Windows\System\EscqhFR.exe
  C:\Windows\System\EscqhFR.exe
  2⤵
  PID:7344
- C:\Windows\System\ITKLRaL.exe
  C:\Windows\System\ITKLRaL.exe
  2⤵
  PID:7364
- C:\Windows\System\PEGIjyx.exe
  C:\Windows\System\PEGIjyx.exe
  2⤵
  PID:7384
- C:\Windows\System\PUnqOPi.exe
  C:\Windows\System\PUnqOPi.exe
  2⤵
  PID:7404
- C:\Windows\System\xtPZIGx.exe
  C:\Windows\System\xtPZIGx.exe
  2⤵
  PID:7436
- C:\Windows\System\CDuCzfi.exe
  C:\Windows\System\CDuCzfi.exe
  2⤵
  PID:7452
- C:\Windows\System\pQHPkxb.exe
  C:\Windows\System\pQHPkxb.exe
  2⤵
  PID:7468
- C:\Windows\System\JBFHzlz.exe
  C:\Windows\System\JBFHzlz.exe
  2⤵
  PID:7500
- C:\Windows\System\aoIQFbd.exe
  C:\Windows\System\aoIQFbd.exe
  2⤵
  PID:7516
- C:\Windows\System\eDqKUif.exe
  C:\Windows\System\eDqKUif.exe
  2⤵
  PID:7532
- C:\Windows\System\azjehLP.exe
  C:\Windows\System\azjehLP.exe
  2⤵
  PID:7548
- C:\Windows\System\iWohsMw.exe
  C:\Windows\System\iWohsMw.exe
  2⤵
  PID:7568
- C:\Windows\System\zKgrBXJ.exe
  C:\Windows\System\zKgrBXJ.exe
  2⤵
  PID:7584
- C:\Windows\System\MaOpUGz.exe
  C:\Windows\System\MaOpUGz.exe
  2⤵
  PID:7600
- C:\Windows\System\aqfdpli.exe
  C:\Windows\System\aqfdpli.exe
  2⤵
  PID:7620
- C:\Windows\System\YRsoWJJ.exe
  C:\Windows\System\YRsoWJJ.exe
  2⤵
  PID:7640
- C:\Windows\System\UXPYUSX.exe
  C:\Windows\System\UXPYUSX.exe
  2⤵
  PID:7660
- C:\Windows\System\MiDEhlO.exe
  C:\Windows\System\MiDEhlO.exe
  2⤵
  PID:7676
- C:\Windows\System\JhlIRTY.exe
  C:\Windows\System\JhlIRTY.exe
  2⤵
  PID:7692
- C:\Windows\System\xmoyEdw.exe
  C:\Windows\System\xmoyEdw.exe
  2⤵
  PID:7736
- C:\Windows\System\XJReMmj.exe
  C:\Windows\System\XJReMmj.exe
  2⤵
  PID:7752
- C:\Windows\System\UsIHYLE.exe
  C:\Windows\System\UsIHYLE.exe
  2⤵
  PID:7768
- C:\Windows\System\FpPiSXy.exe
  C:\Windows\System\FpPiSXy.exe
  2⤵
  PID:7784
- C:\Windows\System\ifsrPSy.exe
  C:\Windows\System\ifsrPSy.exe
  2⤵
  PID:7800
- C:\Windows\System\lEZzJVf.exe
  C:\Windows\System\lEZzJVf.exe
  2⤵
  PID:7816
- C:\Windows\System\qhaNDpf.exe
  C:\Windows\System\qhaNDpf.exe
  2⤵
  PID:7836
- C:\Windows\System\zvjaTdZ.exe
  C:\Windows\System\zvjaTdZ.exe
  2⤵
  PID:7856
- C:\Windows\System\FeRMsTi.exe
  C:\Windows\System\FeRMsTi.exe
  2⤵
  PID:7872
- C:\Windows\System\wsyzgEY.exe
  C:\Windows\System\wsyzgEY.exe
  2⤵
  PID:7888
- C:\Windows\System\acOEUUq.exe
  C:\Windows\System\acOEUUq.exe
  2⤵
  PID:7904
- C:\Windows\System\zwlvftB.exe
  C:\Windows\System\zwlvftB.exe
  2⤵
  PID:7920
- C:\Windows\System\IwlzRxZ.exe
  C:\Windows\System\IwlzRxZ.exe
  2⤵
  PID:7936
- C:\Windows\System\JcfOtgR.exe
  C:\Windows\System\JcfOtgR.exe
  2⤵
  PID:7952
- C:\Windows\System\gLMmxJZ.exe
  C:\Windows\System\gLMmxJZ.exe
  2⤵
  PID:8020
- C:\Windows\System\Zvirmeb.exe
  C:\Windows\System\Zvirmeb.exe
  2⤵
  PID:8036
- C:\Windows\System\qHUFxxh.exe
  C:\Windows\System\qHUFxxh.exe
  2⤵
  PID:8052
- C:\Windows\System\jcStCAm.exe
  C:\Windows\System\jcStCAm.exe
  2⤵
  PID:8072
- C:\Windows\System\vtgWtJd.exe
  C:\Windows\System\vtgWtJd.exe
  2⤵
  PID:8092
- C:\Windows\System\KjYnlHn.exe
  C:\Windows\System\KjYnlHn.exe
  2⤵
  PID:8108
- C:\Windows\System\ugqhQLV.exe
  C:\Windows\System\ugqhQLV.exe
  2⤵
  PID:8124
- C:\Windows\System\sMPKGTC.exe
  C:\Windows\System\sMPKGTC.exe
  2⤵
  PID:8144
- C:\Windows\System\DjayHKg.exe
  C:\Windows\System\DjayHKg.exe
  2⤵
  PID:8164
- C:\Windows\System\EREtxaO.exe
  C:\Windows\System\EREtxaO.exe
  2⤵
  PID:8180
- C:\Windows\System\QlfZbIe.exe
  C:\Windows\System\QlfZbIe.exe
  2⤵
  PID:7028
- C:\Windows\System\bPauXCU.exe
  C:\Windows\System\bPauXCU.exe
  2⤵
  PID:6608
- C:\Windows\System\qFSxenM.exe
  C:\Windows\System\qFSxenM.exe
  2⤵
  PID:7220
- C:\Windows\System\jeAczoa.exe
  C:\Windows\System\jeAczoa.exe
  2⤵
  PID:7244
- C:\Windows\System\LWDLMQl.exe
  C:\Windows\System\LWDLMQl.exe
  2⤵
  PID:7276
- C:\Windows\System\RmTCbhQ.exe
  C:\Windows\System\RmTCbhQ.exe
  2⤵
  PID:7352
- C:\Windows\System\xYaTAIx.exe
  C:\Windows\System\xYaTAIx.exe
  2⤵
  PID:7308
- C:\Windows\System\sUorWvQ.exe
  C:\Windows\System\sUorWvQ.exe
  2⤵
  PID:7380
- C:\Windows\System\QHjRiXI.exe
  C:\Windows\System\QHjRiXI.exe
  2⤵
  PID:7400
- C:\Windows\System\RktauCF.exe
  C:\Windows\System\RktauCF.exe
  2⤵
  PID:7420
- C:\Windows\System\yjaxVrb.exe
  C:\Windows\System\yjaxVrb.exe
  2⤵
  PID:7444
- C:\Windows\System\ggnMcDl.exe
  C:\Windows\System\ggnMcDl.exe
  2⤵
  PID:7460
- C:\Windows\System\ZDOeBLZ.exe
  C:\Windows\System\ZDOeBLZ.exe
  2⤵
  PID:7464
- C:\Windows\System\BDbHYHw.exe
  C:\Windows\System\BDbHYHw.exe
  2⤵
  PID:7592
- C:\Windows\System\RqkyenL.exe
  C:\Windows\System\RqkyenL.exe
  2⤵
  PID:7544
- C:\Windows\System\jPtTzdV.exe
  C:\Windows\System\jPtTzdV.exe
  2⤵
  PID:7720
- C:\Windows\System\FrxTHFx.exe
  C:\Windows\System\FrxTHFx.exe
  2⤵
  PID:7512
- C:\Windows\System\frKkvKq.exe
  C:\Windows\System\frKkvKq.exe
  2⤵
  PID:7760
- C:\Windows\System\AdgbNRi.exe
  C:\Windows\System\AdgbNRi.exe
  2⤵
  PID:7608
- C:\Windows\System\mdYaazF.exe
  C:\Windows\System\mdYaazF.exe
  2⤵
  PID:7688
- C:\Windows\System\AGgIebV.exe
  C:\Windows\System\AGgIebV.exe
  2⤵
  PID:7932
- C:\Windows\System\UHZmLCw.exe
  C:\Windows\System\UHZmLCw.exe
  2⤵
  PID:7928
- C:\Windows\System\tPoteeh.exe
  C:\Windows\System\tPoteeh.exe
  2⤵
  PID:7984
- C:\Windows\System\DcXQskZ.exe
  C:\Windows\System\DcXQskZ.exe
  2⤵
  PID:7812
- C:\Windows\System\bXiRyQD.exe
  C:\Windows\System\bXiRyQD.exe
  2⤵
  PID:7992
- C:\Windows\System\NTVyzya.exe
  C:\Windows\System\NTVyzya.exe
  2⤵
  PID:8012
- C:\Windows\System\YBYYpSz.exe
  C:\Windows\System\YBYYpSz.exe
  2⤵
  PID:7884
- C:\Windows\System\DyzqOYD.exe
  C:\Windows\System\DyzqOYD.exe
  2⤵
  PID:8016
- C:\Windows\System\dyemTHa.exe
  C:\Windows\System\dyemTHa.exe
  2⤵
  PID:8084
- C:\Windows\System\DltKqPn.exe
  C:\Windows\System\DltKqPn.exe
  2⤵
  PID:8152
- C:\Windows\System\oBRSdGF.exe
  C:\Windows\System\oBRSdGF.exe
  2⤵
  PID:6396
- C:\Windows\System\oTugNJB.exe
  C:\Windows\System\oTugNJB.exe
  2⤵
  PID:8140
- C:\Windows\System\tfKACxo.exe
  C:\Windows\System\tfKACxo.exe
  2⤵
  PID:6500
- C:\Windows\System\OJROJld.exe
  C:\Windows\System\OJROJld.exe
  2⤵
  PID:8104
- C:\Windows\System\jseuNbm.exe
  C:\Windows\System\jseuNbm.exe
  2⤵
  PID:7184
- C:\Windows\System\Hsxlppf.exe
  C:\Windows\System\Hsxlppf.exe
  2⤵
  PID:7248
- C:\Windows\System\dDKGGSu.exe
  C:\Windows\System\dDKGGSu.exe
  2⤵
  PID:7376
- C:\Windows\System\SrYGxaF.exe
  C:\Windows\System\SrYGxaF.exe
  2⤵
  PID:7336
- C:\Windows\System\EwNQeeg.exe
  C:\Windows\System\EwNQeeg.exe
  2⤵
  PID:7492
- C:\Windows\System\kuKxtoE.exe
  C:\Windows\System\kuKxtoE.exe
  2⤵
  PID:7372
- C:\Windows\System\crjRczB.exe
  C:\Windows\System\crjRczB.exe
  2⤵
  PID:7324
- C:\Windows\System\bBoQuiZ.exe
  C:\Windows\System\bBoQuiZ.exe
  2⤵
  PID:7708
- C:\Windows\System\DSsamCS.exe
  C:\Windows\System\DSsamCS.exe
  2⤵
  PID:7508
- C:\Windows\System\eJfgNsv.exe
  C:\Windows\System\eJfgNsv.exe
  2⤵
  PID:7704
- C:\Windows\System\NkpPrLl.exe
  C:\Windows\System\NkpPrLl.exe
  2⤵
  PID:7828
- C:\Windows\System\xKevSSW.exe
  C:\Windows\System\xKevSSW.exe
  2⤵
  PID:7972
- C:\Windows\System\eJUTrxa.exe
  C:\Windows\System\eJUTrxa.exe
  2⤵
  PID:7880
- C:\Windows\System\KtlvlZL.exe
  C:\Windows\System\KtlvlZL.exe
  2⤵
  PID:7780
- C:\Windows\System\dgQivuU.exe
  C:\Windows\System\dgQivuU.exe
  2⤵
  PID:7808
- C:\Windows\System\jVlZBOD.exe
  C:\Windows\System\jVlZBOD.exe
  2⤵
  PID:8008
- C:\Windows\System\AqCZIMd.exe
  C:\Windows\System\AqCZIMd.exe
  2⤵
  PID:7072
- C:\Windows\System\iqyoGNT.exe
  C:\Windows\System\iqyoGNT.exe
  2⤵
  PID:8176
- C:\Windows\System\MuITptw.exe
  C:\Windows\System\MuITptw.exe
  2⤵
  PID:7176
- C:\Windows\System\EjNDDHZ.exe
  C:\Windows\System\EjNDDHZ.exe
  2⤵
  PID:8100
- C:\Windows\System\NaVTgNv.exe
  C:\Windows\System\NaVTgNv.exe
  2⤵
  PID:7280
- C:\Windows\System\wytCPXh.exe
  C:\Windows\System\wytCPXh.exe
  2⤵
  PID:7560
- C:\Windows\System\KsioWuN.exe
  C:\Windows\System\KsioWuN.exe
  2⤵
  PID:7632
- C:\Windows\System\ZWYjryL.exe
  C:\Windows\System\ZWYjryL.exe
  2⤵
  PID:7672
- C:\Windows\System\ePGglRT.exe
  C:\Windows\System\ePGglRT.exe
  2⤵
  PID:7980
- C:\Windows\System\QQfmZaK.exe
  C:\Windows\System\QQfmZaK.exe
  2⤵
  PID:7728
- C:\Windows\System\VfAPdVW.exe
  C:\Windows\System\VfAPdVW.exe
  2⤵
  PID:7776
- C:\Windows\System\VHKvBbt.exe
  C:\Windows\System\VHKvBbt.exe
  2⤵
  PID:8064
- C:\Windows\System\AeFcbAE.exe
  C:\Windows\System\AeFcbAE.exe
  2⤵
  PID:8120
- C:\Windows\System\yMbbMyF.exe
  C:\Windows\System\yMbbMyF.exe
  2⤵
  PID:7264
- C:\Windows\System\OQCqZXT.exe
  C:\Windows\System\OQCqZXT.exe
  2⤵
  PID:7320
- C:\Windows\System\dchkqXX.exe
  C:\Windows\System\dchkqXX.exe
  2⤵
  PID:7188
- C:\Windows\System\tFEwIXu.exe
  C:\Windows\System\tFEwIXu.exe
  2⤵
  PID:7716
- C:\Windows\System\uUSQWOW.exe
  C:\Windows\System\uUSQWOW.exe
  2⤵
  PID:7700
- C:\Windows\System\uLppTyf.exe
  C:\Windows\System\uLppTyf.exe
  2⤵
  PID:7748
- C:\Windows\System\WbpVrkQ.exe
  C:\Windows\System\WbpVrkQ.exe
  2⤵
  PID:8080
- C:\Windows\System\suYTTps.exe
  C:\Windows\System\suYTTps.exe
  2⤵
  PID:6596
- C:\Windows\System\BOvGaSE.exe
  C:\Windows\System\BOvGaSE.exe
  2⤵
  PID:7480
- C:\Windows\System\TXVfTJh.exe
  C:\Windows\System\TXVfTJh.exe
  2⤵
  PID:7528
- C:\Windows\System\qkYxXmM.exe
  C:\Windows\System\qkYxXmM.exe
  2⤵
  PID:8188
- C:\Windows\System\eVtMZLK.exe
  C:\Windows\System\eVtMZLK.exe
  2⤵
  PID:7156
- C:\Windows\System\mvemgYu.exe
  C:\Windows\System\mvemgYu.exe
  2⤵
  PID:7668
- C:\Windows\System\jpIZxbT.exe
  C:\Windows\System\jpIZxbT.exe
  2⤵
  PID:7732
- C:\Windows\System\NFSDaPz.exe
  C:\Windows\System\NFSDaPz.exe
  2⤵
  PID:7432
- C:\Windows\System\YHvuOxH.exe
  C:\Windows\System\YHvuOxH.exe
  2⤵
  PID:8204
- C:\Windows\System\XWLRcCn.exe
  C:\Windows\System\XWLRcCn.exe
  2⤵
  PID:8240
- C:\Windows\System\zVGXhqd.exe
  C:\Windows\System\zVGXhqd.exe
  2⤵
  PID:8264
- C:\Windows\System\myzUQoQ.exe
  C:\Windows\System\myzUQoQ.exe
  2⤵
  PID:8280
- C:\Windows\System\OpOmaUA.exe
  C:\Windows\System\OpOmaUA.exe
  2⤵
  PID:8296
- C:\Windows\System\DhSYghw.exe
  C:\Windows\System\DhSYghw.exe
  2⤵
  PID:8316
- C:\Windows\System\CEygEgo.exe
  C:\Windows\System\CEygEgo.exe
  2⤵
  PID:8332
- C:\Windows\System\dcERsry.exe
  C:\Windows\System\dcERsry.exe
  2⤵
  PID:8368
- C:\Windows\System\VVgWyrD.exe
  C:\Windows\System\VVgWyrD.exe
  2⤵
  PID:8384
- C:\Windows\System\JQclZMb.exe
  C:\Windows\System\JQclZMb.exe
  2⤵
  PID:8404
- C:\Windows\System\PfSoNNv.exe
  C:\Windows\System\PfSoNNv.exe
  2⤵
  PID:8424
- C:\Windows\System\MyLoaMp.exe
  C:\Windows\System\MyLoaMp.exe
  2⤵
  PID:8452
- C:\Windows\System\xCKOfQV.exe
  C:\Windows\System\xCKOfQV.exe
  2⤵
  PID:8472
- C:\Windows\System\pasxgbn.exe
  C:\Windows\System\pasxgbn.exe
  2⤵
  PID:8488
- C:\Windows\System\bzOjRwq.exe
  C:\Windows\System\bzOjRwq.exe
  2⤵
  PID:8504
- C:\Windows\System\BbnqGyy.exe
  C:\Windows\System\BbnqGyy.exe
  2⤵
  PID:8520
- C:\Windows\System\HeKVVXT.exe
  C:\Windows\System\HeKVVXT.exe
  2⤵
  PID:8536
- C:\Windows\System\sOlaOpZ.exe
  C:\Windows\System\sOlaOpZ.exe
  2⤵
  PID:8552
- C:\Windows\System\GnuqDqv.exe
  C:\Windows\System\GnuqDqv.exe
  2⤵
  PID:8580
- C:\Windows\System\kgWjwRD.exe
  C:\Windows\System\kgWjwRD.exe
  2⤵
  PID:8596
- C:\Windows\System\SfqczPX.exe
  C:\Windows\System\SfqczPX.exe
  2⤵
  PID:8620
- C:\Windows\System\wDgLvRF.exe
  C:\Windows\System\wDgLvRF.exe
  2⤵
  PID:8640
- C:\Windows\System\FkINndw.exe
  C:\Windows\System\FkINndw.exe
  2⤵
  PID:8656
- C:\Windows\System\htuzNzc.exe
  C:\Windows\System\htuzNzc.exe
  2⤵
  PID:8676
- C:\Windows\System\PNqsKcL.exe
  C:\Windows\System\PNqsKcL.exe
  2⤵
  PID:8760
- C:\Windows\System\pKDeRau.exe
  C:\Windows\System\pKDeRau.exe
  2⤵
  PID:8780
- C:\Windows\System\HKoeyxy.exe
  C:\Windows\System\HKoeyxy.exe
  2⤵
  PID:8796
- C:\Windows\System\yAygtod.exe
  C:\Windows\System\yAygtod.exe
  2⤵
  PID:8812
- C:\Windows\System\rdaCYPa.exe
  C:\Windows\System\rdaCYPa.exe
  2⤵
  PID:8828
- C:\Windows\System\ETdyCwQ.exe
  C:\Windows\System\ETdyCwQ.exe
  2⤵
  PID:8844
- C:\Windows\System\usRwQSW.exe
  C:\Windows\System\usRwQSW.exe
  2⤵
  PID:8872
- C:\Windows\System\qTdnCHh.exe
  C:\Windows\System\qTdnCHh.exe
  2⤵
  PID:8892
- C:\Windows\System\jXYlCJw.exe
  C:\Windows\System\jXYlCJw.exe
  2⤵
  PID:8908
- C:\Windows\System\MUHpgbi.exe
  C:\Windows\System\MUHpgbi.exe
  2⤵
  PID:8924
- C:\Windows\System\ybJsFlJ.exe
  C:\Windows\System\ybJsFlJ.exe
  2⤵
  PID:8944
- C:\Windows\System\hawbqfU.exe
  C:\Windows\System\hawbqfU.exe
  2⤵
  PID:8980
- C:\Windows\System\NgJrdGS.exe
  C:\Windows\System\NgJrdGS.exe
  2⤵
  PID:8996
- C:\Windows\System\CbVFXFk.exe
  C:\Windows\System\CbVFXFk.exe
  2⤵
  PID:9012
- C:\Windows\System\kBDwBHA.exe
  C:\Windows\System\kBDwBHA.exe
  2⤵
  PID:9032
- C:\Windows\System\zZlIDim.exe
  C:\Windows\System\zZlIDim.exe
  2⤵
  PID:9052
- C:\Windows\System\ugMkRSA.exe
  C:\Windows\System\ugMkRSA.exe
  2⤵
  PID:9068
- C:\Windows\System\aoIiQqW.exe
  C:\Windows\System\aoIiQqW.exe
  2⤵
  PID:9088
- C:\Windows\System\WYaWqvZ.exe
  C:\Windows\System\WYaWqvZ.exe
  2⤵
  PID:9104
- C:\Windows\System\ttaBIJH.exe
  C:\Windows\System\ttaBIJH.exe
  2⤵
  PID:9124
- C:\Windows\System\RAAPOby.exe
  C:\Windows\System\RAAPOby.exe
  2⤵
  PID:9148
- C:\Windows\System\DDnIjei.exe
  C:\Windows\System\DDnIjei.exe
  2⤵
  PID:9184
- C:\Windows\System\XZiyLQu.exe
  C:\Windows\System\XZiyLQu.exe
  2⤵
  PID:9200
- C:\Windows\System\vEbnCCj.exe
  C:\Windows\System\vEbnCCj.exe
  2⤵
  PID:8200
- C:\Windows\System\JoatrOM.exe
  C:\Windows\System\JoatrOM.exe
  2⤵
  PID:8044
- C:\Windows\System\UcCKbXu.exe
  C:\Windows\System\UcCKbXu.exe
  2⤵
  PID:8228
- C:\Windows\System\htqdlqE.exe
  C:\Windows\System\htqdlqE.exe
  2⤵
  PID:8256
- C:\Windows\System\Olgjfao.exe
  C:\Windows\System\Olgjfao.exe
  2⤵
  PID:8292
- C:\Windows\System\mRpACmt.exe
  C:\Windows\System\mRpACmt.exe
  2⤵
  PID:8340
- C:\Windows\System\RVSYcIR.exe
  C:\Windows\System\RVSYcIR.exe
  2⤵
  PID:8132
- C:\Windows\System\nZvpquC.exe
  C:\Windows\System\nZvpquC.exe
  2⤵
  PID:8412
- C:\Windows\System\DaAzCUk.exe
  C:\Windows\System\DaAzCUk.exe
  2⤵
  PID:8432
- C:\Windows\System\JODGMiK.exe
  C:\Windows\System\JODGMiK.exe
  2⤵
  PID:8468
- C:\Windows\System\apBqysB.exe
  C:\Windows\System\apBqysB.exe
  2⤵
  PID:8532
- C:\Windows\System\nhVYSTN.exe
  C:\Windows\System\nhVYSTN.exe
  2⤵
  PID:8484
- C:\Windows\System\OLfNJFo.exe
  C:\Windows\System\OLfNJFo.exe
  2⤵
  PID:8576
- C:\Windows\System\DEwFOFz.exe
  C:\Windows\System\DEwFOFz.exe
  2⤵
  PID:8592
- C:\Windows\System\glHPucm.exe
  C:\Windows\System\glHPucm.exe
  2⤵
  PID:8668
- C:\Windows\System\AEyMilD.exe
  C:\Windows\System\AEyMilD.exe
  2⤵
  PID:8688
- C:\Windows\System\WVICPcC.exe
  C:\Windows\System\WVICPcC.exe
  2⤵
  PID:8696
- C:\Windows\System\TrUhMwP.exe
  C:\Windows\System\TrUhMwP.exe
  2⤵
  PID:8768
- C:\Windows\System\GEVUKxU.exe
  C:\Windows\System\GEVUKxU.exe
  2⤵
  PID:8880
- C:\Windows\System\ShDqXHU.exe
  C:\Windows\System\ShDqXHU.exe
  2⤵
  PID:8856
- C:\Windows\System\XpcihfH.exe
  C:\Windows\System\XpcihfH.exe
  2⤵
  PID:8920
- C:\Windows\System\CuzDbRs.exe
  C:\Windows\System\CuzDbRs.exe
  2⤵
  PID:8868
- C:\Windows\System\NzVqsnf.exe
  C:\Windows\System\NzVqsnf.exe
  2⤵
  PID:8904
- C:\Windows\System\eTpZsrF.exe
  C:\Windows\System\eTpZsrF.exe
  2⤵
  PID:8988
- C:\Windows\System\KvIrPUY.exe
  C:\Windows\System\KvIrPUY.exe
  2⤵
  PID:8992
- C:\Windows\System\TFtKxvs.exe
  C:\Windows\System\TFtKxvs.exe
  2⤵
  PID:9020
- C:\Windows\System\jFEgPOy.exe
  C:\Windows\System\jFEgPOy.exe
  2⤵
  PID:9028
- C:\Windows\System\XicCiST.exe
  C:\Windows\System\XicCiST.exe
  2⤵
  PID:9116
- C:\Windows\System\dAQzqRN.exe
  C:\Windows\System\dAQzqRN.exe
  2⤵
  PID:9136
- C:\Windows\System\VcIiWfi.exe
  C:\Windows\System\VcIiWfi.exe
  2⤵
  PID:9192
- C:\Windows\System\oUjLEea.exe
  C:\Windows\System\oUjLEea.exe
  2⤵
  PID:8196
- C:\Windows\System\ZDhsfDB.exe
  C:\Windows\System\ZDhsfDB.exe
  2⤵
  PID:8288
- C:\Windows\System\vnXihWj.exe
  C:\Windows\System\vnXihWj.exe
  2⤵
  PID:7232
- C:\Windows\System\ehPUsTF.exe
  C:\Windows\System\ehPUsTF.exe
  2⤵
  PID:8400
- C:\Windows\System\uSXiMoL.exe
  C:\Windows\System\uSXiMoL.exe
  2⤵
  PID:8324
- C:\Windows\System\rZjrfra.exe
  C:\Windows\System\rZjrfra.exe
  2⤵
  PID:8376
- C:\Windows\System\MfHktnr.exe
  C:\Windows\System\MfHktnr.exe
  2⤵
  PID:8512
- C:\Windows\System\eJlKZAx.exe
  C:\Windows\System\eJlKZAx.exe
  2⤵
  PID:8560
- C:\Windows\System\GNMcsRO.exe
  C:\Windows\System\GNMcsRO.exe
  2⤵
  PID:8652
- C:\Windows\System\LWhSEJJ.exe
  C:\Windows\System\LWhSEJJ.exe
  2⤵
  PID:8588
- C:\Windows\System\RGeqvZG.exe
  C:\Windows\System\RGeqvZG.exe
  2⤵
  PID:8772
- C:\Windows\System\MAHvcpd.exe
  C:\Windows\System\MAHvcpd.exe
  2⤵
  PID:8808
- C:\Windows\System\USblWTm.exe
  C:\Windows\System\USblWTm.exe
  2⤵
  PID:8852
- C:\Windows\System\rUXrrzf.exe
  C:\Windows\System\rUXrrzf.exe
  2⤵
  PID:8964
- C:\Windows\System\nsVgpIa.exe
  C:\Windows\System\nsVgpIa.exe
  2⤵
  PID:9008
- C:\Windows\System\GnlHjGM.exe
  C:\Windows\System\GnlHjGM.exe
  2⤵
  PID:9060
- C:\Windows\System\yApqdQQ.exe
  C:\Windows\System\yApqdQQ.exe
  2⤵
  PID:9048
- C:\Windows\System\ehIRpQF.exe
  C:\Windows\System\ehIRpQF.exe
  2⤵
  PID:9160
- C:\Windows\System\XahlIco.exe
  C:\Windows\System\XahlIco.exe
  2⤵
  PID:9208
- C:\Windows\System\AvplnBi.exe
  C:\Windows\System\AvplnBi.exe
  2⤵
  PID:8348
- C:\Windows\System\EvFkUXE.exe
  C:\Windows\System\EvFkUXE.exe
  2⤵
  PID:7636
- C:\Windows\System\DUkVWty.exe
  C:\Windows\System\DUkVWty.exe
  2⤵
  PID:8364
- C:\Windows\System\WzHHzde.exe
  C:\Windows\System\WzHHzde.exe
  2⤵
  PID:8516
- C:\Windows\System\QGJCLSd.exe
  C:\Windows\System\QGJCLSd.exe
  2⤵
  PID:9172
- C:\Windows\System\ObxMvJB.exe
  C:\Windows\System\ObxMvJB.exe
  2⤵
  PID:8672
- C:\Windows\System\hclNjfR.exe
  C:\Windows\System\hclNjfR.exe
  2⤵
  PID:8836
- C:\Windows\System\TpWzVtm.exe
  C:\Windows\System\TpWzVtm.exe
  2⤵
  PID:8916
- C:\Windows\System\UbAzVqp.exe
  C:\Windows\System\UbAzVqp.exe
  2⤵
  PID:8900
- C:\Windows\System\HmKfmHI.exe
  C:\Windows\System\HmKfmHI.exe
  2⤵
  PID:9132
- C:\Windows\System\PKTbgwY.exe
  C:\Windows\System\PKTbgwY.exe
  2⤵
  PID:9168
- C:\Windows\System\UcfduHM.exe
  C:\Windows\System\UcfduHM.exe
  2⤵
  PID:8604
- C:\Windows\System\metYfsj.exe
  C:\Windows\System\metYfsj.exe
  2⤵
  PID:8756
- C:\Windows\System\GkJddZt.exe
  C:\Windows\System\GkJddZt.exe
  2⤵
  PID:8224
- C:\Windows\System\IQLylCT.exe
  C:\Windows\System\IQLylCT.exe
  2⤵
  PID:8976
- C:\Windows\System\ioCKKKo.exe
  C:\Windows\System\ioCKKKo.exe
  2⤵
  PID:9232
- C:\Windows\System\CkdJdcY.exe
  C:\Windows\System\CkdJdcY.exe
  2⤵
  PID:9252
- C:\Windows\System\QQAvzbJ.exe
  C:\Windows\System\QQAvzbJ.exe
  2⤵
  PID:9276
- C:\Windows\System\YjIXhdR.exe
  C:\Windows\System\YjIXhdR.exe
  2⤵
  PID:9296
- C:\Windows\System\diOXXrD.exe
  C:\Windows\System\diOXXrD.exe
  2⤵
  PID:9312
- C:\Windows\System\WiuWJay.exe
  C:\Windows\System\WiuWJay.exe
  2⤵
  PID:9332
- C:\Windows\System\OLHLxfI.exe
  C:\Windows\System\OLHLxfI.exe
  2⤵
  PID:9356
- C:\Windows\System\KPciFIT.exe
  C:\Windows\System\KPciFIT.exe
  2⤵
  PID:9404
- C:\Windows\System\VMFMTjA.exe
  C:\Windows\System\VMFMTjA.exe
  2⤵
  PID:9420
- C:\Windows\System\hgYBwcI.exe
  C:\Windows\System\hgYBwcI.exe
  2⤵
  PID:9436
- C:\Windows\System\NjbDMDj.exe
  C:\Windows\System\NjbDMDj.exe
  2⤵
  PID:9452
- C:\Windows\System\PdyswFm.exe
  C:\Windows\System\PdyswFm.exe
  2⤵
  PID:9472
- C:\Windows\System\kPVOLGT.exe
  C:\Windows\System\kPVOLGT.exe
  2⤵
  PID:9492
- C:\Windows\System\krCOkJt.exe
  C:\Windows\System\krCOkJt.exe
  2⤵
  PID:9512
- C:\Windows\System\SlyfTRq.exe
  C:\Windows\System\SlyfTRq.exe
  2⤵
  PID:9528
- C:\Windows\System\DzjAXpo.exe
  C:\Windows\System\DzjAXpo.exe
  2⤵
  PID:9548
- C:\Windows\System\gjzIypU.exe
  C:\Windows\System\gjzIypU.exe
  2⤵
  PID:9564
- C:\Windows\System\zIqWlyv.exe
  C:\Windows\System\zIqWlyv.exe
  2⤵
  PID:9580
- C:\Windows\System\DzOTkKi.exe
  C:\Windows\System\DzOTkKi.exe
  2⤵
  PID:9596
- C:\Windows\System\xzfAmVW.exe
  C:\Windows\System\xzfAmVW.exe
  2⤵
  PID:9620
- C:\Windows\System\XUIoDNY.exe
  C:\Windows\System\XUIoDNY.exe
  2⤵
  PID:9648
- C:\Windows\System\haUgRYZ.exe
  C:\Windows\System\haUgRYZ.exe
  2⤵
  PID:9684
- C:\Windows\System\nHGjvxu.exe
  C:\Windows\System\nHGjvxu.exe
  2⤵
  PID:9700
- C:\Windows\System\ZWXPbIr.exe
  C:\Windows\System\ZWXPbIr.exe
  2⤵
  PID:9716
- C:\Windows\System\kwGQtlW.exe
  C:\Windows\System\kwGQtlW.exe
  2⤵
  PID:9736
- C:\Windows\System\BIFxSgc.exe
  C:\Windows\System\BIFxSgc.exe
  2⤵
  PID:9760
- C:\Windows\System\KNwYtTL.exe
  C:\Windows\System\KNwYtTL.exe
  2⤵
  PID:9780
- C:\Windows\System\JXoXKvW.exe
  C:\Windows\System\JXoXKvW.exe
  2⤵
  PID:9800
- C:\Windows\System\qvpMifH.exe
  C:\Windows\System\qvpMifH.exe
  2⤵
  PID:9824
- C:\Windows\System\PaprOlQ.exe
  C:\Windows\System\PaprOlQ.exe
  2⤵
  PID:9840
- C:\Windows\System\gsoQKmR.exe
  C:\Windows\System\gsoQKmR.exe
  2⤵
  PID:9856
- C:\Windows\System\IpRPBso.exe
  C:\Windows\System\IpRPBso.exe
  2⤵
  PID:9872
- C:\Windows\System\SeVhCOJ.exe
  C:\Windows\System\SeVhCOJ.exe
  2⤵
  PID:9888
- C:\Windows\System\yivSmvb.exe
  C:\Windows\System\yivSmvb.exe
  2⤵
  PID:9904
- C:\Windows\System\wCdjmZu.exe
  C:\Windows\System\wCdjmZu.exe
  2⤵
  PID:9920
- C:\Windows\System\ghqLWwF.exe
  C:\Windows\System\ghqLWwF.exe
  2⤵
  PID:9936
- C:\Windows\System\HSfDqvw.exe
  C:\Windows\System\HSfDqvw.exe
  2⤵
  PID:9952
- C:\Windows\System\SbcWswt.exe
  C:\Windows\System\SbcWswt.exe
  2⤵
  PID:9968
- C:\Windows\System\xlblAdy.exe
  C:\Windows\System\xlblAdy.exe
  2⤵
  PID:9984
- C:\Windows\System\AkSnmQu.exe
  C:\Windows\System\AkSnmQu.exe
  2⤵
  PID:10024
- C:\Windows\System\FBoRomE.exe
  C:\Windows\System\FBoRomE.exe
  2⤵
  PID:10040
- C:\Windows\System\pRXthbv.exe
  C:\Windows\System\pRXthbv.exe
  2⤵
  PID:10060
- C:\Windows\System\zXHtbyT.exe
  C:\Windows\System\zXHtbyT.exe
  2⤵
  PID:10084
- C:\Windows\System\jjvWWVr.exe
  C:\Windows\System\jjvWWVr.exe
  2⤵
  PID:10112
- C:\Windows\System\vkXSWay.exe
  C:\Windows\System\vkXSWay.exe
  2⤵
  PID:10128
- C:\Windows\System\IWnWLzr.exe
  C:\Windows\System\IWnWLzr.exe
  2⤵
  PID:10144
- C:\Windows\System\VbeCAVI.exe
  C:\Windows\System\VbeCAVI.exe
  2⤵
  PID:10184
- C:\Windows\System\QOfQmrh.exe
  C:\Windows\System\QOfQmrh.exe
  2⤵
  PID:10204
- C:\Windows\System\NvfDllL.exe
  C:\Windows\System\NvfDllL.exe
  2⤵
  PID:10220
- C:\Windows\System\CGgJTmX.exe
  C:\Windows\System\CGgJTmX.exe
  2⤵
  PID:10236
- C:\Windows\System\bBChlBq.exe
  C:\Windows\System\bBChlBq.exe
  2⤵
  PID:9272
- C:\Windows\System\cDgwhou.exe
  C:\Windows\System\cDgwhou.exe
  2⤵
  PID:9348
- C:\Windows\System\SQlkCeJ.exe
  C:\Windows\System\SQlkCeJ.exe
  2⤵
  PID:9080
- C:\Windows\System\WlDudkd.exe
  C:\Windows\System\WlDudkd.exe
  2⤵
  PID:8440
- C:\Windows\System\mAmGVtC.exe
  C:\Windows\System\mAmGVtC.exe
  2⤵
  PID:8936
- C:\Windows\System\qSvstqk.exe
  C:\Windows\System\qSvstqk.exe
  2⤵
  PID:8636
- C:\Windows\System\zcJCfUZ.exe
  C:\Windows\System\zcJCfUZ.exe
  2⤵
  PID:9288
- C:\Windows\System\qYySoPm.exe
  C:\Windows\System\qYySoPm.exe
  2⤵
  PID:9240
- C:\Windows\System\xxHtRCI.exe
  C:\Windows\System\xxHtRCI.exe
  2⤵
  PID:8272
- C:\Windows\System\QKxsBRX.exe
  C:\Windows\System\QKxsBRX.exe
  2⤵
  PID:9392
- C:\Windows\System\WHUWlWK.exe
  C:\Windows\System\WHUWlWK.exe
  2⤵
  PID:9448
- C:\Windows\System\dIelZGW.exe
  C:\Windows\System\dIelZGW.exe
  2⤵
  PID:9556
- C:\Windows\System\awxSxtU.exe
  C:\Windows\System\awxSxtU.exe
  2⤵
  PID:9632
- C:\Windows\System\Dohzoih.exe
  C:\Windows\System\Dohzoih.exe
  2⤵
  PID:9608
- C:\Windows\System\VemJAeq.exe
  C:\Windows\System\VemJAeq.exe
  2⤵
  PID:9504
- C:\Windows\System\AaVhKfH.exe
  C:\Windows\System\AaVhKfH.exe
  2⤵
  PID:9460
- C:\Windows\System\WMqUAdF.exe
  C:\Windows\System\WMqUAdF.exe
  2⤵
  PID:9536
- C:\Windows\System\UcQteMN.exe
  C:\Windows\System\UcQteMN.exe
  2⤵
  PID:9616
- C:\Windows\System\vrMQFin.exe
  C:\Windows\System\vrMQFin.exe
  2⤵
  PID:9668
- C:\Windows\System\puvIgJR.exe
  C:\Windows\System\puvIgJR.exe
  2⤵
  PID:9696
- C:\Windows\System\DEfZMNK.exe
  C:\Windows\System\DEfZMNK.exe
  2⤵
  PID:9728
- C:\Windows\System\IdhUJIu.exe
  C:\Windows\System\IdhUJIu.exe
  2⤵
  PID:9756
- C:\Windows\System\ksDhzOQ.exe
  C:\Windows\System\ksDhzOQ.exe
  2⤵
  PID:9816
- C:\Windows\System\jAqeqOt.exe
  C:\Windows\System\jAqeqOt.exe
  2⤵
  PID:9864
- C:\Windows\System\CupiRNn.exe
  C:\Windows\System\CupiRNn.exe
  2⤵
  PID:9900
- C:\Windows\System\XQZIlvi.exe
  C:\Windows\System\XQZIlvi.exe
  2⤵
  PID:9996
- C:\Windows\System\qvbcyBb.exe
  C:\Windows\System\qvbcyBb.exe
  2⤵
  PID:10012
- C:\Windows\System\bWoVazi.exe
  C:\Windows\System\bWoVazi.exe
  2⤵
  PID:10092
- C:\Windows\System\uCqrjla.exe
  C:\Windows\System\uCqrjla.exe
  2⤵
  PID:9852
- C:\Windows\System\JvoOZoj.exe
  C:\Windows\System\JvoOZoj.exe
  2⤵
  PID:9912
- C:\Windows\System\TzYxMmT.exe
  C:\Windows\System\TzYxMmT.exe
  2⤵
  PID:10036
- C:\Windows\System\rMafsoe.exe
  C:\Windows\System\rMafsoe.exe
  2⤵
  PID:10032
- C:\Windows\System\EKbojlx.exe
  C:\Windows\System\EKbojlx.exe
  2⤵
  PID:10120
- C:\Windows\System\pcAddaQ.exe
  C:\Windows\System\pcAddaQ.exe
  2⤵
  PID:10160
- C:\Windows\System\OPEwuMe.exe
  C:\Windows\System\OPEwuMe.exe
  2⤵
  PID:9220
- C:\Windows\System\mzBTbdA.exe
  C:\Windows\System\mzBTbdA.exe
  2⤵
  PID:9268
- C:\Windows\System\zBpCxcx.exe
  C:\Windows\System\zBpCxcx.exe
  2⤵
  PID:8352
- C:\Windows\System\PNhboIb.exe
  C:\Windows\System\PNhboIb.exe
  2⤵
  PID:8216
- C:\Windows\System\jbSpSKD.exe
  C:\Windows\System\jbSpSKD.exe
  2⤵
  PID:9096
- C:\Windows\System\vkxDqUF.exe
  C:\Windows\System\vkxDqUF.exe
  2⤵
  PID:9292
- C:\Windows\System\cmMYdtG.exe
  C:\Windows\System\cmMYdtG.exe
  2⤵
  PID:9368
- C:\Windows\System\uGCvIct.exe
  C:\Windows\System\uGCvIct.exe
  2⤵
  PID:9412
- C:\Windows\System\Ryqtjwe.exe
  C:\Windows\System\Ryqtjwe.exe
  2⤵
  PID:9520
- C:\Windows\System\MMuliUv.exe
  C:\Windows\System\MMuliUv.exe
  2⤵
  PID:9576
- C:\Windows\System\tLbYseg.exe
  C:\Windows\System\tLbYseg.exe
  2⤵
  PID:9540
- C:\Windows\System\fGTLAPG.exe
  C:\Windows\System\fGTLAPG.exe
  2⤵
  PID:9724
- C:\Windows\System\eHorOqy.exe
  C:\Windows\System\eHorOqy.exe
  2⤵
  PID:9768
- C:\Windows\System\KRMCyws.exe
  C:\Windows\System\KRMCyws.exe
  2⤵
  PID:9508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\GAwarDG.exe

Filesize
6.0MB

MD5
26dae260b9a75ad0b354516e851c8b70

SHA1
a3ab79ec959626cfa3cdf258227b055685584dc6

SHA256
0b7eb56a34f56272f5341f69399ed1e43403af29e85391d5ed3cd95f80439903

SHA512
7a502a2475b3ca184a6a5bb4edfb7f7f0df2a1cc56eccacc2969693eb9d4531fd81ec9481ee5c33eb441cbb07b3acbc7840907bf3a0f30ae9c868a019aa45862

Download Submit
C:\Windows\system\MzGHIFA.exe

Filesize
6.0MB

MD5
7fbeaa0ab1d2c26240f8b25f53e0c78e

SHA1
6f88ef33ad97eadacb2b540ea33994fdefd6006d

SHA256
79e87a0b90c8e5e85e23b48ac82443842c9b80a7848f0102b133188d91dc966b

SHA512
b0a3e6d0d85fec2db4cae0db1e401ddd35f2c0a35baed7e55a0f8334356d3f0499449960d488b8754fd0594647e8db5d66b6f3a9bc8e81ce31cefad7ee98a9e3

Download Submit
C:\Windows\system\ZUnXhtq.exe

Filesize
6.0MB

MD5
6be43ccfddc371f85af57e53ac4b2b8b

SHA1
961c5b243d139d2491562b3e41d62bdbf0d1940d

SHA256
5e51d082899803c6a8e31ee693da01f40ea7c04e74d8c31cd01add687c9e8b7d

SHA512
bddea2c7ffe6eae2d740e4408f8ddca5de5ab815e1eeb701c35ad22b3ce1f437aaf2653e039371988ad4ca89b02078f6fc239b04b600372fcedef030274b0df5

Download Submit
C:\Windows\system\gwCAZEe.exe

Filesize
6.0MB

MD5
41e51468d0a49091a821f02b7cad0682

SHA1
55dd028b5dcf717855dd8b708073a4b2c13f0fd2

SHA256
d962b16be501bb89dda46adfde29b072730977ccbd32fbd4d08d9886f616bafd

SHA512
54b244c7a7958ed0a4c2e7267e950499de664ab5beb997b6918cfea3c23e14dad1913fca254721d622bb97c389fb25a35cc2fcc77614ea894d2a845fac296a76

Download Submit
C:\Windows\system\jDyrZyl.exe

Filesize
6.0MB

MD5
d241058581986f51fbc7d9c9f3710332

SHA1
579c91bd7a068bfd58c320cc2a5f9eadbf83ac92

SHA256
4cab1aaf5157f739fde02ef51a54545e59cc1bdc70f965fa720e4478d8d22be9

SHA512
ff625f883549476552008c875dfd14c1ff38d6c4211ac2291fe438a418a80ec484a302f84f060e06e063f873a421aa16d4d80cd6824929b37aafe6e9e438e280

Download Submit
C:\Windows\system\jErNsfc.exe

Filesize
6.0MB

MD5
faa9338f476bcf25f43fa65389f6bb80

SHA1
d09915a29f09e65e9b345903171ce0ab94d54852

SHA256
39cb6b74682e7a60d2c20845355c406a38f47c10dc203e5b1208881941e85157

SHA512
c1865f0c048996fc81c650bbddb6b8b3ece657d412058328d8fb1ede2bb9c07dc24d626c67f84c50f0a3e851a17827dae0a2df1b17f93a4abb0ae1dca97dc45f

Download Submit
C:\Windows\system\jGwOdAz.exe

Filesize
6.0MB

MD5
8bb51ace48cfa115ce42cfbe407b88d2

SHA1
8badbe025ea9448eea9aa101a8de529a23ebfde5

SHA256
4b0872507ef185746e1df1ff20fae56273b4753da9ab8fe9f48e1e99ed622d98

SHA512
2ce366e96a6ef8cff6e478f1c0eec5a3d9238c50b077ecacabb775696052ac30e4dcc27a62bf15fe867a89ad156baf4127ea977cf33b211ab414d045f2a929d2

Download Submit
C:\Windows\system\kUCmaEQ.exe

Filesize
6.0MB

MD5
b748d3eaf70720211ab077f0be926338

SHA1
44a52117eb849c1e126cb23b0d4238aa01587b18

SHA256
ff14b396369c5e592a49057abfe0d4702a28df80b414cc5696bb6ee693816350

SHA512
ccff6a1de53f159bf33ddec1c083b38f8245f7ca2956302ed2883f31774b4f45c0076738d411c2a54608193dbd8ee7ce1cc50444f5d6dc4fa3d30592b2feaaf4

Download Submit
C:\Windows\system\masyBYg.exe

Filesize
6.0MB

MD5
37dd5619dc55de61888c115ec27da58a

SHA1
801fb7dedae7e0b05d81f9a2037b324c43fd0318

SHA256
c453f946cdd9b60f440ae82345d710066e1c8bc6ad1afa7eac7202ea58d440ba

SHA512
58f282c8a9e6993f7494c3537f437be35a8f875873a54b092ca94f2ae77edfde0d2c878ef10208cdbf810745c5e3e951695d417d4b3e97914d0165b09d104bd9

Download Submit
C:\Windows\system\wEArfRk.exe

Filesize
6.0MB

MD5
0294708a03932caec8b45b7a13b979f9

SHA1
3151c31849968380f85e853b53f598cef726b920

SHA256
a99b3f8ade387b4cd76592528b0b46ff4eabf3b2ea45f5a456519da47380c5e3

SHA512
67257f13c370fd81399ec7260fb763f54a17a76e8e4f7d059ad67625ab9a3db858790b1485ea07a296ab54142cfd89291059451eab40d9e3027776fdaf91205b

Download Submit
C:\Windows\system\xDOUncL.exe

Filesize
6.0MB

MD5
8d82095bd7bc092f1dd7eb15361cde22

SHA1
2fb9fdb865291ac3e421841fd20a80e0ae59e052

SHA256
08ad535f01fef09adb1efc835dbd95e771b74fbc3ea1f4136bfd9ff7fe800f7e

SHA512
7e28b33f98d2535ed7751a71f438d31a3520b425afc5ec3032d4b45a1449c5b5b1aa9783817335f991148bfae7f0ede0f11995bbb7a35565e22909f2db96a16a

Download Submit
\Windows\system\BpUhbgS.exe

Filesize
6.0MB

MD5
766bd1ab32769a6a48328a9ec5e60c45

SHA1
d766810ebd00832b724649e39fce0431a6f1e893

SHA256
bd37ed950b84994d78363abde41536b9fee1b7ce33a28e2ace569347a421f887

SHA512
1b088b3a6c2b6ec6566079758325c725e184f13994b4b7792cf210f7fcf0a502456fa68933a20747bb4f4c1f2905758b6d2a0a4dc99ac162cbd8a6cbad73630e

Download Submit
\Windows\system\ESVbCOx.exe

Filesize
6.0MB

MD5
b5ffe1a291f319fc0fe3f02e7b00fd5c

SHA1
46ff267ee23bea2408023643d382c56ac878e409

SHA256
76f0254ae19cb91797ebd1b5aca8eed7bff7a998f9e4c86c6c14078a0f5fd481

SHA512
74caf6c60fdfcf8e469a789b164f9b8c02a49ea71b4a1c041b38d527f946772a75523eb89c62162ab0609b2911332c61327fb24eb00c2ce692b2e6915ee25fb5

Download Submit
\Windows\system\HtaqdCv.exe

Filesize
6.0MB

MD5
68339d3fcc6141af5a8728e10ef8097e

SHA1
6c58b91ab6ce432e58b48f4b8fa7db22254ee909

SHA256
ebe9283f1f24212a9a747604c72ebdd2715ae3b831829fe58fb350e80bcd2b7c

SHA512
e48760dac1691ed2b94b4f1ceabb72e6fd86063eb5f4f65fa44dc1b30dba99016a303ef5099611c24c7b9dd813cb1a68ae11ddb04c474d80d0facda745b3e875

Download Submit
\Windows\system\LPqOJVR.exe

Filesize
6.0MB

MD5
f3e00dc348e549baba7afed745d3ca56

SHA1
cd548f2e7b88d82bf3824749bd7db4175d7a9648

SHA256
0dfbcbdff63728cd0edd641a42fc1fab97d66a0edfa0668c7c23d50eade455a5

SHA512
49661652857cc4b2a628354b878ea3bda95099dcbb2d8c1ce4ebaf644b6ca9c77a322cc8853e161c955df07227a052fcbe154b6c8e7da8d9d165694d3e19a177

Download Submit
\Windows\system\LjCvqXJ.exe

Filesize
6.0MB

MD5
f85070dc33b9355c7fd0ecf08a24cda2

SHA1
9a68b87cab143dc772579990391217f9be471c5a

SHA256
6d42e44166d903032d7bde8c79bd1eaff454fc7ae716796e87049073c5d2d5f5

SHA512
e06ec9fcb4e6fd9bca63661daa171f3bc71fd8fbf1ea40eb552d64c2e5c0bc063b1cd3b6cf800877f2fd8bb57d58a3bf4ac05667d8458e95dccf0a430ec84528

Download Submit
\Windows\system\NfWqlkD.exe

Filesize
6.0MB

MD5
a6a4acd0477d9f7e006ae2dfc2b07f0c

SHA1
0007dd3cca5ade424c9078a172f2fff4841b46a7

SHA256
ea437b8cf69263f62731232b8a81bd7fb0b9baca81eea8f987272963a65d4e80

SHA512
1a663a0cd83f7ac71af385918d2e687fcebc73dc67a6b9fc0ba3f846b74e60bbe3031db0aeade3704ed367231051794b6c0a52d3d6057c34a96d19d094316e00

Download Submit
\Windows\system\OPyIGBf.exe

Filesize
6.0MB

MD5
ed59269bafd71143e12ccfcda0ecffbc

SHA1
a8c8e20dffcaaaa753248a527c884644d63d947e

SHA256
f37a5aa1a7d01d4064db18745cc3c889b198f90d7f230bb8e28db2782a611e78

SHA512
5a33cfdc4b37e2e55876f17a235a248f0908f011a31b137fdaf7370761eb47ab2ec146fc39396f7fb414dfc8677843ff7e8a736ef5536fd1dff34b248bd48c3b

Download Submit
\Windows\system\RhgrUeO.exe

Filesize
6.0MB

MD5
346723ab8fd34245d290da75b3a2ae34

SHA1
7cb0f8158b3827e8692ea498090bdfdc431b96d3

SHA256
f14a35440732ea8885b7dc7be993477c3a687cabd89b58039544e7187a3a9976

SHA512
7e7ee167722857656caddbe7c7f6f4b1c4b18f75dd96e156586c994bd9650d918aa473c578d5ecfc7b6ffba0d6741ab8592ab7e6de8334094df5705b758e25d2

Download Submit
\Windows\system\TGQhUNW.exe

Filesize
6.0MB

MD5
607623d94fe7a7e39737f9f7f3e1fb4a

SHA1
622eaf3380472a85e7c848a8bab03656ee7fc583

SHA256
2df3863ad8c55e6e0b57df7aac4d9d15569930c7167745dcc2f55b4e49d9f29b

SHA512
3a912367fc5be24048c2f565d616d24e5b7d19699181d14df613705149702bdb9703f0888b4097d7ec3aa9bb5d17db57136dd0deeaa59166f6555cf2ce607ea1

Download Submit
\Windows\system\VQbMsYP.exe

Filesize
6.0MB

MD5
714f02a2070dc730dd3fd0157642e1f9

SHA1
4e2131e05195dd7311f0d82ff6428bb190db1e88

SHA256
715bdc169f936c689bb131c6b739aa34a4d69116fe7d89482c627ac8f35e9636

SHA512
c87916f97811ccf2e60bca2a345b6ddec3e9c356cb09711558c1ed072f794e4480a930b0dbc864add169c1ee79e5201b568d77742285449a4f8e41debf246c21

Download Submit
\Windows\system\XwTMwGt.exe

Filesize
6.0MB

MD5
1e2c1282db5cf149f1c29c17d5fe39aa

SHA1
a2199b56e69bf423a4628f1647c6624d6639517d

SHA256
0e6347b054ffeeeeb55c7fbbd530155e32f8098a98525b5bb64587b979324015

SHA512
c910b5a3ff2ae907202b44eb9dc5cd655c57a8a19a9510216c44e3e96e5e2df6d2461f552f5c7793d5fb7d6909d25893fa8e911d425a85612ca27f9bf1dc4ebb

Download Submit
\Windows\system\arnajqj.exe

Filesize
6.0MB

MD5
b37a9e1f84bf36fa608a437def20cf82

SHA1
7ee11798d4a0ed13d9a1babc4279a82a219ec811

SHA256
a326b68b208b9f4e5e318e56afcc518c5a512191cf5ae19d5056e966bc87a61d

SHA512
5241ae3a747daddf6d98bd64fef2b1168d995120dd59133997d6aa7019c397ce835589489c6b7471bc549cf1bd8f7cc5509d2fb3df82758294b23dc7c4a863c9

Download Submit
\Windows\system\bZGKtNA.exe

Filesize
6.0MB

MD5
b3323f972583f224d23ba263ff092f03

SHA1
01c8f62a32209e10e7af1b2d294807653d55f790

SHA256
1b8fdb3c0228a471c5ff5d41234e3c50992e937e1a179ff44d3b3a2a1af06aea

SHA512
62fe6a0c174d207d1697f226b5b54aae5ecb0318ed76f02e511b729d9c0966ee243cda8afe6078eb044b496a4773eba5179104c91a0e6164a6181b7085eb973c

Download Submit
\Windows\system\gdEYtCg.exe

Filesize
6.0MB

MD5
50e50210d623b4ac006d659762efbf5d

SHA1
513e17afe5185036f475bc282fb04fc2d8dd1803

SHA256
742dee6faf33dedb4e8f50335fd15817201c28d9e6474b77f4252468e6d9b19b

SHA512
3eb0ef3d9ca5f5a3876984d25d2e72a10beda5566309910b4fbcfc55245c3abd55b5f28412f02b9d204a7e8040f1f41baa3d62bcd79af2e9a96ff6f16dd13d64

Download Submit
\Windows\system\igXKscb.exe

Filesize
6.0MB

MD5
3e60a3c35f85ba947322b0801cecf836

SHA1
7115ce397e361759aca1d661465cc2f5f6a23333

SHA256
0b8b3639bd5885d1e0e322d3c5b133026442aaffc0ecdbd4ef9234cc1d800288

SHA512
e7d95e4452af193f84a4f797c7cb47a9f23e17b9cd1cd6c75e592c2b7f94e35041f88210f158c64b09822810373d989c01ac1a4c854ce485c9cad61c5c4a55c0

Download Submit
\Windows\system\oVspAeJ.exe

Filesize
6.0MB

MD5
d148968acb634b263fe87b9a1486efe4

SHA1
14d06b79be5b0335d5ab8e74d86416cde88332dc

SHA256
f33a8755337710b7e3b0b7763f9171fbaf20f12c91036cba550a90dba99bf1bf

SHA512
d52c8da4065458c81d819e119b9964e2b8a5b632f279ca40b8c132e3504696718902f44d48a73e53a2757870f68d9dee284f7cdde1feb80302368cb00e32bb2e

Download Submit
\Windows\system\pLrbfah.exe

Filesize
6.0MB

MD5
3e2cd2935098b7137b84ee2550240573

SHA1
1b042efcddedb14e5a09fe40c0b06f9031bd6e53

SHA256
d0af8f832748bd7df98f022d86e534b15b20e3639e0cdbd9d508319d6be1b231

SHA512
1aeee6cecb7909ef68080d9201381b46384fba972027034b6f2661869094bf893dfea7aa2e2c7c53f157dede9edbcc969f62f9c809a1f6fb204781ba4eb466dd

Download Submit
\Windows\system\pMVWlsR.exe

Filesize
6.0MB

MD5
b9132d59418f04be32505122ad8b2105

SHA1
63d514b02539701ad45685f8870ac5a1a75e1938

SHA256
70898c4f630103edf0baf63bd853193e6e7eab5d808c49c7d77e8158c5dd28d0

SHA512
21bd964facc309b4031d64b3265fb3cedb09a6c5dc7d66d9506ad711bf95d653c3f705f84e64212bda6ea8b7ad806bdaed6049e8208d915e830160536efa0855

Download Submit
\Windows\system\rxUTEOb.exe

Filesize
6.0MB

MD5
7eec6668d3ca14924adefefb09280a68

SHA1
f83056154c7014d209c44aa1ed92c24900eab931

SHA256
210145e2d8145498fd35835f538a06ef88fbf51c9507df81295c66134fb0523f

SHA512
d3778c53e66a06747d65ad1c59100a6ba0c451dc82d9d2f78d536da7bf294505f844aa61e4acb36bc78d7799b01a39e77f64b5b1e85801b12cddca457e5b82c1

Download Submit
\Windows\system\rzESDHo.exe

Filesize
6.0MB

MD5
b6e2fd198a3f2e4e7af14117232e0b1e

SHA1
accd2a7c6547868848c156486c38f45662836c05

SHA256
d45365230cb6d9ab9399e79ac2430c5ba8fd1a6b5f8cc6d60828eea7f936addd

SHA512
5252ea647c08e318176fc6abc50a34384d7f30c1dbbc26b1427ad3775925be769abbbf04c8ea3da3e3b3575c4df049953948c6e025073f66262da4406c6fc6e1

Download Submit
\Windows\system\ydcSzcy.exe

Filesize
6.0MB

MD5
2c2268add6775edcc12c891554374747

SHA1
2bcb85fd01f45a968ed9f54f870141dd1a318769

SHA256
96f83b9772c1aa4ce42e811b41de55f0ad650fe279dd8f18348d5346cca17034

SHA512
3773da61c66c44d58c6a23124e3404b2f91baf64e1bfdccd5f8c62a367a1f21a3ccfbcecc4ec7234e12f5bcb64590ec444d57b733b778526ccab25f6d95e1267

Download Submit
\Windows\system\zpsqcWo.exe

Filesize
6.0MB

MD5
b4667320240fd9a4ea596739332253c4

SHA1
c09179409470789e52893af09bc941dafe0e3843

SHA256
529f8c39e5121dec4fba8c89c08a714d8c237cc08a5ae592d76598fd747fb5a1

SHA512
a23d56953975af9213534a120ab3be53542a8440a0357091f5fd454d16646b5c827e4c96cabd2e69b1113bd1b463d808b8c586ff9681cff7767dd6c8e97cd5a3

Download Submit
memory/596-79-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/596-4001-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/652-4062-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/652-97-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/1436-4063-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/1436-123-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/1524-69-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/1524-3991-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2000-82-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2000-4014-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2000-389-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2172-76-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-3979-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2620-61-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2684-54-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2684-4008-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3939-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2748-14-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2752-66-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1014-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-144-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-22-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2752-70-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-156-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-68-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-87-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2752-56-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2752-0-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2752-19-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2752-59-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2752-116-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-49-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-88-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-193-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-190-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download
memory/2752-390-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2752-516-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-747-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-756-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-30-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-26-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-3996-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2776-189-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2776-36-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2840-13-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2840-3961-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2840-74-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2912-3953-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-188-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-28-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-3968-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2932-21-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2932-102-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download