cobaltstrike | 5740fafc5d0c8c64619ef3821c4b3348df459fab477997094859dd91f4ae017f

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 04:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

8b4988742e996af80226eec14d63aa54
SHA1

0a457601e8476c41240269fa4c1c33656e964a51
SHA256

5740fafc5d0c8c64619ef3821c4b3348df459fab477997094859dd91f4ae017f
SHA512

8ff63b601bd1c69fc9b259dafdc05cf13461f5151053951eb12705a0ce029727b3391bb65be97e51488b02a60b776cec68da595cd35145f8dea8d755976c0d64
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUl:T+q56utgpPF8u/7l

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120ff-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000014bda-13.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000014b28-16.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014cde-24.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014f7b-31.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015016-35.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015048-41.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d33-55.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4a-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016db3-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd2-95.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000170b5-115.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ee0-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001875d-159.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186de-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186d2-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018669-143.dat	cobalt_reflective_dll
behavioral1/files/0x0031000000018654-139.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175d2-135.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175cc-131.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175c6-127.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017546-120.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017051-110.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd6-100.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dc7-90.dat	cobalt_reflective_dll
behavioral1/files/0x003400000001487e-85.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016db8-81.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4e-70.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d46-60.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d11-50.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015512-45.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/800-0-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x00080000000120ff-3.dat	xmrig
behavioral1/files/0x0008000000014bda-13.dat	xmrig
behavioral1/files/0x0008000000014b28-16.dat	xmrig
behavioral1/memory/3056-11-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2620-23-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/1732-18-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/800-8-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000014cde-24.dat	xmrig
behavioral1/files/0x0007000000014f7b-31.dat	xmrig
behavioral1/files/0x0007000000015016-35.dat	xmrig
behavioral1/files/0x0009000000015048-41.dat	xmrig
behavioral1/files/0x0006000000016d33-55.dat	xmrig
behavioral1/files/0x0006000000016d4a-65.dat	xmrig
behavioral1/files/0x0006000000016db3-75.dat	xmrig
behavioral1/files/0x0006000000016dd2-95.dat	xmrig
behavioral1/files/0x00060000000170b5-115.dat	xmrig
behavioral1/files/0x0006000000016ee0-105.dat	xmrig
behavioral1/files/0x000500000001875d-159.dat	xmrig
behavioral1/memory/2712-675-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2860-694-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2008-707-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/800-733-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2604-732-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/1956-811-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/3000-800-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/800-852-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2764-853-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/1244-840-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/800-755-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2512-754-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/800-666-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2624-665-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2688-653-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/1732-1996-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/800-1335-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x00050000000186ee-155.dat	xmrig
behavioral1/files/0x00050000000186de-151.dat	xmrig
behavioral1/files/0x00050000000186d2-147.dat	xmrig
behavioral1/files/0x0005000000018669-143.dat	xmrig
behavioral1/files/0x0031000000018654-139.dat	xmrig
behavioral1/files/0x00060000000175d2-135.dat	xmrig
behavioral1/files/0x00060000000175cc-131.dat	xmrig
behavioral1/files/0x00060000000175c6-127.dat	xmrig
behavioral1/files/0x0006000000017546-120.dat	xmrig
behavioral1/files/0x0006000000017051-110.dat	xmrig
behavioral1/files/0x0006000000016dd6-100.dat	xmrig
behavioral1/files/0x0006000000016dc7-90.dat	xmrig
behavioral1/files/0x003400000001487e-85.dat	xmrig
behavioral1/files/0x0006000000016db8-81.dat	xmrig
behavioral1/files/0x0006000000016d4e-70.dat	xmrig
behavioral1/files/0x0006000000016d46-60.dat	xmrig
behavioral1/files/0x0006000000016d11-50.dat	xmrig
behavioral1/files/0x0008000000015512-45.dat	xmrig
behavioral1/memory/800-2370-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/800-2371-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/800-2373-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/1732-3933-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/3056-3958-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2624-3962-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2620-3961-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2604-3968-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2860-3965-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/1244-3975-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3056	FTOKKGK.exe
1732	ZfYKUFy.exe
2620	eQuyJJI.exe
2764	yBRJBqa.exe
2688	ZmCXdtm.exe
2624	ZmeaamL.exe
2712	fLQNgsp.exe
2860	NMMRaPK.exe
2008	OBvEqgX.exe
2604	ZYPLbmm.exe
2512	BCbrNOi.exe
3000	NISPGGf.exe
1956	zHBUWfT.exe
1244	lstNPmK.exe
696	Echlshv.exe
1056	YeSuRtO.exe
1480	XydfvcU.exe
2816	sWvOBau.exe
2840	HQdKScU.exe
2876	ODAcgbO.exe
2724	vymiYpS.exe
3004	hSqDPmj.exe
1280	juJUlLp.exe
2756	hyXHAZt.exe
1048	pQNQlRQ.exe
1872	NOdHDhM.exe
1932	vaJCdzl.exe
1032	ymVmpsy.exe
1036	hNWnESs.exe
2160	bYGrLIt.exe
2324	aOJcwla.exe
2136	cFEujBE.exe
2156	DnOiecF.exe
1420	Bjpfkxr.exe
1860	OcCKNwp.exe
2204	vzpcscI.exe
1356	ObtYBfY.exe
912	AVwmCyO.exe
788	OiwxcRy.exe
1648	nEFzpDU.exe
2396	NvVqsZm.exe
2372	KOPQIvL.exe
2036	pEIkYeu.exe
2192	pfUBhyt.exe
960	xgEwdwV.exe
1556	OZLDqRE.exe
1360	yyFtjCy.exe
464	mlrZIKW.exe
2424	JImbqmQ.exe
1020	Wagamjs.exe
864	LNozgJH.exe
956	UUGdEev.exe
2904	SaLurgv.exe
1772	NAxXaSV.exe
944	JTFJire.exe
1832	GDZsweF.exe
2280	QzkhCMV.exe
2296	yyvWRlj.exe
2436	pXMJyWA.exe
2072	bCVvQii.exe
2420	tZvHMEU.exe
1504	DofqvvD.exe
884	pqWFSZL.exe
2432	XDYRgGP.exe

Loads dropped DLL 64 IoCs

pid	Process
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/800-0-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x00080000000120ff-3.dat	upx
behavioral1/files/0x0008000000014bda-13.dat	upx
behavioral1/files/0x0008000000014b28-16.dat	upx
behavioral1/memory/3056-11-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2620-23-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/1732-18-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/800-8-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/files/0x0007000000014cde-24.dat	upx
behavioral1/files/0x0007000000014f7b-31.dat	upx
behavioral1/files/0x0007000000015016-35.dat	upx
behavioral1/files/0x0009000000015048-41.dat	upx
behavioral1/files/0x0006000000016d33-55.dat	upx
behavioral1/files/0x0006000000016d4a-65.dat	upx
behavioral1/files/0x0006000000016db3-75.dat	upx
behavioral1/files/0x0006000000016dd2-95.dat	upx
behavioral1/files/0x00060000000170b5-115.dat	upx
behavioral1/files/0x0006000000016ee0-105.dat	upx
behavioral1/files/0x000500000001875d-159.dat	upx
behavioral1/memory/2712-675-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2860-694-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2008-707-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2604-732-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/1956-811-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/3000-800-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2764-853-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/1244-840-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2512-754-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2624-665-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2688-653-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/1732-1996-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/800-1335-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x00050000000186ee-155.dat	upx
behavioral1/files/0x00050000000186de-151.dat	upx
behavioral1/files/0x00050000000186d2-147.dat	upx
behavioral1/files/0x0005000000018669-143.dat	upx
behavioral1/files/0x0031000000018654-139.dat	upx
behavioral1/files/0x00060000000175d2-135.dat	upx
behavioral1/files/0x00060000000175cc-131.dat	upx
behavioral1/files/0x00060000000175c6-127.dat	upx
behavioral1/files/0x0006000000017546-120.dat	upx
behavioral1/files/0x0006000000017051-110.dat	upx
behavioral1/files/0x0006000000016dd6-100.dat	upx
behavioral1/files/0x0006000000016dc7-90.dat	upx
behavioral1/files/0x003400000001487e-85.dat	upx
behavioral1/files/0x0006000000016db8-81.dat	upx
behavioral1/files/0x0006000000016d4e-70.dat	upx
behavioral1/files/0x0006000000016d46-60.dat	upx
behavioral1/files/0x0006000000016d11-50.dat	upx
behavioral1/files/0x0008000000015512-45.dat	upx
behavioral1/memory/1732-3933-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/3056-3958-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2624-3962-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2620-3961-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2604-3968-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2860-3965-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/1244-3975-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/3000-3970-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2688-3981-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2712-3983-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2512-3984-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/1956-3985-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2008-3986-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2764-3989-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\XvhOBeQ.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rgKaIpO.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UdjtJYi.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\buCKTPr.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eEhwrxk.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kyBsGux.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TlCiHsi.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qgOgTtc.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wGbBZgG.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CcTQJUh.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rSHnUNK.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KRfJTQD.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OdCFgfs.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xiByypR.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TbZIaPC.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vkoUbCK.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MGKzRuk.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZQbyBxi.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WjNPCCy.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BxXhbrs.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KpNzMPT.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UiXjWhJ.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NHSacwf.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wjIMAak.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WjequMX.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LCyQrqM.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EQmcRcG.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fXGLLjD.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pUOUZPF.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YnGgqvH.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JnFGllF.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CitWkqG.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MviaWRt.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\evnfIvu.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZPbUekG.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CxwCVOQ.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rNNSfJr.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AtcLNvq.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oRtXzAj.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vWPCUjy.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sRFHZlV.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OrWwLmJ.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ngcOftp.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FXrRQNe.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XYTYbjH.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mlpEQuN.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OBoyijF.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OGjJPQn.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LZrBFqa.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BesAUoG.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hPQhrkq.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\juJUlLp.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mlrZIKW.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vPdjBrN.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kYEitFT.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RjDjzlv.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oRSxgGy.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\upgHimy.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hGPSmxw.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YfnpHru.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VTZXUqF.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QqEbZjh.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jmGptrP.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gUHzqLb.exe	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 800 wrote to memory of 3056	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 800 wrote to memory of 3056	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 800 wrote to memory of 3056	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 800 wrote to memory of 1732	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 800 wrote to memory of 1732	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 800 wrote to memory of 1732	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 800 wrote to memory of 2620	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 800 wrote to memory of 2620	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 800 wrote to memory of 2620	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 800 wrote to memory of 2764	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 800 wrote to memory of 2764	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 800 wrote to memory of 2764	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 800 wrote to memory of 2688	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 800 wrote to memory of 2688	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 800 wrote to memory of 2688	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 800 wrote to memory of 2624	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 800 wrote to memory of 2624	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 800 wrote to memory of 2624	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 800 wrote to memory of 2712	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 800 wrote to memory of 2712	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 800 wrote to memory of 2712	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 800 wrote to memory of 2860	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 800 wrote to memory of 2860	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 800 wrote to memory of 2860	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 800 wrote to memory of 2008	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 800 wrote to memory of 2008	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 800 wrote to memory of 2008	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 800 wrote to memory of 2604	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 800 wrote to memory of 2604	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 800 wrote to memory of 2604	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 800 wrote to memory of 2512	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 800 wrote to memory of 2512	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 800 wrote to memory of 2512	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 800 wrote to memory of 3000	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 800 wrote to memory of 3000	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 800 wrote to memory of 3000	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 800 wrote to memory of 1956	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 800 wrote to memory of 1956	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 800 wrote to memory of 1956	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 800 wrote to memory of 1244	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 800 wrote to memory of 1244	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 800 wrote to memory of 1244	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 800 wrote to memory of 696	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 800 wrote to memory of 696	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 800 wrote to memory of 696	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 800 wrote to memory of 1056	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 800 wrote to memory of 1056	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 800 wrote to memory of 1056	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 800 wrote to memory of 1480	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 800 wrote to memory of 1480	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 800 wrote to memory of 1480	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 800 wrote to memory of 2816	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 800 wrote to memory of 2816	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 800 wrote to memory of 2816	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 800 wrote to memory of 2840	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 800 wrote to memory of 2840	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 800 wrote to memory of 2840	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 800 wrote to memory of 2876	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 800 wrote to memory of 2876	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 800 wrote to memory of 2876	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 800 wrote to memory of 2724	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 800 wrote to memory of 2724	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 800 wrote to memory of 2724	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 800 wrote to memory of 3004	800	2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_8b4988742e996af80226eec14d63aa54_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:800
- C:\Windows\System\FTOKKGK.exe
  C:\Windows\System\FTOKKGK.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\ZfYKUFy.exe
  C:\Windows\System\ZfYKUFy.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\eQuyJJI.exe
  C:\Windows\System\eQuyJJI.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\yBRJBqa.exe
  C:\Windows\System\yBRJBqa.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\ZmCXdtm.exe
  C:\Windows\System\ZmCXdtm.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\ZmeaamL.exe
  C:\Windows\System\ZmeaamL.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\fLQNgsp.exe
  C:\Windows\System\fLQNgsp.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\NMMRaPK.exe
  C:\Windows\System\NMMRaPK.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\OBvEqgX.exe
  C:\Windows\System\OBvEqgX.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\ZYPLbmm.exe
  C:\Windows\System\ZYPLbmm.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\BCbrNOi.exe
  C:\Windows\System\BCbrNOi.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\NISPGGf.exe
  C:\Windows\System\NISPGGf.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\zHBUWfT.exe
  C:\Windows\System\zHBUWfT.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\lstNPmK.exe
  C:\Windows\System\lstNPmK.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\Echlshv.exe
  C:\Windows\System\Echlshv.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\YeSuRtO.exe
  C:\Windows\System\YeSuRtO.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\XydfvcU.exe
  C:\Windows\System\XydfvcU.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\sWvOBau.exe
  C:\Windows\System\sWvOBau.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\HQdKScU.exe
  C:\Windows\System\HQdKScU.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\ODAcgbO.exe
  C:\Windows\System\ODAcgbO.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\vymiYpS.exe
  C:\Windows\System\vymiYpS.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\hSqDPmj.exe
  C:\Windows\System\hSqDPmj.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\juJUlLp.exe
  C:\Windows\System\juJUlLp.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\hyXHAZt.exe
  C:\Windows\System\hyXHAZt.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\pQNQlRQ.exe
  C:\Windows\System\pQNQlRQ.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\NOdHDhM.exe
  C:\Windows\System\NOdHDhM.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\vaJCdzl.exe
  C:\Windows\System\vaJCdzl.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\ymVmpsy.exe
  C:\Windows\System\ymVmpsy.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\hNWnESs.exe
  C:\Windows\System\hNWnESs.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\bYGrLIt.exe
  C:\Windows\System\bYGrLIt.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\aOJcwla.exe
  C:\Windows\System\aOJcwla.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\cFEujBE.exe
  C:\Windows\System\cFEujBE.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\DnOiecF.exe
  C:\Windows\System\DnOiecF.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\Bjpfkxr.exe
  C:\Windows\System\Bjpfkxr.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\OcCKNwp.exe
  C:\Windows\System\OcCKNwp.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\vzpcscI.exe
  C:\Windows\System\vzpcscI.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\ObtYBfY.exe
  C:\Windows\System\ObtYBfY.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\AVwmCyO.exe
  C:\Windows\System\AVwmCyO.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\OiwxcRy.exe
  C:\Windows\System\OiwxcRy.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\nEFzpDU.exe
  C:\Windows\System\nEFzpDU.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\NvVqsZm.exe
  C:\Windows\System\NvVqsZm.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\KOPQIvL.exe
  C:\Windows\System\KOPQIvL.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\pEIkYeu.exe
  C:\Windows\System\pEIkYeu.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\pfUBhyt.exe
  C:\Windows\System\pfUBhyt.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\xgEwdwV.exe
  C:\Windows\System\xgEwdwV.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\OZLDqRE.exe
  C:\Windows\System\OZLDqRE.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\yyFtjCy.exe
  C:\Windows\System\yyFtjCy.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\mlrZIKW.exe
  C:\Windows\System\mlrZIKW.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\JImbqmQ.exe
  C:\Windows\System\JImbqmQ.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\Wagamjs.exe
  C:\Windows\System\Wagamjs.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\LNozgJH.exe
  C:\Windows\System\LNozgJH.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\UUGdEev.exe
  C:\Windows\System\UUGdEev.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\SaLurgv.exe
  C:\Windows\System\SaLurgv.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\NAxXaSV.exe
  C:\Windows\System\NAxXaSV.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\JTFJire.exe
  C:\Windows\System\JTFJire.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\GDZsweF.exe
  C:\Windows\System\GDZsweF.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\QzkhCMV.exe
  C:\Windows\System\QzkhCMV.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\yyvWRlj.exe
  C:\Windows\System\yyvWRlj.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\pXMJyWA.exe
  C:\Windows\System\pXMJyWA.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\bCVvQii.exe
  C:\Windows\System\bCVvQii.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\tZvHMEU.exe
  C:\Windows\System\tZvHMEU.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\DofqvvD.exe
  C:\Windows\System\DofqvvD.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\pqWFSZL.exe
  C:\Windows\System\pqWFSZL.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\XDYRgGP.exe
  C:\Windows\System\XDYRgGP.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\ztOoRez.exe
  C:\Windows\System\ztOoRez.exe
  2⤵
  PID:2240
- C:\Windows\System\TjpcnkE.exe
  C:\Windows\System\TjpcnkE.exe
  2⤵
  PID:1600
- C:\Windows\System\sxbPoyy.exe
  C:\Windows\System\sxbPoyy.exe
  2⤵
  PID:3044
- C:\Windows\System\qrFxfTu.exe
  C:\Windows\System\qrFxfTu.exe
  2⤵
  PID:2068
- C:\Windows\System\ynKszDN.exe
  C:\Windows\System\ynKszDN.exe
  2⤵
  PID:2584
- C:\Windows\System\RGdjwbG.exe
  C:\Windows\System\RGdjwbG.exe
  2⤵
  PID:2784
- C:\Windows\System\zQfuKsD.exe
  C:\Windows\System\zQfuKsD.exe
  2⤵
  PID:2616
- C:\Windows\System\FXnjpfJ.exe
  C:\Windows\System\FXnjpfJ.exe
  2⤵
  PID:2912
- C:\Windows\System\DscyFGt.exe
  C:\Windows\System\DscyFGt.exe
  2⤵
  PID:2716
- C:\Windows\System\cuAKhgZ.exe
  C:\Windows\System\cuAKhgZ.exe
  2⤵
  PID:2244
- C:\Windows\System\GtLgdDj.exe
  C:\Windows\System\GtLgdDj.exe
  2⤵
  PID:2508
- C:\Windows\System\WjNPCCy.exe
  C:\Windows\System\WjNPCCy.exe
  2⤵
  PID:2536
- C:\Windows\System\NZPVgUH.exe
  C:\Windows\System\NZPVgUH.exe
  2⤵
  PID:2128
- C:\Windows\System\SkRPJQG.exe
  C:\Windows\System\SkRPJQG.exe
  2⤵
  PID:2024
- C:\Windows\System\kMLukVv.exe
  C:\Windows\System\kMLukVv.exe
  2⤵
  PID:768
- C:\Windows\System\ghWSzrq.exe
  C:\Windows\System\ghWSzrq.exe
  2⤵
  PID:520
- C:\Windows\System\YTVHdtu.exe
  C:\Windows\System\YTVHdtu.exe
  2⤵
  PID:2736
- C:\Windows\System\uDoFIIt.exe
  C:\Windows\System\uDoFIIt.exe
  2⤵
  PID:1088
- C:\Windows\System\XddKffV.exe
  C:\Windows\System\XddKffV.exe
  2⤵
  PID:2968
- C:\Windows\System\PlWZoTB.exe
  C:\Windows\System\PlWZoTB.exe
  2⤵
  PID:324
- C:\Windows\System\jfmMufd.exe
  C:\Windows\System\jfmMufd.exe
  2⤵
  PID:2732
- C:\Windows\System\kaiLhLY.exe
  C:\Windows\System\kaiLhLY.exe
  2⤵
  PID:2480
- C:\Windows\System\DXWinhI.exe
  C:\Windows\System\DXWinhI.exe
  2⤵
  PID:632
- C:\Windows\System\FHbifFZ.exe
  C:\Windows\System\FHbifFZ.exe
  2⤵
  PID:1948
- C:\Windows\System\ljripGB.exe
  C:\Windows\System\ljripGB.exe
  2⤵
  PID:1664
- C:\Windows\System\xGEAOvp.exe
  C:\Windows\System\xGEAOvp.exe
  2⤵
  PID:2108
- C:\Windows\System\AcbxqEo.exe
  C:\Windows\System\AcbxqEo.exe
  2⤵
  PID:2932
- C:\Windows\System\zwFGyxr.exe
  C:\Windows\System\zwFGyxr.exe
  2⤵
  PID:2476
- C:\Windows\System\SnxdpPi.exe
  C:\Windows\System\SnxdpPi.exe
  2⤵
  PID:2200
- C:\Windows\System\gYbAdQr.exe
  C:\Windows\System\gYbAdQr.exe
  2⤵
  PID:404
- C:\Windows\System\aofcvWr.exe
  C:\Windows\System\aofcvWr.exe
  2⤵
  PID:2148
- C:\Windows\System\jUMroJc.exe
  C:\Windows\System\jUMroJc.exe
  2⤵
  PID:2392
- C:\Windows\System\SBxPWUW.exe
  C:\Windows\System\SBxPWUW.exe
  2⤵
  PID:1804
- C:\Windows\System\IXtiChu.exe
  C:\Windows\System\IXtiChu.exe
  2⤵
  PID:1624
- C:\Windows\System\xynsjrn.exe
  C:\Windows\System\xynsjrn.exe
  2⤵
  PID:1684
- C:\Windows\System\YUEUQmF.exe
  C:\Windows\System\YUEUQmF.exe
  2⤵
  PID:900
- C:\Windows\System\bimYXRJ.exe
  C:\Windows\System\bimYXRJ.exe
  2⤵
  PID:3052
- C:\Windows\System\AdqSRfq.exe
  C:\Windows\System\AdqSRfq.exe
  2⤵
  PID:824
- C:\Windows\System\wohklPq.exe
  C:\Windows\System\wohklPq.exe
  2⤵
  PID:2268
- C:\Windows\System\AcQKrZs.exe
  C:\Windows\System\AcQKrZs.exe
  2⤵
  PID:1516
- C:\Windows\System\ngnqKdC.exe
  C:\Windows\System\ngnqKdC.exe
  2⤵
  PID:2276
- C:\Windows\System\NbiJGYV.exe
  C:\Windows\System\NbiJGYV.exe
  2⤵
  PID:1428
- C:\Windows\System\cKlToZW.exe
  C:\Windows\System\cKlToZW.exe
  2⤵
  PID:1788
- C:\Windows\System\sDbnFgC.exe
  C:\Windows\System\sDbnFgC.exe
  2⤵
  PID:1228
- C:\Windows\System\hOhlJGu.exe
  C:\Windows\System\hOhlJGu.exe
  2⤵
  PID:1608
- C:\Windows\System\FXrRQNe.exe
  C:\Windows\System\FXrRQNe.exe
  2⤵
  PID:2596
- C:\Windows\System\epPaNXy.exe
  C:\Windows\System\epPaNXy.exe
  2⤵
  PID:1044
- C:\Windows\System\KaZouLE.exe
  C:\Windows\System\KaZouLE.exe
  2⤵
  PID:2528
- C:\Windows\System\rIFnWve.exe
  C:\Windows\System\rIFnWve.exe
  2⤵
  PID:2564
- C:\Windows\System\iHGKPSw.exe
  C:\Windows\System\iHGKPSw.exe
  2⤵
  PID:1440
- C:\Windows\System\UmIsAtW.exe
  C:\Windows\System\UmIsAtW.exe
  2⤵
  PID:392
- C:\Windows\System\WKsJQPC.exe
  C:\Windows\System\WKsJQPC.exe
  2⤵
  PID:2888
- C:\Windows\System\tRlzotc.exe
  C:\Windows\System\tRlzotc.exe
  2⤵
  PID:2872
- C:\Windows\System\QqEbZjh.exe
  C:\Windows\System\QqEbZjh.exe
  2⤵
  PID:1704
- C:\Windows\System\fJnIPwv.exe
  C:\Windows\System\fJnIPwv.exe
  2⤵
  PID:2116
- C:\Windows\System\TbZIaPC.exe
  C:\Windows\System\TbZIaPC.exe
  2⤵
  PID:2220
- C:\Windows\System\rHzJFKT.exe
  C:\Windows\System\rHzJFKT.exe
  2⤵
  PID:2264
- C:\Windows\System\pNluoXr.exe
  C:\Windows\System\pNluoXr.exe
  2⤵
  PID:1524
- C:\Windows\System\OSjWLaG.exe
  C:\Windows\System\OSjWLaG.exe
  2⤵
  PID:984
- C:\Windows\System\mlpEQuN.exe
  C:\Windows\System\mlpEQuN.exe
  2⤵
  PID:1868
- C:\Windows\System\AgpdcCe.exe
  C:\Windows\System\AgpdcCe.exe
  2⤵
  PID:2088
- C:\Windows\System\uFRkJtn.exe
  C:\Windows\System\uFRkJtn.exe
  2⤵
  PID:2284
- C:\Windows\System\okYJrbM.exe
  C:\Windows\System\okYJrbM.exe
  2⤵
  PID:740
- C:\Windows\System\BtScOqG.exe
  C:\Windows\System\BtScOqG.exe
  2⤵
  PID:1720
- C:\Windows\System\GKzQynw.exe
  C:\Windows\System\GKzQynw.exe
  2⤵
  PID:1628
- C:\Windows\System\szxUTVQ.exe
  C:\Windows\System\szxUTVQ.exe
  2⤵
  PID:2804
- C:\Windows\System\BDIRFKh.exe
  C:\Windows\System\BDIRFKh.exe
  2⤵
  PID:2612
- C:\Windows\System\YDvonNf.exe
  C:\Windows\System\YDvonNf.exe
  2⤵
  PID:2216
- C:\Windows\System\OMJzxsY.exe
  C:\Windows\System\OMJzxsY.exe
  2⤵
  PID:2188
- C:\Windows\System\NNnPxfm.exe
  C:\Windows\System\NNnPxfm.exe
  2⤵
  PID:2340
- C:\Windows\System\vMlnedw.exe
  C:\Windows\System\vMlnedw.exe
  2⤵
  PID:2184
- C:\Windows\System\QbaaJaW.exe
  C:\Windows\System\QbaaJaW.exe
  2⤵
  PID:1224
- C:\Windows\System\oeaEnZr.exe
  C:\Windows\System\oeaEnZr.exe
  2⤵
  PID:1132
- C:\Windows\System\FFSWHUO.exe
  C:\Windows\System\FFSWHUO.exe
  2⤵
  PID:2140
- C:\Windows\System\xxDSdRx.exe
  C:\Windows\System\xxDSdRx.exe
  2⤵
  PID:2300
- C:\Windows\System\LPdDtRJ.exe
  C:\Windows\System\LPdDtRJ.exe
  2⤵
  PID:888
- C:\Windows\System\ODIqhDh.exe
  C:\Windows\System\ODIqhDh.exe
  2⤵
  PID:2768
- C:\Windows\System\nrOnWqa.exe
  C:\Windows\System\nrOnWqa.exe
  2⤵
  PID:2772
- C:\Windows\System\sufOGSM.exe
  C:\Windows\System\sufOGSM.exe
  2⤵
  PID:2592
- C:\Windows\System\zQRrSTA.exe
  C:\Windows\System\zQRrSTA.exe
  2⤵
  PID:1728
- C:\Windows\System\iuKqSDX.exe
  C:\Windows\System\iuKqSDX.exe
  2⤵
  PID:2100
- C:\Windows\System\adJukZu.exe
  C:\Windows\System\adJukZu.exe
  2⤵
  PID:2104
- C:\Windows\System\WpkMWYg.exe
  C:\Windows\System\WpkMWYg.exe
  2⤵
  PID:2720
- C:\Windows\System\auyJWQc.exe
  C:\Windows\System\auyJWQc.exe
  2⤵
  PID:1780
- C:\Windows\System\SApLfKF.exe
  C:\Windows\System\SApLfKF.exe
  2⤵
  PID:3080
- C:\Windows\System\LXfWGJk.exe
  C:\Windows\System\LXfWGJk.exe
  2⤵
  PID:3096
- C:\Windows\System\ftNaHMn.exe
  C:\Windows\System\ftNaHMn.exe
  2⤵
  PID:3112
- C:\Windows\System\fInescb.exe
  C:\Windows\System\fInescb.exe
  2⤵
  PID:3128
- C:\Windows\System\TEWMPWI.exe
  C:\Windows\System\TEWMPWI.exe
  2⤵
  PID:3144
- C:\Windows\System\vrcWZYE.exe
  C:\Windows\System\vrcWZYE.exe
  2⤵
  PID:3160
- C:\Windows\System\LGEJIPx.exe
  C:\Windows\System\LGEJIPx.exe
  2⤵
  PID:3176
- C:\Windows\System\wEqdRPH.exe
  C:\Windows\System\wEqdRPH.exe
  2⤵
  PID:3192
- C:\Windows\System\PSvonFV.exe
  C:\Windows\System\PSvonFV.exe
  2⤵
  PID:3208
- C:\Windows\System\VzqZmAJ.exe
  C:\Windows\System\VzqZmAJ.exe
  2⤵
  PID:3224
- C:\Windows\System\GpcbOMh.exe
  C:\Windows\System\GpcbOMh.exe
  2⤵
  PID:3240
- C:\Windows\System\QQHYycG.exe
  C:\Windows\System\QQHYycG.exe
  2⤵
  PID:3256
- C:\Windows\System\NkJLFtS.exe
  C:\Windows\System\NkJLFtS.exe
  2⤵
  PID:3272
- C:\Windows\System\TMNCQDO.exe
  C:\Windows\System\TMNCQDO.exe
  2⤵
  PID:3288
- C:\Windows\System\DsUHNIs.exe
  C:\Windows\System\DsUHNIs.exe
  2⤵
  PID:3304
- C:\Windows\System\FXUGecQ.exe
  C:\Windows\System\FXUGecQ.exe
  2⤵
  PID:3320
- C:\Windows\System\KpvtSND.exe
  C:\Windows\System\KpvtSND.exe
  2⤵
  PID:3336
- C:\Windows\System\ADqWgAC.exe
  C:\Windows\System\ADqWgAC.exe
  2⤵
  PID:3352
- C:\Windows\System\PoLfAul.exe
  C:\Windows\System\PoLfAul.exe
  2⤵
  PID:3368
- C:\Windows\System\krSJFxh.exe
  C:\Windows\System\krSJFxh.exe
  2⤵
  PID:3384
- C:\Windows\System\XWKJUeu.exe
  C:\Windows\System\XWKJUeu.exe
  2⤵
  PID:3400
- C:\Windows\System\aoWINnR.exe
  C:\Windows\System\aoWINnR.exe
  2⤵
  PID:3416
- C:\Windows\System\LszAJzn.exe
  C:\Windows\System\LszAJzn.exe
  2⤵
  PID:3432
- C:\Windows\System\vkoUbCK.exe
  C:\Windows\System\vkoUbCK.exe
  2⤵
  PID:3448
- C:\Windows\System\LoKrFSU.exe
  C:\Windows\System\LoKrFSU.exe
  2⤵
  PID:3464
- C:\Windows\System\tDtrwRL.exe
  C:\Windows\System\tDtrwRL.exe
  2⤵
  PID:3480
- C:\Windows\System\jmGptrP.exe
  C:\Windows\System\jmGptrP.exe
  2⤵
  PID:3496
- C:\Windows\System\MseXxax.exe
  C:\Windows\System\MseXxax.exe
  2⤵
  PID:3512
- C:\Windows\System\ZqleIlz.exe
  C:\Windows\System\ZqleIlz.exe
  2⤵
  PID:3528
- C:\Windows\System\sBuoBQq.exe
  C:\Windows\System\sBuoBQq.exe
  2⤵
  PID:3544
- C:\Windows\System\sHLKxIh.exe
  C:\Windows\System\sHLKxIh.exe
  2⤵
  PID:3560
- C:\Windows\System\RZSwMYN.exe
  C:\Windows\System\RZSwMYN.exe
  2⤵
  PID:3576
- C:\Windows\System\ulGUijU.exe
  C:\Windows\System\ulGUijU.exe
  2⤵
  PID:3592
- C:\Windows\System\fzsFfBG.exe
  C:\Windows\System\fzsFfBG.exe
  2⤵
  PID:3608
- C:\Windows\System\uczrDEg.exe
  C:\Windows\System\uczrDEg.exe
  2⤵
  PID:3624
- C:\Windows\System\XApZVbt.exe
  C:\Windows\System\XApZVbt.exe
  2⤵
  PID:3640
- C:\Windows\System\zVsADNh.exe
  C:\Windows\System\zVsADNh.exe
  2⤵
  PID:3656
- C:\Windows\System\jYGCsrZ.exe
  C:\Windows\System\jYGCsrZ.exe
  2⤵
  PID:3672
- C:\Windows\System\wGbBZgG.exe
  C:\Windows\System\wGbBZgG.exe
  2⤵
  PID:3688
- C:\Windows\System\NWUpOZX.exe
  C:\Windows\System\NWUpOZX.exe
  2⤵
  PID:3704
- C:\Windows\System\ineYwFO.exe
  C:\Windows\System\ineYwFO.exe
  2⤵
  PID:3720
- C:\Windows\System\CpQaSvK.exe
  C:\Windows\System\CpQaSvK.exe
  2⤵
  PID:3736
- C:\Windows\System\tgvzPNp.exe
  C:\Windows\System\tgvzPNp.exe
  2⤵
  PID:3752
- C:\Windows\System\hWHTIbq.exe
  C:\Windows\System\hWHTIbq.exe
  2⤵
  PID:3768
- C:\Windows\System\VEmjybM.exe
  C:\Windows\System\VEmjybM.exe
  2⤵
  PID:3784
- C:\Windows\System\koosTMJ.exe
  C:\Windows\System\koosTMJ.exe
  2⤵
  PID:3800
- C:\Windows\System\cRcUFoP.exe
  C:\Windows\System\cRcUFoP.exe
  2⤵
  PID:3816
- C:\Windows\System\JdSmLPK.exe
  C:\Windows\System\JdSmLPK.exe
  2⤵
  PID:3832
- C:\Windows\System\AtcLNvq.exe
  C:\Windows\System\AtcLNvq.exe
  2⤵
  PID:3848
- C:\Windows\System\aORfdwh.exe
  C:\Windows\System\aORfdwh.exe
  2⤵
  PID:3864
- C:\Windows\System\gdsnARo.exe
  C:\Windows\System\gdsnARo.exe
  2⤵
  PID:3880
- C:\Windows\System\RqxLick.exe
  C:\Windows\System\RqxLick.exe
  2⤵
  PID:3896
- C:\Windows\System\dBGhoYt.exe
  C:\Windows\System\dBGhoYt.exe
  2⤵
  PID:3912
- C:\Windows\System\uAqjWWd.exe
  C:\Windows\System\uAqjWWd.exe
  2⤵
  PID:3928
- C:\Windows\System\CFCBjCV.exe
  C:\Windows\System\CFCBjCV.exe
  2⤵
  PID:3944
- C:\Windows\System\AameupH.exe
  C:\Windows\System\AameupH.exe
  2⤵
  PID:3960
- C:\Windows\System\uxUBMQQ.exe
  C:\Windows\System\uxUBMQQ.exe
  2⤵
  PID:3976
- C:\Windows\System\tUUaFQx.exe
  C:\Windows\System\tUUaFQx.exe
  2⤵
  PID:3992
- C:\Windows\System\CyVFLLb.exe
  C:\Windows\System\CyVFLLb.exe
  2⤵
  PID:4008
- C:\Windows\System\MAkhhpH.exe
  C:\Windows\System\MAkhhpH.exe
  2⤵
  PID:4024
- C:\Windows\System\oTOtupR.exe
  C:\Windows\System\oTOtupR.exe
  2⤵
  PID:4040
- C:\Windows\System\yGikArA.exe
  C:\Windows\System\yGikArA.exe
  2⤵
  PID:4056
- C:\Windows\System\vqUGxsF.exe
  C:\Windows\System\vqUGxsF.exe
  2⤵
  PID:4072
- C:\Windows\System\ItIArlj.exe
  C:\Windows\System\ItIArlj.exe
  2⤵
  PID:4088
- C:\Windows\System\DWobaMf.exe
  C:\Windows\System\DWobaMf.exe
  2⤵
  PID:2920
- C:\Windows\System\DeuMlfM.exe
  C:\Windows\System\DeuMlfM.exe
  2⤵
  PID:3076
- C:\Windows\System\BqhGzCW.exe
  C:\Windows\System\BqhGzCW.exe
  2⤵
  PID:3092
- C:\Windows\System\EQmcRcG.exe
  C:\Windows\System\EQmcRcG.exe
  2⤵
  PID:3140
- C:\Windows\System\grUsQDU.exe
  C:\Windows\System\grUsQDU.exe
  2⤵
  PID:3156
- C:\Windows\System\QouVFbx.exe
  C:\Windows\System\QouVFbx.exe
  2⤵
  PID:3204
- C:\Windows\System\VAJbbJk.exe
  C:\Windows\System\VAJbbJk.exe
  2⤵
  PID:3236
- C:\Windows\System\GXREbFM.exe
  C:\Windows\System\GXREbFM.exe
  2⤵
  PID:3268
- C:\Windows\System\upgHimy.exe
  C:\Windows\System\upgHimy.exe
  2⤵
  PID:3284
- C:\Windows\System\UPqUqAi.exe
  C:\Windows\System\UPqUqAi.exe
  2⤵
  PID:3332
- C:\Windows\System\GICVWaF.exe
  C:\Windows\System\GICVWaF.exe
  2⤵
  PID:3364
- C:\Windows\System\MveqExy.exe
  C:\Windows\System\MveqExy.exe
  2⤵
  PID:3380
- C:\Windows\System\IyTSKSv.exe
  C:\Windows\System\IyTSKSv.exe
  2⤵
  PID:3412
- C:\Windows\System\ggMjCLk.exe
  C:\Windows\System\ggMjCLk.exe
  2⤵
  PID:3460
- C:\Windows\System\AOkylPK.exe
  C:\Windows\System\AOkylPK.exe
  2⤵
  PID:3476
- C:\Windows\System\kUWEyOc.exe
  C:\Windows\System\kUWEyOc.exe
  2⤵
  PID:3508
- C:\Windows\System\YUQDpLA.exe
  C:\Windows\System\YUQDpLA.exe
  2⤵
  PID:3540
- C:\Windows\System\ZnUVgkw.exe
  C:\Windows\System\ZnUVgkw.exe
  2⤵
  PID:3588
- C:\Windows\System\XKLsmAP.exe
  C:\Windows\System\XKLsmAP.exe
  2⤵
  PID:3604
- C:\Windows\System\fLRmQLw.exe
  C:\Windows\System\fLRmQLw.exe
  2⤵
  PID:3652
- C:\Windows\System\jHHzrrB.exe
  C:\Windows\System\jHHzrrB.exe
  2⤵
  PID:3684
- C:\Windows\System\xNErQFe.exe
  C:\Windows\System\xNErQFe.exe
  2⤵
  PID:3696
- C:\Windows\System\PRgFrLG.exe
  C:\Windows\System\PRgFrLG.exe
  2⤵
  PID:3732
- C:\Windows\System\XYTYbjH.exe
  C:\Windows\System\XYTYbjH.exe
  2⤵
  PID:3780
- C:\Windows\System\ICiDOUg.exe
  C:\Windows\System\ICiDOUg.exe
  2⤵
  PID:3796
- C:\Windows\System\dFkUyBk.exe
  C:\Windows\System\dFkUyBk.exe
  2⤵
  PID:3828
- C:\Windows\System\FOugLYO.exe
  C:\Windows\System\FOugLYO.exe
  2⤵
  PID:3860
- C:\Windows\System\FlrYsbn.exe
  C:\Windows\System\FlrYsbn.exe
  2⤵
  PID:3888
- C:\Windows\System\EaYsBPM.exe
  C:\Windows\System\EaYsBPM.exe
  2⤵
  PID:3936
- C:\Windows\System\kmHeAbx.exe
  C:\Windows\System\kmHeAbx.exe
  2⤵
  PID:3972
- C:\Windows\System\SoqReAz.exe
  C:\Windows\System\SoqReAz.exe
  2⤵
  PID:3984
- C:\Windows\System\sjLfuNr.exe
  C:\Windows\System\sjLfuNr.exe
  2⤵
  PID:4032
- C:\Windows\System\XMqLpIQ.exe
  C:\Windows\System\XMqLpIQ.exe
  2⤵
  PID:4048
- C:\Windows\System\otWjIjh.exe
  C:\Windows\System\otWjIjh.exe
  2⤵
  PID:4080
- C:\Windows\System\KuosOxQ.exe
  C:\Windows\System\KuosOxQ.exe
  2⤵
  PID:2120
- C:\Windows\System\RpQjwph.exe
  C:\Windows\System\RpQjwph.exe
  2⤵
  PID:2952
- C:\Windows\System\TlCiHsi.exe
  C:\Windows\System\TlCiHsi.exe
  2⤵
  PID:3172
- C:\Windows\System\fPSYtRF.exe
  C:\Windows\System\fPSYtRF.exe
  2⤵
  PID:3220
- C:\Windows\System\aallYxv.exe
  C:\Windows\System\aallYxv.exe
  2⤵
  PID:3300
- C:\Windows\System\hlbhQNd.exe
  C:\Windows\System\hlbhQNd.exe
  2⤵
  PID:3316
- C:\Windows\System\nKMBpzM.exe
  C:\Windows\System\nKMBpzM.exe
  2⤵
  PID:3396
- C:\Windows\System\zelbBtx.exe
  C:\Windows\System\zelbBtx.exe
  2⤵
  PID:3444
- C:\Windows\System\KxYkxjG.exe
  C:\Windows\System\KxYkxjG.exe
  2⤵
  PID:3504
- C:\Windows\System\xEkICPB.exe
  C:\Windows\System\xEkICPB.exe
  2⤵
  PID:3584
- C:\Windows\System\VxfuRoV.exe
  C:\Windows\System\VxfuRoV.exe
  2⤵
  PID:2748
- C:\Windows\System\alUKQhn.exe
  C:\Windows\System\alUKQhn.exe
  2⤵
  PID:3728
- C:\Windows\System\LDMdDMd.exe
  C:\Windows\System\LDMdDMd.exe
  2⤵
  PID:3792
- C:\Windows\System\INacgFC.exe
  C:\Windows\System\INacgFC.exe
  2⤵
  PID:3856
- C:\Windows\System\hnXUAQx.exe
  C:\Windows\System\hnXUAQx.exe
  2⤵
  PID:3920
- C:\Windows\System\TtKdzNA.exe
  C:\Windows\System\TtKdzNA.exe
  2⤵
  PID:3956
- C:\Windows\System\qYsWBOR.exe
  C:\Windows\System\qYsWBOR.exe
  2⤵
  PID:4004
- C:\Windows\System\dqnofTL.exe
  C:\Windows\System\dqnofTL.exe
  2⤵
  PID:2540
- C:\Windows\System\nPEsLve.exe
  C:\Windows\System\nPEsLve.exe
  2⤵
  PID:3104
- C:\Windows\System\UjLwCPd.exe
  C:\Windows\System\UjLwCPd.exe
  2⤵
  PID:3232
- C:\Windows\System\ipEdhVv.exe
  C:\Windows\System\ipEdhVv.exe
  2⤵
  PID:3360
- C:\Windows\System\SbNbmNp.exe
  C:\Windows\System\SbNbmNp.exe
  2⤵
  PID:3552
- C:\Windows\System\kDMZzHp.exe
  C:\Windows\System\kDMZzHp.exe
  2⤵
  PID:3664
- C:\Windows\System\AnpVDGk.exe
  C:\Windows\System\AnpVDGk.exe
  2⤵
  PID:2636
- C:\Windows\System\oRtXzAj.exe
  C:\Windows\System\oRtXzAj.exe
  2⤵
  PID:3760
- C:\Windows\System\IgfAYdA.exe
  C:\Windows\System\IgfAYdA.exe
  2⤵
  PID:4036
- C:\Windows\System\vWPCUjy.exe
  C:\Windows\System\vWPCUjy.exe
  2⤵
  PID:3136
- C:\Windows\System\cwyiRcE.exe
  C:\Windows\System\cwyiRcE.exe
  2⤵
  PID:3264
- C:\Windows\System\PsnWttT.exe
  C:\Windows\System\PsnWttT.exe
  2⤵
  PID:3536
- C:\Windows\System\cdviymR.exe
  C:\Windows\System\cdviymR.exe
  2⤵
  PID:3744
- C:\Windows\System\bLikQvf.exe
  C:\Windows\System\bLikQvf.exe
  2⤵
  PID:3924
- C:\Windows\System\ccLJTBY.exe
  C:\Windows\System\ccLJTBY.exe
  2⤵
  PID:2632
- C:\Windows\System\mNfBNpc.exe
  C:\Windows\System\mNfBNpc.exe
  2⤵
  PID:3872
- C:\Windows\System\QFFmeng.exe
  C:\Windows\System\QFFmeng.exe
  2⤵
  PID:4112
- C:\Windows\System\DYLEwRr.exe
  C:\Windows\System\DYLEwRr.exe
  2⤵
  PID:4132
- C:\Windows\System\YpxaqEY.exe
  C:\Windows\System\YpxaqEY.exe
  2⤵
  PID:4160
- C:\Windows\System\WxudqgA.exe
  C:\Windows\System\WxudqgA.exe
  2⤵
  PID:4176
- C:\Windows\System\QzaWESE.exe
  C:\Windows\System\QzaWESE.exe
  2⤵
  PID:4192
- C:\Windows\System\QMBVdgk.exe
  C:\Windows\System\QMBVdgk.exe
  2⤵
  PID:4208
- C:\Windows\System\zabaxkT.exe
  C:\Windows\System\zabaxkT.exe
  2⤵
  PID:4228
- C:\Windows\System\vxuuOYK.exe
  C:\Windows\System\vxuuOYK.exe
  2⤵
  PID:4372
- C:\Windows\System\DHZqbLL.exe
  C:\Windows\System\DHZqbLL.exe
  2⤵
  PID:4400
- C:\Windows\System\YduYGzG.exe
  C:\Windows\System\YduYGzG.exe
  2⤵
  PID:4472
- C:\Windows\System\fdLVdlz.exe
  C:\Windows\System\fdLVdlz.exe
  2⤵
  PID:4496
- C:\Windows\System\ggsLNYB.exe
  C:\Windows\System\ggsLNYB.exe
  2⤵
  PID:4516
- C:\Windows\System\ybWldkj.exe
  C:\Windows\System\ybWldkj.exe
  2⤵
  PID:4536
- C:\Windows\System\YosbKPq.exe
  C:\Windows\System\YosbKPq.exe
  2⤵
  PID:4552
- C:\Windows\System\HJrvoVj.exe
  C:\Windows\System\HJrvoVj.exe
  2⤵
  PID:4696
- C:\Windows\System\HrIBrPB.exe
  C:\Windows\System\HrIBrPB.exe
  2⤵
  PID:4780
- C:\Windows\System\QXvccnJ.exe
  C:\Windows\System\QXvccnJ.exe
  2⤵
  PID:4796
- C:\Windows\System\rZdYicE.exe
  C:\Windows\System\rZdYicE.exe
  2⤵
  PID:4840
- C:\Windows\System\rCTvgct.exe
  C:\Windows\System\rCTvgct.exe
  2⤵
  PID:4872
- C:\Windows\System\vHoQVxz.exe
  C:\Windows\System\vHoQVxz.exe
  2⤵
  PID:4928
- C:\Windows\System\LCLAuxy.exe
  C:\Windows\System\LCLAuxy.exe
  2⤵
  PID:4952
- C:\Windows\System\zAWTPBO.exe
  C:\Windows\System\zAWTPBO.exe
  2⤵
  PID:4988
- C:\Windows\System\itWYrht.exe
  C:\Windows\System\itWYrht.exe
  2⤵
  PID:5076
- C:\Windows\System\vXQmYNy.exe
  C:\Windows\System\vXQmYNy.exe
  2⤵
  PID:4596
- C:\Windows\System\cPUKJfW.exe
  C:\Windows\System\cPUKJfW.exe
  2⤵
  PID:528
- C:\Windows\System\rNsVQVd.exe
  C:\Windows\System\rNsVQVd.exe
  2⤵
  PID:4896
- C:\Windows\System\DMnlnBm.exe
  C:\Windows\System\DMnlnBm.exe
  2⤵
  PID:4920
- C:\Windows\System\TxddoXq.exe
  C:\Windows\System\TxddoXq.exe
  2⤵
  PID:4632
- C:\Windows\System\ETdIvOZ.exe
  C:\Windows\System\ETdIvOZ.exe
  2⤵
  PID:4648
- C:\Windows\System\evnfIvu.exe
  C:\Windows\System\evnfIvu.exe
  2⤵
  PID:4668
- C:\Windows\System\xyeQbNx.exe
  C:\Windows\System\xyeQbNx.exe
  2⤵
  PID:4684
- C:\Windows\System\eiOkXaY.exe
  C:\Windows\System\eiOkXaY.exe
  2⤵
  PID:4792
- C:\Windows\System\ySqSggv.exe
  C:\Windows\System\ySqSggv.exe
  2⤵
  PID:4972
- C:\Windows\System\gLmTmcH.exe
  C:\Windows\System\gLmTmcH.exe
  2⤵
  PID:4984
- C:\Windows\System\emujOBK.exe
  C:\Windows\System\emujOBK.exe
  2⤵
  PID:2600
- C:\Windows\System\aeoSHby.exe
  C:\Windows\System\aeoSHby.exe
  2⤵
  PID:1740
- C:\Windows\System\evlZDVH.exe
  C:\Windows\System\evlZDVH.exe
  2⤵
  PID:5024
- C:\Windows\System\uVJWuaD.exe
  C:\Windows\System\uVJWuaD.exe
  2⤵
  PID:5040
- C:\Windows\System\EqwiuXs.exe
  C:\Windows\System\EqwiuXs.exe
  2⤵
  PID:5056
- C:\Windows\System\zZHFypG.exe
  C:\Windows\System\zZHFypG.exe
  2⤵
  PID:5084
- C:\Windows\System\nZIWFxB.exe
  C:\Windows\System\nZIWFxB.exe
  2⤵
  PID:5096
- C:\Windows\System\yUZwaNs.exe
  C:\Windows\System\yUZwaNs.exe
  2⤵
  PID:5116
- C:\Windows\System\LyXQKMX.exe
  C:\Windows\System\LyXQKMX.exe
  2⤵
  PID:4140
- C:\Windows\System\XeUCRWq.exe
  C:\Windows\System\XeUCRWq.exe
  2⤵
  PID:2180
- C:\Windows\System\PrpMJDZ.exe
  C:\Windows\System\PrpMJDZ.exe
  2⤵
  PID:2704
- C:\Windows\System\lUBGxgK.exe
  C:\Windows\System\lUBGxgK.exe
  2⤵
  PID:4256
- C:\Windows\System\xqUnMma.exe
  C:\Windows\System\xqUnMma.exe
  2⤵
  PID:4264
- C:\Windows\System\UiGQFLF.exe
  C:\Windows\System\UiGQFLF.exe
  2⤵
  PID:4284
- C:\Windows\System\UeIWxcB.exe
  C:\Windows\System\UeIWxcB.exe
  2⤵
  PID:4300
- C:\Windows\System\GmHTBfH.exe
  C:\Windows\System\GmHTBfH.exe
  2⤵
  PID:3016
- C:\Windows\System\aavwSpG.exe
  C:\Windows\System\aavwSpG.exe
  2⤵
  PID:4332
- C:\Windows\System\lpDPDOa.exe
  C:\Windows\System\lpDPDOa.exe
  2⤵
  PID:4352
- C:\Windows\System\FhKgghb.exe
  C:\Windows\System\FhKgghb.exe
  2⤵
  PID:4408
- C:\Windows\System\ZREeDEA.exe
  C:\Windows\System\ZREeDEA.exe
  2⤵
  PID:4420
- C:\Windows\System\EArvLxD.exe
  C:\Windows\System\EArvLxD.exe
  2⤵
  PID:4444
- C:\Windows\System\TtWIKVu.exe
  C:\Windows\System\TtWIKVu.exe
  2⤵
  PID:4460
- C:\Windows\System\TvOpVIq.exe
  C:\Windows\System\TvOpVIq.exe
  2⤵
  PID:4504
- C:\Windows\System\XnaPVpS.exe
  C:\Windows\System\XnaPVpS.exe
  2⤵
  PID:4384
- C:\Windows\System\IqaSDmK.exe
  C:\Windows\System\IqaSDmK.exe
  2⤵
  PID:4528
- C:\Windows\System\FdtmZtb.exe
  C:\Windows\System\FdtmZtb.exe
  2⤵
  PID:4624
- C:\Windows\System\sIUDIoz.exe
  C:\Windows\System\sIUDIoz.exe
  2⤵
  PID:4588
- C:\Windows\System\ZgwKkto.exe
  C:\Windows\System\ZgwKkto.exe
  2⤵
  PID:4620
- C:\Windows\System\lwpWfLL.exe
  C:\Windows\System\lwpWfLL.exe
  2⤵
  PID:4712
- C:\Windows\System\ZeGzlYi.exe
  C:\Windows\System\ZeGzlYi.exe
  2⤵
  PID:4728
- C:\Windows\System\GqUiAQu.exe
  C:\Windows\System\GqUiAQu.exe
  2⤵
  PID:4740
- C:\Windows\System\SfbGPqu.exe
  C:\Windows\System\SfbGPqu.exe
  2⤵
  PID:4628
- C:\Windows\System\KmbfsrQ.exe
  C:\Windows\System\KmbfsrQ.exe
  2⤵
  PID:4980
- C:\Windows\System\iUStpyB.exe
  C:\Windows\System\iUStpyB.exe
  2⤵
  PID:4772
- C:\Windows\System\PhcGbAn.exe
  C:\Windows\System\PhcGbAn.exe
  2⤵
  PID:5000
- C:\Windows\System\gAuzplw.exe
  C:\Windows\System\gAuzplw.exe
  2⤵
  PID:5036
- C:\Windows\System\KjTouZn.exe
  C:\Windows\System\KjTouZn.exe
  2⤵
  PID:1656
- C:\Windows\System\NYAiUGG.exe
  C:\Windows\System\NYAiUGG.exe
  2⤵
  PID:4836
- C:\Windows\System\IDbGKUq.exe
  C:\Windows\System\IDbGKUq.exe
  2⤵
  PID:1424
- C:\Windows\System\ZTvhckG.exe
  C:\Windows\System\ZTvhckG.exe
  2⤵
  PID:4168
- C:\Windows\System\tGKgFhU.exe
  C:\Windows\System\tGKgFhU.exe
  2⤵
  PID:4236
- C:\Windows\System\OXnlVzT.exe
  C:\Windows\System\OXnlVzT.exe
  2⤵
  PID:4640
- C:\Windows\System\uxHJvym.exe
  C:\Windows\System\uxHJvym.exe
  2⤵
  PID:4184
- C:\Windows\System\XDcYKuh.exe
  C:\Windows\System\XDcYKuh.exe
  2⤵
  PID:1368
- C:\Windows\System\lZoQifV.exe
  C:\Windows\System\lZoQifV.exe
  2⤵
  PID:4940
- C:\Windows\System\XxfFmeL.exe
  C:\Windows\System\XxfFmeL.exe
  2⤵
  PID:5020
- C:\Windows\System\cHgvUCH.exe
  C:\Windows\System\cHgvUCH.exe
  2⤵
  PID:4272
- C:\Windows\System\xyRNDmn.exe
  C:\Windows\System\xyRNDmn.exe
  2⤵
  PID:4016
- C:\Windows\System\sHQpRCp.exe
  C:\Windows\System\sHQpRCp.exe
  2⤵
  PID:2824
- C:\Windows\System\FJIggxV.exe
  C:\Windows\System\FJIggxV.exe
  2⤵
  PID:2864
- C:\Windows\System\RKQSAzO.exe
  C:\Windows\System\RKQSAzO.exe
  2⤵
  PID:1800
- C:\Windows\System\pWSUtri.exe
  C:\Windows\System\pWSUtri.exe
  2⤵
  PID:4340
- C:\Windows\System\cDMUrVW.exe
  C:\Windows\System\cDMUrVW.exe
  2⤵
  PID:2388
- C:\Windows\System\qLEDsKd.exe
  C:\Windows\System\qLEDsKd.exe
  2⤵
  PID:4456
- C:\Windows\System\eVsVBsD.exe
  C:\Windows\System\eVsVBsD.exe
  2⤵
  PID:4600
- C:\Windows\System\XFZNyvV.exe
  C:\Windows\System\XFZNyvV.exe
  2⤵
  PID:1812
- C:\Windows\System\ZueaLcQ.exe
  C:\Windows\System\ZueaLcQ.exe
  2⤵
  PID:440
- C:\Windows\System\LXAOTTW.exe
  C:\Windows\System\LXAOTTW.exe
  2⤵
  PID:4884
- C:\Windows\System\lhkxGDP.exe
  C:\Windows\System\lhkxGDP.exe
  2⤵
  PID:4440
- C:\Windows\System\MvugkrO.exe
  C:\Windows\System\MvugkrO.exe
  2⤵
  PID:4760
- C:\Windows\System\eFPEtzM.exe
  C:\Windows\System\eFPEtzM.exe
  2⤵
  PID:5108
- C:\Windows\System\DADknjc.exe
  C:\Windows\System\DADknjc.exe
  2⤵
  PID:2368
- C:\Windows\System\NrBbMOi.exe
  C:\Windows\System\NrBbMOi.exe
  2⤵
  PID:2124
- C:\Windows\System\ZcfzsXQ.exe
  C:\Windows\System\ZcfzsXQ.exe
  2⤵
  PID:4824
- C:\Windows\System\fhqyUrp.exe
  C:\Windows\System\fhqyUrp.exe
  2⤵
  PID:2304
- C:\Windows\System\huSYvsm.exe
  C:\Windows\System\huSYvsm.exe
  2⤵
  PID:4708
- C:\Windows\System\LiwfGlw.exe
  C:\Windows\System\LiwfGlw.exe
  2⤵
  PID:4660
- C:\Windows\System\EcNVdEY.exe
  C:\Windows\System\EcNVdEY.exe
  2⤵
  PID:4996
- C:\Windows\System\SkgBPNe.exe
  C:\Windows\System\SkgBPNe.exe
  2⤵
  PID:2740
- C:\Windows\System\xLPFNTu.exe
  C:\Windows\System\xLPFNTu.exe
  2⤵
  PID:4912
- C:\Windows\System\fbQSlRe.exe
  C:\Windows\System\fbQSlRe.exe
  2⤵
  PID:3600
- C:\Windows\System\ThVZOKj.exe
  C:\Windows\System\ThVZOKj.exe
  2⤵
  PID:4276
- C:\Windows\System\GHdUkdl.exe
  C:\Windows\System\GHdUkdl.exe
  2⤵
  PID:2568
- C:\Windows\System\fEbBYic.exe
  C:\Windows\System\fEbBYic.exe
  2⤵
  PID:2492
- C:\Windows\System\boBLQan.exe
  C:\Windows\System\boBLQan.exe
  2⤵
  PID:4204
- C:\Windows\System\zeTVyBk.exe
  C:\Windows\System\zeTVyBk.exe
  2⤵
  PID:4324
- C:\Windows\System\wVHvTPY.exe
  C:\Windows\System\wVHvTPY.exe
  2⤵
  PID:4304
- C:\Windows\System\LteuEsI.exe
  C:\Windows\System\LteuEsI.exe
  2⤵
  PID:4416
- C:\Windows\System\FeaKAIo.exe
  C:\Windows\System\FeaKAIo.exe
  2⤵
  PID:4392
- C:\Windows\System\uAEVlmD.exe
  C:\Windows\System\uAEVlmD.exe
  2⤵
  PID:2556
- C:\Windows\System\GZTcXWa.exe
  C:\Windows\System\GZTcXWa.exe
  2⤵
  PID:4720
- C:\Windows\System\Xtttepf.exe
  C:\Windows\System\Xtttepf.exe
  2⤵
  PID:4744
- C:\Windows\System\dqhVGRs.exe
  C:\Windows\System\dqhVGRs.exe
  2⤵
  PID:844
- C:\Windows\System\wUEQjkY.exe
  C:\Windows\System\wUEQjkY.exe
  2⤵
  PID:4832
- C:\Windows\System\EgenyHh.exe
  C:\Windows\System\EgenyHh.exe
  2⤵
  PID:572
- C:\Windows\System\uEAdjSt.exe
  C:\Windows\System\uEAdjSt.exe
  2⤵
  PID:2940
- C:\Windows\System\UjUuGcy.exe
  C:\Windows\System\UjUuGcy.exe
  2⤵
  PID:5008
- C:\Windows\System\LyCKFXe.exe
  C:\Windows\System\LyCKFXe.exe
  2⤵
  PID:5052
- C:\Windows\System\PUlrxTt.exe
  C:\Windows\System\PUlrxTt.exe
  2⤵
  PID:4936
- C:\Windows\System\mywEKeM.exe
  C:\Windows\System\mywEKeM.exe
  2⤵
  PID:4104
- C:\Windows\System\pNGXBxY.exe
  C:\Windows\System\pNGXBxY.exe
  2⤵
  PID:2152
- C:\Windows\System\OeamQlG.exe
  C:\Windows\System\OeamQlG.exe
  2⤵
  PID:4480
- C:\Windows\System\vxtVSZm.exe
  C:\Windows\System\vxtVSZm.exe
  2⤵
  PID:4960
- C:\Windows\System\klwgwjr.exe
  C:\Windows\System\klwgwjr.exe
  2⤵
  PID:5132
- C:\Windows\System\fXGLLjD.exe
  C:\Windows\System\fXGLLjD.exe
  2⤵
  PID:5148
- C:\Windows\System\GRqcELY.exe
  C:\Windows\System\GRqcELY.exe
  2⤵
  PID:5164
- C:\Windows\System\KTxBOUF.exe
  C:\Windows\System\KTxBOUF.exe
  2⤵
  PID:5180
- C:\Windows\System\oqipGJR.exe
  C:\Windows\System\oqipGJR.exe
  2⤵
  PID:5196
- C:\Windows\System\nGEiBuu.exe
  C:\Windows\System\nGEiBuu.exe
  2⤵
  PID:5224
- C:\Windows\System\PTKWZYy.exe
  C:\Windows\System\PTKWZYy.exe
  2⤵
  PID:5308
- C:\Windows\System\bpAchhQ.exe
  C:\Windows\System\bpAchhQ.exe
  2⤵
  PID:5324
- C:\Windows\System\UdjtJYi.exe
  C:\Windows\System\UdjtJYi.exe
  2⤵
  PID:5340
- C:\Windows\System\oGFcGzi.exe
  C:\Windows\System\oGFcGzi.exe
  2⤵
  PID:5384
- C:\Windows\System\jPOKSht.exe
  C:\Windows\System\jPOKSht.exe
  2⤵
  PID:5408
- C:\Windows\System\qHUURTf.exe
  C:\Windows\System\qHUURTf.exe
  2⤵
  PID:5424
- C:\Windows\System\CBrMWIp.exe
  C:\Windows\System\CBrMWIp.exe
  2⤵
  PID:5444
- C:\Windows\System\qgOgTtc.exe
  C:\Windows\System\qgOgTtc.exe
  2⤵
  PID:5464
- C:\Windows\System\JHwtACO.exe
  C:\Windows\System\JHwtACO.exe
  2⤵
  PID:5488
- C:\Windows\System\JruAjMr.exe
  C:\Windows\System\JruAjMr.exe
  2⤵
  PID:5504
- C:\Windows\System\dOXcEFQ.exe
  C:\Windows\System\dOXcEFQ.exe
  2⤵
  PID:5532
- C:\Windows\System\TvxTlCD.exe
  C:\Windows\System\TvxTlCD.exe
  2⤵
  PID:5552
- C:\Windows\System\WRbMnPN.exe
  C:\Windows\System\WRbMnPN.exe
  2⤵
  PID:5568
- C:\Windows\System\TUqEuOf.exe
  C:\Windows\System\TUqEuOf.exe
  2⤵
  PID:5584
- C:\Windows\System\ikglzXd.exe
  C:\Windows\System\ikglzXd.exe
  2⤵
  PID:5608
- C:\Windows\System\OIUEVdF.exe
  C:\Windows\System\OIUEVdF.exe
  2⤵
  PID:5628
- C:\Windows\System\KpNzMPT.exe
  C:\Windows\System\KpNzMPT.exe
  2⤵
  PID:5644
- C:\Windows\System\jXNKlWe.exe
  C:\Windows\System\jXNKlWe.exe
  2⤵
  PID:5660
- C:\Windows\System\OcmjqIX.exe
  C:\Windows\System\OcmjqIX.exe
  2⤵
  PID:5692
- C:\Windows\System\mXsJngS.exe
  C:\Windows\System\mXsJngS.exe
  2⤵
  PID:5708
- C:\Windows\System\wLkovVF.exe
  C:\Windows\System\wLkovVF.exe
  2⤵
  PID:5724
- C:\Windows\System\CUeXguo.exe
  C:\Windows\System\CUeXguo.exe
  2⤵
  PID:5744
- C:\Windows\System\JYWxCex.exe
  C:\Windows\System\JYWxCex.exe
  2⤵
  PID:5764
- C:\Windows\System\WFlxMVA.exe
  C:\Windows\System\WFlxMVA.exe
  2⤵
  PID:5780
- C:\Windows\System\ESGqtWg.exe
  C:\Windows\System\ESGqtWg.exe
  2⤵
  PID:5812
- C:\Windows\System\MimrFxv.exe
  C:\Windows\System\MimrFxv.exe
  2⤵
  PID:5828
- C:\Windows\System\cYxnVMb.exe
  C:\Windows\System\cYxnVMb.exe
  2⤵
  PID:5852
- C:\Windows\System\LUXYNGM.exe
  C:\Windows\System\LUXYNGM.exe
  2⤵
  PID:5868
- C:\Windows\System\rSWOpyY.exe
  C:\Windows\System\rSWOpyY.exe
  2⤵
  PID:5884
- C:\Windows\System\bNycCfF.exe
  C:\Windows\System\bNycCfF.exe
  2⤵
  PID:5900
- C:\Windows\System\GOgAYnN.exe
  C:\Windows\System\GOgAYnN.exe
  2⤵
  PID:5932
- C:\Windows\System\ZslkvFN.exe
  C:\Windows\System\ZslkvFN.exe
  2⤵
  PID:5948
- C:\Windows\System\kottHMr.exe
  C:\Windows\System\kottHMr.exe
  2⤵
  PID:5964
- C:\Windows\System\sASYWgU.exe
  C:\Windows\System\sASYWgU.exe
  2⤵
  PID:5980
- C:\Windows\System\AspvruB.exe
  C:\Windows\System\AspvruB.exe
  2⤵
  PID:6008
- C:\Windows\System\OBoyijF.exe
  C:\Windows\System\OBoyijF.exe
  2⤵
  PID:6024
- C:\Windows\System\FsmNALy.exe
  C:\Windows\System\FsmNALy.exe
  2⤵
  PID:6044
- C:\Windows\System\lkHhusx.exe
  C:\Windows\System\lkHhusx.exe
  2⤵
  PID:6068
- C:\Windows\System\pbaALMD.exe
  C:\Windows\System\pbaALMD.exe
  2⤵
  PID:6084
- C:\Windows\System\jfKWGoJ.exe
  C:\Windows\System\jfKWGoJ.exe
  2⤵
  PID:6108
- C:\Windows\System\MTUdURc.exe
  C:\Windows\System\MTUdURc.exe
  2⤵
  PID:6128
- C:\Windows\System\LLcbxIe.exe
  C:\Windows\System\LLcbxIe.exe
  2⤵
  PID:4220
- C:\Windows\System\ffnexNv.exe
  C:\Windows\System\ffnexNv.exe
  2⤵
  PID:2680
- C:\Windows\System\dWLbHVE.exe
  C:\Windows\System\dWLbHVE.exe
  2⤵
  PID:4828
- C:\Windows\System\WgWWIpH.exe
  C:\Windows\System\WgWWIpH.exe
  2⤵
  PID:4260
- C:\Windows\System\ppiNVxK.exe
  C:\Windows\System\ppiNVxK.exe
  2⤵
  PID:5156
- C:\Windows\System\PtCtqfq.exe
  C:\Windows\System\PtCtqfq.exe
  2⤵
  PID:5232
- C:\Windows\System\hClMthV.exe
  C:\Windows\System\hClMthV.exe
  2⤵
  PID:4368
- C:\Windows\System\yibDERu.exe
  C:\Windows\System\yibDERu.exe
  2⤵
  PID:4200
- C:\Windows\System\wxrLwKv.exe
  C:\Windows\System\wxrLwKv.exe
  2⤵
  PID:4364
- C:\Windows\System\awpoDjr.exe
  C:\Windows\System\awpoDjr.exe
  2⤵
  PID:5212
- C:\Windows\System\grxJDvP.exe
  C:\Windows\System\grxJDvP.exe
  2⤵
  PID:4584
- C:\Windows\System\kYodXBe.exe
  C:\Windows\System\kYodXBe.exe
  2⤵
  PID:4432
- C:\Windows\System\NmkWMie.exe
  C:\Windows\System\NmkWMie.exe
  2⤵
  PID:4644
- C:\Windows\System\WUhzrOj.exe
  C:\Windows\System\WUhzrOj.exe
  2⤵
  PID:5272
- C:\Windows\System\jUSnguu.exe
  C:\Windows\System\jUSnguu.exe
  2⤵
  PID:5288
- C:\Windows\System\lAfONvH.exe
  C:\Windows\System\lAfONvH.exe
  2⤵
  PID:5332
- C:\Windows\System\uBbEAUN.exe
  C:\Windows\System\uBbEAUN.exe
  2⤵
  PID:5360
- C:\Windows\System\gaaAiuQ.exe
  C:\Windows\System\gaaAiuQ.exe
  2⤵
  PID:5352
- C:\Windows\System\qAIlLAZ.exe
  C:\Windows\System\qAIlLAZ.exe
  2⤵
  PID:5404
- C:\Windows\System\ioVVvZm.exe
  C:\Windows\System\ioVVvZm.exe
  2⤵
  PID:5452
- C:\Windows\System\aJuJJkd.exe
  C:\Windows\System\aJuJJkd.exe
  2⤵
  PID:5460
- C:\Windows\System\tcajCvC.exe
  C:\Windows\System\tcajCvC.exe
  2⤵
  PID:5512
- C:\Windows\System\TJWdBhh.exe
  C:\Windows\System\TJWdBhh.exe
  2⤵
  PID:5540
- C:\Windows\System\hKanfBB.exe
  C:\Windows\System\hKanfBB.exe
  2⤵
  PID:5580
- C:\Windows\System\XOycsKX.exe
  C:\Windows\System\XOycsKX.exe
  2⤵
  PID:5596
- C:\Windows\System\fYbHwXd.exe
  C:\Windows\System\fYbHwXd.exe
  2⤵
  PID:5656
- C:\Windows\System\SGiXrUI.exe
  C:\Windows\System\SGiXrUI.exe
  2⤵
  PID:5688
- C:\Windows\System\ZtKBxmw.exe
  C:\Windows\System\ZtKBxmw.exe
  2⤵
  PID:5716
- C:\Windows\System\qYquqgj.exe
  C:\Windows\System\qYquqgj.exe
  2⤵
  PID:5736
- C:\Windows\System\akpNEnS.exe
  C:\Windows\System\akpNEnS.exe
  2⤵
  PID:5740
- C:\Windows\System\OaSuWnC.exe
  C:\Windows\System\OaSuWnC.exe
  2⤵
  PID:5792
- C:\Windows\System\ZHnAKlp.exe
  C:\Windows\System\ZHnAKlp.exe
  2⤵
  PID:5776
- C:\Windows\System\wgiAito.exe
  C:\Windows\System\wgiAito.exe
  2⤵
  PID:5848
- C:\Windows\System\TVxykgJ.exe
  C:\Windows\System\TVxykgJ.exe
  2⤵
  PID:5860
- C:\Windows\System\UTSxvFo.exe
  C:\Windows\System\UTSxvFo.exe
  2⤵
  PID:5908
- C:\Windows\System\xWeDlxL.exe
  C:\Windows\System\xWeDlxL.exe
  2⤵
  PID:5960
- C:\Windows\System\ROPoAEn.exe
  C:\Windows\System\ROPoAEn.exe
  2⤵
  PID:5996
- C:\Windows\System\ZKMTDQS.exe
  C:\Windows\System\ZKMTDQS.exe
  2⤵
  PID:6036
- C:\Windows\System\xcAdMAY.exe
  C:\Windows\System\xcAdMAY.exe
  2⤵
  PID:6016
- C:\Windows\System\trEXrmR.exe
  C:\Windows\System\trEXrmR.exe
  2⤵
  PID:6096
- C:\Windows\System\OqTYqjl.exe
  C:\Windows\System\OqTYqjl.exe
  2⤵
  PID:6120
- C:\Windows\System\yQpWHtB.exe
  C:\Windows\System\yQpWHtB.exe
  2⤵
  PID:4656
- C:\Windows\System\hNvyklW.exe
  C:\Windows\System\hNvyklW.exe
  2⤵
  PID:4608
- C:\Windows\System\dUlabfd.exe
  C:\Windows\System\dUlabfd.exe
  2⤵
  PID:5192
- C:\Windows\System\VCNilWO.exe
  C:\Windows\System\VCNilWO.exe
  2⤵
  PID:5204
- C:\Windows\System\emTAKPB.exe
  C:\Windows\System\emTAKPB.exe
  2⤵
  PID:4572
- C:\Windows\System\rbUIVSB.exe
  C:\Windows\System\rbUIVSB.exe
  2⤵
  PID:1864
- C:\Windows\System\jqtNiIT.exe
  C:\Windows\System\jqtNiIT.exe
  2⤵
  PID:5216
- C:\Windows\System\TNuVMQR.exe
  C:\Windows\System\TNuVMQR.exe
  2⤵
  PID:4724
- C:\Windows\System\mrYcWJe.exe
  C:\Windows\System\mrYcWJe.exe
  2⤵
  PID:4124
- C:\Windows\System\wtUnDNb.exe
  C:\Windows\System\wtUnDNb.exe
  2⤵
  PID:5300
- C:\Windows\System\KXbhIyo.exe
  C:\Windows\System\KXbhIyo.exe
  2⤵
  PID:5280
- C:\Windows\System\uIVelSA.exe
  C:\Windows\System\uIVelSA.exe
  2⤵
  PID:5348
- C:\Windows\System\SDxwJnN.exe
  C:\Windows\System\SDxwJnN.exe
  2⤵
  PID:5432
- C:\Windows\System\IsbhDlq.exe
  C:\Windows\System\IsbhDlq.exe
  2⤵
  PID:5376
- C:\Windows\System\LDRifKX.exe
  C:\Windows\System\LDRifKX.exe
  2⤵
  PID:5520
- C:\Windows\System\gSRZXvh.exe
  C:\Windows\System\gSRZXvh.exe
  2⤵
  PID:5500
- C:\Windows\System\HyBlQIg.exe
  C:\Windows\System\HyBlQIg.exe
  2⤵
  PID:5668
- C:\Windows\System\EbMzDrO.exe
  C:\Windows\System\EbMzDrO.exe
  2⤵
  PID:5700
- C:\Windows\System\LFeYFVl.exe
  C:\Windows\System\LFeYFVl.exe
  2⤵
  PID:5804
- C:\Windows\System\FJhPaOO.exe
  C:\Windows\System\FJhPaOO.exe
  2⤵
  PID:5824
- C:\Windows\System\JtdFzNZ.exe
  C:\Windows\System\JtdFzNZ.exe
  2⤵
  PID:5840
- C:\Windows\System\YnGgqvH.exe
  C:\Windows\System\YnGgqvH.exe
  2⤵
  PID:5928
- C:\Windows\System\kdhGumy.exe
  C:\Windows\System\kdhGumy.exe
  2⤵
  PID:6004
- C:\Windows\System\bOjqeCb.exe
  C:\Windows\System\bOjqeCb.exe
  2⤵
  PID:5896
- C:\Windows\System\LLeSNeO.exe
  C:\Windows\System\LLeSNeO.exe
  2⤵
  PID:5704
- C:\Windows\System\rnnVfdn.exe
  C:\Windows\System\rnnVfdn.exe
  2⤵
  PID:6092
- C:\Windows\System\vmODiJj.exe
  C:\Windows\System\vmODiJj.exe
  2⤵
  PID:2404
- C:\Windows\System\eIFYXOJ.exe
  C:\Windows\System\eIFYXOJ.exe
  2⤵
  PID:4612
- C:\Windows\System\RSwdKOS.exe
  C:\Windows\System\RSwdKOS.exe
  2⤵
  PID:6140
- C:\Windows\System\GDrSENC.exe
  C:\Windows\System\GDrSENC.exe
  2⤵
  PID:4448
- C:\Windows\System\ThCTONd.exe
  C:\Windows\System\ThCTONd.exe
  2⤵
  PID:5396
- C:\Windows\System\uNarYwI.exe
  C:\Windows\System\uNarYwI.exe
  2⤵
  PID:4396
- C:\Windows\System\GTbndVt.exe
  C:\Windows\System\GTbndVt.exe
  2⤵
  PID:5640
- C:\Windows\System\KbWNOEz.exe
  C:\Windows\System\KbWNOEz.exe
  2⤵
  PID:5620
- C:\Windows\System\CUDbLLK.exe
  C:\Windows\System\CUDbLLK.exe
  2⤵
  PID:5924
- C:\Windows\System\BxXhbrs.exe
  C:\Windows\System\BxXhbrs.exe
  2⤵
  PID:6076
- C:\Windows\System\MmfTqQU.exe
  C:\Windows\System\MmfTqQU.exe
  2⤵
  PID:4948
- C:\Windows\System\xSUBSoq.exe
  C:\Windows\System\xSUBSoq.exe
  2⤵
  PID:6104
- C:\Windows\System\wqwEOvl.exe
  C:\Windows\System\wqwEOvl.exe
  2⤵
  PID:836
- C:\Windows\System\xIaakqH.exe
  C:\Windows\System\xIaakqH.exe
  2⤵
  PID:5880
- C:\Windows\System\UiXjWhJ.exe
  C:\Windows\System\UiXjWhJ.exe
  2⤵
  PID:5912
- C:\Windows\System\YaxoDYR.exe
  C:\Windows\System\YaxoDYR.exe
  2⤵
  PID:5944
- C:\Windows\System\DCfhmiE.exe
  C:\Windows\System\DCfhmiE.exe
  2⤵
  PID:6080
- C:\Windows\System\YqbWYhG.exe
  C:\Windows\System\YqbWYhG.exe
  2⤵
  PID:5188
- C:\Windows\System\InhaEDV.exe
  C:\Windows\System\InhaEDV.exe
  2⤵
  PID:5592
- C:\Windows\System\IRhjQnE.exe
  C:\Windows\System\IRhjQnE.exe
  2⤵
  PID:5252
- C:\Windows\System\laWQkAC.exe
  C:\Windows\System\laWQkAC.exe
  2⤵
  PID:5336
- C:\Windows\System\ZSKDJST.exe
  C:\Windows\System\ZSKDJST.exe
  2⤵
  PID:5264
- C:\Windows\System\OhudmZY.exe
  C:\Windows\System\OhudmZY.exe
  2⤵
  PID:5680
- C:\Windows\System\obkPNII.exe
  C:\Windows\System\obkPNII.exe
  2⤵
  PID:6060
- C:\Windows\System\YdIQQbC.exe
  C:\Windows\System\YdIQQbC.exe
  2⤵
  PID:4344
- C:\Windows\System\EmEYgat.exe
  C:\Windows\System\EmEYgat.exe
  2⤵
  PID:1792
- C:\Windows\System\UbEOmtY.exe
  C:\Windows\System\UbEOmtY.exe
  2⤵
  PID:6052
- C:\Windows\System\fWAzUec.exe
  C:\Windows\System\fWAzUec.exe
  2⤵
  PID:5976
- C:\Windows\System\wfSUUhl.exe
  C:\Windows\System\wfSUUhl.exe
  2⤵
  PID:4240
- C:\Windows\System\FOgmIPq.exe
  C:\Windows\System\FOgmIPq.exe
  2⤵
  PID:6172
- C:\Windows\System\tFBfLAG.exe
  C:\Windows\System\tFBfLAG.exe
  2⤵
  PID:6196
- C:\Windows\System\XkmzVKz.exe
  C:\Windows\System\XkmzVKz.exe
  2⤵
  PID:6216
- C:\Windows\System\cBLRemY.exe
  C:\Windows\System\cBLRemY.exe
  2⤵
  PID:6232
- C:\Windows\System\yjgFioQ.exe
  C:\Windows\System\yjgFioQ.exe
  2⤵
  PID:6252
- C:\Windows\System\DtHnwSh.exe
  C:\Windows\System\DtHnwSh.exe
  2⤵
  PID:6268
- C:\Windows\System\YWjtxmS.exe
  C:\Windows\System\YWjtxmS.exe
  2⤵
  PID:6284
- C:\Windows\System\LmPIrXy.exe
  C:\Windows\System\LmPIrXy.exe
  2⤵
  PID:6300
- C:\Windows\System\JaCkerV.exe
  C:\Windows\System\JaCkerV.exe
  2⤵
  PID:6320
- C:\Windows\System\DySQrbL.exe
  C:\Windows\System\DySQrbL.exe
  2⤵
  PID:6340
- C:\Windows\System\nTWcLJo.exe
  C:\Windows\System\nTWcLJo.exe
  2⤵
  PID:6356
- C:\Windows\System\HHfAxps.exe
  C:\Windows\System\HHfAxps.exe
  2⤵
  PID:6380
- C:\Windows\System\jJLePAd.exe
  C:\Windows\System\jJLePAd.exe
  2⤵
  PID:6396
- C:\Windows\System\GEsBaam.exe
  C:\Windows\System\GEsBaam.exe
  2⤵
  PID:6432
- C:\Windows\System\OEtOMUu.exe
  C:\Windows\System\OEtOMUu.exe
  2⤵
  PID:6452
- C:\Windows\System\gOwRzPo.exe
  C:\Windows\System\gOwRzPo.exe
  2⤵
  PID:6468
- C:\Windows\System\bCgOKeX.exe
  C:\Windows\System\bCgOKeX.exe
  2⤵
  PID:6484
- C:\Windows\System\FLtZeml.exe
  C:\Windows\System\FLtZeml.exe
  2⤵
  PID:6504
- C:\Windows\System\HyaqudP.exe
  C:\Windows\System\HyaqudP.exe
  2⤵
  PID:6524
- C:\Windows\System\tBdztSX.exe
  C:\Windows\System\tBdztSX.exe
  2⤵
  PID:6540
- C:\Windows\System\DwAtpSb.exe
  C:\Windows\System\DwAtpSb.exe
  2⤵
  PID:6556
- C:\Windows\System\NraGXKO.exe
  C:\Windows\System\NraGXKO.exe
  2⤵
  PID:6572
- C:\Windows\System\fZjFZqa.exe
  C:\Windows\System\fZjFZqa.exe
  2⤵
  PID:6596
- C:\Windows\System\pHFMLLg.exe
  C:\Windows\System\pHFMLLg.exe
  2⤵
  PID:6640
- C:\Windows\System\TyytYJf.exe
  C:\Windows\System\TyytYJf.exe
  2⤵
  PID:6656
- C:\Windows\System\buCKTPr.exe
  C:\Windows\System\buCKTPr.exe
  2⤵
  PID:6672
- C:\Windows\System\NFSagmF.exe
  C:\Windows\System\NFSagmF.exe
  2⤵
  PID:6692
- C:\Windows\System\GUuidCX.exe
  C:\Windows\System\GUuidCX.exe
  2⤵
  PID:6708
- C:\Windows\System\hGPSmxw.exe
  C:\Windows\System\hGPSmxw.exe
  2⤵
  PID:6724
- C:\Windows\System\xATfUDo.exe
  C:\Windows\System\xATfUDo.exe
  2⤵
  PID:6744
- C:\Windows\System\JKTlFxt.exe
  C:\Windows\System\JKTlFxt.exe
  2⤵
  PID:6768
- C:\Windows\System\uDGVVuZ.exe
  C:\Windows\System\uDGVVuZ.exe
  2⤵
  PID:6784
- C:\Windows\System\QwIQxfs.exe
  C:\Windows\System\QwIQxfs.exe
  2⤵
  PID:6800
- C:\Windows\System\ExrVrcR.exe
  C:\Windows\System\ExrVrcR.exe
  2⤵
  PID:6820
- C:\Windows\System\kTbQkTH.exe
  C:\Windows\System\kTbQkTH.exe
  2⤵
  PID:6836
- C:\Windows\System\YfMmqtD.exe
  C:\Windows\System\YfMmqtD.exe
  2⤵
  PID:6856
- C:\Windows\System\WcYTKFx.exe
  C:\Windows\System\WcYTKFx.exe
  2⤵
  PID:6884
- C:\Windows\System\DeJrvEk.exe
  C:\Windows\System\DeJrvEk.exe
  2⤵
  PID:6900
- C:\Windows\System\jeKshSG.exe
  C:\Windows\System\jeKshSG.exe
  2⤵
  PID:6932
- C:\Windows\System\qnkJwrr.exe
  C:\Windows\System\qnkJwrr.exe
  2⤵
  PID:6948
- C:\Windows\System\srTVffe.exe
  C:\Windows\System\srTVffe.exe
  2⤵
  PID:6964
- C:\Windows\System\YIKlqPL.exe
  C:\Windows\System\YIKlqPL.exe
  2⤵
  PID:6988
- C:\Windows\System\QTvqFvo.exe
  C:\Windows\System\QTvqFvo.exe
  2⤵
  PID:7008
- C:\Windows\System\YxUcbyp.exe
  C:\Windows\System\YxUcbyp.exe
  2⤵
  PID:7024
- C:\Windows\System\EzJtnCt.exe
  C:\Windows\System\EzJtnCt.exe
  2⤵
  PID:7040
- C:\Windows\System\xvcMQsi.exe
  C:\Windows\System\xvcMQsi.exe
  2⤵
  PID:7056
- C:\Windows\System\LZnvvCz.exe
  C:\Windows\System\LZnvvCz.exe
  2⤵
  PID:7072
- C:\Windows\System\JYZPFCE.exe
  C:\Windows\System\JYZPFCE.exe
  2⤵
  PID:7088
- C:\Windows\System\VInSrFJ.exe
  C:\Windows\System\VInSrFJ.exe
  2⤵
  PID:7104
- C:\Windows\System\FvNiOBR.exe
  C:\Windows\System\FvNiOBR.exe
  2⤵
  PID:7132
- C:\Windows\System\NfOVcdm.exe
  C:\Windows\System\NfOVcdm.exe
  2⤵
  PID:7160
- C:\Windows\System\sqiZeUl.exe
  C:\Windows\System\sqiZeUl.exe
  2⤵
  PID:5576
- C:\Windows\System\gcLEMFs.exe
  C:\Windows\System\gcLEMFs.exe
  2⤵
  PID:4820
- C:\Windows\System\mRgaaBV.exe
  C:\Windows\System\mRgaaBV.exe
  2⤵
  PID:5128
- C:\Windows\System\lopdGmy.exe
  C:\Windows\System\lopdGmy.exe
  2⤵
  PID:6224
- C:\Windows\System\YGVzrGl.exe
  C:\Windows\System\YGVzrGl.exe
  2⤵
  PID:6296
- C:\Windows\System\jzMdEfS.exe
  C:\Windows\System\jzMdEfS.exe
  2⤵
  PID:6372
- C:\Windows\System\HFKKvYy.exe
  C:\Windows\System\HFKKvYy.exe
  2⤵
  PID:5068
- C:\Windows\System\LfEITZx.exe
  C:\Windows\System\LfEITZx.exe
  2⤵
  PID:6316
- C:\Windows\System\zoASRZc.exe
  C:\Windows\System\zoASRZc.exe
  2⤵
  PID:6348
- C:\Windows\System\cbBEGTE.exe
  C:\Windows\System\cbBEGTE.exe
  2⤵
  PID:6280
- C:\Windows\System\gVyUtAc.exe
  C:\Windows\System\gVyUtAc.exe
  2⤵
  PID:6404
- C:\Windows\System\FscYIdt.exe
  C:\Windows\System\FscYIdt.exe
  2⤵
  PID:6420
- C:\Windows\System\FLxFPof.exe
  C:\Windows\System\FLxFPof.exe
  2⤵
  PID:6464
- C:\Windows\System\hPnklYW.exe
  C:\Windows\System\hPnklYW.exe
  2⤵
  PID:6520
- C:\Windows\System\AoXrRfi.exe
  C:\Windows\System\AoXrRfi.exe
  2⤵
  PID:6496
- C:\Windows\System\qIaLcRQ.exe
  C:\Windows\System\qIaLcRQ.exe
  2⤵
  PID:6564
- C:\Windows\System\wrqSFwO.exe
  C:\Windows\System\wrqSFwO.exe
  2⤵
  PID:6616
- C:\Windows\System\BlxrtqH.exe
  C:\Windows\System\BlxrtqH.exe
  2⤵
  PID:6480
- C:\Windows\System\IHxjFLC.exe
  C:\Windows\System\IHxjFLC.exe
  2⤵
  PID:6448
- C:\Windows\System\gzDEKZk.exe
  C:\Windows\System\gzDEKZk.exe
  2⤵
  PID:6636
- C:\Windows\System\cpVOQOw.exe
  C:\Windows\System\cpVOQOw.exe
  2⤵
  PID:6668
- C:\Windows\System\hpTwksT.exe
  C:\Windows\System\hpTwksT.exe
  2⤵
  PID:6736
- C:\Windows\System\EGwiZwx.exe
  C:\Windows\System\EGwiZwx.exe
  2⤵
  PID:6812
- C:\Windows\System\QtlMmbA.exe
  C:\Windows\System\QtlMmbA.exe
  2⤵
  PID:6680
- C:\Windows\System\CMbYJUr.exe
  C:\Windows\System\CMbYJUr.exe
  2⤵
  PID:6832
- C:\Windows\System\njtvFga.exe
  C:\Windows\System\njtvFga.exe
  2⤵
  PID:6976
- C:\Windows\System\ExxfwLh.exe
  C:\Windows\System\ExxfwLh.exe
  2⤵
  PID:6920
- C:\Windows\System\FiTHqeK.exe
  C:\Windows\System\FiTHqeK.exe
  2⤵
  PID:6956
- C:\Windows\System\MOiaqIK.exe
  C:\Windows\System\MOiaqIK.exe
  2⤵
  PID:7096
- C:\Windows\System\jVoTSBR.exe
  C:\Windows\System\jVoTSBR.exe
  2⤵
  PID:7020
- C:\Windows\System\QKsllkn.exe
  C:\Windows\System\QKsllkn.exe
  2⤵
  PID:7032
- C:\Windows\System\JcjvBrN.exe
  C:\Windows\System\JcjvBrN.exe
  2⤵
  PID:7048
- C:\Windows\System\RehDZxy.exe
  C:\Windows\System\RehDZxy.exe
  2⤵
  PID:5440
- C:\Windows\System\nLCVVVV.exe
  C:\Windows\System\nLCVVVV.exe
  2⤵
  PID:7152
- C:\Windows\System\CcTQJUh.exe
  C:\Windows\System\CcTQJUh.exe
  2⤵
  PID:5800
- C:\Windows\System\bdcgmuy.exe
  C:\Windows\System\bdcgmuy.exe
  2⤵
  PID:6292
- C:\Windows\System\xroAkRI.exe
  C:\Windows\System\xroAkRI.exe
  2⤵
  PID:6328
- C:\Windows\System\soRxOoH.exe
  C:\Windows\System\soRxOoH.exe
  2⤵
  PID:6156
- C:\Windows\System\sRFHZlV.exe
  C:\Windows\System\sRFHZlV.exe
  2⤵
  PID:6428
- C:\Windows\System\sXJCHCl.exe
  C:\Windows\System\sXJCHCl.exe
  2⤵
  PID:6612
- C:\Windows\System\aRVwrMV.exe
  C:\Windows\System\aRVwrMV.exe
  2⤵
  PID:6476
- C:\Windows\System\PMUbajp.exe
  C:\Windows\System\PMUbajp.exe
  2⤵
  PID:6392
- C:\Windows\System\mbtKRUA.exe
  C:\Windows\System\mbtKRUA.exe
  2⤵
  PID:6516
- C:\Windows\System\XLhJqgq.exe
  C:\Windows\System\XLhJqgq.exe
  2⤵
  PID:6580
- C:\Windows\System\HJGhcUG.exe
  C:\Windows\System\HJGhcUG.exe
  2⤵
  PID:6308
- C:\Windows\System\FIClLpo.exe
  C:\Windows\System\FIClLpo.exe
  2⤵
  PID:6208
- C:\Windows\System\uNVeoRj.exe
  C:\Windows\System\uNVeoRj.exe
  2⤵
  PID:6828
- C:\Windows\System\AwDgxnY.exe
  C:\Windows\System\AwDgxnY.exe
  2⤵
  PID:6688
- C:\Windows\System\mJPxdFi.exe
  C:\Windows\System\mJPxdFi.exe
  2⤵
  PID:6764
- C:\Windows\System\NXmQVGz.exe
  C:\Windows\System\NXmQVGz.exe
  2⤵
  PID:6944
- C:\Windows\System\vLpCxzv.exe
  C:\Windows\System\vLpCxzv.exe
  2⤵
  PID:7000
- C:\Windows\System\BMHoIiV.exe
  C:\Windows\System\BMHoIiV.exe
  2⤵
  PID:7068
- C:\Windows\System\sCCPHrt.exe
  C:\Windows\System\sCCPHrt.exe
  2⤵
  PID:7004
- C:\Windows\System\CitWkqG.exe
  C:\Windows\System\CitWkqG.exe
  2⤵
  PID:5016
- C:\Windows\System\NPzSloY.exe
  C:\Windows\System\NPzSloY.exe
  2⤵
  PID:4868
- C:\Windows\System\zcIIQwW.exe
  C:\Windows\System\zcIIQwW.exe
  2⤵
  PID:4816
- C:\Windows\System\LRfolEP.exe
  C:\Windows\System\LRfolEP.exe
  2⤵
  PID:6160
- C:\Windows\System\OdfXUXG.exe
  C:\Windows\System\OdfXUXG.exe
  2⤵
  PID:2988
- C:\Windows\System\ghBXwKe.exe
  C:\Windows\System\ghBXwKe.exe
  2⤵
  PID:6352
- C:\Windows\System\DHszWTv.exe
  C:\Windows\System\DHszWTv.exe
  2⤵
  PID:5916
- C:\Windows\System\QmVjDWq.exe
  C:\Windows\System\QmVjDWq.exe
  2⤵
  PID:6212
- C:\Windows\System\FGuiVvO.exe
  C:\Windows\System\FGuiVvO.exe
  2⤵
  PID:6588
- C:\Windows\System\nfsEbQV.exe
  C:\Windows\System\nfsEbQV.exe
  2⤵
  PID:6684
- C:\Windows\System\gtTCpZZ.exe
  C:\Windows\System\gtTCpZZ.exe
  2⤵
  PID:6716
- C:\Windows\System\fAHbKuy.exe
  C:\Windows\System\fAHbKuy.exe
  2⤵
  PID:6896
- C:\Windows\System\USAjovF.exe
  C:\Windows\System\USAjovF.exe
  2⤵
  PID:6864
- C:\Windows\System\akCIJZj.exe
  C:\Windows\System\akCIJZj.exe
  2⤵
  PID:7148
- C:\Windows\System\IJwtqwP.exe
  C:\Windows\System\IJwtqwP.exe
  2⤵
  PID:6368
- C:\Windows\System\ueUjahR.exe
  C:\Windows\System\ueUjahR.exe
  2⤵
  PID:7176
- C:\Windows\System\KCsyqMM.exe
  C:\Windows\System\KCsyqMM.exe
  2⤵
  PID:7192
- C:\Windows\System\MvHlKfU.exe
  C:\Windows\System\MvHlKfU.exe
  2⤵
  PID:7208
- C:\Windows\System\KjNTBZA.exe
  C:\Windows\System\KjNTBZA.exe
  2⤵
  PID:7240
- C:\Windows\System\voFXcWG.exe
  C:\Windows\System\voFXcWG.exe
  2⤵
  PID:7256
- C:\Windows\System\YxGRNOe.exe
  C:\Windows\System\YxGRNOe.exe
  2⤵
  PID:7276
- C:\Windows\System\HMbEVCB.exe
  C:\Windows\System\HMbEVCB.exe
  2⤵
  PID:7292
- C:\Windows\System\kQJzzzG.exe
  C:\Windows\System\kQJzzzG.exe
  2⤵
  PID:7308
- C:\Windows\System\RjDjzlv.exe
  C:\Windows\System\RjDjzlv.exe
  2⤵
  PID:7324
- C:\Windows\System\TmYFUOv.exe
  C:\Windows\System\TmYFUOv.exe
  2⤵
  PID:7344
- C:\Windows\System\AiyaRSq.exe
  C:\Windows\System\AiyaRSq.exe
  2⤵
  PID:7368
- C:\Windows\System\LpSjbuS.exe
  C:\Windows\System\LpSjbuS.exe
  2⤵
  PID:7404
- C:\Windows\System\gOiWMGK.exe
  C:\Windows\System\gOiWMGK.exe
  2⤵
  PID:7420
- C:\Windows\System\XvhOBeQ.exe
  C:\Windows\System\XvhOBeQ.exe
  2⤵
  PID:7460
- C:\Windows\System\LqUobhM.exe
  C:\Windows\System\LqUobhM.exe
  2⤵
  PID:7484
- C:\Windows\System\YNFGJrq.exe
  C:\Windows\System\YNFGJrq.exe
  2⤵
  PID:7512
- C:\Windows\System\zIHJBST.exe
  C:\Windows\System\zIHJBST.exe
  2⤵
  PID:7532
- C:\Windows\System\SGaDxJm.exe
  C:\Windows\System\SGaDxJm.exe
  2⤵
  PID:7552
- C:\Windows\System\vIQKGKO.exe
  C:\Windows\System\vIQKGKO.exe
  2⤵
  PID:7572
- C:\Windows\System\bznoifR.exe
  C:\Windows\System\bznoifR.exe
  2⤵
  PID:7588
- C:\Windows\System\RDJsBbK.exe
  C:\Windows\System\RDJsBbK.exe
  2⤵
  PID:7608
- C:\Windows\System\mqbBYnl.exe
  C:\Windows\System\mqbBYnl.exe
  2⤵
  PID:7628
- C:\Windows\System\traRxuS.exe
  C:\Windows\System\traRxuS.exe
  2⤵
  PID:7648
- C:\Windows\System\drrPLDi.exe
  C:\Windows\System\drrPLDi.exe
  2⤵
  PID:7672
- C:\Windows\System\DKQJxoS.exe
  C:\Windows\System\DKQJxoS.exe
  2⤵
  PID:7696
- C:\Windows\System\vzteRom.exe
  C:\Windows\System\vzteRom.exe
  2⤵
  PID:7712
- C:\Windows\System\kiJlWJV.exe
  C:\Windows\System\kiJlWJV.exe
  2⤵
  PID:7728
- C:\Windows\System\WOHtIsF.exe
  C:\Windows\System\WOHtIsF.exe
  2⤵
  PID:7748
- C:\Windows\System\hJLrsVZ.exe
  C:\Windows\System\hJLrsVZ.exe
  2⤵
  PID:7776
- C:\Windows\System\CbUfymE.exe
  C:\Windows\System\CbUfymE.exe
  2⤵
  PID:7796
- C:\Windows\System\SdLsgTe.exe
  C:\Windows\System\SdLsgTe.exe
  2⤵
  PID:7816
- C:\Windows\System\voMeSve.exe
  C:\Windows\System\voMeSve.exe
  2⤵
  PID:7836
- C:\Windows\System\QrvUpaV.exe
  C:\Windows\System\QrvUpaV.exe
  2⤵
  PID:7856
- C:\Windows\System\ZdJEkTc.exe
  C:\Windows\System\ZdJEkTc.exe
  2⤵
  PID:7880
- C:\Windows\System\VKVOCYb.exe
  C:\Windows\System\VKVOCYb.exe
  2⤵
  PID:7904
- C:\Windows\System\BiHTuVK.exe
  C:\Windows\System\BiHTuVK.exe
  2⤵
  PID:7924
- C:\Windows\System\SpBYUhe.exe
  C:\Windows\System\SpBYUhe.exe
  2⤵
  PID:7940
- C:\Windows\System\nNcswTn.exe
  C:\Windows\System\nNcswTn.exe
  2⤵
  PID:7960
- C:\Windows\System\XueOPLu.exe
  C:\Windows\System\XueOPLu.exe
  2⤵
  PID:7984
- C:\Windows\System\KeBonrq.exe
  C:\Windows\System\KeBonrq.exe
  2⤵
  PID:8004
- C:\Windows\System\GTGpIAQ.exe
  C:\Windows\System\GTGpIAQ.exe
  2⤵
  PID:8024
- C:\Windows\System\DuaiofB.exe
  C:\Windows\System\DuaiofB.exe
  2⤵
  PID:8040
- C:\Windows\System\IjxfwHN.exe
  C:\Windows\System\IjxfwHN.exe
  2⤵
  PID:8064
- C:\Windows\System\GECZnRn.exe
  C:\Windows\System\GECZnRn.exe
  2⤵
  PID:8080
- C:\Windows\System\hWciWUY.exe
  C:\Windows\System\hWciWUY.exe
  2⤵
  PID:8104
- C:\Windows\System\qPkOlia.exe
  C:\Windows\System\qPkOlia.exe
  2⤵
  PID:8124
- C:\Windows\System\RQtyfdB.exe
  C:\Windows\System\RQtyfdB.exe
  2⤵
  PID:8144
- C:\Windows\System\QTBwLbx.exe
  C:\Windows\System\QTBwLbx.exe
  2⤵
  PID:8164
- C:\Windows\System\wpgDKRi.exe
  C:\Windows\System\wpgDKRi.exe
  2⤵
  PID:8180
- C:\Windows\System\pAYSptr.exe
  C:\Windows\System\pAYSptr.exe
  2⤵
  PID:6412
- C:\Windows\System\MBCioel.exe
  C:\Windows\System\MBCioel.exe
  2⤵
  PID:6960
- C:\Windows\System\uQITMzi.exe
  C:\Windows\System\uQITMzi.exe
  2⤵
  PID:7204
- C:\Windows\System\zHMchLu.exe
  C:\Windows\System\zHMchLu.exe
  2⤵
  PID:7288
- C:\Windows\System\WQZKujS.exe
  C:\Windows\System\WQZKujS.exe
  2⤵
  PID:6940
- C:\Windows\System\mnJmUjI.exe
  C:\Windows\System\mnJmUjI.exe
  2⤵
  PID:7364
- C:\Windows\System\rSHnUNK.exe
  C:\Windows\System\rSHnUNK.exe
  2⤵
  PID:7300
- C:\Windows\System\eEhwrxk.exe
  C:\Windows\System\eEhwrxk.exe
  2⤵
  PID:7052
- C:\Windows\System\iiadZSL.exe
  C:\Windows\System\iiadZSL.exe
  2⤵
  PID:7480
- C:\Windows\System\xNacTcJ.exe
  C:\Windows\System\xNacTcJ.exe
  2⤵
  PID:6248
- C:\Windows\System\CrXMTeR.exe
  C:\Windows\System\CrXMTeR.exe
  2⤵
  PID:6512
- C:\Windows\System\VQVUcAT.exe
  C:\Windows\System\VQVUcAT.exe
  2⤵
  PID:6260
- C:\Windows\System\qsffuKu.exe
  C:\Windows\System\qsffuKu.exe
  2⤵
  PID:7220
- C:\Windows\System\WDAmMgK.exe
  C:\Windows\System\WDAmMgK.exe
  2⤵
  PID:7264
- C:\Windows\System\iMkllbp.exe
  C:\Windows\System\iMkllbp.exe
  2⤵
  PID:7332
- C:\Windows\System\aeDMBXv.exe
  C:\Windows\System\aeDMBXv.exe
  2⤵
  PID:7444
- C:\Windows\System\FYFSjRu.exe
  C:\Windows\System\FYFSjRu.exe
  2⤵
  PID:7396
- C:\Windows\System\VGCYQau.exe
  C:\Windows\System\VGCYQau.exe
  2⤵
  PID:6852
- C:\Windows\System\rwdiJSM.exe
  C:\Windows\System\rwdiJSM.exe
  2⤵
  PID:6848
- C:\Windows\System\kbEXzUb.exe
  C:\Windows\System\kbEXzUb.exe
  2⤵
  PID:7144
- C:\Windows\System\WinfxXo.exe
  C:\Windows\System\WinfxXo.exe
  2⤵
  PID:7640
- C:\Windows\System\lrFJpWI.exe
  C:\Windows\System\lrFJpWI.exe
  2⤵
  PID:7692
- C:\Windows\System\XOsGVyv.exe
  C:\Windows\System\XOsGVyv.exe
  2⤵
  PID:7720
- C:\Windows\System\QDcXwow.exe
  C:\Windows\System\QDcXwow.exe
  2⤵
  PID:7624
- C:\Windows\System\FbfQmYm.exe
  C:\Windows\System\FbfQmYm.exe
  2⤵
  PID:7660
- C:\Windows\System\oRSxgGy.exe
  C:\Windows\System\oRSxgGy.exe
  2⤵
  PID:7744
- C:\Windows\System\SmVNPtS.exe
  C:\Windows\System\SmVNPtS.exe
  2⤵
  PID:7764
- C:\Windows\System\xYDlwcf.exe
  C:\Windows\System\xYDlwcf.exe
  2⤵
  PID:7784
- C:\Windows\System\AVsipRa.exe
  C:\Windows\System\AVsipRa.exe
  2⤵
  PID:7808
- C:\Windows\System\Npubxus.exe
  C:\Windows\System\Npubxus.exe
  2⤵
  PID:7828
- C:\Windows\System\FGMvOCb.exe
  C:\Windows\System\FGMvOCb.exe
  2⤵
  PID:7868
- C:\Windows\System\xrIdzex.exe
  C:\Windows\System\xrIdzex.exe
  2⤵
  PID:7968
- C:\Windows\System\EhvVkaM.exe
  C:\Windows\System\EhvVkaM.exe
  2⤵
  PID:7952
- C:\Windows\System\lQmSugq.exe
  C:\Windows\System\lQmSugq.exe
  2⤵
  PID:8000
- C:\Windows\System\cyhmmiQ.exe
  C:\Windows\System\cyhmmiQ.exe
  2⤵
  PID:8032
- C:\Windows\System\REgTTFc.exe
  C:\Windows\System\REgTTFc.exe
  2⤵
  PID:8088
- C:\Windows\System\MMMEsHd.exe
  C:\Windows\System\MMMEsHd.exe
  2⤵
  PID:8072
- C:\Windows\System\QpWhcQM.exe
  C:\Windows\System\QpWhcQM.exe
  2⤵
  PID:8136
- C:\Windows\System\RRcHWZp.exe
  C:\Windows\System\RRcHWZp.exe
  2⤵
  PID:6876
- C:\Windows\System\lfCgoFU.exe
  C:\Windows\System\lfCgoFU.exe
  2⤵
  PID:6880
- C:\Windows\System\NKQpirP.exe
  C:\Windows\System\NKQpirP.exe
  2⤵
  PID:7248
- C:\Windows\System\ZFLTVfK.exe
  C:\Windows\System\ZFLTVfK.exe
  2⤵
  PID:6980
- C:\Windows\System\hLfoULG.exe
  C:\Windows\System\hLfoULG.exe
  2⤵
  PID:7452
- C:\Windows\System\vyymyVL.exe
  C:\Windows\System\vyymyVL.exe
  2⤵
  PID:7472
- C:\Windows\System\PHKazdM.exe
  C:\Windows\System\PHKazdM.exe
  2⤵
  PID:7476
- C:\Windows\System\NezdcUc.exe
  C:\Windows\System\NezdcUc.exe
  2⤵
  PID:7340
- C:\Windows\System\UscTgct.exe
  C:\Windows\System\UscTgct.exe
  2⤵
  PID:7428
- C:\Windows\System\JTtZHYn.exe
  C:\Windows\System\JTtZHYn.exe
  2⤵
  PID:7504
- C:\Windows\System\ybnZUCM.exe
  C:\Windows\System\ybnZUCM.exe
  2⤵
  PID:7568
- C:\Windows\System\fonsJnR.exe
  C:\Windows\System\fonsJnR.exe
  2⤵
  PID:1572
- C:\Windows\System\igJllCa.exe
  C:\Windows\System\igJllCa.exe
  2⤵
  PID:6756
- C:\Windows\System\PSCMYDj.exe
  C:\Windows\System\PSCMYDj.exe
  2⤵
  PID:7872
- C:\Windows\System\DbFitda.exe
  C:\Windows\System\DbFitda.exe
  2⤵
  PID:7864
- C:\Windows\System\eZzACsC.exe
  C:\Windows\System\eZzACsC.exe
  2⤵
  PID:7616
- C:\Windows\System\GIPyZyH.exe
  C:\Windows\System\GIPyZyH.exe
  2⤵
  PID:7832
- C:\Windows\System\MGKzRuk.exe
  C:\Windows\System\MGKzRuk.exe
  2⤵
  PID:7996
- C:\Windows\System\NePVntQ.exe
  C:\Windows\System\NePVntQ.exe
  2⤵
  PID:8056
- C:\Windows\System\OfuTCFS.exe
  C:\Windows\System\OfuTCFS.exe
  2⤵
  PID:8132
- C:\Windows\System\bBGPNlY.exe
  C:\Windows\System\bBGPNlY.exe
  2⤵
  PID:7172
- C:\Windows\System\sIfDylS.exe
  C:\Windows\System\sIfDylS.exe
  2⤵
  PID:8152
- C:\Windows\System\mjuJWPj.exe
  C:\Windows\System\mjuJWPj.exe
  2⤵
  PID:5368
- C:\Windows\System\SxdXWVv.exe
  C:\Windows\System\SxdXWVv.exe
  2⤵
  PID:7080
- C:\Windows\System\HRWLQkU.exe
  C:\Windows\System\HRWLQkU.exe
  2⤵
  PID:7384
- C:\Windows\System\EkBAixI.exe
  C:\Windows\System\EkBAixI.exe
  2⤵
  PID:6388
- C:\Windows\System\JAaWXAL.exe
  C:\Windows\System\JAaWXAL.exe
  2⤵
  PID:7436
- C:\Windows\System\bwLhdoW.exe
  C:\Windows\System\bwLhdoW.exe
  2⤵
  PID:7772
- C:\Windows\System\HdgDNQs.exe
  C:\Windows\System\HdgDNQs.exe
  2⤵
  PID:7848
- C:\Windows\System\vMmSQmw.exe
  C:\Windows\System\vMmSQmw.exe
  2⤵
  PID:7892
- C:\Windows\System\NHSacwf.exe
  C:\Windows\System\NHSacwf.exe
  2⤵
  PID:7972
- C:\Windows\System\DWNfxhP.exe
  C:\Windows\System\DWNfxhP.exe
  2⤵
  PID:7804
- C:\Windows\System\bIPaswm.exe
  C:\Windows\System\bIPaswm.exe
  2⤵
  PID:8020
- C:\Windows\System\faMyblN.exe
  C:\Windows\System\faMyblN.exe
  2⤵
  PID:8016
- C:\Windows\System\IhwAwBo.exe
  C:\Windows\System\IhwAwBo.exe
  2⤵
  PID:8120
- C:\Windows\System\UEMQmgM.exe
  C:\Windows\System\UEMQmgM.exe
  2⤵
  PID:7380
- C:\Windows\System\vAbgtez.exe
  C:\Windows\System\vAbgtez.exe
  2⤵
  PID:7600
- C:\Windows\System\xChlpyz.exe
  C:\Windows\System\xChlpyz.exe
  2⤵
  PID:7432
- C:\Windows\System\OaLQzwG.exe
  C:\Windows\System\OaLQzwG.exe
  2⤵
  PID:7684
- C:\Windows\System\EeqZckX.exe
  C:\Windows\System\EeqZckX.exe
  2⤵
  PID:6168
- C:\Windows\System\iStXjWK.exe
  C:\Windows\System\iStXjWK.exe
  2⤵
  PID:7580
- C:\Windows\System\NSFOuCK.exe
  C:\Windows\System\NSFOuCK.exe
  2⤵
  PID:7216
- C:\Windows\System\NjgVfrI.exe
  C:\Windows\System\NjgVfrI.exe
  2⤵
  PID:7352
- C:\Windows\System\HYneIBo.exe
  C:\Windows\System\HYneIBo.exe
  2⤵
  PID:8188
- C:\Windows\System\SIQTMmK.exe
  C:\Windows\System\SIQTMmK.exe
  2⤵
  PID:7520
- C:\Windows\System\xQwanec.exe
  C:\Windows\System\xQwanec.exe
  2⤵
  PID:7528
- C:\Windows\System\KcTGFWZ.exe
  C:\Windows\System\KcTGFWZ.exe
  2⤵
  PID:7740
- C:\Windows\System\ibdnigx.exe
  C:\Windows\System\ibdnigx.exe
  2⤵
  PID:7644
- C:\Windows\System\DylwdiD.exe
  C:\Windows\System\DylwdiD.exe
  2⤵
  PID:7916
- C:\Windows\System\ivevFVn.exe
  C:\Windows\System\ivevFVn.exe
  2⤵
  PID:8096
- C:\Windows\System\QyTDTKm.exe
  C:\Windows\System\QyTDTKm.exe
  2⤵
  PID:7456
- C:\Windows\System\VSpnKex.exe
  C:\Windows\System\VSpnKex.exe
  2⤵
  PID:8220
- C:\Windows\System\wjIMAak.exe
  C:\Windows\System\wjIMAak.exe
  2⤵
  PID:8240
- C:\Windows\System\bzHEoSj.exe
  C:\Windows\System\bzHEoSj.exe
  2⤵
  PID:8256
- C:\Windows\System\HTkEelS.exe
  C:\Windows\System\HTkEelS.exe
  2⤵
  PID:8272
- C:\Windows\System\ewHvRRq.exe
  C:\Windows\System\ewHvRRq.exe
  2⤵
  PID:8292
- C:\Windows\System\aRBDrlE.exe
  C:\Windows\System\aRBDrlE.exe
  2⤵
  PID:8312
- C:\Windows\System\BiFSdnD.exe
  C:\Windows\System\BiFSdnD.exe
  2⤵
  PID:8328
- C:\Windows\System\SGtiGoq.exe
  C:\Windows\System\SGtiGoq.exe
  2⤵
  PID:8348
- C:\Windows\System\NvpZQCL.exe
  C:\Windows\System\NvpZQCL.exe
  2⤵
  PID:8364
- C:\Windows\System\FlXtPKx.exe
  C:\Windows\System\FlXtPKx.exe
  2⤵
  PID:8380
- C:\Windows\System\BTBpXQK.exe
  C:\Windows\System\BTBpXQK.exe
  2⤵
  PID:8396
- C:\Windows\System\ArKVcKb.exe
  C:\Windows\System\ArKVcKb.exe
  2⤵
  PID:8412
- C:\Windows\System\zcGffro.exe
  C:\Windows\System\zcGffro.exe
  2⤵
  PID:8428
- C:\Windows\System\uWvtIkU.exe
  C:\Windows\System\uWvtIkU.exe
  2⤵
  PID:8444
- C:\Windows\System\hbHpxtv.exe
  C:\Windows\System\hbHpxtv.exe
  2⤵
  PID:8500
- C:\Windows\System\XYhabGn.exe
  C:\Windows\System\XYhabGn.exe
  2⤵
  PID:8520
- C:\Windows\System\aKmojtj.exe
  C:\Windows\System\aKmojtj.exe
  2⤵
  PID:8536
- C:\Windows\System\HFLYZcx.exe
  C:\Windows\System\HFLYZcx.exe
  2⤵
  PID:8556
- C:\Windows\System\EmHUOGF.exe
  C:\Windows\System\EmHUOGF.exe
  2⤵
  PID:8580
- C:\Windows\System\PzrNuKD.exe
  C:\Windows\System\PzrNuKD.exe
  2⤵
  PID:8596
- C:\Windows\System\CnSTtIQ.exe
  C:\Windows\System\CnSTtIQ.exe
  2⤵
  PID:8612
- C:\Windows\System\uKbDtFA.exe
  C:\Windows\System\uKbDtFA.exe
  2⤵
  PID:8632
- C:\Windows\System\FrjYWBU.exe
  C:\Windows\System\FrjYWBU.exe
  2⤵
  PID:8652
- C:\Windows\System\RETKrGQ.exe
  C:\Windows\System\RETKrGQ.exe
  2⤵
  PID:8672
- C:\Windows\System\GFnePCy.exe
  C:\Windows\System\GFnePCy.exe
  2⤵
  PID:8696
- C:\Windows\System\ZPbUekG.exe
  C:\Windows\System\ZPbUekG.exe
  2⤵
  PID:8712
- C:\Windows\System\NGSHWZw.exe
  C:\Windows\System\NGSHWZw.exe
  2⤵
  PID:8728
- C:\Windows\System\lNZqAxc.exe
  C:\Windows\System\lNZqAxc.exe
  2⤵
  PID:8744
- C:\Windows\System\ksYSlbA.exe
  C:\Windows\System\ksYSlbA.exe
  2⤵
  PID:8760
- C:\Windows\System\mrGfPhD.exe
  C:\Windows\System\mrGfPhD.exe
  2⤵
  PID:8780
- C:\Windows\System\Fctmjaa.exe
  C:\Windows\System\Fctmjaa.exe
  2⤵
  PID:8796
- C:\Windows\System\BUmwNTE.exe
  C:\Windows\System\BUmwNTE.exe
  2⤵
  PID:8824
- C:\Windows\System\qalLjGf.exe
  C:\Windows\System\qalLjGf.exe
  2⤵
  PID:8864
- C:\Windows\System\iOcDgUK.exe
  C:\Windows\System\iOcDgUK.exe
  2⤵
  PID:8880
- C:\Windows\System\wtfHZdc.exe
  C:\Windows\System\wtfHZdc.exe
  2⤵
  PID:8900
- C:\Windows\System\YfnpHru.exe
  C:\Windows\System\YfnpHru.exe
  2⤵
  PID:8920
- C:\Windows\System\OGgCNPY.exe
  C:\Windows\System\OGgCNPY.exe
  2⤵
  PID:8936
- C:\Windows\System\XRXNnlj.exe
  C:\Windows\System\XRXNnlj.exe
  2⤵
  PID:8956
- C:\Windows\System\pgWVvXL.exe
  C:\Windows\System\pgWVvXL.exe
  2⤵
  PID:8972
- C:\Windows\System\KHNtlsO.exe
  C:\Windows\System\KHNtlsO.exe
  2⤵
  PID:8996
- C:\Windows\System\bJJcEyS.exe
  C:\Windows\System\bJJcEyS.exe
  2⤵
  PID:9012
- C:\Windows\System\yNrsWHH.exe
  C:\Windows\System\yNrsWHH.exe
  2⤵
  PID:9044
- C:\Windows\System\PSNMaFR.exe
  C:\Windows\System\PSNMaFR.exe
  2⤵
  PID:9068
- C:\Windows\System\PyjraQt.exe
  C:\Windows\System\PyjraQt.exe
  2⤵
  PID:9084
- C:\Windows\System\DUdlSas.exe
  C:\Windows\System\DUdlSas.exe
  2⤵
  PID:9100
- C:\Windows\System\ogtkEiI.exe
  C:\Windows\System\ogtkEiI.exe
  2⤵
  PID:9124
- C:\Windows\System\KRfJTQD.exe
  C:\Windows\System\KRfJTQD.exe
  2⤵
  PID:9140
- C:\Windows\System\KGfBSYc.exe
  C:\Windows\System\KGfBSYc.exe
  2⤵
  PID:9172
- C:\Windows\System\jOBfIPn.exe
  C:\Windows\System\jOBfIPn.exe
  2⤵
  PID:9188
- C:\Windows\System\OavFhsz.exe
  C:\Windows\System\OavFhsz.exe
  2⤵
  PID:9204
- C:\Windows\System\xmzxsgX.exe
  C:\Windows\System\xmzxsgX.exe
  2⤵
  PID:7268
- C:\Windows\System\VcOiOJb.exe
  C:\Windows\System\VcOiOJb.exe
  2⤵
  PID:8172
- C:\Windows\System\wVbKpry.exe
  C:\Windows\System\wVbKpry.exe
  2⤵
  PID:8200
- C:\Windows\System\WJxJnpa.exe
  C:\Windows\System\WJxJnpa.exe
  2⤵
  PID:8216
- C:\Windows\System\OGjJPQn.exe
  C:\Windows\System\OGjJPQn.exe
  2⤵
  PID:8232
- C:\Windows\System\WVQYlkm.exe
  C:\Windows\System\WVQYlkm.exe
  2⤵
  PID:8248
- C:\Windows\System\GgqHHcB.exe
  C:\Windows\System\GgqHHcB.exe
  2⤵
  PID:8288
- C:\Windows\System\dNsopcW.exe
  C:\Windows\System\dNsopcW.exe
  2⤵
  PID:8356
- C:\Windows\System\feCJjQc.exe
  C:\Windows\System\feCJjQc.exe
  2⤵
  PID:8420
- C:\Windows\System\NuDSKLz.exe
  C:\Windows\System\NuDSKLz.exe
  2⤵
  PID:8460
- C:\Windows\System\VKaeHcX.exe
  C:\Windows\System\VKaeHcX.exe
  2⤵
  PID:8308
- C:\Windows\System\TdXxgxj.exe
  C:\Windows\System\TdXxgxj.exe
  2⤵
  PID:8340
- C:\Windows\System\qQfVnxg.exe
  C:\Windows\System\qQfVnxg.exe
  2⤵
  PID:8440
- C:\Windows\System\bfJhiQF.exe
  C:\Windows\System\bfJhiQF.exe
  2⤵
  PID:8488
- C:\Windows\System\LOtrOik.exe
  C:\Windows\System\LOtrOik.exe
  2⤵
  PID:8512
- C:\Windows\System\lYSICaT.exe
  C:\Windows\System\lYSICaT.exe
  2⤵
  PID:8568
- C:\Windows\System\VpohKoL.exe
  C:\Windows\System\VpohKoL.exe
  2⤵
  PID:8608
- C:\Windows\System\RVHjYEU.exe
  C:\Windows\System\RVHjYEU.exe
  2⤵
  PID:8680
- C:\Windows\System\JnQkUGd.exe
  C:\Windows\System\JnQkUGd.exe
  2⤵
  PID:8620
- C:\Windows\System\kWsThgE.exe
  C:\Windows\System\kWsThgE.exe
  2⤵
  PID:8768
- C:\Windows\System\MZeNsGQ.exe
  C:\Windows\System\MZeNsGQ.exe
  2⤵
  PID:8720
- C:\Windows\System\phdKflv.exe
  C:\Windows\System\phdKflv.exe
  2⤵
  PID:8792
- C:\Windows\System\NfOXtcv.exe
  C:\Windows\System\NfOXtcv.exe
  2⤵
  PID:8812
- C:\Windows\System\DzkdlYb.exe
  C:\Windows\System\DzkdlYb.exe
  2⤵
  PID:8876
- C:\Windows\System\KELCOvr.exe
  C:\Windows\System\KELCOvr.exe
  2⤵
  PID:7736
- C:\Windows\System\bCyudOq.exe
  C:\Windows\System\bCyudOq.exe
  2⤵
  PID:8948
- C:\Windows\System\DmRpuJC.exe
  C:\Windows\System\DmRpuJC.exe
  2⤵
  PID:8984
- C:\Windows\System\jlAnQWX.exe
  C:\Windows\System\jlAnQWX.exe
  2⤵
  PID:9024
- C:\Windows\System\bEMrevk.exe
  C:\Windows\System\bEMrevk.exe
  2⤵
  PID:9040
- C:\Windows\System\JbDLNVX.exe
  C:\Windows\System\JbDLNVX.exe
  2⤵
  PID:9080
- C:\Windows\System\IlchwHM.exe
  C:\Windows\System\IlchwHM.exe
  2⤵
  PID:9132
- C:\Windows\System\YrOeHza.exe
  C:\Windows\System\YrOeHza.exe
  2⤵
  PID:9148
- C:\Windows\System\DfJGBuP.exe
  C:\Windows\System\DfJGBuP.exe
  2⤵
  PID:9160
- C:\Windows\System\FPYWsZn.exe
  C:\Windows\System\FPYWsZn.exe
  2⤵
  PID:9196
- C:\Windows\System\SkpmJhu.exe
  C:\Windows\System\SkpmJhu.exe
  2⤵
  PID:7548
- C:\Windows\System\RHvmQGG.exe
  C:\Windows\System\RHvmQGG.exe
  2⤵
  PID:7184
- C:\Windows\System\AfgUtgN.exe
  C:\Windows\System\AfgUtgN.exe
  2⤵
  PID:8264
- C:\Windows\System\obwKcVD.exe
  C:\Windows\System\obwKcVD.exe
  2⤵
  PID:8464
- C:\Windows\System\JwYXDhX.exe
  C:\Windows\System\JwYXDhX.exe
  2⤵
  PID:8324
- C:\Windows\System\GekouBF.exe
  C:\Windows\System\GekouBF.exe
  2⤵
  PID:8452
- C:\Windows\System\PkqoPvo.exe
  C:\Windows\System\PkqoPvo.exe
  2⤵
  PID:8576
- C:\Windows\System\NzMTvza.exe
  C:\Windows\System\NzMTvza.exe
  2⤵
  PID:8564
- C:\Windows\System\AsQmpAL.exe
  C:\Windows\System\AsQmpAL.exe
  2⤵
  PID:8552
- C:\Windows\System\CsnQbMm.exe
  C:\Windows\System\CsnQbMm.exe
  2⤵
  PID:8644
- C:\Windows\System\krsrBJF.exe
  C:\Windows\System\krsrBJF.exe
  2⤵
  PID:8788
- C:\Windows\System\EUrtxdD.exe
  C:\Windows\System\EUrtxdD.exe
  2⤵
  PID:8836
- C:\Windows\System\aKmhWsH.exe
  C:\Windows\System\aKmhWsH.exe
  2⤵
  PID:8848
- C:\Windows\System\pjejwYu.exe
  C:\Windows\System\pjejwYu.exe
  2⤵
  PID:8888
- C:\Windows\System\JMxuPlS.exe
  C:\Windows\System\JMxuPlS.exe
  2⤵
  PID:8968
- C:\Windows\System\ZQbyBxi.exe
  C:\Windows\System\ZQbyBxi.exe
  2⤵
  PID:8952
- C:\Windows\System\pjvZyHG.exe
  C:\Windows\System\pjvZyHG.exe
  2⤵
  PID:9052
- C:\Windows\System\XTzaBSh.exe
  C:\Windows\System\XTzaBSh.exe
  2⤵
  PID:9120
- C:\Windows\System\mLCUVYJ.exe
  C:\Windows\System\mLCUVYJ.exe
  2⤵
  PID:9200
- C:\Windows\System\vPdjBrN.exe
  C:\Windows\System\vPdjBrN.exe
  2⤵
  PID:9060
- C:\Windows\System\jZgxyti.exe
  C:\Windows\System\jZgxyti.exe
  2⤵
  PID:8896
- C:\Windows\System\IGenotQ.exe
  C:\Windows\System\IGenotQ.exe
  2⤵
  PID:8436
- C:\Windows\System\NCLAHUe.exe
  C:\Windows\System\NCLAHUe.exe
  2⤵
  PID:8392
- C:\Windows\System\LZrBFqa.exe
  C:\Windows\System\LZrBFqa.exe
  2⤵
  PID:8496
- C:\Windows\System\BesAUoG.exe
  C:\Windows\System\BesAUoG.exe
  2⤵
  PID:8484
- C:\Windows\System\COISdcz.exe
  C:\Windows\System\COISdcz.exe
  2⤵
  PID:8544
- C:\Windows\System\gjuuYNT.exe
  C:\Windows\System\gjuuYNT.exe
  2⤵
  PID:8740
- C:\Windows\System\dtkuWDc.exe
  C:\Windows\System\dtkuWDc.exe
  2⤵
  PID:8820
- C:\Windows\System\MjXFkPS.exe
  C:\Windows\System\MjXFkPS.exe
  2⤵
  PID:8908
- C:\Windows\System\IcKzIoZ.exe
  C:\Windows\System\IcKzIoZ.exe
  2⤵
  PID:8860
- C:\Windows\System\qdaTifW.exe
  C:\Windows\System\qdaTifW.exe
  2⤵
  PID:9112
- C:\Windows\System\HSQuBHy.exe
  C:\Windows\System\HSQuBHy.exe
  2⤵
  PID:9108
- C:\Windows\System\fQIAiwD.exe
  C:\Windows\System\fQIAiwD.exe
  2⤵
  PID:8208
- C:\Windows\System\WjequMX.exe
  C:\Windows\System\WjequMX.exe
  2⤵
  PID:8476
- C:\Windows\System\OOMdIgi.exe
  C:\Windows\System\OOMdIgi.exe
  2⤵
  PID:8532
- C:\Windows\System\HtaahZz.exe
  C:\Windows\System\HtaahZz.exe
  2⤵
  PID:8756
- C:\Windows\System\iCuMlrZ.exe
  C:\Windows\System\iCuMlrZ.exe
  2⤵
  PID:8692
- C:\Windows\System\OKvnCUv.exe
  C:\Windows\System\OKvnCUv.exe
  2⤵
  PID:8856
- C:\Windows\System\KbSGhSo.exe
  C:\Windows\System\KbSGhSo.exe
  2⤵
  PID:9004
- C:\Windows\System\LIyArGK.exe
  C:\Windows\System\LIyArGK.exe
  2⤵
  PID:8280
- C:\Windows\System\WxqSVmb.exe
  C:\Windows\System\WxqSVmb.exe
  2⤵
  PID:8320
- C:\Windows\System\sxHxRka.exe
  C:\Windows\System\sxHxRka.exe
  2⤵
  PID:8804
- C:\Windows\System\QIjsZSK.exe
  C:\Windows\System\QIjsZSK.exe
  2⤵
  PID:8872
- C:\Windows\System\DTwjLug.exe
  C:\Windows\System\DTwjLug.exe
  2⤵
  PID:8688
- C:\Windows\System\VTeflSu.exe
  C:\Windows\System\VTeflSu.exe
  2⤵
  PID:8336
- C:\Windows\System\dhNhYnU.exe
  C:\Windows\System\dhNhYnU.exe
  2⤵
  PID:8892
- C:\Windows\System\sliGzja.exe
  C:\Windows\System\sliGzja.exe
  2⤵
  PID:9228
- C:\Windows\System\tnpyyBD.exe
  C:\Windows\System\tnpyyBD.exe
  2⤵
  PID:9244
- C:\Windows\System\CuZipOK.exe
  C:\Windows\System\CuZipOK.exe
  2⤵
  PID:9288
- C:\Windows\System\PtQyjDU.exe
  C:\Windows\System\PtQyjDU.exe
  2⤵
  PID:9304
- C:\Windows\System\GlqAkUK.exe
  C:\Windows\System\GlqAkUK.exe
  2⤵
  PID:9328
- C:\Windows\System\YvyuymA.exe
  C:\Windows\System\YvyuymA.exe
  2⤵
  PID:9348
- C:\Windows\System\NqgcYvK.exe
  C:\Windows\System\NqgcYvK.exe
  2⤵
  PID:9364
- C:\Windows\System\NeFOLdb.exe
  C:\Windows\System\NeFOLdb.exe
  2⤵
  PID:9388
- C:\Windows\System\oAPWkPM.exe
  C:\Windows\System\oAPWkPM.exe
  2⤵
  PID:9404
- C:\Windows\System\UhmhLdf.exe
  C:\Windows\System\UhmhLdf.exe
  2⤵
  PID:9424
- C:\Windows\System\zdYgDAB.exe
  C:\Windows\System\zdYgDAB.exe
  2⤵
  PID:9440
- C:\Windows\System\ZWykTEZ.exe
  C:\Windows\System\ZWykTEZ.exe
  2⤵
  PID:9456
- C:\Windows\System\JQMSDfH.exe
  C:\Windows\System\JQMSDfH.exe
  2⤵
  PID:9472
- C:\Windows\System\xBbjfMr.exe
  C:\Windows\System\xBbjfMr.exe
  2⤵
  PID:9492
- C:\Windows\System\yWbgsFw.exe
  C:\Windows\System\yWbgsFw.exe
  2⤵
  PID:9508
- C:\Windows\System\jadodkA.exe
  C:\Windows\System\jadodkA.exe
  2⤵
  PID:9524
- C:\Windows\System\ODFCGCQ.exe
  C:\Windows\System\ODFCGCQ.exe
  2⤵
  PID:9540
- C:\Windows\System\SwAoISg.exe
  C:\Windows\System\SwAoISg.exe
  2⤵
  PID:9564
- C:\Windows\System\oJcbzJB.exe
  C:\Windows\System\oJcbzJB.exe
  2⤵
  PID:9584
- C:\Windows\System\jlBRmnY.exe
  C:\Windows\System\jlBRmnY.exe
  2⤵
  PID:9604
- C:\Windows\System\JgipxlR.exe
  C:\Windows\System\JgipxlR.exe
  2⤵
  PID:9624
- C:\Windows\System\XreOcJy.exe
  C:\Windows\System\XreOcJy.exe
  2⤵
  PID:9640
- C:\Windows\System\huDmepg.exe
  C:\Windows\System\huDmepg.exe
  2⤵
  PID:9656
- C:\Windows\System\OFklcpd.exe
  C:\Windows\System\OFklcpd.exe
  2⤵
  PID:9712
- C:\Windows\System\GQFpuJw.exe
  C:\Windows\System\GQFpuJw.exe
  2⤵
  PID:9728
- C:\Windows\System\EVHpLrf.exe
  C:\Windows\System\EVHpLrf.exe
  2⤵
  PID:9744
- C:\Windows\System\vvoeNHv.exe
  C:\Windows\System\vvoeNHv.exe
  2⤵
  PID:9772
- C:\Windows\System\AsGnSwe.exe
  C:\Windows\System\AsGnSwe.exe
  2⤵
  PID:9788
- C:\Windows\System\OpOwvda.exe
  C:\Windows\System\OpOwvda.exe
  2⤵
  PID:9804
- C:\Windows\System\JLlqgPB.exe
  C:\Windows\System\JLlqgPB.exe
  2⤵
  PID:9824
- C:\Windows\System\CxwCVOQ.exe
  C:\Windows\System\CxwCVOQ.exe
  2⤵
  PID:9840
- C:\Windows\System\hgYBoXM.exe
  C:\Windows\System\hgYBoXM.exe
  2⤵
  PID:9860
- C:\Windows\System\ulMkXOf.exe
  C:\Windows\System\ulMkXOf.exe
  2⤵
  PID:9888
- C:\Windows\System\pAswwAM.exe
  C:\Windows\System\pAswwAM.exe
  2⤵
  PID:9912
- C:\Windows\System\CMmymiV.exe
  C:\Windows\System\CMmymiV.exe
  2⤵
  PID:9928
- C:\Windows\System\ATMOuzP.exe
  C:\Windows\System\ATMOuzP.exe
  2⤵
  PID:9944
- C:\Windows\System\BKGxrOE.exe
  C:\Windows\System\BKGxrOE.exe
  2⤵
  PID:9964
- C:\Windows\System\sNfsDLs.exe
  C:\Windows\System\sNfsDLs.exe
  2⤵
  PID:9980
- C:\Windows\System\gPymvrp.exe
  C:\Windows\System\gPymvrp.exe
  2⤵
  PID:10000
- C:\Windows\System\BjxiHMr.exe
  C:\Windows\System\BjxiHMr.exe
  2⤵
  PID:10020
- C:\Windows\System\jhREOvD.exe
  C:\Windows\System\jhREOvD.exe
  2⤵
  PID:10036
- C:\Windows\System\OcHoBdP.exe
  C:\Windows\System\OcHoBdP.exe
  2⤵
  PID:10064
- C:\Windows\System\xVHDixq.exe
  C:\Windows\System\xVHDixq.exe
  2⤵
  PID:10080
- C:\Windows\System\dCZWSXh.exe
  C:\Windows\System\dCZWSXh.exe
  2⤵
  PID:10104
- C:\Windows\System\xWwXiUc.exe
  C:\Windows\System\xWwXiUc.exe
  2⤵
  PID:10128
- C:\Windows\System\cmLlgXU.exe
  C:\Windows\System\cmLlgXU.exe
  2⤵
  PID:10144
- C:\Windows\System\YRHGnIs.exe
  C:\Windows\System\YRHGnIs.exe
  2⤵
  PID:10164
- C:\Windows\System\cDJSVOM.exe
  C:\Windows\System\cDJSVOM.exe
  2⤵
  PID:10180
- C:\Windows\System\vlrJnVR.exe
  C:\Windows\System\vlrJnVR.exe
  2⤵
  PID:10200
- C:\Windows\System\TwHuNrm.exe
  C:\Windows\System\TwHuNrm.exe
  2⤵
  PID:10224
- C:\Windows\System\VTZXUqF.exe
  C:\Windows\System\VTZXUqF.exe
  2⤵
  PID:9220
- C:\Windows\System\IScOffC.exe
  C:\Windows\System\IScOffC.exe
  2⤵
  PID:8156
- C:\Windows\System\JflbiSu.exe
  C:\Windows\System\JflbiSu.exe
  2⤵
  PID:8480
- C:\Windows\System\tjhWVHY.exe
  C:\Windows\System\tjhWVHY.exe
  2⤵
  PID:9268
- C:\Windows\System\yTcTOnu.exe
  C:\Windows\System\yTcTOnu.exe
  2⤵
  PID:9316
- C:\Windows\System\RLtngmO.exe
  C:\Windows\System\RLtngmO.exe
  2⤵
  PID:9340
- C:\Windows\System\VWrDCdk.exe
  C:\Windows\System\VWrDCdk.exe
  2⤵
  PID:9384
- C:\Windows\System\UeBWZDs.exe
  C:\Windows\System\UeBWZDs.exe
  2⤵
  PID:9400
- C:\Windows\System\nJCXwCo.exe
  C:\Windows\System\nJCXwCo.exe
  2⤵
  PID:9432
- C:\Windows\System\GIwIxUd.exe
  C:\Windows\System\GIwIxUd.exe
  2⤵
  PID:9504
- C:\Windows\System\NNLbYai.exe
  C:\Windows\System\NNLbYai.exe
  2⤵
  PID:9612
- C:\Windows\System\IctvsMC.exe
  C:\Windows\System\IctvsMC.exe
  2⤵
  PID:9552
- C:\Windows\System\IrFuGaQ.exe
  C:\Windows\System\IrFuGaQ.exe
  2⤵
  PID:9600
- C:\Windows\System\Hmanebi.exe
  C:\Windows\System\Hmanebi.exe
  2⤵
  PID:9636
- C:\Windows\System\bjjCCpx.exe
  C:\Windows\System\bjjCCpx.exe
  2⤵
  PID:9484
- C:\Windows\System\wybDlIf.exe
  C:\Windows\System\wybDlIf.exe
  2⤵
  PID:9688
- C:\Windows\System\npqRirk.exe
  C:\Windows\System\npqRirk.exe
  2⤵
  PID:9708
- C:\Windows\System\LCyQrqM.exe
  C:\Windows\System\LCyQrqM.exe
  2⤵
  PID:9696
- C:\Windows\System\eASBove.exe
  C:\Windows\System\eASBove.exe
  2⤵
  PID:9796
- C:\Windows\System\kWpYQcd.exe
  C:\Windows\System\kWpYQcd.exe
  2⤵
  PID:9812
- C:\Windows\System\CjgcGxW.exe
  C:\Windows\System\CjgcGxW.exe
  2⤵
  PID:9848
- C:\Windows\System\JxFEyUI.exe
  C:\Windows\System\JxFEyUI.exe
  2⤵
  PID:9876
- C:\Windows\System\OFtmISt.exe
  C:\Windows\System\OFtmISt.exe
  2⤵
  PID:9956
- C:\Windows\System\okyRJKq.exe
  C:\Windows\System\okyRJKq.exe
  2⤵
  PID:9992
- C:\Windows\System\xfrhjqq.exe
  C:\Windows\System\xfrhjqq.exe
  2⤵
  PID:10072
- C:\Windows\System\kViwlHP.exe
  C:\Windows\System\kViwlHP.exe
  2⤵
  PID:10116
- C:\Windows\System\IJtKZhn.exe
  C:\Windows\System\IJtKZhn.exe
  2⤵
  PID:9972
- C:\Windows\System\cZMjnPu.exe
  C:\Windows\System\cZMjnPu.exe
  2⤵
  PID:10188
- C:\Windows\System\tCrbqbA.exe
  C:\Windows\System\tCrbqbA.exe
  2⤵
  PID:10092
- C:\Windows\System\EQYcczQ.exe
  C:\Windows\System\EQYcczQ.exe
  2⤵
  PID:10100
- C:\Windows\System\hgHZWbp.exe
  C:\Windows\System\hgHZWbp.exe
  2⤵
  PID:10208
- C:\Windows\System\qkQvcmX.exe
  C:\Windows\System\qkQvcmX.exe
  2⤵
  PID:10172
- C:\Windows\System\JWCwlbe.exe
  C:\Windows\System\JWCwlbe.exe
  2⤵
  PID:10220
- C:\Windows\System\bOkeHEi.exe
  C:\Windows\System\bOkeHEi.exe
  2⤵
  PID:8212
- C:\Windows\System\JoqXhoi.exe
  C:\Windows\System\JoqXhoi.exe
  2⤵
  PID:9260
- C:\Windows\System\POzILAQ.exe
  C:\Windows\System\POzILAQ.exe
  2⤵
  PID:9344
- C:\Windows\System\NxPVUUA.exe
  C:\Windows\System\NxPVUUA.exe
  2⤵
  PID:9532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BCbrNOi.exe

Filesize
6.0MB

MD5
b88710235bdfdd5f144ae469d25dd0f0

SHA1
42941c5959914d9d9d1a99b933ba1db76cdedc2a

SHA256
119c650e57b5b91d0014b5d742fd1b91f2294ff4e82ced6a3f13aecca348e64a

SHA512
9ec2ddad4dd76248abc0a185bb95a52e26084fe62de92a14c18ac571cabe161ba37d365b514c5fba17db07332e5dfcc08f354242d91da37b32c76067ab47755a

Download Submit
C:\Windows\system\Echlshv.exe

Filesize
6.0MB

MD5
14cc37c23d41036c964cc3adbf1a9c71

SHA1
04a1be2e1712604db29aef1ee3eeba97e5e4812f

SHA256
bb13cf0f9ffc3bbb9ae738f0bb5d7134a55126bd398c863cd8f36a16189394fc

SHA512
79d6410ca33d0296e2421c27d32c7a3f83265e29ffb9ee0588b1cfb22da7a4515f70cc5f6fb2bd0e1e4e7e9999c46bb73941335d2eecd16affc6e777f26be441

Download Submit
C:\Windows\system\HQdKScU.exe

Filesize
6.0MB

MD5
386d67336946e605539492568e8ef381

SHA1
8235eabd291867ec336148defb29048302b55c81

SHA256
2547a8d49305e288c31360f6a4445a3e98cf9659bbfae846b5e88894f02f10bf

SHA512
6cb355ae12eef10a4a0b1e72430b014bc68af33112149b3d4f90ce670577b921ba54ae994a2c0672c1786b4eae70dbb2c650fc979726f2e1e6f7cda9ed42092f

Download Submit
C:\Windows\system\NISPGGf.exe

Filesize
6.0MB

MD5
4ab0ad2b47e3529c9f3ccd5a2c7fde8f

SHA1
b8a1cb52110e330fe0a4b4a898e6575fe87d27ef

SHA256
3078c85ce948404157f7556028a8f9ad477149ec33b2e9554119e119b1e1cb63

SHA512
3a2eb9ce1fc0b6eca995f1b0803c2efd9c03a00aecdaca357dcaf044ebcf162861e41ab1360a255dd44db5e1f240f6c09a450806a9d1c198d7aa97eef87fa25d

Download Submit
C:\Windows\system\NMMRaPK.exe

Filesize
6.0MB

MD5
4652c5e7904757d27cc941faf04c0d93

SHA1
1d194c0eb7a383b73236d6202c18e667e3942a4c

SHA256
18744fd8244bb7bae859efda3ddd26ccbbd3472098ad99420e714466440bc6fb

SHA512
0f125a533fd42d7b6a669f0be257b9fb276f1e4849eb45d55d4ef6ad9b79ecbf7a6321f44fa82cd595efe4ceb8f4bf180f2c4cc136ea86a97d2d377b1c0f8d5b

Download Submit
C:\Windows\system\NOdHDhM.exe

Filesize
6.0MB

MD5
aa76d7aeca6f78d098477df86fd5baee

SHA1
0eef2b01d468924a472eb758c950ec185210ab2e

SHA256
a6cbc335573922cbe8f3143be04afd0d3b8377130747f8a1a084a7575db60cfb

SHA512
fcd047daa7849f17a2166c088963532141cf2f7b7c1dc73c141f39a7efdd11e939c1924e41114be340c9ef843d2a00ed384482fd17e20cdd6ca79a602f8795c1

Download Submit
C:\Windows\system\OBvEqgX.exe

Filesize
6.0MB

MD5
5e1475b05b6f810a4572ba15aad5bb18

SHA1
9a519b4dbabcb430a5712721d305594e8ff3bbc3

SHA256
359adca5f9201f0ecc2860a13d521d88786353fb111df6089e30e2403c8d71d4

SHA512
067fe01854d8ef1d3677ce7ae8c0c9fe4cd72bd7a71f7b06f3c406b1eba320ea01236353e021fd75e0d506ce4ef2a75b35b860ca26f70a460a76017f7348186a

Download Submit
C:\Windows\system\ODAcgbO.exe

Filesize
6.0MB

MD5
6637f4f408842ea0f197a31bd45016d2

SHA1
19c9aaf60002830cdc72b4a366f590445f5fcb30

SHA256
88e27a258f501400c988a60597c49c118547b1db554d2f1caad25584414d3e86

SHA512
1b260f35d83c29d103b6a8daf9020f5703fdc45a891cb9bd9d3f2db104bd04e75810dbc519ec6b776c23ba4f646e1ec288f1d3e01d39c1ee361634c08a34edb7

Download Submit
C:\Windows\system\XydfvcU.exe

Filesize
6.0MB

MD5
842717dd890287f450b65d5924f4f65b

SHA1
3b1c4409ae1c7cd1307c2916b6e44632ec98c5eb

SHA256
71d12463b2b51e93c418080e1d090132525a0240722f06f20c3a6f930705b71e

SHA512
454e11c01243c56171b4681a8c99ac34c1ede3e33f6afb9508e06ff589052daa1c415918d5d4d716c1dad6ca64072f7c5f94eac7e9399a3d1d4d26cb7d8e105d

Download Submit
C:\Windows\system\YeSuRtO.exe

Filesize
6.0MB

MD5
e5261bd594958dca38467e9b2e5b6625

SHA1
b41f5b00004c20e67c755f5aeea1b7d652f31b1a

SHA256
e7cc1fa7d6f5125d51567c44934ae17d16ffdbd09e6bf9e7c63af8d5e42840ef

SHA512
c418a06cb1f84397142e8c6cfe8898f6fa0979185b9c37990ee0ebe6baa355f0fd389c64755e6e036320692b51ca7318270f6213732acfa082e512f3d9cf84d1

Download Submit
C:\Windows\system\ZYPLbmm.exe

Filesize
6.0MB

MD5
7fa446be07ceb01d933c0badf8d3c15a

SHA1
439c137931d809b4b72aa751f981b929bbbd7e19

SHA256
ff44da06ab32dded63f869eb187b06ffd6f2dcc4f5f32e639c63f3c65d89f5f1

SHA512
bb3e98e3966dbe423290896fd980ea6ebffb0c7c26295b9c04c05a0f9e0a502c6dc037a7bfef70d4514ad13301e9f2632da20e4e38d057db30891199c3504afe

Download Submit
C:\Windows\system\ZfYKUFy.exe

Filesize
6.0MB

MD5
d3affb718d589fa0e9af8075dbda9091

SHA1
af204c5ddae7c7d2de88481fbab7307477a52edc

SHA256
e5625edd0688c3e7793e172ff97aab19dd1ec3719e6de153c28fcf9f43426e1a

SHA512
971b749d7f2d958a0e494b306874e54e885a4466d8fb6e71359dfbc7ee5769bc52d8b1d4b92496c87736907c53ee31a95989ab50dcc7db4781d936135a3ae9f0

Download Submit
C:\Windows\system\ZmCXdtm.exe

Filesize
6.0MB

MD5
27aefcd1c3dca21242c3ff3cbc4e2734

SHA1
0c6afed4f36540ee85b10711259a22bdd1df6bb2

SHA256
c3cf72484a5373dd3b61b3e82ba289e85acdcfa764ce2fc78bfe25abd8facee3

SHA512
f07f07ef26ee6b9423e087e98d4d8e0b3ab6ef2782f0b2f5de0c3ed743faf51158b120c4f2c467d8a759f91bad200d47a72ee9d978d5565b3940769a89edfbd4

Download Submit
C:\Windows\system\ZmeaamL.exe

Filesize
6.0MB

MD5
48851929fe019b33f5409f10f1b3f482

SHA1
019aea4226a954c72ffe085350c842364076375e

SHA256
89184072ad13ef5df2a9f6c851a0eac445a2adfad38a86419067909faa8539e9

SHA512
291dd8680ad416af6a57b101b95da365b8b8160ff9941b42f6a290a64c5b261de27a7071e681098b584f6996fa104b8208bdb9aeda572eb7c516de35271b2ad6

Download Submit
C:\Windows\system\aOJcwla.exe

Filesize
6.0MB

MD5
cd097ff5d3a4ac4d1c65458b477e0391

SHA1
eb892a38e2364da38719f59705bb572fab6024ec

SHA256
844b3da34c67167aff828e9f493bf57a7957e32838b0acd423ae20f6da3d44dc

SHA512
c474a44a61f8697f1ae787b619b1c804b4c66dbfb6dcce8e99de01b40bccf71d98f60674f27ec493d5be8c78d23cf51930d365f9426e80b0b0b680dd14940311

Download Submit
C:\Windows\system\bYGrLIt.exe

Filesize
6.0MB

MD5
9c13f4167c1ef8bc143c791b64320019

SHA1
c37a5c0d15de143dddd915bd90b709549385c56e

SHA256
54dc4a6ac02458c34d3f3de049749f2c6ee34125f05a9532de183c944e94a944

SHA512
79eea6d84fbab0c1bfe6dae04c4a0d59455961cc270ff715e1f2c39c20b29cb03b7ae57cd36e20073d2499468999e97420630d5418910add3c2af29efbd456fc

Download Submit
C:\Windows\system\cFEujBE.exe

Filesize
6.0MB

MD5
c9f4fb6cf2101b9bcfd447a9afa80d61

SHA1
24b7f8b85af05871742f403f7216eade35be4c1b

SHA256
e7895858e489ddadb1119aeadfe8f226f4ecb4c3277631e2f94ebc1888fd60f9

SHA512
46ff1c27f1d740fcedabaed83eb44f0c0ce1fbcfd3fb23f7238a7322d01d696b8b36ce006a2ea74bd83ab984c51882393b262382f4588b0fc43e9678722d4eaa

Download Submit
C:\Windows\system\fLQNgsp.exe

Filesize
6.0MB

MD5
975a1b955f258a77b010b3fe4d57af69

SHA1
98a278c23ca5c91ee48fcd6a5ee2dc94a7daf2bf

SHA256
c493344084c9fbf72e3782cfb7f3c7b3319e4ef1e254e4aaf0ae1effe9ae714e

SHA512
89afe130052ab8ef96cfcde27ba04315f998154561e8472f6b8983bf833c9f9316c87873a7a996f9eb89442dd8b29ace3e5a084bc54afe422dcf565ffd9040fe

Download Submit
C:\Windows\system\hNWnESs.exe

Filesize
6.0MB

MD5
53cb3a14559ad4b68bffd34fe433074b

SHA1
6123b950d37f2cdc319eed3c8f66b6a4a8146d17

SHA256
0b3ed792167195f9747de8557c8742602f110a961b9b39929cdb07c072cfaaf9

SHA512
40263fc6316c94158fb97a82bb6adaa8f9ccbafca839f635877a94388553d44b81cfcbc0b887b849e1f0b821e0069a0b32a09ab58a473339d1b052781824754c

Download Submit
C:\Windows\system\hSqDPmj.exe

Filesize
6.0MB

MD5
cf6dbcaa7ca4015241df075b2a4cdfb1

SHA1
c3fed700780d91f7b9646d6a54a4ec6e78a0d3d7

SHA256
2f8760a61adeae789910747011e87b67feec65ec6d5d751a7f737793acbfb6cf

SHA512
09ad3b3ce1e364865bbb1ebbd86038dfff74387ab9a66af9a722cfd38cbb4e1a3520e6886eebcabee6562e7d72a599c3056238a3ffcfbf5e425a6988eecaf259

Download Submit
C:\Windows\system\hyXHAZt.exe

Filesize
6.0MB

MD5
575322421314e85b50c69799e9d2efb1

SHA1
5b61e347597f3e72af473b9db7d622afaa24ca82

SHA256
47584f4a9523370e304a0021d01320bfbcffbfb7332af89e7aa96b5df0dea152

SHA512
6d30db11bc21841f48098ebb1fb90e20982c8323b3d2ec70c29ff9e14f2df107d0a8f45123c3cb6b77aee52cf40b802399967a2acb9dd43c083c6eed56cab5fa

Download Submit
C:\Windows\system\juJUlLp.exe

Filesize
6.0MB

MD5
54984f0b2bf12f53c46e3289a0e8b0cb

SHA1
423fdda4d8f97a04facfac0c607b226c9cc76ac5

SHA256
66fd1f22b407be9d79f5667230d206e7cb3290170d0e5bc03e3b60dc4e0cfd36

SHA512
8882779aa759a345b871cd9d1be7b69862234594296911e0ac06014c8af48c36ba328f5d9cab148872c278194260a0af72ebb886f33719a06450f5c8ab7ef314

Download Submit
C:\Windows\system\lstNPmK.exe

Filesize
6.0MB

MD5
74b23ad131bd4043cc6d94633d0accd2

SHA1
24be7b2c36b5bd8bc06c077c417c56730a4275a3

SHA256
969dba677a2f84c8b0ddbe5e741b9a1a99439f1871f5723d6dbd54d5da896da7

SHA512
86b4049929335221fcc0fff47c213f8fec9e675f3fdd7e5bc2e882adfcea425fd034ef3bf0138b67b771f893b67921d46f1d83b9cee9af29711982b132c320c9

Download Submit
C:\Windows\system\pQNQlRQ.exe

Filesize
6.0MB

MD5
8ecc8546d30bb9a387cb1960d5110fa8

SHA1
3b9dd59c597a59e809f1f2df9ffd4544d6c43898

SHA256
b60126f3b3d7fa9592cfdadfc98c92242de2a6a15133d89077cd932e7b657afe

SHA512
4b51ae77acd4056c654551b638910ba4d3686e1fc23544099725c2439e36cd029eb83959b2fa6dc3b8a9dee3c8d80f34ba8d2e6381b00ce657e6e6aead8e86c8

Download Submit
C:\Windows\system\sWvOBau.exe

Filesize
6.0MB

MD5
55a3abc2cf17b43fc94700ba08c2586e

SHA1
162217d0b03e76616318bce4616a7407a5ce4a9b

SHA256
c6ebedc719ad7c0471fc2d84b4b3705e8775f846982ba5903100fb308912b26a

SHA512
0764523ea0b42b8389795b0c9a1ada7a1053692bad18ffa347659eea6fd9deae62ab3c5ffd3bff054c48af38fb82f6c4d03986a38e17dfd1bc4bb7c1ee262eca

Download Submit
C:\Windows\system\vaJCdzl.exe

Filesize
6.0MB

MD5
9a4a040978211424c452808362ecfd3a

SHA1
e594ccb5d32ee338f42f8d6c29061eab9ea5b14c

SHA256
a662c4e11809c95db92e6ae346bc8a9a7c24900f5473a6fd2d44175399476cfb

SHA512
448c6a858c6a232b4637817e8495cdaf672853acb39077291f056c8e358b5d3702ead2e650cea63da57191e1a31c58af67d2a6e7e7a1d41db58acabd29a67d8c

Download Submit
C:\Windows\system\vymiYpS.exe

Filesize
6.0MB

MD5
1c3df55287a39285675efb63c77b038a

SHA1
1f15cfed1cc8763faf3a7d9e5aada3de9cd9df47

SHA256
d52aee2521464552f28db69d5deb7fe4390f69d8b6c1596159b7eeb343959122

SHA512
5e26cd6986a6e7fcb0ecb3c22084ae08a9fdceb94950307f488b85f450f3bc535ffa7844c5be1a90360483ced29f5ba4487916612d36dc670142cfb96a3828fe

Download Submit
C:\Windows\system\ymVmpsy.exe

Filesize
6.0MB

MD5
91ec7734be861ad92a82a50a4588f705

SHA1
e3b07545395b2dad37710ffd522019c403140be3

SHA256
18ea6cd2550df63b2781a19bba47b207820a25e35759b7fe47693d16342231e6

SHA512
c7344341825418c13156276d86e89f7ccdf6cac32dad7fca50f9580eff4d86699d0b623d625e3b1af22e15f0dbee76ddfa0244ae1d3e9b24c9fb73ad33bb179c

Download Submit
C:\Windows\system\zHBUWfT.exe

Filesize
6.0MB

MD5
0edb2d1df669b5d00c04d7a78f0c5745

SHA1
1f7c7a5c72085b1efa4f55dbe7aa32d51f44a57d

SHA256
24e01de82302ec9198ee6192075b8ad224f847b223763b56072be58a934d9d7f

SHA512
c5b59c5cc30b4bc081fcef950d8e7d28e4f6aa10ef9d9600ce28f64dbbadd33209280f20867df66a8a065f8152b339dc10eba9d67dcd277d66e08d7aeefaba74

Download Submit
\Windows\system\FTOKKGK.exe

Filesize
6.0MB

MD5
d17e23a4666b103bdb2e11f575f10b96

SHA1
7e9a65482cd44a19613e0602403b6abc05bc3382

SHA256
6ecd081f214c9ca72bf3c72606855d0a2f8a56dbd04eb34c44f23ab36ad9451a

SHA512
f45766a2b817380656496b6696044c89de651c04bb90f351e5b30d387787b26f9bd5ca6af14224f9eeb3a9d89a9bd218304cfca03160bcdc37a44fd3c08c458c

Download Submit
\Windows\system\eQuyJJI.exe

Filesize
6.0MB

MD5
1f67593bf0f22fd9bb10c3f76348c6d7

SHA1
ea1df968f91a77824d2b52e81ee3012e4e1b73d1

SHA256
eabf9d7322f52cf4896c6da9b83f75874c70bc33095336a942d56ffb171484fa

SHA512
c945e48b379acc9e66eb7dc7100e607e52ef0d64574f7b6432dd4c4108d771fa9a730b5c53b4048ebe8104e0360f72c401fe036a770ac70fa9e1fdbce0d2e331

Download Submit
\Windows\system\yBRJBqa.exe

Filesize
6.0MB

MD5
361c62c6a88a758184391a8bb6d9e13d

SHA1
878ac1a172437d4c7772a6fff1e6e58402c0db31

SHA256
939e6733c4476f0a1d55547045fb011f24a677c59df815ec99a5a5f348f69e85

SHA512
4d1fcc4a635536604f847357b1e3a2cecefc51ca03a681e3c4d9b45122bfec22f91717e4449b0102db5e1b0b2826bfc471dc05cdf9b6bdd50ca8f2e2a98069d6

Download Submit
memory/800-1335-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/800-827-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/800-852-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/800-22-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/800-2370-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/800-755-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/800-2377-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/800-666-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/800-2384-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/800-2379-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/800-654-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/800-1965-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/800-2382-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/800-0-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/800-2380-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/800-1-0x0000000000100000-0x0000000000110000-memory.dmp

Filesize
64KB

Download
memory/800-801-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/800-2375-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/800-733-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/800-2374-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/800-708-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/800-124-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/800-2373-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/800-695-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/800-2371-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/800-677-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/800-8-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/800-17-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/1244-840-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1244-3975-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1732-18-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/1732-1996-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/1732-3933-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/1956-3985-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/1956-811-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2008-3986-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2008-707-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-3984-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2512-754-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2604-732-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2604-3968-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2620-23-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-3961-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-665-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3962-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3981-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-653-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-675-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3983-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3989-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2764-853-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3965-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2860-694-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/3000-3970-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/3000-800-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/3056-3958-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/3056-11-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download