cobaltstrike | 50e16facc425c91d5e62a957755b3b0ea0a8faf6646a48ccf8edadf1cd1fc590

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 04:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

d62e9b7fdadeb3fe617d0087e316524a
SHA1

a862062a23e0ab4ae317d4087b4f9db40329531e
SHA256

50e16facc425c91d5e62a957755b3b0ea0a8faf6646a48ccf8edadf1cd1fc590
SHA512

163506ac602329f27a500e7b4d16a08bc9fca5f54242c15d1d991b1368209b5317990a311fde563a4ccfbf51a0a4b8c091c541adf684b61b0c8704c80a77ecc0
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUg:T+q56utgpPF8u/7g

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012254-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cf6-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d0c-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d1f-24.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d30-34.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000018657-72.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017481-78.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001867d-89.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-121.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191fd-123.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190c9-117.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190c6-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878d-109.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c53-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186c8-102.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018662-87.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174bf-84.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-65.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d40-55.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d38-45.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d27-32.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019238-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938b-174.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b7-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019399-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019280-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925d-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019220-153.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1984-0-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x000c000000012254-6.dat	xmrig
behavioral1/files/0x0008000000016cf6-12.dat	xmrig
behavioral1/memory/2324-15-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/3040-13-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d0c-10.dat	xmrig
behavioral1/memory/1984-19-0x00000000022D0000-0x0000000002624000-memory.dmp	xmrig
behavioral1/memory/2700-21-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d1f-24.dat	xmrig
behavioral1/files/0x0007000000016d30-34.dat	xmrig
behavioral1/memory/2832-44-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/files/0x0014000000018657-72.dat	xmrig
behavioral1/memory/1984-76-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/1984-79-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x0006000000017481-78.dat	xmrig
behavioral1/memory/2780-77-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x000500000001867d-89.dat	xmrig
behavioral1/files/0x00050000000191f3-121.dat	xmrig
behavioral1/files/0x00050000000191fd-123.dat	xmrig
behavioral1/files/0x00060000000190c9-117.dat	xmrig
behavioral1/files/0x00060000000190c6-113.dat	xmrig
behavioral1/files/0x000500000001878d-109.dat	xmrig
behavioral1/files/0x0009000000016c53-105.dat	xmrig
behavioral1/files/0x00050000000186c8-102.dat	xmrig
behavioral1/memory/2768-98-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2668-88-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/files/0x000d000000018662-87.dat	xmrig
behavioral1/memory/2952-86-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/2324-85-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x00060000000174bf-84.dat	xmrig
behavioral1/memory/2624-82-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/1644-96-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/files/0x000600000001749c-65.dat	xmrig
behavioral1/files/0x0008000000016d40-55.dat	xmrig
behavioral1/memory/1984-92-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2244-91-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2700-90-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2428-74-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2992-68-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2624-134-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2768-59-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d38-45.dat	xmrig
behavioral1/memory/2244-39-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2876-33-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d27-32.dat	xmrig
behavioral1/files/0x0005000000019217-141.dat	xmrig
behavioral1/files/0x0005000000019238-147.dat	xmrig
behavioral1/files/0x000500000001938b-174.dat	xmrig
behavioral1/files/0x00050000000193b7-182.dat	xmrig
behavioral1/files/0x0005000000019399-178.dat	xmrig
behavioral1/memory/1984-626-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/1644-825-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2668-393-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2952-255-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019280-170.dat	xmrig
behavioral1/files/0x0005000000019278-166.dat	xmrig
behavioral1/files/0x0005000000019263-162.dat	xmrig
behavioral1/files/0x000500000001925d-158.dat	xmrig
behavioral1/files/0x0005000000019240-154.dat	xmrig
behavioral1/files/0x0005000000019220-153.dat	xmrig
behavioral1/memory/3040-4013-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2324-4014-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2876-4015-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2700-4016-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3040	uQWSXYt.exe
2324	JWGtlSg.exe
2700	TwACstX.exe
2876	lzYAZzq.exe
2244	UyPdSfZ.exe
2832	ukdQvRg.exe
2768	UXOvNyx.exe
2992	eUjaEua.exe
2428	fStsGYn.exe
2780	UUTfvFa.exe
2624	YokAQgi.exe
2952	CetwGPe.exe
2668	zMaDkWQ.exe
1644	mpKgzDy.exe
2684	CMyzSsg.exe
692	XvglIwI.exe
588	oNvdHlN.exe
348	pBLnJsj.exe
1524	bkqWnos.exe
2604	mYcNkNe.exe
2880	ilJLPuQ.exe
1692	FlxgatL.exe
1940	WayLdps.exe
1504	SxujpFC.exe
2152	AZpMXTK.exe
1696	RuqqFdH.exe
1936	cDMQZbr.exe
948	KDibzgb.exe
848	voTXAuu.exe
2808	jpIWZny.exe
2596	pxCleLh.exe
2044	kWTTaJu.exe
2940	pTzWpiz.exe
2576	FJmhIJz.exe
1040	yPdRFWd.exe
1728	tJLganB.exe
2024	IEsWpfN.exe
1076	GAjGlpO.exe
1216	ARQhiiU.exe
1804	WDJOihH.exe
1772	aYhRxjX.exe
932	OJscdEw.exe
2232	SEJjwMq.exe
1548	quNMUHN.exe
912	ZqjcSEb.exe
1856	HuRWeal.exe
1716	MeaYIeR.exe
1620	Uimiowv.exe
2416	xturKKg.exe
1508	OiMUuLn.exe
2392	zGpWUeh.exe
1072	tgdrKdP.exe
308	hoRNehj.exe
1608	XhHPJrV.exe
2772	jFsnRop.exe
2820	abMzusC.exe
1992	QxwwVCJ.exe
2988	hKrpOXN.exe
2640	tqCbbKt.exe
2268	WkNUqff.exe
1172	NxSABwf.exe
2676	VXSBTRl.exe
2796	FhDXFPg.exe
2384	tUIyabT.exe

Loads dropped DLL 64 IoCs

pid	Process
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1984-0-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x000c000000012254-6.dat	upx
behavioral1/files/0x0008000000016cf6-12.dat	upx
behavioral1/memory/2324-15-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/3040-13-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/files/0x0008000000016d0c-10.dat	upx
behavioral1/memory/2700-21-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/files/0x0007000000016d1f-24.dat	upx
behavioral1/files/0x0007000000016d30-34.dat	upx
behavioral1/memory/2832-44-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/files/0x0014000000018657-72.dat	upx
behavioral1/memory/1984-79-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x0006000000017481-78.dat	upx
behavioral1/memory/2780-77-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/files/0x000500000001867d-89.dat	upx
behavioral1/files/0x00050000000191f3-121.dat	upx
behavioral1/files/0x00050000000191fd-123.dat	upx
behavioral1/files/0x00060000000190c9-117.dat	upx
behavioral1/files/0x00060000000190c6-113.dat	upx
behavioral1/files/0x000500000001878d-109.dat	upx
behavioral1/files/0x0009000000016c53-105.dat	upx
behavioral1/files/0x00050000000186c8-102.dat	upx
behavioral1/memory/2768-98-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2668-88-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/files/0x000d000000018662-87.dat	upx
behavioral1/memory/2952-86-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/2324-85-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/files/0x00060000000174bf-84.dat	upx
behavioral1/memory/2624-82-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/1644-96-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/files/0x000600000001749c-65.dat	upx
behavioral1/files/0x0008000000016d40-55.dat	upx
behavioral1/memory/2244-91-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2700-90-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2428-74-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2992-68-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2624-134-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2768-59-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/files/0x0009000000016d38-45.dat	upx
behavioral1/memory/2244-39-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2876-33-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/files/0x0007000000016d27-32.dat	upx
behavioral1/files/0x0005000000019217-141.dat	upx
behavioral1/files/0x0005000000019238-147.dat	upx
behavioral1/files/0x000500000001938b-174.dat	upx
behavioral1/files/0x00050000000193b7-182.dat	upx
behavioral1/files/0x0005000000019399-178.dat	upx
behavioral1/memory/1644-825-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2668-393-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2952-255-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/files/0x0005000000019280-170.dat	upx
behavioral1/files/0x0005000000019278-166.dat	upx
behavioral1/files/0x0005000000019263-162.dat	upx
behavioral1/files/0x000500000001925d-158.dat	upx
behavioral1/files/0x0005000000019240-154.dat	upx
behavioral1/files/0x0005000000019220-153.dat	upx
behavioral1/memory/3040-4013-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2324-4014-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2876-4015-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2700-4016-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2244-4017-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2832-4018-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2992-4020-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2768-4019-0x000000013F100000-0x000000013F454000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\eQowsmR.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eOmiCPP.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mlerkSO.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NTfVLjv.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BXyVpsg.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sRpPOMU.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gfwfROi.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BUfVHiz.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\acFpDkL.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\enrDAlS.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vnYlXTA.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RCMgWdt.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ImUmZcB.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gnZJcdP.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KaQcUYt.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VkZQIBV.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EoVirzJ.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NRMygYV.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GHXQfqC.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YdHuKqy.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RDqQSeR.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FgJnsmy.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kUQHpNZ.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zMaDkWQ.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FCZJmez.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WoAOBHM.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\coBQBvw.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LMqESzg.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dmRJCgs.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AfOLKOd.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SHFhbwt.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DFfHPkc.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yWmApJw.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kMWABUV.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ONSMxjt.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pyztIor.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fkqDqKB.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yPdRFWd.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WDJOihH.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\susnmEV.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sIqPcby.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rxyvNuR.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mDircnZ.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wGqmPRz.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GnpaThW.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WdQDzjO.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ukdQvRg.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ErKKtLG.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LtzySdP.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eTwFzFB.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hfRrxZZ.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vHOkgPJ.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UOckDFA.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ARlPVUK.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xrqaPYU.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sVBbezZ.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LzOUjGM.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FnrxMBS.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WLWFFav.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QpdURWo.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YwgDevX.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uQWSXYt.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YDrxYXr.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AjUFBOY.exe	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 3040	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1984 wrote to memory of 3040	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1984 wrote to memory of 3040	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1984 wrote to memory of 2324	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1984 wrote to memory of 2324	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1984 wrote to memory of 2324	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1984 wrote to memory of 2700	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1984 wrote to memory of 2700	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1984 wrote to memory of 2700	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1984 wrote to memory of 2876	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1984 wrote to memory of 2876	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1984 wrote to memory of 2876	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1984 wrote to memory of 2244	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1984 wrote to memory of 2244	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1984 wrote to memory of 2244	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1984 wrote to memory of 2832	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1984 wrote to memory of 2832	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1984 wrote to memory of 2832	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1984 wrote to memory of 2768	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1984 wrote to memory of 2768	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1984 wrote to memory of 2768	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1984 wrote to memory of 2992	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1984 wrote to memory of 2992	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1984 wrote to memory of 2992	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1984 wrote to memory of 2624	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1984 wrote to memory of 2624	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1984 wrote to memory of 2624	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1984 wrote to memory of 2428	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1984 wrote to memory of 2428	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1984 wrote to memory of 2428	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1984 wrote to memory of 2952	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1984 wrote to memory of 2952	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1984 wrote to memory of 2952	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1984 wrote to memory of 2780	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1984 wrote to memory of 2780	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1984 wrote to memory of 2780	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1984 wrote to memory of 2668	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1984 wrote to memory of 2668	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1984 wrote to memory of 2668	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1984 wrote to memory of 1644	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1984 wrote to memory of 1644	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1984 wrote to memory of 1644	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1984 wrote to memory of 2684	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1984 wrote to memory of 2684	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1984 wrote to memory of 2684	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1984 wrote to memory of 692	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1984 wrote to memory of 692	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1984 wrote to memory of 692	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1984 wrote to memory of 588	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1984 wrote to memory of 588	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1984 wrote to memory of 588	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1984 wrote to memory of 348	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1984 wrote to memory of 348	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1984 wrote to memory of 348	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1984 wrote to memory of 1524	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1984 wrote to memory of 1524	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1984 wrote to memory of 1524	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1984 wrote to memory of 2604	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1984 wrote to memory of 2604	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1984 wrote to memory of 2604	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1984 wrote to memory of 2880	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1984 wrote to memory of 2880	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1984 wrote to memory of 2880	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1984 wrote to memory of 1692	1984	2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_d62e9b7fdadeb3fe617d0087e316524a_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Windows\System\uQWSXYt.exe
  C:\Windows\System\uQWSXYt.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\JWGtlSg.exe
  C:\Windows\System\JWGtlSg.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\TwACstX.exe
  C:\Windows\System\TwACstX.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\lzYAZzq.exe
  C:\Windows\System\lzYAZzq.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\UyPdSfZ.exe
  C:\Windows\System\UyPdSfZ.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\ukdQvRg.exe
  C:\Windows\System\ukdQvRg.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\UXOvNyx.exe
  C:\Windows\System\UXOvNyx.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\eUjaEua.exe
  C:\Windows\System\eUjaEua.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\YokAQgi.exe
  C:\Windows\System\YokAQgi.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\fStsGYn.exe
  C:\Windows\System\fStsGYn.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\CetwGPe.exe
  C:\Windows\System\CetwGPe.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\UUTfvFa.exe
  C:\Windows\System\UUTfvFa.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\zMaDkWQ.exe
  C:\Windows\System\zMaDkWQ.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\mpKgzDy.exe
  C:\Windows\System\mpKgzDy.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\CMyzSsg.exe
  C:\Windows\System\CMyzSsg.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\XvglIwI.exe
  C:\Windows\System\XvglIwI.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\oNvdHlN.exe
  C:\Windows\System\oNvdHlN.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\pBLnJsj.exe
  C:\Windows\System\pBLnJsj.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\bkqWnos.exe
  C:\Windows\System\bkqWnos.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\mYcNkNe.exe
  C:\Windows\System\mYcNkNe.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\ilJLPuQ.exe
  C:\Windows\System\ilJLPuQ.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\FlxgatL.exe
  C:\Windows\System\FlxgatL.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\SxujpFC.exe
  C:\Windows\System\SxujpFC.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\WayLdps.exe
  C:\Windows\System\WayLdps.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\AZpMXTK.exe
  C:\Windows\System\AZpMXTK.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\RuqqFdH.exe
  C:\Windows\System\RuqqFdH.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\cDMQZbr.exe
  C:\Windows\System\cDMQZbr.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\KDibzgb.exe
  C:\Windows\System\KDibzgb.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\voTXAuu.exe
  C:\Windows\System\voTXAuu.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\jpIWZny.exe
  C:\Windows\System\jpIWZny.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\pxCleLh.exe
  C:\Windows\System\pxCleLh.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\kWTTaJu.exe
  C:\Windows\System\kWTTaJu.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\pTzWpiz.exe
  C:\Windows\System\pTzWpiz.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\FJmhIJz.exe
  C:\Windows\System\FJmhIJz.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\yPdRFWd.exe
  C:\Windows\System\yPdRFWd.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\tJLganB.exe
  C:\Windows\System\tJLganB.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\IEsWpfN.exe
  C:\Windows\System\IEsWpfN.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\GAjGlpO.exe
  C:\Windows\System\GAjGlpO.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\ARQhiiU.exe
  C:\Windows\System\ARQhiiU.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\WDJOihH.exe
  C:\Windows\System\WDJOihH.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\aYhRxjX.exe
  C:\Windows\System\aYhRxjX.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\OJscdEw.exe
  C:\Windows\System\OJscdEw.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\SEJjwMq.exe
  C:\Windows\System\SEJjwMq.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\quNMUHN.exe
  C:\Windows\System\quNMUHN.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\ZqjcSEb.exe
  C:\Windows\System\ZqjcSEb.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\HuRWeal.exe
  C:\Windows\System\HuRWeal.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\MeaYIeR.exe
  C:\Windows\System\MeaYIeR.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\Uimiowv.exe
  C:\Windows\System\Uimiowv.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\xturKKg.exe
  C:\Windows\System\xturKKg.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\OiMUuLn.exe
  C:\Windows\System\OiMUuLn.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\zGpWUeh.exe
  C:\Windows\System\zGpWUeh.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\tgdrKdP.exe
  C:\Windows\System\tgdrKdP.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\hoRNehj.exe
  C:\Windows\System\hoRNehj.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\XhHPJrV.exe
  C:\Windows\System\XhHPJrV.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\jFsnRop.exe
  C:\Windows\System\jFsnRop.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\abMzusC.exe
  C:\Windows\System\abMzusC.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\QxwwVCJ.exe
  C:\Windows\System\QxwwVCJ.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\hKrpOXN.exe
  C:\Windows\System\hKrpOXN.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\tqCbbKt.exe
  C:\Windows\System\tqCbbKt.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\WkNUqff.exe
  C:\Windows\System\WkNUqff.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\NxSABwf.exe
  C:\Windows\System\NxSABwf.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\VXSBTRl.exe
  C:\Windows\System\VXSBTRl.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\FhDXFPg.exe
  C:\Windows\System\FhDXFPg.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\nXYoTIA.exe
  C:\Windows\System\nXYoTIA.exe
  2⤵
  PID:1016
- C:\Windows\System\tUIyabT.exe
  C:\Windows\System\tUIyabT.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\susnmEV.exe
  C:\Windows\System\susnmEV.exe
  2⤵
  PID:3004
- C:\Windows\System\vcVlpwc.exe
  C:\Windows\System\vcVlpwc.exe
  2⤵
  PID:2812
- C:\Windows\System\bhkzFFU.exe
  C:\Windows\System\bhkzFFU.exe
  2⤵
  PID:2504
- C:\Windows\System\xOUoGDo.exe
  C:\Windows\System\xOUoGDo.exe
  2⤵
  PID:2276
- C:\Windows\System\kbnCqWr.exe
  C:\Windows\System\kbnCqWr.exe
  2⤵
  PID:2592
- C:\Windows\System\JupetHp.exe
  C:\Windows\System\JupetHp.exe
  2⤵
  PID:2848
- C:\Windows\System\itslpnN.exe
  C:\Windows\System\itslpnN.exe
  2⤵
  PID:2920
- C:\Windows\System\OwSWVQp.exe
  C:\Windows\System\OwSWVQp.exe
  2⤵
  PID:1368
- C:\Windows\System\gTcjftS.exe
  C:\Windows\System\gTcjftS.exe
  2⤵
  PID:2260
- C:\Windows\System\WPpIosB.exe
  C:\Windows\System\WPpIosB.exe
  2⤵
  PID:1028
- C:\Windows\System\YJBoauj.exe
  C:\Windows\System\YJBoauj.exe
  2⤵
  PID:1876
- C:\Windows\System\IfkOKOO.exe
  C:\Windows\System\IfkOKOO.exe
  2⤵
  PID:1380
- C:\Windows\System\SHkvMIw.exe
  C:\Windows\System\SHkvMIw.exe
  2⤵
  PID:1404
- C:\Windows\System\iKknPoY.exe
  C:\Windows\System\iKknPoY.exe
  2⤵
  PID:1108
- C:\Windows\System\IrEOdRA.exe
  C:\Windows\System\IrEOdRA.exe
  2⤵
  PID:2304
- C:\Windows\System\FCZJmez.exe
  C:\Windows\System\FCZJmez.exe
  2⤵
  PID:2300
- C:\Windows\System\CHOstzl.exe
  C:\Windows\System\CHOstzl.exe
  2⤵
  PID:2128
- C:\Windows\System\ENieJrH.exe
  C:\Windows\System\ENieJrH.exe
  2⤵
  PID:2496
- C:\Windows\System\sIqPcby.exe
  C:\Windows\System\sIqPcby.exe
  2⤵
  PID:2544
- C:\Windows\System\mOFgKyQ.exe
  C:\Windows\System\mOFgKyQ.exe
  2⤵
  PID:876
- C:\Windows\System\BzDrdhq.exe
  C:\Windows\System\BzDrdhq.exe
  2⤵
  PID:2484
- C:\Windows\System\bWaIBdM.exe
  C:\Windows\System\bWaIBdM.exe
  2⤵
  PID:2508
- C:\Windows\System\IGiZhHE.exe
  C:\Windows\System\IGiZhHE.exe
  2⤵
  PID:1584
- C:\Windows\System\iOwTVqm.exe
  C:\Windows\System\iOwTVqm.exe
  2⤵
  PID:2328
- C:\Windows\System\uPCpSAD.exe
  C:\Windows\System\uPCpSAD.exe
  2⤵
  PID:2708
- C:\Windows\System\MnxQEnY.exe
  C:\Windows\System\MnxQEnY.exe
  2⤵
  PID:1964
- C:\Windows\System\dBhdjFI.exe
  C:\Windows\System\dBhdjFI.exe
  2⤵
  PID:2976
- C:\Windows\System\LmFZxsJ.exe
  C:\Windows\System\LmFZxsJ.exe
  2⤵
  PID:2316
- C:\Windows\System\fbqmCUW.exe
  C:\Windows\System\fbqmCUW.exe
  2⤵
  PID:2672
- C:\Windows\System\DnfBupJ.exe
  C:\Windows\System\DnfBupJ.exe
  2⤵
  PID:2692
- C:\Windows\System\QIHGpBx.exe
  C:\Windows\System\QIHGpBx.exe
  2⤵
  PID:2972
- C:\Windows\System\vlHBZUf.exe
  C:\Windows\System\vlHBZUf.exe
  2⤵
  PID:2012
- C:\Windows\System\cIajeQc.exe
  C:\Windows\System\cIajeQc.exe
  2⤵
  PID:2800
- C:\Windows\System\WLxvzyC.exe
  C:\Windows\System\WLxvzyC.exe
  2⤵
  PID:2648
- C:\Windows\System\fZVCeMK.exe
  C:\Windows\System\fZVCeMK.exe
  2⤵
  PID:2552
- C:\Windows\System\UgmzJln.exe
  C:\Windows\System\UgmzJln.exe
  2⤵
  PID:1700
- C:\Windows\System\DVKKthH.exe
  C:\Windows\System\DVKKthH.exe
  2⤵
  PID:796
- C:\Windows\System\blvRRoR.exe
  C:\Windows\System\blvRRoR.exe
  2⤵
  PID:808
- C:\Windows\System\eQowsmR.exe
  C:\Windows\System\eQowsmR.exe
  2⤵
  PID:3012
- C:\Windows\System\qQnjpQr.exe
  C:\Windows\System\qQnjpQr.exe
  2⤵
  PID:1628
- C:\Windows\System\ZDYUxHU.exe
  C:\Windows\System\ZDYUxHU.exe
  2⤵
  PID:2040
- C:\Windows\System\YuiFGHj.exe
  C:\Windows\System\YuiFGHj.exe
  2⤵
  PID:908
- C:\Windows\System\bXLZBGu.exe
  C:\Windows\System\bXLZBGu.exe
  2⤵
  PID:2452
- C:\Windows\System\SYAyYYg.exe
  C:\Windows\System\SYAyYYg.exe
  2⤵
  PID:1808
- C:\Windows\System\BXyVpsg.exe
  C:\Windows\System\BXyVpsg.exe
  2⤵
  PID:2180
- C:\Windows\System\fieqZtU.exe
  C:\Windows\System\fieqZtU.exe
  2⤵
  PID:2996
- C:\Windows\System\TvfRZzZ.exe
  C:\Windows\System\TvfRZzZ.exe
  2⤵
  PID:1724
- C:\Windows\System\NfNZpml.exe
  C:\Windows\System\NfNZpml.exe
  2⤵
  PID:1604
- C:\Windows\System\gENQQGt.exe
  C:\Windows\System\gENQQGt.exe
  2⤵
  PID:340
- C:\Windows\System\FeoibFE.exe
  C:\Windows\System\FeoibFE.exe
  2⤵
  PID:1468
- C:\Windows\System\rCRcvhO.exe
  C:\Windows\System\rCRcvhO.exe
  2⤵
  PID:2396
- C:\Windows\System\rOizpTl.exe
  C:\Windows\System\rOizpTl.exe
  2⤵
  PID:2472
- C:\Windows\System\XavkIuX.exe
  C:\Windows\System\XavkIuX.exe
  2⤵
  PID:2628
- C:\Windows\System\CKYUAFg.exe
  C:\Windows\System\CKYUAFg.exe
  2⤵
  PID:2840
- C:\Windows\System\NTIQgCa.exe
  C:\Windows\System\NTIQgCa.exe
  2⤵
  PID:1980
- C:\Windows\System\siDMJvC.exe
  C:\Windows\System\siDMJvC.exe
  2⤵
  PID:2716
- C:\Windows\System\AocdLwc.exe
  C:\Windows\System\AocdLwc.exe
  2⤵
  PID:1428
- C:\Windows\System\XPFcBoY.exe
  C:\Windows\System\XPFcBoY.exe
  2⤵
  PID:1324
- C:\Windows\System\LOMDPFO.exe
  C:\Windows\System\LOMDPFO.exe
  2⤵
  PID:3016
- C:\Windows\System\RWDtzBl.exe
  C:\Windows\System\RWDtzBl.exe
  2⤵
  PID:2108
- C:\Windows\System\Lpseyfu.exe
  C:\Windows\System\Lpseyfu.exe
  2⤵
  PID:2028
- C:\Windows\System\bQrVplf.exe
  C:\Windows\System\bQrVplf.exe
  2⤵
  PID:2280
- C:\Windows\System\xyFZWKC.exe
  C:\Windows\System\xyFZWKC.exe
  2⤵
  PID:2912
- C:\Windows\System\CFJTKgb.exe
  C:\Windows\System\CFJTKgb.exe
  2⤵
  PID:2240
- C:\Windows\System\zscUlje.exe
  C:\Windows\System\zscUlje.exe
  2⤵
  PID:1412
- C:\Windows\System\wrJsEQM.exe
  C:\Windows\System\wrJsEQM.exe
  2⤵
  PID:2200
- C:\Windows\System\sTcEFYH.exe
  C:\Windows\System\sTcEFYH.exe
  2⤵
  PID:2964
- C:\Windows\System\gDuTdyU.exe
  C:\Windows\System\gDuTdyU.exe
  2⤵
  PID:1080
- C:\Windows\System\QuxNOJX.exe
  C:\Windows\System\QuxNOJX.exe
  2⤵
  PID:2348
- C:\Windows\System\qSfPCys.exe
  C:\Windows\System\qSfPCys.exe
  2⤵
  PID:2620
- C:\Windows\System\OhtfgoY.exe
  C:\Windows\System\OhtfgoY.exe
  2⤵
  PID:3068
- C:\Windows\System\UEMBYSd.exe
  C:\Windows\System\UEMBYSd.exe
  2⤵
  PID:2760
- C:\Windows\System\KmQdPSg.exe
  C:\Windows\System\KmQdPSg.exe
  2⤵
  PID:1776
- C:\Windows\System\niujRRo.exe
  C:\Windows\System\niujRRo.exe
  2⤵
  PID:380
- C:\Windows\System\mKHpuGo.exe
  C:\Windows\System\mKHpuGo.exe
  2⤵
  PID:1280
- C:\Windows\System\FYDEWij.exe
  C:\Windows\System\FYDEWij.exe
  2⤵
  PID:1096
- C:\Windows\System\ywRvRbM.exe
  C:\Windows\System\ywRvRbM.exe
  2⤵
  PID:2424
- C:\Windows\System\AjZToiF.exe
  C:\Windows\System\AjZToiF.exe
  2⤵
  PID:2548
- C:\Windows\System\txbDsWn.exe
  C:\Windows\System\txbDsWn.exe
  2⤵
  PID:2824
- C:\Windows\System\xOCutyL.exe
  C:\Windows\System\xOCutyL.exe
  2⤵
  PID:2932
- C:\Windows\System\JYKYzDn.exe
  C:\Windows\System\JYKYzDn.exe
  2⤵
  PID:3080
- C:\Windows\System\iXUpKFO.exe
  C:\Windows\System\iXUpKFO.exe
  2⤵
  PID:3096
- C:\Windows\System\WoAOBHM.exe
  C:\Windows\System\WoAOBHM.exe
  2⤵
  PID:3112
- C:\Windows\System\zJzxTZH.exe
  C:\Windows\System\zJzxTZH.exe
  2⤵
  PID:3128
- C:\Windows\System\sqMaEiK.exe
  C:\Windows\System\sqMaEiK.exe
  2⤵
  PID:3144
- C:\Windows\System\TrZWqHI.exe
  C:\Windows\System\TrZWqHI.exe
  2⤵
  PID:3160
- C:\Windows\System\zdVGxdX.exe
  C:\Windows\System\zdVGxdX.exe
  2⤵
  PID:3176
- C:\Windows\System\DvHHjsg.exe
  C:\Windows\System\DvHHjsg.exe
  2⤵
  PID:3196
- C:\Windows\System\kZULqIz.exe
  C:\Windows\System\kZULqIz.exe
  2⤵
  PID:3216
- C:\Windows\System\hmlrCGx.exe
  C:\Windows\System\hmlrCGx.exe
  2⤵
  PID:3236
- C:\Windows\System\bLEJbQk.exe
  C:\Windows\System\bLEJbQk.exe
  2⤵
  PID:3252
- C:\Windows\System\HZlalpH.exe
  C:\Windows\System\HZlalpH.exe
  2⤵
  PID:3268
- C:\Windows\System\qScgPXH.exe
  C:\Windows\System\qScgPXH.exe
  2⤵
  PID:3296
- C:\Windows\System\oZNJWCL.exe
  C:\Windows\System\oZNJWCL.exe
  2⤵
  PID:3316
- C:\Windows\System\PENgoWd.exe
  C:\Windows\System\PENgoWd.exe
  2⤵
  PID:3332
- C:\Windows\System\kMWABUV.exe
  C:\Windows\System\kMWABUV.exe
  2⤵
  PID:3348
- C:\Windows\System\sVBbezZ.exe
  C:\Windows\System\sVBbezZ.exe
  2⤵
  PID:3364
- C:\Windows\System\vcfWLBB.exe
  C:\Windows\System\vcfWLBB.exe
  2⤵
  PID:3380
- C:\Windows\System\KButaWM.exe
  C:\Windows\System\KButaWM.exe
  2⤵
  PID:3396
- C:\Windows\System\dbkzfbo.exe
  C:\Windows\System\dbkzfbo.exe
  2⤵
  PID:3412
- C:\Windows\System\LqmkyXe.exe
  C:\Windows\System\LqmkyXe.exe
  2⤵
  PID:3428
- C:\Windows\System\BFNOgEE.exe
  C:\Windows\System\BFNOgEE.exe
  2⤵
  PID:3444
- C:\Windows\System\erQqJHQ.exe
  C:\Windows\System\erQqJHQ.exe
  2⤵
  PID:3460
- C:\Windows\System\hUhvZfw.exe
  C:\Windows\System\hUhvZfw.exe
  2⤵
  PID:3476
- C:\Windows\System\NfJcMWQ.exe
  C:\Windows\System\NfJcMWQ.exe
  2⤵
  PID:3492
- C:\Windows\System\vqpJiqs.exe
  C:\Windows\System\vqpJiqs.exe
  2⤵
  PID:3508
- C:\Windows\System\WQRQsrZ.exe
  C:\Windows\System\WQRQsrZ.exe
  2⤵
  PID:3524
- C:\Windows\System\bEKEWVB.exe
  C:\Windows\System\bEKEWVB.exe
  2⤵
  PID:3540
- C:\Windows\System\tlHSNUd.exe
  C:\Windows\System\tlHSNUd.exe
  2⤵
  PID:3556
- C:\Windows\System\VSpVSug.exe
  C:\Windows\System\VSpVSug.exe
  2⤵
  PID:3572
- C:\Windows\System\PiGXcpq.exe
  C:\Windows\System\PiGXcpq.exe
  2⤵
  PID:3588
- C:\Windows\System\RqsxYxX.exe
  C:\Windows\System\RqsxYxX.exe
  2⤵
  PID:3608
- C:\Windows\System\CvYfvWO.exe
  C:\Windows\System\CvYfvWO.exe
  2⤵
  PID:3624
- C:\Windows\System\DUVEJQK.exe
  C:\Windows\System\DUVEJQK.exe
  2⤵
  PID:3640
- C:\Windows\System\wsIVUIH.exe
  C:\Windows\System\wsIVUIH.exe
  2⤵
  PID:3656
- C:\Windows\System\SfwRpJS.exe
  C:\Windows\System\SfwRpJS.exe
  2⤵
  PID:3672
- C:\Windows\System\pnWWkue.exe
  C:\Windows\System\pnWWkue.exe
  2⤵
  PID:3688
- C:\Windows\System\PzvLPUd.exe
  C:\Windows\System\PzvLPUd.exe
  2⤵
  PID:3704
- C:\Windows\System\ccBxcgZ.exe
  C:\Windows\System\ccBxcgZ.exe
  2⤵
  PID:3720
- C:\Windows\System\rbdIKZg.exe
  C:\Windows\System\rbdIKZg.exe
  2⤵
  PID:3736
- C:\Windows\System\gXSJjyS.exe
  C:\Windows\System\gXSJjyS.exe
  2⤵
  PID:3752
- C:\Windows\System\GDZFOtK.exe
  C:\Windows\System\GDZFOtK.exe
  2⤵
  PID:3768
- C:\Windows\System\uUzrSiG.exe
  C:\Windows\System\uUzrSiG.exe
  2⤵
  PID:3784
- C:\Windows\System\lsJScnn.exe
  C:\Windows\System\lsJScnn.exe
  2⤵
  PID:3800
- C:\Windows\System\LMqESzg.exe
  C:\Windows\System\LMqESzg.exe
  2⤵
  PID:3816
- C:\Windows\System\zUeBdgn.exe
  C:\Windows\System\zUeBdgn.exe
  2⤵
  PID:3832
- C:\Windows\System\nDfxvdj.exe
  C:\Windows\System\nDfxvdj.exe
  2⤵
  PID:3848
- C:\Windows\System\qhupOnk.exe
  C:\Windows\System\qhupOnk.exe
  2⤵
  PID:3864
- C:\Windows\System\bANkWCj.exe
  C:\Windows\System\bANkWCj.exe
  2⤵
  PID:3880
- C:\Windows\System\RXiNxHn.exe
  C:\Windows\System\RXiNxHn.exe
  2⤵
  PID:3896
- C:\Windows\System\TFfBWuU.exe
  C:\Windows\System\TFfBWuU.exe
  2⤵
  PID:3912
- C:\Windows\System\DjVNPWL.exe
  C:\Windows\System\DjVNPWL.exe
  2⤵
  PID:3928
- C:\Windows\System\rgyyvPk.exe
  C:\Windows\System\rgyyvPk.exe
  2⤵
  PID:3948
- C:\Windows\System\UmKAPGE.exe
  C:\Windows\System\UmKAPGE.exe
  2⤵
  PID:3964
- C:\Windows\System\qTZQKRa.exe
  C:\Windows\System\qTZQKRa.exe
  2⤵
  PID:3980
- C:\Windows\System\UEiBqWH.exe
  C:\Windows\System\UEiBqWH.exe
  2⤵
  PID:3996
- C:\Windows\System\ErKKtLG.exe
  C:\Windows\System\ErKKtLG.exe
  2⤵
  PID:4012
- C:\Windows\System\gzalpam.exe
  C:\Windows\System\gzalpam.exe
  2⤵
  PID:4028
- C:\Windows\System\XUoMmUw.exe
  C:\Windows\System\XUoMmUw.exe
  2⤵
  PID:4048
- C:\Windows\System\DvwWYnj.exe
  C:\Windows\System\DvwWYnj.exe
  2⤵
  PID:4064
- C:\Windows\System\QaBkLsO.exe
  C:\Windows\System\QaBkLsO.exe
  2⤵
  PID:4080
- C:\Windows\System\BRettdw.exe
  C:\Windows\System\BRettdw.exe
  2⤵
  PID:3028
- C:\Windows\System\kuWSLua.exe
  C:\Windows\System\kuWSLua.exe
  2⤵
  PID:1680
- C:\Windows\System\IDDBIDx.exe
  C:\Windows\System\IDDBIDx.exe
  2⤵
  PID:2864
- C:\Windows\System\UqbOsHs.exe
  C:\Windows\System\UqbOsHs.exe
  2⤵
  PID:3088
- C:\Windows\System\kxPwxIN.exe
  C:\Windows\System\kxPwxIN.exe
  2⤵
  PID:3152
- C:\Windows\System\BYVOblb.exe
  C:\Windows\System\BYVOblb.exe
  2⤵
  PID:3024
- C:\Windows\System\MKiUjVC.exe
  C:\Windows\System\MKiUjVC.exe
  2⤵
  PID:1400
- C:\Windows\System\eRpWAKY.exe
  C:\Windows\System\eRpWAKY.exe
  2⤵
  PID:3108
- C:\Windows\System\FkVlXEV.exe
  C:\Windows\System\FkVlXEV.exe
  2⤵
  PID:1736
- C:\Windows\System\jBIGyzL.exe
  C:\Windows\System\jBIGyzL.exe
  2⤵
  PID:3192
- C:\Windows\System\TxlQmnj.exe
  C:\Windows\System\TxlQmnj.exe
  2⤵
  PID:3228
- C:\Windows\System\eyfXBXf.exe
  C:\Windows\System\eyfXBXf.exe
  2⤵
  PID:3244
- C:\Windows\System\OeNFilt.exe
  C:\Windows\System\OeNFilt.exe
  2⤵
  PID:3280
- C:\Windows\System\zqqxQyB.exe
  C:\Windows\System\zqqxQyB.exe
  2⤵
  PID:3312
- C:\Windows\System\sfzGzvY.exe
  C:\Windows\System\sfzGzvY.exe
  2⤵
  PID:3372
- C:\Windows\System\IIiKhXS.exe
  C:\Windows\System\IIiKhXS.exe
  2⤵
  PID:3436
- C:\Windows\System\XfhXOEz.exe
  C:\Windows\System\XfhXOEz.exe
  2⤵
  PID:3500
- C:\Windows\System\guAGxDo.exe
  C:\Windows\System\guAGxDo.exe
  2⤵
  PID:3452
- C:\Windows\System\nmZRaLJ.exe
  C:\Windows\System\nmZRaLJ.exe
  2⤵
  PID:3488
- C:\Windows\System\wglblKx.exe
  C:\Windows\System\wglblKx.exe
  2⤵
  PID:3392
- C:\Windows\System\BsXLyBN.exe
  C:\Windows\System\BsXLyBN.exe
  2⤵
  PID:3520
- C:\Windows\System\xpndDbg.exe
  C:\Windows\System\xpndDbg.exe
  2⤵
  PID:3552
- C:\Windows\System\qntLMtZ.exe
  C:\Windows\System\qntLMtZ.exe
  2⤵
  PID:3652
- C:\Windows\System\dqFDXoO.exe
  C:\Windows\System\dqFDXoO.exe
  2⤵
  PID:3748
- C:\Windows\System\JVwtjmh.exe
  C:\Windows\System\JVwtjmh.exe
  2⤵
  PID:3872
- C:\Windows\System\jEvaIcO.exe
  C:\Windows\System\jEvaIcO.exe
  2⤵
  PID:3620
- C:\Windows\System\mxenrEn.exe
  C:\Windows\System\mxenrEn.exe
  2⤵
  PID:3812
- C:\Windows\System\lVYOpNY.exe
  C:\Windows\System\lVYOpNY.exe
  2⤵
  PID:3944
- C:\Windows\System\agRxVmY.exe
  C:\Windows\System\agRxVmY.exe
  2⤵
  PID:3568
- C:\Windows\System\opaXual.exe
  C:\Windows\System\opaXual.exe
  2⤵
  PID:3632
- C:\Windows\System\xbydmhi.exe
  C:\Windows\System\xbydmhi.exe
  2⤵
  PID:3700
- C:\Windows\System\lqUbJvX.exe
  C:\Windows\System\lqUbJvX.exe
  2⤵
  PID:3888
- C:\Windows\System\RSMuUxi.exe
  C:\Windows\System\RSMuUxi.exe
  2⤵
  PID:3764
- C:\Windows\System\kkPIFAD.exe
  C:\Windows\System\kkPIFAD.exe
  2⤵
  PID:3920
- C:\Windows\System\uAWqAtE.exe
  C:\Windows\System\uAWqAtE.exe
  2⤵
  PID:3828
- C:\Windows\System\hpgFGqs.exe
  C:\Windows\System\hpgFGqs.exe
  2⤵
  PID:3972
- C:\Windows\System\uorGWqR.exe
  C:\Windows\System\uorGWqR.exe
  2⤵
  PID:3104
- C:\Windows\System\jKrDCFB.exe
  C:\Windows\System\jKrDCFB.exe
  2⤵
  PID:3224
- C:\Windows\System\hRkSlDL.exe
  C:\Windows\System\hRkSlDL.exe
  2⤵
  PID:3188
- C:\Windows\System\qABtMZz.exe
  C:\Windows\System\qABtMZz.exe
  2⤵
  PID:3340
- C:\Windows\System\StyjzqD.exe
  C:\Windows\System\StyjzqD.exe
  2⤵
  PID:1672
- C:\Windows\System\IEfYHqc.exe
  C:\Windows\System\IEfYHqc.exe
  2⤵
  PID:3808
- C:\Windows\System\cIYOXON.exe
  C:\Windows\System\cIYOXON.exe
  2⤵
  PID:1784
- C:\Windows\System\VFTvRPX.exe
  C:\Windows\System\VFTvRPX.exe
  2⤵
  PID:3668
- C:\Windows\System\qMXAOvc.exe
  C:\Windows\System\qMXAOvc.exe
  2⤵
  PID:3324
- C:\Windows\System\bXBrFUs.exe
  C:\Windows\System\bXBrFUs.exe
  2⤵
  PID:3908
- C:\Windows\System\XFWqPxs.exe
  C:\Windows\System\XFWqPxs.exe
  2⤵
  PID:3600
- C:\Windows\System\iDInapz.exe
  C:\Windows\System\iDInapz.exe
  2⤵
  PID:3860
- C:\Windows\System\qcsBCld.exe
  C:\Windows\System\qcsBCld.exe
  2⤵
  PID:2728
- C:\Windows\System\myfwMsb.exe
  C:\Windows\System\myfwMsb.exe
  2⤵
  PID:2076
- C:\Windows\System\BaKQbAy.exe
  C:\Windows\System\BaKQbAy.exe
  2⤵
  PID:4076
- C:\Windows\System\DKATudz.exe
  C:\Windows\System\DKATudz.exe
  2⤵
  PID:3120
- C:\Windows\System\nyYuiLG.exe
  C:\Windows\System\nyYuiLG.exe
  2⤵
  PID:2088
- C:\Windows\System\NHmAbdX.exe
  C:\Windows\System\NHmAbdX.exe
  2⤵
  PID:3264
- C:\Windows\System\aVTlrCp.exe
  C:\Windows\System\aVTlrCp.exe
  2⤵
  PID:3404
- C:\Windows\System\lfiLcib.exe
  C:\Windows\System\lfiLcib.exe
  2⤵
  PID:3456
- C:\Windows\System\KjzbFxh.exe
  C:\Windows\System\KjzbFxh.exe
  2⤵
  PID:3648
- C:\Windows\System\LzOUjGM.exe
  C:\Windows\System\LzOUjGM.exe
  2⤵
  PID:3408
- C:\Windows\System\LtzySdP.exe
  C:\Windows\System\LtzySdP.exe
  2⤵
  PID:3536
- C:\Windows\System\KSWiyEj.exe
  C:\Windows\System\KSWiyEj.exe
  2⤵
  PID:3328
- C:\Windows\System\iObCbsI.exe
  C:\Windows\System\iObCbsI.exe
  2⤵
  PID:3760
- C:\Windows\System\qNldEkt.exe
  C:\Windows\System\qNldEkt.exe
  2⤵
  PID:3956
- C:\Windows\System\BInqGIM.exe
  C:\Windows\System\BInqGIM.exe
  2⤵
  PID:4088
- C:\Windows\System\gbmjWEZ.exe
  C:\Windows\System\gbmjWEZ.exe
  2⤵
  PID:2756
- C:\Windows\System\lfDQfbR.exe
  C:\Windows\System\lfDQfbR.exe
  2⤵
  PID:1048
- C:\Windows\System\vVIlrHh.exe
  C:\Windows\System\vVIlrHh.exe
  2⤵
  PID:3056
- C:\Windows\System\dTDQpTM.exe
  C:\Windows\System\dTDQpTM.exe
  2⤵
  PID:3940
- C:\Windows\System\vHOkgPJ.exe
  C:\Windows\System\vHOkgPJ.exe
  2⤵
  PID:4108
- C:\Windows\System\LcMRfjj.exe
  C:\Windows\System\LcMRfjj.exe
  2⤵
  PID:4132
- C:\Windows\System\otmDWxM.exe
  C:\Windows\System\otmDWxM.exe
  2⤵
  PID:4152
- C:\Windows\System\WOyfuRl.exe
  C:\Windows\System\WOyfuRl.exe
  2⤵
  PID:4172
- C:\Windows\System\ygKQIMc.exe
  C:\Windows\System\ygKQIMc.exe
  2⤵
  PID:4188
- C:\Windows\System\SxnlJqY.exe
  C:\Windows\System\SxnlJqY.exe
  2⤵
  PID:4204
- C:\Windows\System\rwWdzRd.exe
  C:\Windows\System\rwWdzRd.exe
  2⤵
  PID:4224
- C:\Windows\System\RCbuhhs.exe
  C:\Windows\System\RCbuhhs.exe
  2⤵
  PID:4244
- C:\Windows\System\NZkQiWu.exe
  C:\Windows\System\NZkQiWu.exe
  2⤵
  PID:4264
- C:\Windows\System\kJgmNpF.exe
  C:\Windows\System\kJgmNpF.exe
  2⤵
  PID:4280
- C:\Windows\System\mkgOxin.exe
  C:\Windows\System\mkgOxin.exe
  2⤵
  PID:4300
- C:\Windows\System\CraBQBi.exe
  C:\Windows\System\CraBQBi.exe
  2⤵
  PID:4344
- C:\Windows\System\MrrOcaX.exe
  C:\Windows\System\MrrOcaX.exe
  2⤵
  PID:4384
- C:\Windows\System\ulSuogr.exe
  C:\Windows\System\ulSuogr.exe
  2⤵
  PID:4404
- C:\Windows\System\VSRzEgO.exe
  C:\Windows\System\VSRzEgO.exe
  2⤵
  PID:4420
- C:\Windows\System\BtjLzPj.exe
  C:\Windows\System\BtjLzPj.exe
  2⤵
  PID:4436
- C:\Windows\System\VNyBudl.exe
  C:\Windows\System\VNyBudl.exe
  2⤵
  PID:4456
- C:\Windows\System\bdJvMFI.exe
  C:\Windows\System\bdJvMFI.exe
  2⤵
  PID:4472
- C:\Windows\System\mxgeBFt.exe
  C:\Windows\System\mxgeBFt.exe
  2⤵
  PID:4488
- C:\Windows\System\YqvtPfp.exe
  C:\Windows\System\YqvtPfp.exe
  2⤵
  PID:4528
- C:\Windows\System\WfrbMKE.exe
  C:\Windows\System\WfrbMKE.exe
  2⤵
  PID:4544
- C:\Windows\System\nqNgPGA.exe
  C:\Windows\System\nqNgPGA.exe
  2⤵
  PID:4564
- C:\Windows\System\QLDCuCU.exe
  C:\Windows\System\QLDCuCU.exe
  2⤵
  PID:4580
- C:\Windows\System\SFTVcsf.exe
  C:\Windows\System\SFTVcsf.exe
  2⤵
  PID:4596
- C:\Windows\System\fNsIldT.exe
  C:\Windows\System\fNsIldT.exe
  2⤵
  PID:4616
- C:\Windows\System\qJjEvNg.exe
  C:\Windows\System\qJjEvNg.exe
  2⤵
  PID:4632
- C:\Windows\System\VHvAOPz.exe
  C:\Windows\System\VHvAOPz.exe
  2⤵
  PID:4648
- C:\Windows\System\QDzdgKG.exe
  C:\Windows\System\QDzdgKG.exe
  2⤵
  PID:4668
- C:\Windows\System\OsseWnD.exe
  C:\Windows\System\OsseWnD.exe
  2⤵
  PID:4684
- C:\Windows\System\keyzzuZ.exe
  C:\Windows\System\keyzzuZ.exe
  2⤵
  PID:4716
- C:\Windows\System\xgVNFDr.exe
  C:\Windows\System\xgVNFDr.exe
  2⤵
  PID:4732
- C:\Windows\System\DbgcBEq.exe
  C:\Windows\System\DbgcBEq.exe
  2⤵
  PID:4748
- C:\Windows\System\hZWXPvB.exe
  C:\Windows\System\hZWXPvB.exe
  2⤵
  PID:4764
- C:\Windows\System\BnHsJlb.exe
  C:\Windows\System\BnHsJlb.exe
  2⤵
  PID:4780
- C:\Windows\System\cgyXVNd.exe
  C:\Windows\System\cgyXVNd.exe
  2⤵
  PID:4796
- C:\Windows\System\dVFmfdD.exe
  C:\Windows\System\dVFmfdD.exe
  2⤵
  PID:4812
- C:\Windows\System\BFjNBqS.exe
  C:\Windows\System\BFjNBqS.exe
  2⤵
  PID:4832
- C:\Windows\System\NGpTXFf.exe
  C:\Windows\System\NGpTXFf.exe
  2⤵
  PID:4852
- C:\Windows\System\xOoHNNv.exe
  C:\Windows\System\xOoHNNv.exe
  2⤵
  PID:4872
- C:\Windows\System\nOVppxP.exe
  C:\Windows\System\nOVppxP.exe
  2⤵
  PID:4888
- C:\Windows\System\GdtRdYk.exe
  C:\Windows\System\GdtRdYk.exe
  2⤵
  PID:4908
- C:\Windows\System\igWjIUW.exe
  C:\Windows\System\igWjIUW.exe
  2⤵
  PID:4924
- C:\Windows\System\EBHpsFj.exe
  C:\Windows\System\EBHpsFj.exe
  2⤵
  PID:4940
- C:\Windows\System\dQowGnZ.exe
  C:\Windows\System\dQowGnZ.exe
  2⤵
  PID:4992
- C:\Windows\System\rNhXLVV.exe
  C:\Windows\System\rNhXLVV.exe
  2⤵
  PID:5028
- C:\Windows\System\vcLzgNZ.exe
  C:\Windows\System\vcLzgNZ.exe
  2⤵
  PID:5044
- C:\Windows\System\xfJCaLM.exe
  C:\Windows\System\xfJCaLM.exe
  2⤵
  PID:5060
- C:\Windows\System\GvuchTb.exe
  C:\Windows\System\GvuchTb.exe
  2⤵
  PID:5088
- C:\Windows\System\EukpVhv.exe
  C:\Windows\System\EukpVhv.exe
  2⤵
  PID:5108
- C:\Windows\System\izcmNXN.exe
  C:\Windows\System\izcmNXN.exe
  2⤵
  PID:4060
- C:\Windows\System\ZGJQxjb.exe
  C:\Windows\System\ZGJQxjb.exe
  2⤵
  PID:3584
- C:\Windows\System\vVelOeQ.exe
  C:\Windows\System\vVelOeQ.exe
  2⤵
  PID:4124
- C:\Windows\System\tOfxqok.exe
  C:\Windows\System\tOfxqok.exe
  2⤵
  PID:4168
- C:\Windows\System\KzZfjec.exe
  C:\Windows\System\KzZfjec.exe
  2⤵
  PID:4236
- C:\Windows\System\pmdkmDq.exe
  C:\Windows\System\pmdkmDq.exe
  2⤵
  PID:4276
- C:\Windows\System\UNQEaFg.exe
  C:\Windows\System\UNQEaFg.exe
  2⤵
  PID:4144
- C:\Windows\System\KHrFFuU.exe
  C:\Windows\System\KHrFFuU.exe
  2⤵
  PID:4100
- C:\Windows\System\IPGrUua.exe
  C:\Windows\System\IPGrUua.exe
  2⤵
  PID:3924
- C:\Windows\System\knyWRjQ.exe
  C:\Windows\System\knyWRjQ.exe
  2⤵
  PID:3992
- C:\Windows\System\sHvKtIM.exe
  C:\Windows\System\sHvKtIM.exe
  2⤵
  PID:4220
- C:\Windows\System\LFCqVpp.exe
  C:\Windows\System\LFCqVpp.exe
  2⤵
  PID:4320
- C:\Windows\System\jBjXWMb.exe
  C:\Windows\System\jBjXWMb.exe
  2⤵
  PID:3484
- C:\Windows\System\SpHnzsH.exe
  C:\Windows\System\SpHnzsH.exe
  2⤵
  PID:4396
- C:\Windows\System\ZQnFxxd.exe
  C:\Windows\System\ZQnFxxd.exe
  2⤵
  PID:3472
- C:\Windows\System\kKjRXUq.exe
  C:\Windows\System\kKjRXUq.exe
  2⤵
  PID:4356
- C:\Windows\System\bFbiIqw.exe
  C:\Windows\System\bFbiIqw.exe
  2⤵
  PID:4376
- C:\Windows\System\RZKVdAz.exe
  C:\Windows\System\RZKVdAz.exe
  2⤵
  PID:4412
- C:\Windows\System\AjFYoJH.exe
  C:\Windows\System\AjFYoJH.exe
  2⤵
  PID:4516
- C:\Windows\System\IPGjZoR.exe
  C:\Windows\System\IPGjZoR.exe
  2⤵
  PID:4444
- C:\Windows\System\KfyOALh.exe
  C:\Windows\System\KfyOALh.exe
  2⤵
  PID:4592
- C:\Windows\System\sRpPOMU.exe
  C:\Windows\System\sRpPOMU.exe
  2⤵
  PID:4540
- C:\Windows\System\uIxSqJX.exe
  C:\Windows\System\uIxSqJX.exe
  2⤵
  PID:4700
- C:\Windows\System\UFzDGiV.exe
  C:\Windows\System\UFzDGiV.exe
  2⤵
  PID:4740
- C:\Windows\System\PuEnrZE.exe
  C:\Windows\System\PuEnrZE.exe
  2⤵
  PID:4776
- C:\Windows\System\QvOhHfX.exe
  C:\Windows\System\QvOhHfX.exe
  2⤵
  PID:4844
- C:\Windows\System\gMjbYyO.exe
  C:\Windows\System\gMjbYyO.exe
  2⤵
  PID:4896
- C:\Windows\System\XugeEnh.exe
  C:\Windows\System\XugeEnh.exe
  2⤵
  PID:4572
- C:\Windows\System\WvuKyfC.exe
  C:\Windows\System\WvuKyfC.exe
  2⤵
  PID:4756
- C:\Windows\System\TcHqaRo.exe
  C:\Windows\System\TcHqaRo.exe
  2⤵
  PID:4608
- C:\Windows\System\JgNVttm.exe
  C:\Windows\System\JgNVttm.exe
  2⤵
  PID:4900
- C:\Windows\System\ehOPScZ.exe
  C:\Windows\System\ehOPScZ.exe
  2⤵
  PID:4952
- C:\Windows\System\ulcTANG.exe
  C:\Windows\System\ulcTANG.exe
  2⤵
  PID:4968
- C:\Windows\System\GBYFvmN.exe
  C:\Windows\System\GBYFvmN.exe
  2⤵
  PID:5004
- C:\Windows\System\mbTmeVh.exe
  C:\Windows\System\mbTmeVh.exe
  2⤵
  PID:5008
- C:\Windows\System\hUZQTfA.exe
  C:\Windows\System\hUZQTfA.exe
  2⤵
  PID:2744
- C:\Windows\System\JijtQkA.exe
  C:\Windows\System\JijtQkA.exe
  2⤵
  PID:5116
- C:\Windows\System\iEYlbHF.exe
  C:\Windows\System\iEYlbHF.exe
  2⤵
  PID:4116
- C:\Windows\System\RWEHbVO.exe
  C:\Windows\System\RWEHbVO.exe
  2⤵
  PID:5024
- C:\Windows\System\EUbNoca.exe
  C:\Windows\System\EUbNoca.exe
  2⤵
  PID:5100
- C:\Windows\System\DPXKrZr.exe
  C:\Windows\System\DPXKrZr.exe
  2⤵
  PID:3140
- C:\Windows\System\sRbmqfn.exe
  C:\Windows\System\sRbmqfn.exe
  2⤵
  PID:4216
- C:\Windows\System\zdmAtbi.exe
  C:\Windows\System\zdmAtbi.exe
  2⤵
  PID:4256
- C:\Windows\System\XmweMSt.exe
  C:\Windows\System\XmweMSt.exe
  2⤵
  PID:2516
- C:\Windows\System\VSENWNm.exe
  C:\Windows\System\VSENWNm.exe
  2⤵
  PID:4448
- C:\Windows\System\TeNkIPT.exe
  C:\Windows\System\TeNkIPT.exe
  2⤵
  PID:4512
- C:\Windows\System\SCWHWRp.exe
  C:\Windows\System\SCWHWRp.exe
  2⤵
  PID:4660
- C:\Windows\System\qDiEDnR.exe
  C:\Windows\System\qDiEDnR.exe
  2⤵
  PID:4576
- C:\Windows\System\BHIcbww.exe
  C:\Windows\System\BHIcbww.exe
  2⤵
  PID:4828
- C:\Windows\System\RzMAhuS.exe
  C:\Windows\System\RzMAhuS.exe
  2⤵
  PID:3288
- C:\Windows\System\KIoxgTr.exe
  C:\Windows\System\KIoxgTr.exe
  2⤵
  PID:4432
- C:\Windows\System\feluaOa.exe
  C:\Windows\System\feluaOa.exe
  2⤵
  PID:4292
- C:\Windows\System\WvrlYDQ.exe
  C:\Windows\System\WvrlYDQ.exe
  2⤵
  PID:4712
- C:\Windows\System\ONSMxjt.exe
  C:\Windows\System\ONSMxjt.exe
  2⤵
  PID:4860
- C:\Windows\System\usTpraG.exe
  C:\Windows\System\usTpraG.exe
  2⤵
  PID:416
- C:\Windows\System\MzoJpSd.exe
  C:\Windows\System\MzoJpSd.exe
  2⤵
  PID:4868
- C:\Windows\System\HGTdFaH.exe
  C:\Windows\System\HGTdFaH.exe
  2⤵
  PID:5080
- C:\Windows\System\TUQdMow.exe
  C:\Windows\System\TUQdMow.exe
  2⤵
  PID:5020
- C:\Windows\System\HRjqjcW.exe
  C:\Windows\System\HRjqjcW.exe
  2⤵
  PID:3284
- C:\Windows\System\coBQBvw.exe
  C:\Windows\System\coBQBvw.exe
  2⤵
  PID:4336
- C:\Windows\System\PcAtuza.exe
  C:\Windows\System\PcAtuza.exe
  2⤵
  PID:3304
- C:\Windows\System\tmcnEOA.exe
  C:\Windows\System\tmcnEOA.exe
  2⤵
  PID:4936
- C:\Windows\System\ekKWHhl.exe
  C:\Windows\System\ekKWHhl.exe
  2⤵
  PID:2720
- C:\Windows\System\KBKfqMW.exe
  C:\Windows\System\KBKfqMW.exe
  2⤵
  PID:1232
- C:\Windows\System\pxKxSTk.exe
  C:\Windows\System\pxKxSTk.exe
  2⤵
  PID:2868
- C:\Windows\System\IAbFLPd.exe
  C:\Windows\System\IAbFLPd.exe
  2⤵
  PID:5040
- C:\Windows\System\vbuwLim.exe
  C:\Windows\System\vbuwLim.exe
  2⤵
  PID:4612
- C:\Windows\System\XqHtpPz.exe
  C:\Windows\System\XqHtpPz.exe
  2⤵
  PID:4468
- C:\Windows\System\RDqQSeR.exe
  C:\Windows\System\RDqQSeR.exe
  2⤵
  PID:4524
- C:\Windows\System\LiVWYlj.exe
  C:\Windows\System\LiVWYlj.exe
  2⤵
  PID:4272
- C:\Windows\System\oewXvwH.exe
  C:\Windows\System\oewXvwH.exe
  2⤵
  PID:4664
- C:\Windows\System\ijuMnAF.exe
  C:\Windows\System\ijuMnAF.exe
  2⤵
  PID:5096
- C:\Windows\System\fHCWwzz.exe
  C:\Windows\System\fHCWwzz.exe
  2⤵
  PID:4824
- C:\Windows\System\NMucIzo.exe
  C:\Windows\System\NMucIzo.exe
  2⤵
  PID:1768
- C:\Windows\System\YphMQFD.exe
  C:\Windows\System\YphMQFD.exe
  2⤵
  PID:4904
- C:\Windows\System\RjeHddc.exe
  C:\Windows\System\RjeHddc.exe
  2⤵
  PID:4808
- C:\Windows\System\gsbsaWv.exe
  C:\Windows\System\gsbsaWv.exe
  2⤵
  PID:868
- C:\Windows\System\WcQchyB.exe
  C:\Windows\System\WcQchyB.exe
  2⤵
  PID:4308
- C:\Windows\System\rlOaDpD.exe
  C:\Windows\System\rlOaDpD.exe
  2⤵
  PID:5072
- C:\Windows\System\oTmKQUW.exe
  C:\Windows\System\oTmKQUW.exe
  2⤵
  PID:4164
- C:\Windows\System\HgjCPBy.exe
  C:\Windows\System\HgjCPBy.exe
  2⤵
  PID:5084
- C:\Windows\System\NFPoFUD.exe
  C:\Windows\System\NFPoFUD.exe
  2⤵
  PID:5124
- C:\Windows\System\zvgRsNh.exe
  C:\Windows\System\zvgRsNh.exe
  2⤵
  PID:5140
- C:\Windows\System\iaurbuY.exe
  C:\Windows\System\iaurbuY.exe
  2⤵
  PID:5156
- C:\Windows\System\wYMsraT.exe
  C:\Windows\System\wYMsraT.exe
  2⤵
  PID:5172
- C:\Windows\System\qASEcWi.exe
  C:\Windows\System\qASEcWi.exe
  2⤵
  PID:5192
- C:\Windows\System\eOmiCPP.exe
  C:\Windows\System\eOmiCPP.exe
  2⤵
  PID:5244
- C:\Windows\System\VNQNpxA.exe
  C:\Windows\System\VNQNpxA.exe
  2⤵
  PID:5260
- C:\Windows\System\WJiSLgT.exe
  C:\Windows\System\WJiSLgT.exe
  2⤵
  PID:5304
- C:\Windows\System\UBHplPZ.exe
  C:\Windows\System\UBHplPZ.exe
  2⤵
  PID:5320
- C:\Windows\System\LZltWYP.exe
  C:\Windows\System\LZltWYP.exe
  2⤵
  PID:5336
- C:\Windows\System\VNlUcvB.exe
  C:\Windows\System\VNlUcvB.exe
  2⤵
  PID:5352
- C:\Windows\System\eViccQi.exe
  C:\Windows\System\eViccQi.exe
  2⤵
  PID:5368
- C:\Windows\System\lNIRfWm.exe
  C:\Windows\System\lNIRfWm.exe
  2⤵
  PID:5384
- C:\Windows\System\xPaVQWn.exe
  C:\Windows\System\xPaVQWn.exe
  2⤵
  PID:5400
- C:\Windows\System\oqqYJck.exe
  C:\Windows\System\oqqYJck.exe
  2⤵
  PID:5428
- C:\Windows\System\eTwFzFB.exe
  C:\Windows\System\eTwFzFB.exe
  2⤵
  PID:5460
- C:\Windows\System\EKcwuBJ.exe
  C:\Windows\System\EKcwuBJ.exe
  2⤵
  PID:5476
- C:\Windows\System\NmsvKjd.exe
  C:\Windows\System\NmsvKjd.exe
  2⤵
  PID:5500
- C:\Windows\System\TWfGmhl.exe
  C:\Windows\System\TWfGmhl.exe
  2⤵
  PID:5516
- C:\Windows\System\lLLCKwR.exe
  C:\Windows\System\lLLCKwR.exe
  2⤵
  PID:5532
- C:\Windows\System\pAPLepC.exe
  C:\Windows\System\pAPLepC.exe
  2⤵
  PID:5552
- C:\Windows\System\aXMjOFh.exe
  C:\Windows\System\aXMjOFh.exe
  2⤵
  PID:5568
- C:\Windows\System\LQqBtgM.exe
  C:\Windows\System\LQqBtgM.exe
  2⤵
  PID:5584
- C:\Windows\System\YzkXWNu.exe
  C:\Windows\System\YzkXWNu.exe
  2⤵
  PID:5624
- C:\Windows\System\uWQVLMQ.exe
  C:\Windows\System\uWQVLMQ.exe
  2⤵
  PID:5644
- C:\Windows\System\vmrKZgF.exe
  C:\Windows\System\vmrKZgF.exe
  2⤵
  PID:5664
- C:\Windows\System\qoHfOHg.exe
  C:\Windows\System\qoHfOHg.exe
  2⤵
  PID:5688
- C:\Windows\System\xaKFpSF.exe
  C:\Windows\System\xaKFpSF.exe
  2⤵
  PID:5704
- C:\Windows\System\xunzFqn.exe
  C:\Windows\System\xunzFqn.exe
  2⤵
  PID:5720
- C:\Windows\System\gdEDEsX.exe
  C:\Windows\System\gdEDEsX.exe
  2⤵
  PID:5736
- C:\Windows\System\DvbjpPp.exe
  C:\Windows\System\DvbjpPp.exe
  2⤵
  PID:5756
- C:\Windows\System\KNbDDfZ.exe
  C:\Windows\System\KNbDDfZ.exe
  2⤵
  PID:5772
- C:\Windows\System\oRmaBRN.exe
  C:\Windows\System\oRmaBRN.exe
  2⤵
  PID:5788
- C:\Windows\System\HsRszBT.exe
  C:\Windows\System\HsRszBT.exe
  2⤵
  PID:5804
- C:\Windows\System\YDrxYXr.exe
  C:\Windows\System\YDrxYXr.exe
  2⤵
  PID:5820
- C:\Windows\System\eRNENjb.exe
  C:\Windows\System\eRNENjb.exe
  2⤵
  PID:5840
- C:\Windows\System\gnZJcdP.exe
  C:\Windows\System\gnZJcdP.exe
  2⤵
  PID:5864
- C:\Windows\System\PNYarJv.exe
  C:\Windows\System\PNYarJv.exe
  2⤵
  PID:5908
- C:\Windows\System\SHFhbwt.exe
  C:\Windows\System\SHFhbwt.exe
  2⤵
  PID:5924
- C:\Windows\System\UyNqpMQ.exe
  C:\Windows\System\UyNqpMQ.exe
  2⤵
  PID:5944
- C:\Windows\System\EbxhRte.exe
  C:\Windows\System\EbxhRte.exe
  2⤵
  PID:5960
- C:\Windows\System\CsoHmKK.exe
  C:\Windows\System\CsoHmKK.exe
  2⤵
  PID:5996
- C:\Windows\System\mDircnZ.exe
  C:\Windows\System\mDircnZ.exe
  2⤵
  PID:6016
- C:\Windows\System\mFatNfp.exe
  C:\Windows\System\mFatNfp.exe
  2⤵
  PID:6036
- C:\Windows\System\CYNssuD.exe
  C:\Windows\System\CYNssuD.exe
  2⤵
  PID:6052
- C:\Windows\System\ZNhcKZo.exe
  C:\Windows\System\ZNhcKZo.exe
  2⤵
  PID:6068
- C:\Windows\System\cRyvOrZ.exe
  C:\Windows\System\cRyvOrZ.exe
  2⤵
  PID:6088
- C:\Windows\System\JqKPujK.exe
  C:\Windows\System\JqKPujK.exe
  2⤵
  PID:6104
- C:\Windows\System\SfpTaNl.exe
  C:\Windows\System\SfpTaNl.exe
  2⤵
  PID:6120
- C:\Windows\System\FfoOTnr.exe
  C:\Windows\System\FfoOTnr.exe
  2⤵
  PID:6136
- C:\Windows\System\xBqqEZz.exe
  C:\Windows\System\xBqqEZz.exe
  2⤵
  PID:4920
- C:\Windows\System\OMPjKbs.exe
  C:\Windows\System\OMPjKbs.exe
  2⤵
  PID:4948
- C:\Windows\System\edDYtif.exe
  C:\Windows\System\edDYtif.exe
  2⤵
  PID:5068
- C:\Windows\System\aTUIYEE.exe
  C:\Windows\System\aTUIYEE.exe
  2⤵
  PID:5136
- C:\Windows\System\msfOjVV.exe
  C:\Windows\System\msfOjVV.exe
  2⤵
  PID:4180
- C:\Windows\System\HIsxKRo.exe
  C:\Windows\System\HIsxKRo.exe
  2⤵
  PID:5184
- C:\Windows\System\wCWYDyu.exe
  C:\Windows\System\wCWYDyu.exe
  2⤵
  PID:5220
- C:\Windows\System\YlFGBrn.exe
  C:\Windows\System\YlFGBrn.exe
  2⤵
  PID:5268
- C:\Windows\System\GNpMSvY.exe
  C:\Windows\System\GNpMSvY.exe
  2⤵
  PID:5288
- C:\Windows\System\zaSLymE.exe
  C:\Windows\System\zaSLymE.exe
  2⤵
  PID:5328
- C:\Windows\System\fxuNajC.exe
  C:\Windows\System\fxuNajC.exe
  2⤵
  PID:5364
- C:\Windows\System\cCylZrz.exe
  C:\Windows\System\cCylZrz.exe
  2⤵
  PID:5396
- C:\Windows\System\qSShDpq.exe
  C:\Windows\System\qSShDpq.exe
  2⤵
  PID:5448
- C:\Windows\System\MudslMj.exe
  C:\Windows\System\MudslMj.exe
  2⤵
  PID:5408
- C:\Windows\System\rqiopGt.exe
  C:\Windows\System\rqiopGt.exe
  2⤵
  PID:5380
- C:\Windows\System\fUqxaCy.exe
  C:\Windows\System\fUqxaCy.exe
  2⤵
  PID:5488
- C:\Windows\System\qhBEuDU.exe
  C:\Windows\System\qhBEuDU.exe
  2⤵
  PID:5420
- C:\Windows\System\RSZMTWb.exe
  C:\Windows\System\RSZMTWb.exe
  2⤵
  PID:5592
- C:\Windows\System\AJYYIds.exe
  C:\Windows\System\AJYYIds.exe
  2⤵
  PID:5508
- C:\Windows\System\ErfkMbR.exe
  C:\Windows\System\ErfkMbR.exe
  2⤵
  PID:5620
- C:\Windows\System\pCiiuhe.exe
  C:\Windows\System\pCiiuhe.exe
  2⤵
  PID:5596
- C:\Windows\System\KKZRWAO.exe
  C:\Windows\System\KKZRWAO.exe
  2⤵
  PID:5652
- C:\Windows\System\HwYZApQ.exe
  C:\Windows\System\HwYZApQ.exe
  2⤵
  PID:5796
- C:\Windows\System\afpRnvL.exe
  C:\Windows\System\afpRnvL.exe
  2⤵
  PID:5872
- C:\Windows\System\JohTtAT.exe
  C:\Windows\System\JohTtAT.exe
  2⤵
  PID:5812
- C:\Windows\System\cLdKXPo.exe
  C:\Windows\System\cLdKXPo.exe
  2⤵
  PID:5856
- C:\Windows\System\oLJbeAo.exe
  C:\Windows\System\oLJbeAo.exe
  2⤵
  PID:5712
- C:\Windows\System\eOXyXBJ.exe
  C:\Windows\System\eOXyXBJ.exe
  2⤵
  PID:5916
- C:\Windows\System\euhMqDv.exe
  C:\Windows\System\euhMqDv.exe
  2⤵
  PID:5896
- C:\Windows\System\enrDAlS.exe
  C:\Windows\System\enrDAlS.exe
  2⤵
  PID:5952
- C:\Windows\System\pigNpSk.exe
  C:\Windows\System\pigNpSk.exe
  2⤵
  PID:5980
- C:\Windows\System\BXjbuxU.exe
  C:\Windows\System\BXjbuxU.exe
  2⤵
  PID:6012
- C:\Windows\System\AjUFBOY.exe
  C:\Windows\System\AjUFBOY.exe
  2⤵
  PID:6044
- C:\Windows\System\fXIpoud.exe
  C:\Windows\System\fXIpoud.exe
  2⤵
  PID:6080
- C:\Windows\System\gRQkImP.exe
  C:\Windows\System\gRQkImP.exe
  2⤵
  PID:4024
- C:\Windows\System\KLcYFOX.exe
  C:\Windows\System\KLcYFOX.exe
  2⤵
  PID:5168
- C:\Windows\System\tLoJpwW.exe
  C:\Windows\System\tLoJpwW.exe
  2⤵
  PID:6128
- C:\Windows\System\OCecDlQ.exe
  C:\Windows\System\OCecDlQ.exe
  2⤵
  PID:4884
- C:\Windows\System\yQrREAv.exe
  C:\Windows\System\yQrREAv.exe
  2⤵
  PID:4728
- C:\Windows\System\MNSwchQ.exe
  C:\Windows\System\MNSwchQ.exe
  2⤵
  PID:5204
- C:\Windows\System\wSKqRpZ.exe
  C:\Windows\System\wSKqRpZ.exe
  2⤵
  PID:5284
- C:\Windows\System\wHvaGal.exe
  C:\Windows\System\wHvaGal.exe
  2⤵
  PID:5392
- C:\Windows\System\wAexSpq.exe
  C:\Windows\System\wAexSpq.exe
  2⤵
  PID:5312
- C:\Windows\System\RQJQiGx.exe
  C:\Windows\System\RQJQiGx.exe
  2⤵
  PID:5560
- C:\Windows\System\JJaSqUp.exe
  C:\Windows\System\JJaSqUp.exe
  2⤵
  PID:5600
- C:\Windows\System\vCwieWm.exe
  C:\Windows\System\vCwieWm.exe
  2⤵
  PID:5544
- C:\Windows\System\dUDNZPS.exe
  C:\Windows\System\dUDNZPS.exe
  2⤵
  PID:5684
- C:\Windows\System\NzHVhwa.exe
  C:\Windows\System\NzHVhwa.exe
  2⤵
  PID:5728
- C:\Windows\System\vlsADiL.exe
  C:\Windows\System\vlsADiL.exe
  2⤵
  PID:5296
- C:\Windows\System\IzuYIJU.exe
  C:\Windows\System\IzuYIJU.exe
  2⤵
  PID:5616
- C:\Windows\System\WfyxCcM.exe
  C:\Windows\System\WfyxCcM.exe
  2⤵
  PID:5892
- C:\Windows\System\GblkqOi.exe
  C:\Windows\System\GblkqOi.exe
  2⤵
  PID:5836
- C:\Windows\System\ZNgUjqh.exe
  C:\Windows\System\ZNgUjqh.exe
  2⤵
  PID:4288
- C:\Windows\System\esBqDix.exe
  C:\Windows\System\esBqDix.exe
  2⤵
  PID:4984
- C:\Windows\System\kqymjUn.exe
  C:\Windows\System\kqymjUn.exe
  2⤵
  PID:5880
- C:\Windows\System\ilHTQxC.exe
  C:\Windows\System\ilHTQxC.exe
  2⤵
  PID:5920
- C:\Windows\System\wGqmPRz.exe
  C:\Windows\System\wGqmPRz.exe
  2⤵
  PID:5984
- C:\Windows\System\vVvesoK.exe
  C:\Windows\System\vVvesoK.exe
  2⤵
  PID:6004
- C:\Windows\System\jEoznRX.exe
  C:\Windows\System\jEoznRX.exe
  2⤵
  PID:4864
- C:\Windows\System\KykcWau.exe
  C:\Windows\System\KykcWau.exe
  2⤵
  PID:5440
- C:\Windows\System\XcrzRvM.exe
  C:\Windows\System\XcrzRvM.exe
  2⤵
  PID:5416
- C:\Windows\System\NOjcZjP.exe
  C:\Windows\System\NOjcZjP.exe
  2⤵
  PID:5528
- C:\Windows\System\OFSyyhS.exe
  C:\Windows\System\OFSyyhS.exe
  2⤵
  PID:5660
- C:\Windows\System\LhIQyHc.exe
  C:\Windows\System\LhIQyHc.exe
  2⤵
  PID:5316
- C:\Windows\System\RctEohJ.exe
  C:\Windows\System\RctEohJ.exe
  2⤵
  PID:5300
- C:\Windows\System\ypfaKmY.exe
  C:\Windows\System\ypfaKmY.exe
  2⤵
  PID:5472
- C:\Windows\System\SJjdwQI.exe
  C:\Windows\System\SJjdwQI.exe
  2⤵
  PID:6096
- C:\Windows\System\MwoxePu.exe
  C:\Windows\System\MwoxePu.exe
  2⤵
  PID:5256
- C:\Windows\System\EoVirzJ.exe
  C:\Windows\System\EoVirzJ.exe
  2⤵
  PID:4588
- C:\Windows\System\nMXjnvg.exe
  C:\Windows\System\nMXjnvg.exe
  2⤵
  PID:4960
- C:\Windows\System\qkekWqq.exe
  C:\Windows\System\qkekWqq.exe
  2⤵
  PID:5976
- C:\Windows\System\daGTtQN.exe
  C:\Windows\System\daGTtQN.exe
  2⤵
  PID:5904
- C:\Windows\System\RnALrHm.exe
  C:\Windows\System\RnALrHm.exe
  2⤵
  PID:4340
- C:\Windows\System\ZcZyalP.exe
  C:\Windows\System\ZcZyalP.exe
  2⤵
  PID:6152
- C:\Windows\System\tBmohMz.exe
  C:\Windows\System\tBmohMz.exe
  2⤵
  PID:6232
- C:\Windows\System\Irtdcvx.exe
  C:\Windows\System\Irtdcvx.exe
  2⤵
  PID:6248
- C:\Windows\System\MILPeRi.exe
  C:\Windows\System\MILPeRi.exe
  2⤵
  PID:6264
- C:\Windows\System\SqUuFjb.exe
  C:\Windows\System\SqUuFjb.exe
  2⤵
  PID:6280
- C:\Windows\System\sDmeePQ.exe
  C:\Windows\System\sDmeePQ.exe
  2⤵
  PID:6296
- C:\Windows\System\XYtAMyL.exe
  C:\Windows\System\XYtAMyL.exe
  2⤵
  PID:6312
- C:\Windows\System\NRcahFm.exe
  C:\Windows\System\NRcahFm.exe
  2⤵
  PID:6328
- C:\Windows\System\ljjZbtN.exe
  C:\Windows\System\ljjZbtN.exe
  2⤵
  PID:6344
- C:\Windows\System\PIIwfoB.exe
  C:\Windows\System\PIIwfoB.exe
  2⤵
  PID:6360
- C:\Windows\System\lVEXGRJ.exe
  C:\Windows\System\lVEXGRJ.exe
  2⤵
  PID:6376
- C:\Windows\System\jhVnihQ.exe
  C:\Windows\System\jhVnihQ.exe
  2⤵
  PID:6392
- C:\Windows\System\iRyqAUs.exe
  C:\Windows\System\iRyqAUs.exe
  2⤵
  PID:6408
- C:\Windows\System\AnADgxx.exe
  C:\Windows\System\AnADgxx.exe
  2⤵
  PID:6424
- C:\Windows\System\enLBKhn.exe
  C:\Windows\System\enLBKhn.exe
  2⤵
  PID:6444
- C:\Windows\System\wPhjuLW.exe
  C:\Windows\System\wPhjuLW.exe
  2⤵
  PID:6468
- C:\Windows\System\QCsqLgI.exe
  C:\Windows\System\QCsqLgI.exe
  2⤵
  PID:6528
- C:\Windows\System\UwVwgFp.exe
  C:\Windows\System\UwVwgFp.exe
  2⤵
  PID:6552
- C:\Windows\System\flIdvZJ.exe
  C:\Windows\System\flIdvZJ.exe
  2⤵
  PID:6572
- C:\Windows\System\mshzSzV.exe
  C:\Windows\System\mshzSzV.exe
  2⤵
  PID:6588
- C:\Windows\System\TNeEYRk.exe
  C:\Windows\System\TNeEYRk.exe
  2⤵
  PID:6604
- C:\Windows\System\JPjnNtb.exe
  C:\Windows\System\JPjnNtb.exe
  2⤵
  PID:6620
- C:\Windows\System\mLDhcIH.exe
  C:\Windows\System\mLDhcIH.exe
  2⤵
  PID:6636
- C:\Windows\System\btxelRp.exe
  C:\Windows\System\btxelRp.exe
  2⤵
  PID:6652
- C:\Windows\System\BMMRCrK.exe
  C:\Windows\System\BMMRCrK.exe
  2⤵
  PID:6668
- C:\Windows\System\QFHVdML.exe
  C:\Windows\System\QFHVdML.exe
  2⤵
  PID:6684
- C:\Windows\System\QgYmpWK.exe
  C:\Windows\System\QgYmpWK.exe
  2⤵
  PID:6700
- C:\Windows\System\RMXvsgY.exe
  C:\Windows\System\RMXvsgY.exe
  2⤵
  PID:6716
- C:\Windows\System\VbLTrhX.exe
  C:\Windows\System\VbLTrhX.exe
  2⤵
  PID:6732
- C:\Windows\System\KWzyCtH.exe
  C:\Windows\System\KWzyCtH.exe
  2⤵
  PID:6748
- C:\Windows\System\JiaAxWf.exe
  C:\Windows\System\JiaAxWf.exe
  2⤵
  PID:6764
- C:\Windows\System\wUBJomv.exe
  C:\Windows\System\wUBJomv.exe
  2⤵
  PID:6792
- C:\Windows\System\ZjAvHvX.exe
  C:\Windows\System\ZjAvHvX.exe
  2⤵
  PID:6816
- C:\Windows\System\EofugNl.exe
  C:\Windows\System\EofugNl.exe
  2⤵
  PID:6864
- C:\Windows\System\EQtfZRi.exe
  C:\Windows\System\EQtfZRi.exe
  2⤵
  PID:6888
- C:\Windows\System\fBicKtI.exe
  C:\Windows\System\fBicKtI.exe
  2⤵
  PID:6904
- C:\Windows\System\tdyXcKf.exe
  C:\Windows\System\tdyXcKf.exe
  2⤵
  PID:6924
- C:\Windows\System\OvFdGTU.exe
  C:\Windows\System\OvFdGTU.exe
  2⤵
  PID:6948
- C:\Windows\System\wcfCCOd.exe
  C:\Windows\System\wcfCCOd.exe
  2⤵
  PID:6964
- C:\Windows\System\dmRJCgs.exe
  C:\Windows\System\dmRJCgs.exe
  2⤵
  PID:6980
- C:\Windows\System\dInJCJm.exe
  C:\Windows\System\dInJCJm.exe
  2⤵
  PID:6996
- C:\Windows\System\pilQinh.exe
  C:\Windows\System\pilQinh.exe
  2⤵
  PID:7012
- C:\Windows\System\ktBITdO.exe
  C:\Windows\System\ktBITdO.exe
  2⤵
  PID:7028
- C:\Windows\System\FdBSSwV.exe
  C:\Windows\System\FdBSSwV.exe
  2⤵
  PID:7044
- C:\Windows\System\lEbRYkZ.exe
  C:\Windows\System\lEbRYkZ.exe
  2⤵
  PID:7060
- C:\Windows\System\rxjFNZI.exe
  C:\Windows\System\rxjFNZI.exe
  2⤵
  PID:7100
- C:\Windows\System\CIXLFPG.exe
  C:\Windows\System\CIXLFPG.exe
  2⤵
  PID:7132
- C:\Windows\System\wCFPeCD.exe
  C:\Windows\System\wCFPeCD.exe
  2⤵
  PID:7148
- C:\Windows\System\XaIwoJU.exe
  C:\Windows\System\XaIwoJU.exe
  2⤵
  PID:7164
- C:\Windows\System\NRMygYV.exe
  C:\Windows\System\NRMygYV.exe
  2⤵
  PID:5680
- C:\Windows\System\VvvdOyt.exe
  C:\Windows\System\VvvdOyt.exe
  2⤵
  PID:6116
- C:\Windows\System\fZyearG.exe
  C:\Windows\System\fZyearG.exe
  2⤵
  PID:5936
- C:\Windows\System\ujxFWkR.exe
  C:\Windows\System\ujxFWkR.exe
  2⤵
  PID:5444
- C:\Windows\System\xIzfbzd.exe
  C:\Windows\System\xIzfbzd.exe
  2⤵
  PID:6024
- C:\Windows\System\OtxQnAV.exe
  C:\Windows\System\OtxQnAV.exe
  2⤵
  PID:5848
- C:\Windows\System\EsMPlvs.exe
  C:\Windows\System\EsMPlvs.exe
  2⤵
  PID:6164
- C:\Windows\System\oyvHzYe.exe
  C:\Windows\System\oyvHzYe.exe
  2⤵
  PID:6180
- C:\Windows\System\CIwMeGk.exe
  C:\Windows\System\CIwMeGk.exe
  2⤵
  PID:6200
- C:\Windows\System\rZbgMIu.exe
  C:\Windows\System\rZbgMIu.exe
  2⤵
  PID:5212
- C:\Windows\System\aqdyQRk.exe
  C:\Windows\System\aqdyQRk.exe
  2⤵
  PID:6320
- C:\Windows\System\YiwASpk.exe
  C:\Windows\System\YiwASpk.exe
  2⤵
  PID:6384
- C:\Windows\System\GKJiHtv.exe
  C:\Windows\System\GKJiHtv.exe
  2⤵
  PID:6452
- C:\Windows\System\zihzbdU.exe
  C:\Windows\System\zihzbdU.exe
  2⤵
  PID:6400
- C:\Windows\System\rGiPtFZ.exe
  C:\Windows\System\rGiPtFZ.exe
  2⤵
  PID:6272
- C:\Windows\System\GTkeQdI.exe
  C:\Windows\System\GTkeQdI.exe
  2⤵
  PID:6304
- C:\Windows\System\fmkzTOU.exe
  C:\Windows\System\fmkzTOU.exe
  2⤵
  PID:6404
- C:\Windows\System\btnCjaE.exe
  C:\Windows\System\btnCjaE.exe
  2⤵
  PID:6488
- C:\Windows\System\zTrhKGN.exe
  C:\Windows\System\zTrhKGN.exe
  2⤵
  PID:6504
- C:\Windows\System\AfKQADg.exe
  C:\Windows\System\AfKQADg.exe
  2⤵
  PID:6544
- C:\Windows\System\vwwhrme.exe
  C:\Windows\System\vwwhrme.exe
  2⤵
  PID:6564
- C:\Windows\System\MyaesDw.exe
  C:\Windows\System\MyaesDw.exe
  2⤵
  PID:6708
- C:\Windows\System\SkjJUOi.exe
  C:\Windows\System\SkjJUOi.exe
  2⤵
  PID:6772
- C:\Windows\System\TJsycLU.exe
  C:\Windows\System\TJsycLU.exe
  2⤵
  PID:6596
- C:\Windows\System\mlerkSO.exe
  C:\Windows\System\mlerkSO.exe
  2⤵
  PID:6832
- C:\Windows\System\gfwfROi.exe
  C:\Windows\System\gfwfROi.exe
  2⤵
  PID:6628
- C:\Windows\System\VanLkBZ.exe
  C:\Windows\System\VanLkBZ.exe
  2⤵
  PID:6692
- C:\Windows\System\naNTYRW.exe
  C:\Windows\System\naNTYRW.exe
  2⤵
  PID:6756
- C:\Windows\System\wKRqpAY.exe
  C:\Windows\System\wKRqpAY.exe
  2⤵
  PID:6896
- C:\Windows\System\DleoMDK.exe
  C:\Windows\System\DleoMDK.exe
  2⤵
  PID:6872
- C:\Windows\System\tmwoMlq.exe
  C:\Windows\System\tmwoMlq.exe
  2⤵
  PID:6960
- C:\Windows\System\AEfuYnd.exe
  C:\Windows\System\AEfuYnd.exe
  2⤵
  PID:7024
- C:\Windows\System\ozWdVbZ.exe
  C:\Windows\System\ozWdVbZ.exe
  2⤵
  PID:7056
- C:\Windows\System\uIFYvwz.exe
  C:\Windows\System\uIFYvwz.exe
  2⤵
  PID:7036
- C:\Windows\System\SczCFXX.exe
  C:\Windows\System\SczCFXX.exe
  2⤵
  PID:7084
- C:\Windows\System\oCMAnix.exe
  C:\Windows\System\oCMAnix.exe
  2⤵
  PID:7108
- C:\Windows\System\HsGOSzp.exe
  C:\Windows\System\HsGOSzp.exe
  2⤵
  PID:7112
- C:\Windows\System\zkOHQqm.exe
  C:\Windows\System\zkOHQqm.exe
  2⤵
  PID:4964
- C:\Windows\System\BuiXaiD.exe
  C:\Windows\System\BuiXaiD.exe
  2⤵
  PID:1356
- C:\Windows\System\BpUadeY.exe
  C:\Windows\System\BpUadeY.exe
  2⤵
  PID:6188
- C:\Windows\System\NrPgomr.exe
  C:\Windows\System\NrPgomr.exe
  2⤵
  PID:6196
- C:\Windows\System\pOPiGQa.exe
  C:\Windows\System\pOPiGQa.exe
  2⤵
  PID:6060
- C:\Windows\System\xPUkpgB.exe
  C:\Windows\System\xPUkpgB.exe
  2⤵
  PID:6220
- C:\Windows\System\whVOyZo.exe
  C:\Windows\System\whVOyZo.exe
  2⤵
  PID:6460
- C:\Windows\System\DoqoYJZ.exe
  C:\Windows\System\DoqoYJZ.exe
  2⤵
  PID:6416
- C:\Windows\System\rYPwkkt.exe
  C:\Windows\System\rYPwkkt.exe
  2⤵
  PID:6496
- C:\Windows\System\TDHJUen.exe
  C:\Windows\System\TDHJUen.exe
  2⤵
  PID:6500
- C:\Windows\System\NIoGsTq.exe
  C:\Windows\System\NIoGsTq.exe
  2⤵
  PID:6568
- C:\Windows\System\MKyCxAE.exe
  C:\Windows\System\MKyCxAE.exe
  2⤵
  PID:6744
- C:\Windows\System\xPWvRaU.exe
  C:\Windows\System\xPWvRaU.exe
  2⤵
  PID:6512
- C:\Windows\System\qEAxMJI.exe
  C:\Windows\System\qEAxMJI.exe
  2⤵
  PID:6600
- C:\Windows\System\oaCgNRf.exe
  C:\Windows\System\oaCgNRf.exe
  2⤵
  PID:6784
- C:\Windows\System\tVJegpM.exe
  C:\Windows\System\tVJegpM.exe
  2⤵
  PID:6676
- C:\Windows\System\fjtClBA.exe
  C:\Windows\System\fjtClBA.exe
  2⤵
  PID:6844
- C:\Windows\System\GMyryvq.exe
  C:\Windows\System\GMyryvq.exe
  2⤵
  PID:6852
- C:\Windows\System\oyksGrO.exe
  C:\Windows\System\oyksGrO.exe
  2⤵
  PID:6860
- C:\Windows\System\pOOHtau.exe
  C:\Windows\System\pOOHtau.exe
  2⤵
  PID:6916
- C:\Windows\System\hAlgwvc.exe
  C:\Windows\System\hAlgwvc.exe
  2⤵
  PID:6940
- C:\Windows\System\JEnIYiQ.exe
  C:\Windows\System\JEnIYiQ.exe
  2⤵
  PID:7076
- C:\Windows\System\grCkjCg.exe
  C:\Windows\System\grCkjCg.exe
  2⤵
  PID:7120
- C:\Windows\System\lsPEDds.exe
  C:\Windows\System\lsPEDds.exe
  2⤵
  PID:7092
- C:\Windows\System\LmdpARl.exe
  C:\Windows\System\LmdpARl.exe
  2⤵
  PID:5828
- C:\Windows\System\DlVITRY.exe
  C:\Windows\System\DlVITRY.exe
  2⤵
  PID:7156
- C:\Windows\System\mKIQBvU.exe
  C:\Windows\System\mKIQBvU.exe
  2⤵
  PID:3020
- C:\Windows\System\oVeIAIY.exe
  C:\Windows\System\oVeIAIY.exe
  2⤵
  PID:5888
- C:\Windows\System\YRpuPQh.exe
  C:\Windows\System\YRpuPQh.exe
  2⤵
  PID:5180
- C:\Windows\System\PQfAirs.exe
  C:\Windows\System\PQfAirs.exe
  2⤵
  PID:2572
- C:\Windows\System\UaCgSoi.exe
  C:\Windows\System\UaCgSoi.exe
  2⤵
  PID:568
- C:\Windows\System\qHswMwZ.exe
  C:\Windows\System\qHswMwZ.exe
  2⤵
  PID:1500
- C:\Windows\System\xAAsfQF.exe
  C:\Windows\System\xAAsfQF.exe
  2⤵
  PID:6336
- C:\Windows\System\dYzbGTJ.exe
  C:\Windows\System\dYzbGTJ.exe
  2⤵
  PID:6548
- C:\Windows\System\CinQVEd.exe
  C:\Windows\System\CinQVEd.exe
  2⤵
  PID:1588
- C:\Windows\System\DFfHPkc.exe
  C:\Windows\System\DFfHPkc.exe
  2⤵
  PID:6352
- C:\Windows\System\WKaoPTH.exe
  C:\Windows\System\WKaoPTH.exe
  2⤵
  PID:6848
- C:\Windows\System\IOTtpLL.exe
  C:\Windows\System\IOTtpLL.exe
  2⤵
  PID:7080
- C:\Windows\System\GmnIMwg.exe
  C:\Windows\System\GmnIMwg.exe
  2⤵
  PID:7172
- C:\Windows\System\VhsdfKG.exe
  C:\Windows\System\VhsdfKG.exe
  2⤵
  PID:7188
- C:\Windows\System\BYdSYzu.exe
  C:\Windows\System\BYdSYzu.exe
  2⤵
  PID:7216
- C:\Windows\System\LAgIbZu.exe
  C:\Windows\System\LAgIbZu.exe
  2⤵
  PID:7236
- C:\Windows\System\xWOslYO.exe
  C:\Windows\System\xWOslYO.exe
  2⤵
  PID:7256
- C:\Windows\System\VxTwUkp.exe
  C:\Windows\System\VxTwUkp.exe
  2⤵
  PID:7272
- C:\Windows\System\wCxsbOp.exe
  C:\Windows\System\wCxsbOp.exe
  2⤵
  PID:7296
- C:\Windows\System\KoAlazA.exe
  C:\Windows\System\KoAlazA.exe
  2⤵
  PID:7312
- C:\Windows\System\fPkoaSn.exe
  C:\Windows\System\fPkoaSn.exe
  2⤵
  PID:7328
- C:\Windows\System\lVPoGbY.exe
  C:\Windows\System\lVPoGbY.exe
  2⤵
  PID:7344
- C:\Windows\System\huIwCYo.exe
  C:\Windows\System\huIwCYo.exe
  2⤵
  PID:7360
- C:\Windows\System\yQNiFIQ.exe
  C:\Windows\System\yQNiFIQ.exe
  2⤵
  PID:7376
- C:\Windows\System\IvgtCSh.exe
  C:\Windows\System\IvgtCSh.exe
  2⤵
  PID:7392
- C:\Windows\System\yRRgtRG.exe
  C:\Windows\System\yRRgtRG.exe
  2⤵
  PID:7408
- C:\Windows\System\KaQcUYt.exe
  C:\Windows\System\KaQcUYt.exe
  2⤵
  PID:7424
- C:\Windows\System\fmdxOJy.exe
  C:\Windows\System\fmdxOJy.exe
  2⤵
  PID:7440
- C:\Windows\System\FWNfSJw.exe
  C:\Windows\System\FWNfSJw.exe
  2⤵
  PID:7456
- C:\Windows\System\HOwCmYo.exe
  C:\Windows\System\HOwCmYo.exe
  2⤵
  PID:7472
- C:\Windows\System\oaHSVWB.exe
  C:\Windows\System\oaHSVWB.exe
  2⤵
  PID:7488
- C:\Windows\System\lOfPuVR.exe
  C:\Windows\System\lOfPuVR.exe
  2⤵
  PID:7504
- C:\Windows\System\ebVkdcX.exe
  C:\Windows\System\ebVkdcX.exe
  2⤵
  PID:7520
- C:\Windows\System\VkZQIBV.exe
  C:\Windows\System\VkZQIBV.exe
  2⤵
  PID:7536
- C:\Windows\System\zIVkkli.exe
  C:\Windows\System\zIVkkli.exe
  2⤵
  PID:7556
- C:\Windows\System\OWyDiDt.exe
  C:\Windows\System\OWyDiDt.exe
  2⤵
  PID:7572
- C:\Windows\System\qMzXUzy.exe
  C:\Windows\System\qMzXUzy.exe
  2⤵
  PID:7664
- C:\Windows\System\ERtCXSI.exe
  C:\Windows\System\ERtCXSI.exe
  2⤵
  PID:7680
- C:\Windows\System\wIxxotw.exe
  C:\Windows\System\wIxxotw.exe
  2⤵
  PID:7696
- C:\Windows\System\aMGGbKL.exe
  C:\Windows\System\aMGGbKL.exe
  2⤵
  PID:7744
- C:\Windows\System\POLBRGo.exe
  C:\Windows\System\POLBRGo.exe
  2⤵
  PID:7760
- C:\Windows\System\SnQzeAG.exe
  C:\Windows\System\SnQzeAG.exe
  2⤵
  PID:7776
- C:\Windows\System\RTVeYEN.exe
  C:\Windows\System\RTVeYEN.exe
  2⤵
  PID:7792
- C:\Windows\System\aQaVhkC.exe
  C:\Windows\System\aQaVhkC.exe
  2⤵
  PID:7840
- C:\Windows\System\QOEwExa.exe
  C:\Windows\System\QOEwExa.exe
  2⤵
  PID:7856
- C:\Windows\System\gbFwYnR.exe
  C:\Windows\System\gbFwYnR.exe
  2⤵
  PID:7872
- C:\Windows\System\JquKLxL.exe
  C:\Windows\System\JquKLxL.exe
  2⤵
  PID:7888
- C:\Windows\System\FRRnVPR.exe
  C:\Windows\System\FRRnVPR.exe
  2⤵
  PID:7904
- C:\Windows\System\gZVDfBj.exe
  C:\Windows\System\gZVDfBj.exe
  2⤵
  PID:7920
- C:\Windows\System\xzWllgq.exe
  C:\Windows\System\xzWllgq.exe
  2⤵
  PID:7936
- C:\Windows\System\SymnxmE.exe
  C:\Windows\System\SymnxmE.exe
  2⤵
  PID:7992
- C:\Windows\System\OUgpdGG.exe
  C:\Windows\System\OUgpdGG.exe
  2⤵
  PID:8008
- C:\Windows\System\jlIMHVC.exe
  C:\Windows\System\jlIMHVC.exe
  2⤵
  PID:8024
- C:\Windows\System\OVGIjtG.exe
  C:\Windows\System\OVGIjtG.exe
  2⤵
  PID:8040
- C:\Windows\System\fEMJnMK.exe
  C:\Windows\System\fEMJnMK.exe
  2⤵
  PID:8060
- C:\Windows\System\RKyGfBS.exe
  C:\Windows\System\RKyGfBS.exe
  2⤵
  PID:8080
- C:\Windows\System\CYMbGbs.exe
  C:\Windows\System\CYMbGbs.exe
  2⤵
  PID:8100
- C:\Windows\System\VlIIrpr.exe
  C:\Windows\System\VlIIrpr.exe
  2⤵
  PID:8116
- C:\Windows\System\IaxWhDQ.exe
  C:\Windows\System\IaxWhDQ.exe
  2⤵
  PID:8136
- C:\Windows\System\mwTQpUH.exe
  C:\Windows\System\mwTQpUH.exe
  2⤵
  PID:8152
- C:\Windows\System\IPXNxVc.exe
  C:\Windows\System\IPXNxVc.exe
  2⤵
  PID:8168
- C:\Windows\System\VDKpnuJ.exe
  C:\Windows\System\VDKpnuJ.exe
  2⤵
  PID:8188
- C:\Windows\System\BihaKQg.exe
  C:\Windows\System\BihaKQg.exe
  2⤵
  PID:6800
- C:\Windows\System\ctsTvlT.exe
  C:\Windows\System\ctsTvlT.exe
  2⤵
  PID:5540
- C:\Windows\System\vfkMTTW.exe
  C:\Windows\System\vfkMTTW.exe
  2⤵
  PID:6936
- C:\Windows\System\PvuJawi.exe
  C:\Windows\System\PvuJawi.exe
  2⤵
  PID:6064
- C:\Windows\System\pyztIor.exe
  C:\Windows\System\pyztIor.exe
  2⤵
  PID:1928
- C:\Windows\System\MhJpBnC.exe
  C:\Windows\System\MhJpBnC.exe
  2⤵
  PID:7208
- C:\Windows\System\GEEXNJO.exe
  C:\Windows\System\GEEXNJO.exe
  2⤵
  PID:7288
- C:\Windows\System\CuQTpqz.exe
  C:\Windows\System\CuQTpqz.exe
  2⤵
  PID:6208
- C:\Windows\System\BUJuuVp.exe
  C:\Windows\System\BUJuuVp.exe
  2⤵
  PID:6292
- C:\Windows\System\NfJIbhI.exe
  C:\Windows\System\NfJIbhI.exe
  2⤵
  PID:7224
- C:\Windows\System\FoyXDWi.exe
  C:\Windows\System\FoyXDWi.exe
  2⤵
  PID:6920
- C:\Windows\System\BQPiuqz.exe
  C:\Windows\System\BQPiuqz.exe
  2⤵
  PID:7232
- C:\Windows\System\zrpAbMm.exe
  C:\Windows\System\zrpAbMm.exe
  2⤵
  PID:7340
- C:\Windows\System\DAubUKS.exe
  C:\Windows\System\DAubUKS.exe
  2⤵
  PID:7528
- C:\Windows\System\McQQJqD.exe
  C:\Windows\System\McQQJqD.exe
  2⤵
  PID:6856
- C:\Windows\System\rjvhZhe.exe
  C:\Windows\System\rjvhZhe.exe
  2⤵
  PID:7324
- C:\Windows\System\AUzIAMI.exe
  C:\Windows\System\AUzIAMI.exe
  2⤵
  PID:7420
- C:\Windows\System\SrCyafo.exe
  C:\Windows\System\SrCyafo.exe
  2⤵
  PID:7512
- C:\Windows\System\PdUOYdO.exe
  C:\Windows\System\PdUOYdO.exe
  2⤵
  PID:7580
- C:\Windows\System\ZbUtnOJ.exe
  C:\Windows\System\ZbUtnOJ.exe
  2⤵
  PID:7600
- C:\Windows\System\zsjcYdA.exe
  C:\Windows\System\zsjcYdA.exe
  2⤵
  PID:7624
- C:\Windows\System\CgupAYK.exe
  C:\Windows\System\CgupAYK.exe
  2⤵
  PID:7648
- C:\Windows\System\SthDyuv.exe
  C:\Windows\System\SthDyuv.exe
  2⤵
  PID:7672
- C:\Windows\System\iWRJsCp.exe
  C:\Windows\System\iWRJsCp.exe
  2⤵
  PID:7716
- C:\Windows\System\PEAYIAM.exe
  C:\Windows\System\PEAYIAM.exe
  2⤵
  PID:7732
- C:\Windows\System\QMTLlpr.exe
  C:\Windows\System\QMTLlpr.exe
  2⤵
  PID:7772
- C:\Windows\System\bRgBFHb.exe
  C:\Windows\System\bRgBFHb.exe
  2⤵
  PID:7824
- C:\Windows\System\rWSFjAn.exe
  C:\Windows\System\rWSFjAn.exe
  2⤵
  PID:7836
- C:\Windows\System\TUnykBm.exe
  C:\Windows\System\TUnykBm.exe
  2⤵
  PID:7196
- C:\Windows\System\TsmXpxD.exe
  C:\Windows\System\TsmXpxD.exe
  2⤵
  PID:7688
- C:\Windows\System\fLHyENB.exe
  C:\Windows\System\fLHyENB.exe
  2⤵
  PID:7788
- C:\Windows\System\RJQoHHu.exe
  C:\Windows\System\RJQoHHu.exe
  2⤵
  PID:7852
- C:\Windows\System\yVNXYYI.exe
  C:\Windows\System\yVNXYYI.exe
  2⤵
  PID:7944
- C:\Windows\System\UeWWunN.exe
  C:\Windows\System\UeWWunN.exe
  2⤵
  PID:7848
- C:\Windows\System\aSvLqEg.exe
  C:\Windows\System\aSvLqEg.exe
  2⤵
  PID:7896
- C:\Windows\System\GDpLSKt.exe
  C:\Windows\System\GDpLSKt.exe
  2⤵
  PID:7968
- C:\Windows\System\QwIeGxD.exe
  C:\Windows\System\QwIeGxD.exe
  2⤵
  PID:8000
- C:\Windows\System\TWXYKLu.exe
  C:\Windows\System\TWXYKLu.exe
  2⤵
  PID:8072
- C:\Windows\System\JhctYnK.exe
  C:\Windows\System\JhctYnK.exe
  2⤵
  PID:8144
- C:\Windows\System\rCLnFEJ.exe
  C:\Windows\System\rCLnFEJ.exe
  2⤵
  PID:8180
- C:\Windows\System\PyPdNEG.exe
  C:\Windows\System\PyPdNEG.exe
  2⤵
  PID:8096
- C:\Windows\System\VWOqSLY.exe
  C:\Windows\System\VWOqSLY.exe
  2⤵
  PID:8020
- C:\Windows\System\gjKQWFC.exe
  C:\Windows\System\gjKQWFC.exe
  2⤵
  PID:8132
- C:\Windows\System\gVTQuSB.exe
  C:\Windows\System\gVTQuSB.exe
  2⤵
  PID:6612
- C:\Windows\System\nkonaiM.exe
  C:\Windows\System\nkonaiM.exe
  2⤵
  PID:6664
- C:\Windows\System\vjSNjUL.exe
  C:\Windows\System\vjSNjUL.exe
  2⤵
  PID:8160
- C:\Windows\System\QWhUEWT.exe
  C:\Windows\System\QWhUEWT.exe
  2⤵
  PID:7004
- C:\Windows\System\rBrMPfW.exe
  C:\Windows\System\rBrMPfW.exe
  2⤵
  PID:7264
- C:\Windows\System\MlfYUvB.exe
  C:\Windows\System\MlfYUvB.exe
  2⤵
  PID:6224
- C:\Windows\System\JsbGqGY.exe
  C:\Windows\System\JsbGqGY.exe
  2⤵
  PID:6912
- C:\Windows\System\RdIcCVG.exe
  C:\Windows\System\RdIcCVG.exe
  2⤵
  PID:7284
- C:\Windows\System\rpfskos.exe
  C:\Windows\System\rpfskos.exe
  2⤵
  PID:7500
- C:\Windows\System\xOptukR.exe
  C:\Windows\System\xOptukR.exe
  2⤵
  PID:7356
- C:\Windows\System\yTStQnA.exe
  C:\Windows\System\yTStQnA.exe
  2⤵
  PID:7416
- C:\Windows\System\yajDNxB.exe
  C:\Windows\System\yajDNxB.exe
  2⤵
  PID:7632
- C:\Windows\System\GEeYmjh.exe
  C:\Windows\System\GEeYmjh.exe
  2⤵
  PID:7644
- C:\Windows\System\HnRPQqT.exe
  C:\Windows\System\HnRPQqT.exe
  2⤵
  PID:7708
- C:\Windows\System\fHmmQhc.exe
  C:\Windows\System\fHmmQhc.exe
  2⤵
  PID:7740
- C:\Windows\System\LiwgnKz.exe
  C:\Windows\System\LiwgnKz.exe
  2⤵
  PID:7928
- C:\Windows\System\Shjwngf.exe
  C:\Windows\System\Shjwngf.exe
  2⤵
  PID:960
- C:\Windows\System\iEgBQUp.exe
  C:\Windows\System\iEgBQUp.exe
  2⤵
  PID:8036
- C:\Windows\System\QXAvwWB.exe
  C:\Windows\System\QXAvwWB.exe
  2⤵
  PID:8128
- C:\Windows\System\dOmGavn.exe
  C:\Windows\System\dOmGavn.exe
  2⤵
  PID:6944
- C:\Windows\System\LTVHLeg.exe
  C:\Windows\System\LTVHLeg.exe
  2⤵
  PID:7804
- C:\Windows\System\DzWTbHu.exe
  C:\Windows\System\DzWTbHu.exe
  2⤵
  PID:6712
- C:\Windows\System\sAGLJwc.exe
  C:\Windows\System\sAGLJwc.exe
  2⤵
  PID:2356
- C:\Windows\System\TQUCZat.exe
  C:\Windows\System\TQUCZat.exe
  2⤵
  PID:1632
- C:\Windows\System\XjrFYYM.exe
  C:\Windows\System\XjrFYYM.exe
  2⤵
  PID:7868
- C:\Windows\System\AEYSeLP.exe
  C:\Windows\System\AEYSeLP.exe
  2⤵
  PID:7452
- C:\Windows\System\FkZtivv.exe
  C:\Windows\System\FkZtivv.exe
  2⤵
  PID:6724
- C:\Windows\System\FPfdOeG.exe
  C:\Windows\System\FPfdOeG.exe
  2⤵
  PID:7244
- C:\Windows\System\BpYXwHr.exe
  C:\Windows\System\BpYXwHr.exe
  2⤵
  PID:7388
- C:\Windows\System\hHnsTiF.exe
  C:\Windows\System\hHnsTiF.exe
  2⤵
  PID:7612
- C:\Windows\System\LXOvmCE.exe
  C:\Windows\System\LXOvmCE.exe
  2⤵
  PID:8056
- C:\Windows\System\QxpvSSp.exe
  C:\Windows\System\QxpvSSp.exe
  2⤵
  PID:7280
- C:\Windows\System\fxdDYoi.exe
  C:\Windows\System\fxdDYoi.exe
  2⤵
  PID:7596
- C:\Windows\System\bNzakzb.exe
  C:\Windows\System\bNzakzb.exe
  2⤵
  PID:7728
- C:\Windows\System\vwWFOYt.exe
  C:\Windows\System\vwWFOYt.exe
  2⤵
  PID:7248
- C:\Windows\System\aQWWoJS.exe
  C:\Windows\System\aQWWoJS.exe
  2⤵
  PID:8032
- C:\Windows\System\rVRazGk.exe
  C:\Windows\System\rVRazGk.exe
  2⤵
  PID:6976
- C:\Windows\System\zHDSiut.exe
  C:\Windows\System\zHDSiut.exe
  2⤵
  PID:5484
- C:\Windows\System\MZgJeoJ.exe
  C:\Windows\System\MZgJeoJ.exe
  2⤵
  PID:7916
- C:\Windows\System\vPKWvoY.exe
  C:\Windows\System\vPKWvoY.exe
  2⤵
  PID:7400
- C:\Windows\System\JqzdFII.exe
  C:\Windows\System\JqzdFII.exe
  2⤵
  PID:6176
- C:\Windows\System\aCsgJek.exe
  C:\Windows\System\aCsgJek.exe
  2⤵
  PID:4312
- C:\Windows\System\yWmApJw.exe
  C:\Windows\System\yWmApJw.exe
  2⤵
  PID:7564
- C:\Windows\System\jiXiRWm.exe
  C:\Windows\System\jiXiRWm.exe
  2⤵
  PID:7464
- C:\Windows\System\CrbTMvz.exe
  C:\Windows\System\CrbTMvz.exe
  2⤵
  PID:6540
- C:\Windows\System\KMOoPdw.exe
  C:\Windows\System\KMOoPdw.exe
  2⤵
  PID:7832
- C:\Windows\System\OYNCTUD.exe
  C:\Windows\System\OYNCTUD.exe
  2⤵
  PID:8176
- C:\Windows\System\CQQLIXv.exe
  C:\Windows\System\CQQLIXv.exe
  2⤵
  PID:7964
- C:\Windows\System\UCsVJMf.exe
  C:\Windows\System\UCsVJMf.exe
  2⤵
  PID:7784
- C:\Windows\System\qLKFUEw.exe
  C:\Windows\System\qLKFUEw.exe
  2⤵
  PID:6956
- C:\Windows\System\fbAcwaH.exe
  C:\Windows\System\fbAcwaH.exe
  2⤵
  PID:8052
- C:\Windows\System\mLaAcua.exe
  C:\Windows\System\mLaAcua.exe
  2⤵
  PID:1520
- C:\Windows\System\RofqSbJ.exe
  C:\Windows\System\RofqSbJ.exe
  2⤵
  PID:6740
- C:\Windows\System\NdhjCXi.exe
  C:\Windows\System\NdhjCXi.exe
  2⤵
  PID:8148
- C:\Windows\System\NBYntvu.exe
  C:\Windows\System\NBYntvu.exe
  2⤵
  PID:7184
- C:\Windows\System\pZAfRFK.exe
  C:\Windows\System\pZAfRFK.exe
  2⤵
  PID:7656
- C:\Windows\System\YcLkjkR.exe
  C:\Windows\System\YcLkjkR.exe
  2⤵
  PID:4560
- C:\Windows\System\PHPpZiC.exe
  C:\Windows\System\PHPpZiC.exe
  2⤵
  PID:8048
- C:\Windows\System\BYmrIrD.exe
  C:\Windows\System\BYmrIrD.exe
  2⤵
  PID:6492
- C:\Windows\System\UQqqvgC.exe
  C:\Windows\System\UQqqvgC.exe
  2⤵
  PID:6728
- C:\Windows\System\dsUpYzQ.exe
  C:\Windows\System\dsUpYzQ.exe
  2⤵
  PID:7960
- C:\Windows\System\xRuYyLr.exe
  C:\Windows\System\xRuYyLr.exe
  2⤵
  PID:1580
- C:\Windows\System\nkmrgWf.exe
  C:\Windows\System\nkmrgWf.exe
  2⤵
  PID:8216
- C:\Windows\System\cExAjyR.exe
  C:\Windows\System\cExAjyR.exe
  2⤵
  PID:8232
- C:\Windows\System\CBolOEI.exe
  C:\Windows\System\CBolOEI.exe
  2⤵
  PID:8248
- C:\Windows\System\MSauVfG.exe
  C:\Windows\System\MSauVfG.exe
  2⤵
  PID:8264
- C:\Windows\System\qcTHElz.exe
  C:\Windows\System\qcTHElz.exe
  2⤵
  PID:8284
- C:\Windows\System\ebsImvk.exe
  C:\Windows\System\ebsImvk.exe
  2⤵
  PID:8304
- C:\Windows\System\ZYNmsNN.exe
  C:\Windows\System\ZYNmsNN.exe
  2⤵
  PID:8336
- C:\Windows\System\geapTpW.exe
  C:\Windows\System\geapTpW.exe
  2⤵
  PID:8356
- C:\Windows\System\YLgxAIl.exe
  C:\Windows\System\YLgxAIl.exe
  2⤵
  PID:8372
- C:\Windows\System\hPMGZXj.exe
  C:\Windows\System\hPMGZXj.exe
  2⤵
  PID:8388
- C:\Windows\System\RSLdBsJ.exe
  C:\Windows\System\RSLdBsJ.exe
  2⤵
  PID:8404
- C:\Windows\System\COQgAHA.exe
  C:\Windows\System\COQgAHA.exe
  2⤵
  PID:8420
- C:\Windows\System\LshriZK.exe
  C:\Windows\System\LshriZK.exe
  2⤵
  PID:8436
- C:\Windows\System\nZgFdhI.exe
  C:\Windows\System\nZgFdhI.exe
  2⤵
  PID:8452
- C:\Windows\System\pvNAeLG.exe
  C:\Windows\System\pvNAeLG.exe
  2⤵
  PID:8468
- C:\Windows\System\AMLQLWd.exe
  C:\Windows\System\AMLQLWd.exe
  2⤵
  PID:8484
- C:\Windows\System\MRZfWrI.exe
  C:\Windows\System\MRZfWrI.exe
  2⤵
  PID:8500
- C:\Windows\System\LxQygyE.exe
  C:\Windows\System\LxQygyE.exe
  2⤵
  PID:8540
- C:\Windows\System\csZoVji.exe
  C:\Windows\System\csZoVji.exe
  2⤵
  PID:8556
- C:\Windows\System\zTbkOco.exe
  C:\Windows\System\zTbkOco.exe
  2⤵
  PID:8576
- C:\Windows\System\msDeZFg.exe
  C:\Windows\System\msDeZFg.exe
  2⤵
  PID:8592
- C:\Windows\System\afWWdaF.exe
  C:\Windows\System\afWWdaF.exe
  2⤵
  PID:8640
- C:\Windows\System\tyoKHXg.exe
  C:\Windows\System\tyoKHXg.exe
  2⤵
  PID:8660
- C:\Windows\System\yjlXCdE.exe
  C:\Windows\System\yjlXCdE.exe
  2⤵
  PID:8676
- C:\Windows\System\uoMQjFz.exe
  C:\Windows\System\uoMQjFz.exe
  2⤵
  PID:8696
- C:\Windows\System\FtjIHWO.exe
  C:\Windows\System\FtjIHWO.exe
  2⤵
  PID:8712
- C:\Windows\System\TuWULIB.exe
  C:\Windows\System\TuWULIB.exe
  2⤵
  PID:8740
- C:\Windows\System\ryZHJjE.exe
  C:\Windows\System\ryZHJjE.exe
  2⤵
  PID:8760
- C:\Windows\System\PeSUGvo.exe
  C:\Windows\System\PeSUGvo.exe
  2⤵
  PID:8780
- C:\Windows\System\tdpReHK.exe
  C:\Windows\System\tdpReHK.exe
  2⤵
  PID:8808
- C:\Windows\System\zdQTvxg.exe
  C:\Windows\System\zdQTvxg.exe
  2⤵
  PID:8824
- C:\Windows\System\jgLVDDg.exe
  C:\Windows\System\jgLVDDg.exe
  2⤵
  PID:8840
- C:\Windows\System\gHECNgS.exe
  C:\Windows\System\gHECNgS.exe
  2⤵
  PID:8860
- C:\Windows\System\dynUVwl.exe
  C:\Windows\System\dynUVwl.exe
  2⤵
  PID:8876
- C:\Windows\System\JQpXomo.exe
  C:\Windows\System\JQpXomo.exe
  2⤵
  PID:8900
- C:\Windows\System\RKxeJxJ.exe
  C:\Windows\System\RKxeJxJ.exe
  2⤵
  PID:8916
- C:\Windows\System\LzZxWav.exe
  C:\Windows\System\LzZxWav.exe
  2⤵
  PID:8936
- C:\Windows\System\SuJfqPs.exe
  C:\Windows\System\SuJfqPs.exe
  2⤵
  PID:8960
- C:\Windows\System\CUvUKJk.exe
  C:\Windows\System\CUvUKJk.exe
  2⤵
  PID:8976
- C:\Windows\System\nzYeTIC.exe
  C:\Windows\System\nzYeTIC.exe
  2⤵
  PID:8992
- C:\Windows\System\UsBWGKe.exe
  C:\Windows\System\UsBWGKe.exe
  2⤵
  PID:9012
- C:\Windows\System\aHbXXtz.exe
  C:\Windows\System\aHbXXtz.exe
  2⤵
  PID:9028
- C:\Windows\System\VcjMNGb.exe
  C:\Windows\System\VcjMNGb.exe
  2⤵
  PID:9052
- C:\Windows\System\GnpaThW.exe
  C:\Windows\System\GnpaThW.exe
  2⤵
  PID:9068
- C:\Windows\System\kKkuweC.exe
  C:\Windows\System\kKkuweC.exe
  2⤵
  PID:9084
- C:\Windows\System\fkqDqKB.exe
  C:\Windows\System\fkqDqKB.exe
  2⤵
  PID:9100
- C:\Windows\System\IEBaQav.exe
  C:\Windows\System\IEBaQav.exe
  2⤵
  PID:9116
- C:\Windows\System\tDBqKrn.exe
  C:\Windows\System\tDBqKrn.exe
  2⤵
  PID:9136
- C:\Windows\System\lsGudtt.exe
  C:\Windows\System\lsGudtt.exe
  2⤵
  PID:9156
- C:\Windows\System\iCrZHsl.exe
  C:\Windows\System\iCrZHsl.exe
  2⤵
  PID:9204
- C:\Windows\System\eYsQtTG.exe
  C:\Windows\System\eYsQtTG.exe
  2⤵
  PID:8208
- C:\Windows\System\sppKqVz.exe
  C:\Windows\System\sppKqVz.exe
  2⤵
  PID:8272
- C:\Windows\System\fpEZNeT.exe
  C:\Windows\System\fpEZNeT.exe
  2⤵
  PID:8324
- C:\Windows\System\qJLiGzu.exe
  C:\Windows\System\qJLiGzu.exe
  2⤵
  PID:8332
- C:\Windows\System\fQBKwyX.exe
  C:\Windows\System\fQBKwyX.exe
  2⤵
  PID:6840
- C:\Windows\System\oAfOrqc.exe
  C:\Windows\System\oAfOrqc.exe
  2⤵
  PID:8228
- C:\Windows\System\NhKMCxN.exe
  C:\Windows\System\NhKMCxN.exe
  2⤵
  PID:8296
- C:\Windows\System\fctoMJZ.exe
  C:\Windows\System\fctoMJZ.exe
  2⤵
  PID:8396
- C:\Windows\System\DjnZSbk.exe
  C:\Windows\System\DjnZSbk.exe
  2⤵
  PID:8460
- C:\Windows\System\wXiYMhK.exe
  C:\Windows\System\wXiYMhK.exe
  2⤵
  PID:8548
- C:\Windows\System\nVSKVDI.exe
  C:\Windows\System\nVSKVDI.exe
  2⤵
  PID:8480
- C:\Windows\System\IgSTgxq.exe
  C:\Windows\System\IgSTgxq.exe
  2⤵
  PID:8528
- C:\Windows\System\udiFzVs.exe
  C:\Windows\System\udiFzVs.exe
  2⤵
  PID:8520
- C:\Windows\System\NLTLluU.exe
  C:\Windows\System\NLTLluU.exe
  2⤵
  PID:8448
- C:\Windows\System\jiFZfoU.exe
  C:\Windows\System\jiFZfoU.exe
  2⤵
  PID:8604
- C:\Windows\System\qGfKteW.exe
  C:\Windows\System\qGfKteW.exe
  2⤵
  PID:8572
- C:\Windows\System\NTfVLjv.exe
  C:\Windows\System\NTfVLjv.exe
  2⤵
  PID:8632
- C:\Windows\System\UPPmgZJ.exe
  C:\Windows\System\UPPmgZJ.exe
  2⤵
  PID:8652
- C:\Windows\System\oEzpkhn.exe
  C:\Windows\System\oEzpkhn.exe
  2⤵
  PID:8704
- C:\Windows\System\LixDczw.exe
  C:\Windows\System\LixDczw.exe
  2⤵
  PID:8736
- C:\Windows\System\RKOVJmR.exe
  C:\Windows\System\RKOVJmR.exe
  2⤵
  PID:8788
- C:\Windows\System\oCyRtrX.exe
  C:\Windows\System\oCyRtrX.exe
  2⤵
  PID:8804
- C:\Windows\System\uONOrLw.exe
  C:\Windows\System\uONOrLw.exe
  2⤵
  PID:8852
- C:\Windows\System\bIPWJXd.exe
  C:\Windows\System\bIPWJXd.exe
  2⤵
  PID:9044
- C:\Windows\System\ktoidMa.exe
  C:\Windows\System\ktoidMa.exe
  2⤵
  PID:8912
- C:\Windows\System\GmLEGhZ.exe
  C:\Windows\System\GmLEGhZ.exe
  2⤵
  PID:8956
- C:\Windows\System\kjJFfGI.exe
  C:\Windows\System\kjJFfGI.exe
  2⤵
  PID:8872
- C:\Windows\System\EeeeExD.exe
  C:\Windows\System\EeeeExD.exe
  2⤵
  PID:9060
- C:\Windows\System\qipiyNw.exe
  C:\Windows\System\qipiyNw.exe
  2⤵
  PID:9144
- C:\Windows\System\awPwtpe.exe
  C:\Windows\System\awPwtpe.exe
  2⤵
  PID:9128
- C:\Windows\System\fwAaIvx.exe
  C:\Windows\System\fwAaIvx.exe
  2⤵
  PID:9180
- C:\Windows\System\dbXsONS.exe
  C:\Windows\System\dbXsONS.exe
  2⤵
  PID:9192
- C:\Windows\System\WdQDzjO.exe
  C:\Windows\System\WdQDzjO.exe
  2⤵
  PID:8240
- C:\Windows\System\WeRhGmN.exe
  C:\Windows\System\WeRhGmN.exe
  2⤵
  PID:7552
- C:\Windows\System\lbTAyHd.exe
  C:\Windows\System\lbTAyHd.exe
  2⤵
  PID:8432
- C:\Windows\System\UOckDFA.exe
  C:\Windows\System\UOckDFA.exe
  2⤵
  PID:8328
- C:\Windows\System\NSTepXW.exe
  C:\Windows\System\NSTepXW.exe
  2⤵
  PID:8344
- C:\Windows\System\OpKeEUu.exe
  C:\Windows\System\OpKeEUu.exe
  2⤵
  PID:8496
- C:\Windows\System\kYevaVj.exe
  C:\Windows\System\kYevaVj.exe
  2⤵
  PID:8416
- C:\Windows\System\DaCUetk.exe
  C:\Windows\System\DaCUetk.exe
  2⤵
  PID:8636
- C:\Windows\System\QKqjuMC.exe
  C:\Windows\System\QKqjuMC.exe
  2⤵
  PID:8688
- C:\Windows\System\fUqNcBr.exe
  C:\Windows\System\fUqNcBr.exe
  2⤵
  PID:8724
- C:\Windows\System\SFtCAbs.exe
  C:\Windows\System\SFtCAbs.exe
  2⤵
  PID:8776
- C:\Windows\System\pNjdsAN.exe
  C:\Windows\System\pNjdsAN.exe
  2⤵
  PID:8816
- C:\Windows\System\fEjFSOD.exe
  C:\Windows\System\fEjFSOD.exe
  2⤵
  PID:8932
- C:\Windows\System\tXxhZAD.exe
  C:\Windows\System\tXxhZAD.exe
  2⤵
  PID:476
- C:\Windows\System\UYtvUJF.exe
  C:\Windows\System\UYtvUJF.exe
  2⤵
  PID:8196
- C:\Windows\System\kQxapYT.exe
  C:\Windows\System\kQxapYT.exe
  2⤵
  PID:9080
- C:\Windows\System\VOyrbJD.exe
  C:\Windows\System\VOyrbJD.exe
  2⤵
  PID:9108
- C:\Windows\System\KMCSaAh.exe
  C:\Windows\System\KMCSaAh.exe
  2⤵
  PID:8200
- C:\Windows\System\kjJcdRU.exe
  C:\Windows\System\kjJcdRU.exe
  2⤵
  PID:8292
- C:\Windows\System\GHXQfqC.exe
  C:\Windows\System\GHXQfqC.exe
  2⤵
  PID:9048
- C:\Windows\System\kDEoNXt.exe
  C:\Windows\System\kDEoNXt.exe
  2⤵
  PID:7336
- C:\Windows\System\IazSHGP.exe
  C:\Windows\System\IazSHGP.exe
  2⤵
  PID:8584
- C:\Windows\System\zfFDXze.exe
  C:\Windows\System\zfFDXze.exe
  2⤵
  PID:2884
- C:\Windows\System\sKUhzsI.exe
  C:\Windows\System\sKUhzsI.exe
  2⤵
  PID:8384
- C:\Windows\System\SERKYIS.exe
  C:\Windows\System\SERKYIS.exe
  2⤵
  PID:8684
- C:\Windows\System\OpuMZiV.exe
  C:\Windows\System\OpuMZiV.exe
  2⤵
  PID:8756
- C:\Windows\System\JMkbawY.exe
  C:\Windows\System\JMkbawY.exe
  2⤵
  PID:8848
- C:\Windows\System\pMncvez.exe
  C:\Windows\System\pMncvez.exe
  2⤵
  PID:8892
- C:\Windows\System\omSrRIY.exe
  C:\Windows\System\omSrRIY.exe
  2⤵
  PID:8968
- C:\Windows\System\NnycPIy.exe
  C:\Windows\System\NnycPIy.exe
  2⤵
  PID:9168
- C:\Windows\System\MQvzwNx.exe
  C:\Windows\System\MQvzwNx.exe
  2⤵
  PID:8988
- C:\Windows\System\iQiMvkg.exe
  C:\Windows\System\iQiMvkg.exe
  2⤵
  PID:8836
- C:\Windows\System\MbCrTWl.exe
  C:\Windows\System\MbCrTWl.exe
  2⤵
  PID:9020
- C:\Windows\System\ZMDPjsV.exe
  C:\Windows\System\ZMDPjsV.exe
  2⤵
  PID:8312
- C:\Windows\System\ANNcEHr.exe
  C:\Windows\System\ANNcEHr.exe
  2⤵
  PID:8608
- C:\Windows\System\yRmSgXq.exe
  C:\Windows\System\yRmSgXq.exe
  2⤵
  PID:8768
- C:\Windows\System\EIkWkjp.exe
  C:\Windows\System\EIkWkjp.exe
  2⤵
  PID:9188
- C:\Windows\System\wNetuZi.exe
  C:\Windows\System\wNetuZi.exe
  2⤵
  PID:9212
- C:\Windows\System\PVMLXhi.exe
  C:\Windows\System\PVMLXhi.exe
  2⤵
  PID:8320
- C:\Windows\System\QUyjPya.exe
  C:\Windows\System\QUyjPya.exe
  2⤵
  PID:8620
- C:\Windows\System\uZAJIVL.exe
  C:\Windows\System\uZAJIVL.exe
  2⤵
  PID:8708
- C:\Windows\System\YTpBHrA.exe
  C:\Windows\System\YTpBHrA.exe
  2⤵
  PID:8884
- C:\Windows\System\GvQoxos.exe
  C:\Windows\System\GvQoxos.exe
  2⤵
  PID:8888
- C:\Windows\System\sfwqkWl.exe
  C:\Windows\System\sfwqkWl.exe
  2⤵
  PID:8492
- C:\Windows\System\duztfJR.exe
  C:\Windows\System\duztfJR.exe
  2⤵
  PID:9124
- C:\Windows\System\tbNwnuN.exe
  C:\Windows\System\tbNwnuN.exe
  2⤵
  PID:7756
- C:\Windows\System\nAsMzAe.exe
  C:\Windows\System\nAsMzAe.exe
  2⤵
  PID:9008
- C:\Windows\System\TnZVbrF.exe
  C:\Windows\System\TnZVbrF.exe
  2⤵
  PID:8244
- C:\Windows\System\lknAEFM.exe
  C:\Windows\System\lknAEFM.exe
  2⤵
  PID:8944
- C:\Windows\System\GpFiwCq.exe
  C:\Windows\System\GpFiwCq.exe
  2⤵
  PID:5764
- C:\Windows\System\YdHuKqy.exe
  C:\Windows\System\YdHuKqy.exe
  2⤵
  PID:9240
- C:\Windows\System\ewLKnYw.exe
  C:\Windows\System\ewLKnYw.exe
  2⤵
  PID:9256
- C:\Windows\System\oxvZvwg.exe
  C:\Windows\System\oxvZvwg.exe
  2⤵
  PID:9280
- C:\Windows\System\lzUBqNr.exe
  C:\Windows\System\lzUBqNr.exe
  2⤵
  PID:9296
- C:\Windows\System\qFuUutQ.exe
  C:\Windows\System\qFuUutQ.exe
  2⤵
  PID:9320
- C:\Windows\System\UZJmOxk.exe
  C:\Windows\System\UZJmOxk.exe
  2⤵
  PID:9340
- C:\Windows\System\suWhvIf.exe
  C:\Windows\System\suWhvIf.exe
  2⤵
  PID:9360
- C:\Windows\System\NeihBqL.exe
  C:\Windows\System\NeihBqL.exe
  2⤵
  PID:9376
- C:\Windows\System\XogVOHF.exe
  C:\Windows\System\XogVOHF.exe
  2⤵
  PID:9396
- C:\Windows\System\maeOSht.exe
  C:\Windows\System\maeOSht.exe
  2⤵
  PID:9416
- C:\Windows\System\SaQpfil.exe
  C:\Windows\System\SaQpfil.exe
  2⤵
  PID:9436
- C:\Windows\System\ARlPVUK.exe
  C:\Windows\System\ARlPVUK.exe
  2⤵
  PID:9452
- C:\Windows\System\leLpbdT.exe
  C:\Windows\System\leLpbdT.exe
  2⤵
  PID:9472
- C:\Windows\System\BemgIOC.exe
  C:\Windows\System\BemgIOC.exe
  2⤵
  PID:9496
- C:\Windows\System\VkcwrWY.exe
  C:\Windows\System\VkcwrWY.exe
  2⤵
  PID:9512
- C:\Windows\System\YsosaOn.exe
  C:\Windows\System\YsosaOn.exe
  2⤵
  PID:9528
- C:\Windows\System\hsCdRqT.exe
  C:\Windows\System\hsCdRqT.exe
  2⤵
  PID:9544
- C:\Windows\System\XXASwnx.exe
  C:\Windows\System\XXASwnx.exe
  2⤵
  PID:9560
- C:\Windows\System\HmhveNF.exe
  C:\Windows\System\HmhveNF.exe
  2⤵
  PID:9576
- C:\Windows\System\CxUUYLf.exe
  C:\Windows\System\CxUUYLf.exe
  2⤵
  PID:9592
- C:\Windows\System\HYralKo.exe
  C:\Windows\System\HYralKo.exe
  2⤵
  PID:9612
- C:\Windows\System\CAhxWmE.exe
  C:\Windows\System\CAhxWmE.exe
  2⤵
  PID:9628
- C:\Windows\System\CooMXwv.exe
  C:\Windows\System\CooMXwv.exe
  2⤵
  PID:9652
- C:\Windows\System\Timxouk.exe
  C:\Windows\System\Timxouk.exe
  2⤵
  PID:9692
- C:\Windows\System\ZXWEVQA.exe
  C:\Windows\System\ZXWEVQA.exe
  2⤵
  PID:9708
- C:\Windows\System\ObQFyFB.exe
  C:\Windows\System\ObQFyFB.exe
  2⤵
  PID:9736
- C:\Windows\System\BESsaJT.exe
  C:\Windows\System\BESsaJT.exe
  2⤵
  PID:9752
- C:\Windows\System\rkIEWKi.exe
  C:\Windows\System\rkIEWKi.exe
  2⤵
  PID:9768
- C:\Windows\System\LQNkdAe.exe
  C:\Windows\System\LQNkdAe.exe
  2⤵
  PID:9784
- C:\Windows\System\jRndSqS.exe
  C:\Windows\System\jRndSqS.exe
  2⤵
  PID:9800
- C:\Windows\System\VplFVnI.exe
  C:\Windows\System\VplFVnI.exe
  2⤵
  PID:9820
- C:\Windows\System\hqvrtKD.exe
  C:\Windows\System\hqvrtKD.exe
  2⤵
  PID:9840
- C:\Windows\System\mmyTjsm.exe
  C:\Windows\System\mmyTjsm.exe
  2⤵
  PID:9860
- C:\Windows\System\DhqUehs.exe
  C:\Windows\System\DhqUehs.exe
  2⤵
  PID:9876
- C:\Windows\System\QpdURWo.exe
  C:\Windows\System\QpdURWo.exe
  2⤵
  PID:9892
- C:\Windows\System\tiURxsL.exe
  C:\Windows\System\tiURxsL.exe
  2⤵
  PID:9916
- C:\Windows\System\ESOiFGj.exe
  C:\Windows\System\ESOiFGj.exe
  2⤵
  PID:9940
- C:\Windows\System\YtYEEyy.exe
  C:\Windows\System\YtYEEyy.exe
  2⤵
  PID:9960
- C:\Windows\System\kaUjSWR.exe
  C:\Windows\System\kaUjSWR.exe
  2⤵
  PID:9976
- C:\Windows\System\MrKEIZi.exe
  C:\Windows\System\MrKEIZi.exe
  2⤵
  PID:9996
- C:\Windows\System\QQtUXdt.exe
  C:\Windows\System\QQtUXdt.exe
  2⤵
  PID:10012
- C:\Windows\System\PjiMhex.exe
  C:\Windows\System\PjiMhex.exe
  2⤵
  PID:10028
- C:\Windows\System\YDWAqDP.exe
  C:\Windows\System\YDWAqDP.exe
  2⤵
  PID:10044
- C:\Windows\System\SuxNDNc.exe
  C:\Windows\System\SuxNDNc.exe
  2⤵
  PID:10060
- C:\Windows\System\NJMdHur.exe
  C:\Windows\System\NJMdHur.exe
  2⤵
  PID:10092
- C:\Windows\System\IrpBUaN.exe
  C:\Windows\System\IrpBUaN.exe
  2⤵
  PID:10108
- C:\Windows\System\oGSMBqg.exe
  C:\Windows\System\oGSMBqg.exe
  2⤵
  PID:10148
- C:\Windows\System\ovNaGtg.exe
  C:\Windows\System\ovNaGtg.exe
  2⤵
  PID:10164
- C:\Windows\System\OrwCXca.exe
  C:\Windows\System\OrwCXca.exe
  2⤵
  PID:10196
- C:\Windows\System\rDWinIS.exe
  C:\Windows\System\rDWinIS.exe
  2⤵
  PID:10212
- C:\Windows\System\cEOMsyy.exe
  C:\Windows\System\cEOMsyy.exe
  2⤵
  PID:9176
- C:\Windows\System\QJrKkoX.exe
  C:\Windows\System\QJrKkoX.exe
  2⤵
  PID:9236
- C:\Windows\System\IdJHFzp.exe
  C:\Windows\System\IdJHFzp.exe
  2⤵
  PID:9268
- C:\Windows\System\TLfiUyN.exe
  C:\Windows\System\TLfiUyN.exe
  2⤵
  PID:9304
- C:\Windows\System\SonAwvl.exe
  C:\Windows\System\SonAwvl.exe
  2⤵
  PID:9328
- C:\Windows\System\rTfHoTz.exe
  C:\Windows\System\rTfHoTz.exe
  2⤵
  PID:9356
- C:\Windows\System\KYrZnkY.exe
  C:\Windows\System\KYrZnkY.exe
  2⤵
  PID:9388
- C:\Windows\System\mMfJWvw.exe
  C:\Windows\System\mMfJWvw.exe
  2⤵
  PID:9428
- C:\Windows\System\HsbvMXN.exe
  C:\Windows\System\HsbvMXN.exe
  2⤵
  PID:9480
- C:\Windows\System\uKxBbJB.exe
  C:\Windows\System\uKxBbJB.exe
  2⤵
  PID:9556
- C:\Windows\System\MzOYkia.exe
  C:\Windows\System\MzOYkia.exe
  2⤵
  PID:9524
- C:\Windows\System\rNfYWKx.exe
  C:\Windows\System\rNfYWKx.exe
  2⤵
  PID:9600
- C:\Windows\System\NepmHMC.exe
  C:\Windows\System\NepmHMC.exe
  2⤵
  PID:9640
- C:\Windows\System\HbRQkME.exe
  C:\Windows\System\HbRQkME.exe
  2⤵
  PID:9644
- C:\Windows\System\zVGvfPe.exe
  C:\Windows\System\zVGvfPe.exe
  2⤵
  PID:9664
- C:\Windows\System\xHnPmNH.exe
  C:\Windows\System\xHnPmNH.exe
  2⤵
  PID:9716
- C:\Windows\System\pgcydtj.exe
  C:\Windows\System\pgcydtj.exe
  2⤵
  PID:9732
- C:\Windows\System\LDDzazb.exe
  C:\Windows\System\LDDzazb.exe
  2⤵
  PID:9816
- C:\Windows\System\lIyMSte.exe
  C:\Windows\System\lIyMSte.exe
  2⤵
  PID:9884
- C:\Windows\System\EugIjuR.exe
  C:\Windows\System\EugIjuR.exe
  2⤵
  PID:9724
- C:\Windows\System\MRrIclv.exe
  C:\Windows\System\MRrIclv.exe
  2⤵
  PID:9908
- C:\Windows\System\byQMgsL.exe
  C:\Windows\System\byQMgsL.exe
  2⤵
  PID:9928
- C:\Windows\System\FnrxMBS.exe
  C:\Windows\System\FnrxMBS.exe
  2⤵
  PID:9972
- C:\Windows\System\YnMSSpT.exe
  C:\Windows\System\YnMSSpT.exe
  2⤵
  PID:10004
- C:\Windows\System\dKaxJAu.exe
  C:\Windows\System\dKaxJAu.exe
  2⤵
  PID:9796
- C:\Windows\System\flZGsTT.exe
  C:\Windows\System\flZGsTT.exe
  2⤵
  PID:10080
- C:\Windows\System\ZUJKXSM.exe
  C:\Windows\System\ZUJKXSM.exe
  2⤵
  PID:10120
- C:\Windows\System\AgwKUJU.exe
  C:\Windows\System\AgwKUJU.exe
  2⤵
  PID:10136
- C:\Windows\System\sBeZtCz.exe
  C:\Windows\System\sBeZtCz.exe
  2⤵
  PID:10104
- C:\Windows\System\BPFPDEv.exe
  C:\Windows\System\BPFPDEv.exe
  2⤵
  PID:10184
- C:\Windows\System\dHdBCZU.exe
  C:\Windows\System\dHdBCZU.exe
  2⤵
  PID:10204
- C:\Windows\System\eChcviv.exe
  C:\Windows\System\eChcviv.exe
  2⤵
  PID:10228
- C:\Windows\System\wyWhtZi.exe
  C:\Windows\System\wyWhtZi.exe
  2⤵
  PID:9228
- C:\Windows\System\vnYlXTA.exe
  C:\Windows\System\vnYlXTA.exe
  2⤵
  PID:9368
- C:\Windows\System\ikMyNFI.exe
  C:\Windows\System\ikMyNFI.exe
  2⤵
  PID:9336
- C:\Windows\System\lRnbfZa.exe
  C:\Windows\System\lRnbfZa.exe
  2⤵
  PID:9424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AZpMXTK.exe

Filesize
6.0MB

MD5
682b0c558a330b36e3d652be069cbec8

SHA1
1dbeae1ac6e179a2c0ab3c9ec6a54f606fcd6d73

SHA256
708c29dfc19b943c5cb79ff7e27e791dff919ea73e935b307f5e59351a091e21

SHA512
3134b0e05e4f0cad245527cedfa6ed6842139c80d5a06b2d892cc49eeb1f0feca77c1cbf36d3eff36d8c11da2f80704ae098c2ceb337ad275f7da6511e8dc9dc

Download Submit
C:\Windows\system\CMyzSsg.exe

Filesize
6.0MB

MD5
b9aa4fab9fa3187c428a66989cbb93b1

SHA1
ddc53af051707c19b7a125e96ed9cc12fbb151b9

SHA256
bdd2900ec64c22050f882ea1d4d5fad186fabe2a2b8557790c450a2a0844756f

SHA512
bfc26abeeaa38a86198e8528c31d0a1894bba22d9509193d1d7e6f110b0c59a1d249a10fecefc6ca9b8f5dac93ba2fddbc58bf8677a21542a2a1862e171f4bf1

Download Submit
C:\Windows\system\CetwGPe.exe

Filesize
6.0MB

MD5
d8573c6565e3330f8819f2b4cbbc475d

SHA1
c586f73876217afcb308c69447b78907403bdb91

SHA256
983dd18b1691c2d2101a4227514d0046a575ed9ac3cf95a46bdb4b8fda303e0b

SHA512
787c3c51f85837e0b7662f0fa18fcc24dde274f7936029a536481d4d3adce52e3d8b79ba385991a7ca8eedad2e78da75a8a208a048cc34f701c5512dabc92601

Download Submit
C:\Windows\system\FlxgatL.exe

Filesize
6.0MB

MD5
8c5dc9c70e3b9e498562064d8a916ad9

SHA1
26dfc0a9254a9adbc61ff990e83d1811237ec72a

SHA256
81aa993ade944b1ad4d80e7670c8a09fdfa3dddb7d769627c7a9f56ac48c2b25

SHA512
448a4b6a4483035623ed903f415dde7921690b593eec1025f617157ef16ee7df53ce72c1fad7c2e69058b289203e38040ab77120b4ad11108f0a235d479ebb38

Download Submit
C:\Windows\system\JWGtlSg.exe

Filesize
6.0MB

MD5
3e8e111f6b8e96d109313169b46ab7fb

SHA1
b72e0f8f7741604d0dc4d7c571b0978c5075ebb4

SHA256
b0c9975459c2723d42b0e9678da0b3156c6738e1266622118db4be9d8fec51a0

SHA512
9a0b4420ab19ff8e3dd441318d5faf887bf14e59ecd820accdd47c0cce6191e9155d887d571c4fe6d29fd532cdfee21a1e3f5ca305b9cdfb6f8efa7f7808a642

Download Submit
C:\Windows\system\KDibzgb.exe

Filesize
6.0MB

MD5
7c8c1b89410bf77a42bd9d5cd649ab5e

SHA1
c56be7425c833a08e752f9566e3fe315fc368efd

SHA256
4209b1075e47742859464d4fdc9a0d68a9c385c3de9cded76405bfafe4ad559a

SHA512
b4fa275ac39c95cac9b6eb15579a4ee1742eef6abd106b6b5322406effc75b230fc7a13093fea25872ff72e96910b215ca5e1b27da4ad0e0ec42c840ba532ac1

Download Submit
C:\Windows\system\RuqqFdH.exe

Filesize
6.0MB

MD5
99a9e63a88d886cab89df3a3e4e23871

SHA1
2f3da5817e1524dca1e66f725beca4229516ecac

SHA256
774d5cf3f78c4933383f0fcac4593b4663d0eff6c7e204ce96f9576b9e289b76

SHA512
1850e4c0b651767feddf157aeed96a017f8da7526f0b02b1f2fd33bf7ff16d1be1f59e3151ff92e1e83fac59649354fd5523651c1231c9bfc7f31cc1e250012f

Download Submit
C:\Windows\system\SxujpFC.exe

Filesize
6.0MB

MD5
35ddfd9fbb8d73378b3edc9e9dd3d26f

SHA1
539ce4b4f359cd276bd614dd9b1367ac9f160743

SHA256
709a4129ecb6541f7ca0de31ef910f95fd24dbe36859f36ae6f6c462704a08ac

SHA512
08eb598ce19916d74deffc6cdae83267b26ad13bafc60e6b5581e9f1efa593b477eeaf05a8824f619c472781325e50efae2d689cbd2993be4bb60c88d0773c8d

Download Submit
C:\Windows\system\TwACstX.exe

Filesize
6.0MB

MD5
f3678b37ca16fea473b62c283a2fb504

SHA1
ac480ce1f0aa8530138d2e7ac3f400606758d3ec

SHA256
1ddfdc9d85db952fd2bd346ad85959c17713f088e76fe2fd29ad3730d1efdd45

SHA512
83ff631ceddc4ce229accb0f77ee92b592541701337f199dad72a0afe5fca8f25f36955dabad5043fdd6663e170840240427affe1f789dc7209413d5c5420c44

Download Submit
C:\Windows\system\UUTfvFa.exe

Filesize
6.0MB

MD5
9b63050d457d1b56b7cc6b9df38fdba8

SHA1
875c17c6f7e63c7f51f242be2070d3c138873223

SHA256
1bf3e88cbd8fa6c6e6261b03cc495d20a05035eb2e84af601096195174a7eec0

SHA512
6c09b599bfc286519d2b105819ec32d7ff871a2eceec08673152e28082dd63adf10769be3f3307c012a1ce73cdbae18f35b1752ccd68f09e1d80effa38a3b1c7

Download Submit
C:\Windows\system\UXOvNyx.exe

Filesize
6.0MB

MD5
22a112cb239d8aed213871e4528da3aa

SHA1
f8e1ce8a4b799446708f96f07df86c0dd71495f7

SHA256
c715aca1e3fc878808059581ce361e12e6bebd06aae9b6a8cd8f989dcfe114c6

SHA512
a27be257f317acfa81bf29f58deea438727daab346e88bcfc1ef9e81a66e31ece01181de28d5d19452e4f2150ba90758281ca1c34806e598b54174a94ecd3758

Download Submit
C:\Windows\system\UyPdSfZ.exe

Filesize
6.0MB

MD5
3b6faf3755f8b6d807250a126a6cbffc

SHA1
60ee01a08f849395badc374e1406ed24ffc63a03

SHA256
ddd032e203f07e06c11385a5fc762f6abd8fb61b51189c91a702dcb6039d90bb

SHA512
028081aac6787d653bc3f3ae3df81cbc03bc1a97a4630d9b985584a8b252c354e98d553d768679b712bc633d027322afe4e5329aa0e0293d80869d14185b4e33

Download Submit
C:\Windows\system\XvglIwI.exe

Filesize
6.0MB

MD5
63a8e05d2901b461a6a56ffa59ceec51

SHA1
c39fe8fdc087bcf5e8e82b55a1767dd768dbcd6e

SHA256
aa851cf87e141f3414ce932154eebcb4eba73e709706ba71576b2c208d7ebd7e

SHA512
d5a9e4f68390484502710dbb9c1fb766ef2e5bb2cbb875eb849cfd67810fe44f5cd3676fa1a757053d090417d302c245cec35dd0ba489034b6c62d8a55a42101

Download Submit
C:\Windows\system\YokAQgi.exe

Filesize
6.0MB

MD5
082d594917d073715e35cfc2023dadcf

SHA1
65ef28c8b5d5436420b0c3671e59800b42e36303

SHA256
45e7efd9454a6eed7ed1649c0af513a757747ddc44f31cf49463f56198b711da

SHA512
c5c4e95f5fe3b9711be581c0538a22def3af1009293ca2141978a6e9181b42a009494caa424c9a71e92c93cf46a25b935575981e8880bf64a40b5b6f4ad36e80

Download Submit
C:\Windows\system\bkqWnos.exe

Filesize
6.0MB

MD5
32af80523d46ca1858f7ae45149dc757

SHA1
9bcdd7a9f1fe74cca2731181fcfc6d98bc2b5294

SHA256
8e0104f1551becfd29810b14cc1bc35f3a994b43ee0ba408ed6d38cc7ada5ea7

SHA512
5be096d6eb1119c04df11035996c9ee5a1193f99878940f55bddc5e14c1ffee0b98436c79bc657ea8258720fc1a6013d3a6e5c737feffb60599fcf5b1ac87fa9

Download Submit
C:\Windows\system\cDMQZbr.exe

Filesize
6.0MB

MD5
e32d742cd4b63043babf59079442c73a

SHA1
7e6830736918ed995eebfd7e9f47ce11973f3d40

SHA256
c5f94c73a8fd21556c1116520922710143f08cc8f908d56c8c9afd8fa992c7b3

SHA512
840b0c714b811a97fc592f70bda16b3f639b8f77c54ea9688234db0e0a2af555d84407e075b4e17773e96fc0ec015e8d3a0cc33dd20c2bbf6b95c047b1edd16c

Download Submit
C:\Windows\system\eUjaEua.exe

Filesize
6.0MB

MD5
9cb5a5e6bff8553b50c1ca26a7572e53

SHA1
c369fb33376b64b569437cc6735ac78f153841c8

SHA256
ce6dedbe9a9204c35abc017d99ea0254e211f1c915fd11dfdc4f94422f1b4932

SHA512
4a81e518abe4b54dfa6771249614c9844fc5afe745199b3d52c3dcce11f2769f8a5546dcc89f6b2bec533c022c56405231ba211ca5c66d8c1108c707ba1a3b9c

Download Submit
C:\Windows\system\fStsGYn.exe

Filesize
6.0MB

MD5
a8f35a6bd7a4eee3d6b7b17355505c18

SHA1
3c649340932738c5ff67be13556096e7cec00845

SHA256
1a77bf565c39528e819cc79472cc0c486d80ed20defa61c22d2f39d6f764f14f

SHA512
9c24db0ed62fb4dcecc8e4464d7bcea6de5a10d12184831788cf021e31dbdae1a70a41bea157bfa504a7a3af1c289bdc214ac155da30738d07a4d9589c0a102c

Download Submit
C:\Windows\system\jpIWZny.exe

Filesize
6.0MB

MD5
a06f88a7ac6df456ef9572a83a27afae

SHA1
5f332742d4e9eaa2b78cb3a64c4dfeb204ca75e1

SHA256
b9fee54a0c4dad6ab3cf05d2c2f2d1cc57067ff1a6550c302620ce51d26b17d2

SHA512
4be9c55976b13ad285f8ee4ecebbd70fc5cca5c90e03679d8d44747777acc4ebecfcb3d5155a087e26acb0b2ddfa692335368a5fccbfa975530ed3aa80a5e083

Download Submit
C:\Windows\system\kWTTaJu.exe

Filesize
6.0MB

MD5
1eb34198df8bf739876bc27091848353

SHA1
46db48b29d3121f459fda3c8c1e5266965034742

SHA256
b1d816c1d150cda0ffcd015ebdc3c31427350afe935eb1428565a8ab878955d9

SHA512
0b5565e610626ae1d6cdcb6cae7faf48b355ea2dfd59369019dd8bc31b4c57271f5ed2fe78da2d6d7179cffe160e3356c5cf21832701dd0ea38adf642e495abf

Download Submit
C:\Windows\system\lzYAZzq.exe

Filesize
6.0MB

MD5
df9bf874843feb8992e64098eceb8431

SHA1
1dd2cd904560b297e51d637745c8e2cf462c48f4

SHA256
3501546bc8fde8c698594204d7216887d9ac7bfd0bc083beca9003e8e446457f

SHA512
75eb79f427177508001192c0a2bd4d038c34ec968c0abccfe0646abfa8786e52df0758f2a9b2a043480086da741740496e648d397abe6208f5d0dbb012dae35a

Download Submit
C:\Windows\system\mYcNkNe.exe

Filesize
6.0MB

MD5
4741cd6446eb39e0612235f49a0769a4

SHA1
36c3ff4cb4603d93a06bc80d008e9efb4ae79c19

SHA256
7bab700e1f1649971ef91d702e9b24ab85f0b49d040287fc85026f954781461e

SHA512
95e0e9ddc15243e7753cea2835a059fdc92d3623a045be91679ea79c53a7ae279c333e7ef28585694130456b4a86381f7159bcb8d50737298a13002145f2a5e5

Download Submit
C:\Windows\system\oNvdHlN.exe

Filesize
6.0MB

MD5
ccf28ace9e84dea4604041d881be0c18

SHA1
996901a9e80695ebee140732a7dbdb150162251b

SHA256
bea824f23c6a157258c0f9980256363eccde9c73fbbeff2ca0d484e481c90402

SHA512
778bdab19043dc4fcc5b0da6296a47d20c20d5da1cdfdec56ae9fabdfc9d182d129c7d36d522a17b1d1522b48b2c08048c33838c6974658fa06f7046c5d3d618

Download Submit
C:\Windows\system\pBLnJsj.exe

Filesize
6.0MB

MD5
26fa6f652eb7a9c73ab9871b89cf70ae

SHA1
1c76e61c472b3bd7858d78a12450f3ff828977ae

SHA256
e6facf134ea17ac1a51aa69ac73dd26e98c7478f6b8bd512479527e4ffc8aa96

SHA512
471deaaf2cdba3992998624c8f3b1940c4860b91107f7a2a3d3975bdc7d63c564386406f6c693f39fbe8f9661ac37db52273104867220d4b986b4438c3ee4560

Download Submit
C:\Windows\system\pxCleLh.exe

Filesize
6.0MB

MD5
43470d10e751b364c73b1c5c77fdb7a4

SHA1
41aa86e3192bf314c7c1edff70f721033d4ed6e9

SHA256
791f9c5b3a21a54ab7fe48c9c5e546d59de471d78c2a8bb4188ca369811bdcb6

SHA512
a1be27ff9ca2ce0a61d8a6b5bcd5d9f6e13d8bc2af87e878d70ab372041c2d1ae76a7cc38d8fe59d90140afb9bee485fafbe7e83fa5b1398dd7f0389a594644d

Download Submit
C:\Windows\system\uQWSXYt.exe

Filesize
6.0MB

MD5
d378bf26b36bf8c6221593395a0ea391

SHA1
1645be0c2ea18a82bea88afc66f539377d619119

SHA256
c6a9e85d11737238cab33791aa50eb84e54c312f9e6bf9151ea69fd0ce015b3a

SHA512
16bd093e520a38f196a5560700cf1ea6bdf5044145206b2459611343a81203c26d884d498d8750bf816c065dd0ef9d33da5aa241bc8d369ffb48151d0b1ceac9

Download Submit
C:\Windows\system\voTXAuu.exe

Filesize
6.0MB

MD5
22de0310f78b32b37579e7251bed0a3d

SHA1
d36286ac42698e06785f028eedd3ab42455c1ee6

SHA256
8096d3f95b323f3711d7f3f25fc9738a9fd05e29ff7ff3b924952bd5c12482a7

SHA512
7b548cebf5ebdeafff05798e7dd2fd030a12dd235740f2ee6fc3688f6b7eb771532ee0fae909ee518198e5c4f44839c790728f9122af2bfb1ef6c1d467ae5d90

Download Submit
C:\Windows\system\zMaDkWQ.exe

Filesize
6.0MB

MD5
36d6e0dc70dd81904ef920b550ffc1f8

SHA1
cbf530b675e59d40c489a949fc4d3f89af8e4074

SHA256
a9852748bbed08dd4d8e6e0ca9aa073a10786a701721d779f58242352eb6a61e

SHA512
ae95333ef5edd95befa759efdee2b5357474fd806a6f516293dc7691baf310a916f4a09af8db3e09dfd62a98096144a154ed58ce81715f4361eeea7de7de8650

Download Submit
\Windows\system\WayLdps.exe

Filesize
6.0MB

MD5
403ef84435e5a2d9ac0b74ff19dafc17

SHA1
71677242bb228035b1e76ddfa06eee29734a151b

SHA256
cc6a353df4f755debbdb029588ba91b54b29051656d16658acc7714be373cae6

SHA512
6e8459eb3bd9602e221e1779b7d287527e60e0273dbed36b0d8cff1146ed21ae0303d8413e5d210d01cdab00ee84f3f9552628e5266e5ae8144155ef2e3e2392

Download Submit
\Windows\system\ilJLPuQ.exe

Filesize
6.0MB

MD5
15fa8fca5f1392ad425702d6e4b0e700

SHA1
cdf892541916785f1e6cdbbd5f82972da018b3b0

SHA256
57821c6ee999aba28df92079fc45635c6cf01184b7e2f64d37295efeabaa111c

SHA512
1e2adc9c821a1f298c058fc3d46e778215d3e45675379a5019a5e345769bc39b4a76770400d7e6e056b85f16140441c27c8efa282cfa1d0b5743943922c5523c

Download Submit
\Windows\system\mpKgzDy.exe

Filesize
6.0MB

MD5
ff06dd0c97c2bcf16a4544f9d656bc8d

SHA1
dabd85998205b7bbf84025889b1ffc6f1cf4fef0

SHA256
039b2a379a92db6706679d78079ba8543becb4434a0366a86c35bb26c33ffa21

SHA512
ae0dacba8b7e29d1e3dbd9144b8d68ecfa1be182cbbbe6c062de8b600dbe002f053a0a0fa23ab25d31851216777e23150e4791c54323aaa74d16b0628e9e15a2

Download Submit
\Windows\system\ukdQvRg.exe

Filesize
6.0MB

MD5
494312179469270c649b847d3d66eb4b

SHA1
f31830fc4f09807f8602ef8010d8b0ec2532a863

SHA256
6e4321e2fb1ab35adfcd333729e71e9645667a7bf44fc5cb88676a80034c2ba9

SHA512
ae5a49d3e7425ec903cd83f4f27b883d66ae4cd7efb79c7a89173f033c72bf467ced0f45e9f77e53eae3e091af682b013537adcb5d0540782e90849f0513097a

Download Submit
memory/1644-96-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/1644-825-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/1644-4023-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/1984-46-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/1984-28-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1984-99-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/1984-54-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/1984-92-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/1984-9-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/1984-79-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-0-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-73-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-981-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/1984-76-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/1984-626-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/1984-19-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/1984-50-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-66-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2244-39-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-4017-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-91-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-4014-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2324-15-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2324-85-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2428-74-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2428-4021-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2624-4025-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2624-134-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2624-82-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2668-4026-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2668-393-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2668-88-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2700-21-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2700-90-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2700-4016-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2768-98-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2768-4019-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2768-59-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2780-77-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2780-4022-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2832-44-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-4018-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-4015-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-33-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-4024-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-86-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-255-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-4020-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2992-68-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/3040-13-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/3040-4013-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download