cobaltstrike | 2886f19f2a1a4f90b858ed35b3d146889582b2e888a71b31957fdb50e87a6aff

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 04:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

da8521cbe4d93eefe368dada0274a99d
SHA1

b53a164ff8c0d261a6d31f146827d6ca1b1d4e5c
SHA256

2886f19f2a1a4f90b858ed35b3d146889582b2e888a71b31957fdb50e87a6aff
SHA512

9b391643b7290da08560ec0a1ae23fb4280fdc6590f95ef4e45a7a7a4d633d987fe1cc877a64325cc177d181281d881bd5a72bc9ee735fcc74f27d63a52edda9
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUa:T+q56utgpPF8u/7a

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0009000000016d2c-3.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000016d64-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d69-11.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d3f-25.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016fc9-33.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016fe5-36.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000170f8-45.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001756e-56.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-64.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-76.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-80.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-104.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-195.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-190.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-149.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-129.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-119.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-114.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-103.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-71.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2060-0-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d2c-3.dat	xmrig
behavioral1/memory/2620-8-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2060-6-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/files/0x000a000000016d64-9.dat	xmrig
behavioral1/memory/2388-16-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d69-11.dat	xmrig
behavioral1/memory/536-26-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d3f-25.dat	xmrig
behavioral1/memory/2060-20-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016fc9-33.dat	xmrig
behavioral1/memory/2956-30-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016fe5-36.dat	xmrig
behavioral1/memory/2060-42-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2060-40-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/2924-43-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/files/0x00070000000170f8-45.dat	xmrig
behavioral1/memory/2620-46-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2796-51-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2388-52-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2956-55-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/536-54-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/files/0x000800000001756e-56.dat	xmrig
behavioral1/memory/2816-62-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2532-63-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x00050000000195b5-64.dat	xmrig
behavioral1/memory/2792-70-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195bb-76.dat	xmrig
behavioral1/files/0x00050000000195bd-80.dat	xmrig
behavioral1/memory/2724-87-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c1-85.dat	xmrig
behavioral1/files/0x00050000000195c5-104.dat	xmrig
behavioral1/memory/2060-110-0x00000000022F0000-0x0000000002644000-memory.dmp	xmrig
behavioral1/files/0x000500000001960c-124.dat	xmrig
behavioral1/files/0x0005000000019761-139.dat	xmrig
behavioral1/files/0x0005000000019bf5-160.dat	xmrig
behavioral1/files/0x0005000000019bf9-169.dat	xmrig
behavioral1/files/0x0005000000019d61-180.dat	xmrig
behavioral1/memory/2060-314-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2972-433-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2724-270-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/files/0x0005000000019e92-195.dat	xmrig
behavioral1/files/0x0005000000019d62-186.dat	xmrig
behavioral1/files/0x0005000000019d6d-190.dat	xmrig
behavioral1/files/0x0005000000019c3c-174.dat	xmrig
behavioral1/files/0x0005000000019bf6-164.dat	xmrig
behavioral1/files/0x000500000001998d-154.dat	xmrig
behavioral1/files/0x0005000000019820-149.dat	xmrig
behavioral1/files/0x00050000000197fd-145.dat	xmrig
behavioral1/files/0x000500000001975a-134.dat	xmrig
behavioral1/files/0x0005000000019643-129.dat	xmrig
behavioral1/files/0x00050000000195c7-119.dat	xmrig
behavioral1/files/0x00050000000195c6-114.dat	xmrig
behavioral1/files/0x00050000000195c3-103.dat	xmrig
behavioral1/memory/1960-102-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2060-100-0x00000000022F0000-0x0000000002644000-memory.dmp	xmrig
behavioral1/memory/2060-99-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2568-97-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2120-94-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2972-109-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195b7-71.dat	xmrig
behavioral1/memory/536-1253-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2532-1250-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/2956-1228-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2620	VQlzuNX.exe
2388	qMJsdfY.exe
536	MykCQti.exe
2956	OmXFGLs.exe
2532	kSwKIgb.exe
2924	vBwFLOZ.exe
2796	cxRLcmu.exe
2816	cCdoRyX.exe
2792	plGLCvp.exe
2724	ibgzTrj.exe
2120	Ouqaqjc.exe
2568	ADgesXh.exe
1960	OOvMigp.exe
2972	cDDNOwy.exe
1948	jnuneTX.exe
2364	ImlqCmG.exe
1640	GSazrIU.exe
1636	BtKQSVu.exe
1484	gwktwEu.exe
1988	XfmvQqN.exe
2984	zEefLFG.exe
3028	PmyQnCu.exe
2280	fcgwnPA.exe
2248	rxuxLgc.exe
2348	zolzpce.exe
676	UxKjKXZ.exe
560	hggIdwj.exe
2440	WlEvWno.exe
2124	chjIErl.exe
656	RBmZJhO.exe
1552	AGUHpoS.exe
988	OCsoSjm.exe
236	IaEbhAI.exe
2860	aFUtRCA.exe
1028	MNzBAwh.exe
908	jxBrOcB.exe
1432	mckVkfs.exe
2640	Cdlrkat.exe
2164	jozXIqV.exe
2540	nibBYjr.exe
2272	EoeVcVc.exe
1892	ZbJxTWH.exe
1672	brSjwgn.exe
2520	ssHcvaQ.exe
2244	OdDFOPS.exe
2432	QPoIYLx.exe
572	PxQrzkT.exe
1240	ORFZbOT.exe
2452	ArqyUUi.exe
2468	qiPAGaP.exe
1604	DQBYBWv.exe
2404	vqSRHpw.exe
2104	jeiXPCR.exe
2068	ohduqTb.exe
2196	XzyoaEI.exe
2804	gZZVZru.exe
2836	lhkuOpT.exe
2488	IkifSGD.exe
2912	HVHCnap.exe
2908	kGihlxx.exe
2684	YUciuNY.exe
2152	iNTACZK.exe
524	AELvLuQ.exe
2980	VNrPwZl.exe

Loads dropped DLL 64 IoCs

pid	Process
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2060-0-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x0009000000016d2c-3.dat	upx
behavioral1/memory/2620-8-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2060-6-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/files/0x000a000000016d64-9.dat	upx
behavioral1/memory/2388-16-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/files/0x0008000000016d69-11.dat	upx
behavioral1/memory/536-26-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/files/0x0009000000016d3f-25.dat	upx
behavioral1/files/0x0007000000016fc9-33.dat	upx
behavioral1/memory/2956-30-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/files/0x0007000000016fe5-36.dat	upx
behavioral1/memory/2060-40-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/2924-43-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/files/0x00070000000170f8-45.dat	upx
behavioral1/memory/2620-46-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2796-51-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2388-52-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2956-55-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/536-54-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/files/0x000800000001756e-56.dat	upx
behavioral1/memory/2816-62-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2532-63-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x00050000000195b5-64.dat	upx
behavioral1/memory/2792-70-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/files/0x00050000000195bb-76.dat	upx
behavioral1/files/0x00050000000195bd-80.dat	upx
behavioral1/memory/2724-87-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/files/0x00050000000195c1-85.dat	upx
behavioral1/files/0x00050000000195c5-104.dat	upx
behavioral1/files/0x000500000001960c-124.dat	upx
behavioral1/files/0x0005000000019761-139.dat	upx
behavioral1/files/0x0005000000019bf5-160.dat	upx
behavioral1/files/0x0005000000019bf9-169.dat	upx
behavioral1/files/0x0005000000019d61-180.dat	upx
behavioral1/memory/2972-433-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2724-270-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/files/0x0005000000019e92-195.dat	upx
behavioral1/files/0x0005000000019d62-186.dat	upx
behavioral1/files/0x0005000000019d6d-190.dat	upx
behavioral1/files/0x0005000000019c3c-174.dat	upx
behavioral1/files/0x0005000000019bf6-164.dat	upx
behavioral1/files/0x000500000001998d-154.dat	upx
behavioral1/files/0x0005000000019820-149.dat	upx
behavioral1/files/0x00050000000197fd-145.dat	upx
behavioral1/files/0x000500000001975a-134.dat	upx
behavioral1/files/0x0005000000019643-129.dat	upx
behavioral1/files/0x00050000000195c7-119.dat	upx
behavioral1/files/0x00050000000195c6-114.dat	upx
behavioral1/files/0x00050000000195c3-103.dat	upx
behavioral1/memory/1960-102-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2568-97-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2120-94-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2972-109-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/files/0x00050000000195b7-71.dat	upx
behavioral1/memory/536-1253-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2532-1250-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/2956-1228-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2924-1329-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2796-1344-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2388-1187-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2620-1186-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2816-1501-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2792-1522-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\lfGsdcs.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AHPouRd.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JizTbMW.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QIMLEgx.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MYFtfVL.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rsujQzs.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZUwdFvS.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DVwQyJP.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rDtYZeR.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TKWnLVu.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CdVPrZb.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZSFPMsM.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mvvnIHW.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xbEWplK.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\suatyBJ.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JyXqpfw.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LoshTJD.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nZwaywt.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\utrtwuG.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vPBhZNZ.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OLVdrzf.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CALcqDO.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cshdyZS.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ouVTfbP.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IpHCJoM.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IyGwAQZ.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AVJphas.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gkeBntq.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BMcUmah.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IAGaukU.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oYatXCj.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fYpKwtJ.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yhjYKco.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BGxuxGO.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\foUctBs.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EkLqSaj.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dzyhyqx.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zWtpKkJ.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ohduqTb.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KZItkFq.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SGOLjUu.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KLeFtfK.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BFwvOmk.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iCHJERl.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VmNpcCF.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\myjxcaY.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TeODGHI.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fxoRckf.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qZQBMXy.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lhzzYLl.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RvUEHHc.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uUPWJWm.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OJGTixH.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xSFIAzX.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HuRnyQv.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PAxiIhI.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LEfsQAj.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aBuXKqG.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qpDKDJQ.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RAxJqwM.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LZYzBcO.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aTeTVuR.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hNhoYNZ.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ofOzhcT.exe	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2620	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2060 wrote to memory of 2620	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2060 wrote to memory of 2620	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2060 wrote to memory of 2388	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2060 wrote to memory of 2388	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2060 wrote to memory of 2388	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2060 wrote to memory of 536	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2060 wrote to memory of 536	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2060 wrote to memory of 536	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2060 wrote to memory of 2956	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2060 wrote to memory of 2956	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2060 wrote to memory of 2956	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2060 wrote to memory of 2532	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2060 wrote to memory of 2532	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2060 wrote to memory of 2532	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2060 wrote to memory of 2924	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2060 wrote to memory of 2924	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2060 wrote to memory of 2924	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2060 wrote to memory of 2796	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2060 wrote to memory of 2796	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2060 wrote to memory of 2796	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2060 wrote to memory of 2816	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2060 wrote to memory of 2816	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2060 wrote to memory of 2816	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2060 wrote to memory of 2792	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2060 wrote to memory of 2792	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2060 wrote to memory of 2792	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2060 wrote to memory of 2724	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2060 wrote to memory of 2724	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2060 wrote to memory of 2724	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2060 wrote to memory of 2120	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2060 wrote to memory of 2120	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2060 wrote to memory of 2120	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2060 wrote to memory of 1960	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2060 wrote to memory of 1960	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2060 wrote to memory of 1960	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2060 wrote to memory of 2568	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2060 wrote to memory of 2568	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2060 wrote to memory of 2568	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2060 wrote to memory of 2972	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2060 wrote to memory of 2972	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2060 wrote to memory of 2972	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2060 wrote to memory of 1948	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2060 wrote to memory of 1948	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2060 wrote to memory of 1948	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2060 wrote to memory of 2364	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2060 wrote to memory of 2364	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2060 wrote to memory of 2364	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2060 wrote to memory of 1640	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2060 wrote to memory of 1640	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2060 wrote to memory of 1640	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2060 wrote to memory of 1636	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2060 wrote to memory of 1636	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2060 wrote to memory of 1636	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2060 wrote to memory of 1484	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2060 wrote to memory of 1484	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2060 wrote to memory of 1484	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2060 wrote to memory of 1988	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2060 wrote to memory of 1988	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2060 wrote to memory of 1988	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2060 wrote to memory of 2984	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2060 wrote to memory of 2984	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2060 wrote to memory of 2984	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2060 wrote to memory of 3028	2060	2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_da8521cbe4d93eefe368dada0274a99d_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Windows\System\VQlzuNX.exe
  C:\Windows\System\VQlzuNX.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\qMJsdfY.exe
  C:\Windows\System\qMJsdfY.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\MykCQti.exe
  C:\Windows\System\MykCQti.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\OmXFGLs.exe
  C:\Windows\System\OmXFGLs.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\kSwKIgb.exe
  C:\Windows\System\kSwKIgb.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\vBwFLOZ.exe
  C:\Windows\System\vBwFLOZ.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\cxRLcmu.exe
  C:\Windows\System\cxRLcmu.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\cCdoRyX.exe
  C:\Windows\System\cCdoRyX.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\plGLCvp.exe
  C:\Windows\System\plGLCvp.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\ibgzTrj.exe
  C:\Windows\System\ibgzTrj.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\Ouqaqjc.exe
  C:\Windows\System\Ouqaqjc.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\OOvMigp.exe
  C:\Windows\System\OOvMigp.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\ADgesXh.exe
  C:\Windows\System\ADgesXh.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\cDDNOwy.exe
  C:\Windows\System\cDDNOwy.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\jnuneTX.exe
  C:\Windows\System\jnuneTX.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\ImlqCmG.exe
  C:\Windows\System\ImlqCmG.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\GSazrIU.exe
  C:\Windows\System\GSazrIU.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\BtKQSVu.exe
  C:\Windows\System\BtKQSVu.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\gwktwEu.exe
  C:\Windows\System\gwktwEu.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\XfmvQqN.exe
  C:\Windows\System\XfmvQqN.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\zEefLFG.exe
  C:\Windows\System\zEefLFG.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\PmyQnCu.exe
  C:\Windows\System\PmyQnCu.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\fcgwnPA.exe
  C:\Windows\System\fcgwnPA.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\rxuxLgc.exe
  C:\Windows\System\rxuxLgc.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\zolzpce.exe
  C:\Windows\System\zolzpce.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\UxKjKXZ.exe
  C:\Windows\System\UxKjKXZ.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\hggIdwj.exe
  C:\Windows\System\hggIdwj.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\WlEvWno.exe
  C:\Windows\System\WlEvWno.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\chjIErl.exe
  C:\Windows\System\chjIErl.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\RBmZJhO.exe
  C:\Windows\System\RBmZJhO.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\AGUHpoS.exe
  C:\Windows\System\AGUHpoS.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\OCsoSjm.exe
  C:\Windows\System\OCsoSjm.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\IaEbhAI.exe
  C:\Windows\System\IaEbhAI.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\aFUtRCA.exe
  C:\Windows\System\aFUtRCA.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\MNzBAwh.exe
  C:\Windows\System\MNzBAwh.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\jxBrOcB.exe
  C:\Windows\System\jxBrOcB.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\mckVkfs.exe
  C:\Windows\System\mckVkfs.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\Cdlrkat.exe
  C:\Windows\System\Cdlrkat.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\jozXIqV.exe
  C:\Windows\System\jozXIqV.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\nibBYjr.exe
  C:\Windows\System\nibBYjr.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\EoeVcVc.exe
  C:\Windows\System\EoeVcVc.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\ZbJxTWH.exe
  C:\Windows\System\ZbJxTWH.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\brSjwgn.exe
  C:\Windows\System\brSjwgn.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\ssHcvaQ.exe
  C:\Windows\System\ssHcvaQ.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\OdDFOPS.exe
  C:\Windows\System\OdDFOPS.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\QPoIYLx.exe
  C:\Windows\System\QPoIYLx.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\PxQrzkT.exe
  C:\Windows\System\PxQrzkT.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\ORFZbOT.exe
  C:\Windows\System\ORFZbOT.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\ArqyUUi.exe
  C:\Windows\System\ArqyUUi.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\qiPAGaP.exe
  C:\Windows\System\qiPAGaP.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\DQBYBWv.exe
  C:\Windows\System\DQBYBWv.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\vqSRHpw.exe
  C:\Windows\System\vqSRHpw.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\jeiXPCR.exe
  C:\Windows\System\jeiXPCR.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\ohduqTb.exe
  C:\Windows\System\ohduqTb.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\XzyoaEI.exe
  C:\Windows\System\XzyoaEI.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\gZZVZru.exe
  C:\Windows\System\gZZVZru.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\lhkuOpT.exe
  C:\Windows\System\lhkuOpT.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\IkifSGD.exe
  C:\Windows\System\IkifSGD.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\HVHCnap.exe
  C:\Windows\System\HVHCnap.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\kGihlxx.exe
  C:\Windows\System\kGihlxx.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\YUciuNY.exe
  C:\Windows\System\YUciuNY.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\iNTACZK.exe
  C:\Windows\System\iNTACZK.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\AELvLuQ.exe
  C:\Windows\System\AELvLuQ.exe
  2⤵
  - Executes dropped EXE
  PID:524
- C:\Windows\System\KkUqZBS.exe
  C:\Windows\System\KkUqZBS.exe
  2⤵
  PID:2664
- C:\Windows\System\VNrPwZl.exe
  C:\Windows\System\VNrPwZl.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\kIjxdik.exe
  C:\Windows\System\kIjxdik.exe
  2⤵
  PID:2656
- C:\Windows\System\sqFqkUk.exe
  C:\Windows\System\sqFqkUk.exe
  2⤵
  PID:2340
- C:\Windows\System\CALcqDO.exe
  C:\Windows\System\CALcqDO.exe
  2⤵
  PID:2056
- C:\Windows\System\RzMRaGg.exe
  C:\Windows\System\RzMRaGg.exe
  2⤵
  PID:1660
- C:\Windows\System\DNyldlS.exe
  C:\Windows\System\DNyldlS.exe
  2⤵
  PID:2004
- C:\Windows\System\DKknSsw.exe
  C:\Windows\System\DKknSsw.exe
  2⤵
  PID:2288
- C:\Windows\System\ItuKBnS.exe
  C:\Windows\System\ItuKBnS.exe
  2⤵
  PID:2636
- C:\Windows\System\ycokXDQ.exe
  C:\Windows\System\ycokXDQ.exe
  2⤵
  PID:1908
- C:\Windows\System\Eznzkrg.exe
  C:\Windows\System\Eznzkrg.exe
  2⤵
  PID:108
- C:\Windows\System\yZmGNOW.exe
  C:\Windows\System\yZmGNOW.exe
  2⤵
  PID:1928
- C:\Windows\System\JVifCvi.exe
  C:\Windows\System\JVifCvi.exe
  2⤵
  PID:2588
- C:\Windows\System\IlafEYA.exe
  C:\Windows\System\IlafEYA.exe
  2⤵
  PID:1784
- C:\Windows\System\wUJoxib.exe
  C:\Windows\System\wUJoxib.exe
  2⤵
  PID:1036
- C:\Windows\System\pMEtVWx.exe
  C:\Windows\System\pMEtVWx.exe
  2⤵
  PID:1148
- C:\Windows\System\XCTJiNS.exe
  C:\Windows\System\XCTJiNS.exe
  2⤵
  PID:2036
- C:\Windows\System\mzMwmwL.exe
  C:\Windows\System\mzMwmwL.exe
  2⤵
  PID:640
- C:\Windows\System\UcqYDfE.exe
  C:\Windows\System\UcqYDfE.exe
  2⤵
  PID:772
- C:\Windows\System\iCxvUqg.exe
  C:\Windows\System\iCxvUqg.exe
  2⤵
  PID:1944
- C:\Windows\System\ZrVdCgG.exe
  C:\Windows\System\ZrVdCgG.exe
  2⤵
  PID:2312
- C:\Windows\System\cHbsQEP.exe
  C:\Windows\System\cHbsQEP.exe
  2⤵
  PID:1768
- C:\Windows\System\OvCqpJk.exe
  C:\Windows\System\OvCqpJk.exe
  2⤵
  PID:820
- C:\Windows\System\PbpOqhR.exe
  C:\Windows\System\PbpOqhR.exe
  2⤵
  PID:900
- C:\Windows\System\kQsvjPt.exe
  C:\Windows\System\kQsvjPt.exe
  2⤵
  PID:2472
- C:\Windows\System\NFONAcI.exe
  C:\Windows\System\NFONAcI.exe
  2⤵
  PID:2444
- C:\Windows\System\acpQQSR.exe
  C:\Windows\System\acpQQSR.exe
  2⤵
  PID:3068
- C:\Windows\System\ywfIaqA.exe
  C:\Windows\System\ywfIaqA.exe
  2⤵
  PID:2648
- C:\Windows\System\BzdpsmT.exe
  C:\Windows\System\BzdpsmT.exe
  2⤵
  PID:2872
- C:\Windows\System\JvHtBGN.exe
  C:\Windows\System\JvHtBGN.exe
  2⤵
  PID:1760
- C:\Windows\System\dAbiiHh.exe
  C:\Windows\System\dAbiiHh.exe
  2⤵
  PID:2716
- C:\Windows\System\KlbjNmC.exe
  C:\Windows\System\KlbjNmC.exe
  2⤵
  PID:2092
- C:\Windows\System\osiKGTX.exe
  C:\Windows\System\osiKGTX.exe
  2⤵
  PID:2856
- C:\Windows\System\BDFrjdf.exe
  C:\Windows\System\BDFrjdf.exe
  2⤵
  PID:2824
- C:\Windows\System\OeLvcoB.exe
  C:\Windows\System\OeLvcoB.exe
  2⤵
  PID:2780
- C:\Windows\System\fSZXgZd.exe
  C:\Windows\System\fSZXgZd.exe
  2⤵
  PID:2828
- C:\Windows\System\YfpuxxD.exe
  C:\Windows\System\YfpuxxD.exe
  2⤵
  PID:2800
- C:\Windows\System\DsEvHpA.exe
  C:\Windows\System\DsEvHpA.exe
  2⤵
  PID:3012
- C:\Windows\System\rNozgur.exe
  C:\Windows\System\rNozgur.exe
  2⤵
  PID:2484
- C:\Windows\System\GPcOWqz.exe
  C:\Windows\System\GPcOWqz.exe
  2⤵
  PID:2276
- C:\Windows\System\iuAIfCI.exe
  C:\Windows\System\iuAIfCI.exe
  2⤵
  PID:1068
- C:\Windows\System\cdDYCMq.exe
  C:\Windows\System\cdDYCMq.exe
  2⤵
  PID:2428
- C:\Windows\System\eWrsBuM.exe
  C:\Windows\System\eWrsBuM.exe
  2⤵
  PID:2264
- C:\Windows\System\MhSXEbA.exe
  C:\Windows\System\MhSXEbA.exe
  2⤵
  PID:1816
- C:\Windows\System\OSAmngT.exe
  C:\Windows\System\OSAmngT.exe
  2⤵
  PID:1820
- C:\Windows\System\VUmLxOO.exe
  C:\Windows\System\VUmLxOO.exe
  2⤵
  PID:1264
- C:\Windows\System\nWQefUl.exe
  C:\Windows\System\nWQefUl.exe
  2⤵
  PID:1556
- C:\Windows\System\nCKOxIG.exe
  C:\Windows\System\nCKOxIG.exe
  2⤵
  PID:2516
- C:\Windows\System\AMuYNFD.exe
  C:\Windows\System\AMuYNFD.exe
  2⤵
  PID:1500
- C:\Windows\System\RNMwRFn.exe
  C:\Windows\System\RNMwRFn.exe
  2⤵
  PID:2384
- C:\Windows\System\LOspuyb.exe
  C:\Windows\System\LOspuyb.exe
  2⤵
  PID:1724
- C:\Windows\System\TjncceL.exe
  C:\Windows\System\TjncceL.exe
  2⤵
  PID:3044
- C:\Windows\System\TvlcbLi.exe
  C:\Windows\System\TvlcbLi.exe
  2⤵
  PID:2808
- C:\Windows\System\QMiRSha.exe
  C:\Windows\System\QMiRSha.exe
  2⤵
  PID:2704
- C:\Windows\System\ROwESza.exe
  C:\Windows\System\ROwESza.exe
  2⤵
  PID:3036
- C:\Windows\System\PQYVuBU.exe
  C:\Windows\System\PQYVuBU.exe
  2⤵
  PID:1460
- C:\Windows\System\SFkUpIA.exe
  C:\Windows\System\SFkUpIA.exe
  2⤵
  PID:744
- C:\Windows\System\ecOThsQ.exe
  C:\Windows\System\ecOThsQ.exe
  2⤵
  PID:296
- C:\Windows\System\zXTLCxf.exe
  C:\Windows\System\zXTLCxf.exe
  2⤵
  PID:1648
- C:\Windows\System\RsoadkB.exe
  C:\Windows\System\RsoadkB.exe
  2⤵
  PID:2576
- C:\Windows\System\uNRNfEb.exe
  C:\Windows\System\uNRNfEb.exe
  2⤵
  PID:1488
- C:\Windows\System\bnUoSne.exe
  C:\Windows\System\bnUoSne.exe
  2⤵
  PID:1920
- C:\Windows\System\WqOkjOY.exe
  C:\Windows\System\WqOkjOY.exe
  2⤵
  PID:1092
- C:\Windows\System\zqynhhx.exe
  C:\Windows\System\zqynhhx.exe
  2⤵
  PID:1904
- C:\Windows\System\QuwcWBP.exe
  C:\Windows\System\QuwcWBP.exe
  2⤵
  PID:2676
- C:\Windows\System\cRcggbN.exe
  C:\Windows\System\cRcggbN.exe
  2⤵
  PID:1880
- C:\Windows\System\QGnUjKn.exe
  C:\Windows\System\QGnUjKn.exe
  2⤵
  PID:2848
- C:\Windows\System\dNUqYfe.exe
  C:\Windows\System\dNUqYfe.exe
  2⤵
  PID:1504
- C:\Windows\System\NyrhepF.exe
  C:\Windows\System\NyrhepF.exe
  2⤵
  PID:2052
- C:\Windows\System\rWPvHZr.exe
  C:\Windows\System\rWPvHZr.exe
  2⤵
  PID:2128
- C:\Windows\System\eRhOPuE.exe
  C:\Windows\System\eRhOPuE.exe
  2⤵
  PID:2020
- C:\Windows\System\CwaQBnB.exe
  C:\Windows\System\CwaQBnB.exe
  2⤵
  PID:2632
- C:\Windows\System\hTYPDgx.exe
  C:\Windows\System\hTYPDgx.exe
  2⤵
  PID:2832
- C:\Windows\System\RvftqVF.exe
  C:\Windows\System\RvftqVF.exe
  2⤵
  PID:3024
- C:\Windows\System\ewlmYYR.exe
  C:\Windows\System\ewlmYYR.exe
  2⤵
  PID:1752
- C:\Windows\System\rrEVbhD.exe
  C:\Windows\System\rrEVbhD.exe
  2⤵
  PID:368
- C:\Windows\System\ONEjvgk.exe
  C:\Windows\System\ONEjvgk.exe
  2⤵
  PID:1184
- C:\Windows\System\dKaXCGK.exe
  C:\Windows\System\dKaXCGK.exe
  2⤵
  PID:2584
- C:\Windows\System\WxkZphe.exe
  C:\Windows\System\WxkZphe.exe
  2⤵
  PID:1956
- C:\Windows\System\KySpJbB.exe
  C:\Windows\System\KySpJbB.exe
  2⤵
  PID:1620
- C:\Windows\System\qVajJcy.exe
  C:\Windows\System\qVajJcy.exe
  2⤵
  PID:1644
- C:\Windows\System\QAOSdOB.exe
  C:\Windows\System\QAOSdOB.exe
  2⤵
  PID:1888
- C:\Windows\System\zBjgTIJ.exe
  C:\Windows\System\zBjgTIJ.exe
  2⤵
  PID:1512
- C:\Windows\System\xKPJBZu.exe
  C:\Windows\System\xKPJBZu.exe
  2⤵
  PID:3004
- C:\Windows\System\uQntdTV.exe
  C:\Windows\System\uQntdTV.exe
  2⤵
  PID:2420
- C:\Windows\System\touBhTo.exe
  C:\Windows\System\touBhTo.exe
  2⤵
  PID:1128
- C:\Windows\System\RvdkbRI.exe
  C:\Windows\System\RvdkbRI.exe
  2⤵
  PID:1160
- C:\Windows\System\WrBpORQ.exe
  C:\Windows\System\WrBpORQ.exe
  2⤵
  PID:1616
- C:\Windows\System\BMcUmah.exe
  C:\Windows\System\BMcUmah.exe
  2⤵
  PID:1496
- C:\Windows\System\kiedDWQ.exe
  C:\Windows\System\kiedDWQ.exe
  2⤵
  PID:1576
- C:\Windows\System\xuEsyJt.exe
  C:\Windows\System\xuEsyJt.exe
  2⤵
  PID:1192
- C:\Windows\System\EmzsBUM.exe
  C:\Windows\System\EmzsBUM.exe
  2⤵
  PID:2740
- C:\Windows\System\bFpvGss.exe
  C:\Windows\System\bFpvGss.exe
  2⤵
  PID:2696
- C:\Windows\System\KgEZsqB.exe
  C:\Windows\System\KgEZsqB.exe
  2⤵
  PID:1728
- C:\Windows\System\QnDtzTm.exe
  C:\Windows\System\QnDtzTm.exe
  2⤵
  PID:3000
- C:\Windows\System\HfhMBGz.exe
  C:\Windows\System\HfhMBGz.exe
  2⤵
  PID:1652
- C:\Windows\System\OpaDYnM.exe
  C:\Windows\System\OpaDYnM.exe
  2⤵
  PID:1772
- C:\Windows\System\VreJAMg.exe
  C:\Windows\System\VreJAMg.exe
  2⤵
  PID:2844
- C:\Windows\System\cJUEOtm.exe
  C:\Windows\System\cJUEOtm.exe
  2⤵
  PID:1612
- C:\Windows\System\OmMwfqo.exe
  C:\Windows\System\OmMwfqo.exe
  2⤵
  PID:2948
- C:\Windows\System\VFYfnUL.exe
  C:\Windows\System\VFYfnUL.exe
  2⤵
  PID:2076
- C:\Windows\System\JGFJloz.exe
  C:\Windows\System\JGFJloz.exe
  2⤵
  PID:2680
- C:\Windows\System\jRdBIMC.exe
  C:\Windows\System\jRdBIMC.exe
  2⤵
  PID:2028
- C:\Windows\System\zjsqqta.exe
  C:\Windows\System\zjsqqta.exe
  2⤵
  PID:276
- C:\Windows\System\VQjHNhR.exe
  C:\Windows\System\VQjHNhR.exe
  2⤵
  PID:432
- C:\Windows\System\CFvUlNC.exe
  C:\Windows\System\CFvUlNC.exe
  2⤵
  PID:2732
- C:\Windows\System\NiwHbTA.exe
  C:\Windows\System\NiwHbTA.exe
  2⤵
  PID:2464
- C:\Windows\System\FOmRYGZ.exe
  C:\Windows\System\FOmRYGZ.exe
  2⤵
  PID:2652
- C:\Windows\System\nLgwwVI.exe
  C:\Windows\System\nLgwwVI.exe
  2⤵
  PID:2944
- C:\Windows\System\NOHVXqa.exe
  C:\Windows\System\NOHVXqa.exe
  2⤵
  PID:1700
- C:\Windows\System\wFUNgSr.exe
  C:\Windows\System\wFUNgSr.exe
  2⤵
  PID:1096
- C:\Windows\System\hkcKfqv.exe
  C:\Windows\System\hkcKfqv.exe
  2⤵
  PID:3076
- C:\Windows\System\kpjiJdz.exe
  C:\Windows\System\kpjiJdz.exe
  2⤵
  PID:3092
- C:\Windows\System\AyGrXHV.exe
  C:\Windows\System\AyGrXHV.exe
  2⤵
  PID:3120
- C:\Windows\System\lpiyZlR.exe
  C:\Windows\System\lpiyZlR.exe
  2⤵
  PID:3140
- C:\Windows\System\sVGnVvj.exe
  C:\Windows\System\sVGnVvj.exe
  2⤵
  PID:3164
- C:\Windows\System\FwrAAUJ.exe
  C:\Windows\System\FwrAAUJ.exe
  2⤵
  PID:3180
- C:\Windows\System\aYDlYUv.exe
  C:\Windows\System\aYDlYUv.exe
  2⤵
  PID:3200
- C:\Windows\System\NLrDKZL.exe
  C:\Windows\System\NLrDKZL.exe
  2⤵
  PID:3220
- C:\Windows\System\RqDfXMS.exe
  C:\Windows\System\RqDfXMS.exe
  2⤵
  PID:3236
- C:\Windows\System\GfYyLlr.exe
  C:\Windows\System\GfYyLlr.exe
  2⤵
  PID:3252
- C:\Windows\System\RjleQKK.exe
  C:\Windows\System\RjleQKK.exe
  2⤵
  PID:3280
- C:\Windows\System\ygNToRC.exe
  C:\Windows\System\ygNToRC.exe
  2⤵
  PID:3296
- C:\Windows\System\kVTxanI.exe
  C:\Windows\System\kVTxanI.exe
  2⤵
  PID:3312
- C:\Windows\System\bFryBgq.exe
  C:\Windows\System\bFryBgq.exe
  2⤵
  PID:3344
- C:\Windows\System\OtfqQMA.exe
  C:\Windows\System\OtfqQMA.exe
  2⤵
  PID:3360
- C:\Windows\System\EfISxao.exe
  C:\Windows\System\EfISxao.exe
  2⤵
  PID:3376
- C:\Windows\System\JVZxTCX.exe
  C:\Windows\System\JVZxTCX.exe
  2⤵
  PID:3392
- C:\Windows\System\WqPoGaE.exe
  C:\Windows\System\WqPoGaE.exe
  2⤵
  PID:3408
- C:\Windows\System\FGceMoi.exe
  C:\Windows\System\FGceMoi.exe
  2⤵
  PID:3424
- C:\Windows\System\vCtfRpS.exe
  C:\Windows\System\vCtfRpS.exe
  2⤵
  PID:3460
- C:\Windows\System\eldFlyL.exe
  C:\Windows\System\eldFlyL.exe
  2⤵
  PID:3480
- C:\Windows\System\bIeeMae.exe
  C:\Windows\System\bIeeMae.exe
  2⤵
  PID:3500
- C:\Windows\System\OrCEiDX.exe
  C:\Windows\System\OrCEiDX.exe
  2⤵
  PID:3520
- C:\Windows\System\vxqQhFo.exe
  C:\Windows\System\vxqQhFo.exe
  2⤵
  PID:3544
- C:\Windows\System\vBIDBYH.exe
  C:\Windows\System\vBIDBYH.exe
  2⤵
  PID:3560
- C:\Windows\System\iuwrQtz.exe
  C:\Windows\System\iuwrQtz.exe
  2⤵
  PID:3588
- C:\Windows\System\zJdcApg.exe
  C:\Windows\System\zJdcApg.exe
  2⤵
  PID:3604
- C:\Windows\System\QvMgCcl.exe
  C:\Windows\System\QvMgCcl.exe
  2⤵
  PID:3632
- C:\Windows\System\RSIzLwf.exe
  C:\Windows\System\RSIzLwf.exe
  2⤵
  PID:3652
- C:\Windows\System\elGZQHY.exe
  C:\Windows\System\elGZQHY.exe
  2⤵
  PID:3672
- C:\Windows\System\npciTXv.exe
  C:\Windows\System\npciTXv.exe
  2⤵
  PID:3688
- C:\Windows\System\fOGCefW.exe
  C:\Windows\System\fOGCefW.exe
  2⤵
  PID:3712
- C:\Windows\System\ZMvROmP.exe
  C:\Windows\System\ZMvROmP.exe
  2⤵
  PID:3732
- C:\Windows\System\WpOECXG.exe
  C:\Windows\System\WpOECXG.exe
  2⤵
  PID:3748
- C:\Windows\System\dmQaOef.exe
  C:\Windows\System\dmQaOef.exe
  2⤵
  PID:3780
- C:\Windows\System\rRaGMqh.exe
  C:\Windows\System\rRaGMqh.exe
  2⤵
  PID:3800
- C:\Windows\System\BILeCMz.exe
  C:\Windows\System\BILeCMz.exe
  2⤵
  PID:3816
- C:\Windows\System\VNSuIBp.exe
  C:\Windows\System\VNSuIBp.exe
  2⤵
  PID:3832
- C:\Windows\System\zcCFUXc.exe
  C:\Windows\System\zcCFUXc.exe
  2⤵
  PID:3856
- C:\Windows\System\CUjweIF.exe
  C:\Windows\System\CUjweIF.exe
  2⤵
  PID:3880
- C:\Windows\System\welyfzt.exe
  C:\Windows\System\welyfzt.exe
  2⤵
  PID:3896
- C:\Windows\System\qvRoLBl.exe
  C:\Windows\System\qvRoLBl.exe
  2⤵
  PID:3912
- C:\Windows\System\vOmafnF.exe
  C:\Windows\System\vOmafnF.exe
  2⤵
  PID:3932
- C:\Windows\System\tyCgKAU.exe
  C:\Windows\System\tyCgKAU.exe
  2⤵
  PID:3952
- C:\Windows\System\PbNXADX.exe
  C:\Windows\System\PbNXADX.exe
  2⤵
  PID:3976
- C:\Windows\System\MaxPwAy.exe
  C:\Windows\System\MaxPwAy.exe
  2⤵
  PID:3996
- C:\Windows\System\oycQRNR.exe
  C:\Windows\System\oycQRNR.exe
  2⤵
  PID:4016
- C:\Windows\System\xCnNZNl.exe
  C:\Windows\System\xCnNZNl.exe
  2⤵
  PID:4032
- C:\Windows\System\GCcyJpu.exe
  C:\Windows\System\GCcyJpu.exe
  2⤵
  PID:4056
- C:\Windows\System\RUvLZwY.exe
  C:\Windows\System\RUvLZwY.exe
  2⤵
  PID:4080
- C:\Windows\System\Usrrzqq.exe
  C:\Windows\System\Usrrzqq.exe
  2⤵
  PID:1788
- C:\Windows\System\WKmsjbO.exe
  C:\Windows\System\WKmsjbO.exe
  2⤵
  PID:1764
- C:\Windows\System\JIWNQHj.exe
  C:\Windows\System\JIWNQHj.exe
  2⤵
  PID:3104
- C:\Windows\System\IHABTyd.exe
  C:\Windows\System\IHABTyd.exe
  2⤵
  PID:1828
- C:\Windows\System\wSntKOH.exe
  C:\Windows\System\wSntKOH.exe
  2⤵
  PID:1516
- C:\Windows\System\pdfMykL.exe
  C:\Windows\System\pdfMykL.exe
  2⤵
  PID:2960
- C:\Windows\System\AiEfKtr.exe
  C:\Windows\System\AiEfKtr.exe
  2⤵
  PID:3244
- C:\Windows\System\FwTRBol.exe
  C:\Windows\System\FwTRBol.exe
  2⤵
  PID:3272
- C:\Windows\System\jajVcYH.exe
  C:\Windows\System\jajVcYH.exe
  2⤵
  PID:3264
- C:\Windows\System\MJGpurE.exe
  C:\Windows\System\MJGpurE.exe
  2⤵
  PID:1284
- C:\Windows\System\bNZnhmN.exe
  C:\Windows\System\bNZnhmN.exe
  2⤵
  PID:3328
- C:\Windows\System\eJQUCjr.exe
  C:\Windows\System\eJQUCjr.exe
  2⤵
  PID:3368
- C:\Windows\System\BmOafil.exe
  C:\Windows\System\BmOafil.exe
  2⤵
  PID:3436
- C:\Windows\System\EdQNdvO.exe
  C:\Windows\System\EdQNdvO.exe
  2⤵
  PID:3356
- C:\Windows\System\uGlLCeV.exe
  C:\Windows\System\uGlLCeV.exe
  2⤵
  PID:3420
- C:\Windows\System\ksbnoUS.exe
  C:\Windows\System\ksbnoUS.exe
  2⤵
  PID:3496
- C:\Windows\System\rgovFYI.exe
  C:\Windows\System\rgovFYI.exe
  2⤵
  PID:3536
- C:\Windows\System\XZiHqBU.exe
  C:\Windows\System\XZiHqBU.exe
  2⤵
  PID:3556
- C:\Windows\System\msrVZFK.exe
  C:\Windows\System\msrVZFK.exe
  2⤵
  PID:3584
- C:\Windows\System\epWJtPC.exe
  C:\Windows\System\epWJtPC.exe
  2⤵
  PID:3620
- C:\Windows\System\IHekMHf.exe
  C:\Windows\System\IHekMHf.exe
  2⤵
  PID:3580
- C:\Windows\System\PseLEQd.exe
  C:\Windows\System\PseLEQd.exe
  2⤵
  PID:3648
- C:\Windows\System\WPsCglF.exe
  C:\Windows\System\WPsCglF.exe
  2⤵
  PID:3708
- C:\Windows\System\WCWsceR.exe
  C:\Windows\System\WCWsceR.exe
  2⤵
  PID:3740
- C:\Windows\System\bxClRhu.exe
  C:\Windows\System\bxClRhu.exe
  2⤵
  PID:3768
- C:\Windows\System\KPOySYN.exe
  C:\Windows\System\KPOySYN.exe
  2⤵
  PID:3824
- C:\Windows\System\fgckWZI.exe
  C:\Windows\System\fgckWZI.exe
  2⤵
  PID:3872
- C:\Windows\System\TxABYPn.exe
  C:\Windows\System\TxABYPn.exe
  2⤵
  PID:3868
- C:\Windows\System\PALaZGJ.exe
  C:\Windows\System\PALaZGJ.exe
  2⤵
  PID:3928
- C:\Windows\System\kEZkDja.exe
  C:\Windows\System\kEZkDja.exe
  2⤵
  PID:3944
- C:\Windows\System\akbfCuG.exe
  C:\Windows\System\akbfCuG.exe
  2⤵
  PID:3968
- C:\Windows\System\uIqgQGQ.exe
  C:\Windows\System\uIqgQGQ.exe
  2⤵
  PID:3988
- C:\Windows\System\VmNpcCF.exe
  C:\Windows\System\VmNpcCF.exe
  2⤵
  PID:4044
- C:\Windows\System\sUEVNlM.exe
  C:\Windows\System\sUEVNlM.exe
  2⤵
  PID:4068
- C:\Windows\System\sIzXONY.exe
  C:\Windows\System\sIzXONY.exe
  2⤵
  PID:3088
- C:\Windows\System\MWBBFoo.exe
  C:\Windows\System\MWBBFoo.exe
  2⤵
  PID:3128
- C:\Windows\System\dCkMcdi.exe
  C:\Windows\System\dCkMcdi.exe
  2⤵
  PID:3156
- C:\Windows\System\vRIkhKK.exe
  C:\Windows\System\vRIkhKK.exe
  2⤵
  PID:3176
- C:\Windows\System\ujOuBUr.exe
  C:\Windows\System\ujOuBUr.exe
  2⤵
  PID:3276
- C:\Windows\System\ITBTrit.exe
  C:\Windows\System\ITBTrit.exe
  2⤵
  PID:3304
- C:\Windows\System\rsujQzs.exe
  C:\Windows\System\rsujQzs.exe
  2⤵
  PID:3292
- C:\Windows\System\INJurEZ.exe
  C:\Windows\System\INJurEZ.exe
  2⤵
  PID:3448
- C:\Windows\System\vsRcOQr.exe
  C:\Windows\System\vsRcOQr.exe
  2⤵
  PID:3324
- C:\Windows\System\MlgPWwt.exe
  C:\Windows\System\MlgPWwt.exe
  2⤵
  PID:3492
- C:\Windows\System\OirszpZ.exe
  C:\Windows\System\OirszpZ.exe
  2⤵
  PID:3596
- C:\Windows\System\WIrpjnU.exe
  C:\Windows\System\WIrpjnU.exe
  2⤵
  PID:3568
- C:\Windows\System\EeszPrC.exe
  C:\Windows\System\EeszPrC.exe
  2⤵
  PID:3660
- C:\Windows\System\mTdZOHV.exe
  C:\Windows\System\mTdZOHV.exe
  2⤵
  PID:3664
- C:\Windows\System\tEVyuAc.exe
  C:\Windows\System\tEVyuAc.exe
  2⤵
  PID:3772
- C:\Windows\System\gKXgdjl.exe
  C:\Windows\System\gKXgdjl.exe
  2⤵
  PID:3864
- C:\Windows\System\NoFpBIo.exe
  C:\Windows\System\NoFpBIo.exe
  2⤵
  PID:3924
- C:\Windows\System\nLPfoNb.exe
  C:\Windows\System\nLPfoNb.exe
  2⤵
  PID:4004
- C:\Windows\System\dhsUCmM.exe
  C:\Windows\System\dhsUCmM.exe
  2⤵
  PID:4012
- C:\Windows\System\hJeIKpU.exe
  C:\Windows\System\hJeIKpU.exe
  2⤵
  PID:4048
- C:\Windows\System\IipcBDD.exe
  C:\Windows\System\IipcBDD.exe
  2⤵
  PID:3100
- C:\Windows\System\QIMLEgx.exe
  C:\Windows\System\QIMLEgx.exe
  2⤵
  PID:3404
- C:\Windows\System\UHRUsNY.exe
  C:\Windows\System\UHRUsNY.exe
  2⤵
  PID:3148
- C:\Windows\System\WwlOgkz.exe
  C:\Windows\System\WwlOgkz.exe
  2⤵
  PID:4092
- C:\Windows\System\KZItkFq.exe
  C:\Windows\System\KZItkFq.exe
  2⤵
  PID:3132
- C:\Windows\System\LEFMHaG.exe
  C:\Windows\System\LEFMHaG.exe
  2⤵
  PID:3516
- C:\Windows\System\XLwmqdE.exe
  C:\Windows\System\XLwmqdE.exe
  2⤵
  PID:1344
- C:\Windows\System\VujqTqy.exe
  C:\Windows\System\VujqTqy.exe
  2⤵
  PID:3680
- C:\Windows\System\MhhdOaz.exe
  C:\Windows\System\MhhdOaz.exe
  2⤵
  PID:3792
- C:\Windows\System\lJWzZYk.exe
  C:\Windows\System\lJWzZYk.exe
  2⤵
  PID:3888
- C:\Windows\System\FlrPaRd.exe
  C:\Windows\System\FlrPaRd.exe
  2⤵
  PID:2976
- C:\Windows\System\NJCcesf.exe
  C:\Windows\System\NJCcesf.exe
  2⤵
  PID:3488
- C:\Windows\System\OrRUAoO.exe
  C:\Windows\System\OrRUAoO.exe
  2⤵
  PID:3208
- C:\Windows\System\aJaFXJk.exe
  C:\Windows\System\aJaFXJk.exe
  2⤵
  PID:3388
- C:\Windows\System\AUkpFZB.exe
  C:\Windows\System\AUkpFZB.exe
  2⤵
  PID:3196
- C:\Windows\System\DZgQjbJ.exe
  C:\Windows\System\DZgQjbJ.exe
  2⤵
  PID:3136
- C:\Windows\System\fGLxmsR.exe
  C:\Windows\System\fGLxmsR.exe
  2⤵
  PID:3728
- C:\Windows\System\hnyewXt.exe
  C:\Windows\System\hnyewXt.exe
  2⤵
  PID:3760
- C:\Windows\System\zPGDsNv.exe
  C:\Windows\System\zPGDsNv.exe
  2⤵
  PID:3840
- C:\Windows\System\nZFilYU.exe
  C:\Windows\System\nZFilYU.exe
  2⤵
  PID:3508
- C:\Windows\System\CdcAGxh.exe
  C:\Windows\System\CdcAGxh.exe
  2⤵
  PID:3848
- C:\Windows\System\EHnlBLL.exe
  C:\Windows\System\EHnlBLL.exe
  2⤵
  PID:4112
- C:\Windows\System\ysetiVV.exe
  C:\Windows\System\ysetiVV.exe
  2⤵
  PID:4128
- C:\Windows\System\vMUimmb.exe
  C:\Windows\System\vMUimmb.exe
  2⤵
  PID:4144
- C:\Windows\System\aYyhFgt.exe
  C:\Windows\System\aYyhFgt.exe
  2⤵
  PID:4172
- C:\Windows\System\xesjdct.exe
  C:\Windows\System\xesjdct.exe
  2⤵
  PID:4188
- C:\Windows\System\cuBolgF.exe
  C:\Windows\System\cuBolgF.exe
  2⤵
  PID:4204
- C:\Windows\System\yArCqFi.exe
  C:\Windows\System\yArCqFi.exe
  2⤵
  PID:4220
- C:\Windows\System\ctpDjGx.exe
  C:\Windows\System\ctpDjGx.exe
  2⤵
  PID:4244
- C:\Windows\System\NGzMMAB.exe
  C:\Windows\System\NGzMMAB.exe
  2⤵
  PID:4268
- C:\Windows\System\ePTPHzP.exe
  C:\Windows\System\ePTPHzP.exe
  2⤵
  PID:4284
- C:\Windows\System\IpIUdSh.exe
  C:\Windows\System\IpIUdSh.exe
  2⤵
  PID:4300
- C:\Windows\System\aBmueEe.exe
  C:\Windows\System\aBmueEe.exe
  2⤵
  PID:4316
- C:\Windows\System\acyxPLb.exe
  C:\Windows\System\acyxPLb.exe
  2⤵
  PID:4332
- C:\Windows\System\PcQCyHE.exe
  C:\Windows\System\PcQCyHE.exe
  2⤵
  PID:4352
- C:\Windows\System\XsEQiUU.exe
  C:\Windows\System\XsEQiUU.exe
  2⤵
  PID:4388
- C:\Windows\System\epyFYLT.exe
  C:\Windows\System\epyFYLT.exe
  2⤵
  PID:4408
- C:\Windows\System\SVaIPcq.exe
  C:\Windows\System\SVaIPcq.exe
  2⤵
  PID:4428
- C:\Windows\System\EagmwIS.exe
  C:\Windows\System\EagmwIS.exe
  2⤵
  PID:4448
- C:\Windows\System\YOfQlmZ.exe
  C:\Windows\System\YOfQlmZ.exe
  2⤵
  PID:4472
- C:\Windows\System\RfkDWEg.exe
  C:\Windows\System\RfkDWEg.exe
  2⤵
  PID:4488
- C:\Windows\System\CQsvBCg.exe
  C:\Windows\System\CQsvBCg.exe
  2⤵
  PID:4508
- C:\Windows\System\kfNWaPq.exe
  C:\Windows\System\kfNWaPq.exe
  2⤵
  PID:4528
- C:\Windows\System\dsdyTZi.exe
  C:\Windows\System\dsdyTZi.exe
  2⤵
  PID:4552
- C:\Windows\System\OxbcNUx.exe
  C:\Windows\System\OxbcNUx.exe
  2⤵
  PID:4572
- C:\Windows\System\DtUtgBc.exe
  C:\Windows\System\DtUtgBc.exe
  2⤵
  PID:4588
- C:\Windows\System\lvrTJUZ.exe
  C:\Windows\System\lvrTJUZ.exe
  2⤵
  PID:4608
- C:\Windows\System\BxNAROF.exe
  C:\Windows\System\BxNAROF.exe
  2⤵
  PID:4636
- C:\Windows\System\tcLCSeQ.exe
  C:\Windows\System\tcLCSeQ.exe
  2⤵
  PID:4652
- C:\Windows\System\XnAReHP.exe
  C:\Windows\System\XnAReHP.exe
  2⤵
  PID:4672
- C:\Windows\System\njTowjm.exe
  C:\Windows\System\njTowjm.exe
  2⤵
  PID:4692
- C:\Windows\System\DFrSDdN.exe
  C:\Windows\System\DFrSDdN.exe
  2⤵
  PID:4716
- C:\Windows\System\msERkrX.exe
  C:\Windows\System\msERkrX.exe
  2⤵
  PID:4736
- C:\Windows\System\tlxrVME.exe
  C:\Windows\System\tlxrVME.exe
  2⤵
  PID:4756
- C:\Windows\System\dxhONnK.exe
  C:\Windows\System\dxhONnK.exe
  2⤵
  PID:4772
- C:\Windows\System\gBxJtBg.exe
  C:\Windows\System\gBxJtBg.exe
  2⤵
  PID:4796
- C:\Windows\System\NEVqgSn.exe
  C:\Windows\System\NEVqgSn.exe
  2⤵
  PID:4812
- C:\Windows\System\zsNBdyg.exe
  C:\Windows\System\zsNBdyg.exe
  2⤵
  PID:4836
- C:\Windows\System\TumkYoW.exe
  C:\Windows\System\TumkYoW.exe
  2⤵
  PID:4852
- C:\Windows\System\BWJEIdV.exe
  C:\Windows\System\BWJEIdV.exe
  2⤵
  PID:4872
- C:\Windows\System\RvUEHHc.exe
  C:\Windows\System\RvUEHHc.exe
  2⤵
  PID:4892
- C:\Windows\System\YwpSgTC.exe
  C:\Windows\System\YwpSgTC.exe
  2⤵
  PID:4908
- C:\Windows\System\UZYOemw.exe
  C:\Windows\System\UZYOemw.exe
  2⤵
  PID:4932
- C:\Windows\System\PjcWagB.exe
  C:\Windows\System\PjcWagB.exe
  2⤵
  PID:4956
- C:\Windows\System\XGICjNH.exe
  C:\Windows\System\XGICjNH.exe
  2⤵
  PID:4976
- C:\Windows\System\HHUFmgZ.exe
  C:\Windows\System\HHUFmgZ.exe
  2⤵
  PID:4992
- C:\Windows\System\gpVLZCU.exe
  C:\Windows\System\gpVLZCU.exe
  2⤵
  PID:5008
- C:\Windows\System\zNeDCMJ.exe
  C:\Windows\System\zNeDCMJ.exe
  2⤵
  PID:5028
- C:\Windows\System\iluyssF.exe
  C:\Windows\System\iluyssF.exe
  2⤵
  PID:5052
- C:\Windows\System\MzAeLOb.exe
  C:\Windows\System\MzAeLOb.exe
  2⤵
  PID:5072
- C:\Windows\System\OlffxRL.exe
  C:\Windows\System\OlffxRL.exe
  2⤵
  PID:5092
- C:\Windows\System\wNCIyUQ.exe
  C:\Windows\System\wNCIyUQ.exe
  2⤵
  PID:5116
- C:\Windows\System\gwfhwUZ.exe
  C:\Windows\System\gwfhwUZ.exe
  2⤵
  PID:3340
- C:\Windows\System\lEitPJo.exe
  C:\Windows\System\lEitPJo.exe
  2⤵
  PID:3456
- C:\Windows\System\VGzsxXP.exe
  C:\Windows\System\VGzsxXP.exe
  2⤵
  PID:2940
- C:\Windows\System\YSkSsii.exe
  C:\Windows\System\YSkSsii.exe
  2⤵
  PID:4140
- C:\Windows\System\eBZDCdp.exe
  C:\Windows\System\eBZDCdp.exe
  2⤵
  PID:4164
- C:\Windows\System\CoBNjzZ.exe
  C:\Windows\System\CoBNjzZ.exe
  2⤵
  PID:4184
- C:\Windows\System\swaYrrw.exe
  C:\Windows\System\swaYrrw.exe
  2⤵
  PID:4260
- C:\Windows\System\iZFBiXx.exe
  C:\Windows\System\iZFBiXx.exe
  2⤵
  PID:4276
- C:\Windows\System\geOIEZe.exe
  C:\Windows\System\geOIEZe.exe
  2⤵
  PID:4328
- C:\Windows\System\uvtqByY.exe
  C:\Windows\System\uvtqByY.exe
  2⤵
  PID:4236
- C:\Windows\System\iMlGMgs.exe
  C:\Windows\System\iMlGMgs.exe
  2⤵
  PID:4340
- C:\Windows\System\IAGaukU.exe
  C:\Windows\System\IAGaukU.exe
  2⤵
  PID:4396
- C:\Windows\System\dkWLRll.exe
  C:\Windows\System\dkWLRll.exe
  2⤵
  PID:4456
- C:\Windows\System\shuIUeF.exe
  C:\Windows\System\shuIUeF.exe
  2⤵
  PID:4468
- C:\Windows\System\TlswwVH.exe
  C:\Windows\System\TlswwVH.exe
  2⤵
  PID:4500
- C:\Windows\System\APXZwTe.exe
  C:\Windows\System\APXZwTe.exe
  2⤵
  PID:4540
- C:\Windows\System\UeCttQb.exe
  C:\Windows\System\UeCttQb.exe
  2⤵
  PID:4584
- C:\Windows\System\GZPyhPs.exe
  C:\Windows\System\GZPyhPs.exe
  2⤵
  PID:2368
- C:\Windows\System\LopSwJk.exe
  C:\Windows\System\LopSwJk.exe
  2⤵
  PID:4628
- C:\Windows\System\xVqMMpY.exe
  C:\Windows\System\xVqMMpY.exe
  2⤵
  PID:4648
- C:\Windows\System\jZlncPr.exe
  C:\Windows\System\jZlncPr.exe
  2⤵
  PID:4688
- C:\Windows\System\LABfebN.exe
  C:\Windows\System\LABfebN.exe
  2⤵
  PID:4728
- C:\Windows\System\RSlMVXO.exe
  C:\Windows\System\RSlMVXO.exe
  2⤵
  PID:4768
- C:\Windows\System\nCVWkSn.exe
  C:\Windows\System\nCVWkSn.exe
  2⤵
  PID:4820
- C:\Windows\System\UvboYGd.exe
  C:\Windows\System\UvboYGd.exe
  2⤵
  PID:4828
- C:\Windows\System\jkPotFA.exe
  C:\Windows\System\jkPotFA.exe
  2⤵
  PID:4868
- C:\Windows\System\yEIfHST.exe
  C:\Windows\System\yEIfHST.exe
  2⤵
  PID:4888
- C:\Windows\System\hzfVATr.exe
  C:\Windows\System\hzfVATr.exe
  2⤵
  PID:4940
- C:\Windows\System\fVGaQOx.exe
  C:\Windows\System\fVGaQOx.exe
  2⤵
  PID:4952
- C:\Windows\System\rpDIDva.exe
  C:\Windows\System\rpDIDva.exe
  2⤵
  PID:5024
- C:\Windows\System\NRsprWf.exe
  C:\Windows\System\NRsprWf.exe
  2⤵
  PID:5004
- C:\Windows\System\OTQAVcG.exe
  C:\Windows\System\OTQAVcG.exe
  2⤵
  PID:5064
- C:\Windows\System\HuRnyQv.exe
  C:\Windows\System\HuRnyQv.exe
  2⤵
  PID:5088
- C:\Windows\System\GKblZbU.exe
  C:\Windows\System\GKblZbU.exe
  2⤵
  PID:3192
- C:\Windows\System\BUNnYKs.exe
  C:\Windows\System\BUNnYKs.exe
  2⤵
  PID:3908
- C:\Windows\System\vzLKIxM.exe
  C:\Windows\System\vzLKIxM.exe
  2⤵
  PID:4108
- C:\Windows\System\qoEozwZ.exe
  C:\Windows\System\qoEozwZ.exe
  2⤵
  PID:4160
- C:\Windows\System\IXGBnDu.exe
  C:\Windows\System\IXGBnDu.exe
  2⤵
  PID:4196
- C:\Windows\System\FOUuYnv.exe
  C:\Windows\System\FOUuYnv.exe
  2⤵
  PID:4376
- C:\Windows\System\iZVmefO.exe
  C:\Windows\System\iZVmefO.exe
  2⤵
  PID:4372
- C:\Windows\System\JuYETKH.exe
  C:\Windows\System\JuYETKH.exe
  2⤵
  PID:4416
- C:\Windows\System\KENHKJU.exe
  C:\Windows\System\KENHKJU.exe
  2⤵
  PID:4420
- C:\Windows\System\kHkaBJC.exe
  C:\Windows\System\kHkaBJC.exe
  2⤵
  PID:4520
- C:\Windows\System\gjDCpmk.exe
  C:\Windows\System\gjDCpmk.exe
  2⤵
  PID:4548
- C:\Windows\System\ymQwwXv.exe
  C:\Windows\System\ymQwwXv.exe
  2⤵
  PID:4620
- C:\Windows\System\dpuEsRx.exe
  C:\Windows\System\dpuEsRx.exe
  2⤵
  PID:4704
- C:\Windows\System\hyDamhG.exe
  C:\Windows\System\hyDamhG.exe
  2⤵
  PID:4732
- C:\Windows\System\tXRGMxF.exe
  C:\Windows\System\tXRGMxF.exe
  2⤵
  PID:4804
- C:\Windows\System\UKJCXrd.exe
  C:\Windows\System\UKJCXrd.exe
  2⤵
  PID:4848
- C:\Windows\System\xuGDaqG.exe
  C:\Windows\System\xuGDaqG.exe
  2⤵
  PID:4928
- C:\Windows\System\cwXPimV.exe
  C:\Windows\System\cwXPimV.exe
  2⤵
  PID:4808
- C:\Windows\System\nUdwmTx.exe
  C:\Windows\System\nUdwmTx.exe
  2⤵
  PID:4884
- C:\Windows\System\LrBujud.exe
  C:\Windows\System\LrBujud.exe
  2⤵
  PID:3616
- C:\Windows\System\jxCXFnT.exe
  C:\Windows\System\jxCXFnT.exe
  2⤵
  PID:5080
- C:\Windows\System\vHZDFej.exe
  C:\Windows\System\vHZDFej.exe
  2⤵
  PID:3532
- C:\Windows\System\MYFtfVL.exe
  C:\Windows\System\MYFtfVL.exe
  2⤵
  PID:4296
- C:\Windows\System\sFfKZic.exe
  C:\Windows\System\sFfKZic.exe
  2⤵
  PID:4368
- C:\Windows\System\fcmOUnM.exe
  C:\Windows\System\fcmOUnM.exe
  2⤵
  PID:4444
- C:\Windows\System\KSHzLNO.exe
  C:\Windows\System\KSHzLNO.exe
  2⤵
  PID:4524
- C:\Windows\System\lzsYmDM.exe
  C:\Windows\System\lzsYmDM.exe
  2⤵
  PID:4600
- C:\Windows\System\HMQOFuz.exe
  C:\Windows\System\HMQOFuz.exe
  2⤵
  PID:4684
- C:\Windows\System\RlrtwAq.exe
  C:\Windows\System\RlrtwAq.exe
  2⤵
  PID:4792
- C:\Windows\System\eGvzqxO.exe
  C:\Windows\System\eGvzqxO.exe
  2⤵
  PID:4924
- C:\Windows\System\FxwUSFA.exe
  C:\Windows\System\FxwUSFA.exe
  2⤵
  PID:5036
- C:\Windows\System\MPsyjBp.exe
  C:\Windows\System\MPsyjBp.exe
  2⤵
  PID:5104
- C:\Windows\System\BhoLIZH.exe
  C:\Windows\System\BhoLIZH.exe
  2⤵
  PID:4964
- C:\Windows\System\vTeilDO.exe
  C:\Windows\System\vTeilDO.exe
  2⤵
  PID:4024
- C:\Windows\System\weHMsIG.exe
  C:\Windows\System\weHMsIG.exe
  2⤵
  PID:4364
- C:\Windows\System\glMJbXT.exe
  C:\Windows\System\glMJbXT.exe
  2⤵
  PID:4624
- C:\Windows\System\RCXWNmH.exe
  C:\Windows\System\RCXWNmH.exe
  2⤵
  PID:4668
- C:\Windows\System\padSAiC.exe
  C:\Windows\System\padSAiC.exe
  2⤵
  PID:4560
- C:\Windows\System\JtZPFqv.exe
  C:\Windows\System\JtZPFqv.exe
  2⤵
  PID:5020
- C:\Windows\System\Mipstkf.exe
  C:\Windows\System\Mipstkf.exe
  2⤵
  PID:5044
- C:\Windows\System\UqntNur.exe
  C:\Windows\System\UqntNur.exe
  2⤵
  PID:4232
- C:\Windows\System\HWsrZSi.exe
  C:\Windows\System\HWsrZSi.exe
  2⤵
  PID:4788
- C:\Windows\System\ZBJyZxr.exe
  C:\Windows\System\ZBJyZxr.exe
  2⤵
  PID:4536
- C:\Windows\System\RexSWNg.exe
  C:\Windows\System\RexSWNg.exe
  2⤵
  PID:3776
- C:\Windows\System\QYJPzjo.exe
  C:\Windows\System\QYJPzjo.exe
  2⤵
  PID:4644
- C:\Windows\System\pTrfcFK.exe
  C:\Windows\System\pTrfcFK.exe
  2⤵
  PID:4216
- C:\Windows\System\EzpcrWO.exe
  C:\Windows\System\EzpcrWO.exe
  2⤵
  PID:4700
- C:\Windows\System\xMCGuvm.exe
  C:\Windows\System\xMCGuvm.exe
  2⤵
  PID:4972
- C:\Windows\System\wPLMnfe.exe
  C:\Windows\System\wPLMnfe.exe
  2⤵
  PID:5124
- C:\Windows\System\lamyFUh.exe
  C:\Windows\System\lamyFUh.exe
  2⤵
  PID:5148
- C:\Windows\System\GUPxdNR.exe
  C:\Windows\System\GUPxdNR.exe
  2⤵
  PID:5172
- C:\Windows\System\TyLjAVN.exe
  C:\Windows\System\TyLjAVN.exe
  2⤵
  PID:5192
- C:\Windows\System\kNRQagn.exe
  C:\Windows\System\kNRQagn.exe
  2⤵
  PID:5208
- C:\Windows\System\JLVVFeB.exe
  C:\Windows\System\JLVVFeB.exe
  2⤵
  PID:5228
- C:\Windows\System\RIbGfMq.exe
  C:\Windows\System\RIbGfMq.exe
  2⤵
  PID:5252
- C:\Windows\System\lpDOrJx.exe
  C:\Windows\System\lpDOrJx.exe
  2⤵
  PID:5268
- C:\Windows\System\ZXWrWid.exe
  C:\Windows\System\ZXWrWid.exe
  2⤵
  PID:5288
- C:\Windows\System\QLlSxEo.exe
  C:\Windows\System\QLlSxEo.exe
  2⤵
  PID:5308
- C:\Windows\System\TtURCvt.exe
  C:\Windows\System\TtURCvt.exe
  2⤵
  PID:5332
- C:\Windows\System\kTEartH.exe
  C:\Windows\System\kTEartH.exe
  2⤵
  PID:5352
- C:\Windows\System\bdTygcU.exe
  C:\Windows\System\bdTygcU.exe
  2⤵
  PID:5368
- C:\Windows\System\rbkTHcf.exe
  C:\Windows\System\rbkTHcf.exe
  2⤵
  PID:5384
- C:\Windows\System\iBoyhvF.exe
  C:\Windows\System\iBoyhvF.exe
  2⤵
  PID:5404
- C:\Windows\System\fNuxPyH.exe
  C:\Windows\System\fNuxPyH.exe
  2⤵
  PID:5420
- C:\Windows\System\HKoevEz.exe
  C:\Windows\System\HKoevEz.exe
  2⤵
  PID:5436
- C:\Windows\System\MJgiObE.exe
  C:\Windows\System\MJgiObE.exe
  2⤵
  PID:5456
- C:\Windows\System\JvDVcVl.exe
  C:\Windows\System\JvDVcVl.exe
  2⤵
  PID:5476
- C:\Windows\System\thjoPjF.exe
  C:\Windows\System\thjoPjF.exe
  2⤵
  PID:5508
- C:\Windows\System\liojyAV.exe
  C:\Windows\System\liojyAV.exe
  2⤵
  PID:5532
- C:\Windows\System\aUuPmlt.exe
  C:\Windows\System\aUuPmlt.exe
  2⤵
  PID:5552
- C:\Windows\System\yZOwzDI.exe
  C:\Windows\System\yZOwzDI.exe
  2⤵
  PID:5576
- C:\Windows\System\VAxzGob.exe
  C:\Windows\System\VAxzGob.exe
  2⤵
  PID:5592
- C:\Windows\System\isvoOuh.exe
  C:\Windows\System\isvoOuh.exe
  2⤵
  PID:5608
- C:\Windows\System\tiNJWuf.exe
  C:\Windows\System\tiNJWuf.exe
  2⤵
  PID:5636
- C:\Windows\System\ZvslqzP.exe
  C:\Windows\System\ZvslqzP.exe
  2⤵
  PID:5656
- C:\Windows\System\maSLHjm.exe
  C:\Windows\System\maSLHjm.exe
  2⤵
  PID:5672
- C:\Windows\System\UhPVABL.exe
  C:\Windows\System\UhPVABL.exe
  2⤵
  PID:5688
- C:\Windows\System\lOXSBvS.exe
  C:\Windows\System\lOXSBvS.exe
  2⤵
  PID:5704
- C:\Windows\System\cQGkDTk.exe
  C:\Windows\System\cQGkDTk.exe
  2⤵
  PID:5736
- C:\Windows\System\SQFDqnZ.exe
  C:\Windows\System\SQFDqnZ.exe
  2⤵
  PID:5760
- C:\Windows\System\fDeJWuY.exe
  C:\Windows\System\fDeJWuY.exe
  2⤵
  PID:5784
- C:\Windows\System\HuPbFjC.exe
  C:\Windows\System\HuPbFjC.exe
  2⤵
  PID:5800
- C:\Windows\System\JYzLrhI.exe
  C:\Windows\System\JYzLrhI.exe
  2⤵
  PID:5824
- C:\Windows\System\FCzcaWw.exe
  C:\Windows\System\FCzcaWw.exe
  2⤵
  PID:5844
- C:\Windows\System\BvjsTlu.exe
  C:\Windows\System\BvjsTlu.exe
  2⤵
  PID:5864
- C:\Windows\System\crzrSdS.exe
  C:\Windows\System\crzrSdS.exe
  2⤵
  PID:5884
- C:\Windows\System\PdGFYQj.exe
  C:\Windows\System\PdGFYQj.exe
  2⤵
  PID:5904
- C:\Windows\System\dhtrRcL.exe
  C:\Windows\System\dhtrRcL.exe
  2⤵
  PID:5928
- C:\Windows\System\DwurwDH.exe
  C:\Windows\System\DwurwDH.exe
  2⤵
  PID:5952
- C:\Windows\System\vvakiGu.exe
  C:\Windows\System\vvakiGu.exe
  2⤵
  PID:5972
- C:\Windows\System\rUcPYrS.exe
  C:\Windows\System\rUcPYrS.exe
  2⤵
  PID:5992
- C:\Windows\System\YlJVSZV.exe
  C:\Windows\System\YlJVSZV.exe
  2⤵
  PID:6008
- C:\Windows\System\IPxxJYj.exe
  C:\Windows\System\IPxxJYj.exe
  2⤵
  PID:6032
- C:\Windows\System\uhpvudE.exe
  C:\Windows\System\uhpvudE.exe
  2⤵
  PID:6052
- C:\Windows\System\lcPsSEl.exe
  C:\Windows\System\lcPsSEl.exe
  2⤵
  PID:6072
- C:\Windows\System\lLdxigq.exe
  C:\Windows\System\lLdxigq.exe
  2⤵
  PID:6088
- C:\Windows\System\fYIDUCe.exe
  C:\Windows\System\fYIDUCe.exe
  2⤵
  PID:6112
- C:\Windows\System\cshdyZS.exe
  C:\Windows\System\cshdyZS.exe
  2⤵
  PID:6128
- C:\Windows\System\ZPoRXXZ.exe
  C:\Windows\System\ZPoRXXZ.exe
  2⤵
  PID:5156
- C:\Windows\System\GMvKbZo.exe
  C:\Windows\System\GMvKbZo.exe
  2⤵
  PID:3972
- C:\Windows\System\vVcFfMX.exe
  C:\Windows\System\vVcFfMX.exe
  2⤵
  PID:5140
- C:\Windows\System\KjGrfpM.exe
  C:\Windows\System\KjGrfpM.exe
  2⤵
  PID:4308
- C:\Windows\System\SiqSIHW.exe
  C:\Windows\System\SiqSIHW.exe
  2⤵
  PID:5216
- C:\Windows\System\ziYNwhr.exe
  C:\Windows\System\ziYNwhr.exe
  2⤵
  PID:4348
- C:\Windows\System\mPqToRu.exe
  C:\Windows\System\mPqToRu.exe
  2⤵
  PID:5304
- C:\Windows\System\efuEXNa.exe
  C:\Windows\System\efuEXNa.exe
  2⤵
  PID:5344
- C:\Windows\System\CktUXGe.exe
  C:\Windows\System\CktUXGe.exe
  2⤵
  PID:5380
- C:\Windows\System\FNORedH.exe
  C:\Windows\System\FNORedH.exe
  2⤵
  PID:5444
- C:\Windows\System\pigfzlF.exe
  C:\Windows\System\pigfzlF.exe
  2⤵
  PID:5468
- C:\Windows\System\QfUUfZo.exe
  C:\Windows\System\QfUUfZo.exe
  2⤵
  PID:5496
- C:\Windows\System\XDzRLvY.exe
  C:\Windows\System\XDzRLvY.exe
  2⤵
  PID:5484
- C:\Windows\System\ouVTfbP.exe
  C:\Windows\System\ouVTfbP.exe
  2⤵
  PID:5560
- C:\Windows\System\ObBuhfs.exe
  C:\Windows\System\ObBuhfs.exe
  2⤵
  PID:5600
- C:\Windows\System\uUiaimP.exe
  C:\Windows\System\uUiaimP.exe
  2⤵
  PID:5620
- C:\Windows\System\aZlaVNm.exe
  C:\Windows\System\aZlaVNm.exe
  2⤵
  PID:5648
- C:\Windows\System\beqhyiH.exe
  C:\Windows\System\beqhyiH.exe
  2⤵
  PID:5684
- C:\Windows\System\TraKGzP.exe
  C:\Windows\System\TraKGzP.exe
  2⤵
  PID:5664
- C:\Windows\System\myjxcaY.exe
  C:\Windows\System\myjxcaY.exe
  2⤵
  PID:5744
- C:\Windows\System\alsCrVz.exe
  C:\Windows\System\alsCrVz.exe
  2⤵
  PID:4360
- C:\Windows\System\sToyzjK.exe
  C:\Windows\System\sToyzjK.exe
  2⤵
  PID:5792
- C:\Windows\System\PLSZNEV.exe
  C:\Windows\System\PLSZNEV.exe
  2⤵
  PID:5816
- C:\Windows\System\cWVKosr.exe
  C:\Windows\System\cWVKosr.exe
  2⤵
  PID:5860
- C:\Windows\System\xEvcBDe.exe
  C:\Windows\System\xEvcBDe.exe
  2⤵
  PID:5900
- C:\Windows\System\pCHIVEN.exe
  C:\Windows\System\pCHIVEN.exe
  2⤵
  PID:5948
- C:\Windows\System\lWUBOcv.exe
  C:\Windows\System\lWUBOcv.exe
  2⤵
  PID:5968
- C:\Windows\System\KnzYrOb.exe
  C:\Windows\System\KnzYrOb.exe
  2⤵
  PID:5988
- C:\Windows\System\eTkhtZZ.exe
  C:\Windows\System\eTkhtZZ.exe
  2⤵
  PID:6028
- C:\Windows\System\eEbsEqS.exe
  C:\Windows\System\eEbsEqS.exe
  2⤵
  PID:5840
- C:\Windows\System\xEiOQNO.exe
  C:\Windows\System\xEiOQNO.exe
  2⤵
  PID:6096
- C:\Windows\System\TiPVNaB.exe
  C:\Windows\System\TiPVNaB.exe
  2⤵
  PID:6080
- C:\Windows\System\wqdnqZW.exe
  C:\Windows\System\wqdnqZW.exe
  2⤵
  PID:5016
- C:\Windows\System\GJgaKzZ.exe
  C:\Windows\System\GJgaKzZ.exe
  2⤵
  PID:5224
- C:\Windows\System\oItXuzm.exe
  C:\Windows\System\oItXuzm.exe
  2⤵
  PID:5184
- C:\Windows\System\UnukiMz.exe
  C:\Windows\System\UnukiMz.exe
  2⤵
  PID:5324
- C:\Windows\System\QOZQVBE.exe
  C:\Windows\System\QOZQVBE.exe
  2⤵
  PID:5328
- C:\Windows\System\PuFDYMd.exe
  C:\Windows\System\PuFDYMd.exe
  2⤵
  PID:5376
- C:\Windows\System\Pizfjkp.exe
  C:\Windows\System\Pizfjkp.exe
  2⤵
  PID:6104
- C:\Windows\System\INFJwwi.exe
  C:\Windows\System\INFJwwi.exe
  2⤵
  PID:4824
- C:\Windows\System\LZYzBcO.exe
  C:\Windows\System\LZYzBcO.exe
  2⤵
  PID:5564
- C:\Windows\System\ehpcQaF.exe
  C:\Windows\System\ehpcQaF.exe
  2⤵
  PID:5544
- C:\Windows\System\JazkpHb.exe
  C:\Windows\System\JazkpHb.exe
  2⤵
  PID:5616
- C:\Windows\System\urNxrVe.exe
  C:\Windows\System\urNxrVe.exe
  2⤵
  PID:4780
- C:\Windows\System\KOCnXnN.exe
  C:\Windows\System\KOCnXnN.exe
  2⤵
  PID:5264
- C:\Windows\System\LqwKtNj.exe
  C:\Windows\System\LqwKtNj.exe
  2⤵
  PID:5748
- C:\Windows\System\quWWsei.exe
  C:\Windows\System\quWWsei.exe
  2⤵
  PID:5856
- C:\Windows\System\NELcUNF.exe
  C:\Windows\System\NELcUNF.exe
  2⤵
  PID:5896
- C:\Windows\System\lyGyqor.exe
  C:\Windows\System\lyGyqor.exe
  2⤵
  PID:5936
- C:\Windows\System\vvLMguw.exe
  C:\Windows\System\vvLMguw.exe
  2⤵
  PID:5940
- C:\Windows\System\OBjeWKK.exe
  C:\Windows\System\OBjeWKK.exe
  2⤵
  PID:6040
- C:\Windows\System\gBEXSVw.exe
  C:\Windows\System\gBEXSVw.exe
  2⤵
  PID:6068
- C:\Windows\System\djXautw.exe
  C:\Windows\System\djXautw.exe
  2⤵
  PID:4920
- C:\Windows\System\XiHWxxf.exe
  C:\Windows\System\XiHWxxf.exe
  2⤵
  PID:6124
- C:\Windows\System\PxbXyyd.exe
  C:\Windows\System\PxbXyyd.exe
  2⤵
  PID:5000
- C:\Windows\System\XhILFZT.exe
  C:\Windows\System\XhILFZT.exe
  2⤵
  PID:5300
- C:\Windows\System\uOdqFnP.exe
  C:\Windows\System\uOdqFnP.exe
  2⤵
  PID:5452
- C:\Windows\System\SDDkxAf.exe
  C:\Windows\System\SDDkxAf.exe
  2⤵
  PID:5504
- C:\Windows\System\CqPKaTZ.exe
  C:\Windows\System\CqPKaTZ.exe
  2⤵
  PID:5540
- C:\Windows\System\fuUpBOp.exe
  C:\Windows\System\fuUpBOp.exe
  2⤵
  PID:5316
- C:\Windows\System\MYdOvkU.exe
  C:\Windows\System\MYdOvkU.exe
  2⤵
  PID:5716
- C:\Windows\System\uqtEOSZ.exe
  C:\Windows\System\uqtEOSZ.exe
  2⤵
  PID:5852
- C:\Windows\System\lqlXGrJ.exe
  C:\Windows\System\lqlXGrJ.exe
  2⤵
  PID:6020
- C:\Windows\System\ctsmAZp.exe
  C:\Windows\System\ctsmAZp.exe
  2⤵
  PID:5960
- C:\Windows\System\yzWBlpc.exe
  C:\Windows\System\yzWBlpc.exe
  2⤵
  PID:6108
- C:\Windows\System\VIVihCu.exe
  C:\Windows\System\VIVihCu.exe
  2⤵
  PID:5392
- C:\Windows\System\XkCUZUd.exe
  C:\Windows\System\XkCUZUd.exe
  2⤵
  PID:5136
- C:\Windows\System\ApRLtUZ.exe
  C:\Windows\System\ApRLtUZ.exe
  2⤵
  PID:5416
- C:\Windows\System\tKZnEBD.exe
  C:\Windows\System\tKZnEBD.exe
  2⤵
  PID:5696
- C:\Windows\System\tqywXAI.exe
  C:\Windows\System\tqywXAI.exe
  2⤵
  PID:5724
- C:\Windows\System\NmXlplM.exe
  C:\Windows\System\NmXlplM.exe
  2⤵
  PID:5912
- C:\Windows\System\NdITZHs.exe
  C:\Windows\System\NdITZHs.exe
  2⤵
  PID:5188
- C:\Windows\System\YxnCUTU.exe
  C:\Windows\System\YxnCUTU.exe
  2⤵
  PID:5472
- C:\Windows\System\qOEyhRy.exe
  C:\Windows\System\qOEyhRy.exe
  2⤵
  PID:5412
- C:\Windows\System\KlytAuA.exe
  C:\Windows\System\KlytAuA.exe
  2⤵
  PID:5624
- C:\Windows\System\LKLosut.exe
  C:\Windows\System\LKLosut.exe
  2⤵
  PID:5280
- C:\Windows\System\QjBvPTz.exe
  C:\Windows\System\QjBvPTz.exe
  2⤵
  PID:5528
- C:\Windows\System\WlFiVCF.exe
  C:\Windows\System\WlFiVCF.exe
  2⤵
  PID:6100
- C:\Windows\System\KNluZfu.exe
  C:\Windows\System\KNluZfu.exe
  2⤵
  PID:6164
- C:\Windows\System\BChsbNO.exe
  C:\Windows\System\BChsbNO.exe
  2⤵
  PID:6180
- C:\Windows\System\cIZCMVv.exe
  C:\Windows\System\cIZCMVv.exe
  2⤵
  PID:6200
- C:\Windows\System\EMbXbYs.exe
  C:\Windows\System\EMbXbYs.exe
  2⤵
  PID:6220
- C:\Windows\System\NdGNDFI.exe
  C:\Windows\System\NdGNDFI.exe
  2⤵
  PID:6244
- C:\Windows\System\jTukeya.exe
  C:\Windows\System\jTukeya.exe
  2⤵
  PID:6264
- C:\Windows\System\RnEojTd.exe
  C:\Windows\System\RnEojTd.exe
  2⤵
  PID:6284
- C:\Windows\System\OVIDHuy.exe
  C:\Windows\System\OVIDHuy.exe
  2⤵
  PID:6304
- C:\Windows\System\matvXiG.exe
  C:\Windows\System\matvXiG.exe
  2⤵
  PID:6328
- C:\Windows\System\LWxvgqX.exe
  C:\Windows\System\LWxvgqX.exe
  2⤵
  PID:6344
- C:\Windows\System\BObKQDs.exe
  C:\Windows\System\BObKQDs.exe
  2⤵
  PID:6360
- C:\Windows\System\rsUeefD.exe
  C:\Windows\System\rsUeefD.exe
  2⤵
  PID:6380
- C:\Windows\System\uyshgJo.exe
  C:\Windows\System\uyshgJo.exe
  2⤵
  PID:6396
- C:\Windows\System\ylfYREb.exe
  C:\Windows\System\ylfYREb.exe
  2⤵
  PID:6420
- C:\Windows\System\MxwxSlb.exe
  C:\Windows\System\MxwxSlb.exe
  2⤵
  PID:6452
- C:\Windows\System\gALYOkR.exe
  C:\Windows\System\gALYOkR.exe
  2⤵
  PID:6468
- C:\Windows\System\XpeCTGk.exe
  C:\Windows\System\XpeCTGk.exe
  2⤵
  PID:6484
- C:\Windows\System\sgxWlnw.exe
  C:\Windows\System\sgxWlnw.exe
  2⤵
  PID:6504
- C:\Windows\System\AmcRQOO.exe
  C:\Windows\System\AmcRQOO.exe
  2⤵
  PID:6524
- C:\Windows\System\rGmUbXg.exe
  C:\Windows\System\rGmUbXg.exe
  2⤵
  PID:6544
- C:\Windows\System\VfmnXQd.exe
  C:\Windows\System\VfmnXQd.exe
  2⤵
  PID:6572
- C:\Windows\System\yhjYKco.exe
  C:\Windows\System\yhjYKco.exe
  2⤵
  PID:6588
- C:\Windows\System\VzdlzpS.exe
  C:\Windows\System\VzdlzpS.exe
  2⤵
  PID:6608
- C:\Windows\System\cZVEYCB.exe
  C:\Windows\System\cZVEYCB.exe
  2⤵
  PID:6624
- C:\Windows\System\wqVaQOF.exe
  C:\Windows\System\wqVaQOF.exe
  2⤵
  PID:6656
- C:\Windows\System\hVxiXlH.exe
  C:\Windows\System\hVxiXlH.exe
  2⤵
  PID:6672
- C:\Windows\System\tVAUDdg.exe
  C:\Windows\System\tVAUDdg.exe
  2⤵
  PID:6696
- C:\Windows\System\ctblZHL.exe
  C:\Windows\System\ctblZHL.exe
  2⤵
  PID:6712
- C:\Windows\System\EmfJSXc.exe
  C:\Windows\System\EmfJSXc.exe
  2⤵
  PID:6728
- C:\Windows\System\ATlDkPq.exe
  C:\Windows\System\ATlDkPq.exe
  2⤵
  PID:6748
- C:\Windows\System\mAmQTOP.exe
  C:\Windows\System\mAmQTOP.exe
  2⤵
  PID:6768
- C:\Windows\System\yJHdeki.exe
  C:\Windows\System\yJHdeki.exe
  2⤵
  PID:6784
- C:\Windows\System\JPtSdGH.exe
  C:\Windows\System\JPtSdGH.exe
  2⤵
  PID:6800
- C:\Windows\System\WumigOu.exe
  C:\Windows\System\WumigOu.exe
  2⤵
  PID:6820
- C:\Windows\System\UCnrDCZ.exe
  C:\Windows\System\UCnrDCZ.exe
  2⤵
  PID:6836
- C:\Windows\System\eadfsKD.exe
  C:\Windows\System\eadfsKD.exe
  2⤵
  PID:6856
- C:\Windows\System\pPfCBYQ.exe
  C:\Windows\System\pPfCBYQ.exe
  2⤵
  PID:6884
- C:\Windows\System\axeFRGm.exe
  C:\Windows\System\axeFRGm.exe
  2⤵
  PID:6904
- C:\Windows\System\edYIlJw.exe
  C:\Windows\System\edYIlJw.exe
  2⤵
  PID:6932
- C:\Windows\System\VuRttwK.exe
  C:\Windows\System\VuRttwK.exe
  2⤵
  PID:6948
- C:\Windows\System\RBaljSb.exe
  C:\Windows\System\RBaljSb.exe
  2⤵
  PID:6968
- C:\Windows\System\BGxuxGO.exe
  C:\Windows\System\BGxuxGO.exe
  2⤵
  PID:6984
- C:\Windows\System\FbhYNbQ.exe
  C:\Windows\System\FbhYNbQ.exe
  2⤵
  PID:7016
- C:\Windows\System\poSZHPI.exe
  C:\Windows\System\poSZHPI.exe
  2⤵
  PID:7032
- C:\Windows\System\mMBIpHl.exe
  C:\Windows\System\mMBIpHl.exe
  2⤵
  PID:7052
- C:\Windows\System\tRljOKD.exe
  C:\Windows\System\tRljOKD.exe
  2⤵
  PID:7072
- C:\Windows\System\dEiocDN.exe
  C:\Windows\System\dEiocDN.exe
  2⤵
  PID:7088
- C:\Windows\System\NSpViBe.exe
  C:\Windows\System\NSpViBe.exe
  2⤵
  PID:7108
- C:\Windows\System\ENQWXQP.exe
  C:\Windows\System\ENQWXQP.exe
  2⤵
  PID:7128
- C:\Windows\System\fSqbWvR.exe
  C:\Windows\System\fSqbWvR.exe
  2⤵
  PID:7144
- C:\Windows\System\MkbUKDS.exe
  C:\Windows\System\MkbUKDS.exe
  2⤵
  PID:5832
- C:\Windows\System\wewpqkH.exe
  C:\Windows\System\wewpqkH.exe
  2⤵
  PID:5880
- C:\Windows\System\mqHpYqc.exe
  C:\Windows\System\mqHpYqc.exe
  2⤵
  PID:5756
- C:\Windows\System\TOZWdHW.exe
  C:\Windows\System\TOZWdHW.exe
  2⤵
  PID:6160
- C:\Windows\System\MHNodyu.exe
  C:\Windows\System\MHNodyu.exe
  2⤵
  PID:6212
- C:\Windows\System\xKTjvtS.exe
  C:\Windows\System\xKTjvtS.exe
  2⤵
  PID:6240
- C:\Windows\System\YbhZNle.exe
  C:\Windows\System\YbhZNle.exe
  2⤵
  PID:6300
- C:\Windows\System\SeSXESn.exe
  C:\Windows\System\SeSXESn.exe
  2⤵
  PID:6316
- C:\Windows\System\nsfSEcy.exe
  C:\Windows\System\nsfSEcy.exe
  2⤵
  PID:6372
- C:\Windows\System\MiMqXRk.exe
  C:\Windows\System\MiMqXRk.exe
  2⤵
  PID:6412
- C:\Windows\System\xjHEydE.exe
  C:\Windows\System\xjHEydE.exe
  2⤵
  PID:6408
- C:\Windows\System\jnXAIGj.exe
  C:\Windows\System\jnXAIGj.exe
  2⤵
  PID:6448
- C:\Windows\System\IDPKrcM.exe
  C:\Windows\System\IDPKrcM.exe
  2⤵
  PID:6512
- C:\Windows\System\DXLewTx.exe
  C:\Windows\System\DXLewTx.exe
  2⤵
  PID:6532
- C:\Windows\System\ZBeivnL.exe
  C:\Windows\System\ZBeivnL.exe
  2⤵
  PID:6564
- C:\Windows\System\EYRfOrI.exe
  C:\Windows\System\EYRfOrI.exe
  2⤵
  PID:6596
- C:\Windows\System\WtnhtOj.exe
  C:\Windows\System\WtnhtOj.exe
  2⤵
  PID:6616
- C:\Windows\System\qglkzqd.exe
  C:\Windows\System\qglkzqd.exe
  2⤵
  PID:6580
- C:\Windows\System\GCKBEQL.exe
  C:\Windows\System\GCKBEQL.exe
  2⤵
  PID:6688
- C:\Windows\System\FCDqyDI.exe
  C:\Windows\System\FCDqyDI.exe
  2⤵
  PID:6756
- C:\Windows\System\PFxrMnt.exe
  C:\Windows\System\PFxrMnt.exe
  2⤵
  PID:6764
- C:\Windows\System\LEfsQAj.exe
  C:\Windows\System\LEfsQAj.exe
  2⤵
  PID:6828
- C:\Windows\System\SusXoMx.exe
  C:\Windows\System\SusXoMx.exe
  2⤵
  PID:6880
- C:\Windows\System\JKVpgTp.exe
  C:\Windows\System\JKVpgTp.exe
  2⤵
  PID:6844
- C:\Windows\System\kydUtoc.exe
  C:\Windows\System\kydUtoc.exe
  2⤵
  PID:6924
- C:\Windows\System\GwiwdeM.exe
  C:\Windows\System\GwiwdeM.exe
  2⤵
  PID:6896
- C:\Windows\System\iPfOmFj.exe
  C:\Windows\System\iPfOmFj.exe
  2⤵
  PID:6964
- C:\Windows\System\eGxTifi.exe
  C:\Windows\System\eGxTifi.exe
  2⤵
  PID:6996
- C:\Windows\System\MbkWwPG.exe
  C:\Windows\System\MbkWwPG.exe
  2⤵
  PID:6980
- C:\Windows\System\UzziNIz.exe
  C:\Windows\System\UzziNIz.exe
  2⤵
  PID:7048
- C:\Windows\System\OvkQtvm.exe
  C:\Windows\System\OvkQtvm.exe
  2⤵
  PID:7064
- C:\Windows\System\gVPsuSh.exe
  C:\Windows\System\gVPsuSh.exe
  2⤵
  PID:7124
- C:\Windows\System\wpRmPyy.exe
  C:\Windows\System\wpRmPyy.exe
  2⤵
  PID:5776
- C:\Windows\System\QeSJsre.exe
  C:\Windows\System\QeSJsre.exe
  2⤵
  PID:5220
- C:\Windows\System\JKbgRzp.exe
  C:\Windows\System\JKbgRzp.exe
  2⤵
  PID:6156
- C:\Windows\System\ZVfTvDx.exe
  C:\Windows\System\ZVfTvDx.exe
  2⤵
  PID:6272
- C:\Windows\System\RzQzObG.exe
  C:\Windows\System\RzQzObG.exe
  2⤵
  PID:6260
- C:\Windows\System\fbAyAuz.exe
  C:\Windows\System\fbAyAuz.exe
  2⤵
  PID:6392
- C:\Windows\System\qwMErIN.exe
  C:\Windows\System\qwMErIN.exe
  2⤵
  PID:6432
- C:\Windows\System\CpYtSwB.exe
  C:\Windows\System\CpYtSwB.exe
  2⤵
  PID:6460
- C:\Windows\System\AzfQkam.exe
  C:\Windows\System\AzfQkam.exe
  2⤵
  PID:6496
- C:\Windows\System\OQOdPXF.exe
  C:\Windows\System\OQOdPXF.exe
  2⤵
  PID:6500
- C:\Windows\System\fPeCkpT.exe
  C:\Windows\System\fPeCkpT.exe
  2⤵
  PID:6640
- C:\Windows\System\mNKsLWZ.exe
  C:\Windows\System\mNKsLWZ.exe
  2⤵
  PID:6684
- C:\Windows\System\dehhgOT.exe
  C:\Windows\System\dehhgOT.exe
  2⤵
  PID:6708
- C:\Windows\System\ELKFPuP.exe
  C:\Windows\System\ELKFPuP.exe
  2⤵
  PID:6864
- C:\Windows\System\JyBmBmk.exe
  C:\Windows\System\JyBmBmk.exe
  2⤵
  PID:6740
- C:\Windows\System\qpVJYFE.exe
  C:\Windows\System\qpVJYFE.exe
  2⤵
  PID:6912
- C:\Windows\System\ZplfcEv.exe
  C:\Windows\System\ZplfcEv.exe
  2⤵
  PID:6940
- C:\Windows\System\uzYyfVV.exe
  C:\Windows\System\uzYyfVV.exe
  2⤵
  PID:6992
- C:\Windows\System\HEDSUBw.exe
  C:\Windows\System\HEDSUBw.exe
  2⤵
  PID:7084
- C:\Windows\System\kvhLDSs.exe
  C:\Windows\System\kvhLDSs.exe
  2⤵
  PID:7096
- C:\Windows\System\xScMMTs.exe
  C:\Windows\System\xScMMTs.exe
  2⤵
  PID:7160
- C:\Windows\System\JKONfFF.exe
  C:\Windows\System\JKONfFF.exe
  2⤵
  PID:6192
- C:\Windows\System\HSjTXKt.exe
  C:\Windows\System\HSjTXKt.exe
  2⤵
  PID:6236
- C:\Windows\System\GMbXdtj.exe
  C:\Windows\System\GMbXdtj.exe
  2⤵
  PID:6388
- C:\Windows\System\ueZdYst.exe
  C:\Windows\System\ueZdYst.exe
  2⤵
  PID:6404
- C:\Windows\System\ALcCXrJ.exe
  C:\Windows\System\ALcCXrJ.exe
  2⤵
  PID:5680
- C:\Windows\System\RTqoQCT.exe
  C:\Windows\System\RTqoQCT.exe
  2⤵
  PID:6668
- C:\Windows\System\snLcGqw.exe
  C:\Windows\System\snLcGqw.exe
  2⤵
  PID:6724
- C:\Windows\System\NkwsmoL.exe
  C:\Windows\System\NkwsmoL.exe
  2⤵
  PID:6792
- C:\Windows\System\OVIDfmk.exe
  C:\Windows\System\OVIDfmk.exe
  2⤵
  PID:6848
- C:\Windows\System\DfEkGSx.exe
  C:\Windows\System\DfEkGSx.exe
  2⤵
  PID:7012
- C:\Windows\System\kQcyhbi.exe
  C:\Windows\System\kQcyhbi.exe
  2⤵
  PID:7060
- C:\Windows\System\jkkepCU.exe
  C:\Windows\System\jkkepCU.exe
  2⤵
  PID:7104
- C:\Windows\System\knJDZCD.exe
  C:\Windows\System\knJDZCD.exe
  2⤵
  PID:6196
- C:\Windows\System\LhXXEOR.exe
  C:\Windows\System\LhXXEOR.exe
  2⤵
  PID:6436
- C:\Windows\System\OtLZsuH.exe
  C:\Windows\System\OtLZsuH.exe
  2⤵
  PID:6368
- C:\Windows\System\YgEXbZy.exe
  C:\Windows\System\YgEXbZy.exe
  2⤵
  PID:6736
- C:\Windows\System\DzEsblT.exe
  C:\Windows\System\DzEsblT.exe
  2⤵
  PID:6920
- C:\Windows\System\QClpHdf.exe
  C:\Windows\System\QClpHdf.exe
  2⤵
  PID:7156
- C:\Windows\System\VgjoccI.exe
  C:\Windows\System\VgjoccI.exe
  2⤵
  PID:6296
- C:\Windows\System\KGYKqWg.exe
  C:\Windows\System\KGYKqWg.exe
  2⤵
  PID:6340
- C:\Windows\System\qjGarJm.exe
  C:\Windows\System\qjGarJm.exe
  2⤵
  PID:6632
- C:\Windows\System\ieAjEuC.exe
  C:\Windows\System\ieAjEuC.exe
  2⤵
  PID:6872
- C:\Windows\System\gelaDvn.exe
  C:\Windows\System\gelaDvn.exe
  2⤵
  PID:7164
- C:\Windows\System\mPQuFgn.exe
  C:\Windows\System\mPQuFgn.exe
  2⤵
  PID:6560
- C:\Windows\System\umWLDyf.exe
  C:\Windows\System\umWLDyf.exe
  2⤵
  PID:7172
- C:\Windows\System\qvNJELs.exe
  C:\Windows\System\qvNJELs.exe
  2⤵
  PID:7192
- C:\Windows\System\wHsecbe.exe
  C:\Windows\System\wHsecbe.exe
  2⤵
  PID:7220
- C:\Windows\System\FVuvwSP.exe
  C:\Windows\System\FVuvwSP.exe
  2⤵
  PID:7244
- C:\Windows\System\gmdMNsp.exe
  C:\Windows\System\gmdMNsp.exe
  2⤵
  PID:7260
- C:\Windows\System\VsVKWyj.exe
  C:\Windows\System\VsVKWyj.exe
  2⤵
  PID:7276
- C:\Windows\System\PgRbYLG.exe
  C:\Windows\System\PgRbYLG.exe
  2⤵
  PID:7296
- C:\Windows\System\ISQDaWD.exe
  C:\Windows\System\ISQDaWD.exe
  2⤵
  PID:7336
- C:\Windows\System\qCSbVwR.exe
  C:\Windows\System\qCSbVwR.exe
  2⤵
  PID:7352
- C:\Windows\System\aNmiLix.exe
  C:\Windows\System\aNmiLix.exe
  2⤵
  PID:7376
- C:\Windows\System\txMgVhU.exe
  C:\Windows\System\txMgVhU.exe
  2⤵
  PID:7392
- C:\Windows\System\BcxslIV.exe
  C:\Windows\System\BcxslIV.exe
  2⤵
  PID:7412
- C:\Windows\System\eumsfZs.exe
  C:\Windows\System\eumsfZs.exe
  2⤵
  PID:7436
- C:\Windows\System\ksmEtGv.exe
  C:\Windows\System\ksmEtGv.exe
  2⤵
  PID:7452
- C:\Windows\System\PQkxtpt.exe
  C:\Windows\System\PQkxtpt.exe
  2⤵
  PID:7476
- C:\Windows\System\jFrZzzT.exe
  C:\Windows\System\jFrZzzT.exe
  2⤵
  PID:7496
- C:\Windows\System\rXqQZri.exe
  C:\Windows\System\rXqQZri.exe
  2⤵
  PID:7512
- C:\Windows\System\OEzSWco.exe
  C:\Windows\System\OEzSWco.exe
  2⤵
  PID:7528
- C:\Windows\System\ubFojXH.exe
  C:\Windows\System\ubFojXH.exe
  2⤵
  PID:7552
- C:\Windows\System\VaQxifW.exe
  C:\Windows\System\VaQxifW.exe
  2⤵
  PID:7576
- C:\Windows\System\nDkBzjV.exe
  C:\Windows\System\nDkBzjV.exe
  2⤵
  PID:7592
- C:\Windows\System\wNPDTYC.exe
  C:\Windows\System\wNPDTYC.exe
  2⤵
  PID:7608
- C:\Windows\System\FyjhUeZ.exe
  C:\Windows\System\FyjhUeZ.exe
  2⤵
  PID:7628
- C:\Windows\System\nwXLeXb.exe
  C:\Windows\System\nwXLeXb.exe
  2⤵
  PID:7652
- C:\Windows\System\tlTNRtC.exe
  C:\Windows\System\tlTNRtC.exe
  2⤵
  PID:7668
- C:\Windows\System\UssSBmx.exe
  C:\Windows\System\UssSBmx.exe
  2⤵
  PID:7696
- C:\Windows\System\tlXISYl.exe
  C:\Windows\System\tlXISYl.exe
  2⤵
  PID:7712
- C:\Windows\System\cAvEEjH.exe
  C:\Windows\System\cAvEEjH.exe
  2⤵
  PID:7728
- C:\Windows\System\AQWoZDq.exe
  C:\Windows\System\AQWoZDq.exe
  2⤵
  PID:7756
- C:\Windows\System\XMRkOZY.exe
  C:\Windows\System\XMRkOZY.exe
  2⤵
  PID:7772
- C:\Windows\System\ltVYVhT.exe
  C:\Windows\System\ltVYVhT.exe
  2⤵
  PID:7796
- C:\Windows\System\foUctBs.exe
  C:\Windows\System\foUctBs.exe
  2⤵
  PID:7812
- C:\Windows\System\NKUvEqF.exe
  C:\Windows\System\NKUvEqF.exe
  2⤵
  PID:7836
- C:\Windows\System\SbHowKN.exe
  C:\Windows\System\SbHowKN.exe
  2⤵
  PID:7860
- C:\Windows\System\TbsGqCo.exe
  C:\Windows\System\TbsGqCo.exe
  2⤵
  PID:7876
- C:\Windows\System\mxhnfbR.exe
  C:\Windows\System\mxhnfbR.exe
  2⤵
  PID:7896
- C:\Windows\System\XKhscik.exe
  C:\Windows\System\XKhscik.exe
  2⤵
  PID:7916
- C:\Windows\System\XPSgosZ.exe
  C:\Windows\System\XPSgosZ.exe
  2⤵
  PID:7936
- C:\Windows\System\ncfkzqK.exe
  C:\Windows\System\ncfkzqK.exe
  2⤵
  PID:7952
- C:\Windows\System\DYvcIGr.exe
  C:\Windows\System\DYvcIGr.exe
  2⤵
  PID:7976
- C:\Windows\System\IrPPgQr.exe
  C:\Windows\System\IrPPgQr.exe
  2⤵
  PID:7992
- C:\Windows\System\RCpsmaa.exe
  C:\Windows\System\RCpsmaa.exe
  2⤵
  PID:8016
- C:\Windows\System\KeAViDl.exe
  C:\Windows\System\KeAViDl.exe
  2⤵
  PID:8036
- C:\Windows\System\ybkRBIt.exe
  C:\Windows\System\ybkRBIt.exe
  2⤵
  PID:8060
- C:\Windows\System\sxrSqCq.exe
  C:\Windows\System\sxrSqCq.exe
  2⤵
  PID:8076
- C:\Windows\System\KuPdbLy.exe
  C:\Windows\System\KuPdbLy.exe
  2⤵
  PID:8100
- C:\Windows\System\XOrElPo.exe
  C:\Windows\System\XOrElPo.exe
  2⤵
  PID:8116
- C:\Windows\System\TYoFJED.exe
  C:\Windows\System\TYoFJED.exe
  2⤵
  PID:8136
- C:\Windows\System\SJAyFqY.exe
  C:\Windows\System\SJAyFqY.exe
  2⤵
  PID:8156
- C:\Windows\System\rHStADO.exe
  C:\Windows\System\rHStADO.exe
  2⤵
  PID:8176
- C:\Windows\System\HieOseR.exe
  C:\Windows\System\HieOseR.exe
  2⤵
  PID:6652
- C:\Windows\System\iyoPmgl.exe
  C:\Windows\System\iyoPmgl.exe
  2⤵
  PID:7028
- C:\Windows\System\BavRXMH.exe
  C:\Windows\System\BavRXMH.exe
  2⤵
  PID:7228
- C:\Windows\System\IpHCJoM.exe
  C:\Windows\System\IpHCJoM.exe
  2⤵
  PID:7216
- C:\Windows\System\SqfOGCb.exe
  C:\Windows\System\SqfOGCb.exe
  2⤵
  PID:7232
- C:\Windows\System\wtizhrU.exe
  C:\Windows\System\wtizhrU.exe
  2⤵
  PID:7304
- C:\Windows\System\JzJCIKo.exe
  C:\Windows\System\JzJCIKo.exe
  2⤵
  PID:7292
- C:\Windows\System\FTywYpZ.exe
  C:\Windows\System\FTywYpZ.exe
  2⤵
  PID:7312
- C:\Windows\System\nagqwoL.exe
  C:\Windows\System\nagqwoL.exe
  2⤵
  PID:7364
- C:\Windows\System\qVzhKft.exe
  C:\Windows\System\qVzhKft.exe
  2⤵
  PID:7384
- C:\Windows\System\BzVIRVr.exe
  C:\Windows\System\BzVIRVr.exe
  2⤵
  PID:7428
- C:\Windows\System\OZpsDaG.exe
  C:\Windows\System\OZpsDaG.exe
  2⤵
  PID:7464
- C:\Windows\System\ZHFEQvw.exe
  C:\Windows\System\ZHFEQvw.exe
  2⤵
  PID:7520
- C:\Windows\System\EbZzuOn.exe
  C:\Windows\System\EbZzuOn.exe
  2⤵
  PID:7536
- C:\Windows\System\olshzrS.exe
  C:\Windows\System\olshzrS.exe
  2⤵
  PID:7560
- C:\Windows\System\vriDMkE.exe
  C:\Windows\System\vriDMkE.exe
  2⤵
  PID:7600
- C:\Windows\System\PuWzMJL.exe
  C:\Windows\System\PuWzMJL.exe
  2⤵
  PID:7620
- C:\Windows\System\YWfAzrW.exe
  C:\Windows\System\YWfAzrW.exe
  2⤵
  PID:7640
- C:\Windows\System\iurQhKV.exe
  C:\Windows\System\iurQhKV.exe
  2⤵
  PID:7684
- C:\Windows\System\bPVQgWt.exe
  C:\Windows\System\bPVQgWt.exe
  2⤵
  PID:7736
- C:\Windows\System\WjZsqDz.exe
  C:\Windows\System\WjZsqDz.exe
  2⤵
  PID:7764
- C:\Windows\System\DAowMnq.exe
  C:\Windows\System\DAowMnq.exe
  2⤵
  PID:7820
- C:\Windows\System\INZAHWO.exe
  C:\Windows\System\INZAHWO.exe
  2⤵
  PID:7824
- C:\Windows\System\zuBpQoA.exe
  C:\Windows\System\zuBpQoA.exe
  2⤵
  PID:7872
- C:\Windows\System\gtedCeZ.exe
  C:\Windows\System\gtedCeZ.exe
  2⤵
  PID:7924
- C:\Windows\System\yIqojkt.exe
  C:\Windows\System\yIqojkt.exe
  2⤵
  PID:7960
- C:\Windows\System\SLYPnxJ.exe
  C:\Windows\System\SLYPnxJ.exe
  2⤵
  PID:8000
- C:\Windows\System\NtBLJCh.exe
  C:\Windows\System\NtBLJCh.exe
  2⤵
  PID:7988
- C:\Windows\System\IdlLvsr.exe
  C:\Windows\System\IdlLvsr.exe
  2⤵
  PID:8044
- C:\Windows\System\BTVMKdC.exe
  C:\Windows\System\BTVMKdC.exe
  2⤵
  PID:8092
- C:\Windows\System\hHFEBPv.exe
  C:\Windows\System\hHFEBPv.exe
  2⤵
  PID:8124
- C:\Windows\System\SvMOVyt.exe
  C:\Windows\System\SvMOVyt.exe
  2⤵
  PID:2172
- C:\Windows\System\vQTAwzT.exe
  C:\Windows\System\vQTAwzT.exe
  2⤵
  PID:8148
- C:\Windows\System\itgUaHt.exe
  C:\Windows\System\itgUaHt.exe
  2⤵
  PID:8184
- C:\Windows\System\GnvgArj.exe
  C:\Windows\System\GnvgArj.exe
  2⤵
  PID:7000
- C:\Windows\System\GkrCdzC.exe
  C:\Windows\System\GkrCdzC.exe
  2⤵
  PID:7208
- C:\Windows\System\ZOCereB.exe
  C:\Windows\System\ZOCereB.exe
  2⤵
  PID:6152
- C:\Windows\System\YphzrRN.exe
  C:\Windows\System\YphzrRN.exe
  2⤵
  PID:7316
- C:\Windows\System\aoKqSVq.exe
  C:\Windows\System\aoKqSVq.exe
  2⤵
  PID:7408
- C:\Windows\System\rDzmJEn.exe
  C:\Windows\System\rDzmJEn.exe
  2⤵
  PID:7472
- C:\Windows\System\eVSFeDG.exe
  C:\Windows\System\eVSFeDG.exe
  2⤵
  PID:7568
- C:\Windows\System\caciiZw.exe
  C:\Windows\System\caciiZw.exe
  2⤵
  PID:7360
- C:\Windows\System\YvYyVrM.exe
  C:\Windows\System\YvYyVrM.exe
  2⤵
  PID:7616
- C:\Windows\System\DJwwBoz.exe
  C:\Windows\System\DJwwBoz.exe
  2⤵
  PID:7508
- C:\Windows\System\UnhnyPW.exe
  C:\Windows\System\UnhnyPW.exe
  2⤵
  PID:7784
- C:\Windows\System\oHHDwaA.exe
  C:\Windows\System\oHHDwaA.exe
  2⤵
  PID:7856
- C:\Windows\System\wlmSCAh.exe
  C:\Windows\System\wlmSCAh.exe
  2⤵
  PID:7648
- C:\Windows\System\oDGpJPh.exe
  C:\Windows\System\oDGpJPh.exe
  2⤵
  PID:7740
- C:\Windows\System\EWuHnJx.exe
  C:\Windows\System\EWuHnJx.exe
  2⤵
  PID:7704
- C:\Windows\System\DUnpAuK.exe
  C:\Windows\System\DUnpAuK.exe
  2⤵
  PID:8024
- C:\Windows\System\cnMsMKK.exe
  C:\Windows\System\cnMsMKK.exe
  2⤵
  PID:7948
- C:\Windows\System\CZBbJdY.exe
  C:\Windows\System\CZBbJdY.exe
  2⤵
  PID:8084
- C:\Windows\System\yGZoJvX.exe
  C:\Windows\System\yGZoJvX.exe
  2⤵
  PID:1524
- C:\Windows\System\bOruhcf.exe
  C:\Windows\System\bOruhcf.exe
  2⤵
  PID:1084
- C:\Windows\System\xbUizxK.exe
  C:\Windows\System\xbUizxK.exe
  2⤵
  PID:8152
- C:\Windows\System\MQhMrqL.exe
  C:\Windows\System\MQhMrqL.exe
  2⤵
  PID:8164
- C:\Windows\System\scEkUSx.exe
  C:\Windows\System\scEkUSx.exe
  2⤵
  PID:8172
- C:\Windows\System\gOkVgFZ.exe
  C:\Windows\System\gOkVgFZ.exe
  2⤵
  PID:7572
- C:\Windows\System\cwLFQBO.exe
  C:\Windows\System\cwLFQBO.exe
  2⤵
  PID:7372
- C:\Windows\System\LVMObuz.exe
  C:\Windows\System\LVMObuz.exe
  2⤵
  PID:7332
- C:\Windows\System\WMpXOwI.exe
  C:\Windows\System\WMpXOwI.exe
  2⤵
  PID:7744
- C:\Windows\System\QRdDBZs.exe
  C:\Windows\System\QRdDBZs.exe
  2⤵
  PID:7832
- C:\Windows\System\ZBaKfba.exe
  C:\Windows\System\ZBaKfba.exe
  2⤵
  PID:7892
- C:\Windows\System\bRCZpAv.exe
  C:\Windows\System\bRCZpAv.exe
  2⤵
  PID:7432
- C:\Windows\System\lDrywyq.exe
  C:\Windows\System\lDrywyq.exe
  2⤵
  PID:8052
- C:\Windows\System\mLVoiDT.exe
  C:\Windows\System\mLVoiDT.exe
  2⤵
  PID:8132
- C:\Windows\System\mzjhkSf.exe
  C:\Windows\System\mzjhkSf.exe
  2⤵
  PID:7252
- C:\Windows\System\uwXmSFg.exe
  C:\Windows\System\uwXmSFg.exe
  2⤵
  PID:8188
- C:\Windows\System\CtAbONX.exe
  C:\Windows\System\CtAbONX.exe
  2⤵
  PID:7444
- C:\Windows\System\qicIMyn.exe
  C:\Windows\System\qicIMyn.exe
  2⤵
  PID:944
- C:\Windows\System\psmRCeM.exe
  C:\Windows\System\psmRCeM.exe
  2⤵
  PID:7664
- C:\Windows\System\KXihsRp.exe
  C:\Windows\System\KXihsRp.exe
  2⤵
  PID:7932
- C:\Windows\System\ksQlZKP.exe
  C:\Windows\System\ksQlZKP.exe
  2⤵
  PID:8012
- C:\Windows\System\XLDXOgu.exe
  C:\Windows\System\XLDXOgu.exe
  2⤵
  PID:8072
- C:\Windows\System\IhKSbOo.exe
  C:\Windows\System\IhKSbOo.exe
  2⤵
  PID:7404
- C:\Windows\System\REGOCTD.exe
  C:\Windows\System\REGOCTD.exe
  2⤵
  PID:7240
- C:\Windows\System\XmylEAc.exe
  C:\Windows\System\XmylEAc.exe
  2⤵
  PID:7912
- C:\Windows\System\vPBhZNZ.exe
  C:\Windows\System\vPBhZNZ.exe
  2⤵
  PID:7944
- C:\Windows\System\oYatXCj.exe
  C:\Windows\System\oYatXCj.exe
  2⤵
  PID:7268
- C:\Windows\System\AeYYysk.exe
  C:\Windows\System\AeYYysk.exe
  2⤵
  PID:7448
- C:\Windows\System\lskiwNt.exe
  C:\Windows\System\lskiwNt.exe
  2⤵
  PID:7348
- C:\Windows\System\QaxQIAt.exe
  C:\Windows\System\QaxQIAt.exe
  2⤵
  PID:7544
- C:\Windows\System\mBTKZwR.exe
  C:\Windows\System\mBTKZwR.exe
  2⤵
  PID:8204
- C:\Windows\System\zlfgkUh.exe
  C:\Windows\System\zlfgkUh.exe
  2⤵
  PID:8224
- C:\Windows\System\WVXjCwU.exe
  C:\Windows\System\WVXjCwU.exe
  2⤵
  PID:8244
- C:\Windows\System\ZfLKXaz.exe
  C:\Windows\System\ZfLKXaz.exe
  2⤵
  PID:8260
- C:\Windows\System\FHwJGjQ.exe
  C:\Windows\System\FHwJGjQ.exe
  2⤵
  PID:8280
- C:\Windows\System\phBTdOT.exe
  C:\Windows\System\phBTdOT.exe
  2⤵
  PID:8312
- C:\Windows\System\qtVuwAM.exe
  C:\Windows\System\qtVuwAM.exe
  2⤵
  PID:8340
- C:\Windows\System\kGpTYRZ.exe
  C:\Windows\System\kGpTYRZ.exe
  2⤵
  PID:8360
- C:\Windows\System\uFHWyQp.exe
  C:\Windows\System\uFHWyQp.exe
  2⤵
  PID:8380
- C:\Windows\System\YCfjaUV.exe
  C:\Windows\System\YCfjaUV.exe
  2⤵
  PID:8400
- C:\Windows\System\aDooPDV.exe
  C:\Windows\System\aDooPDV.exe
  2⤵
  PID:8428
- C:\Windows\System\tNkBKee.exe
  C:\Windows\System\tNkBKee.exe
  2⤵
  PID:8444
- C:\Windows\System\dLkIJiN.exe
  C:\Windows\System\dLkIJiN.exe
  2⤵
  PID:8460
- C:\Windows\System\HUTCLnu.exe
  C:\Windows\System\HUTCLnu.exe
  2⤵
  PID:8480
- C:\Windows\System\Giwprxh.exe
  C:\Windows\System\Giwprxh.exe
  2⤵
  PID:8496
- C:\Windows\System\oCaaeME.exe
  C:\Windows\System\oCaaeME.exe
  2⤵
  PID:8512
- C:\Windows\System\NxMeYHU.exe
  C:\Windows\System\NxMeYHU.exe
  2⤵
  PID:8528
- C:\Windows\System\KkPflBH.exe
  C:\Windows\System\KkPflBH.exe
  2⤵
  PID:8544
- C:\Windows\System\mxKWsZJ.exe
  C:\Windows\System\mxKWsZJ.exe
  2⤵
  PID:8560
- C:\Windows\System\jXfkAKS.exe
  C:\Windows\System\jXfkAKS.exe
  2⤵
  PID:8576
- C:\Windows\System\dzpvQUp.exe
  C:\Windows\System\dzpvQUp.exe
  2⤵
  PID:8596
- C:\Windows\System\TDnqBOa.exe
  C:\Windows\System\TDnqBOa.exe
  2⤵
  PID:8612
- C:\Windows\System\iBUnbZV.exe
  C:\Windows\System\iBUnbZV.exe
  2⤵
  PID:8628
- C:\Windows\System\hDMQeOh.exe
  C:\Windows\System\hDMQeOh.exe
  2⤵
  PID:8644
- C:\Windows\System\jMYfnIh.exe
  C:\Windows\System\jMYfnIh.exe
  2⤵
  PID:8660
- C:\Windows\System\pKqwJMz.exe
  C:\Windows\System\pKqwJMz.exe
  2⤵
  PID:8676
- C:\Windows\System\QjLuZGQ.exe
  C:\Windows\System\QjLuZGQ.exe
  2⤵
  PID:8692
- C:\Windows\System\jRBwrNA.exe
  C:\Windows\System\jRBwrNA.exe
  2⤵
  PID:8708
- C:\Windows\System\agTWxdH.exe
  C:\Windows\System\agTWxdH.exe
  2⤵
  PID:8724
- C:\Windows\System\uYrKUvd.exe
  C:\Windows\System\uYrKUvd.exe
  2⤵
  PID:8740
- C:\Windows\System\jNMWGqo.exe
  C:\Windows\System\jNMWGqo.exe
  2⤵
  PID:8756
- C:\Windows\System\OpazcVP.exe
  C:\Windows\System\OpazcVP.exe
  2⤵
  PID:8772
- C:\Windows\System\pngQfuX.exe
  C:\Windows\System\pngQfuX.exe
  2⤵
  PID:8788
- C:\Windows\System\kjrPXUU.exe
  C:\Windows\System\kjrPXUU.exe
  2⤵
  PID:8804
- C:\Windows\System\KHODnzX.exe
  C:\Windows\System\KHODnzX.exe
  2⤵
  PID:8820
- C:\Windows\System\OhRJuwp.exe
  C:\Windows\System\OhRJuwp.exe
  2⤵
  PID:8836
- C:\Windows\System\xIcpCgL.exe
  C:\Windows\System\xIcpCgL.exe
  2⤵
  PID:8852
- C:\Windows\System\swWAHbL.exe
  C:\Windows\System\swWAHbL.exe
  2⤵
  PID:8868
- C:\Windows\System\ZWkkaEm.exe
  C:\Windows\System\ZWkkaEm.exe
  2⤵
  PID:8884
- C:\Windows\System\ebevrdZ.exe
  C:\Windows\System\ebevrdZ.exe
  2⤵
  PID:8900
- C:\Windows\System\JZxbsBN.exe
  C:\Windows\System\JZxbsBN.exe
  2⤵
  PID:8916
- C:\Windows\System\hQABkDt.exe
  C:\Windows\System\hQABkDt.exe
  2⤵
  PID:8936
- C:\Windows\System\jvptWVM.exe
  C:\Windows\System\jvptWVM.exe
  2⤵
  PID:8952
- C:\Windows\System\cBVOZIo.exe
  C:\Windows\System\cBVOZIo.exe
  2⤵
  PID:8968
- C:\Windows\System\ntdzyjh.exe
  C:\Windows\System\ntdzyjh.exe
  2⤵
  PID:8984
- C:\Windows\System\UZLBwCo.exe
  C:\Windows\System\UZLBwCo.exe
  2⤵
  PID:9000
- C:\Windows\System\iBgIQZc.exe
  C:\Windows\System\iBgIQZc.exe
  2⤵
  PID:9016
- C:\Windows\System\iRLzhKD.exe
  C:\Windows\System\iRLzhKD.exe
  2⤵
  PID:9032
- C:\Windows\System\ciFhshX.exe
  C:\Windows\System\ciFhshX.exe
  2⤵
  PID:9048
- C:\Windows\System\YLGETDW.exe
  C:\Windows\System\YLGETDW.exe
  2⤵
  PID:9064
- C:\Windows\System\LiXjZhv.exe
  C:\Windows\System\LiXjZhv.exe
  2⤵
  PID:9080
- C:\Windows\System\rXWizEA.exe
  C:\Windows\System\rXWizEA.exe
  2⤵
  PID:9096
- C:\Windows\System\jRaFsIB.exe
  C:\Windows\System\jRaFsIB.exe
  2⤵
  PID:9112
- C:\Windows\System\IIGGfOS.exe
  C:\Windows\System\IIGGfOS.exe
  2⤵
  PID:9128
- C:\Windows\System\IKAimCR.exe
  C:\Windows\System\IKAimCR.exe
  2⤵
  PID:9144
- C:\Windows\System\wHlYQum.exe
  C:\Windows\System\wHlYQum.exe
  2⤵
  PID:9160
- C:\Windows\System\VBtrXut.exe
  C:\Windows\System\VBtrXut.exe
  2⤵
  PID:9176
- C:\Windows\System\brGFaPe.exe
  C:\Windows\System\brGFaPe.exe
  2⤵
  PID:9192
- C:\Windows\System\lLtZuNQ.exe
  C:\Windows\System\lLtZuNQ.exe
  2⤵
  PID:9208
- C:\Windows\System\GcBpsvJ.exe
  C:\Windows\System\GcBpsvJ.exe
  2⤵
  PID:7788
- C:\Windows\System\gnTdYLu.exe
  C:\Windows\System\gnTdYLu.exe
  2⤵
  PID:8252
- C:\Windows\System\juUknln.exe
  C:\Windows\System\juUknln.exe
  2⤵
  PID:8304
- C:\Windows\System\qfqFVXN.exe
  C:\Windows\System\qfqFVXN.exe
  2⤵
  PID:8288
- C:\Windows\System\MghPzpI.exe
  C:\Windows\System\MghPzpI.exe
  2⤵
  PID:8292
- C:\Windows\System\ytwDvfk.exe
  C:\Windows\System\ytwDvfk.exe
  2⤵
  PID:8272
- C:\Windows\System\yHWQLEa.exe
  C:\Windows\System\yHWQLEa.exe
  2⤵
  PID:8200
- C:\Windows\System\CwmuoNU.exe
  C:\Windows\System\CwmuoNU.exe
  2⤵
  PID:8348
- C:\Windows\System\VJeyerN.exe
  C:\Windows\System\VJeyerN.exe
  2⤵
  PID:8396
- C:\Windows\System\MOWnKlX.exe
  C:\Windows\System\MOWnKlX.exe
  2⤵
  PID:1384
- C:\Windows\System\HaDHUcN.exe
  C:\Windows\System\HaDHUcN.exe
  2⤵
  PID:8376
- C:\Windows\System\aafhmBQ.exe
  C:\Windows\System\aafhmBQ.exe
  2⤵
  PID:8416
- C:\Windows\System\mSCdgWc.exe
  C:\Windows\System\mSCdgWc.exe
  2⤵
  PID:8472
- C:\Windows\System\MNYTIIE.exe
  C:\Windows\System\MNYTIIE.exe
  2⤵
  PID:8456
- C:\Windows\System\iPlBfQq.exe
  C:\Windows\System\iPlBfQq.exe
  2⤵
  PID:8536
- C:\Windows\System\kEQHuGv.exe
  C:\Windows\System\kEQHuGv.exe
  2⤵
  PID:8540
- C:\Windows\System\cMmvqEo.exe
  C:\Windows\System\cMmvqEo.exe
  2⤵
  PID:8572
- C:\Windows\System\ALqeCzp.exe
  C:\Windows\System\ALqeCzp.exe
  2⤵
  PID:8608
- C:\Windows\System\oznZIdG.exe
  C:\Windows\System\oznZIdG.exe
  2⤵
  PID:8620
- C:\Windows\System\VocMZEo.exe
  C:\Windows\System\VocMZEo.exe
  2⤵
  PID:8656
- C:\Windows\System\HyxnkpH.exe
  C:\Windows\System\HyxnkpH.exe
  2⤵
  PID:8684
- C:\Windows\System\JNKbXEC.exe
  C:\Windows\System\JNKbXEC.exe
  2⤵
  PID:8720
- C:\Windows\System\czKFdYy.exe
  C:\Windows\System\czKFdYy.exe
  2⤵
  PID:8784
- C:\Windows\System\XtYKZZR.exe
  C:\Windows\System\XtYKZZR.exe
  2⤵
  PID:8764
- C:\Windows\System\BYdLBcH.exe
  C:\Windows\System\BYdLBcH.exe
  2⤵
  PID:8832
- C:\Windows\System\LiquSBF.exe
  C:\Windows\System\LiquSBF.exe
  2⤵
  PID:8860
- C:\Windows\System\vuwkWcw.exe
  C:\Windows\System\vuwkWcw.exe
  2⤵
  PID:8924
- C:\Windows\System\RZqKxEG.exe
  C:\Windows\System\RZqKxEG.exe
  2⤵
  PID:8908
- C:\Windows\System\naVpuot.exe
  C:\Windows\System\naVpuot.exe
  2⤵
  PID:8960
- C:\Windows\System\oDtEhRt.exe
  C:\Windows\System\oDtEhRt.exe
  2⤵
  PID:8992
- C:\Windows\System\iXcKVjE.exe
  C:\Windows\System\iXcKVjE.exe
  2⤵
  PID:9056
- C:\Windows\System\NBLLXRt.exe
  C:\Windows\System\NBLLXRt.exe
  2⤵
  PID:9040
- C:\Windows\System\EkLqSaj.exe
  C:\Windows\System\EkLqSaj.exe
  2⤵
  PID:9088
- C:\Windows\System\yfJPknq.exe
  C:\Windows\System\yfJPknq.exe
  2⤵
  PID:9104
- C:\Windows\System\UMGyPUQ.exe
  C:\Windows\System\UMGyPUQ.exe
  2⤵
  PID:9156
- C:\Windows\System\tkSSptI.exe
  C:\Windows\System\tkSSptI.exe
  2⤵
  PID:9172
- C:\Windows\System\wfzorUE.exe
  C:\Windows\System\wfzorUE.exe
  2⤵
  PID:9204
- C:\Windows\System\MMyDAbo.exe
  C:\Windows\System\MMyDAbo.exe
  2⤵
  PID:8220
- C:\Windows\System\gSGAZxC.exe
  C:\Windows\System\gSGAZxC.exe
  2⤵
  PID:8296
- C:\Windows\System\ymghzQc.exe
  C:\Windows\System\ymghzQc.exe
  2⤵
  PID:8268
- C:\Windows\System\gbMhwOQ.exe
  C:\Windows\System\gbMhwOQ.exe
  2⤵
  PID:8356
- C:\Windows\System\HNYSSZd.exe
  C:\Windows\System\HNYSSZd.exe
  2⤵
  PID:8368
- C:\Windows\System\xqJCdXT.exe
  C:\Windows\System\xqJCdXT.exe
  2⤵
  PID:8408
- C:\Windows\System\goIZpQV.exe
  C:\Windows\System\goIZpQV.exe
  2⤵
  PID:8488
- C:\Windows\System\RHpcIGs.exe
  C:\Windows\System\RHpcIGs.exe
  2⤵
  PID:8552
- C:\Windows\System\rVdoDld.exe
  C:\Windows\System\rVdoDld.exe
  2⤵
  PID:8520
- C:\Windows\System\rvsNeal.exe
  C:\Windows\System\rvsNeal.exe
  2⤵
  PID:8700
- C:\Windows\System\bBiCJeg.exe
  C:\Windows\System\bBiCJeg.exe
  2⤵
  PID:8716
- C:\Windows\System\WmJmdyc.exe
  C:\Windows\System\WmJmdyc.exe
  2⤵
  PID:8816
- C:\Windows\System\PBTZiJa.exe
  C:\Windows\System\PBTZiJa.exe
  2⤵
  PID:8876
- C:\Windows\System\unmjucM.exe
  C:\Windows\System\unmjucM.exe
  2⤵
  PID:8892
- C:\Windows\System\SDZLamo.exe
  C:\Windows\System\SDZLamo.exe
  2⤵
  PID:9024
- C:\Windows\System\rpgOzJk.exe
  C:\Windows\System\rpgOzJk.exe
  2⤵
  PID:9008
- C:\Windows\System\WXMYmvu.exe
  C:\Windows\System\WXMYmvu.exe
  2⤵
  PID:9124
- C:\Windows\System\ALauJQy.exe
  C:\Windows\System\ALauJQy.exe
  2⤵
  PID:9184
- C:\Windows\System\FFoWXdS.exe
  C:\Windows\System\FFoWXdS.exe
  2⤵
  PID:7644
- C:\Windows\System\CZcZDLf.exe
  C:\Windows\System\CZcZDLf.exe
  2⤵
  PID:8328
- C:\Windows\System\wqOuLMY.exe
  C:\Windows\System\wqOuLMY.exe
  2⤵
  PID:8372
- C:\Windows\System\zQFzciS.exe
  C:\Windows\System\zQFzciS.exe
  2⤵
  PID:8440
- C:\Windows\System\CAIXsJo.exe
  C:\Windows\System\CAIXsJo.exe
  2⤵
  PID:8636
- C:\Windows\System\yNtFIUW.exe
  C:\Windows\System\yNtFIUW.exe
  2⤵
  PID:8688
- C:\Windows\System\lHRLhfJ.exe
  C:\Windows\System\lHRLhfJ.exe
  2⤵
  PID:8796
- C:\Windows\System\HeKuKgC.exe
  C:\Windows\System\HeKuKgC.exe
  2⤵
  PID:9012
- C:\Windows\System\wmFobCT.exe
  C:\Windows\System\wmFobCT.exe
  2⤵
  PID:9140
- C:\Windows\System\HtVRYwW.exe
  C:\Windows\System\HtVRYwW.exe
  2⤵
  PID:8452
- C:\Windows\System\BeYbqTG.exe
  C:\Windows\System\BeYbqTG.exe
  2⤵
  PID:8492
- C:\Windows\System\CdVPrZb.exe
  C:\Windows\System\CdVPrZb.exe
  2⤵
  PID:8524
- C:\Windows\System\lGPJuEy.exe
  C:\Windows\System\lGPJuEy.exe
  2⤵
  PID:8848
- C:\Windows\System\uUPWJWm.exe
  C:\Windows\System\uUPWJWm.exe
  2⤵
  PID:9152
- C:\Windows\System\aICIMdz.exe
  C:\Windows\System\aICIMdz.exe
  2⤵
  PID:8240
- C:\Windows\System\YavakCp.exe
  C:\Windows\System\YavakCp.exe
  2⤵
  PID:8980
- C:\Windows\System\PeDMCJd.exe
  C:\Windows\System\PeDMCJd.exe
  2⤵
  PID:9224
- C:\Windows\System\QvwuLGR.exe
  C:\Windows\System\QvwuLGR.exe
  2⤵
  PID:9240
- C:\Windows\System\WlvXahM.exe
  C:\Windows\System\WlvXahM.exe
  2⤵
  PID:9256
- C:\Windows\System\qJDbKzr.exe
  C:\Windows\System\qJDbKzr.exe
  2⤵
  PID:9272
- C:\Windows\System\kaApasy.exe
  C:\Windows\System\kaApasy.exe
  2⤵
  PID:9288
- C:\Windows\System\hpkaiKX.exe
  C:\Windows\System\hpkaiKX.exe
  2⤵
  PID:9304
- C:\Windows\System\SUXwwQL.exe
  C:\Windows\System\SUXwwQL.exe
  2⤵
  PID:9320
- C:\Windows\System\ngHLFTR.exe
  C:\Windows\System\ngHLFTR.exe
  2⤵
  PID:9336
- C:\Windows\System\ILuiAlE.exe
  C:\Windows\System\ILuiAlE.exe
  2⤵
  PID:9352
- C:\Windows\System\ajfpTtE.exe
  C:\Windows\System\ajfpTtE.exe
  2⤵
  PID:9368
- C:\Windows\System\VvsBYmf.exe
  C:\Windows\System\VvsBYmf.exe
  2⤵
  PID:9384
- C:\Windows\System\SkVLLzC.exe
  C:\Windows\System\SkVLLzC.exe
  2⤵
  PID:9400
- C:\Windows\System\pidTBqB.exe
  C:\Windows\System\pidTBqB.exe
  2⤵
  PID:9416
- C:\Windows\System\aTeTVuR.exe
  C:\Windows\System\aTeTVuR.exe
  2⤵
  PID:9432
- C:\Windows\System\GfCjskz.exe
  C:\Windows\System\GfCjskz.exe
  2⤵
  PID:9448
- C:\Windows\System\OWBMZSS.exe
  C:\Windows\System\OWBMZSS.exe
  2⤵
  PID:9464
- C:\Windows\System\Jjrools.exe
  C:\Windows\System\Jjrools.exe
  2⤵
  PID:9480
- C:\Windows\System\eBujgJT.exe
  C:\Windows\System\eBujgJT.exe
  2⤵
  PID:9496
- C:\Windows\System\EJsymwS.exe
  C:\Windows\System\EJsymwS.exe
  2⤵
  PID:9512
- C:\Windows\System\QLYivbm.exe
  C:\Windows\System\QLYivbm.exe
  2⤵
  PID:9528
- C:\Windows\System\qpDKDJQ.exe
  C:\Windows\System\qpDKDJQ.exe
  2⤵
  PID:9544
- C:\Windows\System\RrPFjOB.exe
  C:\Windows\System\RrPFjOB.exe
  2⤵
  PID:9560
- C:\Windows\System\pIYPFxV.exe
  C:\Windows\System\pIYPFxV.exe
  2⤵
  PID:9580
- C:\Windows\System\NsSheMX.exe
  C:\Windows\System\NsSheMX.exe
  2⤵
  PID:9596
- C:\Windows\System\yeAwMYO.exe
  C:\Windows\System\yeAwMYO.exe
  2⤵
  PID:9612
- C:\Windows\System\JSUCWVD.exe
  C:\Windows\System\JSUCWVD.exe
  2⤵
  PID:9628
- C:\Windows\System\lyFlYrn.exe
  C:\Windows\System\lyFlYrn.exe
  2⤵
  PID:9644
- C:\Windows\System\TGWtvZT.exe
  C:\Windows\System\TGWtvZT.exe
  2⤵
  PID:9660
- C:\Windows\System\STbfJDf.exe
  C:\Windows\System\STbfJDf.exe
  2⤵
  PID:9676
- C:\Windows\System\MQRsZHQ.exe
  C:\Windows\System\MQRsZHQ.exe
  2⤵
  PID:9692
- C:\Windows\System\HERuUrN.exe
  C:\Windows\System\HERuUrN.exe
  2⤵
  PID:9708
- C:\Windows\System\LsjmwQu.exe
  C:\Windows\System\LsjmwQu.exe
  2⤵
  PID:9724
- C:\Windows\System\ofcqVFX.exe
  C:\Windows\System\ofcqVFX.exe
  2⤵
  PID:9740
- C:\Windows\System\ZBOyqaZ.exe
  C:\Windows\System\ZBOyqaZ.exe
  2⤵
  PID:9756
- C:\Windows\System\gerUGFN.exe
  C:\Windows\System\gerUGFN.exe
  2⤵
  PID:9772
- C:\Windows\System\GWWEOcb.exe
  C:\Windows\System\GWWEOcb.exe
  2⤵
  PID:9788
- C:\Windows\System\GPHrgKa.exe
  C:\Windows\System\GPHrgKa.exe
  2⤵
  PID:9804
- C:\Windows\System\gcOxzfv.exe
  C:\Windows\System\gcOxzfv.exe
  2⤵
  PID:9820
- C:\Windows\System\lfGsdcs.exe
  C:\Windows\System\lfGsdcs.exe
  2⤵
  PID:9836
- C:\Windows\System\rODuQvn.exe
  C:\Windows\System\rODuQvn.exe
  2⤵
  PID:9852
- C:\Windows\System\hlsDCXv.exe
  C:\Windows\System\hlsDCXv.exe
  2⤵
  PID:9868
- C:\Windows\System\HiAoTWT.exe
  C:\Windows\System\HiAoTWT.exe
  2⤵
  PID:9884
- C:\Windows\System\mlRtmlo.exe
  C:\Windows\System\mlRtmlo.exe
  2⤵
  PID:9900
- C:\Windows\System\BHHhvKI.exe
  C:\Windows\System\BHHhvKI.exe
  2⤵
  PID:9916
- C:\Windows\System\whREUZO.exe
  C:\Windows\System\whREUZO.exe
  2⤵
  PID:9932
- C:\Windows\System\BQmUXIA.exe
  C:\Windows\System\BQmUXIA.exe
  2⤵
  PID:9948
- C:\Windows\System\pelKSCg.exe
  C:\Windows\System\pelKSCg.exe
  2⤵
  PID:9964
- C:\Windows\System\GuoeYDn.exe
  C:\Windows\System\GuoeYDn.exe
  2⤵
  PID:9980
- C:\Windows\System\rTmwvxV.exe
  C:\Windows\System\rTmwvxV.exe
  2⤵
  PID:9996
- C:\Windows\System\sqNpbdz.exe
  C:\Windows\System\sqNpbdz.exe
  2⤵
  PID:10012
- C:\Windows\System\IrhIqmc.exe
  C:\Windows\System\IrhIqmc.exe
  2⤵
  PID:10028
- C:\Windows\System\ialCnPZ.exe
  C:\Windows\System\ialCnPZ.exe
  2⤵
  PID:10044
- C:\Windows\System\LjvOHRB.exe
  C:\Windows\System\LjvOHRB.exe
  2⤵
  PID:10060
- C:\Windows\System\ExTwzmu.exe
  C:\Windows\System\ExTwzmu.exe
  2⤵
  PID:10084
- C:\Windows\System\XzrmLAV.exe
  C:\Windows\System\XzrmLAV.exe
  2⤵
  PID:10100
- C:\Windows\System\ZSFPMsM.exe
  C:\Windows\System\ZSFPMsM.exe
  2⤵
  PID:10116
- C:\Windows\System\MIzSPnK.exe
  C:\Windows\System\MIzSPnK.exe
  2⤵
  PID:10132
- C:\Windows\System\ShMrQaZ.exe
  C:\Windows\System\ShMrQaZ.exe
  2⤵
  PID:10148
- C:\Windows\System\WZRSkkM.exe
  C:\Windows\System\WZRSkkM.exe
  2⤵
  PID:10164
- C:\Windows\System\FuQmFeG.exe
  C:\Windows\System\FuQmFeG.exe
  2⤵
  PID:10180
- C:\Windows\System\rawHwSZ.exe
  C:\Windows\System\rawHwSZ.exe
  2⤵
  PID:10196
- C:\Windows\System\TeODGHI.exe
  C:\Windows\System\TeODGHI.exe
  2⤵
  PID:10212
- C:\Windows\System\UlKEHYu.exe
  C:\Windows\System\UlKEHYu.exe
  2⤵
  PID:10228
- C:\Windows\System\MwVNJCq.exe
  C:\Windows\System\MwVNJCq.exe
  2⤵
  PID:8812
- C:\Windows\System\UCWEJmk.exe
  C:\Windows\System\UCWEJmk.exe
  2⤵
  PID:8196
- C:\Windows\System\WymcfPX.exe
  C:\Windows\System\WymcfPX.exe
  2⤵
  PID:9264
- C:\Windows\System\GMlTWQj.exe
  C:\Windows\System\GMlTWQj.exe
  2⤵
  PID:9328
- C:\Windows\System\FKFyCqE.exe
  C:\Windows\System\FKFyCqE.exe
  2⤵
  PID:9284
- C:\Windows\System\eeJKxNh.exe
  C:\Windows\System\eeJKxNh.exe
  2⤵
  PID:9360
- C:\Windows\System\FFgmzzu.exe
  C:\Windows\System\FFgmzzu.exe
  2⤵
  PID:9380
- C:\Windows\System\UxfcnDO.exe
  C:\Windows\System\UxfcnDO.exe
  2⤵
  PID:9396
- C:\Windows\System\qaAbbbK.exe
  C:\Windows\System\qaAbbbK.exe
  2⤵
  PID:9440
- C:\Windows\System\rUtkFkl.exe
  C:\Windows\System\rUtkFkl.exe
  2⤵
  PID:9476
- C:\Windows\System\exoNUoZ.exe
  C:\Windows\System\exoNUoZ.exe
  2⤵
  PID:9508
- C:\Windows\System\BnBFLXe.exe
  C:\Windows\System\BnBFLXe.exe
  2⤵
  PID:9556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AGUHpoS.exe

Filesize
6.0MB

MD5
77541311d3202dad427749ce49660c50

SHA1
6a0ce5a4f5039ebe2a279e111e5fabee945a8a69

SHA256
d67ad57dc04b046e9848104c2480f7ccf9bf46659a4c187cd5777cc91e33ba6e

SHA512
526e80b9b557e6de6569f0dd4f468606698063831753d860bab9238927a578168f57e9a839d9265592e4d644a895fbbb802b557f4c224141af82ea13d97084b4

Download Submit
C:\Windows\system\BtKQSVu.exe

Filesize
6.0MB

MD5
9bc2ebcbe27957223c655ba4c6a340b3

SHA1
e3eaac1030e57e6ebae3d73ab31a5d91e0b9186a

SHA256
2765f8b52a411b2c6c7a9116b83ecfbd41c6c9d83eeb7e357943caebc3f2d42a

SHA512
1e7a47e88feba0cc5a6e7b579aa07956f7b0ad88db7d5e2a464344379ad6907e012ef9a1c0a141448ab3640edbac7adcbbfae2a9f63bde7cff6f8bec159d2812

Download Submit
C:\Windows\system\GSazrIU.exe

Filesize
6.0MB

MD5
d6ab8767014c6902b076a6314a52c5b0

SHA1
b43541724c1cda7c1f081dc7950474c914229cdb

SHA256
a80b5c32cb78e11cffe0352a1b52636eb45a7e85fe6916f3772c05bd40d8184a

SHA512
704748aa00b13dc76e0a7be6db40246f08711ad35981525d18016628b0a411cb96c1a22a85878ed6337d0eb22a6e3b4cc59134077c8698911ad1a1f4bed32323

Download Submit
C:\Windows\system\ImlqCmG.exe

Filesize
6.0MB

MD5
44dfc4668acf3654b8b9800f2e125616

SHA1
9b4c231be8de5cf57a072de307c191ec6759999e

SHA256
8fe839d76056bc8e36113534d843eefac8ceb0b25362f31a8581b48bfaab8e45

SHA512
f173d3d67a2b984363dca73dbd442306d71037d2b7b77ac6efa7d282eaf38f0c3f0955fe8ac6c7bde735f06124cb000578bd8f889fe4122aa7b303dd0fe260c5

Download Submit
C:\Windows\system\MykCQti.exe

Filesize
6.0MB

MD5
94573d1365fb5dda416d01f594024c60

SHA1
bcff256a109e57dfc03be1af53de42ac64ae45eb

SHA256
9b0bef130f964b2947eec90b02cff98004b33d22423f6f26d5ee18faf2b938a8

SHA512
5edcc009005afe5702245b94954c8ed053b09c74d65c9d85aad46a2389cf2635556182f82c361e75264e7cd66eaa8a528bd6903cd93e150dde427801c658799c

Download Submit
C:\Windows\system\OCsoSjm.exe

Filesize
6.0MB

MD5
3d07568c416500ee69237646b03f4f05

SHA1
a73dad1b6587b6b0038f6d5e67749c6cc281747e

SHA256
114c44224a7b021dc11a1f6dc84751a0be0a88d8d47d258666ab83fa6b57b772

SHA512
de70ae8e487a521a731067bce6d99831cb9663f10d468f45d9bf2a59326733d0ddcbd6856a0b6feb7f339379af8b553dce65409b0f8455b2cc7178f8abc6cd0f

Download Submit
C:\Windows\system\OmXFGLs.exe

Filesize
6.0MB

MD5
0dd192b7c8baa2026ec4cfe2371b5230

SHA1
1f25a63ba05540f6d62a35f70770916bed157e21

SHA256
d7a84fae29535b7e424771f68d7db49b11fd6a1f77aa728b166b67cba771c0d4

SHA512
cbb277badeeb829650494e4e0436b57a9800b815ed731886281e2db85a7b63aa122f152205de4a2e1e0d34ccf1df2c11848b6a4e24b83d3bbbb3abfd4af6520b

Download Submit
C:\Windows\system\PmyQnCu.exe

Filesize
6.0MB

MD5
99df22ddebd901ca9a72b7f20e80767c

SHA1
7a9e4bb8e60f41e0b7910c6fb291fc7b472b2471

SHA256
29e20a1e18959fb1944bec3c6d3093df7937ab196b04ae29c4dace76bc8e5399

SHA512
485de0f92f88afcba1e71fd620137a68471abbffcab7d3fe964782e54339db5fea17da325da2fc1cef9403c029dddbe604d2bdf7e1c84e562e323bb3ce42ce28

Download Submit
C:\Windows\system\RBmZJhO.exe

Filesize
6.0MB

MD5
9b0b23e290bc0e180fea9acee231178f

SHA1
12e15247b54519c7936b223b1b2b77c8bb418687

SHA256
4f8f75f1be8ddb41f987fa02f94074aba5b9d8559925c77464b857882d7ddf18

SHA512
ad9f008df90f4a2a8075f2d4629a4a29675d13ab64887cf29477ee38b306596170c2b4782c4d66cdf3e4431c54ec2b420e08e9c1efaf9b5a04ad0f320e6a7828

Download Submit
C:\Windows\system\UxKjKXZ.exe

Filesize
6.0MB

MD5
2834f75abe863f59510c1c7aeda7bb7f

SHA1
9d16af967186f3844daf28281b0478da18234a9b

SHA256
4f6fa540fb24338a21578a8eb92665fcd4d466288b66d0d78b89c0ce7f67608a

SHA512
0c59cf75f550bb820a3d9be6cc6d1ef484b991e5a68d5a5c4daa33ee667ee855d16f20fadc44864e65d359e60b0d929b8738221697904ed5fb9705f80505eb8d

Download Submit
C:\Windows\system\WlEvWno.exe

Filesize
6.0MB

MD5
fd03422e31ac7f5d5bc780b3235b660d

SHA1
d5b7dfb0a7ce2220ba202e649ca72bfbb51e4f72

SHA256
8f107649f0b1880f7a81fbde6fb22795cc5e2478f6173b50ccb7e34a5d6d4bf3

SHA512
087510d2b08b21b7e4e88a3fcf7b24b640b7a2ffe5639a568eb039ce86584c9e730a87aac9b1c92a762a0b0811b16abc3c7d3cafef200519bf02afd2b55e0433

Download Submit
C:\Windows\system\XfmvQqN.exe

Filesize
6.0MB

MD5
2718b8b28d7c663643bad96768f600a0

SHA1
9b64e37db4abc9cc4ee6445ac09fc79417bf0153

SHA256
390d8744dabd62f921b7e47a23b311048d666ec5191b41e80f6d3f7fc7dbe498

SHA512
75b6a0fc06f0669363846765578393cf6118b9ed1f4242027a1b58e7dbd17ac2f8ec49ceafc9431820eefde5c597a1d731b622c65b76a38968b459f750d680ae

Download Submit
C:\Windows\system\cDDNOwy.exe

Filesize
6.0MB

MD5
3d01f625c5b837a773971f8370547a66

SHA1
35751f77fd03ba4736736407815d424f9780282a

SHA256
42568db9a362c942b4b070ef91832fe28d3055b389a8224d92b22935eae4f55e

SHA512
47c7a46654790ae49b612376181c60cf1dc40c7c274898eab3b4fecb111e1847e44fab3da4f08b6f931afa80030be36e313c3dd00078682c4240d511aba77dc0

Download Submit
C:\Windows\system\chjIErl.exe

Filesize
6.0MB

MD5
a825b27ccd26ecb345f1fa533f51d270

SHA1
6ff1428e159b3e5f98929519ada1883a01e22bbb

SHA256
5d46e33a86a8ea182aa639a2f0c9327cceb2e5b2dd5f28a299a663374ee32d0d

SHA512
185144a8824787c44f538afb9fe669cd37a611926de74fa76a6dde8f623935187a94b560023d6a9c0a6f0c177b49c300a81d9d7c40defb795d19dadc05efaf08

Download Submit
C:\Windows\system\fcgwnPA.exe

Filesize
6.0MB

MD5
79c16e1d49a589188f23f4acbe0c1d01

SHA1
d325f76b9ff07d55e6190a9ba864b2ffc790eb93

SHA256
016000cd8cd628386e3b4954f30fc3ed9edc9bf9e778fda68f35efdf91cf5f70

SHA512
2e28997301f4fed0f33b8d09751d91637d0e18493bbb83d94c6a82ef618c1dd62eee7c1fd36e1e8b51d0d8523494ab99e34031ef9258d98e86e18bdb8075bf3d

Download Submit
C:\Windows\system\gwktwEu.exe

Filesize
6.0MB

MD5
af1ffdb010fdae5b88e7897e34aef61d

SHA1
f860fe4d367664c5c48c4cda84500899e6f6ae67

SHA256
12e8b15c22925719e0f2c4b075252ba1cbb14c28777adc84ce09af418720e5fa

SHA512
db11c7a42158a68be86bf678db0976c4ae4d920dccad115074f0af1dd46beb952ed58086504dbc32d5086e6789c9a293e95f4aeb5e61421aeb7f08016e62af66

Download Submit
C:\Windows\system\hggIdwj.exe

Filesize
6.0MB

MD5
bcb3b198c55889b9ec842acd5f43c17a

SHA1
b689e062b64b8a14ae0909707008e4fb1bb35441

SHA256
9743a49e24b2d85a81d816d47a4bc1ffd5421a2b8702d95463515e562bb55117

SHA512
17d474925b32734bbd34442bd732a7e7bbd394585580c7e0d6cd884b831e362853a8939e46ae5341fb734f395a28062990ce5326933066f3f92f7c2a1470fed9

Download Submit
C:\Windows\system\kSwKIgb.exe

Filesize
6.0MB

MD5
e4cc53d5fec57d4ff676daef2004a4ee

SHA1
31a8e72c2ddb81289a059eefc227693a68d3f966

SHA256
87a24751eb03ab1cfb8fab82f15e167022a9a940aafcd322dcc7b99905e2b1de

SHA512
d4b4a65a2d5727b4a30488881bb1a33ca0771be80e68d0537e674f0367017eac8ac684515f9431512d884288c1791cf6bb9f3f5987f5865d73dd6680e89af7d7

Download Submit
C:\Windows\system\rxuxLgc.exe

Filesize
6.0MB

MD5
02a43e3839487a8a630671317290376d

SHA1
2354c975abcf55937f3740b1cdf7b70b40d50d3b

SHA256
018f95714fb99ab86c5d348880e8d64f9ab5c4848e1f5e90f03d26a2922cfe16

SHA512
5ddd43de1dcc8a4a0ecded6f9c97016470e6a5380b0f714fdd964701e04c5eafe0488f4a33f8f6903108f776d3c2cfa23086a07b08aa91d4e6bfa64cb76b605f

Download Submit
C:\Windows\system\zEefLFG.exe

Filesize
6.0MB

MD5
fc892d64047daa2a426319af52c90d63

SHA1
e037908ba00915c4763097a9c5ece641126e4f43

SHA256
687c5a0be1e3a565da3abb0ed5b70cfd99b3f897c239e0ec74a41cb610359133

SHA512
764ec7b4a6ae14f3b05c6b7e9fde16816d21d9632a2a0a1a5160c7cf69e1c90eda5f1ddee0bb41730db34603759ebe1a7228a749e32f656a4bc3b94c8989615d

Download Submit
C:\Windows\system\zolzpce.exe

Filesize
6.0MB

MD5
74e7188b9f8efde05efb7d6c534b2ea0

SHA1
70772fe66dc03a6cc3832a037d1b3151c08059ac

SHA256
b1ecc2ad5c45e7b2e74ddd8f362f38ebe964260d8c9b8ebf8ab5e9db3bb3295e

SHA512
94204c52300bfb1b91b1bbb4faf8f04810b39e9af9df11ed23adab1778a93328c82ee1dd1443705dd81487a6e82f7bc9cdb5a56a9751ca2c5152876a890514b6

Download Submit
\Windows\system\ADgesXh.exe

Filesize
6.0MB

MD5
eb9e4be7995ad31c40556838ffc1ba3e

SHA1
42691ff28e161ab779a8c40f738fc76f3ceb7c48

SHA256
ce6f4e7f2981c39fe206548079f3a679c0be2fd1fcac865563a713d942ae440a

SHA512
29f3201599cf7f4725ca66aa422815831bf2637fef16db8d77259dbf4eba6e00b83c8cc02893fc0f43ec5eb17d988210490cd0470afd1e1e0d2fe6deb288a627

Download Submit
\Windows\system\OOvMigp.exe

Filesize
6.0MB

MD5
2cfdc434c2d25e8265a6af4e81a56a4a

SHA1
1304744a756880b609f9ea5003c3e920e8732fbf

SHA256
fd15658253a00db9ff580c1c027cbb4a81776c14f5430923d6553082b96dc1cb

SHA512
62ad0cac689b05c6daf626258142eeaf933e79bf9d2b2e17efcc093d84d5672121569a62532d071f3b626ebb68bf217fc781f6f56f852c1ba843f0a4a7800ceb

Download Submit
\Windows\system\Ouqaqjc.exe

Filesize
6.0MB

MD5
88888fa1cd961db1ea62b6e92d5a07d0

SHA1
8ce55b42c36ce033cc006761d3e670427138c07a

SHA256
3d2b1d12dde8547c22f8410d3b10053337bc7eae68dc4131f013a987788e5314

SHA512
24a2d96b5dc95755562529f83bd9df7fd81c10e2b32c897ac1b1478f0e291512954418d0d950f92a83d800523dd0e877ca5297af49fdb767038fd7c4a24216b8

Download Submit
\Windows\system\VQlzuNX.exe

Filesize
6.0MB

MD5
d1379ab81d2e0424b0321dd250bfd354

SHA1
e12b5159f28132fecbd6e54483d9ced38e4c095e

SHA256
0417b779fba49213f92811a66539318d6f3a580da06b3d85b80d996bb1d0a7ac

SHA512
9406bb31db41367ccda9bdb6e88d7cad872c45ab4d7a2680d47a60e8875ef03bd58d8b400c7aba570410f625a6684be9e70a494b9e395b83e974a5fea9cc38e6

Download Submit
\Windows\system\cCdoRyX.exe

Filesize
6.0MB

MD5
d70e489a20748b3eb7b90e74efc4602d

SHA1
b4d72d7dc0bd157ab25d5a2d841c895cc187d3bc

SHA256
fb23534b3ea0b47074e31d24aa4fcb641b2c287f73befc6f7750d41d6f863f8f

SHA512
5659f62a49928906e848d0e595b32821c4f84a74b8b55cf763f026a9e7844b879fdcde2a501dd89061228501073361becf1330835f271918425d7ab6cafdebf5

Download Submit
\Windows\system\cxRLcmu.exe

Filesize
6.0MB

MD5
261bc1f08b51cc4b85560f956145eea5

SHA1
f74580f20c6f7f17ae974618253529b3018397cf

SHA256
f67d39ee4f2829b5e67cf6c26123bf8db6c7d3a88e69fb491949f551523caec4

SHA512
031b42c3dbf661812ef29a08533f495f6121d5f68c62f4106b409727727c4a8714d5b7a358542b1f27c41c3aa81970301647fc0461f2d334429968f11c7db200

Download Submit
\Windows\system\ibgzTrj.exe

Filesize
6.0MB

MD5
d92613fb88d94098cd68fe4a80af013e

SHA1
32049e51e41b550d6a26a6affe7c1a44a1be55cf

SHA256
18b93303435c7894a9920169d87779467e6d651adc32495b909b2e713b3c6e55

SHA512
4b635d8c2b69ba7694be9021c612eea9f444bda822525488b675252a10bc93dd452722c1fca83d557dfb3aa2520a111ccd8a5595a41feffc57064e1c8ebf156f

Download Submit
\Windows\system\jnuneTX.exe

Filesize
6.0MB

MD5
52fd65c20561c82c14b0bd7921c8df2d

SHA1
f7ff6d4f6c2eac1bd38ff5d0c2fc6e998d729192

SHA256
5264943e161e539b8b9e92ce395f113158383a26f676ea6814bd593a8098e553

SHA512
ec32de24c0b9160392d5a6d2090baa4d5136c6c52c5496a95228722139df1cf11569d598f8b73b7b2f29704037649b0514ca2366987657c9520d64bdcce5fdfc

Download Submit
\Windows\system\plGLCvp.exe

Filesize
6.0MB

MD5
80ea158e42848e958030edc369043f0c

SHA1
764da19ae82ed45caf3910cf58001769fec54868

SHA256
9d45e7124165c62de54973019032d424a0d1b50352407ce291ffa38d9510ae76

SHA512
bfa6cb258c93b7c2fcd5a9b4c80b97b709ad97ed2ed17ce3b1bcedd1cbb727f95fc7c5bdf35d5fea0a1be47f8c2c987bb32eecf99dfc565a870d9dbc583080de

Download Submit
\Windows\system\qMJsdfY.exe

Filesize
6.0MB

MD5
b00eb431d7d00aed9659d835548f1240

SHA1
b32b8948d0c4f5140c29adbe8d17d17cf70ef82f

SHA256
23f7f36c132c24b6729d47904cf0e62ce4f5325117bb901f46ae150e17e8837e

SHA512
1df7586f5e242b9994131bbdbd7ce18a7872504bfdb02e2522fd119cb2572ed0111d5f668ef5ddf9c0d60d96d37d546e196c69ff443e69734cce1775ab3202ea

Download Submit
\Windows\system\vBwFLOZ.exe

Filesize
6.0MB

MD5
f1f72c26c0f8e24fe156b9abfc165b6f

SHA1
4ef4e6197f543ff2b5e8b9d0b3caef86628ac3f6

SHA256
352d6627ee668131c10ef600a82600e0294644a401c66b4eb803e491489acb44

SHA512
46f46c0d4d6fbab1a9c207dc50bb0f353f02a541c3f1e6a6d1a8a6cfa71a9a96737f6ad83206734269c9250ed06da4269b692b9b4887e5fb26b7011d852c53b0

Download Submit
memory/536-54-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/536-26-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/536-1253-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-102-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/1960-1577-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2060-20-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-434-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2060-31-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-14-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-74-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2060-110-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2060-61-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2060-53-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-69-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-314-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2060-395-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2060-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2060-396-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2060-6-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-0-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2060-101-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-96-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2060-99-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2060-182-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2060-44-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-100-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2060-40-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2060-42-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-94-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2120-1565-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2388-52-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2388-1187-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2388-16-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-63-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2532-1250-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2568-97-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-1573-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-1186-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-8-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-46-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-270-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2724-87-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2724-1572-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2792-70-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-1522-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-1344-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-51-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-1501-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2816-62-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2924-1329-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2924-43-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-55-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-1228-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-30-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-433-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-109-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-1584-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download