cobaltstrike | 7d5a807b9a17af63416332c3a0337df03414a47f3a18072225beb14d6903daff

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-12-2024 05:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

1dc2a0c49aae8a9567dc022ddbd62f19
SHA1

f5b5deaa881b9548101aaf9575dc4a742f7b95a0
SHA256

7d5a807b9a17af63416332c3a0337df03414a47f3a18072225beb14d6903daff
SHA512

aa760fd529fcb935df79c492fb7baeacb46a37d0af2d5814544c464b9bb2f20d23eda61d17f91f1fe0c0d17a44a96b12b3b9232f0b6f6dbb307fe0f82aef930f
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU5:T+q56utgpPF8u/75

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001226d-3.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001945c-9.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001946e-11.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194ae-19.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194c9-33.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000194df-35.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194ff-54.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019438-42.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d7b-72.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f5e-87.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a427-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a6-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b4-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b6-196.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b0-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b2-185.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a494-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a483-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48f-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a481-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a460-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a434-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a433-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a431-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a429-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a31e-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2ed-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09a-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a059-94.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a063-102.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f47-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019cad-64.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3012-0-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/files/0x000c00000001226d-3.dat	xmrig
behavioral1/memory/2388-8-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/files/0x000700000001945c-9.dat	xmrig
behavioral1/files/0x000600000001946e-11.dat	xmrig
behavioral1/files/0x00060000000194ae-19.dat	xmrig
behavioral1/memory/2760-34-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x00060000000194c9-33.dat	xmrig
behavioral1/memory/1072-32-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/3012-31-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2488-30-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2692-26-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x00090000000194df-35.dat	xmrig
behavioral1/memory/2764-39-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/3012-47-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/files/0x00080000000194ff-54.dat	xmrig
behavioral1/memory/2772-48-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2996-60-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x0008000000019438-42.dat	xmrig
behavioral1/memory/2388-55-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d7b-72.dat	xmrig
behavioral1/memory/2684-73-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2772-85-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/files/0x0005000000019f5e-87.dat	xmrig
behavioral1/memory/2020-88-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2784-103-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/files/0x000500000001a427-125.dat	xmrig
behavioral1/files/0x000500000001a4a6-175.dat	xmrig
behavioral1/memory/2020-632-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2864-1222-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/1772-911-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2164-429-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2684-240-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4b4-191.dat	xmrig
behavioral1/files/0x000500000001a4b6-196.dat	xmrig
behavioral1/files/0x000500000001a4b0-181.dat	xmrig
behavioral1/files/0x000500000001a4b2-185.dat	xmrig
behavioral1/files/0x000500000001a494-170.dat	xmrig
behavioral1/files/0x000500000001a483-160.dat	xmrig
behavioral1/files/0x000500000001a48f-165.dat	xmrig
behavioral1/files/0x000500000001a481-155.dat	xmrig
behavioral1/files/0x000500000001a460-150.dat	xmrig
behavioral1/files/0x000500000001a434-145.dat	xmrig
behavioral1/files/0x000500000001a433-140.dat	xmrig
behavioral1/files/0x000500000001a431-136.dat	xmrig
behavioral1/files/0x000500000001a429-130.dat	xmrig
behavioral1/files/0x000500000001a31e-120.dat	xmrig
behavioral1/files/0x000500000001a2ed-115.dat	xmrig
behavioral1/files/0x000500000001a09a-110.dat	xmrig
behavioral1/memory/1772-95-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/files/0x000500000001a059-94.dat	xmrig
behavioral1/memory/3012-92-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2864-104-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/files/0x000500000001a063-102.dat	xmrig
behavioral1/memory/2164-81-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/files/0x0005000000019f47-80.dat	xmrig
behavioral1/memory/3012-78-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2764-77-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2784-66-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2760-65-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019cad-64.dat	xmrig
behavioral1/memory/3012-62-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2488-3524-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2388-3523-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2388	bWIbPMg.exe
2488	efUhbjw.exe
2692	ejHYgAR.exe
1072	YAQqLCb.exe
2760	qgMIPAX.exe
2764	pQcWPVa.exe
2772	XmXjpBe.exe
2996	XqUIqQK.exe
2784	Jzjhmmt.exe
2684	sxlhoZo.exe
2164	xEUFnTW.exe
2020	FEUplvp.exe
1772	IuLJZYb.exe
2864	xLWVNOP.exe
556	qnzlysf.exe
2876	mBJxEyJ.exe
1724	VSubCQD.exe
1692	TuQjdBD.exe
2120	btFXGCM.exe
1340	SANINLt.exe
1492	ECqoqWB.exe
2972	IZpVAxf.exe
2960	wnhPCWA.exe
2064	LNuSRPh.exe
3004	zgtjpEJ.exe
2364	gLpPJHV.exe
1784	EnoqfjK.exe
2988	ZrtbquG.exe
836	IXtMIlk.exe
3040	zkmoFIE.exe
1516	gPhvUyd.exe
1320	RqBxQLJ.exe
2260	hcRIhzC.exe
1080	LdHudMq.exe
1616	JgMWhwF.exe
1328	xSPtUOC.exe
2440	PxyTUpF.exe
2348	nLSUyDr.exe
1652	YgfycwH.exe
960	tATEREb.exe
2080	NQqdiHB.exe
1952	NVmrwZG.exe
1448	itLGEkR.exe
2128	NtgXADK.exe
2332	gfLxeZJ.exe
696	CpUyCGE.exe
1972	qpmpLPU.exe
1944	jcDgXFP.exe
396	BJDCKVC.exe
552	QqsLGuW.exe
3016	TcgrnuC.exe
2520	PZiFDqW.exe
1576	eJCzaam.exe
2504	PxItHiS.exe
2408	KaQEgoV.exe
2796	dMCabPj.exe
3028	BQmrOqL.exe
2808	uXMtRld.exe
2840	qCJubmb.exe
2812	QEjVmfU.exe
2828	sFOZHtH.exe
2848	pkPmhXM.exe
496	TDawmAz.exe
2668	UndAgNS.exe

Loads dropped DLL 64 IoCs

pid	Process
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3012-0-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/files/0x000c00000001226d-3.dat	upx
behavioral1/memory/2388-8-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/files/0x000700000001945c-9.dat	upx
behavioral1/files/0x000600000001946e-11.dat	upx
behavioral1/files/0x00060000000194ae-19.dat	upx
behavioral1/memory/2760-34-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x00060000000194c9-33.dat	upx
behavioral1/memory/1072-32-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2488-30-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2692-26-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x00090000000194df-35.dat	upx
behavioral1/memory/2764-39-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/3012-47-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/files/0x00080000000194ff-54.dat	upx
behavioral1/memory/2772-48-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2996-60-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x0008000000019438-42.dat	upx
behavioral1/memory/2388-55-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/files/0x0005000000019d7b-72.dat	upx
behavioral1/memory/2684-73-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2772-85-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/files/0x0005000000019f5e-87.dat	upx
behavioral1/memory/2020-88-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2784-103-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/files/0x000500000001a427-125.dat	upx
behavioral1/files/0x000500000001a4a6-175.dat	upx
behavioral1/memory/2020-632-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2864-1222-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/1772-911-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2164-429-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2684-240-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x000500000001a4b4-191.dat	upx
behavioral1/files/0x000500000001a4b6-196.dat	upx
behavioral1/files/0x000500000001a4b0-181.dat	upx
behavioral1/files/0x000500000001a4b2-185.dat	upx
behavioral1/files/0x000500000001a494-170.dat	upx
behavioral1/files/0x000500000001a483-160.dat	upx
behavioral1/files/0x000500000001a48f-165.dat	upx
behavioral1/files/0x000500000001a481-155.dat	upx
behavioral1/files/0x000500000001a460-150.dat	upx
behavioral1/files/0x000500000001a434-145.dat	upx
behavioral1/files/0x000500000001a433-140.dat	upx
behavioral1/files/0x000500000001a431-136.dat	upx
behavioral1/files/0x000500000001a429-130.dat	upx
behavioral1/files/0x000500000001a31e-120.dat	upx
behavioral1/files/0x000500000001a2ed-115.dat	upx
behavioral1/files/0x000500000001a09a-110.dat	upx
behavioral1/memory/1772-95-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/files/0x000500000001a059-94.dat	upx
behavioral1/memory/2864-104-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/files/0x000500000001a063-102.dat	upx
behavioral1/memory/2164-81-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/files/0x0005000000019f47-80.dat	upx
behavioral1/memory/2764-77-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2784-66-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2760-65-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x0006000000019cad-64.dat	upx
behavioral1/memory/2488-3524-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2388-3523-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2692-3525-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/1072-3526-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2764-3667-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2996-3688-0x000000013F400000-0x000000013F754000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\EpXlleP.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RoKMbyx.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lqKKYhK.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JcHZzce.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gxNddIL.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WFynARM.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ILdrzFc.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XkOsIXO.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\voNiBTF.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TszczIW.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qBnkwvs.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rPIBSor.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ytozkmA.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xnADaTp.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JVXHSYe.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JBPBQiF.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vFBnSIE.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nDcWBGB.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RTYYvtK.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RUmHzUy.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ixYisyB.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mzupDus.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KcfxPQN.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpgchLL.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lhXdWfG.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RNRvbyp.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KCvIjqn.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MIbeSQG.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ALBqofM.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xslCIdw.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mlZPinr.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VCqOUTK.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dvcudvN.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FtNSccf.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EtFxmak.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bKhIMnm.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dvYsfpu.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ChHsPgd.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cgfpVdh.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lYKHFdE.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rjEKtFt.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\adauuAl.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XTyfzTw.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gDokQXT.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NtmYyHj.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mxBdbLg.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xRSnzLL.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AydyPDr.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QebIedT.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QEjVmfU.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kijVFgA.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IVqKJTc.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\roiXzBa.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EVBDuCW.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qMMDRKO.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XJEjeOJ.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iCFBtcb.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KPizQJV.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tkvMTmP.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fozSEbV.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qbGORAZ.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YvGCnVi.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vaYaeqX.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CHuimiL.exe	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2388	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3012 wrote to memory of 2388	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3012 wrote to memory of 2388	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3012 wrote to memory of 2488	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3012 wrote to memory of 2488	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3012 wrote to memory of 2488	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3012 wrote to memory of 2692	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3012 wrote to memory of 2692	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3012 wrote to memory of 2692	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3012 wrote to memory of 1072	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3012 wrote to memory of 1072	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3012 wrote to memory of 1072	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3012 wrote to memory of 2760	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3012 wrote to memory of 2760	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3012 wrote to memory of 2760	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3012 wrote to memory of 2764	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3012 wrote to memory of 2764	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3012 wrote to memory of 2764	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3012 wrote to memory of 2772	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3012 wrote to memory of 2772	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3012 wrote to memory of 2772	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3012 wrote to memory of 2996	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3012 wrote to memory of 2996	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3012 wrote to memory of 2996	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3012 wrote to memory of 2784	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3012 wrote to memory of 2784	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3012 wrote to memory of 2784	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3012 wrote to memory of 2684	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3012 wrote to memory of 2684	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3012 wrote to memory of 2684	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3012 wrote to memory of 2164	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3012 wrote to memory of 2164	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3012 wrote to memory of 2164	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3012 wrote to memory of 2020	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3012 wrote to memory of 2020	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3012 wrote to memory of 2020	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3012 wrote to memory of 1772	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3012 wrote to memory of 1772	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3012 wrote to memory of 1772	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3012 wrote to memory of 2864	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3012 wrote to memory of 2864	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3012 wrote to memory of 2864	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3012 wrote to memory of 556	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3012 wrote to memory of 556	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3012 wrote to memory of 556	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3012 wrote to memory of 2876	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3012 wrote to memory of 2876	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3012 wrote to memory of 2876	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3012 wrote to memory of 1724	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3012 wrote to memory of 1724	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3012 wrote to memory of 1724	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3012 wrote to memory of 1692	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3012 wrote to memory of 1692	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3012 wrote to memory of 1692	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3012 wrote to memory of 2120	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3012 wrote to memory of 2120	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3012 wrote to memory of 2120	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3012 wrote to memory of 1340	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3012 wrote to memory of 1340	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3012 wrote to memory of 1340	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3012 wrote to memory of 1492	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3012 wrote to memory of 1492	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3012 wrote to memory of 1492	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3012 wrote to memory of 2972	3012	2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-27_1dc2a0c49aae8a9567dc022ddbd62f19_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Windows\System\bWIbPMg.exe
  C:\Windows\System\bWIbPMg.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\efUhbjw.exe
  C:\Windows\System\efUhbjw.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\ejHYgAR.exe
  C:\Windows\System\ejHYgAR.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\YAQqLCb.exe
  C:\Windows\System\YAQqLCb.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\qgMIPAX.exe
  C:\Windows\System\qgMIPAX.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\pQcWPVa.exe
  C:\Windows\System\pQcWPVa.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\XmXjpBe.exe
  C:\Windows\System\XmXjpBe.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\XqUIqQK.exe
  C:\Windows\System\XqUIqQK.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\Jzjhmmt.exe
  C:\Windows\System\Jzjhmmt.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\sxlhoZo.exe
  C:\Windows\System\sxlhoZo.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\xEUFnTW.exe
  C:\Windows\System\xEUFnTW.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\FEUplvp.exe
  C:\Windows\System\FEUplvp.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\IuLJZYb.exe
  C:\Windows\System\IuLJZYb.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\xLWVNOP.exe
  C:\Windows\System\xLWVNOP.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\qnzlysf.exe
  C:\Windows\System\qnzlysf.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\mBJxEyJ.exe
  C:\Windows\System\mBJxEyJ.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\VSubCQD.exe
  C:\Windows\System\VSubCQD.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\TuQjdBD.exe
  C:\Windows\System\TuQjdBD.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\btFXGCM.exe
  C:\Windows\System\btFXGCM.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\SANINLt.exe
  C:\Windows\System\SANINLt.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\ECqoqWB.exe
  C:\Windows\System\ECqoqWB.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\IZpVAxf.exe
  C:\Windows\System\IZpVAxf.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\wnhPCWA.exe
  C:\Windows\System\wnhPCWA.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\LNuSRPh.exe
  C:\Windows\System\LNuSRPh.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\zgtjpEJ.exe
  C:\Windows\System\zgtjpEJ.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\gLpPJHV.exe
  C:\Windows\System\gLpPJHV.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\EnoqfjK.exe
  C:\Windows\System\EnoqfjK.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\ZrtbquG.exe
  C:\Windows\System\ZrtbquG.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\IXtMIlk.exe
  C:\Windows\System\IXtMIlk.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\zkmoFIE.exe
  C:\Windows\System\zkmoFIE.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\gPhvUyd.exe
  C:\Windows\System\gPhvUyd.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\RqBxQLJ.exe
  C:\Windows\System\RqBxQLJ.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\hcRIhzC.exe
  C:\Windows\System\hcRIhzC.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\LdHudMq.exe
  C:\Windows\System\LdHudMq.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\JgMWhwF.exe
  C:\Windows\System\JgMWhwF.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\xSPtUOC.exe
  C:\Windows\System\xSPtUOC.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\PxyTUpF.exe
  C:\Windows\System\PxyTUpF.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\nLSUyDr.exe
  C:\Windows\System\nLSUyDr.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\YgfycwH.exe
  C:\Windows\System\YgfycwH.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\tATEREb.exe
  C:\Windows\System\tATEREb.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\NQqdiHB.exe
  C:\Windows\System\NQqdiHB.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\NVmrwZG.exe
  C:\Windows\System\NVmrwZG.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\itLGEkR.exe
  C:\Windows\System\itLGEkR.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\NtgXADK.exe
  C:\Windows\System\NtgXADK.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\gfLxeZJ.exe
  C:\Windows\System\gfLxeZJ.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\CpUyCGE.exe
  C:\Windows\System\CpUyCGE.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\qpmpLPU.exe
  C:\Windows\System\qpmpLPU.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\jcDgXFP.exe
  C:\Windows\System\jcDgXFP.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\BJDCKVC.exe
  C:\Windows\System\BJDCKVC.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\QqsLGuW.exe
  C:\Windows\System\QqsLGuW.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\TcgrnuC.exe
  C:\Windows\System\TcgrnuC.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\PZiFDqW.exe
  C:\Windows\System\PZiFDqW.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\eJCzaam.exe
  C:\Windows\System\eJCzaam.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\PxItHiS.exe
  C:\Windows\System\PxItHiS.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\KaQEgoV.exe
  C:\Windows\System\KaQEgoV.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\dMCabPj.exe
  C:\Windows\System\dMCabPj.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\BQmrOqL.exe
  C:\Windows\System\BQmrOqL.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\uXMtRld.exe
  C:\Windows\System\uXMtRld.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\qCJubmb.exe
  C:\Windows\System\qCJubmb.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\QEjVmfU.exe
  C:\Windows\System\QEjVmfU.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\sFOZHtH.exe
  C:\Windows\System\sFOZHtH.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\pkPmhXM.exe
  C:\Windows\System\pkPmhXM.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\TDawmAz.exe
  C:\Windows\System\TDawmAz.exe
  2⤵
  - Executes dropped EXE
  PID:496
- C:\Windows\System\UndAgNS.exe
  C:\Windows\System\UndAgNS.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\IgMxuvf.exe
  C:\Windows\System\IgMxuvf.exe
  2⤵
  PID:2336
- C:\Windows\System\GciweJb.exe
  C:\Windows\System\GciweJb.exe
  2⤵
  PID:1288
- C:\Windows\System\uipfpYk.exe
  C:\Windows\System\uipfpYk.exe
  2⤵
  PID:2944
- C:\Windows\System\AcxHrIY.exe
  C:\Windows\System\AcxHrIY.exe
  2⤵
  PID:804
- C:\Windows\System\wPiQmFi.exe
  C:\Windows\System\wPiQmFi.exe
  2⤵
  PID:2964
- C:\Windows\System\uGrqbHs.exe
  C:\Windows\System\uGrqbHs.exe
  2⤵
  PID:2460
- C:\Windows\System\eDMcoIn.exe
  C:\Windows\System\eDMcoIn.exe
  2⤵
  PID:2648
- C:\Windows\System\SgXnljS.exe
  C:\Windows\System\SgXnljS.exe
  2⤵
  PID:1564
- C:\Windows\System\ixYisyB.exe
  C:\Windows\System\ixYisyB.exe
  2⤵
  PID:1456
- C:\Windows\System\WTDkjZt.exe
  C:\Windows\System\WTDkjZt.exe
  2⤵
  PID:1872
- C:\Windows\System\QHdIPRX.exe
  C:\Windows\System\QHdIPRX.exe
  2⤵
  PID:2564
- C:\Windows\System\yEPvcRF.exe
  C:\Windows\System\yEPvcRF.exe
  2⤵
  PID:1748
- C:\Windows\System\lZOcJCT.exe
  C:\Windows\System\lZOcJCT.exe
  2⤵
  PID:2472
- C:\Windows\System\BUtzOBB.exe
  C:\Windows\System\BUtzOBB.exe
  2⤵
  PID:1716
- C:\Windows\System\jhLyxiu.exe
  C:\Windows\System\jhLyxiu.exe
  2⤵
  PID:872
- C:\Windows\System\radaCNu.exe
  C:\Windows\System\radaCNu.exe
  2⤵
  PID:1624
- C:\Windows\System\BguqtVH.exe
  C:\Windows\System\BguqtVH.exe
  2⤵
  PID:2356
- C:\Windows\System\uuevroL.exe
  C:\Windows\System\uuevroL.exe
  2⤵
  PID:568
- C:\Windows\System\XgJWlNt.exe
  C:\Windows\System\XgJWlNt.exe
  2⤵
  PID:2308
- C:\Windows\System\bvwnxpk.exe
  C:\Windows\System\bvwnxpk.exe
  2⤵
  PID:764
- C:\Windows\System\gWCWbTE.exe
  C:\Windows\System\gWCWbTE.exe
  2⤵
  PID:2196
- C:\Windows\System\XDgyTeW.exe
  C:\Windows\System\XDgyTeW.exe
  2⤵
  PID:1968
- C:\Windows\System\yArNpxO.exe
  C:\Windows\System\yArNpxO.exe
  2⤵
  PID:1552
- C:\Windows\System\VluLHvK.exe
  C:\Windows\System\VluLHvK.exe
  2⤵
  PID:2400
- C:\Windows\System\oTkxrDf.exe
  C:\Windows\System\oTkxrDf.exe
  2⤵
  PID:3008
- C:\Windows\System\eYuGOuQ.exe
  C:\Windows\System\eYuGOuQ.exe
  2⤵
  PID:1704
- C:\Windows\System\gqmRbXp.exe
  C:\Windows\System\gqmRbXp.exe
  2⤵
  PID:2276
- C:\Windows\System\KYxuFTW.exe
  C:\Windows\System\KYxuFTW.exe
  2⤵
  PID:2324
- C:\Windows\System\okQiLoZ.exe
  C:\Windows\System\okQiLoZ.exe
  2⤵
  PID:2676
- C:\Windows\System\vCGyiGf.exe
  C:\Windows\System\vCGyiGf.exe
  2⤵
  PID:704
- C:\Windows\System\cxBkPbt.exe
  C:\Windows\System\cxBkPbt.exe
  2⤵
  PID:792
- C:\Windows\System\AssHmmK.exe
  C:\Windows\System\AssHmmK.exe
  2⤵
  PID:2496
- C:\Windows\System\tsvFtII.exe
  C:\Windows\System\tsvFtII.exe
  2⤵
  PID:1620
- C:\Windows\System\rBEHlvN.exe
  C:\Windows\System\rBEHlvN.exe
  2⤵
  PID:620
- C:\Windows\System\AydJoMP.exe
  C:\Windows\System\AydJoMP.exe
  2⤵
  PID:1736
- C:\Windows\System\ARKAoTh.exe
  C:\Windows\System\ARKAoTh.exe
  2⤵
  PID:2032
- C:\Windows\System\vFMxFkq.exe
  C:\Windows\System\vFMxFkq.exe
  2⤵
  PID:656
- C:\Windows\System\DvovfVc.exe
  C:\Windows\System\DvovfVc.exe
  2⤵
  PID:1860
- C:\Windows\System\EIQERoh.exe
  C:\Windows\System\EIQERoh.exe
  2⤵
  PID:2292
- C:\Windows\System\MptRNIi.exe
  C:\Windows\System\MptRNIi.exe
  2⤵
  PID:2284
- C:\Windows\System\rCTqCnC.exe
  C:\Windows\System\rCTqCnC.exe
  2⤵
  PID:2548
- C:\Windows\System\hwVcHTg.exe
  C:\Windows\System\hwVcHTg.exe
  2⤵
  PID:2788
- C:\Windows\System\jCRHvwM.exe
  C:\Windows\System\jCRHvwM.exe
  2⤵
  PID:848
- C:\Windows\System\wMvSmfe.exe
  C:\Windows\System\wMvSmfe.exe
  2⤵
  PID:1584
- C:\Windows\System\IwZZObt.exe
  C:\Windows\System\IwZZObt.exe
  2⤵
  PID:2524
- C:\Windows\System\DCDgqKH.exe
  C:\Windows\System\DCDgqKH.exe
  2⤵
  PID:2076
- C:\Windows\System\umAtbYe.exe
  C:\Windows\System\umAtbYe.exe
  2⤵
  PID:2644
- C:\Windows\System\maHiBKZ.exe
  C:\Windows\System\maHiBKZ.exe
  2⤵
  PID:2780
- C:\Windows\System\gxCPQZR.exe
  C:\Windows\System\gxCPQZR.exe
  2⤵
  PID:2868
- C:\Windows\System\jtNYmtS.exe
  C:\Windows\System\jtNYmtS.exe
  2⤵
  PID:376
- C:\Windows\System\DXfafaH.exe
  C:\Windows\System\DXfafaH.exe
  2⤵
  PID:2224
- C:\Windows\System\eNXmUII.exe
  C:\Windows\System\eNXmUII.exe
  2⤵
  PID:2704
- C:\Windows\System\ZKzLThq.exe
  C:\Windows\System\ZKzLThq.exe
  2⤵
  PID:336
- C:\Windows\System\ydCUvGz.exe
  C:\Windows\System\ydCUvGz.exe
  2⤵
  PID:3048
- C:\Windows\System\erCTCsI.exe
  C:\Windows\System\erCTCsI.exe
  2⤵
  PID:3080
- C:\Windows\System\TANOiPg.exe
  C:\Windows\System\TANOiPg.exe
  2⤵
  PID:3100
- C:\Windows\System\THIJqiF.exe
  C:\Windows\System\THIJqiF.exe
  2⤵
  PID:3120
- C:\Windows\System\yOlxMyp.exe
  C:\Windows\System\yOlxMyp.exe
  2⤵
  PID:3140
- C:\Windows\System\QeXbLcv.exe
  C:\Windows\System\QeXbLcv.exe
  2⤵
  PID:3160
- C:\Windows\System\qsTRruh.exe
  C:\Windows\System\qsTRruh.exe
  2⤵
  PID:3180
- C:\Windows\System\IREjIMd.exe
  C:\Windows\System\IREjIMd.exe
  2⤵
  PID:3200
- C:\Windows\System\tavFlSV.exe
  C:\Windows\System\tavFlSV.exe
  2⤵
  PID:3216
- C:\Windows\System\yLPwxAW.exe
  C:\Windows\System\yLPwxAW.exe
  2⤵
  PID:3240
- C:\Windows\System\xepsxuM.exe
  C:\Windows\System\xepsxuM.exe
  2⤵
  PID:3260
- C:\Windows\System\gWVEqYs.exe
  C:\Windows\System\gWVEqYs.exe
  2⤵
  PID:3280
- C:\Windows\System\mndJjUW.exe
  C:\Windows\System\mndJjUW.exe
  2⤵
  PID:3300
- C:\Windows\System\JzNRRAi.exe
  C:\Windows\System\JzNRRAi.exe
  2⤵
  PID:3320
- C:\Windows\System\eUJVPXy.exe
  C:\Windows\System\eUJVPXy.exe
  2⤵
  PID:3340
- C:\Windows\System\LwNvfGF.exe
  C:\Windows\System\LwNvfGF.exe
  2⤵
  PID:3360
- C:\Windows\System\JYzAQwI.exe
  C:\Windows\System\JYzAQwI.exe
  2⤵
  PID:3380
- C:\Windows\System\nDZKblu.exe
  C:\Windows\System\nDZKblu.exe
  2⤵
  PID:3400
- C:\Windows\System\GNAYSKh.exe
  C:\Windows\System\GNAYSKh.exe
  2⤵
  PID:3420
- C:\Windows\System\ePxDCbv.exe
  C:\Windows\System\ePxDCbv.exe
  2⤵
  PID:3440
- C:\Windows\System\kzITaOl.exe
  C:\Windows\System\kzITaOl.exe
  2⤵
  PID:3460
- C:\Windows\System\rZzXRrA.exe
  C:\Windows\System\rZzXRrA.exe
  2⤵
  PID:3480
- C:\Windows\System\WHpiMZV.exe
  C:\Windows\System\WHpiMZV.exe
  2⤵
  PID:3500
- C:\Windows\System\yVLjrwf.exe
  C:\Windows\System\yVLjrwf.exe
  2⤵
  PID:3520
- C:\Windows\System\vgABtNd.exe
  C:\Windows\System\vgABtNd.exe
  2⤵
  PID:3540
- C:\Windows\System\yLmoNOE.exe
  C:\Windows\System\yLmoNOE.exe
  2⤵
  PID:3560
- C:\Windows\System\pZKOIkG.exe
  C:\Windows\System\pZKOIkG.exe
  2⤵
  PID:3580
- C:\Windows\System\ruqWsEI.exe
  C:\Windows\System\ruqWsEI.exe
  2⤵
  PID:3600
- C:\Windows\System\hEOLxkr.exe
  C:\Windows\System\hEOLxkr.exe
  2⤵
  PID:3620
- C:\Windows\System\sRnRzES.exe
  C:\Windows\System\sRnRzES.exe
  2⤵
  PID:3640
- C:\Windows\System\mtirqyN.exe
  C:\Windows\System\mtirqyN.exe
  2⤵
  PID:3660
- C:\Windows\System\BVBDetW.exe
  C:\Windows\System\BVBDetW.exe
  2⤵
  PID:3680
- C:\Windows\System\RNoYjFG.exe
  C:\Windows\System\RNoYjFG.exe
  2⤵
  PID:3700
- C:\Windows\System\TSNJFKm.exe
  C:\Windows\System\TSNJFKm.exe
  2⤵
  PID:3720
- C:\Windows\System\gEDHUvO.exe
  C:\Windows\System\gEDHUvO.exe
  2⤵
  PID:3736
- C:\Windows\System\PhiYKpC.exe
  C:\Windows\System\PhiYKpC.exe
  2⤵
  PID:3760
- C:\Windows\System\gcfZpQK.exe
  C:\Windows\System\gcfZpQK.exe
  2⤵
  PID:3780
- C:\Windows\System\LzlEeTL.exe
  C:\Windows\System\LzlEeTL.exe
  2⤵
  PID:3800
- C:\Windows\System\RtBDpfg.exe
  C:\Windows\System\RtBDpfg.exe
  2⤵
  PID:3820
- C:\Windows\System\snFYFvK.exe
  C:\Windows\System\snFYFvK.exe
  2⤵
  PID:3840
- C:\Windows\System\RMmeBmB.exe
  C:\Windows\System\RMmeBmB.exe
  2⤵
  PID:3860
- C:\Windows\System\WwYTmqD.exe
  C:\Windows\System\WwYTmqD.exe
  2⤵
  PID:3880
- C:\Windows\System\QEFdmRy.exe
  C:\Windows\System\QEFdmRy.exe
  2⤵
  PID:3900
- C:\Windows\System\wMVPJEn.exe
  C:\Windows\System\wMVPJEn.exe
  2⤵
  PID:3920
- C:\Windows\System\fXqMwlb.exe
  C:\Windows\System\fXqMwlb.exe
  2⤵
  PID:3940
- C:\Windows\System\liDDFNB.exe
  C:\Windows\System\liDDFNB.exe
  2⤵
  PID:3960
- C:\Windows\System\yHsxYay.exe
  C:\Windows\System\yHsxYay.exe
  2⤵
  PID:3980
- C:\Windows\System\YnYtGXu.exe
  C:\Windows\System\YnYtGXu.exe
  2⤵
  PID:4000
- C:\Windows\System\lHpHUxr.exe
  C:\Windows\System\lHpHUxr.exe
  2⤵
  PID:4020
- C:\Windows\System\PtQrLfw.exe
  C:\Windows\System\PtQrLfw.exe
  2⤵
  PID:4040
- C:\Windows\System\sMJWIzS.exe
  C:\Windows\System\sMJWIzS.exe
  2⤵
  PID:4056
- C:\Windows\System\wssMOKM.exe
  C:\Windows\System\wssMOKM.exe
  2⤵
  PID:4080
- C:\Windows\System\edjsYqK.exe
  C:\Windows\System\edjsYqK.exe
  2⤵
  PID:2312
- C:\Windows\System\lsXIAYz.exe
  C:\Windows\System\lsXIAYz.exe
  2⤵
  PID:2212
- C:\Windows\System\ZAqqIUr.exe
  C:\Windows\System\ZAqqIUr.exe
  2⤵
  PID:1556
- C:\Windows\System\WEUzaBt.exe
  C:\Windows\System\WEUzaBt.exe
  2⤵
  PID:3056
- C:\Windows\System\afmzykY.exe
  C:\Windows\System\afmzykY.exe
  2⤵
  PID:2904
- C:\Windows\System\huBRbEP.exe
  C:\Windows\System\huBRbEP.exe
  2⤵
  PID:536
- C:\Windows\System\qeloejH.exe
  C:\Windows\System\qeloejH.exe
  2⤵
  PID:2416
- C:\Windows\System\BhkZkLU.exe
  C:\Windows\System\BhkZkLU.exe
  2⤵
  PID:2588
- C:\Windows\System\LOMLEEC.exe
  C:\Windows\System\LOMLEEC.exe
  2⤵
  PID:1372
- C:\Windows\System\NcIQvVL.exe
  C:\Windows\System\NcIQvVL.exe
  2⤵
  PID:1780
- C:\Windows\System\pifRJTv.exe
  C:\Windows\System\pifRJTv.exe
  2⤵
  PID:3092
- C:\Windows\System\sqrpepn.exe
  C:\Windows\System\sqrpepn.exe
  2⤵
  PID:3152
- C:\Windows\System\PajdgcO.exe
  C:\Windows\System\PajdgcO.exe
  2⤵
  PID:3196
- C:\Windows\System\wJHzAqs.exe
  C:\Windows\System\wJHzAqs.exe
  2⤵
  PID:3224
- C:\Windows\System\LaZCpXs.exe
  C:\Windows\System\LaZCpXs.exe
  2⤵
  PID:3212
- C:\Windows\System\rWmsPIx.exe
  C:\Windows\System\rWmsPIx.exe
  2⤵
  PID:3276
- C:\Windows\System\HzkVvSF.exe
  C:\Windows\System\HzkVvSF.exe
  2⤵
  PID:3316
- C:\Windows\System\mYLfdGw.exe
  C:\Windows\System\mYLfdGw.exe
  2⤵
  PID:3328
- C:\Windows\System\vpiGKPU.exe
  C:\Windows\System\vpiGKPU.exe
  2⤵
  PID:3352
- C:\Windows\System\VMcUjsC.exe
  C:\Windows\System\VMcUjsC.exe
  2⤵
  PID:3396
- C:\Windows\System\BsvxOzL.exe
  C:\Windows\System\BsvxOzL.exe
  2⤵
  PID:3408
- C:\Windows\System\TXQVpOH.exe
  C:\Windows\System\TXQVpOH.exe
  2⤵
  PID:3448
- C:\Windows\System\nrjLsbK.exe
  C:\Windows\System\nrjLsbK.exe
  2⤵
  PID:3452
- C:\Windows\System\iFBdvOW.exe
  C:\Windows\System\iFBdvOW.exe
  2⤵
  PID:3492
- C:\Windows\System\XZedcmV.exe
  C:\Windows\System\XZedcmV.exe
  2⤵
  PID:3556
- C:\Windows\System\eyqigNY.exe
  C:\Windows\System\eyqigNY.exe
  2⤵
  PID:3576
- C:\Windows\System\bFFsrBO.exe
  C:\Windows\System\bFFsrBO.exe
  2⤵
  PID:3628
- C:\Windows\System\CLSdWMT.exe
  C:\Windows\System\CLSdWMT.exe
  2⤵
  PID:3668
- C:\Windows\System\PCSGGPt.exe
  C:\Windows\System\PCSGGPt.exe
  2⤵
  PID:3656
- C:\Windows\System\vYVeMFm.exe
  C:\Windows\System\vYVeMFm.exe
  2⤵
  PID:3696
- C:\Windows\System\WDCEqKw.exe
  C:\Windows\System\WDCEqKw.exe
  2⤵
  PID:3752
- C:\Windows\System\ENapxLe.exe
  C:\Windows\System\ENapxLe.exe
  2⤵
  PID:3788
- C:\Windows\System\rWqsrjE.exe
  C:\Windows\System\rWqsrjE.exe
  2⤵
  PID:3828
- C:\Windows\System\gVGFKZI.exe
  C:\Windows\System\gVGFKZI.exe
  2⤵
  PID:3808
- C:\Windows\System\JjgbEnI.exe
  C:\Windows\System\JjgbEnI.exe
  2⤵
  PID:3872
- C:\Windows\System\EgBBoGD.exe
  C:\Windows\System\EgBBoGD.exe
  2⤵
  PID:3912
- C:\Windows\System\gxfJQMT.exe
  C:\Windows\System\gxfJQMT.exe
  2⤵
  PID:3948
- C:\Windows\System\cmVwexr.exe
  C:\Windows\System\cmVwexr.exe
  2⤵
  PID:3988
- C:\Windows\System\HSdZAXe.exe
  C:\Windows\System\HSdZAXe.exe
  2⤵
  PID:3972
- C:\Windows\System\nwaTUOr.exe
  C:\Windows\System\nwaTUOr.exe
  2⤵
  PID:4012
- C:\Windows\System\NIPjBLi.exe
  C:\Windows\System\NIPjBLi.exe
  2⤵
  PID:4072
- C:\Windows\System\qVuPLcr.exe
  C:\Windows\System\qVuPLcr.exe
  2⤵
  PID:4088
- C:\Windows\System\TMVwkEz.exe
  C:\Windows\System\TMVwkEz.exe
  2⤵
  PID:1420
- C:\Windows\System\SORfxSk.exe
  C:\Windows\System\SORfxSk.exe
  2⤵
  PID:1580
- C:\Windows\System\RXDLUqs.exe
  C:\Windows\System\RXDLUqs.exe
  2⤵
  PID:2236
- C:\Windows\System\XYKlelf.exe
  C:\Windows\System\XYKlelf.exe
  2⤵
  PID:1392
- C:\Windows\System\LhCXMkO.exe
  C:\Windows\System\LhCXMkO.exe
  2⤵
  PID:2952
- C:\Windows\System\dMfctEu.exe
  C:\Windows\System\dMfctEu.exe
  2⤵
  PID:3088
- C:\Windows\System\Hefyyfr.exe
  C:\Windows\System\Hefyyfr.exe
  2⤵
  PID:3172
- C:\Windows\System\orGtcru.exe
  C:\Windows\System\orGtcru.exe
  2⤵
  PID:3236
- C:\Windows\System\shMtFlU.exe
  C:\Windows\System\shMtFlU.exe
  2⤵
  PID:3208
- C:\Windows\System\VUEghaL.exe
  C:\Windows\System\VUEghaL.exe
  2⤵
  PID:3296
- C:\Windows\System\RWOzwpU.exe
  C:\Windows\System\RWOzwpU.exe
  2⤵
  PID:3356
- C:\Windows\System\OOPWWHO.exe
  C:\Windows\System\OOPWWHO.exe
  2⤵
  PID:3368
- C:\Windows\System\wDrmJYS.exe
  C:\Windows\System\wDrmJYS.exe
  2⤵
  PID:3488
- C:\Windows\System\FUruuqQ.exe
  C:\Windows\System\FUruuqQ.exe
  2⤵
  PID:3548
- C:\Windows\System\kEicGDS.exe
  C:\Windows\System\kEicGDS.exe
  2⤵
  PID:3588
- C:\Windows\System\BAHDdpW.exe
  C:\Windows\System\BAHDdpW.exe
  2⤵
  PID:3616
- C:\Windows\System\KOiWtjF.exe
  C:\Windows\System\KOiWtjF.exe
  2⤵
  PID:3648
- C:\Windows\System\hYGZFXu.exe
  C:\Windows\System\hYGZFXu.exe
  2⤵
  PID:3744
- C:\Windows\System\ycaNmmv.exe
  C:\Windows\System\ycaNmmv.exe
  2⤵
  PID:3816
- C:\Windows\System\Uyonyjp.exe
  C:\Windows\System\Uyonyjp.exe
  2⤵
  PID:3848
- C:\Windows\System\lOieBfV.exe
  C:\Windows\System\lOieBfV.exe
  2⤵
  PID:3908
- C:\Windows\System\rigrLHY.exe
  C:\Windows\System\rigrLHY.exe
  2⤵
  PID:3936
- C:\Windows\System\PRhXloQ.exe
  C:\Windows\System\PRhXloQ.exe
  2⤵
  PID:4008
- C:\Windows\System\otcvVUt.exe
  C:\Windows\System\otcvVUt.exe
  2⤵
  PID:2936
- C:\Windows\System\hEkSiPe.exe
  C:\Windows\System\hEkSiPe.exe
  2⤵
  PID:2392
- C:\Windows\System\cOBNYjJ.exe
  C:\Windows\System\cOBNYjJ.exe
  2⤵
  PID:2136
- C:\Windows\System\wkYXYXK.exe
  C:\Windows\System\wkYXYXK.exe
  2⤵
  PID:976
- C:\Windows\System\KPizQJV.exe
  C:\Windows\System\KPizQJV.exe
  2⤵
  PID:1920
- C:\Windows\System\vINVOwB.exe
  C:\Windows\System\vINVOwB.exe
  2⤵
  PID:3148
- C:\Windows\System\dJiZQES.exe
  C:\Windows\System\dJiZQES.exe
  2⤵
  PID:3256
- C:\Windows\System\TJwuyol.exe
  C:\Windows\System\TJwuyol.exe
  2⤵
  PID:3388
- C:\Windows\System\rSKGgko.exe
  C:\Windows\System\rSKGgko.exe
  2⤵
  PID:4108
- C:\Windows\System\SejxPFt.exe
  C:\Windows\System\SejxPFt.exe
  2⤵
  PID:4128
- C:\Windows\System\zgoLDYa.exe
  C:\Windows\System\zgoLDYa.exe
  2⤵
  PID:4148
- C:\Windows\System\PefGFMv.exe
  C:\Windows\System\PefGFMv.exe
  2⤵
  PID:4168
- C:\Windows\System\FTMIDqX.exe
  C:\Windows\System\FTMIDqX.exe
  2⤵
  PID:4188
- C:\Windows\System\iaeJaAw.exe
  C:\Windows\System\iaeJaAw.exe
  2⤵
  PID:4208
- C:\Windows\System\eRHZEIe.exe
  C:\Windows\System\eRHZEIe.exe
  2⤵
  PID:4228
- C:\Windows\System\lyoMEbo.exe
  C:\Windows\System\lyoMEbo.exe
  2⤵
  PID:4248
- C:\Windows\System\toheCQg.exe
  C:\Windows\System\toheCQg.exe
  2⤵
  PID:4268
- C:\Windows\System\PudUEew.exe
  C:\Windows\System\PudUEew.exe
  2⤵
  PID:4288
- C:\Windows\System\GIVcADO.exe
  C:\Windows\System\GIVcADO.exe
  2⤵
  PID:4308
- C:\Windows\System\GWfDjbv.exe
  C:\Windows\System\GWfDjbv.exe
  2⤵
  PID:4328
- C:\Windows\System\TolDRWB.exe
  C:\Windows\System\TolDRWB.exe
  2⤵
  PID:4348
- C:\Windows\System\yDquuMY.exe
  C:\Windows\System\yDquuMY.exe
  2⤵
  PID:4368
- C:\Windows\System\qXUrgHi.exe
  C:\Windows\System\qXUrgHi.exe
  2⤵
  PID:4388
- C:\Windows\System\kFVRztX.exe
  C:\Windows\System\kFVRztX.exe
  2⤵
  PID:4408
- C:\Windows\System\XfEOZVt.exe
  C:\Windows\System\XfEOZVt.exe
  2⤵
  PID:4428
- C:\Windows\System\PVRMkdr.exe
  C:\Windows\System\PVRMkdr.exe
  2⤵
  PID:4452
- C:\Windows\System\JtAyxBd.exe
  C:\Windows\System\JtAyxBd.exe
  2⤵
  PID:4472
- C:\Windows\System\vgAKALg.exe
  C:\Windows\System\vgAKALg.exe
  2⤵
  PID:4492
- C:\Windows\System\dRFWZqv.exe
  C:\Windows\System\dRFWZqv.exe
  2⤵
  PID:4512
- C:\Windows\System\HEqQBJT.exe
  C:\Windows\System\HEqQBJT.exe
  2⤵
  PID:4532
- C:\Windows\System\pHSpVlr.exe
  C:\Windows\System\pHSpVlr.exe
  2⤵
  PID:4552
- C:\Windows\System\PuhhWjU.exe
  C:\Windows\System\PuhhWjU.exe
  2⤵
  PID:4572
- C:\Windows\System\lqrKJrw.exe
  C:\Windows\System\lqrKJrw.exe
  2⤵
  PID:4592
- C:\Windows\System\CzOwdQc.exe
  C:\Windows\System\CzOwdQc.exe
  2⤵
  PID:4612
- C:\Windows\System\Dltyzgv.exe
  C:\Windows\System\Dltyzgv.exe
  2⤵
  PID:4636
- C:\Windows\System\DWpZbNu.exe
  C:\Windows\System\DWpZbNu.exe
  2⤵
  PID:4656
- C:\Windows\System\dwwYDWQ.exe
  C:\Windows\System\dwwYDWQ.exe
  2⤵
  PID:4676
- C:\Windows\System\qJFzXaN.exe
  C:\Windows\System\qJFzXaN.exe
  2⤵
  PID:4696
- C:\Windows\System\LPahwpX.exe
  C:\Windows\System\LPahwpX.exe
  2⤵
  PID:4716
- C:\Windows\System\ZGLJgyV.exe
  C:\Windows\System\ZGLJgyV.exe
  2⤵
  PID:4736
- C:\Windows\System\ornQSvj.exe
  C:\Windows\System\ornQSvj.exe
  2⤵
  PID:4756
- C:\Windows\System\sKGHeJv.exe
  C:\Windows\System\sKGHeJv.exe
  2⤵
  PID:4776
- C:\Windows\System\MIbeSQG.exe
  C:\Windows\System\MIbeSQG.exe
  2⤵
  PID:4796
- C:\Windows\System\weBXBmD.exe
  C:\Windows\System\weBXBmD.exe
  2⤵
  PID:4816
- C:\Windows\System\xCjvvWr.exe
  C:\Windows\System\xCjvvWr.exe
  2⤵
  PID:4836
- C:\Windows\System\IgexKgK.exe
  C:\Windows\System\IgexKgK.exe
  2⤵
  PID:4856
- C:\Windows\System\VkosYNh.exe
  C:\Windows\System\VkosYNh.exe
  2⤵
  PID:4876
- C:\Windows\System\beECnaE.exe
  C:\Windows\System\beECnaE.exe
  2⤵
  PID:4896
- C:\Windows\System\dAMqAzD.exe
  C:\Windows\System\dAMqAzD.exe
  2⤵
  PID:4916
- C:\Windows\System\EKPbnxR.exe
  C:\Windows\System\EKPbnxR.exe
  2⤵
  PID:4936
- C:\Windows\System\TMcMYGL.exe
  C:\Windows\System\TMcMYGL.exe
  2⤵
  PID:4956
- C:\Windows\System\MAxhMBI.exe
  C:\Windows\System\MAxhMBI.exe
  2⤵
  PID:4976
- C:\Windows\System\ahaXGiL.exe
  C:\Windows\System\ahaXGiL.exe
  2⤵
  PID:4996
- C:\Windows\System\ZPPiWzB.exe
  C:\Windows\System\ZPPiWzB.exe
  2⤵
  PID:5016
- C:\Windows\System\tJUjoSr.exe
  C:\Windows\System\tJUjoSr.exe
  2⤵
  PID:5036
- C:\Windows\System\OXjXuqz.exe
  C:\Windows\System\OXjXuqz.exe
  2⤵
  PID:5056
- C:\Windows\System\TgxPYJX.exe
  C:\Windows\System\TgxPYJX.exe
  2⤵
  PID:5076
- C:\Windows\System\NQkNaeB.exe
  C:\Windows\System\NQkNaeB.exe
  2⤵
  PID:5096
- C:\Windows\System\HuFUqnO.exe
  C:\Windows\System\HuFUqnO.exe
  2⤵
  PID:5116
- C:\Windows\System\yQGjVqZ.exe
  C:\Windows\System\yQGjVqZ.exe
  2⤵
  PID:3456
- C:\Windows\System\YSUIhKk.exe
  C:\Windows\System\YSUIhKk.exe
  2⤵
  PID:3632
- C:\Windows\System\eZZOdqf.exe
  C:\Windows\System\eZZOdqf.exe
  2⤵
  PID:3716
- C:\Windows\System\RQQHhmy.exe
  C:\Windows\System\RQQHhmy.exe
  2⤵
  PID:3748
- C:\Windows\System\RjOVYnt.exe
  C:\Windows\System\RjOVYnt.exe
  2⤵
  PID:3832
- C:\Windows\System\zEmGbUX.exe
  C:\Windows\System\zEmGbUX.exe
  2⤵
  PID:3896
- C:\Windows\System\cIqVGFb.exe
  C:\Windows\System\cIqVGFb.exe
  2⤵
  PID:4036
- C:\Windows\System\TaYFpqw.exe
  C:\Windows\System\TaYFpqw.exe
  2⤵
  PID:4076
- C:\Windows\System\hdqYqdq.exe
  C:\Windows\System\hdqYqdq.exe
  2⤵
  PID:2300
- C:\Windows\System\SPHaeNs.exe
  C:\Windows\System\SPHaeNs.exe
  2⤵
  PID:1680
- C:\Windows\System\sQawEdi.exe
  C:\Windows\System\sQawEdi.exe
  2⤵
  PID:3188
- C:\Windows\System\slvNZGZ.exe
  C:\Windows\System\slvNZGZ.exe
  2⤵
  PID:3392
- C:\Windows\System\EnegyDc.exe
  C:\Windows\System\EnegyDc.exe
  2⤵
  PID:4124
- C:\Windows\System\NLynBwg.exe
  C:\Windows\System\NLynBwg.exe
  2⤵
  PID:4156
- C:\Windows\System\BXWyCAr.exe
  C:\Windows\System\BXWyCAr.exe
  2⤵
  PID:4180
- C:\Windows\System\HYasAoO.exe
  C:\Windows\System\HYasAoO.exe
  2⤵
  PID:4220
- C:\Windows\System\tKsBGvx.exe
  C:\Windows\System\tKsBGvx.exe
  2⤵
  PID:4240
- C:\Windows\System\EJdqCkz.exe
  C:\Windows\System\EJdqCkz.exe
  2⤵
  PID:4296
- C:\Windows\System\jodLFRA.exe
  C:\Windows\System\jodLFRA.exe
  2⤵
  PID:4320
- C:\Windows\System\gEQymnV.exe
  C:\Windows\System\gEQymnV.exe
  2⤵
  PID:4376
- C:\Windows\System\rfqKHML.exe
  C:\Windows\System\rfqKHML.exe
  2⤵
  PID:4396
- C:\Windows\System\wWIRVHM.exe
  C:\Windows\System\wWIRVHM.exe
  2⤵
  PID:4420
- C:\Windows\System\RTIXgPj.exe
  C:\Windows\System\RTIXgPj.exe
  2⤵
  PID:4464
- C:\Windows\System\MjcUlWG.exe
  C:\Windows\System\MjcUlWG.exe
  2⤵
  PID:4508
- C:\Windows\System\ngOZVkw.exe
  C:\Windows\System\ngOZVkw.exe
  2⤵
  PID:4524
- C:\Windows\System\adauuAl.exe
  C:\Windows\System\adauuAl.exe
  2⤵
  PID:4588
- C:\Windows\System\NwCjPGF.exe
  C:\Windows\System\NwCjPGF.exe
  2⤵
  PID:4620
- C:\Windows\System\qxTSKOL.exe
  C:\Windows\System\qxTSKOL.exe
  2⤵
  PID:4644
- C:\Windows\System\SWJbkrI.exe
  C:\Windows\System\SWJbkrI.exe
  2⤵
  PID:4672
- C:\Windows\System\tHxyRCO.exe
  C:\Windows\System\tHxyRCO.exe
  2⤵
  PID:4708
- C:\Windows\System\heNRmzr.exe
  C:\Windows\System\heNRmzr.exe
  2⤵
  PID:4752
- C:\Windows\System\qkAXObC.exe
  C:\Windows\System\qkAXObC.exe
  2⤵
  PID:4764
- C:\Windows\System\qjTzzCd.exe
  C:\Windows\System\qjTzzCd.exe
  2⤵
  PID:4804
- C:\Windows\System\LyJQWCv.exe
  C:\Windows\System\LyJQWCv.exe
  2⤵
  PID:4828
- C:\Windows\System\lyEvqRm.exe
  C:\Windows\System\lyEvqRm.exe
  2⤵
  PID:4852
- C:\Windows\System\gRqqpph.exe
  C:\Windows\System\gRqqpph.exe
  2⤵
  PID:4908
- C:\Windows\System\TxnUgoK.exe
  C:\Windows\System\TxnUgoK.exe
  2⤵
  PID:4924
- C:\Windows\System\KieKHdE.exe
  C:\Windows\System\KieKHdE.exe
  2⤵
  PID:4928
- C:\Windows\System\SHvTnTB.exe
  C:\Windows\System\SHvTnTB.exe
  2⤵
  PID:4992
- C:\Windows\System\yASiJPm.exe
  C:\Windows\System\yASiJPm.exe
  2⤵
  PID:5004
- C:\Windows\System\GsnvjYO.exe
  C:\Windows\System\GsnvjYO.exe
  2⤵
  PID:5048
- C:\Windows\System\UPaGFsC.exe
  C:\Windows\System\UPaGFsC.exe
  2⤵
  PID:5104
- C:\Windows\System\FuDtsmQ.exe
  C:\Windows\System\FuDtsmQ.exe
  2⤵
  PID:5108
- C:\Windows\System\RVNEZPR.exe
  C:\Windows\System\RVNEZPR.exe
  2⤵
  PID:3516
- C:\Windows\System\qevuNKc.exe
  C:\Windows\System\qevuNKc.exe
  2⤵
  PID:3608
- C:\Windows\System\bDORcrv.exe
  C:\Windows\System\bDORcrv.exe
  2⤵
  PID:3792
- C:\Windows\System\HxsyhHN.exe
  C:\Windows\System\HxsyhHN.exe
  2⤵
  PID:4032
- C:\Windows\System\qNeEhdL.exe
  C:\Windows\System\qNeEhdL.exe
  2⤵
  PID:1344
- C:\Windows\System\KQTMnvV.exe
  C:\Windows\System\KQTMnvV.exe
  2⤵
  PID:352
- C:\Windows\System\ecLSlpX.exe
  C:\Windows\System\ecLSlpX.exe
  2⤵
  PID:3132
- C:\Windows\System\MtojDxR.exe
  C:\Windows\System\MtojDxR.exe
  2⤵
  PID:4100
- C:\Windows\System\gPVzhtw.exe
  C:\Windows\System\gPVzhtw.exe
  2⤵
  PID:4200
- C:\Windows\System\sZCWSNl.exe
  C:\Windows\System\sZCWSNl.exe
  2⤵
  PID:4276
- C:\Windows\System\XHZKmzd.exe
  C:\Windows\System\XHZKmzd.exe
  2⤵
  PID:4344
- C:\Windows\System\MHpPkrE.exe
  C:\Windows\System\MHpPkrE.exe
  2⤵
  PID:4340
- C:\Windows\System\ZlWHupj.exe
  C:\Windows\System\ZlWHupj.exe
  2⤵
  PID:4424
- C:\Windows\System\qKAckzO.exe
  C:\Windows\System\qKAckzO.exe
  2⤵
  PID:4480
- C:\Windows\System\wIEtTve.exe
  C:\Windows\System\wIEtTve.exe
  2⤵
  PID:4520
- C:\Windows\System\PSslOfo.exe
  C:\Windows\System\PSslOfo.exe
  2⤵
  PID:4624
- C:\Windows\System\QFVomgr.exe
  C:\Windows\System\QFVomgr.exe
  2⤵
  PID:4664
- C:\Windows\System\QbXNBcd.exe
  C:\Windows\System\QbXNBcd.exe
  2⤵
  PID:4692
- C:\Windows\System\pXkSVSw.exe
  C:\Windows\System\pXkSVSw.exe
  2⤵
  PID:4724
- C:\Windows\System\XPdBMDX.exe
  C:\Windows\System\XPdBMDX.exe
  2⤵
  PID:4812
- C:\Windows\System\efyufmh.exe
  C:\Windows\System\efyufmh.exe
  2⤵
  PID:4912
- C:\Windows\System\oduSoso.exe
  C:\Windows\System\oduSoso.exe
  2⤵
  PID:4952
- C:\Windows\System\avQilDo.exe
  C:\Windows\System\avQilDo.exe
  2⤵
  PID:4972
- C:\Windows\System\EbpUUSm.exe
  C:\Windows\System\EbpUUSm.exe
  2⤵
  PID:5032
- C:\Windows\System\aOMJYDh.exe
  C:\Windows\System\aOMJYDh.exe
  2⤵
  PID:5008
- C:\Windows\System\YKMbJKl.exe
  C:\Windows\System\YKMbJKl.exe
  2⤵
  PID:5088
- C:\Windows\System\DxxPVJA.exe
  C:\Windows\System\DxxPVJA.exe
  2⤵
  PID:3536
- C:\Windows\System\ZkzYiRu.exe
  C:\Windows\System\ZkzYiRu.exe
  2⤵
  PID:3852
- C:\Windows\System\TssJgoL.exe
  C:\Windows\System\TssJgoL.exe
  2⤵
  PID:3168
- C:\Windows\System\tKsKQpH.exe
  C:\Windows\System\tKsKQpH.exe
  2⤵
  PID:4144
- C:\Windows\System\hsHeMzN.exe
  C:\Windows\System\hsHeMzN.exe
  2⤵
  PID:4160
- C:\Windows\System\mitrgjH.exe
  C:\Windows\System\mitrgjH.exe
  2⤵
  PID:4284
- C:\Windows\System\xusbiji.exe
  C:\Windows\System\xusbiji.exe
  2⤵
  PID:4380
- C:\Windows\System\ReSNcXy.exe
  C:\Windows\System\ReSNcXy.exe
  2⤵
  PID:4488
- C:\Windows\System\AmwrYvE.exe
  C:\Windows\System\AmwrYvE.exe
  2⤵
  PID:5128
- C:\Windows\System\nISgtGY.exe
  C:\Windows\System\nISgtGY.exe
  2⤵
  PID:5148
- C:\Windows\System\oiDkTwp.exe
  C:\Windows\System\oiDkTwp.exe
  2⤵
  PID:5172
- C:\Windows\System\mXgodHh.exe
  C:\Windows\System\mXgodHh.exe
  2⤵
  PID:5192
- C:\Windows\System\ODlyKMw.exe
  C:\Windows\System\ODlyKMw.exe
  2⤵
  PID:5212
- C:\Windows\System\gomMQhT.exe
  C:\Windows\System\gomMQhT.exe
  2⤵
  PID:5232
- C:\Windows\System\tLtxVfm.exe
  C:\Windows\System\tLtxVfm.exe
  2⤵
  PID:5252
- C:\Windows\System\ifNvlBO.exe
  C:\Windows\System\ifNvlBO.exe
  2⤵
  PID:5272
- C:\Windows\System\krhmPJb.exe
  C:\Windows\System\krhmPJb.exe
  2⤵
  PID:5292
- C:\Windows\System\SougAWy.exe
  C:\Windows\System\SougAWy.exe
  2⤵
  PID:5312
- C:\Windows\System\DPhKkCC.exe
  C:\Windows\System\DPhKkCC.exe
  2⤵
  PID:5332
- C:\Windows\System\SKExUAv.exe
  C:\Windows\System\SKExUAv.exe
  2⤵
  PID:5352
- C:\Windows\System\LWaLDUz.exe
  C:\Windows\System\LWaLDUz.exe
  2⤵
  PID:5372
- C:\Windows\System\NswEKnq.exe
  C:\Windows\System\NswEKnq.exe
  2⤵
  PID:5392
- C:\Windows\System\oYSWUHL.exe
  C:\Windows\System\oYSWUHL.exe
  2⤵
  PID:5412
- C:\Windows\System\UqXJFKO.exe
  C:\Windows\System\UqXJFKO.exe
  2⤵
  PID:5432
- C:\Windows\System\nQzBkyq.exe
  C:\Windows\System\nQzBkyq.exe
  2⤵
  PID:5452
- C:\Windows\System\qvEoFcH.exe
  C:\Windows\System\qvEoFcH.exe
  2⤵
  PID:5472
- C:\Windows\System\XySTltj.exe
  C:\Windows\System\XySTltj.exe
  2⤵
  PID:5492
- C:\Windows\System\MlAdHrz.exe
  C:\Windows\System\MlAdHrz.exe
  2⤵
  PID:5512
- C:\Windows\System\aDcvcwk.exe
  C:\Windows\System\aDcvcwk.exe
  2⤵
  PID:5532
- C:\Windows\System\PHTNmBw.exe
  C:\Windows\System\PHTNmBw.exe
  2⤵
  PID:5552
- C:\Windows\System\yruQezV.exe
  C:\Windows\System\yruQezV.exe
  2⤵
  PID:5572
- C:\Windows\System\oeeTBJx.exe
  C:\Windows\System\oeeTBJx.exe
  2⤵
  PID:5592
- C:\Windows\System\koXVUsf.exe
  C:\Windows\System\koXVUsf.exe
  2⤵
  PID:5612
- C:\Windows\System\cPtztDY.exe
  C:\Windows\System\cPtztDY.exe
  2⤵
  PID:5632
- C:\Windows\System\WxVJypZ.exe
  C:\Windows\System\WxVJypZ.exe
  2⤵
  PID:5652
- C:\Windows\System\aBpekFd.exe
  C:\Windows\System\aBpekFd.exe
  2⤵
  PID:5672
- C:\Windows\System\CCskzZC.exe
  C:\Windows\System\CCskzZC.exe
  2⤵
  PID:5692
- C:\Windows\System\tdrpAxb.exe
  C:\Windows\System\tdrpAxb.exe
  2⤵
  PID:5712
- C:\Windows\System\FcwUPGk.exe
  C:\Windows\System\FcwUPGk.exe
  2⤵
  PID:5732
- C:\Windows\System\kRiLpeO.exe
  C:\Windows\System\kRiLpeO.exe
  2⤵
  PID:5752
- C:\Windows\System\KtPEUCW.exe
  C:\Windows\System\KtPEUCW.exe
  2⤵
  PID:5772
- C:\Windows\System\ccBThkg.exe
  C:\Windows\System\ccBThkg.exe
  2⤵
  PID:5792
- C:\Windows\System\RdTSLXs.exe
  C:\Windows\System\RdTSLXs.exe
  2⤵
  PID:5812
- C:\Windows\System\ejhGqHj.exe
  C:\Windows\System\ejhGqHj.exe
  2⤵
  PID:5832
- C:\Windows\System\xGAqTay.exe
  C:\Windows\System\xGAqTay.exe
  2⤵
  PID:5852
- C:\Windows\System\KxQzXuA.exe
  C:\Windows\System\KxQzXuA.exe
  2⤵
  PID:5872
- C:\Windows\System\GWKmmDC.exe
  C:\Windows\System\GWKmmDC.exe
  2⤵
  PID:5892
- C:\Windows\System\BBfBTEV.exe
  C:\Windows\System\BBfBTEV.exe
  2⤵
  PID:5912
- C:\Windows\System\FdaJwYi.exe
  C:\Windows\System\FdaJwYi.exe
  2⤵
  PID:5932
- C:\Windows\System\OcLcXYB.exe
  C:\Windows\System\OcLcXYB.exe
  2⤵
  PID:5952
- C:\Windows\System\YtZNmxv.exe
  C:\Windows\System\YtZNmxv.exe
  2⤵
  PID:5972
- C:\Windows\System\SRaoJEK.exe
  C:\Windows\System\SRaoJEK.exe
  2⤵
  PID:5992
- C:\Windows\System\YLmAZjC.exe
  C:\Windows\System\YLmAZjC.exe
  2⤵
  PID:6016
- C:\Windows\System\tfzglPD.exe
  C:\Windows\System\tfzglPD.exe
  2⤵
  PID:6036
- C:\Windows\System\hCKbZIF.exe
  C:\Windows\System\hCKbZIF.exe
  2⤵
  PID:6056
- C:\Windows\System\bGrrrfC.exe
  C:\Windows\System\bGrrrfC.exe
  2⤵
  PID:6076
- C:\Windows\System\DjdxlDZ.exe
  C:\Windows\System\DjdxlDZ.exe
  2⤵
  PID:6096
- C:\Windows\System\vGySbKP.exe
  C:\Windows\System\vGySbKP.exe
  2⤵
  PID:6116
- C:\Windows\System\NFUgOKo.exe
  C:\Windows\System\NFUgOKo.exe
  2⤵
  PID:6136
- C:\Windows\System\FteTQom.exe
  C:\Windows\System\FteTQom.exe
  2⤵
  PID:4600
- C:\Windows\System\PJDKFCa.exe
  C:\Windows\System\PJDKFCa.exe
  2⤵
  PID:4784
- C:\Windows\System\DrTxZus.exe
  C:\Windows\System\DrTxZus.exe
  2⤵
  PID:4788
- C:\Windows\System\BMvHDya.exe
  C:\Windows\System\BMvHDya.exe
  2⤵
  PID:4948
- C:\Windows\System\vIYXBRi.exe
  C:\Windows\System\vIYXBRi.exe
  2⤵
  PID:5072
- C:\Windows\System\rEuMlJh.exe
  C:\Windows\System\rEuMlJh.exe
  2⤵
  PID:5028
- C:\Windows\System\cMwYeWy.exe
  C:\Windows\System\cMwYeWy.exe
  2⤵
  PID:5084
- C:\Windows\System\zkKAaPy.exe
  C:\Windows\System\zkKAaPy.exe
  2⤵
  PID:2168
- C:\Windows\System\vYhubPa.exe
  C:\Windows\System\vYhubPa.exe
  2⤵
  PID:3252
- C:\Windows\System\qNnLzfM.exe
  C:\Windows\System\qNnLzfM.exe
  2⤵
  PID:2272
- C:\Windows\System\sXlJslY.exe
  C:\Windows\System\sXlJslY.exe
  2⤵
  PID:4360
- C:\Windows\System\VrUGwRo.exe
  C:\Windows\System\VrUGwRo.exe
  2⤵
  PID:4436
- C:\Windows\System\vnzJSbQ.exe
  C:\Windows\System\vnzJSbQ.exe
  2⤵
  PID:5160
- C:\Windows\System\UrPiRjz.exe
  C:\Windows\System\UrPiRjz.exe
  2⤵
  PID:5188
- C:\Windows\System\UpwjlyK.exe
  C:\Windows\System\UpwjlyK.exe
  2⤵
  PID:5184
- C:\Windows\System\CmcrgkQ.exe
  C:\Windows\System\CmcrgkQ.exe
  2⤵
  PID:5248
- C:\Windows\System\aHXFsWT.exe
  C:\Windows\System\aHXFsWT.exe
  2⤵
  PID:5280
- C:\Windows\System\bBZPLLT.exe
  C:\Windows\System\bBZPLLT.exe
  2⤵
  PID:5328
- C:\Windows\System\CrtosCx.exe
  C:\Windows\System\CrtosCx.exe
  2⤵
  PID:5340
- C:\Windows\System\cbhBkik.exe
  C:\Windows\System\cbhBkik.exe
  2⤵
  PID:5364
- C:\Windows\System\JMinmOQ.exe
  C:\Windows\System\JMinmOQ.exe
  2⤵
  PID:5408
- C:\Windows\System\xpUnsMm.exe
  C:\Windows\System\xpUnsMm.exe
  2⤵
  PID:5424
- C:\Windows\System\ZtEBhbs.exe
  C:\Windows\System\ZtEBhbs.exe
  2⤵
  PID:5488
- C:\Windows\System\qyzcNGi.exe
  C:\Windows\System\qyzcNGi.exe
  2⤵
  PID:5500
- C:\Windows\System\ItKWvdX.exe
  C:\Windows\System\ItKWvdX.exe
  2⤵
  PID:5540
- C:\Windows\System\nTVgJnO.exe
  C:\Windows\System\nTVgJnO.exe
  2⤵
  PID:5564
- C:\Windows\System\OuoYgFW.exe
  C:\Windows\System\OuoYgFW.exe
  2⤵
  PID:5608
- C:\Windows\System\IHpvDzD.exe
  C:\Windows\System\IHpvDzD.exe
  2⤵
  PID:5648
- C:\Windows\System\ksLykhT.exe
  C:\Windows\System\ksLykhT.exe
  2⤵
  PID:5660
- C:\Windows\System\ukeihjf.exe
  C:\Windows\System\ukeihjf.exe
  2⤵
  PID:5728
- C:\Windows\System\agezMyu.exe
  C:\Windows\System\agezMyu.exe
  2⤵
  PID:5740
- C:\Windows\System\AJltTvY.exe
  C:\Windows\System\AJltTvY.exe
  2⤵
  PID:5764
- C:\Windows\System\YsKIHTD.exe
  C:\Windows\System\YsKIHTD.exe
  2⤵
  PID:5788
- C:\Windows\System\Zsjbjke.exe
  C:\Windows\System\Zsjbjke.exe
  2⤵
  PID:5828
- C:\Windows\System\mykydpZ.exe
  C:\Windows\System\mykydpZ.exe
  2⤵
  PID:680
- C:\Windows\System\TeZvDnv.exe
  C:\Windows\System\TeZvDnv.exe
  2⤵
  PID:5900
- C:\Windows\System\ZxSJpiv.exe
  C:\Windows\System\ZxSJpiv.exe
  2⤵
  PID:5924
- C:\Windows\System\rAtEXyi.exe
  C:\Windows\System\rAtEXyi.exe
  2⤵
  PID:5968
- C:\Windows\System\BDCoYSF.exe
  C:\Windows\System\BDCoYSF.exe
  2⤵
  PID:6012
- C:\Windows\System\OlOcRcT.exe
  C:\Windows\System\OlOcRcT.exe
  2⤵
  PID:6044
- C:\Windows\System\iKmSOod.exe
  C:\Windows\System\iKmSOod.exe
  2⤵
  PID:6064
- C:\Windows\System\mFukrMT.exe
  C:\Windows\System\mFukrMT.exe
  2⤵
  PID:6104
- C:\Windows\System\uiMVLtq.exe
  C:\Windows\System\uiMVLtq.exe
  2⤵
  PID:6128
- C:\Windows\System\RyuNNwZ.exe
  C:\Windows\System\RyuNNwZ.exe
  2⤵
  PID:4544
- C:\Windows\System\GdBCHyw.exe
  C:\Windows\System\GdBCHyw.exe
  2⤵
  PID:4792
- C:\Windows\System\OJUfvON.exe
  C:\Windows\System\OJUfvON.exe
  2⤵
  PID:2296
- C:\Windows\System\srVVpft.exe
  C:\Windows\System\srVVpft.exe
  2⤵
  PID:3768
- C:\Windows\System\VmayspJ.exe
  C:\Windows\System\VmayspJ.exe
  2⤵
  PID:3916
- C:\Windows\System\tNKOBNM.exe
  C:\Windows\System\tNKOBNM.exe
  2⤵
  PID:4116
- C:\Windows\System\oQDbCyy.exe
  C:\Windows\System\oQDbCyy.exe
  2⤵
  PID:5124
- C:\Windows\System\wuJDlLf.exe
  C:\Windows\System\wuJDlLf.exe
  2⤵
  PID:5140
- C:\Windows\System\yOqSXCl.exe
  C:\Windows\System\yOqSXCl.exe
  2⤵
  PID:2720
- C:\Windows\System\qgdOnHS.exe
  C:\Windows\System\qgdOnHS.exe
  2⤵
  PID:5284
- C:\Windows\System\MZejIgz.exe
  C:\Windows\System\MZejIgz.exe
  2⤵
  PID:5268
- C:\Windows\System\HeFSuKb.exe
  C:\Windows\System\HeFSuKb.exe
  2⤵
  PID:5308
- C:\Windows\System\cPWGhRq.exe
  C:\Windows\System\cPWGhRq.exe
  2⤵
  PID:2040
- C:\Windows\System\RnMVrfT.exe
  C:\Windows\System\RnMVrfT.exe
  2⤵
  PID:5428
- C:\Windows\System\rWQorwI.exe
  C:\Windows\System\rWQorwI.exe
  2⤵
  PID:5480
- C:\Windows\System\IGcNGWN.exe
  C:\Windows\System\IGcNGWN.exe
  2⤵
  PID:5568
- C:\Windows\System\dnimcmp.exe
  C:\Windows\System\dnimcmp.exe
  2⤵
  PID:5604
- C:\Windows\System\ujebnKj.exe
  C:\Windows\System\ujebnKj.exe
  2⤵
  PID:5688
- C:\Windows\System\zCHOUHp.exe
  C:\Windows\System\zCHOUHp.exe
  2⤵
  PID:596
- C:\Windows\System\WBysGAA.exe
  C:\Windows\System\WBysGAA.exe
  2⤵
  PID:5724
- C:\Windows\System\lacEfKD.exe
  C:\Windows\System\lacEfKD.exe
  2⤵
  PID:5808
- C:\Windows\System\tiFVECc.exe
  C:\Windows\System\tiFVECc.exe
  2⤵
  PID:2480
- C:\Windows\System\buJGGzt.exe
  C:\Windows\System\buJGGzt.exe
  2⤵
  PID:2872
- C:\Windows\System\mlPmViZ.exe
  C:\Windows\System\mlPmViZ.exe
  2⤵
  PID:5860
- C:\Windows\System\XTyfzTw.exe
  C:\Windows\System\XTyfzTw.exe
  2⤵
  PID:5904
- C:\Windows\System\PoZXQca.exe
  C:\Windows\System\PoZXQca.exe
  2⤵
  PID:2636
- C:\Windows\System\AdJgPCa.exe
  C:\Windows\System\AdJgPCa.exe
  2⤵
  PID:6028
- C:\Windows\System\rMtZryv.exe
  C:\Windows\System\rMtZryv.exe
  2⤵
  PID:6108
- C:\Windows\System\fGxuKBs.exe
  C:\Windows\System\fGxuKBs.exe
  2⤵
  PID:4728
- C:\Windows\System\bFyeXIf.exe
  C:\Windows\System\bFyeXIf.exe
  2⤵
  PID:4884
- C:\Windows\System\OCKuyVE.exe
  C:\Windows\System\OCKuyVE.exe
  2⤵
  PID:3552
- C:\Windows\System\vxLHFeE.exe
  C:\Windows\System\vxLHFeE.exe
  2⤵
  PID:4468
- C:\Windows\System\wjUOqGg.exe
  C:\Windows\System\wjUOqGg.exe
  2⤵
  PID:584
- C:\Windows\System\ijashbu.exe
  C:\Windows\System\ijashbu.exe
  2⤵
  PID:5168
- C:\Windows\System\teUolzK.exe
  C:\Windows\System\teUolzK.exe
  2⤵
  PID:5240
- C:\Windows\System\YyHTxcl.exe
  C:\Windows\System\YyHTxcl.exe
  2⤵
  PID:2604
- C:\Windows\System\QkoxkIu.exe
  C:\Windows\System\QkoxkIu.exe
  2⤵
  PID:5444
- C:\Windows\System\cQePTXu.exe
  C:\Windows\System\cQePTXu.exe
  2⤵
  PID:5464
- C:\Windows\System\DzJckPg.exe
  C:\Windows\System\DzJckPg.exe
  2⤵
  PID:5544
- C:\Windows\System\UTRQUXA.exe
  C:\Windows\System\UTRQUXA.exe
  2⤵
  PID:5668
- C:\Windows\System\tqlaEPU.exe
  C:\Windows\System\tqlaEPU.exe
  2⤵
  PID:5708
- C:\Windows\System\xIBOiHu.exe
  C:\Windows\System\xIBOiHu.exe
  2⤵
  PID:5780
- C:\Windows\System\OiouTaJ.exe
  C:\Windows\System\OiouTaJ.exe
  2⤵
  PID:5960
- C:\Windows\System\rKqkifH.exe
  C:\Windows\System\rKqkifH.exe
  2⤵
  PID:6000
- C:\Windows\System\mLDVyVB.exe
  C:\Windows\System\mLDVyVB.exe
  2⤵
  PID:5984
- C:\Windows\System\YHQUvRt.exe
  C:\Windows\System\YHQUvRt.exe
  2⤵
  PID:6052
- C:\Windows\System\VEFTcLK.exe
  C:\Windows\System\VEFTcLK.exe
  2⤵
  PID:4868
- C:\Windows\System\HWSzhXW.exe
  C:\Windows\System\HWSzhXW.exe
  2⤵
  PID:4444
- C:\Windows\System\whrNLYi.exe
  C:\Windows\System\whrNLYi.exe
  2⤵
  PID:6156
- C:\Windows\System\nYcadQb.exe
  C:\Windows\System\nYcadQb.exe
  2⤵
  PID:6176
- C:\Windows\System\CWDPNom.exe
  C:\Windows\System\CWDPNom.exe
  2⤵
  PID:6196
- C:\Windows\System\ctRYLbm.exe
  C:\Windows\System\ctRYLbm.exe
  2⤵
  PID:6216
- C:\Windows\System\aXWTIhs.exe
  C:\Windows\System\aXWTIhs.exe
  2⤵
  PID:6236
- C:\Windows\System\vTTofQh.exe
  C:\Windows\System\vTTofQh.exe
  2⤵
  PID:6256
- C:\Windows\System\aqSYzye.exe
  C:\Windows\System\aqSYzye.exe
  2⤵
  PID:6276
- C:\Windows\System\ijLymRP.exe
  C:\Windows\System\ijLymRP.exe
  2⤵
  PID:6296
- C:\Windows\System\qMMDRKO.exe
  C:\Windows\System\qMMDRKO.exe
  2⤵
  PID:6316
- C:\Windows\System\bqwzvLB.exe
  C:\Windows\System\bqwzvLB.exe
  2⤵
  PID:6336
- C:\Windows\System\bboFRtN.exe
  C:\Windows\System\bboFRtN.exe
  2⤵
  PID:6356
- C:\Windows\System\tfSuAvM.exe
  C:\Windows\System\tfSuAvM.exe
  2⤵
  PID:6376
- C:\Windows\System\vWwhHLN.exe
  C:\Windows\System\vWwhHLN.exe
  2⤵
  PID:6396
- C:\Windows\System\AQfjIhW.exe
  C:\Windows\System\AQfjIhW.exe
  2⤵
  PID:6416
- C:\Windows\System\RErdOVf.exe
  C:\Windows\System\RErdOVf.exe
  2⤵
  PID:6436
- C:\Windows\System\DyPLktA.exe
  C:\Windows\System\DyPLktA.exe
  2⤵
  PID:6456
- C:\Windows\System\vhMEMoA.exe
  C:\Windows\System\vhMEMoA.exe
  2⤵
  PID:6476
- C:\Windows\System\dkzlsad.exe
  C:\Windows\System\dkzlsad.exe
  2⤵
  PID:6496
- C:\Windows\System\vbQwECA.exe
  C:\Windows\System\vbQwECA.exe
  2⤵
  PID:6516
- C:\Windows\System\PWdkiMj.exe
  C:\Windows\System\PWdkiMj.exe
  2⤵
  PID:6536
- C:\Windows\System\RhuKUPp.exe
  C:\Windows\System\RhuKUPp.exe
  2⤵
  PID:6556
- C:\Windows\System\DUzqRom.exe
  C:\Windows\System\DUzqRom.exe
  2⤵
  PID:6576
- C:\Windows\System\ICPKGQL.exe
  C:\Windows\System\ICPKGQL.exe
  2⤵
  PID:6596
- C:\Windows\System\eOkqGAJ.exe
  C:\Windows\System\eOkqGAJ.exe
  2⤵
  PID:6616
- C:\Windows\System\tlJThkq.exe
  C:\Windows\System\tlJThkq.exe
  2⤵
  PID:6636
- C:\Windows\System\REcDyOB.exe
  C:\Windows\System\REcDyOB.exe
  2⤵
  PID:6656
- C:\Windows\System\bGLgWlL.exe
  C:\Windows\System\bGLgWlL.exe
  2⤵
  PID:6676
- C:\Windows\System\eHjaprn.exe
  C:\Windows\System\eHjaprn.exe
  2⤵
  PID:6696
- C:\Windows\System\gjxTLAp.exe
  C:\Windows\System\gjxTLAp.exe
  2⤵
  PID:6716
- C:\Windows\System\XuOAJUy.exe
  C:\Windows\System\XuOAJUy.exe
  2⤵
  PID:6736
- C:\Windows\System\hxJdWcI.exe
  C:\Windows\System\hxJdWcI.exe
  2⤵
  PID:6756
- C:\Windows\System\XHmSemv.exe
  C:\Windows\System\XHmSemv.exe
  2⤵
  PID:6776
- C:\Windows\System\MLufEvW.exe
  C:\Windows\System\MLufEvW.exe
  2⤵
  PID:6796
- C:\Windows\System\yXqrqlr.exe
  C:\Windows\System\yXqrqlr.exe
  2⤵
  PID:6816
- C:\Windows\System\PrfWVII.exe
  C:\Windows\System\PrfWVII.exe
  2⤵
  PID:6836
- C:\Windows\System\bwabqvH.exe
  C:\Windows\System\bwabqvH.exe
  2⤵
  PID:6856
- C:\Windows\System\BJmDDSJ.exe
  C:\Windows\System\BJmDDSJ.exe
  2⤵
  PID:6876
- C:\Windows\System\nHwXVDJ.exe
  C:\Windows\System\nHwXVDJ.exe
  2⤵
  PID:6896
- C:\Windows\System\xTEAUOm.exe
  C:\Windows\System\xTEAUOm.exe
  2⤵
  PID:6916
- C:\Windows\System\uRweLSy.exe
  C:\Windows\System\uRweLSy.exe
  2⤵
  PID:6932
- C:\Windows\System\UKlDjHl.exe
  C:\Windows\System\UKlDjHl.exe
  2⤵
  PID:6956
- C:\Windows\System\bLgVBkl.exe
  C:\Windows\System\bLgVBkl.exe
  2⤵
  PID:6976
- C:\Windows\System\yFSPtjS.exe
  C:\Windows\System\yFSPtjS.exe
  2⤵
  PID:6996
- C:\Windows\System\AhxYpwj.exe
  C:\Windows\System\AhxYpwj.exe
  2⤵
  PID:7016
- C:\Windows\System\hTKLuMW.exe
  C:\Windows\System\hTKLuMW.exe
  2⤵
  PID:7036
- C:\Windows\System\nvvAXGO.exe
  C:\Windows\System\nvvAXGO.exe
  2⤵
  PID:7056
- C:\Windows\System\QPlZvVO.exe
  C:\Windows\System\QPlZvVO.exe
  2⤵
  PID:7076
- C:\Windows\System\HqjfqYY.exe
  C:\Windows\System\HqjfqYY.exe
  2⤵
  PID:7100
- C:\Windows\System\ZQsrCpu.exe
  C:\Windows\System\ZQsrCpu.exe
  2⤵
  PID:7120
- C:\Windows\System\tBaGQjL.exe
  C:\Windows\System\tBaGQjL.exe
  2⤵
  PID:7140
- C:\Windows\System\WsyNkfE.exe
  C:\Windows\System\WsyNkfE.exe
  2⤵
  PID:7160
- C:\Windows\System\evlRywG.exe
  C:\Windows\System\evlRywG.exe
  2⤵
  PID:5164
- C:\Windows\System\SFpyzwk.exe
  C:\Windows\System\SFpyzwk.exe
  2⤵
  PID:5368
- C:\Windows\System\RlFqnOH.exe
  C:\Windows\System\RlFqnOH.exe
  2⤵
  PID:5504
- C:\Windows\System\dmcTamH.exe
  C:\Windows\System\dmcTamH.exe
  2⤵
  PID:5704
- C:\Windows\System\beSaegu.exe
  C:\Windows\System\beSaegu.exe
  2⤵
  PID:5744
- C:\Windows\System\mOkkwyW.exe
  C:\Windows\System\mOkkwyW.exe
  2⤵
  PID:2852
- C:\Windows\System\xFmZUEv.exe
  C:\Windows\System\xFmZUEv.exe
  2⤵
  PID:5944
- C:\Windows\System\AtGdBlL.exe
  C:\Windows\System\AtGdBlL.exe
  2⤵
  PID:6084
- C:\Windows\System\YUrQUVw.exe
  C:\Windows\System\YUrQUVw.exe
  2⤵
  PID:2740
- C:\Windows\System\GiNkAtj.exe
  C:\Windows\System\GiNkAtj.exe
  2⤵
  PID:6148
- C:\Windows\System\TqGXwvZ.exe
  C:\Windows\System\TqGXwvZ.exe
  2⤵
  PID:6188
- C:\Windows\System\HJwzzmp.exe
  C:\Windows\System\HJwzzmp.exe
  2⤵
  PID:6224
- C:\Windows\System\ZUNBsNW.exe
  C:\Windows\System\ZUNBsNW.exe
  2⤵
  PID:6252
- C:\Windows\System\VAttHzK.exe
  C:\Windows\System\VAttHzK.exe
  2⤵
  PID:6284
- C:\Windows\System\QKPNFHL.exe
  C:\Windows\System\QKPNFHL.exe
  2⤵
  PID:6308
- C:\Windows\System\qaiDgJC.exe
  C:\Windows\System\qaiDgJC.exe
  2⤵
  PID:6352
- C:\Windows\System\cOjRAJL.exe
  C:\Windows\System\cOjRAJL.exe
  2⤵
  PID:6384
- C:\Windows\System\pzEUEnw.exe
  C:\Windows\System\pzEUEnw.exe
  2⤵
  PID:6408
- C:\Windows\System\dOQeFTk.exe
  C:\Windows\System\dOQeFTk.exe
  2⤵
  PID:6464
- C:\Windows\System\evkizmc.exe
  C:\Windows\System\evkizmc.exe
  2⤵
  PID:6484
- C:\Windows\System\aSjtadI.exe
  C:\Windows\System\aSjtadI.exe
  2⤵
  PID:6508
- C:\Windows\System\wnOogev.exe
  C:\Windows\System\wnOogev.exe
  2⤵
  PID:6552
- C:\Windows\System\OFMrclW.exe
  C:\Windows\System\OFMrclW.exe
  2⤵
  PID:6584
- C:\Windows\System\vLKSWoT.exe
  C:\Windows\System\vLKSWoT.exe
  2⤵
  PID:6632
- C:\Windows\System\vMqJYSI.exe
  C:\Windows\System\vMqJYSI.exe
  2⤵
  PID:6664
- C:\Windows\System\xFUuzCH.exe
  C:\Windows\System\xFUuzCH.exe
  2⤵
  PID:6652
- C:\Windows\System\oSvZuNd.exe
  C:\Windows\System\oSvZuNd.exe
  2⤵
  PID:6708
- C:\Windows\System\XTojXUD.exe
  C:\Windows\System\XTojXUD.exe
  2⤵
  PID:6728
- C:\Windows\System\pwgVcZZ.exe
  C:\Windows\System\pwgVcZZ.exe
  2⤵
  PID:6772
- C:\Windows\System\LUGMvqh.exe
  C:\Windows\System\LUGMvqh.exe
  2⤵
  PID:6808
- C:\Windows\System\tBynAGD.exe
  C:\Windows\System\tBynAGD.exe
  2⤵
  PID:1596
- C:\Windows\System\EwRBNiK.exe
  C:\Windows\System\EwRBNiK.exe
  2⤵
  PID:6868
- C:\Windows\System\wJdIvTb.exe
  C:\Windows\System\wJdIvTb.exe
  2⤵
  PID:6908
- C:\Windows\System\ajoJaix.exe
  C:\Windows\System\ajoJaix.exe
  2⤵
  PID:6952
- C:\Windows\System\DnUseKJ.exe
  C:\Windows\System\DnUseKJ.exe
  2⤵
  PID:6984
- C:\Windows\System\cRupWbv.exe
  C:\Windows\System\cRupWbv.exe
  2⤵
  PID:7024
- C:\Windows\System\uzgMxBf.exe
  C:\Windows\System\uzgMxBf.exe
  2⤵
  PID:7008
- C:\Windows\System\zphCwEs.exe
  C:\Windows\System\zphCwEs.exe
  2⤵
  PID:7068
- C:\Windows\System\zfNfXWo.exe
  C:\Windows\System\zfNfXWo.exe
  2⤵
  PID:7092
- C:\Windows\System\EaSlomz.exe
  C:\Windows\System\EaSlomz.exe
  2⤵
  PID:7132
- C:\Windows\System\AMwuKld.exe
  C:\Windows\System\AMwuKld.exe
  2⤵
  PID:5180
- C:\Windows\System\dJJSHoc.exe
  C:\Windows\System\dJJSHoc.exe
  2⤵
  PID:5420
- C:\Windows\System\PsLbUzH.exe
  C:\Windows\System\PsLbUzH.exe
  2⤵
  PID:5804
- C:\Windows\System\eYBDaGN.exe
  C:\Windows\System\eYBDaGN.exe
  2⤵
  PID:5868
- C:\Windows\System\PWahEWs.exe
  C:\Windows\System\PWahEWs.exe
  2⤵
  PID:5988
- C:\Windows\System\FEexlxp.exe
  C:\Windows\System\FEexlxp.exe
  2⤵
  PID:4984
- C:\Windows\System\zEDlPkf.exe
  C:\Windows\System\zEDlPkf.exe
  2⤵
  PID:6168
- C:\Windows\System\XKNyFdz.exe
  C:\Windows\System\XKNyFdz.exe
  2⤵
  PID:3064
- C:\Windows\System\PnGrXxv.exe
  C:\Windows\System\PnGrXxv.exe
  2⤵
  PID:6272
- C:\Windows\System\SCBqaXO.exe
  C:\Windows\System\SCBqaXO.exe
  2⤵
  PID:6304
- C:\Windows\System\EwqjDBL.exe
  C:\Windows\System\EwqjDBL.exe
  2⤵
  PID:6412
- C:\Windows\System\GtGGvjF.exe
  C:\Windows\System\GtGGvjF.exe
  2⤵
  PID:6468
- C:\Windows\System\KrzowuP.exe
  C:\Windows\System\KrzowuP.exe
  2⤵
  PID:6488
- C:\Windows\System\PcrRQsO.exe
  C:\Windows\System\PcrRQsO.exe
  2⤵
  PID:6564
- C:\Windows\System\wfMDJvk.exe
  C:\Windows\System\wfMDJvk.exe
  2⤵
  PID:6572
- C:\Windows\System\ESstEXS.exe
  C:\Windows\System\ESstEXS.exe
  2⤵
  PID:6712
- C:\Windows\System\wltIslP.exe
  C:\Windows\System\wltIslP.exe
  2⤵
  PID:6732
- C:\Windows\System\DKBzMHP.exe
  C:\Windows\System\DKBzMHP.exe
  2⤵
  PID:6788
- C:\Windows\System\JVnPEiK.exe
  C:\Windows\System\JVnPEiK.exe
  2⤵
  PID:6804
- C:\Windows\System\RIwWvzG.exe
  C:\Windows\System\RIwWvzG.exe
  2⤵
  PID:6904
- C:\Windows\System\HgsOVib.exe
  C:\Windows\System\HgsOVib.exe
  2⤵
  PID:6884
- C:\Windows\System\BtMldup.exe
  C:\Windows\System\BtMldup.exe
  2⤵
  PID:6928
- C:\Windows\System\dwUchHo.exe
  C:\Windows\System\dwUchHo.exe
  2⤵
  PID:7028
- C:\Windows\System\vfCdCva.exe
  C:\Windows\System\vfCdCva.exe
  2⤵
  PID:7088
- C:\Windows\System\LQKIMil.exe
  C:\Windows\System\LQKIMil.exe
  2⤵
  PID:5228
- C:\Windows\System\aXIekoe.exe
  C:\Windows\System\aXIekoe.exe
  2⤵
  PID:1796
- C:\Windows\System\EaMnoLt.exe
  C:\Windows\System\EaMnoLt.exe
  2⤵
  PID:5384
- C:\Windows\System\hoXHxzT.exe
  C:\Windows\System\hoXHxzT.exe
  2⤵
  PID:4584
- C:\Windows\System\rOGUTSf.exe
  C:\Windows\System\rOGUTSf.exe
  2⤵
  PID:6204
- C:\Windows\System\VWffxDF.exe
  C:\Windows\System\VWffxDF.exe
  2⤵
  PID:6344
- C:\Windows\System\fZwjwuE.exe
  C:\Windows\System\fZwjwuE.exe
  2⤵
  PID:6404
- C:\Windows\System\eaijqsd.exe
  C:\Windows\System\eaijqsd.exe
  2⤵
  PID:6544
- C:\Windows\System\vRIBXEy.exe
  C:\Windows\System\vRIBXEy.exe
  2⤵
  PID:6472
- C:\Windows\System\jTgHmNi.exe
  C:\Windows\System\jTgHmNi.exe
  2⤵
  PID:6608
- C:\Windows\System\ktXjtPH.exe
  C:\Windows\System\ktXjtPH.exe
  2⤵
  PID:6764
- C:\Windows\System\uGWIrLZ.exe
  C:\Windows\System\uGWIrLZ.exe
  2⤵
  PID:6852
- C:\Windows\System\Dcueqrh.exe
  C:\Windows\System\Dcueqrh.exe
  2⤵
  PID:6948
- C:\Windows\System\CPatgFP.exe
  C:\Windows\System\CPatgFP.exe
  2⤵
  PID:7064
- C:\Windows\System\dfTvEmb.exe
  C:\Windows\System\dfTvEmb.exe
  2⤵
  PID:7148
- C:\Windows\System\bkbihWJ.exe
  C:\Windows\System\bkbihWJ.exe
  2⤵
  PID:5300
- C:\Windows\System\ArMoVSH.exe
  C:\Windows\System\ArMoVSH.exe
  2⤵
  PID:5388
- C:\Windows\System\xlwIqhE.exe
  C:\Windows\System\xlwIqhE.exe
  2⤵
  PID:6208
- C:\Windows\System\RZYsDRh.exe
  C:\Windows\System\RZYsDRh.exe
  2⤵
  PID:6364
- C:\Windows\System\YFuZsdY.exe
  C:\Windows\System\YFuZsdY.exe
  2⤵
  PID:6528
- C:\Windows\System\rLsPwts.exe
  C:\Windows\System\rLsPwts.exe
  2⤵
  PID:6428
- C:\Windows\System\ZacLfBu.exe
  C:\Windows\System\ZacLfBu.exe
  2⤵
  PID:2832
- C:\Windows\System\VTxaTev.exe
  C:\Windows\System\VTxaTev.exe
  2⤵
  PID:7184
- C:\Windows\System\XusiNSV.exe
  C:\Windows\System\XusiNSV.exe
  2⤵
  PID:7204
- C:\Windows\System\YoqREcF.exe
  C:\Windows\System\YoqREcF.exe
  2⤵
  PID:7224
- C:\Windows\System\bXyKKFQ.exe
  C:\Windows\System\bXyKKFQ.exe
  2⤵
  PID:7244
- C:\Windows\System\XrLtiKi.exe
  C:\Windows\System\XrLtiKi.exe
  2⤵
  PID:7264
- C:\Windows\System\wDYGsWu.exe
  C:\Windows\System\wDYGsWu.exe
  2⤵
  PID:7284
- C:\Windows\System\grGimpm.exe
  C:\Windows\System\grGimpm.exe
  2⤵
  PID:7304
- C:\Windows\System\qPDwoOP.exe
  C:\Windows\System\qPDwoOP.exe
  2⤵
  PID:7324
- C:\Windows\System\tkvMTmP.exe
  C:\Windows\System\tkvMTmP.exe
  2⤵
  PID:7344
- C:\Windows\System\iaslvWY.exe
  C:\Windows\System\iaslvWY.exe
  2⤵
  PID:7364
- C:\Windows\System\xcBNtwd.exe
  C:\Windows\System\xcBNtwd.exe
  2⤵
  PID:7384
- C:\Windows\System\kbsHjkk.exe
  C:\Windows\System\kbsHjkk.exe
  2⤵
  PID:7404
- C:\Windows\System\OOIHLqH.exe
  C:\Windows\System\OOIHLqH.exe
  2⤵
  PID:7424
- C:\Windows\System\CrEiDBX.exe
  C:\Windows\System\CrEiDBX.exe
  2⤵
  PID:7444
- C:\Windows\System\mzupDus.exe
  C:\Windows\System\mzupDus.exe
  2⤵
  PID:7464
- C:\Windows\System\nVcGomQ.exe
  C:\Windows\System\nVcGomQ.exe
  2⤵
  PID:7484
- C:\Windows\System\HgQbbZT.exe
  C:\Windows\System\HgQbbZT.exe
  2⤵
  PID:7504
- C:\Windows\System\cgKQPjr.exe
  C:\Windows\System\cgKQPjr.exe
  2⤵
  PID:7524
- C:\Windows\System\NaAQfCQ.exe
  C:\Windows\System\NaAQfCQ.exe
  2⤵
  PID:7544
- C:\Windows\System\mhnVSNu.exe
  C:\Windows\System\mhnVSNu.exe
  2⤵
  PID:7564
- C:\Windows\System\OjcIjAB.exe
  C:\Windows\System\OjcIjAB.exe
  2⤵
  PID:7584
- C:\Windows\System\hnGHmGk.exe
  C:\Windows\System\hnGHmGk.exe
  2⤵
  PID:7604
- C:\Windows\System\EvUURmW.exe
  C:\Windows\System\EvUURmW.exe
  2⤵
  PID:7624
- C:\Windows\System\xmVIayR.exe
  C:\Windows\System\xmVIayR.exe
  2⤵
  PID:7644
- C:\Windows\System\hfafvgT.exe
  C:\Windows\System\hfafvgT.exe
  2⤵
  PID:7664
- C:\Windows\System\gDodrre.exe
  C:\Windows\System\gDodrre.exe
  2⤵
  PID:7684
- C:\Windows\System\CzRhUVp.exe
  C:\Windows\System\CzRhUVp.exe
  2⤵
  PID:7704
- C:\Windows\System\cBaoHvs.exe
  C:\Windows\System\cBaoHvs.exe
  2⤵
  PID:7724
- C:\Windows\System\TlEsteX.exe
  C:\Windows\System\TlEsteX.exe
  2⤵
  PID:7744
- C:\Windows\System\CmTqGSh.exe
  C:\Windows\System\CmTqGSh.exe
  2⤵
  PID:7764
- C:\Windows\System\DvnCUbL.exe
  C:\Windows\System\DvnCUbL.exe
  2⤵
  PID:7784
- C:\Windows\System\FjNohou.exe
  C:\Windows\System\FjNohou.exe
  2⤵
  PID:7808
- C:\Windows\System\OVjEgjn.exe
  C:\Windows\System\OVjEgjn.exe
  2⤵
  PID:7828
- C:\Windows\System\niEjLUi.exe
  C:\Windows\System\niEjLUi.exe
  2⤵
  PID:7848
- C:\Windows\System\CWlZPHa.exe
  C:\Windows\System\CWlZPHa.exe
  2⤵
  PID:7868
- C:\Windows\System\lKNOIrw.exe
  C:\Windows\System\lKNOIrw.exe
  2⤵
  PID:7888
- C:\Windows\System\ZqPXetf.exe
  C:\Windows\System\ZqPXetf.exe
  2⤵
  PID:7904
- C:\Windows\System\JiuMFgP.exe
  C:\Windows\System\JiuMFgP.exe
  2⤵
  PID:7928
- C:\Windows\System\gdrFDgq.exe
  C:\Windows\System\gdrFDgq.exe
  2⤵
  PID:7948
- C:\Windows\System\HmHJCuy.exe
  C:\Windows\System\HmHJCuy.exe
  2⤵
  PID:7968
- C:\Windows\System\NKwchvw.exe
  C:\Windows\System\NKwchvw.exe
  2⤵
  PID:7988
- C:\Windows\System\aJMVink.exe
  C:\Windows\System\aJMVink.exe
  2⤵
  PID:8008
- C:\Windows\System\OekXvqa.exe
  C:\Windows\System\OekXvqa.exe
  2⤵
  PID:8028
- C:\Windows\System\GIkGQtP.exe
  C:\Windows\System\GIkGQtP.exe
  2⤵
  PID:8068
- C:\Windows\System\qjeIuyl.exe
  C:\Windows\System\qjeIuyl.exe
  2⤵
  PID:8088
- C:\Windows\System\JrSEcCQ.exe
  C:\Windows\System\JrSEcCQ.exe
  2⤵
  PID:8112
- C:\Windows\System\DZfYKDZ.exe
  C:\Windows\System\DZfYKDZ.exe
  2⤵
  PID:8132
- C:\Windows\System\aWibruq.exe
  C:\Windows\System\aWibruq.exe
  2⤵
  PID:8152
- C:\Windows\System\NzLvwnB.exe
  C:\Windows\System\NzLvwnB.exe
  2⤵
  PID:8176
- C:\Windows\System\RxDwlDO.exe
  C:\Windows\System\RxDwlDO.exe
  2⤵
  PID:1816
- C:\Windows\System\JbYDCGi.exe
  C:\Windows\System\JbYDCGi.exe
  2⤵
  PID:5468
- C:\Windows\System\ZGAqyKw.exe
  C:\Windows\System\ZGAqyKw.exe
  2⤵
  PID:1116
- C:\Windows\System\dAcYPBy.exe
  C:\Windows\System\dAcYPBy.exe
  2⤵
  PID:6212
- C:\Windows\System\ZIcCXaH.exe
  C:\Windows\System\ZIcCXaH.exe
  2⤵
  PID:6448
- C:\Windows\System\OrEfKZY.exe
  C:\Windows\System\OrEfKZY.exe
  2⤵
  PID:6604
- C:\Windows\System\Fjvredz.exe
  C:\Windows\System\Fjvredz.exe
  2⤵
  PID:6692
- C:\Windows\System\CpRddhf.exe
  C:\Windows\System\CpRddhf.exe
  2⤵
  PID:7216
- C:\Windows\System\gwlJwTw.exe
  C:\Windows\System\gwlJwTw.exe
  2⤵
  PID:7256
- C:\Windows\System\ORBoWlg.exe
  C:\Windows\System\ORBoWlg.exe
  2⤵
  PID:7292
- C:\Windows\System\FeKMqAb.exe
  C:\Windows\System\FeKMqAb.exe
  2⤵
  PID:7332
- C:\Windows\System\vwIctJX.exe
  C:\Windows\System\vwIctJX.exe
  2⤵
  PID:7356
- C:\Windows\System\JOLZZJl.exe
  C:\Windows\System\JOLZZJl.exe
  2⤵
  PID:7416
- C:\Windows\System\svINRSI.exe
  C:\Windows\System\svINRSI.exe
  2⤵
  PID:7452
- C:\Windows\System\kFyaHSK.exe
  C:\Windows\System\kFyaHSK.exe
  2⤵
  PID:7512
- C:\Windows\System\JOsJVYI.exe
  C:\Windows\System\JOsJVYI.exe
  2⤵
  PID:7520
- C:\Windows\System\IKhhDRS.exe
  C:\Windows\System\IKhhDRS.exe
  2⤵
  PID:7560
- C:\Windows\System\AVFCinl.exe
  C:\Windows\System\AVFCinl.exe
  2⤵
  PID:7576
- C:\Windows\System\uPlpYYt.exe
  C:\Windows\System\uPlpYYt.exe
  2⤵
  PID:7592
- C:\Windows\System\pdTZyqN.exe
  C:\Windows\System\pdTZyqN.exe
  2⤵
  PID:7616
- C:\Windows\System\LmcuyZy.exe
  C:\Windows\System\LmcuyZy.exe
  2⤵
  PID:7660
- C:\Windows\System\zBJiHBT.exe
  C:\Windows\System\zBJiHBT.exe
  2⤵
  PID:7676
- C:\Windows\System\AvsGUsW.exe
  C:\Windows\System\AvsGUsW.exe
  2⤵
  PID:7696
- C:\Windows\System\WRagAmI.exe
  C:\Windows\System\WRagAmI.exe
  2⤵
  PID:7752
- C:\Windows\System\pnBcpWK.exe
  C:\Windows\System\pnBcpWK.exe
  2⤵
  PID:7804
- C:\Windows\System\PogXIMY.exe
  C:\Windows\System\PogXIMY.exe
  2⤵
  PID:7776
- C:\Windows\System\KMFoaSv.exe
  C:\Windows\System\KMFoaSv.exe
  2⤵
  PID:7816
- C:\Windows\System\XVMbFBN.exe
  C:\Windows\System\XVMbFBN.exe
  2⤵
  PID:7884
- C:\Windows\System\mizbsNm.exe
  C:\Windows\System\mizbsNm.exe
  2⤵
  PID:7864
- C:\Windows\System\eJKRcwl.exe
  C:\Windows\System\eJKRcwl.exe
  2⤵
  PID:7916
- C:\Windows\System\ixOzUfa.exe
  C:\Windows\System\ixOzUfa.exe
  2⤵
  PID:7896
- C:\Windows\System\TDpZaly.exe
  C:\Windows\System\TDpZaly.exe
  2⤵
  PID:7940
- C:\Windows\System\mxcTeQC.exe
  C:\Windows\System\mxcTeQC.exe
  2⤵
  PID:7976
- C:\Windows\System\QgtSYBI.exe
  C:\Windows\System\QgtSYBI.exe
  2⤵
  PID:2680
- C:\Windows\System\wXnmntY.exe
  C:\Windows\System\wXnmntY.exe
  2⤵
  PID:2344
- C:\Windows\System\cWliDPh.exe
  C:\Windows\System\cWliDPh.exe
  2⤵
  PID:316
- C:\Windows\System\aHaTDMM.exe
  C:\Windows\System\aHaTDMM.exe
  2⤵
  PID:1548
- C:\Windows\System\xTLKNuK.exe
  C:\Windows\System\xTLKNuK.exe
  2⤵
  PID:1296
- C:\Windows\System\zfAMUVf.exe
  C:\Windows\System\zfAMUVf.exe
  2⤵
  PID:2052
- C:\Windows\System\rBTMinW.exe
  C:\Windows\System\rBTMinW.exe
  2⤵
  PID:760
- C:\Windows\System\WipqYAl.exe
  C:\Windows\System\WipqYAl.exe
  2⤵
  PID:8080
- C:\Windows\System\vioDOjh.exe
  C:\Windows\System\vioDOjh.exe
  2⤵
  PID:1360
- C:\Windows\System\TDtsXEh.exe
  C:\Windows\System\TDtsXEh.exe
  2⤵
  PID:1964
- C:\Windows\System\xmCToVI.exe
  C:\Windows\System\xmCToVI.exe
  2⤵
  PID:8124
- C:\Windows\System\MAErdkv.exe
  C:\Windows\System\MAErdkv.exe
  2⤵
  PID:8164
- C:\Windows\System\VmtjiHH.exe
  C:\Windows\System\VmtjiHH.exe
  2⤵
  PID:6992
- C:\Windows\System\KOWIMSn.exe
  C:\Windows\System\KOWIMSn.exe
  2⤵
  PID:7180
- C:\Windows\System\kmqEtKG.exe
  C:\Windows\System\kmqEtKG.exe
  2⤵
  PID:6124
- C:\Windows\System\vntLYSN.exe
  C:\Windows\System\vntLYSN.exe
  2⤵
  PID:7316
- C:\Windows\System\zeMeOHq.exe
  C:\Windows\System\zeMeOHq.exe
  2⤵
  PID:7296
- C:\Windows\System\tRDFraV.exe
  C:\Windows\System\tRDFraV.exe
  2⤵
  PID:7260
- C:\Windows\System\IgrcYqK.exe
  C:\Windows\System\IgrcYqK.exe
  2⤵
  PID:7492
- C:\Windows\System\vbEuXeG.exe
  C:\Windows\System\vbEuXeG.exe
  2⤵
  PID:7572
- C:\Windows\System\FoAPjLB.exe
  C:\Windows\System\FoAPjLB.exe
  2⤵
  PID:1824
- C:\Windows\System\MoxNTHk.exe
  C:\Windows\System\MoxNTHk.exe
  2⤵
  PID:7736
- C:\Windows\System\rWJQrwt.exe
  C:\Windows\System\rWJQrwt.exe
  2⤵
  PID:7780
- C:\Windows\System\khTjIAK.exe
  C:\Windows\System\khTjIAK.exe
  2⤵
  PID:7956
- C:\Windows\System\QLpcmpc.exe
  C:\Windows\System\QLpcmpc.exe
  2⤵
  PID:8004
- C:\Windows\System\Gfewzxo.exe
  C:\Windows\System\Gfewzxo.exe
  2⤵
  PID:8020
- C:\Windows\System\fBLCkDH.exe
  C:\Windows\System\fBLCkDH.exe
  2⤵
  PID:7532
- C:\Windows\System\OKEKQHI.exe
  C:\Windows\System\OKEKQHI.exe
  2⤵
  PID:7756
- C:\Windows\System\UClYMNO.exe
  C:\Windows\System\UClYMNO.exe
  2⤵
  PID:7912
- C:\Windows\System\yagAtMI.exe
  C:\Windows\System\yagAtMI.exe
  2⤵
  PID:7900
- C:\Windows\System\XnojKxq.exe
  C:\Windows\System\XnojKxq.exe
  2⤵
  PID:2896
- C:\Windows\System\FmNBPWD.exe
  C:\Windows\System\FmNBPWD.exe
  2⤵
  PID:2044
- C:\Windows\System\eBNGeKb.exe
  C:\Windows\System\eBNGeKb.exe
  2⤵
  PID:1868
- C:\Windows\System\ATXDxyF.exe
  C:\Windows\System\ATXDxyF.exe
  2⤵
  PID:1260
- C:\Windows\System\PzEyZdq.exe
  C:\Windows\System\PzEyZdq.exe
  2⤵
  PID:6828
- C:\Windows\System\mZiVArm.exe
  C:\Windows\System\mZiVArm.exe
  2⤵
  PID:7176
- C:\Windows\System\arseZDn.exe
  C:\Windows\System\arseZDn.exe
  2⤵
  PID:7212
- C:\Windows\System\nmfxsnX.exe
  C:\Windows\System\nmfxsnX.exe
  2⤵
  PID:580
- C:\Windows\System\lWhRJdC.exe
  C:\Windows\System\lWhRJdC.exe
  2⤵
  PID:2968
- C:\Windows\System\WexCHtq.exe
  C:\Windows\System\WexCHtq.exe
  2⤵
  PID:7352
- C:\Windows\System\fyWJcKS.exe
  C:\Windows\System\fyWJcKS.exe
  2⤵
  PID:7372
- C:\Windows\System\GItCeCl.exe
  C:\Windows\System\GItCeCl.exe
  2⤵
  PID:560
- C:\Windows\System\NHjJVWM.exe
  C:\Windows\System\NHjJVWM.exe
  2⤵
  PID:7536
- C:\Windows\System\IYkjDgA.exe
  C:\Windows\System\IYkjDgA.exe
  2⤵
  PID:3288
- C:\Windows\System\mQVadeY.exe
  C:\Windows\System\mQVadeY.exe
  2⤵
  PID:1272
- C:\Windows\System\yoTTsRs.exe
  C:\Windows\System\yoTTsRs.exe
  2⤵
  PID:8016
- C:\Windows\System\GAZKBew.exe
  C:\Windows\System\GAZKBew.exe
  2⤵
  PID:7600
- C:\Windows\System\SBzfTJP.exe
  C:\Windows\System\SBzfTJP.exe
  2⤵
  PID:7840
- C:\Windows\System\WasdAMG.exe
  C:\Windows\System\WasdAMG.exe
  2⤵
  PID:1916
- C:\Windows\System\FJmHBMt.exe
  C:\Windows\System\FJmHBMt.exe
  2⤵
  PID:1700
- C:\Windows\System\yjOLiYV.exe
  C:\Windows\System\yjOLiYV.exe
  2⤵
  PID:1664
- C:\Windows\System\kyoQYfL.exe
  C:\Windows\System\kyoQYfL.exe
  2⤵
  PID:7580
- C:\Windows\System\vhLijNI.exe
  C:\Windows\System\vhLijNI.exe
  2⤵
  PID:8104
- C:\Windows\System\MiMJuZf.exe
  C:\Windows\System\MiMJuZf.exe
  2⤵
  PID:8064
- C:\Windows\System\LQiYbzE.exe
  C:\Windows\System\LQiYbzE.exe
  2⤵
  PID:7456
- C:\Windows\System\kmvOlvT.exe
  C:\Windows\System\kmvOlvT.exe
  2⤵
  PID:7392
- C:\Windows\System\pPeSjRJ.exe
  C:\Windows\System\pPeSjRJ.exe
  2⤵
  PID:7480
- C:\Windows\System\dMsIURe.exe
  C:\Windows\System\dMsIURe.exe
  2⤵
  PID:7984
- C:\Windows\System\zBLcLlq.exe
  C:\Windows\System\zBLcLlq.exe
  2⤵
  PID:7792
- C:\Windows\System\RFRSGLm.exe
  C:\Windows\System\RFRSGLm.exe
  2⤵
  PID:8120
- C:\Windows\System\PRERHey.exe
  C:\Windows\System\PRERHey.exe
  2⤵
  PID:6312
- C:\Windows\System\LBsEYlp.exe
  C:\Windows\System\LBsEYlp.exe
  2⤵
  PID:7612
- C:\Windows\System\AAHuTpQ.exe
  C:\Windows\System\AAHuTpQ.exe
  2⤵
  PID:4604
- C:\Windows\System\sbftfVt.exe
  C:\Windows\System\sbftfVt.exe
  2⤵
  PID:7200
- C:\Windows\System\yCEKWiX.exe
  C:\Windows\System\yCEKWiX.exe
  2⤵
  PID:7476
- C:\Windows\System\XfMLnFt.exe
  C:\Windows\System\XfMLnFt.exe
  2⤵
  PID:7420
- C:\Windows\System\QtJxIUa.exe
  C:\Windows\System\QtJxIUa.exe
  2⤵
  PID:2624
- C:\Windows\System\vONVAUz.exe
  C:\Windows\System\vONVAUz.exe
  2⤵
  PID:2656
- C:\Windows\System\nUQzIrX.exe
  C:\Windows\System\nUQzIrX.exe
  2⤵
  PID:7876
- C:\Windows\System\owiOaCj.exe
  C:\Windows\System\owiOaCj.exe
  2⤵
  PID:7640
- C:\Windows\System\xNSgDDR.exe
  C:\Windows\System\xNSgDDR.exe
  2⤵
  PID:8220
- C:\Windows\System\sjLDkab.exe
  C:\Windows\System\sjLDkab.exe
  2⤵
  PID:8236
- C:\Windows\System\bqfjdDa.exe
  C:\Windows\System\bqfjdDa.exe
  2⤵
  PID:8252
- C:\Windows\System\emFMWUt.exe
  C:\Windows\System\emFMWUt.exe
  2⤵
  PID:8268
- C:\Windows\System\mosOIeH.exe
  C:\Windows\System\mosOIeH.exe
  2⤵
  PID:8304
- C:\Windows\System\laBdeYP.exe
  C:\Windows\System\laBdeYP.exe
  2⤵
  PID:8320
- C:\Windows\System\LiNvncH.exe
  C:\Windows\System\LiNvncH.exe
  2⤵
  PID:8336
- C:\Windows\System\VNvOXyB.exe
  C:\Windows\System\VNvOXyB.exe
  2⤵
  PID:8356
- C:\Windows\System\bpkLheo.exe
  C:\Windows\System\bpkLheo.exe
  2⤵
  PID:8384
- C:\Windows\System\nXYPMDQ.exe
  C:\Windows\System\nXYPMDQ.exe
  2⤵
  PID:8412
- C:\Windows\System\qrHGnWs.exe
  C:\Windows\System\qrHGnWs.exe
  2⤵
  PID:8432
- C:\Windows\System\wCXCNpx.exe
  C:\Windows\System\wCXCNpx.exe
  2⤵
  PID:8448
- C:\Windows\System\erqqLpD.exe
  C:\Windows\System\erqqLpD.exe
  2⤵
  PID:8464
- C:\Windows\System\clFmtrO.exe
  C:\Windows\System\clFmtrO.exe
  2⤵
  PID:8484
- C:\Windows\System\vVSgSdX.exe
  C:\Windows\System\vVSgSdX.exe
  2⤵
  PID:8504
- C:\Windows\System\IRoDpiw.exe
  C:\Windows\System\IRoDpiw.exe
  2⤵
  PID:8536
- C:\Windows\System\wBQTEoY.exe
  C:\Windows\System\wBQTEoY.exe
  2⤵
  PID:8552
- C:\Windows\System\EuoJuMf.exe
  C:\Windows\System\EuoJuMf.exe
  2⤵
  PID:8572
- C:\Windows\System\JJhmFJY.exe
  C:\Windows\System\JJhmFJY.exe
  2⤵
  PID:8588
- C:\Windows\System\zkOSYuM.exe
  C:\Windows\System\zkOSYuM.exe
  2⤵
  PID:8612
- C:\Windows\System\HOhGKiW.exe
  C:\Windows\System\HOhGKiW.exe
  2⤵
  PID:8628
- C:\Windows\System\TJpyYKl.exe
  C:\Windows\System\TJpyYKl.exe
  2⤵
  PID:8660
- C:\Windows\System\thNPVSu.exe
  C:\Windows\System\thNPVSu.exe
  2⤵
  PID:8676
- C:\Windows\System\BSiLALQ.exe
  C:\Windows\System\BSiLALQ.exe
  2⤵
  PID:8692
- C:\Windows\System\GOvGCnu.exe
  C:\Windows\System\GOvGCnu.exe
  2⤵
  PID:8712
- C:\Windows\System\CKOcTtc.exe
  C:\Windows\System\CKOcTtc.exe
  2⤵
  PID:8732
- C:\Windows\System\tjEmCoL.exe
  C:\Windows\System\tjEmCoL.exe
  2⤵
  PID:8748
- C:\Windows\System\vnjTOKP.exe
  C:\Windows\System\vnjTOKP.exe
  2⤵
  PID:8764
- C:\Windows\System\tyISsEd.exe
  C:\Windows\System\tyISsEd.exe
  2⤵
  PID:8784
- C:\Windows\System\xPkJmOz.exe
  C:\Windows\System\xPkJmOz.exe
  2⤵
  PID:8804
- C:\Windows\System\CKiZrmp.exe
  C:\Windows\System\CKiZrmp.exe
  2⤵
  PID:8832
- C:\Windows\System\vJUxrXS.exe
  C:\Windows\System\vJUxrXS.exe
  2⤵
  PID:8848
- C:\Windows\System\oNyVkYc.exe
  C:\Windows\System\oNyVkYc.exe
  2⤵
  PID:8872
- C:\Windows\System\payOsqA.exe
  C:\Windows\System\payOsqA.exe
  2⤵
  PID:8888
- C:\Windows\System\yULkTZy.exe
  C:\Windows\System\yULkTZy.exe
  2⤵
  PID:8908
- C:\Windows\System\LFGYgtk.exe
  C:\Windows\System\LFGYgtk.exe
  2⤵
  PID:8940
- C:\Windows\System\ljDGBCZ.exe
  C:\Windows\System\ljDGBCZ.exe
  2⤵
  PID:8956
- C:\Windows\System\GuIaKcc.exe
  C:\Windows\System\GuIaKcc.exe
  2⤵
  PID:8980
- C:\Windows\System\ZEnlbjX.exe
  C:\Windows\System\ZEnlbjX.exe
  2⤵
  PID:9000
- C:\Windows\System\OjYpRif.exe
  C:\Windows\System\OjYpRif.exe
  2⤵
  PID:9016
- C:\Windows\System\HIHbxYY.exe
  C:\Windows\System\HIHbxYY.exe
  2⤵
  PID:9032
- C:\Windows\System\tKXMygE.exe
  C:\Windows\System\tKXMygE.exe
  2⤵
  PID:9048
- C:\Windows\System\zLnUGIk.exe
  C:\Windows\System\zLnUGIk.exe
  2⤵
  PID:9068
- C:\Windows\System\CZcQsHl.exe
  C:\Windows\System\CZcQsHl.exe
  2⤵
  PID:9104
- C:\Windows\System\VCZSHUa.exe
  C:\Windows\System\VCZSHUa.exe
  2⤵
  PID:9120
- C:\Windows\System\kFXibjX.exe
  C:\Windows\System\kFXibjX.exe
  2⤵
  PID:9136
- C:\Windows\System\fciQpWQ.exe
  C:\Windows\System\fciQpWQ.exe
  2⤵
  PID:9156
- C:\Windows\System\XFgeoju.exe
  C:\Windows\System\XFgeoju.exe
  2⤵
  PID:9180
- C:\Windows\System\ilDGmof.exe
  C:\Windows\System\ilDGmof.exe
  2⤵
  PID:9196
- C:\Windows\System\MzbLvTM.exe
  C:\Windows\System\MzbLvTM.exe
  2⤵
  PID:9212
- C:\Windows\System\ILdrzFc.exe
  C:\Windows\System\ILdrzFc.exe
  2⤵
  PID:8200
- C:\Windows\System\tWIrMkY.exe
  C:\Windows\System\tWIrMkY.exe
  2⤵
  PID:8248
- C:\Windows\System\CAniyDQ.exe
  C:\Windows\System\CAniyDQ.exe
  2⤵
  PID:8288
- C:\Windows\System\nkSytYg.exe
  C:\Windows\System\nkSytYg.exe
  2⤵
  PID:8188
- C:\Windows\System\pvyzVPi.exe
  C:\Windows\System\pvyzVPi.exe
  2⤵
  PID:8264
- C:\Windows\System\jROTeuG.exe
  C:\Windows\System\jROTeuG.exe
  2⤵
  PID:8368
- C:\Windows\System\tPObPAG.exe
  C:\Windows\System\tPObPAG.exe
  2⤵
  PID:8316
- C:\Windows\System\rfVKnSI.exe
  C:\Windows\System\rfVKnSI.exe
  2⤵
  PID:8400
- C:\Windows\System\qQcXVlT.exe
  C:\Windows\System\qQcXVlT.exe
  2⤵
  PID:8420
- C:\Windows\System\aKDDuWa.exe
  C:\Windows\System\aKDDuWa.exe
  2⤵
  PID:8492
- C:\Windows\System\flxdFwR.exe
  C:\Windows\System\flxdFwR.exe
  2⤵
  PID:8472
- C:\Windows\System\CGhgKKi.exe
  C:\Windows\System\CGhgKKi.exe
  2⤵
  PID:8516
- C:\Windows\System\mQODtPL.exe
  C:\Windows\System\mQODtPL.exe
  2⤵
  PID:8548
- C:\Windows\System\QuwoVls.exe
  C:\Windows\System\QuwoVls.exe
  2⤵
  PID:8568
- C:\Windows\System\wKiPzuM.exe
  C:\Windows\System\wKiPzuM.exe
  2⤵
  PID:8600
- C:\Windows\System\vrUjerp.exe
  C:\Windows\System\vrUjerp.exe
  2⤵
  PID:8648
- C:\Windows\System\yJJQIpJ.exe
  C:\Windows\System\yJJQIpJ.exe
  2⤵
  PID:8672
- C:\Windows\System\tUbjHtN.exe
  C:\Windows\System\tUbjHtN.exe
  2⤵
  PID:8684
- C:\Windows\System\lhheosT.exe
  C:\Windows\System\lhheosT.exe
  2⤵
  PID:8780
- C:\Windows\System\dQGcbxI.exe
  C:\Windows\System\dQGcbxI.exe
  2⤵
  PID:8828
- C:\Windows\System\uVzfrgK.exe
  C:\Windows\System\uVzfrgK.exe
  2⤵
  PID:8720
- C:\Windows\System\nJwAWYe.exe
  C:\Windows\System\nJwAWYe.exe
  2⤵
  PID:8760
- C:\Windows\System\vdDuQih.exe
  C:\Windows\System\vdDuQih.exe
  2⤵
  PID:8920
- C:\Windows\System\EFcaOQS.exe
  C:\Windows\System\EFcaOQS.exe
  2⤵
  PID:8884
- C:\Windows\System\MsZSgfv.exe
  C:\Windows\System\MsZSgfv.exe
  2⤵
  PID:8924
- C:\Windows\System\hpgjRZd.exe
  C:\Windows\System\hpgjRZd.exe
  2⤵
  PID:8976
- C:\Windows\System\uZMabSW.exe
  C:\Windows\System\uZMabSW.exe
  2⤵
  PID:9064
- C:\Windows\System\UnWjweh.exe
  C:\Windows\System\UnWjweh.exe
  2⤵
  PID:9040
- C:\Windows\System\aQCPwUN.exe
  C:\Windows\System\aQCPwUN.exe
  2⤵
  PID:9100
- C:\Windows\System\eHKCrsm.exe
  C:\Windows\System\eHKCrsm.exe
  2⤵
  PID:9144
- C:\Windows\System\rhcZwJg.exe
  C:\Windows\System\rhcZwJg.exe
  2⤵
  PID:9192
- C:\Windows\System\QazeeNf.exe
  C:\Windows\System\QazeeNf.exe
  2⤵
  PID:9164
- C:\Windows\System\kjJJeUF.exe
  C:\Windows\System\kjJJeUF.exe
  2⤵
  PID:9176
- C:\Windows\System\FbzfszV.exe
  C:\Windows\System\FbzfszV.exe
  2⤵
  PID:8244
- C:\Windows\System\RANHCwD.exe
  C:\Windows\System\RANHCwD.exe
  2⤵
  PID:8292
- C:\Windows\System\eIvytDr.exe
  C:\Windows\System\eIvytDr.exe
  2⤵
  PID:8100
- C:\Windows\System\njvFYUm.exe
  C:\Windows\System\njvFYUm.exe
  2⤵
  PID:8372
- C:\Windows\System\iKIaAhy.exe
  C:\Windows\System\iKIaAhy.exe
  2⤵
  PID:8348
- C:\Windows\System\aGYgJRR.exe
  C:\Windows\System\aGYgJRR.exe
  2⤵
  PID:8496
- C:\Windows\System\zfUiSxM.exe
  C:\Windows\System\zfUiSxM.exe
  2⤵
  PID:8604
- C:\Windows\System\rFMsXMj.exe
  C:\Windows\System\rFMsXMj.exe
  2⤵
  PID:8740
- C:\Windows\System\mlZPinr.exe
  C:\Windows\System\mlZPinr.exe
  2⤵
  PID:8460
- C:\Windows\System\ZhACcEU.exe
  C:\Windows\System\ZhACcEU.exe
  2⤵
  PID:8608
- C:\Windows\System\jVlmZbl.exe
  C:\Windows\System\jVlmZbl.exe
  2⤵
  PID:8816
- C:\Windows\System\vDNiYAL.exe
  C:\Windows\System\vDNiYAL.exe
  2⤵
  PID:8896
- C:\Windows\System\ipjCGdG.exe
  C:\Windows\System\ipjCGdG.exe
  2⤵
  PID:8756
- C:\Windows\System\zaRbdsD.exe
  C:\Windows\System\zaRbdsD.exe
  2⤵
  PID:8932
- C:\Windows\System\ktRqLsB.exe
  C:\Windows\System\ktRqLsB.exe
  2⤵
  PID:8992
- C:\Windows\System\kybzOKw.exe
  C:\Windows\System\kybzOKw.exe
  2⤵
  PID:8936
- C:\Windows\System\lzVQAka.exe
  C:\Windows\System\lzVQAka.exe
  2⤵
  PID:9080
- C:\Windows\System\wyelVIZ.exe
  C:\Windows\System\wyelVIZ.exe
  2⤵
  PID:8036
- C:\Windows\System\TQRllvu.exe
  C:\Windows\System\TQRllvu.exe
  2⤵
  PID:9172
- C:\Windows\System\QijckMz.exe
  C:\Windows\System\QijckMz.exe
  2⤵
  PID:8212
- C:\Windows\System\FusIyxo.exe
  C:\Windows\System\FusIyxo.exe
  2⤵
  PID:2132
- C:\Windows\System\ZiDPSyU.exe
  C:\Windows\System\ZiDPSyU.exe
  2⤵
  PID:8652
- C:\Windows\System\UZQYEnY.exe
  C:\Windows\System\UZQYEnY.exe
  2⤵
  PID:8728
- C:\Windows\System\TYlpCeV.exe
  C:\Windows\System\TYlpCeV.exe
  2⤵
  PID:8376
- C:\Windows\System\anQYxjl.exe
  C:\Windows\System\anQYxjl.exe
  2⤵
  PID:8532
- C:\Windows\System\PMoiFea.exe
  C:\Windows\System\PMoiFea.exe
  2⤵
  PID:8636
- C:\Windows\System\PhCCKQU.exe
  C:\Windows\System\PhCCKQU.exe
  2⤵
  PID:8864
- C:\Windows\System\AcbmuGs.exe
  C:\Windows\System\AcbmuGs.exe
  2⤵
  PID:8952
- C:\Windows\System\dVELuwn.exe
  C:\Windows\System\dVELuwn.exe
  2⤵
  PID:8996
- C:\Windows\System\McvwvUu.exe
  C:\Windows\System\McvwvUu.exe
  2⤵
  PID:9012
- C:\Windows\System\hugohAg.exe
  C:\Windows\System\hugohAg.exe
  2⤵
  PID:9188
- C:\Windows\System\rTjBgPc.exe
  C:\Windows\System\rTjBgPc.exe
  2⤵
  PID:8364
- C:\Windows\System\VCqOUTK.exe
  C:\Windows\System\VCqOUTK.exe
  2⤵
  PID:8408
- C:\Windows\System\zAVRiok.exe
  C:\Windows\System\zAVRiok.exe
  2⤵
  PID:8260
- C:\Windows\System\cjTvNen.exe
  C:\Windows\System\cjTvNen.exe
  2⤵
  PID:8860
- C:\Windows\System\jcThCxa.exe
  C:\Windows\System\jcThCxa.exe
  2⤵
  PID:8396
- C:\Windows\System\CloQIIg.exe
  C:\Windows\System\CloQIIg.exe
  2⤵
  PID:8840
- C:\Windows\System\HxTKxkz.exe
  C:\Windows\System\HxTKxkz.exe
  2⤵
  PID:9024
- C:\Windows\System\WmzWdkG.exe
  C:\Windows\System\WmzWdkG.exe
  2⤵
  PID:9084
- C:\Windows\System\GWXFFKU.exe
  C:\Windows\System\GWXFFKU.exe
  2⤵
  PID:7692
- C:\Windows\System\KfUqfif.exe
  C:\Windows\System\KfUqfif.exe
  2⤵
  PID:1000
- C:\Windows\System\QQISDRy.exe
  C:\Windows\System\QQISDRy.exe
  2⤵
  PID:8544
- C:\Windows\System\nyDMBKg.exe
  C:\Windows\System\nyDMBKg.exe
  2⤵
  PID:484
- C:\Windows\System\ZWCKQMi.exe
  C:\Windows\System\ZWCKQMi.exe
  2⤵
  PID:8968
- C:\Windows\System\ujuABKH.exe
  C:\Windows\System\ujuABKH.exe
  2⤵
  PID:8584
- C:\Windows\System\UWkCiqC.exe
  C:\Windows\System\UWkCiqC.exe
  2⤵
  PID:8444
- C:\Windows\System\fcRnrJK.exe
  C:\Windows\System\fcRnrJK.exe
  2⤵
  PID:9056
- C:\Windows\System\fZPaPdi.exe
  C:\Windows\System\fZPaPdi.exe
  2⤵
  PID:8424
- C:\Windows\System\anCKbah.exe
  C:\Windows\System\anCKbah.exe
  2⤵
  PID:9044
- C:\Windows\System\znVgcGB.exe
  C:\Windows\System\znVgcGB.exe
  2⤵
  PID:8800
- C:\Windows\System\Xmyhctn.exe
  C:\Windows\System\Xmyhctn.exe
  2⤵
  PID:9232
- C:\Windows\System\aaCxpBZ.exe
  C:\Windows\System\aaCxpBZ.exe
  2⤵
  PID:9256
- C:\Windows\System\zYxjKwQ.exe
  C:\Windows\System\zYxjKwQ.exe
  2⤵
  PID:9272
- C:\Windows\System\jooPFOf.exe
  C:\Windows\System\jooPFOf.exe
  2⤵
  PID:9304
- C:\Windows\System\ZdDTjSU.exe
  C:\Windows\System\ZdDTjSU.exe
  2⤵
  PID:9320
- C:\Windows\System\pGLPdCc.exe
  C:\Windows\System\pGLPdCc.exe
  2⤵
  PID:9340
- C:\Windows\System\SebnkYF.exe
  C:\Windows\System\SebnkYF.exe
  2⤵
  PID:9360
- C:\Windows\System\RbHejdK.exe
  C:\Windows\System\RbHejdK.exe
  2⤵
  PID:9376
- C:\Windows\System\WBLicjU.exe
  C:\Windows\System\WBLicjU.exe
  2⤵
  PID:9400
- C:\Windows\System\xKkbwaj.exe
  C:\Windows\System\xKkbwaj.exe
  2⤵
  PID:9424
- C:\Windows\System\HonFqUx.exe
  C:\Windows\System\HonFqUx.exe
  2⤵
  PID:9444
- C:\Windows\System\CHuimiL.exe
  C:\Windows\System\CHuimiL.exe
  2⤵
  PID:9460
- C:\Windows\System\ZhHGENc.exe
  C:\Windows\System\ZhHGENc.exe
  2⤵
  PID:9480
- C:\Windows\System\qgJBqVs.exe
  C:\Windows\System\qgJBqVs.exe
  2⤵
  PID:9496
- C:\Windows\System\kIqbzMM.exe
  C:\Windows\System\kIqbzMM.exe
  2⤵
  PID:9516
- C:\Windows\System\ddmluEu.exe
  C:\Windows\System\ddmluEu.exe
  2⤵
  PID:9540
- C:\Windows\System\QfUQfHT.exe
  C:\Windows\System\QfUQfHT.exe
  2⤵
  PID:9560
- C:\Windows\System\CiLKWay.exe
  C:\Windows\System\CiLKWay.exe
  2⤵
  PID:9576
- C:\Windows\System\mXtXcBB.exe
  C:\Windows\System\mXtXcBB.exe
  2⤵
  PID:9592
- C:\Windows\System\SkexXHI.exe
  C:\Windows\System\SkexXHI.exe
  2⤵
  PID:9608
- C:\Windows\System\gnPEYYg.exe
  C:\Windows\System\gnPEYYg.exe
  2⤵
  PID:9632
- C:\Windows\System\HPnrVfC.exe
  C:\Windows\System\HPnrVfC.exe
  2⤵
  PID:9652
- C:\Windows\System\qMwxhEQ.exe
  C:\Windows\System\qMwxhEQ.exe
  2⤵
  PID:9676
- C:\Windows\System\YFbAgTK.exe
  C:\Windows\System\YFbAgTK.exe
  2⤵
  PID:9696
- C:\Windows\System\MvJpIXR.exe
  C:\Windows\System\MvJpIXR.exe
  2⤵
  PID:9720
- C:\Windows\System\RlunGnx.exe
  C:\Windows\System\RlunGnx.exe
  2⤵
  PID:9748
- C:\Windows\System\UpvQSds.exe
  C:\Windows\System\UpvQSds.exe
  2⤵
  PID:9764
- C:\Windows\System\PlyhNgx.exe
  C:\Windows\System\PlyhNgx.exe
  2⤵
  PID:9780
- C:\Windows\System\IyZdean.exe
  C:\Windows\System\IyZdean.exe
  2⤵
  PID:9804
- C:\Windows\System\Ekmfbmn.exe
  C:\Windows\System\Ekmfbmn.exe
  2⤵
  PID:9820
- C:\Windows\System\fIZQDXM.exe
  C:\Windows\System\fIZQDXM.exe
  2⤵
  PID:9844
- C:\Windows\System\xKgyagG.exe
  C:\Windows\System\xKgyagG.exe
  2⤵
  PID:9860
- C:\Windows\System\PuleNky.exe
  C:\Windows\System\PuleNky.exe
  2⤵
  PID:9880
- C:\Windows\System\cSFKvlZ.exe
  C:\Windows\System\cSFKvlZ.exe
  2⤵
  PID:9900
- C:\Windows\System\DWlABWT.exe
  C:\Windows\System\DWlABWT.exe
  2⤵
  PID:9924
- C:\Windows\System\omcCjMf.exe
  C:\Windows\System\omcCjMf.exe
  2⤵
  PID:9944
- C:\Windows\System\oyjvQzI.exe
  C:\Windows\System\oyjvQzI.exe
  2⤵
  PID:9964
- C:\Windows\System\dNvjiiS.exe
  C:\Windows\System\dNvjiiS.exe
  2⤵
  PID:9980
- C:\Windows\System\YDacdms.exe
  C:\Windows\System\YDacdms.exe
  2⤵
  PID:9996
- C:\Windows\System\nmaTQuf.exe
  C:\Windows\System\nmaTQuf.exe
  2⤵
  PID:10028
- C:\Windows\System\hVtrqEK.exe
  C:\Windows\System\hVtrqEK.exe
  2⤵
  PID:10044
- C:\Windows\System\yitGaHf.exe
  C:\Windows\System\yitGaHf.exe
  2⤵
  PID:10068
- C:\Windows\System\dFTdVnJ.exe
  C:\Windows\System\dFTdVnJ.exe
  2⤵
  PID:10084
- C:\Windows\System\EGssSxR.exe
  C:\Windows\System\EGssSxR.exe
  2⤵
  PID:10100
- C:\Windows\System\WnvrVxh.exe
  C:\Windows\System\WnvrVxh.exe
  2⤵
  PID:10124
- C:\Windows\System\grsDtnG.exe
  C:\Windows\System\grsDtnG.exe
  2⤵
  PID:10144
- C:\Windows\System\BdazaWI.exe
  C:\Windows\System\BdazaWI.exe
  2⤵
  PID:10164
- C:\Windows\System\bAUpCnJ.exe
  C:\Windows\System\bAUpCnJ.exe
  2⤵
  PID:10184
- C:\Windows\System\PiQZZmI.exe
  C:\Windows\System\PiQZZmI.exe
  2⤵
  PID:10200
- C:\Windows\System\yaRaRri.exe
  C:\Windows\System\yaRaRri.exe
  2⤵
  PID:10220
- C:\Windows\System\nmZZqtA.exe
  C:\Windows\System\nmZZqtA.exe
  2⤵
  PID:7432
- C:\Windows\System\iEKpDpQ.exe
  C:\Windows\System\iEKpDpQ.exe
  2⤵
  PID:9240
- C:\Windows\System\OvcVOlg.exe
  C:\Windows\System\OvcVOlg.exe
  2⤵
  PID:9264
- C:\Windows\System\jgWQBek.exe
  C:\Windows\System\jgWQBek.exe
  2⤵
  PID:9300
- C:\Windows\System\rJSMDHP.exe
  C:\Windows\System\rJSMDHP.exe
  2⤵
  PID:9348
- C:\Windows\System\QXrQutY.exe
  C:\Windows\System\QXrQutY.exe
  2⤵
  PID:9396
- C:\Windows\System\jqaNgpX.exe
  C:\Windows\System\jqaNgpX.exe
  2⤵
  PID:9420
- C:\Windows\System\tCIdGFq.exe
  C:\Windows\System\tCIdGFq.exe
  2⤵
  PID:9468
- C:\Windows\System\HBbkiCY.exe
  C:\Windows\System\HBbkiCY.exe
  2⤵
  PID:9488
- C:\Windows\System\VgDzfqn.exe
  C:\Windows\System\VgDzfqn.exe
  2⤵
  PID:9524
- C:\Windows\System\XgxVLPT.exe
  C:\Windows\System\XgxVLPT.exe
  2⤵
  PID:9536
- C:\Windows\System\XZEhsgA.exe
  C:\Windows\System\XZEhsgA.exe
  2⤵
  PID:9568
- C:\Windows\System\uBfTWPJ.exe
  C:\Windows\System\uBfTWPJ.exe
  2⤵
  PID:9640
- C:\Windows\System\MsmrGlF.exe
  C:\Windows\System\MsmrGlF.exe
  2⤵
  PID:9644
- C:\Windows\System\HhJOezP.exe
  C:\Windows\System\HhJOezP.exe
  2⤵
  PID:9692
- C:\Windows\System\CJGjOuf.exe
  C:\Windows\System\CJGjOuf.exe
  2⤵
  PID:9712
- C:\Windows\System\ecoorTj.exe
  C:\Windows\System\ecoorTj.exe
  2⤵
  PID:9744
- C:\Windows\System\cRWYNKE.exe
  C:\Windows\System\cRWYNKE.exe
  2⤵
  PID:9788
- C:\Windows\System\vsjALzS.exe
  C:\Windows\System\vsjALzS.exe
  2⤵
  PID:9816
- C:\Windows\System\xzBNXbb.exe
  C:\Windows\System\xzBNXbb.exe
  2⤵
  PID:9840
- C:\Windows\System\cucauwQ.exe
  C:\Windows\System\cucauwQ.exe
  2⤵
  PID:9896
- C:\Windows\System\DyZMfeQ.exe
  C:\Windows\System\DyZMfeQ.exe
  2⤵
  PID:9916
- C:\Windows\System\zzoRFqO.exe
  C:\Windows\System\zzoRFqO.exe
  2⤵
  PID:9956
- C:\Windows\System\BBTJzRo.exe
  C:\Windows\System\BBTJzRo.exe
  2⤵
  PID:9988
- C:\Windows\System\nysmlSO.exe
  C:\Windows\System\nysmlSO.exe
  2⤵
  PID:10020
- C:\Windows\System\hAqmnbq.exe
  C:\Windows\System\hAqmnbq.exe
  2⤵
  PID:10052
- C:\Windows\System\ONRduin.exe
  C:\Windows\System\ONRduin.exe
  2⤵
  PID:10076
- C:\Windows\System\yqgzIYZ.exe
  C:\Windows\System\yqgzIYZ.exe
  2⤵
  PID:10120
- C:\Windows\System\LMeCMZU.exe
  C:\Windows\System\LMeCMZU.exe
  2⤵
  PID:10152
- C:\Windows\System\gXCECtC.exe
  C:\Windows\System\gXCECtC.exe
  2⤵
  PID:10212
- C:\Windows\System\EGYLRYl.exe
  C:\Windows\System\EGYLRYl.exe
  2⤵
  PID:10196
- C:\Windows\System\NrYXakN.exe
  C:\Windows\System\NrYXakN.exe
  2⤵
  PID:9292
- C:\Windows\System\trydROq.exe
  C:\Windows\System\trydROq.exe
  2⤵
  PID:9352
- C:\Windows\System\ndpycVP.exe
  C:\Windows\System\ndpycVP.exe
  2⤵
  PID:9332
- C:\Windows\System\iBRdMow.exe
  C:\Windows\System\iBRdMow.exe
  2⤵
  PID:9408
- C:\Windows\System\ilFmzLS.exe
  C:\Windows\System\ilFmzLS.exe
  2⤵
  PID:8796
- C:\Windows\System\HiBPisA.exe
  C:\Windows\System\HiBPisA.exe
  2⤵
  PID:9508
- C:\Windows\System\JgivxMB.exe
  C:\Windows\System\JgivxMB.exe
  2⤵
  PID:9548
- C:\Windows\System\sFuQXgL.exe
  C:\Windows\System\sFuQXgL.exe
  2⤵
  PID:9624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ECqoqWB.exe

Filesize
6.0MB

MD5
3ee5d6c2ac8bc0a10414013ae2812350

SHA1
933a225416c5b843ba61ddf2880e725b72396a65

SHA256
3707d2591ed3798b11c23907a0d12ca37c8f761b7eaf67961e37d0b3fd1d95a0

SHA512
7991bec75d3900e605080f8da9657b63ed17e8b14b630550b224b8cb9d87606bcc69a8121226144cc014132e31182d49c61e0f05fce9324951f780d1e9993057

Download Submit
C:\Windows\system\EnoqfjK.exe

Filesize
6.0MB

MD5
e2cc529e608d533058a27d1eae972ada

SHA1
7cf43d30825529d218fe8da89790e59e5007f083

SHA256
6d6a7db2f37d3355b29f7c3ef8d675c44f2b9c72e30a87baf0d08e3483fe036c

SHA512
c4c13bb2eb6017b444cee4713c027a3c60f93250672f91f575512ebe7171c6cc110c0686e986016205ef7b02852d25e6469e31c40ffb80b669df14440a14e755

Download Submit
C:\Windows\system\FEUplvp.exe

Filesize
6.0MB

MD5
5dbc65425de1bf613696be810bcd7d55

SHA1
80dfecbbdda9065541583317ec53cf77ea13f2a5

SHA256
7baedf3131472f420ce742034f6af0e607e1d3fcd1268e0ff61d1d28a57e9afb

SHA512
5c08b294d684ebc2512bc049ee0d949c5177ed311cded731fc46de5d57048d1b9b3e7f3a4c77272a5de33ba31a0d3873e9fd196fdef93d8426754538df6d5b5a

Download Submit
C:\Windows\system\IXtMIlk.exe

Filesize
6.0MB

MD5
c12bd65f9dde61a10eec7f725a3ea6a8

SHA1
5f47c074c5780057bb4ee98ec2dcfd55837be120

SHA256
3ade21c050a896b54b853b1665e74457576b9ef0180abe21ae522e33bfd7a99a

SHA512
74965bffac59d455b68e276f0df9a74dd1668cee0fb9f3661de1a0e23ed44f79a42369d3d7354e6de30568b5eb15abd461b52920ea46286f6a90a6754d889f04

Download Submit
C:\Windows\system\IZpVAxf.exe

Filesize
6.0MB

MD5
fa0de6fa82a7d8d4641d567732bc792d

SHA1
2ccd203426d83f51929b56467c3bf88773d4f56c

SHA256
09a060b289e8d63dc74a081cb2cff021cd6125c67cec5e164cf5a98ce2e4376f

SHA512
94ac6e31714da63b8debf851098e82943f5ffe08d10dfdc3b42b66421052eadce020d0df6a5b9bd6c8b311069a233d33594194daf84e209e0a96c329f2fa76e5

Download Submit
C:\Windows\system\IuLJZYb.exe

Filesize
6.0MB

MD5
55576548d67e49b5d475ecf6a7513b5c

SHA1
3ac521f24d552f14f395c96e88d70c0b7d96e1cf

SHA256
a1fd63f7ce6f8f75179fe76e7bffd5e7ddc25c75fa2ea6ceddee985fdfb7a3cf

SHA512
f2459a0e884c68723c7eb112e12743661ea30942151986f3b55eaa8f230177bae184b8acab142b95d54884d588fd35906164b36716cc9b277dde7dcd7992fce5

Download Submit
C:\Windows\system\Jzjhmmt.exe

Filesize
6.0MB

MD5
a42ce21b8bc640cfbd120e7f0299dec7

SHA1
7edf429621cd3828fdbedda72cd3f9f239f83046

SHA256
48cb5983480cc60b9a8af7f7d1d07f957c5be65aad52d06ac5425a63cd07d2ba

SHA512
fb73396d8ffeab9c69a1a8bc48f270f97653ec4626d63b0348112ffbb312c5b62695c27df62be3859ac0649b66eecff5519b956d69092a4037ef664186dc5d1a

Download Submit
C:\Windows\system\LNuSRPh.exe

Filesize
6.0MB

MD5
421e8539fd2c4ca7b56327e164306b06

SHA1
d08d85d720ee4c6d7dcb3017f6b84fa0801008f3

SHA256
2f3ec92ec92ea71815a80af93348aeb456cd1e335fd40d8243e36ba67d75c66d

SHA512
c1e3b52190b879808a3044c058c6d5bffde35675b19a8f84b30915a8862fb3e44597c406593ea9b66101e426ac3b9ae92bfd7d93c386ce9c8cde6c87d33621f2

Download Submit
C:\Windows\system\RqBxQLJ.exe

Filesize
6.0MB

MD5
2c0913ed945415b11690f6ad1fd77ef3

SHA1
0924ae213e7ac5e75f36a9a6c1cbca9e09529755

SHA256
ffc72a0d180cce4b5e07ab360399dd42f5defaea752aa2f2085f104e9281ff77

SHA512
63a059b8d6e43dcd740f14c314e8ac519c0e2fa488b616f5e45c40bcf3d30277d6322a98b284072922b48c264ad572bf0a2c137f6ee43f1c36d2a7e772f023bb

Download Submit
C:\Windows\system\SANINLt.exe

Filesize
6.0MB

MD5
20e86aea9bdb8a2d574319d0a176bef9

SHA1
03acb1f57d86af46c14f6d9d37a0e23f86ed9367

SHA256
37ce3618b5699cb69945bf50a0eb760a20823f752f854870a8d5de7f3bde0970

SHA512
332cfd73868b8aee9331172298da8a7c553defd4a775782eb75ac44976e18b4fdfd2319cf2b7612ce0c2b4307a3dbd851b7acdd3e2184fa21b7d1d15e2d14196

Download Submit
C:\Windows\system\TuQjdBD.exe

Filesize
6.0MB

MD5
6a7b34b4b186348686846436338cef49

SHA1
31263f50449fc4a12c34d0f529a4ce9b8ea80808

SHA256
0bb2daede4dfdbadd829fe6c5451791041c2212784cfd45e6b5f09e57a233590

SHA512
390d00b4ee20bff345ae0b560060089165ebc43a4542936d1391cbb36a18a22d6c6e432abe71d2a69312225d67f9fb57e4735cb02ca8a17d9731a4ce0175b332

Download Submit
C:\Windows\system\VSubCQD.exe

Filesize
6.0MB

MD5
b9db7232efc0100c1b8dcccee00d08c6

SHA1
25aa72bb11588a9e10ca9a1d6b495038e430d4b2

SHA256
df50a96182ad86d3a53dc557f2cd01f520203b6162f42edf43baf8c197790dfe

SHA512
45b8527e9ffb86647de72090cba4a483bc9a49a05f15002391a9b660de8c128702469ccefa479034c73c20303893c6f06ea3ec2accdfa676a66d47996c1df518

Download Submit
C:\Windows\system\XqUIqQK.exe

Filesize
6.0MB

MD5
20ff3a8e0bb7cd401f6bbb6978bbb286

SHA1
36ba407a108492160e6341fe2369a14da6bf5b06

SHA256
f05f1c23063a1f73b7469ebcafe9c95d258addf642b0daf92a989aa584100c1d

SHA512
3749642c91df6188d4adba8da233d16144f17da1fd32161a3ad56bb2750025aebf9cb7e4f474f20684b9619437fdf297f6d0757baccf37a1487bb0a758fee78d

Download Submit
C:\Windows\system\ZrtbquG.exe

Filesize
6.0MB

MD5
a18569ce696c100309517ba397e37722

SHA1
6ff5bacb54b613babe06d3fc4104357e64cbf790

SHA256
86ecb30ef88b56c5ed9c02aa72624055567ac51a57324cebd028328928eff2e4

SHA512
977432df949d93b48fef50e75e7a797b44b940b14d144ec1fa17b129226b12f6a30e2fdc911f8d28fd92a220a46cb5a2cbab62bbc165bad41e4d145f171a3ce3

Download Submit
C:\Windows\system\btFXGCM.exe

Filesize
6.0MB

MD5
a79c8b82db9dad1770c12a3d279cfabd

SHA1
1f4c42a812e1e682cc70332faa367cdcd4881ab3

SHA256
2db5351b53f2b15f654b0ac543585f3ac11756a0bc0f3b02b54a45fc428fc213

SHA512
7d2db3e82e9a3f77cfa5d3a82ae02bd88920df9d3454a118831f7860a15f6fe62d1c74252a7e16ee266e80d41405f81396ae8798795fd182252ea705c01021c0

Download Submit
C:\Windows\system\ejHYgAR.exe

Filesize
6.0MB

MD5
034014a38bd61e0ebe4dcb15a48ff38c

SHA1
e02e2d985345220ba2f494a5898983bba0419162

SHA256
8bbc0bcf1e8d58f4b2ce6237d3398752b705545bae5a2d45d74d8ffa381c4adc

SHA512
ab4db8ad3b9a0d0d29a34a20fe211962dd01656f0bcb226ba453d692d69905759e0855e9c4c733c5e8abcb381561dc84572e105509824b5154126cc7872c0ae4

Download Submit
C:\Windows\system\gLpPJHV.exe

Filesize
6.0MB

MD5
b15a3f74444eab9b6472994a48b7d4e2

SHA1
9ab8d7eeeb2022469663c96397b5869719ac82d5

SHA256
795ab1c9e2b2d3c83f209c5bb9b2a173e6089866a12ff4cbaecf95826bc82402

SHA512
0197d0dffd059a7b82844038627327d27d084a4052e56b6f01b315cadd1866b460ef08d70d66738c58b1fb6ed7f32407ecfb881dcc919d1c39fa1cfc6805c3f7

Download Submit
C:\Windows\system\gPhvUyd.exe

Filesize
6.0MB

MD5
2dec734dc669f203ae39f231bd57bb33

SHA1
3764e0a951ab80f787a5105eb0b467ac07ecab15

SHA256
863327ee85c54449de1a0a50ca22d1fe562dcba44ec6d901c0fca74c003dcbf2

SHA512
e2c1eb90713802f0d1f5f0373afc96be53bcebf69e134db97f83bcb3736298d61c1512821779fcb82e1b4c0b52ac4a2110c9317e9d392314935da35d98bf4c87

Download Submit
C:\Windows\system\iesHBII.exe

Filesize
8B

MD5
efa773f8a1cf3f63c9453f4e353edf56

SHA1
c93a3e3ec28b4b4327dff572f2ddb92dc1edc331

SHA256
5d2ee276a8db7eb5504006ed56b6e4d2c5855ea12c6e3daf793946ce2eb294cd

SHA512
e7dffd0caa9acb9a153c4a21e10efd22f4b9e19618facd36e594ddc0dab42d32884583736b4da5d9681bb40c1049bd541e2567c7978835e0197a8b847c5a5376

Download Submit
C:\Windows\system\mBJxEyJ.exe

Filesize
6.0MB

MD5
05d4b37c360c8b8f55942fdb3cbc6685

SHA1
7b6893feef98c6f21ca909e38d03ead0ed57572c

SHA256
47d399b7237c26c82872d8479c946b43c7a0bfdc0e81039328b461aee54b09aa

SHA512
9e0def14824e2110861101646f460703b79635aee430d77a4e96fbec4255b42e249c495e7e14a55ab13815db1b5b547621ad5e91fc6cfc0e4949d1e0d846d6e2

Download Submit
C:\Windows\system\qgMIPAX.exe

Filesize
6.0MB

MD5
292f191face21efa485ae672403f3a23

SHA1
fb610fcdc8fa821fcd22ed8e06e2d94bbd4e2c30

SHA256
14fdf5554961c038a793db40d2eb0958888e704aa28f2ef0dcbaa913efca4ec9

SHA512
5b64538f227cb01ea12e9555d80ea264ee7d68aed8ec38cffbb38fd502baa86397f791fdc0f8516550285e369f9bdbd1846c50de63cdd88e58b57e7c4ab89dbd

Download Submit
C:\Windows\system\qnzlysf.exe

Filesize
6.0MB

MD5
6b48600e94244b3b1528962c6784e6aa

SHA1
8f31f91087e342839a829a1a3024e1f9e6cda48f

SHA256
32bce8e8fd173b8a337b73258b30a48b4cb17b9caa2460e7a06cefe1b26c8cb9

SHA512
af70aa67fec1347ad249b58944ac96bd6f6ff8d72b324e8a21c4d073849f69223114b373f74ec6de0f052e8a0446f0bbbf8a6c868b46b9d2d256af4c291514b5

Download Submit
C:\Windows\system\sxlhoZo.exe

Filesize
6.0MB

MD5
1dc3a66ab0df66bea2a2a71ad2cc6466

SHA1
269a7d0dd4b2744f663ee1b410526c93f40a47a6

SHA256
2eeeab0ee078ad5d22f269f26bf0408fbaebe766f7faf1d954cd7894f518dff3

SHA512
1805fa1c4809ca341b1b26884246170df907b8c0f1f55f24fd65dc4ac4add2cd67c91866f2685a91c5abd3a47d4165009b000edc5300ef367897ab63cbf4c74c

Download Submit
C:\Windows\system\wnhPCWA.exe

Filesize
6.0MB

MD5
c975f533e8adc8b26f58a82fcffa99c5

SHA1
6b70aff033c19f6631ef0c6fa5918e9808ccbb7e

SHA256
fb60a20700ac943b3f136b2af710562cdf82437a5332efe659589f00d359c802

SHA512
cd23a5c0ef050540757b4487361de3dc6dc7a2a5632a46b34b5701b607b0424705a2c6ede43c8cdd160f2f7d4d70b31c5dcc6ddd186430ea330877f5f8b84f5f

Download Submit
C:\Windows\system\xEUFnTW.exe

Filesize
6.0MB

MD5
209df5dc4823ab4a025f22262dfe4400

SHA1
0a7cbeb582321e056e7565af0a0cb144856e5933

SHA256
a8596c4652c5c8d0c5f1621434085a573bcac29c744f2b5d7826d70fdc91e7bc

SHA512
762c9427f9efc301685c5bc0becba939adf189c9a921a612c62926cba6a24ad69eaaaa755397645242d6299df7d08c088744ec5246788425e4600eb696f423d7

Download Submit
C:\Windows\system\xLWVNOP.exe

Filesize
6.0MB

MD5
6085c6942472b95f3c2dba21804bbafc

SHA1
5b30f47d02e8b39a26a2b53182d7d666216ccb02

SHA256
cadd1523890100bff5ac44fad57933e3e78c866f5cd6e700e2cad73e8a15dfe8

SHA512
551aae48d50a9a4f1d033738e30d2adbe67f24c8b37b8f47c21f1ff1da691f8ee7290a6853ba198cfbf5dc130a0e68fbf9145c85893ab932b2997d86c6d3744f

Download Submit
C:\Windows\system\zgtjpEJ.exe

Filesize
6.0MB

MD5
48b408b646e3f5d59b97124be919afeb

SHA1
d8eb9bf07b875fae01148d4929c65a95726209c7

SHA256
f124c8dc78ca0902e7f2ba4bb7578c70e2434b23060e4dc10a0266c45ac7d7f6

SHA512
a732eb6c816fc01202ddc555eecc81501530984ad6fb6c33db9f93b5786ea6b659c8f0c11a873913668e72e9cf95705fca53600fc914577a6afd13633c3aa878

Download Submit
C:\Windows\system\zkmoFIE.exe

Filesize
6.0MB

MD5
42a17fdbe37cf3f50c83b87daee5bb6d

SHA1
33295f8fb8f59c45678c66b863570d416d27097f

SHA256
c614b0dc4b2aac1240fa884441a4a7fd2bf1aa367d964684d3f19935e3856990

SHA512
f319b75f9a88f8ebf864738da25faae8f41b79b797cdceb2422dd9fbf9503294c29929c5b6ac341c217dddf91f734781c9cd694fc8275425cd018f2966a40099

Download Submit
\Windows\system\XmXjpBe.exe

Filesize
6.0MB

MD5
231343052e70cf0f1f17e710209d5f9e

SHA1
00ccb54c6bdcab2a9d6682a2a1edb7596f09c6a4

SHA256
3061e3149ae5de3aadc6b551e79bb987f4b5cc81368928c08ef43e050d72b763

SHA512
fe139794a22019adcc10a61f99ffa40fd722d7edbec8ed78f1b022a361ca93a7ca39f3257574ed8bdb5ecc7ff8038cbf00b1586526b5696e8744759378d2faee

Download Submit
\Windows\system\YAQqLCb.exe

Filesize
6.0MB

MD5
2828503e81d8d795bf5ff770259a7177

SHA1
8552a50e056be6bcd5b488d66309f5af56e32ffc

SHA256
7fe91ca1e45e3043b88c03691156ba11f6140eab672c6a9aa4ff9ee302cdf345

SHA512
dd7ec31bd4a8c6d322ee1304c6ec44f619ea43aa9cfc5eb1c01cb1b5b66143b196955c6d3a91d0f38263f55fe85c783fbda8f727faa62a68d0562fc01b799ce8

Download Submit
\Windows\system\bWIbPMg.exe

Filesize
6.0MB

MD5
eedff807bcdcb6d6b3338a2c96134d3e

SHA1
f978137ac6636b14514483f4f230a701a15966c4

SHA256
4e47bf82011ef17b782c45abd2f8a2417b806ac00437a86f457e42015a68831b

SHA512
c24051bb5bc8a730bc35790a1be2ebe77f8bd7d5d3ff6a67fa02ab3c6803ec2a3a7a5619eb83e84cfbb9ef0da3a1680e77fec4e27e8138a828bffd551017f8b8

Download Submit
\Windows\system\efUhbjw.exe

Filesize
6.0MB

MD5
a54ce99257e304715e7cffb0f9efd15a

SHA1
1559b9c7ee4b7e761bb860741c2bda3ff28506c1

SHA256
6359902ec0dc5f6aa39a5d5a33d8e4571faf9ae8f74a97bcc763282980102734

SHA512
b10d4ac61d52b4cd2d8812d4c86a2210a2c9b6c28fdd398544ab6a6043f2d67d3807b778cad4131e270c07ff35bdadad2546c2e70b9d1d313acfec0ca74f85b2

Download Submit
\Windows\system\pQcWPVa.exe

Filesize
6.0MB

MD5
8c77b18a16017830c1045e8d5ccb827f

SHA1
6d83c117e780beaf6d9456d0938164b7aa4cdf35

SHA256
48695ed801cc72f557d85ae0f56de6e6303129bfdf596dbcac87a0bd8429bfe3

SHA512
d06a5f9e347271ffa675950bfb5b32d9366b2b81d0ce2f5277f44da251e39676c750b62a6ce74cb4515ce35fdb52ace37fc9389fe32b07b609934a4c3012acef

Download Submit
memory/1072-32-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/1072-3526-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/1772-911-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/1772-3825-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/1772-95-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2020-3810-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2020-88-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2020-632-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2164-81-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2164-3818-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2164-429-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2388-8-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2388-55-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2388-3523-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2488-30-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2488-3524-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2684-73-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2684-3788-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2684-240-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2692-26-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2692-3525-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2760-65-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3698-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-34-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3667-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-77-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-39-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-3696-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2772-48-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2772-85-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2784-3807-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2784-103-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2784-66-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2864-104-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2864-3817-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2864-1222-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2996-3688-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2996-60-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/3012-43-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/3012-78-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/3012-0-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-100-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/3012-31-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-62-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/3012-70-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/3012-28-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/3012-92-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/3012-108-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-36-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-47-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-59-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/3012-58-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/3012-51-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/3012-1062-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/3012-18-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/3012-99-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/3012-324-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/3012-1371-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-762-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/3012-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download