cobaltstrike | 7b5100a9829e1d7b7b941ff730adeda775a817d8db341112ba84c2f957024fd8

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
27-12-2024 05:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

6f70fee35a437c3bb751d7011254dd07
SHA1

a6be020f16b3c4f67259a6d6da9e235cae362aaa
SHA256

7b5100a9829e1d7b7b941ff730adeda775a817d8db341112ba84c2f957024fd8
SHA512

f8e6a947bb5dcd10f36f993f4ceac5ad2115be09c72922b124c235ee7848d139788482a32080ee5c77de649d61fbb55ba943afb72c38022beb89f29b6a44137f
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUX:T+q56utgpPF8u/7X

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a000000012262-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c23-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cab-20.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ce0-39.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ce9-54.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194eb-64.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-84.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-138.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-177.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-183.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-192.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-172.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-166.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-147.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-122.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b1-136.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-112.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-93.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-87.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a3-62.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ace-48.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ccc-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd8-29.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/804-0-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/files/0x000a000000012262-3.dat	xmrig
behavioral1/files/0x0008000000016c23-11.dat	xmrig
behavioral1/files/0x0007000000016cab-20.dat	xmrig
behavioral1/memory/2556-16-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2884-36-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016ce0-39.dat	xmrig
behavioral1/memory/3020-51-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/files/0x0008000000016ce9-54.dat	xmrig
behavioral1/files/0x00050000000194eb-64.dat	xmrig
behavioral1/files/0x000500000001950f-84.dat	xmrig
behavioral1/files/0x00050000000195b3-138.dat	xmrig
behavioral1/files/0x00050000000195c5-177.dat	xmrig
behavioral1/files/0x00050000000195c6-183.dat	xmrig
behavioral1/files/0x00050000000195c7-187.dat	xmrig
behavioral1/memory/804-416-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/804-487-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2756-1929-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/3020-1928-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2884-1926-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2620-1931-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2740-1930-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2736-1925-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/1988-1921-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/3056-1909-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2748-1903-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2556-1892-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/1740-1935-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2376-1937-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2652-1936-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/656-1932-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2740-303-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2620-301-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x000500000001960c-192.dat	xmrig
behavioral1/files/0x00050000000195c3-172.dat	xmrig
behavioral1/files/0x00050000000195bd-161.dat	xmrig
behavioral1/files/0x00050000000195c1-166.dat	xmrig
behavioral1/files/0x00050000000195b7-147.dat	xmrig
behavioral1/files/0x00050000000195af-140.dat	xmrig
behavioral1/files/0x00050000000195bb-154.dat	xmrig
behavioral1/files/0x00050000000195ab-122.dat	xmrig
behavioral1/files/0x00050000000195b5-145.dat	xmrig
behavioral1/files/0x00050000000195b1-136.dat	xmrig
behavioral1/files/0x00050000000195ad-126.dat	xmrig
behavioral1/files/0x00050000000195a7-112.dat	xmrig
behavioral1/files/0x00050000000195a9-118.dat	xmrig
behavioral1/memory/1740-109-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2736-99-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/656-98-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2376-96-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019547-93.dat	xmrig
behavioral1/files/0x000500000001957c-103.dat	xmrig
behavioral1/memory/2740-78-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2652-92-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2884-91-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019515-87.dat	xmrig
behavioral1/memory/2756-59-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/804-57-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/804-73-0x0000000002410000-0x0000000002764000-memory.dmp	xmrig
behavioral1/memory/2620-72-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x00050000000194ef-70.dat	xmrig
behavioral1/files/0x00050000000194a3-62.dat	xmrig
behavioral1/files/0x0009000000016ace-48.dat	xmrig
behavioral1/memory/2736-41-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2556	orCkYtB.exe
1988	jmLHoih.exe
2748	miPweao.exe
3056	mdJAhGS.exe
2884	OlkcwwI.exe
2736	BOXFmPU.exe
3020	KvbxsFh.exe
2756	TaAjdxB.exe
2620	azBZakB.exe
2740	nkDPdsW.exe
2652	pSsLWaI.exe
2376	GjBwhuK.exe
656	ChRGTKv.exe
1740	WScphQX.exe
3016	MRaqFto.exe
2972	FmwwZHG.exe
800	ollMUTY.exe
2820	XdJdmXy.exe
2300	GzUtuDV.exe
1892	wNaVUjf.exe
2364	MkREImo.exe
3004	ykAgIad.exe
2572	rHiJONp.exe
2344	AtPgEZr.exe
940	oStjrrk.exe
2028	XohDjHz.exe
2020	nUheUSZ.exe
1156	dbShZyS.exe
1632	FOIodeQ.exe
1480	PESlSZF.exe
756	iGFgZDl.exe
1148	RdmCyBH.exe
1824	tFlfwMx.exe
1716	vSQaoBp.exe
2856	hZOZxXr.exe
1780	uXXLXtA.exe
2032	RQqMKYA.exe
1472	xZnrAPh.exe
1416	dUCnssb.exe
572	qYdKLYy.exe
2480	nCKXnBN.exe
1412	yJZAMJj.exe
2700	eGnXOgA.exe
2180	rjlXMLc.exe
1232	shCMLJm.exe
2360	fCyACue.exe
2452	rCUzjzI.exe
2408	IEWnSeE.exe
864	vGMvYxQ.exe
1672	TYxCOpY.exe
1364	ejfpbMS.exe
1564	vRFJvTw.exe
1600	XMyqBZY.exe
2388	vTBkzxo.exe
2552	QwNHOhj.exe
2776	OoZcKKH.exe
2936	tPOefic.exe
2632	QFytTdU.exe
2908	hDrGkNj.exe
2792	AcWiEdg.exe
2696	RzbbrKD.exe
2916	kCKeGfL.exe
2976	JKJquJG.exe
1288	zNloMFF.exe

Loads dropped DLL 64 IoCs

pid	Process
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/804-0-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/files/0x000a000000012262-3.dat	upx
behavioral1/files/0x0008000000016c23-11.dat	upx
behavioral1/files/0x0007000000016cab-20.dat	upx
behavioral1/memory/2556-16-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2884-36-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x0008000000016ce0-39.dat	upx
behavioral1/memory/3020-51-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/files/0x0008000000016ce9-54.dat	upx
behavioral1/files/0x00050000000194eb-64.dat	upx
behavioral1/files/0x000500000001950f-84.dat	upx
behavioral1/files/0x00050000000195b3-138.dat	upx
behavioral1/files/0x00050000000195c5-177.dat	upx
behavioral1/files/0x00050000000195c6-183.dat	upx
behavioral1/files/0x00050000000195c7-187.dat	upx
behavioral1/memory/2756-1929-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/3020-1928-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2884-1926-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2620-1931-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2740-1930-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2736-1925-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/1988-1921-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/3056-1909-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2748-1903-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2556-1892-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/1740-1935-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2376-1937-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2652-1936-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/656-1932-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2740-303-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2620-301-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x000500000001960c-192.dat	upx
behavioral1/files/0x00050000000195c3-172.dat	upx
behavioral1/files/0x00050000000195bd-161.dat	upx
behavioral1/files/0x00050000000195c1-166.dat	upx
behavioral1/files/0x00050000000195b7-147.dat	upx
behavioral1/files/0x00050000000195af-140.dat	upx
behavioral1/files/0x00050000000195bb-154.dat	upx
behavioral1/files/0x00050000000195ab-122.dat	upx
behavioral1/files/0x00050000000195b5-145.dat	upx
behavioral1/files/0x00050000000195b1-136.dat	upx
behavioral1/files/0x00050000000195ad-126.dat	upx
behavioral1/files/0x00050000000195a7-112.dat	upx
behavioral1/files/0x00050000000195a9-118.dat	upx
behavioral1/memory/1740-109-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2736-99-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/656-98-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2376-96-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x0005000000019547-93.dat	upx
behavioral1/files/0x000500000001957c-103.dat	upx
behavioral1/memory/2740-78-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2652-92-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2884-91-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x0005000000019515-87.dat	upx
behavioral1/memory/2756-59-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/804-57-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2620-72-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x00050000000194ef-70.dat	upx
behavioral1/files/0x00050000000194a3-62.dat	upx
behavioral1/files/0x0009000000016ace-48.dat	upx
behavioral1/memory/2736-41-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/files/0x0007000000016ccc-21.dat	upx
behavioral1/memory/1988-15-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/3056-34-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\kVxYywM.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vnukwOV.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OrwbxZu.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\foaffAx.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BtBUjeL.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XdjpNvF.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zgHZRvZ.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\onIIdSs.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IMAFAXh.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GZJsmWR.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NaFyQls.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JBMEuqb.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nYIkdau.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tKuArTc.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iDdYQna.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fEaZAdO.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tnHkMUe.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IUpzFHR.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OfeDvWS.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qZlzuom.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SiCIkeu.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vBhESIj.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rCEwSaJ.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AHzwBou.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mjwGjHa.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wXAYHsc.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iEbHtIS.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AVxQvYm.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ooTVTzU.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ybzNcnV.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SCvJRKa.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fBKxXPx.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BoesEoU.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BHeRpIo.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RzMxswE.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IRgygeN.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\blttCIg.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OifMygh.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GmLJgBf.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OrQglgF.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MHvAMxo.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WUbSYeo.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IHYbilw.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WPhRFec.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TyycQlI.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cFOGdPW.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EkeKSBS.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XGygIiX.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kQBTOIC.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CanndSj.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\McSgnjt.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KBJPqST.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VaytafC.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MoVZypX.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cxfajlV.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EAPZbbq.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JSXCiDZ.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JdFyzjH.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JkBijqr.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PaXOMDM.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UFVJOKf.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NkmgiNH.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\shCMLJm.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QnGabMw.exe	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 804 wrote to memory of 2556	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 804 wrote to memory of 2556	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 804 wrote to memory of 2556	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 804 wrote to memory of 1988	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 804 wrote to memory of 1988	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 804 wrote to memory of 1988	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 804 wrote to memory of 2748	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 804 wrote to memory of 2748	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 804 wrote to memory of 2748	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 804 wrote to memory of 2884	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 804 wrote to memory of 2884	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 804 wrote to memory of 2884	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 804 wrote to memory of 3056	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 804 wrote to memory of 3056	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 804 wrote to memory of 3056	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 804 wrote to memory of 2736	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 804 wrote to memory of 2736	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 804 wrote to memory of 2736	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 804 wrote to memory of 3020	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 804 wrote to memory of 3020	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 804 wrote to memory of 3020	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 804 wrote to memory of 2756	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 804 wrote to memory of 2756	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 804 wrote to memory of 2756	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 804 wrote to memory of 2620	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 804 wrote to memory of 2620	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 804 wrote to memory of 2620	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 804 wrote to memory of 2652	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 804 wrote to memory of 2652	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 804 wrote to memory of 2652	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 804 wrote to memory of 2740	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 804 wrote to memory of 2740	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 804 wrote to memory of 2740	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 804 wrote to memory of 2376	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 804 wrote to memory of 2376	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 804 wrote to memory of 2376	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 804 wrote to memory of 656	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 804 wrote to memory of 656	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 804 wrote to memory of 656	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 804 wrote to memory of 3016	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 804 wrote to memory of 3016	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 804 wrote to memory of 3016	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 804 wrote to memory of 1740	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 804 wrote to memory of 1740	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 804 wrote to memory of 1740	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 804 wrote to memory of 2972	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 804 wrote to memory of 2972	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 804 wrote to memory of 2972	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 804 wrote to memory of 800	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 804 wrote to memory of 800	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 804 wrote to memory of 800	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 804 wrote to memory of 2820	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 804 wrote to memory of 2820	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 804 wrote to memory of 2820	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 804 wrote to memory of 2300	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 804 wrote to memory of 2300	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 804 wrote to memory of 2300	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 804 wrote to memory of 2364	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 804 wrote to memory of 2364	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 804 wrote to memory of 2364	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 804 wrote to memory of 1892	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 804 wrote to memory of 1892	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 804 wrote to memory of 1892	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 804 wrote to memory of 2572	804	2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-27_6f70fee35a437c3bb751d7011254dd07_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:804
- C:\Windows\System\orCkYtB.exe
  C:\Windows\System\orCkYtB.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\jmLHoih.exe
  C:\Windows\System\jmLHoih.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\miPweao.exe
  C:\Windows\System\miPweao.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\OlkcwwI.exe
  C:\Windows\System\OlkcwwI.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\mdJAhGS.exe
  C:\Windows\System\mdJAhGS.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\BOXFmPU.exe
  C:\Windows\System\BOXFmPU.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\KvbxsFh.exe
  C:\Windows\System\KvbxsFh.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\TaAjdxB.exe
  C:\Windows\System\TaAjdxB.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\azBZakB.exe
  C:\Windows\System\azBZakB.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\pSsLWaI.exe
  C:\Windows\System\pSsLWaI.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\nkDPdsW.exe
  C:\Windows\System\nkDPdsW.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\GjBwhuK.exe
  C:\Windows\System\GjBwhuK.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\ChRGTKv.exe
  C:\Windows\System\ChRGTKv.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\MRaqFto.exe
  C:\Windows\System\MRaqFto.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\WScphQX.exe
  C:\Windows\System\WScphQX.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\FmwwZHG.exe
  C:\Windows\System\FmwwZHG.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\ollMUTY.exe
  C:\Windows\System\ollMUTY.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\XdJdmXy.exe
  C:\Windows\System\XdJdmXy.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\GzUtuDV.exe
  C:\Windows\System\GzUtuDV.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\MkREImo.exe
  C:\Windows\System\MkREImo.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\wNaVUjf.exe
  C:\Windows\System\wNaVUjf.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\rHiJONp.exe
  C:\Windows\System\rHiJONp.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\ykAgIad.exe
  C:\Windows\System\ykAgIad.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\oStjrrk.exe
  C:\Windows\System\oStjrrk.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\AtPgEZr.exe
  C:\Windows\System\AtPgEZr.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\XohDjHz.exe
  C:\Windows\System\XohDjHz.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\nUheUSZ.exe
  C:\Windows\System\nUheUSZ.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\dbShZyS.exe
  C:\Windows\System\dbShZyS.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\FOIodeQ.exe
  C:\Windows\System\FOIodeQ.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\PESlSZF.exe
  C:\Windows\System\PESlSZF.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\iGFgZDl.exe
  C:\Windows\System\iGFgZDl.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\RdmCyBH.exe
  C:\Windows\System\RdmCyBH.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\tFlfwMx.exe
  C:\Windows\System\tFlfwMx.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\vSQaoBp.exe
  C:\Windows\System\vSQaoBp.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\hZOZxXr.exe
  C:\Windows\System\hZOZxXr.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\uXXLXtA.exe
  C:\Windows\System\uXXLXtA.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\RQqMKYA.exe
  C:\Windows\System\RQqMKYA.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\dUCnssb.exe
  C:\Windows\System\dUCnssb.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\xZnrAPh.exe
  C:\Windows\System\xZnrAPh.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\qYdKLYy.exe
  C:\Windows\System\qYdKLYy.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\nCKXnBN.exe
  C:\Windows\System\nCKXnBN.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\yJZAMJj.exe
  C:\Windows\System\yJZAMJj.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\eGnXOgA.exe
  C:\Windows\System\eGnXOgA.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\shCMLJm.exe
  C:\Windows\System\shCMLJm.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\rjlXMLc.exe
  C:\Windows\System\rjlXMLc.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\fCyACue.exe
  C:\Windows\System\fCyACue.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\rCUzjzI.exe
  C:\Windows\System\rCUzjzI.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\IEWnSeE.exe
  C:\Windows\System\IEWnSeE.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\vGMvYxQ.exe
  C:\Windows\System\vGMvYxQ.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\TYxCOpY.exe
  C:\Windows\System\TYxCOpY.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\ejfpbMS.exe
  C:\Windows\System\ejfpbMS.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\vRFJvTw.exe
  C:\Windows\System\vRFJvTw.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\XMyqBZY.exe
  C:\Windows\System\XMyqBZY.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\QwNHOhj.exe
  C:\Windows\System\QwNHOhj.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\vTBkzxo.exe
  C:\Windows\System\vTBkzxo.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\OoZcKKH.exe
  C:\Windows\System\OoZcKKH.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\tPOefic.exe
  C:\Windows\System\tPOefic.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\hDrGkNj.exe
  C:\Windows\System\hDrGkNj.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\QFytTdU.exe
  C:\Windows\System\QFytTdU.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\AcWiEdg.exe
  C:\Windows\System\AcWiEdg.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\RzbbrKD.exe
  C:\Windows\System\RzbbrKD.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\kCKeGfL.exe
  C:\Windows\System\kCKeGfL.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\JKJquJG.exe
  C:\Windows\System\JKJquJG.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\PruhjJH.exe
  C:\Windows\System\PruhjJH.exe
  2⤵
  PID:1948
- C:\Windows\System\zNloMFF.exe
  C:\Windows\System\zNloMFF.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\iFBLUPX.exe
  C:\Windows\System\iFBLUPX.exe
  2⤵
  PID:1068
- C:\Windows\System\ocEfacr.exe
  C:\Windows\System\ocEfacr.exe
  2⤵
  PID:3008
- C:\Windows\System\DfPgZKX.exe
  C:\Windows\System\DfPgZKX.exe
  2⤵
  PID:1972
- C:\Windows\System\rYRiwcc.exe
  C:\Windows\System\rYRiwcc.exe
  2⤵
  PID:936
- C:\Windows\System\xVafIIB.exe
  C:\Windows\System\xVafIIB.exe
  2⤵
  PID:3060
- C:\Windows\System\PRvwHPb.exe
  C:\Windows\System\PRvwHPb.exe
  2⤵
  PID:640
- C:\Windows\System\CQHgpBf.exe
  C:\Windows\System\CQHgpBf.exe
  2⤵
  PID:276
- C:\Windows\System\KIITQPR.exe
  C:\Windows\System\KIITQPR.exe
  2⤵
  PID:1016
- C:\Windows\System\eoGoFHe.exe
  C:\Windows\System\eoGoFHe.exe
  2⤵
  PID:2592
- C:\Windows\System\PrIkQHf.exe
  C:\Windows\System\PrIkQHf.exe
  2⤵
  PID:1056
- C:\Windows\System\nBwUkDU.exe
  C:\Windows\System\nBwUkDU.exe
  2⤵
  PID:824
- C:\Windows\System\MnQZvbz.exe
  C:\Windows\System\MnQZvbz.exe
  2⤵
  PID:3064
- C:\Windows\System\nJIJwoF.exe
  C:\Windows\System\nJIJwoF.exe
  2⤵
  PID:676
- C:\Windows\System\uAOlPrH.exe
  C:\Windows\System\uAOlPrH.exe
  2⤵
  PID:2948
- C:\Windows\System\jygJCyA.exe
  C:\Windows\System\jygJCyA.exe
  2⤵
  PID:1820
- C:\Windows\System\YjVytHM.exe
  C:\Windows\System\YjVytHM.exe
  2⤵
  PID:1532
- C:\Windows\System\fgfMdVb.exe
  C:\Windows\System\fgfMdVb.exe
  2⤵
  PID:568
- C:\Windows\System\fjLJzHg.exe
  C:\Windows\System\fjLJzHg.exe
  2⤵
  PID:1668
- C:\Windows\System\FnQWUJt.exe
  C:\Windows\System\FnQWUJt.exe
  2⤵
  PID:2348
- C:\Windows\System\FvytEgn.exe
  C:\Windows\System\FvytEgn.exe
  2⤵
  PID:2540
- C:\Windows\System\QFLpbCP.exe
  C:\Windows\System\QFLpbCP.exe
  2⤵
  PID:2920
- C:\Windows\System\mGrXjRk.exe
  C:\Windows\System\mGrXjRk.exe
  2⤵
  PID:2992
- C:\Windows\System\DEADaMU.exe
  C:\Windows\System\DEADaMU.exe
  2⤵
  PID:1312
- C:\Windows\System\uyFRoxj.exe
  C:\Windows\System\uyFRoxj.exe
  2⤵
  PID:2396
- C:\Windows\System\uHQbpNA.exe
  C:\Windows\System\uHQbpNA.exe
  2⤵
  PID:1332
- C:\Windows\System\wHXzWxK.exe
  C:\Windows\System\wHXzWxK.exe
  2⤵
  PID:2200
- C:\Windows\System\BxERQYK.exe
  C:\Windows\System\BxERQYK.exe
  2⤵
  PID:1100
- C:\Windows\System\KATOovm.exe
  C:\Windows\System\KATOovm.exe
  2⤵
  PID:1904
- C:\Windows\System\ElXzpsH.exe
  C:\Windows\System\ElXzpsH.exe
  2⤵
  PID:1164
- C:\Windows\System\QMJmXCe.exe
  C:\Windows\System\QMJmXCe.exe
  2⤵
  PID:2120
- C:\Windows\System\SPxJMET.exe
  C:\Windows\System\SPxJMET.exe
  2⤵
  PID:896
- C:\Windows\System\lABCvWL.exe
  C:\Windows\System\lABCvWL.exe
  2⤵
  PID:856
- C:\Windows\System\tDRSLdP.exe
  C:\Windows\System\tDRSLdP.exe
  2⤵
  PID:1012
- C:\Windows\System\eaxkgUp.exe
  C:\Windows\System\eaxkgUp.exe
  2⤵
  PID:1624
- C:\Windows\System\YBnzqxi.exe
  C:\Windows\System\YBnzqxi.exe
  2⤵
  PID:1736
- C:\Windows\System\TKGNeeg.exe
  C:\Windows\System\TKGNeeg.exe
  2⤵
  PID:2648
- C:\Windows\System\NcmUHLL.exe
  C:\Windows\System\NcmUHLL.exe
  2⤵
  PID:3080
- C:\Windows\System\daWPfdI.exe
  C:\Windows\System\daWPfdI.exe
  2⤵
  PID:3100
- C:\Windows\System\zIDzbEM.exe
  C:\Windows\System\zIDzbEM.exe
  2⤵
  PID:3124
- C:\Windows\System\adwSikd.exe
  C:\Windows\System\adwSikd.exe
  2⤵
  PID:3140
- C:\Windows\System\rToKUCa.exe
  C:\Windows\System\rToKUCa.exe
  2⤵
  PID:3172
- C:\Windows\System\WFEmyjr.exe
  C:\Windows\System\WFEmyjr.exe
  2⤵
  PID:3188
- C:\Windows\System\BuxJybx.exe
  C:\Windows\System\BuxJybx.exe
  2⤵
  PID:3204
- C:\Windows\System\fqaWwfw.exe
  C:\Windows\System\fqaWwfw.exe
  2⤵
  PID:3224
- C:\Windows\System\ZhUpxBP.exe
  C:\Windows\System\ZhUpxBP.exe
  2⤵
  PID:3240
- C:\Windows\System\kVkKAjn.exe
  C:\Windows\System\kVkKAjn.exe
  2⤵
  PID:3260
- C:\Windows\System\WUbSYeo.exe
  C:\Windows\System\WUbSYeo.exe
  2⤵
  PID:3292
- C:\Windows\System\cEJFXry.exe
  C:\Windows\System\cEJFXry.exe
  2⤵
  PID:3312
- C:\Windows\System\gRCaXSZ.exe
  C:\Windows\System\gRCaXSZ.exe
  2⤵
  PID:3332
- C:\Windows\System\BpNNWry.exe
  C:\Windows\System\BpNNWry.exe
  2⤵
  PID:3352
- C:\Windows\System\FFFexUM.exe
  C:\Windows\System\FFFexUM.exe
  2⤵
  PID:3372
- C:\Windows\System\PyqoyLB.exe
  C:\Windows\System\PyqoyLB.exe
  2⤵
  PID:3388
- C:\Windows\System\HrrjuLw.exe
  C:\Windows\System\HrrjuLw.exe
  2⤵
  PID:3412
- C:\Windows\System\OsrknUc.exe
  C:\Windows\System\OsrknUc.exe
  2⤵
  PID:3428
- C:\Windows\System\vTLkklD.exe
  C:\Windows\System\vTLkklD.exe
  2⤵
  PID:3448
- C:\Windows\System\CXDNGKh.exe
  C:\Windows\System\CXDNGKh.exe
  2⤵
  PID:3468
- C:\Windows\System\UNfpzYO.exe
  C:\Windows\System\UNfpzYO.exe
  2⤵
  PID:3484
- C:\Windows\System\BtBUjeL.exe
  C:\Windows\System\BtBUjeL.exe
  2⤵
  PID:3504
- C:\Windows\System\XBPLoIt.exe
  C:\Windows\System\XBPLoIt.exe
  2⤵
  PID:3520
- C:\Windows\System\RyYtVnp.exe
  C:\Windows\System\RyYtVnp.exe
  2⤵
  PID:3536
- C:\Windows\System\QCrqqGR.exe
  C:\Windows\System\QCrqqGR.exe
  2⤵
  PID:3552
- C:\Windows\System\osHvbSV.exe
  C:\Windows\System\osHvbSV.exe
  2⤵
  PID:3576
- C:\Windows\System\sOumatI.exe
  C:\Windows\System\sOumatI.exe
  2⤵
  PID:3592
- C:\Windows\System\rVGOtNN.exe
  C:\Windows\System\rVGOtNN.exe
  2⤵
  PID:3608
- C:\Windows\System\mkQweft.exe
  C:\Windows\System\mkQweft.exe
  2⤵
  PID:3624
- C:\Windows\System\byCGkHd.exe
  C:\Windows\System\byCGkHd.exe
  2⤵
  PID:3652
- C:\Windows\System\aSBIvbk.exe
  C:\Windows\System\aSBIvbk.exe
  2⤵
  PID:3684
- C:\Windows\System\wWOZFsd.exe
  C:\Windows\System\wWOZFsd.exe
  2⤵
  PID:3724
- C:\Windows\System\KyHLGws.exe
  C:\Windows\System\KyHLGws.exe
  2⤵
  PID:3740
- C:\Windows\System\XwKuqhi.exe
  C:\Windows\System\XwKuqhi.exe
  2⤵
  PID:3760
- C:\Windows\System\YdvysIQ.exe
  C:\Windows\System\YdvysIQ.exe
  2⤵
  PID:3780
- C:\Windows\System\nemIvBd.exe
  C:\Windows\System\nemIvBd.exe
  2⤵
  PID:3808
- C:\Windows\System\shRUeVa.exe
  C:\Windows\System\shRUeVa.exe
  2⤵
  PID:3832
- C:\Windows\System\rlqNMTc.exe
  C:\Windows\System\rlqNMTc.exe
  2⤵
  PID:3848
- C:\Windows\System\asCneQY.exe
  C:\Windows\System\asCneQY.exe
  2⤵
  PID:3872
- C:\Windows\System\FJoMiGC.exe
  C:\Windows\System\FJoMiGC.exe
  2⤵
  PID:3892
- C:\Windows\System\wARfCmG.exe
  C:\Windows\System\wARfCmG.exe
  2⤵
  PID:3912
- C:\Windows\System\IHYbilw.exe
  C:\Windows\System\IHYbilw.exe
  2⤵
  PID:3928
- C:\Windows\System\ZdKTRnO.exe
  C:\Windows\System\ZdKTRnO.exe
  2⤵
  PID:3948
- C:\Windows\System\biYASjl.exe
  C:\Windows\System\biYASjl.exe
  2⤵
  PID:3964
- C:\Windows\System\SGavdtj.exe
  C:\Windows\System\SGavdtj.exe
  2⤵
  PID:3984
- C:\Windows\System\ojMhKZL.exe
  C:\Windows\System\ojMhKZL.exe
  2⤵
  PID:4004
- C:\Windows\System\QnGabMw.exe
  C:\Windows\System\QnGabMw.exe
  2⤵
  PID:4028
- C:\Windows\System\NAySrjC.exe
  C:\Windows\System\NAySrjC.exe
  2⤵
  PID:4048
- C:\Windows\System\rpqFpum.exe
  C:\Windows\System\rpqFpum.exe
  2⤵
  PID:4068
- C:\Windows\System\clJILsY.exe
  C:\Windows\System\clJILsY.exe
  2⤵
  PID:4088
- C:\Windows\System\FxZYvOk.exe
  C:\Windows\System\FxZYvOk.exe
  2⤵
  PID:2040
- C:\Windows\System\WBqObNJ.exe
  C:\Windows\System\WBqObNJ.exe
  2⤵
  PID:2900
- C:\Windows\System\QZUkmNg.exe
  C:\Windows\System\QZUkmNg.exe
  2⤵
  PID:2500
- C:\Windows\System\lmSMezu.exe
  C:\Windows\System\lmSMezu.exe
  2⤵
  PID:2204
- C:\Windows\System\PUhQcDb.exe
  C:\Windows\System\PUhQcDb.exe
  2⤵
  PID:2548
- C:\Windows\System\Ambolvw.exe
  C:\Windows\System\Ambolvw.exe
  2⤵
  PID:1176
- C:\Windows\System\oDflNDN.exe
  C:\Windows\System\oDflNDN.exe
  2⤵
  PID:2764
- C:\Windows\System\AnhzChD.exe
  C:\Windows\System\AnhzChD.exe
  2⤵
  PID:1908
- C:\Windows\System\DSWQNcv.exe
  C:\Windows\System\DSWQNcv.exe
  2⤵
  PID:1064
- C:\Windows\System\DtswSYD.exe
  C:\Windows\System\DtswSYD.exe
  2⤵
  PID:2692
- C:\Windows\System\ujyvEII.exe
  C:\Windows\System\ujyvEII.exe
  2⤵
  PID:1928
- C:\Windows\System\jKanOKn.exe
  C:\Windows\System\jKanOKn.exe
  2⤵
  PID:1748
- C:\Windows\System\JlTCOHV.exe
  C:\Windows\System\JlTCOHV.exe
  2⤵
  PID:3112
- C:\Windows\System\wQwOMjv.exe
  C:\Windows\System\wQwOMjv.exe
  2⤵
  PID:2716
- C:\Windows\System\IypArtg.exe
  C:\Windows\System\IypArtg.exe
  2⤵
  PID:3096
- C:\Windows\System\cMBGOPX.exe
  C:\Windows\System\cMBGOPX.exe
  2⤵
  PID:3196
- C:\Windows\System\rLlVQpY.exe
  C:\Windows\System\rLlVQpY.exe
  2⤵
  PID:3268
- C:\Windows\System\SiCIkeu.exe
  C:\Windows\System\SiCIkeu.exe
  2⤵
  PID:3320
- C:\Windows\System\toTWrNB.exe
  C:\Windows\System\toTWrNB.exe
  2⤵
  PID:3212
- C:\Windows\System\OTyFsgt.exe
  C:\Windows\System\OTyFsgt.exe
  2⤵
  PID:3252
- C:\Windows\System\TwjWZMi.exe
  C:\Windows\System\TwjWZMi.exe
  2⤵
  PID:3396
- C:\Windows\System\zmYVtNK.exe
  C:\Windows\System\zmYVtNK.exe
  2⤵
  PID:3444
- C:\Windows\System\tKlkHWZ.exe
  C:\Windows\System\tKlkHWZ.exe
  2⤵
  PID:3516
- C:\Windows\System\PCvHVwa.exe
  C:\Windows\System\PCvHVwa.exe
  2⤵
  PID:3544
- C:\Windows\System\ULNqEPn.exe
  C:\Windows\System\ULNqEPn.exe
  2⤵
  PID:3620
- C:\Windows\System\EkeKSBS.exe
  C:\Windows\System\EkeKSBS.exe
  2⤵
  PID:3420
- C:\Windows\System\OFAufJF.exe
  C:\Windows\System\OFAufJF.exe
  2⤵
  PID:3676
- C:\Windows\System\ADouMAo.exe
  C:\Windows\System\ADouMAo.exe
  2⤵
  PID:3572
- C:\Windows\System\ZSddPVl.exe
  C:\Windows\System\ZSddPVl.exe
  2⤵
  PID:3636
- C:\Windows\System\jfnvGzK.exe
  C:\Windows\System\jfnvGzK.exe
  2⤵
  PID:3492
- C:\Windows\System\bUgiupt.exe
  C:\Windows\System\bUgiupt.exe
  2⤵
  PID:3776
- C:\Windows\System\EWQnrHh.exe
  C:\Windows\System\EWQnrHh.exe
  2⤵
  PID:3816
- C:\Windows\System\XCyFcbr.exe
  C:\Windows\System\XCyFcbr.exe
  2⤵
  PID:3824
- C:\Windows\System\FYwfSdg.exe
  C:\Windows\System\FYwfSdg.exe
  2⤵
  PID:3856
- C:\Windows\System\GrnodME.exe
  C:\Windows\System\GrnodME.exe
  2⤵
  PID:3864
- C:\Windows\System\awgzwop.exe
  C:\Windows\System\awgzwop.exe
  2⤵
  PID:3804
- C:\Windows\System\EfUnslS.exe
  C:\Windows\System\EfUnslS.exe
  2⤵
  PID:3840
- C:\Windows\System\cWbAJpf.exe
  C:\Windows\System\cWbAJpf.exe
  2⤵
  PID:3972
- C:\Windows\System\PzKgFtY.exe
  C:\Windows\System\PzKgFtY.exe
  2⤵
  PID:4012
- C:\Windows\System\AornsqA.exe
  C:\Windows\System\AornsqA.exe
  2⤵
  PID:4064
- C:\Windows\System\dQgoYdB.exe
  C:\Windows\System\dQgoYdB.exe
  2⤵
  PID:4000
- C:\Windows\System\querCVv.exe
  C:\Windows\System\querCVv.exe
  2⤵
  PID:1712
- C:\Windows\System\CKYFLIZ.exe
  C:\Windows\System\CKYFLIZ.exe
  2⤵
  PID:4044
- C:\Windows\System\CkqLVoK.exe
  C:\Windows\System\CkqLVoK.exe
  2⤵
  PID:3032
- C:\Windows\System\oryOEPJ.exe
  C:\Windows\System\oryOEPJ.exe
  2⤵
  PID:2264
- C:\Windows\System\agZosVm.exe
  C:\Windows\System\agZosVm.exe
  2⤵
  PID:2564
- C:\Windows\System\CcATrwM.exe
  C:\Windows\System\CcATrwM.exe
  2⤵
  PID:2352
- C:\Windows\System\hxMHBXz.exe
  C:\Windows\System\hxMHBXz.exe
  2⤵
  PID:1692
- C:\Windows\System\rewoIzM.exe
  C:\Windows\System\rewoIzM.exe
  2⤵
  PID:932
- C:\Windows\System\jqnjWIX.exe
  C:\Windows\System\jqnjWIX.exe
  2⤵
  PID:2864
- C:\Windows\System\tGNGVlS.exe
  C:\Windows\System\tGNGVlS.exe
  2⤵
  PID:2272
- C:\Windows\System\DPpLLgY.exe
  C:\Windows\System\DPpLLgY.exe
  2⤵
  PID:3132
- C:\Windows\System\YFjVxxN.exe
  C:\Windows\System\YFjVxxN.exe
  2⤵
  PID:3324
- C:\Windows\System\XmcQSfE.exe
  C:\Windows\System\XmcQSfE.exe
  2⤵
  PID:3280
- C:\Windows\System\obCjRHR.exe
  C:\Windows\System\obCjRHR.exe
  2⤵
  PID:3480
- C:\Windows\System\llMHFLK.exe
  C:\Windows\System\llMHFLK.exe
  2⤵
  PID:3304
- C:\Windows\System\vQYluJP.exe
  C:\Windows\System\vQYluJP.exe
  2⤵
  PID:3344
- C:\Windows\System\jTCvvbs.exe
  C:\Windows\System\jTCvvbs.exe
  2⤵
  PID:3588
- C:\Windows\System\qNHUEWW.exe
  C:\Windows\System\qNHUEWW.exe
  2⤵
  PID:3632
- C:\Windows\System\dfGbzRt.exe
  C:\Windows\System\dfGbzRt.exe
  2⤵
  PID:3644
- C:\Windows\System\VNKszrA.exe
  C:\Windows\System\VNKszrA.exe
  2⤵
  PID:3528
- C:\Windows\System\iNYrfkV.exe
  C:\Windows\System\iNYrfkV.exe
  2⤵
  PID:3692
- C:\Windows\System\xfRbHWW.exe
  C:\Windows\System\xfRbHWW.exe
  2⤵
  PID:3828
- C:\Windows\System\ZOVBveC.exe
  C:\Windows\System\ZOVBveC.exe
  2⤵
  PID:3788
- C:\Windows\System\ACORCqb.exe
  C:\Windows\System\ACORCqb.exe
  2⤵
  PID:3944
- C:\Windows\System\gZxxLUF.exe
  C:\Windows\System\gZxxLUF.exe
  2⤵
  PID:3044
- C:\Windows\System\WPhRFec.exe
  C:\Windows\System\WPhRFec.exe
  2⤵
  PID:3976
- C:\Windows\System\SJPGRGi.exe
  C:\Windows\System\SJPGRGi.exe
  2⤵
  PID:3992
- C:\Windows\System\POFFAQO.exe
  C:\Windows\System\POFFAQO.exe
  2⤵
  PID:2092
- C:\Windows\System\eDYvsgd.exe
  C:\Windows\System\eDYvsgd.exe
  2⤵
  PID:1720
- C:\Windows\System\iQKlcVt.exe
  C:\Windows\System\iQKlcVt.exe
  2⤵
  PID:3012
- C:\Windows\System\SzzmxLB.exe
  C:\Windows\System\SzzmxLB.exe
  2⤵
  PID:2516
- C:\Windows\System\hsYxzld.exe
  C:\Windows\System\hsYxzld.exe
  2⤵
  PID:3232
- C:\Windows\System\vHmMdBr.exe
  C:\Windows\System\vHmMdBr.exe
  2⤵
  PID:3236
- C:\Windows\System\EMFBTfs.exe
  C:\Windows\System\EMFBTfs.exe
  2⤵
  PID:1368
- C:\Windows\System\oNYENeX.exe
  C:\Windows\System\oNYENeX.exe
  2⤵
  PID:3272
- C:\Windows\System\sPenSSV.exe
  C:\Windows\System\sPenSSV.exe
  2⤵
  PID:3368
- C:\Windows\System\WaPLkNl.exe
  C:\Windows\System\WaPLkNl.exe
  2⤵
  PID:3340
- C:\Windows\System\tJUPvam.exe
  C:\Windows\System\tJUPvam.exe
  2⤵
  PID:3464
- C:\Windows\System\pDSkdss.exe
  C:\Windows\System\pDSkdss.exe
  2⤵
  PID:4104
- C:\Windows\System\IlFEUTU.exe
  C:\Windows\System\IlFEUTU.exe
  2⤵
  PID:4124
- C:\Windows\System\pBjBXps.exe
  C:\Windows\System\pBjBXps.exe
  2⤵
  PID:4144
- C:\Windows\System\KhoVPia.exe
  C:\Windows\System\KhoVPia.exe
  2⤵
  PID:4164
- C:\Windows\System\rcuuAzz.exe
  C:\Windows\System\rcuuAzz.exe
  2⤵
  PID:4188
- C:\Windows\System\QzMYwAn.exe
  C:\Windows\System\QzMYwAn.exe
  2⤵
  PID:4208
- C:\Windows\System\fdcChBA.exe
  C:\Windows\System\fdcChBA.exe
  2⤵
  PID:4228
- C:\Windows\System\MIxtugB.exe
  C:\Windows\System\MIxtugB.exe
  2⤵
  PID:4248
- C:\Windows\System\ZEVDaYj.exe
  C:\Windows\System\ZEVDaYj.exe
  2⤵
  PID:4268
- C:\Windows\System\COwbefa.exe
  C:\Windows\System\COwbefa.exe
  2⤵
  PID:4292
- C:\Windows\System\ZRGBBGL.exe
  C:\Windows\System\ZRGBBGL.exe
  2⤵
  PID:4312
- C:\Windows\System\oljqBlI.exe
  C:\Windows\System\oljqBlI.exe
  2⤵
  PID:4332
- C:\Windows\System\TUZvsbZ.exe
  C:\Windows\System\TUZvsbZ.exe
  2⤵
  PID:4352
- C:\Windows\System\HZjDgFk.exe
  C:\Windows\System\HZjDgFk.exe
  2⤵
  PID:4372
- C:\Windows\System\wERHQRO.exe
  C:\Windows\System\wERHQRO.exe
  2⤵
  PID:4392
- C:\Windows\System\dCkjyrs.exe
  C:\Windows\System\dCkjyrs.exe
  2⤵
  PID:4412
- C:\Windows\System\HmAhnJX.exe
  C:\Windows\System\HmAhnJX.exe
  2⤵
  PID:4432
- C:\Windows\System\kImLyap.exe
  C:\Windows\System\kImLyap.exe
  2⤵
  PID:4452
- C:\Windows\System\iPLzKQs.exe
  C:\Windows\System\iPLzKQs.exe
  2⤵
  PID:4468
- C:\Windows\System\VVFENDl.exe
  C:\Windows\System\VVFENDl.exe
  2⤵
  PID:4488
- C:\Windows\System\rOBoQQy.exe
  C:\Windows\System\rOBoQQy.exe
  2⤵
  PID:4508
- C:\Windows\System\HXTxkPp.exe
  C:\Windows\System\HXTxkPp.exe
  2⤵
  PID:4532
- C:\Windows\System\EpmDTBn.exe
  C:\Windows\System\EpmDTBn.exe
  2⤵
  PID:4552
- C:\Windows\System\AmlVdvF.exe
  C:\Windows\System\AmlVdvF.exe
  2⤵
  PID:4572
- C:\Windows\System\vBLKRyx.exe
  C:\Windows\System\vBLKRyx.exe
  2⤵
  PID:4592
- C:\Windows\System\SCGPbYi.exe
  C:\Windows\System\SCGPbYi.exe
  2⤵
  PID:4612
- C:\Windows\System\QVejTkH.exe
  C:\Windows\System\QVejTkH.exe
  2⤵
  PID:4632
- C:\Windows\System\JoFnluh.exe
  C:\Windows\System\JoFnluh.exe
  2⤵
  PID:4656
- C:\Windows\System\dtiTHTS.exe
  C:\Windows\System\dtiTHTS.exe
  2⤵
  PID:4676
- C:\Windows\System\ghCuuzw.exe
  C:\Windows\System\ghCuuzw.exe
  2⤵
  PID:4700
- C:\Windows\System\ryondgm.exe
  C:\Windows\System\ryondgm.exe
  2⤵
  PID:4720
- C:\Windows\System\MIIoxIR.exe
  C:\Windows\System\MIIoxIR.exe
  2⤵
  PID:4740
- C:\Windows\System\lfZeAsk.exe
  C:\Windows\System\lfZeAsk.exe
  2⤵
  PID:4756
- C:\Windows\System\meyjXVU.exe
  C:\Windows\System\meyjXVU.exe
  2⤵
  PID:4780
- C:\Windows\System\sXEdFVa.exe
  C:\Windows\System\sXEdFVa.exe
  2⤵
  PID:4800
- C:\Windows\System\rjmEXTp.exe
  C:\Windows\System\rjmEXTp.exe
  2⤵
  PID:4820
- C:\Windows\System\IcVFFni.exe
  C:\Windows\System\IcVFFni.exe
  2⤵
  PID:4840
- C:\Windows\System\oXcxYSY.exe
  C:\Windows\System\oXcxYSY.exe
  2⤵
  PID:4860
- C:\Windows\System\lTGRRtK.exe
  C:\Windows\System\lTGRRtK.exe
  2⤵
  PID:4876
- C:\Windows\System\RVNWcoR.exe
  C:\Windows\System\RVNWcoR.exe
  2⤵
  PID:4900
- C:\Windows\System\LocyrxJ.exe
  C:\Windows\System\LocyrxJ.exe
  2⤵
  PID:4920
- C:\Windows\System\eHEwxxL.exe
  C:\Windows\System\eHEwxxL.exe
  2⤵
  PID:4940
- C:\Windows\System\aZgGAmT.exe
  C:\Windows\System\aZgGAmT.exe
  2⤵
  PID:4960
- C:\Windows\System\iLExBpR.exe
  C:\Windows\System\iLExBpR.exe
  2⤵
  PID:4980
- C:\Windows\System\iGpcuOq.exe
  C:\Windows\System\iGpcuOq.exe
  2⤵
  PID:5000
- C:\Windows\System\cxfajlV.exe
  C:\Windows\System\cxfajlV.exe
  2⤵
  PID:5016
- C:\Windows\System\yavdeaS.exe
  C:\Windows\System\yavdeaS.exe
  2⤵
  PID:5040
- C:\Windows\System\suKHJVH.exe
  C:\Windows\System\suKHJVH.exe
  2⤵
  PID:5060
- C:\Windows\System\PNdHHYk.exe
  C:\Windows\System\PNdHHYk.exe
  2⤵
  PID:5084
- C:\Windows\System\TuMjgkV.exe
  C:\Windows\System\TuMjgkV.exe
  2⤵
  PID:5104
- C:\Windows\System\EfYSrPB.exe
  C:\Windows\System\EfYSrPB.exe
  2⤵
  PID:3496
- C:\Windows\System\NtckFBy.exe
  C:\Windows\System\NtckFBy.exe
  2⤵
  PID:3564
- C:\Windows\System\UkIhtyo.exe
  C:\Windows\System\UkIhtyo.exe
  2⤵
  PID:3800
- C:\Windows\System\dgIVYqB.exe
  C:\Windows\System\dgIVYqB.exe
  2⤵
  PID:3860
- C:\Windows\System\ALqTZjl.exe
  C:\Windows\System\ALqTZjl.exe
  2⤵
  PID:3940
- C:\Windows\System\CdwDEnb.exe
  C:\Windows\System\CdwDEnb.exe
  2⤵
  PID:4024
- C:\Windows\System\ayNQEsZ.exe
  C:\Windows\System\ayNQEsZ.exe
  2⤵
  PID:4060
- C:\Windows\System\CpeKIxb.exe
  C:\Windows\System\CpeKIxb.exe
  2⤵
  PID:1504
- C:\Windows\System\tCvHYux.exe
  C:\Windows\System\tCvHYux.exe
  2⤵
  PID:2356
- C:\Windows\System\GgNbkdT.exe
  C:\Windows\System\GgNbkdT.exe
  2⤵
  PID:1688
- C:\Windows\System\ZAYJPIb.exe
  C:\Windows\System\ZAYJPIb.exe
  2⤵
  PID:2196
- C:\Windows\System\oiMHCoi.exe
  C:\Windows\System\oiMHCoi.exe
  2⤵
  PID:2260
- C:\Windows\System\LoLNSBz.exe
  C:\Windows\System\LoLNSBz.exe
  2⤵
  PID:3180
- C:\Windows\System\AVxQvYm.exe
  C:\Windows\System\AVxQvYm.exe
  2⤵
  PID:3040
- C:\Windows\System\gETYcRi.exe
  C:\Windows\System\gETYcRi.exe
  2⤵
  PID:4136
- C:\Windows\System\xohfiwX.exe
  C:\Windows\System\xohfiwX.exe
  2⤵
  PID:4184
- C:\Windows\System\aJSMKCM.exe
  C:\Windows\System\aJSMKCM.exe
  2⤵
  PID:4244
- C:\Windows\System\YGRetkG.exe
  C:\Windows\System\YGRetkG.exe
  2⤵
  PID:4180
- C:\Windows\System\LuiSanL.exe
  C:\Windows\System\LuiSanL.exe
  2⤵
  PID:4264
- C:\Windows\System\XsgGLpm.exe
  C:\Windows\System\XsgGLpm.exe
  2⤵
  PID:4328
- C:\Windows\System\uDkmXCl.exe
  C:\Windows\System\uDkmXCl.exe
  2⤵
  PID:4344
- C:\Windows\System\MQcdxVd.exe
  C:\Windows\System\MQcdxVd.exe
  2⤵
  PID:4400
- C:\Windows\System\ocCpiLF.exe
  C:\Windows\System\ocCpiLF.exe
  2⤵
  PID:4420
- C:\Windows\System\NIgkKXz.exe
  C:\Windows\System\NIgkKXz.exe
  2⤵
  PID:4424
- C:\Windows\System\BFALEjJ.exe
  C:\Windows\System\BFALEjJ.exe
  2⤵
  PID:4516
- C:\Windows\System\uVXPEfm.exe
  C:\Windows\System\uVXPEfm.exe
  2⤵
  PID:2052
- C:\Windows\System\KxCyiTe.exe
  C:\Windows\System\KxCyiTe.exe
  2⤵
  PID:4504
- C:\Windows\System\QeFsulw.exe
  C:\Windows\System\QeFsulw.exe
  2⤵
  PID:4580
- C:\Windows\System\ZYJPjAR.exe
  C:\Windows\System\ZYJPjAR.exe
  2⤵
  PID:4584
- C:\Windows\System\CyfPawo.exe
  C:\Windows\System\CyfPawo.exe
  2⤵
  PID:4628
- C:\Windows\System\lUcJwza.exe
  C:\Windows\System\lUcJwza.exe
  2⤵
  PID:4672
- C:\Windows\System\OWzWnmH.exe
  C:\Windows\System\OWzWnmH.exe
  2⤵
  PID:4716
- C:\Windows\System\qUSmCTI.exe
  C:\Windows\System\qUSmCTI.exe
  2⤵
  PID:4764
- C:\Windows\System\jvQtbOl.exe
  C:\Windows\System\jvQtbOl.exe
  2⤵
  PID:4768
- C:\Windows\System\JNDNpxq.exe
  C:\Windows\System\JNDNpxq.exe
  2⤵
  PID:4812
- C:\Windows\System\gFiiYMt.exe
  C:\Windows\System\gFiiYMt.exe
  2⤵
  PID:4856
- C:\Windows\System\knPvbmb.exe
  C:\Windows\System\knPvbmb.exe
  2⤵
  PID:4888
- C:\Windows\System\veTZNRP.exe
  C:\Windows\System\veTZNRP.exe
  2⤵
  PID:4936
- C:\Windows\System\JtLzKCb.exe
  C:\Windows\System\JtLzKCb.exe
  2⤵
  PID:4968
- C:\Windows\System\IjxCdgJ.exe
  C:\Windows\System\IjxCdgJ.exe
  2⤵
  PID:5008
- C:\Windows\System\faxKNrH.exe
  C:\Windows\System\faxKNrH.exe
  2⤵
  PID:5024
- C:\Windows\System\FyclNPk.exe
  C:\Windows\System\FyclNPk.exe
  2⤵
  PID:5028
- C:\Windows\System\wOQsMwS.exe
  C:\Windows\System\wOQsMwS.exe
  2⤵
  PID:5100
- C:\Windows\System\KVixofw.exe
  C:\Windows\System\KVixofw.exe
  2⤵
  PID:3736
- C:\Windows\System\drJUogV.exe
  C:\Windows\System\drJUogV.exe
  2⤵
  PID:3768
- C:\Windows\System\QxXdgXf.exe
  C:\Windows\System\QxXdgXf.exe
  2⤵
  PID:2628
- C:\Windows\System\XzloTAa.exe
  C:\Windows\System\XzloTAa.exe
  2⤵
  PID:2660
- C:\Windows\System\JiSzskq.exe
  C:\Windows\System\JiSzskq.exe
  2⤵
  PID:2988
- C:\Windows\System\YiTOgPW.exe
  C:\Windows\System\YiTOgPW.exe
  2⤵
  PID:1604
- C:\Windows\System\pAJHGez.exe
  C:\Windows\System\pAJHGez.exe
  2⤵
  PID:3168
- C:\Windows\System\MFCtQMI.exe
  C:\Windows\System\MFCtQMI.exe
  2⤵
  PID:3600
- C:\Windows\System\JffcPGn.exe
  C:\Windows\System\JffcPGn.exe
  2⤵
  PID:4116
- C:\Windows\System\LblWmRS.exe
  C:\Windows\System\LblWmRS.exe
  2⤵
  PID:4156
- C:\Windows\System\FMgPGtK.exe
  C:\Windows\System\FMgPGtK.exe
  2⤵
  PID:4224
- C:\Windows\System\gcfoLie.exe
  C:\Windows\System\gcfoLie.exe
  2⤵
  PID:4260
- C:\Windows\System\UtUzuiG.exe
  C:\Windows\System\UtUzuiG.exe
  2⤵
  PID:4348
- C:\Windows\System\fJAHtEo.exe
  C:\Windows\System\fJAHtEo.exe
  2⤵
  PID:4448
- C:\Windows\System\CIDuoGG.exe
  C:\Windows\System\CIDuoGG.exe
  2⤵
  PID:4520
- C:\Windows\System\fltjXVS.exe
  C:\Windows\System\fltjXVS.exe
  2⤵
  PID:4528
- C:\Windows\System\yPONbXf.exe
  C:\Windows\System\yPONbXf.exe
  2⤵
  PID:4544
- C:\Windows\System\PCbIPmL.exe
  C:\Windows\System\PCbIPmL.exe
  2⤵
  PID:4588
- C:\Windows\System\efnGfAp.exe
  C:\Windows\System\efnGfAp.exe
  2⤵
  PID:4624
- C:\Windows\System\UWEhImM.exe
  C:\Windows\System\UWEhImM.exe
  2⤵
  PID:4736
- C:\Windows\System\HaMuvcO.exe
  C:\Windows\System\HaMuvcO.exe
  2⤵
  PID:4732
- C:\Windows\System\ieDiXdO.exe
  C:\Windows\System\ieDiXdO.exe
  2⤵
  PID:4796
- C:\Windows\System\MqvbAWE.exe
  C:\Windows\System\MqvbAWE.exe
  2⤵
  PID:4896
- C:\Windows\System\pWiwwpy.exe
  C:\Windows\System\pWiwwpy.exe
  2⤵
  PID:4912
- C:\Windows\System\tZKLYvW.exe
  C:\Windows\System\tZKLYvW.exe
  2⤵
  PID:5036
- C:\Windows\System\ugGUhvx.exe
  C:\Windows\System\ugGUhvx.exe
  2⤵
  PID:5076
- C:\Windows\System\AlqYgFp.exe
  C:\Windows\System\AlqYgFp.exe
  2⤵
  PID:5092
- C:\Windows\System\calEXGd.exe
  C:\Windows\System\calEXGd.exe
  2⤵
  PID:3712
- C:\Windows\System\zqqffNQ.exe
  C:\Windows\System\zqqffNQ.exe
  2⤵
  PID:3880
- C:\Windows\System\xAXVESY.exe
  C:\Windows\System\xAXVESY.exe
  2⤵
  PID:1188
- C:\Windows\System\QTCFksy.exe
  C:\Windows\System\QTCFksy.exe
  2⤵
  PID:4100
- C:\Windows\System\mjwGjHa.exe
  C:\Windows\System\mjwGjHa.exe
  2⤵
  PID:2148
- C:\Windows\System\TzZZlRB.exe
  C:\Windows\System\TzZZlRB.exe
  2⤵
  PID:4140
- C:\Windows\System\VNRwXGL.exe
  C:\Windows\System\VNRwXGL.exe
  2⤵
  PID:4324
- C:\Windows\System\xoGoXNT.exe
  C:\Windows\System\xoGoXNT.exe
  2⤵
  PID:5128
- C:\Windows\System\dLjkUGp.exe
  C:\Windows\System\dLjkUGp.exe
  2⤵
  PID:5152
- C:\Windows\System\TlDbKFt.exe
  C:\Windows\System\TlDbKFt.exe
  2⤵
  PID:5172
- C:\Windows\System\xvFmZDJ.exe
  C:\Windows\System\xvFmZDJ.exe
  2⤵
  PID:5192
- C:\Windows\System\dyYTGMq.exe
  C:\Windows\System\dyYTGMq.exe
  2⤵
  PID:5212
- C:\Windows\System\DbkkuQK.exe
  C:\Windows\System\DbkkuQK.exe
  2⤵
  PID:5232
- C:\Windows\System\sjbqKQa.exe
  C:\Windows\System\sjbqKQa.exe
  2⤵
  PID:5248
- C:\Windows\System\DamEbhx.exe
  C:\Windows\System\DamEbhx.exe
  2⤵
  PID:5272
- C:\Windows\System\XGygIiX.exe
  C:\Windows\System\XGygIiX.exe
  2⤵
  PID:5292
- C:\Windows\System\aFXnYzY.exe
  C:\Windows\System\aFXnYzY.exe
  2⤵
  PID:5308
- C:\Windows\System\rSBJRRk.exe
  C:\Windows\System\rSBJRRk.exe
  2⤵
  PID:5332
- C:\Windows\System\bGubUns.exe
  C:\Windows\System\bGubUns.exe
  2⤵
  PID:5352
- C:\Windows\System\kxopuyf.exe
  C:\Windows\System\kxopuyf.exe
  2⤵
  PID:5372
- C:\Windows\System\NqlEbAR.exe
  C:\Windows\System\NqlEbAR.exe
  2⤵
  PID:5392
- C:\Windows\System\CEufMdc.exe
  C:\Windows\System\CEufMdc.exe
  2⤵
  PID:5412
- C:\Windows\System\KIFopZD.exe
  C:\Windows\System\KIFopZD.exe
  2⤵
  PID:5432
- C:\Windows\System\gACxyNl.exe
  C:\Windows\System\gACxyNl.exe
  2⤵
  PID:5452
- C:\Windows\System\xrCTwUa.exe
  C:\Windows\System\xrCTwUa.exe
  2⤵
  PID:5476
- C:\Windows\System\DAlFhEw.exe
  C:\Windows\System\DAlFhEw.exe
  2⤵
  PID:5500
- C:\Windows\System\jyTHylq.exe
  C:\Windows\System\jyTHylq.exe
  2⤵
  PID:5520
- C:\Windows\System\WwEqjUI.exe
  C:\Windows\System\WwEqjUI.exe
  2⤵
  PID:5540
- C:\Windows\System\aaeKZsZ.exe
  C:\Windows\System\aaeKZsZ.exe
  2⤵
  PID:5560
- C:\Windows\System\oYQKMhz.exe
  C:\Windows\System\oYQKMhz.exe
  2⤵
  PID:5580
- C:\Windows\System\YlVQeeC.exe
  C:\Windows\System\YlVQeeC.exe
  2⤵
  PID:5600
- C:\Windows\System\QUQwRvN.exe
  C:\Windows\System\QUQwRvN.exe
  2⤵
  PID:5620
- C:\Windows\System\AtRzjxS.exe
  C:\Windows\System\AtRzjxS.exe
  2⤵
  PID:5640
- C:\Windows\System\VECCFiD.exe
  C:\Windows\System\VECCFiD.exe
  2⤵
  PID:5660
- C:\Windows\System\oYyTylA.exe
  C:\Windows\System\oYyTylA.exe
  2⤵
  PID:5680
- C:\Windows\System\tnHkMUe.exe
  C:\Windows\System\tnHkMUe.exe
  2⤵
  PID:5700
- C:\Windows\System\IfTurSU.exe
  C:\Windows\System\IfTurSU.exe
  2⤵
  PID:5716
- C:\Windows\System\FjMzOjB.exe
  C:\Windows\System\FjMzOjB.exe
  2⤵
  PID:5740
- C:\Windows\System\TgLFWey.exe
  C:\Windows\System\TgLFWey.exe
  2⤵
  PID:5760
- C:\Windows\System\GNlASaq.exe
  C:\Windows\System\GNlASaq.exe
  2⤵
  PID:5780
- C:\Windows\System\XBtgyFW.exe
  C:\Windows\System\XBtgyFW.exe
  2⤵
  PID:5796
- C:\Windows\System\ZiinvoM.exe
  C:\Windows\System\ZiinvoM.exe
  2⤵
  PID:5816
- C:\Windows\System\GjZlDAP.exe
  C:\Windows\System\GjZlDAP.exe
  2⤵
  PID:5840
- C:\Windows\System\iMQGELM.exe
  C:\Windows\System\iMQGELM.exe
  2⤵
  PID:5864
- C:\Windows\System\NywspDR.exe
  C:\Windows\System\NywspDR.exe
  2⤵
  PID:5880
- C:\Windows\System\VJWNzdj.exe
  C:\Windows\System\VJWNzdj.exe
  2⤵
  PID:5904
- C:\Windows\System\Nfqcdra.exe
  C:\Windows\System\Nfqcdra.exe
  2⤵
  PID:5924
- C:\Windows\System\uQmkhKY.exe
  C:\Windows\System\uQmkhKY.exe
  2⤵
  PID:5944
- C:\Windows\System\LipxCIr.exe
  C:\Windows\System\LipxCIr.exe
  2⤵
  PID:5960
- C:\Windows\System\PDujihI.exe
  C:\Windows\System\PDujihI.exe
  2⤵
  PID:5988
- C:\Windows\System\CncHbHZ.exe
  C:\Windows\System\CncHbHZ.exe
  2⤵
  PID:6008
- C:\Windows\System\GmfMdoP.exe
  C:\Windows\System\GmfMdoP.exe
  2⤵
  PID:6028
- C:\Windows\System\lDmaalZ.exe
  C:\Windows\System\lDmaalZ.exe
  2⤵
  PID:6048
- C:\Windows\System\ReowHML.exe
  C:\Windows\System\ReowHML.exe
  2⤵
  PID:6068
- C:\Windows\System\kisDmYT.exe
  C:\Windows\System\kisDmYT.exe
  2⤵
  PID:6088
- C:\Windows\System\pqTMqTh.exe
  C:\Windows\System\pqTMqTh.exe
  2⤵
  PID:6108
- C:\Windows\System\HEeREXl.exe
  C:\Windows\System\HEeREXl.exe
  2⤵
  PID:6128
- C:\Windows\System\uBRtQNL.exe
  C:\Windows\System\uBRtQNL.exe
  2⤵
  PID:4384
- C:\Windows\System\rggpTDR.exe
  C:\Windows\System\rggpTDR.exe
  2⤵
  PID:4364
- C:\Windows\System\Hrceakt.exe
  C:\Windows\System\Hrceakt.exe
  2⤵
  PID:4564
- C:\Windows\System\vzKIJBP.exe
  C:\Windows\System\vzKIJBP.exe
  2⤵
  PID:4648
- C:\Windows\System\YjIQpnw.exe
  C:\Windows\System\YjIQpnw.exe
  2⤵
  PID:4644
- C:\Windows\System\QEytetr.exe
  C:\Windows\System\QEytetr.exe
  2⤵
  PID:4884
- C:\Windows\System\QmWUIPs.exe
  C:\Windows\System\QmWUIPs.exe
  2⤵
  PID:4948
- C:\Windows\System\UXlDmvT.exe
  C:\Windows\System\UXlDmvT.exe
  2⤵
  PID:3716
- C:\Windows\System\RzMxswE.exe
  C:\Windows\System\RzMxswE.exe
  2⤵
  PID:3996
- C:\Windows\System\YHHOHHA.exe
  C:\Windows\System\YHHOHHA.exe
  2⤵
  PID:1284
- C:\Windows\System\yOoZdoD.exe
  C:\Windows\System\yOoZdoD.exe
  2⤵
  PID:1872
- C:\Windows\System\oVdItAg.exe
  C:\Windows\System\oVdItAg.exe
  2⤵
  PID:2304
- C:\Windows\System\oRBfOvZ.exe
  C:\Windows\System\oRBfOvZ.exe
  2⤵
  PID:4368
- C:\Windows\System\LCXHJtv.exe
  C:\Windows\System\LCXHJtv.exe
  2⤵
  PID:5136
- C:\Windows\System\oIFOjdM.exe
  C:\Windows\System\oIFOjdM.exe
  2⤵
  PID:5144
- C:\Windows\System\BkqRviR.exe
  C:\Windows\System\BkqRviR.exe
  2⤵
  PID:5204
- C:\Windows\System\cXiLghy.exe
  C:\Windows\System\cXiLghy.exe
  2⤵
  PID:5228
- C:\Windows\System\KSPugEG.exe
  C:\Windows\System\KSPugEG.exe
  2⤵
  PID:5260
- C:\Windows\System\DSYkkWY.exe
  C:\Windows\System\DSYkkWY.exe
  2⤵
  PID:5316
- C:\Windows\System\QrnmZcp.exe
  C:\Windows\System\QrnmZcp.exe
  2⤵
  PID:5360
- C:\Windows\System\jkhhpQD.exe
  C:\Windows\System\jkhhpQD.exe
  2⤵
  PID:5344
- C:\Windows\System\TERGxBg.exe
  C:\Windows\System\TERGxBg.exe
  2⤵
  PID:5404
- C:\Windows\System\zmXGDSN.exe
  C:\Windows\System\zmXGDSN.exe
  2⤵
  PID:5492
- C:\Windows\System\GgKOBJU.exe
  C:\Windows\System\GgKOBJU.exe
  2⤵
  PID:5496
- C:\Windows\System\SwLstBz.exe
  C:\Windows\System\SwLstBz.exe
  2⤵
  PID:5536
- C:\Windows\System\nUQuTPc.exe
  C:\Windows\System\nUQuTPc.exe
  2⤵
  PID:5512
- C:\Windows\System\uUrYfIn.exe
  C:\Windows\System\uUrYfIn.exe
  2⤵
  PID:5572
- C:\Windows\System\xqgYdzI.exe
  C:\Windows\System\xqgYdzI.exe
  2⤵
  PID:5596
- C:\Windows\System\PcxtGwC.exe
  C:\Windows\System\PcxtGwC.exe
  2⤵
  PID:5648
- C:\Windows\System\LIHZJrV.exe
  C:\Windows\System\LIHZJrV.exe
  2⤵
  PID:5668
- C:\Windows\System\BPPKSxL.exe
  C:\Windows\System\BPPKSxL.exe
  2⤵
  PID:5728
- C:\Windows\System\GcYxwNE.exe
  C:\Windows\System\GcYxwNE.exe
  2⤵
  PID:5708
- C:\Windows\System\UaEcOcA.exe
  C:\Windows\System\UaEcOcA.exe
  2⤵
  PID:5748
- C:\Windows\System\KWUHuDB.exe
  C:\Windows\System\KWUHuDB.exe
  2⤵
  PID:2952
- C:\Windows\System\dNCXpPr.exe
  C:\Windows\System\dNCXpPr.exe
  2⤵
  PID:5836
- C:\Windows\System\YMisHhA.exe
  C:\Windows\System\YMisHhA.exe
  2⤵
  PID:5888
- C:\Windows\System\NtdJBZh.exe
  C:\Windows\System\NtdJBZh.exe
  2⤵
  PID:5912
- C:\Windows\System\szgdefM.exe
  C:\Windows\System\szgdefM.exe
  2⤵
  PID:5936
- C:\Windows\System\XsQJpUB.exe
  C:\Windows\System\XsQJpUB.exe
  2⤵
  PID:5984
- C:\Windows\System\lsOhwDL.exe
  C:\Windows\System\lsOhwDL.exe
  2⤵
  PID:6024
- C:\Windows\System\LcfqjVJ.exe
  C:\Windows\System\LcfqjVJ.exe
  2⤵
  PID:6060
- C:\Windows\System\sobSvzT.exe
  C:\Windows\System\sobSvzT.exe
  2⤵
  PID:6040
- C:\Windows\System\SUcEton.exe
  C:\Windows\System\SUcEton.exe
  2⤵
  PID:6084
- C:\Windows\System\rPXVkRW.exe
  C:\Windows\System\rPXVkRW.exe
  2⤵
  PID:6124
- C:\Windows\System\EimAIyD.exe
  C:\Windows\System\EimAIyD.exe
  2⤵
  PID:4388
- C:\Windows\System\dRuOlOY.exe
  C:\Windows\System\dRuOlOY.exe
  2⤵
  PID:4548
- C:\Windows\System\qdGKgsC.exe
  C:\Windows\System\qdGKgsC.exe
  2⤵
  PID:4568
- C:\Windows\System\GgfbSpv.exe
  C:\Windows\System\GgfbSpv.exe
  2⤵
  PID:4996
- C:\Windows\System\QlwEYnM.exe
  C:\Windows\System\QlwEYnM.exe
  2⤵
  PID:4932
- C:\Windows\System\qdznqhi.exe
  C:\Windows\System\qdznqhi.exe
  2⤵
  PID:5012
- C:\Windows\System\QvQmTJg.exe
  C:\Windows\System\QvQmTJg.exe
  2⤵
  PID:3908
- C:\Windows\System\VWLlhLi.exe
  C:\Windows\System\VWLlhLi.exe
  2⤵
  PID:4236
- C:\Windows\System\EIsRaNR.exe
  C:\Windows\System\EIsRaNR.exe
  2⤵
  PID:5200
- C:\Windows\System\zXPmyKI.exe
  C:\Windows\System\zXPmyKI.exe
  2⤵
  PID:5208
- C:\Windows\System\yqzmRSr.exe
  C:\Windows\System\yqzmRSr.exe
  2⤵
  PID:5280
- C:\Windows\System\suGYdsW.exe
  C:\Windows\System\suGYdsW.exe
  2⤵
  PID:5328
- C:\Windows\System\dRpYXOx.exe
  C:\Windows\System\dRpYXOx.exe
  2⤵
  PID:5340
- C:\Windows\System\HeCNsNA.exe
  C:\Windows\System\HeCNsNA.exe
  2⤵
  PID:2840
- C:\Windows\System\iuIHcoT.exe
  C:\Windows\System\iuIHcoT.exe
  2⤵
  PID:5388
- C:\Windows\System\eJwacHH.exe
  C:\Windows\System\eJwacHH.exe
  2⤵
  PID:5516
- C:\Windows\System\nuydfBD.exe
  C:\Windows\System\nuydfBD.exe
  2⤵
  PID:5552
- C:\Windows\System\NNOTXnq.exe
  C:\Windows\System\NNOTXnq.exe
  2⤵
  PID:5588
- C:\Windows\System\nWGQUhi.exe
  C:\Windows\System\nWGQUhi.exe
  2⤵
  PID:5692
- C:\Windows\System\IcIzpMj.exe
  C:\Windows\System\IcIzpMj.exe
  2⤵
  PID:5736
- C:\Windows\System\pNjZcnq.exe
  C:\Windows\System\pNjZcnq.exe
  2⤵
  PID:5808
- C:\Windows\System\GSMScJQ.exe
  C:\Windows\System\GSMScJQ.exe
  2⤵
  PID:5896
- C:\Windows\System\KUCalMV.exe
  C:\Windows\System\KUCalMV.exe
  2⤵
  PID:5900
- C:\Windows\System\hMaIEuT.exe
  C:\Windows\System\hMaIEuT.exe
  2⤵
  PID:5980
- C:\Windows\System\xyEYZjq.exe
  C:\Windows\System\xyEYZjq.exe
  2⤵
  PID:5916
- C:\Windows\System\evoiKBg.exe
  C:\Windows\System\evoiKBg.exe
  2⤵
  PID:2728
- C:\Windows\System\GQWjEAp.exe
  C:\Windows\System\GQWjEAp.exe
  2⤵
  PID:2760
- C:\Windows\System\LSgRJPy.exe
  C:\Windows\System\LSgRJPy.exe
  2⤵
  PID:4428
- C:\Windows\System\PcqMXYD.exe
  C:\Windows\System\PcqMXYD.exe
  2⤵
  PID:4892
- C:\Windows\System\xIJxLOp.exe
  C:\Windows\System\xIJxLOp.exe
  2⤵
  PID:4928
- C:\Windows\System\stjBBns.exe
  C:\Windows\System\stjBBns.exe
  2⤵
  PID:3532
- C:\Windows\System\VPITxyZ.exe
  C:\Windows\System\VPITxyZ.exe
  2⤵
  PID:5112
- C:\Windows\System\DpUSWAl.exe
  C:\Windows\System\DpUSWAl.exe
  2⤵
  PID:5240
- C:\Windows\System\VCLTiSd.exe
  C:\Windows\System\VCLTiSd.exe
  2⤵
  PID:5264
- C:\Windows\System\pRQLAFv.exe
  C:\Windows\System\pRQLAFv.exe
  2⤵
  PID:5300
- C:\Windows\System\yyQaDJy.exe
  C:\Windows\System\yyQaDJy.exe
  2⤵
  PID:5408
- C:\Windows\System\RcSAUyy.exe
  C:\Windows\System\RcSAUyy.exe
  2⤵
  PID:5488
- C:\Windows\System\dwYVcdN.exe
  C:\Windows\System\dwYVcdN.exe
  2⤵
  PID:5632
- C:\Windows\System\ZlJDFxG.exe
  C:\Windows\System\ZlJDFxG.exe
  2⤵
  PID:5636
- C:\Windows\System\RbjYNYT.exe
  C:\Windows\System\RbjYNYT.exe
  2⤵
  PID:5788
- C:\Windows\System\QyKGNHt.exe
  C:\Windows\System\QyKGNHt.exe
  2⤵
  PID:5828
- C:\Windows\System\rpxJZPK.exe
  C:\Windows\System\rpxJZPK.exe
  2⤵
  PID:6004
- C:\Windows\System\CXEWWCx.exe
  C:\Windows\System\CXEWWCx.exe
  2⤵
  PID:6104
- C:\Windows\System\sxVZSAh.exe
  C:\Windows\System\sxVZSAh.exe
  2⤵
  PID:6100
- C:\Windows\System\JdXnoDK.exe
  C:\Windows\System\JdXnoDK.exe
  2⤵
  PID:6164
- C:\Windows\System\VccIPrl.exe
  C:\Windows\System\VccIPrl.exe
  2⤵
  PID:6184
- C:\Windows\System\YKirtyO.exe
  C:\Windows\System\YKirtyO.exe
  2⤵
  PID:6204
- C:\Windows\System\wepAWgy.exe
  C:\Windows\System\wepAWgy.exe
  2⤵
  PID:6224
- C:\Windows\System\hRgpMnl.exe
  C:\Windows\System\hRgpMnl.exe
  2⤵
  PID:6244
- C:\Windows\System\kfqgjnl.exe
  C:\Windows\System\kfqgjnl.exe
  2⤵
  PID:6268
- C:\Windows\System\sksCvCO.exe
  C:\Windows\System\sksCvCO.exe
  2⤵
  PID:6288
- C:\Windows\System\KjJlRWi.exe
  C:\Windows\System\KjJlRWi.exe
  2⤵
  PID:6308
- C:\Windows\System\mjogMeH.exe
  C:\Windows\System\mjogMeH.exe
  2⤵
  PID:6328
- C:\Windows\System\cwYynIC.exe
  C:\Windows\System\cwYynIC.exe
  2⤵
  PID:6348
- C:\Windows\System\gBYiFPM.exe
  C:\Windows\System\gBYiFPM.exe
  2⤵
  PID:6368
- C:\Windows\System\GhXzXrV.exe
  C:\Windows\System\GhXzXrV.exe
  2⤵
  PID:6384
- C:\Windows\System\JrRyVRw.exe
  C:\Windows\System\JrRyVRw.exe
  2⤵
  PID:6400
- C:\Windows\System\RlAbZBF.exe
  C:\Windows\System\RlAbZBF.exe
  2⤵
  PID:6424
- C:\Windows\System\FiXtldW.exe
  C:\Windows\System\FiXtldW.exe
  2⤵
  PID:6452
- C:\Windows\System\JUbSpCY.exe
  C:\Windows\System\JUbSpCY.exe
  2⤵
  PID:6472
- C:\Windows\System\dVGPreG.exe
  C:\Windows\System\dVGPreG.exe
  2⤵
  PID:6492
- C:\Windows\System\eaPxFBO.exe
  C:\Windows\System\eaPxFBO.exe
  2⤵
  PID:6512
- C:\Windows\System\SlJcrZn.exe
  C:\Windows\System\SlJcrZn.exe
  2⤵
  PID:6532
- C:\Windows\System\fvwgvTm.exe
  C:\Windows\System\fvwgvTm.exe
  2⤵
  PID:6552
- C:\Windows\System\crfHSRX.exe
  C:\Windows\System\crfHSRX.exe
  2⤵
  PID:6572
- C:\Windows\System\rVGBngg.exe
  C:\Windows\System\rVGBngg.exe
  2⤵
  PID:6588
- C:\Windows\System\BEXyvKA.exe
  C:\Windows\System\BEXyvKA.exe
  2⤵
  PID:6612
- C:\Windows\System\iVhxOwc.exe
  C:\Windows\System\iVhxOwc.exe
  2⤵
  PID:6636
- C:\Windows\System\sIWxnzM.exe
  C:\Windows\System\sIWxnzM.exe
  2⤵
  PID:6656
- C:\Windows\System\tZwnpZV.exe
  C:\Windows\System\tZwnpZV.exe
  2⤵
  PID:6676
- C:\Windows\System\eLeSNRv.exe
  C:\Windows\System\eLeSNRv.exe
  2⤵
  PID:6696
- C:\Windows\System\GuwaSVF.exe
  C:\Windows\System\GuwaSVF.exe
  2⤵
  PID:6716
- C:\Windows\System\kVxYywM.exe
  C:\Windows\System\kVxYywM.exe
  2⤵
  PID:6736
- C:\Windows\System\WmJmhDG.exe
  C:\Windows\System\WmJmhDG.exe
  2⤵
  PID:6756
- C:\Windows\System\EuvsgGf.exe
  C:\Windows\System\EuvsgGf.exe
  2⤵
  PID:6776
- C:\Windows\System\frvtUwF.exe
  C:\Windows\System\frvtUwF.exe
  2⤵
  PID:6796
- C:\Windows\System\kyFtvgi.exe
  C:\Windows\System\kyFtvgi.exe
  2⤵
  PID:6816
- C:\Windows\System\GHEOmuY.exe
  C:\Windows\System\GHEOmuY.exe
  2⤵
  PID:6832
- C:\Windows\System\vPmWJKO.exe
  C:\Windows\System\vPmWJKO.exe
  2⤵
  PID:6856
- C:\Windows\System\QPoOHjx.exe
  C:\Windows\System\QPoOHjx.exe
  2⤵
  PID:6876
- C:\Windows\System\CRaNfaZ.exe
  C:\Windows\System\CRaNfaZ.exe
  2⤵
  PID:6896
- C:\Windows\System\mUBHiYw.exe
  C:\Windows\System\mUBHiYw.exe
  2⤵
  PID:6920
- C:\Windows\System\nDIzajj.exe
  C:\Windows\System\nDIzajj.exe
  2⤵
  PID:6940
- C:\Windows\System\PFIJJAy.exe
  C:\Windows\System\PFIJJAy.exe
  2⤵
  PID:6960
- C:\Windows\System\RUCeGER.exe
  C:\Windows\System\RUCeGER.exe
  2⤵
  PID:6980
- C:\Windows\System\inkCYSN.exe
  C:\Windows\System\inkCYSN.exe
  2⤵
  PID:7000
- C:\Windows\System\xkUvOhQ.exe
  C:\Windows\System\xkUvOhQ.exe
  2⤵
  PID:7020
- C:\Windows\System\DFgpxVC.exe
  C:\Windows\System\DFgpxVC.exe
  2⤵
  PID:7040
- C:\Windows\System\TswmufG.exe
  C:\Windows\System\TswmufG.exe
  2⤵
  PID:7060
- C:\Windows\System\IfSIIap.exe
  C:\Windows\System\IfSIIap.exe
  2⤵
  PID:7080
- C:\Windows\System\rsJgQwy.exe
  C:\Windows\System\rsJgQwy.exe
  2⤵
  PID:7100
- C:\Windows\System\TvStxvm.exe
  C:\Windows\System\TvStxvm.exe
  2⤵
  PID:7120
- C:\Windows\System\cQRHYux.exe
  C:\Windows\System\cQRHYux.exe
  2⤵
  PID:7136
- C:\Windows\System\jGDWuOP.exe
  C:\Windows\System\jGDWuOP.exe
  2⤵
  PID:7160
- C:\Windows\System\TXzNvvc.exe
  C:\Windows\System\TXzNvvc.exe
  2⤵
  PID:4752
- C:\Windows\System\bBIbHmx.exe
  C:\Windows\System\bBIbHmx.exe
  2⤵
  PID:3364
- C:\Windows\System\NTGJCUH.exe
  C:\Windows\System\NTGJCUH.exe
  2⤵
  PID:4748
- C:\Windows\System\DyrIggb.exe
  C:\Windows\System\DyrIggb.exe
  2⤵
  PID:3220
- C:\Windows\System\BEmLQNL.exe
  C:\Windows\System\BEmLQNL.exe
  2⤵
  PID:5364
- C:\Windows\System\eqRsWJd.exe
  C:\Windows\System\eqRsWJd.exe
  2⤵
  PID:5428
- C:\Windows\System\fRQeqtW.exe
  C:\Windows\System\fRQeqtW.exe
  2⤵
  PID:2860
- C:\Windows\System\yitzbpl.exe
  C:\Windows\System\yitzbpl.exe
  2⤵
  PID:5652
- C:\Windows\System\PwbBoiz.exe
  C:\Windows\System\PwbBoiz.exe
  2⤵
  PID:5856
- C:\Windows\System\yjsgIjs.exe
  C:\Windows\System\yjsgIjs.exe
  2⤵
  PID:6064
- C:\Windows\System\PZDOQGM.exe
  C:\Windows\System\PZDOQGM.exe
  2⤵
  PID:5832
- C:\Windows\System\PiGwDPg.exe
  C:\Windows\System\PiGwDPg.exe
  2⤵
  PID:5956
- C:\Windows\System\rNHhWNC.exe
  C:\Windows\System\rNHhWNC.exe
  2⤵
  PID:6176
- C:\Windows\System\gPfmkKH.exe
  C:\Windows\System\gPfmkKH.exe
  2⤵
  PID:6212
- C:\Windows\System\zqgSpic.exe
  C:\Windows\System\zqgSpic.exe
  2⤵
  PID:6280
- C:\Windows\System\ySbAWmM.exe
  C:\Windows\System\ySbAWmM.exe
  2⤵
  PID:6296
- C:\Windows\System\WRLCZnx.exe
  C:\Windows\System\WRLCZnx.exe
  2⤵
  PID:6356
- C:\Windows\System\kpfksPv.exe
  C:\Windows\System\kpfksPv.exe
  2⤵
  PID:6340
- C:\Windows\System\CobAvpN.exe
  C:\Windows\System\CobAvpN.exe
  2⤵
  PID:6436
- C:\Windows\System\BGGaUxp.exe
  C:\Windows\System\BGGaUxp.exe
  2⤵
  PID:6412
- C:\Windows\System\FfvkTRS.exe
  C:\Windows\System\FfvkTRS.exe
  2⤵
  PID:6488
- C:\Windows\System\xTlDmeS.exe
  C:\Windows\System\xTlDmeS.exe
  2⤵
  PID:6520
- C:\Windows\System\TfydtpJ.exe
  C:\Windows\System\TfydtpJ.exe
  2⤵
  PID:6524
- C:\Windows\System\IPLPPhn.exe
  C:\Windows\System\IPLPPhn.exe
  2⤵
  PID:6540
- C:\Windows\System\HtfZYKp.exe
  C:\Windows\System\HtfZYKp.exe
  2⤵
  PID:6564
- C:\Windows\System\UuyLNDK.exe
  C:\Windows\System\UuyLNDK.exe
  2⤵
  PID:6620
- C:\Windows\System\vfVhWNN.exe
  C:\Windows\System\vfVhWNN.exe
  2⤵
  PID:6624
- C:\Windows\System\ZqGGutN.exe
  C:\Windows\System\ZqGGutN.exe
  2⤵
  PID:6668
- C:\Windows\System\URyrelw.exe
  C:\Windows\System\URyrelw.exe
  2⤵
  PID:6712
- C:\Windows\System\WxSWTgH.exe
  C:\Windows\System\WxSWTgH.exe
  2⤵
  PID:6752
- C:\Windows\System\KtqhaIF.exe
  C:\Windows\System\KtqhaIF.exe
  2⤵
  PID:6804
- C:\Windows\System\pdHBXKL.exe
  C:\Windows\System\pdHBXKL.exe
  2⤵
  PID:6824
- C:\Windows\System\ShQBYMa.exe
  C:\Windows\System\ShQBYMa.exe
  2⤵
  PID:6884
- C:\Windows\System\ymKQIxu.exe
  C:\Windows\System\ymKQIxu.exe
  2⤵
  PID:6864
- C:\Windows\System\uuXAJfz.exe
  C:\Windows\System\uuXAJfz.exe
  2⤵
  PID:1352
- C:\Windows\System\JRvoPzP.exe
  C:\Windows\System\JRvoPzP.exe
  2⤵
  PID:6908
- C:\Windows\System\pAmFlgS.exe
  C:\Windows\System\pAmFlgS.exe
  2⤵
  PID:6956
- C:\Windows\System\dINNlDX.exe
  C:\Windows\System\dINNlDX.exe
  2⤵
  PID:7016
- C:\Windows\System\XvmDYYr.exe
  C:\Windows\System\XvmDYYr.exe
  2⤵
  PID:7056
- C:\Windows\System\xzzKFFi.exe
  C:\Windows\System\xzzKFFi.exe
  2⤵
  PID:7088
- C:\Windows\System\pKJUlPW.exe
  C:\Windows\System\pKJUlPW.exe
  2⤵
  PID:7128
- C:\Windows\System\LqqryoD.exe
  C:\Windows\System\LqqryoD.exe
  2⤵
  PID:7144
- C:\Windows\System\ebNpJKP.exe
  C:\Windows\System\ebNpJKP.exe
  2⤵
  PID:7152
- C:\Windows\System\UFVJOKf.exe
  C:\Windows\System\UFVJOKf.exe
  2⤵
  PID:5508
- C:\Windows\System\EkiATxN.exe
  C:\Windows\System\EkiATxN.exe
  2⤵
  PID:832
- C:\Windows\System\MqeuMse.exe
  C:\Windows\System\MqeuMse.exe
  2⤵
  PID:5468
- C:\Windows\System\PKmHxse.exe
  C:\Windows\System\PKmHxse.exe
  2⤵
  PID:6200
- C:\Windows\System\jtZVgDB.exe
  C:\Windows\System\jtZVgDB.exe
  2⤵
  PID:6252
- C:\Windows\System\LXBqxtY.exe
  C:\Windows\System\LXBqxtY.exe
  2⤵
  PID:6276
- C:\Windows\System\pUMzdot.exe
  C:\Windows\System\pUMzdot.exe
  2⤵
  PID:6260
- C:\Windows\System\cBircuP.exe
  C:\Windows\System\cBircuP.exe
  2⤵
  PID:6364
- C:\Windows\System\vnukwOV.exe
  C:\Windows\System\vnukwOV.exe
  2⤵
  PID:6460
- C:\Windows\System\ZbRxNZa.exe
  C:\Windows\System\ZbRxNZa.exe
  2⤵
  PID:6432
- C:\Windows\System\oogZCMm.exe
  C:\Windows\System\oogZCMm.exe
  2⤵
  PID:6560
- C:\Windows\System\haGnOum.exe
  C:\Windows\System\haGnOum.exe
  2⤵
  PID:6584
- C:\Windows\System\BVmdwnP.exe
  C:\Windows\System\BVmdwnP.exe
  2⤵
  PID:6724
- C:\Windows\System\MUdEGJe.exe
  C:\Windows\System\MUdEGJe.exe
  2⤵
  PID:6684
- C:\Windows\System\diDfQSU.exe
  C:\Windows\System\diDfQSU.exe
  2⤵
  PID:6768
- C:\Windows\System\oynzKPP.exe
  C:\Windows\System\oynzKPP.exe
  2⤵
  PID:6848
- C:\Windows\System\jKGPPld.exe
  C:\Windows\System\jKGPPld.exe
  2⤵
  PID:6928
- C:\Windows\System\RKDPtQx.exe
  C:\Windows\System\RKDPtQx.exe
  2⤵
  PID:6976
- C:\Windows\System\qaDAAbr.exe
  C:\Windows\System\qaDAAbr.exe
  2⤵
  PID:6120
- C:\Windows\System\KXagYhq.exe
  C:\Windows\System\KXagYhq.exe
  2⤵
  PID:5688
- C:\Windows\System\waTmexG.exe
  C:\Windows\System\waTmexG.exe
  2⤵
  PID:5696
- C:\Windows\System\BVlObYv.exe
  C:\Windows\System\BVlObYv.exe
  2⤵
  PID:6056
- C:\Windows\System\laUbHcN.exe
  C:\Windows\System\laUbHcN.exe
  2⤵
  PID:6240
- C:\Windows\System\EfoCfUO.exe
  C:\Windows\System\EfoCfUO.exe
  2⤵
  PID:6500
- C:\Windows\System\qhhdBcs.exe
  C:\Windows\System\qhhdBcs.exe
  2⤵
  PID:6376
- C:\Windows\System\SBjRxNA.exe
  C:\Windows\System\SBjRxNA.exe
  2⤵
  PID:6672
- C:\Windows\System\fjBSeEk.exe
  C:\Windows\System\fjBSeEk.exe
  2⤵
  PID:6648
- C:\Windows\System\BBWYaNc.exe
  C:\Windows\System\BBWYaNc.exe
  2⤵
  PID:6728
- C:\Windows\System\VvADLBL.exe
  C:\Windows\System\VvADLBL.exe
  2⤵
  PID:6888
- C:\Windows\System\qPXphxz.exe
  C:\Windows\System\qPXphxz.exe
  2⤵
  PID:7012
- C:\Windows\System\DzSAUvw.exe
  C:\Windows\System\DzSAUvw.exe
  2⤵
  PID:6828
- C:\Windows\System\lzzFMkB.exe
  C:\Windows\System\lzzFMkB.exe
  2⤵
  PID:2664
- C:\Windows\System\wXAYHsc.exe
  C:\Windows\System\wXAYHsc.exe
  2⤵
  PID:2676
- C:\Windows\System\GRSqVUU.exe
  C:\Windows\System\GRSqVUU.exe
  2⤵
  PID:7052
- C:\Windows\System\mLgZhgX.exe
  C:\Windows\System\mLgZhgX.exe
  2⤵
  PID:6192
- C:\Windows\System\CHFLkzB.exe
  C:\Windows\System\CHFLkzB.exe
  2⤵
  PID:6448
- C:\Windows\System\gZuDupb.exe
  C:\Windows\System\gZuDupb.exe
  2⤵
  PID:6324
- C:\Windows\System\tmgrUtv.exe
  C:\Windows\System\tmgrUtv.exe
  2⤵
  PID:6644
- C:\Windows\System\UwSJVHr.exe
  C:\Windows\System\UwSJVHr.exe
  2⤵
  PID:7188
- C:\Windows\System\hlEOZMj.exe
  C:\Windows\System\hlEOZMj.exe
  2⤵
  PID:7212
- C:\Windows\System\SgPGiUj.exe
  C:\Windows\System\SgPGiUj.exe
  2⤵
  PID:7236
- C:\Windows\System\YreJwtv.exe
  C:\Windows\System\YreJwtv.exe
  2⤵
  PID:7256
- C:\Windows\System\JpUtfOj.exe
  C:\Windows\System\JpUtfOj.exe
  2⤵
  PID:7276
- C:\Windows\System\JItrgWe.exe
  C:\Windows\System\JItrgWe.exe
  2⤵
  PID:7292
- C:\Windows\System\uYVrsCF.exe
  C:\Windows\System\uYVrsCF.exe
  2⤵
  PID:7316
- C:\Windows\System\XpkhkqN.exe
  C:\Windows\System\XpkhkqN.exe
  2⤵
  PID:7340
- C:\Windows\System\OmNPeda.exe
  C:\Windows\System\OmNPeda.exe
  2⤵
  PID:7360
- C:\Windows\System\DhbMTcS.exe
  C:\Windows\System\DhbMTcS.exe
  2⤵
  PID:7380
- C:\Windows\System\aaMpVzM.exe
  C:\Windows\System\aaMpVzM.exe
  2⤵
  PID:7396
- C:\Windows\System\uNjACRg.exe
  C:\Windows\System\uNjACRg.exe
  2⤵
  PID:7420
- C:\Windows\System\OBlExlu.exe
  C:\Windows\System\OBlExlu.exe
  2⤵
  PID:7440
- C:\Windows\System\IAzbKxg.exe
  C:\Windows\System\IAzbKxg.exe
  2⤵
  PID:7460
- C:\Windows\System\HFVJprp.exe
  C:\Windows\System\HFVJprp.exe
  2⤵
  PID:7480
- C:\Windows\System\PlQCvQh.exe
  C:\Windows\System\PlQCvQh.exe
  2⤵
  PID:7500
- C:\Windows\System\StWEPep.exe
  C:\Windows\System\StWEPep.exe
  2⤵
  PID:7516
- C:\Windows\System\XKWdjVp.exe
  C:\Windows\System\XKWdjVp.exe
  2⤵
  PID:7532
- C:\Windows\System\IYBTxTG.exe
  C:\Windows\System\IYBTxTG.exe
  2⤵
  PID:7548
- C:\Windows\System\EJVWkhe.exe
  C:\Windows\System\EJVWkhe.exe
  2⤵
  PID:7564
- C:\Windows\System\qINgNmX.exe
  C:\Windows\System\qINgNmX.exe
  2⤵
  PID:7596
- C:\Windows\System\zBXKcTF.exe
  C:\Windows\System\zBXKcTF.exe
  2⤵
  PID:7620
- C:\Windows\System\TyycQlI.exe
  C:\Windows\System\TyycQlI.exe
  2⤵
  PID:7640
- C:\Windows\System\bcxJneL.exe
  C:\Windows\System\bcxJneL.exe
  2⤵
  PID:7660
- C:\Windows\System\IVYJoFZ.exe
  C:\Windows\System\IVYJoFZ.exe
  2⤵
  PID:7680
- C:\Windows\System\HrAZxYY.exe
  C:\Windows\System\HrAZxYY.exe
  2⤵
  PID:7700
- C:\Windows\System\fIiueyD.exe
  C:\Windows\System\fIiueyD.exe
  2⤵
  PID:7724
- C:\Windows\System\SDUHrAr.exe
  C:\Windows\System\SDUHrAr.exe
  2⤵
  PID:7744
- C:\Windows\System\PHcdYYE.exe
  C:\Windows\System\PHcdYYE.exe
  2⤵
  PID:7764
- C:\Windows\System\KPllBqM.exe
  C:\Windows\System\KPllBqM.exe
  2⤵
  PID:7784
- C:\Windows\System\vBhESIj.exe
  C:\Windows\System\vBhESIj.exe
  2⤵
  PID:7800
- C:\Windows\System\gjhzCep.exe
  C:\Windows\System\gjhzCep.exe
  2⤵
  PID:7824
- C:\Windows\System\LdeoJHJ.exe
  C:\Windows\System\LdeoJHJ.exe
  2⤵
  PID:7844
- C:\Windows\System\oapYoOb.exe
  C:\Windows\System\oapYoOb.exe
  2⤵
  PID:7864
- C:\Windows\System\NhcWXyJ.exe
  C:\Windows\System\NhcWXyJ.exe
  2⤵
  PID:7880
- C:\Windows\System\REORkmu.exe
  C:\Windows\System\REORkmu.exe
  2⤵
  PID:7896
- C:\Windows\System\bVaHvUg.exe
  C:\Windows\System\bVaHvUg.exe
  2⤵
  PID:7916
- C:\Windows\System\soTRUZP.exe
  C:\Windows\System\soTRUZP.exe
  2⤵
  PID:7936
- C:\Windows\System\uAACZfG.exe
  C:\Windows\System\uAACZfG.exe
  2⤵
  PID:7952
- C:\Windows\System\LTOKPNQ.exe
  C:\Windows\System\LTOKPNQ.exe
  2⤵
  PID:7984
- C:\Windows\System\HifFGkK.exe
  C:\Windows\System\HifFGkK.exe
  2⤵
  PID:8004
- C:\Windows\System\TXlLXuC.exe
  C:\Windows\System\TXlLXuC.exe
  2⤵
  PID:8024
- C:\Windows\System\ywvvJmo.exe
  C:\Windows\System\ywvvJmo.exe
  2⤵
  PID:8048
- C:\Windows\System\qeMCdct.exe
  C:\Windows\System\qeMCdct.exe
  2⤵
  PID:8068
- C:\Windows\System\jSouQmN.exe
  C:\Windows\System\jSouQmN.exe
  2⤵
  PID:8088
- C:\Windows\System\oPvwJaT.exe
  C:\Windows\System\oPvwJaT.exe
  2⤵
  PID:8108
- C:\Windows\System\bPfhWUe.exe
  C:\Windows\System\bPfhWUe.exe
  2⤵
  PID:8128
- C:\Windows\System\kfbQZPx.exe
  C:\Windows\System\kfbQZPx.exe
  2⤵
  PID:8148
- C:\Windows\System\fHysFDz.exe
  C:\Windows\System\fHysFDz.exe
  2⤵
  PID:8168
- C:\Windows\System\WTUxnUS.exe
  C:\Windows\System\WTUxnUS.exe
  2⤵
  PID:8188
- C:\Windows\System\EVILgpc.exe
  C:\Windows\System\EVILgpc.exe
  2⤵
  PID:1348
- C:\Windows\System\WgXmOQD.exe
  C:\Windows\System\WgXmOQD.exe
  2⤵
  PID:6568
- C:\Windows\System\zChSual.exe
  C:\Windows\System\zChSual.exe
  2⤵
  PID:2164
- C:\Windows\System\rBmHhju.exe
  C:\Windows\System\rBmHhju.exe
  2⤵
  PID:6792
- C:\Windows\System\rBbeWkl.exe
  C:\Windows\System\rBbeWkl.exe
  2⤵
  PID:7072
- C:\Windows\System\oJXpMZO.exe
  C:\Windows\System\oJXpMZO.exe
  2⤵
  PID:6360
- C:\Windows\System\MuBsLlP.exe
  C:\Windows\System\MuBsLlP.exe
  2⤵
  PID:6236
- C:\Windows\System\ERZKIqK.exe
  C:\Windows\System\ERZKIqK.exe
  2⤵
  PID:7200
- C:\Windows\System\xwzVSXE.exe
  C:\Windows\System\xwzVSXE.exe
  2⤵
  PID:7244
- C:\Windows\System\wDYeZrr.exe
  C:\Windows\System\wDYeZrr.exe
  2⤵
  PID:7324
- C:\Windows\System\XwYQDNb.exe
  C:\Windows\System\XwYQDNb.exe
  2⤵
  PID:7232
- C:\Windows\System\OrwbxZu.exe
  C:\Windows\System\OrwbxZu.exe
  2⤵
  PID:7312
- C:\Windows\System\AKwYiAI.exe
  C:\Windows\System\AKwYiAI.exe
  2⤵
  PID:7352
- C:\Windows\System\UUHkoYb.exe
  C:\Windows\System\UUHkoYb.exe
  2⤵
  PID:7416
- C:\Windows\System\ELLHYxb.exe
  C:\Windows\System\ELLHYxb.exe
  2⤵
  PID:7452
- C:\Windows\System\ajQyQNp.exe
  C:\Windows\System\ajQyQNp.exe
  2⤵
  PID:7488
- C:\Windows\System\oiBunBB.exe
  C:\Windows\System\oiBunBB.exe
  2⤵
  PID:7524
- C:\Windows\System\dhsNxAC.exe
  C:\Windows\System\dhsNxAC.exe
  2⤵
  PID:7560
- C:\Windows\System\fYKAImR.exe
  C:\Windows\System\fYKAImR.exe
  2⤵
  PID:7604
- C:\Windows\System\XQIVZAu.exe
  C:\Windows\System\XQIVZAu.exe
  2⤵
  PID:7584
- C:\Windows\System\CujKRWB.exe
  C:\Windows\System\CujKRWB.exe
  2⤵
  PID:7656
- C:\Windows\System\qEuBXvP.exe
  C:\Windows\System\qEuBXvP.exe
  2⤵
  PID:7572
- C:\Windows\System\oSibIgU.exe
  C:\Windows\System\oSibIgU.exe
  2⤵
  PID:7676
- C:\Windows\System\JgZkfvR.exe
  C:\Windows\System\JgZkfvR.exe
  2⤵
  PID:7716
- C:\Windows\System\bDMdiyj.exe
  C:\Windows\System\bDMdiyj.exe
  2⤵
  PID:7780
- C:\Windows\System\asgwjtc.exe
  C:\Windows\System\asgwjtc.exe
  2⤵
  PID:7812
- C:\Windows\System\UlzRSbb.exe
  C:\Windows\System\UlzRSbb.exe
  2⤵
  PID:7760
- C:\Windows\System\fTNudye.exe
  C:\Windows\System\fTNudye.exe
  2⤵
  PID:7860
- C:\Windows\System\zkavnDQ.exe
  C:\Windows\System\zkavnDQ.exe
  2⤵
  PID:7840
- C:\Windows\System\EcBUUOq.exe
  C:\Windows\System\EcBUUOq.exe
  2⤵
  PID:7908
- C:\Windows\System\mgeVZQn.exe
  C:\Windows\System\mgeVZQn.exe
  2⤵
  PID:7960
- C:\Windows\System\NUsImCL.exe
  C:\Windows\System\NUsImCL.exe
  2⤵
  PID:7972
- C:\Windows\System\GDBnhyP.exe
  C:\Windows\System\GDBnhyP.exe
  2⤵
  PID:8000
- C:\Windows\System\BAXXXSH.exe
  C:\Windows\System\BAXXXSH.exe
  2⤵
  PID:8064
- C:\Windows\System\YmMphRF.exe
  C:\Windows\System\YmMphRF.exe
  2⤵
  PID:8104
- C:\Windows\System\zThhJQS.exe
  C:\Windows\System\zThhJQS.exe
  2⤵
  PID:8076
- C:\Windows\System\MnMscYq.exe
  C:\Windows\System\MnMscYq.exe
  2⤵
  PID:8120
- C:\Windows\System\tKuArTc.exe
  C:\Windows\System\tKuArTc.exe
  2⤵
  PID:6300
- C:\Windows\System\eUwIcjS.exe
  C:\Windows\System\eUwIcjS.exe
  2⤵
  PID:2608
- C:\Windows\System\RJOgFqq.exe
  C:\Windows\System\RJOgFqq.exe
  2⤵
  PID:7108
- C:\Windows\System\mGkrDwn.exe
  C:\Windows\System\mGkrDwn.exe
  2⤵
  PID:6844
- C:\Windows\System\ijuEWmf.exe
  C:\Windows\System\ijuEWmf.exe
  2⤵
  PID:7092
- C:\Windows\System\RNumrvD.exe
  C:\Windows\System\RNumrvD.exe
  2⤵
  PID:6988
- C:\Windows\System\lDYQnNG.exe
  C:\Windows\System\lDYQnNG.exe
  2⤵
  PID:7248
- C:\Windows\System\YjxEMpG.exe
  C:\Windows\System\YjxEMpG.exe
  2⤵
  PID:7264
- C:\Windows\System\ESfguAJ.exe
  C:\Windows\System\ESfguAJ.exe
  2⤵
  PID:7220
- C:\Windows\System\NadqzMg.exe
  C:\Windows\System\NadqzMg.exe
  2⤵
  PID:7180
- C:\Windows\System\SlHYxZk.exe
  C:\Windows\System\SlHYxZk.exe
  2⤵
  PID:7428
- C:\Windows\System\ajyUBAw.exe
  C:\Windows\System\ajyUBAw.exe
  2⤵
  PID:7356
- C:\Windows\System\fLtkjzv.exe
  C:\Windows\System\fLtkjzv.exe
  2⤵
  PID:2544
- C:\Windows\System\VzggInq.exe
  C:\Windows\System\VzggInq.exe
  2⤵
  PID:2084
- C:\Windows\System\sCZzUqb.exe
  C:\Windows\System\sCZzUqb.exe
  2⤵
  PID:7616
- C:\Windows\System\ZhxGerW.exe
  C:\Windows\System\ZhxGerW.exe
  2⤵
  PID:7468
- C:\Windows\System\rjcVbsM.exe
  C:\Windows\System\rjcVbsM.exe
  2⤵
  PID:7580
- C:\Windows\System\pKMsREO.exe
  C:\Windows\System\pKMsREO.exe
  2⤵
  PID:1616
- C:\Windows\System\ktudMgJ.exe
  C:\Windows\System\ktudMgJ.exe
  2⤵
  PID:2808
- C:\Windows\System\QihrKUa.exe
  C:\Windows\System\QihrKUa.exe
  2⤵
  PID:7808
- C:\Windows\System\xDAvCAC.exe
  C:\Windows\System\xDAvCAC.exe
  2⤵
  PID:7740
- C:\Windows\System\ajDigux.exe
  C:\Windows\System\ajDigux.exe
  2⤵
  PID:2896
- C:\Windows\System\veGhtdC.exe
  C:\Windows\System\veGhtdC.exe
  2⤵
  PID:7696
- C:\Windows\System\UXKDqSQ.exe
  C:\Windows\System\UXKDqSQ.exe
  2⤵
  PID:1704
- C:\Windows\System\iEbHtIS.exe
  C:\Windows\System\iEbHtIS.exe
  2⤵
  PID:7876
- C:\Windows\System\VrJNawR.exe
  C:\Windows\System\VrJNawR.exe
  2⤵
  PID:7872
- C:\Windows\System\dCUckYn.exe
  C:\Windows\System\dCUckYn.exe
  2⤵
  PID:8032
- C:\Windows\System\TjEhlBj.exe
  C:\Windows\System\TjEhlBj.exe
  2⤵
  PID:8136
- C:\Windows\System\EAPZbbq.exe
  C:\Windows\System\EAPZbbq.exe
  2⤵
  PID:8156
- C:\Windows\System\NLvhypz.exe
  C:\Windows\System\NLvhypz.exe
  2⤵
  PID:6784
- C:\Windows\System\sBafCrv.exe
  C:\Windows\System\sBafCrv.exe
  2⤵
  PID:8124
- C:\Windows\System\eEogyPo.exe
  C:\Windows\System\eEogyPo.exe
  2⤵
  PID:2324
- C:\Windows\System\nvNuFKM.exe
  C:\Windows\System\nvNuFKM.exe
  2⤵
  PID:6868
- C:\Windows\System\NEmdocl.exe
  C:\Windows\System\NEmdocl.exe
  2⤵
  PID:6972
- C:\Windows\System\KCTiIUZ.exe
  C:\Windows\System\KCTiIUZ.exe
  2⤵
  PID:6156
- C:\Windows\System\KYveHsf.exe
  C:\Windows\System\KYveHsf.exe
  2⤵
  PID:7008
- C:\Windows\System\nfVAwiH.exe
  C:\Windows\System\nfVAwiH.exe
  2⤵
  PID:7404
- C:\Windows\System\FbDJhOd.exe
  C:\Windows\System\FbDJhOd.exe
  2⤵
  PID:7448
- C:\Windows\System\lzYxApZ.exe
  C:\Windows\System\lzYxApZ.exe
  2⤵
  PID:1812
- C:\Windows\System\DFEoieG.exe
  C:\Windows\System\DFEoieG.exe
  2⤵
  PID:7692
- C:\Windows\System\qxrBTZf.exe
  C:\Windows\System\qxrBTZf.exe
  2⤵
  PID:7540
- C:\Windows\System\sGUuJkd.exe
  C:\Windows\System\sGUuJkd.exe
  2⤵
  PID:2708
- C:\Windows\System\JzkpPrJ.exe
  C:\Windows\System\JzkpPrJ.exe
  2⤵
  PID:7892
- C:\Windows\System\FwMSVge.exe
  C:\Windows\System\FwMSVge.exe
  2⤵
  PID:1984
- C:\Windows\System\sUVfSOO.exe
  C:\Windows\System\sUVfSOO.exe
  2⤵
  PID:2096
- C:\Windows\System\kVEvZZY.exe
  C:\Windows\System\kVEvZZY.exe
  2⤵
  PID:2392
- C:\Windows\System\BTNkgcG.exe
  C:\Windows\System\BTNkgcG.exe
  2⤵
  PID:7632
- C:\Windows\System\ImHrdOG.exe
  C:\Windows\System\ImHrdOG.exe
  2⤵
  PID:2844
- C:\Windows\System\BPluYma.exe
  C:\Windows\System\BPluYma.exe
  2⤵
  PID:7888
- C:\Windows\System\KKXVxRj.exe
  C:\Windows\System\KKXVxRj.exe
  2⤵
  PID:7068
- C:\Windows\System\NpdAoWx.exe
  C:\Windows\System\NpdAoWx.exe
  2⤵
  PID:8016
- C:\Windows\System\bnohxvo.exe
  C:\Windows\System\bnohxvo.exe
  2⤵
  PID:1612
- C:\Windows\System\bQcuvIW.exe
  C:\Windows\System\bQcuvIW.exe
  2⤵
  PID:952
- C:\Windows\System\IMAFAXh.exe
  C:\Windows\System\IMAFAXh.exe
  2⤵
  PID:7576
- C:\Windows\System\ZOxKpKH.exe
  C:\Windows\System\ZOxKpKH.exe
  2⤵
  PID:6504
- C:\Windows\System\yErUJsw.exe
  C:\Windows\System\yErUJsw.exe
  2⤵
  PID:7368
- C:\Windows\System\UjYPsOP.exe
  C:\Windows\System\UjYPsOP.exe
  2⤵
  PID:7228
- C:\Windows\System\eegDYYg.exe
  C:\Windows\System\eegDYYg.exe
  2⤵
  PID:7472
- C:\Windows\System\SPthNUb.exe
  C:\Windows\System\SPthNUb.exe
  2⤵
  PID:5628
- C:\Windows\System\hGRUjKQ.exe
  C:\Windows\System\hGRUjKQ.exe
  2⤵
  PID:7648
- C:\Windows\System\YdsiaaN.exe
  C:\Windows\System\YdsiaaN.exe
  2⤵
  PID:7592
- C:\Windows\System\BRuFZDz.exe
  C:\Windows\System\BRuFZDz.exe
  2⤵
  PID:7912
- C:\Windows\System\boQFhST.exe
  C:\Windows\System\boQFhST.exe
  2⤵
  PID:7980
- C:\Windows\System\rBWLwby.exe
  C:\Windows\System\rBWLwby.exe
  2⤵
  PID:3024
- C:\Windows\System\UAwnKSM.exe
  C:\Windows\System\UAwnKSM.exe
  2⤵
  PID:7736
- C:\Windows\System\LzNwKQC.exe
  C:\Windows\System\LzNwKQC.exe
  2⤵
  PID:740
- C:\Windows\System\OQsFpsq.exe
  C:\Windows\System\OQsFpsq.exe
  2⤵
  PID:6180
- C:\Windows\System\JUfkzvh.exe
  C:\Windows\System\JUfkzvh.exe
  2⤵
  PID:8180
- C:\Windows\System\RGSYKJU.exe
  C:\Windows\System\RGSYKJU.exe
  2⤵
  PID:7304
- C:\Windows\System\oBfmLKj.exe
  C:\Windows\System\oBfmLKj.exe
  2⤵
  PID:8116
- C:\Windows\System\kjBQXqX.exe
  C:\Windows\System\kjBQXqX.exe
  2⤵
  PID:6948
- C:\Windows\System\sqngiNK.exe
  C:\Windows\System\sqngiNK.exe
  2⤵
  PID:2404
- C:\Windows\System\dhlqQgN.exe
  C:\Windows\System\dhlqQgN.exe
  2⤵
  PID:7208
- C:\Windows\System\bqtxzOK.exe
  C:\Windows\System\bqtxzOK.exe
  2⤵
  PID:6652
- C:\Windows\System\LygmtFa.exe
  C:\Windows\System\LygmtFa.exe
  2⤵
  PID:2104
- C:\Windows\System\sZevsnH.exe
  C:\Windows\System\sZevsnH.exe
  2⤵
  PID:7148
- C:\Windows\System\YDcCCfV.exe
  C:\Windows\System\YDcCCfV.exe
  2⤵
  PID:7928
- C:\Windows\System\EvtAViW.exe
  C:\Windows\System\EvtAViW.exe
  2⤵
  PID:2132
- C:\Windows\System\YLZqKhS.exe
  C:\Windows\System\YLZqKhS.exe
  2⤵
  PID:7332
- C:\Windows\System\aEBdXfv.exe
  C:\Windows\System\aEBdXfv.exe
  2⤵
  PID:2712
- C:\Windows\System\yJXspwc.exe
  C:\Windows\System\yJXspwc.exe
  2⤵
  PID:7048
- C:\Windows\System\XVzEHuC.exe
  C:\Windows\System\XVzEHuC.exe
  2⤵
  PID:2636
- C:\Windows\System\cFOGdPW.exe
  C:\Windows\System\cFOGdPW.exe
  2⤵
  PID:8140
- C:\Windows\System\nctskcX.exe
  C:\Windows\System\nctskcX.exe
  2⤵
  PID:1912
- C:\Windows\System\imzenXM.exe
  C:\Windows\System\imzenXM.exe
  2⤵
  PID:1644
- C:\Windows\System\bXelYcp.exe
  C:\Windows\System\bXelYcp.exe
  2⤵
  PID:7944
- C:\Windows\System\psGHHRd.exe
  C:\Windows\System\psGHHRd.exe
  2⤵
  PID:8208
- C:\Windows\System\jrQLecH.exe
  C:\Windows\System\jrQLecH.exe
  2⤵
  PID:8224
- C:\Windows\System\tBAqMvm.exe
  C:\Windows\System\tBAqMvm.exe
  2⤵
  PID:8244
- C:\Windows\System\jbCvwji.exe
  C:\Windows\System\jbCvwji.exe
  2⤵
  PID:8284
- C:\Windows\System\LOjlpvO.exe
  C:\Windows\System\LOjlpvO.exe
  2⤵
  PID:8300
- C:\Windows\System\FeRMxpp.exe
  C:\Windows\System\FeRMxpp.exe
  2⤵
  PID:8316
- C:\Windows\System\chdXApr.exe
  C:\Windows\System\chdXApr.exe
  2⤵
  PID:8332
- C:\Windows\System\xRdOiDm.exe
  C:\Windows\System\xRdOiDm.exe
  2⤵
  PID:8348
- C:\Windows\System\DAgDssO.exe
  C:\Windows\System\DAgDssO.exe
  2⤵
  PID:8364
- C:\Windows\System\YlNcCKF.exe
  C:\Windows\System\YlNcCKF.exe
  2⤵
  PID:8380
- C:\Windows\System\FVPLVyy.exe
  C:\Windows\System\FVPLVyy.exe
  2⤵
  PID:8396
- C:\Windows\System\TvDbEZT.exe
  C:\Windows\System\TvDbEZT.exe
  2⤵
  PID:8412
- C:\Windows\System\GgkkUdl.exe
  C:\Windows\System\GgkkUdl.exe
  2⤵
  PID:8428
- C:\Windows\System\DntMhOl.exe
  C:\Windows\System\DntMhOl.exe
  2⤵
  PID:8444
- C:\Windows\System\MQVOQEF.exe
  C:\Windows\System\MQVOQEF.exe
  2⤵
  PID:8460
- C:\Windows\System\mEBIjKQ.exe
  C:\Windows\System\mEBIjKQ.exe
  2⤵
  PID:8476
- C:\Windows\System\YqlPJzo.exe
  C:\Windows\System\YqlPJzo.exe
  2⤵
  PID:8492
- C:\Windows\System\otcLnYF.exe
  C:\Windows\System\otcLnYF.exe
  2⤵
  PID:8508
- C:\Windows\System\lukDIEW.exe
  C:\Windows\System\lukDIEW.exe
  2⤵
  PID:8524
- C:\Windows\System\kUaNART.exe
  C:\Windows\System\kUaNART.exe
  2⤵
  PID:8540
- C:\Windows\System\WpufVEZ.exe
  C:\Windows\System\WpufVEZ.exe
  2⤵
  PID:8556
- C:\Windows\System\PdZfuca.exe
  C:\Windows\System\PdZfuca.exe
  2⤵
  PID:8576
- C:\Windows\System\uSKszVO.exe
  C:\Windows\System\uSKszVO.exe
  2⤵
  PID:8592
- C:\Windows\System\mIEYmXk.exe
  C:\Windows\System\mIEYmXk.exe
  2⤵
  PID:8612
- C:\Windows\System\XybPtCh.exe
  C:\Windows\System\XybPtCh.exe
  2⤵
  PID:8628
- C:\Windows\System\UwXHSWj.exe
  C:\Windows\System\UwXHSWj.exe
  2⤵
  PID:8644
- C:\Windows\System\htNzyDX.exe
  C:\Windows\System\htNzyDX.exe
  2⤵
  PID:8660
- C:\Windows\System\gpWDHjY.exe
  C:\Windows\System\gpWDHjY.exe
  2⤵
  PID:8676
- C:\Windows\System\jgFmqca.exe
  C:\Windows\System\jgFmqca.exe
  2⤵
  PID:8692
- C:\Windows\System\UeeSemB.exe
  C:\Windows\System\UeeSemB.exe
  2⤵
  PID:8712
- C:\Windows\System\jVCPwTE.exe
  C:\Windows\System\jVCPwTE.exe
  2⤵
  PID:8728
- C:\Windows\System\KUgTSAg.exe
  C:\Windows\System\KUgTSAg.exe
  2⤵
  PID:8744
- C:\Windows\System\rAZGcnM.exe
  C:\Windows\System\rAZGcnM.exe
  2⤵
  PID:8760
- C:\Windows\System\ydfTLDp.exe
  C:\Windows\System\ydfTLDp.exe
  2⤵
  PID:8776
- C:\Windows\System\xGjKFjT.exe
  C:\Windows\System\xGjKFjT.exe
  2⤵
  PID:8792
- C:\Windows\System\awXJChR.exe
  C:\Windows\System\awXJChR.exe
  2⤵
  PID:8808
- C:\Windows\System\pQSBgBQ.exe
  C:\Windows\System\pQSBgBQ.exe
  2⤵
  PID:8824
- C:\Windows\System\ooTVTzU.exe
  C:\Windows\System\ooTVTzU.exe
  2⤵
  PID:8840
- C:\Windows\System\BEETFKI.exe
  C:\Windows\System\BEETFKI.exe
  2⤵
  PID:8856
- C:\Windows\System\piwACAW.exe
  C:\Windows\System\piwACAW.exe
  2⤵
  PID:8872
- C:\Windows\System\zddabuW.exe
  C:\Windows\System\zddabuW.exe
  2⤵
  PID:8888
- C:\Windows\System\DBOYMhb.exe
  C:\Windows\System\DBOYMhb.exe
  2⤵
  PID:8904
- C:\Windows\System\vNLTuKH.exe
  C:\Windows\System\vNLTuKH.exe
  2⤵
  PID:8920
- C:\Windows\System\wBDgGao.exe
  C:\Windows\System\wBDgGao.exe
  2⤵
  PID:8936
- C:\Windows\System\ploYlNK.exe
  C:\Windows\System\ploYlNK.exe
  2⤵
  PID:8952
- C:\Windows\System\gxHWdUi.exe
  C:\Windows\System\gxHWdUi.exe
  2⤵
  PID:8968
- C:\Windows\System\dCKqiPK.exe
  C:\Windows\System\dCKqiPK.exe
  2⤵
  PID:8988
- C:\Windows\System\qPjdPkt.exe
  C:\Windows\System\qPjdPkt.exe
  2⤵
  PID:9004
- C:\Windows\System\IeaJWIT.exe
  C:\Windows\System\IeaJWIT.exe
  2⤵
  PID:9020
- C:\Windows\System\WXAWgwg.exe
  C:\Windows\System\WXAWgwg.exe
  2⤵
  PID:9036
- C:\Windows\System\iYhxgiA.exe
  C:\Windows\System\iYhxgiA.exe
  2⤵
  PID:9052
- C:\Windows\System\yuSBFWP.exe
  C:\Windows\System\yuSBFWP.exe
  2⤵
  PID:9076
- C:\Windows\System\ZxQTmzZ.exe
  C:\Windows\System\ZxQTmzZ.exe
  2⤵
  PID:9096
- C:\Windows\System\eeTjmgQ.exe
  C:\Windows\System\eeTjmgQ.exe
  2⤵
  PID:9112
- C:\Windows\System\yxiWVzV.exe
  C:\Windows\System\yxiWVzV.exe
  2⤵
  PID:9132
- C:\Windows\System\CAZObNO.exe
  C:\Windows\System\CAZObNO.exe
  2⤵
  PID:9148
- C:\Windows\System\VwtyuqR.exe
  C:\Windows\System\VwtyuqR.exe
  2⤵
  PID:9168
- C:\Windows\System\eJUmUOy.exe
  C:\Windows\System\eJUmUOy.exe
  2⤵
  PID:9184
- C:\Windows\System\ugwEdVe.exe
  C:\Windows\System\ugwEdVe.exe
  2⤵
  PID:9200
- C:\Windows\System\CUOAHtM.exe
  C:\Windows\System\CUOAHtM.exe
  2⤵
  PID:1628
- C:\Windows\System\lKSpCBX.exe
  C:\Windows\System\lKSpCBX.exe
  2⤵
  PID:7712
- C:\Windows\System\ytRFopT.exe
  C:\Windows\System\ytRFopT.exe
  2⤵
  PID:8220
- C:\Windows\System\NqOAcyr.exe
  C:\Windows\System\NqOAcyr.exe
  2⤵
  PID:8196
- C:\Windows\System\ukjacnD.exe
  C:\Windows\System\ukjacnD.exe
  2⤵
  PID:8236
- C:\Windows\System\DiPemrD.exe
  C:\Windows\System\DiPemrD.exe
  2⤵
  PID:8260
- C:\Windows\System\lSGqjSa.exe
  C:\Windows\System\lSGqjSa.exe
  2⤵
  PID:8268
- C:\Windows\System\MmixMHV.exe
  C:\Windows\System\MmixMHV.exe
  2⤵
  PID:8372
- C:\Windows\System\VjvFxfl.exe
  C:\Windows\System\VjvFxfl.exe
  2⤵
  PID:8356
- C:\Windows\System\TIBkCNx.exe
  C:\Windows\System\TIBkCNx.exe
  2⤵
  PID:8360
- C:\Windows\System\QoDgWMj.exe
  C:\Windows\System\QoDgWMj.exe
  2⤵
  PID:8440
- C:\Windows\System\edzUNnY.exe
  C:\Windows\System\edzUNnY.exe
  2⤵
  PID:8420
- C:\Windows\System\jNemLQy.exe
  C:\Windows\System\jNemLQy.exe
  2⤵
  PID:8504
- C:\Windows\System\pvTYpbR.exe
  C:\Windows\System\pvTYpbR.exe
  2⤵
  PID:8572
- C:\Windows\System\kQBTOIC.exe
  C:\Windows\System\kQBTOIC.exe
  2⤵
  PID:8620
- C:\Windows\System\syfZeDe.exe
  C:\Windows\System\syfZeDe.exe
  2⤵
  PID:8484
- C:\Windows\System\EVaytsv.exe
  C:\Windows\System\EVaytsv.exe
  2⤵
  PID:8552
- C:\Windows\System\XIEJYmN.exe
  C:\Windows\System\XIEJYmN.exe
  2⤵
  PID:8704
- C:\Windows\System\wrczKWq.exe
  C:\Windows\System\wrczKWq.exe
  2⤵
  PID:8800
- C:\Windows\System\kfQekdD.exe
  C:\Windows\System\kfQekdD.exe
  2⤵
  PID:8656
- C:\Windows\System\IaDWhDb.exe
  C:\Windows\System\IaDWhDb.exe
  2⤵
  PID:8864
- C:\Windows\System\IRgygeN.exe
  C:\Windows\System\IRgygeN.exe
  2⤵
  PID:8724
- C:\Windows\System\LDPZLhZ.exe
  C:\Windows\System\LDPZLhZ.exe
  2⤵
  PID:8964
- C:\Windows\System\MufSPtV.exe
  C:\Windows\System\MufSPtV.exe
  2⤵
  PID:8848
- C:\Windows\System\IRCpmMP.exe
  C:\Windows\System\IRCpmMP.exe
  2⤵
  PID:8852
- C:\Windows\System\yYwrYUH.exe
  C:\Windows\System\yYwrYUH.exe
  2⤵
  PID:8916
- C:\Windows\System\luSFhZl.exe
  C:\Windows\System\luSFhZl.exe
  2⤵
  PID:8948
- C:\Windows\System\VUhjsOU.exe
  C:\Windows\System\VUhjsOU.exe
  2⤵
  PID:8984
- C:\Windows\System\HEwwnmx.exe
  C:\Windows\System\HEwwnmx.exe
  2⤵
  PID:9048
- C:\Windows\System\VRnTxVW.exe
  C:\Windows\System\VRnTxVW.exe
  2⤵
  PID:9108
- C:\Windows\System\zTlRLFK.exe
  C:\Windows\System\zTlRLFK.exe
  2⤵
  PID:9120
- C:\Windows\System\toyNTqX.exe
  C:\Windows\System\toyNTqX.exe
  2⤵
  PID:9180
- C:\Windows\System\roahgfs.exe
  C:\Windows\System\roahgfs.exe
  2⤵
  PID:8608
- C:\Windows\System\QwcXjGw.exe
  C:\Windows\System\QwcXjGw.exe
  2⤵
  PID:9160
- C:\Windows\System\GZJsmWR.exe
  C:\Windows\System\GZJsmWR.exe
  2⤵
  PID:2524
- C:\Windows\System\tUkWpKA.exe
  C:\Windows\System\tUkWpKA.exe
  2⤵
  PID:8280
- C:\Windows\System\iKPgUAI.exe
  C:\Windows\System\iKPgUAI.exe
  2⤵
  PID:8252
- C:\Windows\System\CanndSj.exe
  C:\Windows\System\CanndSj.exe
  2⤵
  PID:2596
- C:\Windows\System\IBmZVXL.exe
  C:\Windows\System\IBmZVXL.exe
  2⤵
  PID:8312
- C:\Windows\System\KUAuJSS.exe
  C:\Windows\System\KUAuJSS.exe
  2⤵
  PID:8468
- C:\Windows\System\nFmwuAY.exe
  C:\Windows\System\nFmwuAY.exe
  2⤵
  PID:8604
- C:\Windows\System\GLFoflq.exe
  C:\Windows\System\GLFoflq.exe
  2⤵
  PID:8548
- C:\Windows\System\uaeoumj.exe
  C:\Windows\System\uaeoumj.exe
  2⤵
  PID:8668
- C:\Windows\System\IYTrMCs.exe
  C:\Windows\System\IYTrMCs.exe
  2⤵
  PID:8588
- C:\Windows\System\qBQRaOj.exe
  C:\Windows\System\qBQRaOj.exe
  2⤵
  PID:8900
- C:\Windows\System\XaSffgt.exe
  C:\Windows\System\XaSffgt.exe
  2⤵
  PID:9068
- C:\Windows\System\iDdYQna.exe
  C:\Windows\System\iDdYQna.exe
  2⤵
  PID:8836
- C:\Windows\System\VSofhQJ.exe
  C:\Windows\System\VSofhQJ.exe
  2⤵
  PID:8816
- C:\Windows\System\GzLcItf.exe
  C:\Windows\System\GzLcItf.exe
  2⤵
  PID:9060
- C:\Windows\System\aMcnJNf.exe
  C:\Windows\System\aMcnJNf.exe
  2⤵
  PID:9124
- C:\Windows\System\rHURtHj.exe
  C:\Windows\System\rHURtHj.exe
  2⤵
  PID:9196
- C:\Windows\System\QrNfWwR.exe
  C:\Windows\System\QrNfWwR.exe
  2⤵
  PID:8532
- C:\Windows\System\pKmLjOr.exe
  C:\Windows\System\pKmLjOr.exe
  2⤵
  PID:8264
- C:\Windows\System\XlRuilq.exe
  C:\Windows\System\XlRuilq.exe
  2⤵
  PID:8324
- C:\Windows\System\qKxfLYf.exe
  C:\Windows\System\qKxfLYf.exe
  2⤵
  PID:8700
- C:\Windows\System\DyyMOVZ.exe
  C:\Windows\System\DyyMOVZ.exe
  2⤵
  PID:8720
- C:\Windows\System\gZQlyvr.exe
  C:\Windows\System\gZQlyvr.exe
  2⤵
  PID:8600
- C:\Windows\System\VlzCnSm.exe
  C:\Windows\System\VlzCnSm.exe
  2⤵
  PID:960
- C:\Windows\System\kjVvWXp.exe
  C:\Windows\System\kjVvWXp.exe
  2⤵
  PID:9092
- C:\Windows\System\vkbsMTJ.exe
  C:\Windows\System\vkbsMTJ.exe
  2⤵
  PID:2584
- C:\Windows\System\ubQLsTU.exe
  C:\Windows\System\ubQLsTU.exe
  2⤵
  PID:8820
- C:\Windows\System\JdjXFsC.exe
  C:\Windows\System\JdjXFsC.exe
  2⤵
  PID:9072
- C:\Windows\System\TzCKJpx.exe
  C:\Windows\System\TzCKJpx.exe
  2⤵
  PID:2060
- C:\Windows\System\mlyMXAI.exe
  C:\Windows\System\mlyMXAI.exe
  2⤵
  PID:2236
- C:\Windows\System\ozvVwyu.exe
  C:\Windows\System\ozvVwyu.exe
  2⤵
  PID:2812
- C:\Windows\System\UxMzDSa.exe
  C:\Windows\System\UxMzDSa.exe
  2⤵
  PID:8404
- C:\Windows\System\qeOXbwj.exe
  C:\Windows\System\qeOXbwj.exe
  2⤵
  PID:8292
- C:\Windows\System\WwLtJYE.exe
  C:\Windows\System\WwLtJYE.exe
  2⤵
  PID:1924
- C:\Windows\System\fKwrIYt.exe
  C:\Windows\System\fKwrIYt.exe
  2⤵
  PID:920
- C:\Windows\System\akpxYDo.exe
  C:\Windows\System\akpxYDo.exe
  2⤵
  PID:1476
- C:\Windows\System\QKeHnbz.exe
  C:\Windows\System\QKeHnbz.exe
  2⤵
  PID:9028
- C:\Windows\System\PKtKDMw.exe
  C:\Windows\System\PKtKDMw.exe
  2⤵
  PID:8884
- C:\Windows\System\fbNJoNk.exe
  C:\Windows\System\fbNJoNk.exe
  2⤵
  PID:9156
- C:\Windows\System\dsaKTom.exe
  C:\Windows\System\dsaKTom.exe
  2⤵
  PID:9192
- C:\Windows\System\PifgSsr.exe
  C:\Windows\System\PifgSsr.exe
  2⤵
  PID:8980
- C:\Windows\System\CmjAiQn.exe
  C:\Windows\System\CmjAiQn.exe
  2⤵
  PID:1080
- C:\Windows\System\YHOxTdr.exe
  C:\Windows\System\YHOxTdr.exe
  2⤵
  PID:8636
- C:\Windows\System\HRzqcXA.exe
  C:\Windows\System\HRzqcXA.exe
  2⤵
  PID:9232
- C:\Windows\System\eVUMmat.exe
  C:\Windows\System\eVUMmat.exe
  2⤵
  PID:9256
- C:\Windows\System\fLkceJi.exe
  C:\Windows\System\fLkceJi.exe
  2⤵
  PID:9272
- C:\Windows\System\eumZEcH.exe
  C:\Windows\System\eumZEcH.exe
  2⤵
  PID:9288
- C:\Windows\System\PNIFFqj.exe
  C:\Windows\System\PNIFFqj.exe
  2⤵
  PID:9304
- C:\Windows\System\tNbiprK.exe
  C:\Windows\System\tNbiprK.exe
  2⤵
  PID:9320
- C:\Windows\System\ijrYcTX.exe
  C:\Windows\System\ijrYcTX.exe
  2⤵
  PID:9336
- C:\Windows\System\ZWjfnCw.exe
  C:\Windows\System\ZWjfnCw.exe
  2⤵
  PID:9352
- C:\Windows\System\TMrVSPW.exe
  C:\Windows\System\TMrVSPW.exe
  2⤵
  PID:9368
- C:\Windows\System\wORtnzi.exe
  C:\Windows\System\wORtnzi.exe
  2⤵
  PID:9384
- C:\Windows\System\HGWiArm.exe
  C:\Windows\System\HGWiArm.exe
  2⤵
  PID:9404
- C:\Windows\System\BeDJVsr.exe
  C:\Windows\System\BeDJVsr.exe
  2⤵
  PID:9420
- C:\Windows\System\vphOIkK.exe
  C:\Windows\System\vphOIkK.exe
  2⤵
  PID:9436
- C:\Windows\System\XrVUWhw.exe
  C:\Windows\System\XrVUWhw.exe
  2⤵
  PID:9452
- C:\Windows\System\DZHFlIL.exe
  C:\Windows\System\DZHFlIL.exe
  2⤵
  PID:9468
- C:\Windows\System\qmWeZMY.exe
  C:\Windows\System\qmWeZMY.exe
  2⤵
  PID:9488
- C:\Windows\System\gzXQiWf.exe
  C:\Windows\System\gzXQiWf.exe
  2⤵
  PID:9504
- C:\Windows\System\norXpwG.exe
  C:\Windows\System\norXpwG.exe
  2⤵
  PID:9520
- C:\Windows\System\tNcQreu.exe
  C:\Windows\System\tNcQreu.exe
  2⤵
  PID:9536
- C:\Windows\System\qSjATpv.exe
  C:\Windows\System\qSjATpv.exe
  2⤵
  PID:9556
- C:\Windows\System\COmagLU.exe
  C:\Windows\System\COmagLU.exe
  2⤵
  PID:9576
- C:\Windows\System\LMpaLkc.exe
  C:\Windows\System\LMpaLkc.exe
  2⤵
  PID:9592
- C:\Windows\System\eluNegx.exe
  C:\Windows\System\eluNegx.exe
  2⤵
  PID:9608
- C:\Windows\System\xJGbToy.exe
  C:\Windows\System\xJGbToy.exe
  2⤵
  PID:9624
- C:\Windows\System\EktkIeG.exe
  C:\Windows\System\EktkIeG.exe
  2⤵
  PID:9648
- C:\Windows\System\pRHGwan.exe
  C:\Windows\System\pRHGwan.exe
  2⤵
  PID:9668
- C:\Windows\System\oSNzKKI.exe
  C:\Windows\System\oSNzKKI.exe
  2⤵
  PID:9684
- C:\Windows\System\jrnPcJv.exe
  C:\Windows\System\jrnPcJv.exe
  2⤵
  PID:9700
- C:\Windows\System\xHAymth.exe
  C:\Windows\System\xHAymth.exe
  2⤵
  PID:9716
- C:\Windows\System\xTuSizF.exe
  C:\Windows\System\xTuSizF.exe
  2⤵
  PID:9732
- C:\Windows\System\dyxuEiJ.exe
  C:\Windows\System\dyxuEiJ.exe
  2⤵
  PID:9748
- C:\Windows\System\tFklLnF.exe
  C:\Windows\System\tFklLnF.exe
  2⤵
  PID:9764
- C:\Windows\System\AaJphbi.exe
  C:\Windows\System\AaJphbi.exe
  2⤵
  PID:9780
- C:\Windows\System\bywzFdJ.exe
  C:\Windows\System\bywzFdJ.exe
  2⤵
  PID:9796
- C:\Windows\System\kvZEVLa.exe
  C:\Windows\System\kvZEVLa.exe
  2⤵
  PID:9812
- C:\Windows\System\EUTWhGI.exe
  C:\Windows\System\EUTWhGI.exe
  2⤵
  PID:9828
- C:\Windows\System\FEnMGKC.exe
  C:\Windows\System\FEnMGKC.exe
  2⤵
  PID:9844
- C:\Windows\System\STSFzLX.exe
  C:\Windows\System\STSFzLX.exe
  2⤵
  PID:9860
- C:\Windows\System\BeiDSpl.exe
  C:\Windows\System\BeiDSpl.exe
  2⤵
  PID:9876
- C:\Windows\System\THkLkIH.exe
  C:\Windows\System\THkLkIH.exe
  2⤵
  PID:9896
- C:\Windows\System\XPprJep.exe
  C:\Windows\System\XPprJep.exe
  2⤵
  PID:9912
- C:\Windows\System\waRKdPi.exe
  C:\Windows\System\waRKdPi.exe
  2⤵
  PID:9928
- C:\Windows\System\ZYDYSGS.exe
  C:\Windows\System\ZYDYSGS.exe
  2⤵
  PID:9944
- C:\Windows\System\CkTdEez.exe
  C:\Windows\System\CkTdEez.exe
  2⤵
  PID:9960
- C:\Windows\System\cmOoFcn.exe
  C:\Windows\System\cmOoFcn.exe
  2⤵
  PID:9976
- C:\Windows\System\SfcEUjh.exe
  C:\Windows\System\SfcEUjh.exe
  2⤵
  PID:9992
- C:\Windows\System\WRXywyT.exe
  C:\Windows\System\WRXywyT.exe
  2⤵
  PID:10008
- C:\Windows\System\ksLrKlb.exe
  C:\Windows\System\ksLrKlb.exe
  2⤵
  PID:10024
- C:\Windows\System\RxiPVDm.exe
  C:\Windows\System\RxiPVDm.exe
  2⤵
  PID:10040
- C:\Windows\System\LWQEyYG.exe
  C:\Windows\System\LWQEyYG.exe
  2⤵
  PID:10056
- C:\Windows\System\SDEljRV.exe
  C:\Windows\System\SDEljRV.exe
  2⤵
  PID:10072
- C:\Windows\System\bxMbEhj.exe
  C:\Windows\System\bxMbEhj.exe
  2⤵
  PID:10088
- C:\Windows\System\ySGsxMG.exe
  C:\Windows\System\ySGsxMG.exe
  2⤵
  PID:10104
- C:\Windows\System\pvJqzJx.exe
  C:\Windows\System\pvJqzJx.exe
  2⤵
  PID:10120
- C:\Windows\System\NAsZOeF.exe
  C:\Windows\System\NAsZOeF.exe
  2⤵
  PID:10136
- C:\Windows\System\XXYFQuF.exe
  C:\Windows\System\XXYFQuF.exe
  2⤵
  PID:10152
- C:\Windows\System\lecJZos.exe
  C:\Windows\System\lecJZos.exe
  2⤵
  PID:10168
- C:\Windows\System\iHWTgEl.exe
  C:\Windows\System\iHWTgEl.exe
  2⤵
  PID:10184
- C:\Windows\System\nmpyIcZ.exe
  C:\Windows\System\nmpyIcZ.exe
  2⤵
  PID:10200
- C:\Windows\System\SuFwdgz.exe
  C:\Windows\System\SuFwdgz.exe
  2⤵
  PID:10216
- C:\Windows\System\pRWTomE.exe
  C:\Windows\System\pRWTomE.exe
  2⤵
  PID:10232
- C:\Windows\System\ubnhzZf.exe
  C:\Windows\System\ubnhzZf.exe
  2⤵
  PID:916
- C:\Windows\System\QsHmcyH.exe
  C:\Windows\System\QsHmcyH.exe
  2⤵
  PID:9224
- C:\Windows\System\iiNuQap.exe
  C:\Windows\System\iiNuQap.exe
  2⤵
  PID:9252
- C:\Windows\System\mkoYhRl.exe
  C:\Windows\System\mkoYhRl.exe
  2⤵
  PID:9284
- C:\Windows\System\aPyonwp.exe
  C:\Windows\System\aPyonwp.exe
  2⤵
  PID:9344
- C:\Windows\System\yravYid.exe
  C:\Windows\System\yravYid.exe
  2⤵
  PID:9300
- C:\Windows\System\APjQGea.exe
  C:\Windows\System\APjQGea.exe
  2⤵
  PID:9364
- C:\Windows\System\qYSDBzD.exe
  C:\Windows\System\qYSDBzD.exe
  2⤵
  PID:9380
- C:\Windows\System\yscqOyx.exe
  C:\Windows\System\yscqOyx.exe
  2⤵
  PID:9432
- C:\Windows\System\BFktUwc.exe
  C:\Windows\System\BFktUwc.exe
  2⤵
  PID:9484
- C:\Windows\System\IgDiFev.exe
  C:\Windows\System\IgDiFev.exe
  2⤵
  PID:9464
- C:\Windows\System\vGIhSea.exe
  C:\Windows\System\vGIhSea.exe
  2⤵
  PID:9532
- C:\Windows\System\jbTzkDI.exe
  C:\Windows\System\jbTzkDI.exe
  2⤵
  PID:9564
- C:\Windows\System\LqSCDGe.exe
  C:\Windows\System\LqSCDGe.exe
  2⤵
  PID:9588
- C:\Windows\System\tzhynui.exe
  C:\Windows\System\tzhynui.exe
  2⤵
  PID:9660
- C:\Windows\System\joVzLYC.exe
  C:\Windows\System\joVzLYC.exe
  2⤵
  PID:9664
- C:\Windows\System\FnhztWl.exe
  C:\Windows\System\FnhztWl.exe
  2⤵
  PID:9600
- C:\Windows\System\bjVivNc.exe
  C:\Windows\System\bjVivNc.exe
  2⤵
  PID:9792
- C:\Windows\System\vSorLmD.exe
  C:\Windows\System\vSorLmD.exe
  2⤵
  PID:9856
- C:\Windows\System\OpEtOoj.exe
  C:\Windows\System\OpEtOoj.exe
  2⤵
  PID:9644
- C:\Windows\System\qaoWOeX.exe
  C:\Windows\System\qaoWOeX.exe
  2⤵
  PID:9712
- C:\Windows\System\FHDoYHl.exe
  C:\Windows\System\FHDoYHl.exe
  2⤵
  PID:9776
- C:\Windows\System\FsSIAsq.exe
  C:\Windows\System\FsSIAsq.exe
  2⤵
  PID:9840
- C:\Windows\System\vNrUKgI.exe
  C:\Windows\System\vNrUKgI.exe
  2⤵
  PID:9924
- C:\Windows\System\MLGxvzu.exe
  C:\Windows\System\MLGxvzu.exe
  2⤵
  PID:9908
- C:\Windows\System\YHmtIKz.exe
  C:\Windows\System\YHmtIKz.exe
  2⤵
  PID:9984
- C:\Windows\System\pKrVBzY.exe
  C:\Windows\System\pKrVBzY.exe
  2⤵
  PID:9972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AtPgEZr.exe

Filesize
6.0MB

MD5
e049bb7ad45de40fcc6936aacf02e98f

SHA1
68b4e69ff48d1b4e38f268c25d918130769e790c

SHA256
e8570e618bbff498bbc3437b17e13a4f66c31c0ef1f8c84a00205d193809c1a7

SHA512
c0f93696dae156a23b1982fcc2bfe72a97de8b98e5315147878ad767b3c0a345107993e936588812e9c43a0f9eb6f6ac6756fa24f39a36a9b6f5009ff44dde3b

Download Submit
C:\Windows\system\BOXFmPU.exe

Filesize
6.0MB

MD5
7bc775deb9ca8bc9bf915bcc2375d32f

SHA1
4ff5b336f88b83ec76dab29e023fdb0fd8cbe3e4

SHA256
91a6a5df0d541c20344d9983b46acd5ecccbecbdcf977c61b354fa52f3960503

SHA512
9e6c8e140967a775f23525a2ad39e5b9dc8eb0ccd1bf668f82c0e01dc00b25bc75d1748ba124e1d051a0a630f41eded2c1c9865a21a80133d2cfcb4d2cf43dd9

Download Submit
C:\Windows\system\ChRGTKv.exe

Filesize
6.0MB

MD5
268658edaad1c1aad4df598eb98b1494

SHA1
afdaa1d044e0e1c21c8e653253f61670a1c0a3ae

SHA256
e3933d0437442d870515e3bec106bc8fe2d4e6ed1f55222ade8d193c37b6560c

SHA512
c6a7d2faeee5362c7f3535637bb05589577796529f045468ae68f53f0512b14ab920bda9d03f60857db7e1b66f8e789d10836384f0e21c6defd1b3f87824888e

Download Submit
C:\Windows\system\FOIodeQ.exe

Filesize
6.0MB

MD5
aad93f92e727026e0ac6e8239871946c

SHA1
d30eddd270c3f88c1dc440e5275260e374cbffbc

SHA256
e7690469cec0e814c608be83a7c0ea5021eacf3c660fc02d05acdd3d238edf76

SHA512
ff5151a62207a1f74304ac32b44c3507c7133b3777c7143ea7957bffd0197ba6d546dd5f97797f90e1e2911da06beb9a88b5d2c9bde1f940af5d402aed242237

Download Submit
C:\Windows\system\FmwwZHG.exe

Filesize
6.0MB

MD5
065db42a386ef721831771ca96668cb6

SHA1
0eae3fc5e7a5ebbd9b8f7800a9ae352c555e5ba5

SHA256
2fb636412de897d37677650ab38d58900eea1a8ae13e93b16d5a7abd1351eed0

SHA512
dc59ea664e9a179b7df68ebc6bc2d42c0844a98b98dc6957eea3e100132046581ef8c17ba35522c48010bfc2e8b6c4f7e32240feb55c07119e96e111af285eb3

Download Submit
C:\Windows\system\GjBwhuK.exe

Filesize
6.0MB

MD5
329dc82bdcae2c88370f08b984cecadd

SHA1
cdcdad11dfb559b027312d4b95fe2ba5d5515982

SHA256
398e678a126ee51f2e56a8f789a9cd938a04df639ea5d6ce3d7ec750d1da4077

SHA512
692ce39da7adad175f9255d6630008dcebfa184b70aa2c2df0665766abee047b14693f031205b24cd178f9477a20995dbe5fd3675a23bb16577a64be00c120ab

Download Submit
C:\Windows\system\GzUtuDV.exe

Filesize
6.0MB

MD5
aa5738a4f798a54768e0781480e9f228

SHA1
1541d8113720923dc593f67ae884903120b32aa6

SHA256
d9967b21f70d81c1d80c1126c565fadc2697d86383be20698e887356e9d5ba68

SHA512
057288611c09bced8ade7ddbc89776bef375eb28d65dfc1afa9d568fb50fc604ec328460f60fe0a028fc94dfb442f1f6778df461a8c83dfc744f1169c2b91a41

Download Submit
C:\Windows\system\KvbxsFh.exe

Filesize
6.0MB

MD5
228c54eb29a6a73eed9a968733c07d12

SHA1
37efb2c0020d6bf58d7688f3f570ac194bc27155

SHA256
d5b423be11ea71363fe52dad40193cf3c92bbeca90e360998789d0c5da5e9cfc

SHA512
e41a1f671a96c73e9e87a35f7d2141e5f948d53fb676c3d5582f7d2b195386a2c7518e6008f4dd0880fc0441fe269020df7fdbc2dd43e61ed037a0f8d927e942

Download Submit
C:\Windows\system\MkREImo.exe

Filesize
6.0MB

MD5
d3eb60c3ddcfb44c239e30f2e633445a

SHA1
2c3a018e89c13685a1ca47b7cf71a163e6ec637b

SHA256
6b86761828c361ea3e4f1c1e0086026b9079a1ac5c3791d2bb2771dcaacb0d9f

SHA512
96a9b0fe691f5b3630938f999cb6b08ec9896f225a1f77c95488a05d3a2767c0587d0419e22ff7926fb380f7d2dad947ddc35eab87bee09fae50a94c5fceed23

Download Submit
C:\Windows\system\PESlSZF.exe

Filesize
6.0MB

MD5
a3fda2296dcbfb731b7178c79c2ec5b6

SHA1
f8868b0f32afa7e5ddc57d7bc19beaf4cebc50e6

SHA256
cb834afba56f236f1afb99776078a254dc48e510ec1901fabb68fca9d14f303a

SHA512
628655857085c3d2823b65e9f311925e7fffe5dd4dd11f23f1ad0af77571711f6ac1c04997f33bd13f0ea36758dc85b85f3413f527c66a1b605e72010ec142f7

Download Submit
C:\Windows\system\RdmCyBH.exe

Filesize
6.0MB

MD5
f66992e56afcf60940fda8be441b0384

SHA1
a796cfe95bd0885cb6886df255e82db4e235e749

SHA256
bcff313eb1dbd3aa4546c94e77e528c7ecb8b6508a3c08c87b8982194c9f7bca

SHA512
80edea3dcf1542c191df5d5325919f06cf93356d5f7c246a12ae8e909e22e43ea956ac4654f97c5bdf704d3bf261345cbea9a32f1e6dcbefddfea1fee0d9b62c

Download Submit
C:\Windows\system\TaAjdxB.exe

Filesize
6.0MB

MD5
8f4b3b904f103d22108a4db80e558d05

SHA1
4d72504cf8478044ee76db127a7c3bd03245c6d0

SHA256
edf87186253d6cceb651abd14c8abb99bd77628570df07db874b13d9b88e5208

SHA512
8658bf461566ad5c1838efa55a701b1e4f8d52733b2bfcb3c6c28f1ceac7fa75a8ebced39335de0b2093a352d794df52916454edc59736c74528ad3562e96a54

Download Submit
C:\Windows\system\WScphQX.exe

Filesize
6.0MB

MD5
361b984f85a37f30915bf8fe1b289e7f

SHA1
c6985f2af5dbbcfcbc9f43587e58bb05af8fdf01

SHA256
15731f35e76c1bf141da5e34f5a5a8ada21f2b3eb64ed5af28af4dd3bdfad3ef

SHA512
b946d66684b2e871af4365302b5236cb78b2d29102a5a7253018dc9f5c15ffa016f79e249d9d2ff6bbc856aac0457220e94206511313fa9695ab96c1a45f8fbb

Download Submit
C:\Windows\system\XdJdmXy.exe

Filesize
6.0MB

MD5
2d6dbe09e58793cfe6b2611deba24a09

SHA1
2dd427e34f4936d4fa02bc9a2fbebbf0e93c64c3

SHA256
76294660805a9e247af33af10c7031ea30abadcd846aa655ed965f78bfa8d951

SHA512
04d7495c55b8a10c350493e0d1fc69fd9ee8ce98c9ce68a11162cf0b298132fce6a7e8ce6e047d770a7ccf687fb33cf12e09c1497870d9fbbbbbf3ce32e50401

Download Submit
C:\Windows\system\XohDjHz.exe

Filesize
6.0MB

MD5
12e8c52daff634e5045e4a80ebaa0a56

SHA1
2baf970090821ccffeefa7d38cd68bc6f33c619d

SHA256
9d07ca3ac00c5496d4dbc66c2cdba5debe02b0081035849b1412fa57b9982fd7

SHA512
9c6b1ab2dbd46be5d92707e3fce1df921b1907ef697139298e80195566a220f20fc4bd22cef50e8f27db1dd49c5bdacd9ec0db64f10d6012f060453568f2801b

Download Submit
C:\Windows\system\azBZakB.exe

Filesize
6.0MB

MD5
d1d567503d4d178d73dd0361f1a16ea2

SHA1
beba45d4579cd65655181ba7bccb2d7336f7389e

SHA256
6438aa76f701951a67bb5fc5d31850ead49117e16dfab1e637db7b47e5250a90

SHA512
12cf4dbf39fa6eb12d42eae93aefe4fae386f052b157fec845991ec3327f71168ac772902104cef6ca651e31f1094ae59eadda8d36c4c8a1a22bcaf9f7d90173

Download Submit
C:\Windows\system\dbShZyS.exe

Filesize
6.0MB

MD5
94b86bdd6d0bec30dbcff4c556ebef1a

SHA1
d63a52650e48ff5fc45c826eaec7d427e503eeb3

SHA256
4b968edcc95c54ac84dc42b51bdb32f157130c3101937cad7b15bfb1094df86d

SHA512
84c7137e1d349574ee2c73a3830b27ce796ce252b1e02eabcd0b728cd67cc22b824306d7cd911d10c18257f416c1b519ffadcd17b93a0ad9bb34adcb0c7a46f2

Download Submit
C:\Windows\system\iGFgZDl.exe

Filesize
6.0MB

MD5
976671f8b1756ef2bbf1829e42bdd9e6

SHA1
b1b032ca35ab8b1345ae375248599d4b367af1cd

SHA256
ad9e4e3b8b7b13cc9c9197b7500f61b5cd3981671bee8e4980e5f6437ca8199a

SHA512
f0381727493a3ecec3e937c0dbeac4e72d3452108d55edb3dc727b222baafa3d49830b145201deef486e81d085a15028a427b8ac1ab6a80ef71d7264ce137fb1

Download Submit
C:\Windows\system\jmLHoih.exe

Filesize
6.0MB

MD5
e695b28a980af8fa3f67c046f3b09cc4

SHA1
b187f5620d6499be17f91cc2ca8a1449a36fb84e

SHA256
d4e7fb1e85de4a2ac2de8d2c47f124bcd11523b76f8259c1fa319d4f1a29d1b2

SHA512
56c8d74d852aca3de1816bcf48a477eb792874c1266208334506ab5fead42dc79aa4d798f4e1265fefd18a358abe95758da508cb96cf59264b1cdeba988884f9

Download Submit
C:\Windows\system\mdJAhGS.exe

Filesize
6.0MB

MD5
6af12170bf62177c8cfb791145853453

SHA1
08adf656a327f7e733cc7ea70adaf169f8152a77

SHA256
a363bef7c4e1d5ac7b7ddd8ae563f4b3c46e1590e63d0d94e81eccdb4d42d922

SHA512
df84a4cf72e1d77f073405fa8953af13746df7ef2c89842b234fe30fb16d43482286b06f96d865b3c08ac65694c87ecc6a08be5b7cb7c9791b6f07df377c0635

Download Submit
C:\Windows\system\miPweao.exe

Filesize
6.0MB

MD5
66268b021154c57401332aa60118b73d

SHA1
e070d692844b87862d06237205e6ea6405e0529c

SHA256
69d17923f9a419eaaa4303b7cfbd60d0cd8ab271cd1bf4839127e4ec8f5a1bb9

SHA512
98d178d84f658653f75084efc4c018a3a651f3fa79457b04efef95737706614928bb1509a96c5cf14626af1e1cd21e7cc9d26f5fb25960211d93fd56d22f1598

Download Submit
C:\Windows\system\nUheUSZ.exe

Filesize
6.0MB

MD5
075e1704ceea8a0b252be88b70b19197

SHA1
52b1e6e563ca3f6797e76107c146a9594ca6e325

SHA256
644a03ed85328f03d6af7eb3ae42186ed7d8aa39e8606297000c96a466a33075

SHA512
69fed65625e1020984a1657be0a24c39315098de47c9573d0623fdd66c5afe14e52b20a647ed70a9c247ddf2caff58c41472ff057e5ab63caac0de8fa3979155

Download Submit
C:\Windows\system\nkDPdsW.exe

Filesize
6.0MB

MD5
f7fdbae25caf5ff4963f1cee394ba129

SHA1
e47b2a97bf751a336b17172e0b3c287645902c01

SHA256
edee4717b5fec807e94bf6b00c9d8ad63405b595ff106988d23646d774a31be5

SHA512
b5de811e670a8cb12b2de1aec60c7b15d6aa2706ea9a84bea49973ae76e50881d56c88f161bc80e16e6ede2cde16a769aab9e1ebd78b93ae9c1026a9b2b5c828

Download Submit
C:\Windows\system\ollMUTY.exe

Filesize
6.0MB

MD5
9f3d66063fba05f0a9080544512ba98c

SHA1
d1e6e2e7d97620adb80949fe0ca054e8359f3fc8

SHA256
fdfb978cf5d21201e693444279e1a33f573bd3b30eda1a59ba4755e9706b59ea

SHA512
3e79853b1abc381889396e713721e6f7b93be1950aa8cc80792b82e21ce098d6563a10eadfd08ef6006e86e864d8f48f409ec4ee0dc7ffb632d6895db8cad307

Download Submit
C:\Windows\system\wNaVUjf.exe

Filesize
6.0MB

MD5
0742cfb305647c0da046e698bcb7cda7

SHA1
788c614d2729852b91ae57085897965457e7196b

SHA256
552fb7151a34440cc3fb8fe6ed58cc6318180209f0d236786c850d074b98b840

SHA512
1182d15e1ac2e5531b7d0dafe225d89bd062a60f44248c3107d77b9161746d970ae723ec2a1fd5d8f3d40e21fd9d0a7e6b112ae20b3675cb712eed73bb956dca

Download Submit
C:\Windows\system\ykAgIad.exe

Filesize
6.0MB

MD5
03885ef5d7bd1b74bf73d7363e563982

SHA1
70f1b9db60a35948de1ee80f813d5ad99b4c2530

SHA256
adda8c962ec1d5cf709ad631841d16569410e4f2be41b406fc7a2d2ea37d05a2

SHA512
7cdc490cce4523858f5eb0130f0e9b6c4d10628c61211d6c4214bc9ef5cf1092eee7daa7d27cc68fc858f4b30a5e2920049df352c34534677c7d20e1eb7e794f

Download Submit
\Windows\system\MRaqFto.exe

Filesize
6.0MB

MD5
2339d99669ea8597263dad4b4f12cfc3

SHA1
bc1ffebbee2f05a3252a7ae17e213dd9fbf3d768

SHA256
0c9adde5e9d7693614c3e9628546190adec31efa7ca9001c8dcb53c7fb4ab9ee

SHA512
f6a51096cd54b3233080fe4400ca6578fce67077977ae41d879bcaff11ed3773a9446b9fd5c4c49c24e408f86e55412c0762973822d9730a35e43a86adb2468d

Download Submit
\Windows\system\OlkcwwI.exe

Filesize
6.0MB

MD5
e82563c41fd0dd635287913f556a6545

SHA1
667e22b48f863c0b8813becbb6866d64be856413

SHA256
d497a31d69931fdc87fa58a85a65c3ad518249cf8772a6d2ffcc0fe634a25e6b

SHA512
9edbf380e53eb93fe5814809b33d409dc76bc1c9ff41628fe765c0b7ff359ddba3833a8293e1393943bcea8be6d5a8496d9592b219ec5f32761999c315dc7f8d

Download Submit
\Windows\system\oStjrrk.exe

Filesize
6.0MB

MD5
f592614f575925e016fbdfcd5b6e021d

SHA1
6b5d1f9f2d6f93b4a20d73da13580f2a0e3f390e

SHA256
a6e7ef2200bdfcf274bf07aa4db0b569135bd4f78aca365d93c53b82c4dfba94

SHA512
a098ee8654e24cf76b1556456d370c70adcc3b214be5c016dc8d70abfcadefd8c67e5eb199c5a521eee4e94af8ba7324c80ca286691d1758a492652ccdaaa9e3

Download Submit
\Windows\system\orCkYtB.exe

Filesize
6.0MB

MD5
5bbab5f431fd4532d83fd8a60479ee7b

SHA1
a4baadd49bfc8b187bb0c774784159c17f22b7c1

SHA256
f524c48465f1aaea5912550ad1bebecdc7d50071e0a18f01e858666bdf7756e2

SHA512
ecb294c602772d16f33c952f39e8d0f15853f37f8999b8dfd75f9a3c748f47746c0dd084a14830b186a3d7cd903064ea28907808823bf222816220d679791c2b

Download Submit
\Windows\system\pSsLWaI.exe

Filesize
6.0MB

MD5
75854ba8a1a28d85fcf7985e8dc5bfa1

SHA1
409f3b1ce83482ccef32cd4708208a00d4d26ff3

SHA256
a197ed39789d0384d3cc3936a75694794af4d6a459c02103b47805b8955f860c

SHA512
2d199cf9c3d4e2ea2c4f6d77613b23be7e8a368d33ffe43a95379ed3795a263cef0ecb241f353138729ae8998f23a477ae55a03779dcd5a893f370a337a5d4a7

Download Submit
\Windows\system\rHiJONp.exe

Filesize
6.0MB

MD5
47fcd36f7c2ff8a5605f8101c77bb1a7

SHA1
7d0f2d50a5a07f22840997ef9a0489474e61f8fc

SHA256
c47309b824c20cf1f8fbad266fc88d44870003225c9837bc7e6bacf74053648e

SHA512
f940d1a01be0e2b8d90a481ff19263c7797bca7d4f4fd07145d0b4ea215c24fbe620dc2685ebee1c72e7316db6cef6bea2d42cefbb5de239b88eb98b810d18c6

Download Submit
memory/656-1932-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/656-98-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/804-58-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/804-416-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/804-302-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/804-13-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/804-71-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/804-73-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/804-74-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/804-57-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/804-28-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/804-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/804-0-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/804-40-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/804-50-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/804-79-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/804-32-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/804-487-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/804-108-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/804-100-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/804-14-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/804-33-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/804-97-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/1740-1935-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/1740-109-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/1988-15-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/1988-1921-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2376-1937-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-96-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2556-16-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2556-1892-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2620-301-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2620-1931-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2620-72-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2652-92-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-1936-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-1925-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-99-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-41-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-1930-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2740-303-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2740-78-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2748-30-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2748-1903-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2756-59-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1929-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-91-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-1926-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-36-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-1928-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/3020-51-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/3056-34-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/3056-1909-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download