cobaltstrike | 27a448b80eb8a4c8bd034b80af7b81e4d16c3f9290c106a8a04a7580714989f1

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-12-2024 02:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

e63044dddf37723854cc84598811e51e
SHA1

86d8f2bf3e773eaeb5124c92da747dc3ad004de5
SHA256

27a448b80eb8a4c8bd034b80af7b81e4d16c3f9290c106a8a04a7580714989f1
SHA512

fdd6864bc17723d758c211d53acf23870dfea2500baa50d4fbd50d1cf178441bccaafb900efd2143009530b1b7a258c9ea5bc7609d18f8e4f93f1748d3a6f4b8
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUo:T+q56utgpPF8u/7o

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000e000000012280-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015f41-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016031-20.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016140-27.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001620e-30.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001739a-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018690-172.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018678-168.dat	cobalt_reflective_dll
behavioral1/files/0x001500000001866d-164.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001752f-160.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174ac-156.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001747b-146.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001748f-151.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017409-144.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017403-140.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173fb-136.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173e4-132.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173aa-128.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001739c-124.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016f9c-116.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016e74-112.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dc8-108.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dad-102.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9f-96.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d47-81.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d50-89.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d36-64.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d3f-72.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d2e-62.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001650a-55.dat	cobalt_reflective_dll
behavioral1/files/0x000c000000015d79-50.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016409-38.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2672-0-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/files/0x000e000000012280-3.dat	xmrig
behavioral1/memory/2764-8-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015f41-10.dat	xmrig
behavioral1/files/0x0007000000016031-20.dat	xmrig
behavioral1/memory/2744-23-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/files/0x0007000000016140-27.dat	xmrig
behavioral1/files/0x000700000001620e-30.dat	xmrig
behavioral1/memory/2756-29-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2380-16-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2672-4-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2912-76-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2756-67-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2736-83-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2360-98-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/files/0x000600000001739a-120.dat	xmrig
behavioral1/memory/2672-617-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/files/0x0005000000018690-172.dat	xmrig
behavioral1/files/0x0009000000018678-168.dat	xmrig
behavioral1/files/0x001500000001866d-164.dat	xmrig
behavioral1/files/0x000600000001752f-160.dat	xmrig
behavioral1/files/0x00060000000174ac-156.dat	xmrig
behavioral1/files/0x000600000001747b-146.dat	xmrig
behavioral1/files/0x000600000001748f-151.dat	xmrig
behavioral1/files/0x0006000000017409-144.dat	xmrig
behavioral1/files/0x0006000000017403-140.dat	xmrig
behavioral1/files/0x00060000000173fb-136.dat	xmrig
behavioral1/files/0x00060000000173e4-132.dat	xmrig
behavioral1/files/0x00060000000173aa-128.dat	xmrig
behavioral1/files/0x000600000001739c-124.dat	xmrig
behavioral1/files/0x0006000000016f9c-116.dat	xmrig
behavioral1/files/0x0006000000016e74-112.dat	xmrig
behavioral1/files/0x0006000000016dc8-108.dat	xmrig
behavioral1/files/0x0006000000016dad-102.dat	xmrig
behavioral1/memory/2288-99-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d9f-96.dat	xmrig
behavioral1/files/0x0006000000016d47-81.dat	xmrig
behavioral1/memory/1400-93-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2584-91-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d50-89.dat	xmrig
behavioral1/memory/2156-88-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2672-87-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2876-78-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d36-64.dat	xmrig
behavioral1/memory/1952-59-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2744-57-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2008-73-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d3f-72.dat	xmrig
behavioral1/memory/2672-71-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d2e-62.dat	xmrig
behavioral1/files/0x000800000001650a-55.dat	xmrig
behavioral1/memory/2360-52-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2764-46-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2584-45-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/files/0x000c000000015d79-50.dat	xmrig
behavioral1/files/0x0008000000016409-38.dat	xmrig
behavioral1/memory/2672-35-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2764-3780-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2736-3781-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2380-3783-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2744-3782-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2584-3789-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2756-3790-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2360-4157-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2764	WpuZaRV.exe
2380	dmAQLAZ.exe
2744	MjalSvn.exe
2756	ONCQkUC.exe
2736	NqumRGe.exe
2584	wEEPxRE.exe
2360	PDpGWSf.exe
1952	doxnwoC.exe
2008	fEUZfDM.exe
2912	QQdEDDW.exe
2876	evceJfN.exe
2156	ECiuubn.exe
1400	zyTymHZ.exe
2288	JVVgdVY.exe
1432	pKXOVHs.exe
1888	dXKxnxO.exe
1872	xpYZAAc.exe
664	vDfBJTa.exe
2816	FKKFHsK.exe
1632	kJpBlwV.exe
316	ZPEotyF.exe
1436	PEllDcG.exe
2072	qHMQXpS.exe
2768	MlkfIsB.exe
2144	eCXCoRv.exe
1732	ZncdPsT.exe
2192	EuwuiGe.exe
2212	ulMYYsq.exe
392	zAKKDYT.exe
1960	hvNjKWg.exe
1208	PkfZaPM.exe
2216	CVkaKez.exe
268	ZfbZjNU.exe
2344	RVcHqFb.exe
1520	ydjGNcB.exe
752	WnsdqgH.exe
852	bANWkbu.exe
2040	PiNpAwT.exe
1712	HRedpnB.exe
2980	LeJzadS.exe
1464	VMTKUZU.exe
1444	docaLkC.exe
760	zDEoFRX.exe
2504	FmDLmZh.exe
1604	BMGGrSl.exe
1120	JcKNmWl.exe
2952	coAfeAF.exe
2468	PXkMHDE.exe
2472	ppAqBDG.exe
236	VsJferF.exe
2480	zYTXgDm.exe
2444	vDzrkol.exe
1456	RjPfALZ.exe
2448	goNCOPM.exe
1356	PEWwIxh.exe
276	LTfpYOE.exe
1672	DHudmIb.exe
872	fwCkveT.exe
2052	VwGTFIj.exe
2000	SAEoFjr.exe
2968	RtZmrHT.exe
1504	brPyEHw.exe
1484	GpMkmTH.exe
2824	hwGjazx.exe

Loads dropped DLL 64 IoCs

pid	Process
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2672-0-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/files/0x000e000000012280-3.dat	upx
behavioral1/memory/2764-8-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x0008000000015f41-10.dat	upx
behavioral1/files/0x0007000000016031-20.dat	upx
behavioral1/memory/2744-23-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/files/0x0007000000016140-27.dat	upx
behavioral1/files/0x000700000001620e-30.dat	upx
behavioral1/memory/2756-29-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2380-16-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2672-4-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2912-76-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2756-67-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2736-83-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2360-98-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/files/0x000600000001739a-120.dat	upx
behavioral1/files/0x0005000000018690-172.dat	upx
behavioral1/files/0x0009000000018678-168.dat	upx
behavioral1/files/0x001500000001866d-164.dat	upx
behavioral1/files/0x000600000001752f-160.dat	upx
behavioral1/files/0x00060000000174ac-156.dat	upx
behavioral1/files/0x000600000001747b-146.dat	upx
behavioral1/files/0x000600000001748f-151.dat	upx
behavioral1/files/0x0006000000017409-144.dat	upx
behavioral1/files/0x0006000000017403-140.dat	upx
behavioral1/files/0x00060000000173fb-136.dat	upx
behavioral1/files/0x00060000000173e4-132.dat	upx
behavioral1/files/0x00060000000173aa-128.dat	upx
behavioral1/files/0x000600000001739c-124.dat	upx
behavioral1/files/0x0006000000016f9c-116.dat	upx
behavioral1/files/0x0006000000016e74-112.dat	upx
behavioral1/files/0x0006000000016dc8-108.dat	upx
behavioral1/files/0x0006000000016dad-102.dat	upx
behavioral1/memory/2288-99-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/files/0x0006000000016d9f-96.dat	upx
behavioral1/files/0x0006000000016d47-81.dat	upx
behavioral1/memory/1400-93-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2584-91-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/files/0x0006000000016d50-89.dat	upx
behavioral1/memory/2156-88-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2876-78-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/files/0x0006000000016d36-64.dat	upx
behavioral1/memory/1952-59-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2744-57-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2008-73-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/files/0x0006000000016d3f-72.dat	upx
behavioral1/files/0x0006000000016d2e-62.dat	upx
behavioral1/files/0x000800000001650a-55.dat	upx
behavioral1/memory/2360-52-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2764-46-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2584-45-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/files/0x000c000000015d79-50.dat	upx
behavioral1/files/0x0008000000016409-38.dat	upx
behavioral1/memory/2672-35-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2764-3780-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2736-3781-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2380-3783-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2744-3782-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2584-3789-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2756-3790-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2360-4157-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2288-4158-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2008-4159-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2912-4161-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\YWPjCSq.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pIQPJDZ.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HufGXJM.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RgLtzgz.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hjvVwRu.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aUbMECt.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fpPTzxh.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\epGPvVn.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HozujdA.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\plGHxKw.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oNvWGPT.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NvmbXdA.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ytsAdNJ.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yszoTGL.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Agzpczy.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pnAQEyu.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QggXAYs.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DcHzQbA.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MvRSCSU.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZHvlDYb.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\docaLkC.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bhkoqnZ.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OVxJvMY.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QnKMNLf.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HyBjXjQ.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aCrpYcQ.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RMqFYgh.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lQwnTix.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZYdXVmO.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BejCSyg.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gjlBJcj.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jFrilIG.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GmzcqXt.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BEjVOCz.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mnUuHrc.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pGfagwJ.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kHnLgUJ.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WpuZaRV.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UIEYCbI.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\awOCbHm.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\keHvrWe.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QGlESSt.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\spsmPqT.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HRedpnB.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PjJCgjG.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aIwQbHq.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iuMDjpR.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bcSEoFR.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eVWvFCO.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tANmdfF.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CigGZVX.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lLvzHvq.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\akRUIrS.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pyJkkmn.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kBcMYCn.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ifVvNid.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SDvcXrT.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qfIchNx.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JtDYFVC.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MGygpHj.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WrwnDXf.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aZRZWwS.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ngdIiIj.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TlCVeCQ.exe	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2764	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2672 wrote to memory of 2764	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2672 wrote to memory of 2764	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2672 wrote to memory of 2380	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2672 wrote to memory of 2380	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2672 wrote to memory of 2380	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2672 wrote to memory of 2744	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2672 wrote to memory of 2744	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2672 wrote to memory of 2744	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2672 wrote to memory of 2756	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2672 wrote to memory of 2756	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2672 wrote to memory of 2756	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2672 wrote to memory of 2736	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2672 wrote to memory of 2736	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2672 wrote to memory of 2736	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2672 wrote to memory of 2584	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2672 wrote to memory of 2584	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2672 wrote to memory of 2584	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2672 wrote to memory of 2360	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2672 wrote to memory of 2360	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2672 wrote to memory of 2360	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2672 wrote to memory of 1952	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2672 wrote to memory of 1952	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2672 wrote to memory of 1952	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2672 wrote to memory of 2008	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2672 wrote to memory of 2008	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2672 wrote to memory of 2008	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2672 wrote to memory of 2876	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2672 wrote to memory of 2876	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2672 wrote to memory of 2876	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2672 wrote to memory of 2912	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2672 wrote to memory of 2912	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2672 wrote to memory of 2912	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2672 wrote to memory of 2156	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2672 wrote to memory of 2156	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2672 wrote to memory of 2156	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2672 wrote to memory of 1400	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2672 wrote to memory of 1400	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2672 wrote to memory of 1400	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2672 wrote to memory of 2288	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2672 wrote to memory of 2288	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2672 wrote to memory of 2288	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2672 wrote to memory of 1432	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2672 wrote to memory of 1432	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2672 wrote to memory of 1432	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2672 wrote to memory of 1888	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2672 wrote to memory of 1888	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2672 wrote to memory of 1888	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2672 wrote to memory of 1872	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2672 wrote to memory of 1872	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2672 wrote to memory of 1872	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2672 wrote to memory of 664	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2672 wrote to memory of 664	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2672 wrote to memory of 664	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2672 wrote to memory of 2816	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2672 wrote to memory of 2816	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2672 wrote to memory of 2816	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2672 wrote to memory of 1632	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2672 wrote to memory of 1632	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2672 wrote to memory of 1632	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2672 wrote to memory of 316	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2672 wrote to memory of 316	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2672 wrote to memory of 316	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2672 wrote to memory of 1436	2672	2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-28_e63044dddf37723854cc84598811e51e_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Windows\System\WpuZaRV.exe
  C:\Windows\System\WpuZaRV.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\dmAQLAZ.exe
  C:\Windows\System\dmAQLAZ.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\MjalSvn.exe
  C:\Windows\System\MjalSvn.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\ONCQkUC.exe
  C:\Windows\System\ONCQkUC.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\NqumRGe.exe
  C:\Windows\System\NqumRGe.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\wEEPxRE.exe
  C:\Windows\System\wEEPxRE.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\PDpGWSf.exe
  C:\Windows\System\PDpGWSf.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\doxnwoC.exe
  C:\Windows\System\doxnwoC.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\fEUZfDM.exe
  C:\Windows\System\fEUZfDM.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\evceJfN.exe
  C:\Windows\System\evceJfN.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\QQdEDDW.exe
  C:\Windows\System\QQdEDDW.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\ECiuubn.exe
  C:\Windows\System\ECiuubn.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\zyTymHZ.exe
  C:\Windows\System\zyTymHZ.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\JVVgdVY.exe
  C:\Windows\System\JVVgdVY.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\pKXOVHs.exe
  C:\Windows\System\pKXOVHs.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\dXKxnxO.exe
  C:\Windows\System\dXKxnxO.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\xpYZAAc.exe
  C:\Windows\System\xpYZAAc.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\vDfBJTa.exe
  C:\Windows\System\vDfBJTa.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\FKKFHsK.exe
  C:\Windows\System\FKKFHsK.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\kJpBlwV.exe
  C:\Windows\System\kJpBlwV.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\ZPEotyF.exe
  C:\Windows\System\ZPEotyF.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\PEllDcG.exe
  C:\Windows\System\PEllDcG.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\qHMQXpS.exe
  C:\Windows\System\qHMQXpS.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\MlkfIsB.exe
  C:\Windows\System\MlkfIsB.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\eCXCoRv.exe
  C:\Windows\System\eCXCoRv.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\EuwuiGe.exe
  C:\Windows\System\EuwuiGe.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\ZncdPsT.exe
  C:\Windows\System\ZncdPsT.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\ulMYYsq.exe
  C:\Windows\System\ulMYYsq.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\zAKKDYT.exe
  C:\Windows\System\zAKKDYT.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\hvNjKWg.exe
  C:\Windows\System\hvNjKWg.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\PkfZaPM.exe
  C:\Windows\System\PkfZaPM.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\CVkaKez.exe
  C:\Windows\System\CVkaKez.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\ZfbZjNU.exe
  C:\Windows\System\ZfbZjNU.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\ydjGNcB.exe
  C:\Windows\System\ydjGNcB.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\RVcHqFb.exe
  C:\Windows\System\RVcHqFb.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\WnsdqgH.exe
  C:\Windows\System\WnsdqgH.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\bANWkbu.exe
  C:\Windows\System\bANWkbu.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\PiNpAwT.exe
  C:\Windows\System\PiNpAwT.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\HRedpnB.exe
  C:\Windows\System\HRedpnB.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\LeJzadS.exe
  C:\Windows\System\LeJzadS.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\VMTKUZU.exe
  C:\Windows\System\VMTKUZU.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\docaLkC.exe
  C:\Windows\System\docaLkC.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\zDEoFRX.exe
  C:\Windows\System\zDEoFRX.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\FmDLmZh.exe
  C:\Windows\System\FmDLmZh.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\BMGGrSl.exe
  C:\Windows\System\BMGGrSl.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\JcKNmWl.exe
  C:\Windows\System\JcKNmWl.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\coAfeAF.exe
  C:\Windows\System\coAfeAF.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\PXkMHDE.exe
  C:\Windows\System\PXkMHDE.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\ppAqBDG.exe
  C:\Windows\System\ppAqBDG.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\VsJferF.exe
  C:\Windows\System\VsJferF.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\zYTXgDm.exe
  C:\Windows\System\zYTXgDm.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\vDzrkol.exe
  C:\Windows\System\vDzrkol.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\RjPfALZ.exe
  C:\Windows\System\RjPfALZ.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\goNCOPM.exe
  C:\Windows\System\goNCOPM.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\PEWwIxh.exe
  C:\Windows\System\PEWwIxh.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\LTfpYOE.exe
  C:\Windows\System\LTfpYOE.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\DHudmIb.exe
  C:\Windows\System\DHudmIb.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\fwCkveT.exe
  C:\Windows\System\fwCkveT.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\VwGTFIj.exe
  C:\Windows\System\VwGTFIj.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\SAEoFjr.exe
  C:\Windows\System\SAEoFjr.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\RtZmrHT.exe
  C:\Windows\System\RtZmrHT.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\GpMkmTH.exe
  C:\Windows\System\GpMkmTH.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\brPyEHw.exe
  C:\Windows\System\brPyEHw.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\hwGjazx.exe
  C:\Windows\System\hwGjazx.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\NzSXeDq.exe
  C:\Windows\System\NzSXeDq.exe
  2⤵
  PID:2704
- C:\Windows\System\uCckSiR.exe
  C:\Windows\System\uCckSiR.exe
  2⤵
  PID:1404
- C:\Windows\System\smZcppC.exe
  C:\Windows\System\smZcppC.exe
  2⤵
  PID:2832
- C:\Windows\System\XXRTZUG.exe
  C:\Windows\System\XXRTZUG.exe
  2⤵
  PID:3036
- C:\Windows\System\LkWENwX.exe
  C:\Windows\System\LkWENwX.exe
  2⤵
  PID:2896
- C:\Windows\System\cxxzFWd.exe
  C:\Windows\System\cxxzFWd.exe
  2⤵
  PID:2924
- C:\Windows\System\MSklcps.exe
  C:\Windows\System\MSklcps.exe
  2⤵
  PID:2720
- C:\Windows\System\yNuovhn.exe
  C:\Windows\System\yNuovhn.exe
  2⤵
  PID:2064
- C:\Windows\System\CiDscDz.exe
  C:\Windows\System\CiDscDz.exe
  2⤵
  PID:1840
- C:\Windows\System\KcnKoEA.exe
  C:\Windows\System\KcnKoEA.exe
  2⤵
  PID:2888
- C:\Windows\System\uUsmgIS.exe
  C:\Windows\System\uUsmgIS.exe
  2⤵
  PID:2808
- C:\Windows\System\GZZhXZM.exe
  C:\Windows\System\GZZhXZM.exe
  2⤵
  PID:1848
- C:\Windows\System\oVFGnbN.exe
  C:\Windows\System\oVFGnbN.exe
  2⤵
  PID:2520
- C:\Windows\System\TGATOnm.exe
  C:\Windows\System\TGATOnm.exe
  2⤵
  PID:1156
- C:\Windows\System\hAiXfCT.exe
  C:\Windows\System\hAiXfCT.exe
  2⤵
  PID:1884
- C:\Windows\System\IAZDOvu.exe
  C:\Windows\System\IAZDOvu.exe
  2⤵
  PID:1600
- C:\Windows\System\NAMtmyl.exe
  C:\Windows\System\NAMtmyl.exe
  2⤵
  PID:2348
- C:\Windows\System\jejCXHG.exe
  C:\Windows\System\jejCXHG.exe
  2⤵
  PID:2044
- C:\Windows\System\hXadorI.exe
  C:\Windows\System\hXadorI.exe
  2⤵
  PID:1192
- C:\Windows\System\ojagLWj.exe
  C:\Windows\System\ojagLWj.exe
  2⤵
  PID:832
- C:\Windows\System\xoGuvaZ.exe
  C:\Windows\System\xoGuvaZ.exe
  2⤵
  PID:1472
- C:\Windows\System\ZXCOFWX.exe
  C:\Windows\System\ZXCOFWX.exe
  2⤵
  PID:2384
- C:\Windows\System\OSsaYdJ.exe
  C:\Windows\System\OSsaYdJ.exe
  2⤵
  PID:2476
- C:\Windows\System\jfsELIL.exe
  C:\Windows\System\jfsELIL.exe
  2⤵
  PID:2392
- C:\Windows\System\gHrYVuM.exe
  C:\Windows\System\gHrYVuM.exe
  2⤵
  PID:3020
- C:\Windows\System\PhjcKCj.exe
  C:\Windows\System\PhjcKCj.exe
  2⤵
  PID:2184
- C:\Windows\System\UgjgBsY.exe
  C:\Windows\System\UgjgBsY.exe
  2⤵
  PID:1908
- C:\Windows\System\zuvdZGT.exe
  C:\Windows\System\zuvdZGT.exe
  2⤵
  PID:1856
- C:\Windows\System\yCQHfCU.exe
  C:\Windows\System\yCQHfCU.exe
  2⤵
  PID:996
- C:\Windows\System\uupNatU.exe
  C:\Windows\System\uupNatU.exe
  2⤵
  PID:1664
- C:\Windows\System\ogCwbKS.exe
  C:\Windows\System\ogCwbKS.exe
  2⤵
  PID:2836
- C:\Windows\System\ihmznhC.exe
  C:\Windows\System\ihmznhC.exe
  2⤵
  PID:1500
- C:\Windows\System\dKoxqJS.exe
  C:\Windows\System\dKoxqJS.exe
  2⤵
  PID:2852
- C:\Windows\System\beguVdY.exe
  C:\Windows\System\beguVdY.exe
  2⤵
  PID:2844
- C:\Windows\System\saMIyzN.exe
  C:\Windows\System\saMIyzN.exe
  2⤵
  PID:2916
- C:\Windows\System\VfQRmzZ.exe
  C:\Windows\System\VfQRmzZ.exe
  2⤵
  PID:3052
- C:\Windows\System\HWsBaWL.exe
  C:\Windows\System\HWsBaWL.exe
  2⤵
  PID:1240
- C:\Windows\System\hxbOHgK.exe
  C:\Windows\System\hxbOHgK.exe
  2⤵
  PID:1232
- C:\Windows\System\pnAQEyu.exe
  C:\Windows\System\pnAQEyu.exe
  2⤵
  PID:1892
- C:\Windows\System\bdISNxu.exe
  C:\Windows\System\bdISNxu.exe
  2⤵
  PID:2112
- C:\Windows\System\AylpfNn.exe
  C:\Windows\System\AylpfNn.exe
  2⤵
  PID:2340
- C:\Windows\System\eVWvFCO.exe
  C:\Windows\System\eVWvFCO.exe
  2⤵
  PID:3076
- C:\Windows\System\jTyqkjg.exe
  C:\Windows\System\jTyqkjg.exe
  2⤵
  PID:3092
- C:\Windows\System\PjJCgjG.exe
  C:\Windows\System\PjJCgjG.exe
  2⤵
  PID:3108
- C:\Windows\System\ZoTGAZo.exe
  C:\Windows\System\ZoTGAZo.exe
  2⤵
  PID:3124
- C:\Windows\System\QggXAYs.exe
  C:\Windows\System\QggXAYs.exe
  2⤵
  PID:3140
- C:\Windows\System\hjxenVt.exe
  C:\Windows\System\hjxenVt.exe
  2⤵
  PID:3156
- C:\Windows\System\rUveduB.exe
  C:\Windows\System\rUveduB.exe
  2⤵
  PID:3172
- C:\Windows\System\wiRXjbB.exe
  C:\Windows\System\wiRXjbB.exe
  2⤵
  PID:3188
- C:\Windows\System\NFOjVfN.exe
  C:\Windows\System\NFOjVfN.exe
  2⤵
  PID:3204
- C:\Windows\System\Cnpeoxv.exe
  C:\Windows\System\Cnpeoxv.exe
  2⤵
  PID:3220
- C:\Windows\System\SKUTtti.exe
  C:\Windows\System\SKUTtti.exe
  2⤵
  PID:3236
- C:\Windows\System\aFhZgzK.exe
  C:\Windows\System\aFhZgzK.exe
  2⤵
  PID:3252
- C:\Windows\System\csvMXuz.exe
  C:\Windows\System\csvMXuz.exe
  2⤵
  PID:3268
- C:\Windows\System\sRpFrRQ.exe
  C:\Windows\System\sRpFrRQ.exe
  2⤵
  PID:3284
- C:\Windows\System\BmdJHYF.exe
  C:\Windows\System\BmdJHYF.exe
  2⤵
  PID:3300
- C:\Windows\System\MvFWlxP.exe
  C:\Windows\System\MvFWlxP.exe
  2⤵
  PID:3316
- C:\Windows\System\EPxzRTV.exe
  C:\Windows\System\EPxzRTV.exe
  2⤵
  PID:3332
- C:\Windows\System\xdRuAGm.exe
  C:\Windows\System\xdRuAGm.exe
  2⤵
  PID:3348
- C:\Windows\System\TcWxbGg.exe
  C:\Windows\System\TcWxbGg.exe
  2⤵
  PID:3364
- C:\Windows\System\PRlFboe.exe
  C:\Windows\System\PRlFboe.exe
  2⤵
  PID:3380
- C:\Windows\System\XfeBDuG.exe
  C:\Windows\System\XfeBDuG.exe
  2⤵
  PID:3396
- C:\Windows\System\LoPDLAc.exe
  C:\Windows\System\LoPDLAc.exe
  2⤵
  PID:3412
- C:\Windows\System\KwkZCLm.exe
  C:\Windows\System\KwkZCLm.exe
  2⤵
  PID:3428
- C:\Windows\System\LXdkgle.exe
  C:\Windows\System\LXdkgle.exe
  2⤵
  PID:3444
- C:\Windows\System\OdrWeCu.exe
  C:\Windows\System\OdrWeCu.exe
  2⤵
  PID:3460
- C:\Windows\System\plGHxKw.exe
  C:\Windows\System\plGHxKw.exe
  2⤵
  PID:3476
- C:\Windows\System\gjlBJcj.exe
  C:\Windows\System\gjlBJcj.exe
  2⤵
  PID:3492
- C:\Windows\System\kyFwVER.exe
  C:\Windows\System\kyFwVER.exe
  2⤵
  PID:3508
- C:\Windows\System\glENnEW.exe
  C:\Windows\System\glENnEW.exe
  2⤵
  PID:3524
- C:\Windows\System\CcpXwQq.exe
  C:\Windows\System\CcpXwQq.exe
  2⤵
  PID:3540
- C:\Windows\System\ZPvODsH.exe
  C:\Windows\System\ZPvODsH.exe
  2⤵
  PID:3556
- C:\Windows\System\cHoqwLe.exe
  C:\Windows\System\cHoqwLe.exe
  2⤵
  PID:3572
- C:\Windows\System\MKVMxrJ.exe
  C:\Windows\System\MKVMxrJ.exe
  2⤵
  PID:3588
- C:\Windows\System\gJGZODc.exe
  C:\Windows\System\gJGZODc.exe
  2⤵
  PID:3604
- C:\Windows\System\xBNzurR.exe
  C:\Windows\System\xBNzurR.exe
  2⤵
  PID:3620
- C:\Windows\System\fzvEsBn.exe
  C:\Windows\System\fzvEsBn.exe
  2⤵
  PID:3636
- C:\Windows\System\atkZxRJ.exe
  C:\Windows\System\atkZxRJ.exe
  2⤵
  PID:3652
- C:\Windows\System\ZlIsDJZ.exe
  C:\Windows\System\ZlIsDJZ.exe
  2⤵
  PID:3668
- C:\Windows\System\ktwKOns.exe
  C:\Windows\System\ktwKOns.exe
  2⤵
  PID:3684
- C:\Windows\System\SCSgjkN.exe
  C:\Windows\System\SCSgjkN.exe
  2⤵
  PID:3700
- C:\Windows\System\quCYmOg.exe
  C:\Windows\System\quCYmOg.exe
  2⤵
  PID:3716
- C:\Windows\System\vgxLBQM.exe
  C:\Windows\System\vgxLBQM.exe
  2⤵
  PID:3732
- C:\Windows\System\qTgtjJa.exe
  C:\Windows\System\qTgtjJa.exe
  2⤵
  PID:3748
- C:\Windows\System\jCAUFDH.exe
  C:\Windows\System\jCAUFDH.exe
  2⤵
  PID:3764
- C:\Windows\System\HgwaOcz.exe
  C:\Windows\System\HgwaOcz.exe
  2⤵
  PID:3780
- C:\Windows\System\oOtucVH.exe
  C:\Windows\System\oOtucVH.exe
  2⤵
  PID:3796
- C:\Windows\System\BABCKyf.exe
  C:\Windows\System\BABCKyf.exe
  2⤵
  PID:3812
- C:\Windows\System\RiQhNHo.exe
  C:\Windows\System\RiQhNHo.exe
  2⤵
  PID:3828
- C:\Windows\System\hjSnCBp.exe
  C:\Windows\System\hjSnCBp.exe
  2⤵
  PID:3844
- C:\Windows\System\RmiYTaf.exe
  C:\Windows\System\RmiYTaf.exe
  2⤵
  PID:3860
- C:\Windows\System\ZwcegVJ.exe
  C:\Windows\System\ZwcegVJ.exe
  2⤵
  PID:3876
- C:\Windows\System\sdzVrOe.exe
  C:\Windows\System\sdzVrOe.exe
  2⤵
  PID:3892
- C:\Windows\System\MQxqBVH.exe
  C:\Windows\System\MQxqBVH.exe
  2⤵
  PID:3908
- C:\Windows\System\DOGLyJY.exe
  C:\Windows\System\DOGLyJY.exe
  2⤵
  PID:3924
- C:\Windows\System\QVzWhSw.exe
  C:\Windows\System\QVzWhSw.exe
  2⤵
  PID:3940
- C:\Windows\System\znvIjhV.exe
  C:\Windows\System\znvIjhV.exe
  2⤵
  PID:3956
- C:\Windows\System\eThiZAw.exe
  C:\Windows\System\eThiZAw.exe
  2⤵
  PID:3972
- C:\Windows\System\ZHXGeKV.exe
  C:\Windows\System\ZHXGeKV.exe
  2⤵
  PID:3988
- C:\Windows\System\QktRhtX.exe
  C:\Windows\System\QktRhtX.exe
  2⤵
  PID:4004
- C:\Windows\System\RdDlVzS.exe
  C:\Windows\System\RdDlVzS.exe
  2⤵
  PID:4020
- C:\Windows\System\fVvKIfA.exe
  C:\Windows\System\fVvKIfA.exe
  2⤵
  PID:4036
- C:\Windows\System\AggNKJL.exe
  C:\Windows\System\AggNKJL.exe
  2⤵
  PID:4052
- C:\Windows\System\ulnyeHJ.exe
  C:\Windows\System\ulnyeHJ.exe
  2⤵
  PID:4068
- C:\Windows\System\PSlmtVy.exe
  C:\Windows\System\PSlmtVy.exe
  2⤵
  PID:4084
- C:\Windows\System\JOHxLqM.exe
  C:\Windows\System\JOHxLqM.exe
  2⤵
  PID:2496
- C:\Windows\System\BMvVlzC.exe
  C:\Windows\System\BMvVlzC.exe
  2⤵
  PID:2508
- C:\Windows\System\iyYTBgm.exe
  C:\Windows\System\iyYTBgm.exe
  2⤵
  PID:1636
- C:\Windows\System\zJjCdON.exe
  C:\Windows\System\zJjCdON.exe
  2⤵
  PID:600
- C:\Windows\System\jSrBAjS.exe
  C:\Windows\System\jSrBAjS.exe
  2⤵
  PID:2992
- C:\Windows\System\shTQLyl.exe
  C:\Windows\System\shTQLyl.exe
  2⤵
  PID:984
- C:\Windows\System\xZVybfM.exe
  C:\Windows\System\xZVybfM.exe
  2⤵
  PID:1540
- C:\Windows\System\nkbsfjv.exe
  C:\Windows\System\nkbsfjv.exe
  2⤵
  PID:1256
- C:\Windows\System\znvLwIN.exe
  C:\Windows\System\znvLwIN.exe
  2⤵
  PID:1172
- C:\Windows\System\QyWuiVe.exe
  C:\Windows\System\QyWuiVe.exe
  2⤵
  PID:2800
- C:\Windows\System\hiPKVdu.exe
  C:\Windows\System\hiPKVdu.exe
  2⤵
  PID:2120
- C:\Windows\System\ieHwNeg.exe
  C:\Windows\System\ieHwNeg.exe
  2⤵
  PID:900
- C:\Windows\System\dmuCDCd.exe
  C:\Windows\System\dmuCDCd.exe
  2⤵
  PID:2660
- C:\Windows\System\exhJIBC.exe
  C:\Windows\System\exhJIBC.exe
  2⤵
  PID:3132
- C:\Windows\System\HufGXJM.exe
  C:\Windows\System\HufGXJM.exe
  2⤵
  PID:3088
- C:\Windows\System\TBFDyWD.exe
  C:\Windows\System\TBFDyWD.exe
  2⤵
  PID:3196
- C:\Windows\System\vZMygbg.exe
  C:\Windows\System\vZMygbg.exe
  2⤵
  PID:3184
- C:\Windows\System\XmTHBJx.exe
  C:\Windows\System\XmTHBJx.exe
  2⤵
  PID:3228
- C:\Windows\System\piuJHkp.exe
  C:\Windows\System\piuJHkp.exe
  2⤵
  PID:3260
- C:\Windows\System\RmZWbPD.exe
  C:\Windows\System\RmZWbPD.exe
  2⤵
  PID:3292
- C:\Windows\System\SMiyfKS.exe
  C:\Windows\System\SMiyfKS.exe
  2⤵
  PID:3308
- C:\Windows\System\nzwvuFs.exe
  C:\Windows\System\nzwvuFs.exe
  2⤵
  PID:3360
- C:\Windows\System\CAxMOmM.exe
  C:\Windows\System\CAxMOmM.exe
  2⤵
  PID:3376
- C:\Windows\System\PJxxxbS.exe
  C:\Windows\System\PJxxxbS.exe
  2⤵
  PID:3424
- C:\Windows\System\VBiVesS.exe
  C:\Windows\System\VBiVesS.exe
  2⤵
  PID:3440
- C:\Windows\System\OIIEawW.exe
  C:\Windows\System\OIIEawW.exe
  2⤵
  PID:3472
- C:\Windows\System\WuLibxb.exe
  C:\Windows\System\WuLibxb.exe
  2⤵
  PID:3520
- C:\Windows\System\PxMMiyR.exe
  C:\Windows\System\PxMMiyR.exe
  2⤵
  PID:3536
- C:\Windows\System\UqhXruu.exe
  C:\Windows\System\UqhXruu.exe
  2⤵
  PID:3584
- C:\Windows\System\dUEgULD.exe
  C:\Windows\System\dUEgULD.exe
  2⤵
  PID:3600
- C:\Windows\System\TwDBEmA.exe
  C:\Windows\System\TwDBEmA.exe
  2⤵
  PID:3632
- C:\Windows\System\XKOoHLF.exe
  C:\Windows\System\XKOoHLF.exe
  2⤵
  PID:3664
- C:\Windows\System\pTuzRwT.exe
  C:\Windows\System\pTuzRwT.exe
  2⤵
  PID:3712
- C:\Windows\System\shDlIwb.exe
  C:\Windows\System\shDlIwb.exe
  2⤵
  PID:3744
- C:\Windows\System\sLwccgp.exe
  C:\Windows\System\sLwccgp.exe
  2⤵
  PID:3760
- C:\Windows\System\ZCBvhIq.exe
  C:\Windows\System\ZCBvhIq.exe
  2⤵
  PID:3792
- C:\Windows\System\WCiCCUr.exe
  C:\Windows\System\WCiCCUr.exe
  2⤵
  PID:3820
- C:\Windows\System\KLvMSUD.exe
  C:\Windows\System\KLvMSUD.exe
  2⤵
  PID:3872
- C:\Windows\System\ImOyrhI.exe
  C:\Windows\System\ImOyrhI.exe
  2⤵
  PID:3888
- C:\Windows\System\wJhDzPd.exe
  C:\Windows\System\wJhDzPd.exe
  2⤵
  PID:3920
- C:\Windows\System\fVNgKeY.exe
  C:\Windows\System\fVNgKeY.exe
  2⤵
  PID:3952
- C:\Windows\System\MNwCHTF.exe
  C:\Windows\System\MNwCHTF.exe
  2⤵
  PID:3984
- C:\Windows\System\oNvWGPT.exe
  C:\Windows\System\oNvWGPT.exe
  2⤵
  PID:4016
- C:\Windows\System\gzyEcLy.exe
  C:\Windows\System\gzyEcLy.exe
  2⤵
  PID:2408
- C:\Windows\System\CrQpNhw.exe
  C:\Windows\System\CrQpNhw.exe
  2⤵
  PID:4076
- C:\Windows\System\yRkqjxV.exe
  C:\Windows\System\yRkqjxV.exe
  2⤵
  PID:1932
- C:\Windows\System\aatNKmg.exe
  C:\Windows\System\aatNKmg.exe
  2⤵
  PID:1844
- C:\Windows\System\EsfhLjg.exe
  C:\Windows\System\EsfhLjg.exe
  2⤵
  PID:3004
- C:\Windows\System\lFUIzaR.exe
  C:\Windows\System\lFUIzaR.exe
  2⤵
  PID:1612
- C:\Windows\System\NnwidLU.exe
  C:\Windows\System\NnwidLU.exe
  2⤵
  PID:3028
- C:\Windows\System\jFrilIG.exe
  C:\Windows\System\jFrilIG.exe
  2⤵
  PID:1544
- C:\Windows\System\ZIQUoIy.exe
  C:\Windows\System\ZIQUoIy.exe
  2⤵
  PID:3120
- C:\Windows\System\vHYWWke.exe
  C:\Windows\System\vHYWWke.exe
  2⤵
  PID:3164
- C:\Windows\System\RehYIwW.exe
  C:\Windows\System\RehYIwW.exe
  2⤵
  PID:3180
- C:\Windows\System\VRpBwCT.exe
  C:\Windows\System\VRpBwCT.exe
  2⤵
  PID:3216
- C:\Windows\System\QjwKjRX.exe
  C:\Windows\System\QjwKjRX.exe
  2⤵
  PID:3312
- C:\Windows\System\otGIulj.exe
  C:\Windows\System\otGIulj.exe
  2⤵
  PID:3356
- C:\Windows\System\RgLtzgz.exe
  C:\Windows\System\RgLtzgz.exe
  2⤵
  PID:3452
- C:\Windows\System\YEczjQp.exe
  C:\Windows\System\YEczjQp.exe
  2⤵
  PID:3516
- C:\Windows\System\NPqiUGT.exe
  C:\Windows\System\NPqiUGT.exe
  2⤵
  PID:3532
- C:\Windows\System\qcRNgHa.exe
  C:\Windows\System\qcRNgHa.exe
  2⤵
  PID:3644
- C:\Windows\System\LfNSqMc.exe
  C:\Windows\System\LfNSqMc.exe
  2⤵
  PID:3708
- C:\Windows\System\zxJczkd.exe
  C:\Windows\System\zxJczkd.exe
  2⤵
  PID:3740
- C:\Windows\System\yTCXtlp.exe
  C:\Windows\System\yTCXtlp.exe
  2⤵
  PID:3824
- C:\Windows\System\zwJRvQz.exe
  C:\Windows\System\zwJRvQz.exe
  2⤵
  PID:3900
- C:\Windows\System\fEtKBxe.exe
  C:\Windows\System\fEtKBxe.exe
  2⤵
  PID:3964
- C:\Windows\System\VQxUMia.exe
  C:\Windows\System\VQxUMia.exe
  2⤵
  PID:2760
- C:\Windows\System\AevTzoT.exe
  C:\Windows\System\AevTzoT.exe
  2⤵
  PID:4064
- C:\Windows\System\PXAanRE.exe
  C:\Windows\System\PXAanRE.exe
  2⤵
  PID:1320
- C:\Windows\System\TwvyyPt.exe
  C:\Windows\System\TwvyyPt.exe
  2⤵
  PID:2440
- C:\Windows\System\yCcXmKs.exe
  C:\Windows\System\yCcXmKs.exe
  2⤵
  PID:2608
- C:\Windows\System\bhkoqnZ.exe
  C:\Windows\System\bhkoqnZ.exe
  2⤵
  PID:3116
- C:\Windows\System\jRERIkU.exe
  C:\Windows\System\jRERIkU.exe
  2⤵
  PID:3248
- C:\Windows\System\stzAosG.exe
  C:\Windows\System\stzAosG.exe
  2⤵
  PID:4112
- C:\Windows\System\FmbtLae.exe
  C:\Windows\System\FmbtLae.exe
  2⤵
  PID:4128
- C:\Windows\System\UIEYCbI.exe
  C:\Windows\System\UIEYCbI.exe
  2⤵
  PID:4144
- C:\Windows\System\KTDvOqz.exe
  C:\Windows\System\KTDvOqz.exe
  2⤵
  PID:4160
- C:\Windows\System\YCSRUhg.exe
  C:\Windows\System\YCSRUhg.exe
  2⤵
  PID:4176
- C:\Windows\System\DKtvHos.exe
  C:\Windows\System\DKtvHos.exe
  2⤵
  PID:4192
- C:\Windows\System\FiDSWDe.exe
  C:\Windows\System\FiDSWDe.exe
  2⤵
  PID:4208
- C:\Windows\System\NvmbXdA.exe
  C:\Windows\System\NvmbXdA.exe
  2⤵
  PID:4224
- C:\Windows\System\cYNRqbH.exe
  C:\Windows\System\cYNRqbH.exe
  2⤵
  PID:4240
- C:\Windows\System\juTZifq.exe
  C:\Windows\System\juTZifq.exe
  2⤵
  PID:4256
- C:\Windows\System\IbNwcgK.exe
  C:\Windows\System\IbNwcgK.exe
  2⤵
  PID:4272
- C:\Windows\System\herNOBM.exe
  C:\Windows\System\herNOBM.exe
  2⤵
  PID:4292
- C:\Windows\System\pUEWbKz.exe
  C:\Windows\System\pUEWbKz.exe
  2⤵
  PID:4308
- C:\Windows\System\NcGRDyM.exe
  C:\Windows\System\NcGRDyM.exe
  2⤵
  PID:4324
- C:\Windows\System\bxWJAqi.exe
  C:\Windows\System\bxWJAqi.exe
  2⤵
  PID:4340
- C:\Windows\System\ScIpfYH.exe
  C:\Windows\System\ScIpfYH.exe
  2⤵
  PID:4356
- C:\Windows\System\FvspnBH.exe
  C:\Windows\System\FvspnBH.exe
  2⤵
  PID:4372
- C:\Windows\System\gObOEJm.exe
  C:\Windows\System\gObOEJm.exe
  2⤵
  PID:4388
- C:\Windows\System\JIGynbD.exe
  C:\Windows\System\JIGynbD.exe
  2⤵
  PID:4404
- C:\Windows\System\lWPQTIq.exe
  C:\Windows\System\lWPQTIq.exe
  2⤵
  PID:4420
- C:\Windows\System\VuMQxbc.exe
  C:\Windows\System\VuMQxbc.exe
  2⤵
  PID:4436
- C:\Windows\System\nOvdRtH.exe
  C:\Windows\System\nOvdRtH.exe
  2⤵
  PID:4452
- C:\Windows\System\vPuMJbc.exe
  C:\Windows\System\vPuMJbc.exe
  2⤵
  PID:4468
- C:\Windows\System\QwTjTvX.exe
  C:\Windows\System\QwTjTvX.exe
  2⤵
  PID:4488
- C:\Windows\System\jNICrbQ.exe
  C:\Windows\System\jNICrbQ.exe
  2⤵
  PID:4504
- C:\Windows\System\PUDgBCJ.exe
  C:\Windows\System\PUDgBCJ.exe
  2⤵
  PID:4520
- C:\Windows\System\xVfXQOL.exe
  C:\Windows\System\xVfXQOL.exe
  2⤵
  PID:4536
- C:\Windows\System\GNKDjLQ.exe
  C:\Windows\System\GNKDjLQ.exe
  2⤵
  PID:4552
- C:\Windows\System\DcHzQbA.exe
  C:\Windows\System\DcHzQbA.exe
  2⤵
  PID:4568
- C:\Windows\System\aPkIkNN.exe
  C:\Windows\System\aPkIkNN.exe
  2⤵
  PID:4584
- C:\Windows\System\KbecdVF.exe
  C:\Windows\System\KbecdVF.exe
  2⤵
  PID:4600
- C:\Windows\System\TdDoidV.exe
  C:\Windows\System\TdDoidV.exe
  2⤵
  PID:4616
- C:\Windows\System\QSfepss.exe
  C:\Windows\System\QSfepss.exe
  2⤵
  PID:4632
- C:\Windows\System\GpwmAmV.exe
  C:\Windows\System\GpwmAmV.exe
  2⤵
  PID:4648
- C:\Windows\System\LlLhPZz.exe
  C:\Windows\System\LlLhPZz.exe
  2⤵
  PID:4664
- C:\Windows\System\xMqsbnD.exe
  C:\Windows\System\xMqsbnD.exe
  2⤵
  PID:4680
- C:\Windows\System\AdUdYSj.exe
  C:\Windows\System\AdUdYSj.exe
  2⤵
  PID:4696
- C:\Windows\System\xQVtqwg.exe
  C:\Windows\System\xQVtqwg.exe
  2⤵
  PID:4712
- C:\Windows\System\XzfUtlj.exe
  C:\Windows\System\XzfUtlj.exe
  2⤵
  PID:4728
- C:\Windows\System\UgSVQoK.exe
  C:\Windows\System\UgSVQoK.exe
  2⤵
  PID:4744
- C:\Windows\System\ftaUFae.exe
  C:\Windows\System\ftaUFae.exe
  2⤵
  PID:4760
- C:\Windows\System\CtXpNfT.exe
  C:\Windows\System\CtXpNfT.exe
  2⤵
  PID:4776
- C:\Windows\System\EXyUpMP.exe
  C:\Windows\System\EXyUpMP.exe
  2⤵
  PID:4792
- C:\Windows\System\KxsJCcU.exe
  C:\Windows\System\KxsJCcU.exe
  2⤵
  PID:4808
- C:\Windows\System\RQtBszD.exe
  C:\Windows\System\RQtBszD.exe
  2⤵
  PID:4824
- C:\Windows\System\VtmaLHX.exe
  C:\Windows\System\VtmaLHX.exe
  2⤵
  PID:4840
- C:\Windows\System\zEfkqdw.exe
  C:\Windows\System\zEfkqdw.exe
  2⤵
  PID:4856
- C:\Windows\System\FPaGzMq.exe
  C:\Windows\System\FPaGzMq.exe
  2⤵
  PID:4872
- C:\Windows\System\fRNxtsC.exe
  C:\Windows\System\fRNxtsC.exe
  2⤵
  PID:4888
- C:\Windows\System\FZdFHuv.exe
  C:\Windows\System\FZdFHuv.exe
  2⤵
  PID:4904
- C:\Windows\System\hmwcYoZ.exe
  C:\Windows\System\hmwcYoZ.exe
  2⤵
  PID:4920
- C:\Windows\System\qtUzrPw.exe
  C:\Windows\System\qtUzrPw.exe
  2⤵
  PID:4936
- C:\Windows\System\TRgSJjd.exe
  C:\Windows\System\TRgSJjd.exe
  2⤵
  PID:4952
- C:\Windows\System\vJyfcqm.exe
  C:\Windows\System\vJyfcqm.exe
  2⤵
  PID:4968
- C:\Windows\System\PPhPgRL.exe
  C:\Windows\System\PPhPgRL.exe
  2⤵
  PID:4984
- C:\Windows\System\gpaVuRr.exe
  C:\Windows\System\gpaVuRr.exe
  2⤵
  PID:5000
- C:\Windows\System\HdiwXyQ.exe
  C:\Windows\System\HdiwXyQ.exe
  2⤵
  PID:5016
- C:\Windows\System\VEbsSQO.exe
  C:\Windows\System\VEbsSQO.exe
  2⤵
  PID:5032
- C:\Windows\System\sjKiyZr.exe
  C:\Windows\System\sjKiyZr.exe
  2⤵
  PID:5048
- C:\Windows\System\vVHelEV.exe
  C:\Windows\System\vVHelEV.exe
  2⤵
  PID:5064
- C:\Windows\System\uWAyPks.exe
  C:\Windows\System\uWAyPks.exe
  2⤵
  PID:5080
- C:\Windows\System\tbRNlbq.exe
  C:\Windows\System\tbRNlbq.exe
  2⤵
  PID:5096
- C:\Windows\System\MoFHzTG.exe
  C:\Windows\System\MoFHzTG.exe
  2⤵
  PID:5112
- C:\Windows\System\eeIEhaM.exe
  C:\Windows\System\eeIEhaM.exe
  2⤵
  PID:3280
- C:\Windows\System\XcMCTEz.exe
  C:\Windows\System\XcMCTEz.exe
  2⤵
  PID:3436
- C:\Windows\System\SbxuADV.exe
  C:\Windows\System\SbxuADV.exe
  2⤵
  PID:3580
- C:\Windows\System\daxGcKi.exe
  C:\Windows\System\daxGcKi.exe
  2⤵
  PID:3676
- C:\Windows\System\MtxvzGN.exe
  C:\Windows\System\MtxvzGN.exe
  2⤵
  PID:3868
- C:\Windows\System\XSCHjmZ.exe
  C:\Windows\System\XSCHjmZ.exe
  2⤵
  PID:3948
- C:\Windows\System\tCbGUyq.exe
  C:\Windows\System\tCbGUyq.exe
  2⤵
  PID:1288
- C:\Windows\System\JEyNooS.exe
  C:\Windows\System\JEyNooS.exe
  2⤵
  PID:2548
- C:\Windows\System\VGMRLAi.exe
  C:\Windows\System\VGMRLAi.exe
  2⤵
  PID:2412
- C:\Windows\System\AtLcDTa.exe
  C:\Windows\System\AtLcDTa.exe
  2⤵
  PID:4124
- C:\Windows\System\DAeczOj.exe
  C:\Windows\System\DAeczOj.exe
  2⤵
  PID:4156
- C:\Windows\System\TAoriUy.exe
  C:\Windows\System\TAoriUy.exe
  2⤵
  PID:4168
- C:\Windows\System\wbignBX.exe
  C:\Windows\System\wbignBX.exe
  2⤵
  PID:4200
- C:\Windows\System\aIwQbHq.exe
  C:\Windows\System\aIwQbHq.exe
  2⤵
  PID:4252
- C:\Windows\System\iMTuhNx.exe
  C:\Windows\System\iMTuhNx.exe
  2⤵
  PID:4316
- C:\Windows\System\QgFvuQd.exe
  C:\Windows\System\QgFvuQd.exe
  2⤵
  PID:2564
- C:\Windows\System\aYHHBSN.exe
  C:\Windows\System\aYHHBSN.exe
  2⤵
  PID:4348
- C:\Windows\System\fGpgVMR.exe
  C:\Windows\System\fGpgVMR.exe
  2⤵
  PID:4364
- C:\Windows\System\PZUFESy.exe
  C:\Windows\System\PZUFESy.exe
  2⤵
  PID:4416
- C:\Windows\System\lfMNJRK.exe
  C:\Windows\System\lfMNJRK.exe
  2⤵
  PID:4400
- C:\Windows\System\jEfvMWN.exe
  C:\Windows\System\jEfvMWN.exe
  2⤵
  PID:4480
- C:\Windows\System\FfxnGGs.exe
  C:\Windows\System\FfxnGGs.exe
  2⤵
  PID:4512
- C:\Windows\System\bgGiPnH.exe
  C:\Windows\System\bgGiPnH.exe
  2⤵
  PID:4500
- C:\Windows\System\sxIXJrm.exe
  C:\Windows\System\sxIXJrm.exe
  2⤵
  PID:4576
- C:\Windows\System\WSwUdQI.exe
  C:\Windows\System\WSwUdQI.exe
  2⤵
  PID:4596
- C:\Windows\System\IGpoPZW.exe
  C:\Windows\System\IGpoPZW.exe
  2⤵
  PID:4560
- C:\Windows\System\DLdkMsI.exe
  C:\Windows\System\DLdkMsI.exe
  2⤵
  PID:4656
- C:\Windows\System\hwEoKme.exe
  C:\Windows\System\hwEoKme.exe
  2⤵
  PID:4704
- C:\Windows\System\WaHCGpy.exe
  C:\Windows\System\WaHCGpy.exe
  2⤵
  PID:4736
- C:\Windows\System\xLdpRaB.exe
  C:\Windows\System\xLdpRaB.exe
  2⤵
  PID:4768
- C:\Windows\System\fgmuKXw.exe
  C:\Windows\System\fgmuKXw.exe
  2⤵
  PID:4800
- C:\Windows\System\hDRxhrk.exe
  C:\Windows\System\hDRxhrk.exe
  2⤵
  PID:4816
- C:\Windows\System\GlBSzqQ.exe
  C:\Windows\System\GlBSzqQ.exe
  2⤵
  PID:4848
- C:\Windows\System\WTuvEns.exe
  C:\Windows\System\WTuvEns.exe
  2⤵
  PID:4896
- C:\Windows\System\hjvVwRu.exe
  C:\Windows\System\hjvVwRu.exe
  2⤵
  PID:4928
- C:\Windows\System\SrgrcNu.exe
  C:\Windows\System\SrgrcNu.exe
  2⤵
  PID:4948
- C:\Windows\System\JsJqvFX.exe
  C:\Windows\System\JsJqvFX.exe
  2⤵
  PID:4992
- C:\Windows\System\YQCDIyI.exe
  C:\Windows\System\YQCDIyI.exe
  2⤵
  PID:5024
- C:\Windows\System\LawTnsg.exe
  C:\Windows\System\LawTnsg.exe
  2⤵
  PID:5056
- C:\Windows\System\TYyasai.exe
  C:\Windows\System\TYyasai.exe
  2⤵
  PID:5088
- C:\Windows\System\iuMDjpR.exe
  C:\Windows\System\iuMDjpR.exe
  2⤵
  PID:3324
- C:\Windows\System\AakItTC.exe
  C:\Windows\System\AakItTC.exe
  2⤵
  PID:3564
- C:\Windows\System\pyJkkmn.exe
  C:\Windows\System\pyJkkmn.exe
  2⤵
  PID:3836
- C:\Windows\System\GerKrbK.exe
  C:\Windows\System\GerKrbK.exe
  2⤵
  PID:3980
- C:\Windows\System\ChqfxEz.exe
  C:\Windows\System\ChqfxEz.exe
  2⤵
  PID:3244
- C:\Windows\System\hIWhvGw.exe
  C:\Windows\System\hIWhvGw.exe
  2⤵
  PID:4104
- C:\Windows\System\zJuQbrW.exe
  C:\Windows\System\zJuQbrW.exe
  2⤵
  PID:4136
- C:\Windows\System\aUbMECt.exe
  C:\Windows\System\aUbMECt.exe
  2⤵
  PID:4248
- C:\Windows\System\AJKmJKg.exe
  C:\Windows\System\AJKmJKg.exe
  2⤵
  PID:4332
- C:\Windows\System\obQzvSX.exe
  C:\Windows\System\obQzvSX.exe
  2⤵
  PID:4380
- C:\Windows\System\eFDqyRQ.exe
  C:\Windows\System\eFDqyRQ.exe
  2⤵
  PID:4448
- C:\Windows\System\jRGccrV.exe
  C:\Windows\System\jRGccrV.exe
  2⤵
  PID:4544
- C:\Windows\System\mocBADh.exe
  C:\Windows\System\mocBADh.exe
  2⤵
  PID:4608
- C:\Windows\System\XwMprPp.exe
  C:\Windows\System\XwMprPp.exe
  2⤵
  PID:4564
- C:\Windows\System\GlXiHDm.exe
  C:\Windows\System\GlXiHDm.exe
  2⤵
  PID:4676
- C:\Windows\System\TpaSdBR.exe
  C:\Windows\System\TpaSdBR.exe
  2⤵
  PID:4740
- C:\Windows\System\bLWjTfu.exe
  C:\Windows\System\bLWjTfu.exe
  2⤵
  PID:4804
- C:\Windows\System\tlKOdYf.exe
  C:\Windows\System\tlKOdYf.exe
  2⤵
  PID:4868
- C:\Windows\System\apHvWCp.exe
  C:\Windows\System\apHvWCp.exe
  2⤵
  PID:4912
- C:\Windows\System\fZRKlQo.exe
  C:\Windows\System\fZRKlQo.exe
  2⤵
  PID:4944
- C:\Windows\System\ctLVNHC.exe
  C:\Windows\System\ctLVNHC.exe
  2⤵
  PID:5040
- C:\Windows\System\qKPOutn.exe
  C:\Windows\System\qKPOutn.exe
  2⤵
  PID:5104
- C:\Windows\System\vFnsFOm.exe
  C:\Windows\System\vFnsFOm.exe
  2⤵
  PID:3660
- C:\Windows\System\JZpNPYX.exe
  C:\Windows\System\JZpNPYX.exe
  2⤵
  PID:3104
- C:\Windows\System\EkzQSiK.exe
  C:\Windows\System\EkzQSiK.exe
  2⤵
  PID:4188
- C:\Windows\System\BkUuyeG.exe
  C:\Windows\System\BkUuyeG.exe
  2⤵
  PID:5128
- C:\Windows\System\HyBjXjQ.exe
  C:\Windows\System\HyBjXjQ.exe
  2⤵
  PID:5144
- C:\Windows\System\tQipqrW.exe
  C:\Windows\System\tQipqrW.exe
  2⤵
  PID:5160
- C:\Windows\System\KhFXTyu.exe
  C:\Windows\System\KhFXTyu.exe
  2⤵
  PID:5176
- C:\Windows\System\ConlwqW.exe
  C:\Windows\System\ConlwqW.exe
  2⤵
  PID:5192
- C:\Windows\System\mKAelhG.exe
  C:\Windows\System\mKAelhG.exe
  2⤵
  PID:5208
- C:\Windows\System\VQvbJls.exe
  C:\Windows\System\VQvbJls.exe
  2⤵
  PID:5224
- C:\Windows\System\MVmIPKO.exe
  C:\Windows\System\MVmIPKO.exe
  2⤵
  PID:5240
- C:\Windows\System\GnNgZhj.exe
  C:\Windows\System\GnNgZhj.exe
  2⤵
  PID:5256
- C:\Windows\System\CVLRgVf.exe
  C:\Windows\System\CVLRgVf.exe
  2⤵
  PID:5272
- C:\Windows\System\QhzvIRM.exe
  C:\Windows\System\QhzvIRM.exe
  2⤵
  PID:5288
- C:\Windows\System\gmrWzJV.exe
  C:\Windows\System\gmrWzJV.exe
  2⤵
  PID:5304
- C:\Windows\System\Nhvmtol.exe
  C:\Windows\System\Nhvmtol.exe
  2⤵
  PID:5320
- C:\Windows\System\GArQfew.exe
  C:\Windows\System\GArQfew.exe
  2⤵
  PID:5336
- C:\Windows\System\RwGdzus.exe
  C:\Windows\System\RwGdzus.exe
  2⤵
  PID:5352
- C:\Windows\System\wcEZviu.exe
  C:\Windows\System\wcEZviu.exe
  2⤵
  PID:5368
- C:\Windows\System\HWxoPJU.exe
  C:\Windows\System\HWxoPJU.exe
  2⤵
  PID:5384
- C:\Windows\System\GmzcqXt.exe
  C:\Windows\System\GmzcqXt.exe
  2⤵
  PID:5400
- C:\Windows\System\cqpdoaX.exe
  C:\Windows\System\cqpdoaX.exe
  2⤵
  PID:5416
- C:\Windows\System\icEiJYo.exe
  C:\Windows\System\icEiJYo.exe
  2⤵
  PID:5432
- C:\Windows\System\xNhSFaQ.exe
  C:\Windows\System\xNhSFaQ.exe
  2⤵
  PID:5448
- C:\Windows\System\svBUqbN.exe
  C:\Windows\System\svBUqbN.exe
  2⤵
  PID:5464
- C:\Windows\System\hjriYPo.exe
  C:\Windows\System\hjriYPo.exe
  2⤵
  PID:5480
- C:\Windows\System\XMNWIgo.exe
  C:\Windows\System\XMNWIgo.exe
  2⤵
  PID:5496
- C:\Windows\System\EPpHwQm.exe
  C:\Windows\System\EPpHwQm.exe
  2⤵
  PID:5512
- C:\Windows\System\UrwuuCD.exe
  C:\Windows\System\UrwuuCD.exe
  2⤵
  PID:5528
- C:\Windows\System\igFXGUO.exe
  C:\Windows\System\igFXGUO.exe
  2⤵
  PID:5544
- C:\Windows\System\MCahrMC.exe
  C:\Windows\System\MCahrMC.exe
  2⤵
  PID:5560
- C:\Windows\System\zzdawZu.exe
  C:\Windows\System\zzdawZu.exe
  2⤵
  PID:5576
- C:\Windows\System\CxHGcoN.exe
  C:\Windows\System\CxHGcoN.exe
  2⤵
  PID:5592
- C:\Windows\System\MVVpROD.exe
  C:\Windows\System\MVVpROD.exe
  2⤵
  PID:5608
- C:\Windows\System\zdfwlVF.exe
  C:\Windows\System\zdfwlVF.exe
  2⤵
  PID:5624
- C:\Windows\System\zpoKMlm.exe
  C:\Windows\System\zpoKMlm.exe
  2⤵
  PID:5640
- C:\Windows\System\Vbforrj.exe
  C:\Windows\System\Vbforrj.exe
  2⤵
  PID:5656
- C:\Windows\System\mxYuwXO.exe
  C:\Windows\System\mxYuwXO.exe
  2⤵
  PID:5672
- C:\Windows\System\itmWmYe.exe
  C:\Windows\System\itmWmYe.exe
  2⤵
  PID:5688
- C:\Windows\System\HNeVTnl.exe
  C:\Windows\System\HNeVTnl.exe
  2⤵
  PID:5708
- C:\Windows\System\TQbNdzL.exe
  C:\Windows\System\TQbNdzL.exe
  2⤵
  PID:5724
- C:\Windows\System\vQJgTnN.exe
  C:\Windows\System\vQJgTnN.exe
  2⤵
  PID:5740
- C:\Windows\System\iddXBoJ.exe
  C:\Windows\System\iddXBoJ.exe
  2⤵
  PID:5756
- C:\Windows\System\fgBoJGs.exe
  C:\Windows\System\fgBoJGs.exe
  2⤵
  PID:5772
- C:\Windows\System\BdktyhL.exe
  C:\Windows\System\BdktyhL.exe
  2⤵
  PID:5788
- C:\Windows\System\WuPxmTL.exe
  C:\Windows\System\WuPxmTL.exe
  2⤵
  PID:5804
- C:\Windows\System\Xbdkesc.exe
  C:\Windows\System\Xbdkesc.exe
  2⤵
  PID:5820
- C:\Windows\System\yTZThZt.exe
  C:\Windows\System\yTZThZt.exe
  2⤵
  PID:5836
- C:\Windows\System\kWyPwFG.exe
  C:\Windows\System\kWyPwFG.exe
  2⤵
  PID:5852
- C:\Windows\System\tdkQMmK.exe
  C:\Windows\System\tdkQMmK.exe
  2⤵
  PID:5868
- C:\Windows\System\STBzUBv.exe
  C:\Windows\System\STBzUBv.exe
  2⤵
  PID:5884
- C:\Windows\System\wAGFySF.exe
  C:\Windows\System\wAGFySF.exe
  2⤵
  PID:5900
- C:\Windows\System\YLTWTEQ.exe
  C:\Windows\System\YLTWTEQ.exe
  2⤵
  PID:5916
- C:\Windows\System\rsjsFxz.exe
  C:\Windows\System\rsjsFxz.exe
  2⤵
  PID:5932
- C:\Windows\System\rlfpQPu.exe
  C:\Windows\System\rlfpQPu.exe
  2⤵
  PID:5948
- C:\Windows\System\MxbTLKp.exe
  C:\Windows\System\MxbTLKp.exe
  2⤵
  PID:5964
- C:\Windows\System\XZordiq.exe
  C:\Windows\System\XZordiq.exe
  2⤵
  PID:5980
- C:\Windows\System\thYAZpC.exe
  C:\Windows\System\thYAZpC.exe
  2⤵
  PID:5996
- C:\Windows\System\JxLygby.exe
  C:\Windows\System\JxLygby.exe
  2⤵
  PID:6012
- C:\Windows\System\fGuSrpE.exe
  C:\Windows\System\fGuSrpE.exe
  2⤵
  PID:6028
- C:\Windows\System\PNZVJwc.exe
  C:\Windows\System\PNZVJwc.exe
  2⤵
  PID:6044
- C:\Windows\System\QivDdlT.exe
  C:\Windows\System\QivDdlT.exe
  2⤵
  PID:6060
- C:\Windows\System\iAFfAWD.exe
  C:\Windows\System\iAFfAWD.exe
  2⤵
  PID:6076
- C:\Windows\System\jAwwFmZ.exe
  C:\Windows\System\jAwwFmZ.exe
  2⤵
  PID:6092
- C:\Windows\System\kKQgSsP.exe
  C:\Windows\System\kKQgSsP.exe
  2⤵
  PID:6108
- C:\Windows\System\bMqnitg.exe
  C:\Windows\System\bMqnitg.exe
  2⤵
  PID:6124
- C:\Windows\System\pKLekcW.exe
  C:\Windows\System\pKLekcW.exe
  2⤵
  PID:6140
- C:\Windows\System\RzwPSzb.exe
  C:\Windows\System\RzwPSzb.exe
  2⤵
  PID:4412
- C:\Windows\System\JLaPCQv.exe
  C:\Windows\System\JLaPCQv.exe
  2⤵
  PID:4444
- C:\Windows\System\DGuguqv.exe
  C:\Windows\System\DGuguqv.exe
  2⤵
  PID:4528
- C:\Windows\System\VgvBJmf.exe
  C:\Windows\System\VgvBJmf.exe
  2⤵
  PID:2560
- C:\Windows\System\voNWkLf.exe
  C:\Windows\System\voNWkLf.exe
  2⤵
  PID:4784
- C:\Windows\System\KCdTLKb.exe
  C:\Windows\System\KCdTLKb.exe
  2⤵
  PID:4900
- C:\Windows\System\djJYpHL.exe
  C:\Windows\System\djJYpHL.exe
  2⤵
  PID:5008
- C:\Windows\System\dLbQxOX.exe
  C:\Windows\System\dLbQxOX.exe
  2⤵
  PID:5092
- C:\Windows\System\LBGFgBl.exe
  C:\Windows\System\LBGFgBl.exe
  2⤵
  PID:1920
- C:\Windows\System\HjBGmRT.exe
  C:\Windows\System\HjBGmRT.exe
  2⤵
  PID:5124
- C:\Windows\System\oftUDpo.exe
  C:\Windows\System\oftUDpo.exe
  2⤵
  PID:5156
- C:\Windows\System\JHNHZdO.exe
  C:\Windows\System\JHNHZdO.exe
  2⤵
  PID:2160
- C:\Windows\System\oxTaieL.exe
  C:\Windows\System\oxTaieL.exe
  2⤵
  PID:5232
- C:\Windows\System\UFHQGFB.exe
  C:\Windows\System\UFHQGFB.exe
  2⤵
  PID:5248
- C:\Windows\System\vztqGRD.exe
  C:\Windows\System\vztqGRD.exe
  2⤵
  PID:5280
- C:\Windows\System\VsqASZj.exe
  C:\Windows\System\VsqASZj.exe
  2⤵
  PID:5312
- C:\Windows\System\etdBiMq.exe
  C:\Windows\System\etdBiMq.exe
  2⤵
  PID:5344
- C:\Windows\System\HBAhXcr.exe
  C:\Windows\System\HBAhXcr.exe
  2⤵
  PID:5376
- C:\Windows\System\GRKmXQF.exe
  C:\Windows\System\GRKmXQF.exe
  2⤵
  PID:5408
- C:\Windows\System\dGQVYuP.exe
  C:\Windows\System\dGQVYuP.exe
  2⤵
  PID:5440
- C:\Windows\System\TJaUmpT.exe
  C:\Windows\System\TJaUmpT.exe
  2⤵
  PID:5472
- C:\Windows\System\FVMENRR.exe
  C:\Windows\System\FVMENRR.exe
  2⤵
  PID:5504
- C:\Windows\System\jicoNIx.exe
  C:\Windows\System\jicoNIx.exe
  2⤵
  PID:5552
- C:\Windows\System\yaVKLxA.exe
  C:\Windows\System\yaVKLxA.exe
  2⤵
  PID:5584
- C:\Windows\System\SgdMNeY.exe
  C:\Windows\System\SgdMNeY.exe
  2⤵
  PID:5600
- C:\Windows\System\GSYMaFS.exe
  C:\Windows\System\GSYMaFS.exe
  2⤵
  PID:5632
- C:\Windows\System\PrBKSYk.exe
  C:\Windows\System\PrBKSYk.exe
  2⤵
  PID:5680
- C:\Windows\System\mgzXzPD.exe
  C:\Windows\System\mgzXzPD.exe
  2⤵
  PID:5696
- C:\Windows\System\WbCuBBi.exe
  C:\Windows\System\WbCuBBi.exe
  2⤵
  PID:5732
- C:\Windows\System\QTULbmv.exe
  C:\Windows\System\QTULbmv.exe
  2⤵
  PID:2664
- C:\Windows\System\wdnPnsa.exe
  C:\Windows\System\wdnPnsa.exe
  2⤵
  PID:5764
- C:\Windows\System\GdskTCP.exe
  C:\Windows\System\GdskTCP.exe
  2⤵
  PID:5796
- C:\Windows\System\rqJFYgK.exe
  C:\Windows\System\rqJFYgK.exe
  2⤵
  PID:5844
- C:\Windows\System\NempUyj.exe
  C:\Windows\System\NempUyj.exe
  2⤵
  PID:5876
- C:\Windows\System\SbEPWXo.exe
  C:\Windows\System\SbEPWXo.exe
  2⤵
  PID:5908
- C:\Windows\System\DhxSEGI.exe
  C:\Windows\System\DhxSEGI.exe
  2⤵
  PID:5896
- C:\Windows\System\QYwFYrd.exe
  C:\Windows\System\QYwFYrd.exe
  2⤵
  PID:2928
- C:\Windows\System\WjyRjzn.exe
  C:\Windows\System\WjyRjzn.exe
  2⤵
  PID:5956
- C:\Windows\System\EWjQAwv.exe
  C:\Windows\System\EWjQAwv.exe
  2⤵
  PID:5988
- C:\Windows\System\FwCktVs.exe
  C:\Windows\System\FwCktVs.exe
  2⤵
  PID:6036
- C:\Windows\System\CWiKarb.exe
  C:\Windows\System\CWiKarb.exe
  2⤵
  PID:6068
- C:\Windows\System\efBBeID.exe
  C:\Windows\System\efBBeID.exe
  2⤵
  PID:6056
- C:\Windows\System\dZEcJSB.exe
  C:\Windows\System\dZEcJSB.exe
  2⤵
  PID:6088
- C:\Windows\System\QrSxmoS.exe
  C:\Windows\System\QrSxmoS.exe
  2⤵
  PID:6136
- C:\Windows\System\vbSythN.exe
  C:\Windows\System\vbSythN.exe
  2⤵
  PID:2152
- C:\Windows\System\AuivZFj.exe
  C:\Windows\System\AuivZFj.exe
  2⤵
  PID:4612
- C:\Windows\System\edEKCDb.exe
  C:\Windows\System\edEKCDb.exe
  2⤵
  PID:4864
- C:\Windows\System\yZNZbrg.exe
  C:\Windows\System\yZNZbrg.exe
  2⤵
  PID:4976
- C:\Windows\System\SqDtdMd.exe
  C:\Windows\System\SqDtdMd.exe
  2⤵
  PID:3996
- C:\Windows\System\KjcNwbx.exe
  C:\Windows\System\KjcNwbx.exe
  2⤵
  PID:1724
- C:\Windows\System\qXUiyda.exe
  C:\Windows\System\qXUiyda.exe
  2⤵
  PID:2748
- C:\Windows\System\EUbNqwf.exe
  C:\Windows\System\EUbNqwf.exe
  2⤵
  PID:5252
- C:\Windows\System\WZacKGo.exe
  C:\Windows\System\WZacKGo.exe
  2⤵
  PID:5188
- C:\Windows\System\yhlhpbF.exe
  C:\Windows\System\yhlhpbF.exe
  2⤵
  PID:5364
- C:\Windows\System\TsgBQyb.exe
  C:\Windows\System\TsgBQyb.exe
  2⤵
  PID:2752
- C:\Windows\System\maOihyH.exe
  C:\Windows\System\maOihyH.exe
  2⤵
  PID:5396
- C:\Windows\System\DfSonrz.exe
  C:\Windows\System\DfSonrz.exe
  2⤵
  PID:5492
- C:\Windows\System\lzxqfPK.exe
  C:\Windows\System\lzxqfPK.exe
  2⤵
  PID:5556
- C:\Windows\System\zfZNhJc.exe
  C:\Windows\System\zfZNhJc.exe
  2⤵
  PID:5604
- C:\Windows\System\wBQEBVj.exe
  C:\Windows\System\wBQEBVj.exe
  2⤵
  PID:2676
- C:\Windows\System\FsuiyoQ.exe
  C:\Windows\System\FsuiyoQ.exe
  2⤵
  PID:1116
- C:\Windows\System\LcRmjnu.exe
  C:\Windows\System\LcRmjnu.exe
  2⤵
  PID:5700
- C:\Windows\System\hFpvzhs.exe
  C:\Windows\System\hFpvzhs.exe
  2⤵
  PID:2012
- C:\Windows\System\oIqgKUz.exe
  C:\Windows\System\oIqgKUz.exe
  2⤵
  PID:5832
- C:\Windows\System\svElnSO.exe
  C:\Windows\System\svElnSO.exe
  2⤵
  PID:5880
- C:\Windows\System\AvZySOl.exe
  C:\Windows\System\AvZySOl.exe
  2⤵
  PID:5928
- C:\Windows\System\IQCNdnB.exe
  C:\Windows\System\IQCNdnB.exe
  2⤵
  PID:5992
- C:\Windows\System\FxurGSD.exe
  C:\Windows\System\FxurGSD.exe
  2⤵
  PID:6008
- C:\Windows\System\TCRGDoX.exe
  C:\Windows\System\TCRGDoX.exe
  2⤵
  PID:6020
- C:\Windows\System\gSNaKei.exe
  C:\Windows\System\gSNaKei.exe
  2⤵
  PID:6120
- C:\Windows\System\PkpkTkB.exe
  C:\Windows\System\PkpkTkB.exe
  2⤵
  PID:4464
- C:\Windows\System\OSIZCRm.exe
  C:\Windows\System\OSIZCRm.exe
  2⤵
  PID:4304
- C:\Windows\System\fTbDcTp.exe
  C:\Windows\System\fTbDcTp.exe
  2⤵
  PID:4236
- C:\Windows\System\UwJmEUy.exe
  C:\Windows\System\UwJmEUy.exe
  2⤵
  PID:5328
- C:\Windows\System\WkzefLJ.exe
  C:\Windows\System\WkzefLJ.exe
  2⤵
  PID:5204
- C:\Windows\System\rDZLfxD.exe
  C:\Windows\System\rDZLfxD.exe
  2⤵
  PID:5428
- C:\Windows\System\DSUuCrt.exe
  C:\Windows\System\DSUuCrt.exe
  2⤵
  PID:5460
- C:\Windows\System\xdbxNqs.exe
  C:\Windows\System\xdbxNqs.exe
  2⤵
  PID:5568
- C:\Windows\System\ZcVnQQl.exe
  C:\Windows\System\ZcVnQQl.exe
  2⤵
  PID:5620
- C:\Windows\System\BEjVOCz.exe
  C:\Windows\System\BEjVOCz.exe
  2⤵
  PID:5652
- C:\Windows\System\gdQkSxR.exe
  C:\Windows\System\gdQkSxR.exe
  2⤵
  PID:5812
- C:\Windows\System\XWSquBR.exe
  C:\Windows\System\XWSquBR.exe
  2⤵
  PID:5960
- C:\Windows\System\jcXEzVh.exe
  C:\Windows\System\jcXEzVh.exe
  2⤵
  PID:6160
- C:\Windows\System\pKYOqwm.exe
  C:\Windows\System\pKYOqwm.exe
  2⤵
  PID:6176
- C:\Windows\System\RwoAGxT.exe
  C:\Windows\System\RwoAGxT.exe
  2⤵
  PID:6192
- C:\Windows\System\UXaoFJK.exe
  C:\Windows\System\UXaoFJK.exe
  2⤵
  PID:6208
- C:\Windows\System\xnrdpUO.exe
  C:\Windows\System\xnrdpUO.exe
  2⤵
  PID:6224
- C:\Windows\System\Azwmzlj.exe
  C:\Windows\System\Azwmzlj.exe
  2⤵
  PID:6240
- C:\Windows\System\owpJSVH.exe
  C:\Windows\System\owpJSVH.exe
  2⤵
  PID:6256
- C:\Windows\System\EgKlNTE.exe
  C:\Windows\System\EgKlNTE.exe
  2⤵
  PID:6272
- C:\Windows\System\WHFXPTI.exe
  C:\Windows\System\WHFXPTI.exe
  2⤵
  PID:6288
- C:\Windows\System\wbFkKqr.exe
  C:\Windows\System\wbFkKqr.exe
  2⤵
  PID:6304
- C:\Windows\System\eINVSYG.exe
  C:\Windows\System\eINVSYG.exe
  2⤵
  PID:6320
- C:\Windows\System\NxtFfnu.exe
  C:\Windows\System\NxtFfnu.exe
  2⤵
  PID:6336
- C:\Windows\System\xsbtLzY.exe
  C:\Windows\System\xsbtLzY.exe
  2⤵
  PID:6352
- C:\Windows\System\xRNZSFT.exe
  C:\Windows\System\xRNZSFT.exe
  2⤵
  PID:6368
- C:\Windows\System\ZAbeVeT.exe
  C:\Windows\System\ZAbeVeT.exe
  2⤵
  PID:6384
- C:\Windows\System\mHppQSb.exe
  C:\Windows\System\mHppQSb.exe
  2⤵
  PID:6400
- C:\Windows\System\kBcMYCn.exe
  C:\Windows\System\kBcMYCn.exe
  2⤵
  PID:6416
- C:\Windows\System\RHFxUYf.exe
  C:\Windows\System\RHFxUYf.exe
  2⤵
  PID:6432
- C:\Windows\System\ZVjRQwp.exe
  C:\Windows\System\ZVjRQwp.exe
  2⤵
  PID:6448
- C:\Windows\System\cRMaGSd.exe
  C:\Windows\System\cRMaGSd.exe
  2⤵
  PID:6464
- C:\Windows\System\daCwbOF.exe
  C:\Windows\System\daCwbOF.exe
  2⤵
  PID:6480
- C:\Windows\System\bTftlsQ.exe
  C:\Windows\System\bTftlsQ.exe
  2⤵
  PID:6496
- C:\Windows\System\GYjRQOc.exe
  C:\Windows\System\GYjRQOc.exe
  2⤵
  PID:6512
- C:\Windows\System\XWgdUEG.exe
  C:\Windows\System\XWgdUEG.exe
  2⤵
  PID:6528
- C:\Windows\System\zVPdFjh.exe
  C:\Windows\System\zVPdFjh.exe
  2⤵
  PID:6544
- C:\Windows\System\BqVpcQf.exe
  C:\Windows\System\BqVpcQf.exe
  2⤵
  PID:6560
- C:\Windows\System\dqBvoQR.exe
  C:\Windows\System\dqBvoQR.exe
  2⤵
  PID:6576
- C:\Windows\System\CHOMvbe.exe
  C:\Windows\System\CHOMvbe.exe
  2⤵
  PID:6592
- C:\Windows\System\CLUMDsr.exe
  C:\Windows\System\CLUMDsr.exe
  2⤵
  PID:6608
- C:\Windows\System\uzbsjOO.exe
  C:\Windows\System\uzbsjOO.exe
  2⤵
  PID:6624
- C:\Windows\System\rrgKpkX.exe
  C:\Windows\System\rrgKpkX.exe
  2⤵
  PID:6640
- C:\Windows\System\OpLHOil.exe
  C:\Windows\System\OpLHOil.exe
  2⤵
  PID:6656
- C:\Windows\System\AnAlNyv.exe
  C:\Windows\System\AnAlNyv.exe
  2⤵
  PID:6672
- C:\Windows\System\eRooTEr.exe
  C:\Windows\System\eRooTEr.exe
  2⤵
  PID:6688
- C:\Windows\System\obogoyz.exe
  C:\Windows\System\obogoyz.exe
  2⤵
  PID:6704
- C:\Windows\System\RahkNeZ.exe
  C:\Windows\System\RahkNeZ.exe
  2⤵
  PID:6720
- C:\Windows\System\ycFKdKI.exe
  C:\Windows\System\ycFKdKI.exe
  2⤵
  PID:6736
- C:\Windows\System\ZZmbgvz.exe
  C:\Windows\System\ZZmbgvz.exe
  2⤵
  PID:6752
- C:\Windows\System\dQqSPsn.exe
  C:\Windows\System\dQqSPsn.exe
  2⤵
  PID:6768
- C:\Windows\System\bXOjrlA.exe
  C:\Windows\System\bXOjrlA.exe
  2⤵
  PID:6792
- C:\Windows\System\Ctnsuqa.exe
  C:\Windows\System\Ctnsuqa.exe
  2⤵
  PID:6808
- C:\Windows\System\bsdNZYz.exe
  C:\Windows\System\bsdNZYz.exe
  2⤵
  PID:6824
- C:\Windows\System\nqSXhah.exe
  C:\Windows\System\nqSXhah.exe
  2⤵
  PID:6840
- C:\Windows\System\tOpEJNr.exe
  C:\Windows\System\tOpEJNr.exe
  2⤵
  PID:6856
- C:\Windows\System\gFdvraw.exe
  C:\Windows\System\gFdvraw.exe
  2⤵
  PID:6872
- C:\Windows\System\ifVvNid.exe
  C:\Windows\System\ifVvNid.exe
  2⤵
  PID:6888
- C:\Windows\System\KvzkoCu.exe
  C:\Windows\System\KvzkoCu.exe
  2⤵
  PID:6904
- C:\Windows\System\ftaoKXH.exe
  C:\Windows\System\ftaoKXH.exe
  2⤵
  PID:6920
- C:\Windows\System\zPVLyuS.exe
  C:\Windows\System\zPVLyuS.exe
  2⤵
  PID:6936
- C:\Windows\System\VQzPqzj.exe
  C:\Windows\System\VQzPqzj.exe
  2⤵
  PID:6952
- C:\Windows\System\hifhUsH.exe
  C:\Windows\System\hifhUsH.exe
  2⤵
  PID:6968
- C:\Windows\System\RnFlRrv.exe
  C:\Windows\System\RnFlRrv.exe
  2⤵
  PID:6984
- C:\Windows\System\ETzbACH.exe
  C:\Windows\System\ETzbACH.exe
  2⤵
  PID:7000
- C:\Windows\System\kBwodNn.exe
  C:\Windows\System\kBwodNn.exe
  2⤵
  PID:7016
- C:\Windows\System\NRDboHz.exe
  C:\Windows\System\NRDboHz.exe
  2⤵
  PID:7032
- C:\Windows\System\tWKWYnF.exe
  C:\Windows\System\tWKWYnF.exe
  2⤵
  PID:7048
- C:\Windows\System\rqhmLvr.exe
  C:\Windows\System\rqhmLvr.exe
  2⤵
  PID:7064
- C:\Windows\System\lAGWqJE.exe
  C:\Windows\System\lAGWqJE.exe
  2⤵
  PID:7080
- C:\Windows\System\wWwYYNv.exe
  C:\Windows\System\wWwYYNv.exe
  2⤵
  PID:7096
- C:\Windows\System\YCKuGFr.exe
  C:\Windows\System\YCKuGFr.exe
  2⤵
  PID:7112
- C:\Windows\System\BaveIzP.exe
  C:\Windows\System\BaveIzP.exe
  2⤵
  PID:7128
- C:\Windows\System\MFrveBk.exe
  C:\Windows\System\MFrveBk.exe
  2⤵
  PID:7144
- C:\Windows\System\YhPXXhF.exe
  C:\Windows\System\YhPXXhF.exe
  2⤵
  PID:7160
- C:\Windows\System\BxKqMyb.exe
  C:\Windows\System\BxKqMyb.exe
  2⤵
  PID:6040
- C:\Windows\System\WjkHvMz.exe
  C:\Windows\System\WjkHvMz.exe
  2⤵
  PID:5768
- C:\Windows\System\ZtjmazI.exe
  C:\Windows\System\ZtjmazI.exe
  2⤵
  PID:5012
- C:\Windows\System\vVkIxlN.exe
  C:\Windows\System\vVkIxlN.exe
  2⤵
  PID:4140
- C:\Windows\System\hacihvR.exe
  C:\Windows\System\hacihvR.exe
  2⤵
  PID:4532
- C:\Windows\System\wKvFgxj.exe
  C:\Windows\System\wKvFgxj.exe
  2⤵
  PID:5536
- C:\Windows\System\cGQcLjT.exe
  C:\Windows\System\cGQcLjT.exe
  2⤵
  PID:5736
- C:\Windows\System\fuUkoPc.exe
  C:\Windows\System\fuUkoPc.exe
  2⤵
  PID:1216
- C:\Windows\System\fjqJviK.exe
  C:\Windows\System\fjqJviK.exe
  2⤵
  PID:6156
- C:\Windows\System\bCRYsXh.exe
  C:\Windows\System\bCRYsXh.exe
  2⤵
  PID:5780
- C:\Windows\System\fJdozCb.exe
  C:\Windows\System\fJdozCb.exe
  2⤵
  PID:6216
- C:\Windows\System\LzGQZIJ.exe
  C:\Windows\System\LzGQZIJ.exe
  2⤵
  PID:6248
- C:\Windows\System\YWpIPtM.exe
  C:\Windows\System\YWpIPtM.exe
  2⤵
  PID:6268
- C:\Windows\System\iwUXCqK.exe
  C:\Windows\System\iwUXCqK.exe
  2⤵
  PID:6332
- C:\Windows\System\WpdvBKd.exe
  C:\Windows\System\WpdvBKd.exe
  2⤵
  PID:6396
- C:\Windows\System\SuULHGS.exe
  C:\Windows\System\SuULHGS.exe
  2⤵
  PID:6460
- C:\Windows\System\YNXRvBv.exe
  C:\Windows\System\YNXRvBv.exe
  2⤵
  PID:6588
- C:\Windows\System\RYLnXyY.exe
  C:\Windows\System\RYLnXyY.exe
  2⤵
  PID:6552
- C:\Windows\System\knSwnfN.exe
  C:\Windows\System\knSwnfN.exe
  2⤵
  PID:6652
- C:\Windows\System\fpPTzxh.exe
  C:\Windows\System\fpPTzxh.exe
  2⤵
  PID:6712
- C:\Windows\System\YwCUWXE.exe
  C:\Windows\System\YwCUWXE.exe
  2⤵
  PID:6284
- C:\Windows\System\QYqeSwC.exe
  C:\Windows\System\QYqeSwC.exe
  2⤵
  PID:6748
- C:\Windows\System\fyDwuGR.exe
  C:\Windows\System\fyDwuGR.exe
  2⤵
  PID:6776
- C:\Windows\System\CmTBWPW.exe
  C:\Windows\System\CmTBWPW.exe
  2⤵
  PID:6408
- C:\Windows\System\FAwsOvh.exe
  C:\Windows\System\FAwsOvh.exe
  2⤵
  PID:6476
- C:\Windows\System\rQXXhej.exe
  C:\Windows\System\rQXXhej.exe
  2⤵
  PID:6536
- C:\Windows\System\cuRYZAv.exe
  C:\Windows\System\cuRYZAv.exe
  2⤵
  PID:6600
- C:\Windows\System\LPRjesQ.exe
  C:\Windows\System\LPRjesQ.exe
  2⤵
  PID:6664
- C:\Windows\System\DQVnlDn.exe
  C:\Windows\System\DQVnlDn.exe
  2⤵
  PID:6728
- C:\Windows\System\kzjdrJa.exe
  C:\Windows\System\kzjdrJa.exe
  2⤵
  PID:6788
- C:\Windows\System\PFipYwq.exe
  C:\Windows\System\PFipYwq.exe
  2⤵
  PID:6852
- C:\Windows\System\idBEKCG.exe
  C:\Windows\System\idBEKCG.exe
  2⤵
  PID:6880
- C:\Windows\System\NxkFwuE.exe
  C:\Windows\System\NxkFwuE.exe
  2⤵
  PID:6900
- C:\Windows\System\suFAbqO.exe
  C:\Windows\System\suFAbqO.exe
  2⤵
  PID:6932
- C:\Windows\System\lJTKnpT.exe
  C:\Windows\System\lJTKnpT.exe
  2⤵
  PID:6964
- C:\Windows\System\bnvkQCa.exe
  C:\Windows\System\bnvkQCa.exe
  2⤵
  PID:3056
- C:\Windows\System\aTpVanj.exe
  C:\Windows\System\aTpVanj.exe
  2⤵
  PID:7044
- C:\Windows\System\JXwVNzl.exe
  C:\Windows\System\JXwVNzl.exe
  2⤵
  PID:7028
- C:\Windows\System\GjVVCqw.exe
  C:\Windows\System\GjVVCqw.exe
  2⤵
  PID:7108
- C:\Windows\System\CllZvTh.exe
  C:\Windows\System\CllZvTh.exe
  2⤵
  PID:7088
- C:\Windows\System\muYyiMW.exe
  C:\Windows\System\muYyiMW.exe
  2⤵
  PID:7140
- C:\Windows\System\brlUMqi.exe
  C:\Windows\System\brlUMqi.exe
  2⤵
  PID:2580
- C:\Windows\System\qpMYYzm.exe
  C:\Windows\System\qpMYYzm.exe
  2⤵
  PID:6172
- C:\Windows\System\OqHfEHP.exe
  C:\Windows\System\OqHfEHP.exe
  2⤵
  PID:5912
- C:\Windows\System\OvhkAld.exe
  C:\Windows\System\OvhkAld.exe
  2⤵
  PID:6204
- C:\Windows\System\QybllDI.exe
  C:\Windows\System\QybllDI.exe
  2⤵
  PID:6392
- C:\Windows\System\KhLsxaO.exe
  C:\Windows\System\KhLsxaO.exe
  2⤵
  PID:864
- C:\Windows\System\aueYapA.exe
  C:\Windows\System\aueYapA.exe
  2⤵
  PID:2932
- C:\Windows\System\nUcZUkg.exe
  C:\Windows\System\nUcZUkg.exe
  2⤵
  PID:6584
- C:\Windows\System\RFZPLkL.exe
  C:\Windows\System\RFZPLkL.exe
  2⤵
  PID:6220
- C:\Windows\System\WhWboQb.exe
  C:\Windows\System\WhWboQb.exe
  2⤵
  PID:6744
- C:\Windows\System\LMbvQFj.exe
  C:\Windows\System\LMbvQFj.exe
  2⤵
  PID:6700
- C:\Windows\System\tANmdfF.exe
  C:\Windows\System\tANmdfF.exe
  2⤵
  PID:6820
- C:\Windows\System\bELxMzY.exe
  C:\Windows\System\bELxMzY.exe
  2⤵
  PID:6440
- C:\Windows\System\WoEPUvd.exe
  C:\Windows\System\WoEPUvd.exe
  2⤵
  PID:6896
- C:\Windows\System\CTHQMGq.exe
  C:\Windows\System\CTHQMGq.exe
  2⤵
  PID:4288
- C:\Windows\System\PHtMKbU.exe
  C:\Windows\System\PHtMKbU.exe
  2⤵
  PID:6760
- C:\Windows\System\nEmiwBY.exe
  C:\Windows\System\nEmiwBY.exe
  2⤵
  PID:5412
- C:\Windows\System\nDVJRpt.exe
  C:\Windows\System\nDVJRpt.exe
  2⤵
  PID:7024
- C:\Windows\System\sUkqxnU.exe
  C:\Windows\System\sUkqxnU.exe
  2⤵
  PID:6200
- C:\Windows\System\DXJpayN.exe
  C:\Windows\System\DXJpayN.exe
  2⤵
  PID:5268
- C:\Windows\System\sTCUgCx.exe
  C:\Windows\System\sTCUgCx.exe
  2⤵
  PID:6152
- C:\Windows\System\htjinFz.exe
  C:\Windows\System\htjinFz.exe
  2⤵
  PID:6316
- C:\Windows\System\TpuwIOv.exe
  C:\Windows\System\TpuwIOv.exe
  2⤵
  PID:6636
- C:\Windows\System\nCkVloo.exe
  C:\Windows\System\nCkVloo.exe
  2⤵
  PID:7124
- C:\Windows\System\TzUExxa.exe
  C:\Windows\System\TzUExxa.exe
  2⤵
  PID:7184
- C:\Windows\System\KVruhaR.exe
  C:\Windows\System\KVruhaR.exe
  2⤵
  PID:7216
- C:\Windows\System\GEKfzFM.exe
  C:\Windows\System\GEKfzFM.exe
  2⤵
  PID:7232
- C:\Windows\System\qUmZOTS.exe
  C:\Windows\System\qUmZOTS.exe
  2⤵
  PID:7248
- C:\Windows\System\UkxkBpv.exe
  C:\Windows\System\UkxkBpv.exe
  2⤵
  PID:7264
- C:\Windows\System\fQKHlzt.exe
  C:\Windows\System\fQKHlzt.exe
  2⤵
  PID:7280
- C:\Windows\System\SDvcXrT.exe
  C:\Windows\System\SDvcXrT.exe
  2⤵
  PID:7296
- C:\Windows\System\eUwQLAA.exe
  C:\Windows\System\eUwQLAA.exe
  2⤵
  PID:7312
- C:\Windows\System\sisjaqL.exe
  C:\Windows\System\sisjaqL.exe
  2⤵
  PID:7328
- C:\Windows\System\XZmjrBq.exe
  C:\Windows\System\XZmjrBq.exe
  2⤵
  PID:7344
- C:\Windows\System\YQcGioR.exe
  C:\Windows\System\YQcGioR.exe
  2⤵
  PID:7360
- C:\Windows\System\uYRscaj.exe
  C:\Windows\System\uYRscaj.exe
  2⤵
  PID:7376
- C:\Windows\System\EzOLYdf.exe
  C:\Windows\System\EzOLYdf.exe
  2⤵
  PID:7392
- C:\Windows\System\yKpORqY.exe
  C:\Windows\System\yKpORqY.exe
  2⤵
  PID:7408
- C:\Windows\System\aoIeNUP.exe
  C:\Windows\System\aoIeNUP.exe
  2⤵
  PID:7424
- C:\Windows\System\CqhkgYK.exe
  C:\Windows\System\CqhkgYK.exe
  2⤵
  PID:7440
- C:\Windows\System\sGivuJv.exe
  C:\Windows\System\sGivuJv.exe
  2⤵
  PID:7456
- C:\Windows\System\vFWFlZS.exe
  C:\Windows\System\vFWFlZS.exe
  2⤵
  PID:7472
- C:\Windows\System\JqVtYKA.exe
  C:\Windows\System\JqVtYKA.exe
  2⤵
  PID:7488
- C:\Windows\System\jCjnCNx.exe
  C:\Windows\System\jCjnCNx.exe
  2⤵
  PID:7504
- C:\Windows\System\ekkgHxj.exe
  C:\Windows\System\ekkgHxj.exe
  2⤵
  PID:7520
- C:\Windows\System\elLsvNo.exe
  C:\Windows\System\elLsvNo.exe
  2⤵
  PID:7536
- C:\Windows\System\YkLSJnS.exe
  C:\Windows\System\YkLSJnS.exe
  2⤵
  PID:7552
- C:\Windows\System\gcaqqPv.exe
  C:\Windows\System\gcaqqPv.exe
  2⤵
  PID:7568
- C:\Windows\System\awOCbHm.exe
  C:\Windows\System\awOCbHm.exe
  2⤵
  PID:7584
- C:\Windows\System\vZTRdxU.exe
  C:\Windows\System\vZTRdxU.exe
  2⤵
  PID:7600
- C:\Windows\System\HuGCeEH.exe
  C:\Windows\System\HuGCeEH.exe
  2⤵
  PID:7616
- C:\Windows\System\HxzKsWV.exe
  C:\Windows\System\HxzKsWV.exe
  2⤵
  PID:7632
- C:\Windows\System\mlHtamC.exe
  C:\Windows\System\mlHtamC.exe
  2⤵
  PID:7648
- C:\Windows\System\MMYSZwX.exe
  C:\Windows\System\MMYSZwX.exe
  2⤵
  PID:7664
- C:\Windows\System\BjWbrDn.exe
  C:\Windows\System\BjWbrDn.exe
  2⤵
  PID:7680
- C:\Windows\System\uYCpgJD.exe
  C:\Windows\System\uYCpgJD.exe
  2⤵
  PID:7708
- C:\Windows\System\buQBzFG.exe
  C:\Windows\System\buQBzFG.exe
  2⤵
  PID:7732
- C:\Windows\System\ceQjZFq.exe
  C:\Windows\System\ceQjZFq.exe
  2⤵
  PID:7748
- C:\Windows\System\yVHqruM.exe
  C:\Windows\System\yVHqruM.exe
  2⤵
  PID:7764
- C:\Windows\System\tDQunba.exe
  C:\Windows\System\tDQunba.exe
  2⤵
  PID:7780
- C:\Windows\System\JbBAbUh.exe
  C:\Windows\System\JbBAbUh.exe
  2⤵
  PID:7796
- C:\Windows\System\rlEtyfa.exe
  C:\Windows\System\rlEtyfa.exe
  2⤵
  PID:7812
- C:\Windows\System\aCrpYcQ.exe
  C:\Windows\System\aCrpYcQ.exe
  2⤵
  PID:7828
- C:\Windows\System\CWNFQfH.exe
  C:\Windows\System\CWNFQfH.exe
  2⤵
  PID:7844
- C:\Windows\System\mcqqSPA.exe
  C:\Windows\System\mcqqSPA.exe
  2⤵
  PID:7860
- C:\Windows\System\GMsDhzu.exe
  C:\Windows\System\GMsDhzu.exe
  2⤵
  PID:7876
- C:\Windows\System\dlyvNRk.exe
  C:\Windows\System\dlyvNRk.exe
  2⤵
  PID:7892
- C:\Windows\System\lRgRrut.exe
  C:\Windows\System\lRgRrut.exe
  2⤵
  PID:7908
- C:\Windows\System\kmOTHkD.exe
  C:\Windows\System\kmOTHkD.exe
  2⤵
  PID:7924
- C:\Windows\System\totSRto.exe
  C:\Windows\System\totSRto.exe
  2⤵
  PID:7940
- C:\Windows\System\NecZMuP.exe
  C:\Windows\System\NecZMuP.exe
  2⤵
  PID:7956
- C:\Windows\System\MCYtJaB.exe
  C:\Windows\System\MCYtJaB.exe
  2⤵
  PID:7972
- C:\Windows\System\aszrYEH.exe
  C:\Windows\System\aszrYEH.exe
  2⤵
  PID:7988
- C:\Windows\System\rMGORwq.exe
  C:\Windows\System\rMGORwq.exe
  2⤵
  PID:8004
- C:\Windows\System\qpUlubu.exe
  C:\Windows\System\qpUlubu.exe
  2⤵
  PID:8020
- C:\Windows\System\fcAjZhw.exe
  C:\Windows\System\fcAjZhw.exe
  2⤵
  PID:8036
- C:\Windows\System\WjgHmtx.exe
  C:\Windows\System\WjgHmtx.exe
  2⤵
  PID:8052
- C:\Windows\System\iogMIIZ.exe
  C:\Windows\System\iogMIIZ.exe
  2⤵
  PID:8068
- C:\Windows\System\xpKRCSb.exe
  C:\Windows\System\xpKRCSb.exe
  2⤵
  PID:8084
- C:\Windows\System\qCqVEby.exe
  C:\Windows\System\qCqVEby.exe
  2⤵
  PID:8100
- C:\Windows\System\JtDYFVC.exe
  C:\Windows\System\JtDYFVC.exe
  2⤵
  PID:8116
- C:\Windows\System\rlGyKWV.exe
  C:\Windows\System\rlGyKWV.exe
  2⤵
  PID:8132
- C:\Windows\System\qUjvxgN.exe
  C:\Windows\System\qUjvxgN.exe
  2⤵
  PID:8148
- C:\Windows\System\PUYJAqQ.exe
  C:\Windows\System\PUYJAqQ.exe
  2⤵
  PID:8164
- C:\Windows\System\dnnGtRm.exe
  C:\Windows\System\dnnGtRm.exe
  2⤵
  PID:8180
- C:\Windows\System\saLqVwn.exe
  C:\Windows\System\saLqVwn.exe
  2⤵
  PID:6996
- C:\Windows\System\spAdlqX.exe
  C:\Windows\System\spAdlqX.exe
  2⤵
  PID:5236
- C:\Windows\System\KmXbYlt.exe
  C:\Windows\System\KmXbYlt.exe
  2⤵
  PID:1236
- C:\Windows\System\MTfxScn.exe
  C:\Windows\System\MTfxScn.exe
  2⤵
  PID:6572
- C:\Windows\System\ocIETsf.exe
  C:\Windows\System\ocIETsf.exe
  2⤵
  PID:1640
- C:\Windows\System\ehKJfZG.exe
  C:\Windows\System\ehKJfZG.exe
  2⤵
  PID:2604
- C:\Windows\System\lHTxYGY.exe
  C:\Windows\System\lHTxYGY.exe
  2⤵
  PID:7192
- C:\Windows\System\EIwOJej.exe
  C:\Windows\System\EIwOJej.exe
  2⤵
  PID:2988
- C:\Windows\System\BChvCRA.exe
  C:\Windows\System\BChvCRA.exe
  2⤵
  PID:7212
- C:\Windows\System\PcGBHVD.exe
  C:\Windows\System\PcGBHVD.exe
  2⤵
  PID:2116
- C:\Windows\System\GEjiWft.exe
  C:\Windows\System\GEjiWft.exe
  2⤵
  PID:7076
- C:\Windows\System\WCXDpKk.exe
  C:\Windows\System\WCXDpKk.exe
  2⤵
  PID:6928
- C:\Windows\System\EXlVyZd.exe
  C:\Windows\System\EXlVyZd.exe
  2⤵
  PID:7060
- C:\Windows\System\pAIqLcz.exe
  C:\Windows\System\pAIqLcz.exe
  2⤵
  PID:2860
- C:\Windows\System\CigGZVX.exe
  C:\Windows\System\CigGZVX.exe
  2⤵
  PID:7152
- C:\Windows\System\LUjylEs.exe
  C:\Windows\System\LUjylEs.exe
  2⤵
  PID:6684
- C:\Windows\System\walXSrt.exe
  C:\Windows\System\walXSrt.exe
  2⤵
  PID:7180
- C:\Windows\System\QOQuEkN.exe
  C:\Windows\System\QOQuEkN.exe
  2⤵
  PID:7224
- C:\Windows\System\VtqFcwt.exe
  C:\Windows\System\VtqFcwt.exe
  2⤵
  PID:7272
- C:\Windows\System\yBtbyFb.exe
  C:\Windows\System\yBtbyFb.exe
  2⤵
  PID:7304
- C:\Windows\System\LRfNRsr.exe
  C:\Windows\System\LRfNRsr.exe
  2⤵
  PID:7260
- C:\Windows\System\kOBmUTj.exe
  C:\Windows\System\kOBmUTj.exe
  2⤵
  PID:7400
- C:\Windows\System\RREfXSj.exe
  C:\Windows\System\RREfXSj.exe
  2⤵
  PID:7464
- C:\Windows\System\yiQlmLY.exe
  C:\Windows\System\yiQlmLY.exe
  2⤵
  PID:7528
- C:\Windows\System\roOCRTF.exe
  C:\Windows\System\roOCRTF.exe
  2⤵
  PID:1148
- C:\Windows\System\VGSVVok.exe
  C:\Windows\System\VGSVVok.exe
  2⤵
  PID:7388
- C:\Windows\System\DiNjwfF.exe
  C:\Windows\System\DiNjwfF.exe
  2⤵
  PID:7484
- C:\Windows\System\vwJLwGD.exe
  C:\Windows\System\vwJLwGD.exe
  2⤵
  PID:7628
- C:\Windows\System\epGPvVn.exe
  C:\Windows\System\epGPvVn.exe
  2⤵
  PID:7416
- C:\Windows\System\ynyhdoC.exe
  C:\Windows\System\ynyhdoC.exe
  2⤵
  PID:828
- C:\Windows\System\FeOnQqN.exe
  C:\Windows\System\FeOnQqN.exe
  2⤵
  PID:7692
- C:\Windows\System\RddQTzl.exe
  C:\Windows\System\RddQTzl.exe
  2⤵
  PID:7608
- C:\Windows\System\fKFBTua.exe
  C:\Windows\System\fKFBTua.exe
  2⤵
  PID:924
- C:\Windows\System\tdmHpSm.exe
  C:\Windows\System\tdmHpSm.exe
  2⤵
  PID:7676
- C:\Windows\System\TEKFOJS.exe
  C:\Windows\System\TEKFOJS.exe
  2⤵
  PID:7776
- C:\Windows\System\NlAgjpH.exe
  C:\Windows\System\NlAgjpH.exe
  2⤵
  PID:7516
- C:\Windows\System\YWPjCSq.exe
  C:\Windows\System\YWPjCSq.exe
  2⤵
  PID:7808
- C:\Windows\System\axGscmq.exe
  C:\Windows\System\axGscmq.exe
  2⤵
  PID:7760
- C:\Windows\System\EgTcZoX.exe
  C:\Windows\System\EgTcZoX.exe
  2⤵
  PID:7840
- C:\Windows\System\xSzeBdY.exe
  C:\Windows\System\xSzeBdY.exe
  2⤵
  PID:7868
- C:\Windows\System\ODuhmSK.exe
  C:\Windows\System\ODuhmSK.exe
  2⤵
  PID:7900
- C:\Windows\System\MciXyjt.exe
  C:\Windows\System\MciXyjt.exe
  2⤵
  PID:7884
- C:\Windows\System\uRDnQRc.exe
  C:\Windows\System\uRDnQRc.exe
  2⤵
  PID:812
- C:\Windows\System\MGygpHj.exe
  C:\Windows\System\MGygpHj.exe
  2⤵
  PID:440
- C:\Windows\System\LFSZxeA.exe
  C:\Windows\System\LFSZxeA.exe
  2⤵
  PID:7952
- C:\Windows\System\xJjVofY.exe
  C:\Windows\System\xJjVofY.exe
  2⤵
  PID:7948
- C:\Windows\System\fngbfvG.exe
  C:\Windows\System\fngbfvG.exe
  2⤵
  PID:2268
- C:\Windows\System\FAskatW.exe
  C:\Windows\System\FAskatW.exe
  2⤵
  PID:8000
- C:\Windows\System\ruOBaib.exe
  C:\Windows\System\ruOBaib.exe
  2⤵
  PID:8092
- C:\Windows\System\GbqYnpE.exe
  C:\Windows\System\GbqYnpE.exe
  2⤵
  PID:8124
- C:\Windows\System\FyRlIjm.exe
  C:\Windows\System\FyRlIjm.exe
  2⤵
  PID:8156
- C:\Windows\System\ReSsiRM.exe
  C:\Windows\System\ReSsiRM.exe
  2⤵
  PID:8044
- C:\Windows\System\lFkcdhh.exe
  C:\Windows\System\lFkcdhh.exe
  2⤵
  PID:8172
- C:\Windows\System\RMqFYgh.exe
  C:\Windows\System\RMqFYgh.exe
  2⤵
  PID:6328
- C:\Windows\System\IlPWyVC.exe
  C:\Windows\System\IlPWyVC.exe
  2⤵
  PID:1904
- C:\Windows\System\OEWDrvF.exe
  C:\Windows\System\OEWDrvF.exe
  2⤵
  PID:1696
- C:\Windows\System\xPfSYGX.exe
  C:\Windows\System\xPfSYGX.exe
  2⤵
  PID:6072
- C:\Windows\System\bcSEoFR.exe
  C:\Windows\System\bcSEoFR.exe
  2⤵
  PID:2556
- C:\Windows\System\mnUuHrc.exe
  C:\Windows\System\mnUuHrc.exe
  2⤵
  PID:6948
- C:\Windows\System\qnArTDl.exe
  C:\Windows\System\qnArTDl.exe
  2⤵
  PID:6696
- C:\Windows\System\ipkrNKU.exe
  C:\Windows\System\ipkrNKU.exe
  2⤵
  PID:7368
- C:\Windows\System\keHvrWe.exe
  C:\Windows\System\keHvrWe.exe
  2⤵
  PID:7500
- C:\Windows\System\nRiTiHJ.exe
  C:\Windows\System\nRiTiHJ.exe
  2⤵
  PID:7624
- C:\Windows\System\GohbaMn.exe
  C:\Windows\System\GohbaMn.exe
  2⤵
  PID:7580
- C:\Windows\System\LmTXHGl.exe
  C:\Windows\System\LmTXHGl.exe
  2⤵
  PID:6848
- C:\Windows\System\cVuEvXY.exe
  C:\Windows\System\cVuEvXY.exe
  2⤵
  PID:7660
- C:\Windows\System\BPMgiTq.exe
  C:\Windows\System\BPMgiTq.exe
  2⤵
  PID:8076
- C:\Windows\System\LmewJCu.exe
  C:\Windows\System\LmewJCu.exe
  2⤵
  PID:7672
- C:\Windows\System\OQHmfnb.exe
  C:\Windows\System\OQHmfnb.exe
  2⤵
  PID:1008
- C:\Windows\System\rIHfWhY.exe
  C:\Windows\System\rIHfWhY.exe
  2⤵
  PID:7756
- C:\Windows\System\umoiqiE.exe
  C:\Windows\System\umoiqiE.exe
  2⤵
  PID:7936
- C:\Windows\System\tyNrzrS.exe
  C:\Windows\System\tyNrzrS.exe
  2⤵
  PID:2148
- C:\Windows\System\ZNzIBRl.exe
  C:\Windows\System\ZNzIBRl.exe
  2⤵
  PID:6648
- C:\Windows\System\eKMPvel.exe
  C:\Windows\System\eKMPvel.exe
  2⤵
  PID:1936
- C:\Windows\System\fNYnDSe.exe
  C:\Windows\System\fNYnDSe.exe
  2⤵
  PID:7340
- C:\Windows\System\oOBcwdm.exe
  C:\Windows\System\oOBcwdm.exe
  2⤵
  PID:7240
- C:\Windows\System\tEmfbEY.exe
  C:\Windows\System\tEmfbEY.exe
  2⤵
  PID:7432
- C:\Windows\System\wOWeJEi.exe
  C:\Windows\System\wOWeJEi.exe
  2⤵
  PID:7720
- C:\Windows\System\BhPEIap.exe
  C:\Windows\System\BhPEIap.exe
  2⤵
  PID:4688
- C:\Windows\System\yGNhYzh.exe
  C:\Windows\System\yGNhYzh.exe
  2⤵
  PID:2796
- C:\Windows\System\lftIHjD.exe
  C:\Windows\System\lftIHjD.exe
  2⤵
  PID:7564
- C:\Windows\System\lQwnTix.exe
  C:\Windows\System\lQwnTix.exe
  2⤵
  PID:7480
- C:\Windows\System\wysWvMw.exe
  C:\Windows\System\wysWvMw.exe
  2⤵
  PID:7996
- C:\Windows\System\SsXNaEh.exe
  C:\Windows\System\SsXNaEh.exe
  2⤵
  PID:2356
- C:\Windows\System\njGtInw.exe
  C:\Windows\System\njGtInw.exe
  2⤵
  PID:5704
- C:\Windows\System\cjnqeke.exe
  C:\Windows\System\cjnqeke.exe
  2⤵
  PID:6376
- C:\Windows\System\ZotsAGc.exe
  C:\Windows\System\ZotsAGc.exe
  2⤵
  PID:8012
- C:\Windows\System\qmSBgZx.exe
  C:\Windows\System\qmSBgZx.exe
  2⤵
  PID:8112
- C:\Windows\System\fgtcsrr.exe
  C:\Windows\System\fgtcsrr.exe
  2⤵
  PID:2204
- C:\Windows\System\UxNApAX.exe
  C:\Windows\System\UxNApAX.exe
  2⤵
  PID:2872
- C:\Windows\System\zOiTBrH.exe
  C:\Windows\System\zOiTBrH.exe
  2⤵
  PID:7356
- C:\Windows\System\EsjYDgJ.exe
  C:\Windows\System\EsjYDgJ.exe
  2⤵
  PID:7544
- C:\Windows\System\jYDfMeT.exe
  C:\Windows\System\jYDfMeT.exe
  2⤵
  PID:7804
- C:\Windows\System\rGjPbUg.exe
  C:\Windows\System\rGjPbUg.exe
  2⤵
  PID:7820
- C:\Windows\System\ifMJoxH.exe
  C:\Windows\System\ifMJoxH.exe
  2⤵
  PID:8128
- C:\Windows\System\YDEebgn.exe
  C:\Windows\System\YDEebgn.exe
  2⤵
  PID:7336
- C:\Windows\System\wRPoFvL.exe
  C:\Windows\System\wRPoFvL.exe
  2⤵
  PID:8200
- C:\Windows\System\dUycsOu.exe
  C:\Windows\System\dUycsOu.exe
  2⤵
  PID:8216
- C:\Windows\System\AHQUQcc.exe
  C:\Windows\System\AHQUQcc.exe
  2⤵
  PID:8232
- C:\Windows\System\pFfvUvj.exe
  C:\Windows\System\pFfvUvj.exe
  2⤵
  PID:8248
- C:\Windows\System\pAHyFbo.exe
  C:\Windows\System\pAHyFbo.exe
  2⤵
  PID:8264
- C:\Windows\System\znWxAvH.exe
  C:\Windows\System\znWxAvH.exe
  2⤵
  PID:8280
- C:\Windows\System\EteUUky.exe
  C:\Windows\System\EteUUky.exe
  2⤵
  PID:8296
- C:\Windows\System\PfrWweI.exe
  C:\Windows\System\PfrWweI.exe
  2⤵
  PID:8312
- C:\Windows\System\sOADDvE.exe
  C:\Windows\System\sOADDvE.exe
  2⤵
  PID:8328
- C:\Windows\System\VtgixdI.exe
  C:\Windows\System\VtgixdI.exe
  2⤵
  PID:8344
- C:\Windows\System\vVSQLEF.exe
  C:\Windows\System\vVSQLEF.exe
  2⤵
  PID:8360
- C:\Windows\System\FYHIRBg.exe
  C:\Windows\System\FYHIRBg.exe
  2⤵
  PID:8376
- C:\Windows\System\FspKomf.exe
  C:\Windows\System\FspKomf.exe
  2⤵
  PID:8392
- C:\Windows\System\hAZaKZo.exe
  C:\Windows\System\hAZaKZo.exe
  2⤵
  PID:8408
- C:\Windows\System\juyuDhl.exe
  C:\Windows\System\juyuDhl.exe
  2⤵
  PID:8424
- C:\Windows\System\fIuUhrd.exe
  C:\Windows\System\fIuUhrd.exe
  2⤵
  PID:8440
- C:\Windows\System\bdoVMcw.exe
  C:\Windows\System\bdoVMcw.exe
  2⤵
  PID:8456
- C:\Windows\System\WrwnDXf.exe
  C:\Windows\System\WrwnDXf.exe
  2⤵
  PID:8472
- C:\Windows\System\DloHidK.exe
  C:\Windows\System\DloHidK.exe
  2⤵
  PID:8488
- C:\Windows\System\npEvVFf.exe
  C:\Windows\System\npEvVFf.exe
  2⤵
  PID:8504
- C:\Windows\System\QsDJvqw.exe
  C:\Windows\System\QsDJvqw.exe
  2⤵
  PID:8520
- C:\Windows\System\pQbpDBX.exe
  C:\Windows\System\pQbpDBX.exe
  2⤵
  PID:8536
- C:\Windows\System\MqSyELJ.exe
  C:\Windows\System\MqSyELJ.exe
  2⤵
  PID:8552
- C:\Windows\System\qIeXGdq.exe
  C:\Windows\System\qIeXGdq.exe
  2⤵
  PID:8568
- C:\Windows\System\CzuUpnW.exe
  C:\Windows\System\CzuUpnW.exe
  2⤵
  PID:8584
- C:\Windows\System\QGlESSt.exe
  C:\Windows\System\QGlESSt.exe
  2⤵
  PID:8600
- C:\Windows\System\yykdirK.exe
  C:\Windows\System\yykdirK.exe
  2⤵
  PID:8616
- C:\Windows\System\NGkTuke.exe
  C:\Windows\System\NGkTuke.exe
  2⤵
  PID:8632
- C:\Windows\System\rLwSYjE.exe
  C:\Windows\System\rLwSYjE.exe
  2⤵
  PID:8648
- C:\Windows\System\zuBHody.exe
  C:\Windows\System\zuBHody.exe
  2⤵
  PID:8664
- C:\Windows\System\pebdYvj.exe
  C:\Windows\System\pebdYvj.exe
  2⤵
  PID:8680
- C:\Windows\System\IvOLZfz.exe
  C:\Windows\System\IvOLZfz.exe
  2⤵
  PID:8696
- C:\Windows\System\jzqBxth.exe
  C:\Windows\System\jzqBxth.exe
  2⤵
  PID:8712
- C:\Windows\System\jtscifL.exe
  C:\Windows\System\jtscifL.exe
  2⤵
  PID:8728
- C:\Windows\System\lHuAnlG.exe
  C:\Windows\System\lHuAnlG.exe
  2⤵
  PID:8744
- C:\Windows\System\guJowVS.exe
  C:\Windows\System\guJowVS.exe
  2⤵
  PID:8760
- C:\Windows\System\dLUPCSo.exe
  C:\Windows\System\dLUPCSo.exe
  2⤵
  PID:8776
- C:\Windows\System\gxizjeF.exe
  C:\Windows\System\gxizjeF.exe
  2⤵
  PID:8792
- C:\Windows\System\ytsAdNJ.exe
  C:\Windows\System\ytsAdNJ.exe
  2⤵
  PID:8808
- C:\Windows\System\PmEsssl.exe
  C:\Windows\System\PmEsssl.exe
  2⤵
  PID:8824
- C:\Windows\System\cPFmofb.exe
  C:\Windows\System\cPFmofb.exe
  2⤵
  PID:8840
- C:\Windows\System\NblzLIx.exe
  C:\Windows\System\NblzLIx.exe
  2⤵
  PID:8856
- C:\Windows\System\AdSsgVu.exe
  C:\Windows\System\AdSsgVu.exe
  2⤵
  PID:8872
- C:\Windows\System\UOHHEiB.exe
  C:\Windows\System\UOHHEiB.exe
  2⤵
  PID:8888
- C:\Windows\System\OGkXfgm.exe
  C:\Windows\System\OGkXfgm.exe
  2⤵
  PID:8904
- C:\Windows\System\OVxJvMY.exe
  C:\Windows\System\OVxJvMY.exe
  2⤵
  PID:8920
- C:\Windows\System\nbWAWed.exe
  C:\Windows\System\nbWAWed.exe
  2⤵
  PID:8936
- C:\Windows\System\OHFaBHt.exe
  C:\Windows\System\OHFaBHt.exe
  2⤵
  PID:8952
- C:\Windows\System\cMACJtj.exe
  C:\Windows\System\cMACJtj.exe
  2⤵
  PID:8968
- C:\Windows\System\YXstHjy.exe
  C:\Windows\System\YXstHjy.exe
  2⤵
  PID:8984
- C:\Windows\System\gtwvUPm.exe
  C:\Windows\System\gtwvUPm.exe
  2⤵
  PID:9000
- C:\Windows\System\iXAhElh.exe
  C:\Windows\System\iXAhElh.exe
  2⤵
  PID:9016
- C:\Windows\System\YwGIqiN.exe
  C:\Windows\System\YwGIqiN.exe
  2⤵
  PID:9036
- C:\Windows\System\AnOhTiA.exe
  C:\Windows\System\AnOhTiA.exe
  2⤵
  PID:9052
- C:\Windows\System\grtLavp.exe
  C:\Windows\System\grtLavp.exe
  2⤵
  PID:9072
- C:\Windows\System\GFhNlYB.exe
  C:\Windows\System\GFhNlYB.exe
  2⤵
  PID:9088
- C:\Windows\System\iIETjgf.exe
  C:\Windows\System\iIETjgf.exe
  2⤵
  PID:9104
- C:\Windows\System\qsgdCiU.exe
  C:\Windows\System\qsgdCiU.exe
  2⤵
  PID:9120
- C:\Windows\System\TcVaRTw.exe
  C:\Windows\System\TcVaRTw.exe
  2⤵
  PID:9136
- C:\Windows\System\iohqmDF.exe
  C:\Windows\System\iohqmDF.exe
  2⤵
  PID:9152
- C:\Windows\System\YJqecTi.exe
  C:\Windows\System\YJqecTi.exe
  2⤵
  PID:9172
- C:\Windows\System\MLRTLoq.exe
  C:\Windows\System\MLRTLoq.exe
  2⤵
  PID:9188
- C:\Windows\System\dUtHJei.exe
  C:\Windows\System\dUtHJei.exe
  2⤵
  PID:9204
- C:\Windows\System\oMxEtGG.exe
  C:\Windows\System\oMxEtGG.exe
  2⤵
  PID:7596
- C:\Windows\System\QwABQBu.exe
  C:\Windows\System\QwABQBu.exe
  2⤵
  PID:7644
- C:\Windows\System\felPntI.exe
  C:\Windows\System\felPntI.exe
  2⤵
  PID:8276
- C:\Windows\System\zMvukMz.exe
  C:\Windows\System\zMvukMz.exe
  2⤵
  PID:7496
- C:\Windows\System\QtuXFQY.exe
  C:\Windows\System\QtuXFQY.exe
  2⤵
  PID:8340
- C:\Windows\System\uoUxjsv.exe
  C:\Windows\System\uoUxjsv.exe
  2⤵
  PID:7288
- C:\Windows\System\hTjNHTk.exe
  C:\Windows\System\hTjNHTk.exe
  2⤵
  PID:6832
- C:\Windows\System\YSARzmW.exe
  C:\Windows\System\YSARzmW.exe
  2⤵
  PID:6504
- C:\Windows\System\NSgvLXz.exe
  C:\Windows\System\NSgvLXz.exe
  2⤵
  PID:7244
- C:\Windows\System\UUGZAGP.exe
  C:\Windows\System\UUGZAGP.exe
  2⤵
  PID:8196
- C:\Windows\System\tLdSEEg.exe
  C:\Windows\System\tLdSEEg.exe
  2⤵
  PID:8292
- C:\Windows\System\BYjAZvx.exe
  C:\Windows\System\BYjAZvx.exe
  2⤵
  PID:8404
- C:\Windows\System\hbHpxhm.exe
  C:\Windows\System\hbHpxhm.exe
  2⤵
  PID:8384
- C:\Windows\System\bCOmtCF.exe
  C:\Windows\System\bCOmtCF.exe
  2⤵
  PID:8416
- C:\Windows\System\bRxDzfw.exe
  C:\Windows\System\bRxDzfw.exe
  2⤵
  PID:8500
- C:\Windows\System\WwRygVq.exe
  C:\Windows\System\WwRygVq.exe
  2⤵
  PID:8564
- C:\Windows\System\ViDzucH.exe
  C:\Windows\System\ViDzucH.exe
  2⤵
  PID:8420
- C:\Windows\System\yIEeGVX.exe
  C:\Windows\System\yIEeGVX.exe
  2⤵
  PID:8628
- C:\Windows\System\lHRAfKr.exe
  C:\Windows\System\lHRAfKr.exe
  2⤵
  PID:8660
- C:\Windows\System\NpgpWbm.exe
  C:\Windows\System\NpgpWbm.exe
  2⤵
  PID:8688
- C:\Windows\System\LUBjVTH.exe
  C:\Windows\System\LUBjVTH.exe
  2⤵
  PID:8580
- C:\Windows\System\bWdRAbO.exe
  C:\Windows\System\bWdRAbO.exe
  2⤵
  PID:8720
- C:\Windows\System\pLhvmDt.exe
  C:\Windows\System\pLhvmDt.exe
  2⤵
  PID:8672
- C:\Windows\System\SHsbXkN.exe
  C:\Windows\System\SHsbXkN.exe
  2⤵
  PID:8784
- C:\Windows\System\PZwGcwJ.exe
  C:\Windows\System\PZwGcwJ.exe
  2⤵
  PID:8772
- C:\Windows\System\KuwEOGL.exe
  C:\Windows\System\KuwEOGL.exe
  2⤵
  PID:8820
- C:\Windows\System\zFLlVVT.exe
  C:\Windows\System\zFLlVVT.exe
  2⤵
  PID:8880
- C:\Windows\System\XYSMfHD.exe
  C:\Windows\System\XYSMfHD.exe
  2⤵
  PID:8912
- C:\Windows\System\rQAYJyd.exe
  C:\Windows\System\rQAYJyd.exe
  2⤵
  PID:8916
- C:\Windows\System\EfGBggz.exe
  C:\Windows\System\EfGBggz.exe
  2⤵
  PID:8896
- C:\Windows\System\CxIpPPB.exe
  C:\Windows\System\CxIpPPB.exe
  2⤵
  PID:8980
- C:\Windows\System\CQhEPhg.exe
  C:\Windows\System\CQhEPhg.exe
  2⤵
  PID:8996
- C:\Windows\System\WJApXLr.exe
  C:\Windows\System\WJApXLr.exe
  2⤵
  PID:9044
- C:\Windows\System\XEQcJmu.exe
  C:\Windows\System\XEQcJmu.exe
  2⤵
  PID:9112
- C:\Windows\System\smFNmFQ.exe
  C:\Windows\System\smFNmFQ.exe
  2⤵
  PID:9032
- C:\Windows\System\ddaQyrm.exe
  C:\Windows\System\ddaQyrm.exe
  2⤵
  PID:9100
- C:\Windows\System\QeUJTTo.exe
  C:\Windows\System\QeUJTTo.exe
  2⤵
  PID:9184
- C:\Windows\System\MEjnfhI.exe
  C:\Windows\System\MEjnfhI.exe
  2⤵
  PID:7696
- C:\Windows\System\KJaHTyW.exe
  C:\Windows\System\KJaHTyW.exe
  2⤵
  PID:7836
- C:\Windows\System\FwkfpWw.exe
  C:\Windows\System\FwkfpWw.exe
  2⤵
  PID:8260
- C:\Windows\System\pkkXASo.exe
  C:\Windows\System\pkkXASo.exe
  2⤵
  PID:8468
- C:\Windows\System\euCBgUE.exe
  C:\Windows\System\euCBgUE.exe
  2⤵
  PID:8484
- C:\Windows\System\WBjrtYa.exe
  C:\Windows\System\WBjrtYa.exe
  2⤵
  PID:8752
- C:\Windows\System\iDaHCUC.exe
  C:\Windows\System\iDaHCUC.exe
  2⤵
  PID:8848
- C:\Windows\System\bqJWMxv.exe
  C:\Windows\System\bqJWMxv.exe
  2⤵
  PID:8932
- C:\Windows\System\dDkLKUo.exe
  C:\Windows\System\dDkLKUo.exe
  2⤵
  PID:8624
- C:\Windows\System\WfujzUd.exe
  C:\Windows\System\WfujzUd.exe
  2⤵
  PID:7888
- C:\Windows\System\ohMcqDn.exe
  C:\Windows\System\ohMcqDn.exe
  2⤵
  PID:9008
- C:\Windows\System\bGqTmGt.exe
  C:\Windows\System\bGqTmGt.exe
  2⤵
  PID:9180
- C:\Windows\System\TBayTlV.exe
  C:\Windows\System\TBayTlV.exe
  2⤵
  PID:8336
- C:\Windows\System\itPospB.exe
  C:\Windows\System\itPospB.exe
  2⤵
  PID:2352
- C:\Windows\System\hrlCIrv.exe
  C:\Windows\System\hrlCIrv.exe
  2⤵
  PID:8352
- C:\Windows\System\zayNxAe.exe
  C:\Windows\System\zayNxAe.exe
  2⤵
  PID:9096
- C:\Windows\System\iakpiNl.exe
  C:\Windows\System\iakpiNl.exe
  2⤵
  PID:8612
- C:\Windows\System\JFfbPvm.exe
  C:\Windows\System\JFfbPvm.exe
  2⤵
  PID:8244
- C:\Windows\System\tahPVGh.exe
  C:\Windows\System\tahPVGh.exe
  2⤵
  PID:8832
- C:\Windows\System\MxpvEuI.exe
  C:\Windows\System\MxpvEuI.exe
  2⤵
  PID:9080
- C:\Windows\System\LfKELwJ.exe
  C:\Windows\System\LfKELwJ.exe
  2⤵
  PID:8436
- C:\Windows\System\DiWGkyS.exe
  C:\Windows\System\DiWGkyS.exe
  2⤵
  PID:2884
- C:\Windows\System\cdmAQLZ.exe
  C:\Windows\System\cdmAQLZ.exe
  2⤵
  PID:9200
- C:\Windows\System\YMbKBFP.exe
  C:\Windows\System\YMbKBFP.exe
  2⤵
  PID:1912
- C:\Windows\System\dAjYKUN.exe
  C:\Windows\System\dAjYKUN.exe
  2⤵
  PID:8596
- C:\Windows\System\yvaDJtw.exe
  C:\Windows\System\yvaDJtw.exe
  2⤵
  PID:9132
- C:\Windows\System\PCaHrNX.exe
  C:\Windows\System\PCaHrNX.exe
  2⤵
  PID:9064
- C:\Windows\System\RPUYOjv.exe
  C:\Windows\System\RPUYOjv.exe
  2⤵
  PID:9012
- C:\Windows\System\rLgDsFO.exe
  C:\Windows\System\rLgDsFO.exe
  2⤵
  PID:8308
- C:\Windows\System\spsmPqT.exe
  C:\Windows\System\spsmPqT.exe
  2⤵
  PID:8544
- C:\Windows\System\RCwPOYA.exe
  C:\Windows\System\RCwPOYA.exe
  2⤵
  PID:8452
- C:\Windows\System\JdUNTaO.exe
  C:\Windows\System\JdUNTaO.exe
  2⤵
  PID:9028
- C:\Windows\System\wOgyspZ.exe
  C:\Windows\System\wOgyspZ.exe
  2⤵
  PID:8948
- C:\Windows\System\zOSkYMx.exe
  C:\Windows\System\zOSkYMx.exe
  2⤵
  PID:9168
- C:\Windows\System\ynKLfCw.exe
  C:\Windows\System\ynKLfCw.exe
  2⤵
  PID:8356
- C:\Windows\System\DPHyAgp.exe
  C:\Windows\System\DPHyAgp.exe
  2⤵
  PID:9228
- C:\Windows\System\zfbByIo.exe
  C:\Windows\System\zfbByIo.exe
  2⤵
  PID:9244
- C:\Windows\System\ftGjvFy.exe
  C:\Windows\System\ftGjvFy.exe
  2⤵
  PID:9260
- C:\Windows\System\vJqvdHZ.exe
  C:\Windows\System\vJqvdHZ.exe
  2⤵
  PID:9276
- C:\Windows\System\jtqbKjW.exe
  C:\Windows\System\jtqbKjW.exe
  2⤵
  PID:9292
- C:\Windows\System\RtdRZSy.exe
  C:\Windows\System\RtdRZSy.exe
  2⤵
  PID:9312
- C:\Windows\System\RsPTaio.exe
  C:\Windows\System\RsPTaio.exe
  2⤵
  PID:9328
- C:\Windows\System\UqzvaHk.exe
  C:\Windows\System\UqzvaHk.exe
  2⤵
  PID:9344
- C:\Windows\System\ouZBxOM.exe
  C:\Windows\System\ouZBxOM.exe
  2⤵
  PID:9360
- C:\Windows\System\HrVIxkI.exe
  C:\Windows\System\HrVIxkI.exe
  2⤵
  PID:9376
- C:\Windows\System\yMOucgB.exe
  C:\Windows\System\yMOucgB.exe
  2⤵
  PID:9392
- C:\Windows\System\sfHqBle.exe
  C:\Windows\System\sfHqBle.exe
  2⤵
  PID:9408
- C:\Windows\System\eryLRYl.exe
  C:\Windows\System\eryLRYl.exe
  2⤵
  PID:9424
- C:\Windows\System\XZnwzUY.exe
  C:\Windows\System\XZnwzUY.exe
  2⤵
  PID:9440
- C:\Windows\System\mIAxDMX.exe
  C:\Windows\System\mIAxDMX.exe
  2⤵
  PID:9456
- C:\Windows\System\rViFuaI.exe
  C:\Windows\System\rViFuaI.exe
  2⤵
  PID:9472
- C:\Windows\System\xZIQRql.exe
  C:\Windows\System\xZIQRql.exe
  2⤵
  PID:9488
- C:\Windows\System\AeWqMXZ.exe
  C:\Windows\System\AeWqMXZ.exe
  2⤵
  PID:9504
- C:\Windows\System\ZYdXVmO.exe
  C:\Windows\System\ZYdXVmO.exe
  2⤵
  PID:9520
- C:\Windows\System\sPJSPPs.exe
  C:\Windows\System\sPJSPPs.exe
  2⤵
  PID:9536
- C:\Windows\System\MeTmBPK.exe
  C:\Windows\System\MeTmBPK.exe
  2⤵
  PID:9552
- C:\Windows\System\axVDEZR.exe
  C:\Windows\System\axVDEZR.exe
  2⤵
  PID:9568
- C:\Windows\System\WdJHNRd.exe
  C:\Windows\System\WdJHNRd.exe
  2⤵
  PID:9584
- C:\Windows\System\RxatvFl.exe
  C:\Windows\System\RxatvFl.exe
  2⤵
  PID:9600
- C:\Windows\System\BlHYzvL.exe
  C:\Windows\System\BlHYzvL.exe
  2⤵
  PID:9616
- C:\Windows\System\hJfVxOF.exe
  C:\Windows\System\hJfVxOF.exe
  2⤵
  PID:9632
- C:\Windows\System\syqLeVq.exe
  C:\Windows\System\syqLeVq.exe
  2⤵
  PID:9648
- C:\Windows\System\rhkicdp.exe
  C:\Windows\System\rhkicdp.exe
  2⤵
  PID:9664
- C:\Windows\System\LyivcWb.exe
  C:\Windows\System\LyivcWb.exe
  2⤵
  PID:9680
- C:\Windows\System\IzPSrBI.exe
  C:\Windows\System\IzPSrBI.exe
  2⤵
  PID:9696
- C:\Windows\System\sukxmfy.exe
  C:\Windows\System\sukxmfy.exe
  2⤵
  PID:9712
- C:\Windows\System\qfIchNx.exe
  C:\Windows\System\qfIchNx.exe
  2⤵
  PID:9728
- C:\Windows\System\rISaezu.exe
  C:\Windows\System\rISaezu.exe
  2⤵
  PID:9744
- C:\Windows\System\yBbZkKd.exe
  C:\Windows\System\yBbZkKd.exe
  2⤵
  PID:9760
- C:\Windows\System\ZPEkHHU.exe
  C:\Windows\System\ZPEkHHU.exe
  2⤵
  PID:9780
- C:\Windows\System\AvgeQzO.exe
  C:\Windows\System\AvgeQzO.exe
  2⤵
  PID:9796
- C:\Windows\System\gTmOZKy.exe
  C:\Windows\System\gTmOZKy.exe
  2⤵
  PID:9812
- C:\Windows\System\cdKdvwF.exe
  C:\Windows\System\cdKdvwF.exe
  2⤵
  PID:9828
- C:\Windows\System\ancROAz.exe
  C:\Windows\System\ancROAz.exe
  2⤵
  PID:9844
- C:\Windows\System\fseSGmO.exe
  C:\Windows\System\fseSGmO.exe
  2⤵
  PID:9860
- C:\Windows\System\cINbZSR.exe
  C:\Windows\System\cINbZSR.exe
  2⤵
  PID:9876
- C:\Windows\System\DaUrCjI.exe
  C:\Windows\System\DaUrCjI.exe
  2⤵
  PID:9892
- C:\Windows\System\fEqxJKW.exe
  C:\Windows\System\fEqxJKW.exe
  2⤵
  PID:9908
- C:\Windows\System\OWswjfp.exe
  C:\Windows\System\OWswjfp.exe
  2⤵
  PID:9928
- C:\Windows\System\wNjaIFZ.exe
  C:\Windows\System\wNjaIFZ.exe
  2⤵
  PID:9944
- C:\Windows\System\ojLaAgg.exe
  C:\Windows\System\ojLaAgg.exe
  2⤵
  PID:9960
- C:\Windows\System\udlxZtn.exe
  C:\Windows\System\udlxZtn.exe
  2⤵
  PID:9984
- C:\Windows\System\hiZXMcq.exe
  C:\Windows\System\hiZXMcq.exe
  2⤵
  PID:10004
- C:\Windows\System\uAAUOsL.exe
  C:\Windows\System\uAAUOsL.exe
  2⤵
  PID:9484
- C:\Windows\System\nrAmTaA.exe
  C:\Windows\System\nrAmTaA.exe
  2⤵
  PID:8868
- C:\Windows\System\adUdGoO.exe
  C:\Windows\System\adUdGoO.exe
  2⤵
  PID:9644
- C:\Windows\System\WzwKxzK.exe
  C:\Windows\System\WzwKxzK.exe
  2⤵
  PID:9708
- C:\Windows\System\wJEXeQK.exe
  C:\Windows\System\wJEXeQK.exe
  2⤵
  PID:9676
- C:\Windows\System\ztoaLhz.exe
  C:\Windows\System\ztoaLhz.exe
  2⤵
  PID:9400
- C:\Windows\System\MIDGDdV.exe
  C:\Windows\System\MIDGDdV.exe
  2⤵
  PID:9308
- C:\Windows\System\MnLkNem.exe
  C:\Windows\System\MnLkNem.exe
  2⤵
  PID:9368
- C:\Windows\System\avMAVRl.exe
  C:\Windows\System\avMAVRl.exe
  2⤵
  PID:9464
- C:\Windows\System\NWsCsIL.exe
  C:\Windows\System\NWsCsIL.exe
  2⤵
  PID:9528
- C:\Windows\System\zTbLvlR.exe
  C:\Windows\System\zTbLvlR.exe
  2⤵
  PID:10052
- C:\Windows\System\BDiTzkt.exe
  C:\Windows\System\BDiTzkt.exe
  2⤵
  PID:9900
- C:\Windows\System\JlabGDb.exe
  C:\Windows\System\JlabGDb.exe
  2⤵
  PID:9924
- C:\Windows\System\yGtToba.exe
  C:\Windows\System\yGtToba.exe
  2⤵
  PID:9972
- C:\Windows\System\pGfagwJ.exe
  C:\Windows\System\pGfagwJ.exe
  2⤵
  PID:9992
- C:\Windows\System\vRjaToX.exe
  C:\Windows\System\vRjaToX.exe
  2⤵
  PID:10072
- C:\Windows\System\mSUYQyb.exe
  C:\Windows\System\mSUYQyb.exe
  2⤵
  PID:10088
- C:\Windows\System\ICgqBEL.exe
  C:\Windows\System\ICgqBEL.exe
  2⤵
  PID:9996
- C:\Windows\System\QnrBzJZ.exe
  C:\Windows\System\QnrBzJZ.exe
  2⤵
  PID:10012
- C:\Windows\System\OISxbqR.exe
  C:\Windows\System\OISxbqR.exe
  2⤵
  PID:10044
- C:\Windows\System\PHZerLU.exe
  C:\Windows\System\PHZerLU.exe
  2⤵
  PID:10124
- C:\Windows\System\kjWIoCE.exe
  C:\Windows\System\kjWIoCE.exe
  2⤵
  PID:10140
- C:\Windows\System\fRmBwQP.exe
  C:\Windows\System\fRmBwQP.exe
  2⤵
  PID:10156
- C:\Windows\System\gptpQAI.exe
  C:\Windows\System\gptpQAI.exe
  2⤵
  PID:10172
- C:\Windows\System\zktfsjK.exe
  C:\Windows\System\zktfsjK.exe
  2⤵
  PID:10192
- C:\Windows\System\nCBrslC.exe
  C:\Windows\System\nCBrslC.exe
  2⤵
  PID:10208
- C:\Windows\System\eRKFmrs.exe
  C:\Windows\System\eRKFmrs.exe
  2⤵
  PID:10220
- C:\Windows\System\ocDZrLZ.exe
  C:\Windows\System\ocDZrLZ.exe
  2⤵
  PID:8516
- C:\Windows\System\EeLViKJ.exe
  C:\Windows\System\EeLViKJ.exe
  2⤵
  PID:9256
- C:\Windows\System\UXADROG.exe
  C:\Windows\System\UXADROG.exe
  2⤵
  PID:9324
- C:\Windows\System\MvRSCSU.exe
  C:\Windows\System\MvRSCSU.exe
  2⤵
  PID:9384
- C:\Windows\System\GeThxHk.exe
  C:\Windows\System\GeThxHk.exe
  2⤵
  PID:9416
- C:\Windows\System\vXttYIo.exe
  C:\Windows\System\vXttYIo.exe
  2⤵
  PID:9480
- C:\Windows\System\WCAQret.exe
  C:\Windows\System\WCAQret.exe
  2⤵
  PID:10020
- C:\Windows\System\RjrzaNj.exe
  C:\Windows\System\RjrzaNj.exe
  2⤵
  PID:8576
- C:\Windows\System\CpybBXg.exe
  C:\Windows\System\CpybBXg.exe
  2⤵
  PID:9496
- C:\Windows\System\TlCVeCQ.exe
  C:\Windows\System\TlCVeCQ.exe
  2⤵
  PID:9640
- C:\Windows\System\UZGIaiT.exe
  C:\Windows\System\UZGIaiT.exe
  2⤵
  PID:9272
- C:\Windows\System\bIEjeEc.exe
  C:\Windows\System\bIEjeEc.exe
  2⤵
  PID:8756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CVkaKez.exe

Filesize
6.0MB

MD5
e0724ab9774368372cb6a72b16d8207f

SHA1
47860c55efac0f7f671028a2da7f882c398be95a

SHA256
c59a6c8d4d2438060e609ce1e91c0824cf1b5ea3a2e746f3f8925fd6cb4781b5

SHA512
9c8a1f9d3846cd5b854a4daec40751c186897d9ff843023e14f6d8693760c17d1e1f6efcb8fb04a07cee124d0203bde168d4db0a343969b7730e1cb0fc96b2c2

Download Submit
C:\Windows\system\ECiuubn.exe

Filesize
6.0MB

MD5
0a8e91ee4e13faebd1885130227792ac

SHA1
50c05edbc43bfe23008375e4b1e6c10651a02f93

SHA256
1a06c017aee8865d6be11c7ec8426c0eac2f2666fe8d0dcb50d1a8fd5b78d052

SHA512
4dafce98c6d4a98bef4c3fce2bbf5d15b34459acc2fd9a96310469683d718709e94a7111cdb0255115f26ad407fb7e6068ec70f919adde9484cb203b27d958cd

Download Submit
C:\Windows\system\FKKFHsK.exe

Filesize
6.0MB

MD5
95567fee523c00b2864496357f7c847f

SHA1
b98d80dd2a772c9b1014646bc2d957ab4a69e128

SHA256
5469f3926552d9ed581084b14e47ed7f9943a42e7b77caf69b7204635f35af66

SHA512
d6c86849bcc3e783ce1afdaaae9a4660ee40617b4d3b4dde78455e490cc54d625af2798be415cef42f7c679a7a1d3b24173a2fd447d3b9c061a8d8e866a543ac

Download Submit
C:\Windows\system\JVVgdVY.exe

Filesize
6.0MB

MD5
c010487f74d7f9d2c57146a26441cb69

SHA1
39d23ecd7105a5d9aff1ca5dc4a57abe3be5dee7

SHA256
79b28780e4a94d5b922745da747d25788b161b57db044add02310fd7693ae996

SHA512
333871ecaff485cf9ccb3decd52ca7a61de460c71734af112ffe133321ff437786a24bbac52110e3849b00f5ff785be0ea034df5b06f3a58d6863765b2036744

Download Submit
C:\Windows\system\MjalSvn.exe

Filesize
6.0MB

MD5
33927c9230f203538d6322b3deaa70aa

SHA1
3dd18c67b79b61de961fe2e43e74e2bf030da7a3

SHA256
3dc093dfc70aaf609d99652f2b17bb14e893afd5b6a505077f01c1b414a6b55f

SHA512
8881de7b06b9e0d45ff00798138f82036874baabf8b6aab526d99f9f1f39fa835be86d88fa69a275ce8e6caf31eceeaf1f7a5ccd57d407d8a42257c67ff58754

Download Submit
C:\Windows\system\MlkfIsB.exe

Filesize
6.0MB

MD5
feb98ba023ee74ad40c5aa846a6d1dab

SHA1
91e1ab24baa3a032e56bdb8eb44729a43fd98d35

SHA256
5c265106e2d3688d9bf576946e6b86ee63df106335e2d5bd64822445b11b9af1

SHA512
f3f461d9b128a1d3d506ef6c4081ee383d16378fa99d2e94d346a23e9845f2119916a5890a927dc1ffbd2d2112b38d003fc637b5215648cbb1b6a4c103f13382

Download Submit
C:\Windows\system\ONCQkUC.exe

Filesize
6.0MB

MD5
da81a07a44155b1fd6b7360f35fbddd4

SHA1
78149bca7b7eff1e37131a2b909e869493c97471

SHA256
fddb55c8dd03956a33b537f697d5d1d54310f8a90332a857cb9890dcab2b0d5f

SHA512
b2a5c3bd1432539de9bd51350f7017818b11ff6dde75b102e47780da6f253e302846f245dac07623522b02321ff548afbbf53384c0fbb3a11da234064625f69b

Download Submit
C:\Windows\system\PDpGWSf.exe

Filesize
6.0MB

MD5
7c25752efa704548002cca7edfc291f8

SHA1
79e80747954661715bfbc4e69ed35f6845ce66b4

SHA256
49cda4e3eedb6da1dfe8b31aa5ba261b92829a834e8b8b5de058e5fef17119dc

SHA512
c63b93ce25b1dac82bbbcd38c53590dd5ed40045de96bc4a94d7f52b6cfdd53d5eb6d7f8c8b1d013e0837e4ea00d052fdf8b2e3c60030e325e9ba7877a52299d

Download Submit
C:\Windows\system\PEllDcG.exe

Filesize
6.0MB

MD5
99fac6caefe42626fee0f82ffe006e9e

SHA1
ac741ceb04ecfef441a3ec8f070be4e4ab4391fa

SHA256
8cbc22f651ee30f2dcb1397ce301506f92b4c531b40a7f09bb77e9c870092319

SHA512
3bcecfd67dc97eef4c91fed53709d159f3b77cbe75744665759be8635e15ea9389b17d1ae62af174f1e2b769b44237040360d2e0b170d58e6a179cca11a48d16

Download Submit
C:\Windows\system\PkfZaPM.exe

Filesize
6.0MB

MD5
23bd3c22f05788fa98c5ababb409f6e2

SHA1
61bb511595c7a8c58c6dd106bddcc95afe5338e4

SHA256
45cd0d347cfc0f8a4f493a48e0f79ae9cdc88dbf39ea27f58cfc168488535b8d

SHA512
c653a5d11c3f5797bcea06ee989ec5a126b1bc1dcd9a71ee46de8ea570ef46d36dea7eed146884a5807cdb6e2032254818d48b2e3fc8fdf49fb1a7a616fd20d9

Download Submit
C:\Windows\system\QQdEDDW.exe

Filesize
6.0MB

MD5
905f94b2561ba0989b7e56af056a83bd

SHA1
c8901f64e121ed5bd7cdb809f279b92f7ae67933

SHA256
aee0b712d2cf3db39837839709abd6ead1cbdff5443d3a2544f76bf93d877301

SHA512
f7e096afd8d433df014f0dd1ea6e4342c832ba2e3e96dbbe584b3006ed9a56a23a682d32c8f9d2c4c188109d59e296fd62eeb62c962cf054e0b9c5fdaa73713b

Download Submit
C:\Windows\system\ZPEotyF.exe

Filesize
6.0MB

MD5
e3468278f18050a5a5ad4b544ea36c9e

SHA1
58966f11922185ae6f36a7196ba0f33dff266089

SHA256
271e6c76bf36c93a93512d9da7dff38c577624ba3aebd8685c92f07910eef520

SHA512
2b674daefadfa6c354e95eefe5a57af6e3ec7bc92307770a9e50d39fbfe71816f5e1810f1b6a794a78164be148219cf4846e89374db6050678671ba6a785ca35

Download Submit
C:\Windows\system\ZncdPsT.exe

Filesize
6.0MB

MD5
88864751d976b583f277314bdd85b094

SHA1
192c9e0e7050cc7a91304c5e5aa07073114402cd

SHA256
168c861c22d141d92bc87c2857ef9c6d83926fc815fb374026c100afe17cc657

SHA512
55f859fc6a1551528e6a2a6a0d411fa02f4dc701151598f44ddf178568be19785d59d98c26a06b13a0a045b2a3b36fab8fc21477eb1028372535074ee9325d62

Download Submit
C:\Windows\system\dXKxnxO.exe

Filesize
6.0MB

MD5
b94fb92d218de48d5faf4b4222fdc356

SHA1
e432a30b778917bf819940fbeb417a6d9c74e358

SHA256
0f002d82c16433a80eaa507fa767fffb5111935d13e83895e6be8e1be56edaac

SHA512
d74b6574c72c24380ab5f5f7f6edcea8b1f2438fc3a237a10d1a32d6a0dae76fb9c8478b7d689e0ae246ade5c4c58b31aa7af35fd21c9faff024327f8cbfb26a

Download Submit
C:\Windows\system\doxnwoC.exe

Filesize
6.0MB

MD5
977ab320ef5d1e7ae6148bdaaa71d1fd

SHA1
205dc5d75a81c67a0419f424ef7053785392f143

SHA256
4a7b5f1149cf331c10eea1f56856f34ed175da08f060ed64cbca474980503ba8

SHA512
2e7563d5d6721db08714b69f1b18aea64677f00dd566b96801eed393afdbd02bcf2d0997e464aff1775b2459a46f64de4a61a4a19b1075fa4ef73229cf357d57

Download Submit
C:\Windows\system\eCXCoRv.exe

Filesize
6.0MB

MD5
efd2a1e053b4485ee818b982da8ea9e1

SHA1
3b59f0f049dcaf8fd6ba4c65a6297d8ca4b11cde

SHA256
380c02fb6abb6fb1a87fb5976b33b56c42a272685949a082e89503655d5762df

SHA512
90983d0ec0a6d029d3b90a7de09842add54db2b681521f364906a9153124ed8d09f14190ac458fd7e51ee9ae182d8da928c462d0bbea8c4dcb70ab4446c947b0

Download Submit
C:\Windows\system\fEUZfDM.exe

Filesize
6.0MB

MD5
f2f788e501b0c5d480f79da15739ba86

SHA1
3ee3a38296d1472745555ec873928a683c64de11

SHA256
fd55b5cf1c057c1164234c77628d4eb3e7d1ed5fe53f07428e0f5906631c997e

SHA512
e1f3f90fe293970e321a490546f25a05d96756d03671b8b6b2d380bc5ae6f77e8440892fc530bd350f363aeadf52bb2ac091f09e3926ef1f1789f8cc30fdf4bd

Download Submit
C:\Windows\system\hvNjKWg.exe

Filesize
6.0MB

MD5
5f2e9075c4016e7de4a3b6f21258426e

SHA1
56f99647c615141e4056d16387e13fc5d7524b95

SHA256
c9908751d7b286f88aff2165ac1814e961de0b53aef52b11ef761729b69970c9

SHA512
57dc6a875062c88989f2ee3c9735c7dc20eda23f3d9b8e9ee964df209655db039be5716f743061558ba334f77e06b94509b47b4ed1a13c03dae83f5f7436d02b

Download Submit
C:\Windows\system\kJpBlwV.exe

Filesize
6.0MB

MD5
a304f1e2ffe7f193485ece126bca0eab

SHA1
170449104e3ff9ac0527de8437761c6f0ca905b3

SHA256
6130a70d28abf827b38b0048e80387c8d38011ce857223ae5dedd9e6f287c586

SHA512
c1c29b4c82651a6c085d0fac52c91b68de658649839870941cd14c75ee8b339301c22335bb51e4944dc097db77a0a91465f5c468840b1d772704b9397afbd3dc

Download Submit
C:\Windows\system\pKXOVHs.exe

Filesize
6.0MB

MD5
cc65483210c2c80b10fb82d008459920

SHA1
279df0b525c765ab0ce0d5c68a594eb041c5b066

SHA256
a92f0c3b795a0b1af93d76c912ac14751b1781066297bf9efb327787ee5a9299

SHA512
62df97e450cbd4ec9882097cf3a625b8fdc032fa117be29315dd927dbcbc265d2acb84cc470d7dafc8c931a184f7742ee5390be45c8cb5b43f332210dc4630f1

Download Submit
C:\Windows\system\qHMQXpS.exe

Filesize
6.0MB

MD5
e2fd4c662db9ddfb07e2e5df8e179951

SHA1
aa85af8c6e73107615473bbdd504470858023551

SHA256
0b7c9262967aab0b3e59e26876b4bce725a1fab714f7d378369960cc23b1b7b1

SHA512
20d27b9ac4e30e868e604bc29a139d9fbd6573dcbf7e6cf24aaee1c400ee287abe42bfa5d8190cbf75c54b0b499cf5ded821fbdfe0cda8316c115c65cf37ca4e

Download Submit
C:\Windows\system\ulMYYsq.exe

Filesize
6.0MB

MD5
db13943ae3dd537e8887a1b611b10b6d

SHA1
7aeaecb8828f217ac95f5ce95164abb3e47c7fad

SHA256
1fb6c209c491fb611b8dc7f20b8259e6d17bd513c91024b7ffb2e3de3c95ce40

SHA512
4d0f6c8f26b2e111992fdf7d53b8da47addeb31e7f895a153a8e3c7aef06d9cd236a86a3665b917db45713ee269360ba80a37b10f9b43709f44c2b22f5f3fb99

Download Submit
C:\Windows\system\vDfBJTa.exe

Filesize
6.0MB

MD5
dacffb8d03c7c02c3806bb7db3c8386a

SHA1
69a41b8f469ca5b52d74c71521366a76f4b72037

SHA256
ae39bac7ab978d62eef69bc2c03442ef3652d2e50de0100ff92660656d5d4af2

SHA512
7c50cce10f26e1aa892c09ecf4f2a9000fbb66f400d70e85c2033c942c7fa1ad168add22b6aabd34d6cab517c9686960a76fd8eb8d8f4b20523e0b17d97f5ffb

Download Submit
C:\Windows\system\wEEPxRE.exe

Filesize
6.0MB

MD5
88479563944866040aaae5dab6d6f533

SHA1
eb95475a158ef70d15781e9cddb7cc3aa8264d68

SHA256
804dbdc504892cf7229dbfe28d07a36875496f578317fd12e12cbf090f82805f

SHA512
2f833fd094e2942333011221754b29184d579454ae46652f5172801c095867058a208552add00610548b53ed274e958c330f6b097a1377a694d639a524cc5c54

Download Submit
C:\Windows\system\xpYZAAc.exe

Filesize
6.0MB

MD5
5480b97af7618ad3f54dd45fea255909

SHA1
24f1ba2fca9e0ed9caad2563d3b49386d2a3aaf8

SHA256
125cc08ea4e6e8623354f6df50948ff27717829ac8ae2e7f251c41b22e63c5dd

SHA512
39c587f74721a675688bda5e1244bc8228da98d9cba35dabfd7e98577138f4fd4e02f9cc5ff2547f7a70e305450465c851e262f77ccd54b02ff94a46e1c88b25

Download Submit
C:\Windows\system\zAKKDYT.exe

Filesize
6.0MB

MD5
5b889059d3284bc3bb685864e8d76119

SHA1
77b1f6d3aaedebd4008e05ca88e527af55fc9fc3

SHA256
8515818129a3d3404c669d510f739c2aaef695097a6b12ded7fc4d03431b4fb0

SHA512
703cc10fb332b4240a7e18d9819124d8415f24ac991dbf041d282c729d6d4f0cb45aafe287e12b00b72873053db302c2511534e93f64ae7e7015019b09636eef

Download Submit
C:\Windows\system\zyTymHZ.exe

Filesize
6.0MB

MD5
4d084fcbde909b2f271e5b8a9236ee02

SHA1
b0d670d4382d77dd9b8ffd63cbf304f07ce62a24

SHA256
8e488477cc4853409122e4b33d53602dc69ea60376bc688d367c9044ffb6479e

SHA512
c76b001ebf49c0841ac0b137c0f617dc86821e987e21e1e71547bc8ad1897b937e592bc6530acc5bc64403326a9d68256bf42e6ad226007153b0e9e6722a9d25

Download Submit
\Windows\system\EuwuiGe.exe

Filesize
6.0MB

MD5
d8433bc41e4e52c303766e9dc85e6bb5

SHA1
c0efea8bda30c91601323ba884fbab071c30a713

SHA256
fcbfaa03816dd3c586913cec86ea42a74fccd3f874837895ef20b6a4c574c259

SHA512
924ec6ce7c0a81c9bb942814119cdf3b5235a40c2bc1afb961ed56da80c9914933cbf8abe6dd67642048da02c65c665cd156c8c282fd41d5a881610604074c64

Download Submit
\Windows\system\NqumRGe.exe

Filesize
6.0MB

MD5
6fe7e5592c18a0d976b7f2d0a07888b3

SHA1
bad03bc1732962465ed2dbce5ffba6d1abfb6e25

SHA256
57307ab937688b7c0c04b1c2729f6f898327e79fb7e29c2e4ff4833e6440984a

SHA512
bff333568a57e6a5a4cf216385d0fbd4b05b53c341e0197fd1b59ff714e886714f1cd3a21a9927dd372a2669ea681805a65a3589c61cdbda471c2dd3d68a216e

Download Submit
\Windows\system\WpuZaRV.exe

Filesize
6.0MB

MD5
01e3e48e1c70efba77fe2dc2a134af06

SHA1
d206b8bd3aac958dbe79ce70d142fc576722cbdc

SHA256
77e6254bcb367ce289a40170792c4f288a13727b65156dedbb66010a4d2934ba

SHA512
469072a05a35f517414d6ede64082194941f558ecd2d5829cb5cbee453de03833d438b3800ba517025f20760c014f156ac3110d5404aceebc547331f2aae2404

Download Submit
\Windows\system\dmAQLAZ.exe

Filesize
6.0MB

MD5
0a76bffc5da8b6ff5388d7afa73a6837

SHA1
a47608847f53680a2c5a1869bd8ff05fde9aa3dd

SHA256
dc3bae67e77df2699564db9deab66b8bbd3cabeef98aea3eb2659533411730ff

SHA512
0ec82a4fd16866011d852eb96b6e5808a8c98746e2a1ff0994120185aa97a84ffb8128875262e8176db0385088ca8742101bac7834a5f9cd3adfd52aad741eff

Download Submit
\Windows\system\evceJfN.exe

Filesize
6.0MB

MD5
a4e34267caf6d2b0187d8b891e683021

SHA1
3a4f33486b0e3cf44443bf124ce880be7867001b

SHA256
03a6a3e013f82f9c6927cc6ee1ca194b03924438ae0d5f44cc01be5cbd94e58c

SHA512
e49898a88c0edf4a276a8ff614bba6d38d89ead93dfa9c70043c2b058d6e3f9f9766fc054bf432c747a79e3a0406dba6cc3868dc0bb0d5d6b6595d96f571f863

Download Submit
memory/1400-4160-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/1400-93-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/1952-59-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/1952-4163-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2008-73-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2008-4159-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2156-88-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2156-4164-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2288-4158-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2288-99-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2360-98-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2360-52-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2360-4157-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2380-3783-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2380-16-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2584-91-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-45-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-3789-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-92-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2672-74-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2672-90-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-0-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-21-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2672-87-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2672-31-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2672-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2672-75-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2672-58-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2672-925-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2672-35-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-51-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2672-4-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-71-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2672-15-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2672-776-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2672-617-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2672-197-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2672-104-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2672-41-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-40-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-28-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2672-105-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3781-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-83-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3782-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2744-57-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2744-23-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2756-29-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3790-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2756-67-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2764-8-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-46-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3780-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-78-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2876-4162-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2912-76-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2912-4161-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download