cobaltstrike | 02768e6bcebc03cf2e64ca2ae9b5e9154e9161a1d7260cdcc5af632f65dd5f49

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-12-2024 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

cfa13a5127f859571ae3b87645fee851
SHA1

9b23e924510f3b7b7ec43c4693d2219429217fe5
SHA256

02768e6bcebc03cf2e64ca2ae9b5e9154e9161a1d7260cdcc5af632f65dd5f49
SHA512

4745641fb6f0343a61c3d9e61e4e7650c27e6b4d91bc0d1110137836c599695f0d3fb1b1cec6de555a42b18a1a895a0b8c1c584e88725e9980424b93526376a0
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUF:T+q56utgpPF8u/7F

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d0000000122e4-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d58-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016db5-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dd0-21.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016eb8-45.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016de4-33.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016de8-41.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a2-72.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018697-66.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d36-58.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f6-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-178.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-198.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-193.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-188.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019387-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-128.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e1-114.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-118.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f65-96.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001904c-104.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c34-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c44-87.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3004-0-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/files/0x000d0000000122e4-3.dat	xmrig
behavioral1/memory/3004-6-0x0000000002290000-0x00000000025E4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d58-9.dat	xmrig
behavioral1/memory/2380-14-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/files/0x0007000000016db5-11.dat	xmrig
behavioral1/memory/3004-18-0x0000000002290000-0x00000000025E4000-memory.dmp	xmrig
behavioral1/memory/2676-24-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2940-28-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016dd0-21.dat	xmrig
behavioral1/memory/2424-35-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2816-44-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/files/0x0009000000016eb8-45.dat	xmrig
behavioral1/memory/1732-42-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/3004-34-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/files/0x0007000000016de4-33.dat	xmrig
behavioral1/files/0x0009000000016de8-41.dat	xmrig
behavioral1/memory/2956-55-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2940-69-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x00050000000187a2-72.dat	xmrig
behavioral1/memory/2624-73-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2824-64-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2272-67-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018697-66.dat	xmrig
behavioral1/memory/3004-65-0x0000000002290000-0x00000000025E4000-memory.dmp	xmrig
behavioral1/memory/2676-62-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d36-58.dat	xmrig
behavioral1/memory/2380-51-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/1432-90-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000191f6-123.dat	xmrig
behavioral1/files/0x0005000000019377-178.dat	xmrig
behavioral1/files/0x00050000000193c1-198.dat	xmrig
behavioral1/memory/1992-1156-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2692-918-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/1432-666-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/3044-427-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2624-225-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/files/0x00050000000193b3-193.dat	xmrig
behavioral1/files/0x00050000000193a4-188.dat	xmrig
behavioral1/files/0x0005000000019387-183.dat	xmrig
behavioral1/files/0x0005000000019365-173.dat	xmrig
behavioral1/files/0x0005000000019319-167.dat	xmrig
behavioral1/files/0x000500000001929a-163.dat	xmrig
behavioral1/files/0x0005000000019278-158.dat	xmrig
behavioral1/files/0x0005000000019275-153.dat	xmrig
behavioral1/files/0x000500000001926c-148.dat	xmrig
behavioral1/files/0x0005000000019268-143.dat	xmrig
behavioral1/files/0x0005000000019259-138.dat	xmrig
behavioral1/files/0x0005000000019240-133.dat	xmrig
behavioral1/files/0x0005000000019217-128.dat	xmrig
behavioral1/files/0x00060000000190e1-114.dat	xmrig
behavioral1/files/0x00050000000191d2-118.dat	xmrig
behavioral1/memory/2692-98-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/3004-97-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x0006000000018f65-96.dat	xmrig
behavioral1/memory/1992-106-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2272-105-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/files/0x000600000001904c-104.dat	xmrig
behavioral1/memory/3044-81-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018c34-80.dat	xmrig
behavioral1/memory/2424-78-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2956-89-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018c44-87.dat	xmrig
behavioral1/memory/2816-85-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1732	zRiaKrK.exe
2380	utgrzvb.exe
2676	ataVZQs.exe
2940	OQOjARX.exe
2424	RqpvfoC.exe
2816	vDPDErV.exe
2956	aeEBDhN.exe
2824	pgqgElE.exe
2272	rPZIeuH.exe
2624	QjPPzmD.exe
3044	jTWGtNG.exe
1432	CHnATYi.exe
2692	fJdbzXj.exe
1992	PSlRCts.exe
1620	coqSkgF.exe
620	fNicDBV.exe
236	KbOEsMK.exe
1348	gOYLbhN.exe
2888	bdTxfDU.exe
1828	IBhzYsB.exe
2420	RGTDWaZ.exe
2876	IrChlFZ.exe
2188	lxFIWeS.exe
2220	deLVzNN.exe
1772	GZDaaHQ.exe
2276	yXPKyAf.exe
3012	nMtnZfk.exe
1456	MiixtQq.exe
2984	UlMwVNo.exe
2980	nLzaGvh.exe
1888	lvctoNw.exe
1292	RQsXAdZ.exe
2280	LyFFCwh.exe
1296	KlnZoRo.exe
2224	EHundMA.exe
1980	zqbrnqc.exe
2020	utyTknD.exe
1672	ScUpeRE.exe
1460	qgrpdVD.exe
480	VRuLeBW.exe
2472	xgVSGTV.exe
2868	GmwBuEh.exe
2348	PZTPWBG.exe
2496	thzONBb.exe
676	XqjMOWl.exe
1860	epoBYgj.exe
1528	RUwsDJU.exe
1288	PsPTfkt.exe
1424	kQrPUIy.exe
1168	OoDbEBZ.exe
1944	pjVKLdc.exe
2176	QARULlP.exe
1520	zWqAQmH.exe
1868	qvVXyRZ.exe
2540	rGlFCpL.exe
2684	ZnLeNDv.exe
2808	MYXzhlr.exe
3060	QLCgErN.exe
2592	ifcEFoT.exe
3032	GXtafHQ.exe
2660	rYfKYxU.exe
2120	kHAcCWA.exe
2016	BuRrLQz.exe
2340	ftsSVRJ.exe

Loads dropped DLL 64 IoCs

pid	Process
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3004-0-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/files/0x000d0000000122e4-3.dat	upx
behavioral1/memory/3004-6-0x0000000002290000-0x00000000025E4000-memory.dmp	upx
behavioral1/files/0x0008000000016d58-9.dat	upx
behavioral1/memory/2380-14-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/files/0x0007000000016db5-11.dat	upx
behavioral1/memory/2676-24-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2940-28-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/files/0x0007000000016dd0-21.dat	upx
behavioral1/memory/2424-35-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2816-44-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/files/0x0009000000016eb8-45.dat	upx
behavioral1/memory/1732-42-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/3004-34-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/files/0x0007000000016de4-33.dat	upx
behavioral1/files/0x0009000000016de8-41.dat	upx
behavioral1/memory/2956-55-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2940-69-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/files/0x00050000000187a2-72.dat	upx
behavioral1/memory/2624-73-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2824-64-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2272-67-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/files/0x0006000000018697-66.dat	upx
behavioral1/memory/2676-62-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/files/0x0009000000016d36-58.dat	upx
behavioral1/memory/2380-51-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/1432-90-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/files/0x00050000000191f6-123.dat	upx
behavioral1/files/0x0005000000019377-178.dat	upx
behavioral1/files/0x00050000000193c1-198.dat	upx
behavioral1/memory/1992-1156-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2692-918-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/1432-666-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/3044-427-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2624-225-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/files/0x00050000000193b3-193.dat	upx
behavioral1/files/0x00050000000193a4-188.dat	upx
behavioral1/files/0x0005000000019387-183.dat	upx
behavioral1/files/0x0005000000019365-173.dat	upx
behavioral1/files/0x0005000000019319-167.dat	upx
behavioral1/files/0x000500000001929a-163.dat	upx
behavioral1/files/0x0005000000019278-158.dat	upx
behavioral1/files/0x0005000000019275-153.dat	upx
behavioral1/files/0x000500000001926c-148.dat	upx
behavioral1/files/0x0005000000019268-143.dat	upx
behavioral1/files/0x0005000000019259-138.dat	upx
behavioral1/files/0x0005000000019240-133.dat	upx
behavioral1/files/0x0005000000019217-128.dat	upx
behavioral1/files/0x00060000000190e1-114.dat	upx
behavioral1/files/0x00050000000191d2-118.dat	upx
behavioral1/memory/2692-98-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x0006000000018f65-96.dat	upx
behavioral1/memory/1992-106-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2272-105-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/files/0x000600000001904c-104.dat	upx
behavioral1/memory/3044-81-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/files/0x0006000000018c34-80.dat	upx
behavioral1/memory/2424-78-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2956-89-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/files/0x0006000000018c44-87.dat	upx
behavioral1/memory/2816-85-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2940-3245-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2424-3244-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/1732-3248-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\BWGHwET.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EeHXtad.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xhGuOet.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DUzEmnn.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bMsYHfB.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DDFPDHR.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HboxSPP.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WFnnJmO.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hhgMQSl.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mthlvfA.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vMfJhZY.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QbgMwUZ.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dqymjHC.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fLfWfWs.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sYjuIsW.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PkBSxEr.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qPDgoVs.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\feXVgNU.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MbbCTeI.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ennhOqM.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OtzbLfH.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YQLXWZh.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZmepnET.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QrSaGIn.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bhVIWni.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IJysPSR.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qvkExVq.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oTVVOCa.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zMRpaiX.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NdhnJBX.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eIoEecl.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fPChUYr.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WDtZWru.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UutFrFk.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WUIjmjj.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FTfbzPj.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DimTQNs.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hyQmsvQ.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mJSDlTs.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Egninll.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RbDUJMw.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UuhKUSS.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EJqkNRf.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kUNJzVi.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XGtRiqz.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LyoCulK.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yWvubzJ.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lbIVrfX.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lcSebyX.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\soxVQxF.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sYZjwbp.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NFKkdTl.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EqZkkoK.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hPHgotC.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tBGEOMR.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DTjVlSW.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yWqxeUW.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oXuMFUB.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PmqBxFD.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GKMNCnK.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JZDGUUv.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\utKcEda.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rkNejXi.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xkOYQrU.exe	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 1732	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3004 wrote to memory of 1732	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3004 wrote to memory of 1732	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3004 wrote to memory of 2380	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3004 wrote to memory of 2380	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3004 wrote to memory of 2380	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3004 wrote to memory of 2676	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3004 wrote to memory of 2676	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3004 wrote to memory of 2676	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3004 wrote to memory of 2940	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3004 wrote to memory of 2940	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3004 wrote to memory of 2940	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3004 wrote to memory of 2424	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3004 wrote to memory of 2424	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3004 wrote to memory of 2424	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3004 wrote to memory of 2816	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3004 wrote to memory of 2816	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3004 wrote to memory of 2816	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3004 wrote to memory of 2956	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3004 wrote to memory of 2956	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3004 wrote to memory of 2956	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3004 wrote to memory of 2824	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3004 wrote to memory of 2824	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3004 wrote to memory of 2824	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3004 wrote to memory of 2272	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3004 wrote to memory of 2272	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3004 wrote to memory of 2272	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3004 wrote to memory of 2624	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3004 wrote to memory of 2624	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3004 wrote to memory of 2624	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3004 wrote to memory of 3044	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3004 wrote to memory of 3044	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3004 wrote to memory of 3044	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3004 wrote to memory of 1432	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3004 wrote to memory of 1432	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3004 wrote to memory of 1432	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3004 wrote to memory of 2692	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3004 wrote to memory of 2692	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3004 wrote to memory of 2692	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3004 wrote to memory of 1992	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3004 wrote to memory of 1992	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3004 wrote to memory of 1992	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3004 wrote to memory of 1620	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3004 wrote to memory of 1620	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3004 wrote to memory of 1620	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3004 wrote to memory of 620	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3004 wrote to memory of 620	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3004 wrote to memory of 620	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3004 wrote to memory of 236	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3004 wrote to memory of 236	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3004 wrote to memory of 236	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3004 wrote to memory of 1348	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3004 wrote to memory of 1348	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3004 wrote to memory of 1348	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3004 wrote to memory of 2888	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3004 wrote to memory of 2888	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3004 wrote to memory of 2888	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3004 wrote to memory of 1828	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3004 wrote to memory of 1828	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3004 wrote to memory of 1828	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3004 wrote to memory of 2420	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3004 wrote to memory of 2420	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3004 wrote to memory of 2420	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3004 wrote to memory of 2876	3004	2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-30_cfa13a5127f859571ae3b87645fee851_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Windows\System\zRiaKrK.exe
  C:\Windows\System\zRiaKrK.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\utgrzvb.exe
  C:\Windows\System\utgrzvb.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\ataVZQs.exe
  C:\Windows\System\ataVZQs.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\OQOjARX.exe
  C:\Windows\System\OQOjARX.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\RqpvfoC.exe
  C:\Windows\System\RqpvfoC.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\vDPDErV.exe
  C:\Windows\System\vDPDErV.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\aeEBDhN.exe
  C:\Windows\System\aeEBDhN.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\pgqgElE.exe
  C:\Windows\System\pgqgElE.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\rPZIeuH.exe
  C:\Windows\System\rPZIeuH.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\QjPPzmD.exe
  C:\Windows\System\QjPPzmD.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\jTWGtNG.exe
  C:\Windows\System\jTWGtNG.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\CHnATYi.exe
  C:\Windows\System\CHnATYi.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\fJdbzXj.exe
  C:\Windows\System\fJdbzXj.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\PSlRCts.exe
  C:\Windows\System\PSlRCts.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\coqSkgF.exe
  C:\Windows\System\coqSkgF.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\fNicDBV.exe
  C:\Windows\System\fNicDBV.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\KbOEsMK.exe
  C:\Windows\System\KbOEsMK.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\gOYLbhN.exe
  C:\Windows\System\gOYLbhN.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\bdTxfDU.exe
  C:\Windows\System\bdTxfDU.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\IBhzYsB.exe
  C:\Windows\System\IBhzYsB.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\RGTDWaZ.exe
  C:\Windows\System\RGTDWaZ.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\IrChlFZ.exe
  C:\Windows\System\IrChlFZ.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\lxFIWeS.exe
  C:\Windows\System\lxFIWeS.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\deLVzNN.exe
  C:\Windows\System\deLVzNN.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\GZDaaHQ.exe
  C:\Windows\System\GZDaaHQ.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\yXPKyAf.exe
  C:\Windows\System\yXPKyAf.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\nMtnZfk.exe
  C:\Windows\System\nMtnZfk.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\MiixtQq.exe
  C:\Windows\System\MiixtQq.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\UlMwVNo.exe
  C:\Windows\System\UlMwVNo.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\nLzaGvh.exe
  C:\Windows\System\nLzaGvh.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\lvctoNw.exe
  C:\Windows\System\lvctoNw.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\RQsXAdZ.exe
  C:\Windows\System\RQsXAdZ.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\LyFFCwh.exe
  C:\Windows\System\LyFFCwh.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\KlnZoRo.exe
  C:\Windows\System\KlnZoRo.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\EHundMA.exe
  C:\Windows\System\EHundMA.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\zqbrnqc.exe
  C:\Windows\System\zqbrnqc.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\utyTknD.exe
  C:\Windows\System\utyTknD.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\ScUpeRE.exe
  C:\Windows\System\ScUpeRE.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\qgrpdVD.exe
  C:\Windows\System\qgrpdVD.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\VRuLeBW.exe
  C:\Windows\System\VRuLeBW.exe
  2⤵
  - Executes dropped EXE
  PID:480
- C:\Windows\System\xgVSGTV.exe
  C:\Windows\System\xgVSGTV.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\GmwBuEh.exe
  C:\Windows\System\GmwBuEh.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\PZTPWBG.exe
  C:\Windows\System\PZTPWBG.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\thzONBb.exe
  C:\Windows\System\thzONBb.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\XqjMOWl.exe
  C:\Windows\System\XqjMOWl.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\epoBYgj.exe
  C:\Windows\System\epoBYgj.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\RUwsDJU.exe
  C:\Windows\System\RUwsDJU.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\PsPTfkt.exe
  C:\Windows\System\PsPTfkt.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\kQrPUIy.exe
  C:\Windows\System\kQrPUIy.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\OoDbEBZ.exe
  C:\Windows\System\OoDbEBZ.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\pjVKLdc.exe
  C:\Windows\System\pjVKLdc.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\QARULlP.exe
  C:\Windows\System\QARULlP.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\zWqAQmH.exe
  C:\Windows\System\zWqAQmH.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\qvVXyRZ.exe
  C:\Windows\System\qvVXyRZ.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\rGlFCpL.exe
  C:\Windows\System\rGlFCpL.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\ZnLeNDv.exe
  C:\Windows\System\ZnLeNDv.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\MYXzhlr.exe
  C:\Windows\System\MYXzhlr.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\QLCgErN.exe
  C:\Windows\System\QLCgErN.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\ifcEFoT.exe
  C:\Windows\System\ifcEFoT.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\GXtafHQ.exe
  C:\Windows\System\GXtafHQ.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\rYfKYxU.exe
  C:\Windows\System\rYfKYxU.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\kHAcCWA.exe
  C:\Windows\System\kHAcCWA.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\BuRrLQz.exe
  C:\Windows\System\BuRrLQz.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\ftsSVRJ.exe
  C:\Windows\System\ftsSVRJ.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\pvpBHfK.exe
  C:\Windows\System\pvpBHfK.exe
  2⤵
  PID:300
- C:\Windows\System\MjoMtkf.exe
  C:\Windows\System\MjoMtkf.exe
  2⤵
  PID:2632
- C:\Windows\System\YERKUve.exe
  C:\Windows\System\YERKUve.exe
  2⤵
  PID:2440
- C:\Windows\System\moKQmVL.exe
  C:\Windows\System\moKQmVL.exe
  2⤵
  PID:1564
- C:\Windows\System\FwoiRqP.exe
  C:\Windows\System\FwoiRqP.exe
  2⤵
  PID:2516
- C:\Windows\System\cQqRLUh.exe
  C:\Windows\System\cQqRLUh.exe
  2⤵
  PID:2156
- C:\Windows\System\sdiiRWS.exe
  C:\Windows\System\sdiiRWS.exe
  2⤵
  PID:1396
- C:\Windows\System\bXqMDge.exe
  C:\Windows\System\bXqMDge.exe
  2⤵
  PID:828
- C:\Windows\System\LJYKmyX.exe
  C:\Windows\System\LJYKmyX.exe
  2⤵
  PID:888
- C:\Windows\System\wnyEJME.exe
  C:\Windows\System\wnyEJME.exe
  2⤵
  PID:1536
- C:\Windows\System\NdhnJBX.exe
  C:\Windows\System\NdhnJBX.exe
  2⤵
  PID:2008
- C:\Windows\System\inJwdza.exe
  C:\Windows\System\inJwdza.exe
  2⤵
  PID:1712
- C:\Windows\System\yAQtpdm.exe
  C:\Windows\System\yAQtpdm.exe
  2⤵
  PID:896
- C:\Windows\System\ltHJCDG.exe
  C:\Windows\System\ltHJCDG.exe
  2⤵
  PID:2432
- C:\Windows\System\jlitPuj.exe
  C:\Windows\System\jlitPuj.exe
  2⤵
  PID:2448
- C:\Windows\System\MNUeIoI.exe
  C:\Windows\System\MNUeIoI.exe
  2⤵
  PID:2948
- C:\Windows\System\kGsNmvm.exe
  C:\Windows\System\kGsNmvm.exe
  2⤵
  PID:2544
- C:\Windows\System\GKMNCnK.exe
  C:\Windows\System\GKMNCnK.exe
  2⤵
  PID:1188
- C:\Windows\System\fhERpFF.exe
  C:\Windows\System\fhERpFF.exe
  2⤵
  PID:1544
- C:\Windows\System\NIiBAyq.exe
  C:\Windows\System\NIiBAyq.exe
  2⤵
  PID:832
- C:\Windows\System\INBxYQp.exe
  C:\Windows\System\INBxYQp.exe
  2⤵
  PID:940
- C:\Windows\System\ElQuMch.exe
  C:\Windows\System\ElQuMch.exe
  2⤵
  PID:2092
- C:\Windows\System\QZoleKc.exe
  C:\Windows\System\QZoleKc.exe
  2⤵
  PID:1900
- C:\Windows\System\osSSfSE.exe
  C:\Windows\System\osSSfSE.exe
  2⤵
  PID:2792
- C:\Windows\System\IdvYjTI.exe
  C:\Windows\System\IdvYjTI.exe
  2⤵
  PID:2832
- C:\Windows\System\hQrVupp.exe
  C:\Windows\System\hQrVupp.exe
  2⤵
  PID:3040
- C:\Windows\System\qWWKLSi.exe
  C:\Windows\System\qWWKLSi.exe
  2⤵
  PID:1864
- C:\Windows\System\VkLoRLy.exe
  C:\Windows\System\VkLoRLy.exe
  2⤵
  PID:1012
- C:\Windows\System\sXqSsVG.exe
  C:\Windows\System\sXqSsVG.exe
  2⤵
  PID:2900
- C:\Windows\System\bQmuMik.exe
  C:\Windows\System\bQmuMik.exe
  2⤵
  PID:492
- C:\Windows\System\HYoigWh.exe
  C:\Windows\System\HYoigWh.exe
  2⤵
  PID:3088
- C:\Windows\System\mOVgZUX.exe
  C:\Windows\System\mOVgZUX.exe
  2⤵
  PID:3108
- C:\Windows\System\vjUnbEP.exe
  C:\Windows\System\vjUnbEP.exe
  2⤵
  PID:3128
- C:\Windows\System\iCpKGOi.exe
  C:\Windows\System\iCpKGOi.exe
  2⤵
  PID:3148
- C:\Windows\System\UnDQwjg.exe
  C:\Windows\System\UnDQwjg.exe
  2⤵
  PID:3168
- C:\Windows\System\cBPvgyF.exe
  C:\Windows\System\cBPvgyF.exe
  2⤵
  PID:3188
- C:\Windows\System\uDAktIs.exe
  C:\Windows\System\uDAktIs.exe
  2⤵
  PID:3208
- C:\Windows\System\QvHHDQK.exe
  C:\Windows\System\QvHHDQK.exe
  2⤵
  PID:3228
- C:\Windows\System\PELTszj.exe
  C:\Windows\System\PELTszj.exe
  2⤵
  PID:3248
- C:\Windows\System\zMjGdyf.exe
  C:\Windows\System\zMjGdyf.exe
  2⤵
  PID:3268
- C:\Windows\System\tbihbck.exe
  C:\Windows\System\tbihbck.exe
  2⤵
  PID:3288
- C:\Windows\System\MkPMNqb.exe
  C:\Windows\System\MkPMNqb.exe
  2⤵
  PID:3308
- C:\Windows\System\ChGKQRW.exe
  C:\Windows\System\ChGKQRW.exe
  2⤵
  PID:3328
- C:\Windows\System\UibHwGK.exe
  C:\Windows\System\UibHwGK.exe
  2⤵
  PID:3348
- C:\Windows\System\VQjmTdC.exe
  C:\Windows\System\VQjmTdC.exe
  2⤵
  PID:3372
- C:\Windows\System\BeJnBgR.exe
  C:\Windows\System\BeJnBgR.exe
  2⤵
  PID:3392
- C:\Windows\System\CLpJNGH.exe
  C:\Windows\System\CLpJNGH.exe
  2⤵
  PID:3412
- C:\Windows\System\RNUGbGc.exe
  C:\Windows\System\RNUGbGc.exe
  2⤵
  PID:3432
- C:\Windows\System\UldHxXT.exe
  C:\Windows\System\UldHxXT.exe
  2⤵
  PID:3452
- C:\Windows\System\nkVdvnM.exe
  C:\Windows\System\nkVdvnM.exe
  2⤵
  PID:3472
- C:\Windows\System\svMuhgD.exe
  C:\Windows\System\svMuhgD.exe
  2⤵
  PID:3496
- C:\Windows\System\zZCJTaO.exe
  C:\Windows\System\zZCJTaO.exe
  2⤵
  PID:3516
- C:\Windows\System\niDoknY.exe
  C:\Windows\System\niDoknY.exe
  2⤵
  PID:3536
- C:\Windows\System\AvYnsfb.exe
  C:\Windows\System\AvYnsfb.exe
  2⤵
  PID:3560
- C:\Windows\System\BLeHDOs.exe
  C:\Windows\System\BLeHDOs.exe
  2⤵
  PID:3580
- C:\Windows\System\XcUiIpY.exe
  C:\Windows\System\XcUiIpY.exe
  2⤵
  PID:3600
- C:\Windows\System\CUhaguy.exe
  C:\Windows\System\CUhaguy.exe
  2⤵
  PID:3620
- C:\Windows\System\UtVCaXU.exe
  C:\Windows\System\UtVCaXU.exe
  2⤵
  PID:3640
- C:\Windows\System\XfXNpVF.exe
  C:\Windows\System\XfXNpVF.exe
  2⤵
  PID:3660
- C:\Windows\System\LhJWwLk.exe
  C:\Windows\System\LhJWwLk.exe
  2⤵
  PID:3680
- C:\Windows\System\uxuBSut.exe
  C:\Windows\System\uxuBSut.exe
  2⤵
  PID:3700
- C:\Windows\System\nUpBtWK.exe
  C:\Windows\System\nUpBtWK.exe
  2⤵
  PID:3720
- C:\Windows\System\FmlfacW.exe
  C:\Windows\System\FmlfacW.exe
  2⤵
  PID:3740
- C:\Windows\System\EEMhcTH.exe
  C:\Windows\System\EEMhcTH.exe
  2⤵
  PID:3760
- C:\Windows\System\bPhCqXO.exe
  C:\Windows\System\bPhCqXO.exe
  2⤵
  PID:3780
- C:\Windows\System\IXENLtk.exe
  C:\Windows\System\IXENLtk.exe
  2⤵
  PID:3800
- C:\Windows\System\vTMPbfN.exe
  C:\Windows\System\vTMPbfN.exe
  2⤵
  PID:3820
- C:\Windows\System\VCGjOpW.exe
  C:\Windows\System\VCGjOpW.exe
  2⤵
  PID:3840
- C:\Windows\System\CMiFPZU.exe
  C:\Windows\System\CMiFPZU.exe
  2⤵
  PID:3860
- C:\Windows\System\sKKynft.exe
  C:\Windows\System\sKKynft.exe
  2⤵
  PID:3880
- C:\Windows\System\dZhZuhi.exe
  C:\Windows\System\dZhZuhi.exe
  2⤵
  PID:3900
- C:\Windows\System\UBBTNRd.exe
  C:\Windows\System\UBBTNRd.exe
  2⤵
  PID:3920
- C:\Windows\System\IEwagdZ.exe
  C:\Windows\System\IEwagdZ.exe
  2⤵
  PID:3940
- C:\Windows\System\jbwmOIG.exe
  C:\Windows\System\jbwmOIG.exe
  2⤵
  PID:3960
- C:\Windows\System\NuAstrE.exe
  C:\Windows\System\NuAstrE.exe
  2⤵
  PID:3980
- C:\Windows\System\lwHOmmN.exe
  C:\Windows\System\lwHOmmN.exe
  2⤵
  PID:4000
- C:\Windows\System\DehSuRl.exe
  C:\Windows\System\DehSuRl.exe
  2⤵
  PID:4020
- C:\Windows\System\AGCDstT.exe
  C:\Windows\System\AGCDstT.exe
  2⤵
  PID:4040
- C:\Windows\System\luMFZKr.exe
  C:\Windows\System\luMFZKr.exe
  2⤵
  PID:4060
- C:\Windows\System\vkwXRxU.exe
  C:\Windows\System\vkwXRxU.exe
  2⤵
  PID:4080
- C:\Windows\System\NqbtVOJ.exe
  C:\Windows\System\NqbtVOJ.exe
  2⤵
  PID:2908
- C:\Windows\System\SRPTxGX.exe
  C:\Windows\System\SRPTxGX.exe
  2⤵
  PID:444
- C:\Windows\System\VVQxbUu.exe
  C:\Windows\System\VVQxbUu.exe
  2⤵
  PID:404
- C:\Windows\System\iADJDOa.exe
  C:\Windows\System\iADJDOa.exe
  2⤵
  PID:2456
- C:\Windows\System\hTxEhTG.exe
  C:\Windows\System\hTxEhTG.exe
  2⤵
  PID:1936
- C:\Windows\System\xPHxxKs.exe
  C:\Windows\System\xPHxxKs.exe
  2⤵
  PID:1748
- C:\Windows\System\uSfoUhs.exe
  C:\Windows\System\uSfoUhs.exe
  2⤵
  PID:1580
- C:\Windows\System\ZJdfOIP.exe
  C:\Windows\System\ZJdfOIP.exe
  2⤵
  PID:2292
- C:\Windows\System\tdjcHGK.exe
  C:\Windows\System\tdjcHGK.exe
  2⤵
  PID:2508
- C:\Windows\System\xnShRfo.exe
  C:\Windows\System\xnShRfo.exe
  2⤵
  PID:1420
- C:\Windows\System\XvdRwWY.exe
  C:\Windows\System\XvdRwWY.exe
  2⤵
  PID:1568
- C:\Windows\System\BaaCHiV.exe
  C:\Windows\System\BaaCHiV.exe
  2⤵
  PID:3020
- C:\Windows\System\pAPBjyF.exe
  C:\Windows\System\pAPBjyF.exe
  2⤵
  PID:2716
- C:\Windows\System\yqBwgXa.exe
  C:\Windows\System\yqBwgXa.exe
  2⤵
  PID:2636
- C:\Windows\System\BaQJaJR.exe
  C:\Windows\System\BaQJaJR.exe
  2⤵
  PID:1304
- C:\Windows\System\MXgyOVB.exe
  C:\Windows\System\MXgyOVB.exe
  2⤵
  PID:2916
- C:\Windows\System\CmYrQHk.exe
  C:\Windows\System\CmYrQHk.exe
  2⤵
  PID:3080
- C:\Windows\System\luuoIAy.exe
  C:\Windows\System\luuoIAy.exe
  2⤵
  PID:3100
- C:\Windows\System\CFHCSnZ.exe
  C:\Windows\System\CFHCSnZ.exe
  2⤵
  PID:3164
- C:\Windows\System\huDRDRR.exe
  C:\Windows\System\huDRDRR.exe
  2⤵
  PID:3196
- C:\Windows\System\ohpVsha.exe
  C:\Windows\System\ohpVsha.exe
  2⤵
  PID:3224
- C:\Windows\System\bEvOSnS.exe
  C:\Windows\System\bEvOSnS.exe
  2⤵
  PID:3256
- C:\Windows\System\RkdQFwK.exe
  C:\Windows\System\RkdQFwK.exe
  2⤵
  PID:3280
- C:\Windows\System\yWPiHPx.exe
  C:\Windows\System\yWPiHPx.exe
  2⤵
  PID:3320
- C:\Windows\System\SzNimsV.exe
  C:\Windows\System\SzNimsV.exe
  2⤵
  PID:3368
- C:\Windows\System\fVUoYMV.exe
  C:\Windows\System\fVUoYMV.exe
  2⤵
  PID:3408
- C:\Windows\System\TwMZVBc.exe
  C:\Windows\System\TwMZVBc.exe
  2⤵
  PID:3440
- C:\Windows\System\EcDNWqE.exe
  C:\Windows\System\EcDNWqE.exe
  2⤵
  PID:3480
- C:\Windows\System\lxtvlGn.exe
  C:\Windows\System\lxtvlGn.exe
  2⤵
  PID:3504
- C:\Windows\System\zfyiUst.exe
  C:\Windows\System\zfyiUst.exe
  2⤵
  PID:3528
- C:\Windows\System\CDnkBSc.exe
  C:\Windows\System\CDnkBSc.exe
  2⤵
  PID:3552
- C:\Windows\System\ddQyhdg.exe
  C:\Windows\System\ddQyhdg.exe
  2⤵
  PID:3596
- C:\Windows\System\HjwObxk.exe
  C:\Windows\System\HjwObxk.exe
  2⤵
  PID:3632
- C:\Windows\System\SfyTimv.exe
  C:\Windows\System\SfyTimv.exe
  2⤵
  PID:3676
- C:\Windows\System\QKhXLby.exe
  C:\Windows\System\QKhXLby.exe
  2⤵
  PID:3708
- C:\Windows\System\usIYMqn.exe
  C:\Windows\System\usIYMqn.exe
  2⤵
  PID:3732
- C:\Windows\System\Mintclh.exe
  C:\Windows\System\Mintclh.exe
  2⤵
  PID:3752
- C:\Windows\System\acvVXJz.exe
  C:\Windows\System\acvVXJz.exe
  2⤵
  PID:3792
- C:\Windows\System\wtzPZLw.exe
  C:\Windows\System\wtzPZLw.exe
  2⤵
  PID:3836
- C:\Windows\System\vBEXvTG.exe
  C:\Windows\System\vBEXvTG.exe
  2⤵
  PID:3888
- C:\Windows\System\PpnuwiM.exe
  C:\Windows\System\PpnuwiM.exe
  2⤵
  PID:3876
- C:\Windows\System\ESPvPbj.exe
  C:\Windows\System\ESPvPbj.exe
  2⤵
  PID:3912
- C:\Windows\System\oCyCEMU.exe
  C:\Windows\System\oCyCEMU.exe
  2⤵
  PID:3952
- C:\Windows\System\vEpInHT.exe
  C:\Windows\System\vEpInHT.exe
  2⤵
  PID:4008
- C:\Windows\System\WKcnpsO.exe
  C:\Windows\System\WKcnpsO.exe
  2⤵
  PID:4048
- C:\Windows\System\aXCglhz.exe
  C:\Windows\System\aXCglhz.exe
  2⤵
  PID:4088
- C:\Windows\System\JWqhOcL.exe
  C:\Windows\System\JWqhOcL.exe
  2⤵
  PID:2172
- C:\Windows\System\jWntjnq.exe
  C:\Windows\System\jWntjnq.exe
  2⤵
  PID:1244
- C:\Windows\System\QEiGKOg.exe
  C:\Windows\System\QEiGKOg.exe
  2⤵
  PID:1272
- C:\Windows\System\JvWutEK.exe
  C:\Windows\System\JvWutEK.exe
  2⤵
  PID:1940
- C:\Windows\System\EBNoqgl.exe
  C:\Windows\System\EBNoqgl.exe
  2⤵
  PID:864
- C:\Windows\System\YRCkvkv.exe
  C:\Windows\System\YRCkvkv.exe
  2⤵
  PID:1496
- C:\Windows\System\hPHgotC.exe
  C:\Windows\System\hPHgotC.exe
  2⤵
  PID:2392
- C:\Windows\System\wBewAdX.exe
  C:\Windows\System\wBewAdX.exe
  2⤵
  PID:2620
- C:\Windows\System\KKRXXcY.exe
  C:\Windows\System\KKRXXcY.exe
  2⤵
  PID:3048
- C:\Windows\System\yjyXjrN.exe
  C:\Windows\System\yjyXjrN.exe
  2⤵
  PID:3084
- C:\Windows\System\UhVVUrd.exe
  C:\Windows\System\UhVVUrd.exe
  2⤵
  PID:3136
- C:\Windows\System\zKVfblk.exe
  C:\Windows\System\zKVfblk.exe
  2⤵
  PID:3180
- C:\Windows\System\SbBZcWW.exe
  C:\Windows\System\SbBZcWW.exe
  2⤵
  PID:3240
- C:\Windows\System\YmJtgfq.exe
  C:\Windows\System\YmJtgfq.exe
  2⤵
  PID:3324
- C:\Windows\System\OHIEzOQ.exe
  C:\Windows\System\OHIEzOQ.exe
  2⤵
  PID:3340
- C:\Windows\System\NgeIohP.exe
  C:\Windows\System\NgeIohP.exe
  2⤵
  PID:3428
- C:\Windows\System\bhKksqu.exe
  C:\Windows\System\bhKksqu.exe
  2⤵
  PID:3444
- C:\Windows\System\DuEtWHc.exe
  C:\Windows\System\DuEtWHc.exe
  2⤵
  PID:3524
- C:\Windows\System\aHmTCzz.exe
  C:\Windows\System\aHmTCzz.exe
  2⤵
  PID:3532
- C:\Windows\System\soxVQxF.exe
  C:\Windows\System\soxVQxF.exe
  2⤵
  PID:3616
- C:\Windows\System\cXLiQtL.exe
  C:\Windows\System\cXLiQtL.exe
  2⤵
  PID:3304
- C:\Windows\System\bNxyfeh.exe
  C:\Windows\System\bNxyfeh.exe
  2⤵
  PID:3712
- C:\Windows\System\MsMrXQo.exe
  C:\Windows\System\MsMrXQo.exe
  2⤵
  PID:3772
- C:\Windows\System\dqymjHC.exe
  C:\Windows\System\dqymjHC.exe
  2⤵
  PID:3812
- C:\Windows\System\hYjNjYH.exe
  C:\Windows\System\hYjNjYH.exe
  2⤵
  PID:3856
- C:\Windows\System\YWNwtHn.exe
  C:\Windows\System\YWNwtHn.exe
  2⤵
  PID:3948
- C:\Windows\System\SLAWUjv.exe
  C:\Windows\System\SLAWUjv.exe
  2⤵
  PID:3992
- C:\Windows\System\OOrAPjo.exe
  C:\Windows\System\OOrAPjo.exe
  2⤵
  PID:4068
- C:\Windows\System\GTPsVzD.exe
  C:\Windows\System\GTPsVzD.exe
  2⤵
  PID:2212
- C:\Windows\System\RWEtLHT.exe
  C:\Windows\System\RWEtLHT.exe
  2⤵
  PID:3028
- C:\Windows\System\oXuMFUB.exe
  C:\Windows\System\oXuMFUB.exe
  2⤵
  PID:1248
- C:\Windows\System\JCpABzK.exe
  C:\Windows\System\JCpABzK.exe
  2⤵
  PID:4112
- C:\Windows\System\zpRedwI.exe
  C:\Windows\System\zpRedwI.exe
  2⤵
  PID:4132
- C:\Windows\System\EOqPSvR.exe
  C:\Windows\System\EOqPSvR.exe
  2⤵
  PID:4152
- C:\Windows\System\FFlGsin.exe
  C:\Windows\System\FFlGsin.exe
  2⤵
  PID:4172
- C:\Windows\System\paVVRgu.exe
  C:\Windows\System\paVVRgu.exe
  2⤵
  PID:4192
- C:\Windows\System\aKxDVRf.exe
  C:\Windows\System\aKxDVRf.exe
  2⤵
  PID:4212
- C:\Windows\System\SPIlDYr.exe
  C:\Windows\System\SPIlDYr.exe
  2⤵
  PID:4232
- C:\Windows\System\sitSjYh.exe
  C:\Windows\System\sitSjYh.exe
  2⤵
  PID:4252
- C:\Windows\System\tpUEqhy.exe
  C:\Windows\System\tpUEqhy.exe
  2⤵
  PID:4272
- C:\Windows\System\KdffUxQ.exe
  C:\Windows\System\KdffUxQ.exe
  2⤵
  PID:4292
- C:\Windows\System\bTCKoFb.exe
  C:\Windows\System\bTCKoFb.exe
  2⤵
  PID:4316
- C:\Windows\System\RcMiSQl.exe
  C:\Windows\System\RcMiSQl.exe
  2⤵
  PID:4336
- C:\Windows\System\AOEfPYo.exe
  C:\Windows\System\AOEfPYo.exe
  2⤵
  PID:4356
- C:\Windows\System\lyUkWue.exe
  C:\Windows\System\lyUkWue.exe
  2⤵
  PID:4376
- C:\Windows\System\jHMqMRN.exe
  C:\Windows\System\jHMqMRN.exe
  2⤵
  PID:4396
- C:\Windows\System\qmSdqHd.exe
  C:\Windows\System\qmSdqHd.exe
  2⤵
  PID:4420
- C:\Windows\System\kJokIyc.exe
  C:\Windows\System\kJokIyc.exe
  2⤵
  PID:4440
- C:\Windows\System\RwJmXSc.exe
  C:\Windows\System\RwJmXSc.exe
  2⤵
  PID:4460
- C:\Windows\System\eJbBwyY.exe
  C:\Windows\System\eJbBwyY.exe
  2⤵
  PID:4480
- C:\Windows\System\afsrief.exe
  C:\Windows\System\afsrief.exe
  2⤵
  PID:4500
- C:\Windows\System\HxFJAPf.exe
  C:\Windows\System\HxFJAPf.exe
  2⤵
  PID:4520
- C:\Windows\System\asNTwgW.exe
  C:\Windows\System\asNTwgW.exe
  2⤵
  PID:4540
- C:\Windows\System\pLmBvJT.exe
  C:\Windows\System\pLmBvJT.exe
  2⤵
  PID:4560
- C:\Windows\System\bgSOjcu.exe
  C:\Windows\System\bgSOjcu.exe
  2⤵
  PID:4580
- C:\Windows\System\kaeSQiy.exe
  C:\Windows\System\kaeSQiy.exe
  2⤵
  PID:4600
- C:\Windows\System\tDRFBvq.exe
  C:\Windows\System\tDRFBvq.exe
  2⤵
  PID:4620
- C:\Windows\System\soSsiXw.exe
  C:\Windows\System\soSsiXw.exe
  2⤵
  PID:4640
- C:\Windows\System\IQqtSRB.exe
  C:\Windows\System\IQqtSRB.exe
  2⤵
  PID:4660
- C:\Windows\System\HncVLBf.exe
  C:\Windows\System\HncVLBf.exe
  2⤵
  PID:4680
- C:\Windows\System\ojDPzwL.exe
  C:\Windows\System\ojDPzwL.exe
  2⤵
  PID:4700
- C:\Windows\System\PcegfWs.exe
  C:\Windows\System\PcegfWs.exe
  2⤵
  PID:4720
- C:\Windows\System\MdlerHY.exe
  C:\Windows\System\MdlerHY.exe
  2⤵
  PID:4740
- C:\Windows\System\xjAxbTW.exe
  C:\Windows\System\xjAxbTW.exe
  2⤵
  PID:4760
- C:\Windows\System\NwrpYWz.exe
  C:\Windows\System\NwrpYWz.exe
  2⤵
  PID:4780
- C:\Windows\System\wEwJBvt.exe
  C:\Windows\System\wEwJBvt.exe
  2⤵
  PID:4800
- C:\Windows\System\VVbTNkM.exe
  C:\Windows\System\VVbTNkM.exe
  2⤵
  PID:4820
- C:\Windows\System\QGPgWgo.exe
  C:\Windows\System\QGPgWgo.exe
  2⤵
  PID:4840
- C:\Windows\System\HmJKMuh.exe
  C:\Windows\System\HmJKMuh.exe
  2⤵
  PID:4860
- C:\Windows\System\WtocTWr.exe
  C:\Windows\System\WtocTWr.exe
  2⤵
  PID:4880
- C:\Windows\System\CGOPdaR.exe
  C:\Windows\System\CGOPdaR.exe
  2⤵
  PID:4900
- C:\Windows\System\cJnZATD.exe
  C:\Windows\System\cJnZATD.exe
  2⤵
  PID:4920
- C:\Windows\System\rQxHzql.exe
  C:\Windows\System\rQxHzql.exe
  2⤵
  PID:4940
- C:\Windows\System\SHebwGd.exe
  C:\Windows\System\SHebwGd.exe
  2⤵
  PID:4960
- C:\Windows\System\XXCldgI.exe
  C:\Windows\System\XXCldgI.exe
  2⤵
  PID:4980
- C:\Windows\System\NgEdbzE.exe
  C:\Windows\System\NgEdbzE.exe
  2⤵
  PID:5000
- C:\Windows\System\ZqNSHOc.exe
  C:\Windows\System\ZqNSHOc.exe
  2⤵
  PID:5024
- C:\Windows\System\LiATrkG.exe
  C:\Windows\System\LiATrkG.exe
  2⤵
  PID:5044
- C:\Windows\System\mrfiwUM.exe
  C:\Windows\System\mrfiwUM.exe
  2⤵
  PID:5064
- C:\Windows\System\bvibpVR.exe
  C:\Windows\System\bvibpVR.exe
  2⤵
  PID:5084
- C:\Windows\System\xFQgEFT.exe
  C:\Windows\System\xFQgEFT.exe
  2⤵
  PID:5108
- C:\Windows\System\hDFvmmQ.exe
  C:\Windows\System\hDFvmmQ.exe
  2⤵
  PID:2104
- C:\Windows\System\XpOXsoD.exe
  C:\Windows\System\XpOXsoD.exe
  2⤵
  PID:2616
- C:\Windows\System\DyhIejT.exe
  C:\Windows\System\DyhIejT.exe
  2⤵
  PID:1584
- C:\Windows\System\NFYKZWG.exe
  C:\Windows\System\NFYKZWG.exe
  2⤵
  PID:2412
- C:\Windows\System\MfTWcga.exe
  C:\Windows\System\MfTWcga.exe
  2⤵
  PID:3160
- C:\Windows\System\QYCzgRe.exe
  C:\Windows\System\QYCzgRe.exe
  2⤵
  PID:3356
- C:\Windows\System\JzvBCoe.exe
  C:\Windows\System\JzvBCoe.exe
  2⤵
  PID:3460
- C:\Windows\System\yLrIUOE.exe
  C:\Windows\System\yLrIUOE.exe
  2⤵
  PID:3484
- C:\Windows\System\oJJFbAU.exe
  C:\Windows\System\oJJFbAU.exe
  2⤵
  PID:3576
- C:\Windows\System\XCGyyUj.exe
  C:\Windows\System\XCGyyUj.exe
  2⤵
  PID:3652
- C:\Windows\System\ZAzsGrI.exe
  C:\Windows\System\ZAzsGrI.exe
  2⤵
  PID:3756
- C:\Windows\System\SKXECBb.exe
  C:\Windows\System\SKXECBb.exe
  2⤵
  PID:3788
- C:\Windows\System\ErMiUTc.exe
  C:\Windows\System\ErMiUTc.exe
  2⤵
  PID:3868
- C:\Windows\System\xaUrivt.exe
  C:\Windows\System\xaUrivt.exe
  2⤵
  PID:4036
- C:\Windows\System\bmdjvnV.exe
  C:\Windows\System\bmdjvnV.exe
  2⤵
  PID:4028
- C:\Windows\System\JWvxyaB.exe
  C:\Windows\System\JWvxyaB.exe
  2⤵
  PID:744
- C:\Windows\System\qZjdDzM.exe
  C:\Windows\System\qZjdDzM.exe
  2⤵
  PID:4128
- C:\Windows\System\wFKWlPN.exe
  C:\Windows\System\wFKWlPN.exe
  2⤵
  PID:4160
- C:\Windows\System\CwvqWIW.exe
  C:\Windows\System\CwvqWIW.exe
  2⤵
  PID:4200
- C:\Windows\System\ffSsvwi.exe
  C:\Windows\System\ffSsvwi.exe
  2⤵
  PID:4220
- C:\Windows\System\qSagBJR.exe
  C:\Windows\System\qSagBJR.exe
  2⤵
  PID:4244
- C:\Windows\System\mysbCoo.exe
  C:\Windows\System\mysbCoo.exe
  2⤵
  PID:4288
- C:\Windows\System\WIdINmY.exe
  C:\Windows\System\WIdINmY.exe
  2⤵
  PID:4324
- C:\Windows\System\mMBPYkQ.exe
  C:\Windows\System\mMBPYkQ.exe
  2⤵
  PID:4344
- C:\Windows\System\hnXiGFp.exe
  C:\Windows\System\hnXiGFp.exe
  2⤵
  PID:4368
- C:\Windows\System\VuAfUfc.exe
  C:\Windows\System\VuAfUfc.exe
  2⤵
  PID:4404
- C:\Windows\System\PKPfdEX.exe
  C:\Windows\System\PKPfdEX.exe
  2⤵
  PID:4448
- C:\Windows\System\RvzTPpl.exe
  C:\Windows\System\RvzTPpl.exe
  2⤵
  PID:4476
- C:\Windows\System\ZrGtZfo.exe
  C:\Windows\System\ZrGtZfo.exe
  2⤵
  PID:4508
- C:\Windows\System\xqmPyCb.exe
  C:\Windows\System\xqmPyCb.exe
  2⤵
  PID:4532
- C:\Windows\System\GNrsuzS.exe
  C:\Windows\System\GNrsuzS.exe
  2⤵
  PID:4576
- C:\Windows\System\hfEiusj.exe
  C:\Windows\System\hfEiusj.exe
  2⤵
  PID:4592
- C:\Windows\System\pIAhCXN.exe
  C:\Windows\System\pIAhCXN.exe
  2⤵
  PID:4636
- C:\Windows\System\NQNmoqw.exe
  C:\Windows\System\NQNmoqw.exe
  2⤵
  PID:4676
- C:\Windows\System\xKSsuwM.exe
  C:\Windows\System\xKSsuwM.exe
  2⤵
  PID:2968
- C:\Windows\System\CusElqm.exe
  C:\Windows\System\CusElqm.exe
  2⤵
  PID:4712
- C:\Windows\System\rkRcXPq.exe
  C:\Windows\System\rkRcXPq.exe
  2⤵
  PID:4752
- C:\Windows\System\AWHsGEt.exe
  C:\Windows\System\AWHsGEt.exe
  2⤵
  PID:4808
- C:\Windows\System\OZzsSSY.exe
  C:\Windows\System\OZzsSSY.exe
  2⤵
  PID:4836
- C:\Windows\System\HXMqXbW.exe
  C:\Windows\System\HXMqXbW.exe
  2⤵
  PID:4868
- C:\Windows\System\fvzJkgj.exe
  C:\Windows\System\fvzJkgj.exe
  2⤵
  PID:4892
- C:\Windows\System\obOCdUU.exe
  C:\Windows\System\obOCdUU.exe
  2⤵
  PID:4936
- C:\Windows\System\zyrXfoA.exe
  C:\Windows\System\zyrXfoA.exe
  2⤵
  PID:4976
- C:\Windows\System\lUfROJn.exe
  C:\Windows\System\lUfROJn.exe
  2⤵
  PID:4992
- C:\Windows\System\iZUjNXs.exe
  C:\Windows\System\iZUjNXs.exe
  2⤵
  PID:5052
- C:\Windows\System\jLQRYSP.exe
  C:\Windows\System\jLQRYSP.exe
  2⤵
  PID:5080
- C:\Windows\System\LTblWMJ.exe
  C:\Windows\System\LTblWMJ.exe
  2⤵
  PID:5096
- C:\Windows\System\wPVzQPF.exe
  C:\Windows\System\wPVzQPF.exe
  2⤵
  PID:2096
- C:\Windows\System\agYszlm.exe
  C:\Windows\System\agYszlm.exe
  2⤵
  PID:2756
- C:\Windows\System\NQYLURI.exe
  C:\Windows\System\NQYLURI.exe
  2⤵
  PID:3296
- C:\Windows\System\wAyZPBH.exe
  C:\Windows\System\wAyZPBH.exe
  2⤵
  PID:3404
- C:\Windows\System\zefDFVl.exe
  C:\Windows\System\zefDFVl.exe
  2⤵
  PID:5016
- C:\Windows\System\dWKNrfR.exe
  C:\Windows\System\dWKNrfR.exe
  2⤵
  PID:3656
- C:\Windows\System\QDLumsN.exe
  C:\Windows\System\QDLumsN.exe
  2⤵
  PID:3728
- C:\Windows\System\vnlEBIb.exe
  C:\Windows\System\vnlEBIb.exe
  2⤵
  PID:3936
- C:\Windows\System\sHiEwXE.exe
  C:\Windows\System\sHiEwXE.exe
  2⤵
  PID:4032
- C:\Windows\System\fnIbxuS.exe
  C:\Windows\System\fnIbxuS.exe
  2⤵
  PID:4100
- C:\Windows\System\WGQooYC.exe
  C:\Windows\System\WGQooYC.exe
  2⤵
  PID:4120
- C:\Windows\System\QqCvcHH.exe
  C:\Windows\System\QqCvcHH.exe
  2⤵
  PID:4204
- C:\Windows\System\SlLQpvT.exe
  C:\Windows\System\SlLQpvT.exe
  2⤵
  PID:4248
- C:\Windows\System\xWEHxvU.exe
  C:\Windows\System\xWEHxvU.exe
  2⤵
  PID:4284
- C:\Windows\System\nWHcIoV.exe
  C:\Windows\System\nWHcIoV.exe
  2⤵
  PID:2740
- C:\Windows\System\ozHwEIS.exe
  C:\Windows\System\ozHwEIS.exe
  2⤵
  PID:4392
- C:\Windows\System\iSHHiLH.exe
  C:\Windows\System\iSHHiLH.exe
  2⤵
  PID:4468
- C:\Windows\System\BTepeuy.exe
  C:\Windows\System\BTepeuy.exe
  2⤵
  PID:4512
- C:\Windows\System\ggTdxQq.exe
  C:\Windows\System\ggTdxQq.exe
  2⤵
  PID:4556
- C:\Windows\System\UDASINC.exe
  C:\Windows\System\UDASINC.exe
  2⤵
  PID:4668
- C:\Windows\System\kWwbepA.exe
  C:\Windows\System\kWwbepA.exe
  2⤵
  PID:4728
- C:\Windows\System\kXCwbmf.exe
  C:\Windows\System\kXCwbmf.exe
  2⤵
  PID:4736
- C:\Windows\System\NfLekoo.exe
  C:\Windows\System\NfLekoo.exe
  2⤵
  PID:4796
- C:\Windows\System\IgnqwDF.exe
  C:\Windows\System\IgnqwDF.exe
  2⤵
  PID:4856
- C:\Windows\System\oQsRnSU.exe
  C:\Windows\System\oQsRnSU.exe
  2⤵
  PID:4912
- C:\Windows\System\pPbWlRp.exe
  C:\Windows\System\pPbWlRp.exe
  2⤵
  PID:2700
- C:\Windows\System\resUScm.exe
  C:\Windows\System\resUScm.exe
  2⤵
  PID:5040
- C:\Windows\System\SRpEYFt.exe
  C:\Windows\System\SRpEYFt.exe
  2⤵
  PID:5032
- C:\Windows\System\oRCfPJv.exe
  C:\Windows\System\oRCfPJv.exe
  2⤵
  PID:2736
- C:\Windows\System\YUseSXn.exe
  C:\Windows\System\YUseSXn.exe
  2⤵
  PID:3144
- C:\Windows\System\nooGEAe.exe
  C:\Windows\System\nooGEAe.exe
  2⤵
  PID:3344
- C:\Windows\System\pHqLoiy.exe
  C:\Windows\System\pHqLoiy.exe
  2⤵
  PID:2944
- C:\Windows\System\unWDlng.exe
  C:\Windows\System\unWDlng.exe
  2⤵
  PID:3796
- C:\Windows\System\VMGzqnZ.exe
  C:\Windows\System\VMGzqnZ.exe
  2⤵
  PID:3972
- C:\Windows\System\CnwVTod.exe
  C:\Windows\System\CnwVTod.exe
  2⤵
  PID:2972
- C:\Windows\System\qSgAXpj.exe
  C:\Windows\System\qSgAXpj.exe
  2⤵
  PID:4228
- C:\Windows\System\auCiMXB.exe
  C:\Windows\System\auCiMXB.exe
  2⤵
  PID:4332
- C:\Windows\System\myIYBmA.exe
  C:\Windows\System\myIYBmA.exe
  2⤵
  PID:4388
- C:\Windows\System\hBdFNZs.exe
  C:\Windows\System\hBdFNZs.exe
  2⤵
  PID:5140
- C:\Windows\System\sAzGArE.exe
  C:\Windows\System\sAzGArE.exe
  2⤵
  PID:5160
- C:\Windows\System\XUQmibe.exe
  C:\Windows\System\XUQmibe.exe
  2⤵
  PID:5180
- C:\Windows\System\ymWOTKZ.exe
  C:\Windows\System\ymWOTKZ.exe
  2⤵
  PID:5200
- C:\Windows\System\YdEPcUh.exe
  C:\Windows\System\YdEPcUh.exe
  2⤵
  PID:5220
- C:\Windows\System\nYULvGn.exe
  C:\Windows\System\nYULvGn.exe
  2⤵
  PID:5244
- C:\Windows\System\afFzTFg.exe
  C:\Windows\System\afFzTFg.exe
  2⤵
  PID:5264
- C:\Windows\System\nYEGXUC.exe
  C:\Windows\System\nYEGXUC.exe
  2⤵
  PID:5284
- C:\Windows\System\hkslrOe.exe
  C:\Windows\System\hkslrOe.exe
  2⤵
  PID:5304
- C:\Windows\System\WSWSmUK.exe
  C:\Windows\System\WSWSmUK.exe
  2⤵
  PID:5324
- C:\Windows\System\YzjkHyU.exe
  C:\Windows\System\YzjkHyU.exe
  2⤵
  PID:5344
- C:\Windows\System\VuIhTaz.exe
  C:\Windows\System\VuIhTaz.exe
  2⤵
  PID:5364
- C:\Windows\System\TRSzHOg.exe
  C:\Windows\System\TRSzHOg.exe
  2⤵
  PID:5384
- C:\Windows\System\cDzTrnt.exe
  C:\Windows\System\cDzTrnt.exe
  2⤵
  PID:5404
- C:\Windows\System\XCRsVBw.exe
  C:\Windows\System\XCRsVBw.exe
  2⤵
  PID:5424
- C:\Windows\System\dyYpBVY.exe
  C:\Windows\System\dyYpBVY.exe
  2⤵
  PID:5444
- C:\Windows\System\TPKVYFM.exe
  C:\Windows\System\TPKVYFM.exe
  2⤵
  PID:5464
- C:\Windows\System\PhYgjRU.exe
  C:\Windows\System\PhYgjRU.exe
  2⤵
  PID:5484
- C:\Windows\System\oEnUHNC.exe
  C:\Windows\System\oEnUHNC.exe
  2⤵
  PID:5504
- C:\Windows\System\nNaCaKi.exe
  C:\Windows\System\nNaCaKi.exe
  2⤵
  PID:5524
- C:\Windows\System\EwvGypB.exe
  C:\Windows\System\EwvGypB.exe
  2⤵
  PID:5544
- C:\Windows\System\kABwLIt.exe
  C:\Windows\System\kABwLIt.exe
  2⤵
  PID:5564
- C:\Windows\System\EkVKoPz.exe
  C:\Windows\System\EkVKoPz.exe
  2⤵
  PID:5584
- C:\Windows\System\JkygAga.exe
  C:\Windows\System\JkygAga.exe
  2⤵
  PID:5604
- C:\Windows\System\QNWQlUa.exe
  C:\Windows\System\QNWQlUa.exe
  2⤵
  PID:5624
- C:\Windows\System\BebGDAF.exe
  C:\Windows\System\BebGDAF.exe
  2⤵
  PID:5644
- C:\Windows\System\DTYUdUm.exe
  C:\Windows\System\DTYUdUm.exe
  2⤵
  PID:5664
- C:\Windows\System\OMiwMQG.exe
  C:\Windows\System\OMiwMQG.exe
  2⤵
  PID:5684
- C:\Windows\System\CEjQahO.exe
  C:\Windows\System\CEjQahO.exe
  2⤵
  PID:5704
- C:\Windows\System\vFoXDDb.exe
  C:\Windows\System\vFoXDDb.exe
  2⤵
  PID:5724
- C:\Windows\System\ZJYlzmb.exe
  C:\Windows\System\ZJYlzmb.exe
  2⤵
  PID:5744
- C:\Windows\System\GEAdyjS.exe
  C:\Windows\System\GEAdyjS.exe
  2⤵
  PID:5764
- C:\Windows\System\sYsSzgh.exe
  C:\Windows\System\sYsSzgh.exe
  2⤵
  PID:5784
- C:\Windows\System\bdvBvgZ.exe
  C:\Windows\System\bdvBvgZ.exe
  2⤵
  PID:5804
- C:\Windows\System\svMkvva.exe
  C:\Windows\System\svMkvva.exe
  2⤵
  PID:5828
- C:\Windows\System\mqVcyAQ.exe
  C:\Windows\System\mqVcyAQ.exe
  2⤵
  PID:5848
- C:\Windows\System\NqPoIMf.exe
  C:\Windows\System\NqPoIMf.exe
  2⤵
  PID:5872
- C:\Windows\System\WSaNTHs.exe
  C:\Windows\System\WSaNTHs.exe
  2⤵
  PID:5892
- C:\Windows\System\kTkpfWr.exe
  C:\Windows\System\kTkpfWr.exe
  2⤵
  PID:5912
- C:\Windows\System\ncdaACR.exe
  C:\Windows\System\ncdaACR.exe
  2⤵
  PID:5932
- C:\Windows\System\zwPKRUz.exe
  C:\Windows\System\zwPKRUz.exe
  2⤵
  PID:5952
- C:\Windows\System\thYTIaR.exe
  C:\Windows\System\thYTIaR.exe
  2⤵
  PID:5972
- C:\Windows\System\SYHAGZG.exe
  C:\Windows\System\SYHAGZG.exe
  2⤵
  PID:5992
- C:\Windows\System\mvlXJzw.exe
  C:\Windows\System\mvlXJzw.exe
  2⤵
  PID:6012
- C:\Windows\System\wAlpOzn.exe
  C:\Windows\System\wAlpOzn.exe
  2⤵
  PID:6032
- C:\Windows\System\GzCdtkC.exe
  C:\Windows\System\GzCdtkC.exe
  2⤵
  PID:6052
- C:\Windows\System\waHcmYg.exe
  C:\Windows\System\waHcmYg.exe
  2⤵
  PID:6072
- C:\Windows\System\DHyhUTp.exe
  C:\Windows\System\DHyhUTp.exe
  2⤵
  PID:6092
- C:\Windows\System\NmidFAz.exe
  C:\Windows\System\NmidFAz.exe
  2⤵
  PID:6112
- C:\Windows\System\nLhaHCr.exe
  C:\Windows\System\nLhaHCr.exe
  2⤵
  PID:6132
- C:\Windows\System\BtedjGP.exe
  C:\Windows\System\BtedjGP.exe
  2⤵
  PID:4436
- C:\Windows\System\dxwbTca.exe
  C:\Windows\System\dxwbTca.exe
  2⤵
  PID:4536
- C:\Windows\System\XMDskzL.exe
  C:\Windows\System\XMDskzL.exe
  2⤵
  PID:4652
- C:\Windows\System\tJawZTr.exe
  C:\Windows\System\tJawZTr.exe
  2⤵
  PID:4608
- C:\Windows\System\YmoLDJA.exe
  C:\Windows\System\YmoLDJA.exe
  2⤵
  PID:4812
- C:\Windows\System\zbgkDlJ.exe
  C:\Windows\System\zbgkDlJ.exe
  2⤵
  PID:4908
- C:\Windows\System\zxIxxlE.exe
  C:\Windows\System\zxIxxlE.exe
  2⤵
  PID:4928
- C:\Windows\System\viwatfa.exe
  C:\Windows\System\viwatfa.exe
  2⤵
  PID:5072
- C:\Windows\System\GhpuZPv.exe
  C:\Windows\System\GhpuZPv.exe
  2⤵
  PID:3116
- C:\Windows\System\utYZCsm.exe
  C:\Windows\System\utYZCsm.exe
  2⤵
  PID:2308
- C:\Windows\System\EBvWEYl.exe
  C:\Windows\System\EBvWEYl.exe
  2⤵
  PID:3672
- C:\Windows\System\XPnWXEB.exe
  C:\Windows\System\XPnWXEB.exe
  2⤵
  PID:3956
- C:\Windows\System\fNUcNwU.exe
  C:\Windows\System\fNUcNwU.exe
  2⤵
  PID:2132
- C:\Windows\System\ZDzLCiv.exe
  C:\Windows\System\ZDzLCiv.exe
  2⤵
  PID:5136
- C:\Windows\System\ybkeLXI.exe
  C:\Windows\System\ybkeLXI.exe
  2⤵
  PID:5168
- C:\Windows\System\ARpamOr.exe
  C:\Windows\System\ARpamOr.exe
  2⤵
  PID:5188
- C:\Windows\System\zRAvmAI.exe
  C:\Windows\System\zRAvmAI.exe
  2⤵
  PID:5212
- C:\Windows\System\TlZjvwh.exe
  C:\Windows\System\TlZjvwh.exe
  2⤵
  PID:5260
- C:\Windows\System\iihVVFk.exe
  C:\Windows\System\iihVVFk.exe
  2⤵
  PID:5300
- C:\Windows\System\FigTsxc.exe
  C:\Windows\System\FigTsxc.exe
  2⤵
  PID:5316
- C:\Windows\System\BjNqHmY.exe
  C:\Windows\System\BjNqHmY.exe
  2⤵
  PID:5380
- C:\Windows\System\VWrizRC.exe
  C:\Windows\System\VWrizRC.exe
  2⤵
  PID:5392
- C:\Windows\System\wmhzyLW.exe
  C:\Windows\System\wmhzyLW.exe
  2⤵
  PID:5416
- C:\Windows\System\HsiyTnx.exe
  C:\Windows\System\HsiyTnx.exe
  2⤵
  PID:5436
- C:\Windows\System\ifbIyLM.exe
  C:\Windows\System\ifbIyLM.exe
  2⤵
  PID:5500
- C:\Windows\System\greRNit.exe
  C:\Windows\System\greRNit.exe
  2⤵
  PID:5516
- C:\Windows\System\dEACoMH.exe
  C:\Windows\System\dEACoMH.exe
  2⤵
  PID:5560
- C:\Windows\System\yGKJRLH.exe
  C:\Windows\System\yGKJRLH.exe
  2⤵
  PID:5612
- C:\Windows\System\SGtBhyh.exe
  C:\Windows\System\SGtBhyh.exe
  2⤵
  PID:5596
- C:\Windows\System\mOYIJtg.exe
  C:\Windows\System\mOYIJtg.exe
  2⤵
  PID:5636
- C:\Windows\System\ffRzKHL.exe
  C:\Windows\System\ffRzKHL.exe
  2⤵
  PID:5672
- C:\Windows\System\AeRfIPn.exe
  C:\Windows\System\AeRfIPn.exe
  2⤵
  PID:5720
- C:\Windows\System\dDvksDM.exe
  C:\Windows\System\dDvksDM.exe
  2⤵
  PID:5752
- C:\Windows\System\VDQgPxW.exe
  C:\Windows\System\VDQgPxW.exe
  2⤵
  PID:5792
- C:\Windows\System\jqwbBey.exe
  C:\Windows\System\jqwbBey.exe
  2⤵
  PID:5816
- C:\Windows\System\gWaOniL.exe
  C:\Windows\System\gWaOniL.exe
  2⤵
  PID:5840
- C:\Windows\System\sTKcGmZ.exe
  C:\Windows\System\sTKcGmZ.exe
  2⤵
  PID:5888
- C:\Windows\System\oPxGdBP.exe
  C:\Windows\System\oPxGdBP.exe
  2⤵
  PID:5948
- C:\Windows\System\HqmMuiW.exe
  C:\Windows\System\HqmMuiW.exe
  2⤵
  PID:5968
- C:\Windows\System\KJzyWTV.exe
  C:\Windows\System\KJzyWTV.exe
  2⤵
  PID:6020
- C:\Windows\System\hsPqILG.exe
  C:\Windows\System\hsPqILG.exe
  2⤵
  PID:6024
- C:\Windows\System\sLjVOMw.exe
  C:\Windows\System\sLjVOMw.exe
  2⤵
  PID:6044
- C:\Windows\System\xOVEpEK.exe
  C:\Windows\System\xOVEpEK.exe
  2⤵
  PID:6084
- C:\Windows\System\GqkJrCz.exe
  C:\Windows\System\GqkJrCz.exe
  2⤵
  PID:6128
- C:\Windows\System\UDDnYfd.exe
  C:\Windows\System\UDDnYfd.exe
  2⤵
  PID:4492
- C:\Windows\System\kggLeyG.exe
  C:\Windows\System\kggLeyG.exe
  2⤵
  PID:4768
- C:\Windows\System\SwLVGxm.exe
  C:\Windows\System\SwLVGxm.exe
  2⤵
  PID:4772
- C:\Windows\System\xxCUbjV.exe
  C:\Windows\System\xxCUbjV.exe
  2⤵
  PID:4828
- C:\Windows\System\DtiOLqb.exe
  C:\Windows\System\DtiOLqb.exe
  2⤵
  PID:2288
- C:\Windows\System\uQdQiqS.exe
  C:\Windows\System\uQdQiqS.exe
  2⤵
  PID:3556
- C:\Windows\System\YrSvOGS.exe
  C:\Windows\System\YrSvOGS.exe
  2⤵
  PID:4148
- C:\Windows\System\UlNjPpN.exe
  C:\Windows\System\UlNjPpN.exe
  2⤵
  PID:4280
- C:\Windows\System\ooMfVNb.exe
  C:\Windows\System\ooMfVNb.exe
  2⤵
  PID:4304
- C:\Windows\System\FPqigkN.exe
  C:\Windows\System\FPqigkN.exe
  2⤵
  PID:5176
- C:\Windows\System\gGtxYBh.exe
  C:\Windows\System\gGtxYBh.exe
  2⤵
  PID:5232
- C:\Windows\System\hPKUuTr.exe
  C:\Windows\System\hPKUuTr.exe
  2⤵
  PID:5340
- C:\Windows\System\XIULPhH.exe
  C:\Windows\System\XIULPhH.exe
  2⤵
  PID:5352
- C:\Windows\System\xRjpolC.exe
  C:\Windows\System\xRjpolC.exe
  2⤵
  PID:5420
- C:\Windows\System\TSHPeBE.exe
  C:\Windows\System\TSHPeBE.exe
  2⤵
  PID:5480
- C:\Windows\System\TauIqwy.exe
  C:\Windows\System\TauIqwy.exe
  2⤵
  PID:5512
- C:\Windows\System\yRYNKxw.exe
  C:\Windows\System\yRYNKxw.exe
  2⤵
  PID:5580
- C:\Windows\System\DxWHTrS.exe
  C:\Windows\System\DxWHTrS.exe
  2⤵
  PID:5640
- C:\Windows\System\GnzVxtn.exe
  C:\Windows\System\GnzVxtn.exe
  2⤵
  PID:5676
- C:\Windows\System\BTLkjYD.exe
  C:\Windows\System\BTLkjYD.exe
  2⤵
  PID:5732
- C:\Windows\System\lcQeFhY.exe
  C:\Windows\System\lcQeFhY.exe
  2⤵
  PID:5780
- C:\Windows\System\KqDdcvF.exe
  C:\Windows\System\KqDdcvF.exe
  2⤵
  PID:5900
- C:\Windows\System\euCODmz.exe
  C:\Windows\System\euCODmz.exe
  2⤵
  PID:5940
- C:\Windows\System\RkiwXHp.exe
  C:\Windows\System\RkiwXHp.exe
  2⤵
  PID:5980
- C:\Windows\System\lzIGiXl.exe
  C:\Windows\System\lzIGiXl.exe
  2⤵
  PID:5988
- C:\Windows\System\VXtApPt.exe
  C:\Windows\System\VXtApPt.exe
  2⤵
  PID:6088
- C:\Windows\System\sSdAdEC.exe
  C:\Windows\System\sSdAdEC.exe
  2⤵
  PID:6140
- C:\Windows\System\QWCuVQV.exe
  C:\Windows\System\QWCuVQV.exe
  2⤵
  PID:4756
- C:\Windows\System\DFcAPuM.exe
  C:\Windows\System\DFcAPuM.exe
  2⤵
  PID:4916
- C:\Windows\System\AVUrpPY.exe
  C:\Windows\System\AVUrpPY.exe
  2⤵
  PID:2512
- C:\Windows\System\CpuwtXi.exe
  C:\Windows\System\CpuwtXi.exe
  2⤵
  PID:3388
- C:\Windows\System\drVkjwk.exe
  C:\Windows\System\drVkjwk.exe
  2⤵
  PID:5128
- C:\Windows\System\tTxaeDB.exe
  C:\Windows\System\tTxaeDB.exe
  2⤵
  PID:5192
- C:\Windows\System\FNqQpAf.exe
  C:\Windows\System\FNqQpAf.exe
  2⤵
  PID:5320
- C:\Windows\System\kpnctel.exe
  C:\Windows\System\kpnctel.exe
  2⤵
  PID:5476
- C:\Windows\System\NHgUZhZ.exe
  C:\Windows\System\NHgUZhZ.exe
  2⤵
  PID:5460
- C:\Windows\System\SbFurFM.exe
  C:\Windows\System\SbFurFM.exe
  2⤵
  PID:5572
- C:\Windows\System\HaWfXvJ.exe
  C:\Windows\System\HaWfXvJ.exe
  2⤵
  PID:5692
- C:\Windows\System\dUGdQNX.exe
  C:\Windows\System\dUGdQNX.exe
  2⤵
  PID:6160
- C:\Windows\System\grfHCRR.exe
  C:\Windows\System\grfHCRR.exe
  2⤵
  PID:6180
- C:\Windows\System\udEyych.exe
  C:\Windows\System\udEyych.exe
  2⤵
  PID:6200
- C:\Windows\System\mpajIAF.exe
  C:\Windows\System\mpajIAF.exe
  2⤵
  PID:6220
- C:\Windows\System\vzAeiJO.exe
  C:\Windows\System\vzAeiJO.exe
  2⤵
  PID:6240
- C:\Windows\System\HnSsSKS.exe
  C:\Windows\System\HnSsSKS.exe
  2⤵
  PID:6260
- C:\Windows\System\QBkmOnb.exe
  C:\Windows\System\QBkmOnb.exe
  2⤵
  PID:6280
- C:\Windows\System\LLHVFjc.exe
  C:\Windows\System\LLHVFjc.exe
  2⤵
  PID:6300
- C:\Windows\System\fwaomuB.exe
  C:\Windows\System\fwaomuB.exe
  2⤵
  PID:6320
- C:\Windows\System\RtvUtAq.exe
  C:\Windows\System\RtvUtAq.exe
  2⤵
  PID:6340
- C:\Windows\System\zwwapXE.exe
  C:\Windows\System\zwwapXE.exe
  2⤵
  PID:6364
- C:\Windows\System\zipGqxm.exe
  C:\Windows\System\zipGqxm.exe
  2⤵
  PID:6384
- C:\Windows\System\JGywsjf.exe
  C:\Windows\System\JGywsjf.exe
  2⤵
  PID:6404
- C:\Windows\System\QNAMYos.exe
  C:\Windows\System\QNAMYos.exe
  2⤵
  PID:6428
- C:\Windows\System\NKoraXN.exe
  C:\Windows\System\NKoraXN.exe
  2⤵
  PID:6448
- C:\Windows\System\xrtRgWf.exe
  C:\Windows\System\xrtRgWf.exe
  2⤵
  PID:6468
- C:\Windows\System\nBBaJeZ.exe
  C:\Windows\System\nBBaJeZ.exe
  2⤵
  PID:6488
- C:\Windows\System\pHhRykt.exe
  C:\Windows\System\pHhRykt.exe
  2⤵
  PID:6508
- C:\Windows\System\jWKSzeK.exe
  C:\Windows\System\jWKSzeK.exe
  2⤵
  PID:6528
- C:\Windows\System\ColTksH.exe
  C:\Windows\System\ColTksH.exe
  2⤵
  PID:6548
- C:\Windows\System\fhxnKdn.exe
  C:\Windows\System\fhxnKdn.exe
  2⤵
  PID:6568
- C:\Windows\System\PVbwqer.exe
  C:\Windows\System\PVbwqer.exe
  2⤵
  PID:6588
- C:\Windows\System\rKrbdyM.exe
  C:\Windows\System\rKrbdyM.exe
  2⤵
  PID:6608
- C:\Windows\System\HMDpahq.exe
  C:\Windows\System\HMDpahq.exe
  2⤵
  PID:6628
- C:\Windows\System\xkhutrZ.exe
  C:\Windows\System\xkhutrZ.exe
  2⤵
  PID:6648
- C:\Windows\System\gtEifaw.exe
  C:\Windows\System\gtEifaw.exe
  2⤵
  PID:6668
- C:\Windows\System\NpmpYan.exe
  C:\Windows\System\NpmpYan.exe
  2⤵
  PID:6688
- C:\Windows\System\hYPnwZI.exe
  C:\Windows\System\hYPnwZI.exe
  2⤵
  PID:6708
- C:\Windows\System\pXwlaur.exe
  C:\Windows\System\pXwlaur.exe
  2⤵
  PID:6728
- C:\Windows\System\zRVFdpk.exe
  C:\Windows\System\zRVFdpk.exe
  2⤵
  PID:6748
- C:\Windows\System\HrVyRlW.exe
  C:\Windows\System\HrVyRlW.exe
  2⤵
  PID:6768
- C:\Windows\System\cVvQuuZ.exe
  C:\Windows\System\cVvQuuZ.exe
  2⤵
  PID:6788
- C:\Windows\System\eRmUCcQ.exe
  C:\Windows\System\eRmUCcQ.exe
  2⤵
  PID:6808
- C:\Windows\System\tgTdGjq.exe
  C:\Windows\System\tgTdGjq.exe
  2⤵
  PID:6828
- C:\Windows\System\uceYyFU.exe
  C:\Windows\System\uceYyFU.exe
  2⤵
  PID:6848
- C:\Windows\System\GrngSZP.exe
  C:\Windows\System\GrngSZP.exe
  2⤵
  PID:6868
- C:\Windows\System\CLGDIUH.exe
  C:\Windows\System\CLGDIUH.exe
  2⤵
  PID:6888
- C:\Windows\System\hTxnyzk.exe
  C:\Windows\System\hTxnyzk.exe
  2⤵
  PID:6908
- C:\Windows\System\XERQuhz.exe
  C:\Windows\System\XERQuhz.exe
  2⤵
  PID:6928
- C:\Windows\System\GfHfvRt.exe
  C:\Windows\System\GfHfvRt.exe
  2⤵
  PID:6948
- C:\Windows\System\rkxQnqC.exe
  C:\Windows\System\rkxQnqC.exe
  2⤵
  PID:6968
- C:\Windows\System\EgdXrWf.exe
  C:\Windows\System\EgdXrWf.exe
  2⤵
  PID:6988
- C:\Windows\System\dfQZijh.exe
  C:\Windows\System\dfQZijh.exe
  2⤵
  PID:7008
- C:\Windows\System\dwLQvHq.exe
  C:\Windows\System\dwLQvHq.exe
  2⤵
  PID:7028
- C:\Windows\System\wswcUHo.exe
  C:\Windows\System\wswcUHo.exe
  2⤵
  PID:7048
- C:\Windows\System\EYNjGNu.exe
  C:\Windows\System\EYNjGNu.exe
  2⤵
  PID:7068
- C:\Windows\System\Vwfqwoc.exe
  C:\Windows\System\Vwfqwoc.exe
  2⤵
  PID:7088
- C:\Windows\System\ICZaxcs.exe
  C:\Windows\System\ICZaxcs.exe
  2⤵
  PID:7108
- C:\Windows\System\hxmLUnp.exe
  C:\Windows\System\hxmLUnp.exe
  2⤵
  PID:7128
- C:\Windows\System\PPpMYwb.exe
  C:\Windows\System\PPpMYwb.exe
  2⤵
  PID:7148
- C:\Windows\System\gjXKBSU.exe
  C:\Windows\System\gjXKBSU.exe
  2⤵
  PID:5240
- C:\Windows\System\LlnyMEY.exe
  C:\Windows\System\LlnyMEY.exe
  2⤵
  PID:5756
- C:\Windows\System\vJCISAB.exe
  C:\Windows\System\vJCISAB.exe
  2⤵
  PID:5856
- C:\Windows\System\xfdJKgG.exe
  C:\Windows\System\xfdJKgG.exe
  2⤵
  PID:5960
- C:\Windows\System\LmBHSgv.exe
  C:\Windows\System\LmBHSgv.exe
  2⤵
  PID:5984
- C:\Windows\System\sxzGvjq.exe
  C:\Windows\System\sxzGvjq.exe
  2⤵
  PID:6120
- C:\Windows\System\PmqBxFD.exe
  C:\Windows\System\PmqBxFD.exe
  2⤵
  PID:4496
- C:\Windows\System\NGhKDgn.exe
  C:\Windows\System\NGhKDgn.exe
  2⤵
  PID:5100
- C:\Windows\System\lAFcLmx.exe
  C:\Windows\System\lAFcLmx.exe
  2⤵
  PID:4264
- C:\Windows\System\jIzjKCn.exe
  C:\Windows\System\jIzjKCn.exe
  2⤵
  PID:5208
- C:\Windows\System\ABIpmOX.exe
  C:\Windows\System\ABIpmOX.exe
  2⤵
  PID:5312
- C:\Windows\System\JagMdKK.exe
  C:\Windows\System\JagMdKK.exe
  2⤵
  PID:5440
- C:\Windows\System\xCqPGJq.exe
  C:\Windows\System\xCqPGJq.exe
  2⤵
  PID:6148
- C:\Windows\System\wLSsXLi.exe
  C:\Windows\System\wLSsXLi.exe
  2⤵
  PID:6176
- C:\Windows\System\TyQXgFA.exe
  C:\Windows\System\TyQXgFA.exe
  2⤵
  PID:6208
- C:\Windows\System\NXMLaWH.exe
  C:\Windows\System\NXMLaWH.exe
  2⤵
  PID:6232
- C:\Windows\System\sHqatDq.exe
  C:\Windows\System\sHqatDq.exe
  2⤵
  PID:6252
- C:\Windows\System\XqeyfDr.exe
  C:\Windows\System\XqeyfDr.exe
  2⤵
  PID:6292
- C:\Windows\System\VYqYtMv.exe
  C:\Windows\System\VYqYtMv.exe
  2⤵
  PID:6352
- C:\Windows\System\njfUTMq.exe
  C:\Windows\System\njfUTMq.exe
  2⤵
  PID:6392
- C:\Windows\System\yUeiUWQ.exe
  C:\Windows\System\yUeiUWQ.exe
  2⤵
  PID:6412
- C:\Windows\System\JSjWuhr.exe
  C:\Windows\System\JSjWuhr.exe
  2⤵
  PID:6440
- C:\Windows\System\oyJPqjp.exe
  C:\Windows\System\oyJPqjp.exe
  2⤵
  PID:6484
- C:\Windows\System\RzLDqSR.exe
  C:\Windows\System\RzLDqSR.exe
  2⤵
  PID:6516
- C:\Windows\System\hexTgpn.exe
  C:\Windows\System\hexTgpn.exe
  2⤵
  PID:6540
- C:\Windows\System\kDadNsX.exe
  C:\Windows\System\kDadNsX.exe
  2⤵
  PID:6596
- C:\Windows\System\AVJqpDE.exe
  C:\Windows\System\AVJqpDE.exe
  2⤵
  PID:6616
- C:\Windows\System\QsXaJxc.exe
  C:\Windows\System\QsXaJxc.exe
  2⤵
  PID:6644
- C:\Windows\System\ZaRMmfM.exe
  C:\Windows\System\ZaRMmfM.exe
  2⤵
  PID:6660
- C:\Windows\System\uSYvBTg.exe
  C:\Windows\System\uSYvBTg.exe
  2⤵
  PID:6716
- C:\Windows\System\RtoMbZb.exe
  C:\Windows\System\RtoMbZb.exe
  2⤵
  PID:6744
- C:\Windows\System\DHqDMTM.exe
  C:\Windows\System\DHqDMTM.exe
  2⤵
  PID:6776
- C:\Windows\System\ujwHcvN.exe
  C:\Windows\System\ujwHcvN.exe
  2⤵
  PID:6800
- C:\Windows\System\AGhmtmN.exe
  C:\Windows\System\AGhmtmN.exe
  2⤵
  PID:6824
- C:\Windows\System\ZYrXWmM.exe
  C:\Windows\System\ZYrXWmM.exe
  2⤵
  PID:6876
- C:\Windows\System\AakbEEE.exe
  C:\Windows\System\AakbEEE.exe
  2⤵
  PID:6904
- C:\Windows\System\RBoqbwt.exe
  C:\Windows\System\RBoqbwt.exe
  2⤵
  PID:6936
- C:\Windows\System\EpNFvYU.exe
  C:\Windows\System\EpNFvYU.exe
  2⤵
  PID:6960
- C:\Windows\System\ALFioAr.exe
  C:\Windows\System\ALFioAr.exe
  2⤵
  PID:7000
- C:\Windows\System\rQeNfjF.exe
  C:\Windows\System\rQeNfjF.exe
  2⤵
  PID:7044
- C:\Windows\System\khmbZqj.exe
  C:\Windows\System\khmbZqj.exe
  2⤵
  PID:7060
- C:\Windows\System\VGkhnSZ.exe
  C:\Windows\System\VGkhnSZ.exe
  2⤵
  PID:7116
- C:\Windows\System\apdddph.exe
  C:\Windows\System\apdddph.exe
  2⤵
  PID:7136
- C:\Windows\System\hbVRlai.exe
  C:\Windows\System\hbVRlai.exe
  2⤵
  PID:7160
- C:\Windows\System\izQBNqo.exe
  C:\Windows\System\izQBNqo.exe
  2⤵
  PID:5772
- C:\Windows\System\QxQRWOV.exe
  C:\Windows\System\QxQRWOV.exe
  2⤵
  PID:6008
- C:\Windows\System\LYunfso.exe
  C:\Windows\System\LYunfso.exe
  2⤵
  PID:4428
- C:\Windows\System\iOYXgbQ.exe
  C:\Windows\System\iOYXgbQ.exe
  2⤵
  PID:4968
- C:\Windows\System\VPbOrTe.exe
  C:\Windows\System\VPbOrTe.exe
  2⤵
  PID:5296
- C:\Windows\System\vYOJmdk.exe
  C:\Windows\System\vYOJmdk.exe
  2⤵
  PID:2668
- C:\Windows\System\HGxdCwH.exe
  C:\Windows\System\HGxdCwH.exe
  2⤵
  PID:4948
- C:\Windows\System\NTpgYLI.exe
  C:\Windows\System\NTpgYLI.exe
  2⤵
  PID:6192
- C:\Windows\System\OmDDPHS.exe
  C:\Windows\System\OmDDPHS.exe
  2⤵
  PID:6236
- C:\Windows\System\sMSZtZl.exe
  C:\Windows\System\sMSZtZl.exe
  2⤵
  PID:6308
- C:\Windows\System\CQxiyHg.exe
  C:\Windows\System\CQxiyHg.exe
  2⤵
  PID:6376
- C:\Windows\System\MtumbAN.exe
  C:\Windows\System\MtumbAN.exe
  2⤵
  PID:6464
- C:\Windows\System\WFnnJmO.exe
  C:\Windows\System\WFnnJmO.exe
  2⤵
  PID:6476
- C:\Windows\System\EAVCZVR.exe
  C:\Windows\System\EAVCZVR.exe
  2⤵
  PID:6520
- C:\Windows\System\REaoTyZ.exe
  C:\Windows\System\REaoTyZ.exe
  2⤵
  PID:6560
- C:\Windows\System\ZuAlxpH.exe
  C:\Windows\System\ZuAlxpH.exe
  2⤵
  PID:6656
- C:\Windows\System\pVnYZhL.exe
  C:\Windows\System\pVnYZhL.exe
  2⤵
  PID:6700
- C:\Windows\System\clicdOn.exe
  C:\Windows\System\clicdOn.exe
  2⤵
  PID:6720
- C:\Windows\System\kSDNrYe.exe
  C:\Windows\System\kSDNrYe.exe
  2⤵
  PID:6804
- C:\Windows\System\SAGBYGj.exe
  C:\Windows\System\SAGBYGj.exe
  2⤵
  PID:6840
- C:\Windows\System\tOIesSe.exe
  C:\Windows\System\tOIesSe.exe
  2⤵
  PID:6860
- C:\Windows\System\FvCWZAq.exe
  C:\Windows\System\FvCWZAq.exe
  2⤵
  PID:6940
- C:\Windows\System\AoFfZRg.exe
  C:\Windows\System\AoFfZRg.exe
  2⤵
  PID:2580
- C:\Windows\System\ppJCdke.exe
  C:\Windows\System\ppJCdke.exe
  2⤵
  PID:7024
- C:\Windows\System\WYdRbCh.exe
  C:\Windows\System\WYdRbCh.exe
  2⤵
  PID:7080
- C:\Windows\System\iHlgtMR.exe
  C:\Windows\System\iHlgtMR.exe
  2⤵
  PID:7140
- C:\Windows\System\gUmJGaa.exe
  C:\Windows\System\gUmJGaa.exe
  2⤵
  PID:5868
- C:\Windows\System\bIEQyCH.exe
  C:\Windows\System\bIEQyCH.exe
  2⤵
  PID:5920
- C:\Windows\System\iYvyXOf.exe
  C:\Windows\System\iYvyXOf.exe
  2⤵
  PID:4472
- C:\Windows\System\SEDQccV.exe
  C:\Windows\System\SEDQccV.exe
  2⤵
  PID:5576
- C:\Windows\System\idHfjHx.exe
  C:\Windows\System\idHfjHx.exe
  2⤵
  PID:6188
- C:\Windows\System\xLUDnPV.exe
  C:\Windows\System\xLUDnPV.exe
  2⤵
  PID:6328
- C:\Windows\System\gGIHuEU.exe
  C:\Windows\System\gGIHuEU.exe
  2⤵
  PID:6296
- C:\Windows\System\ujscLQY.exe
  C:\Windows\System\ujscLQY.exe
  2⤵
  PID:6356
- C:\Windows\System\EKfDejz.exe
  C:\Windows\System\EKfDejz.exe
  2⤵
  PID:6500
- C:\Windows\System\YTPQXZS.exe
  C:\Windows\System\YTPQXZS.exe
  2⤵
  PID:6604
- C:\Windows\System\gQCGwTc.exe
  C:\Windows\System\gQCGwTc.exe
  2⤵
  PID:6680
- C:\Windows\System\QkrgIhP.exe
  C:\Windows\System\QkrgIhP.exe
  2⤵
  PID:7176
- C:\Windows\System\YLPjQMR.exe
  C:\Windows\System\YLPjQMR.exe
  2⤵
  PID:7196
- C:\Windows\System\WEpjhlp.exe
  C:\Windows\System\WEpjhlp.exe
  2⤵
  PID:7216
- C:\Windows\System\kQgcnQY.exe
  C:\Windows\System\kQgcnQY.exe
  2⤵
  PID:7236
- C:\Windows\System\MRhCqkH.exe
  C:\Windows\System\MRhCqkH.exe
  2⤵
  PID:7256
- C:\Windows\System\wExJrOP.exe
  C:\Windows\System\wExJrOP.exe
  2⤵
  PID:7276
- C:\Windows\System\QcuuKtB.exe
  C:\Windows\System\QcuuKtB.exe
  2⤵
  PID:7296
- C:\Windows\System\drFQDhL.exe
  C:\Windows\System\drFQDhL.exe
  2⤵
  PID:7316
- C:\Windows\System\xmszSCP.exe
  C:\Windows\System\xmszSCP.exe
  2⤵
  PID:7336
- C:\Windows\System\RmLAuhK.exe
  C:\Windows\System\RmLAuhK.exe
  2⤵
  PID:7356
- C:\Windows\System\gNWTnUH.exe
  C:\Windows\System\gNWTnUH.exe
  2⤵
  PID:7376
- C:\Windows\System\BQLfAqy.exe
  C:\Windows\System\BQLfAqy.exe
  2⤵
  PID:7396
- C:\Windows\System\lRKhpBK.exe
  C:\Windows\System\lRKhpBK.exe
  2⤵
  PID:7416
- C:\Windows\System\UKvwyHP.exe
  C:\Windows\System\UKvwyHP.exe
  2⤵
  PID:7436
- C:\Windows\System\TWHNDos.exe
  C:\Windows\System\TWHNDos.exe
  2⤵
  PID:7460
- C:\Windows\System\swpNJmY.exe
  C:\Windows\System\swpNJmY.exe
  2⤵
  PID:7480
- C:\Windows\System\CZuUugS.exe
  C:\Windows\System\CZuUugS.exe
  2⤵
  PID:7500
- C:\Windows\System\suTyevi.exe
  C:\Windows\System\suTyevi.exe
  2⤵
  PID:7520
- C:\Windows\System\cRqdEID.exe
  C:\Windows\System\cRqdEID.exe
  2⤵
  PID:7540
- C:\Windows\System\amBiTlk.exe
  C:\Windows\System\amBiTlk.exe
  2⤵
  PID:7560
- C:\Windows\System\aGmmzrs.exe
  C:\Windows\System\aGmmzrs.exe
  2⤵
  PID:7580
- C:\Windows\System\iMiwkZL.exe
  C:\Windows\System\iMiwkZL.exe
  2⤵
  PID:7600
- C:\Windows\System\PRCbimX.exe
  C:\Windows\System\PRCbimX.exe
  2⤵
  PID:7620
- C:\Windows\System\opORNfu.exe
  C:\Windows\System\opORNfu.exe
  2⤵
  PID:7640
- C:\Windows\System\lJdNEXE.exe
  C:\Windows\System\lJdNEXE.exe
  2⤵
  PID:7660
- C:\Windows\System\UagNcNb.exe
  C:\Windows\System\UagNcNb.exe
  2⤵
  PID:7680
- C:\Windows\System\TuKeSSS.exe
  C:\Windows\System\TuKeSSS.exe
  2⤵
  PID:7700
- C:\Windows\System\EoktyPt.exe
  C:\Windows\System\EoktyPt.exe
  2⤵
  PID:7720
- C:\Windows\System\mosqlkB.exe
  C:\Windows\System\mosqlkB.exe
  2⤵
  PID:7740
- C:\Windows\System\VpzNiAr.exe
  C:\Windows\System\VpzNiAr.exe
  2⤵
  PID:7760
- C:\Windows\System\GqPqKUL.exe
  C:\Windows\System\GqPqKUL.exe
  2⤵
  PID:7784
- C:\Windows\System\JdycYSs.exe
  C:\Windows\System\JdycYSs.exe
  2⤵
  PID:7804
- C:\Windows\System\LCZYENU.exe
  C:\Windows\System\LCZYENU.exe
  2⤵
  PID:7824
- C:\Windows\System\JpDIRBP.exe
  C:\Windows\System\JpDIRBP.exe
  2⤵
  PID:7844
- C:\Windows\System\ARtcDtt.exe
  C:\Windows\System\ARtcDtt.exe
  2⤵
  PID:7864
- C:\Windows\System\SsNpJtb.exe
  C:\Windows\System\SsNpJtb.exe
  2⤵
  PID:7884
- C:\Windows\System\UkwEzru.exe
  C:\Windows\System\UkwEzru.exe
  2⤵
  PID:7904
- C:\Windows\System\YFJrCKA.exe
  C:\Windows\System\YFJrCKA.exe
  2⤵
  PID:7924
- C:\Windows\System\ZmepnET.exe
  C:\Windows\System\ZmepnET.exe
  2⤵
  PID:7944
- C:\Windows\System\BNAgYKc.exe
  C:\Windows\System\BNAgYKc.exe
  2⤵
  PID:7964
- C:\Windows\System\yxbfASS.exe
  C:\Windows\System\yxbfASS.exe
  2⤵
  PID:7984
- C:\Windows\System\GHkwyiv.exe
  C:\Windows\System\GHkwyiv.exe
  2⤵
  PID:8004
- C:\Windows\System\DZwlngv.exe
  C:\Windows\System\DZwlngv.exe
  2⤵
  PID:8024
- C:\Windows\System\NbrAUtw.exe
  C:\Windows\System\NbrAUtw.exe
  2⤵
  PID:8044
- C:\Windows\System\mrlatRU.exe
  C:\Windows\System\mrlatRU.exe
  2⤵
  PID:8064
- C:\Windows\System\SskGfbu.exe
  C:\Windows\System\SskGfbu.exe
  2⤵
  PID:8084
- C:\Windows\System\XJVBIBb.exe
  C:\Windows\System\XJVBIBb.exe
  2⤵
  PID:8104
- C:\Windows\System\bQdWDXq.exe
  C:\Windows\System\bQdWDXq.exe
  2⤵
  PID:8124
- C:\Windows\System\qWFAsrW.exe
  C:\Windows\System\qWFAsrW.exe
  2⤵
  PID:8144
- C:\Windows\System\mJSDlTs.exe
  C:\Windows\System\mJSDlTs.exe
  2⤵
  PID:8164
- C:\Windows\System\hMxRBGN.exe
  C:\Windows\System\hMxRBGN.exe
  2⤵
  PID:8184
- C:\Windows\System\NbDVuOG.exe
  C:\Windows\System\NbDVuOG.exe
  2⤵
  PID:6836
- C:\Windows\System\Npdyrmx.exe
  C:\Windows\System\Npdyrmx.exe
  2⤵
  PID:2812
- C:\Windows\System\YPUyJOb.exe
  C:\Windows\System\YPUyJOb.exe
  2⤵
  PID:7004
- C:\Windows\System\fliudxX.exe
  C:\Windows\System\fliudxX.exe
  2⤵
  PID:7096
- C:\Windows\System\pXQAyLd.exe
  C:\Windows\System\pXQAyLd.exe
  2⤵
  PID:3736
- C:\Windows\System\cRJjrUy.exe
  C:\Windows\System\cRJjrUy.exe
  2⤵
  PID:2628
- C:\Windows\System\VQxBkmE.exe
  C:\Windows\System\VQxBkmE.exe
  2⤵
  PID:6332
- C:\Windows\System\swZnbji.exe
  C:\Windows\System\swZnbji.exe
  2⤵
  PID:6396
- C:\Windows\System\efKwtyo.exe
  C:\Windows\System\efKwtyo.exe
  2⤵
  PID:6496
- C:\Windows\System\SaZRyOL.exe
  C:\Windows\System\SaZRyOL.exe
  2⤵
  PID:6736
- C:\Windows\System\lzbpSMS.exe
  C:\Windows\System\lzbpSMS.exe
  2⤵
  PID:7172
- C:\Windows\System\AZOIDkJ.exe
  C:\Windows\System\AZOIDkJ.exe
  2⤵
  PID:7212
- C:\Windows\System\hUdyPQC.exe
  C:\Windows\System\hUdyPQC.exe
  2⤵
  PID:7252
- C:\Windows\System\oKoMKuu.exe
  C:\Windows\System\oKoMKuu.exe
  2⤵
  PID:2180
- C:\Windows\System\RpKBOOD.exe
  C:\Windows\System\RpKBOOD.exe
  2⤵
  PID:7308
- C:\Windows\System\hTrrVxi.exe
  C:\Windows\System\hTrrVxi.exe
  2⤵
  PID:7332
- C:\Windows\System\deSNAKK.exe
  C:\Windows\System\deSNAKK.exe
  2⤵
  PID:7384
- C:\Windows\System\xyKzeUM.exe
  C:\Windows\System\xyKzeUM.exe
  2⤵
  PID:7404
- C:\Windows\System\tbJdSmt.exe
  C:\Windows\System\tbJdSmt.exe
  2⤵
  PID:2296
- C:\Windows\System\PIUuCWK.exe
  C:\Windows\System\PIUuCWK.exe
  2⤵
  PID:7452
- C:\Windows\System\ejDKWCr.exe
  C:\Windows\System\ejDKWCr.exe
  2⤵
  PID:7496
- C:\Windows\System\IFbGsva.exe
  C:\Windows\System\IFbGsva.exe
  2⤵
  PID:7536
- C:\Windows\System\cTEmXIk.exe
  C:\Windows\System\cTEmXIk.exe
  2⤵
  PID:2404
- C:\Windows\System\zXyXsvs.exe
  C:\Windows\System\zXyXsvs.exe
  2⤵
  PID:7608
- C:\Windows\System\AaqIwce.exe
  C:\Windows\System\AaqIwce.exe
  2⤵
  PID:7668
- C:\Windows\System\uCrCdBF.exe
  C:\Windows\System\uCrCdBF.exe
  2⤵
  PID:7688
- C:\Windows\System\mkmVjoC.exe
  C:\Windows\System\mkmVjoC.exe
  2⤵
  PID:7716
- C:\Windows\System\FgikpCM.exe
  C:\Windows\System\FgikpCM.exe
  2⤵
  PID:7756
- C:\Windows\System\vPcXttv.exe
  C:\Windows\System\vPcXttv.exe
  2⤵
  PID:7776
- C:\Windows\System\ndnvuEV.exe
  C:\Windows\System\ndnvuEV.exe
  2⤵
  PID:7836
- C:\Windows\System\FYOWReU.exe
  C:\Windows\System\FYOWReU.exe
  2⤵
  PID:7852
- C:\Windows\System\QRVtZgJ.exe
  C:\Windows\System\QRVtZgJ.exe
  2⤵
  PID:7876
- C:\Windows\System\DTzJUlb.exe
  C:\Windows\System\DTzJUlb.exe
  2⤵
  PID:7916
- C:\Windows\System\GRuCXUs.exe
  C:\Windows\System\GRuCXUs.exe
  2⤵
  PID:7952
- C:\Windows\System\lyrJVFy.exe
  C:\Windows\System\lyrJVFy.exe
  2⤵
  PID:7972
- C:\Windows\System\ZCBlUZm.exe
  C:\Windows\System\ZCBlUZm.exe
  2⤵
  PID:7976
- C:\Windows\System\yYQTgRj.exe
  C:\Windows\System\yYQTgRj.exe
  2⤵
  PID:8020
- C:\Windows\System\FhHnOXu.exe
  C:\Windows\System\FhHnOXu.exe
  2⤵
  PID:8052
- C:\Windows\System\cCVFjWz.exe
  C:\Windows\System\cCVFjWz.exe
  2⤵
  PID:8076
- C:\Windows\System\QObisSh.exe
  C:\Windows\System\QObisSh.exe
  2⤵
  PID:8096
- C:\Windows\System\mOxshPY.exe
  C:\Windows\System\mOxshPY.exe
  2⤵
  PID:8160
- C:\Windows\System\RPOnAXp.exe
  C:\Windows\System\RPOnAXp.exe
  2⤵
  PID:6920
- C:\Windows\System\aOxMOnE.exe
  C:\Windows\System\aOxMOnE.exe
  2⤵
  PID:6880
- C:\Windows\System\vWQoYCr.exe
  C:\Windows\System\vWQoYCr.exe
  2⤵
  PID:7084
- C:\Windows\System\YnVmMCD.exe
  C:\Windows\System\YnVmMCD.exe
  2⤵
  PID:5776
- C:\Windows\System\DVspTrC.exe
  C:\Windows\System\DVspTrC.exe
  2⤵
  PID:4308
- C:\Windows\System\gbzHfHb.exe
  C:\Windows\System\gbzHfHb.exe
  2⤵
  PID:1656
- C:\Windows\System\rkNejXi.exe
  C:\Windows\System\rkNejXi.exe
  2⤵
  PID:2408
- C:\Windows\System\dUssZGu.exe
  C:\Windows\System\dUssZGu.exe
  2⤵
  PID:6216
- C:\Windows\System\NbUjJuf.exe
  C:\Windows\System\NbUjJuf.exe
  2⤵
  PID:2720
- C:\Windows\System\qrByEpW.exe
  C:\Windows\System\qrByEpW.exe
  2⤵
  PID:6400
- C:\Windows\System\XZZArNy.exe
  C:\Windows\System\XZZArNy.exe
  2⤵
  PID:7192
- C:\Windows\System\BpHRyMj.exe
  C:\Windows\System\BpHRyMj.exe
  2⤵
  PID:7244
- C:\Windows\System\ojWeVja.exe
  C:\Windows\System\ojWeVja.exe
  2⤵
  PID:2452
- C:\Windows\System\mhAgkvd.exe
  C:\Windows\System\mhAgkvd.exe
  2⤵
  PID:7272
- C:\Windows\System\UdVHuCu.exe
  C:\Windows\System\UdVHuCu.exe
  2⤵
  PID:7432
- C:\Windows\System\IOAWEVw.exe
  C:\Windows\System\IOAWEVw.exe
  2⤵
  PID:7368
- C:\Windows\System\NILLZNJ.exe
  C:\Windows\System\NILLZNJ.exe
  2⤵
  PID:2232
- C:\Windows\System\IDSNpSE.exe
  C:\Windows\System\IDSNpSE.exe
  2⤵
  PID:7748
- C:\Windows\System\tYESYpc.exe
  C:\Windows\System\tYESYpc.exe
  2⤵
  PID:2744
- C:\Windows\System\PtTqBdC.exe
  C:\Windows\System\PtTqBdC.exe
  2⤵
  PID:7872
- C:\Windows\System\rvJwJBh.exe
  C:\Windows\System\rvJwJBh.exe
  2⤵
  PID:7896
- C:\Windows\System\WOWnYzN.exe
  C:\Windows\System\WOWnYzN.exe
  2⤵
  PID:8000
- C:\Windows\System\RIeSHHm.exe
  C:\Windows\System\RIeSHHm.exe
  2⤵
  PID:8036
- C:\Windows\System\Mntzqau.exe
  C:\Windows\System\Mntzqau.exe
  2⤵
  PID:2760
- C:\Windows\System\yegRtFp.exe
  C:\Windows\System\yegRtFp.exe
  2⤵
  PID:8156
- C:\Windows\System\MbtVlZk.exe
  C:\Windows\System\MbtVlZk.exe
  2⤵
  PID:6984
- C:\Windows\System\AljMLGg.exe
  C:\Windows\System\AljMLGg.exe
  2⤵
  PID:3360
- C:\Windows\System\aubXqqE.exe
  C:\Windows\System\aubXqqE.exe
  2⤵
  PID:3996
- C:\Windows\System\OMzhtTd.exe
  C:\Windows\System\OMzhtTd.exe
  2⤵
  PID:4896
- C:\Windows\System\qOmXkuE.exe
  C:\Windows\System\qOmXkuE.exe
  2⤵
  PID:5360
- C:\Windows\System\Dbbylef.exe
  C:\Windows\System\Dbbylef.exe
  2⤵
  PID:7188
- C:\Windows\System\UaRIIAe.exe
  C:\Windows\System\UaRIIAe.exe
  2⤵
  PID:7840
- C:\Windows\System\MUwSwyK.exe
  C:\Windows\System\MUwSwyK.exe
  2⤵
  PID:1360
- C:\Windows\System\SqDpfdX.exe
  C:\Windows\System\SqDpfdX.exe
  2⤵
  PID:7488
- C:\Windows\System\mXfxCFJ.exe
  C:\Windows\System\mXfxCFJ.exe
  2⤵
  PID:2728
- C:\Windows\System\RbiKdnV.exe
  C:\Windows\System\RbiKdnV.exe
  2⤵
  PID:7832
- C:\Windows\System\cGymCxX.exe
  C:\Windows\System\cGymCxX.exe
  2⤵
  PID:7932
- C:\Windows\System\zrkcsAu.exe
  C:\Windows\System\zrkcsAu.exe
  2⤵
  PID:7940
- C:\Windows\System\MCqeuUe.exe
  C:\Windows\System\MCqeuUe.exe
  2⤵
  PID:7856
- C:\Windows\System\ZUGrzeD.exe
  C:\Windows\System\ZUGrzeD.exe
  2⤵
  PID:2848
- C:\Windows\System\rLSHJNy.exe
  C:\Windows\System\rLSHJNy.exe
  2⤵
  PID:8100
- C:\Windows\System\JoWbHkd.exe
  C:\Windows\System\JoWbHkd.exe
  2⤵
  PID:8140
- C:\Windows\System\ZTYRNLz.exe
  C:\Windows\System\ZTYRNLz.exe
  2⤵
  PID:8172
- C:\Windows\System\qSAXoMA.exe
  C:\Windows\System\qSAXoMA.exe
  2⤵
  PID:760
- C:\Windows\System\MyaAcfD.exe
  C:\Windows\System\MyaAcfD.exe
  2⤵
  PID:6600
- C:\Windows\System\oWgETwf.exe
  C:\Windows\System\oWgETwf.exe
  2⤵
  PID:6268
- C:\Windows\System\mlbkVBs.exe
  C:\Windows\System\mlbkVBs.exe
  2⤵
  PID:6504
- C:\Windows\System\vKBbpJu.exe
  C:\Windows\System\vKBbpJu.exe
  2⤵
  PID:7312
- C:\Windows\System\InSAFWw.exe
  C:\Windows\System\InSAFWw.exe
  2⤵
  PID:7768
- C:\Windows\System\EDaZSwD.exe
  C:\Windows\System\EDaZSwD.exe
  2⤵
  PID:7648
- C:\Windows\System\IRHmOth.exe
  C:\Windows\System\IRHmOth.exe
  2⤵
  PID:7816
- C:\Windows\System\DieaByk.exe
  C:\Windows\System\DieaByk.exe
  2⤵
  PID:576
- C:\Windows\System\PKtYHwg.exe
  C:\Windows\System\PKtYHwg.exe
  2⤵
  PID:1224
- C:\Windows\System\UQYKIaz.exe
  C:\Windows\System\UQYKIaz.exe
  2⤵
  PID:8120
- C:\Windows\System\UxYIIrt.exe
  C:\Windows\System\UxYIIrt.exe
  2⤵
  PID:7036
- C:\Windows\System\UONPnIr.exe
  C:\Windows\System\UONPnIr.exe
  2⤵
  PID:2932
- C:\Windows\System\cbgXOpQ.exe
  C:\Windows\System\cbgXOpQ.exe
  2⤵
  PID:6436
- C:\Windows\System\foFXwkI.exe
  C:\Windows\System\foFXwkI.exe
  2⤵
  PID:8080
- C:\Windows\System\hODLiCd.exe
  C:\Windows\System\hODLiCd.exe
  2⤵
  PID:6796
- C:\Windows\System\JedGbcg.exe
  C:\Windows\System\JedGbcg.exe
  2⤵
  PID:2500
- C:\Windows\System\tiNEzJz.exe
  C:\Windows\System\tiNEzJz.exe
  2⤵
  PID:568
- C:\Windows\System\qqFFpwz.exe
  C:\Windows\System\qqFFpwz.exe
  2⤵
  PID:2044
- C:\Windows\System\JTlrRwn.exe
  C:\Windows\System\JTlrRwn.exe
  2⤵
  PID:2564
- C:\Windows\System\EVKIieu.exe
  C:\Windows\System\EVKIieu.exe
  2⤵
  PID:1664
- C:\Windows\System\FYXYqDX.exe
  C:\Windows\System\FYXYqDX.exe
  2⤵
  PID:7388
- C:\Windows\System\WRrJwRd.exe
  C:\Windows\System\WRrJwRd.exe
  2⤵
  PID:1624
- C:\Windows\System\CBtfqRP.exe
  C:\Windows\System\CBtfqRP.exe
  2⤵
  PID:924
- C:\Windows\System\wPNQgri.exe
  C:\Windows\System\wPNQgri.exe
  2⤵
  PID:5820
- C:\Windows\System\rOAIHRj.exe
  C:\Windows\System\rOAIHRj.exe
  2⤵
  PID:628
- C:\Windows\System\dcbmxKg.exe
  C:\Windows\System\dcbmxKg.exe
  2⤵
  PID:2196
- C:\Windows\System\FoqtdsB.exe
  C:\Windows\System\FoqtdsB.exe
  2⤵
  PID:1140
- C:\Windows\System\jtcaWSh.exe
  C:\Windows\System\jtcaWSh.exe
  2⤵
  PID:7348
- C:\Windows\System\ZlPdayo.exe
  C:\Windows\System\ZlPdayo.exe
  2⤵
  PID:2476
- C:\Windows\System\IWSDUaM.exe
  C:\Windows\System\IWSDUaM.exe
  2⤵
  PID:1044
- C:\Windows\System\kkjgyLJ.exe
  C:\Windows\System\kkjgyLJ.exe
  2⤵
  PID:7264
- C:\Windows\System\ffiXMSu.exe
  C:\Windows\System\ffiXMSu.exe
  2⤵
  PID:824
- C:\Windows\System\ZiWLsLA.exe
  C:\Windows\System\ZiWLsLA.exe
  2⤵
  PID:732
- C:\Windows\System\XOHkGCM.exe
  C:\Windows\System\XOHkGCM.exe
  2⤵
  PID:1184
- C:\Windows\System\xfWMPUb.exe
  C:\Windows\System\xfWMPUb.exe
  2⤵
  PID:4408
- C:\Windows\System\nHJymQb.exe
  C:\Windows\System\nHJymQb.exe
  2⤵
  PID:1668
- C:\Windows\System\XUfFhrG.exe
  C:\Windows\System\XUfFhrG.exe
  2⤵
  PID:7980
- C:\Windows\System\ZnYelIZ.exe
  C:\Windows\System\ZnYelIZ.exe
  2⤵
  PID:2796
- C:\Windows\System\Wrdivbl.exe
  C:\Windows\System\Wrdivbl.exe
  2⤵
  PID:1392
- C:\Windows\System\YGtiLgW.exe
  C:\Windows\System\YGtiLgW.exe
  2⤵
  PID:8212
- C:\Windows\System\AxVbjKu.exe
  C:\Windows\System\AxVbjKu.exe
  2⤵
  PID:8228
- C:\Windows\System\XqdfvXm.exe
  C:\Windows\System\XqdfvXm.exe
  2⤵
  PID:8244
- C:\Windows\System\AdbmnAC.exe
  C:\Windows\System\AdbmnAC.exe
  2⤵
  PID:8260
- C:\Windows\System\fssbUZY.exe
  C:\Windows\System\fssbUZY.exe
  2⤵
  PID:8276
- C:\Windows\System\wqSQShm.exe
  C:\Windows\System\wqSQShm.exe
  2⤵
  PID:8300
- C:\Windows\System\sZkXfgz.exe
  C:\Windows\System\sZkXfgz.exe
  2⤵
  PID:8328
- C:\Windows\System\iduzpDx.exe
  C:\Windows\System\iduzpDx.exe
  2⤵
  PID:8344
- C:\Windows\System\cLBNZSX.exe
  C:\Windows\System\cLBNZSX.exe
  2⤵
  PID:8372
- C:\Windows\System\vnCgMyM.exe
  C:\Windows\System\vnCgMyM.exe
  2⤵
  PID:8392
- C:\Windows\System\UDCpQGk.exe
  C:\Windows\System\UDCpQGk.exe
  2⤵
  PID:8408
- C:\Windows\System\FHlrwcW.exe
  C:\Windows\System\FHlrwcW.exe
  2⤵
  PID:8444
- C:\Windows\System\yOhxSUD.exe
  C:\Windows\System\yOhxSUD.exe
  2⤵
  PID:8460
- C:\Windows\System\gpafzWh.exe
  C:\Windows\System\gpafzWh.exe
  2⤵
  PID:8484
- C:\Windows\System\PVTAeMq.exe
  C:\Windows\System\PVTAeMq.exe
  2⤵
  PID:8500
- C:\Windows\System\OLeKaLV.exe
  C:\Windows\System\OLeKaLV.exe
  2⤵
  PID:8516
- C:\Windows\System\xhGuOet.exe
  C:\Windows\System\xhGuOet.exe
  2⤵
  PID:8540
- C:\Windows\System\sLEyztA.exe
  C:\Windows\System\sLEyztA.exe
  2⤵
  PID:8560
- C:\Windows\System\XzAXGwy.exe
  C:\Windows\System\XzAXGwy.exe
  2⤵
  PID:8576
- C:\Windows\System\irSjJGY.exe
  C:\Windows\System\irSjJGY.exe
  2⤵
  PID:8592
- C:\Windows\System\GgqEzKr.exe
  C:\Windows\System\GgqEzKr.exe
  2⤵
  PID:8608
- C:\Windows\System\LecwwMI.exe
  C:\Windows\System\LecwwMI.exe
  2⤵
  PID:8624
- C:\Windows\System\UdjDKBH.exe
  C:\Windows\System\UdjDKBH.exe
  2⤵
  PID:8644
- C:\Windows\System\gVetkCV.exe
  C:\Windows\System\gVetkCV.exe
  2⤵
  PID:8664
- C:\Windows\System\mgocyTp.exe
  C:\Windows\System\mgocyTp.exe
  2⤵
  PID:8680
- C:\Windows\System\DoOMxCe.exe
  C:\Windows\System\DoOMxCe.exe
  2⤵
  PID:8696
- C:\Windows\System\SBmyXdO.exe
  C:\Windows\System\SBmyXdO.exe
  2⤵
  PID:8712
- C:\Windows\System\YCEThGT.exe
  C:\Windows\System\YCEThGT.exe
  2⤵
  PID:8732
- C:\Windows\System\mDokYxL.exe
  C:\Windows\System\mDokYxL.exe
  2⤵
  PID:8756
- C:\Windows\System\wfYvwMU.exe
  C:\Windows\System\wfYvwMU.exe
  2⤵
  PID:8776
- C:\Windows\System\JsnrekM.exe
  C:\Windows\System\JsnrekM.exe
  2⤵
  PID:8800
- C:\Windows\System\hOkpnAz.exe
  C:\Windows\System\hOkpnAz.exe
  2⤵
  PID:8816
- C:\Windows\System\NwbwBgB.exe
  C:\Windows\System\NwbwBgB.exe
  2⤵
  PID:8876
- C:\Windows\System\MEgkqPA.exe
  C:\Windows\System\MEgkqPA.exe
  2⤵
  PID:8892
- C:\Windows\System\kHMKrbf.exe
  C:\Windows\System\kHMKrbf.exe
  2⤵
  PID:8908
- C:\Windows\System\jPvAIBN.exe
  C:\Windows\System\jPvAIBN.exe
  2⤵
  PID:8932
- C:\Windows\System\sOMaYLr.exe
  C:\Windows\System\sOMaYLr.exe
  2⤵
  PID:8952
- C:\Windows\System\LVNIFsd.exe
  C:\Windows\System\LVNIFsd.exe
  2⤵
  PID:8980
- C:\Windows\System\kwwExyA.exe
  C:\Windows\System\kwwExyA.exe
  2⤵
  PID:8996
- C:\Windows\System\vtbmgAN.exe
  C:\Windows\System\vtbmgAN.exe
  2⤵
  PID:9012
- C:\Windows\System\frsIigS.exe
  C:\Windows\System\frsIigS.exe
  2⤵
  PID:9036
- C:\Windows\System\QUoSgLf.exe
  C:\Windows\System\QUoSgLf.exe
  2⤵
  PID:9052
- C:\Windows\System\lwENKIn.exe
  C:\Windows\System\lwENKIn.exe
  2⤵
  PID:9076
- C:\Windows\System\NqUrzeL.exe
  C:\Windows\System\NqUrzeL.exe
  2⤵
  PID:9100
- C:\Windows\System\yJUfAwu.exe
  C:\Windows\System\yJUfAwu.exe
  2⤵
  PID:9116
- C:\Windows\System\UFmxBAB.exe
  C:\Windows\System\UFmxBAB.exe
  2⤵
  PID:9140
- C:\Windows\System\LpKpAKn.exe
  C:\Windows\System\LpKpAKn.exe
  2⤵
  PID:9156
- C:\Windows\System\eULSTZo.exe
  C:\Windows\System\eULSTZo.exe
  2⤵
  PID:9176
- C:\Windows\System\JvBLTJa.exe
  C:\Windows\System\JvBLTJa.exe
  2⤵
  PID:9192
- C:\Windows\System\WXJdtVe.exe
  C:\Windows\System\WXJdtVe.exe
  2⤵
  PID:9208
- C:\Windows\System\UkoheaO.exe
  C:\Windows\System\UkoheaO.exe
  2⤵
  PID:8220
- C:\Windows\System\nyQPZzn.exe
  C:\Windows\System\nyQPZzn.exe
  2⤵
  PID:8200
- C:\Windows\System\RzwmOhy.exe
  C:\Windows\System\RzwmOhy.exe
  2⤵
  PID:8288
- C:\Windows\System\RjNwjfX.exe
  C:\Windows\System\RjNwjfX.exe
  2⤵
  PID:8308
- C:\Windows\System\ySQyprU.exe
  C:\Windows\System\ySQyprU.exe
  2⤵
  PID:2460
- C:\Windows\System\iGrnYaB.exe
  C:\Windows\System\iGrnYaB.exe
  2⤵
  PID:8240
- C:\Windows\System\zJfomiO.exe
  C:\Windows\System\zJfomiO.exe
  2⤵
  PID:8352
- C:\Windows\System\WLyisRV.exe
  C:\Windows\System\WLyisRV.exe
  2⤵
  PID:8364
- C:\Windows\System\mTcBAVE.exe
  C:\Windows\System\mTcBAVE.exe
  2⤵
  PID:8368
- C:\Windows\System\JpDSBcb.exe
  C:\Windows\System\JpDSBcb.exe
  2⤵
  PID:2372
- C:\Windows\System\xkDMSNg.exe
  C:\Windows\System\xkDMSNg.exe
  2⤵
  PID:8456
- C:\Windows\System\dYSkkVw.exe
  C:\Windows\System\dYSkkVw.exe
  2⤵
  PID:8492
- C:\Windows\System\aMbVmRc.exe
  C:\Windows\System\aMbVmRc.exe
  2⤵
  PID:8532
- C:\Windows\System\MlobqpL.exe
  C:\Windows\System\MlobqpL.exe
  2⤵
  PID:8584
- C:\Windows\System\ftprIZH.exe
  C:\Windows\System\ftprIZH.exe
  2⤵
  PID:8660
- C:\Windows\System\UIGzqbO.exe
  C:\Windows\System\UIGzqbO.exe
  2⤵
  PID:8632
- C:\Windows\System\LZHrNAY.exe
  C:\Windows\System\LZHrNAY.exe
  2⤵
  PID:8676
- C:\Windows\System\sYZjwbp.exe
  C:\Windows\System\sYZjwbp.exe
  2⤵
  PID:8764
- C:\Windows\System\deXmbPw.exe
  C:\Windows\System\deXmbPw.exe
  2⤵
  PID:8748
- C:\Windows\System\MtufzOT.exe
  C:\Windows\System\MtufzOT.exe
  2⤵
  PID:8832
- C:\Windows\System\fLfWfWs.exe
  C:\Windows\System\fLfWfWs.exe
  2⤵
  PID:8852
- C:\Windows\System\HnPRTJw.exe
  C:\Windows\System\HnPRTJw.exe
  2⤵
  PID:8884
- C:\Windows\System\IImIjrX.exe
  C:\Windows\System\IImIjrX.exe
  2⤵
  PID:8924
- C:\Windows\System\EwpConc.exe
  C:\Windows\System\EwpConc.exe
  2⤵
  PID:8960
- C:\Windows\System\YbEAEIg.exe
  C:\Windows\System\YbEAEIg.exe
  2⤵
  PID:8976
- C:\Windows\System\IMUeBeX.exe
  C:\Windows\System\IMUeBeX.exe
  2⤵
  PID:9044
- C:\Windows\System\biJtxEj.exe
  C:\Windows\System\biJtxEj.exe
  2⤵
  PID:9068
- C:\Windows\System\JxTEpMK.exe
  C:\Windows\System\JxTEpMK.exe
  2⤵
  PID:9088
- C:\Windows\System\jxVMfLg.exe
  C:\Windows\System\jxVMfLg.exe
  2⤵
  PID:9124
- C:\Windows\System\PvcHpNy.exe
  C:\Windows\System\PvcHpNy.exe
  2⤵
  PID:9200
- C:\Windows\System\gSxHMPJ.exe
  C:\Windows\System\gSxHMPJ.exe
  2⤵
  PID:1708
- C:\Windows\System\zxvIWXG.exe
  C:\Windows\System\zxvIWXG.exe
  2⤵
  PID:8204
- C:\Windows\System\JfTePdq.exe
  C:\Windows\System\JfTePdq.exe
  2⤵
  PID:9204
- C:\Windows\System\YBimuca.exe
  C:\Windows\System\YBimuca.exe
  2⤵
  PID:8320
- C:\Windows\System\SEWHtQt.exe
  C:\Windows\System\SEWHtQt.exe
  2⤵
  PID:8360
- C:\Windows\System\UtNdfHW.exe
  C:\Windows\System\UtNdfHW.exe
  2⤵
  PID:8480
- C:\Windows\System\wUNxCxR.exe
  C:\Windows\System\wUNxCxR.exe
  2⤵
  PID:8432
- C:\Windows\System\luvsztP.exe
  C:\Windows\System\luvsztP.exe
  2⤵
  PID:8536
- C:\Windows\System\RqmunHQ.exe
  C:\Windows\System\RqmunHQ.exe
  2⤵
  PID:8568
- C:\Windows\System\WHeTQUd.exe
  C:\Windows\System\WHeTQUd.exe
  2⤵
  PID:8656
- C:\Windows\System\CrfQKDq.exe
  C:\Windows\System\CrfQKDq.exe
  2⤵
  PID:8704
- C:\Windows\System\SfiEaSE.exe
  C:\Windows\System\SfiEaSE.exe
  2⤵
  PID:8808
- C:\Windows\System\YxdnUsU.exe
  C:\Windows\System\YxdnUsU.exe
  2⤵
  PID:8740
- C:\Windows\System\uqEVXTc.exe
  C:\Windows\System\uqEVXTc.exe
  2⤵
  PID:8860
- C:\Windows\System\CWJLsOe.exe
  C:\Windows\System\CWJLsOe.exe
  2⤵
  PID:8844
- C:\Windows\System\AReQMqR.exe
  C:\Windows\System\AReQMqR.exe
  2⤵
  PID:8900
- C:\Windows\System\hlOWETi.exe
  C:\Windows\System\hlOWETi.exe
  2⤵
  PID:8944
- C:\Windows\System\IgDOrZU.exe
  C:\Windows\System\IgDOrZU.exe
  2⤵
  PID:9004
- C:\Windows\System\yaPiVVT.exe
  C:\Windows\System\yaPiVVT.exe
  2⤵
  PID:9060
- C:\Windows\System\GeEuKae.exe
  C:\Windows\System\GeEuKae.exe
  2⤵
  PID:9112
- C:\Windows\System\Uzwbast.exe
  C:\Windows\System\Uzwbast.exe
  2⤵
  PID:9184
- C:\Windows\System\MCRFboH.exe
  C:\Windows\System\MCRFboH.exe
  2⤵
  PID:9168
- C:\Windows\System\NKTOEzn.exe
  C:\Windows\System\NKTOEzn.exe
  2⤵
  PID:7412
- C:\Windows\System\SfqtyLW.exe
  C:\Windows\System\SfqtyLW.exe
  2⤵
  PID:8384
- C:\Windows\System\pDmvItY.exe
  C:\Windows\System\pDmvItY.exe
  2⤵
  PID:8452
- C:\Windows\System\bbALghl.exe
  C:\Windows\System\bbALghl.exe
  2⤵
  PID:8428
- C:\Windows\System\uaFVEcE.exe
  C:\Windows\System\uaFVEcE.exe
  2⤵
  PID:8496
- C:\Windows\System\xJDleji.exe
  C:\Windows\System\xJDleji.exe
  2⤵
  PID:8640
- C:\Windows\System\bWrYwJJ.exe
  C:\Windows\System\bWrYwJJ.exe
  2⤵
  PID:8812
- C:\Windows\System\vBoKCKz.exe
  C:\Windows\System\vBoKCKz.exe
  2⤵
  PID:8916
- C:\Windows\System\aeuLBHB.exe
  C:\Windows\System\aeuLBHB.exe
  2⤵
  PID:9096
- C:\Windows\System\sRVcTPN.exe
  C:\Windows\System\sRVcTPN.exe
  2⤵
  PID:9032
- C:\Windows\System\xGjpjMX.exe
  C:\Windows\System\xGjpjMX.exe
  2⤵
  PID:8380
- C:\Windows\System\BKDctxc.exe
  C:\Windows\System\BKDctxc.exe
  2⤵
  PID:8796
- C:\Windows\System\ooRcDzt.exe
  C:\Windows\System\ooRcDzt.exe
  2⤵
  PID:9024
- C:\Windows\System\VgffbnE.exe
  C:\Windows\System\VgffbnE.exe
  2⤵
  PID:8968
- C:\Windows\System\XDVcWTm.exe
  C:\Windows\System\XDVcWTm.exe
  2⤵
  PID:9148
- C:\Windows\System\QTFnTpG.exe
  C:\Windows\System\QTFnTpG.exe
  2⤵
  PID:8928
- C:\Windows\System\DMjjUbi.exe
  C:\Windows\System\DMjjUbi.exe
  2⤵
  PID:9164
- C:\Windows\System\VDBnfvK.exe
  C:\Windows\System\VDBnfvK.exe
  2⤵
  PID:8652
- C:\Windows\System\ISOibOu.exe
  C:\Windows\System\ISOibOu.exe
  2⤵
  PID:9084
- C:\Windows\System\bwHzKXd.exe
  C:\Windows\System\bwHzKXd.exe
  2⤵
  PID:9172
- C:\Windows\System\iWMVZKg.exe
  C:\Windows\System\iWMVZKg.exe
  2⤵
  PID:8556
- C:\Windows\System\FNSbRou.exe
  C:\Windows\System\FNSbRou.exe
  2⤵
  PID:8336
- C:\Windows\System\zLONLWT.exe
  C:\Windows\System\zLONLWT.exe
  2⤵
  PID:8904
- C:\Windows\System\WeAiiZT.exe
  C:\Windows\System\WeAiiZT.exe
  2⤵
  PID:8864
- C:\Windows\System\TqXqxxu.exe
  C:\Windows\System\TqXqxxu.exe
  2⤵
  PID:8948
- C:\Windows\System\nySUdxB.exe
  C:\Windows\System\nySUdxB.exe
  2⤵
  PID:9248
- C:\Windows\System\sMoztil.exe
  C:\Windows\System\sMoztil.exe
  2⤵
  PID:9268
- C:\Windows\System\gIfSgWB.exe
  C:\Windows\System\gIfSgWB.exe
  2⤵
  PID:9284
- C:\Windows\System\LnHTfrr.exe
  C:\Windows\System\LnHTfrr.exe
  2⤵
  PID:9304
- C:\Windows\System\SPoGTmq.exe
  C:\Windows\System\SPoGTmq.exe
  2⤵
  PID:9332
- C:\Windows\System\CejiJQs.exe
  C:\Windows\System\CejiJQs.exe
  2⤵
  PID:9348
- C:\Windows\System\OLhaXtR.exe
  C:\Windows\System\OLhaXtR.exe
  2⤵
  PID:9368
- C:\Windows\System\KjisgCw.exe
  C:\Windows\System\KjisgCw.exe
  2⤵
  PID:9388
- C:\Windows\System\lpTUoxz.exe
  C:\Windows\System\lpTUoxz.exe
  2⤵
  PID:9408
- C:\Windows\System\qEFnhJU.exe
  C:\Windows\System\qEFnhJU.exe
  2⤵
  PID:9432
- C:\Windows\System\wWdKfEg.exe
  C:\Windows\System\wWdKfEg.exe
  2⤵
  PID:9448
- C:\Windows\System\aGIqjDm.exe
  C:\Windows\System\aGIqjDm.exe
  2⤵
  PID:9468
- C:\Windows\System\mCgrryX.exe
  C:\Windows\System\mCgrryX.exe
  2⤵
  PID:9484
- C:\Windows\System\sEmjZvZ.exe
  C:\Windows\System\sEmjZvZ.exe
  2⤵
  PID:9500
- C:\Windows\System\nIviOHO.exe
  C:\Windows\System\nIviOHO.exe
  2⤵
  PID:9520
- C:\Windows\System\WLDPZpR.exe
  C:\Windows\System\WLDPZpR.exe
  2⤵
  PID:9536
- C:\Windows\System\GORYjdg.exe
  C:\Windows\System\GORYjdg.exe
  2⤵
  PID:9556
- C:\Windows\System\QrOPwVW.exe
  C:\Windows\System\QrOPwVW.exe
  2⤵
  PID:9572
- C:\Windows\System\FpDkzMw.exe
  C:\Windows\System\FpDkzMw.exe
  2⤵
  PID:9592
- C:\Windows\System\UuhKUSS.exe
  C:\Windows\System\UuhKUSS.exe
  2⤵
  PID:9608
- C:\Windows\System\iLfXEQN.exe
  C:\Windows\System\iLfXEQN.exe
  2⤵
  PID:9628
- C:\Windows\System\hGvMZWq.exe
  C:\Windows\System\hGvMZWq.exe
  2⤵
  PID:9672
- C:\Windows\System\PPIqVYx.exe
  C:\Windows\System\PPIqVYx.exe
  2⤵
  PID:9688
- C:\Windows\System\KsMBXBo.exe
  C:\Windows\System\KsMBXBo.exe
  2⤵
  PID:9708
- C:\Windows\System\TzfkZya.exe
  C:\Windows\System\TzfkZya.exe
  2⤵
  PID:9736
- C:\Windows\System\hGfktYe.exe
  C:\Windows\System\hGfktYe.exe
  2⤵
  PID:9752
- C:\Windows\System\JDjzVOC.exe
  C:\Windows\System\JDjzVOC.exe
  2⤵
  PID:9776
- C:\Windows\System\noSDZeK.exe
  C:\Windows\System\noSDZeK.exe
  2⤵
  PID:9792
- C:\Windows\System\cxpABJo.exe
  C:\Windows\System\cxpABJo.exe
  2⤵
  PID:9808
- C:\Windows\System\GIWhODf.exe
  C:\Windows\System\GIWhODf.exe
  2⤵
  PID:9824
- C:\Windows\System\tEDnxrB.exe
  C:\Windows\System\tEDnxrB.exe
  2⤵
  PID:9856
- C:\Windows\System\SBvusgo.exe
  C:\Windows\System\SBvusgo.exe
  2⤵
  PID:9876
- C:\Windows\System\YQgXJMo.exe
  C:\Windows\System\YQgXJMo.exe
  2⤵
  PID:9896
- C:\Windows\System\jdQBfXc.exe
  C:\Windows\System\jdQBfXc.exe
  2⤵
  PID:9912
- C:\Windows\System\UQTRxye.exe
  C:\Windows\System\UQTRxye.exe
  2⤵
  PID:9928
- C:\Windows\System\qwkKPkc.exe
  C:\Windows\System\qwkKPkc.exe
  2⤵
  PID:9944
- C:\Windows\System\QjdTSXz.exe
  C:\Windows\System\QjdTSXz.exe
  2⤵
  PID:9976
- C:\Windows\System\vhdHmtx.exe
  C:\Windows\System\vhdHmtx.exe
  2⤵
  PID:9996
- C:\Windows\System\PxDKFBO.exe
  C:\Windows\System\PxDKFBO.exe
  2⤵
  PID:10012
- C:\Windows\System\Wgjngfl.exe
  C:\Windows\System\Wgjngfl.exe
  2⤵
  PID:10028
- C:\Windows\System\rhAnrnL.exe
  C:\Windows\System\rhAnrnL.exe
  2⤵
  PID:10052
- C:\Windows\System\iuummIP.exe
  C:\Windows\System\iuummIP.exe
  2⤵
  PID:10072
- C:\Windows\System\dEAitxR.exe
  C:\Windows\System\dEAitxR.exe
  2⤵
  PID:10088
- C:\Windows\System\pbBOhaG.exe
  C:\Windows\System\pbBOhaG.exe
  2⤵
  PID:10108
- C:\Windows\System\xubhLng.exe
  C:\Windows\System\xubhLng.exe
  2⤵
  PID:10124
- C:\Windows\System\nZyHFtT.exe
  C:\Windows\System\nZyHFtT.exe
  2⤵
  PID:10140
- C:\Windows\System\pslvUqT.exe
  C:\Windows\System\pslvUqT.exe
  2⤵
  PID:10156
- C:\Windows\System\OMKaYOF.exe
  C:\Windows\System\OMKaYOF.exe
  2⤵
  PID:10172
- C:\Windows\System\gVdUklX.exe
  C:\Windows\System\gVdUklX.exe
  2⤵
  PID:10192
- C:\Windows\System\hUboNVI.exe
  C:\Windows\System\hUboNVI.exe
  2⤵
  PID:10220
- C:\Windows\System\AuZFTgh.exe
  C:\Windows\System\AuZFTgh.exe
  2⤵
  PID:8692
- C:\Windows\System\meETkKk.exe
  C:\Windows\System\meETkKk.exe
  2⤵
  PID:9236
- C:\Windows\System\GfqdOpz.exe
  C:\Windows\System\GfqdOpz.exe
  2⤵
  PID:9256
- C:\Windows\System\QbGsJNs.exe
  C:\Windows\System\QbGsJNs.exe
  2⤵
  PID:9292
- C:\Windows\System\gXMuTYl.exe
  C:\Windows\System\gXMuTYl.exe
  2⤵
  PID:9296
- C:\Windows\System\jKKPEeH.exe
  C:\Windows\System\jKKPEeH.exe
  2⤵
  PID:9340
- C:\Windows\System\GDaDBUj.exe
  C:\Windows\System\GDaDBUj.exe
  2⤵
  PID:9360
- C:\Windows\System\DSQcoEk.exe
  C:\Windows\System\DSQcoEk.exe
  2⤵
  PID:9400
- C:\Windows\System\TzICJof.exe
  C:\Windows\System\TzICJof.exe
  2⤵
  PID:9444
- C:\Windows\System\QRveqQh.exe
  C:\Windows\System\QRveqQh.exe
  2⤵
  PID:9580
- C:\Windows\System\syllieH.exe
  C:\Windows\System\syllieH.exe
  2⤵
  PID:9624
- C:\Windows\System\gCZLuyW.exe
  C:\Windows\System\gCZLuyW.exe
  2⤵
  PID:9604
- C:\Windows\System\bEJwkNe.exe
  C:\Windows\System\bEJwkNe.exe
  2⤵
  PID:9532
- C:\Windows\System\PxoihgD.exe
  C:\Windows\System\PxoihgD.exe
  2⤵
  PID:9660
- C:\Windows\System\krnlXCs.exe
  C:\Windows\System\krnlXCs.exe
  2⤵
  PID:9640
- C:\Windows\System\miVYdpI.exe
  C:\Windows\System\miVYdpI.exe
  2⤵
  PID:9680
- C:\Windows\System\bFWbXxq.exe
  C:\Windows\System\bFWbXxq.exe
  2⤵
  PID:9704
- C:\Windows\System\GIerorC.exe
  C:\Windows\System\GIerorC.exe
  2⤵
  PID:9748
- C:\Windows\System\UQXUsUN.exe
  C:\Windows\System\UQXUsUN.exe
  2⤵
  PID:9768
- C:\Windows\System\QvAZvUq.exe
  C:\Windows\System\QvAZvUq.exe
  2⤵
  PID:9804
- C:\Windows\System\WgCtbQY.exe
  C:\Windows\System\WgCtbQY.exe
  2⤵
  PID:9840
- C:\Windows\System\lgWMbyX.exe
  C:\Windows\System\lgWMbyX.exe
  2⤵
  PID:9868
- C:\Windows\System\EiGHhSO.exe
  C:\Windows\System\EiGHhSO.exe
  2⤵
  PID:9924
- C:\Windows\System\VGfZLAt.exe
  C:\Windows\System\VGfZLAt.exe
  2⤵
  PID:9936
- C:\Windows\System\txdIXwh.exe
  C:\Windows\System\txdIXwh.exe
  2⤵
  PID:9964
- C:\Windows\System\NEItOcQ.exe
  C:\Windows\System\NEItOcQ.exe
  2⤵
  PID:10024
- C:\Windows\System\TpMmLSm.exe
  C:\Windows\System\TpMmLSm.exe
  2⤵
  PID:10048
- C:\Windows\System\BvTjLsi.exe
  C:\Windows\System\BvTjLsi.exe
  2⤵
  PID:10180
- C:\Windows\System\kTlHDbQ.exe
  C:\Windows\System\kTlHDbQ.exe
  2⤵
  PID:10184
- C:\Windows\System\StBkZWk.exe
  C:\Windows\System\StBkZWk.exe
  2⤵
  PID:10188
- C:\Windows\System\PQxhVqG.exe
  C:\Windows\System\PQxhVqG.exe
  2⤵
  PID:10132
- C:\Windows\System\FGWUNIE.exe
  C:\Windows\System\FGWUNIE.exe
  2⤵
  PID:9220
- C:\Windows\System\ItfbxpY.exe
  C:\Windows\System\ItfbxpY.exe
  2⤵
  PID:8784
- C:\Windows\System\JAaRsVw.exe
  C:\Windows\System\JAaRsVw.exe
  2⤵
  PID:9244
- C:\Windows\System\fkUmMYg.exe
  C:\Windows\System\fkUmMYg.exe
  2⤵
  PID:9416
- C:\Windows\System\QZFHaPm.exe
  C:\Windows\System\QZFHaPm.exe
  2⤵
  PID:9424
- C:\Windows\System\IQbYnud.exe
  C:\Windows\System\IQbYnud.exe
  2⤵
  PID:9380
- C:\Windows\System\FNTguYr.exe
  C:\Windows\System\FNTguYr.exe
  2⤵
  PID:9512
- C:\Windows\System\HfiMzUm.exe
  C:\Windows\System\HfiMzUm.exe
  2⤵
  PID:9548
- C:\Windows\System\OifqlqG.exe
  C:\Windows\System\OifqlqG.exe
  2⤵
  PID:9636
- C:\Windows\System\bsxZvjl.exe
  C:\Windows\System\bsxZvjl.exe
  2⤵
  PID:9492
- C:\Windows\System\uMwRYzI.exe
  C:\Windows\System\uMwRYzI.exe
  2⤵
  PID:9656
- C:\Windows\System\JogalMO.exe
  C:\Windows\System\JogalMO.exe
  2⤵
  PID:9864
- C:\Windows\System\bRTQGJI.exe
  C:\Windows\System\bRTQGJI.exe
  2⤵
  PID:9908
- C:\Windows\System\aaVCvUb.exe
  C:\Windows\System\aaVCvUb.exe
  2⤵
  PID:9984
- C:\Windows\System\LsdGZhY.exe
  C:\Windows\System\LsdGZhY.exe
  2⤵
  PID:9264
- C:\Windows\System\uCEyVDn.exe
  C:\Windows\System\uCEyVDn.exe
  2⤵
  PID:9764
- C:\Windows\System\CtNYBAH.exe
  C:\Windows\System\CtNYBAH.exe
  2⤵
  PID:9836
- C:\Windows\System\XObfJXP.exe
  C:\Windows\System\XObfJXP.exe
  2⤵
  PID:9956
- C:\Windows\System\vpgfYkl.exe
  C:\Windows\System\vpgfYkl.exe
  2⤵
  PID:10064
- C:\Windows\System\ScuKseG.exe
  C:\Windows\System\ScuKseG.exe
  2⤵
  PID:10212
- C:\Windows\System\jQFIkJR.exe
  C:\Windows\System\jQFIkJR.exe
  2⤵
  PID:8552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CHnATYi.exe

Filesize
6.0MB

MD5
e4390262369591a3edd1fcaac53d8308

SHA1
bd4215af95ed981cac90998284008c435bd9ac2c

SHA256
ebf1f69795fbfae989c5d5c335615ca12230a68d2bb1d77055277ccf32301bc8

SHA512
cb3a59ca95c8f60c0281c422911287de57c5caf95eee98de242c5e0e0d0265c036d59288daa643a5e45d1dbe5833abad05bb9ba04dd8c13f085b97220e0305b2

Download Submit
C:\Windows\system\GZDaaHQ.exe

Filesize
6.0MB

MD5
b79f1d9934858d75875fcefdd706f8df

SHA1
fab505efec6013d20f7bdc5ec068cc7fe62ee821

SHA256
6e17d0728f11f60f02be9e9e0a89357fef83f265043d7908f07f2e410d9e68bf

SHA512
01f75cd832630e56a1cd2826beed8640051ae0e3c2fe7d5d58cd72a8c6b231d31211e13a46c87714de962e0d6203334109a68b59fc721996fa7ba188ccdf8e06

Download Submit
C:\Windows\system\IBhzYsB.exe

Filesize
6.0MB

MD5
e47326fb5a0545d56e6cdc4c131c4859

SHA1
97dd7a1fff41ed3f39722559744349cbd5c17050

SHA256
bf1911d39bdcf70fa0e677f90b03edcd1b29ea917b56c2196bd9dd1a46e8219b

SHA512
c2b63e0d5e0c90a2b88f31fe23e0d64fcac2fd7f823080132936bb79be8c41ad65d710490c38f5cfbf8ff73faa011c271f9f5feb968dee1b667dc6b5be69a64f

Download Submit
C:\Windows\system\IrChlFZ.exe

Filesize
6.0MB

MD5
1e130340115310df993f571539b8d3c8

SHA1
405977f6aa8e0eb75436048a4a53122c05beb4ba

SHA256
b1dc463e668acf50ecff46d31b925d319fe3e2fb5f8addbc6de13f4b854cb598

SHA512
ab4b011f074bb4a99aa39e5dfc96e21abef63f692469a514c64462e84231da4e16f454216bdca3d6ff2124be075c28fc864fd576d201d656514d036f32b70629

Download Submit
C:\Windows\system\KbOEsMK.exe

Filesize
6.0MB

MD5
1b91ca99d64d13305dee9f0e53edfbb7

SHA1
c71ebe2767d9f68fa36c184e041169e4daa5853c

SHA256
1178c0abd9fe81a09baa5bcbd1b0ca5052777cf0edea08b2842a5337c5495296

SHA512
5dba5c6f160a52ae68b152b933a2dd74ca02e36829b72d2d2aef14ae18f28e1419d194a74d9cf4ca7ce7a788249bbfeb8db13144f04bac84726bf47cd3eabdf3

Download Submit
C:\Windows\system\MiixtQq.exe

Filesize
6.0MB

MD5
08221f33d9470188ea0fab8ed06b0e5f

SHA1
03142d7318737648ae6c87b9c8c496c81f8f9dab

SHA256
a12dedbbe00199811be4cf43e2131561a85cfe151e90446a02bb051dc5b566a7

SHA512
3b182feaae79bd4f3c335ce45c1d2d6a17df4c0c6a97b4ab889b30773ee270e7e614048a418fd7b1d4207980acdef80525d00c480ca74db02e21c98bc31df715

Download Submit
C:\Windows\system\PSlRCts.exe

Filesize
6.0MB

MD5
fa978d1db15ddc9b138b1cbd7faa67ef

SHA1
701ffb275d9d0d58407573c611f3b7dc96b29f06

SHA256
c7f9ef19b060122be95c9ccd61e0d4337b2d9206333581a0dcd8ecff8a5c4c83

SHA512
af565803857a762a73cf1ae726b66c60456b06d2de7455d7a75cfd6554060a107a33c52d1ef0dd9b70fd6d15b0a47c4a2a2976311165ad657b07be6b9c9d469b

Download Submit
C:\Windows\system\PozsrWN.exe

Filesize
8B

MD5
7cb7c669d07161b89225d159ae48e2eb

SHA1
74f59f289ca85f8adf98025137eae13372f323e5

SHA256
6a6bf82380acff356ff60103982ffcf0a53ad0c00e7ffde5beb53c6be351b969

SHA512
c2e7391234f4ee1bf4fd29abec5c6b1547d2160032a735e5b2e4a1240c3610dbb5ab59217fc3ee24d584b6c6be4ff92356725c81fd057a01ecbc685730fa580a

Download Submit
C:\Windows\system\QjPPzmD.exe

Filesize
6.0MB

MD5
e6c67ef64cdbc246d79c0fdeab53dbf3

SHA1
8a11c8c649c1ee4b95e4c722ece509d7d41d7458

SHA256
9bf5d41793e4bed9eed3daa23a0dc45459bf72ade2c42846daaa50e9b45ecd5a

SHA512
0bbfa5e18cea74aee0060870b1b98f0972781a46475b2e5a4690eba182a7408e14e97c789764ac3cfbae24b289397ed60972a0c40dbbafea2cf861ebdc1aa8e4

Download Submit
C:\Windows\system\RGTDWaZ.exe

Filesize
6.0MB

MD5
fec227c3f5e9c05fb9b0ba1e07500906

SHA1
3aa68b959bda9011da094b2207af3213b58ecd82

SHA256
4040e65542c8b595aefd79e3f28e5bc0ad33df5050805738fc695c47b4ee2415

SHA512
0bc0220d1012c69943dbb8871732f6370eb1744db5f725ff926c676804131f380276ac3d7a8361e716b7d15637684d2fe03e5f5f62eea30e7461cd841382ccc4

Download Submit
C:\Windows\system\RQsXAdZ.exe

Filesize
6.0MB

MD5
99106e849de6cd58bc3c59692b89db77

SHA1
aa596f34ec46c3dfef211d19c350997b223c7623

SHA256
a4bac3233a7583ab778d7c09a579e10659729fe07a1b0343ca038dcd6abaa9ae

SHA512
7f125fd9f66a42e933ce2a87f63cc078dbd815b3d88224594fe467c66cff8d5cf2fb23085e10560199eb2f0a02f5b064f0c7051a83fc03a612d11978e291f7b9

Download Submit
C:\Windows\system\RqpvfoC.exe

Filesize
6.0MB

MD5
5b80267eb9a06e3edc9d9a9a9b441ba4

SHA1
b979449efaa192869403a70194d34e1f51a33a54

SHA256
8dc8d68faa706cda796cdeca2ab246ff955da0cabf14a771b7922d27ee23d202

SHA512
1a07d8167dd33b736a515bdb0923c696a64a3ac64d0c5458f2e8247703cf11d816d52188dfb894e5592ba59cb0ac1ce6f448f65cb882a0054255f6f1574074a7

Download Submit
C:\Windows\system\UlMwVNo.exe

Filesize
6.0MB

MD5
1e76056f4bf8810ac9f6a1c34e10886f

SHA1
390b78fe5f35f6a444ad5a56a54fe9a848a0a67a

SHA256
12ffcd135af91bc69a7e965e8e382232540dea62444b3017851311b5f16410dc

SHA512
5ee6f8636b9d0d806e969ad41b7166bdb04f1fd23110fae5050d888269e31c8b593b23ff61d2e5a282bd3844365bd7accd3f09c08c21528f5c45446ca861fcf4

Download Submit
C:\Windows\system\ataVZQs.exe

Filesize
6.0MB

MD5
2efad999cc0d801231157809f3812556

SHA1
dc6cbb37e909b864827964096faae7cc0cd84f4b

SHA256
74620ef240edf34167a9fd97b50126fc349c0ae70ba950cbf2847ab87f68ab04

SHA512
9d12f467c71b526e47c2755e51b40fa1b0d8e9f604431d2aeb1c50decc0fc144de4c56ad7845038ee6d929ccd0333a9174f009069219f61c04bb6b1c7ff666d9

Download Submit
C:\Windows\system\bdTxfDU.exe

Filesize
6.0MB

MD5
08cbc28db4ff93a66de6e5ddac1b2d83

SHA1
2ed447c1eacf2dae3c55a6f4dc8a42a2e2034158

SHA256
bab60ba959e26ee47fd7fa60de76850f5d4290b2aa5efd8e32097e67fee72081

SHA512
1f413c29d3b94411aba047df2717843fdab4a13af5504522fb0fe0e3b2fcba4cf94c36e3f27ae0a80627191b9fea56683c389e1358c1582fa31f4c1281e32760

Download Submit
C:\Windows\system\coqSkgF.exe

Filesize
6.0MB

MD5
be2c585cdc99764630a6a2ea5f3f0918

SHA1
6a0d39ce8881127c73413f4260b3dc90072b65cb

SHA256
a875be2f800aa39e99d22a8b9975553846388d70530541ff5b45541c9019b824

SHA512
0544a311fe028b8f30cdab7ad8e529c9f0658a8f35f8c9bfb43f77362a7df156177d929ec7747bf809aedcf3563b24f48c59406e66a8d2d814a6836fdbfd9f35

Download Submit
C:\Windows\system\deLVzNN.exe

Filesize
6.0MB

MD5
f431e55534b001593129116db031cf9a

SHA1
82602af5b88c0ae676005e15a2aab7a267b2650d

SHA256
0c6f96afbfe92dc582f6948f7be498cb82dfa7bba1358666cbff34e2672d7585

SHA512
5a011a1165799b0ade219eed80ff007372f93ead3b3e4b310c7a28339642de8b98f1d06e069d4440d638c356189ac0d0a8516d0dfaf11c7d73b7e6a612300a4c

Download Submit
C:\Windows\system\fJdbzXj.exe

Filesize
6.0MB

MD5
5ad29abed76efe5961ede2e4518cf6cf

SHA1
d71fb088530be2fc8c41e2baa8726c605ed8bbd2

SHA256
16b4ba79dbdccd4221d9f2d456e7316b463b079d081e117fa8bd915acda8662a

SHA512
97dafe361bc989084683063ce7186ba73203cbff536e44265f75b0e23cb5f8cf4a5d495ff4eaaca67b2f8e31ff96f5d298762bea80a9a6054100fb4d4591b70d

Download Submit
C:\Windows\system\fNicDBV.exe

Filesize
6.0MB

MD5
16e124ec8f65f68f50ef4d4e2095c667

SHA1
31beb993a415f0f62dd82598a5f043fdf685b3e7

SHA256
5a9cd33a0cede82bfd0ccb711bc5d1922b44828882a1119132a2bc65fb49484d

SHA512
1668f70e534bb25f323a6b82d8704d17ff404b00df0efaa1de2ae2ae049ed54d5ed4b94078bbb7d939970a63cda5e094d54a7605c1232133ce7ccf737bdcb374

Download Submit
C:\Windows\system\gOYLbhN.exe

Filesize
6.0MB

MD5
dd532accad0813fe389b1facbae2e521

SHA1
deea000649a4451b0961cc157658498fdcea1f0e

SHA256
dfb3b28258426d15964176cedd7ddfde12be4ea7d10b0224365a9f3c5f15d36a

SHA512
ff9606e0ae484ccc5a962f52432ced1ff3db26bbc5ada862343ed5d950b69c53946f61496b4597492be780e7a6f4fd1a25aa1104ee145f920d5589ad29e24764

Download Submit
C:\Windows\system\jTWGtNG.exe

Filesize
6.0MB

MD5
55aecee04e24410d798f0b28e099fbe0

SHA1
1cc1f7af82c57ddad9312e6b70d682478c810880

SHA256
f29619fa5271edefbc0a7a68dfb8c1ebd49e77c8c1bd947c6d694f34975c2fb0

SHA512
8b857a97fd36fc1624a653e2320bb3da16e953559b5f3a8a1f49891182889e8e38433dfc070792e2b852a5c175d5661d18d377fc32ba46f7b87aee26dcf7fb98

Download Submit
C:\Windows\system\lvctoNw.exe

Filesize
6.0MB

MD5
dfa80b8429d0ca17e6772560bb49eb8f

SHA1
ea674280a60ebe36c5fa9e6529e1d3786cfe82db

SHA256
d621a27b64231f6a1630776b4cd82a4f97812d8a204731587e4044e84d112bd8

SHA512
b79da3d55ae06259e18726f6deda562965376250ddd73588184196fa7725b98030bfc0f6a0a46427cffd911c392959511e58f344ec647e5cc560aa9d057d8bac

Download Submit
C:\Windows\system\lxFIWeS.exe

Filesize
6.0MB

MD5
d89f6719c4e06bcc03e5eb67cb50bb52

SHA1
ecc4fa46cb33b02067900ef4b3481b0cc84625dd

SHA256
803952883dc4486333cad5adf113df6ca5db72680f0a3ac3928816c50bb13091

SHA512
f99ed88f9cf49d32f7cb1eeb446a2c7d44fbdd7c79a4cfabfa5b009c0f761267e514a63547b2eaa53d57f4f961e01c44363f1b42a2c2833b5c1694013ff06bbd

Download Submit
C:\Windows\system\nLzaGvh.exe

Filesize
6.0MB

MD5
5e8d1b63b5c76b21895aaa40722dee49

SHA1
355ee1a5b42a69332cbe5ddc53182a44726db27f

SHA256
d930f33a11d723004f554055e6d3705cbf663137cc036ab9dbe989f276771c22

SHA512
c6371d17fcf61dac47d943e1ab2e6dbf037a2028cc2fd05d045fa3c2bf9d61cca827f0719547044fc617a556bf651b7c281112e1d30496604975ef0f42311660

Download Submit
C:\Windows\system\nMtnZfk.exe

Filesize
6.0MB

MD5
b8afbd0a6bbb50794099feeb81acf0f8

SHA1
3990f15149c057a6f97ed8c91b196bff18cf437a

SHA256
5fe3c2bed402eb1f7974e3f238368888ca5583d37e8611ebf75014705c0af82c

SHA512
6e2c0d557c5f6d1649ec9cfa67a29477ae7dd735c08f8af81cf9d6cdf28ea99b3940fc7d04cfc53dd9535e96eae58dc18ce424139eb49f8e4f33843fd8b6939a

Download Submit
C:\Windows\system\pgqgElE.exe

Filesize
6.0MB

MD5
916f313920de3351dfcf2bcdfccc3943

SHA1
b41b38243cc07e169b8e19adddd776a8c1a07b88

SHA256
e93f1bbb47b17166694537d924e2d9245ad145c96cfbb29c7415eef9e79c6bb2

SHA512
ab0b857fd90027557aec884c5b392dfe272febc8058a43566d479f48888161a2df9be9e155eeb23e512f0e273cfe99518b0dbdcd929ed242434d8865f466d4b2

Download Submit
C:\Windows\system\rPZIeuH.exe

Filesize
6.0MB

MD5
fe0e559fde21b03ffca739a834630d62

SHA1
31630e51cbfa64749805dce69ec387ed65a2410a

SHA256
3cededd34566cb308d8c2277842966626c6a0f553b185d6d389687fef157c0ea

SHA512
7ddedfd044d3bfe2223349351fff1ae1105c03602c92a6500ce85093b74cd197a5b6dc449e984bc3be8766626add4345954a3a1480810397766348fbca90aced

Download Submit
C:\Windows\system\vDPDErV.exe

Filesize
6.0MB

MD5
8095ee7ebc5f8b508c476b3e922aa6a6

SHA1
b41d0b91f83810b886acacd64535cd6fad328688

SHA256
7cf8f4b59614480968a3f8b51abd5c6cab12d6b52a0c3df2b6ee7181901c6aab

SHA512
2982b6febc488240db0d6b8541ee5d76d233ecce04bbedc8f3b92c779668033dcc72d281750a8500ff6c1d6a962b61468ea898011706585dbca8817cf8ad9345

Download Submit
C:\Windows\system\yXPKyAf.exe

Filesize
6.0MB

MD5
9a83740695142e6d323f484a9bba61aa

SHA1
91d35d668612207b96b4c67b6c722ec6d42b4b47

SHA256
9ed02b29de95f6e519361f5a6f61e31c879626aadd57fbdc21b771cd7be96f8e

SHA512
f3aa576ed5ffd645a79c08238ac6416cca85b78cb5f3731796c588a2d53121fbbaa7d6aaac6ebdbd71a8fed365e25de24f242e428545823b64a05db63466bdc7

Download Submit
\Windows\system\OQOjARX.exe

Filesize
6.0MB

MD5
d4c27921a0a91a9b185869ddee2a82c3

SHA1
719728b05adb942656fca20ade06b6e409136355

SHA256
462843d44309f0dd12bcfad83ac831159358d055d95f4e96058e6b3adf490483

SHA512
d1133b607aff96df7c425493a6694ed995d2e9c88abab7028178ff641a3b6f5a9a408a95c4ecd4dc20b5b6dc220410e9b90d822514b7aba13142567f53bf320c

Download Submit
\Windows\system\aeEBDhN.exe

Filesize
6.0MB

MD5
9eb0aa7fdd4e2a88cbc08b063241a8db

SHA1
52c9a373833df55e969299fff60c033d9bdd82b9

SHA256
0ec995a815ead2237836c3bf53b4f3868290e685f923fe5f80bd117ee58beaa5

SHA512
92cfe7b75b7ff80626acc23ab3033b1b8e913fe806effd59ed3642b95f313d39b12c5cf1ad3ab80e18b0b3594204de81a959265b43995cd70418d571a2d71f41

Download Submit
\Windows\system\utgrzvb.exe

Filesize
6.0MB

MD5
5bbe547a3bfa6eac05d0a9dddbe642f0

SHA1
0ceef86ab4e9e9421672d03a6311dbef45742bf5

SHA256
a16adb6ca7c979fcb3b034115b2c177ad8515cd263a332473269f5088adc2f05

SHA512
889376a24d911d459172005b009107edae7990892bdf5b306a9d2b29882df4dddfddef5fbefe31ce8cf5bfee087080881ccbee216bd57b8ef42c7e9411416022

Download Submit
\Windows\system\zRiaKrK.exe

Filesize
6.0MB

MD5
7d82b9c92ef6f19964df14dcf24d41e6

SHA1
f728989508754edbe756673df6b7a771a9aa72d2

SHA256
1f37ed19db93add79966c2cf66dbf73595b972fc3ef7685ccff0df7f7cd6a68f

SHA512
a8e3a730119f192598901f0ba696ddd9f0d208caf8752e5bb867367d58f5b7912e4f7a5e91961667db479acba46f809ec0be6da6a96b9e6224642f001f19ec5a

Download Submit
memory/1432-90-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1432-666-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1432-3336-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1732-3248-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/1732-42-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/1992-106-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/1992-3338-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/1992-1156-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2272-3264-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2272-67-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2272-105-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-14-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2380-51-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2380-3246-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2424-78-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2424-35-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2424-3244-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2624-225-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2624-73-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3269-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2676-3247-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2676-62-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2676-24-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2692-918-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-98-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-3337-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-85-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2816-44-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3253-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3262-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2824-64-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2940-28-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-69-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-3245-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-89-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-55-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-3290-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-30-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/3004-111-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/3004-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/3004-0-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/3004-34-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/3004-39-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-88-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-46-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/3004-12-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/3004-70-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/3004-94-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-97-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/3004-110-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/3004-102-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/3004-27-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-65-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-63-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/3004-1280-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/3004-1041-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/3004-799-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-18-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-6-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-427-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-3335-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-81-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download