cobaltstrike | 1e5933bcbb7495389390ce4701b7c98afb972f5bc22748ffdd7e3e31395563d5

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
30-12-2024 02:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

aa80de1b478fce18ae7a7a91212820b1
SHA1

d852aa687f15ebca07db2d594cde64cc0cd5a9fa
SHA256

1e5933bcbb7495389390ce4701b7c98afb972f5bc22748ffdd7e3e31395563d5
SHA512

65a7c781a289b6a46f761290276017b81c39c4f268121b956b1d88156a3925c834a9f8da6b4ee90d73977cd4285be800a688f810a623d6751e95a4522868502b
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUi:T+q56utgpPF8u/7i

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d00000001202b-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d54-7.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d67-14.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d6b-18.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d6f-22.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d77-25.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-37.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-41.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a8-53.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c16-61.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019246-65.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000016d2a-77.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019297-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019451-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b9-129.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a9-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019458-121.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-109.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b6-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a6-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019360-97.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933f-93.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019269-74.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019250-69.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b4e-57.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878e-49.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018744-45.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186f4-33.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d9f-30.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 62 IoCs

miner

resource	yara_rule
behavioral1/memory/2416-0-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x000d00000001202b-3.dat	xmrig
behavioral1/files/0x0007000000016d54-7.dat	xmrig
behavioral1/files/0x0007000000016d67-14.dat	xmrig
behavioral1/files/0x0007000000016d6b-18.dat	xmrig
behavioral1/files/0x0007000000016d6f-22.dat	xmrig
behavioral1/files/0x0009000000016d77-25.dat	xmrig
behavioral1/files/0x0005000000018704-37.dat	xmrig
behavioral1/files/0x0005000000018739-41.dat	xmrig
behavioral1/files/0x00050000000187a8-53.dat	xmrig
behavioral1/files/0x0006000000018c16-61.dat	xmrig
behavioral1/files/0x0005000000019246-65.dat	xmrig
behavioral1/files/0x000a000000016d2a-77.dat	xmrig
behavioral1/files/0x0005000000019297-89.dat	xmrig
behavioral1/files/0x0005000000019451-117.dat	xmrig
behavioral1/memory/2624-463-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2200-471-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2836-475-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2856-518-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2980-516-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2784-492-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/2936-486-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2252-514-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2944-512-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2556-473-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/1752-469-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/860-467-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2760-465-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2368-459-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194b9-129.dat	xmrig
behavioral1/files/0x00050000000194a9-125.dat	xmrig
behavioral1/files/0x0005000000019458-121.dat	xmrig
behavioral1/files/0x00050000000193df-113.dat	xmrig
behavioral1/files/0x00050000000193c4-109.dat	xmrig
behavioral1/files/0x00050000000193b6-105.dat	xmrig
behavioral1/files/0x00050000000193a6-101.dat	xmrig
behavioral1/files/0x0005000000019360-97.dat	xmrig
behavioral1/files/0x000500000001933f-93.dat	xmrig
behavioral1/files/0x0005000000019284-85.dat	xmrig
behavioral1/files/0x0005000000019278-81.dat	xmrig
behavioral1/files/0x0005000000019269-74.dat	xmrig
behavioral1/files/0x0005000000019250-69.dat	xmrig
behavioral1/files/0x0006000000018b4e-57.dat	xmrig
behavioral1/files/0x000500000001878e-49.dat	xmrig
behavioral1/files/0x0005000000018744-45.dat	xmrig
behavioral1/files/0x00060000000186f4-33.dat	xmrig
behavioral1/files/0x0008000000016d9f-30.dat	xmrig
behavioral1/memory/2556-3548-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2760-3565-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2368-3551-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2624-3714-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2784-3713-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/2200-3712-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2252-3711-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2936-3708-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2836-3715-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2856-3716-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/860-3717-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2416-3582-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2944-3718-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2980-3719-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2980-3720-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2368	hdhXNUr.exe
2624	CouDOIO.exe
2760	gaQyfns.exe
860	CJXtjMZ.exe
1752	KowcwBs.exe
2200	kEeEURL.exe
2556	IahMxTR.exe
2836	vrAgXkU.exe
2936	uwkYbKz.exe
2784	QZdmtgT.exe
2944	IBSiiYj.exe
2252	wxyHqAK.exe
2980	KhlEdTf.exe
2856	TVkiPKJ.exe
2844	XlIbhYC.exe
2792	cGPkgDL.exe
2696	PmZfDfX.exe
2752	OMJeBkc.exe
2328	mtExERz.exe
2324	CSIQzQr.exe
1688	JxiQhgE.exe
1480	VOzaxmS.exe
3016	kHEsMBY.exe
3044	tgCIcZz.exe
3028	evuTdAQ.exe
1312	zgtKNZL.exe
1564	ULuvgdY.exe
1924	TkjQkex.exe
2348	UMxdvne.exe
472	gZZthVw.exe
596	DIzRcKI.exe
700	QVlSDjl.exe
2404	ZwNVkUk.exe
1512	dBDZxpW.exe
2300	KZTtoev.exe
2124	xecQRwA.exe
2088	OqPwnWN.exe
1920	ZszZIQz.exe
764	hAoPDpl.exe
2144	kiCnkWH.exe
2296	KjNwNNv.exe
1848	hNKiFeT.exe
2020	ppakMVA.exe
2320	MybMywH.exe
1396	zZdWkxl.exe
2232	cecuxpV.exe
3040	moKmncn.exe
900	EKDGQgC.exe
1768	bdFimdR.exe
1304	VaWiHhq.exe
1812	UvoioYw.exe
1840	WuOutho.exe
1232	hiFfZiu.exe
920	apjwNib.exe
956	SaXKyLp.exe
2432	ZQQgMms.exe
2236	RJhVkJr.exe
2208	uFkhDDr.exe
2164	GgSWUyi.exe
1724	KVFXiIt.exe
304	pIlQhdy.exe
1028	RTKVGgB.exe
2280	KiIdGbu.exe
2448	HAOTNZe.exe

Loads dropped DLL 64 IoCs

pid	Process
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2416-0-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x000d00000001202b-3.dat	upx
behavioral1/files/0x0007000000016d54-7.dat	upx
behavioral1/files/0x0007000000016d67-14.dat	upx
behavioral1/files/0x0007000000016d6b-18.dat	upx
behavioral1/files/0x0007000000016d6f-22.dat	upx
behavioral1/files/0x0009000000016d77-25.dat	upx
behavioral1/files/0x0005000000018704-37.dat	upx
behavioral1/files/0x0005000000018739-41.dat	upx
behavioral1/files/0x00050000000187a8-53.dat	upx
behavioral1/files/0x0006000000018c16-61.dat	upx
behavioral1/files/0x0005000000019246-65.dat	upx
behavioral1/files/0x000a000000016d2a-77.dat	upx
behavioral1/files/0x0005000000019297-89.dat	upx
behavioral1/files/0x0005000000019451-117.dat	upx
behavioral1/memory/2624-463-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2200-471-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2836-475-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2856-518-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2980-516-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2784-492-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2936-486-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2252-514-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2944-512-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2556-473-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/1752-469-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/860-467-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2760-465-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2368-459-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/files/0x00050000000194b9-129.dat	upx
behavioral1/files/0x00050000000194a9-125.dat	upx
behavioral1/files/0x0005000000019458-121.dat	upx
behavioral1/files/0x00050000000193df-113.dat	upx
behavioral1/files/0x00050000000193c4-109.dat	upx
behavioral1/files/0x00050000000193b6-105.dat	upx
behavioral1/files/0x00050000000193a6-101.dat	upx
behavioral1/files/0x0005000000019360-97.dat	upx
behavioral1/files/0x000500000001933f-93.dat	upx
behavioral1/files/0x0005000000019284-85.dat	upx
behavioral1/files/0x0005000000019278-81.dat	upx
behavioral1/files/0x0005000000019269-74.dat	upx
behavioral1/files/0x0005000000019250-69.dat	upx
behavioral1/files/0x0006000000018b4e-57.dat	upx
behavioral1/files/0x000500000001878e-49.dat	upx
behavioral1/files/0x0005000000018744-45.dat	upx
behavioral1/files/0x00060000000186f4-33.dat	upx
behavioral1/files/0x0008000000016d9f-30.dat	upx
behavioral1/memory/2556-3548-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2760-3565-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2368-3551-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2624-3714-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2784-3713-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2200-3712-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2252-3711-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2936-3708-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2836-3715-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2856-3716-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/860-3717-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2416-3582-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2944-3718-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2980-3719-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2980-3720-0x000000013F320000-0x000000013F674000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\dHfViAj.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xWqGnPI.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DTRIEtp.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nfaKdHq.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GgSWUyi.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LLVsGKJ.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ncVsLTt.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uxkAVSC.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fPLoZZQ.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IftkUXZ.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YSDtPWB.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eybKcSj.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TiUKjqR.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TtCtAyP.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eAFcxMM.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ACpXCVD.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hdhXNUr.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FkxDEmC.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uWrIZWS.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dOmOzxV.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PmZfDfX.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aLVlzrV.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cXdpPci.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RkBLVRU.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FEHulyc.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xNPkocV.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sVmnBsK.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yGPSQGe.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GaTIDAy.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\diVNOUy.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EPsCbxi.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FpYytyK.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wGddHkp.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NjNznpE.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PsawOuH.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GtVSgXv.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hvaErbW.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iyYuWob.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ulBdHmz.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\okYJUWP.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tjxAmjm.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hYTmSlC.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nfLGrgo.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\axsNyQF.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LfAENkO.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nmwglKk.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DeigYxc.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tuQNfvK.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ORzElff.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qazidvJ.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GWRmddV.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XvAOlMF.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GvNerPR.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CFFSSbu.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EzBuQjr.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IruUWqa.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dqleXFc.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZumWfNf.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VdHwTKG.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iHBniQu.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\arPAsvg.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mEvzmiq.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hAVGRiW.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pTPPWzu.exe	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 2368	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2416 wrote to memory of 2368	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2416 wrote to memory of 2368	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2416 wrote to memory of 2624	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2416 wrote to memory of 2624	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2416 wrote to memory of 2624	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2416 wrote to memory of 2760	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2416 wrote to memory of 2760	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2416 wrote to memory of 2760	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2416 wrote to memory of 860	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2416 wrote to memory of 860	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2416 wrote to memory of 860	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2416 wrote to memory of 1752	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2416 wrote to memory of 1752	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2416 wrote to memory of 1752	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2416 wrote to memory of 2200	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2416 wrote to memory of 2200	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2416 wrote to memory of 2200	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2416 wrote to memory of 2556	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2416 wrote to memory of 2556	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2416 wrote to memory of 2556	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2416 wrote to memory of 2836	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2416 wrote to memory of 2836	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2416 wrote to memory of 2836	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2416 wrote to memory of 2936	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2416 wrote to memory of 2936	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2416 wrote to memory of 2936	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2416 wrote to memory of 2784	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2416 wrote to memory of 2784	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2416 wrote to memory of 2784	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2416 wrote to memory of 2944	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2416 wrote to memory of 2944	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2416 wrote to memory of 2944	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2416 wrote to memory of 2252	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2416 wrote to memory of 2252	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2416 wrote to memory of 2252	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2416 wrote to memory of 2980	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2416 wrote to memory of 2980	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2416 wrote to memory of 2980	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2416 wrote to memory of 2856	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2416 wrote to memory of 2856	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2416 wrote to memory of 2856	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2416 wrote to memory of 2844	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2416 wrote to memory of 2844	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2416 wrote to memory of 2844	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2416 wrote to memory of 2792	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2416 wrote to memory of 2792	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2416 wrote to memory of 2792	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2416 wrote to memory of 2696	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2416 wrote to memory of 2696	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2416 wrote to memory of 2696	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2416 wrote to memory of 2752	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2416 wrote to memory of 2752	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2416 wrote to memory of 2752	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2416 wrote to memory of 2328	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2416 wrote to memory of 2328	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2416 wrote to memory of 2328	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2416 wrote to memory of 2324	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2416 wrote to memory of 2324	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2416 wrote to memory of 2324	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2416 wrote to memory of 1688	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2416 wrote to memory of 1688	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2416 wrote to memory of 1688	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2416 wrote to memory of 1480	2416	2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-30_aa80de1b478fce18ae7a7a91212820b1_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Windows\System\hdhXNUr.exe
  C:\Windows\System\hdhXNUr.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\CouDOIO.exe
  C:\Windows\System\CouDOIO.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\gaQyfns.exe
  C:\Windows\System\gaQyfns.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\CJXtjMZ.exe
  C:\Windows\System\CJXtjMZ.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\KowcwBs.exe
  C:\Windows\System\KowcwBs.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\kEeEURL.exe
  C:\Windows\System\kEeEURL.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\IahMxTR.exe
  C:\Windows\System\IahMxTR.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\vrAgXkU.exe
  C:\Windows\System\vrAgXkU.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\uwkYbKz.exe
  C:\Windows\System\uwkYbKz.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\QZdmtgT.exe
  C:\Windows\System\QZdmtgT.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\IBSiiYj.exe
  C:\Windows\System\IBSiiYj.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\wxyHqAK.exe
  C:\Windows\System\wxyHqAK.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\KhlEdTf.exe
  C:\Windows\System\KhlEdTf.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\TVkiPKJ.exe
  C:\Windows\System\TVkiPKJ.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\XlIbhYC.exe
  C:\Windows\System\XlIbhYC.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\cGPkgDL.exe
  C:\Windows\System\cGPkgDL.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\PmZfDfX.exe
  C:\Windows\System\PmZfDfX.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\OMJeBkc.exe
  C:\Windows\System\OMJeBkc.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\mtExERz.exe
  C:\Windows\System\mtExERz.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\CSIQzQr.exe
  C:\Windows\System\CSIQzQr.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\JxiQhgE.exe
  C:\Windows\System\JxiQhgE.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\VOzaxmS.exe
  C:\Windows\System\VOzaxmS.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\kHEsMBY.exe
  C:\Windows\System\kHEsMBY.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\tgCIcZz.exe
  C:\Windows\System\tgCIcZz.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\evuTdAQ.exe
  C:\Windows\System\evuTdAQ.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\zgtKNZL.exe
  C:\Windows\System\zgtKNZL.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\ULuvgdY.exe
  C:\Windows\System\ULuvgdY.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\TkjQkex.exe
  C:\Windows\System\TkjQkex.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\UMxdvne.exe
  C:\Windows\System\UMxdvne.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\gZZthVw.exe
  C:\Windows\System\gZZthVw.exe
  2⤵
  - Executes dropped EXE
  PID:472
- C:\Windows\System\DIzRcKI.exe
  C:\Windows\System\DIzRcKI.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\QVlSDjl.exe
  C:\Windows\System\QVlSDjl.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\ZwNVkUk.exe
  C:\Windows\System\ZwNVkUk.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\dBDZxpW.exe
  C:\Windows\System\dBDZxpW.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\KZTtoev.exe
  C:\Windows\System\KZTtoev.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\xecQRwA.exe
  C:\Windows\System\xecQRwA.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\OqPwnWN.exe
  C:\Windows\System\OqPwnWN.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\ZszZIQz.exe
  C:\Windows\System\ZszZIQz.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\hAoPDpl.exe
  C:\Windows\System\hAoPDpl.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\kiCnkWH.exe
  C:\Windows\System\kiCnkWH.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\KjNwNNv.exe
  C:\Windows\System\KjNwNNv.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\hNKiFeT.exe
  C:\Windows\System\hNKiFeT.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\ppakMVA.exe
  C:\Windows\System\ppakMVA.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\MybMywH.exe
  C:\Windows\System\MybMywH.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\zZdWkxl.exe
  C:\Windows\System\zZdWkxl.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\cecuxpV.exe
  C:\Windows\System\cecuxpV.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\moKmncn.exe
  C:\Windows\System\moKmncn.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\EKDGQgC.exe
  C:\Windows\System\EKDGQgC.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\bdFimdR.exe
  C:\Windows\System\bdFimdR.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\VaWiHhq.exe
  C:\Windows\System\VaWiHhq.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\UvoioYw.exe
  C:\Windows\System\UvoioYw.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\WuOutho.exe
  C:\Windows\System\WuOutho.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\hiFfZiu.exe
  C:\Windows\System\hiFfZiu.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\apjwNib.exe
  C:\Windows\System\apjwNib.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\SaXKyLp.exe
  C:\Windows\System\SaXKyLp.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\ZQQgMms.exe
  C:\Windows\System\ZQQgMms.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\RJhVkJr.exe
  C:\Windows\System\RJhVkJr.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\uFkhDDr.exe
  C:\Windows\System\uFkhDDr.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\GgSWUyi.exe
  C:\Windows\System\GgSWUyi.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\KVFXiIt.exe
  C:\Windows\System\KVFXiIt.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\pIlQhdy.exe
  C:\Windows\System\pIlQhdy.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\RTKVGgB.exe
  C:\Windows\System\RTKVGgB.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\KiIdGbu.exe
  C:\Windows\System\KiIdGbu.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\HAOTNZe.exe
  C:\Windows\System\HAOTNZe.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\HWNSAQD.exe
  C:\Windows\System\HWNSAQD.exe
  2⤵
  PID:276
- C:\Windows\System\VdHwTKG.exe
  C:\Windows\System\VdHwTKG.exe
  2⤵
  PID:1128
- C:\Windows\System\kUUxXVz.exe
  C:\Windows\System\kUUxXVz.exe
  2⤵
  PID:1504
- C:\Windows\System\KMBbPKC.exe
  C:\Windows\System\KMBbPKC.exe
  2⤵
  PID:2428
- C:\Windows\System\liUqXFy.exe
  C:\Windows\System\liUqXFy.exe
  2⤵
  PID:2612
- C:\Windows\System\PirJtla.exe
  C:\Windows\System\PirJtla.exe
  2⤵
  PID:2452
- C:\Windows\System\DXWBoTy.exe
  C:\Windows\System\DXWBoTy.exe
  2⤵
  PID:1712
- C:\Windows\System\XiAvWyN.exe
  C:\Windows\System\XiAvWyN.exe
  2⤵
  PID:1604
- C:\Windows\System\QiCIzhq.exe
  C:\Windows\System\QiCIzhq.exe
  2⤵
  PID:2060
- C:\Windows\System\PdpsVEI.exe
  C:\Windows\System\PdpsVEI.exe
  2⤵
  PID:2988
- C:\Windows\System\ETNkRpZ.exe
  C:\Windows\System\ETNkRpZ.exe
  2⤵
  PID:2540
- C:\Windows\System\EauYKae.exe
  C:\Windows\System\EauYKae.exe
  2⤵
  PID:2808
- C:\Windows\System\MTjwdMA.exe
  C:\Windows\System\MTjwdMA.exe
  2⤵
  PID:2912
- C:\Windows\System\bnRPnIj.exe
  C:\Windows\System\bnRPnIj.exe
  2⤵
  PID:2904
- C:\Windows\System\hBNDvAk.exe
  C:\Windows\System\hBNDvAk.exe
  2⤵
  PID:2708
- C:\Windows\System\anTcAxr.exe
  C:\Windows\System\anTcAxr.exe
  2⤵
  PID:2312
- C:\Windows\System\UgKzLoe.exe
  C:\Windows\System\UgKzLoe.exe
  2⤵
  PID:2712
- C:\Windows\System\axggOjW.exe
  C:\Windows\System\axggOjW.exe
  2⤵
  PID:2472
- C:\Windows\System\xhJXaxV.exe
  C:\Windows\System\xhJXaxV.exe
  2⤵
  PID:1524
- C:\Windows\System\WDeSqkl.exe
  C:\Windows\System\WDeSqkl.exe
  2⤵
  PID:3024
- C:\Windows\System\CztPeUT.exe
  C:\Windows\System\CztPeUT.exe
  2⤵
  PID:2008
- C:\Windows\System\rlQwjrA.exe
  C:\Windows\System\rlQwjrA.exe
  2⤵
  PID:2104
- C:\Windows\System\TMPCWSF.exe
  C:\Windows\System\TMPCWSF.exe
  2⤵
  PID:1660
- C:\Windows\System\CrpkvXO.exe
  C:\Windows\System\CrpkvXO.exe
  2⤵
  PID:1620
- C:\Windows\System\lletTog.exe
  C:\Windows\System\lletTog.exe
  2⤵
  PID:584
- C:\Windows\System\UZlnGTD.exe
  C:\Windows\System\UZlnGTD.exe
  2⤵
  PID:1380
- C:\Windows\System\qeSPoYq.exe
  C:\Windows\System\qeSPoYq.exe
  2⤵
  PID:1164
- C:\Windows\System\vOxXRaJ.exe
  C:\Windows\System\vOxXRaJ.exe
  2⤵
  PID:1124
- C:\Windows\System\gSOSHtZ.exe
  C:\Windows\System\gSOSHtZ.exe
  2⤵
  PID:2664
- C:\Windows\System\fXRAzAb.exe
  C:\Windows\System\fXRAzAb.exe
  2⤵
  PID:1940
- C:\Windows\System\MfZRnfm.exe
  C:\Windows\System\MfZRnfm.exe
  2⤵
  PID:1012
- C:\Windows\System\CdwzNtS.exe
  C:\Windows\System\CdwzNtS.exe
  2⤵
  PID:1552
- C:\Windows\System\qPZbIvE.exe
  C:\Windows\System\qPZbIvE.exe
  2⤵
  PID:1772
- C:\Windows\System\RQsXHvb.exe
  C:\Windows\System\RQsXHvb.exe
  2⤵
  PID:2872
- C:\Windows\System\bZHtCnH.exe
  C:\Windows\System\bZHtCnH.exe
  2⤵
  PID:1260
- C:\Windows\System\AuGftMW.exe
  C:\Windows\System\AuGftMW.exe
  2⤵
  PID:1200
- C:\Windows\System\kBmhBXz.exe
  C:\Windows\System\kBmhBXz.exe
  2⤵
  PID:1556
- C:\Windows\System\YMLOFWQ.exe
  C:\Windows\System\YMLOFWQ.exe
  2⤵
  PID:2528
- C:\Windows\System\hEfRlSt.exe
  C:\Windows\System\hEfRlSt.exe
  2⤵
  PID:612
- C:\Windows\System\MPyXMnC.exe
  C:\Windows\System\MPyXMnC.exe
  2⤵
  PID:1324
- C:\Windows\System\uRFqftx.exe
  C:\Windows\System\uRFqftx.exe
  2⤵
  PID:1736
- C:\Windows\System\mywzBKD.exe
  C:\Windows\System\mywzBKD.exe
  2⤵
  PID:2640
- C:\Windows\System\PHQszjX.exe
  C:\Windows\System\PHQszjX.exe
  2⤵
  PID:2100
- C:\Windows\System\yLhPoDK.exe
  C:\Windows\System\yLhPoDK.exe
  2⤵
  PID:1576
- C:\Windows\System\KVsHWeA.exe
  C:\Windows\System\KVsHWeA.exe
  2⤵
  PID:2004
- C:\Windows\System\RobRfHe.exe
  C:\Windows\System\RobRfHe.exe
  2⤵
  PID:2820
- C:\Windows\System\IejhpbO.exe
  C:\Windows\System\IejhpbO.exe
  2⤵
  PID:2968
- C:\Windows\System\IvHFDfF.exe
  C:\Windows\System\IvHFDfF.exe
  2⤵
  PID:2816
- C:\Windows\System\XHlGvwd.exe
  C:\Windows\System\XHlGvwd.exe
  2⤵
  PID:1904
- C:\Windows\System\hNrhZfe.exe
  C:\Windows\System\hNrhZfe.exe
  2⤵
  PID:1636
- C:\Windows\System\IFHhcwd.exe
  C:\Windows\System\IFHhcwd.exe
  2⤵
  PID:1852
- C:\Windows\System\Ckzzdsf.exe
  C:\Windows\System\Ckzzdsf.exe
  2⤵
  PID:772
- C:\Windows\System\wcPQiSx.exe
  C:\Windows\System\wcPQiSx.exe
  2⤵
  PID:1488
- C:\Windows\System\EVwazsP.exe
  C:\Windows\System\EVwazsP.exe
  2⤵
  PID:2172
- C:\Windows\System\jjkGvpN.exe
  C:\Windows\System\jjkGvpN.exe
  2⤵
  PID:2244
- C:\Windows\System\bhghMst.exe
  C:\Windows\System\bhghMst.exe
  2⤵
  PID:1700
- C:\Windows\System\xfnVRxC.exe
  C:\Windows\System\xfnVRxC.exe
  2⤵
  PID:1544
- C:\Windows\System\CqbcAlD.exe
  C:\Windows\System\CqbcAlD.exe
  2⤵
  PID:1048
- C:\Windows\System\bfZJfWX.exe
  C:\Windows\System\bfZJfWX.exe
  2⤵
  PID:1056
- C:\Windows\System\bahAaQY.exe
  C:\Windows\System\bahAaQY.exe
  2⤵
  PID:848
- C:\Windows\System\NNcCzjb.exe
  C:\Windows\System\NNcCzjb.exe
  2⤵
  PID:1824
- C:\Windows\System\SFTujXa.exe
  C:\Windows\System\SFTujXa.exe
  2⤵
  PID:884
- C:\Windows\System\XLSllCh.exe
  C:\Windows\System\XLSllCh.exe
  2⤵
  PID:2392
- C:\Windows\System\AVsOHce.exe
  C:\Windows\System\AVsOHce.exe
  2⤵
  PID:3084
- C:\Windows\System\kOZpptM.exe
  C:\Windows\System\kOZpptM.exe
  2⤵
  PID:3100
- C:\Windows\System\ZnlKnbG.exe
  C:\Windows\System\ZnlKnbG.exe
  2⤵
  PID:3116
- C:\Windows\System\qaCRHOZ.exe
  C:\Windows\System\qaCRHOZ.exe
  2⤵
  PID:3132
- C:\Windows\System\UWwikNR.exe
  C:\Windows\System\UWwikNR.exe
  2⤵
  PID:3148
- C:\Windows\System\uGeKYPM.exe
  C:\Windows\System\uGeKYPM.exe
  2⤵
  PID:3164
- C:\Windows\System\CMXeCOY.exe
  C:\Windows\System\CMXeCOY.exe
  2⤵
  PID:3180
- C:\Windows\System\pbndNvJ.exe
  C:\Windows\System\pbndNvJ.exe
  2⤵
  PID:3196
- C:\Windows\System\bhNgPSS.exe
  C:\Windows\System\bhNgPSS.exe
  2⤵
  PID:3212
- C:\Windows\System\KnpEUhL.exe
  C:\Windows\System\KnpEUhL.exe
  2⤵
  PID:3228
- C:\Windows\System\nCfoVOp.exe
  C:\Windows\System\nCfoVOp.exe
  2⤵
  PID:3244
- C:\Windows\System\udqjToU.exe
  C:\Windows\System\udqjToU.exe
  2⤵
  PID:3260
- C:\Windows\System\wxuxuCP.exe
  C:\Windows\System\wxuxuCP.exe
  2⤵
  PID:3276
- C:\Windows\System\UGUqxoh.exe
  C:\Windows\System\UGUqxoh.exe
  2⤵
  PID:3292
- C:\Windows\System\GUncgeb.exe
  C:\Windows\System\GUncgeb.exe
  2⤵
  PID:3308
- C:\Windows\System\WnquWiB.exe
  C:\Windows\System\WnquWiB.exe
  2⤵
  PID:3324
- C:\Windows\System\EUiOWGC.exe
  C:\Windows\System\EUiOWGC.exe
  2⤵
  PID:3340
- C:\Windows\System\fvTvZZw.exe
  C:\Windows\System\fvTvZZw.exe
  2⤵
  PID:3356
- C:\Windows\System\jTaMllc.exe
  C:\Windows\System\jTaMllc.exe
  2⤵
  PID:3372
- C:\Windows\System\mJlXXBr.exe
  C:\Windows\System\mJlXXBr.exe
  2⤵
  PID:3388
- C:\Windows\System\GSTTGVe.exe
  C:\Windows\System\GSTTGVe.exe
  2⤵
  PID:3404
- C:\Windows\System\PqtrWil.exe
  C:\Windows\System\PqtrWil.exe
  2⤵
  PID:3420
- C:\Windows\System\NdSqBzW.exe
  C:\Windows\System\NdSqBzW.exe
  2⤵
  PID:3436
- C:\Windows\System\dJWQFYN.exe
  C:\Windows\System\dJWQFYN.exe
  2⤵
  PID:3452
- C:\Windows\System\UbGqUBq.exe
  C:\Windows\System\UbGqUBq.exe
  2⤵
  PID:3468
- C:\Windows\System\GTrTCtq.exe
  C:\Windows\System\GTrTCtq.exe
  2⤵
  PID:3484
- C:\Windows\System\PeHpTjK.exe
  C:\Windows\System\PeHpTjK.exe
  2⤵
  PID:3500
- C:\Windows\System\SpnRbBj.exe
  C:\Windows\System\SpnRbBj.exe
  2⤵
  PID:3516
- C:\Windows\System\eybKcSj.exe
  C:\Windows\System\eybKcSj.exe
  2⤵
  PID:3532
- C:\Windows\System\VVWBXWA.exe
  C:\Windows\System\VVWBXWA.exe
  2⤵
  PID:3548
- C:\Windows\System\mdwHKMb.exe
  C:\Windows\System\mdwHKMb.exe
  2⤵
  PID:3564
- C:\Windows\System\UhnpIRu.exe
  C:\Windows\System\UhnpIRu.exe
  2⤵
  PID:3580
- C:\Windows\System\BixNLWL.exe
  C:\Windows\System\BixNLWL.exe
  2⤵
  PID:3596
- C:\Windows\System\vxRilij.exe
  C:\Windows\System\vxRilij.exe
  2⤵
  PID:3612
- C:\Windows\System\JAcaJnp.exe
  C:\Windows\System\JAcaJnp.exe
  2⤵
  PID:3628
- C:\Windows\System\VmHKvLg.exe
  C:\Windows\System\VmHKvLg.exe
  2⤵
  PID:3644
- C:\Windows\System\upxZzSq.exe
  C:\Windows\System\upxZzSq.exe
  2⤵
  PID:3660
- C:\Windows\System\ghrfSSB.exe
  C:\Windows\System\ghrfSSB.exe
  2⤵
  PID:3676
- C:\Windows\System\eaXOLJu.exe
  C:\Windows\System\eaXOLJu.exe
  2⤵
  PID:3692
- C:\Windows\System\xwWrwvu.exe
  C:\Windows\System\xwWrwvu.exe
  2⤵
  PID:3708
- C:\Windows\System\JBpknHN.exe
  C:\Windows\System\JBpknHN.exe
  2⤵
  PID:3724
- C:\Windows\System\dNhwGBR.exe
  C:\Windows\System\dNhwGBR.exe
  2⤵
  PID:3740
- C:\Windows\System\dWhyVCg.exe
  C:\Windows\System\dWhyVCg.exe
  2⤵
  PID:3756
- C:\Windows\System\PepuRwF.exe
  C:\Windows\System\PepuRwF.exe
  2⤵
  PID:3772
- C:\Windows\System\yGPSQGe.exe
  C:\Windows\System\yGPSQGe.exe
  2⤵
  PID:3788
- C:\Windows\System\nmSVrBj.exe
  C:\Windows\System\nmSVrBj.exe
  2⤵
  PID:3804
- C:\Windows\System\SwjQret.exe
  C:\Windows\System\SwjQret.exe
  2⤵
  PID:3820
- C:\Windows\System\JJsQBmj.exe
  C:\Windows\System\JJsQBmj.exe
  2⤵
  PID:3836
- C:\Windows\System\yBEFmGl.exe
  C:\Windows\System\yBEFmGl.exe
  2⤵
  PID:3852
- C:\Windows\System\DYiBezj.exe
  C:\Windows\System\DYiBezj.exe
  2⤵
  PID:3868
- C:\Windows\System\zhqGLEC.exe
  C:\Windows\System\zhqGLEC.exe
  2⤵
  PID:3884
- C:\Windows\System\efXWibh.exe
  C:\Windows\System\efXWibh.exe
  2⤵
  PID:3900
- C:\Windows\System\VVNEpQg.exe
  C:\Windows\System\VVNEpQg.exe
  2⤵
  PID:3916
- C:\Windows\System\cTbbOJI.exe
  C:\Windows\System\cTbbOJI.exe
  2⤵
  PID:3932
- C:\Windows\System\NTdjGcd.exe
  C:\Windows\System\NTdjGcd.exe
  2⤵
  PID:3948
- C:\Windows\System\yDhugjU.exe
  C:\Windows\System\yDhugjU.exe
  2⤵
  PID:3964
- C:\Windows\System\tvnALRv.exe
  C:\Windows\System\tvnALRv.exe
  2⤵
  PID:3980
- C:\Windows\System\sYJkWvH.exe
  C:\Windows\System\sYJkWvH.exe
  2⤵
  PID:4044
- C:\Windows\System\vUVBkPG.exe
  C:\Windows\System\vUVBkPG.exe
  2⤵
  PID:4060
- C:\Windows\System\GDxCyYJ.exe
  C:\Windows\System\GDxCyYJ.exe
  2⤵
  PID:4076
- C:\Windows\System\MCeRkIt.exe
  C:\Windows\System\MCeRkIt.exe
  2⤵
  PID:4092
- C:\Windows\System\bSlWYCE.exe
  C:\Windows\System\bSlWYCE.exe
  2⤵
  PID:2928
- C:\Windows\System\XOBzxvK.exe
  C:\Windows\System\XOBzxvK.exe
  2⤵
  PID:2684
- C:\Windows\System\fmxJuyy.exe
  C:\Windows\System\fmxJuyy.exe
  2⤵
  PID:2112
- C:\Windows\System\liEbwKT.exe
  C:\Windows\System\liEbwKT.exe
  2⤵
  PID:2068
- C:\Windows\System\vNtHKKg.exe
  C:\Windows\System\vNtHKKg.exe
  2⤵
  PID:3092
- C:\Windows\System\CFFSSbu.exe
  C:\Windows\System\CFFSSbu.exe
  2⤵
  PID:3140
- C:\Windows\System\Yomftxj.exe
  C:\Windows\System\Yomftxj.exe
  2⤵
  PID:3172
- C:\Windows\System\maSciJt.exe
  C:\Windows\System\maSciJt.exe
  2⤵
  PID:3204
- C:\Windows\System\FKSrpcR.exe
  C:\Windows\System\FKSrpcR.exe
  2⤵
  PID:3224
- C:\Windows\System\YjzCpbr.exe
  C:\Windows\System\YjzCpbr.exe
  2⤵
  PID:3284
- C:\Windows\System\qCkEjoG.exe
  C:\Windows\System\qCkEjoG.exe
  2⤵
  PID:3332
- C:\Windows\System\hhJicOI.exe
  C:\Windows\System\hhJicOI.exe
  2⤵
  PID:3352
- C:\Windows\System\TyHwahD.exe
  C:\Windows\System\TyHwahD.exe
  2⤵
  PID:3384
- C:\Windows\System\xvrVkni.exe
  C:\Windows\System\xvrVkni.exe
  2⤵
  PID:3428
- C:\Windows\System\gMJwpKb.exe
  C:\Windows\System\gMJwpKb.exe
  2⤵
  PID:3460
- C:\Windows\System\iIXZMGn.exe
  C:\Windows\System\iIXZMGn.exe
  2⤵
  PID:3480
- C:\Windows\System\FmORcue.exe
  C:\Windows\System\FmORcue.exe
  2⤵
  PID:3524
- C:\Windows\System\AjgYmFu.exe
  C:\Windows\System\AjgYmFu.exe
  2⤵
  PID:3556
- C:\Windows\System\PkjECUv.exe
  C:\Windows\System\PkjECUv.exe
  2⤵
  PID:3620
- C:\Windows\System\AqfVcuC.exe
  C:\Windows\System\AqfVcuC.exe
  2⤵
  PID:3656
- C:\Windows\System\SKAuoar.exe
  C:\Windows\System\SKAuoar.exe
  2⤵
  PID:3812
- C:\Windows\System\JZqGgyK.exe
  C:\Windows\System\JZqGgyK.exe
  2⤵
  PID:3640
- C:\Windows\System\YCmMbPm.exe
  C:\Windows\System\YCmMbPm.exe
  2⤵
  PID:3912
- C:\Windows\System\QIRgTnk.exe
  C:\Windows\System\QIRgTnk.exe
  2⤵
  PID:3976
- C:\Windows\System\BtUBtqw.exe
  C:\Windows\System\BtUBtqw.exe
  2⤵
  PID:3704
- C:\Windows\System\BRjfNBB.exe
  C:\Windows\System\BRjfNBB.exe
  2⤵
  PID:4056
- C:\Windows\System\CUxtdiq.exe
  C:\Windows\System\CUxtdiq.exe
  2⤵
  PID:3764
- C:\Windows\System\vjKuNJJ.exe
  C:\Windows\System\vjKuNJJ.exe
  2⤵
  PID:1080
- C:\Windows\System\rLzUKKO.exe
  C:\Windows\System\rLzUKKO.exe
  2⤵
  PID:3828
- C:\Windows\System\HpIpGRu.exe
  C:\Windows\System\HpIpGRu.exe
  2⤵
  PID:4008
- C:\Windows\System\naXAFcp.exe
  C:\Windows\System\naXAFcp.exe
  2⤵
  PID:4024
- C:\Windows\System\ExJlRHj.exe
  C:\Windows\System\ExJlRHj.exe
  2⤵
  PID:4068
- C:\Windows\System\IVweFRT.exe
  C:\Windows\System\IVweFRT.exe
  2⤵
  PID:1436
- C:\Windows\System\gRMxXUK.exe
  C:\Windows\System\gRMxXUK.exe
  2⤵
  PID:3860
- C:\Windows\System\XeCpVPQ.exe
  C:\Windows\System\XeCpVPQ.exe
  2⤵
  PID:3992
- C:\Windows\System\hvZcnVM.exe
  C:\Windows\System\hvZcnVM.exe
  2⤵
  PID:3896
- C:\Windows\System\GFxUcGM.exe
  C:\Windows\System\GFxUcGM.exe
  2⤵
  PID:3124
- C:\Windows\System\DNBbaKM.exe
  C:\Windows\System\DNBbaKM.exe
  2⤵
  PID:3272
- C:\Windows\System\QHMVzaI.exe
  C:\Windows\System\QHMVzaI.exe
  2⤵
  PID:3412
- C:\Windows\System\gnsetgT.exe
  C:\Windows\System\gnsetgT.exe
  2⤵
  PID:3560
- C:\Windows\System\lpnrewq.exe
  C:\Windows\System\lpnrewq.exe
  2⤵
  PID:3848
- C:\Windows\System\gvAOTJf.exe
  C:\Windows\System\gvAOTJf.exe
  2⤵
  PID:4052
- C:\Windows\System\giJgEEn.exe
  C:\Windows\System\giJgEEn.exe
  2⤵
  PID:4004
- C:\Windows\System\kTKLaSN.exe
  C:\Windows\System\kTKLaSN.exe
  2⤵
  PID:3832
- C:\Windows\System\wUipDVU.exe
  C:\Windows\System\wUipDVU.exe
  2⤵
  PID:3268
- C:\Windows\System\BYwqDQB.exe
  C:\Windows\System\BYwqDQB.exe
  2⤵
  PID:4108
- C:\Windows\System\kRPuivQ.exe
  C:\Windows\System\kRPuivQ.exe
  2⤵
  PID:4124
- C:\Windows\System\asZsgnZ.exe
  C:\Windows\System\asZsgnZ.exe
  2⤵
  PID:4140
- C:\Windows\System\QQVNvPS.exe
  C:\Windows\System\QQVNvPS.exe
  2⤵
  PID:4156
- C:\Windows\System\BGLyjRC.exe
  C:\Windows\System\BGLyjRC.exe
  2⤵
  PID:4172
- C:\Windows\System\ZkhzdHn.exe
  C:\Windows\System\ZkhzdHn.exe
  2⤵
  PID:4188
- C:\Windows\System\ogEPPfp.exe
  C:\Windows\System\ogEPPfp.exe
  2⤵
  PID:4204
- C:\Windows\System\hIkIxzg.exe
  C:\Windows\System\hIkIxzg.exe
  2⤵
  PID:4232
- C:\Windows\System\GaTIDAy.exe
  C:\Windows\System\GaTIDAy.exe
  2⤵
  PID:4248
- C:\Windows\System\wPyAYom.exe
  C:\Windows\System\wPyAYom.exe
  2⤵
  PID:4264
- C:\Windows\System\LIftTwI.exe
  C:\Windows\System\LIftTwI.exe
  2⤵
  PID:4280
- C:\Windows\System\JvREdTL.exe
  C:\Windows\System\JvREdTL.exe
  2⤵
  PID:4296
- C:\Windows\System\hvronrp.exe
  C:\Windows\System\hvronrp.exe
  2⤵
  PID:4312
- C:\Windows\System\hpOhriI.exe
  C:\Windows\System\hpOhriI.exe
  2⤵
  PID:4328
- C:\Windows\System\FxDRRYl.exe
  C:\Windows\System\FxDRRYl.exe
  2⤵
  PID:4344
- C:\Windows\System\LfAENkO.exe
  C:\Windows\System\LfAENkO.exe
  2⤵
  PID:4360
- C:\Windows\System\xDlILam.exe
  C:\Windows\System\xDlILam.exe
  2⤵
  PID:4376
- C:\Windows\System\BcYgQpT.exe
  C:\Windows\System\BcYgQpT.exe
  2⤵
  PID:4392
- C:\Windows\System\IwKFPap.exe
  C:\Windows\System\IwKFPap.exe
  2⤵
  PID:4408
- C:\Windows\System\SQcUsFJ.exe
  C:\Windows\System\SQcUsFJ.exe
  2⤵
  PID:4424
- C:\Windows\System\SFXrkoo.exe
  C:\Windows\System\SFXrkoo.exe
  2⤵
  PID:4440
- C:\Windows\System\BBXtgfF.exe
  C:\Windows\System\BBXtgfF.exe
  2⤵
  PID:4456
- C:\Windows\System\AvThkDw.exe
  C:\Windows\System\AvThkDw.exe
  2⤵
  PID:4472
- C:\Windows\System\GzdptMS.exe
  C:\Windows\System\GzdptMS.exe
  2⤵
  PID:4488
- C:\Windows\System\goMQQxi.exe
  C:\Windows\System\goMQQxi.exe
  2⤵
  PID:4504
- C:\Windows\System\oYkrPna.exe
  C:\Windows\System\oYkrPna.exe
  2⤵
  PID:4520
- C:\Windows\System\zBZtVJA.exe
  C:\Windows\System\zBZtVJA.exe
  2⤵
  PID:4536
- C:\Windows\System\EzBuQjr.exe
  C:\Windows\System\EzBuQjr.exe
  2⤵
  PID:4552
- C:\Windows\System\tmsaxZt.exe
  C:\Windows\System\tmsaxZt.exe
  2⤵
  PID:4568
- C:\Windows\System\LLVsGKJ.exe
  C:\Windows\System\LLVsGKJ.exe
  2⤵
  PID:4584
- C:\Windows\System\gmbaIUh.exe
  C:\Windows\System\gmbaIUh.exe
  2⤵
  PID:4600
- C:\Windows\System\LcVLZmw.exe
  C:\Windows\System\LcVLZmw.exe
  2⤵
  PID:4616
- C:\Windows\System\fJpRCmv.exe
  C:\Windows\System\fJpRCmv.exe
  2⤵
  PID:4632
- C:\Windows\System\ocerlba.exe
  C:\Windows\System\ocerlba.exe
  2⤵
  PID:4648
- C:\Windows\System\bVvpLWN.exe
  C:\Windows\System\bVvpLWN.exe
  2⤵
  PID:4664
- C:\Windows\System\zebmhLX.exe
  C:\Windows\System\zebmhLX.exe
  2⤵
  PID:4704
- C:\Windows\System\xxugGVi.exe
  C:\Windows\System\xxugGVi.exe
  2⤵
  PID:4720
- C:\Windows\System\PMlnTSI.exe
  C:\Windows\System\PMlnTSI.exe
  2⤵
  PID:4736
- C:\Windows\System\tBuOdda.exe
  C:\Windows\System\tBuOdda.exe
  2⤵
  PID:4752
- C:\Windows\System\IrRBAFR.exe
  C:\Windows\System\IrRBAFR.exe
  2⤵
  PID:4768
- C:\Windows\System\pAIVfVN.exe
  C:\Windows\System\pAIVfVN.exe
  2⤵
  PID:4784
- C:\Windows\System\TgGbeDl.exe
  C:\Windows\System\TgGbeDl.exe
  2⤵
  PID:4800
- C:\Windows\System\aJOcCZw.exe
  C:\Windows\System\aJOcCZw.exe
  2⤵
  PID:4820
- C:\Windows\System\VlhAUBP.exe
  C:\Windows\System\VlhAUBP.exe
  2⤵
  PID:4836
- C:\Windows\System\pTRYDzy.exe
  C:\Windows\System\pTRYDzy.exe
  2⤵
  PID:4852
- C:\Windows\System\rWMimJy.exe
  C:\Windows\System\rWMimJy.exe
  2⤵
  PID:4868
- C:\Windows\System\bbznwrZ.exe
  C:\Windows\System\bbznwrZ.exe
  2⤵
  PID:4884
- C:\Windows\System\zFrFsBY.exe
  C:\Windows\System\zFrFsBY.exe
  2⤵
  PID:4904
- C:\Windows\System\DMnGNGq.exe
  C:\Windows\System\DMnGNGq.exe
  2⤵
  PID:4920
- C:\Windows\System\sGZdXCz.exe
  C:\Windows\System\sGZdXCz.exe
  2⤵
  PID:4936
- C:\Windows\System\GHgLqdK.exe
  C:\Windows\System\GHgLqdK.exe
  2⤵
  PID:4952
- C:\Windows\System\jBAITnj.exe
  C:\Windows\System\jBAITnj.exe
  2⤵
  PID:4968
- C:\Windows\System\hbcTclL.exe
  C:\Windows\System\hbcTclL.exe
  2⤵
  PID:4984
- C:\Windows\System\KiwokKw.exe
  C:\Windows\System\KiwokKw.exe
  2⤵
  PID:5000
- C:\Windows\System\SFmdTQJ.exe
  C:\Windows\System\SFmdTQJ.exe
  2⤵
  PID:5016
- C:\Windows\System\tnpWLKr.exe
  C:\Windows\System\tnpWLKr.exe
  2⤵
  PID:5032
- C:\Windows\System\diVNOUy.exe
  C:\Windows\System\diVNOUy.exe
  2⤵
  PID:5048
- C:\Windows\System\owbWmrR.exe
  C:\Windows\System\owbWmrR.exe
  2⤵
  PID:5064
- C:\Windows\System\svGcRGj.exe
  C:\Windows\System\svGcRGj.exe
  2⤵
  PID:5080
- C:\Windows\System\umIhRBs.exe
  C:\Windows\System\umIhRBs.exe
  2⤵
  PID:5096
- C:\Windows\System\EPsCbxi.exe
  C:\Windows\System\EPsCbxi.exe
  2⤵
  PID:5112
- C:\Windows\System\eecliCd.exe
  C:\Windows\System\eecliCd.exe
  2⤵
  PID:3736
- C:\Windows\System\HqhAfDB.exe
  C:\Windows\System\HqhAfDB.exe
  2⤵
  PID:3208
- C:\Windows\System\KNqSpbQ.exe
  C:\Windows\System\KNqSpbQ.exe
  2⤵
  PID:4104
- C:\Windows\System\eGBslFe.exe
  C:\Windows\System\eGBslFe.exe
  2⤵
  PID:3368
- C:\Windows\System\ahHjGxT.exe
  C:\Windows\System\ahHjGxT.exe
  2⤵
  PID:3496
- C:\Windows\System\hskayIS.exe
  C:\Windows\System\hskayIS.exe
  2⤵
  PID:4136
- C:\Windows\System\TuHzeXi.exe
  C:\Windows\System\TuHzeXi.exe
  2⤵
  PID:4200
- C:\Windows\System\IwvYFVF.exe
  C:\Windows\System\IwvYFVF.exe
  2⤵
  PID:3784
- C:\Windows\System\EpTlLsZ.exe
  C:\Windows\System\EpTlLsZ.exe
  2⤵
  PID:3700
- C:\Windows\System\rXqrcfx.exe
  C:\Windows\System\rXqrcfx.exe
  2⤵
  PID:3800
- C:\Windows\System\iHBniQu.exe
  C:\Windows\System\iHBniQu.exe
  2⤵
  PID:3032
- C:\Windows\System\mseYrzC.exe
  C:\Windows\System\mseYrzC.exe
  2⤵
  PID:3112
- C:\Windows\System\YSjIREj.exe
  C:\Windows\System\YSjIREj.exe
  2⤵
  PID:3844
- C:\Windows\System\QWIlWYx.exe
  C:\Windows\System\QWIlWYx.exe
  2⤵
  PID:3188
- C:\Windows\System\XPxiDgS.exe
  C:\Windows\System\XPxiDgS.exe
  2⤵
  PID:4152
- C:\Windows\System\xnRxtUk.exe
  C:\Windows\System\xnRxtUk.exe
  2⤵
  PID:4276
- C:\Windows\System\DarcjVD.exe
  C:\Windows\System\DarcjVD.exe
  2⤵
  PID:4340
- C:\Windows\System\ScRzKWC.exe
  C:\Windows\System\ScRzKWC.exe
  2⤵
  PID:4400
- C:\Windows\System\slSyJHT.exe
  C:\Windows\System\slSyJHT.exe
  2⤵
  PID:4468
- C:\Windows\System\tWioBJW.exe
  C:\Windows\System\tWioBJW.exe
  2⤵
  PID:4212
- C:\Windows\System\pxJYJcZ.exe
  C:\Windows\System\pxJYJcZ.exe
  2⤵
  PID:4496
- C:\Windows\System\yFPNSUa.exe
  C:\Windows\System\yFPNSUa.exe
  2⤵
  PID:4532
- C:\Windows\System\OjRXjCn.exe
  C:\Windows\System\OjRXjCn.exe
  2⤵
  PID:2688
- C:\Windows\System\ZXgvgtA.exe
  C:\Windows\System\ZXgvgtA.exe
  2⤵
  PID:3068
- C:\Windows\System\DtFUvIS.exe
  C:\Windows\System\DtFUvIS.exe
  2⤵
  PID:2956
- C:\Windows\System\DeTZQHx.exe
  C:\Windows\System\DeTZQHx.exe
  2⤵
  PID:2484
- C:\Windows\System\FThKxvv.exe
  C:\Windows\System\FThKxvv.exe
  2⤵
  PID:2548
- C:\Windows\System\nEZTafz.exe
  C:\Windows\System\nEZTafz.exe
  2⤵
  PID:3624
- C:\Windows\System\BIBADPB.exe
  C:\Windows\System\BIBADPB.exe
  2⤵
  PID:1796
- C:\Windows\System\vbMmdyF.exe
  C:\Windows\System\vbMmdyF.exe
  2⤵
  PID:3056
- C:\Windows\System\oIGHTex.exe
  C:\Windows\System\oIGHTex.exe
  2⤵
  PID:3048
- C:\Windows\System\lbRVyEx.exe
  C:\Windows\System\lbRVyEx.exe
  2⤵
  PID:2372
- C:\Windows\System\CDeeagG.exe
  C:\Windows\System\CDeeagG.exe
  2⤵
  PID:4644
- C:\Windows\System\EvbUHAz.exe
  C:\Windows\System\EvbUHAz.exe
  2⤵
  PID:4580
- C:\Windows\System\XRkWagc.exe
  C:\Windows\System\XRkWagc.exe
  2⤵
  PID:4516
- C:\Windows\System\njZNfYA.exe
  C:\Windows\System\njZNfYA.exe
  2⤵
  PID:4484
- C:\Windows\System\YwOrFSp.exe
  C:\Windows\System\YwOrFSp.exe
  2⤵
  PID:4384
- C:\Windows\System\gJgNjXJ.exe
  C:\Windows\System\gJgNjXJ.exe
  2⤵
  PID:4420
- C:\Windows\System\vONkifd.exe
  C:\Windows\System\vONkifd.exe
  2⤵
  PID:4596
- C:\Windows\System\lWkwapo.exe
  C:\Windows\System\lWkwapo.exe
  2⤵
  PID:756
- C:\Windows\System\ZyqNSGe.exe
  C:\Windows\System\ZyqNSGe.exe
  2⤵
  PID:4744
- C:\Windows\System\LVTZpiO.exe
  C:\Windows\System\LVTZpiO.exe
  2⤵
  PID:2396
- C:\Windows\System\UHDnFwo.exe
  C:\Windows\System\UHDnFwo.exe
  2⤵
  PID:4808
- C:\Windows\System\ZgZqgeX.exe
  C:\Windows\System\ZgZqgeX.exe
  2⤵
  PID:3316
- C:\Windows\System\POUIsrI.exe
  C:\Windows\System\POUIsrI.exe
  2⤵
  PID:4844
- C:\Windows\System\noAINAf.exe
  C:\Windows\System\noAINAf.exe
  2⤵
  PID:4880
- C:\Windows\System\ixspZfW.exe
  C:\Windows\System\ixspZfW.exe
  2⤵
  PID:3748
- C:\Windows\System\sraMNSh.exe
  C:\Windows\System\sraMNSh.exe
  2⤵
  PID:4900
- C:\Windows\System\OebnIBk.exe
  C:\Windows\System\OebnIBk.exe
  2⤵
  PID:4912
- C:\Windows\System\FlimbRt.exe
  C:\Windows\System\FlimbRt.exe
  2⤵
  PID:4992
- C:\Windows\System\eTgiOzw.exe
  C:\Windows\System\eTgiOzw.exe
  2⤵
  PID:5056
- C:\Windows\System\RfjOriG.exe
  C:\Windows\System\RfjOriG.exe
  2⤵
  PID:4964
- C:\Windows\System\ncVsLTt.exe
  C:\Windows\System\ncVsLTt.exe
  2⤵
  PID:2744
- C:\Windows\System\SnGYsvO.exe
  C:\Windows\System\SnGYsvO.exe
  2⤵
  PID:3528
- C:\Windows\System\USmcLTy.exe
  C:\Windows\System\USmcLTy.exe
  2⤵
  PID:3432
- C:\Windows\System\JMUhPbO.exe
  C:\Windows\System\JMUhPbO.exe
  2⤵
  PID:4944
- C:\Windows\System\zkzDXhn.exe
  C:\Windows\System\zkzDXhn.exe
  2⤵
  PID:4020
- C:\Windows\System\MsOoWwi.exe
  C:\Windows\System\MsOoWwi.exe
  2⤵
  PID:2896
- C:\Windows\System\axeHDzE.exe
  C:\Windows\System\axeHDzE.exe
  2⤵
  PID:5012
- C:\Windows\System\lMLOtBE.exe
  C:\Windows\System\lMLOtBE.exe
  2⤵
  PID:5076
- C:\Windows\System\ufVQcne.exe
  C:\Windows\System\ufVQcne.exe
  2⤵
  PID:3400
- C:\Windows\System\YSRIGlh.exe
  C:\Windows\System\YSRIGlh.exe
  2⤵
  PID:4148
- C:\Windows\System\BUwwHlf.exe
  C:\Windows\System\BUwwHlf.exe
  2⤵
  PID:4292
- C:\Windows\System\klFtJyH.exe
  C:\Windows\System\klFtJyH.exe
  2⤵
  PID:3304
- C:\Windows\System\bVDGhdl.exe
  C:\Windows\System\bVDGhdl.exe
  2⤵
  PID:3780
- C:\Windows\System\MZiKsrl.exe
  C:\Windows\System\MZiKsrl.exe
  2⤵
  PID:3144
- C:\Windows\System\vlfmMpz.exe
  C:\Windows\System\vlfmMpz.exe
  2⤵
  PID:4184
- C:\Windows\System\FBxsVpn.exe
  C:\Windows\System\FBxsVpn.exe
  2⤵
  PID:4256
- C:\Windows\System\euivCha.exe
  C:\Windows\System\euivCha.exe
  2⤵
  PID:3080
- C:\Windows\System\gveUwdB.exe
  C:\Windows\System\gveUwdB.exe
  2⤵
  PID:2464
- C:\Windows\System\rpmStGt.exe
  C:\Windows\System\rpmStGt.exe
  2⤵
  PID:2916
- C:\Windows\System\iTfNMez.exe
  C:\Windows\System\iTfNMez.exe
  2⤵
  PID:2920
- C:\Windows\System\WUknCZl.exe
  C:\Windows\System\WUknCZl.exe
  2⤵
  PID:4544
- C:\Windows\System\ArOgHap.exe
  C:\Windows\System\ArOgHap.exe
  2⤵
  PID:2948
- C:\Windows\System\fYyRXpH.exe
  C:\Windows\System\fYyRXpH.exe
  2⤵
  PID:2824
- C:\Windows\System\fCEyCEz.exe
  C:\Windows\System\fCEyCEz.exe
  2⤵
  PID:2964
- C:\Windows\System\ULWWRTL.exe
  C:\Windows\System\ULWWRTL.exe
  2⤵
  PID:4716
- C:\Windows\System\dOKFGSB.exe
  C:\Windows\System\dOKFGSB.exe
  2⤵
  PID:3688
- C:\Windows\System\uMnCAvF.exe
  C:\Windows\System\uMnCAvF.exe
  2⤵
  PID:3608
- C:\Windows\System\rYKJftQ.exe
  C:\Windows\System\rYKJftQ.exe
  2⤵
  PID:4608
- C:\Windows\System\cCMPndA.exe
  C:\Windows\System\cCMPndA.exe
  2⤵
  PID:3036
- C:\Windows\System\AISSTzc.exe
  C:\Windows\System\AISSTzc.exe
  2⤵
  PID:4448
- C:\Windows\System\xWtxyqy.exe
  C:\Windows\System\xWtxyqy.exe
  2⤵
  PID:4748
- C:\Windows\System\deyarub.exe
  C:\Windows\System\deyarub.exe
  2⤵
  PID:4876
- C:\Windows\System\bjstJez.exe
  C:\Windows\System\bjstJez.exe
  2⤵
  PID:4960
- C:\Windows\System\MprUjTe.exe
  C:\Windows\System\MprUjTe.exe
  2⤵
  PID:1060
- C:\Windows\System\nmwglKk.exe
  C:\Windows\System\nmwglKk.exe
  2⤵
  PID:5092
- C:\Windows\System\ibyuNru.exe
  C:\Windows\System\ibyuNru.exe
  2⤵
  PID:4196
- C:\Windows\System\QhcLkhu.exe
  C:\Windows\System\QhcLkhu.exe
  2⤵
  PID:1292
- C:\Windows\System\QtCriNO.exe
  C:\Windows\System\QtCriNO.exe
  2⤵
  PID:3908
- C:\Windows\System\ahWcmfN.exe
  C:\Windows\System\ahWcmfN.exe
  2⤵
  PID:2776
- C:\Windows\System\EIcYzCj.exe
  C:\Windows\System\EIcYzCj.exe
  2⤵
  PID:4436
- C:\Windows\System\vxTDXfY.exe
  C:\Windows\System\vxTDXfY.exe
  2⤵
  PID:3236
- C:\Windows\System\OzPXmLI.exe
  C:\Windows\System\OzPXmLI.exe
  2⤵
  PID:540
- C:\Windows\System\iWQJByE.exe
  C:\Windows\System\iWQJByE.exe
  2⤵
  PID:4700
- C:\Windows\System\huNFYHb.exe
  C:\Windows\System\huNFYHb.exe
  2⤵
  PID:908
- C:\Windows\System\BpQNbYV.exe
  C:\Windows\System\BpQNbYV.exe
  2⤵
  PID:2992
- C:\Windows\System\WRxzJPJ.exe
  C:\Windows\System\WRxzJPJ.exe
  2⤵
  PID:4628
- C:\Windows\System\NQHUbyS.exe
  C:\Windows\System\NQHUbyS.exe
  2⤵
  PID:4764
- C:\Windows\System\wGQgDtt.exe
  C:\Windows\System\wGQgDtt.exe
  2⤵
  PID:4564
- C:\Windows\System\qdfBskg.exe
  C:\Windows\System\qdfBskg.exe
  2⤵
  PID:4548
- C:\Windows\System\ATQphhb.exe
  C:\Windows\System\ATQphhb.exe
  2⤵
  PID:3672
- C:\Windows\System\fjiECNK.exe
  C:\Windows\System\fjiECNK.exe
  2⤵
  PID:5024
- C:\Windows\System\dNmncaF.exe
  C:\Windows\System\dNmncaF.exe
  2⤵
  PID:5060
- C:\Windows\System\XjQDJyf.exe
  C:\Windows\System\XjQDJyf.exe
  2⤵
  PID:880
- C:\Windows\System\ilmxBim.exe
  C:\Windows\System\ilmxBim.exe
  2⤵
  PID:1540
- C:\Windows\System\JNwxcru.exe
  C:\Windows\System\JNwxcru.exe
  2⤵
  PID:852
- C:\Windows\System\jBzIUbm.exe
  C:\Windows\System\jBzIUbm.exe
  2⤵
  PID:3972
- C:\Windows\System\wNAiqUe.exe
  C:\Windows\System\wNAiqUe.exe
  2⤵
  PID:4120
- C:\Windows\System\jOCkScL.exe
  C:\Windows\System\jOCkScL.exe
  2⤵
  PID:2580
- C:\Windows\System\XCOASXK.exe
  C:\Windows\System\XCOASXK.exe
  2⤵
  PID:4892
- C:\Windows\System\OqAwQtz.exe
  C:\Windows\System\OqAwQtz.exe
  2⤵
  PID:4780
- C:\Windows\System\AxPvUNn.exe
  C:\Windows\System\AxPvUNn.exe
  2⤵
  PID:4796
- C:\Windows\System\DTgfJwx.exe
  C:\Windows\System\DTgfJwx.exe
  2⤵
  PID:2888
- C:\Windows\System\QXZWara.exe
  C:\Windows\System\QXZWara.exe
  2⤵
  PID:3240
- C:\Windows\System\snmOYVH.exe
  C:\Windows\System\snmOYVH.exe
  2⤵
  PID:4244
- C:\Windows\System\UKfwzKD.exe
  C:\Windows\System\UKfwzKD.exe
  2⤵
  PID:1804
- C:\Windows\System\JSFaQGp.exe
  C:\Windows\System\JSFaQGp.exe
  2⤵
  PID:3156
- C:\Windows\System\pTDhnWC.exe
  C:\Windows\System\pTDhnWC.exe
  2⤵
  PID:264
- C:\Windows\System\MMkqflz.exe
  C:\Windows\System\MMkqflz.exe
  2⤵
  PID:580
- C:\Windows\System\UodWgBX.exe
  C:\Windows\System\UodWgBX.exe
  2⤵
  PID:4404
- C:\Windows\System\obHZUUH.exe
  C:\Windows\System\obHZUUH.exe
  2⤵
  PID:4612
- C:\Windows\System\PNeIFRw.exe
  C:\Windows\System\PNeIFRw.exe
  2⤵
  PID:5108
- C:\Windows\System\mzHjDYL.exe
  C:\Windows\System\mzHjDYL.exe
  2⤵
  PID:1528
- C:\Windows\System\EKAjhCj.exe
  C:\Windows\System\EKAjhCj.exe
  2⤵
  PID:5124
- C:\Windows\System\yPoVslq.exe
  C:\Windows\System\yPoVslq.exe
  2⤵
  PID:5140
- C:\Windows\System\lmmxpfJ.exe
  C:\Windows\System\lmmxpfJ.exe
  2⤵
  PID:5156
- C:\Windows\System\PCSMbXu.exe
  C:\Windows\System\PCSMbXu.exe
  2⤵
  PID:5172
- C:\Windows\System\AfTawYH.exe
  C:\Windows\System\AfTawYH.exe
  2⤵
  PID:5188
- C:\Windows\System\uxNuvVB.exe
  C:\Windows\System\uxNuvVB.exe
  2⤵
  PID:5204
- C:\Windows\System\PnczgXY.exe
  C:\Windows\System\PnczgXY.exe
  2⤵
  PID:5220
- C:\Windows\System\QEapRHp.exe
  C:\Windows\System\QEapRHp.exe
  2⤵
  PID:5236
- C:\Windows\System\izeLIIp.exe
  C:\Windows\System\izeLIIp.exe
  2⤵
  PID:5252
- C:\Windows\System\ZExxQHy.exe
  C:\Windows\System\ZExxQHy.exe
  2⤵
  PID:5268
- C:\Windows\System\slIXLAZ.exe
  C:\Windows\System\slIXLAZ.exe
  2⤵
  PID:5284
- C:\Windows\System\Lebvwrm.exe
  C:\Windows\System\Lebvwrm.exe
  2⤵
  PID:5300
- C:\Windows\System\QLecWvK.exe
  C:\Windows\System\QLecWvK.exe
  2⤵
  PID:5316
- C:\Windows\System\KrtveXF.exe
  C:\Windows\System\KrtveXF.exe
  2⤵
  PID:5332
- C:\Windows\System\OzoDyfm.exe
  C:\Windows\System\OzoDyfm.exe
  2⤵
  PID:5348
- C:\Windows\System\lojJonn.exe
  C:\Windows\System\lojJonn.exe
  2⤵
  PID:5364
- C:\Windows\System\mErlgAl.exe
  C:\Windows\System\mErlgAl.exe
  2⤵
  PID:5380
- C:\Windows\System\YycInUW.exe
  C:\Windows\System\YycInUW.exe
  2⤵
  PID:5396
- C:\Windows\System\ahsjwtU.exe
  C:\Windows\System\ahsjwtU.exe
  2⤵
  PID:5412
- C:\Windows\System\RhkJPmz.exe
  C:\Windows\System\RhkJPmz.exe
  2⤵
  PID:5428
- C:\Windows\System\UIadtJL.exe
  C:\Windows\System\UIadtJL.exe
  2⤵
  PID:5444
- C:\Windows\System\DYBIWuK.exe
  C:\Windows\System\DYBIWuK.exe
  2⤵
  PID:5460
- C:\Windows\System\BZMvlis.exe
  C:\Windows\System\BZMvlis.exe
  2⤵
  PID:5476
- C:\Windows\System\jrwCrGn.exe
  C:\Windows\System\jrwCrGn.exe
  2⤵
  PID:5492
- C:\Windows\System\KpxMQfy.exe
  C:\Windows\System\KpxMQfy.exe
  2⤵
  PID:5508
- C:\Windows\System\JzYEtOX.exe
  C:\Windows\System\JzYEtOX.exe
  2⤵
  PID:5524
- C:\Windows\System\KhamCEq.exe
  C:\Windows\System\KhamCEq.exe
  2⤵
  PID:5540
- C:\Windows\System\vvNFvBy.exe
  C:\Windows\System\vvNFvBy.exe
  2⤵
  PID:5556
- C:\Windows\System\NifRlsn.exe
  C:\Windows\System\NifRlsn.exe
  2⤵
  PID:5572
- C:\Windows\System\awXGguz.exe
  C:\Windows\System\awXGguz.exe
  2⤵
  PID:5588
- C:\Windows\System\yrasMHB.exe
  C:\Windows\System\yrasMHB.exe
  2⤵
  PID:5604
- C:\Windows\System\VtMXKNE.exe
  C:\Windows\System\VtMXKNE.exe
  2⤵
  PID:5620
- C:\Windows\System\iGwsSYz.exe
  C:\Windows\System\iGwsSYz.exe
  2⤵
  PID:5636
- C:\Windows\System\cueHleF.exe
  C:\Windows\System\cueHleF.exe
  2⤵
  PID:5652
- C:\Windows\System\gcJlGKO.exe
  C:\Windows\System\gcJlGKO.exe
  2⤵
  PID:5668
- C:\Windows\System\PkurbXP.exe
  C:\Windows\System\PkurbXP.exe
  2⤵
  PID:5684
- C:\Windows\System\PGJXJrX.exe
  C:\Windows\System\PGJXJrX.exe
  2⤵
  PID:5700
- C:\Windows\System\onVIOhD.exe
  C:\Windows\System\onVIOhD.exe
  2⤵
  PID:5716
- C:\Windows\System\vaaidFe.exe
  C:\Windows\System\vaaidFe.exe
  2⤵
  PID:5732
- C:\Windows\System\mCAcjJe.exe
  C:\Windows\System\mCAcjJe.exe
  2⤵
  PID:5748
- C:\Windows\System\dHfViAj.exe
  C:\Windows\System\dHfViAj.exe
  2⤵
  PID:5764
- C:\Windows\System\fcRUXDT.exe
  C:\Windows\System\fcRUXDT.exe
  2⤵
  PID:5804
- C:\Windows\System\hJlCmiA.exe
  C:\Windows\System\hJlCmiA.exe
  2⤵
  PID:5820
- C:\Windows\System\YbEemIA.exe
  C:\Windows\System\YbEemIA.exe
  2⤵
  PID:5836
- C:\Windows\System\IruUWqa.exe
  C:\Windows\System\IruUWqa.exe
  2⤵
  PID:5852
- C:\Windows\System\OGbCbAf.exe
  C:\Windows\System\OGbCbAf.exe
  2⤵
  PID:5872
- C:\Windows\System\cOabDXm.exe
  C:\Windows\System\cOabDXm.exe
  2⤵
  PID:5888
- C:\Windows\System\WeUccWg.exe
  C:\Windows\System\WeUccWg.exe
  2⤵
  PID:5904
- C:\Windows\System\Lommnpu.exe
  C:\Windows\System\Lommnpu.exe
  2⤵
  PID:5920
- C:\Windows\System\eOsnHMq.exe
  C:\Windows\System\eOsnHMq.exe
  2⤵
  PID:5936
- C:\Windows\System\mcxkKSB.exe
  C:\Windows\System\mcxkKSB.exe
  2⤵
  PID:5952
- C:\Windows\System\QYyUldz.exe
  C:\Windows\System\QYyUldz.exe
  2⤵
  PID:5976
- C:\Windows\System\irKfUup.exe
  C:\Windows\System\irKfUup.exe
  2⤵
  PID:6104
- C:\Windows\System\HBsFqXJ.exe
  C:\Windows\System\HBsFqXJ.exe
  2⤵
  PID:6128
- C:\Windows\System\mViCTrn.exe
  C:\Windows\System\mViCTrn.exe
  2⤵
  PID:2840
- C:\Windows\System\pwPRsyX.exe
  C:\Windows\System\pwPRsyX.exe
  2⤵
  PID:2680
- C:\Windows\System\dpTaiNi.exe
  C:\Windows\System\dpTaiNi.exe
  2⤵
  PID:5212
- C:\Windows\System\AokrkOS.exe
  C:\Windows\System\AokrkOS.exe
  2⤵
  PID:5276
- C:\Windows\System\sNBlyUZ.exe
  C:\Windows\System\sNBlyUZ.exe
  2⤵
  PID:5372
- C:\Windows\System\zPEjrQy.exe
  C:\Windows\System\zPEjrQy.exe
  2⤵
  PID:5376
- C:\Windows\System\jfIsOqG.exe
  C:\Windows\System\jfIsOqG.exe
  2⤵
  PID:3752
- C:\Windows\System\cDPvJGM.exe
  C:\Windows\System\cDPvJGM.exe
  2⤵
  PID:4352
- C:\Windows\System\zXbRQvh.exe
  C:\Windows\System\zXbRQvh.exe
  2⤵
  PID:2288
- C:\Windows\System\UuZDIdJ.exe
  C:\Windows\System\UuZDIdJ.exe
  2⤵
  PID:5168
- C:\Windows\System\MBahCvU.exe
  C:\Windows\System\MBahCvU.exe
  2⤵
  PID:5260
- C:\Windows\System\oHjtrVY.exe
  C:\Windows\System\oHjtrVY.exe
  2⤵
  PID:5296
- C:\Windows\System\LRqMRjf.exe
  C:\Windows\System\LRqMRjf.exe
  2⤵
  PID:5388
- C:\Windows\System\ZBXPblf.exe
  C:\Windows\System\ZBXPblf.exe
  2⤵
  PID:5456
- C:\Windows\System\XTmWpMI.exe
  C:\Windows\System\XTmWpMI.exe
  2⤵
  PID:4528
- C:\Windows\System\FqyAebF.exe
  C:\Windows\System\FqyAebF.exe
  2⤵
  PID:5548
- C:\Windows\System\mRxiluf.exe
  C:\Windows\System\mRxiluf.exe
  2⤵
  PID:5232
- C:\Windows\System\BgKQQLu.exe
  C:\Windows\System\BgKQQLu.exe
  2⤵
  PID:5424
- C:\Windows\System\MtJyeSN.exe
  C:\Windows\System\MtJyeSN.exe
  2⤵
  PID:5472
- C:\Windows\System\lxAmtem.exe
  C:\Windows\System\lxAmtem.exe
  2⤵
  PID:5532
- C:\Windows\System\ilQqXgY.exe
  C:\Windows\System\ilQqXgY.exe
  2⤵
  PID:5596
- C:\Windows\System\jXfbhpM.exe
  C:\Windows\System\jXfbhpM.exe
  2⤵
  PID:5660
- C:\Windows\System\okYJUWP.exe
  C:\Windows\System\okYJUWP.exe
  2⤵
  PID:5724
- C:\Windows\System\FkxDEmC.exe
  C:\Windows\System\FkxDEmC.exe
  2⤵
  PID:5756
- C:\Windows\System\tdewiZr.exe
  C:\Windows\System\tdewiZr.exe
  2⤵
  PID:5740
- C:\Windows\System\pQFmhaQ.exe
  C:\Windows\System\pQFmhaQ.exe
  2⤵
  PID:5828
- C:\Windows\System\RmqGCgi.exe
  C:\Windows\System\RmqGCgi.exe
  2⤵
  PID:5896
- C:\Windows\System\PHOzCeW.exe
  C:\Windows\System\PHOzCeW.exe
  2⤵
  PID:5932
- C:\Windows\System\AryyHxY.exe
  C:\Windows\System\AryyHxY.exe
  2⤵
  PID:5884
- C:\Windows\System\KkegtVr.exe
  C:\Windows\System\KkegtVr.exe
  2⤵
  PID:5912
- C:\Windows\System\jNzDNCM.exe
  C:\Windows\System\jNzDNCM.exe
  2⤵
  PID:5984
- C:\Windows\System\XtqjpIY.exe
  C:\Windows\System\XtqjpIY.exe
  2⤵
  PID:5996
- C:\Windows\System\nzvZQST.exe
  C:\Windows\System\nzvZQST.exe
  2⤵
  PID:6012
- C:\Windows\System\CosrjIv.exe
  C:\Windows\System\CosrjIv.exe
  2⤵
  PID:6028
- C:\Windows\System\pMIlPzY.exe
  C:\Windows\System\pMIlPzY.exe
  2⤵
  PID:6044
- C:\Windows\System\acBSdev.exe
  C:\Windows\System\acBSdev.exe
  2⤵
  PID:6060
- C:\Windows\System\dqleXFc.exe
  C:\Windows\System\dqleXFc.exe
  2⤵
  PID:6072
- C:\Windows\System\bIXMDEI.exe
  C:\Windows\System\bIXMDEI.exe
  2⤵
  PID:6092
- C:\Windows\System\cXiTknv.exe
  C:\Windows\System\cXiTknv.exe
  2⤵
  PID:6120
- C:\Windows\System\lYhXhRp.exe
  C:\Windows\System\lYhXhRp.exe
  2⤵
  PID:6140
- C:\Windows\System\CnnFYjg.exe
  C:\Windows\System\CnnFYjg.exe
  2⤵
  PID:4000
- C:\Windows\System\IKEvJRw.exe
  C:\Windows\System\IKEvJRw.exe
  2⤵
  PID:5436
- C:\Windows\System\egHqgNm.exe
  C:\Windows\System\egHqgNm.exe
  2⤵
  PID:5164
- C:\Windows\System\CzpfpgF.exe
  C:\Windows\System\CzpfpgF.exe
  2⤵
  PID:5344
- C:\Windows\System\kbEWWoh.exe
  C:\Windows\System\kbEWWoh.exe
  2⤵
  PID:4692
- C:\Windows\System\xRzyjba.exe
  C:\Windows\System\xRzyjba.exe
  2⤵
  PID:5356
- C:\Windows\System\QinpobP.exe
  C:\Windows\System\QinpobP.exe
  2⤵
  PID:5520
- C:\Windows\System\TiUKjqR.exe
  C:\Windows\System\TiUKjqR.exe
  2⤵
  PID:5628
- C:\Windows\System\XHZsZYk.exe
  C:\Windows\System\XHZsZYk.exe
  2⤵
  PID:5488
- C:\Windows\System\ZyXddzk.exe
  C:\Windows\System\ZyXddzk.exe
  2⤵
  PID:5564
- C:\Windows\System\lptmnzr.exe
  C:\Windows\System\lptmnzr.exe
  2⤵
  PID:5708
- C:\Windows\System\BTOezGW.exe
  C:\Windows\System\BTOezGW.exe
  2⤵
  PID:5928
- C:\Windows\System\XcySkii.exe
  C:\Windows\System\XcySkii.exe
  2⤵
  PID:1732
- C:\Windows\System\FvLhaaM.exe
  C:\Windows\System\FvLhaaM.exe
  2⤵
  PID:5616
- C:\Windows\System\EJvlMrf.exe
  C:\Windows\System\EJvlMrf.exe
  2⤵
  PID:5880
- C:\Windows\System\MHOixFv.exe
  C:\Windows\System\MHOixFv.exe
  2⤵
  PID:6008
- C:\Windows\System\eGTMsUk.exe
  C:\Windows\System\eGTMsUk.exe
  2⤵
  PID:6040
- C:\Windows\System\mriGSrj.exe
  C:\Windows\System\mriGSrj.exe
  2⤵
  PID:6076
- C:\Windows\System\eoTQmQZ.exe
  C:\Windows\System\eoTQmQZ.exe
  2⤵
  PID:6136
- C:\Windows\System\wliSiVn.exe
  C:\Windows\System\wliSiVn.exe
  2⤵
  PID:5280
- C:\Windows\System\CibGlYo.exe
  C:\Windows\System\CibGlYo.exe
  2⤵
  PID:5132
- C:\Windows\System\wdgHiRR.exe
  C:\Windows\System\wdgHiRR.exe
  2⤵
  PID:5500
- C:\Windows\System\HzSXiTi.exe
  C:\Windows\System\HzSXiTi.exe
  2⤵
  PID:5776
- C:\Windows\System\fYexGoV.exe
  C:\Windows\System\fYexGoV.exe
  2⤵
  PID:5972
- C:\Windows\System\qazidvJ.exe
  C:\Windows\System\qazidvJ.exe
  2⤵
  PID:5632
- C:\Windows\System\ayKJMRg.exe
  C:\Windows\System\ayKJMRg.exe
  2⤵
  PID:5868
- C:\Windows\System\bQJBUJI.exe
  C:\Windows\System\bQJBUJI.exe
  2⤵
  PID:5200
- C:\Windows\System\CYrLeeg.exe
  C:\Windows\System\CYrLeeg.exe
  2⤵
  PID:6112
- C:\Windows\System\MoGtYoF.exe
  C:\Windows\System\MoGtYoF.exe
  2⤵
  PID:6032
- C:\Windows\System\AsFHtLX.exe
  C:\Windows\System\AsFHtLX.exe
  2⤵
  PID:5696
- C:\Windows\System\CFniFLu.exe
  C:\Windows\System\CFniFLu.exe
  2⤵
  PID:6056
- C:\Windows\System\mEhHyzO.exe
  C:\Windows\System\mEhHyzO.exe
  2⤵
  PID:6124
- C:\Windows\System\qxLJcSB.exe
  C:\Windows\System\qxLJcSB.exe
  2⤵
  PID:5516
- C:\Windows\System\sqBUddk.exe
  C:\Windows\System\sqBUddk.exe
  2⤵
  PID:6160
- C:\Windows\System\VtaYlPV.exe
  C:\Windows\System\VtaYlPV.exe
  2⤵
  PID:6176
- C:\Windows\System\NKvVjmI.exe
  C:\Windows\System\NKvVjmI.exe
  2⤵
  PID:6192
- C:\Windows\System\NEsgxbm.exe
  C:\Windows\System\NEsgxbm.exe
  2⤵
  PID:6208
- C:\Windows\System\uDgJAkL.exe
  C:\Windows\System\uDgJAkL.exe
  2⤵
  PID:6224
- C:\Windows\System\ZumWfNf.exe
  C:\Windows\System\ZumWfNf.exe
  2⤵
  PID:6244
- C:\Windows\System\JLKvMyR.exe
  C:\Windows\System\JLKvMyR.exe
  2⤵
  PID:6260
- C:\Windows\System\ssCeHik.exe
  C:\Windows\System\ssCeHik.exe
  2⤵
  PID:6328
- C:\Windows\System\CFnUOjo.exe
  C:\Windows\System\CFnUOjo.exe
  2⤵
  PID:6364
- C:\Windows\System\GXyhzbs.exe
  C:\Windows\System\GXyhzbs.exe
  2⤵
  PID:6380
- C:\Windows\System\NPLGnxn.exe
  C:\Windows\System\NPLGnxn.exe
  2⤵
  PID:6396
- C:\Windows\System\xWqGnPI.exe
  C:\Windows\System\xWqGnPI.exe
  2⤵
  PID:6412
- C:\Windows\System\CvrsQsA.exe
  C:\Windows\System\CvrsQsA.exe
  2⤵
  PID:6432
- C:\Windows\System\cLRGmux.exe
  C:\Windows\System\cLRGmux.exe
  2⤵
  PID:6448
- C:\Windows\System\IOLNFRu.exe
  C:\Windows\System\IOLNFRu.exe
  2⤵
  PID:6464
- C:\Windows\System\LSHCzEi.exe
  C:\Windows\System\LSHCzEi.exe
  2⤵
  PID:6480
- C:\Windows\System\dAgsZmN.exe
  C:\Windows\System\dAgsZmN.exe
  2⤵
  PID:6496
- C:\Windows\System\FUYMkWP.exe
  C:\Windows\System\FUYMkWP.exe
  2⤵
  PID:6512
- C:\Windows\System\UIFaFdw.exe
  C:\Windows\System\UIFaFdw.exe
  2⤵
  PID:6528
- C:\Windows\System\KiLPaAD.exe
  C:\Windows\System\KiLPaAD.exe
  2⤵
  PID:6544
- C:\Windows\System\KuIMjzG.exe
  C:\Windows\System\KuIMjzG.exe
  2⤵
  PID:6560
- C:\Windows\System\ZhhIVwT.exe
  C:\Windows\System\ZhhIVwT.exe
  2⤵
  PID:6576
- C:\Windows\System\IjRbWsb.exe
  C:\Windows\System\IjRbWsb.exe
  2⤵
  PID:6592
- C:\Windows\System\dXOKdnJ.exe
  C:\Windows\System\dXOKdnJ.exe
  2⤵
  PID:6608
- C:\Windows\System\mmqWKRc.exe
  C:\Windows\System\mmqWKRc.exe
  2⤵
  PID:6624
- C:\Windows\System\OguTkNK.exe
  C:\Windows\System\OguTkNK.exe
  2⤵
  PID:6640
- C:\Windows\System\xLiJJmN.exe
  C:\Windows\System\xLiJJmN.exe
  2⤵
  PID:6656
- C:\Windows\System\NzPDjcp.exe
  C:\Windows\System\NzPDjcp.exe
  2⤵
  PID:6680
- C:\Windows\System\WBxyfow.exe
  C:\Windows\System\WBxyfow.exe
  2⤵
  PID:6696
- C:\Windows\System\mmAJPqI.exe
  C:\Windows\System\mmAJPqI.exe
  2⤵
  PID:6712
- C:\Windows\System\lVeiMXm.exe
  C:\Windows\System\lVeiMXm.exe
  2⤵
  PID:6728
- C:\Windows\System\stwFEtY.exe
  C:\Windows\System\stwFEtY.exe
  2⤵
  PID:6744
- C:\Windows\System\MsFlzpB.exe
  C:\Windows\System\MsFlzpB.exe
  2⤵
  PID:6760
- C:\Windows\System\rWvihYJ.exe
  C:\Windows\System\rWvihYJ.exe
  2⤵
  PID:6776
- C:\Windows\System\KjEfNQm.exe
  C:\Windows\System\KjEfNQm.exe
  2⤵
  PID:6792
- C:\Windows\System\pLdSawv.exe
  C:\Windows\System\pLdSawv.exe
  2⤵
  PID:6808
- C:\Windows\System\lhMYpAm.exe
  C:\Windows\System\lhMYpAm.exe
  2⤵
  PID:6824
- C:\Windows\System\sMUeFcE.exe
  C:\Windows\System\sMUeFcE.exe
  2⤵
  PID:6844
- C:\Windows\System\cKYuCxc.exe
  C:\Windows\System\cKYuCxc.exe
  2⤵
  PID:6860
- C:\Windows\System\rysFyAo.exe
  C:\Windows\System\rysFyAo.exe
  2⤵
  PID:6876
- C:\Windows\System\tPgVXDJ.exe
  C:\Windows\System\tPgVXDJ.exe
  2⤵
  PID:6892
- C:\Windows\System\jMBtEpK.exe
  C:\Windows\System\jMBtEpK.exe
  2⤵
  PID:6908
- C:\Windows\System\CtzJPim.exe
  C:\Windows\System\CtzJPim.exe
  2⤵
  PID:6924
- C:\Windows\System\HDFDBwX.exe
  C:\Windows\System\HDFDBwX.exe
  2⤵
  PID:6940
- C:\Windows\System\OKhTzdz.exe
  C:\Windows\System\OKhTzdz.exe
  2⤵
  PID:6956
- C:\Windows\System\rmdZnpH.exe
  C:\Windows\System\rmdZnpH.exe
  2⤵
  PID:6972
- C:\Windows\System\mdEnFBM.exe
  C:\Windows\System\mdEnFBM.exe
  2⤵
  PID:6988
- C:\Windows\System\vgxpRuk.exe
  C:\Windows\System\vgxpRuk.exe
  2⤵
  PID:7004
- C:\Windows\System\XdHhMzC.exe
  C:\Windows\System\XdHhMzC.exe
  2⤵
  PID:7020
- C:\Windows\System\fJdTlKA.exe
  C:\Windows\System\fJdTlKA.exe
  2⤵
  PID:7044
- C:\Windows\System\tjxAmjm.exe
  C:\Windows\System\tjxAmjm.exe
  2⤵
  PID:7064
- C:\Windows\System\AlCxHsQ.exe
  C:\Windows\System\AlCxHsQ.exe
  2⤵
  PID:7088
- C:\Windows\System\roDmVvo.exe
  C:\Windows\System\roDmVvo.exe
  2⤵
  PID:7104
- C:\Windows\System\rORuFdU.exe
  C:\Windows\System\rORuFdU.exe
  2⤵
  PID:7120
- C:\Windows\System\tsaqtox.exe
  C:\Windows\System\tsaqtox.exe
  2⤵
  PID:7136
- C:\Windows\System\aeUZEBm.exe
  C:\Windows\System\aeUZEBm.exe
  2⤵
  PID:7152
- C:\Windows\System\FwQbSAs.exe
  C:\Windows\System\FwQbSAs.exe
  2⤵
  PID:5228
- C:\Windows\System\TYiDdFf.exe
  C:\Windows\System\TYiDdFf.exe
  2⤵
  PID:2960
- C:\Windows\System\bDirRLy.exe
  C:\Windows\System\bDirRLy.exe
  2⤵
  PID:6156
- C:\Windows\System\VTMsizJ.exe
  C:\Windows\System\VTMsizJ.exe
  2⤵
  PID:6220
- C:\Windows\System\Vrxslrb.exe
  C:\Windows\System\Vrxslrb.exe
  2⤵
  PID:5328
- C:\Windows\System\camjFNp.exe
  C:\Windows\System\camjFNp.exe
  2⤵
  PID:6200
- C:\Windows\System\xFpshaL.exe
  C:\Windows\System\xFpshaL.exe
  2⤵
  PID:6256
- C:\Windows\System\MNoRpOu.exe
  C:\Windows\System\MNoRpOu.exe
  2⤵
  PID:6276
- C:\Windows\System\QOTmIkD.exe
  C:\Windows\System\QOTmIkD.exe
  2⤵
  PID:6300
- C:\Windows\System\KmwoghX.exe
  C:\Windows\System\KmwoghX.exe
  2⤵
  PID:6344
- C:\Windows\System\pfaMkwv.exe
  C:\Windows\System\pfaMkwv.exe
  2⤵
  PID:6420
- C:\Windows\System\xQoWAVk.exe
  C:\Windows\System\xQoWAVk.exe
  2⤵
  PID:6372
- C:\Windows\System\ugpvyLs.exe
  C:\Windows\System\ugpvyLs.exe
  2⤵
  PID:6460
- C:\Windows\System\vUyBSqL.exe
  C:\Windows\System\vUyBSqL.exe
  2⤵
  PID:6488
- C:\Windows\System\ilPoZVN.exe
  C:\Windows\System\ilPoZVN.exe
  2⤵
  PID:6552
- C:\Windows\System\tDrViLn.exe
  C:\Windows\System\tDrViLn.exe
  2⤵
  PID:6648
- C:\Windows\System\hiPKrFl.exe
  C:\Windows\System\hiPKrFl.exe
  2⤵
  PID:6504
- C:\Windows\System\ObpPCKw.exe
  C:\Windows\System\ObpPCKw.exe
  2⤵
  PID:6724
- C:\Windows\System\khSmmtr.exe
  C:\Windows\System\khSmmtr.exe
  2⤵
  PID:6536
- C:\Windows\System\aLXkqRU.exe
  C:\Windows\System\aLXkqRU.exe
  2⤵
  PID:6600
- C:\Windows\System\FNgMrPq.exe
  C:\Windows\System\FNgMrPq.exe
  2⤵
  PID:6664
- C:\Windows\System\PFIiVGx.exe
  C:\Windows\System\PFIiVGx.exe
  2⤵
  PID:6820
- C:\Windows\System\GUgZdqz.exe
  C:\Windows\System\GUgZdqz.exe
  2⤵
  PID:6768
- C:\Windows\System\AWZGyET.exe
  C:\Windows\System\AWZGyET.exe
  2⤵
  PID:6868
- C:\Windows\System\bEesciy.exe
  C:\Windows\System\bEesciy.exe
  2⤵
  PID:6872
- C:\Windows\System\arPAsvg.exe
  C:\Windows\System\arPAsvg.exe
  2⤵
  PID:6884
- C:\Windows\System\JHfkSFA.exe
  C:\Windows\System\JHfkSFA.exe
  2⤵
  PID:6916
- C:\Windows\System\CJuZHqH.exe
  C:\Windows\System\CJuZHqH.exe
  2⤵
  PID:6980
- C:\Windows\System\lajSOvH.exe
  C:\Windows\System\lajSOvH.exe
  2⤵
  PID:7052
- C:\Windows\System\TrnNaHg.exe
  C:\Windows\System\TrnNaHg.exe
  2⤵
  PID:7040
- C:\Windows\System\jlminnR.exe
  C:\Windows\System\jlminnR.exe
  2⤵
  PID:6964
- C:\Windows\System\rvpPmBQ.exe
  C:\Windows\System\rvpPmBQ.exe
  2⤵
  PID:6088
- C:\Windows\System\TIvjghJ.exe
  C:\Windows\System\TIvjghJ.exe
  2⤵
  PID:6252
- C:\Windows\System\MlNLBpR.exe
  C:\Windows\System\MlNLBpR.exe
  2⤵
  PID:6404
- C:\Windows\System\nqDvKzV.exe
  C:\Windows\System\nqDvKzV.exe
  2⤵
  PID:6168
- C:\Windows\System\zQmftPf.exe
  C:\Windows\System\zQmftPf.exe
  2⤵
  PID:6308
- C:\Windows\System\sgcsFkj.exe
  C:\Windows\System\sgcsFkj.exe
  2⤵
  PID:6472
- C:\Windows\System\ckAecnM.exe
  C:\Windows\System\ckAecnM.exe
  2⤵
  PID:6444
- C:\Windows\System\XblOnsE.exe
  C:\Windows\System\XblOnsE.exe
  2⤵
  PID:6632
- C:\Windows\System\yGVMpfj.exe
  C:\Windows\System\yGVMpfj.exe
  2⤵
  PID:6636
- C:\Windows\System\hTMAMnm.exe
  C:\Windows\System\hTMAMnm.exe
  2⤵
  PID:7016
- C:\Windows\System\aBKrJqV.exe
  C:\Windows\System\aBKrJqV.exe
  2⤵
  PID:6900
- C:\Windows\System\CKIGPQm.exe
  C:\Windows\System\CKIGPQm.exe
  2⤵
  PID:6948
- C:\Windows\System\PcduEIC.exe
  C:\Windows\System\PcduEIC.exe
  2⤵
  PID:6736
- C:\Windows\System\FbSJsGt.exe
  C:\Windows\System\FbSJsGt.exe
  2⤵
  PID:6816
- C:\Windows\System\zJePDqs.exe
  C:\Windows\System\zJePDqs.exe
  2⤵
  PID:7060
- C:\Windows\System\uWrIZWS.exe
  C:\Windows\System\uWrIZWS.exe
  2⤵
  PID:7096
- C:\Windows\System\ycHyUNa.exe
  C:\Windows\System\ycHyUNa.exe
  2⤵
  PID:7160
- C:\Windows\System\aFiOsnb.exe
  C:\Windows\System\aFiOsnb.exe
  2⤵
  PID:7072
- C:\Windows\System\RHHdfNW.exe
  C:\Windows\System\RHHdfNW.exe
  2⤵
  PID:7148
- C:\Windows\System\OaEXxad.exe
  C:\Windows\System\OaEXxad.exe
  2⤵
  PID:7080
- C:\Windows\System\IzqdWxN.exe
  C:\Windows\System\IzqdWxN.exe
  2⤵
  PID:6284
- C:\Windows\System\WEoNZNg.exe
  C:\Windows\System\WEoNZNg.exe
  2⤵
  PID:6456
- C:\Windows\System\axsRDTA.exe
  C:\Windows\System\axsRDTA.exe
  2⤵
  PID:6584
- C:\Windows\System\asHhRvQ.exe
  C:\Windows\System\asHhRvQ.exe
  2⤵
  PID:6476
- C:\Windows\System\QRLekYH.exe
  C:\Windows\System\QRLekYH.exe
  2⤵
  PID:6720
- C:\Windows\System\RImiVOR.exe
  C:\Windows\System\RImiVOR.exe
  2⤵
  PID:6668
- C:\Windows\System\YWCMjec.exe
  C:\Windows\System\YWCMjec.exe
  2⤵
  PID:6772
- C:\Windows\System\lrXSvxr.exe
  C:\Windows\System\lrXSvxr.exe
  2⤵
  PID:6932
- C:\Windows\System\ydASsXQ.exe
  C:\Windows\System\ydASsXQ.exe
  2⤵
  PID:7032
- C:\Windows\System\ymNcxsj.exe
  C:\Windows\System\ymNcxsj.exe
  2⤵
  PID:7112
- C:\Windows\System\eYBFhog.exe
  C:\Windows\System\eYBFhog.exe
  2⤵
  PID:6268
- C:\Windows\System\olslgqq.exe
  C:\Windows\System\olslgqq.exe
  2⤵
  PID:7084
- C:\Windows\System\YpdoATN.exe
  C:\Windows\System\YpdoATN.exe
  2⤵
  PID:6840
- C:\Windows\System\kvDWDoJ.exe
  C:\Windows\System\kvDWDoJ.exe
  2⤵
  PID:6740
- C:\Windows\System\DxIBFKy.exe
  C:\Windows\System\DxIBFKy.exe
  2⤵
  PID:6188
- C:\Windows\System\LgxbJIt.exe
  C:\Windows\System\LgxbJIt.exe
  2⤵
  PID:7128
- C:\Windows\System\nDlUWYB.exe
  C:\Windows\System\nDlUWYB.exe
  2⤵
  PID:6272
- C:\Windows\System\cqGDpwY.exe
  C:\Windows\System\cqGDpwY.exe
  2⤵
  PID:6888
- C:\Windows\System\Ndlwfrm.exe
  C:\Windows\System\Ndlwfrm.exe
  2⤵
  PID:5780
- C:\Windows\System\ALjLDIN.exe
  C:\Windows\System\ALjLDIN.exe
  2⤵
  PID:7172
- C:\Windows\System\KTZEPmu.exe
  C:\Windows\System\KTZEPmu.exe
  2⤵
  PID:7188
- C:\Windows\System\mzUHPSe.exe
  C:\Windows\System\mzUHPSe.exe
  2⤵
  PID:7204
- C:\Windows\System\ZwInKmY.exe
  C:\Windows\System\ZwInKmY.exe
  2⤵
  PID:7220
- C:\Windows\System\IIJzmqw.exe
  C:\Windows\System\IIJzmqw.exe
  2⤵
  PID:7236
- C:\Windows\System\NVjWKxv.exe
  C:\Windows\System\NVjWKxv.exe
  2⤵
  PID:7252
- C:\Windows\System\CMiQlDE.exe
  C:\Windows\System\CMiQlDE.exe
  2⤵
  PID:7268
- C:\Windows\System\UUuIKQi.exe
  C:\Windows\System\UUuIKQi.exe
  2⤵
  PID:7284
- C:\Windows\System\AUreVyW.exe
  C:\Windows\System\AUreVyW.exe
  2⤵
  PID:7300
- C:\Windows\System\eYUTfsx.exe
  C:\Windows\System\eYUTfsx.exe
  2⤵
  PID:7316
- C:\Windows\System\NoROkFD.exe
  C:\Windows\System\NoROkFD.exe
  2⤵
  PID:7428
- C:\Windows\System\HSOGNTU.exe
  C:\Windows\System\HSOGNTU.exe
  2⤵
  PID:7444
- C:\Windows\System\ZdlOjmU.exe
  C:\Windows\System\ZdlOjmU.exe
  2⤵
  PID:7460
- C:\Windows\System\rhRHYFs.exe
  C:\Windows\System\rhRHYFs.exe
  2⤵
  PID:7480
- C:\Windows\System\uWsbMiy.exe
  C:\Windows\System\uWsbMiy.exe
  2⤵
  PID:7496
- C:\Windows\System\ZWaeKin.exe
  C:\Windows\System\ZWaeKin.exe
  2⤵
  PID:7512
- C:\Windows\System\EzbjgRI.exe
  C:\Windows\System\EzbjgRI.exe
  2⤵
  PID:7528
- C:\Windows\System\wsvDttn.exe
  C:\Windows\System\wsvDttn.exe
  2⤵
  PID:7544
- C:\Windows\System\KRKqXMP.exe
  C:\Windows\System\KRKqXMP.exe
  2⤵
  PID:7560
- C:\Windows\System\NbhmMby.exe
  C:\Windows\System\NbhmMby.exe
  2⤵
  PID:7576
- C:\Windows\System\VISGXWP.exe
  C:\Windows\System\VISGXWP.exe
  2⤵
  PID:7592
- C:\Windows\System\TtCtAyP.exe
  C:\Windows\System\TtCtAyP.exe
  2⤵
  PID:7608
- C:\Windows\System\HRRdbrK.exe
  C:\Windows\System\HRRdbrK.exe
  2⤵
  PID:7632
- C:\Windows\System\HklelWE.exe
  C:\Windows\System\HklelWE.exe
  2⤵
  PID:7648
- C:\Windows\System\iURNfto.exe
  C:\Windows\System\iURNfto.exe
  2⤵
  PID:7664
- C:\Windows\System\vYkLhvy.exe
  C:\Windows\System\vYkLhvy.exe
  2⤵
  PID:7680
- C:\Windows\System\xvpFlDx.exe
  C:\Windows\System\xvpFlDx.exe
  2⤵
  PID:7696
- C:\Windows\System\MFntpkY.exe
  C:\Windows\System\MFntpkY.exe
  2⤵
  PID:7716
- C:\Windows\System\tSUMZlw.exe
  C:\Windows\System\tSUMZlw.exe
  2⤵
  PID:7736
- C:\Windows\System\iSgkzjV.exe
  C:\Windows\System\iSgkzjV.exe
  2⤵
  PID:7760
- C:\Windows\System\ZZSOohg.exe
  C:\Windows\System\ZZSOohg.exe
  2⤵
  PID:7776
- C:\Windows\System\lMrnCre.exe
  C:\Windows\System\lMrnCre.exe
  2⤵
  PID:7804
- C:\Windows\System\BJjwNze.exe
  C:\Windows\System\BJjwNze.exe
  2⤵
  PID:7840
- C:\Windows\System\DeigYxc.exe
  C:\Windows\System\DeigYxc.exe
  2⤵
  PID:7864
- C:\Windows\System\vWKRoUL.exe
  C:\Windows\System\vWKRoUL.exe
  2⤵
  PID:7884
- C:\Windows\System\Bdkedyo.exe
  C:\Windows\System\Bdkedyo.exe
  2⤵
  PID:7900
- C:\Windows\System\crzVCQc.exe
  C:\Windows\System\crzVCQc.exe
  2⤵
  PID:7916
- C:\Windows\System\yhGJdyh.exe
  C:\Windows\System\yhGJdyh.exe
  2⤵
  PID:7940
- C:\Windows\System\kznznAN.exe
  C:\Windows\System\kznznAN.exe
  2⤵
  PID:7956
- C:\Windows\System\VsQDJsi.exe
  C:\Windows\System\VsQDJsi.exe
  2⤵
  PID:7976
- C:\Windows\System\NrobjLt.exe
  C:\Windows\System\NrobjLt.exe
  2⤵
  PID:7992
- C:\Windows\System\YsaSPuG.exe
  C:\Windows\System\YsaSPuG.exe
  2⤵
  PID:8008
- C:\Windows\System\tfbAwoB.exe
  C:\Windows\System\tfbAwoB.exe
  2⤵
  PID:8028
- C:\Windows\System\kwfLuom.exe
  C:\Windows\System\kwfLuom.exe
  2⤵
  PID:8052
- C:\Windows\System\tBqwIXi.exe
  C:\Windows\System\tBqwIXi.exe
  2⤵
  PID:8068
- C:\Windows\System\OLSeZkg.exe
  C:\Windows\System\OLSeZkg.exe
  2⤵
  PID:8084
- C:\Windows\System\pACnoFL.exe
  C:\Windows\System\pACnoFL.exe
  2⤵
  PID:8120
- C:\Windows\System\fjGVwaL.exe
  C:\Windows\System\fjGVwaL.exe
  2⤵
  PID:8136
- C:\Windows\System\PbldIgN.exe
  C:\Windows\System\PbldIgN.exe
  2⤵
  PID:8152
- C:\Windows\System\UklKwyH.exe
  C:\Windows\System\UklKwyH.exe
  2⤵
  PID:8180
- C:\Windows\System\lkbwBgQ.exe
  C:\Windows\System\lkbwBgQ.exe
  2⤵
  PID:6356
- C:\Windows\System\jYweRdX.exe
  C:\Windows\System\jYweRdX.exe
  2⤵
  PID:7260
- C:\Windows\System\ZKKsmwm.exe
  C:\Windows\System\ZKKsmwm.exe
  2⤵
  PID:6788
- C:\Windows\System\NNApoNY.exe
  C:\Windows\System\NNApoNY.exe
  2⤵
  PID:7244
- C:\Windows\System\oqDzWXr.exe
  C:\Windows\System\oqDzWXr.exe
  2⤵
  PID:7280
- C:\Windows\System\UExUGTL.exe
  C:\Windows\System\UExUGTL.exe
  2⤵
  PID:2652
- C:\Windows\System\lycWhja.exe
  C:\Windows\System\lycWhja.exe
  2⤵
  PID:7356
- C:\Windows\System\iOGKBFC.exe
  C:\Windows\System\iOGKBFC.exe
  2⤵
  PID:7372
- C:\Windows\System\tOVzwcm.exe
  C:\Windows\System\tOVzwcm.exe
  2⤵
  PID:7388
- C:\Windows\System\ByVKYvA.exe
  C:\Windows\System\ByVKYvA.exe
  2⤵
  PID:7404
- C:\Windows\System\CcNvSKa.exe
  C:\Windows\System\CcNvSKa.exe
  2⤵
  PID:7420
- C:\Windows\System\XvAOlMF.exe
  C:\Windows\System\XvAOlMF.exe
  2⤵
  PID:7488
- C:\Windows\System\HrWPClI.exe
  C:\Windows\System\HrWPClI.exe
  2⤵
  PID:7520
- C:\Windows\System\mTAxJrR.exe
  C:\Windows\System\mTAxJrR.exe
  2⤵
  PID:7556
- C:\Windows\System\FJgslwT.exe
  C:\Windows\System\FJgslwT.exe
  2⤵
  PID:7588
- C:\Windows\System\GwqruPc.exe
  C:\Windows\System\GwqruPc.exe
  2⤵
  PID:7568
- C:\Windows\System\URWJZGZ.exe
  C:\Windows\System\URWJZGZ.exe
  2⤵
  PID:7616
- C:\Windows\System\qeKyXuO.exe
  C:\Windows\System\qeKyXuO.exe
  2⤵
  PID:7688
- C:\Windows\System\euliqNC.exe
  C:\Windows\System\euliqNC.exe
  2⤵
  PID:7644
- C:\Windows\System\XevbfEK.exe
  C:\Windows\System\XevbfEK.exe
  2⤵
  PID:7772
- C:\Windows\System\ImwNKEF.exe
  C:\Windows\System\ImwNKEF.exe
  2⤵
  PID:7788
- C:\Windows\System\YzCKoeX.exe
  C:\Windows\System\YzCKoeX.exe
  2⤵
  PID:7756
- C:\Windows\System\XbdGJRv.exe
  C:\Windows\System\XbdGJRv.exe
  2⤵
  PID:7816
- C:\Windows\System\NENqchY.exe
  C:\Windows\System\NENqchY.exe
  2⤵
  PID:7836
- C:\Windows\System\CGBwLAt.exe
  C:\Windows\System\CGBwLAt.exe
  2⤵
  PID:7880
- C:\Windows\System\lXlzoXg.exe
  C:\Windows\System\lXlzoXg.exe
  2⤵
  PID:7912
- C:\Windows\System\qANNsLE.exe
  C:\Windows\System\qANNsLE.exe
  2⤵
  PID:7984
- C:\Windows\System\eAFcxMM.exe
  C:\Windows\System\eAFcxMM.exe
  2⤵
  PID:8020
- C:\Windows\System\jmtjJHk.exe
  C:\Windows\System\jmtjJHk.exe
  2⤵
  PID:7892
- C:\Windows\System\mRUeYMc.exe
  C:\Windows\System\mRUeYMc.exe
  2⤵
  PID:7972
- C:\Windows\System\XTjuLHN.exe
  C:\Windows\System\XTjuLHN.exe
  2⤵
  PID:8036
- C:\Windows\System\btVTemY.exe
  C:\Windows\System\btVTemY.exe
  2⤵
  PID:8076
- C:\Windows\System\ijklQhE.exe
  C:\Windows\System\ijklQhE.exe
  2⤵
  PID:8112
- C:\Windows\System\cLYBSBn.exe
  C:\Windows\System\cLYBSBn.exe
  2⤵
  PID:8144
- C:\Windows\System\IRokyDj.exe
  C:\Windows\System\IRokyDj.exe
  2⤵
  PID:8160
- C:\Windows\System\FdlScJz.exe
  C:\Windows\System\FdlScJz.exe
  2⤵
  PID:8132
- C:\Windows\System\obInAAU.exe
  C:\Windows\System\obInAAU.exe
  2⤵
  PID:7324
- C:\Windows\System\XQnCwhR.exe
  C:\Windows\System\XQnCwhR.exe
  2⤵
  PID:7264
- C:\Windows\System\fHOLCdi.exe
  C:\Windows\System\fHOLCdi.exe
  2⤵
  PID:7348
- C:\Windows\System\uxkAVSC.exe
  C:\Windows\System\uxkAVSC.exe
  2⤵
  PID:6620
- C:\Windows\System\sHaVhYS.exe
  C:\Windows\System\sHaVhYS.exe
  2⤵
  PID:7584
- C:\Windows\System\gzrIvKD.exe
  C:\Windows\System\gzrIvKD.exe
  2⤵
  PID:7504
- C:\Windows\System\uueaRXc.exe
  C:\Windows\System\uueaRXc.exe
  2⤵
  PID:7328
- C:\Windows\System\yBAaATc.exe
  C:\Windows\System\yBAaATc.exe
  2⤵
  PID:7508
- C:\Windows\System\ChNnEPC.exe
  C:\Windows\System\ChNnEPC.exe
  2⤵
  PID:7744
- C:\Windows\System\kDWDtRa.exe
  C:\Windows\System\kDWDtRa.exe
  2⤵
  PID:7952
- C:\Windows\System\NwCvLdQ.exe
  C:\Windows\System\NwCvLdQ.exe
  2⤵
  PID:7628
- C:\Windows\System\bxvLIoz.exe
  C:\Windows\System\bxvLIoz.exe
  2⤵
  PID:7732
- C:\Windows\System\yGhsQTI.exe
  C:\Windows\System\yGhsQTI.exe
  2⤵
  PID:7332
- C:\Windows\System\mCTDHRA.exe
  C:\Windows\System\mCTDHRA.exe
  2⤵
  PID:8004
- C:\Windows\System\mXrLaZU.exe
  C:\Windows\System\mXrLaZU.exe
  2⤵
  PID:8104
- C:\Windows\System\TKKMyeI.exe
  C:\Windows\System\TKKMyeI.exe
  2⤵
  PID:7852
- C:\Windows\System\eTpbQvs.exe
  C:\Windows\System\eTpbQvs.exe
  2⤵
  PID:8176
- C:\Windows\System\rWyoRzq.exe
  C:\Windows\System\rWyoRzq.exe
  2⤵
  PID:8116
- C:\Windows\System\VdWkDmf.exe
  C:\Windows\System\VdWkDmf.exe
  2⤵
  PID:7936
- C:\Windows\System\xLaODoB.exe
  C:\Windows\System\xLaODoB.exe
  2⤵
  PID:8092
- C:\Windows\System\gmPErRL.exe
  C:\Windows\System\gmPErRL.exe
  2⤵
  PID:7436
- C:\Windows\System\ZwdObBa.exe
  C:\Windows\System\ZwdObBa.exe
  2⤵
  PID:7396
- C:\Windows\System\IAnlkNM.exe
  C:\Windows\System\IAnlkNM.exe
  2⤵
  PID:7216
- C:\Windows\System\hwDLoDS.exe
  C:\Windows\System\hwDLoDS.exe
  2⤵
  PID:7692
- C:\Windows\System\DTRIEtp.exe
  C:\Windows\System\DTRIEtp.exe
  2⤵
  PID:7876
- C:\Windows\System\AMktCOR.exe
  C:\Windows\System\AMktCOR.exe
  2⤵
  PID:7624
- C:\Windows\System\xjdXCEq.exe
  C:\Windows\System\xjdXCEq.exe
  2⤵
  PID:7676
- C:\Windows\System\eiAqtey.exe
  C:\Windows\System\eiAqtey.exe
  2⤵
  PID:8096
- C:\Windows\System\dgukooL.exe
  C:\Windows\System\dgukooL.exe
  2⤵
  PID:7932
- C:\Windows\System\DnlmNrf.exe
  C:\Windows\System\DnlmNrf.exe
  2⤵
  PID:7924
- C:\Windows\System\kMFmdHw.exe
  C:\Windows\System\kMFmdHw.exe
  2⤵
  PID:7964
- C:\Windows\System\yWSJQFI.exe
  C:\Windows\System\yWSJQFI.exe
  2⤵
  PID:7712
- C:\Windows\System\gZGwYOJ.exe
  C:\Windows\System\gZGwYOJ.exe
  2⤵
  PID:8200
- C:\Windows\System\BfVeEbb.exe
  C:\Windows\System\BfVeEbb.exe
  2⤵
  PID:8216
- C:\Windows\System\SLzcSTD.exe
  C:\Windows\System\SLzcSTD.exe
  2⤵
  PID:8232
- C:\Windows\System\PFgoUUp.exe
  C:\Windows\System\PFgoUUp.exe
  2⤵
  PID:8248
- C:\Windows\System\riUycGf.exe
  C:\Windows\System\riUycGf.exe
  2⤵
  PID:8264
- C:\Windows\System\QEEULGj.exe
  C:\Windows\System\QEEULGj.exe
  2⤵
  PID:8284
- C:\Windows\System\wrIWhFp.exe
  C:\Windows\System\wrIWhFp.exe
  2⤵
  PID:8304
- C:\Windows\System\rkNtIbV.exe
  C:\Windows\System\rkNtIbV.exe
  2⤵
  PID:8320
- C:\Windows\System\ZGPylra.exe
  C:\Windows\System\ZGPylra.exe
  2⤵
  PID:8336
- C:\Windows\System\xLklNGW.exe
  C:\Windows\System\xLklNGW.exe
  2⤵
  PID:8352
- C:\Windows\System\ocKKOUN.exe
  C:\Windows\System\ocKKOUN.exe
  2⤵
  PID:8368
- C:\Windows\System\SUoaypY.exe
  C:\Windows\System\SUoaypY.exe
  2⤵
  PID:8388
- C:\Windows\System\kbrkGNJ.exe
  C:\Windows\System\kbrkGNJ.exe
  2⤵
  PID:8404
- C:\Windows\System\XduIXsn.exe
  C:\Windows\System\XduIXsn.exe
  2⤵
  PID:8420
- C:\Windows\System\sThoDlD.exe
  C:\Windows\System\sThoDlD.exe
  2⤵
  PID:8436
- C:\Windows\System\KIyGnKp.exe
  C:\Windows\System\KIyGnKp.exe
  2⤵
  PID:8452
- C:\Windows\System\eaKOXlN.exe
  C:\Windows\System\eaKOXlN.exe
  2⤵
  PID:8468
- C:\Windows\System\PsawOuH.exe
  C:\Windows\System\PsawOuH.exe
  2⤵
  PID:8488
- C:\Windows\System\AblQrYD.exe
  C:\Windows\System\AblQrYD.exe
  2⤵
  PID:8504
- C:\Windows\System\sSbsjki.exe
  C:\Windows\System\sSbsjki.exe
  2⤵
  PID:8520
- C:\Windows\System\MtTLCyT.exe
  C:\Windows\System\MtTLCyT.exe
  2⤵
  PID:8536
- C:\Windows\System\EUapVyA.exe
  C:\Windows\System\EUapVyA.exe
  2⤵
  PID:8552
- C:\Windows\System\yZgIPRu.exe
  C:\Windows\System\yZgIPRu.exe
  2⤵
  PID:8568
- C:\Windows\System\xXoHOBM.exe
  C:\Windows\System\xXoHOBM.exe
  2⤵
  PID:8584
- C:\Windows\System\HYKJAYN.exe
  C:\Windows\System\HYKJAYN.exe
  2⤵
  PID:8604
- C:\Windows\System\GgCNnKD.exe
  C:\Windows\System\GgCNnKD.exe
  2⤵
  PID:8620
- C:\Windows\System\LLKKsIO.exe
  C:\Windows\System\LLKKsIO.exe
  2⤵
  PID:8636
- C:\Windows\System\KYISDzQ.exe
  C:\Windows\System\KYISDzQ.exe
  2⤵
  PID:8652
- C:\Windows\System\TCwiVkp.exe
  C:\Windows\System\TCwiVkp.exe
  2⤵
  PID:8668
- C:\Windows\System\tMmCceN.exe
  C:\Windows\System\tMmCceN.exe
  2⤵
  PID:8684
- C:\Windows\System\LQzVOIR.exe
  C:\Windows\System\LQzVOIR.exe
  2⤵
  PID:8700
- C:\Windows\System\YTaebqr.exe
  C:\Windows\System\YTaebqr.exe
  2⤵
  PID:8716
- C:\Windows\System\FrqIbxf.exe
  C:\Windows\System\FrqIbxf.exe
  2⤵
  PID:8736
- C:\Windows\System\miBmNdl.exe
  C:\Windows\System\miBmNdl.exe
  2⤵
  PID:8752
- C:\Windows\System\lPWiYoV.exe
  C:\Windows\System\lPWiYoV.exe
  2⤵
  PID:8772
- C:\Windows\System\dMrrSlk.exe
  C:\Windows\System\dMrrSlk.exe
  2⤵
  PID:8788
- C:\Windows\System\ljYagbX.exe
  C:\Windows\System\ljYagbX.exe
  2⤵
  PID:8804
- C:\Windows\System\BpBdlDS.exe
  C:\Windows\System\BpBdlDS.exe
  2⤵
  PID:8820
- C:\Windows\System\mEvzmiq.exe
  C:\Windows\System\mEvzmiq.exe
  2⤵
  PID:8836
- C:\Windows\System\bZWSMJi.exe
  C:\Windows\System\bZWSMJi.exe
  2⤵
  PID:8852
- C:\Windows\System\xIsMJlj.exe
  C:\Windows\System\xIsMJlj.exe
  2⤵
  PID:8868
- C:\Windows\System\vpqLFTk.exe
  C:\Windows\System\vpqLFTk.exe
  2⤵
  PID:8884
- C:\Windows\System\OLAQLhC.exe
  C:\Windows\System\OLAQLhC.exe
  2⤵
  PID:8900
- C:\Windows\System\uCQlVMs.exe
  C:\Windows\System\uCQlVMs.exe
  2⤵
  PID:8916
- C:\Windows\System\GjLgOtS.exe
  C:\Windows\System\GjLgOtS.exe
  2⤵
  PID:8932
- C:\Windows\System\sPkJtyM.exe
  C:\Windows\System\sPkJtyM.exe
  2⤵
  PID:8948
- C:\Windows\System\XybdLft.exe
  C:\Windows\System\XybdLft.exe
  2⤵
  PID:8964
- C:\Windows\System\YZjqipv.exe
  C:\Windows\System\YZjqipv.exe
  2⤵
  PID:8980
- C:\Windows\System\XJqcuqR.exe
  C:\Windows\System\XJqcuqR.exe
  2⤵
  PID:8996
- C:\Windows\System\rPAbiuI.exe
  C:\Windows\System\rPAbiuI.exe
  2⤵
  PID:9012
- C:\Windows\System\uzbyLTS.exe
  C:\Windows\System\uzbyLTS.exe
  2⤵
  PID:9028
- C:\Windows\System\uFxWojy.exe
  C:\Windows\System\uFxWojy.exe
  2⤵
  PID:9044
- C:\Windows\System\tNIKhkJ.exe
  C:\Windows\System\tNIKhkJ.exe
  2⤵
  PID:9072
- C:\Windows\System\XWJAsWO.exe
  C:\Windows\System\XWJAsWO.exe
  2⤵
  PID:9092
- C:\Windows\System\WgBGhHp.exe
  C:\Windows\System\WgBGhHp.exe
  2⤵
  PID:9108
- C:\Windows\System\uyDPePk.exe
  C:\Windows\System\uyDPePk.exe
  2⤵
  PID:9124
- C:\Windows\System\FQAoyzI.exe
  C:\Windows\System\FQAoyzI.exe
  2⤵
  PID:9140
- C:\Windows\System\sAvsNWN.exe
  C:\Windows\System\sAvsNWN.exe
  2⤵
  PID:9156
- C:\Windows\System\wnfzDmn.exe
  C:\Windows\System\wnfzDmn.exe
  2⤵
  PID:9172
- C:\Windows\System\MrOpTuu.exe
  C:\Windows\System\MrOpTuu.exe
  2⤵
  PID:9192
- C:\Windows\System\rtzOmrm.exe
  C:\Windows\System\rtzOmrm.exe
  2⤵
  PID:9212
- C:\Windows\System\kWYEoXX.exe
  C:\Windows\System\kWYEoXX.exe
  2⤵
  PID:7656
- C:\Windows\System\ZkrvqvD.exe
  C:\Windows\System\ZkrvqvD.exe
  2⤵
  PID:8196
- C:\Windows\System\EvSXuYo.exe
  C:\Windows\System\EvSXuYo.exe
  2⤵
  PID:8128
- C:\Windows\System\EytqsOC.exe
  C:\Windows\System\EytqsOC.exe
  2⤵
  PID:7384
- C:\Windows\System\FMerPgS.exe
  C:\Windows\System\FMerPgS.exe
  2⤵
  PID:7456
- C:\Windows\System\YmnguNs.exe
  C:\Windows\System\YmnguNs.exe
  2⤵
  PID:7184
- C:\Windows\System\HcSOzci.exe
  C:\Windows\System\HcSOzci.exe
  2⤵
  PID:8240
- C:\Windows\System\uGmWvTU.exe
  C:\Windows\System\uGmWvTU.exe
  2⤵
  PID:8328
- C:\Windows\System\EbpzUga.exe
  C:\Windows\System\EbpzUga.exe
  2⤵
  PID:8364
- C:\Windows\System\KQMoMUv.exe
  C:\Windows\System\KQMoMUv.exe
  2⤵
  PID:8432
- C:\Windows\System\pGgmawq.exe
  C:\Windows\System\pGgmawq.exe
  2⤵
  PID:8312
- C:\Windows\System\uYAwRJG.exe
  C:\Windows\System\uYAwRJG.exe
  2⤵
  PID:8476
- C:\Windows\System\MCrZtzF.exe
  C:\Windows\System\MCrZtzF.exe
  2⤵
  PID:8500
- C:\Windows\System\PsXqCFf.exe
  C:\Windows\System\PsXqCFf.exe
  2⤵
  PID:8412
- C:\Windows\System\JypMgTv.exe
  C:\Windows\System\JypMgTv.exe
  2⤵
  PID:8592
- C:\Windows\System\liuBKKA.exe
  C:\Windows\System\liuBKKA.exe
  2⤵
  PID:8600
- C:\Windows\System\tkBfiZB.exe
  C:\Windows\System\tkBfiZB.exe
  2⤵
  PID:8660
- C:\Windows\System\cXNyAxq.exe
  C:\Windows\System\cXNyAxq.exe
  2⤵
  PID:8732
- C:\Windows\System\OzmSPHE.exe
  C:\Windows\System\OzmSPHE.exe
  2⤵
  PID:8768
- C:\Windows\System\DWvmCTT.exe
  C:\Windows\System\DWvmCTT.exe
  2⤵
  PID:8796
- C:\Windows\System\JQWWqls.exe
  C:\Windows\System\JQWWqls.exe
  2⤵
  PID:8864
- C:\Windows\System\mgDbNoA.exe
  C:\Windows\System\mgDbNoA.exe
  2⤵
  PID:8748
- C:\Windows\System\aLVlzrV.exe
  C:\Windows\System\aLVlzrV.exe
  2⤵
  PID:8648
- C:\Windows\System\nlIzrPF.exe
  C:\Windows\System\nlIzrPF.exe
  2⤵
  PID:8844
- C:\Windows\System\AKmFhQc.exe
  C:\Windows\System\AKmFhQc.exe
  2⤵
  PID:8912
- C:\Windows\System\ydYPije.exe
  C:\Windows\System\ydYPije.exe
  2⤵
  PID:8956
- C:\Windows\System\GDhfJtV.exe
  C:\Windows\System\GDhfJtV.exe
  2⤵
  PID:8780
- C:\Windows\System\VpfAYiv.exe
  C:\Windows\System\VpfAYiv.exe
  2⤵
  PID:8880
- C:\Windows\System\tENQLwM.exe
  C:\Windows\System\tENQLwM.exe
  2⤵
  PID:9056
- C:\Windows\System\ZgbhZMf.exe
  C:\Windows\System\ZgbhZMf.exe
  2⤵
  PID:8940
- C:\Windows\System\zqaaudp.exe
  C:\Windows\System\zqaaudp.exe
  2⤵
  PID:8944
- C:\Windows\System\BBnJhyL.exe
  C:\Windows\System\BBnJhyL.exe
  2⤵
  PID:8976
- C:\Windows\System\KBaUhZj.exe
  C:\Windows\System\KBaUhZj.exe
  2⤵
  PID:9084
- C:\Windows\System\IpGyXDK.exe
  C:\Windows\System\IpGyXDK.exe
  2⤵
  PID:9168
- C:\Windows\System\UAWChSr.exe
  C:\Windows\System\UAWChSr.exe
  2⤵
  PID:9152
- C:\Windows\System\cqVlzPB.exe
  C:\Windows\System\cqVlzPB.exe
  2⤵
  PID:9184
- C:\Windows\System\MaLeDWP.exe
  C:\Windows\System\MaLeDWP.exe
  2⤵
  PID:8188
- C:\Windows\System\YwnDiZk.exe
  C:\Windows\System\YwnDiZk.exe
  2⤵
  PID:7872
- C:\Windows\System\ytHLQlV.exe
  C:\Windows\System\ytHLQlV.exe
  2⤵
  PID:7364
- C:\Windows\System\iUZNnxJ.exe
  C:\Windows\System\iUZNnxJ.exe
  2⤵
  PID:8296
- C:\Windows\System\QkdfDCJ.exe
  C:\Windows\System\QkdfDCJ.exe
  2⤵
  PID:8376
- C:\Windows\System\tUBvUiL.exe
  C:\Windows\System\tUBvUiL.exe
  2⤵
  PID:8316
- C:\Windows\System\tdjQciw.exe
  C:\Windows\System\tdjQciw.exe
  2⤵
  PID:8484
- C:\Windows\System\smfwzYu.exe
  C:\Windows\System\smfwzYu.exe
  2⤵
  PID:8724
- C:\Windows\System\dxhfWCp.exe
  C:\Windows\System\dxhfWCp.exe
  2⤵
  PID:8448
- C:\Windows\System\TnrjOsE.exe
  C:\Windows\System\TnrjOsE.exe
  2⤵
  PID:8612
- C:\Windows\System\NRyvXYv.exe
  C:\Windows\System\NRyvXYv.exe
  2⤵
  PID:8924
- C:\Windows\System\oYTisWj.exe
  C:\Windows\System\oYTisWj.exe
  2⤵
  PID:8816
- C:\Windows\System\HIAxCPo.exe
  C:\Windows\System\HIAxCPo.exe
  2⤵
  PID:8616
- C:\Windows\System\LXHrCWq.exe
  C:\Windows\System\LXHrCWq.exe
  2⤵
  PID:9088
- C:\Windows\System\joLthHK.exe
  C:\Windows\System\joLthHK.exe
  2⤵
  PID:9120
- C:\Windows\System\ItgMRbU.exe
  C:\Windows\System\ItgMRbU.exe
  2⤵
  PID:8992
- C:\Windows\System\vHnLoex.exe
  C:\Windows\System\vHnLoex.exe
  2⤵
  PID:8876
- C:\Windows\System\AmDqWLJ.exe
  C:\Windows\System\AmDqWLJ.exe
  2⤵
  PID:8164
- C:\Windows\System\dVFtbSQ.exe
  C:\Windows\System\dVFtbSQ.exe
  2⤵
  PID:7792
- C:\Windows\System\vxPqymn.exe
  C:\Windows\System\vxPqymn.exe
  2⤵
  PID:7820
- C:\Windows\System\BgwbUQS.exe
  C:\Windows\System\BgwbUQS.exe
  2⤵
  PID:8344
- C:\Windows\System\SDernyF.exe
  C:\Windows\System\SDernyF.exe
  2⤵
  PID:8892
- C:\Windows\System\jMdcHDT.exe
  C:\Windows\System\jMdcHDT.exe
  2⤵
  PID:8760
- C:\Windows\System\BMjZElG.exe
  C:\Windows\System\BMjZElG.exe
  2⤵
  PID:9068
- C:\Windows\System\mFpKuvP.exe
  C:\Windows\System\mFpKuvP.exe
  2⤵
  PID:9024
- C:\Windows\System\YYPILWk.exe
  C:\Windows\System\YYPILWk.exe
  2⤵
  PID:8228
- C:\Windows\System\RuwoPGl.exe
  C:\Windows\System\RuwoPGl.exe
  2⤵
  PID:8908
- C:\Windows\System\puzBMEm.exe
  C:\Windows\System\puzBMEm.exe
  2⤵
  PID:8516
- C:\Windows\System\KqNXnqH.exe
  C:\Windows\System\KqNXnqH.exe
  2⤵
  PID:8400
- C:\Windows\System\GjurTsR.exe
  C:\Windows\System\GjurTsR.exe
  2⤵
  PID:8348
- C:\Windows\System\ixJPgpk.exe
  C:\Windows\System\ixJPgpk.exe
  2⤵
  PID:8896
- C:\Windows\System\IPHDweU.exe
  C:\Windows\System\IPHDweU.exe
  2⤵
  PID:9100
- C:\Windows\System\BQylERj.exe
  C:\Windows\System\BQylERj.exe
  2⤵
  PID:8972
- C:\Windows\System\gBqCQeN.exe
  C:\Windows\System\gBqCQeN.exe
  2⤵
  PID:9008
- C:\Windows\System\GFTzMgB.exe
  C:\Windows\System\GFTzMgB.exe
  2⤵
  PID:8544
- C:\Windows\System\uIOklah.exe
  C:\Windows\System\uIOklah.exe
  2⤵
  PID:8580
- C:\Windows\System\tKAlRIC.exe
  C:\Windows\System\tKAlRIC.exe
  2⤵
  PID:8428
- C:\Windows\System\WwfDogn.exe
  C:\Windows\System\WwfDogn.exe
  2⤵
  PID:8696
- C:\Windows\System\DlOsvoG.exe
  C:\Windows\System\DlOsvoG.exe
  2⤵
  PID:8464
- C:\Windows\System\XxtTtxk.exe
  C:\Windows\System\XxtTtxk.exe
  2⤵
  PID:9220
- C:\Windows\System\JsnhLIH.exe
  C:\Windows\System\JsnhLIH.exe
  2⤵
  PID:9236
- C:\Windows\System\nUhDNWx.exe
  C:\Windows\System\nUhDNWx.exe
  2⤵
  PID:9256
- C:\Windows\System\CLPmupr.exe
  C:\Windows\System\CLPmupr.exe
  2⤵
  PID:9272
- C:\Windows\System\fFiktuQ.exe
  C:\Windows\System\fFiktuQ.exe
  2⤵
  PID:9288
- C:\Windows\System\RsJkUwv.exe
  C:\Windows\System\RsJkUwv.exe
  2⤵
  PID:9308
- C:\Windows\System\YWxMTCn.exe
  C:\Windows\System\YWxMTCn.exe
  2⤵
  PID:9324
- C:\Windows\System\bytEleQ.exe
  C:\Windows\System\bytEleQ.exe
  2⤵
  PID:9340
- C:\Windows\System\aDJKxRT.exe
  C:\Windows\System\aDJKxRT.exe
  2⤵
  PID:9360
- C:\Windows\System\SvzPauf.exe
  C:\Windows\System\SvzPauf.exe
  2⤵
  PID:9384
- C:\Windows\System\YNTYJkR.exe
  C:\Windows\System\YNTYJkR.exe
  2⤵
  PID:9400
- C:\Windows\System\bnaCYCv.exe
  C:\Windows\System\bnaCYCv.exe
  2⤵
  PID:9416
- C:\Windows\System\gRWZAqD.exe
  C:\Windows\System\gRWZAqD.exe
  2⤵
  PID:9476
- C:\Windows\System\Skcjxkc.exe
  C:\Windows\System\Skcjxkc.exe
  2⤵
  PID:9688
- C:\Windows\System\okQlzDU.exe
  C:\Windows\System\okQlzDU.exe
  2⤵
  PID:9720
- C:\Windows\System\YobFUkh.exe
  C:\Windows\System\YobFUkh.exe
  2⤵
  PID:9752
- C:\Windows\System\HskKhYM.exe
  C:\Windows\System\HskKhYM.exe
  2⤵
  PID:9800
- C:\Windows\System\rTseQbu.exe
  C:\Windows\System\rTseQbu.exe
  2⤵
  PID:9820
- C:\Windows\System\wBXYRKw.exe
  C:\Windows\System\wBXYRKw.exe
  2⤵
  PID:9856
- C:\Windows\System\QjhImcF.exe
  C:\Windows\System\QjhImcF.exe
  2⤵
  PID:9872
- C:\Windows\System\kEntsPk.exe
  C:\Windows\System\kEntsPk.exe
  2⤵
  PID:9888
- C:\Windows\System\pYIYJgl.exe
  C:\Windows\System\pYIYJgl.exe
  2⤵
  PID:9904
- C:\Windows\System\oVNOdSx.exe
  C:\Windows\System\oVNOdSx.exe
  2⤵
  PID:9920
- C:\Windows\System\qbnhqpf.exe
  C:\Windows\System\qbnhqpf.exe
  2⤵
  PID:9936
- C:\Windows\System\bwMKwes.exe
  C:\Windows\System\bwMKwes.exe
  2⤵
  PID:9952
- C:\Windows\System\ROeJSAr.exe
  C:\Windows\System\ROeJSAr.exe
  2⤵
  PID:9968
- C:\Windows\System\gFzBGWv.exe
  C:\Windows\System\gFzBGWv.exe
  2⤵
  PID:9988
- C:\Windows\System\vdvWfaz.exe
  C:\Windows\System\vdvWfaz.exe
  2⤵
  PID:10004
- C:\Windows\System\FpYytyK.exe
  C:\Windows\System\FpYytyK.exe
  2⤵
  PID:10020
- C:\Windows\System\rsfPzEM.exe
  C:\Windows\System\rsfPzEM.exe
  2⤵
  PID:10036
- C:\Windows\System\ffnDHay.exe
  C:\Windows\System\ffnDHay.exe
  2⤵
  PID:10052
- C:\Windows\System\ACpXCVD.exe
  C:\Windows\System\ACpXCVD.exe
  2⤵
  PID:10068
- C:\Windows\System\yeKofrz.exe
  C:\Windows\System\yeKofrz.exe
  2⤵
  PID:10084
- C:\Windows\System\rsdmBRT.exe
  C:\Windows\System\rsdmBRT.exe
  2⤵
  PID:10100
- C:\Windows\System\WLlbJuS.exe
  C:\Windows\System\WLlbJuS.exe
  2⤵
  PID:10116
- C:\Windows\System\iQjFKVt.exe
  C:\Windows\System\iQjFKVt.exe
  2⤵
  PID:10132
- C:\Windows\System\GWRmddV.exe
  C:\Windows\System\GWRmddV.exe
  2⤵
  PID:10148
- C:\Windows\System\fTiHSRk.exe
  C:\Windows\System\fTiHSRk.exe
  2⤵
  PID:10172
- C:\Windows\System\fPLoZZQ.exe
  C:\Windows\System\fPLoZZQ.exe
  2⤵
  PID:10188
- C:\Windows\System\GvNerPR.exe
  C:\Windows\System\GvNerPR.exe
  2⤵
  PID:10204
- C:\Windows\System\jsaAarp.exe
  C:\Windows\System\jsaAarp.exe
  2⤵
  PID:10220
- C:\Windows\System\GtVSgXv.exe
  C:\Windows\System\GtVSgXv.exe
  2⤵
  PID:10236
- C:\Windows\System\PxcIxmA.exe
  C:\Windows\System\PxcIxmA.exe
  2⤵
  PID:9248
- C:\Windows\System\QspwCul.exe
  C:\Windows\System\QspwCul.exe
  2⤵
  PID:9316
- C:\Windows\System\metPGWW.exe
  C:\Windows\System\metPGWW.exe
  2⤵
  PID:9332
- C:\Windows\System\pWtnLiS.exe
  C:\Windows\System\pWtnLiS.exe
  2⤵
  PID:9232
- C:\Windows\System\OpcDiVW.exe
  C:\Windows\System\OpcDiVW.exe
  2⤵
  PID:9352
- C:\Windows\System\iDJLntd.exe
  C:\Windows\System\iDJLntd.exe
  2⤵
  PID:9396
- C:\Windows\System\pjSFwXN.exe
  C:\Windows\System\pjSFwXN.exe
  2⤵
  PID:9372
- C:\Windows\System\oqQhcBH.exe
  C:\Windows\System\oqQhcBH.exe
  2⤵
  PID:9448
- C:\Windows\System\JuOWfWy.exe
  C:\Windows\System\JuOWfWy.exe
  2⤵
  PID:9428
- C:\Windows\System\ScvvrjO.exe
  C:\Windows\System\ScvvrjO.exe
  2⤵
  PID:9456
- C:\Windows\System\hQYqUYq.exe
  C:\Windows\System\hQYqUYq.exe
  2⤵
  PID:9472
- C:\Windows\System\eKEMxjv.exe
  C:\Windows\System\eKEMxjv.exe
  2⤵
  PID:9492
- C:\Windows\System\WsxDidx.exe
  C:\Windows\System\WsxDidx.exe
  2⤵
  PID:9508
- C:\Windows\System\OYhspps.exe
  C:\Windows\System\OYhspps.exe
  2⤵
  PID:9524
- C:\Windows\System\GaunWHR.exe
  C:\Windows\System\GaunWHR.exe
  2⤵
  PID:9540
- C:\Windows\System\XnLuZfu.exe
  C:\Windows\System\XnLuZfu.exe
  2⤵
  PID:9560
- C:\Windows\System\cMnFiJi.exe
  C:\Windows\System\cMnFiJi.exe
  2⤵
  PID:9580
- C:\Windows\System\tgBomBn.exe
  C:\Windows\System\tgBomBn.exe
  2⤵
  PID:9596
- C:\Windows\System\nRYjuEL.exe
  C:\Windows\System\nRYjuEL.exe
  2⤵
  PID:9612
- C:\Windows\System\vKFIBbV.exe
  C:\Windows\System\vKFIBbV.exe
  2⤵
  PID:9640
- C:\Windows\System\yXjtmxk.exe
  C:\Windows\System\yXjtmxk.exe
  2⤵
  PID:9656
- C:\Windows\System\jEtdOPL.exe
  C:\Windows\System\jEtdOPL.exe
  2⤵
  PID:9672
- C:\Windows\System\KAOEjAg.exe
  C:\Windows\System\KAOEjAg.exe
  2⤵
  PID:9684
- C:\Windows\System\uUjkOtS.exe
  C:\Windows\System\uUjkOtS.exe
  2⤵
  PID:9712
- C:\Windows\System\RZqyTlj.exe
  C:\Windows\System\RZqyTlj.exe
  2⤵
  PID:9728
- C:\Windows\System\bHcwCtZ.exe
  C:\Windows\System\bHcwCtZ.exe
  2⤵
  PID:9748
- C:\Windows\System\KSOADpb.exe
  C:\Windows\System\KSOADpb.exe
  2⤵
  PID:9760
- C:\Windows\System\dcwmmaV.exe
  C:\Windows\System\dcwmmaV.exe
  2⤵
  PID:9776
- C:\Windows\System\vvlNbbX.exe
  C:\Windows\System\vvlNbbX.exe
  2⤵
  PID:9792
- C:\Windows\System\FuiwTgb.exe
  C:\Windows\System\FuiwTgb.exe
  2⤵
  PID:9836
- C:\Windows\System\hYTmSlC.exe
  C:\Windows\System\hYTmSlC.exe
  2⤵
  PID:10140
- C:\Windows\System\nEvQMDp.exe
  C:\Windows\System\nEvQMDp.exe
  2⤵
  PID:10212
- C:\Windows\System\sGNPZWy.exe
  C:\Windows\System\sGNPZWy.exe
  2⤵
  PID:9896
- C:\Windows\System\LhEzOif.exe
  C:\Windows\System\LhEzOif.exe
  2⤵
  PID:9284
- C:\Windows\System\RGfNYbm.exe
  C:\Windows\System\RGfNYbm.exe
  2⤵
  PID:9964
- C:\Windows\System\YLvuzKo.exe
  C:\Windows\System\YLvuzKo.exe
  2⤵
  PID:10096
- C:\Windows\System\NRobZSF.exe
  C:\Windows\System\NRobZSF.exe
  2⤵
  PID:10164
- C:\Windows\System\rVQFSpa.exe
  C:\Windows\System\rVQFSpa.exe
  2⤵
  PID:10200
- C:\Windows\System\xSBkEnP.exe
  C:\Windows\System\xSBkEnP.exe
  2⤵
  PID:9336
- C:\Windows\System\RJaxyLQ.exe
  C:\Windows\System\RJaxyLQ.exe
  2⤵
  PID:9412
- C:\Windows\System\QPUCsbh.exe
  C:\Windows\System\QPUCsbh.exe
  2⤵
  PID:9300
- C:\Windows\System\DyfHHov.exe
  C:\Windows\System\DyfHHov.exe
  2⤵
  PID:9296
- C:\Windows\System\JlmPuCi.exe
  C:\Windows\System\JlmPuCi.exe
  2⤵
  PID:9496
- C:\Windows\System\NqdupEj.exe
  C:\Windows\System\NqdupEj.exe
  2⤵
  PID:9568
- C:\Windows\System\UoUytNR.exe
  C:\Windows\System\UoUytNR.exe
  2⤵
  PID:9488
- C:\Windows\System\IGTZXKk.exe
  C:\Windows\System\IGTZXKk.exe
  2⤵
  PID:9624
- C:\Windows\System\VsHbKFK.exe
  C:\Windows\System\VsHbKFK.exe
  2⤵
  PID:9628
- C:\Windows\System\tkcAOKh.exe
  C:\Windows\System\tkcAOKh.exe
  2⤵
  PID:9736
- C:\Windows\System\RbZxKYO.exe
  C:\Windows\System\RbZxKYO.exe
  2⤵
  PID:9704
- C:\Windows\System\zQrlobw.exe
  C:\Windows\System\zQrlobw.exe
  2⤵
  PID:9900
- C:\Windows\System\xQFYhFb.exe
  C:\Windows\System\xQFYhFb.exe
  2⤵
  PID:9348
- C:\Windows\System\MoHJygs.exe
  C:\Windows\System\MoHJygs.exe
  2⤵
  PID:9532
- C:\Windows\System\UxlfTPK.exe
  C:\Windows\System\UxlfTPK.exe
  2⤵
  PID:9772
- C:\Windows\System\ZbeQQfm.exe
  C:\Windows\System\ZbeQQfm.exe
  2⤵
  PID:9944
- C:\Windows\System\jpmcjLH.exe
  C:\Windows\System\jpmcjLH.exe
  2⤵
  PID:7856
- C:\Windows\System\juJdAtA.exe
  C:\Windows\System\juJdAtA.exe
  2⤵
  PID:9460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CJXtjMZ.exe

Filesize
6.0MB

MD5
159b4ebebde0eadee22f82ef4c2f7d8f

SHA1
7c6f5663d8e08662d3f0ea27d5f375e48ab268ed

SHA256
33d0e376d4b1c9fcedd70b594c20fc60795c8108fed16b99a3688d75b1d826cb

SHA512
4270dc0cb167699c02ce22f7510835a5393877442a379b443ed8d64427c626cf85ed1a2ed64c74f1452ab4e7a72c59b0761a940ff74261c514d806d0b71a37bf

Download Submit
C:\Windows\system\CSIQzQr.exe

Filesize
6.0MB

MD5
990844bc15bdf0b3393036025f04a461

SHA1
a5666729191b431c9d0d8fdc315bc7e8e594a9db

SHA256
84707769531e88b43699c489a5a1813206e34ed6ca0026e1ea3adcabb80b878e

SHA512
e68920c9edc32259797fb61395291a19b216a27434bbd2b72a235edceee82e882ef1f1876159337f6c41f91ceb0555eb9cc0fa743a71c42df19d2976c42a99c2

Download Submit
C:\Windows\system\DIzRcKI.exe

Filesize
6.0MB

MD5
035b2df95304aac28ae14f074690c5f1

SHA1
7e9a38f27dad41a258773618c7404a411bad31bc

SHA256
f008897b5dbf02978cc5ab0666ba54d388261cd72e9e986a469844db2ea06aee

SHA512
019333f589b99ad97d2469f469dddc60e23cabf1ebe33bdbf5e0b66afe20214999dcb853122c4ec48e06d42f6b4ca44dcf3778e228979426aa452d59d763142a

Download Submit
C:\Windows\system\IBSiiYj.exe

Filesize
6.0MB

MD5
d9624c1516f2488b2b847379457d5d02

SHA1
01407691ea27feb67df0418a6e03b23da8fcd09d

SHA256
806d84f9480205c51a0b102bf9b1f1af5d7d382d31a57799b97954a2fe5b4035

SHA512
4f714636d750d2e28e63492719ce0ae45e8f82239f9074d3447414d45b646b7630d35187cfda8bc0272c9918b73c5162d894aeb4d40c2a0146a23764a7befb46

Download Submit
C:\Windows\system\IahMxTR.exe

Filesize
6.0MB

MD5
9f72e2276b2dd7a8647d6388fbb62faa

SHA1
400ee01804db814fdcd21ec7ca1a26549101c8eb

SHA256
d2c200a34e1a11200547228fe43f08b52df0e21d0fb3e08c179d5b401d839320

SHA512
d94e8e83c3f3348332287afd041a23d4dff0021521da11597f54f4117d9f272b33458d3ad691acc35e6a31818a199a82e01ca601b29833081373f3ed26bb0f6e

Download Submit
C:\Windows\system\JxiQhgE.exe

Filesize
6.0MB

MD5
1c6edc01cb0996d6c58f8e45943d14be

SHA1
5f38f3c30a29365461c9574815fde33321b70aed

SHA256
1f63c15069da00ae9f4d5ebef40d7c2b8deb7d5c1d5c554dde3a17d7aca54ae5

SHA512
dd8ca70fdf58b7152589d1c5048afad910b716801026f8fb92457a17dc24a037625101a99f9cd3ff6892ec67d4dd7ae3a9fc6fa0ca9887a687b03cfce89a8acc

Download Submit
C:\Windows\system\KhlEdTf.exe

Filesize
6.0MB

MD5
201a313fefa5c8583d76e2105081780c

SHA1
c9eb9397378e294d793268d4f3f4a360b2a2d739

SHA256
d5b35e479c65e5f25111ddfc279a5e87ae964a9c04065120cf1ee092814abadf

SHA512
13c610f2bdf91222d888a09e2692708688b18bd8af33a9b4d62721339d46abfd81f4bc860247163815a3a829d2a441a1db51b6aafec0d4d7328b8b1cb2e90fab

Download Submit
C:\Windows\system\KowcwBs.exe

Filesize
6.0MB

MD5
b7f993be065e1f6064866879497e8294

SHA1
518f41703bc631cad38d880c205fac28b8bbc9fb

SHA256
acd587e650fdfdff0f69fc207fc30894fb6495b1a6f7a8e5a73861fceb7a7f18

SHA512
144a0aebd237ca34bb0f99c6b26eb912c42bc3172b40d075ad191c02fa998712ac6eb9b01f1ce1fb12d662821c46ef19ccc6f27b30510791ae5451cba07e6efb

Download Submit
C:\Windows\system\OMJeBkc.exe

Filesize
6.0MB

MD5
4d0c12e1f41cb409ae894f9dd337cab0

SHA1
6f677b2076bf06af613a8971581530497c3d2719

SHA256
663a7c6c6061efce2d1e63c3d20eb1db7f23c0942821c9f5b87c5fedd105d1ce

SHA512
28186911a026cd769b2d56530709fefcf461af14f18a46465803c7da6b8497c9c1a2c0221b7d37b7d29b692d69e7b17b23da184c4a5c16ac299966565c07092f

Download Submit
C:\Windows\system\PmZfDfX.exe

Filesize
6.0MB

MD5
5f189830099bb7d6f8f1ac7bc73e2c10

SHA1
5d936b4e7c32bd362d34c9db25cc0ff47836bb24

SHA256
ecf6b384e78b94afadfb46fca909de7e3d34668a3dba70902e39a0c09bfe6ce7

SHA512
ca4c5df3f6f2645ce3d597ca455588d91cbe449539566473d3208c5e7e61c79d413072ebcf421ced5da63812102d7f25eb3743dc529115a8330990fa21a4a1c2

Download Submit
C:\Windows\system\QVlSDjl.exe

Filesize
6.0MB

MD5
505163a8807e8ae234985414528d51b4

SHA1
bc83a09bf26f9abaceef519d2bea8c76fdcb9c83

SHA256
afc0b306f47db955a309e95a258db3c92880c26df21f38abaed67a4548057237

SHA512
6a1d6fb08f2781e9581eae3786f5b431eb46e21ce7537848c6c879ef02f0ca43538f0e32afff56bfb9443dad96d21832711b375e29da87af08946552b7b63f3d

Download Submit
C:\Windows\system\QZdmtgT.exe

Filesize
6.0MB

MD5
9ddf21a7378b9f7afdfc35dbcd390994

SHA1
74bc7c6aef63c3ad54b7bf5a2d89bbeac63f3afa

SHA256
edc4f551ce28c9213a27a0eec14f75e776175d0fd3239d3ef62c23e75f9ff48c

SHA512
113bf45ae73763155c28240e2f1ffefe51fd213a9aa1b44d18e77f32a8632e1fe4831b77a51deb4d5ad83b42cbfd639d3019cca614f0bd0c0a5ea301088f6bc4

Download Submit
C:\Windows\system\TVkiPKJ.exe

Filesize
6.0MB

MD5
0cffd83565166d740aaf059f4cc1525b

SHA1
63ceed7b9572a4bb18e5e44cc2b4672c2fb13ccc

SHA256
f33807ac26813916f27880e035887b10da2cfc404b52513de8b2b627a69ea589

SHA512
d0e3aeb1b8ffae017c001aedc047c530b880c806d8c38812dbc1f60cd91edfc87432c0c3d2d6ae813219c16fc6e76b4a2523a1b7273a30c064ce4eb787f96251

Download Submit
C:\Windows\system\TkjQkex.exe

Filesize
6.0MB

MD5
0b1650f7bedd8a044b77273b66e92ec9

SHA1
898127f2d0ac79d5072cc0dfa7cdd95faf8de0a4

SHA256
ffafcc3c9aa80e209529ad9c0f6350632e4dcd163b9ce9dbe4bc5461bbd0fa5d

SHA512
4e25d0f2ad75c8c34292aabbdf8a90a82cbc77e1753e78b0c921e2841f855887642b4839c33d91e97643c84f05db39bb71f34b199d9e15e8c4e29cb155cbb2bb

Download Submit
C:\Windows\system\ULuvgdY.exe

Filesize
6.0MB

MD5
389c6bb12594cb1e4ef20c14baa4e86b

SHA1
617379d0c253063bd60fb08a768a6384d7a13626

SHA256
ea0a9b15642317a6945d42b5d84e3a79cfa323727dc6238f1391b6e766ad2f44

SHA512
a29179b8f9c79d8218e6c536c1460908aab44fb3e5189afc340158b8a0a1c02975cc04a3526586f5071c7212be810dece19d54ea71768e5fc112da1f0586adf7

Download Submit
C:\Windows\system\UMxdvne.exe

Filesize
6.0MB

MD5
7cd1cb6a26cbd5ec5e01d083ba100374

SHA1
acc858e61247538ee5511d95545c87e8575fb3e4

SHA256
ce7f4a68aa023b51f818c7c7c51cbe23c8c819fa9f0cab501535d79212b66c6e

SHA512
150332d95939703ad6ef3678000a08d13f374272d47e1b8da37f86640b1a6a4d9f308b6739b89c10b777622f9cb8a410f05360b91ab5be8e418852e1522d4b3c

Download Submit
C:\Windows\system\VOzaxmS.exe

Filesize
6.0MB

MD5
6144dd6804d601731e34ea59a9d4b41f

SHA1
98950b5539f1950e673bfdf9503fbd7e9618b35e

SHA256
3b48f181a71ccb5192eb2a67a8dfb280b6e59339b1be88f6da3714e0fa825e2d

SHA512
b038bbdab9941be2f29bedd3c16ad8a672018556cc8537dc46308cdada7b8ed9d41ccfb62bd52519b12f6f9b02aece635cd10afbafafc410c07fc462194d431e

Download Submit
C:\Windows\system\XlIbhYC.exe

Filesize
6.0MB

MD5
0bb5e895ccf978493a2db1e9e782f5ea

SHA1
1fd5a2824b187199bf7c0525c1c40b6e3625eb2f

SHA256
44a8a24d1c0320d7faa7428bf9b76e910a8df1bc85d4b1cb9784cae9308e86df

SHA512
fc9899ecc31348b58ca56b064e4a51a92d4ee7d4dce7f564381b13931cb4cabd37f92d1a0c7891d63befb20a1b269b1cb3f1e437866b7519e8859fea71e3c4c8

Download Submit
C:\Windows\system\cGPkgDL.exe

Filesize
6.0MB

MD5
006e011828f4e7e43fd8de3b3c4c5bc4

SHA1
433e34eff4c1adb67ca2dcc65e8df21c262aa2b8

SHA256
41549d9d1ab22c72fb30624d60e8f1a7e803d8ff30fb4e49d645064e9fd8419d

SHA512
642539d2ea198649ed016fd7e6ac6f888fad6a4d7e89225c232b745c4bde0662caa169011120677e30d945f41db666b98f12bc298031794f9d8a3aae41fe924e

Download Submit
C:\Windows\system\evuTdAQ.exe

Filesize
6.0MB

MD5
a7ab3f42009969afbdbc15341bcda64d

SHA1
f7068f886ecc7b4a47674a895420e62f9ce4b343

SHA256
8f34da5cf10eea35cac8f6d0f35246f430f86a9f65b5f7c1537ddf3616d51928

SHA512
ea79dc8b8a0b88f187d2a720a2cfc86be7698fdfa076921bb13058c2b135710f43153886bd76f4c1c170c5e09acbc8b7268a3700165a5320f0c5ba8841a7834f

Download Submit
C:\Windows\system\gZZthVw.exe

Filesize
6.0MB

MD5
d1a9d4931e4d346c2286d270556bf873

SHA1
f59708a01188e1a2a089c1dd3ec33e9c2bf47b89

SHA256
1a014c08d40b948c7e9a31d982531af93564a22f639dad2e5858eef1d28b940b

SHA512
a09a3f0e1a27c0915d4eaf903c3bea0a51b2325c91353f96c89737fb3fbd2e12543df136384cc239c6dc0f7f6a614848d52f7763cb21080e8c05d75438023938

Download Submit
C:\Windows\system\gaQyfns.exe

Filesize
6.0MB

MD5
3ce2357ae2d9a85e6085ac3123fb7320

SHA1
9395627a99a9fb3e24d583c28951634cf5c449b4

SHA256
529c764bf4c5c4713a175faff33f05e372b0e3fc4541868701edc419426177a0

SHA512
040ec62a70e1a7806dbf02672e9e3175d83552eabd8df72192de6a1628c912d4cd0b035d0abbda962d27bfcc152b26bfc4d3e1ef8c3de234eb946275fc8353a0

Download Submit
C:\Windows\system\kEeEURL.exe

Filesize
6.0MB

MD5
5a325f6839af1b1703ac9285e27ece4d

SHA1
1f572c7e7c799fa0a9c8cfc80cd58d410b2a1dcf

SHA256
6ccc46ed5d081f1c3f2b4934bcb33f8f16720b71d2f4df8f54bca1c07cb66198

SHA512
65400306afcb2bd121d8dc24eb41b9ec065bb7a9fa012f6246e45595e5d85ca34514e49e2bfbd7638218b5acb8db6e10eb450fdfc0b520e17b5cf1ab1803505d

Download Submit
C:\Windows\system\kHEsMBY.exe

Filesize
6.0MB

MD5
079d8759b69f30913ac410d1eca990be

SHA1
2e5969014bd4f41868ade6c65bec037cffd70132

SHA256
327bd0f09b4eb43f4950ec44fc4f14addca8a6719448d52bc13fe1b30435482d

SHA512
6acce4a5c6286cf87575a456135d86ae53bda6ef25d6d5aa9eaa597049a727c73e9959bde1eb2fd5d0d1bab05665fd91b5d4f5dc6eaa3b5d2bbb088c0c58fec7

Download Submit
C:\Windows\system\mtExERz.exe

Filesize
6.0MB

MD5
b9f0d2a67864ff182d3f062d2a432438

SHA1
45e2d2b5f5ac476e3dfd0e586e7bc996215bc25d

SHA256
ef47ff657ca9346a51f844026fe9a0ff63da3d6ba8249131428db48ec82db990

SHA512
36585efb5b4031fb3fd52926eccf486e76a7b62990d72595cf3c1d8662ee6df53a9272d88397f73137d12b00e30d308caa18cf74abd40f1e10f33ddf4277a793

Download Submit
C:\Windows\system\tgCIcZz.exe

Filesize
6.0MB

MD5
aac1ee1bc45627869eaefe305d1b4cdc

SHA1
5663230fd6fbc1dd8f77a38981be9489913ff320

SHA256
73579cdabbc4cb2b241ba89913d3466150cc0b656323b6aab3ed4dbf67df627e

SHA512
7478f2d258ad6a89dd077a40310e44ed9b1e28a5b0271d9dbcd81e0f93c39bcca4077531a5eef3ca60fb7317dce6ddbbca2d1356a7cfea3574460625adf0fb9f

Download Submit
C:\Windows\system\uwkYbKz.exe

Filesize
6.0MB

MD5
7e1f242fd4b16b9e324e99bcc3333ee7

SHA1
0ac5e8438f88d7385d2bfe84afe6806f1a50d9e4

SHA256
11db0784103d83167e947d2d287cd85b2334721780e6a9afedc766ffe1940e33

SHA512
df88c63f7b77d6acad016ffa9fa60f23e2b98963cd4f31144edb0ade9ba33b43af25051f757f876222ceafd8bf1ada28c657045f0864ea1824c43d95fc822185

Download Submit
C:\Windows\system\vrAgXkU.exe

Filesize
6.0MB

MD5
eff545e9761400f783437e513279561f

SHA1
3a27e23d8653dfa03e58d48fc8e51d6c1a961153

SHA256
0ddd838d1e31aaba08a13f647f03f69847d48826e1229806bed36e6392f65c7b

SHA512
a884412bbdbc5c9a7d54f792537b0d4622585b8f3163121a277996d94d7867bde5ab7914f93a5004bb1efa9f59b5f0ad7fbd9a5d112a2c9956d49d6cd8a3d3ab

Download Submit
C:\Windows\system\wxyHqAK.exe

Filesize
6.0MB

MD5
1ce768de8c777a0b96fc6547fc991584

SHA1
9b2e51b34f9eb391efc7a043c65a165400fa06ad

SHA256
2f465d9c34837b306046c946daccdc99b43e2ad8f85a718c08da3201d84010ca

SHA512
cbe1d6bf76fbc1add7995acd05dbeacf9a9d8530cbdb54d6c56175b3171a1af373b6d2befd1833ddec51a98716c40b00ff369a6526142207809523ceaaa47ca3

Download Submit
C:\Windows\system\zgtKNZL.exe

Filesize
6.0MB

MD5
acab76cbfda5e414acb3dc502e887010

SHA1
6db91d0a3891fc5ddd432035e01fb74000e25bf0

SHA256
ae441031570b9b167187d282c79c3eb3922c2e8c91cffc016982b5c005f928a9

SHA512
8bd35b67c64d407c5875a7548c85f89b75041b6ae08f46f05b096502a10d511246e4ae9285c82a89f1f6c037159ee6c6b2230a5584719e05602be8c05c979663

Download Submit
\Windows\system\CouDOIO.exe

Filesize
6.0MB

MD5
ad28eeb1e3ccef073db079a56a170c00

SHA1
c0e774c33a429c79e8075c6135c02149d6ecde9f

SHA256
49eaae4bd26c6b919150b8f1e670da4cb68de947aabc6dfce0e1e80e57ab591d

SHA512
2df68e1f73c838a23818bae2f75537bece24916d90895071e078ceed41ad23fd51a922450a9bd4e040d959b9a7d5189eb8fda7ba1c76975c147cc756045fd4c2

Download Submit
\Windows\system\hdhXNUr.exe

Filesize
6.0MB

MD5
b19cf0f40d1917738690687b06e0dad3

SHA1
f0fc690867f898886738dbc65ac01e52ec9344d0

SHA256
7b5efd901687aaf990487edb60883a07e61910126b69bef6e555970d4a769298

SHA512
d214cfc5e67541b1b3ac4a65bf446928c69f760934bed94ad3d01aa52d0eb451073d73f9a1ed09c3273225eeea9ce1789b4dcbd13c46292bc02ac3306b50ae00

Download Submit
memory/860-3717-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/860-467-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/1752-469-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2200-471-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2200-3712-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2252-3711-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2252-514-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2368-459-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-3551-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-472-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2416-466-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-468-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-470-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2416-0-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-474-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2416-488-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2416-511-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2416-3582-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-513-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2416-515-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2416-485-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2416-464-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-520-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2416-519-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2416-517-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2556-3548-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2556-473-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3714-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-463-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-465-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3565-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-492-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-3713-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3715-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2836-475-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2856-518-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-3716-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-3708-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2936-486-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2944-512-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2944-3718-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2980-516-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2980-3719-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2980-3720-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download