cobaltstrike | e0784178e6665b6463c9dc8943e7180503fbbf9154f769bf8d08f45bf87fdd8c

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20/09/2024, 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

c282c460fb89b6af8771c18ae053e452
SHA1

f42347d99ffc91edc889c17cdd1d9f0d8c8af71a
SHA256

e0784178e6665b6463c9dc8943e7180503fbbf9154f769bf8d08f45bf87fdd8c
SHA512

7bf78c2738e595df6e3c7bd61af60bb4c8478bb8d9b9fc90783305756f687862e6a12109e4b29d037e15de4b7da15f70a8870eeacb8cd17d7de47278aca06281
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUG:T+q56utgpPF8u/7G

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c0000000122e0-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d2e-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d36-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d47-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d50-29.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d9f-41.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dc8-52.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d13-49.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019218-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-123.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d9-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019401-190.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019403-194.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-184.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-169.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019389-159.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193be-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019277-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019271-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924c-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019229-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f7-106.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-97.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190d6-95.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190cd-82.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018690-81.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001879b-80.dat	cobalt_reflective_dll
behavioral1/files/0x000b000000018678-64.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/548-0-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/files/0x000c0000000122e0-6.dat	xmrig
behavioral1/memory/1440-9-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d2e-10.dat	xmrig
behavioral1/memory/2224-15-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d36-12.dat	xmrig
behavioral1/memory/2836-22-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d47-27.dat	xmrig
behavioral1/files/0x0007000000016d50-29.dat	xmrig
behavioral1/memory/2748-37-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/548-36-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2640-32-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d9f-41.dat	xmrig
behavioral1/files/0x0008000000016dc8-52.dat	xmrig
behavioral1/memory/2704-60-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2836-56-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2076-51-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2224-50-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d13-49.dat	xmrig
behavioral1/memory/2636-47-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2544-67-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/548-78-0x0000000002460000-0x00000000027B4000-memory.dmp	xmrig
behavioral1/memory/2584-87-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/1720-88-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019218-111.dat	xmrig
behavioral1/files/0x0005000000019234-123.dat	xmrig
behavioral1/files/0x00050000000193d9-179.dat	xmrig
behavioral1/memory/548-692-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2544-463-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2704-269-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019401-190.dat	xmrig
behavioral1/files/0x0005000000019403-194.dat	xmrig
behavioral1/files/0x00050000000193df-184.dat	xmrig
behavioral1/files/0x00050000000193c4-169.dat	xmrig
behavioral1/files/0x00050000000193cc-174.dat	xmrig
behavioral1/files/0x0005000000019389-159.dat	xmrig
behavioral1/files/0x00050000000193be-164.dat	xmrig
behavioral1/files/0x0005000000019382-154.dat	xmrig
behavioral1/files/0x0005000000019277-149.dat	xmrig
behavioral1/files/0x0005000000019271-140.dat	xmrig
behavioral1/files/0x0005000000019273-143.dat	xmrig
behavioral1/files/0x000500000001926b-134.dat	xmrig
behavioral1/files/0x000500000001924c-129.dat	xmrig
behavioral1/files/0x0005000000019229-118.dat	xmrig
behavioral1/files/0x00050000000191f7-106.dat	xmrig
behavioral1/memory/2076-104-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2844-103-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/1752-102-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/files/0x00050000000191f3-97.dat	xmrig
behavioral1/files/0x00060000000190d6-95.dat	xmrig
behavioral1/memory/2420-92-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x00060000000190cd-82.dat	xmrig
behavioral1/files/0x0005000000018690-81.dat	xmrig
behavioral1/files/0x000500000001879b-80.dat	xmrig
behavioral1/files/0x000b000000018678-64.dat	xmrig
behavioral1/memory/548-62-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/1440-3895-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2224-3890-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2640-3915-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2836-3918-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2704-3961-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2636-3945-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2748-3925-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2544-3976-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1440	rQYrJgF.exe
2224	BPOginN.exe
2836	tLKkZdQ.exe
2640	wEEjFQP.exe
2748	zsLosfl.exe
2636	eMydqnr.exe
2076	RCjeJtp.exe
2704	ZeAXsmW.exe
2544	NUSGdkO.exe
2420	effcEUe.exe
2584	KvrXAfE.exe
1720	eqFaNge.exe
1752	oJCZNVB.exe
2844	bFUtmeC.exe
304	iuDVSit.exe
1948	SdDZJef.exe
1220	ShaPcDw.exe
2768	oXMqsAC.exe
1912	QFvtdxI.exe
1272	hDJQUqf.exe
2856	VUEaXgH.exe
1996	ItNcTVg.exe
2884	XZoCuNU.exe
2356	yCAieoq.exe
964	tdjGfdi.exe
2212	YdWWkJu.exe
2940	tYXcNsi.exe
1644	LQJjYNK.exe
2248	UpcxUDC.exe
708	wYLYxrA.exe
1940	hFwMFdx.exe
2000	ACSaaMO.exe
2148	TQaJvWo.exe
920	TazJvId.exe
2268	uqQzkAo.exe
1680	bXrmiYf.exe
1916	NeQQeZY.exe
1660	XwOdrBl.exe
2292	GRjPmpR.exe
1132	TvhEFLE.exe
2976	PEAmyxJ.exe
2412	nqlvpNT.exe
3032	dyvsUlj.exe
2924	rKSOEhc.exe
544	dalcYtS.exe
1900	sVdOYXe.exe
2204	ozohaDZ.exe
900	gSGYxid.exe
1692	UqLrlgY.exe
2948	VyliAEI.exe
1156	FQKUcJX.exe
1600	vQwRtoU.exe
1596	rSfVaFS.exe
1760	fVvCrjK.exe
2156	thQtkxz.exe
2128	rnZCeci.exe
2816	zVIenEf.exe
1748	svUroJc.exe
3000	sZctBLq.exe
2984	jrIrHZw.exe
1724	wiYMZFl.exe
996	yNQDkgz.exe
1000	ZXDeVSH.exe
1988	iYjfxnW.exe

Loads dropped DLL 64 IoCs

pid	Process
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/548-0-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/files/0x000c0000000122e0-6.dat	upx
behavioral1/memory/1440-9-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/files/0x0008000000016d2e-10.dat	upx
behavioral1/memory/2224-15-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/files/0x0008000000016d36-12.dat	upx
behavioral1/memory/2836-22-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/files/0x0007000000016d47-27.dat	upx
behavioral1/files/0x0007000000016d50-29.dat	upx
behavioral1/memory/2748-37-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/548-36-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2640-32-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/files/0x0007000000016d9f-41.dat	upx
behavioral1/files/0x0008000000016dc8-52.dat	upx
behavioral1/memory/2704-60-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2836-56-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2076-51-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2224-50-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/files/0x0009000000016d13-49.dat	upx
behavioral1/memory/2636-47-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2544-67-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/548-78-0x0000000002460000-0x00000000027B4000-memory.dmp	upx
behavioral1/memory/2584-87-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/1720-88-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/files/0x0005000000019218-111.dat	upx
behavioral1/files/0x0005000000019234-123.dat	upx
behavioral1/files/0x00050000000193d9-179.dat	upx
behavioral1/memory/2544-463-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2704-269-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/files/0x0005000000019401-190.dat	upx
behavioral1/files/0x0005000000019403-194.dat	upx
behavioral1/files/0x00050000000193df-184.dat	upx
behavioral1/files/0x00050000000193c4-169.dat	upx
behavioral1/files/0x00050000000193cc-174.dat	upx
behavioral1/files/0x0005000000019389-159.dat	upx
behavioral1/files/0x00050000000193be-164.dat	upx
behavioral1/files/0x0005000000019382-154.dat	upx
behavioral1/files/0x0005000000019277-149.dat	upx
behavioral1/files/0x0005000000019271-140.dat	upx
behavioral1/files/0x0005000000019273-143.dat	upx
behavioral1/files/0x000500000001926b-134.dat	upx
behavioral1/files/0x000500000001924c-129.dat	upx
behavioral1/files/0x0005000000019229-118.dat	upx
behavioral1/files/0x00050000000191f7-106.dat	upx
behavioral1/memory/2076-104-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2844-103-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/1752-102-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/files/0x00050000000191f3-97.dat	upx
behavioral1/files/0x00060000000190d6-95.dat	upx
behavioral1/memory/2420-92-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x00060000000190cd-82.dat	upx
behavioral1/files/0x0005000000018690-81.dat	upx
behavioral1/files/0x000500000001879b-80.dat	upx
behavioral1/memory/548-72-0x0000000002460000-0x00000000027B4000-memory.dmp	upx
behavioral1/files/0x000b000000018678-64.dat	upx
behavioral1/memory/1440-3895-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2224-3890-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2640-3915-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2836-3918-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2704-3961-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2636-3945-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2748-3925-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2544-3976-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2584-3980-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\MYqTJCR.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AmrWNkf.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gbvWnXK.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dySBsdk.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bZddSpV.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uYEpTVC.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\StNvqJz.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RlNfxau.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xkAXqFa.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ekcHoIV.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jpaxtZt.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JYDHfkn.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jtiTySe.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VKYprqp.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMtMqZe.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cYEeKMy.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BeZrFTh.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dGzufVM.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zVoBDXP.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iUvlTgR.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PNmAiGX.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WgfzSiw.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\swMgIrK.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OnxRDFU.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ONsPNda.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YbkrSom.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ShaPcDw.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RXuLyPK.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AxXAgiB.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kdlneYZ.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nQIyioJ.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wzSXqJU.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NiHquJs.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wTDIMgf.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wEEjFQP.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UTbayMw.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cVLqKCP.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\syxmFsa.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HoVuYQc.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rZMPwmM.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hXyGVoG.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SBhItuD.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bxUVSxx.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kboredb.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GQneJLe.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hEEfqTF.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SvcpiDz.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BtisKeO.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EtFsFrJ.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wKSkqlG.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pXTPSLs.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HauVXVH.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Hpozvvq.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dVORkcw.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uFFbAhO.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DtdzEMv.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RbJKbaP.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zdvpjlH.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\peRJyyW.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bXTWADX.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NeYxfOT.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pYlutVV.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UDvHcwe.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sOSOwRN.exe	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 548 wrote to memory of 1440	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 548 wrote to memory of 1440	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 548 wrote to memory of 1440	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 548 wrote to memory of 2224	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 548 wrote to memory of 2224	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 548 wrote to memory of 2224	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 548 wrote to memory of 2836	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 548 wrote to memory of 2836	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 548 wrote to memory of 2836	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 548 wrote to memory of 2640	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 548 wrote to memory of 2640	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 548 wrote to memory of 2640	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 548 wrote to memory of 2748	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 548 wrote to memory of 2748	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 548 wrote to memory of 2748	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 548 wrote to memory of 2636	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 548 wrote to memory of 2636	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 548 wrote to memory of 2636	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 548 wrote to memory of 2076	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 548 wrote to memory of 2076	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 548 wrote to memory of 2076	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 548 wrote to memory of 2704	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 548 wrote to memory of 2704	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 548 wrote to memory of 2704	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 548 wrote to memory of 2544	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 548 wrote to memory of 2544	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 548 wrote to memory of 2544	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 548 wrote to memory of 2584	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 548 wrote to memory of 2584	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 548 wrote to memory of 2584	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 548 wrote to memory of 2420	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 548 wrote to memory of 2420	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 548 wrote to memory of 2420	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 548 wrote to memory of 1720	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 548 wrote to memory of 1720	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 548 wrote to memory of 1720	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 548 wrote to memory of 1752	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 548 wrote to memory of 1752	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 548 wrote to memory of 1752	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 548 wrote to memory of 2844	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 548 wrote to memory of 2844	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 548 wrote to memory of 2844	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 548 wrote to memory of 1948	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 548 wrote to memory of 1948	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 548 wrote to memory of 1948	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 548 wrote to memory of 304	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 548 wrote to memory of 304	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 548 wrote to memory of 304	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 548 wrote to memory of 1220	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 548 wrote to memory of 1220	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 548 wrote to memory of 1220	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 548 wrote to memory of 2768	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 548 wrote to memory of 2768	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 548 wrote to memory of 2768	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 548 wrote to memory of 1912	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 548 wrote to memory of 1912	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 548 wrote to memory of 1912	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 548 wrote to memory of 1272	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 548 wrote to memory of 1272	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 548 wrote to memory of 1272	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 548 wrote to memory of 2856	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 548 wrote to memory of 2856	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 548 wrote to memory of 2856	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 548 wrote to memory of 1996	548	2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-20_c282c460fb89b6af8771c18ae053e452_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:548
- C:\Windows\System\rQYrJgF.exe
  C:\Windows\System\rQYrJgF.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\BPOginN.exe
  C:\Windows\System\BPOginN.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\tLKkZdQ.exe
  C:\Windows\System\tLKkZdQ.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\wEEjFQP.exe
  C:\Windows\System\wEEjFQP.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\zsLosfl.exe
  C:\Windows\System\zsLosfl.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\eMydqnr.exe
  C:\Windows\System\eMydqnr.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\RCjeJtp.exe
  C:\Windows\System\RCjeJtp.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\ZeAXsmW.exe
  C:\Windows\System\ZeAXsmW.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\NUSGdkO.exe
  C:\Windows\System\NUSGdkO.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\KvrXAfE.exe
  C:\Windows\System\KvrXAfE.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\effcEUe.exe
  C:\Windows\System\effcEUe.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\eqFaNge.exe
  C:\Windows\System\eqFaNge.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\oJCZNVB.exe
  C:\Windows\System\oJCZNVB.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\bFUtmeC.exe
  C:\Windows\System\bFUtmeC.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\SdDZJef.exe
  C:\Windows\System\SdDZJef.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\iuDVSit.exe
  C:\Windows\System\iuDVSit.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\ShaPcDw.exe
  C:\Windows\System\ShaPcDw.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\oXMqsAC.exe
  C:\Windows\System\oXMqsAC.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\QFvtdxI.exe
  C:\Windows\System\QFvtdxI.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\hDJQUqf.exe
  C:\Windows\System\hDJQUqf.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\VUEaXgH.exe
  C:\Windows\System\VUEaXgH.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\ItNcTVg.exe
  C:\Windows\System\ItNcTVg.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\XZoCuNU.exe
  C:\Windows\System\XZoCuNU.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\yCAieoq.exe
  C:\Windows\System\yCAieoq.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\tdjGfdi.exe
  C:\Windows\System\tdjGfdi.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\YdWWkJu.exe
  C:\Windows\System\YdWWkJu.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\tYXcNsi.exe
  C:\Windows\System\tYXcNsi.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\LQJjYNK.exe
  C:\Windows\System\LQJjYNK.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\UpcxUDC.exe
  C:\Windows\System\UpcxUDC.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\wYLYxrA.exe
  C:\Windows\System\wYLYxrA.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\hFwMFdx.exe
  C:\Windows\System\hFwMFdx.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\ACSaaMO.exe
  C:\Windows\System\ACSaaMO.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\TQaJvWo.exe
  C:\Windows\System\TQaJvWo.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\TazJvId.exe
  C:\Windows\System\TazJvId.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\uqQzkAo.exe
  C:\Windows\System\uqQzkAo.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\bXrmiYf.exe
  C:\Windows\System\bXrmiYf.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\NeQQeZY.exe
  C:\Windows\System\NeQQeZY.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\XwOdrBl.exe
  C:\Windows\System\XwOdrBl.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\GRjPmpR.exe
  C:\Windows\System\GRjPmpR.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\TvhEFLE.exe
  C:\Windows\System\TvhEFLE.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\PEAmyxJ.exe
  C:\Windows\System\PEAmyxJ.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\nqlvpNT.exe
  C:\Windows\System\nqlvpNT.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\dyvsUlj.exe
  C:\Windows\System\dyvsUlj.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\rKSOEhc.exe
  C:\Windows\System\rKSOEhc.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\dalcYtS.exe
  C:\Windows\System\dalcYtS.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\sVdOYXe.exe
  C:\Windows\System\sVdOYXe.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\ozohaDZ.exe
  C:\Windows\System\ozohaDZ.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\gSGYxid.exe
  C:\Windows\System\gSGYxid.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\UqLrlgY.exe
  C:\Windows\System\UqLrlgY.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\VyliAEI.exe
  C:\Windows\System\VyliAEI.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\FQKUcJX.exe
  C:\Windows\System\FQKUcJX.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\vQwRtoU.exe
  C:\Windows\System\vQwRtoU.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\rSfVaFS.exe
  C:\Windows\System\rSfVaFS.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\fVvCrjK.exe
  C:\Windows\System\fVvCrjK.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\thQtkxz.exe
  C:\Windows\System\thQtkxz.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\rnZCeci.exe
  C:\Windows\System\rnZCeci.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\zVIenEf.exe
  C:\Windows\System\zVIenEf.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\svUroJc.exe
  C:\Windows\System\svUroJc.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\sZctBLq.exe
  C:\Windows\System\sZctBLq.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\jrIrHZw.exe
  C:\Windows\System\jrIrHZw.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\wiYMZFl.exe
  C:\Windows\System\wiYMZFl.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\yNQDkgz.exe
  C:\Windows\System\yNQDkgz.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\ZXDeVSH.exe
  C:\Windows\System\ZXDeVSH.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\iYjfxnW.exe
  C:\Windows\System\iYjfxnW.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\FSGEoAd.exe
  C:\Windows\System\FSGEoAd.exe
  2⤵
  PID:2864
- C:\Windows\System\PmtiqVG.exe
  C:\Windows\System\PmtiqVG.exe
  2⤵
  PID:2968
- C:\Windows\System\mFHYnvO.exe
  C:\Windows\System\mFHYnvO.exe
  2⤵
  PID:2892
- C:\Windows\System\YsICOVI.exe
  C:\Windows\System\YsICOVI.exe
  2⤵
  PID:2380
- C:\Windows\System\JQGSWqN.exe
  C:\Windows\System\JQGSWqN.exe
  2⤵
  PID:1016
- C:\Windows\System\RlvZzIw.exe
  C:\Windows\System\RlvZzIw.exe
  2⤵
  PID:2408
- C:\Windows\System\jNfPwEF.exe
  C:\Windows\System\jNfPwEF.exe
  2⤵
  PID:1640
- C:\Windows\System\avVeDRh.exe
  C:\Windows\System\avVeDRh.exe
  2⤵
  PID:1684
- C:\Windows\System\FMVXykY.exe
  C:\Windows\System\FMVXykY.exe
  2⤵
  PID:2008
- C:\Windows\System\DvQbOoK.exe
  C:\Windows\System\DvQbOoK.exe
  2⤵
  PID:2448
- C:\Windows\System\ztwWOtV.exe
  C:\Windows\System\ztwWOtV.exe
  2⤵
  PID:1304
- C:\Windows\System\NTrRxxf.exe
  C:\Windows\System\NTrRxxf.exe
  2⤵
  PID:1796
- C:\Windows\System\QwTHGbF.exe
  C:\Windows\System\QwTHGbF.exe
  2⤵
  PID:2032
- C:\Windows\System\YrMNRhk.exe
  C:\Windows\System\YrMNRhk.exe
  2⤵
  PID:1260
- C:\Windows\System\RYUoVeb.exe
  C:\Windows\System\RYUoVeb.exe
  2⤵
  PID:2964
- C:\Windows\System\hKtGbnQ.exe
  C:\Windows\System\hKtGbnQ.exe
  2⤵
  PID:1504
- C:\Windows\System\PjnNesT.exe
  C:\Windows\System\PjnNesT.exe
  2⤵
  PID:876
- C:\Windows\System\esOosei.exe
  C:\Windows\System\esOosei.exe
  2⤵
  PID:2328
- C:\Windows\System\mutUZdS.exe
  C:\Windows\System\mutUZdS.exe
  2⤵
  PID:1928
- C:\Windows\System\SpdmuYB.exe
  C:\Windows\System\SpdmuYB.exe
  2⤵
  PID:1592
- C:\Windows\System\QpMvwbp.exe
  C:\Windows\System\QpMvwbp.exe
  2⤵
  PID:1956
- C:\Windows\System\OGhKDrs.exe
  C:\Windows\System\OGhKDrs.exe
  2⤵
  PID:2624
- C:\Windows\System\yIXuemQ.exe
  C:\Windows\System\yIXuemQ.exe
  2⤵
  PID:1964
- C:\Windows\System\ShnttEY.exe
  C:\Windows\System\ShnttEY.exe
  2⤵
  PID:2680
- C:\Windows\System\ZRdKxIU.exe
  C:\Windows\System\ZRdKxIU.exe
  2⤵
  PID:2652
- C:\Windows\System\OQXnbrH.exe
  C:\Windows\System\OQXnbrH.exe
  2⤵
  PID:652
- C:\Windows\System\KEQOtCa.exe
  C:\Windows\System\KEQOtCa.exe
  2⤵
  PID:704
- C:\Windows\System\fyacZay.exe
  C:\Windows\System\fyacZay.exe
  2⤵
  PID:1300
- C:\Windows\System\wGsXchJ.exe
  C:\Windows\System\wGsXchJ.exe
  2⤵
  PID:2600
- C:\Windows\System\ZGaCgBO.exe
  C:\Windows\System\ZGaCgBO.exe
  2⤵
  PID:2132
- C:\Windows\System\XnbVYPc.exe
  C:\Windows\System\XnbVYPc.exe
  2⤵
  PID:1788
- C:\Windows\System\FWmaiEb.exe
  C:\Windows\System\FWmaiEb.exe
  2⤵
  PID:2216
- C:\Windows\System\lzzPLTo.exe
  C:\Windows\System\lzzPLTo.exe
  2⤵
  PID:1740
- C:\Windows\System\yDJBYAu.exe
  C:\Windows\System\yDJBYAu.exe
  2⤵
  PID:908
- C:\Windows\System\gRZtoEa.exe
  C:\Windows\System\gRZtoEa.exe
  2⤵
  PID:1700
- C:\Windows\System\SseCkTz.exe
  C:\Windows\System\SseCkTz.exe
  2⤵
  PID:1552
- C:\Windows\System\ilAmIZe.exe
  C:\Windows\System\ilAmIZe.exe
  2⤵
  PID:2232
- C:\Windows\System\quVSdnh.exe
  C:\Windows\System\quVSdnh.exe
  2⤵
  PID:2428
- C:\Windows\System\anbPciS.exe
  C:\Windows\System\anbPciS.exe
  2⤵
  PID:1704
- C:\Windows\System\xOgoVxb.exe
  C:\Windows\System\xOgoVxb.exe
  2⤵
  PID:2312
- C:\Windows\System\NXHeKll.exe
  C:\Windows\System\NXHeKll.exe
  2⤵
  PID:2452
- C:\Windows\System\TqrHqjr.exe
  C:\Windows\System\TqrHqjr.exe
  2⤵
  PID:3048
- C:\Windows\System\xbZZOSd.exe
  C:\Windows\System\xbZZOSd.exe
  2⤵
  PID:2596
- C:\Windows\System\MGwUwuu.exe
  C:\Windows\System\MGwUwuu.exe
  2⤵
  PID:872
- C:\Windows\System\irFYSNf.exe
  C:\Windows\System\irFYSNf.exe
  2⤵
  PID:1632
- C:\Windows\System\uVONBat.exe
  C:\Windows\System\uVONBat.exe
  2⤵
  PID:2708
- C:\Windows\System\XuMiDJh.exe
  C:\Windows\System\XuMiDJh.exe
  2⤵
  PID:1976
- C:\Windows\System\lJOBOQG.exe
  C:\Windows\System\lJOBOQG.exe
  2⤵
  PID:1140
- C:\Windows\System\tomPMTC.exe
  C:\Windows\System\tomPMTC.exe
  2⤵
  PID:1732
- C:\Windows\System\IxGyBBs.exe
  C:\Windows\System\IxGyBBs.exe
  2⤵
  PID:1436
- C:\Windows\System\gLMYarS.exe
  C:\Windows\System\gLMYarS.exe
  2⤵
  PID:3036
- C:\Windows\System\wqmBwrx.exe
  C:\Windows\System\wqmBwrx.exe
  2⤵
  PID:1784
- C:\Windows\System\dioFeJe.exe
  C:\Windows\System\dioFeJe.exe
  2⤵
  PID:3068
- C:\Windows\System\FXxoUyl.exe
  C:\Windows\System\FXxoUyl.exe
  2⤵
  PID:2320
- C:\Windows\System\ljwMLBs.exe
  C:\Windows\System\ljwMLBs.exe
  2⤵
  PID:3084
- C:\Windows\System\MMvqPWB.exe
  C:\Windows\System\MMvqPWB.exe
  2⤵
  PID:3100
- C:\Windows\System\csyBADt.exe
  C:\Windows\System\csyBADt.exe
  2⤵
  PID:3124
- C:\Windows\System\JlncvQg.exe
  C:\Windows\System\JlncvQg.exe
  2⤵
  PID:3144
- C:\Windows\System\glSnsOs.exe
  C:\Windows\System\glSnsOs.exe
  2⤵
  PID:3168
- C:\Windows\System\xMNTvVW.exe
  C:\Windows\System\xMNTvVW.exe
  2⤵
  PID:3188
- C:\Windows\System\URbQwae.exe
  C:\Windows\System\URbQwae.exe
  2⤵
  PID:3208
- C:\Windows\System\IFscpCu.exe
  C:\Windows\System\IFscpCu.exe
  2⤵
  PID:3228
- C:\Windows\System\XGNQdKp.exe
  C:\Windows\System\XGNQdKp.exe
  2⤵
  PID:3248
- C:\Windows\System\uowoZUV.exe
  C:\Windows\System\uowoZUV.exe
  2⤵
  PID:3268
- C:\Windows\System\auVHpeo.exe
  C:\Windows\System\auVHpeo.exe
  2⤵
  PID:3288
- C:\Windows\System\gdXIdHk.exe
  C:\Windows\System\gdXIdHk.exe
  2⤵
  PID:3312
- C:\Windows\System\ASLdlhU.exe
  C:\Windows\System\ASLdlhU.exe
  2⤵
  PID:3332
- C:\Windows\System\XKVHEKs.exe
  C:\Windows\System\XKVHEKs.exe
  2⤵
  PID:3352
- C:\Windows\System\YXOwvHJ.exe
  C:\Windows\System\YXOwvHJ.exe
  2⤵
  PID:3372
- C:\Windows\System\wYBDivs.exe
  C:\Windows\System\wYBDivs.exe
  2⤵
  PID:3388
- C:\Windows\System\yKMaRZI.exe
  C:\Windows\System\yKMaRZI.exe
  2⤵
  PID:3412
- C:\Windows\System\YUcUlqZ.exe
  C:\Windows\System\YUcUlqZ.exe
  2⤵
  PID:3428
- C:\Windows\System\pRLDdzM.exe
  C:\Windows\System\pRLDdzM.exe
  2⤵
  PID:3452
- C:\Windows\System\GScrHuk.exe
  C:\Windows\System\GScrHuk.exe
  2⤵
  PID:3468
- C:\Windows\System\NOAPwvh.exe
  C:\Windows\System\NOAPwvh.exe
  2⤵
  PID:3492
- C:\Windows\System\sGBmgyG.exe
  C:\Windows\System\sGBmgyG.exe
  2⤵
  PID:3508
- C:\Windows\System\WzWxCKK.exe
  C:\Windows\System\WzWxCKK.exe
  2⤵
  PID:3532
- C:\Windows\System\wShyFAd.exe
  C:\Windows\System\wShyFAd.exe
  2⤵
  PID:3548
- C:\Windows\System\UwiKSeW.exe
  C:\Windows\System\UwiKSeW.exe
  2⤵
  PID:3572
- C:\Windows\System\lFZEcpf.exe
  C:\Windows\System\lFZEcpf.exe
  2⤵
  PID:3592
- C:\Windows\System\XqEKaJY.exe
  C:\Windows\System\XqEKaJY.exe
  2⤵
  PID:3612
- C:\Windows\System\CYGSbhn.exe
  C:\Windows\System\CYGSbhn.exe
  2⤵
  PID:3632
- C:\Windows\System\mLqWdKy.exe
  C:\Windows\System\mLqWdKy.exe
  2⤵
  PID:3652
- C:\Windows\System\ynSzqwZ.exe
  C:\Windows\System\ynSzqwZ.exe
  2⤵
  PID:3672
- C:\Windows\System\qRvMgPT.exe
  C:\Windows\System\qRvMgPT.exe
  2⤵
  PID:3692
- C:\Windows\System\cYEeKMy.exe
  C:\Windows\System\cYEeKMy.exe
  2⤵
  PID:3712
- C:\Windows\System\sNLLTyO.exe
  C:\Windows\System\sNLLTyO.exe
  2⤵
  PID:3732
- C:\Windows\System\QkVLDUf.exe
  C:\Windows\System\QkVLDUf.exe
  2⤵
  PID:3752
- C:\Windows\System\RPbsMOQ.exe
  C:\Windows\System\RPbsMOQ.exe
  2⤵
  PID:3772
- C:\Windows\System\tufUNTV.exe
  C:\Windows\System\tufUNTV.exe
  2⤵
  PID:3792
- C:\Windows\System\pcHwotW.exe
  C:\Windows\System\pcHwotW.exe
  2⤵
  PID:3812
- C:\Windows\System\hhTAoFg.exe
  C:\Windows\System\hhTAoFg.exe
  2⤵
  PID:3832
- C:\Windows\System\teKNRZm.exe
  C:\Windows\System\teKNRZm.exe
  2⤵
  PID:3852
- C:\Windows\System\hOOCozm.exe
  C:\Windows\System\hOOCozm.exe
  2⤵
  PID:3868
- C:\Windows\System\dDMkJxh.exe
  C:\Windows\System\dDMkJxh.exe
  2⤵
  PID:3888
- C:\Windows\System\saEPyFt.exe
  C:\Windows\System\saEPyFt.exe
  2⤵
  PID:3908
- C:\Windows\System\KkIQYjx.exe
  C:\Windows\System\KkIQYjx.exe
  2⤵
  PID:3928
- C:\Windows\System\wwamZCA.exe
  C:\Windows\System\wwamZCA.exe
  2⤵
  PID:3952
- C:\Windows\System\LfAzcKx.exe
  C:\Windows\System\LfAzcKx.exe
  2⤵
  PID:3972
- C:\Windows\System\eOtQztm.exe
  C:\Windows\System\eOtQztm.exe
  2⤵
  PID:3992
- C:\Windows\System\AoyARXJ.exe
  C:\Windows\System\AoyARXJ.exe
  2⤵
  PID:4012
- C:\Windows\System\xNVxJEQ.exe
  C:\Windows\System\xNVxJEQ.exe
  2⤵
  PID:4028
- C:\Windows\System\nKUpgPG.exe
  C:\Windows\System\nKUpgPG.exe
  2⤵
  PID:4052
- C:\Windows\System\AlnNRQX.exe
  C:\Windows\System\AlnNRQX.exe
  2⤵
  PID:4068
- C:\Windows\System\bqKloDO.exe
  C:\Windows\System\bqKloDO.exe
  2⤵
  PID:4088
- C:\Windows\System\ctUTUSn.exe
  C:\Windows\System\ctUTUSn.exe
  2⤵
  PID:2556
- C:\Windows\System\SgqfARf.exe
  C:\Windows\System\SgqfARf.exe
  2⤵
  PID:2036
- C:\Windows\System\lTygtSq.exe
  C:\Windows\System\lTygtSq.exe
  2⤵
  PID:2720
- C:\Windows\System\VHYgRLs.exe
  C:\Windows\System\VHYgRLs.exe
  2⤵
  PID:2960
- C:\Windows\System\MDKmsVz.exe
  C:\Windows\System\MDKmsVz.exe
  2⤵
  PID:2112
- C:\Windows\System\tTIMCOL.exe
  C:\Windows\System\tTIMCOL.exe
  2⤵
  PID:2792
- C:\Windows\System\QLArCSw.exe
  C:\Windows\System\QLArCSw.exe
  2⤵
  PID:3076
- C:\Windows\System\FoJYdFS.exe
  C:\Windows\System\FoJYdFS.exe
  2⤵
  PID:3096
- C:\Windows\System\kDWDZuy.exe
  C:\Windows\System\kDWDZuy.exe
  2⤵
  PID:3160
- C:\Windows\System\xJssIra.exe
  C:\Windows\System\xJssIra.exe
  2⤵
  PID:3200
- C:\Windows\System\kVSXopU.exe
  C:\Windows\System\kVSXopU.exe
  2⤵
  PID:3184
- C:\Windows\System\uuceepP.exe
  C:\Windows\System\uuceepP.exe
  2⤵
  PID:3240
- C:\Windows\System\zdvpjlH.exe
  C:\Windows\System\zdvpjlH.exe
  2⤵
  PID:3260
- C:\Windows\System\SnUBTBk.exe
  C:\Windows\System\SnUBTBk.exe
  2⤵
  PID:3296
- C:\Windows\System\ugEXnuI.exe
  C:\Windows\System\ugEXnuI.exe
  2⤵
  PID:3368
- C:\Windows\System\KkgbGFj.exe
  C:\Windows\System\KkgbGFj.exe
  2⤵
  PID:3404
- C:\Windows\System\HnrZxko.exe
  C:\Windows\System\HnrZxko.exe
  2⤵
  PID:3436
- C:\Windows\System\eUTKnSv.exe
  C:\Windows\System\eUTKnSv.exe
  2⤵
  PID:3440
- C:\Windows\System\VdTisQK.exe
  C:\Windows\System\VdTisQK.exe
  2⤵
  PID:3488
- C:\Windows\System\TbJUaYq.exe
  C:\Windows\System\TbJUaYq.exe
  2⤵
  PID:3528
- C:\Windows\System\ufAbtLc.exe
  C:\Windows\System\ufAbtLc.exe
  2⤵
  PID:3560
- C:\Windows\System\laMQbJS.exe
  C:\Windows\System\laMQbJS.exe
  2⤵
  PID:3608
- C:\Windows\System\XnslEZR.exe
  C:\Windows\System\XnslEZR.exe
  2⤵
  PID:3640
- C:\Windows\System\bntxXQF.exe
  C:\Windows\System\bntxXQF.exe
  2⤵
  PID:3624
- C:\Windows\System\mnXKfTe.exe
  C:\Windows\System\mnXKfTe.exe
  2⤵
  PID:3720
- C:\Windows\System\kNiVqxn.exe
  C:\Windows\System\kNiVqxn.exe
  2⤵
  PID:3700
- C:\Windows\System\KESSoOS.exe
  C:\Windows\System\KESSoOS.exe
  2⤵
  PID:3760
- C:\Windows\System\dByeEZO.exe
  C:\Windows\System\dByeEZO.exe
  2⤵
  PID:3808
- C:\Windows\System\zIfIuFm.exe
  C:\Windows\System\zIfIuFm.exe
  2⤵
  PID:3848
- C:\Windows\System\goRnQha.exe
  C:\Windows\System\goRnQha.exe
  2⤵
  PID:3828
- C:\Windows\System\EkdLPjW.exe
  C:\Windows\System\EkdLPjW.exe
  2⤵
  PID:3880
- C:\Windows\System\MznVCaL.exe
  C:\Windows\System\MznVCaL.exe
  2⤵
  PID:3864
- C:\Windows\System\ahTzFuS.exe
  C:\Windows\System\ahTzFuS.exe
  2⤵
  PID:3936
- C:\Windows\System\JGyViGK.exe
  C:\Windows\System\JGyViGK.exe
  2⤵
  PID:4000
- C:\Windows\System\nJMZkSE.exe
  C:\Windows\System\nJMZkSE.exe
  2⤵
  PID:3980
- C:\Windows\System\qUszqvQ.exe
  C:\Windows\System\qUszqvQ.exe
  2⤵
  PID:4048
- C:\Windows\System\cuKaHqI.exe
  C:\Windows\System\cuKaHqI.exe
  2⤵
  PID:4080
- C:\Windows\System\CxZexdf.exe
  C:\Windows\System\CxZexdf.exe
  2⤵
  PID:776
- C:\Windows\System\fXhuUIw.exe
  C:\Windows\System\fXhuUIw.exe
  2⤵
  PID:3044
- C:\Windows\System\zuihwgo.exe
  C:\Windows\System\zuihwgo.exe
  2⤵
  PID:2620
- C:\Windows\System\HoJUplU.exe
  C:\Windows\System\HoJUplU.exe
  2⤵
  PID:2080
- C:\Windows\System\YnhoMgO.exe
  C:\Windows\System\YnhoMgO.exe
  2⤵
  PID:3028
- C:\Windows\System\OjYFjwD.exe
  C:\Windows\System\OjYFjwD.exe
  2⤵
  PID:2832
- C:\Windows\System\xIEpcYS.exe
  C:\Windows\System\xIEpcYS.exe
  2⤵
  PID:3132
- C:\Windows\System\NvBTlwL.exe
  C:\Windows\System\NvBTlwL.exe
  2⤵
  PID:3224
- C:\Windows\System\OrjjOBo.exe
  C:\Windows\System\OrjjOBo.exe
  2⤵
  PID:3256
- C:\Windows\System\vRxmheT.exe
  C:\Windows\System\vRxmheT.exe
  2⤵
  PID:3348
- C:\Windows\System\AmxFyvX.exe
  C:\Windows\System\AmxFyvX.exe
  2⤵
  PID:3400
- C:\Windows\System\GXVhYIc.exe
  C:\Windows\System\GXVhYIc.exe
  2⤵
  PID:3380
- C:\Windows\System\WDhPGGX.exe
  C:\Windows\System\WDhPGGX.exe
  2⤵
  PID:3540
- C:\Windows\System\IgtScQy.exe
  C:\Windows\System\IgtScQy.exe
  2⤵
  PID:3504
- C:\Windows\System\AeTnxdn.exe
  C:\Windows\System\AeTnxdn.exe
  2⤵
  PID:3620
- C:\Windows\System\NyicDkJ.exe
  C:\Windows\System\NyicDkJ.exe
  2⤵
  PID:3668
- C:\Windows\System\uDBFweJ.exe
  C:\Windows\System\uDBFweJ.exe
  2⤵
  PID:3688
- C:\Windows\System\wptEpIP.exe
  C:\Windows\System\wptEpIP.exe
  2⤵
  PID:3824
- C:\Windows\System\vhLaoKi.exe
  C:\Windows\System\vhLaoKi.exe
  2⤵
  PID:3860
- C:\Windows\System\CvKGNkj.exe
  C:\Windows\System\CvKGNkj.exe
  2⤵
  PID:3948
- C:\Windows\System\UZSCDMI.exe
  C:\Windows\System\UZSCDMI.exe
  2⤵
  PID:3960
- C:\Windows\System\wBVwYjD.exe
  C:\Windows\System\wBVwYjD.exe
  2⤵
  PID:2808
- C:\Windows\System\PKvqFBw.exe
  C:\Windows\System\PKvqFBw.exe
  2⤵
  PID:2100
- C:\Windows\System\PZyXSQK.exe
  C:\Windows\System\PZyXSQK.exe
  2⤵
  PID:3120
- C:\Windows\System\DjSVNjd.exe
  C:\Windows\System\DjSVNjd.exe
  2⤵
  PID:852
- C:\Windows\System\QeoRRkQ.exe
  C:\Windows\System\QeoRRkQ.exe
  2⤵
  PID:3152
- C:\Windows\System\IXSSHqL.exe
  C:\Windows\System\IXSSHqL.exe
  2⤵
  PID:3180
- C:\Windows\System\vzoTJas.exe
  C:\Windows\System\vzoTJas.exe
  2⤵
  PID:3216
- C:\Windows\System\hfKkuxa.exe
  C:\Windows\System\hfKkuxa.exe
  2⤵
  PID:3340
- C:\Windows\System\KRpSkWl.exe
  C:\Windows\System\KRpSkWl.exe
  2⤵
  PID:3396
- C:\Windows\System\eOSEyya.exe
  C:\Windows\System\eOSEyya.exe
  2⤵
  PID:3424
- C:\Windows\System\yhgZJeU.exe
  C:\Windows\System\yhgZJeU.exe
  2⤵
  PID:3460
- C:\Windows\System\fNmxxnz.exe
  C:\Windows\System\fNmxxnz.exe
  2⤵
  PID:3660
- C:\Windows\System\ltAVqqD.exe
  C:\Windows\System\ltAVqqD.exe
  2⤵
  PID:3584
- C:\Windows\System\lZBIcqt.exe
  C:\Windows\System\lZBIcqt.exe
  2⤵
  PID:3904
- C:\Windows\System\OIwziJT.exe
  C:\Windows\System\OIwziJT.exe
  2⤵
  PID:3876
- C:\Windows\System\XXaxVrC.exe
  C:\Windows\System\XXaxVrC.exe
  2⤵
  PID:4064
- C:\Windows\System\XiGXiem.exe
  C:\Windows\System\XiGXiem.exe
  2⤵
  PID:2416
- C:\Windows\System\INfvdHl.exe
  C:\Windows\System\INfvdHl.exe
  2⤵
  PID:3020
- C:\Windows\System\MReoYOj.exe
  C:\Windows\System\MReoYOj.exe
  2⤵
  PID:3300
- C:\Windows\System\yXYnRsi.exe
  C:\Windows\System\yXYnRsi.exe
  2⤵
  PID:3556
- C:\Windows\System\iUYvWOg.exe
  C:\Windows\System\iUYvWOg.exe
  2⤵
  PID:572
- C:\Windows\System\DZnqiBX.exe
  C:\Windows\System\DZnqiBX.exe
  2⤵
  PID:3800
- C:\Windows\System\CELObWp.exe
  C:\Windows\System\CELObWp.exe
  2⤵
  PID:4120
- C:\Windows\System\pTWchvm.exe
  C:\Windows\System\pTWchvm.exe
  2⤵
  PID:4140
- C:\Windows\System\GnZXjGQ.exe
  C:\Windows\System\GnZXjGQ.exe
  2⤵
  PID:4156
- C:\Windows\System\qrFsgbc.exe
  C:\Windows\System\qrFsgbc.exe
  2⤵
  PID:4176
- C:\Windows\System\wSMlSIg.exe
  C:\Windows\System\wSMlSIg.exe
  2⤵
  PID:4196
- C:\Windows\System\CzLXCXS.exe
  C:\Windows\System\CzLXCXS.exe
  2⤵
  PID:4220
- C:\Windows\System\SKedLcy.exe
  C:\Windows\System\SKedLcy.exe
  2⤵
  PID:4240
- C:\Windows\System\cthIDxE.exe
  C:\Windows\System\cthIDxE.exe
  2⤵
  PID:4260
- C:\Windows\System\RUSdKgx.exe
  C:\Windows\System\RUSdKgx.exe
  2⤵
  PID:4280
- C:\Windows\System\edcpfqH.exe
  C:\Windows\System\edcpfqH.exe
  2⤵
  PID:4300
- C:\Windows\System\xkAXqFa.exe
  C:\Windows\System\xkAXqFa.exe
  2⤵
  PID:4320
- C:\Windows\System\vXUERsc.exe
  C:\Windows\System\vXUERsc.exe
  2⤵
  PID:4340
- C:\Windows\System\FFWiIXL.exe
  C:\Windows\System\FFWiIXL.exe
  2⤵
  PID:4360
- C:\Windows\System\qjeXQdl.exe
  C:\Windows\System\qjeXQdl.exe
  2⤵
  PID:4380
- C:\Windows\System\JrmVwmv.exe
  C:\Windows\System\JrmVwmv.exe
  2⤵
  PID:4400
- C:\Windows\System\LTbJYLJ.exe
  C:\Windows\System\LTbJYLJ.exe
  2⤵
  PID:4420
- C:\Windows\System\IaYnJLh.exe
  C:\Windows\System\IaYnJLh.exe
  2⤵
  PID:4440
- C:\Windows\System\DdHOzKr.exe
  C:\Windows\System\DdHOzKr.exe
  2⤵
  PID:4460
- C:\Windows\System\NejrdZY.exe
  C:\Windows\System\NejrdZY.exe
  2⤵
  PID:4484
- C:\Windows\System\PtFJaMD.exe
  C:\Windows\System\PtFJaMD.exe
  2⤵
  PID:4504
- C:\Windows\System\XHYMisa.exe
  C:\Windows\System\XHYMisa.exe
  2⤵
  PID:4524
- C:\Windows\System\UclzicP.exe
  C:\Windows\System\UclzicP.exe
  2⤵
  PID:4544
- C:\Windows\System\CRaskAF.exe
  C:\Windows\System\CRaskAF.exe
  2⤵
  PID:4564
- C:\Windows\System\XfwOTHy.exe
  C:\Windows\System\XfwOTHy.exe
  2⤵
  PID:4584
- C:\Windows\System\iHrLTCK.exe
  C:\Windows\System\iHrLTCK.exe
  2⤵
  PID:4600
- C:\Windows\System\rmfDnov.exe
  C:\Windows\System\rmfDnov.exe
  2⤵
  PID:4624
- C:\Windows\System\dwWiOGB.exe
  C:\Windows\System\dwWiOGB.exe
  2⤵
  PID:4644
- C:\Windows\System\mLIOrGW.exe
  C:\Windows\System\mLIOrGW.exe
  2⤵
  PID:4664
- C:\Windows\System\PzeQLjz.exe
  C:\Windows\System\PzeQLjz.exe
  2⤵
  PID:4684
- C:\Windows\System\cXMFfYn.exe
  C:\Windows\System\cXMFfYn.exe
  2⤵
  PID:4704
- C:\Windows\System\wSYIjdP.exe
  C:\Windows\System\wSYIjdP.exe
  2⤵
  PID:4720
- C:\Windows\System\TxFfMnE.exe
  C:\Windows\System\TxFfMnE.exe
  2⤵
  PID:4744
- C:\Windows\System\okqqVyf.exe
  C:\Windows\System\okqqVyf.exe
  2⤵
  PID:4764
- C:\Windows\System\ElKeFoU.exe
  C:\Windows\System\ElKeFoU.exe
  2⤵
  PID:4784
- C:\Windows\System\ypkFyma.exe
  C:\Windows\System\ypkFyma.exe
  2⤵
  PID:4804
- C:\Windows\System\dsiaoXk.exe
  C:\Windows\System\dsiaoXk.exe
  2⤵
  PID:4824
- C:\Windows\System\wMvJCAj.exe
  C:\Windows\System\wMvJCAj.exe
  2⤵
  PID:4844
- C:\Windows\System\DhjREWI.exe
  C:\Windows\System\DhjREWI.exe
  2⤵
  PID:4864
- C:\Windows\System\SPYdjPa.exe
  C:\Windows\System\SPYdjPa.exe
  2⤵
  PID:4880
- C:\Windows\System\kEFPwph.exe
  C:\Windows\System\kEFPwph.exe
  2⤵
  PID:4904
- C:\Windows\System\XpYCRrK.exe
  C:\Windows\System\XpYCRrK.exe
  2⤵
  PID:4920
- C:\Windows\System\PJLASUo.exe
  C:\Windows\System\PJLASUo.exe
  2⤵
  PID:4940
- C:\Windows\System\PitfOXL.exe
  C:\Windows\System\PitfOXL.exe
  2⤵
  PID:4964
- C:\Windows\System\sDOQGVQ.exe
  C:\Windows\System\sDOQGVQ.exe
  2⤵
  PID:4984
- C:\Windows\System\ZuTupbq.exe
  C:\Windows\System\ZuTupbq.exe
  2⤵
  PID:5000
- C:\Windows\System\qEkscqa.exe
  C:\Windows\System\qEkscqa.exe
  2⤵
  PID:5024
- C:\Windows\System\zzjCtyx.exe
  C:\Windows\System\zzjCtyx.exe
  2⤵
  PID:5044
- C:\Windows\System\RlShJDe.exe
  C:\Windows\System\RlShJDe.exe
  2⤵
  PID:5064
- C:\Windows\System\AciDqAi.exe
  C:\Windows\System\AciDqAi.exe
  2⤵
  PID:5084
- C:\Windows\System\GyoajWO.exe
  C:\Windows\System\GyoajWO.exe
  2⤵
  PID:5104
- C:\Windows\System\yEBPcQX.exe
  C:\Windows\System\yEBPcQX.exe
  2⤵
  PID:3784
- C:\Windows\System\UMqhkGZ.exe
  C:\Windows\System\UMqhkGZ.exe
  2⤵
  PID:3740
- C:\Windows\System\PxCqDzf.exe
  C:\Windows\System\PxCqDzf.exe
  2⤵
  PID:4084
- C:\Windows\System\lrrcbrj.exe
  C:\Windows\System\lrrcbrj.exe
  2⤵
  PID:3112
- C:\Windows\System\DeLHNzq.exe
  C:\Windows\System\DeLHNzq.exe
  2⤵
  PID:3108
- C:\Windows\System\lvSnADT.exe
  C:\Windows\System\lvSnADT.exe
  2⤵
  PID:2528
- C:\Windows\System\SQpAqlK.exe
  C:\Windows\System\SQpAqlK.exe
  2⤵
  PID:3664
- C:\Windows\System\vnwJqFX.exe
  C:\Windows\System\vnwJqFX.exe
  2⤵
  PID:4108
- C:\Windows\System\HDWUuSf.exe
  C:\Windows\System\HDWUuSf.exe
  2⤵
  PID:4164
- C:\Windows\System\bSAkNeH.exe
  C:\Windows\System\bSAkNeH.exe
  2⤵
  PID:4208
- C:\Windows\System\tBZhajS.exe
  C:\Windows\System\tBZhajS.exe
  2⤵
  PID:4184
- C:\Windows\System\ZVJwURr.exe
  C:\Windows\System\ZVJwURr.exe
  2⤵
  PID:4248
- C:\Windows\System\ACCsCop.exe
  C:\Windows\System\ACCsCop.exe
  2⤵
  PID:4288
- C:\Windows\System\AHjoUdi.exe
  C:\Windows\System\AHjoUdi.exe
  2⤵
  PID:4308
- C:\Windows\System\PrpUpor.exe
  C:\Windows\System\PrpUpor.exe
  2⤵
  PID:4316
- C:\Windows\System\mQwnAhy.exe
  C:\Windows\System\mQwnAhy.exe
  2⤵
  PID:4368
- C:\Windows\System\CLkOYgK.exe
  C:\Windows\System\CLkOYgK.exe
  2⤵
  PID:4396
- C:\Windows\System\EvMUFPe.exe
  C:\Windows\System\EvMUFPe.exe
  2⤵
  PID:4456
- C:\Windows\System\hGOBkzT.exe
  C:\Windows\System\hGOBkzT.exe
  2⤵
  PID:4432
- C:\Windows\System\Kdjnfpo.exe
  C:\Windows\System\Kdjnfpo.exe
  2⤵
  PID:4496
- C:\Windows\System\fXDypof.exe
  C:\Windows\System\fXDypof.exe
  2⤵
  PID:4512
- C:\Windows\System\ZgKuYFv.exe
  C:\Windows\System\ZgKuYFv.exe
  2⤵
  PID:4616
- C:\Windows\System\uMQnHKN.exe
  C:\Windows\System\uMQnHKN.exe
  2⤵
  PID:4612
- C:\Windows\System\SPgOUAf.exe
  C:\Windows\System\SPgOUAf.exe
  2⤵
  PID:4652
- C:\Windows\System\PtLjBHW.exe
  C:\Windows\System\PtLjBHW.exe
  2⤵
  PID:4636
- C:\Windows\System\jPtKZYK.exe
  C:\Windows\System\jPtKZYK.exe
  2⤵
  PID:4700
- C:\Windows\System\fTaLcDf.exe
  C:\Windows\System\fTaLcDf.exe
  2⤵
  PID:4732
- C:\Windows\System\kfZkGLw.exe
  C:\Windows\System\kfZkGLw.exe
  2⤵
  PID:4780
- C:\Windows\System\wtxImaQ.exe
  C:\Windows\System\wtxImaQ.exe
  2⤵
  PID:4756
- C:\Windows\System\mXczgoR.exe
  C:\Windows\System\mXczgoR.exe
  2⤵
  PID:4852
- C:\Windows\System\EPUbWBt.exe
  C:\Windows\System\EPUbWBt.exe
  2⤵
  PID:4892
- C:\Windows\System\qrSoMER.exe
  C:\Windows\System\qrSoMER.exe
  2⤵
  PID:4872
- C:\Windows\System\bgTSAnP.exe
  C:\Windows\System\bgTSAnP.exe
  2⤵
  PID:4912
- C:\Windows\System\aYAfRTS.exe
  C:\Windows\System\aYAfRTS.exe
  2⤵
  PID:4980
- C:\Windows\System\iieUnsj.exe
  C:\Windows\System\iieUnsj.exe
  2⤵
  PID:4960
- C:\Windows\System\qHhwoVS.exe
  C:\Windows\System\qHhwoVS.exe
  2⤵
  PID:4996
- C:\Windows\System\jVnWbOK.exe
  C:\Windows\System\jVnWbOK.exe
  2⤵
  PID:5032
- C:\Windows\System\OiHJERD.exe
  C:\Windows\System\OiHJERD.exe
  2⤵
  PID:5100
- C:\Windows\System\PgHFdwN.exe
  C:\Windows\System\PgHFdwN.exe
  2⤵
  PID:3704
- C:\Windows\System\kHgpyIA.exe
  C:\Windows\System\kHgpyIA.exe
  2⤵
  PID:3924
- C:\Windows\System\EvxNnwJ.exe
  C:\Windows\System\EvxNnwJ.exe
  2⤵
  PID:2316
- C:\Windows\System\AAmTeaz.exe
  C:\Windows\System\AAmTeaz.exe
  2⤵
  PID:1840
- C:\Windows\System\nIsGaml.exe
  C:\Windows\System\nIsGaml.exe
  2⤵
  PID:1668
- C:\Windows\System\ZLBlhxV.exe
  C:\Windows\System\ZLBlhxV.exe
  2⤵
  PID:3968
- C:\Windows\System\nemTsuI.exe
  C:\Windows\System\nemTsuI.exe
  2⤵
  PID:4204
- C:\Windows\System\iixUhrQ.exe
  C:\Windows\System\iixUhrQ.exe
  2⤵
  PID:3768
- C:\Windows\System\kbtrTNX.exe
  C:\Windows\System\kbtrTNX.exe
  2⤵
  PID:4192
- C:\Windows\System\MShJiCq.exe
  C:\Windows\System\MShJiCq.exe
  2⤵
  PID:4292
- C:\Windows\System\QPrHBPg.exe
  C:\Windows\System\QPrHBPg.exe
  2⤵
  PID:4352
- C:\Windows\System\DxYkAxP.exe
  C:\Windows\System\DxYkAxP.exe
  2⤵
  PID:4268
- C:\Windows\System\LeBoUrc.exe
  C:\Windows\System\LeBoUrc.exe
  2⤵
  PID:4448
- C:\Windows\System\AwBOSZR.exe
  C:\Windows\System\AwBOSZR.exe
  2⤵
  PID:4372
- C:\Windows\System\VMyqywO.exe
  C:\Windows\System\VMyqywO.exe
  2⤵
  PID:4476
- C:\Windows\System\cLgyiyW.exe
  C:\Windows\System\cLgyiyW.exe
  2⤵
  PID:4520
- C:\Windows\System\FnlXtkm.exe
  C:\Windows\System\FnlXtkm.exe
  2⤵
  PID:4540
- C:\Windows\System\rheTBYs.exe
  C:\Windows\System\rheTBYs.exe
  2⤵
  PID:1944
- C:\Windows\System\RXuLyPK.exe
  C:\Windows\System\RXuLyPK.exe
  2⤵
  PID:4680
- C:\Windows\System\XLMCGFR.exe
  C:\Windows\System\XLMCGFR.exe
  2⤵
  PID:4712
- C:\Windows\System\jVtIJxJ.exe
  C:\Windows\System\jVtIJxJ.exe
  2⤵
  PID:4736
- C:\Windows\System\yTKQpAm.exe
  C:\Windows\System\yTKQpAm.exe
  2⤵
  PID:4800
- C:\Windows\System\aHuvsQn.exe
  C:\Windows\System\aHuvsQn.exe
  2⤵
  PID:4840
- C:\Windows\System\lMYbLzE.exe
  C:\Windows\System\lMYbLzE.exe
  2⤵
  PID:4856
- C:\Windows\System\PYnIqiU.exe
  C:\Windows\System\PYnIqiU.exe
  2⤵
  PID:4992
- C:\Windows\System\IAVIwcW.exe
  C:\Windows\System\IAVIwcW.exe
  2⤵
  PID:5036
- C:\Windows\System\ldtZyWH.exe
  C:\Windows\System\ldtZyWH.exe
  2⤵
  PID:5080
- C:\Windows\System\TNIRtDh.exe
  C:\Windows\System\TNIRtDh.exe
  2⤵
  PID:3628
- C:\Windows\System\AKVVPTV.exe
  C:\Windows\System\AKVVPTV.exe
  2⤵
  PID:3320
- C:\Windows\System\XviJGal.exe
  C:\Windows\System\XviJGal.exe
  2⤵
  PID:844
- C:\Windows\System\nepVlVC.exe
  C:\Windows\System\nepVlVC.exe
  2⤵
  PID:4076
- C:\Windows\System\oWErVaT.exe
  C:\Windows\System\oWErVaT.exe
  2⤵
  PID:4104
- C:\Windows\System\rPBoldt.exe
  C:\Windows\System\rPBoldt.exe
  2⤵
  PID:4132
- C:\Windows\System\NPomzMB.exe
  C:\Windows\System\NPomzMB.exe
  2⤵
  PID:896
- C:\Windows\System\CuXQQlu.exe
  C:\Windows\System\CuXQQlu.exe
  2⤵
  PID:2432
- C:\Windows\System\JPLlgqm.exe
  C:\Windows\System\JPLlgqm.exe
  2⤵
  PID:1808
- C:\Windows\System\eHOBGbT.exe
  C:\Windows\System\eHOBGbT.exe
  2⤵
  PID:4416
- C:\Windows\System\AcHcWaL.exe
  C:\Windows\System\AcHcWaL.exe
  2⤵
  PID:4428
- C:\Windows\System\DXDFpnO.exe
  C:\Windows\System\DXDFpnO.exe
  2⤵
  PID:4500
- C:\Windows\System\omvAPkL.exe
  C:\Windows\System\omvAPkL.exe
  2⤵
  PID:2264
- C:\Windows\System\mmSBSwR.exe
  C:\Windows\System\mmSBSwR.exe
  2⤵
  PID:4760
- C:\Windows\System\JtNqdgS.exe
  C:\Windows\System\JtNqdgS.exe
  2⤵
  PID:4916
- C:\Windows\System\xbEvikp.exe
  C:\Windows\System\xbEvikp.exe
  2⤵
  PID:4832
- C:\Windows\System\vulFzZQ.exe
  C:\Windows\System\vulFzZQ.exe
  2⤵
  PID:5016
- C:\Windows\System\yzcSliJ.exe
  C:\Windows\System\yzcSliJ.exe
  2⤵
  PID:3744
- C:\Windows\System\rMkCSpI.exe
  C:\Windows\System\rMkCSpI.exe
  2⤵
  PID:3644
- C:\Windows\System\pACMESx.exe
  C:\Windows\System\pACMESx.exe
  2⤵
  PID:2608
- C:\Windows\System\pFIanUk.exe
  C:\Windows\System\pFIanUk.exe
  2⤵
  PID:4152
- C:\Windows\System\hHISxNh.exe
  C:\Windows\System\hHISxNh.exe
  2⤵
  PID:2716
- C:\Windows\System\XgqDFIf.exe
  C:\Windows\System\XgqDFIf.exe
  2⤵
  PID:3080
- C:\Windows\System\NXuYhAk.exe
  C:\Windows\System\NXuYhAk.exe
  2⤵
  PID:2824
- C:\Windows\System\xHUkcdJ.exe
  C:\Windows\System\xHUkcdJ.exe
  2⤵
  PID:4576
- C:\Windows\System\omOSJXJ.exe
  C:\Windows\System\omOSJXJ.exe
  2⤵
  PID:4592
- C:\Windows\System\xkUkKVV.exe
  C:\Windows\System\xkUkKVV.exe
  2⤵
  PID:1992
- C:\Windows\System\VzSrmzf.exe
  C:\Windows\System\VzSrmzf.exe
  2⤵
  PID:1848
- C:\Windows\System\IFhwaAE.exe
  C:\Windows\System\IFhwaAE.exe
  2⤵
  PID:4728
- C:\Windows\System\BLiAuUi.exe
  C:\Windows\System\BLiAuUi.exe
  2⤵
  PID:4936
- C:\Windows\System\zlhKhSQ.exe
  C:\Windows\System\zlhKhSQ.exe
  2⤵
  PID:4008
- C:\Windows\System\xHYQRVs.exe
  C:\Windows\System\xHYQRVs.exe
  2⤵
  PID:3604
- C:\Windows\System\DXauAme.exe
  C:\Windows\System\DXauAme.exe
  2⤵
  PID:5072
- C:\Windows\System\ttpHKTq.exe
  C:\Windows\System\ttpHKTq.exe
  2⤵
  PID:4408
- C:\Windows\System\DsqSpFr.exe
  C:\Windows\System\DsqSpFr.exe
  2⤵
  PID:4212
- C:\Windows\System\WYKwWgc.exe
  C:\Windows\System\WYKwWgc.exe
  2⤵
  PID:2724
- C:\Windows\System\pmjTbib.exe
  C:\Windows\System\pmjTbib.exe
  2⤵
  PID:2124
- C:\Windows\System\ZVKAuEs.exe
  C:\Windows\System\ZVKAuEs.exe
  2⤵
  PID:3840
- C:\Windows\System\yJPkwSu.exe
  C:\Windows\System\yJPkwSu.exe
  2⤵
  PID:4640
- C:\Windows\System\vGRWplj.exe
  C:\Windows\System\vGRWplj.exe
  2⤵
  PID:2084
- C:\Windows\System\UIHgBKg.exe
  C:\Windows\System\UIHgBKg.exe
  2⤵
  PID:576
- C:\Windows\System\ELiyyfG.exe
  C:\Windows\System\ELiyyfG.exe
  2⤵
  PID:1608
- C:\Windows\System\yIPXxiW.exe
  C:\Windows\System\yIPXxiW.exe
  2⤵
  PID:3220
- C:\Windows\System\LpWacHN.exe
  C:\Windows\System\LpWacHN.exe
  2⤵
  PID:1392
- C:\Windows\System\oAxjniv.exe
  C:\Windows\System\oAxjniv.exe
  2⤵
  PID:4332
- C:\Windows\System\SVjFgNA.exe
  C:\Windows\System\SVjFgNA.exe
  2⤵
  PID:2056
- C:\Windows\System\NiLosKV.exe
  C:\Windows\System\NiLosKV.exe
  2⤵
  PID:2140
- C:\Windows\System\FzfcbnR.exe
  C:\Windows\System\FzfcbnR.exe
  2⤵
  PID:4468
- C:\Windows\System\LKlvCBu.exe
  C:\Windows\System\LKlvCBu.exe
  2⤵
  PID:4348
- C:\Windows\System\NiDcLFG.exe
  C:\Windows\System\NiDcLFG.exe
  2⤵
  PID:5020
- C:\Windows\System\ILcyhnF.exe
  C:\Windows\System\ILcyhnF.exe
  2⤵
  PID:5124
- C:\Windows\System\mQLDwyC.exe
  C:\Windows\System\mQLDwyC.exe
  2⤵
  PID:5144
- C:\Windows\System\UAkOWPO.exe
  C:\Windows\System\UAkOWPO.exe
  2⤵
  PID:5160
- C:\Windows\System\oflMECO.exe
  C:\Windows\System\oflMECO.exe
  2⤵
  PID:5176
- C:\Windows\System\BsIBnmt.exe
  C:\Windows\System\BsIBnmt.exe
  2⤵
  PID:5192
- C:\Windows\System\ayEaXmz.exe
  C:\Windows\System\ayEaXmz.exe
  2⤵
  PID:5208
- C:\Windows\System\seJkhPa.exe
  C:\Windows\System\seJkhPa.exe
  2⤵
  PID:5264
- C:\Windows\System\QVowvGi.exe
  C:\Windows\System\QVowvGi.exe
  2⤵
  PID:5284
- C:\Windows\System\FntPQKx.exe
  C:\Windows\System\FntPQKx.exe
  2⤵
  PID:5304
- C:\Windows\System\gZWYyQC.exe
  C:\Windows\System\gZWYyQC.exe
  2⤵
  PID:5324
- C:\Windows\System\WNlaouw.exe
  C:\Windows\System\WNlaouw.exe
  2⤵
  PID:5340
- C:\Windows\System\rvHYaGO.exe
  C:\Windows\System\rvHYaGO.exe
  2⤵
  PID:5356
- C:\Windows\System\wxxqcfb.exe
  C:\Windows\System\wxxqcfb.exe
  2⤵
  PID:5380
- C:\Windows\System\limSBzW.exe
  C:\Windows\System\limSBzW.exe
  2⤵
  PID:5400
- C:\Windows\System\diOiapZ.exe
  C:\Windows\System\diOiapZ.exe
  2⤵
  PID:5416
- C:\Windows\System\IYUawmK.exe
  C:\Windows\System\IYUawmK.exe
  2⤵
  PID:5432
- C:\Windows\System\cdxVroR.exe
  C:\Windows\System\cdxVroR.exe
  2⤵
  PID:5448
- C:\Windows\System\ltOPfMq.exe
  C:\Windows\System\ltOPfMq.exe
  2⤵
  PID:5464
- C:\Windows\System\beCZFdW.exe
  C:\Windows\System\beCZFdW.exe
  2⤵
  PID:5480
- C:\Windows\System\CGvRMLA.exe
  C:\Windows\System\CGvRMLA.exe
  2⤵
  PID:5504
- C:\Windows\System\ENCjzMv.exe
  C:\Windows\System\ENCjzMv.exe
  2⤵
  PID:5520
- C:\Windows\System\kSZHPss.exe
  C:\Windows\System\kSZHPss.exe
  2⤵
  PID:5536
- C:\Windows\System\rDyXyDl.exe
  C:\Windows\System\rDyXyDl.exe
  2⤵
  PID:5552
- C:\Windows\System\SeOuDGY.exe
  C:\Windows\System\SeOuDGY.exe
  2⤵
  PID:5584
- C:\Windows\System\PkuFMrd.exe
  C:\Windows\System\PkuFMrd.exe
  2⤵
  PID:5624
- C:\Windows\System\MAPqrDn.exe
  C:\Windows\System\MAPqrDn.exe
  2⤵
  PID:5644
- C:\Windows\System\sDkuwrb.exe
  C:\Windows\System\sDkuwrb.exe
  2⤵
  PID:5660
- C:\Windows\System\fkFfnxY.exe
  C:\Windows\System\fkFfnxY.exe
  2⤵
  PID:5676
- C:\Windows\System\NZwdDZL.exe
  C:\Windows\System\NZwdDZL.exe
  2⤵
  PID:5692
- C:\Windows\System\QpIeyAI.exe
  C:\Windows\System\QpIeyAI.exe
  2⤵
  PID:5708
- C:\Windows\System\MVFBrLr.exe
  C:\Windows\System\MVFBrLr.exe
  2⤵
  PID:5724
- C:\Windows\System\aiWOTUh.exe
  C:\Windows\System\aiWOTUh.exe
  2⤵
  PID:5740
- C:\Windows\System\LFNrmJU.exe
  C:\Windows\System\LFNrmJU.exe
  2⤵
  PID:5768
- C:\Windows\System\lcdBlQo.exe
  C:\Windows\System\lcdBlQo.exe
  2⤵
  PID:5800
- C:\Windows\System\AKuYcPT.exe
  C:\Windows\System\AKuYcPT.exe
  2⤵
  PID:5816
- C:\Windows\System\uZLpOBN.exe
  C:\Windows\System\uZLpOBN.exe
  2⤵
  PID:5832
- C:\Windows\System\NcvXJwx.exe
  C:\Windows\System\NcvXJwx.exe
  2⤵
  PID:5852
- C:\Windows\System\SGqgQcs.exe
  C:\Windows\System\SGqgQcs.exe
  2⤵
  PID:5872
- C:\Windows\System\oOuuALg.exe
  C:\Windows\System\oOuuALg.exe
  2⤵
  PID:5904
- C:\Windows\System\GunfcKi.exe
  C:\Windows\System\GunfcKi.exe
  2⤵
  PID:5924
- C:\Windows\System\WefSjCN.exe
  C:\Windows\System\WefSjCN.exe
  2⤵
  PID:5940
- C:\Windows\System\LnSqjtJ.exe
  C:\Windows\System\LnSqjtJ.exe
  2⤵
  PID:5956
- C:\Windows\System\GQneJLe.exe
  C:\Windows\System\GQneJLe.exe
  2⤵
  PID:5976
- C:\Windows\System\sZTYOwr.exe
  C:\Windows\System\sZTYOwr.exe
  2⤵
  PID:5992
- C:\Windows\System\SBhItuD.exe
  C:\Windows\System\SBhItuD.exe
  2⤵
  PID:6016
- C:\Windows\System\GrdbTRo.exe
  C:\Windows\System\GrdbTRo.exe
  2⤵
  PID:6036
- C:\Windows\System\JlDorLG.exe
  C:\Windows\System\JlDorLG.exe
  2⤵
  PID:6052
- C:\Windows\System\LeVXuGU.exe
  C:\Windows\System\LeVXuGU.exe
  2⤵
  PID:6068
- C:\Windows\System\UeTaqJf.exe
  C:\Windows\System\UeTaqJf.exe
  2⤵
  PID:6100
- C:\Windows\System\qDMKxAP.exe
  C:\Windows\System\qDMKxAP.exe
  2⤵
  PID:6120
- C:\Windows\System\cKDWbWV.exe
  C:\Windows\System\cKDWbWV.exe
  2⤵
  PID:6136
- C:\Windows\System\xJEHjkw.exe
  C:\Windows\System\xJEHjkw.exe
  2⤵
  PID:2828
- C:\Windows\System\KdNvSoU.exe
  C:\Windows\System\KdNvSoU.exe
  2⤵
  PID:2012
- C:\Windows\System\ZaBiJVl.exe
  C:\Windows\System\ZaBiJVl.exe
  2⤵
  PID:2776
- C:\Windows\System\iUvlTgR.exe
  C:\Windows\System\iUvlTgR.exe
  2⤵
  PID:5224
- C:\Windows\System\MCFMBIR.exe
  C:\Windows\System\MCFMBIR.exe
  2⤵
  PID:5252
- C:\Windows\System\zDuQbRq.exe
  C:\Windows\System\zDuQbRq.exe
  2⤵
  PID:5140
- C:\Windows\System\ZcNVNCY.exe
  C:\Windows\System\ZcNVNCY.exe
  2⤵
  PID:5168
- C:\Windows\System\mjuImfc.exe
  C:\Windows\System\mjuImfc.exe
  2⤵
  PID:5280
- C:\Windows\System\xDsOxLh.exe
  C:\Windows\System\xDsOxLh.exe
  2⤵
  PID:5300
- C:\Windows\System\olHzJDV.exe
  C:\Windows\System\olHzJDV.exe
  2⤵
  PID:5312
- C:\Windows\System\SjnyJeN.exe
  C:\Windows\System\SjnyJeN.exe
  2⤵
  PID:5408
- C:\Windows\System\ZqstVih.exe
  C:\Windows\System\ZqstVih.exe
  2⤵
  PID:5512
- C:\Windows\System\oDmrsuQ.exe
  C:\Windows\System\oDmrsuQ.exe
  2⤵
  PID:5392
- C:\Windows\System\kgfESkM.exe
  C:\Windows\System\kgfESkM.exe
  2⤵
  PID:5560
- C:\Windows\System\VPTUhYT.exe
  C:\Windows\System\VPTUhYT.exe
  2⤵
  PID:5348
- C:\Windows\System\bKddszR.exe
  C:\Windows\System\bKddszR.exe
  2⤵
  PID:5500
- C:\Windows\System\CXThrcz.exe
  C:\Windows\System\CXThrcz.exe
  2⤵
  PID:5428
- C:\Windows\System\oKYwBhX.exe
  C:\Windows\System\oKYwBhX.exe
  2⤵
  PID:5600
- C:\Windows\System\AuqDvrD.exe
  C:\Windows\System\AuqDvrD.exe
  2⤵
  PID:5632
- C:\Windows\System\mtIbwCo.exe
  C:\Windows\System\mtIbwCo.exe
  2⤵
  PID:5688
- C:\Windows\System\VNzyTDH.exe
  C:\Windows\System\VNzyTDH.exe
  2⤵
  PID:5748
- C:\Windows\System\HLJgkWW.exe
  C:\Windows\System\HLJgkWW.exe
  2⤵
  PID:5672
- C:\Windows\System\vPSxwkx.exe
  C:\Windows\System\vPSxwkx.exe
  2⤵
  PID:5668
- C:\Windows\System\tSAkyZn.exe
  C:\Windows\System\tSAkyZn.exe
  2⤵
  PID:5736
- C:\Windows\System\peRJyyW.exe
  C:\Windows\System\peRJyyW.exe
  2⤵
  PID:5792
- C:\Windows\System\aVLkgIp.exe
  C:\Windows\System\aVLkgIp.exe
  2⤵
  PID:5824
- C:\Windows\System\wJQhunM.exe
  C:\Windows\System\wJQhunM.exe
  2⤵
  PID:5896
- C:\Windows\System\URCKuUF.exe
  C:\Windows\System\URCKuUF.exe
  2⤵
  PID:1352
- C:\Windows\System\MvgWYgp.exe
  C:\Windows\System\MvgWYgp.exe
  2⤵
  PID:5972
- C:\Windows\System\xPVOudt.exe
  C:\Windows\System\xPVOudt.exe
  2⤵
  PID:5920
- C:\Windows\System\obttukn.exe
  C:\Windows\System\obttukn.exe
  2⤵
  PID:1268
- C:\Windows\System\NnwCeWb.exe
  C:\Windows\System\NnwCeWb.exe
  2⤵
  PID:6060
- C:\Windows\System\XHIGPSE.exe
  C:\Windows\System\XHIGPSE.exe
  2⤵
  PID:6084
- C:\Windows\System\JXPUHay.exe
  C:\Windows\System\JXPUHay.exe
  2⤵
  PID:6044
- C:\Windows\System\KjPjfmJ.exe
  C:\Windows\System\KjPjfmJ.exe
  2⤵
  PID:6112
- C:\Windows\System\QefYMtd.exe
  C:\Windows\System\QefYMtd.exe
  2⤵
  PID:5216
- C:\Windows\System\eekJKtS.exe
  C:\Windows\System\eekJKtS.exe
  2⤵
  PID:1664
- C:\Windows\System\GVtUlme.exe
  C:\Windows\System\GVtUlme.exe
  2⤵
  PID:5136
- C:\Windows\System\fkdrhgy.exe
  C:\Windows\System\fkdrhgy.exe
  2⤵
  PID:2104
- C:\Windows\System\EtBuKIO.exe
  C:\Windows\System\EtBuKIO.exe
  2⤵
  PID:5236
- C:\Windows\System\dabEQfT.exe
  C:\Windows\System\dabEQfT.exe
  2⤵
  PID:5220
- C:\Windows\System\fcJYUCt.exe
  C:\Windows\System\fcJYUCt.exe
  2⤵
  PID:5336
- C:\Windows\System\zgwnojB.exe
  C:\Windows\System\zgwnojB.exe
  2⤵
  PID:5372
- C:\Windows\System\mOXeoDH.exe
  C:\Windows\System\mOXeoDH.exe
  2⤵
  PID:5444
- C:\Windows\System\CxNQqdY.exe
  C:\Windows\System\CxNQqdY.exe
  2⤵
  PID:5476
- C:\Windows\System\ruXiwQS.exe
  C:\Windows\System\ruXiwQS.exe
  2⤵
  PID:5576
- C:\Windows\System\mvhqvLj.exe
  C:\Windows\System\mvhqvLj.exe
  2⤵
  PID:5580
- C:\Windows\System\MdhIioB.exe
  C:\Windows\System\MdhIioB.exe
  2⤵
  PID:5596
- C:\Windows\System\kCJUXHr.exe
  C:\Windows\System\kCJUXHr.exe
  2⤵
  PID:5640
- C:\Windows\System\GQLgMdD.exe
  C:\Windows\System\GQLgMdD.exe
  2⤵
  PID:5656
- C:\Windows\System\bXTWADX.exe
  C:\Windows\System\bXTWADX.exe
  2⤵
  PID:5808
- C:\Windows\System\tgHVfjx.exe
  C:\Windows\System\tgHVfjx.exe
  2⤵
  PID:5880
- C:\Windows\System\ObEWEkh.exe
  C:\Windows\System\ObEWEkh.exe
  2⤵
  PID:5780
- C:\Windows\System\ySMWCaI.exe
  C:\Windows\System\ySMWCaI.exe
  2⤵
  PID:2344
- C:\Windows\System\DvthTBZ.exe
  C:\Windows\System\DvthTBZ.exe
  2⤵
  PID:5892
- C:\Windows\System\nginWxy.exe
  C:\Windows\System\nginWxy.exe
  2⤵
  PID:5936
- C:\Windows\System\IHDxRhU.exe
  C:\Windows\System\IHDxRhU.exe
  2⤵
  PID:5952
- C:\Windows\System\OZNuRvv.exe
  C:\Windows\System\OZNuRvv.exe
  2⤵
  PID:5988
- C:\Windows\System\LUnNDZf.exe
  C:\Windows\System\LUnNDZf.exe
  2⤵
  PID:628
- C:\Windows\System\dSifNNX.exe
  C:\Windows\System\dSifNNX.exe
  2⤵
  PID:5188
- C:\Windows\System\FcJOQLN.exe
  C:\Windows\System\FcJOQLN.exe
  2⤵
  PID:5200
- C:\Windows\System\VQVAtHy.exe
  C:\Windows\System\VQVAtHy.exe
  2⤵
  PID:5204
- C:\Windows\System\shgVLoK.exe
  C:\Windows\System\shgVLoK.exe
  2⤵
  PID:5248
- C:\Windows\System\WIooZFq.exe
  C:\Windows\System\WIooZFq.exe
  2⤵
  PID:4004
- C:\Windows\System\iIUCAWZ.exe
  C:\Windows\System\iIUCAWZ.exe
  2⤵
  PID:5592
- C:\Windows\System\sEFesgk.exe
  C:\Windows\System\sEFesgk.exe
  2⤵
  PID:5704
- C:\Windows\System\LAxzaNZ.exe
  C:\Windows\System\LAxzaNZ.exe
  2⤵
  PID:5616
- C:\Windows\System\BrhvpmM.exe
  C:\Windows\System\BrhvpmM.exe
  2⤵
  PID:5548
- C:\Windows\System\fLdBlcX.exe
  C:\Windows\System\fLdBlcX.exe
  2⤵
  PID:5932
- C:\Windows\System\DzliCow.exe
  C:\Windows\System\DzliCow.exe
  2⤵
  PID:5984
- C:\Windows\System\IFiMVdS.exe
  C:\Windows\System\IFiMVdS.exe
  2⤵
  PID:6080
- C:\Windows\System\vTcnXEM.exe
  C:\Windows\System\vTcnXEM.exe
  2⤵
  PID:2092
- C:\Windows\System\GkzUZVH.exe
  C:\Windows\System\GkzUZVH.exe
  2⤵
  PID:2728
- C:\Windows\System\lcaGiSR.exe
  C:\Windows\System\lcaGiSR.exe
  2⤵
  PID:6116
- C:\Windows\System\XFUKmNA.exe
  C:\Windows\System\XFUKmNA.exe
  2⤵
  PID:5376
- C:\Windows\System\IxWkPYl.exe
  C:\Windows\System\IxWkPYl.exe
  2⤵
  PID:1096
- C:\Windows\System\VBhwWLA.exe
  C:\Windows\System\VBhwWLA.exe
  2⤵
  PID:5844
- C:\Windows\System\DCscdVx.exe
  C:\Windows\System\DCscdVx.exe
  2⤵
  PID:5764
- C:\Windows\System\xCBmCwY.exe
  C:\Windows\System\xCBmCwY.exe
  2⤵
  PID:5496
- C:\Windows\System\itKHPOn.exe
  C:\Windows\System\itKHPOn.exe
  2⤵
  PID:5544
- C:\Windows\System\gegSJEl.exe
  C:\Windows\System\gegSJEl.exe
  2⤵
  PID:6076
- C:\Windows\System\yXMnLtt.exe
  C:\Windows\System\yXMnLtt.exe
  2⤵
  PID:1112
- C:\Windows\System\YmRGPci.exe
  C:\Windows\System\YmRGPci.exe
  2⤵
  PID:5320
- C:\Windows\System\piKBXCG.exe
  C:\Windows\System\piKBXCG.exe
  2⤵
  PID:5232
- C:\Windows\System\xPbmoKZ.exe
  C:\Windows\System\xPbmoKZ.exe
  2⤵
  PID:6172
- C:\Windows\System\tpyrpOm.exe
  C:\Windows\System\tpyrpOm.exe
  2⤵
  PID:6192
- C:\Windows\System\ctQCmul.exe
  C:\Windows\System\ctQCmul.exe
  2⤵
  PID:6208
- C:\Windows\System\xBfHJnk.exe
  C:\Windows\System\xBfHJnk.exe
  2⤵
  PID:6232
- C:\Windows\System\UTOChgu.exe
  C:\Windows\System\UTOChgu.exe
  2⤵
  PID:6252
- C:\Windows\System\tkonwFf.exe
  C:\Windows\System\tkonwFf.exe
  2⤵
  PID:6268
- C:\Windows\System\admedqE.exe
  C:\Windows\System\admedqE.exe
  2⤵
  PID:6284
- C:\Windows\System\YsUfqlb.exe
  C:\Windows\System\YsUfqlb.exe
  2⤵
  PID:6300
- C:\Windows\System\AbJzghn.exe
  C:\Windows\System\AbJzghn.exe
  2⤵
  PID:6320
- C:\Windows\System\ViRNShT.exe
  C:\Windows\System\ViRNShT.exe
  2⤵
  PID:6336
- C:\Windows\System\EcewExl.exe
  C:\Windows\System\EcewExl.exe
  2⤵
  PID:6352
- C:\Windows\System\jJMMobP.exe
  C:\Windows\System\jJMMobP.exe
  2⤵
  PID:6372
- C:\Windows\System\JAYvOTV.exe
  C:\Windows\System\JAYvOTV.exe
  2⤵
  PID:6392
- C:\Windows\System\cQnNigB.exe
  C:\Windows\System\cQnNigB.exe
  2⤵
  PID:6412
- C:\Windows\System\khydxak.exe
  C:\Windows\System\khydxak.exe
  2⤵
  PID:6448
- C:\Windows\System\OdXqSAe.exe
  C:\Windows\System\OdXqSAe.exe
  2⤵
  PID:6468
- C:\Windows\System\hjmjHyg.exe
  C:\Windows\System\hjmjHyg.exe
  2⤵
  PID:6488
- C:\Windows\System\EIQObot.exe
  C:\Windows\System\EIQObot.exe
  2⤵
  PID:6512
- C:\Windows\System\zPeAjOJ.exe
  C:\Windows\System\zPeAjOJ.exe
  2⤵
  PID:6528
- C:\Windows\System\jXLUGUf.exe
  C:\Windows\System\jXLUGUf.exe
  2⤵
  PID:6544
- C:\Windows\System\ViTikCw.exe
  C:\Windows\System\ViTikCw.exe
  2⤵
  PID:6560
- C:\Windows\System\DOqYEln.exe
  C:\Windows\System\DOqYEln.exe
  2⤵
  PID:6580
- C:\Windows\System\ugWTTYB.exe
  C:\Windows\System\ugWTTYB.exe
  2⤵
  PID:6604
- C:\Windows\System\yGNLrzE.exe
  C:\Windows\System\yGNLrzE.exe
  2⤵
  PID:6624
- C:\Windows\System\SCFELJp.exe
  C:\Windows\System\SCFELJp.exe
  2⤵
  PID:6644
- C:\Windows\System\iJhPgSC.exe
  C:\Windows\System\iJhPgSC.exe
  2⤵
  PID:6660
- C:\Windows\System\dRNIwQL.exe
  C:\Windows\System\dRNIwQL.exe
  2⤵
  PID:6676
- C:\Windows\System\vMkCSZK.exe
  C:\Windows\System\vMkCSZK.exe
  2⤵
  PID:6700
- C:\Windows\System\vzdDzlJ.exe
  C:\Windows\System\vzdDzlJ.exe
  2⤵
  PID:6720
- C:\Windows\System\MLSRYcG.exe
  C:\Windows\System\MLSRYcG.exe
  2⤵
  PID:6740
- C:\Windows\System\ooMqqex.exe
  C:\Windows\System\ooMqqex.exe
  2⤵
  PID:6764
- C:\Windows\System\LRqTebB.exe
  C:\Windows\System\LRqTebB.exe
  2⤵
  PID:6780
- C:\Windows\System\XqijqZL.exe
  C:\Windows\System\XqijqZL.exe
  2⤵
  PID:6796
- C:\Windows\System\GKMwGZB.exe
  C:\Windows\System\GKMwGZB.exe
  2⤵
  PID:6816
- C:\Windows\System\hJLUHRl.exe
  C:\Windows\System\hJLUHRl.exe
  2⤵
  PID:6840
- C:\Windows\System\hdlVUSB.exe
  C:\Windows\System\hdlVUSB.exe
  2⤵
  PID:6856
- C:\Windows\System\LtZiYwb.exe
  C:\Windows\System\LtZiYwb.exe
  2⤵
  PID:6876
- C:\Windows\System\UsrZdtI.exe
  C:\Windows\System\UsrZdtI.exe
  2⤵
  PID:6896
- C:\Windows\System\nTdZdvl.exe
  C:\Windows\System\nTdZdvl.exe
  2⤵
  PID:6920
- C:\Windows\System\uiUiLwc.exe
  C:\Windows\System\uiUiLwc.exe
  2⤵
  PID:6936
- C:\Windows\System\KOyCwAs.exe
  C:\Windows\System\KOyCwAs.exe
  2⤵
  PID:6984
- C:\Windows\System\toEBGRn.exe
  C:\Windows\System\toEBGRn.exe
  2⤵
  PID:7016
- C:\Windows\System\cWLLtmK.exe
  C:\Windows\System\cWLLtmK.exe
  2⤵
  PID:7036
- C:\Windows\System\ozGHskN.exe
  C:\Windows\System\ozGHskN.exe
  2⤵
  PID:7056
- C:\Windows\System\BqnlsFy.exe
  C:\Windows\System\BqnlsFy.exe
  2⤵
  PID:7072
- C:\Windows\System\PPRxFNX.exe
  C:\Windows\System\PPRxFNX.exe
  2⤵
  PID:7092
- C:\Windows\System\JrTeBPn.exe
  C:\Windows\System\JrTeBPn.exe
  2⤵
  PID:7108
- C:\Windows\System\KByVnGT.exe
  C:\Windows\System\KByVnGT.exe
  2⤵
  PID:7124
- C:\Windows\System\ncpgWjg.exe
  C:\Windows\System\ncpgWjg.exe
  2⤵
  PID:7140
- C:\Windows\System\nQZPDSh.exe
  C:\Windows\System\nQZPDSh.exe
  2⤵
  PID:5460
- C:\Windows\System\BByMEGm.exe
  C:\Windows\System\BByMEGm.exe
  2⤵
  PID:4716
- C:\Windows\System\EZXQaYy.exe
  C:\Windows\System\EZXQaYy.exe
  2⤵
  PID:1236
- C:\Windows\System\pYlutVV.exe
  C:\Windows\System\pYlutVV.exe
  2⤵
  PID:6164
- C:\Windows\System\bxUVSxx.exe
  C:\Windows\System\bxUVSxx.exe
  2⤵
  PID:5440
- C:\Windows\System\HXuxcuZ.exe
  C:\Windows\System\HXuxcuZ.exe
  2⤵
  PID:6168
- C:\Windows\System\hbbHFAS.exe
  C:\Windows\System\hbbHFAS.exe
  2⤵
  PID:6188
- C:\Windows\System\fohEyuv.exe
  C:\Windows\System\fohEyuv.exe
  2⤵
  PID:6200
- C:\Windows\System\OSIyBoV.exe
  C:\Windows\System\OSIyBoV.exe
  2⤵
  PID:6292
- C:\Windows\System\DApszeb.exe
  C:\Windows\System\DApszeb.exe
  2⤵
  PID:6244
- C:\Windows\System\BSYGkMX.exe
  C:\Windows\System\BSYGkMX.exe
  2⤵
  PID:6328
- C:\Windows\System\pkvjjxH.exe
  C:\Windows\System\pkvjjxH.exe
  2⤵
  PID:6400
- C:\Windows\System\sDZTgyQ.exe
  C:\Windows\System\sDZTgyQ.exe
  2⤵
  PID:6420
- C:\Windows\System\lgoPOxr.exe
  C:\Windows\System\lgoPOxr.exe
  2⤵
  PID:6316
- C:\Windows\System\LTHQKbO.exe
  C:\Windows\System\LTHQKbO.exe
  2⤵
  PID:6380
- C:\Windows\System\qyzgDRf.exe
  C:\Windows\System\qyzgDRf.exe
  2⤵
  PID:6444
- C:\Windows\System\XFTMpkA.exe
  C:\Windows\System\XFTMpkA.exe
  2⤵
  PID:6464
- C:\Windows\System\uFFbAhO.exe
  C:\Windows\System\uFFbAhO.exe
  2⤵
  PID:6508
- C:\Windows\System\ksyhDTl.exe
  C:\Windows\System\ksyhDTl.exe
  2⤵
  PID:6568
- C:\Windows\System\RgKyIPO.exe
  C:\Windows\System\RgKyIPO.exe
  2⤵
  PID:6692
- C:\Windows\System\pTzhbYu.exe
  C:\Windows\System\pTzhbYu.exe
  2⤵
  PID:6736
- C:\Windows\System\dOphqwa.exe
  C:\Windows\System\dOphqwa.exe
  2⤵
  PID:6524
- C:\Windows\System\vGtAKiV.exe
  C:\Windows\System\vGtAKiV.exe
  2⤵
  PID:6632
- C:\Windows\System\EFiXfFv.exe
  C:\Windows\System\EFiXfFv.exe
  2⤵
  PID:6588
- C:\Windows\System\dzWnzMr.exe
  C:\Windows\System\dzWnzMr.exe
  2⤵
  PID:6888
- C:\Windows\System\rdfKmgD.exe
  C:\Windows\System\rdfKmgD.exe
  2⤵
  PID:6636
- C:\Windows\System\dpcNAnS.exe
  C:\Windows\System\dpcNAnS.exe
  2⤵
  PID:6668
- C:\Windows\System\dAawgsX.exe
  C:\Windows\System\dAawgsX.exe
  2⤵
  PID:6904
- C:\Windows\System\wMyWVnx.exe
  C:\Windows\System\wMyWVnx.exe
  2⤵
  PID:6600
- C:\Windows\System\CJuStCC.exe
  C:\Windows\System\CJuStCC.exe
  2⤵
  PID:6792
- C:\Windows\System\GCpvrJH.exe
  C:\Windows\System\GCpvrJH.exe
  2⤵
  PID:6672
- C:\Windows\System\EuMblek.exe
  C:\Windows\System\EuMblek.exe
  2⤵
  PID:6996
- C:\Windows\System\hTNVuSz.exe
  C:\Windows\System\hTNVuSz.exe
  2⤵
  PID:7100
- C:\Windows\System\VhpmYZl.exe
  C:\Windows\System\VhpmYZl.exe
  2⤵
  PID:5864
- C:\Windows\System\yfeUcQz.exe
  C:\Windows\System\yfeUcQz.exe
  2⤵
  PID:6240
- C:\Windows\System\iVzwoSw.exe
  C:\Windows\System\iVzwoSw.exe
  2⤵
  PID:6388
- C:\Windows\System\ErBXYpu.exe
  C:\Windows\System\ErBXYpu.exe
  2⤵
  PID:6576
- C:\Windows\System\oFccgWr.exe
  C:\Windows\System\oFccgWr.exe
  2⤵
  PID:6656
- C:\Windows\System\MCAAnFN.exe
  C:\Windows\System\MCAAnFN.exe
  2⤵
  PID:6556
- C:\Windows\System\dryfWUt.exe
  C:\Windows\System\dryfWUt.exe
  2⤵
  PID:7120
- C:\Windows\System\Bhwepnx.exe
  C:\Windows\System\Bhwepnx.exe
  2⤵
  PID:4328
- C:\Windows\System\uqbBUqf.exe
  C:\Windows\System\uqbBUqf.exe
  2⤵
  PID:6712
- C:\Windows\System\tdEuUwt.exe
  C:\Windows\System\tdEuUwt.exe
  2⤵
  PID:6868
- C:\Windows\System\haECDRH.exe
  C:\Windows\System\haECDRH.exe
  2⤵
  PID:6728
- C:\Windows\System\fEfjHAV.exe
  C:\Windows\System\fEfjHAV.exe
  2⤵
  PID:7156
- C:\Windows\System\obWQxoa.exe
  C:\Windows\System\obWQxoa.exe
  2⤵
  PID:6968
- C:\Windows\System\HZQyglD.exe
  C:\Windows\System\HZQyglD.exe
  2⤵
  PID:5156
- C:\Windows\System\PZpmmVc.exe
  C:\Windows\System\PZpmmVc.exe
  2⤵
  PID:6280
- C:\Windows\System\FAmMMHd.exe
  C:\Windows\System\FAmMMHd.exe
  2⤵
  PID:6752
- C:\Windows\System\MznIurS.exe
  C:\Windows\System\MznIurS.exe
  2⤵
  PID:7000
- C:\Windows\System\Zjpigqj.exe
  C:\Windows\System\Zjpigqj.exe
  2⤵
  PID:7136
- C:\Windows\System\WlebPTu.exe
  C:\Windows\System\WlebPTu.exe
  2⤵
  PID:5788
- C:\Windows\System\wOovIwh.exe
  C:\Windows\System\wOovIwh.exe
  2⤵
  PID:7044
- C:\Windows\System\jOUbAFp.exe
  C:\Windows\System\jOUbAFp.exe
  2⤵
  PID:7080
- C:\Windows\System\hCkdosr.exe
  C:\Windows\System\hCkdosr.exe
  2⤵
  PID:6148
- C:\Windows\System\wacpJUu.exe
  C:\Windows\System\wacpJUu.exe
  2⤵
  PID:6552
- C:\Windows\System\NVzgFKP.exe
  C:\Windows\System\NVzgFKP.exe
  2⤵
  PID:6312
- C:\Windows\System\ptVaixP.exe
  C:\Windows\System\ptVaixP.exe
  2⤵
  PID:7116
- C:\Windows\System\FfAphJv.exe
  C:\Windows\System\FfAphJv.exe
  2⤵
  PID:6540
- C:\Windows\System\KswoQFc.exe
  C:\Windows\System\KswoQFc.exe
  2⤵
  PID:2668
- C:\Windows\System\AkCoOXM.exe
  C:\Windows\System\AkCoOXM.exe
  2⤵
  PID:6932
- C:\Windows\System\qfFUOAU.exe
  C:\Windows\System\qfFUOAU.exe
  2⤵
  PID:5244
- C:\Windows\System\spOWcPm.exe
  C:\Windows\System\spOWcPm.exe
  2⤵
  PID:6264
- C:\Windows\System\dDKcFZn.exe
  C:\Windows\System\dDKcFZn.exe
  2⤵
  PID:7132
- C:\Windows\System\XCqZxvs.exe
  C:\Windows\System\XCqZxvs.exe
  2⤵
  PID:7032
- C:\Windows\System\QJdTUkG.exe
  C:\Windows\System\QJdTUkG.exe
  2⤵
  PID:7068
- C:\Windows\System\dbWILjs.exe
  C:\Windows\System\dbWILjs.exe
  2⤵
  PID:6500
- C:\Windows\System\NjZUgeM.exe
  C:\Windows\System\NjZUgeM.exe
  2⤵
  PID:6520
- C:\Windows\System\rukxGRi.exe
  C:\Windows\System\rukxGRi.exe
  2⤵
  PID:6956
- C:\Windows\System\vXEZDrc.exe
  C:\Windows\System\vXEZDrc.exe
  2⤵
  PID:6616
- C:\Windows\System\HUeGqkz.exe
  C:\Windows\System\HUeGqkz.exe
  2⤵
  PID:5964
- C:\Windows\System\sYutIVw.exe
  C:\Windows\System\sYutIVw.exe
  2⤵
  PID:6928
- C:\Windows\System\ZKumjjr.exe
  C:\Windows\System\ZKumjjr.exe
  2⤵
  PID:4228
- C:\Windows\System\DUdZPUh.exe
  C:\Windows\System\DUdZPUh.exe
  2⤵
  PID:6976
- C:\Windows\System\DTyriGK.exe
  C:\Windows\System\DTyriGK.exe
  2⤵
  PID:6180
- C:\Windows\System\jJuoFgq.exe
  C:\Windows\System\jJuoFgq.exe
  2⤵
  PID:2888
- C:\Windows\System\JfqKQNM.exe
  C:\Windows\System\JfqKQNM.exe
  2⤵
  PID:5760
- C:\Windows\System\tMIiWgW.exe
  C:\Windows\System\tMIiWgW.exe
  2⤵
  PID:7180
- C:\Windows\System\lXmXMtx.exe
  C:\Windows\System\lXmXMtx.exe
  2⤵
  PID:7204
- C:\Windows\System\pmUsYTv.exe
  C:\Windows\System\pmUsYTv.exe
  2⤵
  PID:7220
- C:\Windows\System\ZBxHZCJ.exe
  C:\Windows\System\ZBxHZCJ.exe
  2⤵
  PID:7236
- C:\Windows\System\KkIhhBf.exe
  C:\Windows\System\KkIhhBf.exe
  2⤵
  PID:7256
- C:\Windows\System\eRuNBvP.exe
  C:\Windows\System\eRuNBvP.exe
  2⤵
  PID:7276
- C:\Windows\System\TzcbiXk.exe
  C:\Windows\System\TzcbiXk.exe
  2⤵
  PID:7296
- C:\Windows\System\AQVUWLB.exe
  C:\Windows\System\AQVUWLB.exe
  2⤵
  PID:7356
- C:\Windows\System\iwUCMmk.exe
  C:\Windows\System\iwUCMmk.exe
  2⤵
  PID:7372
- C:\Windows\System\LjtVlxj.exe
  C:\Windows\System\LjtVlxj.exe
  2⤵
  PID:7392
- C:\Windows\System\XLANzVv.exe
  C:\Windows\System\XLANzVv.exe
  2⤵
  PID:7408
- C:\Windows\System\BAAznTC.exe
  C:\Windows\System\BAAznTC.exe
  2⤵
  PID:7428
- C:\Windows\System\vMpZrjO.exe
  C:\Windows\System\vMpZrjO.exe
  2⤵
  PID:7444
- C:\Windows\System\SqEsGKw.exe
  C:\Windows\System\SqEsGKw.exe
  2⤵
  PID:7460
- C:\Windows\System\Hbilljt.exe
  C:\Windows\System\Hbilljt.exe
  2⤵
  PID:7476
- C:\Windows\System\KHzLIIW.exe
  C:\Windows\System\KHzLIIW.exe
  2⤵
  PID:7492
- C:\Windows\System\PtKRzBq.exe
  C:\Windows\System\PtKRzBq.exe
  2⤵
  PID:7508
- C:\Windows\System\XPepUSt.exe
  C:\Windows\System\XPepUSt.exe
  2⤵
  PID:7524
- C:\Windows\System\HhPppmz.exe
  C:\Windows\System\HhPppmz.exe
  2⤵
  PID:7560
- C:\Windows\System\zHCnUGw.exe
  C:\Windows\System\zHCnUGw.exe
  2⤵
  PID:7576
- C:\Windows\System\QKjjFyx.exe
  C:\Windows\System\QKjjFyx.exe
  2⤵
  PID:7596
- C:\Windows\System\ogZrTPJ.exe
  C:\Windows\System\ogZrTPJ.exe
  2⤵
  PID:7612
- C:\Windows\System\FUhqnYG.exe
  C:\Windows\System\FUhqnYG.exe
  2⤵
  PID:7628
- C:\Windows\System\CDPXEeG.exe
  C:\Windows\System\CDPXEeG.exe
  2⤵
  PID:7644
- C:\Windows\System\acKMKas.exe
  C:\Windows\System\acKMKas.exe
  2⤵
  PID:7660
- C:\Windows\System\zgHdaEO.exe
  C:\Windows\System\zgHdaEO.exe
  2⤵
  PID:7676
- C:\Windows\System\QOfDPqk.exe
  C:\Windows\System\QOfDPqk.exe
  2⤵
  PID:7692
- C:\Windows\System\necDQXn.exe
  C:\Windows\System\necDQXn.exe
  2⤵
  PID:7708
- C:\Windows\System\ZGjrtYR.exe
  C:\Windows\System\ZGjrtYR.exe
  2⤵
  PID:7724
- C:\Windows\System\LzlBnXD.exe
  C:\Windows\System\LzlBnXD.exe
  2⤵
  PID:7744
- C:\Windows\System\clNJWeP.exe
  C:\Windows\System\clNJWeP.exe
  2⤵
  PID:7760
- C:\Windows\System\JZyIFBF.exe
  C:\Windows\System\JZyIFBF.exe
  2⤵
  PID:7800
- C:\Windows\System\QmckyRJ.exe
  C:\Windows\System\QmckyRJ.exe
  2⤵
  PID:7816
- C:\Windows\System\VYNJect.exe
  C:\Windows\System\VYNJect.exe
  2⤵
  PID:7832
- C:\Windows\System\aakTrpz.exe
  C:\Windows\System\aakTrpz.exe
  2⤵
  PID:7848
- C:\Windows\System\ZfMqoFT.exe
  C:\Windows\System\ZfMqoFT.exe
  2⤵
  PID:7864
- C:\Windows\System\RgtHdVD.exe
  C:\Windows\System\RgtHdVD.exe
  2⤵
  PID:7884
- C:\Windows\System\iKuBmCf.exe
  C:\Windows\System\iKuBmCf.exe
  2⤵
  PID:7908
- C:\Windows\System\wINMtQB.exe
  C:\Windows\System\wINMtQB.exe
  2⤵
  PID:7988
- C:\Windows\System\tPfSqZi.exe
  C:\Windows\System\tPfSqZi.exe
  2⤵
  PID:8004
- C:\Windows\System\HTkUJiX.exe
  C:\Windows\System\HTkUJiX.exe
  2⤵
  PID:8020
- C:\Windows\System\OIoAppm.exe
  C:\Windows\System\OIoAppm.exe
  2⤵
  PID:8040
- C:\Windows\System\YUWucfS.exe
  C:\Windows\System\YUWucfS.exe
  2⤵
  PID:8060
- C:\Windows\System\sIHspip.exe
  C:\Windows\System\sIHspip.exe
  2⤵
  PID:8088
- C:\Windows\System\MhNhAlc.exe
  C:\Windows\System\MhNhAlc.exe
  2⤵
  PID:8104
- C:\Windows\System\iwjtUWw.exe
  C:\Windows\System\iwjtUWw.exe
  2⤵
  PID:8120
- C:\Windows\System\oQMcDuK.exe
  C:\Windows\System\oQMcDuK.exe
  2⤵
  PID:8136
- C:\Windows\System\nxXvuSt.exe
  C:\Windows\System\nxXvuSt.exe
  2⤵
  PID:8152
- C:\Windows\System\zwHMMRU.exe
  C:\Windows\System\zwHMMRU.exe
  2⤵
  PID:8172
- C:\Windows\System\ZOYoVJe.exe
  C:\Windows\System\ZOYoVJe.exe
  2⤵
  PID:8188
- C:\Windows\System\gTEDaSd.exe
  C:\Windows\System\gTEDaSd.exe
  2⤵
  PID:5720
- C:\Windows\System\SBLiGXO.exe
  C:\Windows\System\SBLiGXO.exe
  2⤵
  PID:7188
- C:\Windows\System\soSvGTm.exe
  C:\Windows\System\soSvGTm.exe
  2⤵
  PID:7228
- C:\Windows\System\BnpxdqX.exe
  C:\Windows\System\BnpxdqX.exe
  2⤵
  PID:7272
- C:\Windows\System\GFYOcEU.exe
  C:\Windows\System\GFYOcEU.exe
  2⤵
  PID:6596
- C:\Windows\System\pqLsuDM.exe
  C:\Windows\System\pqLsuDM.exe
  2⤵
  PID:5948
- C:\Windows\System\HIPUZCv.exe
  C:\Windows\System\HIPUZCv.exe
  2⤵
  PID:7176
- C:\Windows\System\UIQFnyx.exe
  C:\Windows\System\UIQFnyx.exe
  2⤵
  PID:7248
- C:\Windows\System\NOfgrjJ.exe
  C:\Windows\System\NOfgrjJ.exe
  2⤵
  PID:7292
- C:\Windows\System\TUoMHFU.exe
  C:\Windows\System\TUoMHFU.exe
  2⤵
  PID:7308
- C:\Windows\System\csKzXPp.exe
  C:\Windows\System\csKzXPp.exe
  2⤵
  PID:7324
- C:\Windows\System\pGZjear.exe
  C:\Windows\System\pGZjear.exe
  2⤵
  PID:7404
- C:\Windows\System\jRqdrPN.exe
  C:\Windows\System\jRqdrPN.exe
  2⤵
  PID:7468
- C:\Windows\System\DpFdRsQ.exe
  C:\Windows\System\DpFdRsQ.exe
  2⤵
  PID:7556
- C:\Windows\System\pQVLgSR.exe
  C:\Windows\System\pQVLgSR.exe
  2⤵
  PID:7684
- C:\Windows\System\yxQSZlq.exe
  C:\Windows\System\yxQSZlq.exe
  2⤵
  PID:7752
- C:\Windows\System\ZAunWAx.exe
  C:\Windows\System\ZAunWAx.exe
  2⤵
  PID:7788
- C:\Windows\System\Oijoovd.exe
  C:\Windows\System\Oijoovd.exe
  2⤵
  PID:7340
- C:\Windows\System\InKPuLE.exe
  C:\Windows\System\InKPuLE.exe
  2⤵
  PID:7784
- C:\Windows\System\gfvHKul.exe
  C:\Windows\System\gfvHKul.exe
  2⤵
  PID:7880
- C:\Windows\System\MedNohO.exe
  C:\Windows\System\MedNohO.exe
  2⤵
  PID:7936
- C:\Windows\System\EdyOlQZ.exe
  C:\Windows\System\EdyOlQZ.exe
  2⤵
  PID:7948
- C:\Windows\System\cbgpjaM.exe
  C:\Windows\System\cbgpjaM.exe
  2⤵
  PID:7960
- C:\Windows\System\MzIOwAy.exe
  C:\Windows\System\MzIOwAy.exe
  2⤵
  PID:7352
- C:\Windows\System\dfLNwvs.exe
  C:\Windows\System\dfLNwvs.exe
  2⤵
  PID:7488
- C:\Windows\System\oTGUEsc.exe
  C:\Windows\System\oTGUEsc.exe
  2⤵
  PID:7452
- C:\Windows\System\UDbEAoa.exe
  C:\Windows\System\UDbEAoa.exe
  2⤵
  PID:7520
- C:\Windows\System\nzFVugc.exe
  C:\Windows\System\nzFVugc.exe
  2⤵
  PID:7608
- C:\Windows\System\aZSPvKr.exe
  C:\Windows\System\aZSPvKr.exe
  2⤵
  PID:7976
- C:\Windows\System\pRCVuCk.exe
  C:\Windows\System\pRCVuCk.exe
  2⤵
  PID:7700
- C:\Windows\System\vanBeHF.exe
  C:\Windows\System\vanBeHF.exe
  2⤵
  PID:7768
- C:\Windows\System\WmlHhND.exe
  C:\Windows\System\WmlHhND.exe
  2⤵
  PID:7828
- C:\Windows\System\dmfMTBo.exe
  C:\Windows\System\dmfMTBo.exe
  2⤵
  PID:7896
- C:\Windows\System\ctTXLmL.exe
  C:\Windows\System\ctTXLmL.exe
  2⤵
  PID:7996
- C:\Windows\System\iagNmzq.exe
  C:\Windows\System\iagNmzq.exe
  2⤵
  PID:8032
- C:\Windows\System\ijJjEEW.exe
  C:\Windows\System\ijJjEEW.exe
  2⤵
  PID:8048
- C:\Windows\System\hVhkiaA.exe
  C:\Windows\System\hVhkiaA.exe
  2⤵
  PID:8080
- C:\Windows\System\PDjqEQW.exe
  C:\Windows\System\PDjqEQW.exe
  2⤵
  PID:8116
- C:\Windows\System\HDyyWBU.exe
  C:\Windows\System\HDyyWBU.exe
  2⤵
  PID:8184
- C:\Windows\System\YyoSlsl.exe
  C:\Windows\System\YyoSlsl.exe
  2⤵
  PID:7264
- C:\Windows\System\WmsdZbS.exe
  C:\Windows\System\WmsdZbS.exe
  2⤵
  PID:8164
- C:\Windows\System\lQxacbn.exe
  C:\Windows\System\lQxacbn.exe
  2⤵
  PID:264
- C:\Windows\System\pyiFkUS.exe
  C:\Windows\System\pyiFkUS.exe
  2⤵
  PID:7500
- C:\Windows\System\dySBsdk.exe
  C:\Windows\System\dySBsdk.exe
  2⤵
  PID:7288
- C:\Windows\System\wnRRWoq.exe
  C:\Windows\System\wnRRWoq.exe
  2⤵
  PID:8128
- C:\Windows\System\nthhbTB.exe
  C:\Windows\System\nthhbTB.exe
  2⤵
  PID:6228
- C:\Windows\System\sjTSkEK.exe
  C:\Windows\System\sjTSkEK.exe
  2⤵
  PID:6408
- C:\Windows\System\MTosvET.exe
  C:\Windows\System\MTosvET.exe
  2⤵
  PID:7548
- C:\Windows\System\hEEfqTF.exe
  C:\Windows\System\hEEfqTF.exe
  2⤵
  PID:7544
- C:\Windows\System\QXTytxk.exe
  C:\Windows\System\QXTytxk.exe
  2⤵
  PID:7592
- C:\Windows\System\AQvrbRy.exe
  C:\Windows\System\AQvrbRy.exe
  2⤵
  PID:7780
- C:\Windows\System\qTPGJMS.exe
  C:\Windows\System\qTPGJMS.exe
  2⤵
  PID:7840
- C:\Windows\System\znPpbyZ.exe
  C:\Windows\System\znPpbyZ.exe
  2⤵
  PID:7956
- C:\Windows\System\QzFFBGp.exe
  C:\Windows\System\QzFFBGp.exe
  2⤵
  PID:7872
- C:\Windows\System\ikoazKJ.exe
  C:\Windows\System\ikoazKJ.exe
  2⤵
  PID:7968
- C:\Windows\System\AOxQGDV.exe
  C:\Windows\System\AOxQGDV.exe
  2⤵
  PID:7420
- C:\Windows\System\xaFhkRh.exe
  C:\Windows\System\xaFhkRh.exe
  2⤵
  PID:7640
- C:\Windows\System\HvAnfFW.exe
  C:\Windows\System\HvAnfFW.exe
  2⤵
  PID:7984
- C:\Windows\System\czwHUOm.exe
  C:\Windows\System\czwHUOm.exe
  2⤵
  PID:7904
- C:\Windows\System\fnzXkNL.exe
  C:\Windows\System\fnzXkNL.exe
  2⤵
  PID:8072
- C:\Windows\System\oIzbfop.exe
  C:\Windows\System\oIzbfop.exe
  2⤵
  PID:7892
- C:\Windows\System\jtiTySe.exe
  C:\Windows\System\jtiTySe.exe
  2⤵
  PID:8036
- C:\Windows\System\nOquEtu.exe
  C:\Windows\System\nOquEtu.exe
  2⤵
  PID:7268
- C:\Windows\System\qVRSlhH.exe
  C:\Windows\System\qVRSlhH.exe
  2⤵
  PID:8096
- C:\Windows\System\iciYUyq.exe
  C:\Windows\System\iciYUyq.exe
  2⤵
  PID:7316
- C:\Windows\System\lBtBfWb.exe
  C:\Windows\System\lBtBfWb.exe
  2⤵
  PID:8160
- C:\Windows\System\aiSCRrv.exe
  C:\Windows\System\aiSCRrv.exe
  2⤵
  PID:7196
- C:\Windows\System\FMutIna.exe
  C:\Windows\System\FMutIna.exe
  2⤵
  PID:7652
- C:\Windows\System\OqqoqnB.exe
  C:\Windows\System\OqqoqnB.exe
  2⤵
  PID:7304
- C:\Windows\System\AlVsBRX.exe
  C:\Windows\System\AlVsBRX.exe
  2⤵
  PID:7532
- C:\Windows\System\miGhAVs.exe
  C:\Windows\System\miGhAVs.exe
  2⤵
  PID:7336
- C:\Windows\System\ZjMcMEY.exe
  C:\Windows\System\ZjMcMEY.exe
  2⤵
  PID:7440
- C:\Windows\System\BgNecET.exe
  C:\Windows\System\BgNecET.exe
  2⤵
  PID:7484
- C:\Windows\System\xKrxsRc.exe
  C:\Windows\System\xKrxsRc.exe
  2⤵
  PID:7368
- C:\Windows\System\PHTFDQd.exe
  C:\Windows\System\PHTFDQd.exe
  2⤵
  PID:7932
- C:\Windows\System\HBVEkBv.exe
  C:\Windows\System\HBVEkBv.exe
  2⤵
  PID:7572
- C:\Windows\System\oRKXYDu.exe
  C:\Windows\System\oRKXYDu.exe
  2⤵
  PID:7824
- C:\Windows\System\CHPtdRl.exe
  C:\Windows\System\CHPtdRl.exe
  2⤵
  PID:8076
- C:\Windows\System\MxOuvgy.exe
  C:\Windows\System\MxOuvgy.exe
  2⤵
  PID:7344
- C:\Windows\System\QDlFjVL.exe
  C:\Windows\System\QDlFjVL.exe
  2⤵
  PID:2988
- C:\Windows\System\UGIzCEL.exe
  C:\Windows\System\UGIzCEL.exe
  2⤵
  PID:8168
- C:\Windows\System\ilyEILn.exe
  C:\Windows\System\ilyEILn.exe
  2⤵
  PID:2340
- C:\Windows\System\noHMWNr.exe
  C:\Windows\System\noHMWNr.exe
  2⤵
  PID:7384
- C:\Windows\System\KiVbocF.exe
  C:\Windows\System\KiVbocF.exe
  2⤵
  PID:7400
- C:\Windows\System\RscOuTo.exe
  C:\Windows\System\RscOuTo.exe
  2⤵
  PID:8208
- C:\Windows\System\dxBxLKS.exe
  C:\Windows\System\dxBxLKS.exe
  2⤵
  PID:8224
- C:\Windows\System\lDZiVue.exe
  C:\Windows\System\lDZiVue.exe
  2⤵
  PID:8240
- C:\Windows\System\HWdQHNq.exe
  C:\Windows\System\HWdQHNq.exe
  2⤵
  PID:8256
- C:\Windows\System\fwSzQJN.exe
  C:\Windows\System\fwSzQJN.exe
  2⤵
  PID:8284
- C:\Windows\System\PfpAWZM.exe
  C:\Windows\System\PfpAWZM.exe
  2⤵
  PID:8572
- C:\Windows\System\AVvnBVG.exe
  C:\Windows\System\AVvnBVG.exe
  2⤵
  PID:8588
- C:\Windows\System\zynkDiC.exe
  C:\Windows\System\zynkDiC.exe
  2⤵
  PID:8604
- C:\Windows\System\fKwoDLL.exe
  C:\Windows\System\fKwoDLL.exe
  2⤵
  PID:8632
- C:\Windows\System\GbxKwVW.exe
  C:\Windows\System\GbxKwVW.exe
  2⤵
  PID:8652
- C:\Windows\System\gdZYLpn.exe
  C:\Windows\System\gdZYLpn.exe
  2⤵
  PID:8672
- C:\Windows\System\GpLxtlG.exe
  C:\Windows\System\GpLxtlG.exe
  2⤵
  PID:8692
- C:\Windows\System\fDgLGTA.exe
  C:\Windows\System\fDgLGTA.exe
  2⤵
  PID:8708
- C:\Windows\System\IMBBXZt.exe
  C:\Windows\System\IMBBXZt.exe
  2⤵
  PID:8724
- C:\Windows\System\YCbbSqP.exe
  C:\Windows\System\YCbbSqP.exe
  2⤵
  PID:8752
- C:\Windows\System\wmSmChW.exe
  C:\Windows\System\wmSmChW.exe
  2⤵
  PID:8772
- C:\Windows\System\wuIOFCy.exe
  C:\Windows\System\wuIOFCy.exe
  2⤵
  PID:8792
- C:\Windows\System\BNiSTvb.exe
  C:\Windows\System\BNiSTvb.exe
  2⤵
  PID:8808
- C:\Windows\System\gkRqgbe.exe
  C:\Windows\System\gkRqgbe.exe
  2⤵
  PID:8828
- C:\Windows\System\nDEkzFo.exe
  C:\Windows\System\nDEkzFo.exe
  2⤵
  PID:8848
- C:\Windows\System\NDTyUwi.exe
  C:\Windows\System\NDTyUwi.exe
  2⤵
  PID:8872
- C:\Windows\System\XnaEKRS.exe
  C:\Windows\System\XnaEKRS.exe
  2⤵
  PID:8892
- C:\Windows\System\CMoLoJh.exe
  C:\Windows\System\CMoLoJh.exe
  2⤵
  PID:8908
- C:\Windows\System\vacoWGb.exe
  C:\Windows\System\vacoWGb.exe
  2⤵
  PID:8928
- C:\Windows\System\aIcwZXz.exe
  C:\Windows\System\aIcwZXz.exe
  2⤵
  PID:8952
- C:\Windows\System\sVWXFKC.exe
  C:\Windows\System\sVWXFKC.exe
  2⤵
  PID:8972
- C:\Windows\System\DFHvwIz.exe
  C:\Windows\System\DFHvwIz.exe
  2⤵
  PID:8992
- C:\Windows\System\tUOzMBv.exe
  C:\Windows\System\tUOzMBv.exe
  2⤵
  PID:9008
- C:\Windows\System\MDtwTNG.exe
  C:\Windows\System\MDtwTNG.exe
  2⤵
  PID:9024
- C:\Windows\System\igqFoxs.exe
  C:\Windows\System\igqFoxs.exe
  2⤵
  PID:9040
- C:\Windows\System\QDSPyKo.exe
  C:\Windows\System\QDSPyKo.exe
  2⤵
  PID:9060
- C:\Windows\System\lMFZKyL.exe
  C:\Windows\System\lMFZKyL.exe
  2⤵
  PID:9104
- C:\Windows\System\TsISJcq.exe
  C:\Windows\System\TsISJcq.exe
  2⤵
  PID:9120
- C:\Windows\System\EahLzsk.exe
  C:\Windows\System\EahLzsk.exe
  2⤵
  PID:9140
- C:\Windows\System\RTWyztB.exe
  C:\Windows\System\RTWyztB.exe
  2⤵
  PID:9156
- C:\Windows\System\EmmPKPN.exe
  C:\Windows\System\EmmPKPN.exe
  2⤵
  PID:9176
- C:\Windows\System\dZxKGff.exe
  C:\Windows\System\dZxKGff.exe
  2⤵
  PID:9196
- C:\Windows\System\OLFsCLO.exe
  C:\Windows\System\OLFsCLO.exe
  2⤵
  PID:7216
- C:\Windows\System\GkheBZJ.exe
  C:\Windows\System\GkheBZJ.exe
  2⤵
  PID:8216
- C:\Windows\System\nqfcmUt.exe
  C:\Windows\System\nqfcmUt.exe
  2⤵
  PID:8232
- C:\Windows\System\yvQzlrB.exe
  C:\Windows\System\yvQzlrB.exe
  2⤵
  PID:8252
- C:\Windows\System\tsTOmch.exe
  C:\Windows\System\tsTOmch.exe
  2⤵
  PID:8292
- C:\Windows\System\oFCCuoj.exe
  C:\Windows\System\oFCCuoj.exe
  2⤵
  PID:8304
- C:\Windows\System\yrMEZNV.exe
  C:\Windows\System\yrMEZNV.exe
  2⤵
  PID:8320
- C:\Windows\System\grxfUit.exe
  C:\Windows\System\grxfUit.exe
  2⤵
  PID:8336
- C:\Windows\System\fyQebZW.exe
  C:\Windows\System\fyQebZW.exe
  2⤵
  PID:8360
- C:\Windows\System\lnVCXsp.exe
  C:\Windows\System\lnVCXsp.exe
  2⤵
  PID:8376
- C:\Windows\System\UBvGiHj.exe
  C:\Windows\System\UBvGiHj.exe
  2⤵
  PID:8396
- C:\Windows\System\fajLpzu.exe
  C:\Windows\System\fajLpzu.exe
  2⤵
  PID:8420
- C:\Windows\System\BTtkIZu.exe
  C:\Windows\System\BTtkIZu.exe
  2⤵
  PID:8456
- C:\Windows\System\JJbYUnz.exe
  C:\Windows\System\JJbYUnz.exe
  2⤵
  PID:8472
- C:\Windows\System\FWToQsP.exe
  C:\Windows\System\FWToQsP.exe
  2⤵
  PID:8492
- C:\Windows\System\Fooiqsp.exe
  C:\Windows\System\Fooiqsp.exe
  2⤵
  PID:8508
- C:\Windows\System\nCibPKW.exe
  C:\Windows\System\nCibPKW.exe
  2⤵
  PID:8524
- C:\Windows\System\rlCrSty.exe
  C:\Windows\System\rlCrSty.exe
  2⤵
  PID:8544
- C:\Windows\System\AGNIfgm.exe
  C:\Windows\System\AGNIfgm.exe
  2⤵
  PID:8564
- C:\Windows\System\nLsowNu.exe
  C:\Windows\System\nLsowNu.exe
  2⤵
  PID:8600
- C:\Windows\System\APXYkyG.exe
  C:\Windows\System\APXYkyG.exe
  2⤵
  PID:8628
- C:\Windows\System\jEYkwkN.exe
  C:\Windows\System\jEYkwkN.exe
  2⤵
  PID:8660
- C:\Windows\System\gtIAgfc.exe
  C:\Windows\System\gtIAgfc.exe
  2⤵
  PID:8684
- C:\Windows\System\mGTifnD.exe
  C:\Windows\System\mGTifnD.exe
  2⤵
  PID:8744
- C:\Windows\System\rYaCSiY.exe
  C:\Windows\System\rYaCSiY.exe
  2⤵
  PID:8780
- C:\Windows\System\oNeyOJq.exe
  C:\Windows\System\oNeyOJq.exe
  2⤵
  PID:8804
- C:\Windows\System\oijNwGw.exe
  C:\Windows\System\oijNwGw.exe
  2⤵
  PID:8836
- C:\Windows\System\NqGLvyb.exe
  C:\Windows\System\NqGLvyb.exe
  2⤵
  PID:8860
- C:\Windows\System\oUTotlD.exe
  C:\Windows\System\oUTotlD.exe
  2⤵
  PID:8884
- C:\Windows\System\qsqisJX.exe
  C:\Windows\System\qsqisJX.exe
  2⤵
  PID:8936
- C:\Windows\System\kAgJxHO.exe
  C:\Windows\System\kAgJxHO.exe
  2⤵
  PID:8964
- C:\Windows\System\VuNDMiQ.exe
  C:\Windows\System\VuNDMiQ.exe
  2⤵
  PID:8988
- C:\Windows\System\lMEnXlb.exe
  C:\Windows\System\lMEnXlb.exe
  2⤵
  PID:9052
- C:\Windows\System\ddKSxEv.exe
  C:\Windows\System\ddKSxEv.exe
  2⤵
  PID:9080
- C:\Windows\System\MatFJmw.exe
  C:\Windows\System\MatFJmw.exe
  2⤵
  PID:9164
- C:\Windows\System\tKQyUtb.exe
  C:\Windows\System\tKQyUtb.exe
  2⤵
  PID:9208
- C:\Windows\System\hneIpoc.exe
  C:\Windows\System\hneIpoc.exe
  2⤵
  PID:8204
- C:\Windows\System\vJPlhZP.exe
  C:\Windows\System\vJPlhZP.exe
  2⤵
  PID:9148
- C:\Windows\System\pngwRxG.exe
  C:\Windows\System\pngwRxG.exe
  2⤵
  PID:8316
- C:\Windows\System\BSJDPIq.exe
  C:\Windows\System\BSJDPIq.exe
  2⤵
  PID:8200
- C:\Windows\System\JMslBfi.exe
  C:\Windows\System\JMslBfi.exe
  2⤵
  PID:8388
- C:\Windows\System\ZsdsumF.exe
  C:\Windows\System\ZsdsumF.exe
  2⤵
  PID:8428
- C:\Windows\System\uqHajVA.exe
  C:\Windows\System\uqHajVA.exe
  2⤵
  PID:8300
- C:\Windows\System\sWKlDrW.exe
  C:\Windows\System\sWKlDrW.exe
  2⤵
  PID:8368
- C:\Windows\System\UTbayMw.exe
  C:\Windows\System\UTbayMw.exe
  2⤵
  PID:8452
- C:\Windows\System\hdisztb.exe
  C:\Windows\System\hdisztb.exe
  2⤵
  PID:8464
- C:\Windows\System\bzGBeQn.exe
  C:\Windows\System\bzGBeQn.exe
  2⤵
  PID:8548
- C:\Windows\System\mWaFerM.exe
  C:\Windows\System\mWaFerM.exe
  2⤵
  PID:8624
- C:\Windows\System\pXTPSLs.exe
  C:\Windows\System\pXTPSLs.exe
  2⤵
  PID:8584
- C:\Windows\System\qudVTnE.exe
  C:\Windows\System\qudVTnE.exe
  2⤵
  PID:8664
- C:\Windows\System\goPBjbF.exe
  C:\Windows\System\goPBjbF.exe
  2⤵
  PID:8720
- C:\Windows\System\mAxofjQ.exe
  C:\Windows\System\mAxofjQ.exe
  2⤵
  PID:8824
- C:\Windows\System\yXRtjms.exe
  C:\Windows\System\yXRtjms.exe
  2⤵
  PID:8888
- C:\Windows\System\CoLVqKq.exe
  C:\Windows\System\CoLVqKq.exe
  2⤵
  PID:9016
- C:\Windows\System\YBSqhHH.exe
  C:\Windows\System\YBSqhHH.exe
  2⤵
  PID:8980
- C:\Windows\System\bXCItiV.exe
  C:\Windows\System\bXCItiV.exe
  2⤵
  PID:9032
- C:\Windows\System\YCuGJwK.exe
  C:\Windows\System\YCuGJwK.exe
  2⤵
  PID:8680
- C:\Windows\System\xqZrjcM.exe
  C:\Windows\System\xqZrjcM.exe
  2⤵
  PID:9136
- C:\Windows\System\tfbPBzr.exe
  C:\Windows\System\tfbPBzr.exe
  2⤵
  PID:9204
- C:\Windows\System\GFPkywM.exe
  C:\Windows\System\GFPkywM.exe
  2⤵
  PID:8312
- C:\Windows\System\GltGkUD.exe
  C:\Windows\System\GltGkUD.exe
  2⤵
  PID:8348
- C:\Windows\System\fPPVdsT.exe
  C:\Windows\System\fPPVdsT.exe
  2⤵
  PID:8384
- C:\Windows\System\aaVaqHK.exe
  C:\Windows\System\aaVaqHK.exe
  2⤵
  PID:8248
- C:\Windows\System\FuFxSjP.exe
  C:\Windows\System\FuFxSjP.exe
  2⤵
  PID:8460
- C:\Windows\System\MxnDTlI.exe
  C:\Windows\System\MxnDTlI.exe
  2⤵
  PID:8520
- C:\Windows\System\WRpmBEE.exe
  C:\Windows\System\WRpmBEE.exe
  2⤵
  PID:8648
- C:\Windows\System\TfHCBCO.exe
  C:\Windows\System\TfHCBCO.exe
  2⤵
  PID:8644
- C:\Windows\System\lMMugId.exe
  C:\Windows\System\lMMugId.exe
  2⤵
  PID:8768
- C:\Windows\System\liYOlKU.exe
  C:\Windows\System\liYOlKU.exe
  2⤵
  PID:8864
- C:\Windows\System\jtvIFhr.exe
  C:\Windows\System\jtvIFhr.exe
  2⤵
  PID:8856
- C:\Windows\System\PNWXdWv.exe
  C:\Windows\System\PNWXdWv.exe
  2⤵
  PID:9036
- C:\Windows\System\VusdGsT.exe
  C:\Windows\System\VusdGsT.exe
  2⤵
  PID:9128
- C:\Windows\System\pxTJwGs.exe
  C:\Windows\System\pxTJwGs.exe
  2⤵
  PID:8356
- C:\Windows\System\OfWGNGg.exe
  C:\Windows\System\OfWGNGg.exe
  2⤵
  PID:8296
- C:\Windows\System\gEwutnG.exe
  C:\Windows\System\gEwutnG.exe
  2⤵
  PID:8352
- C:\Windows\System\SeudbUz.exe
  C:\Windows\System\SeudbUz.exe
  2⤵
  PID:8408
- C:\Windows\System\XkwIrSS.exe
  C:\Windows\System\XkwIrSS.exe
  2⤵
  PID:8504
- C:\Windows\System\zZjlioN.exe
  C:\Windows\System\zZjlioN.exe
  2⤵
  PID:8732
- C:\Windows\System\yfJDUVf.exe
  C:\Windows\System\yfJDUVf.exe
  2⤵
  PID:8748
- C:\Windows\System\VpzHCzV.exe
  C:\Windows\System\VpzHCzV.exe
  2⤵
  PID:8900
- C:\Windows\System\IHqUvtT.exe
  C:\Windows\System\IHqUvtT.exe
  2⤵
  PID:9100
- C:\Windows\System\dLYhlkL.exe
  C:\Windows\System\dLYhlkL.exe
  2⤵
  PID:8264
- C:\Windows\System\NUuCsen.exe
  C:\Windows\System\NUuCsen.exe
  2⤵
  PID:9112
- C:\Windows\System\gpweVMU.exe
  C:\Windows\System\gpweVMU.exe
  2⤵
  PID:8820
- C:\Windows\System\qbKwUVE.exe
  C:\Windows\System\qbKwUVE.exe
  2⤵
  PID:9132
- C:\Windows\System\qXTMTEQ.exe
  C:\Windows\System\qXTMTEQ.exe
  2⤵
  PID:9004
- C:\Windows\System\lJpzgCy.exe
  C:\Windows\System\lJpzgCy.exe
  2⤵
  PID:8924
- C:\Windows\System\xOfbmpR.exe
  C:\Windows\System\xOfbmpR.exe
  2⤵
  PID:8560
- C:\Windows\System\nxCRdxY.exe
  C:\Windows\System\nxCRdxY.exe
  2⤵
  PID:8444
- C:\Windows\System\zlUMudt.exe
  C:\Windows\System\zlUMudt.exe
  2⤵
  PID:9244
- C:\Windows\System\hPtyJip.exe
  C:\Windows\System\hPtyJip.exe
  2⤵
  PID:9260
- C:\Windows\System\GSfBofj.exe
  C:\Windows\System\GSfBofj.exe
  2⤵
  PID:9280
- C:\Windows\System\pSDrCpF.exe
  C:\Windows\System\pSDrCpF.exe
  2⤵
  PID:9300
- C:\Windows\System\qXEcALD.exe
  C:\Windows\System\qXEcALD.exe
  2⤵
  PID:9320
- C:\Windows\System\ixzvPfz.exe
  C:\Windows\System\ixzvPfz.exe
  2⤵
  PID:9336
- C:\Windows\System\jNOZfip.exe
  C:\Windows\System\jNOZfip.exe
  2⤵
  PID:9356
- C:\Windows\System\vekLEEd.exe
  C:\Windows\System\vekLEEd.exe
  2⤵
  PID:9376
- C:\Windows\System\LZrJZsA.exe
  C:\Windows\System\LZrJZsA.exe
  2⤵
  PID:9392
- C:\Windows\System\fvMpahf.exe
  C:\Windows\System\fvMpahf.exe
  2⤵
  PID:9412
- C:\Windows\System\FeYogkX.exe
  C:\Windows\System\FeYogkX.exe
  2⤵
  PID:9444
- C:\Windows\System\VblyzGP.exe
  C:\Windows\System\VblyzGP.exe
  2⤵
  PID:9460
- C:\Windows\System\PqWgBRK.exe
  C:\Windows\System\PqWgBRK.exe
  2⤵
  PID:9484
- C:\Windows\System\wUjWEsK.exe
  C:\Windows\System\wUjWEsK.exe
  2⤵
  PID:9500
- C:\Windows\System\eWPdmMA.exe
  C:\Windows\System\eWPdmMA.exe
  2⤵
  PID:9516
- C:\Windows\System\EZPrBQd.exe
  C:\Windows\System\EZPrBQd.exe
  2⤵
  PID:9536
- C:\Windows\System\iGlCyiI.exe
  C:\Windows\System\iGlCyiI.exe
  2⤵
  PID:9560
- C:\Windows\System\noBhUAZ.exe
  C:\Windows\System\noBhUAZ.exe
  2⤵
  PID:9576
- C:\Windows\System\VJOXtQe.exe
  C:\Windows\System\VJOXtQe.exe
  2⤵
  PID:9592
- C:\Windows\System\CwfSwFC.exe
  C:\Windows\System\CwfSwFC.exe
  2⤵
  PID:9608
- C:\Windows\System\tMbsYmO.exe
  C:\Windows\System\tMbsYmO.exe
  2⤵
  PID:9652
- C:\Windows\System\xObbzjb.exe
  C:\Windows\System\xObbzjb.exe
  2⤵
  PID:9668
- C:\Windows\System\YVleNOp.exe
  C:\Windows\System\YVleNOp.exe
  2⤵
  PID:9684
- C:\Windows\System\ypRFbHA.exe
  C:\Windows\System\ypRFbHA.exe
  2⤵
  PID:9704
- C:\Windows\System\CrwvGHj.exe
  C:\Windows\System\CrwvGHj.exe
  2⤵
  PID:9732
- C:\Windows\System\ImOAEOG.exe
  C:\Windows\System\ImOAEOG.exe
  2⤵
  PID:9752
- C:\Windows\System\cfhwNYe.exe
  C:\Windows\System\cfhwNYe.exe
  2⤵
  PID:9768
- C:\Windows\System\mgoGgvH.exe
  C:\Windows\System\mgoGgvH.exe
  2⤵
  PID:9788
- C:\Windows\System\EgoCCPj.exe
  C:\Windows\System\EgoCCPj.exe
  2⤵
  PID:9808
- C:\Windows\System\IhRKZGX.exe
  C:\Windows\System\IhRKZGX.exe
  2⤵
  PID:9824
- C:\Windows\System\lsoWten.exe
  C:\Windows\System\lsoWten.exe
  2⤵
  PID:9848
- C:\Windows\System\adqQPtX.exe
  C:\Windows\System\adqQPtX.exe
  2⤵
  PID:9872
- C:\Windows\System\NbuDZTj.exe
  C:\Windows\System\NbuDZTj.exe
  2⤵
  PID:9888
- C:\Windows\System\wTyCxbG.exe
  C:\Windows\System\wTyCxbG.exe
  2⤵
  PID:9908
- C:\Windows\System\iBtuTGy.exe
  C:\Windows\System\iBtuTGy.exe
  2⤵
  PID:9928
- C:\Windows\System\yiqJeZI.exe
  C:\Windows\System\yiqJeZI.exe
  2⤵
  PID:9948
- C:\Windows\System\tUZmQNw.exe
  C:\Windows\System\tUZmQNw.exe
  2⤵
  PID:9968
- C:\Windows\System\NxSiudT.exe
  C:\Windows\System\NxSiudT.exe
  2⤵
  PID:9984
- C:\Windows\System\YLhjTLe.exe
  C:\Windows\System\YLhjTLe.exe
  2⤵
  PID:10000
- C:\Windows\System\ucRlqZt.exe
  C:\Windows\System\ucRlqZt.exe
  2⤵
  PID:10024
- C:\Windows\System\fYMFQxU.exe
  C:\Windows\System\fYMFQxU.exe
  2⤵
  PID:10040
- C:\Windows\System\DUNaSvV.exe
  C:\Windows\System\DUNaSvV.exe
  2⤵
  PID:10060
- C:\Windows\System\aZnWqlG.exe
  C:\Windows\System\aZnWqlG.exe
  2⤵
  PID:10080
- C:\Windows\System\GXWmImn.exe
  C:\Windows\System\GXWmImn.exe
  2⤵
  PID:10096
- C:\Windows\System\DXEQubt.exe
  C:\Windows\System\DXEQubt.exe
  2⤵
  PID:10128
- C:\Windows\System\hxblsZt.exe
  C:\Windows\System\hxblsZt.exe
  2⤵
  PID:10144
- C:\Windows\System\amUolaU.exe
  C:\Windows\System\amUolaU.exe
  2⤵
  PID:10160
- C:\Windows\System\DwGvWnZ.exe
  C:\Windows\System\DwGvWnZ.exe
  2⤵
  PID:10196
- C:\Windows\System\VymCyqr.exe
  C:\Windows\System\VymCyqr.exe
  2⤵
  PID:10212
- C:\Windows\System\iJiEtuJ.exe
  C:\Windows\System\iJiEtuJ.exe
  2⤵
  PID:10228
- C:\Windows\System\OwPYJjZ.exe
  C:\Windows\System\OwPYJjZ.exe
  2⤵
  PID:9048
- C:\Windows\System\jNtgJAy.exe
  C:\Windows\System\jNtgJAy.exe
  2⤵
  PID:8328
- C:\Windows\System\dShQaBK.exe
  C:\Windows\System\dShQaBK.exe
  2⤵
  PID:9228
- C:\Windows\System\QUdXPbE.exe
  C:\Windows\System\QUdXPbE.exe
  2⤵
  PID:9296
- C:\Windows\System\sajfQxH.exe
  C:\Windows\System\sajfQxH.exe
  2⤵
  PID:9364
- C:\Windows\System\lZCzdfD.exe
  C:\Windows\System\lZCzdfD.exe
  2⤵
  PID:9276
- C:\Windows\System\xPEMAEF.exe
  C:\Windows\System\xPEMAEF.exe
  2⤵
  PID:9372
- C:\Windows\System\WjvarLD.exe
  C:\Windows\System\WjvarLD.exe
  2⤵
  PID:9388
- C:\Windows\System\iKXIEMO.exe
  C:\Windows\System\iKXIEMO.exe
  2⤵
  PID:9436
- C:\Windows\System\byHcGlH.exe
  C:\Windows\System\byHcGlH.exe
  2⤵
  PID:9456
- C:\Windows\System\AcWBfvh.exe
  C:\Windows\System\AcWBfvh.exe
  2⤵
  PID:9468
- C:\Windows\System\MYqTJCR.exe
  C:\Windows\System\MYqTJCR.exe
  2⤵
  PID:9568
- C:\Windows\System\vMHWnzO.exe
  C:\Windows\System\vMHWnzO.exe
  2⤵
  PID:9552
- C:\Windows\System\yDfvKKO.exe
  C:\Windows\System\yDfvKKO.exe
  2⤵
  PID:9648
- C:\Windows\System\fIgSBXq.exe
  C:\Windows\System\fIgSBXq.exe
  2⤵
  PID:9640
- C:\Windows\System\BepYoOx.exe
  C:\Windows\System\BepYoOx.exe
  2⤵
  PID:9632
- C:\Windows\System\BNGmFJT.exe
  C:\Windows\System\BNGmFJT.exe
  2⤵
  PID:9680
- C:\Windows\System\obeGLLv.exe
  C:\Windows\System\obeGLLv.exe
  2⤵
  PID:9748
- C:\Windows\System\GrLbGQe.exe
  C:\Windows\System\GrLbGQe.exe
  2⤵
  PID:9764
- C:\Windows\System\eOwscvh.exe
  C:\Windows\System\eOwscvh.exe
  2⤵
  PID:9796
- C:\Windows\System\cxDivNp.exe
  C:\Windows\System\cxDivNp.exe
  2⤵
  PID:9840
- C:\Windows\System\tpVVsyd.exe
  C:\Windows\System\tpVVsyd.exe
  2⤵
  PID:9864
- C:\Windows\System\vZzVgCq.exe
  C:\Windows\System\vZzVgCq.exe
  2⤵
  PID:9900
- C:\Windows\System\LagyocS.exe
  C:\Windows\System\LagyocS.exe
  2⤵
  PID:9944
- C:\Windows\System\HoVuYQc.exe
  C:\Windows\System\HoVuYQc.exe
  2⤵
  PID:9960
- C:\Windows\System\fazwjAf.exe
  C:\Windows\System\fazwjAf.exe
  2⤵
  PID:10016
- C:\Windows\System\eIlyDTE.exe
  C:\Windows\System\eIlyDTE.exe
  2⤵
  PID:10056
- C:\Windows\System\uAVAIHL.exe
  C:\Windows\System\uAVAIHL.exe
  2⤵
  PID:10092
- C:\Windows\System\fXZuSfL.exe
  C:\Windows\System\fXZuSfL.exe
  2⤵
  PID:10168
- C:\Windows\System\gngDLgL.exe
  C:\Windows\System\gngDLgL.exe
  2⤵
  PID:10152
- C:\Windows\System\SvwJVYw.exe
  C:\Windows\System\SvwJVYw.exe
  2⤵
  PID:10124
- C:\Windows\System\XXwaEDp.exe
  C:\Windows\System\XXwaEDp.exe
  2⤵
  PID:10188
- C:\Windows\System\cTVOKLK.exe
  C:\Windows\System\cTVOKLK.exe
  2⤵
  PID:8540
- C:\Windows\System\wUKWiIV.exe
  C:\Windows\System\wUKWiIV.exe
  2⤵
  PID:9256
- C:\Windows\System\xklmLRd.exe
  C:\Windows\System\xklmLRd.exe
  2⤵
  PID:9240
- C:\Windows\System\YlXIxkY.exe
  C:\Windows\System\YlXIxkY.exe
  2⤵
  PID:9404
- C:\Windows\System\VpNthkp.exe
  C:\Windows\System\VpNthkp.exe
  2⤵
  PID:9452
- C:\Windows\System\SvcpiDz.exe
  C:\Windows\System\SvcpiDz.exe
  2⤵
  PID:8416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ACSaaMO.exe

Filesize
6.0MB

MD5
5004aa664ed32a0253160f13c9b33b5c

SHA1
a468d965d20b02f57966a7663d459f995586bee7

SHA256
aabadd1a21b0c9b43f3fc27ca385797a7f72d70d6f611ca7ca69b65d27448843

SHA512
174f634f7a002aa8049e74f093005f1d250dfccfc652869604f72169840b2257494482869dcfb2c683f99d0f85e688efa1c510026434d4977d44916adacce4fb

Download Submit
C:\Windows\system\ItNcTVg.exe

Filesize
6.0MB

MD5
200fd5d2079cc9a42ffa743eeed31fd7

SHA1
580aa4e0520b595e98e8be1658bc83c3b265e66d

SHA256
35cd11f52757b11290ba03a4c4e5a3634993b1f5e3c5444835ef9fc8fede8b00

SHA512
23e4c367d59cdf441a6e8bbb239326a50729694b521b5ac57fdc6e4021389cab5a2ba8e38278200ea15484757938bbddd7ffd1604089174b826b564d36c40dbf

Download Submit
C:\Windows\system\KvrXAfE.exe

Filesize
6.0MB

MD5
40c6fe8242b9a75f47b47bb3bec7256f

SHA1
af506d2dfa1e1c9cd6789c37acf9c8f0d0112f1c

SHA256
53ad57ef3cf449b7a89a872a7d2f0bc978556c2290b40e17bfed7648294fe70b

SHA512
221e4d17b3d9ec85a417f34a9585c833255e415146f7550a0a09676ae6d1e7600cbb52249c6527a0ef93ac8b471d3b17a6d8ac05c2bef68d52d6ec9d1d132940

Download Submit
C:\Windows\system\LQJjYNK.exe

Filesize
6.0MB

MD5
b8dfdb86b8965d770d42256aa667d50a

SHA1
acc9dfed1c6e289c0d67441713de97ded4f3e009

SHA256
12edc44660168a07f939d8786a1a33d1b88e13503ab9c61d414ece4c4e20b94a

SHA512
dcbb07daae61090fd822cdfb2420848c282029f6f405e5addda57c44fc73e469c31df7550e78406a0a8698a3f9cbcfabb19f8f19df4ecd2ab3547858f010d6aa

Download Submit
C:\Windows\system\NUSGdkO.exe

Filesize
6.0MB

MD5
45d0352dbbdb7cdfd8fac32a0b753d69

SHA1
3d9df9a4c331ce14847bde2afd713bf46f1dc4f2

SHA256
59a259f870e8019fd27eb8cbf33ac21edce5a25880c005f4dcebf32781eba48f

SHA512
d1882c2d492a3fd374264d46552ce48be4bc010bbc1cdd5fabee5370a59d9d2a9960a4d3b8f06bca37fe1cff90dce568d3a2cbb7f9fff63f84aa5644d11374cd

Download Submit
C:\Windows\system\QFvtdxI.exe

Filesize
6.0MB

MD5
95b451ca7dbc9bc26afa3c3237486bdf

SHA1
a64c62f58629799784bbf92761096a0d2088e6ae

SHA256
6e2e9a84013960ec846b3e2ef369d066fe6a77df661939fdb82f9cdbc3bd0e5d

SHA512
160d0cb0cfea5aaf3601afde5433d8fed65cc4458240c54bfd81ac1ff1b3cdc711de9ef1d65923fb6b9518db520e0426531a793ea496b148db72169ae47f663a

Download Submit
C:\Windows\system\RCjeJtp.exe

Filesize
6.0MB

MD5
71062c0d91f1aba93a7724499d6ec4e5

SHA1
baa0259bed39512fa831d8964586476ee7a769a0

SHA256
ed382d70a8bd4ba8cc386e0d63e84fdb83267e13902b0d805d1dac72e3fb0bb2

SHA512
9977504d2f0a3a4353577d482a22b7a7e6436d7074023ed34c52fbd35c0c48a9c2d95cdfcd67f59fb54472dff245ce17e0c411863d7c800ddf25a8c50bc4bde5

Download Submit
C:\Windows\system\ShaPcDw.exe

Filesize
6.0MB

MD5
603ff89253632e23e29e22bba3a2880c

SHA1
4a7e98a9a09cf562579b47e2fd27ab27a23c448a

SHA256
db94b781b92c226af4ce8c4cb05fd133373dd63ab00e8671adb1334cf9e19828

SHA512
58dcb08e46d394d31ace4a49cf64842da5e24f42be010d2fa6c70de07475064f3776c5a6c1d0d51d43982b09e937218f0c8738aebcb860f2185e390e0224e505

Download Submit
C:\Windows\system\UpcxUDC.exe

Filesize
6.0MB

MD5
bcc9a587b17021d7cdb826e46f458baf

SHA1
34023276203d2bba2060fa2d27fbdfb355e20653

SHA256
e2f1e9e963fabcd22da74b9c3a5ad3e9a0b451f02698c87d9e7e1c048fbdf1e9

SHA512
242856b232d371c5872dce9ca9603eb1c44e66659b8d418e0b0897d3908d747e9492cb1110a98f0258b0a12f5d5ced052daf9e52855dd5ac2bad2fdb3b630746

Download Submit
C:\Windows\system\VUEaXgH.exe

Filesize
6.0MB

MD5
8ef15501402a43c2f6c6bd4dddf56060

SHA1
db55a4896ade1c299cdc60c31fda72435867616f

SHA256
0bf524eda7e4a90981118d458874ac992d5232e8394e069a12493486638b3101

SHA512
6ab7c84354027b6d3efa93b22e9b219d3ebe8747175b20ac1f85e4140d00dcbbda903863a7dd850bd0a1a1bb384d82e14d668750868ea013c577d67fb34f6f7f

Download Submit
C:\Windows\system\XZoCuNU.exe

Filesize
6.0MB

MD5
129bf19d17fb7dd1a73194b47b2a14c6

SHA1
9bbae4cd342760ce9fd864582d59bf688b5d2c8a

SHA256
d15eaa9646c2acb4f400d558c559838633a14c3f5b88afba9816898114f39d74

SHA512
fb5a0df58e0e9df407a87cf791c1bb72a3c57bb99473fd295de9fb4f08545c4e1e26abbf7af1e8b7ad43fa6237da108f88f5a1c1c45f66521e376e9624711caf

Download Submit
C:\Windows\system\YdWWkJu.exe

Filesize
6.0MB

MD5
075ac13c7b3be4f5eab36be0b2145d8d

SHA1
4b812ad88cc835d1b44e3cd87f66f1e6c43cdc39

SHA256
e3047220d313e87399a24e189d159ce64eb843418b8d1120041f82c677d9d931

SHA512
928f253070f2548d154e651f4a143485973e059bc594fda3e75814a53ced49ad639d597dedbbb0f0b136ac936996de0ad10c01bd8c736de6169006ead9ae421d

Download Submit
C:\Windows\system\bFUtmeC.exe

Filesize
6.0MB

MD5
8fa2461a26c9b2dd4c87af183c12ea27

SHA1
5b7338da91114896875a12f9dd960de2d2d0b4b5

SHA256
fdd39033fbed0db904a8cd3b07328d130009c255305b24ed190f330271fdf65e

SHA512
463533eecee886bb7fdb996e46253ab66f5cc02734f5a98979788eee196614f3141af000b3a36be3209d5a04d980d0496a3fb6d576872dee1ec106c8af67112f

Download Submit
C:\Windows\system\eMydqnr.exe

Filesize
6.0MB

MD5
dde9454d2ca2ce5baa53b6da72573a57

SHA1
748292f64478bbb3317aa32d6b272b2a6fcd36ab

SHA256
07374866dea2c4b078231a10d83da77c1236345928939176563cbd6fec05b59a

SHA512
64a21dc5b0690498f2471f9e65f2a75430fe7d35685bb1104a37962dcbbc0b8a1c402d3fe9e0274edd68bf9337852363314ca03f79bb6421ad51a6611f60b3c7

Download Submit
C:\Windows\system\effcEUe.exe

Filesize
6.0MB

MD5
6907233d6cc1a6acc9927c155fc91521

SHA1
9417c8d474f1ecaf5b6242d994bb5e06867bd416

SHA256
ca0bcc94de47c4c3f29a928bd92406a6555669503bfe971097c571c831b33a4c

SHA512
aa167581fdcc331452517c066b2d8422604c33fac9ec59bc50a78fbea6a265bf333c1169d83520d4a1b7eaf651f22364b4b636b5d3c2206d036fc9042310364a

Download Submit
C:\Windows\system\eqFaNge.exe

Filesize
6.0MB

MD5
5ee958097acca82904544f02c6b26cf1

SHA1
ff85c7420706d89636f5af59f1459f2fe5a19651

SHA256
d4b73af823b3e888a62184abc4c5bb5a82c5cd1c58eaf9dec4037a363b835670

SHA512
991b66d62a26e84285c7ee215a4a6c72ca4a59fe182407a03dc735344f248718fe08135cda7835d6bfae9aabdaa7cf470e8fa2616b2216cf45268ffcda83091f

Download Submit
C:\Windows\system\hDJQUqf.exe

Filesize
6.0MB

MD5
80194c4aa22510144fbede0f7f852f2e

SHA1
8f82458fd33d637db36ad77eb33ac0f61e37c527

SHA256
1ba55dd250e7e0c6934bc5d1e826458d3aa6053999b99221f7223b7f917f71d2

SHA512
2eea5fa636b8ede46b9fd949fb82c1b233e5bdb0afacc09ab247f7ffe9c2fd3deff7b55379969618abdbb6789d6d8682064d02611d5a621e1357171993126a5c

Download Submit
C:\Windows\system\hFwMFdx.exe

Filesize
6.0MB

MD5
1a64320ea63336c2a7cbb5e47c6f9c5e

SHA1
f07dfa9da6dcaf38f0f391cdd086881171ca4eb0

SHA256
5c27e19917c25513f255c63b5ad0102955f1e75261a6c3224020f5de0b165e2a

SHA512
31c04420aac411b7a445c0e2ce0ef738614d834b1fc2a0a162053e425d2b212a3442e0db05a96c3eb1dd8d2e488d250ae1c90f1dc7f9e24e82c29d7b4a589d47

Download Submit
C:\Windows\system\hRjomcb.exe

Filesize
8B

MD5
af3e6d5d786d198173d8a4b22def905b

SHA1
46b4ac4095e3466def721a987623201116345e83

SHA256
5131b10eb8cdfab56e5645333a189a674c40adeacb7843cbf417c4c83d6e2914

SHA512
4dc98858500dd019a7c19d48fa53b362960c243e71ac891f202a9a73024ac7ed9ec3210cc8a19a3e72c99a2e68563b814fd72f911bdd1d675b802819a6046a7e

Download Submit
C:\Windows\system\iuDVSit.exe

Filesize
6.0MB

MD5
0d52b8dbd8304324ae75ab3b1fa0d6f4

SHA1
eee63575758c323d6cad3ff87ee03bb0cfc3d775

SHA256
74ed1250496b1d19914d66a2bab968b9fafcedbdc010fd8b47a4b5649ba595be

SHA512
056b258205817d41287f6edbb119b9c7a6c059915f0915ad11d9e6d0dbd887a8f01fef0a834a0e4e89666f04ad940972af83e911165b699eb724963af651f312

Download Submit
C:\Windows\system\oJCZNVB.exe

Filesize
6.0MB

MD5
b9be6cbe7f91665a10af730151ae6a4f

SHA1
f7a329f82a4f3656d8bbc2dbe9741c8fcc0ee513

SHA256
47b3b7f4141cc22f21d261026db40e78a0625aaef0e4cddab3b31c9320122d7f

SHA512
00d22122e3fe9ce0d8e004b8b490b50b6335a23d587717e3eebc3a8d2c78c95a95ea112d5ed7275ccc65c59a896c1ec730a42dc5084cc91258bcdd2c584bd66d

Download Submit
C:\Windows\system\oXMqsAC.exe

Filesize
6.0MB

MD5
210c891cb5516393327638d6c48315ea

SHA1
7c7d7b27ce0398f8d80aac17e4dff6cff3494e24

SHA256
9560959467785818ca9bb521def9c9d52e0408938d8f8421647d474cb8951091

SHA512
0a964f88be766449d6be83a91ff4117ac08203ed8ffc20455c158a1ae03a8ce3db9f66771bac647f44f2157e9147e021cd42c941d3f0c12a29a8641f08d8cc21

Download Submit
C:\Windows\system\rQYrJgF.exe

Filesize
6.0MB

MD5
fec495710e14eea0c7db6d67aabe23e7

SHA1
187b2b15276dac9709d868c79353462f068e639d

SHA256
076a22102775f4b1e47afba731b8d136a09e6f401a249456425b924ffdc52717

SHA512
1a35da020c5d5aad4398a07673fea56a24c54737e689f845307bd156d95a1d38b6548d2c13f148f7af769cb94b36413dfda3291329105b67cb2966961d173622

Download Submit
C:\Windows\system\tLKkZdQ.exe

Filesize
6.0MB

MD5
29a449abc3216a9f53bf8fb53dd12755

SHA1
8c89d3f504ac5dca239e9a56b5d4eb2239c4042a

SHA256
c3e0a73d26116f91269793f867f2b598df0208e39f69ecfeb79f0bd18f5702ce

SHA512
29f5633781cbd0b2baa4ecaca063f6a32b5da11685847150f16baccedf2041750451bdb48f2416a569594df660202434251a380298ab8d2178dd8474ebc818ee

Download Submit
C:\Windows\system\tYXcNsi.exe

Filesize
6.0MB

MD5
08239f1a4a9244c313d0dfc4bde808be

SHA1
378b61dd023cc6cef0a2aac004d6acca669079b5

SHA256
64892ccf43b02e39ac4f03e2ab8af9ffc24c410f2b27c9ec2ddd1fed4872dca6

SHA512
438112cdddac767ba5064012cc5664a3245a2814fa9f4e317f82c0c4ed324ee67020a0d6277785360f04338523f94c7c0a4f793bef7520cbb1205c2e5c380730

Download Submit
C:\Windows\system\tdjGfdi.exe

Filesize
6.0MB

MD5
7440fa3aa035e091450f825273f26a67

SHA1
0e66bd1594652d97a2479294c31bef7078057618

SHA256
c822d145dad7cb806edbb03b4d28d684d79adb79b2b179562b94ea788c77c328

SHA512
0edbac07cbe08d8c97a7927c41ead6e464299b31cfc2e6a173b7d1f38849b04f8b73faea938b1f84af926ecd96287b099886eaa4ae7e6110dfbc7158cc3f397a

Download Submit
C:\Windows\system\wEEjFQP.exe

Filesize
6.0MB

MD5
8a1de909025eaa024ab80689801d75fc

SHA1
d905f53cc51687a6b44027cc5e7d133e149d4983

SHA256
4bb8ebaead06f79dd9bee5e969e44cdfa513fb1c0661dfad9cadd2501889c8c8

SHA512
cb10450e43813d3a6d9272937ce2708e27f74a2fd7b70793dfdcbd0efd500ae8510a6177e270c40db29c67f76e0d48df42d54595c3a2b3439d18be50755eb285

Download Submit
C:\Windows\system\wYLYxrA.exe

Filesize
6.0MB

MD5
47fb49764c73166d3775fba54fe37ae1

SHA1
d0b7a36237c5b4b0650a549ef9b194031cf013d2

SHA256
4e98e762285fe92f4a7842512371ebe89e3cb44f2315ccd59159a3265659aebb

SHA512
acc68a1a7292f53345b3745d0452447de0a6adae96fe310a9bc45fc9d8405297b4fd8183961f86451758ef3f1f602d600544dc18dcb3894c0921bc29cd5d104e

Download Submit
C:\Windows\system\yCAieoq.exe

Filesize
6.0MB

MD5
025789fd57ec85eb3ed89b106ccba6af

SHA1
dbc4858d66fb0d3a76f5b7d934a1af2accb9eecf

SHA256
90ecd140c1ae75fb8bb7c0809bdc9cbc1486a23fb2da2c226d7db84462fcdb62

SHA512
bafbf1a3496de634f03cbe3464bb24b9656b538807a98e361d71a19b200114fd35bde647239158a414314756571da1f5191a4a65581623e323f36d5d4b4f3b71

Download Submit
\Windows\system\BPOginN.exe

Filesize
6.0MB

MD5
312caf7a5a81bf451d721696afa2a22a

SHA1
b250673f7f34407c1661524b8c8dba9bc5cd49f1

SHA256
50b8c11e0d3f2e6e5911a7dce1086ce60873c8da1469882c403641210410fc59

SHA512
5a1afa9e335c861617ea2f0aec3f33c8485e88bcd13a27bff8219b6b1a5bde24e507e69d50003b8a80df715031337a76ee74a30060eaa9301836c041046e8579

Download Submit
\Windows\system\SdDZJef.exe

Filesize
6.0MB

MD5
1f1db7ebe1b275ba88f10f5814817700

SHA1
3e696a5f9f2ff96648e6a546e20d8bde2d1481b6

SHA256
4dad96bec29df106b18eee53ef27bca42b078f43a15584500784eaab3051c40f

SHA512
ba4448f4607fbb9b0582f6c6aa3eba98a4acbf4a0c513e6edd71e5ba516b793f62bab2a7b208e1d9ec9a6e3eb41d31da2a893129269d70c4783b231ea0eb9efd

Download Submit
\Windows\system\ZeAXsmW.exe

Filesize
6.0MB

MD5
b64d97b9e25de8128f6b4a1639a8b14d

SHA1
8ca86592a2d3ce5ce923e9fbec24ce9290906cf7

SHA256
7d87b255b4a407f200e723199aaa4b2969e18aaa456e2017572eb298a07221f0

SHA512
1bbbc48e40f24b72c64157d396c9b0554bf17f94ef345b7ccf9ff772c82ad504565a7c3f3df22be4aee4dbd180fcb46df4371d3e66942bfe6ca2069311c57807

Download Submit
\Windows\system\zsLosfl.exe

Filesize
6.0MB

MD5
9321b199c5cff79cbbade5c53e1f2cb3

SHA1
79fd6cf8625bb5944093ea1d0e0764beff4e233b

SHA256
d2f8ad8d911487b30dcc67e06cd313c679c896f8dc3ae9cdc682fd9459bd711f

SHA512
d227124034375d8ba302f761493abe76cf643819a5f6ee631ebd924c8fd0b21da28f4dcc2e322beb3d091d0f6ca1a3a72dec01c376f7d7d8f47976e079db6497

Download Submit
memory/548-65-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/548-0-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/548-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/548-1006-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/548-1221-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/548-692-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/548-13-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/548-101-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/548-58-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/548-62-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/548-98-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/548-83-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/548-43-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/548-105-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/548-8-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/548-72-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/548-34-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/548-36-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/548-112-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/548-19-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/548-78-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/548-48-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1440-3895-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/1440-9-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/1720-88-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/1720-3983-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/1752-102-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/1752-4016-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2076-104-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-3987-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-51-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-50-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-15-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-3890-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-4000-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2420-92-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2544-67-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2544-463-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2544-3976-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2584-87-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-3980-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-3945-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-47-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-3915-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-32-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-60-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-3961-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-269-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3925-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2748-37-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2836-56-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-22-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3918-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-3985-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2844-103-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download