cobaltstrike | 3b11a9cd0131e0f8060a8f5df455abd951640539ae249f362be375a8ac70a718

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-09-2024 15:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

147491045c4da9275cf7b591fd81624f
SHA1

eb9027168ee5be7a3772a7dde32cbdcd207f376e
SHA256

3b11a9cd0131e0f8060a8f5df455abd951640539ae249f362be375a8ac70a718
SHA512

0d57be41283c39c60142a2465185379dd13c3a0fc59066fbb8bd10aa4f6672c8a3d3e813044cbfd8538a256dea3d849d4ad149c5ec951bc43e312bb052a02745
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUo:T+q56utgpPF8u/7o

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b0000000122ea-6.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016db5-13.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dd0-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016de4-20.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d58-43.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-57.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-87.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019387-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946a-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019465-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945b-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019446-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019433-143.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-138.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-133.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-107.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-102.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-92.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-82.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-77.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-72.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-67.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f6-62.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000190e1-52.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017400-48.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001707c-38.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016edb-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016eb8-28.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/540-1-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x000b0000000122ea-6.dat	xmrig
behavioral1/memory/2316-9-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/files/0x0009000000016db5-13.dat	xmrig
behavioral1/files/0x0008000000016dd0-12.dat	xmrig
behavioral1/files/0x0008000000016de4-20.dat	xmrig
behavioral1/files/0x0009000000016d58-43.dat	xmrig
behavioral1/files/0x00050000000191d2-57.dat	xmrig
behavioral1/files/0x000500000001926c-87.dat	xmrig
behavioral1/files/0x0005000000019365-112.dat	xmrig
behavioral1/files/0x0005000000019387-122.dat	xmrig
behavioral1/memory/1828-1426-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/3044-1454-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2772-1510-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2668-1472-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/540-1530-0x0000000002420000-0x0000000002774000-memory.dmp	xmrig
behavioral1/memory/2520-1537-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2792-1555-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2796-1527-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2988-1558-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2684-1567-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/540-1570-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/1740-1409-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2512-1578-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2564-1584-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/540-1586-0x0000000002420000-0x0000000002774000-memory.dmp	xmrig
behavioral1/memory/2488-1596-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001946a-163.dat	xmrig
behavioral1/files/0x0005000000019465-158.dat	xmrig
behavioral1/files/0x000500000001945b-153.dat	xmrig
behavioral1/files/0x0005000000019446-148.dat	xmrig
behavioral1/files/0x0005000000019433-143.dat	xmrig
behavioral1/files/0x00050000000193c1-138.dat	xmrig
behavioral1/files/0x00050000000193b3-133.dat	xmrig
behavioral1/files/0x00050000000193a4-127.dat	xmrig
behavioral1/files/0x0005000000019377-117.dat	xmrig
behavioral1/files/0x0005000000019319-107.dat	xmrig
behavioral1/files/0x000500000001929a-102.dat	xmrig
behavioral1/files/0x0005000000019278-97.dat	xmrig
behavioral1/files/0x0005000000019275-92.dat	xmrig
behavioral1/files/0x0005000000019268-82.dat	xmrig
behavioral1/files/0x0005000000019259-77.dat	xmrig
behavioral1/files/0x0005000000019240-72.dat	xmrig
behavioral1/files/0x0005000000019217-67.dat	xmrig
behavioral1/files/0x00050000000191f6-62.dat	xmrig
behavioral1/files/0x00080000000190e1-52.dat	xmrig
behavioral1/files/0x0008000000017400-48.dat	xmrig
behavioral1/files/0x000700000001707c-38.dat	xmrig
behavioral1/files/0x0007000000016edb-32.dat	xmrig
behavioral1/files/0x0007000000016eb8-28.dat	xmrig
behavioral1/memory/540-2284-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/540-2437-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/540-2454-0x0000000002420000-0x0000000002774000-memory.dmp	xmrig
behavioral1/memory/2316-3774-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2488-3793-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/1740-3802-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/1828-3809-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/3044-3823-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2796-3825-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2668-3819-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2684-3843-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2564-3846-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2792-3838-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2520-3859-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2316	SrRRAfo.exe
2488	LDBjVvW.exe
1740	KSEdrcF.exe
1828	NnOiNFa.exe
3044	IGUAUCZ.exe
2668	nysMXzo.exe
2772	ssSjpnK.exe
2796	RFHLJsp.exe
2520	xXkAecB.exe
2792	KLfVVHV.exe
2988	SvGbOPa.exe
2684	KmIRMdu.exe
2512	dqnproQ.exe
2564	mAkjVMJ.exe
2968	NEkOXWJ.exe
2980	tIoDaOi.exe
1500	nDUJcAZ.exe
1412	PWKaAlF.exe
1268	ktqTAoA.exe
2720	fiWpfaI.exe
2028	elAUOfB.exe
2724	dfiSuuf.exe
600	PbNepkQ.exe
1292	vWLwtXt.exe
536	mGZeGzl.exe
2152	PzbHmqJ.exe
2156	mWevFjL.exe
2608	wEISxRe.exe
1940	IlXXKmM.exe
1728	gYjNNkm.exe
2412	mRJZVbp.exe
956	lgqPdqc.exe
1860	pAEtgpM.exe
1708	QIBILwj.exe
1968	UfRRRzF.exe
576	VBPCoRS.exe
960	ancYvbD.exe
1048	qlgvQzH.exe
1820	dZVyemK.exe
1060	IgsnrYo.exe
2200	nQDIWWH.exe
2408	HoJUWzB.exe
2400	iwsdosI.exe
1936	evdYtYA.exe
2912	tteOHaI.exe
2880	lmPWsMp.exe
316	SbWDlrw.exe
1572	LzUTdZJ.exe
2072	TOkJfeH.exe
2276	vREvXfA.exe
2176	KrmUoEm.exe
880	EfSRqST.exe
2476	wJvrsUu.exe
2436	QkcSeRJ.exe
1568	EvtKXrT.exe
1596	plGZMkm.exe
2876	pkZJmfK.exe
2696	wODlUKv.exe
2872	GgqfFjf.exe
2768	BNLkNJG.exe
2780	vrTMftC.exe
2804	mRBxBsV.exe
2884	UzEuuIW.exe
2568	gDBOLpm.exe

Loads dropped DLL 64 IoCs

pid	Process
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/540-1-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x000b0000000122ea-6.dat	upx
behavioral1/memory/2316-9-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/files/0x0009000000016db5-13.dat	upx
behavioral1/files/0x0008000000016dd0-12.dat	upx
behavioral1/files/0x0008000000016de4-20.dat	upx
behavioral1/files/0x0009000000016d58-43.dat	upx
behavioral1/files/0x00050000000191d2-57.dat	upx
behavioral1/files/0x000500000001926c-87.dat	upx
behavioral1/files/0x0005000000019365-112.dat	upx
behavioral1/files/0x0005000000019387-122.dat	upx
behavioral1/memory/1828-1426-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/3044-1454-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2772-1510-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2668-1472-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2520-1537-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2792-1555-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2796-1527-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2988-1558-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2684-1567-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/1740-1409-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2512-1578-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2564-1584-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2488-1596-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/files/0x000500000001946a-163.dat	upx
behavioral1/files/0x0005000000019465-158.dat	upx
behavioral1/files/0x000500000001945b-153.dat	upx
behavioral1/files/0x0005000000019446-148.dat	upx
behavioral1/files/0x0005000000019433-143.dat	upx
behavioral1/files/0x00050000000193c1-138.dat	upx
behavioral1/files/0x00050000000193b3-133.dat	upx
behavioral1/files/0x00050000000193a4-127.dat	upx
behavioral1/files/0x0005000000019377-117.dat	upx
behavioral1/files/0x0005000000019319-107.dat	upx
behavioral1/files/0x000500000001929a-102.dat	upx
behavioral1/files/0x0005000000019278-97.dat	upx
behavioral1/files/0x0005000000019275-92.dat	upx
behavioral1/files/0x0005000000019268-82.dat	upx
behavioral1/files/0x0005000000019259-77.dat	upx
behavioral1/files/0x0005000000019240-72.dat	upx
behavioral1/files/0x0005000000019217-67.dat	upx
behavioral1/files/0x00050000000191f6-62.dat	upx
behavioral1/files/0x00080000000190e1-52.dat	upx
behavioral1/files/0x0008000000017400-48.dat	upx
behavioral1/files/0x000700000001707c-38.dat	upx
behavioral1/files/0x0007000000016edb-32.dat	upx
behavioral1/files/0x0007000000016eb8-28.dat	upx
behavioral1/memory/540-2284-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2316-3774-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2488-3793-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/1740-3802-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/1828-3809-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/3044-3823-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2796-3825-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2668-3819-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2684-3843-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2564-3846-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2792-3838-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2520-3859-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2988-3865-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2772-3871-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2512-3858-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\pzIITox.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CrGcMSb.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TFfKvtf.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bjYRujM.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZsQNVLP.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\loPTEUz.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SuHevMR.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qVxqqDe.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JLxHYsl.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WshkxNT.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jAiNygj.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rYXNYfo.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LIBURuP.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rMOJqGW.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ursdoaI.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YPSjfsG.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cJhPlqh.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IALIKHf.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oXjTnXz.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jQguMWA.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VulkUwv.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xXkAecB.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zGasZtf.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GhlJCog.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vRmWYpR.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rAGWChq.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AACJOOE.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yGdnlKe.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NGpZUvP.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hkFJXcG.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nLgBEjJ.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lXNOWWE.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kwIlJPR.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvlzabb.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MVkrhro.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ecQmJCd.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bzxAhjF.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZnxCxqr.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PMxxLSQ.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iwsdosI.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yeKcBdC.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HfgTaay.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KJbAtlb.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oqlhOuc.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AdazNUQ.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AMUEoje.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LgFWkkR.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BqZSAxX.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OTdyTtl.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cYwflgC.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oCjeOgF.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KZHjuXQ.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ByFUiuw.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YQyCeBV.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\deqKAmq.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RmbfFxr.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gICFSmd.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZEVzxyv.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yauLaiG.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MlfDscB.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RAFnbAJ.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iBLteqr.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iWpbPKn.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TaCXrbM.exe	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 2316	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 540 wrote to memory of 2316	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 540 wrote to memory of 2316	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 540 wrote to memory of 2488	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 540 wrote to memory of 2488	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 540 wrote to memory of 2488	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 540 wrote to memory of 1740	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 540 wrote to memory of 1740	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 540 wrote to memory of 1740	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 540 wrote to memory of 1828	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 540 wrote to memory of 1828	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 540 wrote to memory of 1828	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 540 wrote to memory of 3044	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 540 wrote to memory of 3044	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 540 wrote to memory of 3044	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 540 wrote to memory of 2668	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 540 wrote to memory of 2668	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 540 wrote to memory of 2668	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 540 wrote to memory of 2772	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 540 wrote to memory of 2772	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 540 wrote to memory of 2772	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 540 wrote to memory of 2796	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 540 wrote to memory of 2796	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 540 wrote to memory of 2796	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 540 wrote to memory of 2520	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 540 wrote to memory of 2520	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 540 wrote to memory of 2520	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 540 wrote to memory of 2792	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 540 wrote to memory of 2792	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 540 wrote to memory of 2792	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 540 wrote to memory of 2988	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 540 wrote to memory of 2988	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 540 wrote to memory of 2988	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 540 wrote to memory of 2684	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 540 wrote to memory of 2684	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 540 wrote to memory of 2684	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 540 wrote to memory of 2512	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 540 wrote to memory of 2512	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 540 wrote to memory of 2512	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 540 wrote to memory of 2564	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 540 wrote to memory of 2564	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 540 wrote to memory of 2564	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 540 wrote to memory of 2968	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 540 wrote to memory of 2968	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 540 wrote to memory of 2968	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 540 wrote to memory of 2980	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 540 wrote to memory of 2980	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 540 wrote to memory of 2980	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 540 wrote to memory of 1500	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 540 wrote to memory of 1500	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 540 wrote to memory of 1500	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 540 wrote to memory of 1412	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 540 wrote to memory of 1412	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 540 wrote to memory of 1412	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 540 wrote to memory of 1268	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 540 wrote to memory of 1268	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 540 wrote to memory of 1268	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 540 wrote to memory of 2720	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 540 wrote to memory of 2720	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 540 wrote to memory of 2720	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 540 wrote to memory of 2028	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 540 wrote to memory of 2028	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 540 wrote to memory of 2028	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 540 wrote to memory of 2724	540	2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-24_147491045c4da9275cf7b591fd81624f_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:540
- C:\Windows\System\SrRRAfo.exe
  C:\Windows\System\SrRRAfo.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\LDBjVvW.exe
  C:\Windows\System\LDBjVvW.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\KSEdrcF.exe
  C:\Windows\System\KSEdrcF.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\NnOiNFa.exe
  C:\Windows\System\NnOiNFa.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\IGUAUCZ.exe
  C:\Windows\System\IGUAUCZ.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\nysMXzo.exe
  C:\Windows\System\nysMXzo.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\ssSjpnK.exe
  C:\Windows\System\ssSjpnK.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\RFHLJsp.exe
  C:\Windows\System\RFHLJsp.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\xXkAecB.exe
  C:\Windows\System\xXkAecB.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\KLfVVHV.exe
  C:\Windows\System\KLfVVHV.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\SvGbOPa.exe
  C:\Windows\System\SvGbOPa.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\KmIRMdu.exe
  C:\Windows\System\KmIRMdu.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\dqnproQ.exe
  C:\Windows\System\dqnproQ.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\mAkjVMJ.exe
  C:\Windows\System\mAkjVMJ.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\NEkOXWJ.exe
  C:\Windows\System\NEkOXWJ.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\tIoDaOi.exe
  C:\Windows\System\tIoDaOi.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\nDUJcAZ.exe
  C:\Windows\System\nDUJcAZ.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\PWKaAlF.exe
  C:\Windows\System\PWKaAlF.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\ktqTAoA.exe
  C:\Windows\System\ktqTAoA.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\fiWpfaI.exe
  C:\Windows\System\fiWpfaI.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\elAUOfB.exe
  C:\Windows\System\elAUOfB.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\dfiSuuf.exe
  C:\Windows\System\dfiSuuf.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\PbNepkQ.exe
  C:\Windows\System\PbNepkQ.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\vWLwtXt.exe
  C:\Windows\System\vWLwtXt.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\mGZeGzl.exe
  C:\Windows\System\mGZeGzl.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\PzbHmqJ.exe
  C:\Windows\System\PzbHmqJ.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\mWevFjL.exe
  C:\Windows\System\mWevFjL.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\wEISxRe.exe
  C:\Windows\System\wEISxRe.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\IlXXKmM.exe
  C:\Windows\System\IlXXKmM.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\gYjNNkm.exe
  C:\Windows\System\gYjNNkm.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\mRJZVbp.exe
  C:\Windows\System\mRJZVbp.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\lgqPdqc.exe
  C:\Windows\System\lgqPdqc.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\pAEtgpM.exe
  C:\Windows\System\pAEtgpM.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\QIBILwj.exe
  C:\Windows\System\QIBILwj.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\UfRRRzF.exe
  C:\Windows\System\UfRRRzF.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\VBPCoRS.exe
  C:\Windows\System\VBPCoRS.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\ancYvbD.exe
  C:\Windows\System\ancYvbD.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\qlgvQzH.exe
  C:\Windows\System\qlgvQzH.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\dZVyemK.exe
  C:\Windows\System\dZVyemK.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\IgsnrYo.exe
  C:\Windows\System\IgsnrYo.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\nQDIWWH.exe
  C:\Windows\System\nQDIWWH.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\HoJUWzB.exe
  C:\Windows\System\HoJUWzB.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\iwsdosI.exe
  C:\Windows\System\iwsdosI.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\evdYtYA.exe
  C:\Windows\System\evdYtYA.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\tteOHaI.exe
  C:\Windows\System\tteOHaI.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\lmPWsMp.exe
  C:\Windows\System\lmPWsMp.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\SbWDlrw.exe
  C:\Windows\System\SbWDlrw.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\LzUTdZJ.exe
  C:\Windows\System\LzUTdZJ.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\TOkJfeH.exe
  C:\Windows\System\TOkJfeH.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\vREvXfA.exe
  C:\Windows\System\vREvXfA.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\KrmUoEm.exe
  C:\Windows\System\KrmUoEm.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\EfSRqST.exe
  C:\Windows\System\EfSRqST.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\wJvrsUu.exe
  C:\Windows\System\wJvrsUu.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\QkcSeRJ.exe
  C:\Windows\System\QkcSeRJ.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\EvtKXrT.exe
  C:\Windows\System\EvtKXrT.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\plGZMkm.exe
  C:\Windows\System\plGZMkm.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\pkZJmfK.exe
  C:\Windows\System\pkZJmfK.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\wODlUKv.exe
  C:\Windows\System\wODlUKv.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\GgqfFjf.exe
  C:\Windows\System\GgqfFjf.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\BNLkNJG.exe
  C:\Windows\System\BNLkNJG.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\vrTMftC.exe
  C:\Windows\System\vrTMftC.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\mRBxBsV.exe
  C:\Windows\System\mRBxBsV.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\UzEuuIW.exe
  C:\Windows\System\UzEuuIW.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\gDBOLpm.exe
  C:\Windows\System\gDBOLpm.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\TaCXrbM.exe
  C:\Windows\System\TaCXrbM.exe
  2⤵
  PID:2532
- C:\Windows\System\AshWdXF.exe
  C:\Windows\System\AshWdXF.exe
  2⤵
  PID:2292
- C:\Windows\System\eoSBKMp.exe
  C:\Windows\System\eoSBKMp.exe
  2⤵
  PID:308
- C:\Windows\System\rkYSmgD.exe
  C:\Windows\System\rkYSmgD.exe
  2⤵
  PID:1324
- C:\Windows\System\KSnvluV.exe
  C:\Windows\System\KSnvluV.exe
  2⤵
  PID:2012
- C:\Windows\System\DxZQMff.exe
  C:\Windows\System\DxZQMff.exe
  2⤵
  PID:2340
- C:\Windows\System\PzYtosM.exe
  C:\Windows\System\PzYtosM.exe
  2⤵
  PID:2860
- C:\Windows\System\shHzqMe.exe
  C:\Windows\System\shHzqMe.exe
  2⤵
  PID:1756
- C:\Windows\System\wzSiJiP.exe
  C:\Windows\System\wzSiJiP.exe
  2⤵
  PID:2116
- C:\Windows\System\oCsJPLu.exe
  C:\Windows\System\oCsJPLu.exe
  2⤵
  PID:2112
- C:\Windows\System\AXiGNFe.exe
  C:\Windows\System\AXiGNFe.exe
  2⤵
  PID:448
- C:\Windows\System\UcRxjlG.exe
  C:\Windows\System\UcRxjlG.exe
  2⤵
  PID:700
- C:\Windows\System\jzkzPeZ.exe
  C:\Windows\System\jzkzPeZ.exe
  2⤵
  PID:1232
- C:\Windows\System\XHlnqiJ.exe
  C:\Windows\System\XHlnqiJ.exe
  2⤵
  PID:1984
- C:\Windows\System\wCdkYjG.exe
  C:\Windows\System\wCdkYjG.exe
  2⤵
  PID:1732
- C:\Windows\System\kwIlJPR.exe
  C:\Windows\System\kwIlJPR.exe
  2⤵
  PID:620
- C:\Windows\System\HFVFrpP.exe
  C:\Windows\System\HFVFrpP.exe
  2⤵
  PID:1376
- C:\Windows\System\UDDavZh.exe
  C:\Windows\System\UDDavZh.exe
  2⤵
  PID:2080
- C:\Windows\System\RmbfFxr.exe
  C:\Windows\System\RmbfFxr.exe
  2⤵
  PID:2184
- C:\Windows\System\qbbJKws.exe
  C:\Windows\System\qbbJKws.exe
  2⤵
  PID:2212
- C:\Windows\System\CJPUeNl.exe
  C:\Windows\System\CJPUeNl.exe
  2⤵
  PID:2068
- C:\Windows\System\cNXpWjM.exe
  C:\Windows\System\cNXpWjM.exe
  2⤵
  PID:984
- C:\Windows\System\jyFdxKn.exe
  C:\Windows\System\jyFdxKn.exe
  2⤵
  PID:3016
- C:\Windows\System\CUsSfbg.exe
  C:\Windows\System\CUsSfbg.exe
  2⤵
  PID:1916
- C:\Windows\System\tOgErWh.exe
  C:\Windows\System\tOgErWh.exe
  2⤵
  PID:1172
- C:\Windows\System\RsahxDo.exe
  C:\Windows\System\RsahxDo.exe
  2⤵
  PID:3008
- C:\Windows\System\BvgFpqh.exe
  C:\Windows\System\BvgFpqh.exe
  2⤵
  PID:2432
- C:\Windows\System\alyedvo.exe
  C:\Windows\System\alyedvo.exe
  2⤵
  PID:3068
- C:\Windows\System\uvlzabb.exe
  C:\Windows\System\uvlzabb.exe
  2⤵
  PID:2900
- C:\Windows\System\lGFlCIs.exe
  C:\Windows\System\lGFlCIs.exe
  2⤵
  PID:2700
- C:\Windows\System\puvtuVf.exe
  C:\Windows\System\puvtuVf.exe
  2⤵
  PID:2328
- C:\Windows\System\wESxkRH.exe
  C:\Windows\System\wESxkRH.exe
  2⤵
  PID:3032
- C:\Windows\System\COMedoN.exe
  C:\Windows\System\COMedoN.exe
  2⤵
  PID:2972
- C:\Windows\System\ykpMVOP.exe
  C:\Windows\System\ykpMVOP.exe
  2⤵
  PID:2572
- C:\Windows\System\lZLNiLO.exe
  C:\Windows\System\lZLNiLO.exe
  2⤵
  PID:2580
- C:\Windows\System\ntxdfoX.exe
  C:\Windows\System\ntxdfoX.exe
  2⤵
  PID:2160
- C:\Windows\System\zVpeEuS.exe
  C:\Windows\System\zVpeEuS.exe
  2⤵
  PID:1532
- C:\Windows\System\zOUTugj.exe
  C:\Windows\System\zOUTugj.exe
  2⤵
  PID:1148
- C:\Windows\System\iVkWYMh.exe
  C:\Windows\System\iVkWYMh.exe
  2⤵
  PID:2372
- C:\Windows\System\pxcAWBv.exe
  C:\Windows\System\pxcAWBv.exe
  2⤵
  PID:1876
- C:\Windows\System\cBGXkKH.exe
  C:\Windows\System\cBGXkKH.exe
  2⤵
  PID:644
- C:\Windows\System\MVkrhro.exe
  C:\Windows\System\MVkrhro.exe
  2⤵
  PID:3056
- C:\Windows\System\vtmXkxi.exe
  C:\Windows\System\vtmXkxi.exe
  2⤵
  PID:2440
- C:\Windows\System\CJvvkOm.exe
  C:\Windows\System\CJvvkOm.exe
  2⤵
  PID:296
- C:\Windows\System\dhyBpQj.exe
  C:\Windows\System\dhyBpQj.exe
  2⤵
  PID:2376
- C:\Windows\System\RaVwjIy.exe
  C:\Windows\System\RaVwjIy.exe
  2⤵
  PID:816
- C:\Windows\System\qMpEccN.exe
  C:\Windows\System\qMpEccN.exe
  2⤵
  PID:1716
- C:\Windows\System\yeKcBdC.exe
  C:\Windows\System\yeKcBdC.exe
  2⤵
  PID:1948
- C:\Windows\System\jTglPuc.exe
  C:\Windows\System\jTglPuc.exe
  2⤵
  PID:2536
- C:\Windows\System\JDxARAd.exe
  C:\Windows\System\JDxARAd.exe
  2⤵
  PID:2660
- C:\Windows\System\MTeMwKP.exe
  C:\Windows\System\MTeMwKP.exe
  2⤵
  PID:2676
- C:\Windows\System\IvalLkr.exe
  C:\Windows\System\IvalLkr.exe
  2⤵
  PID:2500
- C:\Windows\System\MTspkyN.exe
  C:\Windows\System\MTspkyN.exe
  2⤵
  PID:2096
- C:\Windows\System\sxAQQPF.exe
  C:\Windows\System\sxAQQPF.exe
  2⤵
  PID:1096
- C:\Windows\System\ljNCObN.exe
  C:\Windows\System\ljNCObN.exe
  2⤵
  PID:2908
- C:\Windows\System\WiKHEIO.exe
  C:\Windows\System\WiKHEIO.exe
  2⤵
  PID:2388
- C:\Windows\System\DYecBhT.exe
  C:\Windows\System\DYecBhT.exe
  2⤵
  PID:876
- C:\Windows\System\pBMhMaJ.exe
  C:\Windows\System\pBMhMaJ.exe
  2⤵
  PID:2344
- C:\Windows\System\zkWYGVY.exe
  C:\Windows\System\zkWYGVY.exe
  2⤵
  PID:2060
- C:\Windows\System\GbGitaW.exe
  C:\Windows\System\GbGitaW.exe
  2⤵
  PID:2040
- C:\Windows\System\aphQJLK.exe
  C:\Windows\System\aphQJLK.exe
  2⤵
  PID:324
- C:\Windows\System\ecQmJCd.exe
  C:\Windows\System\ecQmJCd.exe
  2⤵
  PID:1792
- C:\Windows\System\jOQiRmU.exe
  C:\Windows\System\jOQiRmU.exe
  2⤵
  PID:1068
- C:\Windows\System\RlHLyTc.exe
  C:\Windows\System\RlHLyTc.exe
  2⤵
  PID:1196
- C:\Windows\System\kQhPReR.exe
  C:\Windows\System\kQhPReR.exe
  2⤵
  PID:860
- C:\Windows\System\QUZDhWi.exe
  C:\Windows\System\QUZDhWi.exe
  2⤵
  PID:556
- C:\Windows\System\cyLaKlb.exe
  C:\Windows\System\cyLaKlb.exe
  2⤵
  PID:2764
- C:\Windows\System\iHoauzY.exe
  C:\Windows\System\iHoauzY.exe
  2⤵
  PID:3092
- C:\Windows\System\OSSMFPm.exe
  C:\Windows\System\OSSMFPm.exe
  2⤵
  PID:3112
- C:\Windows\System\ACHsXEK.exe
  C:\Windows\System\ACHsXEK.exe
  2⤵
  PID:3132
- C:\Windows\System\zkvLGoN.exe
  C:\Windows\System\zkvLGoN.exe
  2⤵
  PID:3152
- C:\Windows\System\LqLoomB.exe
  C:\Windows\System\LqLoomB.exe
  2⤵
  PID:3172
- C:\Windows\System\PJerznI.exe
  C:\Windows\System\PJerznI.exe
  2⤵
  PID:3192
- C:\Windows\System\kxhyWaw.exe
  C:\Windows\System\kxhyWaw.exe
  2⤵
  PID:3208
- C:\Windows\System\oSmTZOm.exe
  C:\Windows\System\oSmTZOm.exe
  2⤵
  PID:3232
- C:\Windows\System\KLgVFGl.exe
  C:\Windows\System\KLgVFGl.exe
  2⤵
  PID:3252
- C:\Windows\System\MgcjTNE.exe
  C:\Windows\System\MgcjTNE.exe
  2⤵
  PID:3272
- C:\Windows\System\eEMfJoI.exe
  C:\Windows\System\eEMfJoI.exe
  2⤵
  PID:3292
- C:\Windows\System\UiztwDu.exe
  C:\Windows\System\UiztwDu.exe
  2⤵
  PID:3312
- C:\Windows\System\rwtYhKd.exe
  C:\Windows\System\rwtYhKd.exe
  2⤵
  PID:3332
- C:\Windows\System\rNoIktQ.exe
  C:\Windows\System\rNoIktQ.exe
  2⤵
  PID:3352
- C:\Windows\System\fxkMsMc.exe
  C:\Windows\System\fxkMsMc.exe
  2⤵
  PID:3372
- C:\Windows\System\BnXDvQB.exe
  C:\Windows\System\BnXDvQB.exe
  2⤵
  PID:3392
- C:\Windows\System\uzipQiP.exe
  C:\Windows\System\uzipQiP.exe
  2⤵
  PID:3408
- C:\Windows\System\lBRIaKO.exe
  C:\Windows\System\lBRIaKO.exe
  2⤵
  PID:3432
- C:\Windows\System\EcKHRNM.exe
  C:\Windows\System\EcKHRNM.exe
  2⤵
  PID:3452
- C:\Windows\System\naqmbZD.exe
  C:\Windows\System\naqmbZD.exe
  2⤵
  PID:3472
- C:\Windows\System\cFkwZUE.exe
  C:\Windows\System\cFkwZUE.exe
  2⤵
  PID:3492
- C:\Windows\System\dIyFiak.exe
  C:\Windows\System\dIyFiak.exe
  2⤵
  PID:3512
- C:\Windows\System\SpxYeqF.exe
  C:\Windows\System\SpxYeqF.exe
  2⤵
  PID:3532
- C:\Windows\System\GBqIXHM.exe
  C:\Windows\System\GBqIXHM.exe
  2⤵
  PID:3556
- C:\Windows\System\JICiwqR.exe
  C:\Windows\System\JICiwqR.exe
  2⤵
  PID:3576
- C:\Windows\System\bFqfqvj.exe
  C:\Windows\System\bFqfqvj.exe
  2⤵
  PID:3596
- C:\Windows\System\gTRcGox.exe
  C:\Windows\System\gTRcGox.exe
  2⤵
  PID:3616
- C:\Windows\System\gICFSmd.exe
  C:\Windows\System\gICFSmd.exe
  2⤵
  PID:3636
- C:\Windows\System\ZJycvfY.exe
  C:\Windows\System\ZJycvfY.exe
  2⤵
  PID:3652
- C:\Windows\System\TzBKEId.exe
  C:\Windows\System\TzBKEId.exe
  2⤵
  PID:3676
- C:\Windows\System\rNgRghV.exe
  C:\Windows\System\rNgRghV.exe
  2⤵
  PID:3692
- C:\Windows\System\xHUzsqR.exe
  C:\Windows\System\xHUzsqR.exe
  2⤵
  PID:3716
- C:\Windows\System\GHAUYLY.exe
  C:\Windows\System\GHAUYLY.exe
  2⤵
  PID:3736
- C:\Windows\System\OXCtxHy.exe
  C:\Windows\System\OXCtxHy.exe
  2⤵
  PID:3756
- C:\Windows\System\AymKnhq.exe
  C:\Windows\System\AymKnhq.exe
  2⤵
  PID:3776
- C:\Windows\System\tfNtdHU.exe
  C:\Windows\System\tfNtdHU.exe
  2⤵
  PID:3796
- C:\Windows\System\BqvSaEf.exe
  C:\Windows\System\BqvSaEf.exe
  2⤵
  PID:3816
- C:\Windows\System\CMDWuSi.exe
  C:\Windows\System\CMDWuSi.exe
  2⤵
  PID:3836
- C:\Windows\System\niDWMkC.exe
  C:\Windows\System\niDWMkC.exe
  2⤵
  PID:3852
- C:\Windows\System\TTgaARG.exe
  C:\Windows\System\TTgaARG.exe
  2⤵
  PID:3876
- C:\Windows\System\zGasZtf.exe
  C:\Windows\System\zGasZtf.exe
  2⤵
  PID:3892
- C:\Windows\System\HmrVclS.exe
  C:\Windows\System\HmrVclS.exe
  2⤵
  PID:3916
- C:\Windows\System\NUwhGEP.exe
  C:\Windows\System\NUwhGEP.exe
  2⤵
  PID:3936
- C:\Windows\System\rjXpNJG.exe
  C:\Windows\System\rjXpNJG.exe
  2⤵
  PID:3956
- C:\Windows\System\DwgyeHd.exe
  C:\Windows\System\DwgyeHd.exe
  2⤵
  PID:3976
- C:\Windows\System\LWOzqmR.exe
  C:\Windows\System\LWOzqmR.exe
  2⤵
  PID:3996
- C:\Windows\System\CBdmwgY.exe
  C:\Windows\System\CBdmwgY.exe
  2⤵
  PID:4016
- C:\Windows\System\eQqQkqd.exe
  C:\Windows\System\eQqQkqd.exe
  2⤵
  PID:4036
- C:\Windows\System\USPtauy.exe
  C:\Windows\System\USPtauy.exe
  2⤵
  PID:4056
- C:\Windows\System\iNkVExp.exe
  C:\Windows\System\iNkVExp.exe
  2⤵
  PID:4076
- C:\Windows\System\UvWmkxZ.exe
  C:\Windows\System\UvWmkxZ.exe
  2⤵
  PID:2332
- C:\Windows\System\gkjhzjS.exe
  C:\Windows\System\gkjhzjS.exe
  2⤵
  PID:2716
- C:\Windows\System\BQbKgfb.exe
  C:\Windows\System\BQbKgfb.exe
  2⤵
  PID:2748
- C:\Windows\System\YbYbzXo.exe
  C:\Windows\System\YbYbzXo.exe
  2⤵
  PID:2236
- C:\Windows\System\RcFLZAR.exe
  C:\Windows\System\RcFLZAR.exe
  2⤵
  PID:764
- C:\Windows\System\UTyufpC.exe
  C:\Windows\System\UTyufpC.exe
  2⤵
  PID:3080
- C:\Windows\System\fEDwvzB.exe
  C:\Windows\System\fEDwvzB.exe
  2⤵
  PID:3128
- C:\Windows\System\Rnaxwff.exe
  C:\Windows\System\Rnaxwff.exe
  2⤵
  PID:3160
- C:\Windows\System\HWxvJsU.exe
  C:\Windows\System\HWxvJsU.exe
  2⤵
  PID:3164
- C:\Windows\System\vYeaKPF.exe
  C:\Windows\System\vYeaKPF.exe
  2⤵
  PID:3204
- C:\Windows\System\iEtpqgb.exe
  C:\Windows\System\iEtpqgb.exe
  2⤵
  PID:3300
- C:\Windows\System\JHNKRSk.exe
  C:\Windows\System\JHNKRSk.exe
  2⤵
  PID:3308
- C:\Windows\System\KVIQePM.exe
  C:\Windows\System\KVIQePM.exe
  2⤵
  PID:3344
- C:\Windows\System\FYssKZX.exe
  C:\Windows\System\FYssKZX.exe
  2⤵
  PID:3388
- C:\Windows\System\NgmQZWs.exe
  C:\Windows\System\NgmQZWs.exe
  2⤵
  PID:3416
- C:\Windows\System\pGQibfZ.exe
  C:\Windows\System\pGQibfZ.exe
  2⤵
  PID:3404
- C:\Windows\System\WBAiBNJ.exe
  C:\Windows\System\WBAiBNJ.exe
  2⤵
  PID:3448
- C:\Windows\System\jHoAGYS.exe
  C:\Windows\System\jHoAGYS.exe
  2⤵
  PID:3548
- C:\Windows\System\MvqSuWW.exe
  C:\Windows\System\MvqSuWW.exe
  2⤵
  PID:3520
- C:\Windows\System\bqPogVh.exe
  C:\Windows\System\bqPogVh.exe
  2⤵
  PID:3588
- C:\Windows\System\PQOsiiI.exe
  C:\Windows\System\PQOsiiI.exe
  2⤵
  PID:3568
- C:\Windows\System\nKtZWdR.exe
  C:\Windows\System\nKtZWdR.exe
  2⤵
  PID:3612
- C:\Windows\System\GpIwajQ.exe
  C:\Windows\System\GpIwajQ.exe
  2⤵
  PID:3648
- C:\Windows\System\ENczwPt.exe
  C:\Windows\System\ENczwPt.exe
  2⤵
  PID:3684
- C:\Windows\System\EHEpnGb.exe
  C:\Windows\System\EHEpnGb.exe
  2⤵
  PID:3784
- C:\Windows\System\FEQNfEv.exe
  C:\Windows\System\FEQNfEv.exe
  2⤵
  PID:3764
- C:\Windows\System\QxssiIm.exe
  C:\Windows\System\QxssiIm.exe
  2⤵
  PID:3832
- C:\Windows\System\ozNuUmN.exe
  C:\Windows\System\ozNuUmN.exe
  2⤵
  PID:3808
- C:\Windows\System\ZLEnRMg.exe
  C:\Windows\System\ZLEnRMg.exe
  2⤵
  PID:3848
- C:\Windows\System\rcLQNxA.exe
  C:\Windows\System\rcLQNxA.exe
  2⤵
  PID:3904
- C:\Windows\System\jtKAAov.exe
  C:\Windows\System\jtKAAov.exe
  2⤵
  PID:3924
- C:\Windows\System\LNXqaEe.exe
  C:\Windows\System\LNXqaEe.exe
  2⤵
  PID:3992
- C:\Windows\System\tSTEDTv.exe
  C:\Windows\System\tSTEDTv.exe
  2⤵
  PID:4032
- C:\Windows\System\fJULPrG.exe
  C:\Windows\System\fJULPrG.exe
  2⤵
  PID:4064
- C:\Windows\System\sXoATMH.exe
  C:\Windows\System\sXoATMH.exe
  2⤵
  PID:4044
- C:\Windows\System\ZIwqzCH.exe
  C:\Windows\System\ZIwqzCH.exe
  2⤵
  PID:1688
- C:\Windows\System\qGoNmDY.exe
  C:\Windows\System\qGoNmDY.exe
  2⤵
  PID:1776
- C:\Windows\System\NDrMQPJ.exe
  C:\Windows\System\NDrMQPJ.exe
  2⤵
  PID:2924
- C:\Windows\System\gtUMRhG.exe
  C:\Windows\System\gtUMRhG.exe
  2⤵
  PID:3140
- C:\Windows\System\HTjdHMl.exe
  C:\Windows\System\HTjdHMl.exe
  2⤵
  PID:3120
- C:\Windows\System\DxzbBQm.exe
  C:\Windows\System\DxzbBQm.exe
  2⤵
  PID:3168
- C:\Windows\System\cNuYMgy.exe
  C:\Windows\System\cNuYMgy.exe
  2⤵
  PID:3240
- C:\Windows\System\ASipnXu.exe
  C:\Windows\System\ASipnXu.exe
  2⤵
  PID:3380
- C:\Windows\System\hJQltfg.exe
  C:\Windows\System\hJQltfg.exe
  2⤵
  PID:3428
- C:\Windows\System\TeQrzIA.exe
  C:\Windows\System\TeQrzIA.exe
  2⤵
  PID:3468
- C:\Windows\System\PBApzqh.exe
  C:\Windows\System\PBApzqh.exe
  2⤵
  PID:3508
- C:\Windows\System\KXsatCA.exe
  C:\Windows\System\KXsatCA.exe
  2⤵
  PID:3544
- C:\Windows\System\RxiJrFE.exe
  C:\Windows\System\RxiJrFE.exe
  2⤵
  PID:3632
- C:\Windows\System\qxNoGqI.exe
  C:\Windows\System\qxNoGqI.exe
  2⤵
  PID:3708
- C:\Windows\System\DPXfUBX.exe
  C:\Windows\System\DPXfUBX.exe
  2⤵
  PID:3728
- C:\Windows\System\PSmpHZU.exe
  C:\Windows\System\PSmpHZU.exe
  2⤵
  PID:3788
- C:\Windows\System\EmNoCqd.exe
  C:\Windows\System\EmNoCqd.exe
  2⤵
  PID:3824
- C:\Windows\System\JLxHYsl.exe
  C:\Windows\System\JLxHYsl.exe
  2⤵
  PID:3932
- C:\Windows\System\ZEVzxyv.exe
  C:\Windows\System\ZEVzxyv.exe
  2⤵
  PID:3984
- C:\Windows\System\VJgkVME.exe
  C:\Windows\System\VJgkVME.exe
  2⤵
  PID:3968
- C:\Windows\System\EjiqDoo.exe
  C:\Windows\System\EjiqDoo.exe
  2⤵
  PID:4072
- C:\Windows\System\bwllTVo.exe
  C:\Windows\System\bwllTVo.exe
  2⤵
  PID:1160
- C:\Windows\System\wcKkhRu.exe
  C:\Windows\System\wcKkhRu.exe
  2⤵
  PID:2544
- C:\Windows\System\YnmoXEt.exe
  C:\Windows\System\YnmoXEt.exe
  2⤵
  PID:1524
- C:\Windows\System\NPVJnfy.exe
  C:\Windows\System\NPVJnfy.exe
  2⤵
  PID:3200
- C:\Windows\System\pHVyDdx.exe
  C:\Windows\System\pHVyDdx.exe
  2⤵
  PID:3360
- C:\Windows\System\SlpyYYV.exe
  C:\Windows\System\SlpyYYV.exe
  2⤵
  PID:3504
- C:\Windows\System\FrqXkAh.exe
  C:\Windows\System\FrqXkAh.exe
  2⤵
  PID:3564
- C:\Windows\System\rfIRNKL.exe
  C:\Windows\System\rfIRNKL.exe
  2⤵
  PID:3660
- C:\Windows\System\RIubbDg.exe
  C:\Windows\System\RIubbDg.exe
  2⤵
  PID:3704
- C:\Windows\System\WESDnQP.exe
  C:\Windows\System\WESDnQP.exe
  2⤵
  PID:3864
- C:\Windows\System\ziKKVUW.exe
  C:\Windows\System\ziKKVUW.exe
  2⤵
  PID:3988
- C:\Windows\System\jcTFQFZ.exe
  C:\Windows\System\jcTFQFZ.exe
  2⤵
  PID:2312
- C:\Windows\System\IrJuCoO.exe
  C:\Windows\System\IrJuCoO.exe
  2⤵
  PID:4052
- C:\Windows\System\bzxAhjF.exe
  C:\Windows\System\bzxAhjF.exe
  2⤵
  PID:4048
- C:\Windows\System\FGpIsoY.exe
  C:\Windows\System\FGpIsoY.exe
  2⤵
  PID:3108
- C:\Windows\System\KhKojSq.exe
  C:\Windows\System\KhKojSq.exe
  2⤵
  PID:4108
- C:\Windows\System\ARjLCvK.exe
  C:\Windows\System\ARjLCvK.exe
  2⤵
  PID:4128
- C:\Windows\System\DPyUVVK.exe
  C:\Windows\System\DPyUVVK.exe
  2⤵
  PID:4148
- C:\Windows\System\BSCACDk.exe
  C:\Windows\System\BSCACDk.exe
  2⤵
  PID:4164
- C:\Windows\System\kAvhYFo.exe
  C:\Windows\System\kAvhYFo.exe
  2⤵
  PID:4188
- C:\Windows\System\DCDnTON.exe
  C:\Windows\System\DCDnTON.exe
  2⤵
  PID:4208
- C:\Windows\System\kiIrzfg.exe
  C:\Windows\System\kiIrzfg.exe
  2⤵
  PID:4228
- C:\Windows\System\ZIWVvFw.exe
  C:\Windows\System\ZIWVvFw.exe
  2⤵
  PID:4248
- C:\Windows\System\KSOglRp.exe
  C:\Windows\System\KSOglRp.exe
  2⤵
  PID:4268
- C:\Windows\System\EmmoaCP.exe
  C:\Windows\System\EmmoaCP.exe
  2⤵
  PID:4284
- C:\Windows\System\gszQsVf.exe
  C:\Windows\System\gszQsVf.exe
  2⤵
  PID:4308
- C:\Windows\System\zkkWxdl.exe
  C:\Windows\System\zkkWxdl.exe
  2⤵
  PID:4328
- C:\Windows\System\koaYYny.exe
  C:\Windows\System\koaYYny.exe
  2⤵
  PID:4348
- C:\Windows\System\cjyfOte.exe
  C:\Windows\System\cjyfOte.exe
  2⤵
  PID:4364
- C:\Windows\System\Makwblt.exe
  C:\Windows\System\Makwblt.exe
  2⤵
  PID:4388
- C:\Windows\System\RBauKQn.exe
  C:\Windows\System\RBauKQn.exe
  2⤵
  PID:4408
- C:\Windows\System\LeUdRzv.exe
  C:\Windows\System\LeUdRzv.exe
  2⤵
  PID:4428
- C:\Windows\System\QgGjHga.exe
  C:\Windows\System\QgGjHga.exe
  2⤵
  PID:4448
- C:\Windows\System\iMxgANT.exe
  C:\Windows\System\iMxgANT.exe
  2⤵
  PID:4468
- C:\Windows\System\vOoqUrS.exe
  C:\Windows\System\vOoqUrS.exe
  2⤵
  PID:4488
- C:\Windows\System\hbHkfPJ.exe
  C:\Windows\System\hbHkfPJ.exe
  2⤵
  PID:4508
- C:\Windows\System\GJgzazB.exe
  C:\Windows\System\GJgzazB.exe
  2⤵
  PID:4528
- C:\Windows\System\AdazNUQ.exe
  C:\Windows\System\AdazNUQ.exe
  2⤵
  PID:4548
- C:\Windows\System\oRQObqy.exe
  C:\Windows\System\oRQObqy.exe
  2⤵
  PID:4568
- C:\Windows\System\zmxZAAy.exe
  C:\Windows\System\zmxZAAy.exe
  2⤵
  PID:4588
- C:\Windows\System\qJapAlP.exe
  C:\Windows\System\qJapAlP.exe
  2⤵
  PID:4608
- C:\Windows\System\lZxSbqA.exe
  C:\Windows\System\lZxSbqA.exe
  2⤵
  PID:4628
- C:\Windows\System\QVcRauW.exe
  C:\Windows\System\QVcRauW.exe
  2⤵
  PID:4644
- C:\Windows\System\aGlBbaV.exe
  C:\Windows\System\aGlBbaV.exe
  2⤵
  PID:4668
- C:\Windows\System\YjuyYyc.exe
  C:\Windows\System\YjuyYyc.exe
  2⤵
  PID:4688
- C:\Windows\System\AIYanQr.exe
  C:\Windows\System\AIYanQr.exe
  2⤵
  PID:4708
- C:\Windows\System\IVLCuwa.exe
  C:\Windows\System\IVLCuwa.exe
  2⤵
  PID:4728
- C:\Windows\System\JZUQRoZ.exe
  C:\Windows\System\JZUQRoZ.exe
  2⤵
  PID:4748
- C:\Windows\System\OWCkaEO.exe
  C:\Windows\System\OWCkaEO.exe
  2⤵
  PID:4768
- C:\Windows\System\pnoCZan.exe
  C:\Windows\System\pnoCZan.exe
  2⤵
  PID:4788
- C:\Windows\System\LCJzzFW.exe
  C:\Windows\System\LCJzzFW.exe
  2⤵
  PID:4808
- C:\Windows\System\AypLZDX.exe
  C:\Windows\System\AypLZDX.exe
  2⤵
  PID:4832
- C:\Windows\System\dDivzkl.exe
  C:\Windows\System\dDivzkl.exe
  2⤵
  PID:4852
- C:\Windows\System\sDoVyBz.exe
  C:\Windows\System\sDoVyBz.exe
  2⤵
  PID:4872
- C:\Windows\System\rqGmDBk.exe
  C:\Windows\System\rqGmDBk.exe
  2⤵
  PID:4892
- C:\Windows\System\djSnpbz.exe
  C:\Windows\System\djSnpbz.exe
  2⤵
  PID:4912
- C:\Windows\System\ktCBJra.exe
  C:\Windows\System\ktCBJra.exe
  2⤵
  PID:4928
- C:\Windows\System\HpuJCEy.exe
  C:\Windows\System\HpuJCEy.exe
  2⤵
  PID:4952
- C:\Windows\System\gDptEdH.exe
  C:\Windows\System\gDptEdH.exe
  2⤵
  PID:4968
- C:\Windows\System\jJoulGn.exe
  C:\Windows\System\jJoulGn.exe
  2⤵
  PID:4992
- C:\Windows\System\KgHMFZF.exe
  C:\Windows\System\KgHMFZF.exe
  2⤵
  PID:5008
- C:\Windows\System\SCOlDmW.exe
  C:\Windows\System\SCOlDmW.exe
  2⤵
  PID:5032
- C:\Windows\System\feKUgzk.exe
  C:\Windows\System\feKUgzk.exe
  2⤵
  PID:5048
- C:\Windows\System\AsSsHtj.exe
  C:\Windows\System\AsSsHtj.exe
  2⤵
  PID:5072
- C:\Windows\System\Yuowzds.exe
  C:\Windows\System\Yuowzds.exe
  2⤵
  PID:5092
- C:\Windows\System\dfOzkaZ.exe
  C:\Windows\System\dfOzkaZ.exe
  2⤵
  PID:5112
- C:\Windows\System\PeLMcKP.exe
  C:\Windows\System\PeLMcKP.exe
  2⤵
  PID:3328
- C:\Windows\System\mufCvAG.exe
  C:\Windows\System\mufCvAG.exe
  2⤵
  PID:3488
- C:\Windows\System\npJSnhk.exe
  C:\Windows\System\npJSnhk.exe
  2⤵
  PID:3644
- C:\Windows\System\kudlyBu.exe
  C:\Windows\System\kudlyBu.exe
  2⤵
  PID:3884
- C:\Windows\System\DanRciM.exe
  C:\Windows\System\DanRciM.exe
  2⤵
  PID:1384
- C:\Windows\System\GJwTDij.exe
  C:\Windows\System\GJwTDij.exe
  2⤵
  PID:4092
- C:\Windows\System\HvzDZlb.exe
  C:\Windows\System\HvzDZlb.exe
  2⤵
  PID:4104
- C:\Windows\System\iyHISxf.exe
  C:\Windows\System\iyHISxf.exe
  2⤵
  PID:4172
- C:\Windows\System\vUuYTXv.exe
  C:\Windows\System\vUuYTXv.exe
  2⤵
  PID:4156
- C:\Windows\System\urEWsXh.exe
  C:\Windows\System\urEWsXh.exe
  2⤵
  PID:4224
- C:\Windows\System\tKdKkKl.exe
  C:\Windows\System\tKdKkKl.exe
  2⤵
  PID:4204
- C:\Windows\System\gzMUoUv.exe
  C:\Windows\System\gzMUoUv.exe
  2⤵
  PID:4292
- C:\Windows\System\zaRvnxG.exe
  C:\Windows\System\zaRvnxG.exe
  2⤵
  PID:4336
- C:\Windows\System\BbHPjmv.exe
  C:\Windows\System\BbHPjmv.exe
  2⤵
  PID:4340
- C:\Windows\System\SfUCjJB.exe
  C:\Windows\System\SfUCjJB.exe
  2⤵
  PID:4324
- C:\Windows\System\YNrJjPX.exe
  C:\Windows\System\YNrJjPX.exe
  2⤵
  PID:4360
- C:\Windows\System\iVDgDwv.exe
  C:\Windows\System\iVDgDwv.exe
  2⤵
  PID:4464
- C:\Windows\System\bIjKppz.exe
  C:\Windows\System\bIjKppz.exe
  2⤵
  PID:4440
- C:\Windows\System\yvSnZYj.exe
  C:\Windows\System\yvSnZYj.exe
  2⤵
  PID:4536
- C:\Windows\System\KsIvZOL.exe
  C:\Windows\System\KsIvZOL.exe
  2⤵
  PID:4516
- C:\Windows\System\iNPurxv.exe
  C:\Windows\System\iNPurxv.exe
  2⤵
  PID:4564
- C:\Windows\System\yvAMAZQ.exe
  C:\Windows\System\yvAMAZQ.exe
  2⤵
  PID:4560
- C:\Windows\System\LdZwSDJ.exe
  C:\Windows\System\LdZwSDJ.exe
  2⤵
  PID:4652
- C:\Windows\System\GLgbpGD.exe
  C:\Windows\System\GLgbpGD.exe
  2⤵
  PID:4664
- C:\Windows\System\NJHedlF.exe
  C:\Windows\System\NJHedlF.exe
  2⤵
  PID:4684
- C:\Windows\System\tdDGCBe.exe
  C:\Windows\System\tdDGCBe.exe
  2⤵
  PID:4740
- C:\Windows\System\gCeTrVZ.exe
  C:\Windows\System\gCeTrVZ.exe
  2⤵
  PID:4780
- C:\Windows\System\JuXkxAb.exe
  C:\Windows\System\JuXkxAb.exe
  2⤵
  PID:4760
- C:\Windows\System\OXlTYRd.exe
  C:\Windows\System\OXlTYRd.exe
  2⤵
  PID:4864
- C:\Windows\System\EbLUDaw.exe
  C:\Windows\System\EbLUDaw.exe
  2⤵
  PID:4800
- C:\Windows\System\wvKIefQ.exe
  C:\Windows\System\wvKIefQ.exe
  2⤵
  PID:4944
- C:\Windows\System\xuNKQaK.exe
  C:\Windows\System\xuNKQaK.exe
  2⤵
  PID:4888
- C:\Windows\System\JbLcKMz.exe
  C:\Windows\System\JbLcKMz.exe
  2⤵
  PID:4924
- C:\Windows\System\XBroILV.exe
  C:\Windows\System\XBroILV.exe
  2⤵
  PID:5028
- C:\Windows\System\dXrwpUY.exe
  C:\Windows\System\dXrwpUY.exe
  2⤵
  PID:5064
- C:\Windows\System\IKFaciy.exe
  C:\Windows\System\IKFaciy.exe
  2⤵
  PID:5040
- C:\Windows\System\GDrcBsQ.exe
  C:\Windows\System\GDrcBsQ.exe
  2⤵
  PID:3424
- C:\Windows\System\FyDWmbF.exe
  C:\Windows\System\FyDWmbF.exe
  2⤵
  PID:3284
- C:\Windows\System\wbWsfja.exe
  C:\Windows\System\wbWsfja.exe
  2⤵
  PID:3584
- C:\Windows\System\rUPJZpj.exe
  C:\Windows\System\rUPJZpj.exe
  2⤵
  PID:812
- C:\Windows\System\xrXniiI.exe
  C:\Windows\System\xrXniiI.exe
  2⤵
  PID:3264
- C:\Windows\System\DqbEeOc.exe
  C:\Windows\System\DqbEeOc.exe
  2⤵
  PID:4140
- C:\Windows\System\pMfseHZ.exe
  C:\Windows\System\pMfseHZ.exe
  2⤵
  PID:4216
- C:\Windows\System\EONACXo.exe
  C:\Windows\System\EONACXo.exe
  2⤵
  PID:4176
- C:\Windows\System\VKovQHH.exe
  C:\Windows\System\VKovQHH.exe
  2⤵
  PID:4260
- C:\Windows\System\STogHlD.exe
  C:\Windows\System\STogHlD.exe
  2⤵
  PID:4304
- C:\Windows\System\XRjpxxq.exe
  C:\Windows\System\XRjpxxq.exe
  2⤵
  PID:4396
- C:\Windows\System\KkIDUML.exe
  C:\Windows\System\KkIDUML.exe
  2⤵
  PID:4444
- C:\Windows\System\QnYRwpD.exe
  C:\Windows\System\QnYRwpD.exe
  2⤵
  PID:4460
- C:\Windows\System\LwUEMvO.exe
  C:\Windows\System\LwUEMvO.exe
  2⤵
  PID:4504
- C:\Windows\System\mUZrvqw.exe
  C:\Windows\System\mUZrvqw.exe
  2⤵
  PID:4584
- C:\Windows\System\bRAmeOv.exe
  C:\Windows\System\bRAmeOv.exe
  2⤵
  PID:4600
- C:\Windows\System\oqGrtUL.exe
  C:\Windows\System\oqGrtUL.exe
  2⤵
  PID:4700
- C:\Windows\System\tFNxpKg.exe
  C:\Windows\System\tFNxpKg.exe
  2⤵
  PID:4704
- C:\Windows\System\fzsxhgI.exe
  C:\Windows\System\fzsxhgI.exe
  2⤵
  PID:4828
- C:\Windows\System\rqchfbg.exe
  C:\Windows\System\rqchfbg.exe
  2⤵
  PID:4860
- C:\Windows\System\DFfOSyg.exe
  C:\Windows\System\DFfOSyg.exe
  2⤵
  PID:4884
- C:\Windows\System\fLiGfCV.exe
  C:\Windows\System\fLiGfCV.exe
  2⤵
  PID:4988
- C:\Windows\System\yRlXuBH.exe
  C:\Windows\System\yRlXuBH.exe
  2⤵
  PID:5100
- C:\Windows\System\FcrbFEn.exe
  C:\Windows\System\FcrbFEn.exe
  2⤵
  PID:3364
- C:\Windows\System\CZGHKyV.exe
  C:\Windows\System\CZGHKyV.exe
  2⤵
  PID:3664
- C:\Windows\System\PRJYLwc.exe
  C:\Windows\System\PRJYLwc.exe
  2⤵
  PID:3948
- C:\Windows\System\jXQTtWc.exe
  C:\Windows\System\jXQTtWc.exe
  2⤵
  PID:4804
- C:\Windows\System\ABhxRLB.exe
  C:\Windows\System\ABhxRLB.exe
  2⤵
  PID:2420
- C:\Windows\System\MYEJvbf.exe
  C:\Windows\System\MYEJvbf.exe
  2⤵
  PID:4276
- C:\Windows\System\lfSeZxm.exe
  C:\Windows\System\lfSeZxm.exe
  2⤵
  PID:4240
- C:\Windows\System\wHAcbvQ.exe
  C:\Windows\System\wHAcbvQ.exe
  2⤵
  PID:4544
- C:\Windows\System\RIHJMPV.exe
  C:\Windows\System\RIHJMPV.exe
  2⤵
  PID:4384
- C:\Windows\System\RHpSrgK.exe
  C:\Windows\System\RHpSrgK.exe
  2⤵
  PID:4576
- C:\Windows\System\EozuJkQ.exe
  C:\Windows\System\EozuJkQ.exe
  2⤵
  PID:4736
- C:\Windows\System\tXiKZfK.exe
  C:\Windows\System\tXiKZfK.exe
  2⤵
  PID:4904
- C:\Windows\System\qmyFXCX.exe
  C:\Windows\System\qmyFXCX.exe
  2⤵
  PID:4784
- C:\Windows\System\yaRKFcR.exe
  C:\Windows\System\yaRKFcR.exe
  2⤵
  PID:4844
- C:\Windows\System\ixXSSNx.exe
  C:\Windows\System\ixXSSNx.exe
  2⤵
  PID:5004
- C:\Windows\System\ydpLSyd.exe
  C:\Windows\System\ydpLSyd.exe
  2⤵
  PID:3772
- C:\Windows\System\onLxDKC.exe
  C:\Windows\System\onLxDKC.exe
  2⤵
  PID:5108
- C:\Windows\System\OJbuBSA.exe
  C:\Windows\System\OJbuBSA.exe
  2⤵
  PID:4256
- C:\Windows\System\XtPAcpt.exe
  C:\Windows\System\XtPAcpt.exe
  2⤵
  PID:4316
- C:\Windows\System\YbREGwz.exe
  C:\Windows\System\YbREGwz.exe
  2⤵
  PID:4416
- C:\Windows\System\qlVqQdH.exe
  C:\Windows\System\qlVqQdH.exe
  2⤵
  PID:4636
- C:\Windows\System\jIEaEfX.exe
  C:\Windows\System\jIEaEfX.exe
  2⤵
  PID:4776
- C:\Windows\System\WGQDmlK.exe
  C:\Windows\System\WGQDmlK.exe
  2⤵
  PID:4984
- C:\Windows\System\AMUEoje.exe
  C:\Windows\System\AMUEoje.exe
  2⤵
  PID:5140
- C:\Windows\System\PagpfVH.exe
  C:\Windows\System\PagpfVH.exe
  2⤵
  PID:5160
- C:\Windows\System\TptJNoz.exe
  C:\Windows\System\TptJNoz.exe
  2⤵
  PID:5180
- C:\Windows\System\RHlxXwv.exe
  C:\Windows\System\RHlxXwv.exe
  2⤵
  PID:5200
- C:\Windows\System\eXroMRH.exe
  C:\Windows\System\eXroMRH.exe
  2⤵
  PID:5220
- C:\Windows\System\kNWJdjT.exe
  C:\Windows\System\kNWJdjT.exe
  2⤵
  PID:5240
- C:\Windows\System\uihMFAy.exe
  C:\Windows\System\uihMFAy.exe
  2⤵
  PID:5260
- C:\Windows\System\nEVIbEq.exe
  C:\Windows\System\nEVIbEq.exe
  2⤵
  PID:5280
- C:\Windows\System\TBtMRUW.exe
  C:\Windows\System\TBtMRUW.exe
  2⤵
  PID:5300
- C:\Windows\System\raWCrxa.exe
  C:\Windows\System\raWCrxa.exe
  2⤵
  PID:5320
- C:\Windows\System\nryXlyL.exe
  C:\Windows\System\nryXlyL.exe
  2⤵
  PID:5340
- C:\Windows\System\IgSEOql.exe
  C:\Windows\System\IgSEOql.exe
  2⤵
  PID:5360
- C:\Windows\System\VhbowdC.exe
  C:\Windows\System\VhbowdC.exe
  2⤵
  PID:5380
- C:\Windows\System\bDSbmPZ.exe
  C:\Windows\System\bDSbmPZ.exe
  2⤵
  PID:5400
- C:\Windows\System\irVckwd.exe
  C:\Windows\System\irVckwd.exe
  2⤵
  PID:5416
- C:\Windows\System\alVUsYo.exe
  C:\Windows\System\alVUsYo.exe
  2⤵
  PID:5440
- C:\Windows\System\DFyGzrp.exe
  C:\Windows\System\DFyGzrp.exe
  2⤵
  PID:5456
- C:\Windows\System\TrcXVtS.exe
  C:\Windows\System\TrcXVtS.exe
  2⤵
  PID:5476
- C:\Windows\System\oLscRHa.exe
  C:\Windows\System\oLscRHa.exe
  2⤵
  PID:5500
- C:\Windows\System\baAPQcN.exe
  C:\Windows\System\baAPQcN.exe
  2⤵
  PID:5520
- C:\Windows\System\arHThCU.exe
  C:\Windows\System\arHThCU.exe
  2⤵
  PID:5540
- C:\Windows\System\xJSHdok.exe
  C:\Windows\System\xJSHdok.exe
  2⤵
  PID:5560
- C:\Windows\System\CFuezwL.exe
  C:\Windows\System\CFuezwL.exe
  2⤵
  PID:5580
- C:\Windows\System\xMGZnSt.exe
  C:\Windows\System\xMGZnSt.exe
  2⤵
  PID:5600
- C:\Windows\System\wuJshTV.exe
  C:\Windows\System\wuJshTV.exe
  2⤵
  PID:5624
- C:\Windows\System\gghcRdJ.exe
  C:\Windows\System\gghcRdJ.exe
  2⤵
  PID:5644
- C:\Windows\System\yauLaiG.exe
  C:\Windows\System\yauLaiG.exe
  2⤵
  PID:5664
- C:\Windows\System\lhsSCBS.exe
  C:\Windows\System\lhsSCBS.exe
  2⤵
  PID:5684
- C:\Windows\System\vOKYkZG.exe
  C:\Windows\System\vOKYkZG.exe
  2⤵
  PID:5704
- C:\Windows\System\sPCTvCr.exe
  C:\Windows\System\sPCTvCr.exe
  2⤵
  PID:5724
- C:\Windows\System\DgnBGne.exe
  C:\Windows\System\DgnBGne.exe
  2⤵
  PID:5744
- C:\Windows\System\vRUcWnd.exe
  C:\Windows\System\vRUcWnd.exe
  2⤵
  PID:5764
- C:\Windows\System\lBPsgKM.exe
  C:\Windows\System\lBPsgKM.exe
  2⤵
  PID:5780
- C:\Windows\System\xboMfVc.exe
  C:\Windows\System\xboMfVc.exe
  2⤵
  PID:5804
- C:\Windows\System\pBEOhgq.exe
  C:\Windows\System\pBEOhgq.exe
  2⤵
  PID:5824
- C:\Windows\System\PAkdwju.exe
  C:\Windows\System\PAkdwju.exe
  2⤵
  PID:5844
- C:\Windows\System\ToYVdFm.exe
  C:\Windows\System\ToYVdFm.exe
  2⤵
  PID:5864
- C:\Windows\System\rMOJqGW.exe
  C:\Windows\System\rMOJqGW.exe
  2⤵
  PID:5884
- C:\Windows\System\dmswReH.exe
  C:\Windows\System\dmswReH.exe
  2⤵
  PID:5904
- C:\Windows\System\PbVuzqL.exe
  C:\Windows\System\PbVuzqL.exe
  2⤵
  PID:5924
- C:\Windows\System\QrGHgnr.exe
  C:\Windows\System\QrGHgnr.exe
  2⤵
  PID:5944
- C:\Windows\System\banTgoN.exe
  C:\Windows\System\banTgoN.exe
  2⤵
  PID:5964
- C:\Windows\System\pyYsKZw.exe
  C:\Windows\System\pyYsKZw.exe
  2⤵
  PID:5984
- C:\Windows\System\sTfwACX.exe
  C:\Windows\System\sTfwACX.exe
  2⤵
  PID:6004
- C:\Windows\System\SpKcOak.exe
  C:\Windows\System\SpKcOak.exe
  2⤵
  PID:6024
- C:\Windows\System\LogawlU.exe
  C:\Windows\System\LogawlU.exe
  2⤵
  PID:6044
- C:\Windows\System\EAocuNJ.exe
  C:\Windows\System\EAocuNJ.exe
  2⤵
  PID:6064
- C:\Windows\System\ouOxDyV.exe
  C:\Windows\System\ouOxDyV.exe
  2⤵
  PID:6084
- C:\Windows\System\HJXjpvp.exe
  C:\Windows\System\HJXjpvp.exe
  2⤵
  PID:6104
- C:\Windows\System\xFeraom.exe
  C:\Windows\System\xFeraom.exe
  2⤵
  PID:6124
- C:\Windows\System\IWlCxLU.exe
  C:\Windows\System\IWlCxLU.exe
  2⤵
  PID:5000
- C:\Windows\System\tayJkMv.exe
  C:\Windows\System\tayJkMv.exe
  2⤵
  PID:5080
- C:\Windows\System\caSEoOg.exe
  C:\Windows\System\caSEoOg.exe
  2⤵
  PID:1812
- C:\Windows\System\bYKQjmT.exe
  C:\Windows\System\bYKQjmT.exe
  2⤵
  PID:4144
- C:\Windows\System\kFveAPt.exe
  C:\Windows\System\kFveAPt.exe
  2⤵
  PID:4500
- C:\Windows\System\ykIVPTR.exe
  C:\Windows\System\ykIVPTR.exe
  2⤵
  PID:4404
- C:\Windows\System\ktQdZNT.exe
  C:\Windows\System\ktQdZNT.exe
  2⤵
  PID:5148
- C:\Windows\System\fLdIfLu.exe
  C:\Windows\System\fLdIfLu.exe
  2⤵
  PID:5136
- C:\Windows\System\qyqXSnG.exe
  C:\Windows\System\qyqXSnG.exe
  2⤵
  PID:5192
- C:\Windows\System\IXiOdSt.exe
  C:\Windows\System\IXiOdSt.exe
  2⤵
  PID:5208
- C:\Windows\System\MJdRLmM.exe
  C:\Windows\System\MJdRLmM.exe
  2⤵
  PID:5272
- C:\Windows\System\Uvimknf.exe
  C:\Windows\System\Uvimknf.exe
  2⤵
  PID:5308
- C:\Windows\System\JzcwGsN.exe
  C:\Windows\System\JzcwGsN.exe
  2⤵
  PID:5296
- C:\Windows\System\airDoZo.exe
  C:\Windows\System\airDoZo.exe
  2⤵
  PID:5328
- C:\Windows\System\Fxumbor.exe
  C:\Windows\System\Fxumbor.exe
  2⤵
  PID:5432
- C:\Windows\System\GEvjqhN.exe
  C:\Windows\System\GEvjqhN.exe
  2⤵
  PID:5408
- C:\Windows\System\drlwbUO.exe
  C:\Windows\System\drlwbUO.exe
  2⤵
  PID:3024
- C:\Windows\System\KoObPsJ.exe
  C:\Windows\System\KoObPsJ.exe
  2⤵
  PID:5516
- C:\Windows\System\OSVrAmg.exe
  C:\Windows\System\OSVrAmg.exe
  2⤵
  PID:5556
- C:\Windows\System\DECOIkP.exe
  C:\Windows\System\DECOIkP.exe
  2⤵
  PID:5576
- C:\Windows\System\NHubyBR.exe
  C:\Windows\System\NHubyBR.exe
  2⤵
  PID:5608
- C:\Windows\System\SQJhKyl.exe
  C:\Windows\System\SQJhKyl.exe
  2⤵
  PID:5636
- C:\Windows\System\QxsXzlt.exe
  C:\Windows\System\QxsXzlt.exe
  2⤵
  PID:5660
- C:\Windows\System\dmskKdr.exe
  C:\Windows\System\dmskKdr.exe
  2⤵
  PID:5700
- C:\Windows\System\xdxvAEI.exe
  C:\Windows\System\xdxvAEI.exe
  2⤵
  PID:5760
- C:\Windows\System\GhlJCog.exe
  C:\Windows\System\GhlJCog.exe
  2⤵
  PID:5736
- C:\Windows\System\qMynUof.exe
  C:\Windows\System\qMynUof.exe
  2⤵
  PID:5792
- C:\Windows\System\PpNoXYs.exe
  C:\Windows\System\PpNoXYs.exe
  2⤵
  PID:284
- C:\Windows\System\qVERDeh.exe
  C:\Windows\System\qVERDeh.exe
  2⤵
  PID:5820
- C:\Windows\System\WPQmGdc.exe
  C:\Windows\System\WPQmGdc.exe
  2⤵
  PID:5876
- C:\Windows\System\LbVSbkM.exe
  C:\Windows\System\LbVSbkM.exe
  2⤵
  PID:5912
- C:\Windows\System\MZydlrQ.exe
  C:\Windows\System\MZydlrQ.exe
  2⤵
  PID:5932
- C:\Windows\System\XJrXwVA.exe
  C:\Windows\System\XJrXwVA.exe
  2⤵
  PID:5972
- C:\Windows\System\bDgBPPT.exe
  C:\Windows\System\bDgBPPT.exe
  2⤵
  PID:5976
- C:\Windows\System\VRvdFwq.exe
  C:\Windows\System\VRvdFwq.exe
  2⤵
  PID:6016
- C:\Windows\System\AMLcovC.exe
  C:\Windows\System\AMLcovC.exe
  2⤵
  PID:6080
- C:\Windows\System\NoUqkcT.exe
  C:\Windows\System\NoUqkcT.exe
  2⤵
  PID:6120
- C:\Windows\System\EBjyIHL.exe
  C:\Windows\System\EBjyIHL.exe
  2⤵
  PID:6096
- C:\Windows\System\SjONQAW.exe
  C:\Windows\System\SjONQAW.exe
  2⤵
  PID:1544
- C:\Windows\System\KftxaZh.exe
  C:\Windows\System\KftxaZh.exe
  2⤵
  PID:4964
- C:\Windows\System\MgGKWhu.exe
  C:\Windows\System\MgGKWhu.exe
  2⤵
  PID:3268
- C:\Windows\System\nvvUefW.exe
  C:\Windows\System\nvvUefW.exe
  2⤵
  PID:4640
- C:\Windows\System\VFOLxSN.exe
  C:\Windows\System\VFOLxSN.exe
  2⤵
  PID:4716
- C:\Windows\System\OINyjdD.exe
  C:\Windows\System\OINyjdD.exe
  2⤵
  PID:1364
- C:\Windows\System\Jxdypvn.exe
  C:\Windows\System\Jxdypvn.exe
  2⤵
  PID:5172
- C:\Windows\System\gIRcGrP.exe
  C:\Windows\System\gIRcGrP.exe
  2⤵
  PID:5252
- C:\Windows\System\LOcfyRm.exe
  C:\Windows\System\LOcfyRm.exe
  2⤵
  PID:5356
- C:\Windows\System\CiLnYXP.exe
  C:\Windows\System\CiLnYXP.exe
  2⤵
  PID:2508
- C:\Windows\System\zmDgDvp.exe
  C:\Windows\System\zmDgDvp.exe
  2⤵
  PID:584
- C:\Windows\System\Pbexhji.exe
  C:\Windows\System\Pbexhji.exe
  2⤵
  PID:2136
- C:\Windows\System\nCKzTzL.exe
  C:\Windows\System\nCKzTzL.exe
  2⤵
  PID:5472
- C:\Windows\System\htfowJn.exe
  C:\Windows\System\htfowJn.exe
  2⤵
  PID:680
- C:\Windows\System\ijmcwwD.exe
  C:\Windows\System\ijmcwwD.exe
  2⤵
  PID:5720
- C:\Windows\System\IFFURDM.exe
  C:\Windows\System\IFFURDM.exe
  2⤵
  PID:2648
- C:\Windows\System\oAXYeHw.exe
  C:\Windows\System\oAXYeHw.exe
  2⤵
  PID:2712
- C:\Windows\System\gBjcLLV.exe
  C:\Windows\System\gBjcLLV.exe
  2⤵
  PID:5676
- C:\Windows\System\NlUZAFs.exe
  C:\Windows\System\NlUZAFs.exe
  2⤵
  PID:2556
- C:\Windows\System\HsuCWFD.exe
  C:\Windows\System\HsuCWFD.exe
  2⤵
  PID:5856
- C:\Windows\System\BKqJyfX.exe
  C:\Windows\System\BKqJyfX.exe
  2⤵
  PID:1628
- C:\Windows\System\GiCmPOK.exe
  C:\Windows\System\GiCmPOK.exe
  2⤵
  PID:5812
- C:\Windows\System\HvErVOM.exe
  C:\Windows\System\HvErVOM.exe
  2⤵
  PID:6092
- C:\Windows\System\cIEHmDA.exe
  C:\Windows\System\cIEHmDA.exe
  2⤵
  PID:5016
- C:\Windows\System\MbZXCRR.exe
  C:\Windows\System\MbZXCRR.exe
  2⤵
  PID:2000
- C:\Windows\System\bjYRujM.exe
  C:\Windows\System\bjYRujM.exe
  2⤵
  PID:6056
- C:\Windows\System\TAahlCS.exe
  C:\Windows\System\TAahlCS.exe
  2⤵
  PID:4120
- C:\Windows\System\gJwSDas.exe
  C:\Windows\System\gJwSDas.exe
  2⤵
  PID:5236
- C:\Windows\System\TYkJGYK.exe
  C:\Windows\System\TYkJGYK.exe
  2⤵
  PID:5424
- C:\Windows\System\cYwflgC.exe
  C:\Windows\System\cYwflgC.exe
  2⤵
  PID:5168
- C:\Windows\System\kzSSfYS.exe
  C:\Windows\System\kzSSfYS.exe
  2⤵
  PID:5248
- C:\Windows\System\HSiYCyM.exe
  C:\Windows\System\HSiYCyM.exe
  2⤵
  PID:1980
- C:\Windows\System\yxiwlZf.exe
  C:\Windows\System\yxiwlZf.exe
  2⤵
  PID:408
- C:\Windows\System\BTCTIaZ.exe
  C:\Windows\System\BTCTIaZ.exe
  2⤵
  PID:5552
- C:\Windows\System\KJbAtlb.exe
  C:\Windows\System\KJbAtlb.exe
  2⤵
  PID:2944
- C:\Windows\System\LmuMrNa.exe
  C:\Windows\System\LmuMrNa.exe
  2⤵
  PID:1100
- C:\Windows\System\vRmWYpR.exe
  C:\Windows\System\vRmWYpR.exe
  2⤵
  PID:2672
- C:\Windows\System\XrfQGeG.exe
  C:\Windows\System\XrfQGeG.exe
  2⤵
  PID:5752
- C:\Windows\System\DycgBwU.exe
  C:\Windows\System\DycgBwU.exe
  2⤵
  PID:5852
- C:\Windows\System\PQPaGFS.exe
  C:\Windows\System\PQPaGFS.exe
  2⤵
  PID:2704
- C:\Windows\System\sDvpXMu.exe
  C:\Windows\System\sDvpXMu.exe
  2⤵
  PID:5980
- C:\Windows\System\ozyvtvt.exe
  C:\Windows\System\ozyvtvt.exe
  2⤵
  PID:6052
- C:\Windows\System\oKHWjXs.exe
  C:\Windows\System\oKHWjXs.exe
  2⤵
  PID:6020
- C:\Windows\System\mAiHUrn.exe
  C:\Windows\System\mAiHUrn.exe
  2⤵
  PID:5228
- C:\Windows\System\WsiREDh.exe
  C:\Windows\System\WsiREDh.exe
  2⤵
  PID:5312
- C:\Windows\System\PivXZlO.exe
  C:\Windows\System\PivXZlO.exe
  2⤵
  PID:5900
- C:\Windows\System\zZTrgUa.exe
  C:\Windows\System\zZTrgUa.exe
  2⤵
  PID:2616
- C:\Windows\System\NvmykcM.exe
  C:\Windows\System\NvmykcM.exe
  2⤵
  PID:5088
- C:\Windows\System\YRzqiUt.exe
  C:\Windows\System\YRzqiUt.exe
  2⤵
  PID:752
- C:\Windows\System\hiVcCOO.exe
  C:\Windows\System\hiVcCOO.exe
  2⤵
  PID:1332
- C:\Windows\System\PqBZCVa.exe
  C:\Windows\System\PqBZCVa.exe
  2⤵
  PID:5712
- C:\Windows\System\vjbHWNN.exe
  C:\Windows\System\vjbHWNN.exe
  2⤵
  PID:6012
- C:\Windows\System\YGedrTg.exe
  C:\Windows\System\YGedrTg.exe
  2⤵
  PID:2752
- C:\Windows\System\SCpDbqv.exe
  C:\Windows\System\SCpDbqv.exe
  2⤵
  PID:2392
- C:\Windows\System\gKBmzWf.exe
  C:\Windows\System\gKBmzWf.exe
  2⤵
  PID:6116
- C:\Windows\System\WcxgTzG.exe
  C:\Windows\System\WcxgTzG.exe
  2⤵
  PID:5840
- C:\Windows\System\yVEunzg.exe
  C:\Windows\System\yVEunzg.exe
  2⤵
  PID:5548
- C:\Windows\System\bOgYfXn.exe
  C:\Windows\System\bOgYfXn.exe
  2⤵
  PID:5612
- C:\Windows\System\HinuCop.exe
  C:\Windows\System\HinuCop.exe
  2⤵
  PID:5024
- C:\Windows\System\hkFJXcG.exe
  C:\Windows\System\hkFJXcG.exe
  2⤵
  PID:2996
- C:\Windows\System\hFLFEnQ.exe
  C:\Windows\System\hFLFEnQ.exe
  2⤵
  PID:5508
- C:\Windows\System\cqGhCyH.exe
  C:\Windows\System\cqGhCyH.exe
  2⤵
  PID:2588
- C:\Windows\System\fSbXtLK.exe
  C:\Windows\System\fSbXtLK.exe
  2⤵
  PID:5528
- C:\Windows\System\HbmKqPU.exe
  C:\Windows\System\HbmKqPU.exe
  2⤵
  PID:2984
- C:\Windows\System\vhyPAwY.exe
  C:\Windows\System\vhyPAwY.exe
  2⤵
  PID:1244
- C:\Windows\System\vJNmTqu.exe
  C:\Windows\System\vJNmTqu.exe
  2⤵
  PID:5692
- C:\Windows\System\DIcMFBJ.exe
  C:\Windows\System\DIcMFBJ.exe
  2⤵
  PID:6148
- C:\Windows\System\YauPyDZ.exe
  C:\Windows\System\YauPyDZ.exe
  2⤵
  PID:6180
- C:\Windows\System\raoZkLA.exe
  C:\Windows\System\raoZkLA.exe
  2⤵
  PID:6200
- C:\Windows\System\VgqRTfm.exe
  C:\Windows\System\VgqRTfm.exe
  2⤵
  PID:6216
- C:\Windows\System\KWDIwKF.exe
  C:\Windows\System\KWDIwKF.exe
  2⤵
  PID:6232
- C:\Windows\System\lRRyVQB.exe
  C:\Windows\System\lRRyVQB.exe
  2⤵
  PID:6248
- C:\Windows\System\EvaDwim.exe
  C:\Windows\System\EvaDwim.exe
  2⤵
  PID:6264
- C:\Windows\System\FAGbxOH.exe
  C:\Windows\System\FAGbxOH.exe
  2⤵
  PID:6288
- C:\Windows\System\uJDFtzH.exe
  C:\Windows\System\uJDFtzH.exe
  2⤵
  PID:6304
- C:\Windows\System\DxJnqUo.exe
  C:\Windows\System\DxJnqUo.exe
  2⤵
  PID:6320
- C:\Windows\System\QvZRvYv.exe
  C:\Windows\System\QvZRvYv.exe
  2⤵
  PID:6336
- C:\Windows\System\fMxSwwQ.exe
  C:\Windows\System\fMxSwwQ.exe
  2⤵
  PID:6352
- C:\Windows\System\JxTkIkw.exe
  C:\Windows\System\JxTkIkw.exe
  2⤵
  PID:6380
- C:\Windows\System\tREWfjp.exe
  C:\Windows\System\tREWfjp.exe
  2⤵
  PID:6396
- C:\Windows\System\wGreVhz.exe
  C:\Windows\System\wGreVhz.exe
  2⤵
  PID:6412
- C:\Windows\System\bXGurfW.exe
  C:\Windows\System\bXGurfW.exe
  2⤵
  PID:6432
- C:\Windows\System\GblhiwL.exe
  C:\Windows\System\GblhiwL.exe
  2⤵
  PID:6464
- C:\Windows\System\utMwEnM.exe
  C:\Windows\System\utMwEnM.exe
  2⤵
  PID:6480
- C:\Windows\System\KgDtIcK.exe
  C:\Windows\System\KgDtIcK.exe
  2⤵
  PID:6500
- C:\Windows\System\vypBgvx.exe
  C:\Windows\System\vypBgvx.exe
  2⤵
  PID:6520
- C:\Windows\System\MOwzhhw.exe
  C:\Windows\System\MOwzhhw.exe
  2⤵
  PID:6552
- C:\Windows\System\kcYJlsn.exe
  C:\Windows\System\kcYJlsn.exe
  2⤵
  PID:6568
- C:\Windows\System\xWMYdhe.exe
  C:\Windows\System\xWMYdhe.exe
  2⤵
  PID:6584
- C:\Windows\System\QchpOoM.exe
  C:\Windows\System\QchpOoM.exe
  2⤵
  PID:6600
- C:\Windows\System\PbBjAEj.exe
  C:\Windows\System\PbBjAEj.exe
  2⤵
  PID:6616
- C:\Windows\System\WoGtjOS.exe
  C:\Windows\System\WoGtjOS.exe
  2⤵
  PID:6636
- C:\Windows\System\nnAWWLo.exe
  C:\Windows\System\nnAWWLo.exe
  2⤵
  PID:6656
- C:\Windows\System\TWwBuVl.exe
  C:\Windows\System\TWwBuVl.exe
  2⤵
  PID:6676
- C:\Windows\System\fWfULUm.exe
  C:\Windows\System\fWfULUm.exe
  2⤵
  PID:6696
- C:\Windows\System\pBVtskb.exe
  C:\Windows\System\pBVtskb.exe
  2⤵
  PID:6712
- C:\Windows\System\JYtdZoh.exe
  C:\Windows\System\JYtdZoh.exe
  2⤵
  PID:6732
- C:\Windows\System\hUUzhvs.exe
  C:\Windows\System\hUUzhvs.exe
  2⤵
  PID:6748
- C:\Windows\System\DaaYTqk.exe
  C:\Windows\System\DaaYTqk.exe
  2⤵
  PID:6808
- C:\Windows\System\VsIIOKd.exe
  C:\Windows\System\VsIIOKd.exe
  2⤵
  PID:6828
- C:\Windows\System\wPkxSgG.exe
  C:\Windows\System\wPkxSgG.exe
  2⤵
  PID:6844
- C:\Windows\System\qivOqYm.exe
  C:\Windows\System\qivOqYm.exe
  2⤵
  PID:6860
- C:\Windows\System\LmAksVV.exe
  C:\Windows\System\LmAksVV.exe
  2⤵
  PID:6876
- C:\Windows\System\hUhECKD.exe
  C:\Windows\System\hUhECKD.exe
  2⤵
  PID:6896
- C:\Windows\System\CcIRMym.exe
  C:\Windows\System\CcIRMym.exe
  2⤵
  PID:6912
- C:\Windows\System\NmlYxry.exe
  C:\Windows\System\NmlYxry.exe
  2⤵
  PID:6928
- C:\Windows\System\rczzZPC.exe
  C:\Windows\System\rczzZPC.exe
  2⤵
  PID:6944
- C:\Windows\System\hFKjVLk.exe
  C:\Windows\System\hFKjVLk.exe
  2⤵
  PID:6960
- C:\Windows\System\IsweWRK.exe
  C:\Windows\System\IsweWRK.exe
  2⤵
  PID:6976
- C:\Windows\System\TeaOpGp.exe
  C:\Windows\System\TeaOpGp.exe
  2⤵
  PID:7004
- C:\Windows\System\MSsImdF.exe
  C:\Windows\System\MSsImdF.exe
  2⤵
  PID:7020
- C:\Windows\System\xdJtNHT.exe
  C:\Windows\System\xdJtNHT.exe
  2⤵
  PID:7068
- C:\Windows\System\vchDdyX.exe
  C:\Windows\System\vchDdyX.exe
  2⤵
  PID:7088
- C:\Windows\System\MzKMutq.exe
  C:\Windows\System\MzKMutq.exe
  2⤵
  PID:7112
- C:\Windows\System\uoLzHrW.exe
  C:\Windows\System\uoLzHrW.exe
  2⤵
  PID:7128
- C:\Windows\System\zYISWnc.exe
  C:\Windows\System\zYISWnc.exe
  2⤵
  PID:7152
- C:\Windows\System\WSgTASt.exe
  C:\Windows\System\WSgTASt.exe
  2⤵
  PID:5940
- C:\Windows\System\HpjKZDV.exe
  C:\Windows\System\HpjKZDV.exe
  2⤵
  PID:5388
- C:\Windows\System\RDfBMsn.exe
  C:\Windows\System\RDfBMsn.exe
  2⤵
  PID:6156
- C:\Windows\System\mPUxHEV.exe
  C:\Windows\System\mPUxHEV.exe
  2⤵
  PID:6072
- C:\Windows\System\oMKQgYm.exe
  C:\Windows\System\oMKQgYm.exe
  2⤵
  PID:6176
- C:\Windows\System\WshkxNT.exe
  C:\Windows\System\WshkxNT.exe
  2⤵
  PID:6192
- C:\Windows\System\PstAeTW.exe
  C:\Windows\System\PstAeTW.exe
  2⤵
  PID:6272
- C:\Windows\System\jZlScDn.exe
  C:\Windows\System\jZlScDn.exe
  2⤵
  PID:6344
- C:\Windows\System\mASJGNd.exe
  C:\Windows\System\mASJGNd.exe
  2⤵
  PID:6296
- C:\Windows\System\AJqgKtQ.exe
  C:\Windows\System\AJqgKtQ.exe
  2⤵
  PID:6228
- C:\Windows\System\jFsucza.exe
  C:\Windows\System\jFsucza.exe
  2⤵
  PID:6388
- C:\Windows\System\zEvVfwE.exe
  C:\Windows\System\zEvVfwE.exe
  2⤵
  PID:6372
- C:\Windows\System\ufquEyU.exe
  C:\Windows\System\ufquEyU.exe
  2⤵
  PID:6472
- C:\Windows\System\ursdoaI.exe
  C:\Windows\System\ursdoaI.exe
  2⤵
  PID:6448
- C:\Windows\System\OeXOexY.exe
  C:\Windows\System\OeXOexY.exe
  2⤵
  PID:6632
- C:\Windows\System\vctkiJQ.exe
  C:\Windows\System\vctkiJQ.exe
  2⤵
  PID:6596
- C:\Windows\System\CFTaKQr.exe
  C:\Windows\System\CFTaKQr.exe
  2⤵
  PID:6672
- C:\Windows\System\plUKhdB.exe
  C:\Windows\System\plUKhdB.exe
  2⤵
  PID:6708
- C:\Windows\System\lMkUjaB.exe
  C:\Windows\System\lMkUjaB.exe
  2⤵
  PID:6544
- C:\Windows\System\bAqoGUa.exe
  C:\Windows\System\bAqoGUa.exe
  2⤵
  PID:6684
- C:\Windows\System\zZWwLMH.exe
  C:\Windows\System\zZWwLMH.exe
  2⤵
  PID:6456
- C:\Windows\System\nLgBEjJ.exe
  C:\Windows\System\nLgBEjJ.exe
  2⤵
  PID:6776
- C:\Windows\System\iayGgDF.exe
  C:\Windows\System\iayGgDF.exe
  2⤵
  PID:6492
- C:\Windows\System\ggzCfwb.exe
  C:\Windows\System\ggzCfwb.exe
  2⤵
  PID:6648
- C:\Windows\System\aqiiTas.exe
  C:\Windows\System\aqiiTas.exe
  2⤵
  PID:6820
- C:\Windows\System\BtZbvXR.exe
  C:\Windows\System\BtZbvXR.exe
  2⤵
  PID:6884
- C:\Windows\System\nSrGlyY.exe
  C:\Windows\System\nSrGlyY.exe
  2⤵
  PID:6952
- C:\Windows\System\PTADHsC.exe
  C:\Windows\System\PTADHsC.exe
  2⤵
  PID:6992
- C:\Windows\System\WALdVpg.exe
  C:\Windows\System\WALdVpg.exe
  2⤵
  PID:5376
- C:\Windows\System\VxFSENp.exe
  C:\Windows\System\VxFSENp.exe
  2⤵
  PID:7056
- C:\Windows\System\bCkxWUx.exe
  C:\Windows\System\bCkxWUx.exe
  2⤵
  PID:6032
- C:\Windows\System\zvZEbXA.exe
  C:\Windows\System\zvZEbXA.exe
  2⤵
  PID:6904
- C:\Windows\System\apSnttp.exe
  C:\Windows\System\apSnttp.exe
  2⤵
  PID:6968
- C:\Windows\System\HkibUVS.exe
  C:\Windows\System\HkibUVS.exe
  2⤵
  PID:7080
- C:\Windows\System\QBHFGmX.exe
  C:\Windows\System\QBHFGmX.exe
  2⤵
  PID:5796
- C:\Windows\System\ZNBlmaF.exe
  C:\Windows\System\ZNBlmaF.exe
  2⤵
  PID:5336
- C:\Windows\System\gwhScHU.exe
  C:\Windows\System\gwhScHU.exe
  2⤵
  PID:7144
- C:\Windows\System\sWfReDx.exe
  C:\Windows\System\sWfReDx.exe
  2⤵
  PID:6164
- C:\Windows\System\cBCEVzc.exe
  C:\Windows\System\cBCEVzc.exe
  2⤵
  PID:5512
- C:\Windows\System\DXMQwAe.exe
  C:\Windows\System\DXMQwAe.exe
  2⤵
  PID:6284
- C:\Windows\System\oMlJBKl.exe
  C:\Windows\System\oMlJBKl.exe
  2⤵
  PID:6332
- C:\Windows\System\lXNOWWE.exe
  C:\Windows\System\lXNOWWE.exe
  2⤵
  PID:6240
- C:\Windows\System\hYRfkhm.exe
  C:\Windows\System\hYRfkhm.exe
  2⤵
  PID:6224
- C:\Windows\System\HLzCtvF.exe
  C:\Windows\System\HLzCtvF.exe
  2⤵
  PID:6256
- C:\Windows\System\wwHKqBo.exe
  C:\Windows\System\wwHKqBo.exe
  2⤵
  PID:6508
- C:\Windows\System\vcBRbWC.exe
  C:\Windows\System\vcBRbWC.exe
  2⤵
  PID:6624
- C:\Windows\System\wNaLQYg.exe
  C:\Windows\System\wNaLQYg.exe
  2⤵
  PID:6612
- C:\Windows\System\ePfetle.exe
  C:\Windows\System\ePfetle.exe
  2⤵
  PID:6440
- C:\Windows\System\VQJQUrz.exe
  C:\Windows\System\VQJQUrz.exe
  2⤵
  PID:6576
- C:\Windows\System\mGQfaXU.exe
  C:\Windows\System\mGQfaXU.exe
  2⤵
  PID:6564
- C:\Windows\System\yZnewNI.exe
  C:\Windows\System\yZnewNI.exe
  2⤵
  PID:6692
- C:\Windows\System\rWtRhGY.exe
  C:\Windows\System\rWtRhGY.exe
  2⤵
  PID:6724
- C:\Windows\System\HuFTdCc.exe
  C:\Windows\System\HuFTdCc.exe
  2⤵
  PID:7044
- C:\Windows\System\YInmSad.exe
  C:\Windows\System\YInmSad.exe
  2⤵
  PID:7016
- C:\Windows\System\fVgvyPI.exe
  C:\Windows\System\fVgvyPI.exe
  2⤵
  PID:7100
- C:\Windows\System\qGadPGW.exe
  C:\Windows\System\qGadPGW.exe
  2⤵
  PID:2740
- C:\Windows\System\WiQninW.exe
  C:\Windows\System\WiQninW.exe
  2⤵
  PID:6212
- C:\Windows\System\okyBjbP.exe
  C:\Windows\System\okyBjbP.exe
  2⤵
  PID:6740
- C:\Windows\System\LgFWkkR.exe
  C:\Windows\System\LgFWkkR.exe
  2⤵
  PID:6428
- C:\Windows\System\pAyHcOZ.exe
  C:\Windows\System\pAyHcOZ.exe
  2⤵
  PID:6000
- C:\Windows\System\QQPNpJi.exe
  C:\Windows\System\QQPNpJi.exe
  2⤵
  PID:7036
- C:\Windows\System\RzDWfPE.exe
  C:\Windows\System\RzDWfPE.exe
  2⤵
  PID:6940
- C:\Windows\System\GpjrewH.exe
  C:\Windows\System\GpjrewH.exe
  2⤵
  PID:6316
- C:\Windows\System\BqirXAI.exe
  C:\Windows\System\BqirXAI.exe
  2⤵
  PID:7120
- C:\Windows\System\WEIDRhx.exe
  C:\Windows\System\WEIDRhx.exe
  2⤵
  PID:6772
- C:\Windows\System\wWmUWxa.exe
  C:\Windows\System\wWmUWxa.exe
  2⤵
  PID:6788
- C:\Windows\System\ABcCFMc.exe
  C:\Windows\System\ABcCFMc.exe
  2⤵
  PID:6856
- C:\Windows\System\TjURFCf.exe
  C:\Windows\System\TjURFCf.exe
  2⤵
  PID:6924
- C:\Windows\System\EOLiZfV.exe
  C:\Windows\System\EOLiZfV.exe
  2⤵
  PID:5128
- C:\Windows\System\aOGRcFq.exe
  C:\Windows\System\aOGRcFq.exe
  2⤵
  PID:7136
- C:\Windows\System\URhpVej.exe
  C:\Windows\System\URhpVej.exe
  2⤵
  PID:6532
- C:\Windows\System\uiUvNYm.exe
  C:\Windows\System\uiUvNYm.exe
  2⤵
  PID:7064
- C:\Windows\System\jAiNygj.exe
  C:\Windows\System\jAiNygj.exe
  2⤵
  PID:6172
- C:\Windows\System\xLEatIk.exe
  C:\Windows\System\xLEatIk.exe
  2⤵
  PID:7052
- C:\Windows\System\qwmVbOP.exe
  C:\Windows\System\qwmVbOP.exe
  2⤵
  PID:6328
- C:\Windows\System\wLhzjlF.exe
  C:\Windows\System\wLhzjlF.exe
  2⤵
  PID:6780
- C:\Windows\System\kRWaaei.exe
  C:\Windows\System\kRWaaei.exe
  2⤵
  PID:6668
- C:\Windows\System\oCjeOgF.exe
  C:\Windows\System\oCjeOgF.exe
  2⤵
  PID:6920
- C:\Windows\System\SKUaiAG.exe
  C:\Windows\System\SKUaiAG.exe
  2⤵
  PID:7216
- C:\Windows\System\lbTyUOm.exe
  C:\Windows\System\lbTyUOm.exe
  2⤵
  PID:7232
- C:\Windows\System\hvgTzxZ.exe
  C:\Windows\System\hvgTzxZ.exe
  2⤵
  PID:7248
- C:\Windows\System\dVcrpEo.exe
  C:\Windows\System\dVcrpEo.exe
  2⤵
  PID:7268
- C:\Windows\System\vlNAsJq.exe
  C:\Windows\System\vlNAsJq.exe
  2⤵
  PID:7284
- C:\Windows\System\ZqYVGEn.exe
  C:\Windows\System\ZqYVGEn.exe
  2⤵
  PID:7300
- C:\Windows\System\JbPqKZy.exe
  C:\Windows\System\JbPqKZy.exe
  2⤵
  PID:7320
- C:\Windows\System\QiKLHLF.exe
  C:\Windows\System\QiKLHLF.exe
  2⤵
  PID:7336
- C:\Windows\System\WhSerrP.exe
  C:\Windows\System\WhSerrP.exe
  2⤵
  PID:7356
- C:\Windows\System\xTAqBiU.exe
  C:\Windows\System\xTAqBiU.exe
  2⤵
  PID:7372
- C:\Windows\System\sDthUwc.exe
  C:\Windows\System\sDthUwc.exe
  2⤵
  PID:7388
- C:\Windows\System\AMqAtnB.exe
  C:\Windows\System\AMqAtnB.exe
  2⤵
  PID:7404
- C:\Windows\System\UIUpaOx.exe
  C:\Windows\System\UIUpaOx.exe
  2⤵
  PID:7424
- C:\Windows\System\mHxvhZm.exe
  C:\Windows\System\mHxvhZm.exe
  2⤵
  PID:7440
- C:\Windows\System\SiPCesK.exe
  C:\Windows\System\SiPCesK.exe
  2⤵
  PID:7456
- C:\Windows\System\OksSlKW.exe
  C:\Windows\System\OksSlKW.exe
  2⤵
  PID:7480
- C:\Windows\System\FogjwQf.exe
  C:\Windows\System\FogjwQf.exe
  2⤵
  PID:7500
- C:\Windows\System\CtiRHoF.exe
  C:\Windows\System\CtiRHoF.exe
  2⤵
  PID:7520
- C:\Windows\System\IofNQin.exe
  C:\Windows\System\IofNQin.exe
  2⤵
  PID:7536
- C:\Windows\System\VwwVajo.exe
  C:\Windows\System\VwwVajo.exe
  2⤵
  PID:7560
- C:\Windows\System\rhOwEha.exe
  C:\Windows\System\rhOwEha.exe
  2⤵
  PID:7584
- C:\Windows\System\KJwRJXL.exe
  C:\Windows\System\KJwRJXL.exe
  2⤵
  PID:7632
- C:\Windows\System\xDTZowQ.exe
  C:\Windows\System\xDTZowQ.exe
  2⤵
  PID:7656
- C:\Windows\System\KYkrPMN.exe
  C:\Windows\System\KYkrPMN.exe
  2⤵
  PID:7680
- C:\Windows\System\lAsNuGY.exe
  C:\Windows\System\lAsNuGY.exe
  2⤵
  PID:7700
- C:\Windows\System\SKNsGYj.exe
  C:\Windows\System\SKNsGYj.exe
  2⤵
  PID:7716
- C:\Windows\System\pIcIHJO.exe
  C:\Windows\System\pIcIHJO.exe
  2⤵
  PID:7732
- C:\Windows\System\hpMaYMC.exe
  C:\Windows\System\hpMaYMC.exe
  2⤵
  PID:7752
- C:\Windows\System\BLGTNFh.exe
  C:\Windows\System\BLGTNFh.exe
  2⤵
  PID:7792
- C:\Windows\System\WvGKUif.exe
  C:\Windows\System\WvGKUif.exe
  2⤵
  PID:7808
- C:\Windows\System\JoodzEE.exe
  C:\Windows\System\JoodzEE.exe
  2⤵
  PID:7828
- C:\Windows\System\RpZUlTp.exe
  C:\Windows\System\RpZUlTp.exe
  2⤵
  PID:7844
- C:\Windows\System\KastDiV.exe
  C:\Windows\System\KastDiV.exe
  2⤵
  PID:7860
- C:\Windows\System\xCBkQTM.exe
  C:\Windows\System\xCBkQTM.exe
  2⤵
  PID:7880
- C:\Windows\System\OOTCwef.exe
  C:\Windows\System\OOTCwef.exe
  2⤵
  PID:7896
- C:\Windows\System\DtXgUtz.exe
  C:\Windows\System\DtXgUtz.exe
  2⤵
  PID:7912
- C:\Windows\System\HlaFFvw.exe
  C:\Windows\System\HlaFFvw.exe
  2⤵
  PID:7936
- C:\Windows\System\SXaOyTJ.exe
  C:\Windows\System\SXaOyTJ.exe
  2⤵
  PID:7960
- C:\Windows\System\esdVrIk.exe
  C:\Windows\System\esdVrIk.exe
  2⤵
  PID:7976
- C:\Windows\System\yfBBTfS.exe
  C:\Windows\System\yfBBTfS.exe
  2⤵
  PID:7992
- C:\Windows\System\rLrCqnN.exe
  C:\Windows\System\rLrCqnN.exe
  2⤵
  PID:8036
- C:\Windows\System\mrxTafC.exe
  C:\Windows\System\mrxTafC.exe
  2⤵
  PID:8052
- C:\Windows\System\AqBmxNC.exe
  C:\Windows\System\AqBmxNC.exe
  2⤵
  PID:8068
- C:\Windows\System\CUhTkhq.exe
  C:\Windows\System\CUhTkhq.exe
  2⤵
  PID:8084
- C:\Windows\System\BqZSAxX.exe
  C:\Windows\System\BqZSAxX.exe
  2⤵
  PID:8100
- C:\Windows\System\SRwdGcj.exe
  C:\Windows\System\SRwdGcj.exe
  2⤵
  PID:8116
- C:\Windows\System\wMIUeSL.exe
  C:\Windows\System\wMIUeSL.exe
  2⤵
  PID:8136
- C:\Windows\System\ZsQNVLP.exe
  C:\Windows\System\ZsQNVLP.exe
  2⤵
  PID:8160
- C:\Windows\System\aYgTIGz.exe
  C:\Windows\System\aYgTIGz.exe
  2⤵
  PID:8184
- C:\Windows\System\OIXgVTi.exe
  C:\Windows\System\OIXgVTi.exe
  2⤵
  PID:1964
- C:\Windows\System\RAFnbAJ.exe
  C:\Windows\System\RAFnbAJ.exe
  2⤵
  PID:6804
- C:\Windows\System\iBLteqr.exe
  C:\Windows\System\iBLteqr.exe
  2⤵
  PID:6348
- C:\Windows\System\iWpbPKn.exe
  C:\Windows\System\iWpbPKn.exe
  2⤵
  PID:2992
- C:\Windows\System\ZWSUuLh.exe
  C:\Windows\System\ZWSUuLh.exe
  2⤵
  PID:7188
- C:\Windows\System\ThMOHhG.exe
  C:\Windows\System\ThMOHhG.exe
  2⤵
  PID:6764
- C:\Windows\System\qwnrrze.exe
  C:\Windows\System\qwnrrze.exe
  2⤵
  PID:7212
- C:\Windows\System\qAKdTxj.exe
  C:\Windows\System\qAKdTxj.exe
  2⤵
  PID:7260
- C:\Windows\System\RHbKiUa.exe
  C:\Windows\System\RHbKiUa.exe
  2⤵
  PID:7364
- C:\Windows\System\kDwLtbP.exe
  C:\Windows\System\kDwLtbP.exe
  2⤵
  PID:7432
- C:\Windows\System\rqUInco.exe
  C:\Windows\System\rqUInco.exe
  2⤵
  PID:7544
- C:\Windows\System\jCTqOPC.exe
  C:\Windows\System\jCTqOPC.exe
  2⤵
  PID:7412
- C:\Windows\System\VnZJaGV.exe
  C:\Windows\System\VnZJaGV.exe
  2⤵
  PID:7344
- C:\Windows\System\YPSjfsG.exe
  C:\Windows\System\YPSjfsG.exe
  2⤵
  PID:7416
- C:\Windows\System\tBZXNtv.exe
  C:\Windows\System\tBZXNtv.exe
  2⤵
  PID:7492
- C:\Windows\System\CsXeswE.exe
  C:\Windows\System\CsXeswE.exe
  2⤵
  PID:7572
- C:\Windows\System\COVEawR.exe
  C:\Windows\System\COVEawR.exe
  2⤵
  PID:7596
- C:\Windows\System\JmvCrGH.exe
  C:\Windows\System\JmvCrGH.exe
  2⤵
  PID:7600
- C:\Windows\System\GyxeUXi.exe
  C:\Windows\System\GyxeUXi.exe
  2⤵
  PID:7624
- C:\Windows\System\IvqqIGx.exe
  C:\Windows\System\IvqqIGx.exe
  2⤵
  PID:7676
- C:\Windows\System\EFchtBH.exe
  C:\Windows\System\EFchtBH.exe
  2⤵
  PID:7748
- C:\Windows\System\CADBXEq.exe
  C:\Windows\System\CADBXEq.exe
  2⤵
  PID:7760
- C:\Windows\System\ndUTGli.exe
  C:\Windows\System\ndUTGli.exe
  2⤵
  PID:7780
- C:\Windows\System\HmzcADk.exe
  C:\Windows\System\HmzcADk.exe
  2⤵
  PID:7804
- C:\Windows\System\kCdYkSn.exe
  C:\Windows\System\kCdYkSn.exe
  2⤵
  PID:7836
- C:\Windows\System\LmxItOH.exe
  C:\Windows\System\LmxItOH.exe
  2⤵
  PID:7956
- C:\Windows\System\cJhPlqh.exe
  C:\Windows\System\cJhPlqh.exe
  2⤵
  PID:7888
- C:\Windows\System\fKbNjcz.exe
  C:\Windows\System\fKbNjcz.exe
  2⤵
  PID:7924
- C:\Windows\System\xaMuGdi.exe
  C:\Windows\System\xaMuGdi.exe
  2⤵
  PID:8004
- C:\Windows\System\xcqHvou.exe
  C:\Windows\System\xcqHvou.exe
  2⤵
  PID:8016
- C:\Windows\System\hXjEDRQ.exe
  C:\Windows\System\hXjEDRQ.exe
  2⤵
  PID:8032
- C:\Windows\System\gEqQNfl.exe
  C:\Windows\System\gEqQNfl.exe
  2⤵
  PID:8144
- C:\Windows\System\oDbzTMX.exe
  C:\Windows\System\oDbzTMX.exe
  2⤵
  PID:8064
- C:\Windows\System\attXSnJ.exe
  C:\Windows\System\attXSnJ.exe
  2⤵
  PID:8096
- C:\Windows\System\PyUVHcJ.exe
  C:\Windows\System\PyUVHcJ.exe
  2⤵
  PID:8172
- C:\Windows\System\gsxLaXE.exe
  C:\Windows\System\gsxLaXE.exe
  2⤵
  PID:7028
- C:\Windows\System\ILlkIVQ.exe
  C:\Windows\System\ILlkIVQ.exe
  2⤵
  PID:5232
- C:\Windows\System\CiEGQKC.exe
  C:\Windows\System\CiEGQKC.exe
  2⤵
  PID:7200
- C:\Windows\System\nOMiBnR.exe
  C:\Windows\System\nOMiBnR.exe
  2⤵
  PID:7292
- C:\Windows\System\LSQoQxE.exe
  C:\Windows\System\LSQoQxE.exe
  2⤵
  PID:7228
- C:\Windows\System\sliqEHO.exe
  C:\Windows\System\sliqEHO.exe
  2⤵
  PID:7464
- C:\Windows\System\PVpBPgi.exe
  C:\Windows\System\PVpBPgi.exe
  2⤵
  PID:7312
- C:\Windows\System\saolFtr.exe
  C:\Windows\System\saolFtr.exe
  2⤵
  PID:7276
- C:\Windows\System\EeLIrLV.exe
  C:\Windows\System\EeLIrLV.exe
  2⤵
  PID:7384
- C:\Windows\System\hVGVuxt.exe
  C:\Windows\System\hVGVuxt.exe
  2⤵
  PID:7640
- C:\Windows\System\ZEOAuxX.exe
  C:\Windows\System\ZEOAuxX.exe
  2⤵
  PID:7668
- C:\Windows\System\saqDNaq.exe
  C:\Windows\System\saqDNaq.exe
  2⤵
  PID:7316
- C:\Windows\System\tVbKZow.exe
  C:\Windows\System\tVbKZow.exe
  2⤵
  PID:7820
- C:\Windows\System\PxXLdSU.exe
  C:\Windows\System\PxXLdSU.exe
  2⤵
  PID:7724
- C:\Windows\System\dTizrlK.exe
  C:\Windows\System\dTizrlK.exe
  2⤵
  PID:7948
- C:\Windows\System\MlfDscB.exe
  C:\Windows\System\MlfDscB.exe
  2⤵
  PID:7988
- C:\Windows\System\zsBJeqS.exe
  C:\Windows\System\zsBJeqS.exe
  2⤵
  PID:7944
- C:\Windows\System\FhZFeHa.exe
  C:\Windows\System\FhZFeHa.exe
  2⤵
  PID:8020
- C:\Windows\System\UhdVVAZ.exe
  C:\Windows\System\UhdVVAZ.exe
  2⤵
  PID:8112
- C:\Windows\System\jiaZtFA.exe
  C:\Windows\System\jiaZtFA.exe
  2⤵
  PID:8152
- C:\Windows\System\QTXMJnG.exe
  C:\Windows\System\QTXMJnG.exe
  2⤵
  PID:6800
- C:\Windows\System\EQErdWo.exe
  C:\Windows\System\EQErdWo.exe
  2⤵
  PID:8180
- C:\Windows\System\XUAhnrl.exe
  C:\Windows\System\XUAhnrl.exe
  2⤵
  PID:7172
- C:\Windows\System\oOZAsyX.exe
  C:\Windows\System\oOZAsyX.exe
  2⤵
  PID:7208
- C:\Windows\System\qQAigoW.exe
  C:\Windows\System\qQAigoW.exe
  2⤵
  PID:7512
- C:\Windows\System\QBAtOLx.exe
  C:\Windows\System\QBAtOLx.exe
  2⤵
  PID:7556
- C:\Windows\System\igWQrCC.exe
  C:\Windows\System\igWQrCC.exe
  2⤵
  PID:7604
- C:\Windows\System\rpYNzYM.exe
  C:\Windows\System\rpYNzYM.exe
  2⤵
  PID:7608
- C:\Windows\System\LgTuNsL.exe
  C:\Windows\System\LgTuNsL.exe
  2⤵
  PID:7868
- C:\Windows\System\JyHfgER.exe
  C:\Windows\System\JyHfgER.exe
  2⤵
  PID:8076
- C:\Windows\System\mSUxtHt.exe
  C:\Windows\System\mSUxtHt.exe
  2⤵
  PID:7876
- C:\Windows\System\IWqpkIM.exe
  C:\Windows\System\IWqpkIM.exe
  2⤵
  PID:8092
- C:\Windows\System\bsBJtHn.exe
  C:\Windows\System\bsBJtHn.exe
  2⤵
  PID:8156
- C:\Windows\System\crpfyRK.exe
  C:\Windows\System\crpfyRK.exe
  2⤵
  PID:5872
- C:\Windows\System\pcdraEV.exe
  C:\Windows\System\pcdraEV.exe
  2⤵
  PID:7352
- C:\Windows\System\YaHLQjH.exe
  C:\Windows\System\YaHLQjH.exe
  2⤵
  PID:7448
- C:\Windows\System\oMxADkr.exe
  C:\Windows\System\oMxADkr.exe
  2⤵
  PID:7708
- C:\Windows\System\uciGVFc.exe
  C:\Windows\System\uciGVFc.exe
  2⤵
  PID:7768
- C:\Windows\System\TQTIOuL.exe
  C:\Windows\System\TQTIOuL.exe
  2⤵
  PID:8124
- C:\Windows\System\VgRZPPU.exe
  C:\Windows\System\VgRZPPU.exe
  2⤵
  PID:7476
- C:\Windows\System\bNHLeGz.exe
  C:\Windows\System\bNHLeGz.exe
  2⤵
  PID:7908
- C:\Windows\System\brSBrrs.exe
  C:\Windows\System\brSBrrs.exe
  2⤵
  PID:7892
- C:\Windows\System\XBlZKkv.exe
  C:\Windows\System\XBlZKkv.exe
  2⤵
  PID:7012
- C:\Windows\System\QzzxMDe.exe
  C:\Windows\System\QzzxMDe.exe
  2⤵
  PID:7224
- C:\Windows\System\XBLNBYi.exe
  C:\Windows\System\XBLNBYi.exe
  2⤵
  PID:8012
- C:\Windows\System\NhOghRa.exe
  C:\Windows\System\NhOghRa.exe
  2⤵
  PID:7692
- C:\Windows\System\qUYkVEF.exe
  C:\Windows\System\qUYkVEF.exe
  2⤵
  PID:7244
- C:\Windows\System\oqlhOuc.exe
  C:\Windows\System\oqlhOuc.exe
  2⤵
  PID:7256
- C:\Windows\System\bBuIKRC.exe
  C:\Windows\System\bBuIKRC.exe
  2⤵
  PID:7328
- C:\Windows\System\sjagGCw.exe
  C:\Windows\System\sjagGCw.exe
  2⤵
  PID:6424
- C:\Windows\System\pWbxHJc.exe
  C:\Windows\System\pWbxHJc.exe
  2⤵
  PID:8200
- C:\Windows\System\NwhMLBd.exe
  C:\Windows\System\NwhMLBd.exe
  2⤵
  PID:8216
- C:\Windows\System\cWOiMHs.exe
  C:\Windows\System\cWOiMHs.exe
  2⤵
  PID:8232
- C:\Windows\System\WiWaEwr.exe
  C:\Windows\System\WiWaEwr.exe
  2⤵
  PID:8276
- C:\Windows\System\yXLbsIC.exe
  C:\Windows\System\yXLbsIC.exe
  2⤵
  PID:8292
- C:\Windows\System\cMGdsWE.exe
  C:\Windows\System\cMGdsWE.exe
  2⤵
  PID:8320
- C:\Windows\System\ZkPaytb.exe
  C:\Windows\System\ZkPaytb.exe
  2⤵
  PID:8336
- C:\Windows\System\BCBQCWZ.exe
  C:\Windows\System\BCBQCWZ.exe
  2⤵
  PID:8360
- C:\Windows\System\XeJyUDv.exe
  C:\Windows\System\XeJyUDv.exe
  2⤵
  PID:8376
- C:\Windows\System\TyQWOeM.exe
  C:\Windows\System\TyQWOeM.exe
  2⤵
  PID:8392
- C:\Windows\System\POCBpzv.exe
  C:\Windows\System\POCBpzv.exe
  2⤵
  PID:8412
- C:\Windows\System\dxkXEqP.exe
  C:\Windows\System\dxkXEqP.exe
  2⤵
  PID:8436
- C:\Windows\System\dpgznAW.exe
  C:\Windows\System\dpgznAW.exe
  2⤵
  PID:8456
- C:\Windows\System\CyCZKOu.exe
  C:\Windows\System\CyCZKOu.exe
  2⤵
  PID:8476
- C:\Windows\System\oIXYUub.exe
  C:\Windows\System\oIXYUub.exe
  2⤵
  PID:8492
- C:\Windows\System\zvHBpjB.exe
  C:\Windows\System\zvHBpjB.exe
  2⤵
  PID:8520
- C:\Windows\System\EZUbxzi.exe
  C:\Windows\System\EZUbxzi.exe
  2⤵
  PID:8536
- C:\Windows\System\OwQGDUE.exe
  C:\Windows\System\OwQGDUE.exe
  2⤵
  PID:8552
- C:\Windows\System\BOSneds.exe
  C:\Windows\System\BOSneds.exe
  2⤵
  PID:8568
- C:\Windows\System\IALIKHf.exe
  C:\Windows\System\IALIKHf.exe
  2⤵
  PID:8596
- C:\Windows\System\itPeevG.exe
  C:\Windows\System\itPeevG.exe
  2⤵
  PID:8612
- C:\Windows\System\phKrBbV.exe
  C:\Windows\System\phKrBbV.exe
  2⤵
  PID:8636
- C:\Windows\System\ahHbFru.exe
  C:\Windows\System\ahHbFru.exe
  2⤵
  PID:8656
- C:\Windows\System\qNkvesO.exe
  C:\Windows\System\qNkvesO.exe
  2⤵
  PID:8672
- C:\Windows\System\bUeRgwm.exe
  C:\Windows\System\bUeRgwm.exe
  2⤵
  PID:8688
- C:\Windows\System\zKSAcDc.exe
  C:\Windows\System\zKSAcDc.exe
  2⤵
  PID:8704
- C:\Windows\System\MDYGOiw.exe
  C:\Windows\System\MDYGOiw.exe
  2⤵
  PID:8724
- C:\Windows\System\fAYYewi.exe
  C:\Windows\System\fAYYewi.exe
  2⤵
  PID:8744
- C:\Windows\System\IOXfYtu.exe
  C:\Windows\System\IOXfYtu.exe
  2⤵
  PID:8768
- C:\Windows\System\GEFBrnK.exe
  C:\Windows\System\GEFBrnK.exe
  2⤵
  PID:8800
- C:\Windows\System\xcfrAQS.exe
  C:\Windows\System\xcfrAQS.exe
  2⤵
  PID:8816
- C:\Windows\System\pmqMgoq.exe
  C:\Windows\System\pmqMgoq.exe
  2⤵
  PID:8832
- C:\Windows\System\BzhalCA.exe
  C:\Windows\System\BzhalCA.exe
  2⤵
  PID:8852
- C:\Windows\System\qdHajKw.exe
  C:\Windows\System\qdHajKw.exe
  2⤵
  PID:8872
- C:\Windows\System\WKBSyIn.exe
  C:\Windows\System\WKBSyIn.exe
  2⤵
  PID:8892
- C:\Windows\System\pCfwdjz.exe
  C:\Windows\System\pCfwdjz.exe
  2⤵
  PID:8916
- C:\Windows\System\LkBqYBA.exe
  C:\Windows\System\LkBqYBA.exe
  2⤵
  PID:8936
- C:\Windows\System\STSMSIN.exe
  C:\Windows\System\STSMSIN.exe
  2⤵
  PID:8952
- C:\Windows\System\FKkoFeP.exe
  C:\Windows\System\FKkoFeP.exe
  2⤵
  PID:8968
- C:\Windows\System\GOqNqPG.exe
  C:\Windows\System\GOqNqPG.exe
  2⤵
  PID:8984
- C:\Windows\System\ndyFRQa.exe
  C:\Windows\System\ndyFRQa.exe
  2⤵
  PID:9024
- C:\Windows\System\heIbOMr.exe
  C:\Windows\System\heIbOMr.exe
  2⤵
  PID:9040
- C:\Windows\System\cLDccCG.exe
  C:\Windows\System\cLDccCG.exe
  2⤵
  PID:9056
- C:\Windows\System\ocsrfTq.exe
  C:\Windows\System\ocsrfTq.exe
  2⤵
  PID:9076
- C:\Windows\System\TWhrZfI.exe
  C:\Windows\System\TWhrZfI.exe
  2⤵
  PID:9092
- C:\Windows\System\biXABGB.exe
  C:\Windows\System\biXABGB.exe
  2⤵
  PID:9108
- C:\Windows\System\qqxZAZF.exe
  C:\Windows\System\qqxZAZF.exe
  2⤵
  PID:9128
- C:\Windows\System\nrCEUPz.exe
  C:\Windows\System\nrCEUPz.exe
  2⤵
  PID:9152
- C:\Windows\System\ZbyVRqV.exe
  C:\Windows\System\ZbyVRqV.exe
  2⤵
  PID:9172
- C:\Windows\System\ZQHccqm.exe
  C:\Windows\System\ZQHccqm.exe
  2⤵
  PID:9188
- C:\Windows\System\XThqxLL.exe
  C:\Windows\System\XThqxLL.exe
  2⤵
  PID:7184
- C:\Windows\System\uhhIQpT.exe
  C:\Windows\System\uhhIQpT.exe
  2⤵
  PID:8208
- C:\Windows\System\deYheJj.exe
  C:\Windows\System\deYheJj.exe
  2⤵
  PID:8060
- C:\Windows\System\AYUxefT.exe
  C:\Windows\System\AYUxefT.exe
  2⤵
  PID:8264
- C:\Windows\System\aRXGzjC.exe
  C:\Windows\System\aRXGzjC.exe
  2⤵
  PID:8308
- C:\Windows\System\hUlZvAL.exe
  C:\Windows\System\hUlZvAL.exe
  2⤵
  PID:8304
- C:\Windows\System\ZDvNBqd.exe
  C:\Windows\System\ZDvNBqd.exe
  2⤵
  PID:8348
- C:\Windows\System\OyhNIbD.exe
  C:\Windows\System\OyhNIbD.exe
  2⤵
  PID:8372
- C:\Windows\System\NLNPRkr.exe
  C:\Windows\System\NLNPRkr.exe
  2⤵
  PID:8408
- C:\Windows\System\rYXNYfo.exe
  C:\Windows\System\rYXNYfo.exe
  2⤵
  PID:8464
- C:\Windows\System\vAaiBNi.exe
  C:\Windows\System\vAaiBNi.exe
  2⤵
  PID:7928
- C:\Windows\System\OsJPrJh.exe
  C:\Windows\System\OsJPrJh.exe
  2⤵
  PID:8544
- C:\Windows\System\tXiEgWg.exe
  C:\Windows\System\tXiEgWg.exe
  2⤵
  PID:8564
- C:\Windows\System\AuRqGfv.exe
  C:\Windows\System\AuRqGfv.exe
  2⤵
  PID:8632
- C:\Windows\System\bUSqVFg.exe
  C:\Windows\System\bUSqVFg.exe
  2⤵
  PID:8648
- C:\Windows\System\pvSxDuO.exe
  C:\Windows\System\pvSxDuO.exe
  2⤵
  PID:8700
- C:\Windows\System\SLXzacN.exe
  C:\Windows\System\SLXzacN.exe
  2⤵
  PID:8712
- C:\Windows\System\CdalAIZ.exe
  C:\Windows\System\CdalAIZ.exe
  2⤵
  PID:8752
- C:\Windows\System\GbCYiCp.exe
  C:\Windows\System\GbCYiCp.exe
  2⤵
  PID:8760
- C:\Windows\System\tuMPuuQ.exe
  C:\Windows\System\tuMPuuQ.exe
  2⤵
  PID:8824
- C:\Windows\System\JmqgVHF.exe
  C:\Windows\System\JmqgVHF.exe
  2⤵
  PID:8900
- C:\Windows\System\ahLZJEw.exe
  C:\Windows\System\ahLZJEw.exe
  2⤵
  PID:8904
- C:\Windows\System\XkAVuIG.exe
  C:\Windows\System\XkAVuIG.exe
  2⤵
  PID:8948
- C:\Windows\System\spaKpRC.exe
  C:\Windows\System\spaKpRC.exe
  2⤵
  PID:8980
- C:\Windows\System\rOTpMUI.exe
  C:\Windows\System\rOTpMUI.exe
  2⤵
  PID:8928
- C:\Windows\System\tbUrpjh.exe
  C:\Windows\System\tbUrpjh.exe
  2⤵
  PID:8992
- C:\Windows\System\EeiSKSX.exe
  C:\Windows\System\EeiSKSX.exe
  2⤵
  PID:9064
- C:\Windows\System\xJRAUYu.exe
  C:\Windows\System\xJRAUYu.exe
  2⤵
  PID:9148
- C:\Windows\System\vsBekgA.exe
  C:\Windows\System\vsBekgA.exe
  2⤵
  PID:9048
- C:\Windows\System\DtbeMpi.exe
  C:\Windows\System\DtbeMpi.exe
  2⤵
  PID:9120
- C:\Windows\System\KIdeOGj.exe
  C:\Windows\System\KIdeOGj.exe
  2⤵
  PID:6540
- C:\Windows\System\siELCEo.exe
  C:\Windows\System\siELCEo.exe
  2⤵
  PID:8228
- C:\Windows\System\kYVhaUP.exe
  C:\Windows\System\kYVhaUP.exe
  2⤵
  PID:8316
- C:\Windows\System\fYzMxyl.exe
  C:\Windows\System\fYzMxyl.exe
  2⤵
  PID:8368
- C:\Windows\System\tDfWbGe.exe
  C:\Windows\System\tDfWbGe.exe
  2⤵
  PID:8508
- C:\Windows\System\CqipHBi.exe
  C:\Windows\System\CqipHBi.exe
  2⤵
  PID:8344
- C:\Windows\System\SknOghl.exe
  C:\Windows\System\SknOghl.exe
  2⤵
  PID:8404
- C:\Windows\System\avwIlvX.exe
  C:\Windows\System\avwIlvX.exe
  2⤵
  PID:8448
- C:\Windows\System\UVTjgqs.exe
  C:\Windows\System\UVTjgqs.exe
  2⤵
  PID:8272
- C:\Windows\System\cnxSpfc.exe
  C:\Windows\System\cnxSpfc.exe
  2⤵
  PID:8588
- C:\Windows\System\MGHGtMD.exe
  C:\Windows\System\MGHGtMD.exe
  2⤵
  PID:8720
- C:\Windows\System\WntxTIp.exe
  C:\Windows\System\WntxTIp.exe
  2⤵
  PID:8784
- C:\Windows\System\fvqaUYt.exe
  C:\Windows\System\fvqaUYt.exe
  2⤵
  PID:8908
- C:\Windows\System\ANFLlmw.exe
  C:\Windows\System\ANFLlmw.exe
  2⤵
  PID:8888
- C:\Windows\System\vwghKcP.exe
  C:\Windows\System\vwghKcP.exe
  2⤵
  PID:8864
- C:\Windows\System\poImGBR.exe
  C:\Windows\System\poImGBR.exe
  2⤵
  PID:9020
- C:\Windows\System\YloUgCM.exe
  C:\Windows\System\YloUgCM.exe
  2⤵
  PID:9004
- C:\Windows\System\zlotjpx.exe
  C:\Windows\System\zlotjpx.exe
  2⤵
  PID:9100
- C:\Windows\System\kWJLNAr.exe
  C:\Windows\System\kWJLNAr.exe
  2⤵
  PID:9144
- C:\Windows\System\ZnxCxqr.exe
  C:\Windows\System\ZnxCxqr.exe
  2⤵
  PID:9200
- C:\Windows\System\zfjXbfP.exe
  C:\Windows\System\zfjXbfP.exe
  2⤵
  PID:9208
- C:\Windows\System\qBFzLSm.exe
  C:\Windows\System\qBFzLSm.exe
  2⤵
  PID:8256
- C:\Windows\System\rAGWChq.exe
  C:\Windows\System\rAGWChq.exe
  2⤵
  PID:8532
- C:\Windows\System\dyJIfiH.exe
  C:\Windows\System\dyJIfiH.exe
  2⤵
  PID:8284
- C:\Windows\System\rdjDsIM.exe
  C:\Windows\System\rdjDsIM.exe
  2⤵
  PID:8736
- C:\Windows\System\VLPBiGc.exe
  C:\Windows\System\VLPBiGc.exe
  2⤵
  PID:8644
- C:\Windows\System\WZFSlAV.exe
  C:\Windows\System\WZFSlAV.exe
  2⤵
  PID:8848
- C:\Windows\System\EKwjXJl.exe
  C:\Windows\System\EKwjXJl.exe
  2⤵
  PID:8964
- C:\Windows\System\RxXUniD.exe
  C:\Windows\System\RxXUniD.exe
  2⤵
  PID:8944
- C:\Windows\System\HHZXcot.exe
  C:\Windows\System\HHZXcot.exe
  2⤵
  PID:8224
- C:\Windows\System\cclxkCo.exe
  C:\Windows\System\cclxkCo.exe
  2⤵
  PID:9140
- C:\Windows\System\LcFRlFf.exe
  C:\Windows\System\LcFRlFf.exe
  2⤵
  PID:6244
- C:\Windows\System\gCWYxGT.exe
  C:\Windows\System\gCWYxGT.exe
  2⤵
  PID:9204
- C:\Windows\System\kiLNWmT.exe
  C:\Windows\System\kiLNWmT.exe
  2⤵
  PID:8420
- C:\Windows\System\qxPkfHG.exe
  C:\Windows\System\qxPkfHG.exe
  2⤵
  PID:8628
- C:\Windows\System\ILDmfvc.exe
  C:\Windows\System\ILDmfvc.exe
  2⤵
  PID:8796
- C:\Windows\System\BHHwhpX.exe
  C:\Windows\System\BHHwhpX.exe
  2⤵
  PID:9032
- C:\Windows\System\celEEre.exe
  C:\Windows\System\celEEre.exe
  2⤵
  PID:9164
- C:\Windows\System\YAvSdeC.exe
  C:\Windows\System\YAvSdeC.exe
  2⤵
  PID:9104
- C:\Windows\System\YDOHNBq.exe
  C:\Windows\System\YDOHNBq.exe
  2⤵
  PID:8500
- C:\Windows\System\ZVqpBDy.exe
  C:\Windows\System\ZVqpBDy.exe
  2⤵
  PID:9220
- C:\Windows\System\eGOJVKS.exe
  C:\Windows\System\eGOJVKS.exe
  2⤵
  PID:9236
- C:\Windows\System\PgpAUMU.exe
  C:\Windows\System\PgpAUMU.exe
  2⤵
  PID:9252
- C:\Windows\System\DXIEcgR.exe
  C:\Windows\System\DXIEcgR.exe
  2⤵
  PID:9272
- C:\Windows\System\hWFzNza.exe
  C:\Windows\System\hWFzNza.exe
  2⤵
  PID:9296
- C:\Windows\System\hcYIuwi.exe
  C:\Windows\System\hcYIuwi.exe
  2⤵
  PID:9312
- C:\Windows\System\udGxfNo.exe
  C:\Windows\System\udGxfNo.exe
  2⤵
  PID:9328
- C:\Windows\System\loPTEUz.exe
  C:\Windows\System\loPTEUz.exe
  2⤵
  PID:9344
- C:\Windows\System\PHJhXCV.exe
  C:\Windows\System\PHJhXCV.exe
  2⤵
  PID:9360
- C:\Windows\System\EOigdHA.exe
  C:\Windows\System\EOigdHA.exe
  2⤵
  PID:9380
- C:\Windows\System\UnysPYJ.exe
  C:\Windows\System\UnysPYJ.exe
  2⤵
  PID:9396
- C:\Windows\System\dZaqdit.exe
  C:\Windows\System\dZaqdit.exe
  2⤵
  PID:9412
- C:\Windows\System\XQHweJo.exe
  C:\Windows\System\XQHweJo.exe
  2⤵
  PID:9432
- C:\Windows\System\zdUcSJu.exe
  C:\Windows\System\zdUcSJu.exe
  2⤵
  PID:9456
- C:\Windows\System\McBPYAV.exe
  C:\Windows\System\McBPYAV.exe
  2⤵
  PID:9496
- C:\Windows\System\LeXumhP.exe
  C:\Windows\System\LeXumhP.exe
  2⤵
  PID:9528
- C:\Windows\System\CnaixHn.exe
  C:\Windows\System\CnaixHn.exe
  2⤵
  PID:9548
- C:\Windows\System\nozThWB.exe
  C:\Windows\System\nozThWB.exe
  2⤵
  PID:9576
- C:\Windows\System\LManBAB.exe
  C:\Windows\System\LManBAB.exe
  2⤵
  PID:9600
- C:\Windows\System\rNXczpR.exe
  C:\Windows\System\rNXczpR.exe
  2⤵
  PID:9620
- C:\Windows\System\MCVlQEY.exe
  C:\Windows\System\MCVlQEY.exe
  2⤵
  PID:9640
- C:\Windows\System\NJGqZOu.exe
  C:\Windows\System\NJGqZOu.exe
  2⤵
  PID:9660
- C:\Windows\System\AEuOsTK.exe
  C:\Windows\System\AEuOsTK.exe
  2⤵
  PID:9676
- C:\Windows\System\fqUfyff.exe
  C:\Windows\System\fqUfyff.exe
  2⤵
  PID:9692
- C:\Windows\System\ODBZpDt.exe
  C:\Windows\System\ODBZpDt.exe
  2⤵
  PID:9708
- C:\Windows\System\NIYCyhV.exe
  C:\Windows\System\NIYCyhV.exe
  2⤵
  PID:9732
- C:\Windows\System\IkSCMMS.exe
  C:\Windows\System\IkSCMMS.exe
  2⤵
  PID:9752
- C:\Windows\System\VfrNRXh.exe
  C:\Windows\System\VfrNRXh.exe
  2⤵
  PID:9768
- C:\Windows\System\Rncqnlq.exe
  C:\Windows\System\Rncqnlq.exe
  2⤵
  PID:9792
- C:\Windows\System\ABXFAfD.exe
  C:\Windows\System\ABXFAfD.exe
  2⤵
  PID:9808
- C:\Windows\System\EbjrIZi.exe
  C:\Windows\System\EbjrIZi.exe
  2⤵
  PID:9824
- C:\Windows\System\sPNMHCU.exe
  C:\Windows\System\sPNMHCU.exe
  2⤵
  PID:9844
- C:\Windows\System\oNzXkpL.exe
  C:\Windows\System\oNzXkpL.exe
  2⤵
  PID:9860
- C:\Windows\System\UpkRypG.exe
  C:\Windows\System\UpkRypG.exe
  2⤵
  PID:9876
- C:\Windows\System\hUbYKSx.exe
  C:\Windows\System\hUbYKSx.exe
  2⤵
  PID:9892
- C:\Windows\System\UCtIlpC.exe
  C:\Windows\System\UCtIlpC.exe
  2⤵
  PID:9940
- C:\Windows\System\bejwbMv.exe
  C:\Windows\System\bejwbMv.exe
  2⤵
  PID:9956
- C:\Windows\System\YceQiek.exe
  C:\Windows\System\YceQiek.exe
  2⤵
  PID:9972
- C:\Windows\System\KIaIVrK.exe
  C:\Windows\System\KIaIVrK.exe
  2⤵
  PID:9988
- C:\Windows\System\XJYzxCF.exe
  C:\Windows\System\XJYzxCF.exe
  2⤵
  PID:10004
- C:\Windows\System\WQvzNpq.exe
  C:\Windows\System\WQvzNpq.exe
  2⤵
  PID:10020
- C:\Windows\System\Agsciqk.exe
  C:\Windows\System\Agsciqk.exe
  2⤵
  PID:10040
- C:\Windows\System\HNKCQBr.exe
  C:\Windows\System\HNKCQBr.exe
  2⤵
  PID:10056
- C:\Windows\System\zxmBeYi.exe
  C:\Windows\System\zxmBeYi.exe
  2⤵
  PID:10072
- C:\Windows\System\wHvTQux.exe
  C:\Windows\System\wHvTQux.exe
  2⤵
  PID:10088
- C:\Windows\System\KKWBKou.exe
  C:\Windows\System\KKWBKou.exe
  2⤵
  PID:10104
- C:\Windows\System\PTNeYTe.exe
  C:\Windows\System\PTNeYTe.exe
  2⤵
  PID:10124
- C:\Windows\System\NIauEZH.exe
  C:\Windows\System\NIauEZH.exe
  2⤵
  PID:10140
- C:\Windows\System\pRPDzuQ.exe
  C:\Windows\System\pRPDzuQ.exe
  2⤵
  PID:10156
- C:\Windows\System\jUSoCKG.exe
  C:\Windows\System\jUSoCKG.exe
  2⤵
  PID:10172
- C:\Windows\System\FIFGOjH.exe
  C:\Windows\System\FIFGOjH.exe
  2⤵
  PID:10188
- C:\Windows\System\woLqPMd.exe
  C:\Windows\System\woLqPMd.exe
  2⤵
  PID:10204
- C:\Windows\System\DVHcVil.exe
  C:\Windows\System\DVHcVil.exe
  2⤵
  PID:10220
- C:\Windows\System\njsAjLp.exe
  C:\Windows\System\njsAjLp.exe
  2⤵
  PID:10236
- C:\Windows\System\cGwnAUG.exe
  C:\Windows\System\cGwnAUG.exe
  2⤵
  PID:9036
- C:\Windows\System\nvRIYDM.exe
  C:\Windows\System\nvRIYDM.exe
  2⤵
  PID:8684
- C:\Windows\System\lGdtFgW.exe
  C:\Windows\System\lGdtFgW.exe
  2⤵
  PID:9292
- C:\Windows\System\iZekbRO.exe
  C:\Windows\System\iZekbRO.exe
  2⤵
  PID:9324
- C:\Windows\System\awXALGE.exe
  C:\Windows\System\awXALGE.exe
  2⤵
  PID:9356
- C:\Windows\System\FMcBMHv.exe
  C:\Windows\System\FMcBMHv.exe
  2⤵
  PID:9424
- C:\Windows\System\BGzDiEW.exe
  C:\Windows\System\BGzDiEW.exe
  2⤵
  PID:9464
- C:\Windows\System\kmPWsnk.exe
  C:\Windows\System\kmPWsnk.exe
  2⤵
  PID:9484
- C:\Windows\System\oXjTnXz.exe
  C:\Windows\System\oXjTnXz.exe
  2⤵
  PID:9492
- C:\Windows\System\IcwxCmY.exe
  C:\Windows\System\IcwxCmY.exe
  2⤵
  PID:9304
- C:\Windows\System\AMgLRtY.exe
  C:\Windows\System\AMgLRtY.exe
  2⤵
  PID:9340
- C:\Windows\System\NtnbmzK.exe
  C:\Windows\System\NtnbmzK.exe
  2⤵
  PID:9512
- C:\Windows\System\uXekxJw.exe
  C:\Windows\System\uXekxJw.exe
  2⤵
  PID:9556
- C:\Windows\System\aHhfYTW.exe
  C:\Windows\System\aHhfYTW.exe
  2⤵
  PID:9596
- C:\Windows\System\vmCvLYr.exe
  C:\Windows\System\vmCvLYr.exe
  2⤵
  PID:9616
- C:\Windows\System\gWYRELb.exe
  C:\Windows\System\gWYRELb.exe
  2⤵
  PID:9628
- C:\Windows\System\pPBXWGy.exe
  C:\Windows\System\pPBXWGy.exe
  2⤵
  PID:9700
- C:\Windows\System\GkpQJdK.exe
  C:\Windows\System\GkpQJdK.exe
  2⤵
  PID:9748
- C:\Windows\System\eRUVJyE.exe
  C:\Windows\System\eRUVJyE.exe
  2⤵
  PID:9760
- C:\Windows\System\qiiZDFE.exe
  C:\Windows\System\qiiZDFE.exe
  2⤵
  PID:9840
- C:\Windows\System\kVirvNJ.exe
  C:\Windows\System\kVirvNJ.exe
  2⤵
  PID:9788
- C:\Windows\System\boyUSne.exe
  C:\Windows\System\boyUSne.exe
  2⤵
  PID:9872
- C:\Windows\System\YgKQpfK.exe
  C:\Windows\System\YgKQpfK.exe
  2⤵
  PID:9920
- C:\Windows\System\VbOMdNh.exe
  C:\Windows\System\VbOMdNh.exe
  2⤵
  PID:9856
- C:\Windows\System\mDzQBLW.exe
  C:\Windows\System\mDzQBLW.exe
  2⤵
  PID:9996
- C:\Windows\System\JNlhNal.exe
  C:\Windows\System\JNlhNal.exe
  2⤵
  PID:9948
- C:\Windows\System\sVAEFcS.exe
  C:\Windows\System\sVAEFcS.exe
  2⤵
  PID:10116
- C:\Windows\System\BDQJhJu.exe
  C:\Windows\System\BDQJhJu.exe
  2⤵
  PID:8580
- C:\Windows\System\oEzZRYF.exe
  C:\Windows\System\oEzZRYF.exe
  2⤵
  PID:10212
- C:\Windows\System\bIvPqBy.exe
  C:\Windows\System\bIvPqBy.exe
  2⤵
  PID:9420
- C:\Windows\System\hjRyZBM.exe
  C:\Windows\System\hjRyZBM.exe
  2⤵
  PID:8792
- C:\Windows\System\qscvtFm.exe
  C:\Windows\System\qscvtFm.exe
  2⤵
  PID:9012
- C:\Windows\System\IAvGkhu.exe
  C:\Windows\System\IAvGkhu.exe
  2⤵
  PID:9248
- C:\Windows\System\nkrGLRf.exe
  C:\Windows\System\nkrGLRf.exe
  2⤵
  PID:9488
- C:\Windows\System\FmAenei.exe
  C:\Windows\System\FmAenei.exe
  2⤵
  PID:9268
- C:\Windows\System\EXHZqZJ.exe
  C:\Windows\System\EXHZqZJ.exe
  2⤵
  PID:9452
- C:\Windows\System\tbNWuDR.exe
  C:\Windows\System\tbNWuDR.exe
  2⤵
  PID:9584
- C:\Windows\System\pzXbmeT.exe
  C:\Windows\System\pzXbmeT.exe
  2⤵
  PID:9636
- C:\Windows\System\lxbEiVd.exe
  C:\Windows\System\lxbEiVd.exe
  2⤵
  PID:9608
- C:\Windows\System\qSmpMVb.exe
  C:\Windows\System\qSmpMVb.exe
  2⤵
  PID:9836
- C:\Windows\System\efKAlwx.exe
  C:\Windows\System\efKAlwx.exe
  2⤵
  PID:9928
- C:\Windows\System\umUfzaQ.exe
  C:\Windows\System\umUfzaQ.exe
  2⤵
  PID:9904
- C:\Windows\System\WeDbUPc.exe
  C:\Windows\System\WeDbUPc.exe
  2⤵
  PID:9780
- C:\Windows\System\SuHevMR.exe
  C:\Windows\System\SuHevMR.exe
  2⤵
  PID:9968
- C:\Windows\System\OUlaTQo.exe
  C:\Windows\System\OUlaTQo.exe
  2⤵
  PID:10112
- C:\Windows\System\hNKIEpx.exe
  C:\Windows\System\hNKIEpx.exe
  2⤵
  PID:10012
- C:\Windows\System\QHpykMx.exe
  C:\Windows\System\QHpykMx.exe
  2⤵
  PID:10152
- C:\Windows\System\PJdfRdR.exe
  C:\Windows\System\PJdfRdR.exe
  2⤵
  PID:10148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\IGUAUCZ.exe

Filesize
6.0MB

MD5
6a70212f12b6099b30ad34b71f93804f

SHA1
1a554f29e58b73345cfcfb49a557212f80382d8c

SHA256
9a129c01bb0d426d07f49749fc65ed66014817ccb63209e381166b11db5e84fd

SHA512
afc45593e6774bd9fdf11d2d60e3e1813493600eb60294acf73921b45eb803dc835433083eea133d532da6a38a2134a36c4cb4c325952e42018ec0c6d596e7a3

Download Submit
C:\Windows\system\IlXXKmM.exe

Filesize
6.0MB

MD5
1d67197a54553beefe51128c4c15e8d6

SHA1
eb948918082fb9787d16012169b7b7a653bafce8

SHA256
8f77b4de7f2665b80d6dfa683b06034c0a7a668f54509b7666d7033f07157456

SHA512
701d7cb9de0b53750f0e1a04ddc841beaea04b337e6c201c974b386872e5195880f20dc08d58bd2d1b5bee66100b77fbfcae9cee84b039289bbc08230a66d2ed

Download Submit
C:\Windows\system\KLfVVHV.exe

Filesize
6.0MB

MD5
15548b1153a7df547b9fa341fa6c3670

SHA1
410eae469f2b65e538d2488862ac014bab74ca23

SHA256
c0d0ba87f860cbe06f8bc6fefc583531770e80ff196995c2512ae8446ce97d79

SHA512
114c7d2ab88e2f9c638bda3df96c2e75a8334b312b4c160a12b8ebae40c2dad3bcf5a642bdbb02a58d415e9314fbc7a4d8de845aff6bf37a71866106c655d3e7

Download Submit
C:\Windows\system\KSEdrcF.exe

Filesize
6.0MB

MD5
5ac815e354546d2a0f132fcafa5a6138

SHA1
2ae74b68c8c6b9b64ee4515a835361c523843cbe

SHA256
93273d45effd11d0b8724ad04ec87177d8f430f636a156798e9ef3fe63db99e8

SHA512
fab19050fbe40a27d9152a873a03901f8723b77307a3e56c85c0197541b7bbd80b0501e0bfff7448ea079639cc4e9b7a577d679f22616ab2ef834313d00786e2

Download Submit
C:\Windows\system\KmIRMdu.exe

Filesize
6.0MB

MD5
7eebe7576fd2fe880cc4c1bca38cb510

SHA1
c374f1c28cacdbcb378aed35dcaa83da6bd4ec06

SHA256
6495a07696ebbd02ddad9cc4635751530341b9b92a30833b86213be385962f3c

SHA512
b606500a37a1b94a3aedef9dfa5d854d1082cdff533e5810e3320fcf888996745fd824401e0116d65a6e32490931119e215ac8919864b3e1a0209fb2c7f8ed41

Download Submit
C:\Windows\system\LDBjVvW.exe

Filesize
6.0MB

MD5
895e13963f1a916e165a18f18f3c6ee5

SHA1
96139d58efc48e3a7ed467972f3004e743960764

SHA256
950ffb4280d75c8a94138ceac53d8a21dbfe6b8f6abe6f5c95e5e3b8885ec2bb

SHA512
843e0d354a6e81824d03a07191f09d6ab0e8304898e445848633efb0e1eb969195f6ded501f2003baa88fe9601a7ef5c0cc579e9486ea2e6c4f73d1487b2ed17

Download Submit
C:\Windows\system\NEkOXWJ.exe

Filesize
6.0MB

MD5
33b48ee7b05b719af9f1506aa15f73dc

SHA1
ef3b59de485c6c136374ec0827ec2c106e2daac7

SHA256
5fd76e0b200e98e87ab688eae79abea17bc05b2c3d9d98a8bee9452d807a36b5

SHA512
14f92f4674498a6231567ecb53058eab8affa1b2431bf46e4364dc00519281d02a4aa12a71727c2d99a97cf4d99aef53c3aebbb5fde011828e8355332340cd0f

Download Submit
C:\Windows\system\PWKaAlF.exe

Filesize
6.0MB

MD5
871d37ab4395ac225f57553c31b30007

SHA1
3b9d41c42042b6cf3a21dc81848a172d5f0c0709

SHA256
18f98ba86a96f77dc08c884d1e416d8b1ac2fa6999241610fc7a993755d40808

SHA512
75448add1c400fb0d0a9842bfec649509870929859011c04ab0602cee556644a10675e38433a3d64e7e9d9d90fa75fb16b8236c050baf71304de1b3b44354e06

Download Submit
C:\Windows\system\PbNepkQ.exe

Filesize
6.0MB

MD5
0b6e60661b40ccc125e77fbab0c10bdb

SHA1
e02ac9add3b73ca8e7a402e5aaf2f8f997c2280c

SHA256
5627ccb7ecaedff07d3349de29732d150481b721a296d18524b834b982266acc

SHA512
1773fc535e22e58e70af2b38b37e9797f57e47ad1d9c7aa804a0508ffb1af865971b6c0e48f1bbe6b7d38a9ac326dfcbd8ff6c2abc15c83fd3a2c1eb8825bebf

Download Submit
C:\Windows\system\PzbHmqJ.exe

Filesize
6.0MB

MD5
0e634b1bec7921413d2f36ee7468adc7

SHA1
729bde0276d94de8e7eabe9f13ef8dc4e8fe02f6

SHA256
e57d695b0422631837cc9032a1099a18e0d007c1b1e2d132842bf3f0e338d4e9

SHA512
8c407390bae2079212dfb8662b782a0d4afb1f8d7f0aae799f948f056bc67ea3b03e9cef2f33493a0e3ae0b8518c058fadabf9a7ac5db793513744fdcfeec376

Download Submit
C:\Windows\system\RFHLJsp.exe

Filesize
6.0MB

MD5
b2a2e4c2fe131254751e59b417b793c3

SHA1
5690d8dab76100b136d20b2810dc9295865406eb

SHA256
3542bb3b27706624cef5893a7937aaef0dd40542346cd4b3a4b09160af633d12

SHA512
e493eeec3e6f321d66b0519a697f20efbb98daab380839a3cac554b2dee5dd328e501ed91a2f06a0777c8bce3b2b41990ee956147ce90c782a147d77ea3f4e5f

Download Submit
C:\Windows\system\SrRRAfo.exe

Filesize
6.0MB

MD5
a231da2f85a706934f808938eb8b2371

SHA1
f774cf0f1fcea6d872b94c0200644b0404550b20

SHA256
36a6769ceec797b11298bb8f3d6356f93cfff7c436e685f8f5fca11841506e8a

SHA512
e044b84f5f98ca67af00e35b5f03526b9e79703dddc8d75b8f280158c4af62d3d4641afecfdf89b6ca41a851dbb63ef028c37816c6bf5176908e6ae166531313

Download Submit
C:\Windows\system\SvGbOPa.exe

Filesize
6.0MB

MD5
2d2d1f540897aa7c52bf1d85df6502c4

SHA1
6dd8c2b0b033d9230e4fa1338a777ebc61e90613

SHA256
05b133c6d935119d45b06d7b0ae67830728b4dc0f2d7d53a67aa7ad3a8cd83a5

SHA512
c2820422d352d6404331f6993c534527b9b4e0a8b768289c69193455352c0269cb4d589c10b754ecd7a6c4730a750ab718733f1eacf8f31076f83653e7a0915c

Download Submit
C:\Windows\system\dfiSuuf.exe

Filesize
6.0MB

MD5
6c2cf4eb5231318efcb0e84be48edada

SHA1
3ddf63ef4338868e0c50bc8bc15b92b5bf1c7071

SHA256
b704b1bf406daedd94d46328df59a5990eded26cf55bcc7056cf992bdabe6d8d

SHA512
cfe3c65e04759d17ad8610e2774b0f8cb7d12d1dcf83e7a02a1226c996187ddb1c8acdefdc7835621e5d349dd28d9e37b1f2b1d19a4f1ceff6670b5827777a8c

Download Submit
C:\Windows\system\dqnproQ.exe

Filesize
6.0MB

MD5
e7d8fbc2461a740f4cbada5325078fcb

SHA1
5cb2176f439d0c25ff423890050c7ab6559a98da

SHA256
7d6f44cb93b5c436d9e8218db22324c8313a8fefcefb566be615e6e5d6881fda

SHA512
78d43d5ea9077b42589ac93ca1ec2ccd6c416468d007a67edb041c7e0be4fe1ab4bfca41bd2020a41a65021b789c3bc46cb33e1ad9bdcb805720ce22791116ce

Download Submit
C:\Windows\system\elAUOfB.exe

Filesize
6.0MB

MD5
9957fce64ae949c1ae349668410b939a

SHA1
2c3a287417f65e15b5e9f2217f60bad2737a7468

SHA256
c6f62aebc720033172492a4c796bf8a5121cc7db67538a42193c58d44949778f

SHA512
80136f7b5b62082e1f2fd114b035365be8571d5dcee1dd4e6296a78c91a690ace349f157afbfb8636fd2aae58793da4f8038a95a88947aa43c5ae04ff7c5fd7e

Download Submit
C:\Windows\system\fiWpfaI.exe

Filesize
6.0MB

MD5
90b0fb336c0e931d3fdf8795f6fda776

SHA1
e2972615f751479cfaca8b4546a6193e12f64120

SHA256
614c32b681bac65eecf2b2afe56375e7422c59352b154622289ce3fba2bc9689

SHA512
f3887cc3c9bb9e4efd3f40a4a1a519020aaa7fb8da487f48b2ca9b9541ac61b93daffd53d0bb82c6e54de607a53e51d75502da1553ccf68be943f7639b714ca2

Download Submit
C:\Windows\system\gYjNNkm.exe

Filesize
6.0MB

MD5
85c78de72be4fe2905bf379ae928d0d0

SHA1
dffc4348e6369b4eda195ecc877d79993997d539

SHA256
cd5136a42231378921f37d643853bf717c07e71b708bf4471dc69ee2fa9b2a86

SHA512
4618368301d858c82db93531690530928866588021beb63bc06a0beb4e7c773b6c59f4cfe529aacf9e88b3a9b13d0ccf7d8844fe901b186bc6f0cbcd7e318770

Download Submit
C:\Windows\system\ktqTAoA.exe

Filesize
6.0MB

MD5
104b85cec24ed6c7e29c8a2e3515a078

SHA1
5f47d25131650274f33b04ed7606137b68ff604e

SHA256
99c9949b2a8098131b796844e5ea94bf0935e30545db08f0ae5bbe4a741631ba

SHA512
68f2d59d6b100ebd8565de5275b04359b892b2ad307e08043e5aeec64f9161a98c82b74abc2cec6fc2d8c9090bf6634c543def4ef6f8f41db99741ff53090f5c

Download Submit
C:\Windows\system\lgqPdqc.exe

Filesize
6.0MB

MD5
312bb1f6befbb744b1807bef2ad85703

SHA1
10fae97b04f8da453276f8e8315e5f7a182e4e69

SHA256
18d26db14f414242e945b69e9e7ecd68f18adc3a87dbb08cac801ce6739e4d90

SHA512
32aa2b2ded6e99ac1cd95566ea32927e0ff7a646405d8eff1a2a87115d1b713a1d25a7c5ff8468bcf983c1554429d9cfbd7d6df32dc86e6069e7b5358cbe0505

Download Submit
C:\Windows\system\mAkjVMJ.exe

Filesize
6.0MB

MD5
bc5e43a6486603bba064fa63e9af34d4

SHA1
ad993f153b8cb8de6fa0cec9e7bc7d2daf161ccd

SHA256
221889a2de4ab6331b39c9bf00d4fbb608b4a0ff8336ce396f2eece4004df958

SHA512
b69d4ec95e8984f81cd289f20f9e350e18ffae4c91f56a1f62891494d98e745dec2fab67323ba7484576279c00b1d4dea67a0c69c468a274a5a77d1f4151825b

Download Submit
C:\Windows\system\mGZeGzl.exe

Filesize
6.0MB

MD5
d5c5ed5746342e60f4fc76990c94fa0b

SHA1
7cedca37e9d11a9df4569e3e0b30d7859fe462d0

SHA256
f3629e31748114683ebceb6ebef23f9f0b1d477abbffae8662589898d2cfca40

SHA512
a48f3f32baeb704dc13e51e3d6e4f22148cce6ac936eaa73473618e0b0a37bdaab31260e1cf6c46f645aefa9da017f9cc0a741522c2a40699bcd189d30d5c535

Download Submit
C:\Windows\system\mRJZVbp.exe

Filesize
6.0MB

MD5
d5e7cea0b66f983c072b13c6c4286b6e

SHA1
042aca6d8ff5df2043f8bf1eb1ff63270aba96ba

SHA256
f7a2fbb771f9ce8852f57c4bc3968f463b2bd3d4f42a041f6d0d01dbc04be2e1

SHA512
d2159c51cb04afdde49761d73c0925da0687de34b4421fe9b30e37e2a1bad27cffc2dcf131fd146fceb361c38ead57f7484f94b1cfdb6800cad33f4a1a3c2cd6

Download Submit
C:\Windows\system\mWevFjL.exe

Filesize
6.0MB

MD5
fed4fd4a1c3c4489396cbba940403b44

SHA1
05276ee6f6595d06d4f6c07c8bb246e6617992d6

SHA256
f6d9ca89ba5a3b5464c5f1f602324e6d909d9cee505748adbb5b3dc97c4d4642

SHA512
bdf53ff9e9fd4c50dd087321a8f2ee96498d207dd0e9d19cb993662cf11d9430bb68c8e38d185dca245fe0989241f82356ab4fd096eeda34b9173121ab2ba4a0

Download Submit
C:\Windows\system\nDUJcAZ.exe

Filesize
6.0MB

MD5
46f333af76bd55b5c435658bbe0f95ed

SHA1
06fd0eb7b15462872b03479a33d671e310953908

SHA256
4492e64b80e68be7a07b555a9576ad01f1fad69e932b441e62a50bdbe84d1f92

SHA512
d7c7392d199979bc574d1ab5dc68b8032f817390985052e7d5a4cb5125890faabdd2d22c2605955c8fa9e1f5db1c5b7c1f689664504b0252ece62738f8a1e832

Download Submit
C:\Windows\system\nysMXzo.exe

Filesize
6.0MB

MD5
f4da2a102c9978645cbed531891d7686

SHA1
d8da034338f7b8cc30d381e2e24d81916f049ce1

SHA256
de18ed0915bdd3e57024feec33bc08507f240d299a53857c715d062260b59ce2

SHA512
056029c9ca9ad8851cfae8158fe5b85b08d2ea6a93c80b9a6e6ee7ceecb449c50a7ba13dc5dc5ecde4900b88f908251c6822976131b8760dd0b51d1b23e1e2ec

Download Submit
C:\Windows\system\ssSjpnK.exe

Filesize
6.0MB

MD5
c1641ccc83de07d9b175b411495beab9

SHA1
16dfe07d3fd0f554cb406de99730eb9f82e86c0f

SHA256
65e64acdc7f35e22b95deff7c6721810a3152ac19da5d63a8d58172dd3f3b725

SHA512
f71f10138a99e8f08843304706901012c1faec09b13322996c7604ed41a591d0f9b71e1dff9377802331464796d37d41fc6c3bcfe75f87091dca33c78a63bc65

Download Submit
C:\Windows\system\tIoDaOi.exe

Filesize
6.0MB

MD5
328e4c9e14a1ac02da1cf1cf762201ed

SHA1
9254e6a29c5d75bf6d95aad2d7d2c254fcc58a3d

SHA256
d6eded512756855ad4c5c6366b2a426ae36603132b714f8c7306f6fe07610bee

SHA512
c62ba599845e1f8bf1169911916b612877dd47f2dc6f8e76da51e5324167d81a93503074675ba6d6eac59e648af6c9dc07b297f5e9a7a3ae651026672a01eee8

Download Submit
C:\Windows\system\vWLwtXt.exe

Filesize
6.0MB

MD5
ef3d5346b2ab176f3e90d242a86e9cb5

SHA1
0b2ead655cf6b31b9448586f61ccdb5601ecdba2

SHA256
9861481b70a54fdc3e8c4e9746c1cc21a936e9a91ea29516cbdc2bf13607bf9d

SHA512
808d497f2f5e92163e08fd1e560469f4b0c0c4b2605c34c127ade298967e2d82883863810b0fcd6698583379b4c3254071b0dd81f2fccb7c5806b8ec186f97a5

Download Submit
C:\Windows\system\wEISxRe.exe

Filesize
6.0MB

MD5
764aed4207c711101905169a93919a71

SHA1
02bf6af138ae008a442208726302d87291f1090b

SHA256
a395d2f85964a7b2e2f53be1c9f6eeb8faeca2f4adda9811307cccb5cf20a5b7

SHA512
a2d2ebe388cd6a556ade37e3506f3f8f058900c9476f58ce235cb3fccfe18f2fddafe2508588018e1aa18076e303742add57bdc0b4c478ef3e420464b8b68979

Download Submit
C:\Windows\system\xXkAecB.exe

Filesize
6.0MB

MD5
b4da73a1543d5b57efab5e65e6ecafc0

SHA1
e41907a951917197a9ce4a3e114b81169cc992e7

SHA256
c06a9cc58a25d6f8d6f67f79aa385733ec30e0b79ded77678b06253f3089b770

SHA512
e2027235554dbd36f1ef4bb656c7cd768eace4c06332230fb28e597aee20faa2d441c0a9203e3340d239854757019e0afa835ef6b5070a6764c6c1a8116caa72

Download Submit
\Windows\system\NnOiNFa.exe

Filesize
6.0MB

MD5
44799f5718090a87e85990e0c9a6e20e

SHA1
a956cfe5fa8999898ca62928e28448e98924ba79

SHA256
1211e8957526384c412c64db7c83b34fdd7cb01b88a3e0930977ce81c39e216c

SHA512
a4b0846cb921760e3edcd31257b3d131323f4775fdfb06618a25bcd6f4e7983787cfa879b82bf814f7dd0e316788ea9c0ea4a771477617a2824539864f3491c0

Download Submit
memory/540-1541-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/540-2453-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/540-1580-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/540-2454-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/540-2455-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/540-1586-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/540-2456-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/540-1415-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/540-1570-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/540-1429-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/540-2457-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/540-2458-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/540-1561-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/540-2441-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/540-2448-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/540-1556-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/540-2445-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/540-0-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download
memory/540-1530-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/540-2438-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/540-1513-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/540-2437-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/540-1473-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/540-2436-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/540-1455-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/540-2284-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/540-130-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/540-2287-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/540-8-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/540-1-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/1740-3802-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/1740-1409-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/1828-1426-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/1828-3809-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2316-3774-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2316-9-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2488-1596-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2488-3793-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-3858-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2512-1578-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2520-3859-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2520-1537-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2564-1584-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2564-3846-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2668-1472-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2668-3819-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2684-3843-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2684-1567-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2772-1510-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-3871-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-1555-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2792-3838-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3825-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-1527-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-1558-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2988-3865-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/3044-3823-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/3044-1454-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download