cobaltstrike | 279bd03ce9f4e149d5e7c303f075338774fc4b54a05f5e6f3ee211242ff28c1f

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-09-2024 15:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

44fff51e577886f7ec3b0fdc5fab82b8
SHA1

fb2889e02b2b52e2b2616bf9b10cf0026ada20c6
SHA256

279bd03ce9f4e149d5e7c303f075338774fc4b54a05f5e6f3ee211242ff28c1f
SHA512

6ce8e5cbb6b67c67ad8d81d6335d786055203f79168ae027bb53a2c71b962230a27918754c9f03e3549d16cab79b4e61dcbad686ef97f4d4b8f08c0188ac0ac5
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUV:T+q56utgpPF8u/7V

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d00000001226d-6.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d9a-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015da7-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015e18-16.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d25-40.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9a-65.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001706d-95.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017472-120.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d7e-159.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000018663-149.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a2-147.dat	cobalt_reflective_dll
behavioral1/files/0x000d00000001866e-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018687-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018792-153.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017525-133.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017487-125.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173fc-115.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f4-110.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f1-105.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173da-100.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016eca-90.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ea4-85.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd7-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd1-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dbe-70.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d96-60.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d46-55.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d3e-50.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d36-45.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001612f-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f81-30.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015e71-24.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 53 IoCs

miner

resource	yara_rule
behavioral1/memory/2160-0-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/files/0x000d00000001226d-6.dat	xmrig
behavioral1/files/0x0007000000015d9a-8.dat	xmrig
behavioral1/files/0x0007000000015da7-12.dat	xmrig
behavioral1/files/0x0007000000015e18-16.dat	xmrig
behavioral1/files/0x0007000000016d25-40.dat	xmrig
behavioral1/files/0x0006000000016d9a-65.dat	xmrig
behavioral1/files/0x000600000001706d-95.dat	xmrig
behavioral1/files/0x0006000000017472-120.dat	xmrig
behavioral1/files/0x0009000000015d7e-159.dat	xmrig
behavioral1/files/0x0014000000018663-149.dat	xmrig
behavioral1/files/0x00060000000174a2-147.dat	xmrig
behavioral1/files/0x000d00000001866e-143.dat	xmrig
behavioral1/files/0x0005000000018687-142.dat	xmrig
behavioral1/files/0x0005000000018792-153.dat	xmrig
behavioral1/files/0x0006000000017525-133.dat	xmrig
behavioral1/files/0x0006000000017487-125.dat	xmrig
behavioral1/files/0x00060000000173fc-115.dat	xmrig
behavioral1/files/0x00060000000173f4-110.dat	xmrig
behavioral1/files/0x00060000000173f1-105.dat	xmrig
behavioral1/files/0x00060000000173da-100.dat	xmrig
behavioral1/files/0x0006000000016eca-90.dat	xmrig
behavioral1/files/0x0006000000016ea4-85.dat	xmrig
behavioral1/files/0x0006000000016dd7-80.dat	xmrig
behavioral1/files/0x0006000000016dd1-75.dat	xmrig
behavioral1/files/0x0006000000016dbe-70.dat	xmrig
behavioral1/files/0x0006000000016d96-60.dat	xmrig
behavioral1/files/0x0006000000016d46-55.dat	xmrig
behavioral1/files/0x0006000000016d3e-50.dat	xmrig
behavioral1/files/0x0006000000016d36-45.dat	xmrig
behavioral1/files/0x000800000001612f-36.dat	xmrig
behavioral1/files/0x0007000000015f81-30.dat	xmrig
behavioral1/files/0x0007000000015e71-24.dat	xmrig
behavioral1/memory/2308-2336-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2160-2338-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2160-2394-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2320-2386-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/1868-2428-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2516-2430-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2780-2482-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/1372-2512-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2160-3281-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2160-3425-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2160-3409-0x0000000002460000-0x00000000027B4000-memory.dmp	xmrig
behavioral1/memory/2160-3385-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2216-4115-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/1868-4117-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2908-4119-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2308-4121-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2780-4120-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2516-4123-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2328-4118-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2320-4116-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1372	RAEcFVU.exe
2308	RHZOjMK.exe
2320	ziTyIct.exe
1868	NYxyjha.exe
2516	gfmNDtX.exe
2908	ZwAfmdp.exe
2328	FJyxLCh.exe
2780	opyiXpA.exe
2216	FcaMQSR.exe
2792	KfloBVr.exe
2948	yuQWHEf.exe
2392	svXDoOK.exe
2744	WivvLvC.exe
2628	grSOYQe.exe
2704	DztveLg.exe
2364	XTusChY.exe
2348	BUwJcWN.exe
328	zAskeSt.exe
1512	NQjEKPi.exe
2860	GOaEgEg.exe
2968	SWAOzEC.exe
580	LrxKtnO.exe
808	leOLsJq.exe
320	vmiuZIA.exe
576	kMXzmti.exe
2992	tKVCRQE.exe
1752	kgBPvsW.exe
3012	bUIURpe.exe
2372	QOrOmnC.exe
1976	QIyZQwx.exe
2432	AMdmqDj.exe
2404	XdsRoTE.exe
2176	sdAoVLH.exe
1032	UvLFwom.exe
1680	IedBKRM.exe
1640	fhgoTcV.exe
1932	sxYWoKN.exe
3048	ENtZWNy.exe
1168	OHiUMbj.exe
1768	XLXAQRY.exe
776	DtvmLCv.exe
1784	MlKdoWZ.exe
1092	WTlTqPt.exe
1716	IoGxuyX.exe
1696	GhYzsuC.exe
1860	OOEfvIM.exe
1916	NjEesYO.exe
832	JfztFQI.exe
1564	PmpvlEx.exe
620	nRHsdbR.exe
1792	QSbRHae.exe
2076	JasYWrp.exe
2808	KSunCgU.exe
900	jJsuuYX.exe
2548	nrJQiKh.exe
1628	XJkQYFw.exe
1624	XqIbder.exe
2412	VzMVQQG.exe
2512	UVmNNwJ.exe
2900	fJrvIcO.exe
2936	pdXLOsb.exe
2736	eVVhWKz.exe
2148	nYnyzyx.exe
2680	ntRJYEl.exe

Loads dropped DLL 64 IoCs

pid	Process
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 48 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2160-0-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/files/0x000d00000001226d-6.dat	upx
behavioral1/files/0x0007000000015d9a-8.dat	upx
behavioral1/files/0x0007000000015da7-12.dat	upx
behavioral1/files/0x0007000000015e18-16.dat	upx
behavioral1/files/0x0007000000016d25-40.dat	upx
behavioral1/files/0x0006000000016d9a-65.dat	upx
behavioral1/files/0x000600000001706d-95.dat	upx
behavioral1/files/0x0006000000017472-120.dat	upx
behavioral1/files/0x0009000000015d7e-159.dat	upx
behavioral1/files/0x0014000000018663-149.dat	upx
behavioral1/files/0x00060000000174a2-147.dat	upx
behavioral1/files/0x000d00000001866e-143.dat	upx
behavioral1/files/0x0005000000018687-142.dat	upx
behavioral1/files/0x0005000000018792-153.dat	upx
behavioral1/files/0x0006000000017525-133.dat	upx
behavioral1/files/0x0006000000017487-125.dat	upx
behavioral1/files/0x00060000000173fc-115.dat	upx
behavioral1/files/0x00060000000173f4-110.dat	upx
behavioral1/files/0x00060000000173f1-105.dat	upx
behavioral1/files/0x00060000000173da-100.dat	upx
behavioral1/files/0x0006000000016eca-90.dat	upx
behavioral1/files/0x0006000000016ea4-85.dat	upx
behavioral1/files/0x0006000000016dd7-80.dat	upx
behavioral1/files/0x0006000000016dd1-75.dat	upx
behavioral1/files/0x0006000000016dbe-70.dat	upx
behavioral1/files/0x0006000000016d96-60.dat	upx
behavioral1/files/0x0006000000016d46-55.dat	upx
behavioral1/files/0x0006000000016d3e-50.dat	upx
behavioral1/files/0x0006000000016d36-45.dat	upx
behavioral1/files/0x000800000001612f-36.dat	upx
behavioral1/files/0x0007000000015f81-30.dat	upx
behavioral1/files/0x0007000000015e71-24.dat	upx
behavioral1/memory/2308-2336-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2320-2386-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/1868-2428-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2516-2430-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2780-2482-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/1372-2512-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2160-3281-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2216-4115-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/1868-4117-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2908-4119-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2308-4121-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2780-4120-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2516-4123-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2328-4118-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2320-4116-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\QRiHsov.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WIUsAyY.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oZQMbIO.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NQjEKPi.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XqIbder.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QVhNNCe.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fwcMcXg.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MbeaTzo.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vQKNSUd.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nIHfOOr.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kfYjswk.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qVymDno.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vZYGzXc.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rEyeCtY.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cYZbTTB.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XdsRoTE.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OOEfvIM.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xWQUcnk.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\USqUTgo.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bCgDSvg.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bRCLBGY.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KinIgsH.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XTusChY.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HXsmCcb.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HWXhJaz.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NyhKkWB.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\biKqogp.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SfKySsc.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MkFpihR.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NrjodKr.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rAeifSC.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EEuANED.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ygnFLyG.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fcesKhe.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QrQUhPa.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wHnBmkT.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qRpZueP.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\alszeMa.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qtyQtps.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XOAiBTW.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VumMdjz.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WvMFEYE.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EqiilBv.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tnxggKo.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZYFmtlV.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LgjJdGi.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oWFsimn.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZSMjEij.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EmToYQL.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YBifwYN.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bUIURpe.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HuelofE.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yKEdwsd.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gUjkGYx.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JkvZYrO.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NcvZMmb.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jWVkVus.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fVXTOJf.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JuzyCQD.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jgxrFVp.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EpliGHo.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jcgokrn.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qjWUbDz.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZfmIcnS.exe	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 1372	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2160 wrote to memory of 1372	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2160 wrote to memory of 1372	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2160 wrote to memory of 2308	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2160 wrote to memory of 2308	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2160 wrote to memory of 2308	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2160 wrote to memory of 2320	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2160 wrote to memory of 2320	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2160 wrote to memory of 2320	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2160 wrote to memory of 2516	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2160 wrote to memory of 2516	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2160 wrote to memory of 2516	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2160 wrote to memory of 1868	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2160 wrote to memory of 1868	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2160 wrote to memory of 1868	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2160 wrote to memory of 2908	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2160 wrote to memory of 2908	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2160 wrote to memory of 2908	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2160 wrote to memory of 2328	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2160 wrote to memory of 2328	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2160 wrote to memory of 2328	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2160 wrote to memory of 2780	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2160 wrote to memory of 2780	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2160 wrote to memory of 2780	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2160 wrote to memory of 2216	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2160 wrote to memory of 2216	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2160 wrote to memory of 2216	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2160 wrote to memory of 2792	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2160 wrote to memory of 2792	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2160 wrote to memory of 2792	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2160 wrote to memory of 2948	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2160 wrote to memory of 2948	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2160 wrote to memory of 2948	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2160 wrote to memory of 2392	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2160 wrote to memory of 2392	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2160 wrote to memory of 2392	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2160 wrote to memory of 2744	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2160 wrote to memory of 2744	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2160 wrote to memory of 2744	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2160 wrote to memory of 2628	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2160 wrote to memory of 2628	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2160 wrote to memory of 2628	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2160 wrote to memory of 2704	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2160 wrote to memory of 2704	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2160 wrote to memory of 2704	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2160 wrote to memory of 2364	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2160 wrote to memory of 2364	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2160 wrote to memory of 2364	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2160 wrote to memory of 2348	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2160 wrote to memory of 2348	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2160 wrote to memory of 2348	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2160 wrote to memory of 328	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2160 wrote to memory of 328	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2160 wrote to memory of 328	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2160 wrote to memory of 1512	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2160 wrote to memory of 1512	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2160 wrote to memory of 1512	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2160 wrote to memory of 2860	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2160 wrote to memory of 2860	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2160 wrote to memory of 2860	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2160 wrote to memory of 2968	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2160 wrote to memory of 2968	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2160 wrote to memory of 2968	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2160 wrote to memory of 580	2160	2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-24_44fff51e577886f7ec3b0fdc5fab82b8_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Windows\System\RAEcFVU.exe
  C:\Windows\System\RAEcFVU.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\RHZOjMK.exe
  C:\Windows\System\RHZOjMK.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\ziTyIct.exe
  C:\Windows\System\ziTyIct.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\gfmNDtX.exe
  C:\Windows\System\gfmNDtX.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\NYxyjha.exe
  C:\Windows\System\NYxyjha.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\ZwAfmdp.exe
  C:\Windows\System\ZwAfmdp.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\FJyxLCh.exe
  C:\Windows\System\FJyxLCh.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\opyiXpA.exe
  C:\Windows\System\opyiXpA.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\FcaMQSR.exe
  C:\Windows\System\FcaMQSR.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\KfloBVr.exe
  C:\Windows\System\KfloBVr.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\yuQWHEf.exe
  C:\Windows\System\yuQWHEf.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\svXDoOK.exe
  C:\Windows\System\svXDoOK.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\WivvLvC.exe
  C:\Windows\System\WivvLvC.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\grSOYQe.exe
  C:\Windows\System\grSOYQe.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\DztveLg.exe
  C:\Windows\System\DztveLg.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\XTusChY.exe
  C:\Windows\System\XTusChY.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\BUwJcWN.exe
  C:\Windows\System\BUwJcWN.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\zAskeSt.exe
  C:\Windows\System\zAskeSt.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\NQjEKPi.exe
  C:\Windows\System\NQjEKPi.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\GOaEgEg.exe
  C:\Windows\System\GOaEgEg.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\SWAOzEC.exe
  C:\Windows\System\SWAOzEC.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\LrxKtnO.exe
  C:\Windows\System\LrxKtnO.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\leOLsJq.exe
  C:\Windows\System\leOLsJq.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\vmiuZIA.exe
  C:\Windows\System\vmiuZIA.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\kMXzmti.exe
  C:\Windows\System\kMXzmti.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\bUIURpe.exe
  C:\Windows\System\bUIURpe.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\tKVCRQE.exe
  C:\Windows\System\tKVCRQE.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\QOrOmnC.exe
  C:\Windows\System\QOrOmnC.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\kgBPvsW.exe
  C:\Windows\System\kgBPvsW.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\AMdmqDj.exe
  C:\Windows\System\AMdmqDj.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\QIyZQwx.exe
  C:\Windows\System\QIyZQwx.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\XdsRoTE.exe
  C:\Windows\System\XdsRoTE.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\sdAoVLH.exe
  C:\Windows\System\sdAoVLH.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\UvLFwom.exe
  C:\Windows\System\UvLFwom.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\IedBKRM.exe
  C:\Windows\System\IedBKRM.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\fhgoTcV.exe
  C:\Windows\System\fhgoTcV.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\sxYWoKN.exe
  C:\Windows\System\sxYWoKN.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\ENtZWNy.exe
  C:\Windows\System\ENtZWNy.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\OHiUMbj.exe
  C:\Windows\System\OHiUMbj.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\XLXAQRY.exe
  C:\Windows\System\XLXAQRY.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\DtvmLCv.exe
  C:\Windows\System\DtvmLCv.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\MlKdoWZ.exe
  C:\Windows\System\MlKdoWZ.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\WTlTqPt.exe
  C:\Windows\System\WTlTqPt.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\IoGxuyX.exe
  C:\Windows\System\IoGxuyX.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\GhYzsuC.exe
  C:\Windows\System\GhYzsuC.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\OOEfvIM.exe
  C:\Windows\System\OOEfvIM.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\NjEesYO.exe
  C:\Windows\System\NjEesYO.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\JfztFQI.exe
  C:\Windows\System\JfztFQI.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\PmpvlEx.exe
  C:\Windows\System\PmpvlEx.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\nRHsdbR.exe
  C:\Windows\System\nRHsdbR.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\QSbRHae.exe
  C:\Windows\System\QSbRHae.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\KSunCgU.exe
  C:\Windows\System\KSunCgU.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\JasYWrp.exe
  C:\Windows\System\JasYWrp.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\jJsuuYX.exe
  C:\Windows\System\jJsuuYX.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\nrJQiKh.exe
  C:\Windows\System\nrJQiKh.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\XJkQYFw.exe
  C:\Windows\System\XJkQYFw.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\XqIbder.exe
  C:\Windows\System\XqIbder.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\VzMVQQG.exe
  C:\Windows\System\VzMVQQG.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\UVmNNwJ.exe
  C:\Windows\System\UVmNNwJ.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\fJrvIcO.exe
  C:\Windows\System\fJrvIcO.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\pdXLOsb.exe
  C:\Windows\System\pdXLOsb.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\eVVhWKz.exe
  C:\Windows\System\eVVhWKz.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\nYnyzyx.exe
  C:\Windows\System\nYnyzyx.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\qtyQtps.exe
  C:\Windows\System\qtyQtps.exe
  2⤵
  PID:2916
- C:\Windows\System\ntRJYEl.exe
  C:\Windows\System\ntRJYEl.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\yJxLuCU.exe
  C:\Windows\System\yJxLuCU.exe
  2⤵
  PID:2696
- C:\Windows\System\wBPupds.exe
  C:\Windows\System\wBPupds.exe
  2⤵
  PID:2492
- C:\Windows\System\DlLhKJJ.exe
  C:\Windows\System\DlLhKJJ.exe
  2⤵
  PID:1276
- C:\Windows\System\VJasKlx.exe
  C:\Windows\System\VJasKlx.exe
  2⤵
  PID:1280
- C:\Windows\System\tBfOZcF.exe
  C:\Windows\System\tBfOZcF.exe
  2⤵
  PID:2872
- C:\Windows\System\IfrNnzb.exe
  C:\Windows\System\IfrNnzb.exe
  2⤵
  PID:3056
- C:\Windows\System\SnmOgfL.exe
  C:\Windows\System\SnmOgfL.exe
  2⤵
  PID:2692
- C:\Windows\System\GqSNHBM.exe
  C:\Windows\System\GqSNHBM.exe
  2⤵
  PID:316
- C:\Windows\System\LzLIJUu.exe
  C:\Windows\System\LzLIJUu.exe
  2⤵
  PID:1596
- C:\Windows\System\HXsmCcb.exe
  C:\Windows\System\HXsmCcb.exe
  2⤵
  PID:3000
- C:\Windows\System\UTqAzQa.exe
  C:\Windows\System\UTqAzQa.exe
  2⤵
  PID:2296
- C:\Windows\System\gkRsOgQ.exe
  C:\Windows\System\gkRsOgQ.exe
  2⤵
  PID:1352
- C:\Windows\System\JQrXWDT.exe
  C:\Windows\System\JQrXWDT.exe
  2⤵
  PID:1264
- C:\Windows\System\eXipnWy.exe
  C:\Windows\System\eXipnWy.exe
  2⤵
  PID:2836
- C:\Windows\System\nsFBCHS.exe
  C:\Windows\System\nsFBCHS.exe
  2⤵
  PID:1992
- C:\Windows\System\sJyYrsO.exe
  C:\Windows\System\sJyYrsO.exe
  2⤵
  PID:704
- C:\Windows\System\wXMxjFR.exe
  C:\Windows\System\wXMxjFR.exe
  2⤵
  PID:2420
- C:\Windows\System\oRAikvG.exe
  C:\Windows\System\oRAikvG.exe
  2⤵
  PID:1336
- C:\Windows\System\AGGdqNt.exe
  C:\Windows\System\AGGdqNt.exe
  2⤵
  PID:2144
- C:\Windows\System\cmVpEbn.exe
  C:\Windows\System\cmVpEbn.exe
  2⤵
  PID:3044
- C:\Windows\System\tjuHULe.exe
  C:\Windows\System\tjuHULe.exe
  2⤵
  PID:2564
- C:\Windows\System\GEBfwul.exe
  C:\Windows\System\GEBfwul.exe
  2⤵
  PID:2200
- C:\Windows\System\SPuYBOW.exe
  C:\Windows\System\SPuYBOW.exe
  2⤵
  PID:352
- C:\Windows\System\Ouxfxpe.exe
  C:\Windows\System\Ouxfxpe.exe
  2⤵
  PID:2340
- C:\Windows\System\VYLsAKs.exe
  C:\Windows\System\VYLsAKs.exe
  2⤵
  PID:2072
- C:\Windows\System\yMjvzlo.exe
  C:\Windows\System\yMjvzlo.exe
  2⤵
  PID:1164
- C:\Windows\System\XHpvGGa.exe
  C:\Windows\System\XHpvGGa.exe
  2⤵
  PID:2892
- C:\Windows\System\KHrrFyT.exe
  C:\Windows\System\KHrrFyT.exe
  2⤵
  PID:2788
- C:\Windows\System\oZdotEN.exe
  C:\Windows\System\oZdotEN.exe
  2⤵
  PID:2660
- C:\Windows\System\VfFmtbT.exe
  C:\Windows\System\VfFmtbT.exe
  2⤵
  PID:1328
- C:\Windows\System\CCOEyBE.exe
  C:\Windows\System\CCOEyBE.exe
  2⤵
  PID:784
- C:\Windows\System\rnSUWTi.exe
  C:\Windows\System\rnSUWTi.exe
  2⤵
  PID:2184
- C:\Windows\System\HfSrVhX.exe
  C:\Windows\System\HfSrVhX.exe
  2⤵
  PID:2352
- C:\Windows\System\HbreWxb.exe
  C:\Windows\System\HbreWxb.exe
  2⤵
  PID:1180
- C:\Windows\System\LIiYYZN.exe
  C:\Windows\System\LIiYYZN.exe
  2⤵
  PID:2940
- C:\Windows\System\fmeOdqK.exe
  C:\Windows\System\fmeOdqK.exe
  2⤵
  PID:1144
- C:\Windows\System\tHibzPw.exe
  C:\Windows\System\tHibzPw.exe
  2⤵
  PID:2388
- C:\Windows\System\xTXifAV.exe
  C:\Windows\System\xTXifAV.exe
  2⤵
  PID:2616
- C:\Windows\System\DXFgctH.exe
  C:\Windows\System\DXFgctH.exe
  2⤵
  PID:1340
- C:\Windows\System\SeuoKJa.exe
  C:\Windows\System\SeuoKJa.exe
  2⤵
  PID:1548
- C:\Windows\System\xMpjoGR.exe
  C:\Windows\System\xMpjoGR.exe
  2⤵
  PID:708
- C:\Windows\System\SgeTJEX.exe
  C:\Windows\System\SgeTJEX.exe
  2⤵
  PID:1036
- C:\Windows\System\wPZkZbT.exe
  C:\Windows\System\wPZkZbT.exe
  2⤵
  PID:1316
- C:\Windows\System\xhlnGZU.exe
  C:\Windows\System\xhlnGZU.exe
  2⤵
  PID:2336
- C:\Windows\System\CBQaZHd.exe
  C:\Windows\System\CBQaZHd.exe
  2⤵
  PID:1620
- C:\Windows\System\CLnoPJD.exe
  C:\Windows\System\CLnoPJD.exe
  2⤵
  PID:640
- C:\Windows\System\NtPEauj.exe
  C:\Windows\System\NtPEauj.exe
  2⤵
  PID:1832
- C:\Windows\System\MkFpihR.exe
  C:\Windows\System\MkFpihR.exe
  2⤵
  PID:904
- C:\Windows\System\rZSlNEt.exe
  C:\Windows\System\rZSlNEt.exe
  2⤵
  PID:2080
- C:\Windows\System\hRrcMpu.exe
  C:\Windows\System\hRrcMpu.exe
  2⤵
  PID:2356
- C:\Windows\System\VqUvKPP.exe
  C:\Windows\System\VqUvKPP.exe
  2⤵
  PID:2032
- C:\Windows\System\TmmKAzz.exe
  C:\Windows\System\TmmKAzz.exe
  2⤵
  PID:2188
- C:\Windows\System\lqLvfaW.exe
  C:\Windows\System\lqLvfaW.exe
  2⤵
  PID:2964
- C:\Windows\System\MYctGbF.exe
  C:\Windows\System\MYctGbF.exe
  2⤵
  PID:3080
- C:\Windows\System\UEyXbCy.exe
  C:\Windows\System\UEyXbCy.exe
  2⤵
  PID:3100
- C:\Windows\System\tnxggKo.exe
  C:\Windows\System\tnxggKo.exe
  2⤵
  PID:3120
- C:\Windows\System\LroEAeG.exe
  C:\Windows\System\LroEAeG.exe
  2⤵
  PID:3136
- C:\Windows\System\JHJwUyD.exe
  C:\Windows\System\JHJwUyD.exe
  2⤵
  PID:3160
- C:\Windows\System\hwsCAPb.exe
  C:\Windows\System\hwsCAPb.exe
  2⤵
  PID:3176
- C:\Windows\System\ERoDnsw.exe
  C:\Windows\System\ERoDnsw.exe
  2⤵
  PID:3196
- C:\Windows\System\adxTazN.exe
  C:\Windows\System\adxTazN.exe
  2⤵
  PID:3220
- C:\Windows\System\JEEzusB.exe
  C:\Windows\System\JEEzusB.exe
  2⤵
  PID:3236
- C:\Windows\System\dxAZbXR.exe
  C:\Windows\System\dxAZbXR.exe
  2⤵
  PID:3264
- C:\Windows\System\fEEsnWT.exe
  C:\Windows\System\fEEsnWT.exe
  2⤵
  PID:3280
- C:\Windows\System\HfyqGms.exe
  C:\Windows\System\HfyqGms.exe
  2⤵
  PID:3300
- C:\Windows\System\dIjcton.exe
  C:\Windows\System\dIjcton.exe
  2⤵
  PID:3316
- C:\Windows\System\XtzYSTo.exe
  C:\Windows\System\XtzYSTo.exe
  2⤵
  PID:3340
- C:\Windows\System\QFBCUWz.exe
  C:\Windows\System\QFBCUWz.exe
  2⤵
  PID:3360
- C:\Windows\System\vUurEQW.exe
  C:\Windows\System\vUurEQW.exe
  2⤵
  PID:3384
- C:\Windows\System\ZFeQuTy.exe
  C:\Windows\System\ZFeQuTy.exe
  2⤵
  PID:3400
- C:\Windows\System\tsqWgOq.exe
  C:\Windows\System\tsqWgOq.exe
  2⤵
  PID:3420
- C:\Windows\System\AlksJEc.exe
  C:\Windows\System\AlksJEc.exe
  2⤵
  PID:3440
- C:\Windows\System\MdCVXAL.exe
  C:\Windows\System\MdCVXAL.exe
  2⤵
  PID:3464
- C:\Windows\System\LEGEuuH.exe
  C:\Windows\System\LEGEuuH.exe
  2⤵
  PID:3480
- C:\Windows\System\bZXVtpu.exe
  C:\Windows\System\bZXVtpu.exe
  2⤵
  PID:3500
- C:\Windows\System\hSMlYqK.exe
  C:\Windows\System\hSMlYqK.exe
  2⤵
  PID:3520
- C:\Windows\System\xWQUcnk.exe
  C:\Windows\System\xWQUcnk.exe
  2⤵
  PID:3536
- C:\Windows\System\AwOughx.exe
  C:\Windows\System\AwOughx.exe
  2⤵
  PID:3552
- C:\Windows\System\HtprMOf.exe
  C:\Windows\System\HtprMOf.exe
  2⤵
  PID:3572
- C:\Windows\System\RzIaaqZ.exe
  C:\Windows\System\RzIaaqZ.exe
  2⤵
  PID:3592
- C:\Windows\System\WhNWOpF.exe
  C:\Windows\System\WhNWOpF.exe
  2⤵
  PID:3620
- C:\Windows\System\PqzNkxe.exe
  C:\Windows\System\PqzNkxe.exe
  2⤵
  PID:3644
- C:\Windows\System\EfpIjqy.exe
  C:\Windows\System\EfpIjqy.exe
  2⤵
  PID:3660
- C:\Windows\System\bNrOfLn.exe
  C:\Windows\System\bNrOfLn.exe
  2⤵
  PID:3676
- C:\Windows\System\kuenIGT.exe
  C:\Windows\System\kuenIGT.exe
  2⤵
  PID:3696
- C:\Windows\System\ifUycgl.exe
  C:\Windows\System\ifUycgl.exe
  2⤵
  PID:3712
- C:\Windows\System\tYukflA.exe
  C:\Windows\System\tYukflA.exe
  2⤵
  PID:3728
- C:\Windows\System\TeCGpJA.exe
  C:\Windows\System\TeCGpJA.exe
  2⤵
  PID:3748
- C:\Windows\System\vXPtpQF.exe
  C:\Windows\System\vXPtpQF.exe
  2⤵
  PID:3764
- C:\Windows\System\USqUTgo.exe
  C:\Windows\System\USqUTgo.exe
  2⤵
  PID:3784
- C:\Windows\System\cJlTqzI.exe
  C:\Windows\System\cJlTqzI.exe
  2⤵
  PID:3800
- C:\Windows\System\AAKPtUc.exe
  C:\Windows\System\AAKPtUc.exe
  2⤵
  PID:3816
- C:\Windows\System\yDAYAgQ.exe
  C:\Windows\System\yDAYAgQ.exe
  2⤵
  PID:3832
- C:\Windows\System\FsrCWbe.exe
  C:\Windows\System\FsrCWbe.exe
  2⤵
  PID:3852
- C:\Windows\System\RiFIdLz.exe
  C:\Windows\System\RiFIdLz.exe
  2⤵
  PID:3868
- C:\Windows\System\ELTqrbj.exe
  C:\Windows\System\ELTqrbj.exe
  2⤵
  PID:3884
- C:\Windows\System\WfxuNHn.exe
  C:\Windows\System\WfxuNHn.exe
  2⤵
  PID:3900
- C:\Windows\System\qHSwZTF.exe
  C:\Windows\System\qHSwZTF.exe
  2⤵
  PID:3932
- C:\Windows\System\UFEyqtv.exe
  C:\Windows\System\UFEyqtv.exe
  2⤵
  PID:3984
- C:\Windows\System\XKubAQF.exe
  C:\Windows\System\XKubAQF.exe
  2⤵
  PID:4000
- C:\Windows\System\hXuUIIX.exe
  C:\Windows\System\hXuUIIX.exe
  2⤵
  PID:4020
- C:\Windows\System\hJivPsp.exe
  C:\Windows\System\hJivPsp.exe
  2⤵
  PID:4040
- C:\Windows\System\IFkAHHd.exe
  C:\Windows\System\IFkAHHd.exe
  2⤵
  PID:4060
- C:\Windows\System\jcgokrn.exe
  C:\Windows\System\jcgokrn.exe
  2⤵
  PID:4080
- C:\Windows\System\ODUGXnw.exe
  C:\Windows\System\ODUGXnw.exe
  2⤵
  PID:2104
- C:\Windows\System\rlIufus.exe
  C:\Windows\System\rlIufus.exe
  2⤵
  PID:2428
- C:\Windows\System\pAueowI.exe
  C:\Windows\System\pAueowI.exe
  2⤵
  PID:2580
- C:\Windows\System\VpWFrrB.exe
  C:\Windows\System\VpWFrrB.exe
  2⤵
  PID:2724
- C:\Windows\System\FSkUfaj.exe
  C:\Windows\System\FSkUfaj.exe
  2⤵
  PID:2228
- C:\Windows\System\tmtgaus.exe
  C:\Windows\System\tmtgaus.exe
  2⤵
  PID:276
- C:\Windows\System\xaPYFui.exe
  C:\Windows\System\xaPYFui.exe
  2⤵
  PID:1616
- C:\Windows\System\SrBjvwq.exe
  C:\Windows\System\SrBjvwq.exe
  2⤵
  PID:2684
- C:\Windows\System\KViLDDw.exe
  C:\Windows\System\KViLDDw.exe
  2⤵
  PID:552
- C:\Windows\System\SnEHoGx.exe
  C:\Windows\System\SnEHoGx.exe
  2⤵
  PID:2004
- C:\Windows\System\awZlpun.exe
  C:\Windows\System\awZlpun.exe
  2⤵
  PID:1076
- C:\Windows\System\axcVpYh.exe
  C:\Windows\System\axcVpYh.exe
  2⤵
  PID:3168
- C:\Windows\System\ylRXdnJ.exe
  C:\Windows\System\ylRXdnJ.exe
  2⤵
  PID:3112
- C:\Windows\System\iyKdnEm.exe
  C:\Windows\System\iyKdnEm.exe
  2⤵
  PID:3156
- C:\Windows\System\dnWmksv.exe
  C:\Windows\System\dnWmksv.exe
  2⤵
  PID:3256
- C:\Windows\System\VeahAmm.exe
  C:\Windows\System\VeahAmm.exe
  2⤵
  PID:3184
- C:\Windows\System\duhvikB.exe
  C:\Windows\System\duhvikB.exe
  2⤵
  PID:3296
- C:\Windows\System\TEwotaz.exe
  C:\Windows\System\TEwotaz.exe
  2⤵
  PID:3328
- C:\Windows\System\pKszMsd.exe
  C:\Windows\System\pKszMsd.exe
  2⤵
  PID:3380
- C:\Windows\System\osOnqqY.exe
  C:\Windows\System\osOnqqY.exe
  2⤵
  PID:3416
- C:\Windows\System\rTDxpvd.exe
  C:\Windows\System\rTDxpvd.exe
  2⤵
  PID:3460
- C:\Windows\System\tKIuVhD.exe
  C:\Windows\System\tKIuVhD.exe
  2⤵
  PID:3560
- C:\Windows\System\kJcAUOe.exe
  C:\Windows\System\kJcAUOe.exe
  2⤵
  PID:3608
- C:\Windows\System\hhzeaQK.exe
  C:\Windows\System\hhzeaQK.exe
  2⤵
  PID:3356
- C:\Windows\System\ABEVtrs.exe
  C:\Windows\System\ABEVtrs.exe
  2⤵
  PID:3392
- C:\Windows\System\aCQuXNp.exe
  C:\Windows\System\aCQuXNp.exe
  2⤵
  PID:3684
- C:\Windows\System\SjxxVqF.exe
  C:\Windows\System\SjxxVqF.exe
  2⤵
  PID:3756
- C:\Windows\System\zuhtIQQ.exe
  C:\Windows\System\zuhtIQQ.exe
  2⤵
  PID:3828
- C:\Windows\System\LpIPQHA.exe
  C:\Windows\System\LpIPQHA.exe
  2⤵
  PID:3516
- C:\Windows\System\IqBGFDa.exe
  C:\Windows\System\IqBGFDa.exe
  2⤵
  PID:3628
- C:\Windows\System\kMQSBCE.exe
  C:\Windows\System\kMQSBCE.exe
  2⤵
  PID:3860
- C:\Windows\System\UuBywfG.exe
  C:\Windows\System\UuBywfG.exe
  2⤵
  PID:3956
- C:\Windows\System\dYGuaCs.exe
  C:\Windows\System\dYGuaCs.exe
  2⤵
  PID:3980
- C:\Windows\System\oQluEZC.exe
  C:\Windows\System\oQluEZC.exe
  2⤵
  PID:4016
- C:\Windows\System\rYckEZM.exe
  C:\Windows\System\rYckEZM.exe
  2⤵
  PID:4056
- C:\Windows\System\bDkfHeK.exe
  C:\Windows\System\bDkfHeK.exe
  2⤵
  PID:3912
- C:\Windows\System\byzHmmr.exe
  C:\Windows\System\byzHmmr.exe
  2⤵
  PID:3736
- C:\Windows\System\cbyqZgF.exe
  C:\Windows\System\cbyqZgF.exe
  2⤵
  PID:3876
- C:\Windows\System\HuelofE.exe
  C:\Windows\System\HuelofE.exe
  2⤵
  PID:3808
- C:\Windows\System\dDwPpMx.exe
  C:\Windows\System\dDwPpMx.exe
  2⤵
  PID:4092
- C:\Windows\System\jGIcsPv.exe
  C:\Windows\System\jGIcsPv.exe
  2⤵
  PID:3992
- C:\Windows\System\eGykzkN.exe
  C:\Windows\System\eGykzkN.exe
  2⤵
  PID:4068
- C:\Windows\System\XakKZOl.exe
  C:\Windows\System\XakKZOl.exe
  2⤵
  PID:1312
- C:\Windows\System\tJuHNJB.exe
  C:\Windows\System\tJuHNJB.exe
  2⤵
  PID:1068
- C:\Windows\System\iyOaXVJ.exe
  C:\Windows\System\iyOaXVJ.exe
  2⤵
  PID:2824
- C:\Windows\System\QYqTZNn.exe
  C:\Windows\System\QYqTZNn.exe
  2⤵
  PID:2952
- C:\Windows\System\AZwHzKc.exe
  C:\Windows\System\AZwHzKc.exe
  2⤵
  PID:3128
- C:\Windows\System\OHOYNoG.exe
  C:\Windows\System\OHOYNoG.exe
  2⤵
  PID:3216
- C:\Windows\System\trFCwsS.exe
  C:\Windows\System\trFCwsS.exe
  2⤵
  PID:3144
- C:\Windows\System\SXmuxRi.exe
  C:\Windows\System\SXmuxRi.exe
  2⤵
  PID:3312
- C:\Windows\System\TlBhahn.exe
  C:\Windows\System\TlBhahn.exe
  2⤵
  PID:3448
- C:\Windows\System\VKLonFH.exe
  C:\Windows\System\VKLonFH.exe
  2⤵
  PID:3432
- C:\Windows\System\zYSHPYg.exe
  C:\Windows\System\zYSHPYg.exe
  2⤵
  PID:3372
- C:\Windows\System\OmhwQNn.exe
  C:\Windows\System\OmhwQNn.exe
  2⤵
  PID:3528
- C:\Windows\System\wqVBDsN.exe
  C:\Windows\System\wqVBDsN.exe
  2⤵
  PID:3720
- C:\Windows\System\DoYHUfd.exe
  C:\Windows\System\DoYHUfd.exe
  2⤵
  PID:3652
- C:\Windows\System\aXaZnbO.exe
  C:\Windows\System\aXaZnbO.exe
  2⤵
  PID:3972
- C:\Windows\System\CgSTevf.exe
  C:\Windows\System\CgSTevf.exe
  2⤵
  PID:3544
- C:\Windows\System\MXIegZS.exe
  C:\Windows\System\MXIegZS.exe
  2⤵
  PID:3776
- C:\Windows\System\GKyMtTM.exe
  C:\Windows\System\GKyMtTM.exe
  2⤵
  PID:3948
- C:\Windows\System\ilyLCJY.exe
  C:\Windows\System\ilyLCJY.exe
  2⤵
  PID:3840
- C:\Windows\System\DowKmgV.exe
  C:\Windows\System\DowKmgV.exe
  2⤵
  PID:4012
- C:\Windows\System\FUtxvna.exe
  C:\Windows\System\FUtxvna.exe
  2⤵
  PID:3672
- C:\Windows\System\HINHnKN.exe
  C:\Windows\System\HINHnKN.exe
  2⤵
  PID:3704
- C:\Windows\System\jhRRsWf.exe
  C:\Windows\System\jhRRsWf.exe
  2⤵
  PID:4032
- C:\Windows\System\bCgDSvg.exe
  C:\Windows\System\bCgDSvg.exe
  2⤵
  PID:1900
- C:\Windows\System\RumSXpG.exe
  C:\Windows\System\RumSXpG.exe
  2⤵
  PID:3076
- C:\Windows\System\BsFLlBh.exe
  C:\Windows\System\BsFLlBh.exe
  2⤵
  PID:1704
- C:\Windows\System\GBPsClj.exe
  C:\Windows\System\GBPsClj.exe
  2⤵
  PID:3248
- C:\Windows\System\ZtKbWLT.exe
  C:\Windows\System\ZtKbWLT.exe
  2⤵
  PID:3276
- C:\Windows\System\BSpNSco.exe
  C:\Windows\System\BSpNSco.exe
  2⤵
  PID:3332
- C:\Windows\System\PMLmosw.exe
  C:\Windows\System\PMLmosw.exe
  2⤵
  PID:3288
- C:\Windows\System\pMLuwsy.exe
  C:\Windows\System\pMLuwsy.exe
  2⤵
  PID:3692
- C:\Windows\System\gpmGJIk.exe
  C:\Windows\System\gpmGJIk.exe
  2⤵
  PID:3964
- C:\Windows\System\xAxXBsc.exe
  C:\Windows\System\xAxXBsc.exe
  2⤵
  PID:3796
- C:\Windows\System\wEkIQWF.exe
  C:\Windows\System\wEkIQWF.exe
  2⤵
  PID:3920
- C:\Windows\System\tSKNyQO.exe
  C:\Windows\System\tSKNyQO.exe
  2⤵
  PID:1764
- C:\Windows\System\bqnAzlk.exe
  C:\Windows\System\bqnAzlk.exe
  2⤵
  PID:3928
- C:\Windows\System\qNavjAv.exe
  C:\Windows\System\qNavjAv.exe
  2⤵
  PID:792
- C:\Windows\System\jGiYwpV.exe
  C:\Windows\System\jGiYwpV.exe
  2⤵
  PID:4028
- C:\Windows\System\fBDPGtH.exe
  C:\Windows\System\fBDPGtH.exe
  2⤵
  PID:1824
- C:\Windows\System\BmhwsQL.exe
  C:\Windows\System\BmhwsQL.exe
  2⤵
  PID:3252
- C:\Windows\System\XsoDgux.exe
  C:\Windows\System\XsoDgux.exe
  2⤵
  PID:4116
- C:\Windows\System\AUdETlz.exe
  C:\Windows\System\AUdETlz.exe
  2⤵
  PID:4136
- C:\Windows\System\SGdJESm.exe
  C:\Windows\System\SGdJESm.exe
  2⤵
  PID:4156
- C:\Windows\System\odDEZta.exe
  C:\Windows\System\odDEZta.exe
  2⤵
  PID:4176
- C:\Windows\System\nIFvDIe.exe
  C:\Windows\System\nIFvDIe.exe
  2⤵
  PID:4196
- C:\Windows\System\dXZihdn.exe
  C:\Windows\System\dXZihdn.exe
  2⤵
  PID:4216
- C:\Windows\System\iHTEWqi.exe
  C:\Windows\System\iHTEWqi.exe
  2⤵
  PID:4236
- C:\Windows\System\kQDdnkW.exe
  C:\Windows\System\kQDdnkW.exe
  2⤵
  PID:4256
- C:\Windows\System\zqDZpsO.exe
  C:\Windows\System\zqDZpsO.exe
  2⤵
  PID:4276
- C:\Windows\System\rdqIGMU.exe
  C:\Windows\System\rdqIGMU.exe
  2⤵
  PID:4296
- C:\Windows\System\ijlGrKn.exe
  C:\Windows\System\ijlGrKn.exe
  2⤵
  PID:4316
- C:\Windows\System\agTOVLX.exe
  C:\Windows\System\agTOVLX.exe
  2⤵
  PID:4336
- C:\Windows\System\nsDUxog.exe
  C:\Windows\System\nsDUxog.exe
  2⤵
  PID:4356
- C:\Windows\System\TJSPnNo.exe
  C:\Windows\System\TJSPnNo.exe
  2⤵
  PID:4376
- C:\Windows\System\GanAsCA.exe
  C:\Windows\System\GanAsCA.exe
  2⤵
  PID:4396
- C:\Windows\System\ZxpBZWj.exe
  C:\Windows\System\ZxpBZWj.exe
  2⤵
  PID:4416
- C:\Windows\System\SNQxren.exe
  C:\Windows\System\SNQxren.exe
  2⤵
  PID:4436
- C:\Windows\System\FYGdJAi.exe
  C:\Windows\System\FYGdJAi.exe
  2⤵
  PID:4456
- C:\Windows\System\bsGlBUv.exe
  C:\Windows\System\bsGlBUv.exe
  2⤵
  PID:4476
- C:\Windows\System\iANoTHu.exe
  C:\Windows\System\iANoTHu.exe
  2⤵
  PID:4496
- C:\Windows\System\grcsqaz.exe
  C:\Windows\System\grcsqaz.exe
  2⤵
  PID:4516
- C:\Windows\System\TtEWgVt.exe
  C:\Windows\System\TtEWgVt.exe
  2⤵
  PID:4536
- C:\Windows\System\sMrPfKJ.exe
  C:\Windows\System\sMrPfKJ.exe
  2⤵
  PID:4556
- C:\Windows\System\mmnkHFu.exe
  C:\Windows\System\mmnkHFu.exe
  2⤵
  PID:4576
- C:\Windows\System\DzZPbKM.exe
  C:\Windows\System\DzZPbKM.exe
  2⤵
  PID:4596
- C:\Windows\System\MPqwFAb.exe
  C:\Windows\System\MPqwFAb.exe
  2⤵
  PID:4616
- C:\Windows\System\uHRDHcs.exe
  C:\Windows\System\uHRDHcs.exe
  2⤵
  PID:4636
- C:\Windows\System\AXujRmB.exe
  C:\Windows\System\AXujRmB.exe
  2⤵
  PID:4656
- C:\Windows\System\PdHUxVU.exe
  C:\Windows\System\PdHUxVU.exe
  2⤵
  PID:4676
- C:\Windows\System\DuaApDe.exe
  C:\Windows\System\DuaApDe.exe
  2⤵
  PID:4696
- C:\Windows\System\fincRxp.exe
  C:\Windows\System\fincRxp.exe
  2⤵
  PID:4716
- C:\Windows\System\DkfRZDg.exe
  C:\Windows\System\DkfRZDg.exe
  2⤵
  PID:4736
- C:\Windows\System\ZHEbSaf.exe
  C:\Windows\System\ZHEbSaf.exe
  2⤵
  PID:4756
- C:\Windows\System\fKtxfPS.exe
  C:\Windows\System\fKtxfPS.exe
  2⤵
  PID:4776
- C:\Windows\System\ZqUsbnx.exe
  C:\Windows\System\ZqUsbnx.exe
  2⤵
  PID:4796
- C:\Windows\System\CGxdJsw.exe
  C:\Windows\System\CGxdJsw.exe
  2⤵
  PID:4816
- C:\Windows\System\ghbaTKH.exe
  C:\Windows\System\ghbaTKH.exe
  2⤵
  PID:4836
- C:\Windows\System\kvQDBWk.exe
  C:\Windows\System\kvQDBWk.exe
  2⤵
  PID:4856
- C:\Windows\System\ZOklTpJ.exe
  C:\Windows\System\ZOklTpJ.exe
  2⤵
  PID:4876
- C:\Windows\System\xPPuNEA.exe
  C:\Windows\System\xPPuNEA.exe
  2⤵
  PID:4896
- C:\Windows\System\CfPxuJW.exe
  C:\Windows\System\CfPxuJW.exe
  2⤵
  PID:4916
- C:\Windows\System\yKEdwsd.exe
  C:\Windows\System\yKEdwsd.exe
  2⤵
  PID:4936
- C:\Windows\System\agUNTih.exe
  C:\Windows\System\agUNTih.exe
  2⤵
  PID:4956
- C:\Windows\System\Qpqriwr.exe
  C:\Windows\System\Qpqriwr.exe
  2⤵
  PID:4976
- C:\Windows\System\qSiPmYn.exe
  C:\Windows\System\qSiPmYn.exe
  2⤵
  PID:5000
- C:\Windows\System\NtxdGLM.exe
  C:\Windows\System\NtxdGLM.exe
  2⤵
  PID:5020
- C:\Windows\System\MbeaTzo.exe
  C:\Windows\System\MbeaTzo.exe
  2⤵
  PID:5040
- C:\Windows\System\YeowsIj.exe
  C:\Windows\System\YeowsIj.exe
  2⤵
  PID:5060
- C:\Windows\System\jSmFWpl.exe
  C:\Windows\System\jSmFWpl.exe
  2⤵
  PID:5080
- C:\Windows\System\ofpNWeR.exe
  C:\Windows\System\ofpNWeR.exe
  2⤵
  PID:5100
- C:\Windows\System\RGiAYvP.exe
  C:\Windows\System\RGiAYvP.exe
  2⤵
  PID:3188
- C:\Windows\System\EjKBhfC.exe
  C:\Windows\System\EjKBhfC.exe
  2⤵
  PID:3336
- C:\Windows\System\OXfLFsJ.exe
  C:\Windows\System\OXfLFsJ.exe
  2⤵
  PID:3584
- C:\Windows\System\NeEtJHI.exe
  C:\Windows\System\NeEtJHI.exe
  2⤵
  PID:3792
- C:\Windows\System\VoNVCeD.exe
  C:\Windows\System\VoNVCeD.exe
  2⤵
  PID:3744
- C:\Windows\System\tDuntbd.exe
  C:\Windows\System\tDuntbd.exe
  2⤵
  PID:1008
- C:\Windows\System\HmUuZaa.exe
  C:\Windows\System\HmUuZaa.exe
  2⤵
  PID:3036
- C:\Windows\System\batYYbc.exe
  C:\Windows\System\batYYbc.exe
  2⤵
  PID:4104
- C:\Windows\System\eReJAhk.exe
  C:\Windows\System\eReJAhk.exe
  2⤵
  PID:4124
- C:\Windows\System\aHINAmH.exe
  C:\Windows\System\aHINAmH.exe
  2⤵
  PID:4148
- C:\Windows\System\TzonZtm.exe
  C:\Windows\System\TzonZtm.exe
  2⤵
  PID:4192
- C:\Windows\System\LEFZEcZ.exe
  C:\Windows\System\LEFZEcZ.exe
  2⤵
  PID:4224
- C:\Windows\System\ZsuPBTw.exe
  C:\Windows\System\ZsuPBTw.exe
  2⤵
  PID:4264
- C:\Windows\System\yXPFBTb.exe
  C:\Windows\System\yXPFBTb.exe
  2⤵
  PID:4292
- C:\Windows\System\IdqtIjJ.exe
  C:\Windows\System\IdqtIjJ.exe
  2⤵
  PID:4324
- C:\Windows\System\MWBefSp.exe
  C:\Windows\System\MWBefSp.exe
  2⤵
  PID:4348
- C:\Windows\System\gHacrmv.exe
  C:\Windows\System\gHacrmv.exe
  2⤵
  PID:4392
- C:\Windows\System\AypYERO.exe
  C:\Windows\System\AypYERO.exe
  2⤵
  PID:4432
- C:\Windows\System\XHHyQbg.exe
  C:\Windows\System\XHHyQbg.exe
  2⤵
  PID:4448
- C:\Windows\System\bPCKAqF.exe
  C:\Windows\System\bPCKAqF.exe
  2⤵
  PID:4504
- C:\Windows\System\zcswlDI.exe
  C:\Windows\System\zcswlDI.exe
  2⤵
  PID:4544
- C:\Windows\System\yizNpsT.exe
  C:\Windows\System\yizNpsT.exe
  2⤵
  PID:4548
- C:\Windows\System\dLwDxyB.exe
  C:\Windows\System\dLwDxyB.exe
  2⤵
  PID:4592
- C:\Windows\System\ilUsvSv.exe
  C:\Windows\System\ilUsvSv.exe
  2⤵
  PID:4632
- C:\Windows\System\ObRHLpb.exe
  C:\Windows\System\ObRHLpb.exe
  2⤵
  PID:4664
- C:\Windows\System\BQtJRbp.exe
  C:\Windows\System\BQtJRbp.exe
  2⤵
  PID:4704
- C:\Windows\System\HojargA.exe
  C:\Windows\System\HojargA.exe
  2⤵
  PID:4724
- C:\Windows\System\UFaiieM.exe
  C:\Windows\System\UFaiieM.exe
  2⤵
  PID:4748
- C:\Windows\System\jYSzoQn.exe
  C:\Windows\System\jYSzoQn.exe
  2⤵
  PID:4768
- C:\Windows\System\aYegThg.exe
  C:\Windows\System\aYegThg.exe
  2⤵
  PID:4832
- C:\Windows\System\bsnNHmr.exe
  C:\Windows\System\bsnNHmr.exe
  2⤵
  PID:4872
- C:\Windows\System\vhMgwvh.exe
  C:\Windows\System\vhMgwvh.exe
  2⤵
  PID:4904
- C:\Windows\System\hrTtLyU.exe
  C:\Windows\System\hrTtLyU.exe
  2⤵
  PID:4924
- C:\Windows\System\mOyFQRg.exe
  C:\Windows\System\mOyFQRg.exe
  2⤵
  PID:4948
- C:\Windows\System\MvzYTyK.exe
  C:\Windows\System\MvzYTyK.exe
  2⤵
  PID:4996
- C:\Windows\System\SEncTKv.exe
  C:\Windows\System\SEncTKv.exe
  2⤵
  PID:5016
- C:\Windows\System\GRQKxLN.exe
  C:\Windows\System\GRQKxLN.exe
  2⤵
  PID:5056
- C:\Windows\System\WtRpuHr.exe
  C:\Windows\System\WtRpuHr.exe
  2⤵
  PID:5096
- C:\Windows\System\tNuSBCl.exe
  C:\Windows\System\tNuSBCl.exe
  2⤵
  PID:3272
- C:\Windows\System\COMfCSg.exe
  C:\Windows\System\COMfCSg.exe
  2⤵
  PID:3496
- C:\Windows\System\EGfXWOd.exe
  C:\Windows\System\EGfXWOd.exe
  2⤵
  PID:3896
- C:\Windows\System\ajuiiGp.exe
  C:\Windows\System\ajuiiGp.exe
  2⤵
  PID:3668
- C:\Windows\System\OVYhGZD.exe
  C:\Windows\System\OVYhGZD.exe
  2⤵
  PID:2600
- C:\Windows\System\fXEzhuz.exe
  C:\Windows\System\fXEzhuz.exe
  2⤵
  PID:4152
- C:\Windows\System\uEfblcU.exe
  C:\Windows\System\uEfblcU.exe
  2⤵
  PID:4204
- C:\Windows\System\NdGhTHI.exe
  C:\Windows\System\NdGhTHI.exe
  2⤵
  PID:4244
- C:\Windows\System\AaiWCXA.exe
  C:\Windows\System\AaiWCXA.exe
  2⤵
  PID:4308
- C:\Windows\System\dfvriiv.exe
  C:\Windows\System\dfvriiv.exe
  2⤵
  PID:4344
- C:\Windows\System\qeooSas.exe
  C:\Windows\System\qeooSas.exe
  2⤵
  PID:4412
- C:\Windows\System\LcBlzKD.exe
  C:\Windows\System\LcBlzKD.exe
  2⤵
  PID:4488
- C:\Windows\System\zYBspCn.exe
  C:\Windows\System\zYBspCn.exe
  2⤵
  PID:4552
- C:\Windows\System\rEyeCtY.exe
  C:\Windows\System\rEyeCtY.exe
  2⤵
  PID:4604
- C:\Windows\System\ttXiRcq.exe
  C:\Windows\System\ttXiRcq.exe
  2⤵
  PID:4644
- C:\Windows\System\ZDRiiDz.exe
  C:\Windows\System\ZDRiiDz.exe
  2⤵
  PID:4708
- C:\Windows\System\mhSHchr.exe
  C:\Windows\System\mhSHchr.exe
  2⤵
  PID:4772
- C:\Windows\System\lhCcSSC.exe
  C:\Windows\System\lhCcSSC.exe
  2⤵
  PID:4808
- C:\Windows\System\vMSaJes.exe
  C:\Windows\System\vMSaJes.exe
  2⤵
  PID:4884
- C:\Windows\System\qIjXyjO.exe
  C:\Windows\System\qIjXyjO.exe
  2⤵
  PID:4932
- C:\Windows\System\MUMtzqe.exe
  C:\Windows\System\MUMtzqe.exe
  2⤵
  PID:4972
- C:\Windows\System\pscSRBA.exe
  C:\Windows\System\pscSRBA.exe
  2⤵
  PID:5048
- C:\Windows\System\CtdmkRt.exe
  C:\Windows\System\CtdmkRt.exe
  2⤵
  PID:5072
- C:\Windows\System\xVeNAUa.exe
  C:\Windows\System\xVeNAUa.exe
  2⤵
  PID:3492
- C:\Windows\System\nQdKFQW.exe
  C:\Windows\System\nQdKFQW.exe
  2⤵
  PID:2212
- C:\Windows\System\oVaUNwX.exe
  C:\Windows\System\oVaUNwX.exe
  2⤵
  PID:4108
- C:\Windows\System\uEnNPNV.exe
  C:\Windows\System\uEnNPNV.exe
  2⤵
  PID:4112
- C:\Windows\System\uiGtJjz.exe
  C:\Windows\System\uiGtJjz.exe
  2⤵
  PID:4304
- C:\Windows\System\yDLRLFV.exe
  C:\Windows\System\yDLRLFV.exe
  2⤵
  PID:4372
- C:\Windows\System\WutuyNc.exe
  C:\Windows\System\WutuyNc.exe
  2⤵
  PID:5128
- C:\Windows\System\ciAAPRX.exe
  C:\Windows\System\ciAAPRX.exe
  2⤵
  PID:5148
- C:\Windows\System\fcesKhe.exe
  C:\Windows\System\fcesKhe.exe
  2⤵
  PID:5168
- C:\Windows\System\aZXFlnN.exe
  C:\Windows\System\aZXFlnN.exe
  2⤵
  PID:5188
- C:\Windows\System\aFzQLhT.exe
  C:\Windows\System\aFzQLhT.exe
  2⤵
  PID:5208
- C:\Windows\System\JxmAqJD.exe
  C:\Windows\System\JxmAqJD.exe
  2⤵
  PID:5228
- C:\Windows\System\HWXhJaz.exe
  C:\Windows\System\HWXhJaz.exe
  2⤵
  PID:5248
- C:\Windows\System\gFrxYkN.exe
  C:\Windows\System\gFrxYkN.exe
  2⤵
  PID:5268
- C:\Windows\System\SDDdcSr.exe
  C:\Windows\System\SDDdcSr.exe
  2⤵
  PID:5288
- C:\Windows\System\YnGAOvR.exe
  C:\Windows\System\YnGAOvR.exe
  2⤵
  PID:5308
- C:\Windows\System\oLNXIAJ.exe
  C:\Windows\System\oLNXIAJ.exe
  2⤵
  PID:5328
- C:\Windows\System\yjviovL.exe
  C:\Windows\System\yjviovL.exe
  2⤵
  PID:5348
- C:\Windows\System\QtzgwQO.exe
  C:\Windows\System\QtzgwQO.exe
  2⤵
  PID:5368
- C:\Windows\System\IWWlXwu.exe
  C:\Windows\System\IWWlXwu.exe
  2⤵
  PID:5388
- C:\Windows\System\nAaHUxv.exe
  C:\Windows\System\nAaHUxv.exe
  2⤵
  PID:5408
- C:\Windows\System\OiCuHPe.exe
  C:\Windows\System\OiCuHPe.exe
  2⤵
  PID:5428
- C:\Windows\System\MAzvLav.exe
  C:\Windows\System\MAzvLav.exe
  2⤵
  PID:5448
- C:\Windows\System\dgZlqBV.exe
  C:\Windows\System\dgZlqBV.exe
  2⤵
  PID:5468
- C:\Windows\System\rLzNVWy.exe
  C:\Windows\System\rLzNVWy.exe
  2⤵
  PID:5488
- C:\Windows\System\mRQBFfk.exe
  C:\Windows\System\mRQBFfk.exe
  2⤵
  PID:5508
- C:\Windows\System\eArlxFK.exe
  C:\Windows\System\eArlxFK.exe
  2⤵
  PID:5528
- C:\Windows\System\tYUbvnQ.exe
  C:\Windows\System\tYUbvnQ.exe
  2⤵
  PID:5548
- C:\Windows\System\HpZWZGp.exe
  C:\Windows\System\HpZWZGp.exe
  2⤵
  PID:5568
- C:\Windows\System\ecsYzCs.exe
  C:\Windows\System\ecsYzCs.exe
  2⤵
  PID:5588
- C:\Windows\System\bPpcBbQ.exe
  C:\Windows\System\bPpcBbQ.exe
  2⤵
  PID:5608
- C:\Windows\System\oJFmSDN.exe
  C:\Windows\System\oJFmSDN.exe
  2⤵
  PID:5628
- C:\Windows\System\PUsMMto.exe
  C:\Windows\System\PUsMMto.exe
  2⤵
  PID:5648
- C:\Windows\System\uxGYCls.exe
  C:\Windows\System\uxGYCls.exe
  2⤵
  PID:5668
- C:\Windows\System\ZNgPiAP.exe
  C:\Windows\System\ZNgPiAP.exe
  2⤵
  PID:5688
- C:\Windows\System\xkEQGcm.exe
  C:\Windows\System\xkEQGcm.exe
  2⤵
  PID:5708
- C:\Windows\System\QiXJqzc.exe
  C:\Windows\System\QiXJqzc.exe
  2⤵
  PID:5728
- C:\Windows\System\ViAQNoQ.exe
  C:\Windows\System\ViAQNoQ.exe
  2⤵
  PID:5752
- C:\Windows\System\EVNQKay.exe
  C:\Windows\System\EVNQKay.exe
  2⤵
  PID:5772
- C:\Windows\System\DdWSkxZ.exe
  C:\Windows\System\DdWSkxZ.exe
  2⤵
  PID:5792
- C:\Windows\System\ZAUSnfY.exe
  C:\Windows\System\ZAUSnfY.exe
  2⤵
  PID:5812
- C:\Windows\System\WNegrhX.exe
  C:\Windows\System\WNegrhX.exe
  2⤵
  PID:5832
- C:\Windows\System\hAKdKUF.exe
  C:\Windows\System\hAKdKUF.exe
  2⤵
  PID:5852
- C:\Windows\System\BHcuiEu.exe
  C:\Windows\System\BHcuiEu.exe
  2⤵
  PID:5872
- C:\Windows\System\iRKzbCu.exe
  C:\Windows\System\iRKzbCu.exe
  2⤵
  PID:5892
- C:\Windows\System\CAlTwLc.exe
  C:\Windows\System\CAlTwLc.exe
  2⤵
  PID:5912
- C:\Windows\System\otWUVQN.exe
  C:\Windows\System\otWUVQN.exe
  2⤵
  PID:5932
- C:\Windows\System\gvkyLoq.exe
  C:\Windows\System\gvkyLoq.exe
  2⤵
  PID:5952
- C:\Windows\System\DtZdHZE.exe
  C:\Windows\System\DtZdHZE.exe
  2⤵
  PID:5972
- C:\Windows\System\KXrxmjO.exe
  C:\Windows\System\KXrxmjO.exe
  2⤵
  PID:5992
- C:\Windows\System\XbLuGTk.exe
  C:\Windows\System\XbLuGTk.exe
  2⤵
  PID:6012
- C:\Windows\System\xnwbKJP.exe
  C:\Windows\System\xnwbKJP.exe
  2⤵
  PID:6032
- C:\Windows\System\bjwTIDi.exe
  C:\Windows\System\bjwTIDi.exe
  2⤵
  PID:6052
- C:\Windows\System\LvFSZPu.exe
  C:\Windows\System\LvFSZPu.exe
  2⤵
  PID:6072
- C:\Windows\System\VqAjTrG.exe
  C:\Windows\System\VqAjTrG.exe
  2⤵
  PID:6092
- C:\Windows\System\ETvDthH.exe
  C:\Windows\System\ETvDthH.exe
  2⤵
  PID:6112
- C:\Windows\System\dilayfa.exe
  C:\Windows\System\dilayfa.exe
  2⤵
  PID:6132
- C:\Windows\System\gUjkGYx.exe
  C:\Windows\System\gUjkGYx.exe
  2⤵
  PID:4508
- C:\Windows\System\VgyTtba.exe
  C:\Windows\System\VgyTtba.exe
  2⤵
  PID:4652
- C:\Windows\System\LyzdjqE.exe
  C:\Windows\System\LyzdjqE.exe
  2⤵
  PID:4668
- C:\Windows\System\PYrSOaC.exe
  C:\Windows\System\PYrSOaC.exe
  2⤵
  PID:4784
- C:\Windows\System\FtsQCSx.exe
  C:\Windows\System\FtsQCSx.exe
  2⤵
  PID:4864
- C:\Windows\System\GZvhsuR.exe
  C:\Windows\System\GZvhsuR.exe
  2⤵
  PID:4908
- C:\Windows\System\nmtwzRw.exe
  C:\Windows\System\nmtwzRw.exe
  2⤵
  PID:5076
- C:\Windows\System\ecZzpZY.exe
  C:\Windows\System\ecZzpZY.exe
  2⤵
  PID:3636
- C:\Windows\System\lveixIL.exe
  C:\Windows\System\lveixIL.exe
  2⤵
  PID:3212
- C:\Windows\System\tAQsafh.exe
  C:\Windows\System\tAQsafh.exe
  2⤵
  PID:4284
- C:\Windows\System\pbnlFDc.exe
  C:\Windows\System\pbnlFDc.exe
  2⤵
  PID:4368
- C:\Windows\System\xSIgwfp.exe
  C:\Windows\System\xSIgwfp.exe
  2⤵
  PID:5144
- C:\Windows\System\fWYHinh.exe
  C:\Windows\System\fWYHinh.exe
  2⤵
  PID:5184
- C:\Windows\System\dwoOvMe.exe
  C:\Windows\System\dwoOvMe.exe
  2⤵
  PID:5200
- C:\Windows\System\EdRVZzz.exe
  C:\Windows\System\EdRVZzz.exe
  2⤵
  PID:5236
- C:\Windows\System\RlAZSnx.exe
  C:\Windows\System\RlAZSnx.exe
  2⤵
  PID:5276
- C:\Windows\System\IdsqJUi.exe
  C:\Windows\System\IdsqJUi.exe
  2⤵
  PID:5300
- C:\Windows\System\NqeioIN.exe
  C:\Windows\System\NqeioIN.exe
  2⤵
  PID:5340
- C:\Windows\System\OKsWQVz.exe
  C:\Windows\System\OKsWQVz.exe
  2⤵
  PID:5384
- C:\Windows\System\vjSMOuA.exe
  C:\Windows\System\vjSMOuA.exe
  2⤵
  PID:5404
- C:\Windows\System\GWmfuRK.exe
  C:\Windows\System\GWmfuRK.exe
  2⤵
  PID:5444
- C:\Windows\System\OdokAIp.exe
  C:\Windows\System\OdokAIp.exe
  2⤵
  PID:5496
- C:\Windows\System\eBjSwwU.exe
  C:\Windows\System\eBjSwwU.exe
  2⤵
  PID:5480
- C:\Windows\System\uXRZtue.exe
  C:\Windows\System\uXRZtue.exe
  2⤵
  PID:5540
- C:\Windows\System\XOAiBTW.exe
  C:\Windows\System\XOAiBTW.exe
  2⤵
  PID:5564
- C:\Windows\System\MHRjkAm.exe
  C:\Windows\System\MHRjkAm.exe
  2⤵
  PID:5616
- C:\Windows\System\dGJBHDW.exe
  C:\Windows\System\dGJBHDW.exe
  2⤵
  PID:5656
- C:\Windows\System\EIqdIYp.exe
  C:\Windows\System\EIqdIYp.exe
  2⤵
  PID:5676
- C:\Windows\System\alGvIdn.exe
  C:\Windows\System\alGvIdn.exe
  2⤵
  PID:5700
- C:\Windows\System\qjWUbDz.exe
  C:\Windows\System\qjWUbDz.exe
  2⤵
  PID:5748
- C:\Windows\System\TtMadhB.exe
  C:\Windows\System\TtMadhB.exe
  2⤵
  PID:5764
- C:\Windows\System\hkNNMlc.exe
  C:\Windows\System\hkNNMlc.exe
  2⤵
  PID:5808
- C:\Windows\System\CSUodAB.exe
  C:\Windows\System\CSUodAB.exe
  2⤵
  PID:5848
- C:\Windows\System\ynUOmeP.exe
  C:\Windows\System\ynUOmeP.exe
  2⤵
  PID:5880
- C:\Windows\System\GrOhDwe.exe
  C:\Windows\System\GrOhDwe.exe
  2⤵
  PID:5920
- C:\Windows\System\HUcPBEK.exe
  C:\Windows\System\HUcPBEK.exe
  2⤵
  PID:5944
- C:\Windows\System\tjKDJxa.exe
  C:\Windows\System\tjKDJxa.exe
  2⤵
  PID:5988
- C:\Windows\System\omfcUEO.exe
  C:\Windows\System\omfcUEO.exe
  2⤵
  PID:6020
- C:\Windows\System\WySJjgC.exe
  C:\Windows\System\WySJjgC.exe
  2⤵
  PID:6060
- C:\Windows\System\ovfkrDf.exe
  C:\Windows\System\ovfkrDf.exe
  2⤵
  PID:6080
- C:\Windows\System\nPnVdsm.exe
  C:\Windows\System\nPnVdsm.exe
  2⤵
  PID:6120
- C:\Windows\System\LBcjemc.exe
  C:\Windows\System\LBcjemc.exe
  2⤵
  PID:4484
- C:\Windows\System\DmUaJCB.exe
  C:\Windows\System\DmUaJCB.exe
  2⤵
  PID:4612
- C:\Windows\System\kfYjswk.exe
  C:\Windows\System\kfYjswk.exe
  2⤵
  PID:4728
- C:\Windows\System\RWlVSTA.exe
  C:\Windows\System\RWlVSTA.exe
  2⤵
  PID:5036
- C:\Windows\System\AzerSyb.exe
  C:\Windows\System\AzerSyb.exe
  2⤵
  PID:3208
- C:\Windows\System\ZtpHKaA.exe
  C:\Windows\System\ZtpHKaA.exe
  2⤵
  PID:4088
- C:\Windows\System\NntouJz.exe
  C:\Windows\System\NntouJz.exe
  2⤵
  PID:4328
- C:\Windows\System\QGxEBcG.exe
  C:\Windows\System\QGxEBcG.exe
  2⤵
  PID:5176
- C:\Windows\System\YtmdYlY.exe
  C:\Windows\System\YtmdYlY.exe
  2⤵
  PID:5256
- C:\Windows\System\zGobqGF.exe
  C:\Windows\System\zGobqGF.exe
  2⤵
  PID:5304
- C:\Windows\System\tUgHcFv.exe
  C:\Windows\System\tUgHcFv.exe
  2⤵
  PID:5344
- C:\Windows\System\FjjdlaF.exe
  C:\Windows\System\FjjdlaF.exe
  2⤵
  PID:5424
- C:\Windows\System\QdnUtqc.exe
  C:\Windows\System\QdnUtqc.exe
  2⤵
  PID:5396
- C:\Windows\System\LpxmGef.exe
  C:\Windows\System\LpxmGef.exe
  2⤵
  PID:5500
- C:\Windows\System\GNCtyEb.exe
  C:\Windows\System\GNCtyEb.exe
  2⤵
  PID:5516
- C:\Windows\System\JRTebHW.exe
  C:\Windows\System\JRTebHW.exe
  2⤵
  PID:5636
- C:\Windows\System\xXEldmQ.exe
  C:\Windows\System\xXEldmQ.exe
  2⤵
  PID:5704
- C:\Windows\System\OSGMxPI.exe
  C:\Windows\System\OSGMxPI.exe
  2⤵
  PID:5716
- C:\Windows\System\doaIOEn.exe
  C:\Windows\System\doaIOEn.exe
  2⤵
  PID:5780
- C:\Windows\System\DJKJvSd.exe
  C:\Windows\System\DJKJvSd.exe
  2⤵
  PID:5840
- C:\Windows\System\wCJWBZk.exe
  C:\Windows\System\wCJWBZk.exe
  2⤵
  PID:5864
- C:\Windows\System\MNMczkO.exe
  C:\Windows\System\MNMczkO.exe
  2⤵
  PID:5940
- C:\Windows\System\lFJHvmk.exe
  C:\Windows\System\lFJHvmk.exe
  2⤵
  PID:6004
- C:\Windows\System\IVsHUzY.exe
  C:\Windows\System\IVsHUzY.exe
  2⤵
  PID:6068
- C:\Windows\System\ZbbbrUV.exe
  C:\Windows\System\ZbbbrUV.exe
  2⤵
  PID:6084
- C:\Windows\System\FmLfhKF.exe
  C:\Windows\System\FmLfhKF.exe
  2⤵
  PID:4688
- C:\Windows\System\ySesOAP.exe
  C:\Windows\System\ySesOAP.exe
  2⤵
  PID:4848
- C:\Windows\System\LyZvXEj.exe
  C:\Windows\System\LyZvXEj.exe
  2⤵
  PID:3892
- C:\Windows\System\DbsjMrb.exe
  C:\Windows\System\DbsjMrb.exe
  2⤵
  PID:5156
- C:\Windows\System\VGjCcPz.exe
  C:\Windows\System\VGjCcPz.exe
  2⤵
  PID:5180
- C:\Windows\System\fPRWVHw.exe
  C:\Windows\System\fPRWVHw.exe
  2⤵
  PID:5240
- C:\Windows\System\JkvZYrO.exe
  C:\Windows\System\JkvZYrO.exe
  2⤵
  PID:5364
- C:\Windows\System\NRoFRBN.exe
  C:\Windows\System\NRoFRBN.exe
  2⤵
  PID:5420
- C:\Windows\System\PFXMwsH.exe
  C:\Windows\System\PFXMwsH.exe
  2⤵
  PID:6160
- C:\Windows\System\WBausaQ.exe
  C:\Windows\System\WBausaQ.exe
  2⤵
  PID:6180
- C:\Windows\System\QRiHsov.exe
  C:\Windows\System\QRiHsov.exe
  2⤵
  PID:6200
- C:\Windows\System\yzDolqt.exe
  C:\Windows\System\yzDolqt.exe
  2⤵
  PID:6220
- C:\Windows\System\QzCRGWR.exe
  C:\Windows\System\QzCRGWR.exe
  2⤵
  PID:6240
- C:\Windows\System\PyjDYsQ.exe
  C:\Windows\System\PyjDYsQ.exe
  2⤵
  PID:6260
- C:\Windows\System\EAhiGVT.exe
  C:\Windows\System\EAhiGVT.exe
  2⤵
  PID:6280
- C:\Windows\System\kAOnXqG.exe
  C:\Windows\System\kAOnXqG.exe
  2⤵
  PID:6300
- C:\Windows\System\mNGnGgs.exe
  C:\Windows\System\mNGnGgs.exe
  2⤵
  PID:6320
- C:\Windows\System\wBABXVf.exe
  C:\Windows\System\wBABXVf.exe
  2⤵
  PID:6340
- C:\Windows\System\fDjNOnH.exe
  C:\Windows\System\fDjNOnH.exe
  2⤵
  PID:6360
- C:\Windows\System\JLhJEGp.exe
  C:\Windows\System\JLhJEGp.exe
  2⤵
  PID:6380
- C:\Windows\System\VumMdjz.exe
  C:\Windows\System\VumMdjz.exe
  2⤵
  PID:6404
- C:\Windows\System\NrjodKr.exe
  C:\Windows\System\NrjodKr.exe
  2⤵
  PID:6424
- C:\Windows\System\uAskZTm.exe
  C:\Windows\System\uAskZTm.exe
  2⤵
  PID:6444
- C:\Windows\System\kkVvBGO.exe
  C:\Windows\System\kkVvBGO.exe
  2⤵
  PID:6464
- C:\Windows\System\lLEUCBD.exe
  C:\Windows\System\lLEUCBD.exe
  2⤵
  PID:6484
- C:\Windows\System\PuiFrbV.exe
  C:\Windows\System\PuiFrbV.exe
  2⤵
  PID:6504
- C:\Windows\System\aXYhTBU.exe
  C:\Windows\System\aXYhTBU.exe
  2⤵
  PID:6524
- C:\Windows\System\TMdnaiU.exe
  C:\Windows\System\TMdnaiU.exe
  2⤵
  PID:6544
- C:\Windows\System\lIkozKB.exe
  C:\Windows\System\lIkozKB.exe
  2⤵
  PID:6564
- C:\Windows\System\zwsrIOW.exe
  C:\Windows\System\zwsrIOW.exe
  2⤵
  PID:6584
- C:\Windows\System\XHmPWMT.exe
  C:\Windows\System\XHmPWMT.exe
  2⤵
  PID:6604
- C:\Windows\System\CVZMcBM.exe
  C:\Windows\System\CVZMcBM.exe
  2⤵
  PID:6624
- C:\Windows\System\dgsqDKy.exe
  C:\Windows\System\dgsqDKy.exe
  2⤵
  PID:6644
- C:\Windows\System\tlblZWb.exe
  C:\Windows\System\tlblZWb.exe
  2⤵
  PID:6664
- C:\Windows\System\hipPVVH.exe
  C:\Windows\System\hipPVVH.exe
  2⤵
  PID:6684
- C:\Windows\System\nAofzxZ.exe
  C:\Windows\System\nAofzxZ.exe
  2⤵
  PID:6704
- C:\Windows\System\YbgyVmL.exe
  C:\Windows\System\YbgyVmL.exe
  2⤵
  PID:6724
- C:\Windows\System\RSUdkay.exe
  C:\Windows\System\RSUdkay.exe
  2⤵
  PID:6744
- C:\Windows\System\aKvdRrd.exe
  C:\Windows\System\aKvdRrd.exe
  2⤵
  PID:6764
- C:\Windows\System\KNGExuU.exe
  C:\Windows\System\KNGExuU.exe
  2⤵
  PID:6784
- C:\Windows\System\kebyvby.exe
  C:\Windows\System\kebyvby.exe
  2⤵
  PID:6804
- C:\Windows\System\nfvkphq.exe
  C:\Windows\System\nfvkphq.exe
  2⤵
  PID:6824
- C:\Windows\System\ORwHJBw.exe
  C:\Windows\System\ORwHJBw.exe
  2⤵
  PID:6844
- C:\Windows\System\aHCVxOA.exe
  C:\Windows\System\aHCVxOA.exe
  2⤵
  PID:6864
- C:\Windows\System\DFtwmYm.exe
  C:\Windows\System\DFtwmYm.exe
  2⤵
  PID:6884
- C:\Windows\System\hVmzvYV.exe
  C:\Windows\System\hVmzvYV.exe
  2⤵
  PID:6904
- C:\Windows\System\NdLXHTm.exe
  C:\Windows\System\NdLXHTm.exe
  2⤵
  PID:6924
- C:\Windows\System\TeDZQzm.exe
  C:\Windows\System\TeDZQzm.exe
  2⤵
  PID:6944
- C:\Windows\System\jyTPGrN.exe
  C:\Windows\System\jyTPGrN.exe
  2⤵
  PID:6964
- C:\Windows\System\lBJZdgC.exe
  C:\Windows\System\lBJZdgC.exe
  2⤵
  PID:6984
- C:\Windows\System\NanYgfe.exe
  C:\Windows\System\NanYgfe.exe
  2⤵
  PID:7004
- C:\Windows\System\hbHvZTQ.exe
  C:\Windows\System\hbHvZTQ.exe
  2⤵
  PID:7024
- C:\Windows\System\ZSMjEij.exe
  C:\Windows\System\ZSMjEij.exe
  2⤵
  PID:7044
- C:\Windows\System\ApovGtR.exe
  C:\Windows\System\ApovGtR.exe
  2⤵
  PID:7064
- C:\Windows\System\vVmZTbW.exe
  C:\Windows\System\vVmZTbW.exe
  2⤵
  PID:7084
- C:\Windows\System\EOLtdrX.exe
  C:\Windows\System\EOLtdrX.exe
  2⤵
  PID:7104
- C:\Windows\System\dCkMRBB.exe
  C:\Windows\System\dCkMRBB.exe
  2⤵
  PID:7124
- C:\Windows\System\pKDvsBh.exe
  C:\Windows\System\pKDvsBh.exe
  2⤵
  PID:7144
- C:\Windows\System\LrAlDub.exe
  C:\Windows\System\LrAlDub.exe
  2⤵
  PID:7164
- C:\Windows\System\KMlpnjA.exe
  C:\Windows\System\KMlpnjA.exe
  2⤵
  PID:5576
- C:\Windows\System\ATTDsEx.exe
  C:\Windows\System\ATTDsEx.exe
  2⤵
  PID:5644
- C:\Windows\System\ZrvVXZO.exe
  C:\Windows\System\ZrvVXZO.exe
  2⤵
  PID:5800
- C:\Windows\System\CwEwulh.exe
  C:\Windows\System\CwEwulh.exe
  2⤵
  PID:5860
- C:\Windows\System\xBhzKcf.exe
  C:\Windows\System\xBhzKcf.exe
  2⤵
  PID:5900
- C:\Windows\System\ZYGwDVr.exe
  C:\Windows\System\ZYGwDVr.exe
  2⤵
  PID:6048
- C:\Windows\System\PxsoCii.exe
  C:\Windows\System\PxsoCii.exe
  2⤵
  PID:4472
- C:\Windows\System\AOfLPYT.exe
  C:\Windows\System\AOfLPYT.exe
  2⤵
  PID:4888
- C:\Windows\System\Zzxbfvv.exe
  C:\Windows\System\Zzxbfvv.exe
  2⤵
  PID:5116
- C:\Windows\System\OzJhYut.exe
  C:\Windows\System\OzJhYut.exe
  2⤵
  PID:4444
- C:\Windows\System\NqKSPrE.exe
  C:\Windows\System\NqKSPrE.exe
  2⤵
  PID:5204
- C:\Windows\System\rmnekJO.exe
  C:\Windows\System\rmnekJO.exe
  2⤵
  PID:5464
- C:\Windows\System\BvwGmAh.exe
  C:\Windows\System\BvwGmAh.exe
  2⤵
  PID:6172
- C:\Windows\System\iwtuPpA.exe
  C:\Windows\System\iwtuPpA.exe
  2⤵
  PID:6212
- C:\Windows\System\mBPuodU.exe
  C:\Windows\System\mBPuodU.exe
  2⤵
  PID:6256
- C:\Windows\System\dYteoqF.exe
  C:\Windows\System\dYteoqF.exe
  2⤵
  PID:6288
- C:\Windows\System\xoRpjvA.exe
  C:\Windows\System\xoRpjvA.exe
  2⤵
  PID:6312
- C:\Windows\System\UMFLpTX.exe
  C:\Windows\System\UMFLpTX.exe
  2⤵
  PID:6332
- C:\Windows\System\ZmaiIui.exe
  C:\Windows\System\ZmaiIui.exe
  2⤵
  PID:6400
- C:\Windows\System\RAUAyRW.exe
  C:\Windows\System\RAUAyRW.exe
  2⤵
  PID:6432
- C:\Windows\System\LtQaQky.exe
  C:\Windows\System\LtQaQky.exe
  2⤵
  PID:6452
- C:\Windows\System\DGbaUzC.exe
  C:\Windows\System\DGbaUzC.exe
  2⤵
  PID:6476
- C:\Windows\System\QBcpMQu.exe
  C:\Windows\System\QBcpMQu.exe
  2⤵
  PID:6520
- C:\Windows\System\ZfmIcnS.exe
  C:\Windows\System\ZfmIcnS.exe
  2⤵
  PID:6536
- C:\Windows\System\FkcFBnK.exe
  C:\Windows\System\FkcFBnK.exe
  2⤵
  PID:6592
- C:\Windows\System\wcVPAQp.exe
  C:\Windows\System\wcVPAQp.exe
  2⤵
  PID:6612
- C:\Windows\System\XWpAnQK.exe
  C:\Windows\System\XWpAnQK.exe
  2⤵
  PID:6636
- C:\Windows\System\GTvFenD.exe
  C:\Windows\System\GTvFenD.exe
  2⤵
  PID:6676
- C:\Windows\System\UqyTxht.exe
  C:\Windows\System\UqyTxht.exe
  2⤵
  PID:6720
- C:\Windows\System\PPlNCfS.exe
  C:\Windows\System\PPlNCfS.exe
  2⤵
  PID:6752
- C:\Windows\System\kJMYXmB.exe
  C:\Windows\System\kJMYXmB.exe
  2⤵
  PID:6792
- C:\Windows\System\KYCLgif.exe
  C:\Windows\System\KYCLgif.exe
  2⤵
  PID:6812
- C:\Windows\System\tiuIGaK.exe
  C:\Windows\System\tiuIGaK.exe
  2⤵
  PID:6836
- C:\Windows\System\DsVPKRP.exe
  C:\Windows\System\DsVPKRP.exe
  2⤵
  PID:6856
- C:\Windows\System\xItpXEr.exe
  C:\Windows\System\xItpXEr.exe
  2⤵
  PID:6896
- C:\Windows\System\STTESYq.exe
  C:\Windows\System\STTESYq.exe
  2⤵
  PID:6952
- C:\Windows\System\mDEvNNU.exe
  C:\Windows\System\mDEvNNU.exe
  2⤵
  PID:6972
- C:\Windows\System\iakyrDj.exe
  C:\Windows\System\iakyrDj.exe
  2⤵
  PID:7012
- C:\Windows\System\VLRzhMy.exe
  C:\Windows\System\VLRzhMy.exe
  2⤵
  PID:7016
- C:\Windows\System\RwNLsQA.exe
  C:\Windows\System\RwNLsQA.exe
  2⤵
  PID:7080
- C:\Windows\System\YqsVLtR.exe
  C:\Windows\System\YqsVLtR.exe
  2⤵
  PID:7120
- C:\Windows\System\prOztWm.exe
  C:\Windows\System\prOztWm.exe
  2⤵
  PID:7152
- C:\Windows\System\aYFTbzv.exe
  C:\Windows\System\aYFTbzv.exe
  2⤵
  PID:5544
- C:\Windows\System\IMbsJtN.exe
  C:\Windows\System\IMbsJtN.exe
  2⤵
  PID:5684
- C:\Windows\System\okhChkQ.exe
  C:\Windows\System\okhChkQ.exe
  2⤵
  PID:6024
- C:\Windows\System\KMVtmXD.exe
  C:\Windows\System\KMVtmXD.exe
  2⤵
  PID:2344
- C:\Windows\System\znRwHpA.exe
  C:\Windows\System\znRwHpA.exe
  2⤵
  PID:4628
- C:\Windows\System\XzHdGTQ.exe
  C:\Windows\System\XzHdGTQ.exe
  2⤵
  PID:5028
- C:\Windows\System\vFSRppu.exe
  C:\Windows\System\vFSRppu.exe
  2⤵
  PID:5336
- C:\Windows\System\ZQKSknf.exe
  C:\Windows\System\ZQKSknf.exe
  2⤵
  PID:6192
- C:\Windows\System\WXASWtf.exe
  C:\Windows\System\WXASWtf.exe
  2⤵
  PID:6176
- C:\Windows\System\USgZyNz.exe
  C:\Windows\System\USgZyNz.exe
  2⤵
  PID:6248
- C:\Windows\System\THtGbiY.exe
  C:\Windows\System\THtGbiY.exe
  2⤵
  PID:6292
- C:\Windows\System\CvVlKEK.exe
  C:\Windows\System\CvVlKEK.exe
  2⤵
  PID:6412
- C:\Windows\System\MoqSaDb.exe
  C:\Windows\System\MoqSaDb.exe
  2⤵
  PID:6472
- C:\Windows\System\cUTbxKB.exe
  C:\Windows\System\cUTbxKB.exe
  2⤵
  PID:6416
- C:\Windows\System\RWisuMl.exe
  C:\Windows\System\RWisuMl.exe
  2⤵
  PID:6500
- C:\Windows\System\gPNIYYL.exe
  C:\Windows\System\gPNIYYL.exe
  2⤵
  PID:6680
- C:\Windows\System\OwfNVLO.exe
  C:\Windows\System\OwfNVLO.exe
  2⤵
  PID:6640
- C:\Windows\System\LHlsEaA.exe
  C:\Windows\System\LHlsEaA.exe
  2⤵
  PID:6632
- C:\Windows\System\CGmOUdV.exe
  C:\Windows\System\CGmOUdV.exe
  2⤵
  PID:6796
- C:\Windows\System\qtVKBvI.exe
  C:\Windows\System\qtVKBvI.exe
  2⤵
  PID:6860
- C:\Windows\System\vCvyCSE.exe
  C:\Windows\System\vCvyCSE.exe
  2⤵
  PID:6816
- C:\Windows\System\zcrVyNI.exe
  C:\Windows\System\zcrVyNI.exe
  2⤵
  PID:6992
- C:\Windows\System\WvMFEYE.exe
  C:\Windows\System\WvMFEYE.exe
  2⤵
  PID:6940
- C:\Windows\System\wImmCGv.exe
  C:\Windows\System\wImmCGv.exe
  2⤵
  PID:6936
- C:\Windows\System\JNWjFHO.exe
  C:\Windows\System\JNWjFHO.exe
  2⤵
  PID:7096
- C:\Windows\System\LofVpfa.exe
  C:\Windows\System\LofVpfa.exe
  2⤵
  PID:5596
- C:\Windows\System\qXdIAxN.exe
  C:\Windows\System\qXdIAxN.exe
  2⤵
  PID:7136
- C:\Windows\System\jLMLhHi.exe
  C:\Windows\System\jLMLhHi.exe
  2⤵
  PID:5760
- C:\Windows\System\OudfagR.exe
  C:\Windows\System\OudfagR.exe
  2⤵
  PID:5964
- C:\Windows\System\yPJQgVo.exe
  C:\Windows\System\yPJQgVo.exe
  2⤵
  PID:5264
- C:\Windows\System\tVduCvn.exe
  C:\Windows\System\tVduCvn.exe
  2⤵
  PID:6268
- C:\Windows\System\QrQUhPa.exe
  C:\Windows\System\QrQUhPa.exe
  2⤵
  PID:6348
- C:\Windows\System\iEcCMpD.exe
  C:\Windows\System\iEcCMpD.exe
  2⤵
  PID:6336
- C:\Windows\System\YSLeAbT.exe
  C:\Windows\System\YSLeAbT.exe
  2⤵
  PID:6576
- C:\Windows\System\OguYdAs.exe
  C:\Windows\System\OguYdAs.exe
  2⤵
  PID:6496
- C:\Windows\System\MIXSyNu.exe
  C:\Windows\System\MIXSyNu.exe
  2⤵
  PID:6556
- C:\Windows\System\EeyxwfK.exe
  C:\Windows\System\EeyxwfK.exe
  2⤵
  PID:6700
- C:\Windows\System\KyeLSNx.exe
  C:\Windows\System\KyeLSNx.exe
  2⤵
  PID:6820
- C:\Windows\System\jSqdIMB.exe
  C:\Windows\System\jSqdIMB.exe
  2⤵
  PID:6916
- C:\Windows\System\kWxpuVf.exe
  C:\Windows\System\kWxpuVf.exe
  2⤵
  PID:7000
- C:\Windows\System\DGIRbyL.exe
  C:\Windows\System\DGIRbyL.exe
  2⤵
  PID:7184
- C:\Windows\System\ZBzdbpa.exe
  C:\Windows\System\ZBzdbpa.exe
  2⤵
  PID:7204
- C:\Windows\System\eaOxkJN.exe
  C:\Windows\System\eaOxkJN.exe
  2⤵
  PID:7224
- C:\Windows\System\DZjkKae.exe
  C:\Windows\System\DZjkKae.exe
  2⤵
  PID:7244
- C:\Windows\System\FqFLVGn.exe
  C:\Windows\System\FqFLVGn.exe
  2⤵
  PID:7264
- C:\Windows\System\LflQvwN.exe
  C:\Windows\System\LflQvwN.exe
  2⤵
  PID:7280
- C:\Windows\System\oefkdIw.exe
  C:\Windows\System\oefkdIw.exe
  2⤵
  PID:7300
- C:\Windows\System\eliytul.exe
  C:\Windows\System\eliytul.exe
  2⤵
  PID:7324
- C:\Windows\System\ShYUOTF.exe
  C:\Windows\System\ShYUOTF.exe
  2⤵
  PID:7344
- C:\Windows\System\BnhRneJ.exe
  C:\Windows\System\BnhRneJ.exe
  2⤵
  PID:7364
- C:\Windows\System\licAPuO.exe
  C:\Windows\System\licAPuO.exe
  2⤵
  PID:7384
- C:\Windows\System\vQKNSUd.exe
  C:\Windows\System\vQKNSUd.exe
  2⤵
  PID:7404
- C:\Windows\System\TKOlDUf.exe
  C:\Windows\System\TKOlDUf.exe
  2⤵
  PID:7424
- C:\Windows\System\qKitEZZ.exe
  C:\Windows\System\qKitEZZ.exe
  2⤵
  PID:7444
- C:\Windows\System\OKfMiVu.exe
  C:\Windows\System\OKfMiVu.exe
  2⤵
  PID:7464
- C:\Windows\System\ZjnKIux.exe
  C:\Windows\System\ZjnKIux.exe
  2⤵
  PID:7480
- C:\Windows\System\oUWTodL.exe
  C:\Windows\System\oUWTodL.exe
  2⤵
  PID:7500
- C:\Windows\System\oIgrPUm.exe
  C:\Windows\System\oIgrPUm.exe
  2⤵
  PID:7524
- C:\Windows\System\rEQWAzH.exe
  C:\Windows\System\rEQWAzH.exe
  2⤵
  PID:7548
- C:\Windows\System\taIFLDM.exe
  C:\Windows\System\taIFLDM.exe
  2⤵
  PID:7568
- C:\Windows\System\jvhvxmi.exe
  C:\Windows\System\jvhvxmi.exe
  2⤵
  PID:7588
- C:\Windows\System\EmToYQL.exe
  C:\Windows\System\EmToYQL.exe
  2⤵
  PID:7608
- C:\Windows\System\UTEZqJu.exe
  C:\Windows\System\UTEZqJu.exe
  2⤵
  PID:7628
- C:\Windows\System\DHikEgp.exe
  C:\Windows\System\DHikEgp.exe
  2⤵
  PID:7648
- C:\Windows\System\YewSJSw.exe
  C:\Windows\System\YewSJSw.exe
  2⤵
  PID:7668
- C:\Windows\System\fXiRVHP.exe
  C:\Windows\System\fXiRVHP.exe
  2⤵
  PID:7684
- C:\Windows\System\nGKofLy.exe
  C:\Windows\System\nGKofLy.exe
  2⤵
  PID:7704
- C:\Windows\System\Lsnexgq.exe
  C:\Windows\System\Lsnexgq.exe
  2⤵
  PID:7728
- C:\Windows\System\mGPOJOo.exe
  C:\Windows\System\mGPOJOo.exe
  2⤵
  PID:7744
- C:\Windows\System\gxIkdIW.exe
  C:\Windows\System\gxIkdIW.exe
  2⤵
  PID:7768
- C:\Windows\System\FgIUtAS.exe
  C:\Windows\System\FgIUtAS.exe
  2⤵
  PID:7788
- C:\Windows\System\fwBgIUX.exe
  C:\Windows\System\fwBgIUX.exe
  2⤵
  PID:7808
- C:\Windows\System\OdYpjsY.exe
  C:\Windows\System\OdYpjsY.exe
  2⤵
  PID:7828
- C:\Windows\System\FxFpAeW.exe
  C:\Windows\System\FxFpAeW.exe
  2⤵
  PID:7848
- C:\Windows\System\esozTUR.exe
  C:\Windows\System\esozTUR.exe
  2⤵
  PID:7868
- C:\Windows\System\jXDmLAE.exe
  C:\Windows\System\jXDmLAE.exe
  2⤵
  PID:7888
- C:\Windows\System\xYNqYmk.exe
  C:\Windows\System\xYNqYmk.exe
  2⤵
  PID:7908
- C:\Windows\System\oKFvUeH.exe
  C:\Windows\System\oKFvUeH.exe
  2⤵
  PID:7928
- C:\Windows\System\jbwYutE.exe
  C:\Windows\System\jbwYutE.exe
  2⤵
  PID:7944
- C:\Windows\System\LEeCjbl.exe
  C:\Windows\System\LEeCjbl.exe
  2⤵
  PID:7968
- C:\Windows\System\RnOLKvr.exe
  C:\Windows\System\RnOLKvr.exe
  2⤵
  PID:7988
- C:\Windows\System\tamUhdz.exe
  C:\Windows\System\tamUhdz.exe
  2⤵
  PID:8008
- C:\Windows\System\VoCTphf.exe
  C:\Windows\System\VoCTphf.exe
  2⤵
  PID:8028
- C:\Windows\System\dIhXhYY.exe
  C:\Windows\System\dIhXhYY.exe
  2⤵
  PID:8048
- C:\Windows\System\bcyiAKk.exe
  C:\Windows\System\bcyiAKk.exe
  2⤵
  PID:8068
- C:\Windows\System\ThDWOkE.exe
  C:\Windows\System\ThDWOkE.exe
  2⤵
  PID:8088
- C:\Windows\System\EPjNqJW.exe
  C:\Windows\System\EPjNqJW.exe
  2⤵
  PID:8108
- C:\Windows\System\YtTJLJo.exe
  C:\Windows\System\YtTJLJo.exe
  2⤵
  PID:8128
- C:\Windows\System\NyhKkWB.exe
  C:\Windows\System\NyhKkWB.exe
  2⤵
  PID:8148
- C:\Windows\System\lyJgPxR.exe
  C:\Windows\System\lyJgPxR.exe
  2⤵
  PID:8168
- C:\Windows\System\mMBZUYd.exe
  C:\Windows\System\mMBZUYd.exe
  2⤵
  PID:8184
- C:\Windows\System\rgNoQaO.exe
  C:\Windows\System\rgNoQaO.exe
  2⤵
  PID:7020
- C:\Windows\System\zJdcKJu.exe
  C:\Windows\System\zJdcKJu.exe
  2⤵
  PID:7156
- C:\Windows\System\EKeZUIP.exe
  C:\Windows\System\EKeZUIP.exe
  2⤵
  PID:5356
- C:\Windows\System\zsEomrF.exe
  C:\Windows\System\zsEomrF.exe
  2⤵
  PID:5460
- C:\Windows\System\eXNsxlS.exe
  C:\Windows\System\eXNsxlS.exe
  2⤵
  PID:6368
- C:\Windows\System\AiTrWZx.exe
  C:\Windows\System\AiTrWZx.exe
  2⤵
  PID:6356
- C:\Windows\System\OMBBvRx.exe
  C:\Windows\System\OMBBvRx.exe
  2⤵
  PID:6780
- C:\Windows\System\CcVurau.exe
  C:\Windows\System\CcVurau.exe
  2⤵
  PID:6572
- C:\Windows\System\wGsFxyK.exe
  C:\Windows\System\wGsFxyK.exe
  2⤵
  PID:6932
- C:\Windows\System\fZZyMRY.exe
  C:\Windows\System\fZZyMRY.exe
  2⤵
  PID:7192
- C:\Windows\System\vsbgOPR.exe
  C:\Windows\System\vsbgOPR.exe
  2⤵
  PID:7232
- C:\Windows\System\OKqLaBD.exe
  C:\Windows\System\OKqLaBD.exe
  2⤵
  PID:7212
- C:\Windows\System\IqyIphj.exe
  C:\Windows\System\IqyIphj.exe
  2⤵
  PID:7276
- C:\Windows\System\qVymDno.exe
  C:\Windows\System\qVymDno.exe
  2⤵
  PID:7320
- C:\Windows\System\QMVJvwz.exe
  C:\Windows\System\QMVJvwz.exe
  2⤵
  PID:7352
- C:\Windows\System\mWytBHT.exe
  C:\Windows\System\mWytBHT.exe
  2⤵
  PID:7400
- C:\Windows\System\lBakRAn.exe
  C:\Windows\System\lBakRAn.exe
  2⤵
  PID:7372
- C:\Windows\System\Rhcwepp.exe
  C:\Windows\System\Rhcwepp.exe
  2⤵
  PID:7432
- C:\Windows\System\tnVdSkz.exe
  C:\Windows\System\tnVdSkz.exe
  2⤵
  PID:7436
- C:\Windows\System\NdVJaYT.exe
  C:\Windows\System\NdVJaYT.exe
  2⤵
  PID:7508
- C:\Windows\System\BVwugWp.exe
  C:\Windows\System\BVwugWp.exe
  2⤵
  PID:7512
- C:\Windows\System\YUBJoQv.exe
  C:\Windows\System\YUBJoQv.exe
  2⤵
  PID:7564
- C:\Windows\System\zhiPDRl.exe
  C:\Windows\System\zhiPDRl.exe
  2⤵
  PID:7584
- C:\Windows\System\SPLqfhT.exe
  C:\Windows\System\SPLqfhT.exe
  2⤵
  PID:7636
- C:\Windows\System\matTPtJ.exe
  C:\Windows\System\matTPtJ.exe
  2⤵
  PID:7644
- C:\Windows\System\wFvtQiJ.exe
  C:\Windows\System\wFvtQiJ.exe
  2⤵
  PID:7712
- C:\Windows\System\yjPNdeD.exe
  C:\Windows\System\yjPNdeD.exe
  2⤵
  PID:7720
- C:\Windows\System\FnLvuYS.exe
  C:\Windows\System\FnLvuYS.exe
  2⤵
  PID:7696
- C:\Windows\System\biKqogp.exe
  C:\Windows\System\biKqogp.exe
  2⤵
  PID:7796
- C:\Windows\System\OLwyHSC.exe
  C:\Windows\System\OLwyHSC.exe
  2⤵
  PID:7800
- C:\Windows\System\XmQenwv.exe
  C:\Windows\System\XmQenwv.exe
  2⤵
  PID:7836
- C:\Windows\System\LKwChqV.exe
  C:\Windows\System\LKwChqV.exe
  2⤵
  PID:7880
- C:\Windows\System\OIfGEfj.exe
  C:\Windows\System\OIfGEfj.exe
  2⤵
  PID:7924
- C:\Windows\System\bxBOqHD.exe
  C:\Windows\System\bxBOqHD.exe
  2⤵
  PID:7956
- C:\Windows\System\cAFqPJe.exe
  C:\Windows\System\cAFqPJe.exe
  2⤵
  PID:7936
- C:\Windows\System\BZqQCkM.exe
  C:\Windows\System\BZqQCkM.exe
  2⤵
  PID:8004
- C:\Windows\System\pmnXNjH.exe
  C:\Windows\System\pmnXNjH.exe
  2⤵
  PID:8016
- C:\Windows\System\SHUdMar.exe
  C:\Windows\System\SHUdMar.exe
  2⤵
  PID:2304
- C:\Windows\System\BPEVcZd.exe
  C:\Windows\System\BPEVcZd.exe
  2⤵
  PID:8060
- C:\Windows\System\JNPWQgs.exe
  C:\Windows\System\JNPWQgs.exe
  2⤵
  PID:8124
- C:\Windows\System\elbGVPi.exe
  C:\Windows\System\elbGVPi.exe
  2⤵
  PID:8160
- C:\Windows\System\PiDrIBt.exe
  C:\Windows\System\PiDrIBt.exe
  2⤵
  PID:5584
- C:\Windows\System\tXSLuyb.exe
  C:\Windows\System\tXSLuyb.exe
  2⤵
  PID:7112
- C:\Windows\System\GtSZhva.exe
  C:\Windows\System\GtSZhva.exe
  2⤵
  PID:4184
- C:\Windows\System\KaYTqPj.exe
  C:\Windows\System\KaYTqPj.exe
  2⤵
  PID:2828
- C:\Windows\System\ualqaQf.exe
  C:\Windows\System\ualqaQf.exe
  2⤵
  PID:6660
- C:\Windows\System\UBkonQV.exe
  C:\Windows\System\UBkonQV.exe
  2⤵
  PID:6532
- C:\Windows\System\VoghSDc.exe
  C:\Windows\System\VoghSDc.exe
  2⤵
  PID:2676
- C:\Windows\System\WIXmTRT.exe
  C:\Windows\System\WIXmTRT.exe
  2⤵
  PID:7060
- C:\Windows\System\niosxYO.exe
  C:\Windows\System\niosxYO.exe
  2⤵
  PID:6712
- C:\Windows\System\kfEIFwd.exe
  C:\Windows\System\kfEIFwd.exe
  2⤵
  PID:7216
- C:\Windows\System\nxJnHdv.exe
  C:\Windows\System\nxJnHdv.exe
  2⤵
  PID:2476
- C:\Windows\System\CgcUbPz.exe
  C:\Windows\System\CgcUbPz.exe
  2⤵
  PID:7256
- C:\Windows\System\YVsqlJi.exe
  C:\Windows\System\YVsqlJi.exe
  2⤵
  PID:7312
- C:\Windows\System\VnzUaAv.exe
  C:\Windows\System\VnzUaAv.exe
  2⤵
  PID:7376
- C:\Windows\System\kzABUCz.exe
  C:\Windows\System\kzABUCz.exe
  2⤵
  PID:2332
- C:\Windows\System\eaxbiFh.exe
  C:\Windows\System\eaxbiFh.exe
  2⤵
  PID:7456
- C:\Windows\System\WYYaqmS.exe
  C:\Windows\System\WYYaqmS.exe
  2⤵
  PID:7520
- C:\Windows\System\vesItSb.exe
  C:\Windows\System\vesItSb.exe
  2⤵
  PID:7540
- C:\Windows\System\MmgbAZp.exe
  C:\Windows\System\MmgbAZp.exe
  2⤵
  PID:7596
- C:\Windows\System\NqYWCPM.exe
  C:\Windows\System\NqYWCPM.exe
  2⤵
  PID:7760
- C:\Windows\System\qMeZemU.exe
  C:\Windows\System\qMeZemU.exe
  2⤵
  PID:7692
- C:\Windows\System\KVDpmet.exe
  C:\Windows\System\KVDpmet.exe
  2⤵
  PID:7916
- C:\Windows\System\eRGXuIB.exe
  C:\Windows\System\eRGXuIB.exe
  2⤵
  PID:7876
- C:\Windows\System\eOhtuIs.exe
  C:\Windows\System\eOhtuIs.exe
  2⤵
  PID:2920
- C:\Windows\System\TidEjar.exe
  C:\Windows\System\TidEjar.exe
  2⤵
  PID:7900
- C:\Windows\System\yePXRwB.exe
  C:\Windows\System\yePXRwB.exe
  2⤵
  PID:7976
- C:\Windows\System\sRmQWuo.exe
  C:\Windows\System\sRmQWuo.exe
  2⤵
  PID:2284
- C:\Windows\System\gSaMTRG.exe
  C:\Windows\System\gSaMTRG.exe
  2⤵
  PID:1904
- C:\Windows\System\ezDkmGC.exe
  C:\Windows\System\ezDkmGC.exe
  2⤵
  PID:2640
- C:\Windows\System\fPyekrk.exe
  C:\Windows\System\fPyekrk.exe
  2⤵
  PID:8180
- C:\Windows\System\zUkNCej.exe
  C:\Windows\System\zUkNCej.exe
  2⤵
  PID:7116
- C:\Windows\System\iaUqoFu.exe
  C:\Windows\System\iaUqoFu.exe
  2⤵
  PID:1448
- C:\Windows\System\JqUysfA.exe
  C:\Windows\System\JqUysfA.exe
  2⤵
  PID:3028
- C:\Windows\System\sKmOYZs.exe
  C:\Windows\System\sKmOYZs.exe
  2⤵
  PID:6372
- C:\Windows\System\IAFEwCX.exe
  C:\Windows\System\IAFEwCX.exe
  2⤵
  PID:6772
- C:\Windows\System\oLcfbqe.exe
  C:\Windows\System\oLcfbqe.exe
  2⤵
  PID:2464
- C:\Windows\System\gcJuRnf.exe
  C:\Windows\System\gcJuRnf.exe
  2⤵
  PID:6892
- C:\Windows\System\YBifwYN.exe
  C:\Windows\System\YBifwYN.exe
  2⤵
  PID:2960
- C:\Windows\System\FiiFZjw.exe
  C:\Windows\System\FiiFZjw.exe
  2⤵
  PID:560
- C:\Windows\System\VPcDvSI.exe
  C:\Windows\System\VPcDvSI.exe
  2⤵
  PID:7412
- C:\Windows\System\TSWQASE.exe
  C:\Windows\System\TSWQASE.exe
  2⤵
  PID:7536
- C:\Windows\System\vKbyWsY.exe
  C:\Windows\System\vKbyWsY.exe
  2⤵
  PID:536
- C:\Windows\System\omdBPcH.exe
  C:\Windows\System\omdBPcH.exe
  2⤵
  PID:7476
- C:\Windows\System\QNTTSbl.exe
  C:\Windows\System\QNTTSbl.exe
  2⤵
  PID:2888
- C:\Windows\System\HuzXcqo.exe
  C:\Windows\System\HuzXcqo.exe
  2⤵
  PID:1816
- C:\Windows\System\yBycdjF.exe
  C:\Windows\System\yBycdjF.exe
  2⤵
  PID:1000
- C:\Windows\System\SbDQtxf.exe
  C:\Windows\System\SbDQtxf.exe
  2⤵
  PID:2192
- C:\Windows\System\OfYUrSr.exe
  C:\Windows\System\OfYUrSr.exe
  2⤵
  PID:888
- C:\Windows\System\kdfMIsZ.exe
  C:\Windows\System\kdfMIsZ.exe
  2⤵
  PID:7824
- C:\Windows\System\enUoRkw.exe
  C:\Windows\System\enUoRkw.exe
  2⤵
  PID:7840
- C:\Windows\System\ObOlqOw.exe
  C:\Windows\System\ObOlqOw.exe
  2⤵
  PID:2804
- C:\Windows\System\tMmXlEN.exe
  C:\Windows\System\tMmXlEN.exe
  2⤵
  PID:2664
- C:\Windows\System\ZagykWc.exe
  C:\Windows\System\ZagykWc.exe
  2⤵
  PID:2796
- C:\Windows\System\FmHvcTN.exe
  C:\Windows\System\FmHvcTN.exe
  2⤵
  PID:4844
- C:\Windows\System\kSqisku.exe
  C:\Windows\System\kSqisku.exe
  2⤵
  PID:8156
- C:\Windows\System\yzVlQnH.exe
  C:\Windows\System\yzVlQnH.exe
  2⤵
  PID:8000
- C:\Windows\System\KIYvWUW.exe
  C:\Windows\System\KIYvWUW.exe
  2⤵
  PID:7296
- C:\Windows\System\dldksVo.exe
  C:\Windows\System\dldksVo.exe
  2⤵
  PID:7420
- C:\Windows\System\loQKSTA.exe
  C:\Windows\System\loQKSTA.exe
  2⤵
  PID:2620
- C:\Windows\System\jNqaIMU.exe
  C:\Windows\System\jNqaIMU.exe
  2⤵
  PID:7740
- C:\Windows\System\LBlURkC.exe
  C:\Windows\System\LBlURkC.exe
  2⤵
  PID:928
- C:\Windows\System\thdLxGN.exe
  C:\Windows\System\thdLxGN.exe
  2⤵
  PID:7620
- C:\Windows\System\kXtCaDR.exe
  C:\Windows\System\kXtCaDR.exe
  2⤵
  PID:7884
- C:\Windows\System\zTLVIHT.exe
  C:\Windows\System\zTLVIHT.exe
  2⤵
  PID:2400
- C:\Windows\System\mLPSyZc.exe
  C:\Windows\System\mLPSyZc.exe
  2⤵
  PID:1588
- C:\Windows\System\bRCLBGY.exe
  C:\Windows\System\bRCLBGY.exe
  2⤵
  PID:8064
- C:\Windows\System\sUPRptM.exe
  C:\Windows\System\sUPRptM.exe
  2⤵
  PID:7176
- C:\Windows\System\AYdDjPB.exe
  C:\Windows\System\AYdDjPB.exe
  2⤵
  PID:7272
- C:\Windows\System\XbPPoem.exe
  C:\Windows\System\XbPPoem.exe
  2⤵
  PID:7488
- C:\Windows\System\KaTqOli.exe
  C:\Windows\System\KaTqOli.exe
  2⤵
  PID:2316
- C:\Windows\System\lslUWLr.exe
  C:\Windows\System\lslUWLr.exe
  2⤵
  PID:7332
- C:\Windows\System\KinIgsH.exe
  C:\Windows\System\KinIgsH.exe
  2⤵
  PID:7544
- C:\Windows\System\cuSVbVO.exe
  C:\Windows\System\cuSVbVO.exe
  2⤵
  PID:8116
- C:\Windows\System\oxMmYYh.exe
  C:\Windows\System\oxMmYYh.exe
  2⤵
  PID:600
- C:\Windows\System\llesQVU.exe
  C:\Windows\System\llesQVU.exe
  2⤵
  PID:8200
- C:\Windows\System\ZMsfRCf.exe
  C:\Windows\System\ZMsfRCf.exe
  2⤵
  PID:8216
- C:\Windows\System\ibaKqYs.exe
  C:\Windows\System\ibaKqYs.exe
  2⤵
  PID:8232
- C:\Windows\System\IKfSLSQ.exe
  C:\Windows\System\IKfSLSQ.exe
  2⤵
  PID:8248
- C:\Windows\System\yIrPpxr.exe
  C:\Windows\System\yIrPpxr.exe
  2⤵
  PID:8272
- C:\Windows\System\CFHGORz.exe
  C:\Windows\System\CFHGORz.exe
  2⤵
  PID:8292
- C:\Windows\System\ylGMNNc.exe
  C:\Windows\System\ylGMNNc.exe
  2⤵
  PID:8360
- C:\Windows\System\XeXSGNx.exe
  C:\Windows\System\XeXSGNx.exe
  2⤵
  PID:8388
- C:\Windows\System\uSVcyyZ.exe
  C:\Windows\System\uSVcyyZ.exe
  2⤵
  PID:8404
- C:\Windows\System\tSjmvRL.exe
  C:\Windows\System\tSjmvRL.exe
  2⤵
  PID:8424
- C:\Windows\System\CAFhCVW.exe
  C:\Windows\System\CAFhCVW.exe
  2⤵
  PID:8440
- C:\Windows\System\dWrqtPu.exe
  C:\Windows\System\dWrqtPu.exe
  2⤵
  PID:8456
- C:\Windows\System\nqBGSiT.exe
  C:\Windows\System\nqBGSiT.exe
  2⤵
  PID:8476
- C:\Windows\System\qSBoVCi.exe
  C:\Windows\System\qSBoVCi.exe
  2⤵
  PID:8492
- C:\Windows\System\MXsHkPi.exe
  C:\Windows\System\MXsHkPi.exe
  2⤵
  PID:8508
- C:\Windows\System\QVhNNCe.exe
  C:\Windows\System\QVhNNCe.exe
  2⤵
  PID:8528
- C:\Windows\System\TrXfyBY.exe
  C:\Windows\System\TrXfyBY.exe
  2⤵
  PID:8544
- C:\Windows\System\GtBqDDA.exe
  C:\Windows\System\GtBqDDA.exe
  2⤵
  PID:8560
- C:\Windows\System\fsNitVj.exe
  C:\Windows\System\fsNitVj.exe
  2⤵
  PID:8580
- C:\Windows\System\iIrWkEs.exe
  C:\Windows\System\iIrWkEs.exe
  2⤵
  PID:8596
- C:\Windows\System\sspEgnE.exe
  C:\Windows\System\sspEgnE.exe
  2⤵
  PID:8628
- C:\Windows\System\WIbicNz.exe
  C:\Windows\System\WIbicNz.exe
  2⤵
  PID:8656
- C:\Windows\System\lRRBBwR.exe
  C:\Windows\System\lRRBBwR.exe
  2⤵
  PID:8672
- C:\Windows\System\WfFkJim.exe
  C:\Windows\System\WfFkJim.exe
  2⤵
  PID:8692
- C:\Windows\System\nIHfOOr.exe
  C:\Windows\System\nIHfOOr.exe
  2⤵
  PID:8716
- C:\Windows\System\VfHDKto.exe
  C:\Windows\System\VfHDKto.exe
  2⤵
  PID:8748
- C:\Windows\System\vLNIqnF.exe
  C:\Windows\System\vLNIqnF.exe
  2⤵
  PID:8764
- C:\Windows\System\OAXIFOk.exe
  C:\Windows\System\OAXIFOk.exe
  2⤵
  PID:8780
- C:\Windows\System\RhImLgt.exe
  C:\Windows\System\RhImLgt.exe
  2⤵
  PID:8836
- C:\Windows\System\DqRJaED.exe
  C:\Windows\System\DqRJaED.exe
  2⤵
  PID:8852
- C:\Windows\System\PBniKws.exe
  C:\Windows\System\PBniKws.exe
  2⤵
  PID:8868
- C:\Windows\System\xVZzwHs.exe
  C:\Windows\System\xVZzwHs.exe
  2⤵
  PID:8884
- C:\Windows\System\OdBEjQA.exe
  C:\Windows\System\OdBEjQA.exe
  2⤵
  PID:8900
- C:\Windows\System\ApvUdCb.exe
  C:\Windows\System\ApvUdCb.exe
  2⤵
  PID:8916
- C:\Windows\System\qYdFyzk.exe
  C:\Windows\System\qYdFyzk.exe
  2⤵
  PID:8932
- C:\Windows\System\nydXOBr.exe
  C:\Windows\System\nydXOBr.exe
  2⤵
  PID:8952
- C:\Windows\System\rHsGRTi.exe
  C:\Windows\System\rHsGRTi.exe
  2⤵
  PID:8968
- C:\Windows\System\ZYGkLOC.exe
  C:\Windows\System\ZYGkLOC.exe
  2⤵
  PID:8984
- C:\Windows\System\lXyhsxS.exe
  C:\Windows\System\lXyhsxS.exe
  2⤵
  PID:9000
- C:\Windows\System\PfblLco.exe
  C:\Windows\System\PfblLco.exe
  2⤵
  PID:9016
- C:\Windows\System\CrQJCkC.exe
  C:\Windows\System\CrQJCkC.exe
  2⤵
  PID:9036
- C:\Windows\System\cOoMteM.exe
  C:\Windows\System\cOoMteM.exe
  2⤵
  PID:9052
- C:\Windows\System\rlZPjfh.exe
  C:\Windows\System\rlZPjfh.exe
  2⤵
  PID:9068
- C:\Windows\System\ZYFmtlV.exe
  C:\Windows\System\ZYFmtlV.exe
  2⤵
  PID:9084
- C:\Windows\System\UDWPJiu.exe
  C:\Windows\System\UDWPJiu.exe
  2⤵
  PID:9100
- C:\Windows\System\vUOMxvM.exe
  C:\Windows\System\vUOMxvM.exe
  2⤵
  PID:9116
- C:\Windows\System\WlfzzUF.exe
  C:\Windows\System\WlfzzUF.exe
  2⤵
  PID:9132
- C:\Windows\System\xuWTyBV.exe
  C:\Windows\System\xuWTyBV.exe
  2⤵
  PID:9148
- C:\Windows\System\imZKyaw.exe
  C:\Windows\System\imZKyaw.exe
  2⤵
  PID:9164
- C:\Windows\System\mkNBhiU.exe
  C:\Windows\System\mkNBhiU.exe
  2⤵
  PID:9184
- C:\Windows\System\BpDRtcI.exe
  C:\Windows\System\BpDRtcI.exe
  2⤵
  PID:9200
- C:\Windows\System\rVdwhjy.exe
  C:\Windows\System\rVdwhjy.exe
  2⤵
  PID:7160
- C:\Windows\System\vJZqjPV.exe
  C:\Windows\System\vJZqjPV.exe
  2⤵
  PID:7172
- C:\Windows\System\usWyHyh.exe
  C:\Windows\System\usWyHyh.exe
  2⤵
  PID:8316
- C:\Windows\System\HamwhIP.exe
  C:\Windows\System\HamwhIP.exe
  2⤵
  PID:7336
- C:\Windows\System\YCmkDrH.exe
  C:\Windows\System\YCmkDrH.exe
  2⤵
  PID:8368
- C:\Windows\System\BwTgpbb.exe
  C:\Windows\System\BwTgpbb.exe
  2⤵
  PID:8420
- C:\Windows\System\OGKfZlj.exe
  C:\Windows\System\OGKfZlj.exe
  2⤵
  PID:8552
- C:\Windows\System\jodkoWE.exe
  C:\Windows\System\jodkoWE.exe
  2⤵
  PID:8484
- C:\Windows\System\ZtVClJw.exe
  C:\Windows\System\ZtVClJw.exe
  2⤵
  PID:8500
- C:\Windows\System\lnQTFdx.exe
  C:\Windows\System\lnQTFdx.exe
  2⤵
  PID:8464
- C:\Windows\System\iPSVxAQ.exe
  C:\Windows\System\iPSVxAQ.exe
  2⤵
  PID:8568
- C:\Windows\System\PLrJpXP.exe
  C:\Windows\System\PLrJpXP.exe
  2⤵
  PID:8592
- C:\Windows\System\ZxdwSxl.exe
  C:\Windows\System\ZxdwSxl.exe
  2⤵
  PID:8700
- C:\Windows\System\ivlEtZK.exe
  C:\Windows\System\ivlEtZK.exe
  2⤵
  PID:8732
- C:\Windows\System\EIMnelz.exe
  C:\Windows\System\EIMnelz.exe
  2⤵
  PID:8740
- C:\Windows\System\lNtDFBu.exe
  C:\Windows\System\lNtDFBu.exe
  2⤵
  PID:8788
- C:\Windows\System\oGmHEcO.exe
  C:\Windows\System\oGmHEcO.exe
  2⤵
  PID:8468
- C:\Windows\System\ROCiYOy.exe
  C:\Windows\System\ROCiYOy.exe
  2⤵
  PID:8816
- C:\Windows\System\nZlfmNr.exe
  C:\Windows\System\nZlfmNr.exe
  2⤵
  PID:8688
- C:\Windows\System\dvuJPgg.exe
  C:\Windows\System\dvuJPgg.exe
  2⤵
  PID:8860
- C:\Windows\System\cuaRlGP.exe
  C:\Windows\System\cuaRlGP.exe
  2⤵
  PID:8928
- C:\Windows\System\GDYDFtq.exe
  C:\Windows\System\GDYDFtq.exe
  2⤵
  PID:8940
- C:\Windows\System\CCzAyKS.exe
  C:\Windows\System\CCzAyKS.exe
  2⤵
  PID:9008
- C:\Windows\System\bVEeRRu.exe
  C:\Windows\System\bVEeRRu.exe
  2⤵
  PID:8880
- C:\Windows\System\GtzQsjQ.exe
  C:\Windows\System\GtzQsjQ.exe
  2⤵
  PID:9060
- C:\Windows\System\wixWRhh.exe
  C:\Windows\System\wixWRhh.exe
  2⤵
  PID:9128
- C:\Windows\System\NgIFYLi.exe
  C:\Windows\System\NgIFYLi.exe
  2⤵
  PID:9160
- C:\Windows\System\IPRcETq.exe
  C:\Windows\System\IPRcETq.exe
  2⤵
  PID:9172
- C:\Windows\System\Gssdfaf.exe
  C:\Windows\System\Gssdfaf.exe
  2⤵
  PID:2532
- C:\Windows\System\EzYUyDJ.exe
  C:\Windows\System\EzYUyDJ.exe
  2⤵
  PID:7952
- C:\Windows\System\VDNfxei.exe
  C:\Windows\System\VDNfxei.exe
  2⤵
  PID:8288
- C:\Windows\System\RVvkWVC.exe
  C:\Windows\System\RVvkWVC.exe
  2⤵
  PID:8196
- C:\Windows\System\XjvssMy.exe
  C:\Windows\System\XjvssMy.exe
  2⤵
  PID:8308
- C:\Windows\System\NcvZMmb.exe
  C:\Windows\System\NcvZMmb.exe
  2⤵
  PID:8332
- C:\Windows\System\ovSJTQy.exe
  C:\Windows\System\ovSJTQy.exe
  2⤵
  PID:9024
- C:\Windows\System\jhRapdG.exe
  C:\Windows\System\jhRapdG.exe
  2⤵
  PID:8400
- C:\Windows\System\HwKHHAP.exe
  C:\Windows\System\HwKHHAP.exe
  2⤵
  PID:8472
- C:\Windows\System\RxNBRNF.exe
  C:\Windows\System\RxNBRNF.exe
  2⤵
  PID:8556
- C:\Windows\System\ZfXsYyx.exe
  C:\Windows\System\ZfXsYyx.exe
  2⤵
  PID:8644
- C:\Windows\System\RRvFppL.exe
  C:\Windows\System\RRvFppL.exe
  2⤵
  PID:8712
- C:\Windows\System\zYWLSdc.exe
  C:\Windows\System\zYWLSdc.exe
  2⤵
  PID:8728
- C:\Windows\System\tJPbKjh.exe
  C:\Windows\System\tJPbKjh.exe
  2⤵
  PID:8776
- C:\Windows\System\HrCNktr.exe
  C:\Windows\System\HrCNktr.exe
  2⤵
  PID:8848
- C:\Windows\System\FBkLAxh.exe
  C:\Windows\System\FBkLAxh.exe
  2⤵
  PID:8828
- C:\Windows\System\HQlaRHw.exe
  C:\Windows\System\HQlaRHw.exe
  2⤵
  PID:8996
- C:\Windows\System\pCxdkTm.exe
  C:\Windows\System\pCxdkTm.exe
  2⤵
  PID:8944
- C:\Windows\System\vZYGzXc.exe
  C:\Windows\System\vZYGzXc.exe
  2⤵
  PID:9156
- C:\Windows\System\daFEfIf.exe
  C:\Windows\System\daFEfIf.exe
  2⤵
  PID:9140
- C:\Windows\System\TVoRviJ.exe
  C:\Windows\System\TVoRviJ.exe
  2⤵
  PID:8992
- C:\Windows\System\ICimbul.exe
  C:\Windows\System\ICimbul.exe
  2⤵
  PID:8040
- C:\Windows\System\hkXCwqS.exe
  C:\Windows\System\hkXCwqS.exe
  2⤵
  PID:8224
- C:\Windows\System\FOUdRiU.exe
  C:\Windows\System\FOUdRiU.exe
  2⤵
  PID:8300
- C:\Windows\System\TzzyfqL.exe
  C:\Windows\System\TzzyfqL.exe
  2⤵
  PID:8312
- C:\Windows\System\zqNoOyu.exe
  C:\Windows\System\zqNoOyu.exe
  2⤵
  PID:8520
- C:\Windows\System\OouuMRm.exe
  C:\Windows\System\OouuMRm.exe
  2⤵
  PID:8604
- C:\Windows\System\OTSskSZ.exe
  C:\Windows\System\OTSskSZ.exe
  2⤵
  PID:8668
- C:\Windows\System\HQeAKwO.exe
  C:\Windows\System\HQeAKwO.exe
  2⤵
  PID:8772
- C:\Windows\System\xDWhRHp.exe
  C:\Windows\System\xDWhRHp.exe
  2⤵
  PID:8804
- C:\Windows\System\zmSQyqD.exe
  C:\Windows\System\zmSQyqD.exe
  2⤵
  PID:8576
- C:\Windows\System\VzQRQwi.exe
  C:\Windows\System\VzQRQwi.exe
  2⤵
  PID:7960
- C:\Windows\System\tyIzvoJ.exe
  C:\Windows\System\tyIzvoJ.exe
  2⤵
  PID:9108
- C:\Windows\System\uAMluEy.exe
  C:\Windows\System\uAMluEy.exe
  2⤵
  PID:9064
- C:\Windows\System\UaNJUOL.exe
  C:\Windows\System\UaNJUOL.exe
  2⤵
  PID:8328
- C:\Windows\System\XmGdTdJ.exe
  C:\Windows\System\XmGdTdJ.exe
  2⤵
  PID:8240
- C:\Windows\System\bKcIpAs.exe
  C:\Windows\System\bKcIpAs.exe
  2⤵
  PID:8344
- C:\Windows\System\OmlKGxY.exe
  C:\Windows\System\OmlKGxY.exe
  2⤵
  PID:8736
- C:\Windows\System\XZLuDNs.exe
  C:\Windows\System\XZLuDNs.exe
  2⤵
  PID:8960
- C:\Windows\System\aDgtrXz.exe
  C:\Windows\System\aDgtrXz.exe
  2⤵
  PID:8680
- C:\Windows\System\KLHhuaO.exe
  C:\Windows\System\KLHhuaO.exe
  2⤵
  PID:9032
- C:\Windows\System\EqiilBv.exe
  C:\Windows\System\EqiilBv.exe
  2⤵
  PID:8284
- C:\Windows\System\dcJAuVI.exe
  C:\Windows\System\dcJAuVI.exe
  2⤵
  PID:9176
- C:\Windows\System\MoubNrN.exe
  C:\Windows\System\MoubNrN.exe
  2⤵
  PID:8896
- C:\Windows\System\nymhApf.exe
  C:\Windows\System\nymhApf.exe
  2⤵
  PID:9080
- C:\Windows\System\ESrzuVO.exe
  C:\Windows\System\ESrzuVO.exe
  2⤵
  PID:9012
- C:\Windows\System\nIIYlXn.exe
  C:\Windows\System\nIIYlXn.exe
  2⤵
  PID:8448
- C:\Windows\System\hujvCDM.exe
  C:\Windows\System\hujvCDM.exe
  2⤵
  PID:8616
- C:\Windows\System\NuAGNUQ.exe
  C:\Windows\System\NuAGNUQ.exe
  2⤵
  PID:8228
- C:\Windows\System\MGEbmol.exe
  C:\Windows\System\MGEbmol.exe
  2⤵
  PID:9208
- C:\Windows\System\AvKnYPK.exe
  C:\Windows\System\AvKnYPK.exe
  2⤵
  PID:8648
- C:\Windows\System\AuGcCsn.exe
  C:\Windows\System\AuGcCsn.exe
  2⤵
  PID:8664
- C:\Windows\System\PwEuSdB.exe
  C:\Windows\System\PwEuSdB.exe
  2⤵
  PID:9232
- C:\Windows\System\tDfGmoz.exe
  C:\Windows\System\tDfGmoz.exe
  2⤵
  PID:9256
- C:\Windows\System\bYNqLxn.exe
  C:\Windows\System\bYNqLxn.exe
  2⤵
  PID:9272
- C:\Windows\System\ZTGwKbs.exe
  C:\Windows\System\ZTGwKbs.exe
  2⤵
  PID:9288
- C:\Windows\System\VKzhuwb.exe
  C:\Windows\System\VKzhuwb.exe
  2⤵
  PID:9316
- C:\Windows\System\hbHZLNF.exe
  C:\Windows\System\hbHZLNF.exe
  2⤵
  PID:9332
- C:\Windows\System\OFoKjoX.exe
  C:\Windows\System\OFoKjoX.exe
  2⤵
  PID:9352
- C:\Windows\System\UNsMZyS.exe
  C:\Windows\System\UNsMZyS.exe
  2⤵
  PID:9368
- C:\Windows\System\hxVGzXX.exe
  C:\Windows\System\hxVGzXX.exe
  2⤵
  PID:9384
- C:\Windows\System\RetaJaW.exe
  C:\Windows\System\RetaJaW.exe
  2⤵
  PID:9408
- C:\Windows\System\NDdJqoD.exe
  C:\Windows\System\NDdJqoD.exe
  2⤵
  PID:9424
- C:\Windows\System\msqcVnL.exe
  C:\Windows\System\msqcVnL.exe
  2⤵
  PID:9440
- C:\Windows\System\NapIzLb.exe
  C:\Windows\System\NapIzLb.exe
  2⤵
  PID:9460
- C:\Windows\System\WVTcqdP.exe
  C:\Windows\System\WVTcqdP.exe
  2⤵
  PID:9488
- C:\Windows\System\TNemxre.exe
  C:\Windows\System\TNemxre.exe
  2⤵
  PID:9512
- C:\Windows\System\fdXkBzp.exe
  C:\Windows\System\fdXkBzp.exe
  2⤵
  PID:9528
- C:\Windows\System\CDhxUtw.exe
  C:\Windows\System\CDhxUtw.exe
  2⤵
  PID:9548
- C:\Windows\System\iDneqre.exe
  C:\Windows\System\iDneqre.exe
  2⤵
  PID:9564
- C:\Windows\System\QPvCzam.exe
  C:\Windows\System\QPvCzam.exe
  2⤵
  PID:9580
- C:\Windows\System\ECBKatl.exe
  C:\Windows\System\ECBKatl.exe
  2⤵
  PID:9600
- C:\Windows\System\VtYnQMw.exe
  C:\Windows\System\VtYnQMw.exe
  2⤵
  PID:9616
- C:\Windows\System\dbeeDZv.exe
  C:\Windows\System\dbeeDZv.exe
  2⤵
  PID:9632
- C:\Windows\System\qmtVbAi.exe
  C:\Windows\System\qmtVbAi.exe
  2⤵
  PID:9648
- C:\Windows\System\UPiESNE.exe
  C:\Windows\System\UPiESNE.exe
  2⤵
  PID:9664
- C:\Windows\System\lpARnre.exe
  C:\Windows\System\lpARnre.exe
  2⤵
  PID:9680
- C:\Windows\System\AHjqgYz.exe
  C:\Windows\System\AHjqgYz.exe
  2⤵
  PID:9700
- C:\Windows\System\tWFMrxI.exe
  C:\Windows\System\tWFMrxI.exe
  2⤵
  PID:9720
- C:\Windows\System\qeAGlSg.exe
  C:\Windows\System\qeAGlSg.exe
  2⤵
  PID:9736
- C:\Windows\System\GGidDhK.exe
  C:\Windows\System\GGidDhK.exe
  2⤵
  PID:9752
- C:\Windows\System\iMfFyWq.exe
  C:\Windows\System\iMfFyWq.exe
  2⤵
  PID:9776
- C:\Windows\System\LsCdvFZ.exe
  C:\Windows\System\LsCdvFZ.exe
  2⤵
  PID:9792
- C:\Windows\System\gzOzxsO.exe
  C:\Windows\System\gzOzxsO.exe
  2⤵
  PID:9848
- C:\Windows\System\MSNaEwJ.exe
  C:\Windows\System\MSNaEwJ.exe
  2⤵
  PID:9864
- C:\Windows\System\qRaicjG.exe
  C:\Windows\System\qRaicjG.exe
  2⤵
  PID:9880
- C:\Windows\System\QBDbMhf.exe
  C:\Windows\System\QBDbMhf.exe
  2⤵
  PID:9900
- C:\Windows\System\rXVEOyE.exe
  C:\Windows\System\rXVEOyE.exe
  2⤵
  PID:9916
- C:\Windows\System\QbJkdhh.exe
  C:\Windows\System\QbJkdhh.exe
  2⤵
  PID:9932
- C:\Windows\System\Deiprbn.exe
  C:\Windows\System\Deiprbn.exe
  2⤵
  PID:9948
- C:\Windows\System\lVOEkiP.exe
  C:\Windows\System\lVOEkiP.exe
  2⤵
  PID:9964
- C:\Windows\System\BpRdfKp.exe
  C:\Windows\System\BpRdfKp.exe
  2⤵
  PID:9980
- C:\Windows\System\TBGdXWH.exe
  C:\Windows\System\TBGdXWH.exe
  2⤵
  PID:10028
- C:\Windows\System\inHPaNw.exe
  C:\Windows\System\inHPaNw.exe
  2⤵
  PID:10052
- C:\Windows\System\pyVQOUG.exe
  C:\Windows\System\pyVQOUG.exe
  2⤵
  PID:10072
- C:\Windows\System\arkzhgb.exe
  C:\Windows\System\arkzhgb.exe
  2⤵
  PID:10092
- C:\Windows\System\uuXDTYU.exe
  C:\Windows\System\uuXDTYU.exe
  2⤵
  PID:10108
- C:\Windows\System\glLOKKN.exe
  C:\Windows\System\glLOKKN.exe
  2⤵
  PID:10124
- C:\Windows\System\WUDqlQZ.exe
  C:\Windows\System\WUDqlQZ.exe
  2⤵
  PID:10140
- C:\Windows\System\JGGnjfR.exe
  C:\Windows\System\JGGnjfR.exe
  2⤵
  PID:10156
- C:\Windows\System\JuzyCQD.exe
  C:\Windows\System\JuzyCQD.exe
  2⤵
  PID:10180
- C:\Windows\System\VDrDHcC.exe
  C:\Windows\System\VDrDHcC.exe
  2⤵
  PID:10216
- C:\Windows\System\KBIdPrI.exe
  C:\Windows\System\KBIdPrI.exe
  2⤵
  PID:10236
- C:\Windows\System\UOpEaVF.exe
  C:\Windows\System\UOpEaVF.exe
  2⤵
  PID:9224
- C:\Windows\System\kfSHQqg.exe
  C:\Windows\System\kfSHQqg.exe
  2⤵
  PID:9252
- C:\Windows\System\dlcCCuM.exe
  C:\Windows\System\dlcCCuM.exe
  2⤵
  PID:9296
- C:\Windows\System\AtZuFaM.exe
  C:\Windows\System\AtZuFaM.exe
  2⤵
  PID:9312
- C:\Windows\System\pMLBRNy.exe
  C:\Windows\System\pMLBRNy.exe
  2⤵
  PID:9344
- C:\Windows\System\yBiSPtX.exe
  C:\Windows\System\yBiSPtX.exe
  2⤵
  PID:9416
- C:\Windows\System\oxMjpuX.exe
  C:\Windows\System\oxMjpuX.exe
  2⤵
  PID:9392
- C:\Windows\System\ugtXKVP.exe
  C:\Windows\System\ugtXKVP.exe
  2⤵
  PID:9484
- C:\Windows\System\AGqAkAD.exe
  C:\Windows\System\AGqAkAD.exe
  2⤵
  PID:9420
- C:\Windows\System\yqTVPZG.exe
  C:\Windows\System\yqTVPZG.exe
  2⤵
  PID:9520
- C:\Windows\System\ELqUTjh.exe
  C:\Windows\System\ELqUTjh.exe
  2⤵
  PID:9536
- C:\Windows\System\jWVkVus.exe
  C:\Windows\System\jWVkVus.exe
  2⤵
  PID:9608
- C:\Windows\System\wHnBmkT.exe
  C:\Windows\System\wHnBmkT.exe
  2⤵
  PID:9596
- C:\Windows\System\nDpUHWy.exe
  C:\Windows\System\nDpUHWy.exe
  2⤵
  PID:9748
- C:\Windows\System\QEtudIw.exe
  C:\Windows\System\QEtudIw.exe
  2⤵
  PID:9676
- C:\Windows\System\pMlUUQI.exe
  C:\Windows\System\pMlUUQI.exe
  2⤵
  PID:9772
- C:\Windows\System\otdaApa.exe
  C:\Windows\System\otdaApa.exe
  2⤵
  PID:9820
- C:\Windows\System\lhlJlQX.exe
  C:\Windows\System\lhlJlQX.exe
  2⤵
  PID:9788
- C:\Windows\System\JjNaNYQ.exe
  C:\Windows\System\JjNaNYQ.exe
  2⤵
  PID:9944
- C:\Windows\System\fEjtqXg.exe
  C:\Windows\System\fEjtqXg.exe
  2⤵
  PID:9972
- C:\Windows\System\FIOaTpR.exe
  C:\Windows\System\FIOaTpR.exe
  2⤵
  PID:9956
- C:\Windows\System\GHPqHHn.exe
  C:\Windows\System\GHPqHHn.exe
  2⤵
  PID:10000
- C:\Windows\System\CJXKIlm.exe
  C:\Windows\System\CJXKIlm.exe
  2⤵
  PID:9888
- C:\Windows\System\QkGgtYV.exe
  C:\Windows\System\QkGgtYV.exe
  2⤵
  PID:10004
- C:\Windows\System\WbqaWaN.exe
  C:\Windows\System\WbqaWaN.exe
  2⤵
  PID:10100
- C:\Windows\System\LgjJdGi.exe
  C:\Windows\System\LgjJdGi.exe
  2⤵
  PID:10164
- C:\Windows\System\AoynGfL.exe
  C:\Windows\System\AoynGfL.exe
  2⤵
  PID:9124
- C:\Windows\System\iLUxfKa.exe
  C:\Windows\System\iLUxfKa.exe
  2⤵
  PID:10212
- C:\Windows\System\Otorumu.exe
  C:\Windows\System\Otorumu.exe
  2⤵
  PID:10232
- C:\Windows\System\HhbhhtA.exe
  C:\Windows\System\HhbhhtA.exe
  2⤵
  PID:10048
- C:\Windows\System\LSTvuRs.exe
  C:\Windows\System\LSTvuRs.exe
  2⤵
  PID:9396
- C:\Windows\System\SewiOgb.exe
  C:\Windows\System\SewiOgb.exe
  2⤵
  PID:10120
- C:\Windows\System\qKzhbFN.exe
  C:\Windows\System\qKzhbFN.exe
  2⤵
  PID:10152
- C:\Windows\System\fVXTOJf.exe
  C:\Windows\System\fVXTOJf.exe
  2⤵
  PID:9220
- C:\Windows\System\bHFNyMj.exe
  C:\Windows\System\bHFNyMj.exe
  2⤵
  PID:9628
- C:\Windows\System\fhrnhkB.exe
  C:\Windows\System\fhrnhkB.exe
  2⤵
  PID:9696
- C:\Windows\System\DlpbdPM.exe
  C:\Windows\System\DlpbdPM.exe
  2⤵
  PID:9284
- C:\Windows\System\exeSoYs.exe
  C:\Windows\System\exeSoYs.exe
  2⤵
  PID:9496
- C:\Windows\System\oOtYsWx.exe
  C:\Windows\System\oOtYsWx.exe
  2⤵
  PID:9340
- C:\Windows\System\iqYZOmS.exe
  C:\Windows\System\iqYZOmS.exe
  2⤵
  PID:9656
- C:\Windows\System\AZWQIeL.exe
  C:\Windows\System\AZWQIeL.exe
  2⤵
  PID:9808
- C:\Windows\System\cUEoYkQ.exe
  C:\Windows\System\cUEoYkQ.exe
  2⤵
  PID:9784
- C:\Windows\System\GnIbzla.exe
  C:\Windows\System\GnIbzla.exe
  2⤵
  PID:9908
- C:\Windows\System\amuUwRc.exe
  C:\Windows\System\amuUwRc.exe
  2⤵
  PID:9928
- C:\Windows\System\bsIfRdb.exe
  C:\Windows\System\bsIfRdb.exe
  2⤵
  PID:10172
- C:\Windows\System\EAmlasq.exe
  C:\Windows\System\EAmlasq.exe
  2⤵
  PID:9896
- C:\Windows\System\rAeifSC.exe
  C:\Windows\System\rAeifSC.exe
  2⤵
  PID:10200
- C:\Windows\System\lciXNxN.exe
  C:\Windows\System\lciXNxN.exe
  2⤵
  PID:9660
- C:\Windows\System\eauZaWg.exe
  C:\Windows\System\eauZaWg.exe
  2⤵
  PID:10204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BUwJcWN.exe

Filesize
6.0MB

MD5
a8d3299bb2839f67f0dcf00128a891de

SHA1
da35d167d82ec0b92fee1b2569f347f318f6829b

SHA256
c91e8b8454ed5109dda3d1dc862e41ac71482af7972c1149394c4b8943af0c9e

SHA512
c0cab37ae5109ea5daf6c8ef96922b7b1d7e07ede649e81cee5d364b2419e98759613413d1e38b8a355ecd4f50d0fa153d45575bf64e299742dd2911f8dfc151

Download Submit
C:\Windows\system\DztveLg.exe

Filesize
6.0MB

MD5
9783f666807995b966f47beef54e2b93

SHA1
990e90bb89d3af72158a0143bbdda640c9132204

SHA256
a054a7108c89b2a054defaba60c2297ef76263ee65126dea8c51a9f0fbc48add

SHA512
8aa4d436037fd5e35e33a98242d534f0251f80e64b2b94d997004582a5b8115a020c66bf7699fd5567685d17d4d33e741e9782f72620336c11d54a4b4d0ee9e2

Download Submit
C:\Windows\system\FJyxLCh.exe

Filesize
6.0MB

MD5
80677ca9b3350d2f36ef4e6e7152d0f2

SHA1
11084e69c381c2812d39eb6764db42e7c8883f76

SHA256
d5001216bab5af4cc5e00c7de8ccbb46ae00740f768953bd304de2f286bf2637

SHA512
51e7dba2dc752cb2080651661ca8687a077528cc96118ba1d049b7ca789ccfcd81c41103bfbacefe55d9154831d1aa1cb74707a70b0ff9a201224b96dd3efd55

Download Submit
C:\Windows\system\FcaMQSR.exe

Filesize
6.0MB

MD5
b38128e211406bde3dbe2408ee7823eb

SHA1
318d09a18e873ca37027fef4287d8d514190ebd5

SHA256
6d28c0b789829956ef841ac1181b8850fb14459ff66658e610dd99aa4fc6c4cc

SHA512
7a45527ceec2e3295a2699d8034486bbc8cff76f38501d242344e901d576618c4c86b13fae7d0f3f57766ca3134c0756bd1bb7ace4589a21847510ec38ade8ac

Download Submit
C:\Windows\system\GOaEgEg.exe

Filesize
6.0MB

MD5
8c24a85ced56f8be41dad2e8a6557116

SHA1
f79aaeee8aa4fc5f326246301b284dbf3e677292

SHA256
913559cdb6da12e7a4b70a69c7d7c36599fe50748612dd097fd38e8c28424fe1

SHA512
d96d0f4b30d7bbed83c282c3dbbea0bcca9d45853d026c22b186350f9a4dbed5a18724ce2109ae53aa804b513219a3395c2092c8029b84c2406fc007049e19a4

Download Submit
C:\Windows\system\KfloBVr.exe

Filesize
6.0MB

MD5
3cecb24d17e5147ba384550dbbdbf706

SHA1
257a0d9f0fa8def04e0745ada66577b8410c8461

SHA256
2d1c931574895d0c3d0a5e60fc6a4ba487b2c1b4b9ab10a89d2747607df0cd4a

SHA512
2a6db89f429d99c830b86ce7a92d8b9d1e16775feee6413d48a0d16987c93ce4bf2f2c539b0957dd44dd79156bb3d71db4b2363a57f1fff938d9bc9b938077bb

Download Submit
C:\Windows\system\LrxKtnO.exe

Filesize
6.0MB

MD5
1f83923e7809f5a75c96848f888c9887

SHA1
310f0fd108248034f4e6c33b13a37e78944ec0c3

SHA256
6de9cd00bf1cd97053dd6f93d5c5fd3f5a12aa5c0b00f2673f7274121f9ea3d5

SHA512
969572e4c61cac870b3eef48a1fe79353dd9399d7b50bbcbf2351cd8076303c35a680d8dbf2d762f760cb3663df3044c6cc707c51fc0e3eee10c877891debeb9

Download Submit
C:\Windows\system\NQjEKPi.exe

Filesize
6.0MB

MD5
4f2a90321a2cb537240e1e1a299a26bf

SHA1
2c8eb2313514b7b5d18a84899c453eb20bbd137e

SHA256
d0cb83c5fe9e3bb12326888506c2ff8c822dc6066bb17c73e67bde59116d5a9c

SHA512
253671dc9ecfc74b8a021192dfe6e85ff4012d1118813f8828e4535b0f15abeb1398730ec093391b899ff0df0ebdc1574eccd4308f7831da3bb5a6441f8b4b47

Download Submit
C:\Windows\system\NYxyjha.exe

Filesize
6.0MB

MD5
c731241a61a116467e23b5aa8575ae20

SHA1
44fdba6ae52ff5fd4af61a0919fafe7d4d84ae45

SHA256
cb8e794092cef1f8d609217dff3e572241534721490af570052824066dcaa7a0

SHA512
68e606a3baf7a8bce76ed6a32f89c59ed223799c7125e432eced6aec92c2f2f9a372a70c83183ffd5d45011e04783539eebd0319bfd25ccc469487fea878b993

Download Submit
C:\Windows\system\QIyZQwx.exe

Filesize
6.0MB

MD5
010e234b5a6eb95f746f68096edaf082

SHA1
0d6fc8c4a21694bcec4ce4591bd5552fd0024ee6

SHA256
30a4c9acd4e4a00eaefa58d30fdfadf615cb236f6c5390eeb22bbaa2751ff76e

SHA512
cd526d6ed357595f750333fa1f670bffa5ca171f3a952963133899b0e6bb93fc50298dadd2a74550aca174cc7a13cd03f155a88024bb39ee6cc5d3fcc533b8fb

Download Submit
C:\Windows\system\QOrOmnC.exe

Filesize
6.0MB

MD5
c461b7504bc1783eaf7c35267ae49d09

SHA1
8046b4efac91c347f01fe19a1cb3a8d3488d9ec3

SHA256
343cb5dbb84a66386975fa1299839aff0fdc55f8404156a0d86f61e77732bfa2

SHA512
9d7f2d26725f3ceddcf43f3414329f670ac8c9fa43e0ab6270c866617e9763ce6e6cc3a4e0993c54bfc70e91598e46c75d1ee9039d4e04c8e492134f4075bdff

Download Submit
C:\Windows\system\RAEcFVU.exe

Filesize
6.0MB

MD5
9958699dbf4a84227e971c1f0dbd818d

SHA1
fafa485ba11ce84a3b9e3457447d28afb520b224

SHA256
d02a322927ddf24934cb2d59fabd818a9bbf502f584c32f46d4414d3d5f8a698

SHA512
18c1ef3ca4762d47a409c20df9bd0e6f531fafa4c459b8076c1b96782a623d85dbb8de22dc31bd61cec528b27c2539b162419df91709ce4141431f9cbfdc1e1d

Download Submit
C:\Windows\system\SWAOzEC.exe

Filesize
6.0MB

MD5
32c8744e1bdef5e3c56a32bdff384400

SHA1
0a6043b4e432964eb6995cd875ee0906b86bf1e2

SHA256
e902441c26f13fa8a1c9230bfeca5945e5d7e598ba6211b48ede621bc71a53ec

SHA512
21991b6a1f798dc20928c4a2dfd3a8ec527569cfdc58bf1ab5e21ccb35d1bcfdfd86304f1dcfa0ac75bc33c1e54e998d5300d3615231e69267299492f71a065d

Download Submit
C:\Windows\system\WivvLvC.exe

Filesize
6.0MB

MD5
a99228255f2d8dc1c799492f4d3a3e77

SHA1
0c5e8789a1d7274ceeedd583b20741d9fb3ec503

SHA256
b4cc290739baff86f306dbca44d6ddf2115620a59d06d5ebf0eafbbed14e77a4

SHA512
087281a2fba86a32bbcefb24ef80133f060e2172fba46cc52ceb80a4f33f0bd00fa31efaea9eaf73bf3d464618a1ff7a797ca5237ffd844ea150af3ab3917430

Download Submit
C:\Windows\system\XTusChY.exe

Filesize
6.0MB

MD5
74ab87e0ca0c627aaf20868e2e4accd2

SHA1
cfb3f3dde6240890bfa9e6d606e80877c97fd66e

SHA256
21e25d0857393ea2ad8309f9cd74722da4000553ca0653f922aa18d3ad2304cc

SHA512
66aa62aa4b675fc5ddfc6e9855859c40ba3f0bfa71a3697f96d283e7ea6d4f56406c3a87de793be2d6b71f45b5b48e47920a17322224ef3d4664b68a9132dcec

Download Submit
C:\Windows\system\XdsRoTE.exe

Filesize
6.0MB

MD5
f7a63e0fa2b1729608ea084b128f78e3

SHA1
87ee200e3abeb919790a5eff5abba060144ba725

SHA256
231a8943b439c446c3c7db1bccf60ef8ad17bcc28093be542a511bb3f562ae2e

SHA512
c537e08c77162dc67ffa02e50dfe30729dc5f10bb09c38c98dc7b2d1722c0250b39de8dfb7ddc5fcc891b7a554abe08e312acca5df42e1eaa0ed6c056d5d1374

Download Submit
C:\Windows\system\ZwAfmdp.exe

Filesize
6.0MB

MD5
5fe73dab494f8cb24f0a67f1f9be38d0

SHA1
8c75ddf89f248a187cf49dfec0158d9ecc0f9c0a

SHA256
81e9d6527b8f93aec4f2e74a4a51944703c766cb8051964a29b5e3fe88ad93f9

SHA512
fd3f3e1d1fd3906bdb448858bf2f52f57b5523f3782ee24be6aead1bf049b2df1db70c0e23537b68dd646d9be992e3d1f9766562683260d513151682435e6e14

Download Submit
C:\Windows\system\bUIURpe.exe

Filesize
6.0MB

MD5
1a8c1c8078f7072b2531784c202ab8bd

SHA1
12748b98b13496f24f4b57ca069926789ea43794

SHA256
707f7a386fa1662573b7d76a7341eeff1c3c5a6fee133f1a77ac20aa48f23437

SHA512
2d8748153360c55b78059f23835718bc77e252fcfedf9271adadc02592b65c28fc839fe170d9791e9f08b7834a9cbc17cea173a7ee0e0a05bd611584c4f27432

Download Submit
C:\Windows\system\grSOYQe.exe

Filesize
6.0MB

MD5
82065c11614a53907434075b8573bdbf

SHA1
5ea334bf97e178283198da5f83100457b239189e

SHA256
00a2cabf4414ad6cab66dac955152c0e7673e6f30e77f367d3e8fbd7cac1f57c

SHA512
d03f3958a906903b7b95cf0222f2a0ddce600056e4b8fa44e65a620c89f5ed2dc0dfdbdd773256032dfb093afaad316cdf37389bac73470e1a190a58d6ae5823

Download Submit
C:\Windows\system\kMXzmti.exe

Filesize
6.0MB

MD5
b4776f510faf3fd46a190ff1d47f85ce

SHA1
3bbfe7a89d0311de1d133557e77ca5db52b60028

SHA256
c46a496df869ffedbb47a30ad46ae471d818dcc1d4509d04a218436429d23dcc

SHA512
c2433d6d580c912c518162b21ac1f3590a256eab6dadc9d6c322911cc31ccc7fc8b8870b1dbbe004458d9ad22966877daf8c49a890c677d9cd844c62c086cca8

Download Submit
C:\Windows\system\kgBPvsW.exe

Filesize
6.0MB

MD5
af2cdee2bd19529ca5e6ca75e4d5bccd

SHA1
443bb37e93bfd1dbc8ff7516562ffc86ce2f7989

SHA256
cc4e6b7beda6bf1effb304b0574199312a9954177c853f5552c567f9f9ef63c2

SHA512
b94530266c4fd39c10438400c62348a88dc8815f478af7200383f14233e40cafc42972600b8d6d01b18d6801b2200d59fd9bcaa43cc50ab01ca285f23087f7e3

Download Submit
C:\Windows\system\leOLsJq.exe

Filesize
6.0MB

MD5
3db8956bcded4f5658280403ae61963e

SHA1
53dd5c9bbf5a7155de8e576ee948c4a0234b8281

SHA256
590c4e98c246ab0a8b1266288b7c5f2857a97db2f6ee327b33f4ae06e961b197

SHA512
c008c873cefc5330cdcde1da0d578163531138d5d337e39d9e56eb48bbc30c44e49b94581ebc7535df0b433d551622d3e32acbda9acc69370beceec3db711500

Download Submit
C:\Windows\system\opyiXpA.exe

Filesize
6.0MB

MD5
69b3d542da39a4346f9bf7db320da69c

SHA1
7f73fc3ce9e6324d496e88f407adb093d4a1b3e1

SHA256
e9869210b74e67739283cceb6061e20be0ded4a82a53bb1c701ad61f31062ea7

SHA512
fde7804f14dab489014f3178c4ee6d0299389a48fa67773464a111d68661b2332c130aefe2906dc9d6696c7e42779934784b7fb68c7d50f1ea9cf1791967c533

Download Submit
C:\Windows\system\svXDoOK.exe

Filesize
6.0MB

MD5
b215b637619b0c5aab6a1e463510a4ec

SHA1
c76e360336f8d1b0cab8c13f558301bf23237133

SHA256
88db9949daefd4d2c319a686ec256bd5455b488056f9057a6a135e013d252bd8

SHA512
3975893879519d83917cb3eba980e4454d5b3de37c3dafbce2e0d58d06d0c26dd079a651780b82c5a7a3ec590ab9ce779cd37e6012bdb1a02f1fea5ef975e50e

Download Submit
C:\Windows\system\tKVCRQE.exe

Filesize
6.0MB

MD5
3b6c9ca6880001e259c39e6344b57a0d

SHA1
cae9655da255c8b7d3a1de7116e952f797a49213

SHA256
8da213fe55caaabb1dc54b8d38f09423fbb1053136eae3906f2cad5e80ff50ee

SHA512
24ca871ce13c266cc3ecdcd59f36275b5236e6f6fac927ac4fe263bcd8d83cce766226421c60a2d69cf18b17ce4d86b88aae266cd43a18729e028091ad5b86b8

Download Submit
C:\Windows\system\vmiuZIA.exe

Filesize
6.0MB

MD5
3965dd1479594a555ac51accadb17a35

SHA1
a6e68d2d5aa7e93cbb5eb64efca26fa2d18371c7

SHA256
fded59fcc805d3cce2645b13fa8a97c0e9fc6418c969ce5a3aac88304051d561

SHA512
d66f7285ff4c4d34486442308f7d811b8f0e52c99f4f99c828beb7fd00558029791a8b394b9a667bb9ed670be38ee436f4656f4a795a25f61824aad6a8cc20c4

Download Submit
C:\Windows\system\yuQWHEf.exe

Filesize
6.0MB

MD5
e416c5ff910841da99b3231e122a7049

SHA1
88e4095048a56a7740ba9b2be24a350528a41897

SHA256
fe88a2e6a9e08aec4b9d9ca55d9b37f572a9dbfe2a40a7388c0f677928c995b8

SHA512
375940d6369b1daf84d4f10985cc3a70538ab7676d8798aed1a764b8406147357b9b37d59cc0ea3e8069f2ec653bc425f392afadc798737977b8617dee9003ee

Download Submit
C:\Windows\system\zAskeSt.exe

Filesize
6.0MB

MD5
693344b2bda29506636ee4a38c0d6cf2

SHA1
da91e3dff80460d925a240f41ee88fac4ea25e27

SHA256
6b44e9dd04307fcb82dd12dedb4638537beff6f2c093b5af37bfead472ef40f6

SHA512
e6bae8761b964c996508ce91677e03f07b33f2c8c61dee62bc788f85eb0c13a4abf2817ae48885d6f472f9a565398a3b78bdd1c0d8b045a4ba8cafd58de077bd

Download Submit
\Windows\system\AMdmqDj.exe

Filesize
6.0MB

MD5
684c7d5ee3c72bb707ae6309be2e6d63

SHA1
2214b811443a89f4858c6e49c874b325026ed17d

SHA256
9c0a233f966a9947f1d0a64534213f33f62f4b698eaad0841ef136c036793e11

SHA512
a8616dba986e0362a240a853fa38b110416722e10c9e221ef680a04e6f59a8e51de7b10dc8f76d8f75b3f2826ebac9ab2381f55b35518012039b3001aabdbcd5

Download Submit
\Windows\system\RHZOjMK.exe

Filesize
6.0MB

MD5
a78fffe3de23ea1dee3b3c794d5c5472

SHA1
194ee1b0f28d9b4335943b79aa488a981332bc7e

SHA256
bfb6c4d931d13c76419d44189a8fe95ab588340b4be3e153d24659a4591e5937

SHA512
8a990c3cfcef61cbd139d1aa939002ecab1c0a16de95849ca66fb0fbed5a4ec028f870c6f03acd73d0595ed7ff9c71307a98a9befcaff457ef5933b13f9cc363

Download Submit
\Windows\system\gfmNDtX.exe

Filesize
6.0MB

MD5
f0503664e65ec4aabaf82c096869a5e1

SHA1
3969e571792c171f54e41c6b3607b84671ba69a1

SHA256
9d5b04a526b8a34f4586c5f84440e19c4df8aa0b14a5966841f8a5721593b0f9

SHA512
1657acef516ac13da731988f4a5be6694d70ec25bdbc2a85e78e4e5989d272bfb269677fd332a40646192323fbc0069378b7aacf03e74a16c28826a3aa6b2898

Download Submit
\Windows\system\ziTyIct.exe

Filesize
6.0MB

MD5
118a5796805f20e4559689feeae48802

SHA1
be4bc601adbc2ab2b7d175583784cc92f87ce070

SHA256
86726df0216a7b4934eb57883a02e02dd42de54341b169f3c17bc7cc6e9fa550

SHA512
5c9bec4800688a7bfb06eea3ec722e3d4ee5448c693ad6a83318d18d007a201cbea3f4371fa1cd57f88ba1ed23189b83896ae45d20812f3766a8bb797a8b6c80

Download Submit
memory/1372-2512-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/1868-2428-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/1868-4117-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-2451-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2160-3281-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-2394-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-0-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-3383-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2160-3385-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-1-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/2160-2457-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-2475-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-3404-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2160-2496-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2160-2277-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-3283-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-2338-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2160-3418-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-3425-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2160-3409-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-4115-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2308-2336-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-4121-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-2386-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2320-4116-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2328-4118-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2516-2430-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-4123-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-2482-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2780-4120-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2908-4119-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download