cobaltstrike | 72b766f65500c4e81481c2b66d180c42dbbc6876a44e18bd23d68103c85c4366

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-11-2024 21:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b6dcf7289a61091e14950827abd45cc1
SHA1

f1a8f8e90c0d215ae41f49d6d9fce23b89c66c08
SHA256

72b766f65500c4e81481c2b66d180c42dbbc6876a44e18bd23d68103c85c4366
SHA512

561c4ce30d3a2b3e3f2516687c6f895df9792112ff8230f5d42ef5b404ed998feeeea29cb8f05efe35d4577cf8f2e7d5e6efbb9433e96c6ff6f9f84b7fab50dc
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUu:T+q56utgpPF8u/7u

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a000000012280-3.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001660e-7.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c89-24.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016890-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ca0-38.dat	cobalt_reflective_dll
behavioral1/files/0x00340000000162e4-33.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-91.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d83-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-166.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019299-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001927a-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924f-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019237-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019203-134.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019056-130.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018fdf-126.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d7b-118.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018be7-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018745-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871c-106.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870c-102.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018706-98.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f7-78.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017570-77.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cf0-76.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018683-86.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f1-63.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d22-62.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cab-46.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2188-0-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/files/0x000a000000012280-3.dat	xmrig
behavioral1/memory/2708-20-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/files/0x000800000001660e-7.dat	xmrig
behavioral1/memory/2804-22-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2712-19-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c89-24.dat	xmrig
behavioral1/files/0x0008000000016890-15.dat	xmrig
behavioral1/files/0x0007000000016ca0-38.dat	xmrig
behavioral1/files/0x00340000000162e4-33.dat	xmrig
behavioral1/memory/2604-66-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/1744-79-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/files/0x0005000000018697-91.dat	xmrig
behavioral1/files/0x0006000000018d83-122.dat	xmrig
behavioral1/memory/1488-260-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2604-259-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2724-200-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019354-166.dat	xmrig
behavioral1/files/0x00050000000192a1-162.dat	xmrig
behavioral1/files/0x0005000000019299-158.dat	xmrig
behavioral1/files/0x000500000001927a-154.dat	xmrig
behavioral1/files/0x0005000000019274-150.dat	xmrig
behavioral1/files/0x0005000000019261-146.dat	xmrig
behavioral1/files/0x000500000001924f-142.dat	xmrig
behavioral1/files/0x0005000000019237-138.dat	xmrig
behavioral1/files/0x0005000000019203-134.dat	xmrig
behavioral1/files/0x0006000000019056-130.dat	xmrig
behavioral1/files/0x0006000000018fdf-126.dat	xmrig
behavioral1/files/0x0006000000018d7b-118.dat	xmrig
behavioral1/files/0x0006000000018be7-114.dat	xmrig
behavioral1/files/0x0005000000018745-110.dat	xmrig
behavioral1/files/0x000500000001871c-106.dat	xmrig
behavioral1/files/0x000500000001870c-102.dat	xmrig
behavioral1/files/0x0005000000018706-98.dat	xmrig
behavioral1/memory/2852-95-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2352-94-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2612-88-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2804-83-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2912-82-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/1036-81-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2628-80-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x00060000000175f7-78.dat	xmrig
behavioral1/files/0x0008000000017570-77.dat	xmrig
behavioral1/files/0x0009000000016cf0-76.dat	xmrig
behavioral1/files/0x000d000000018683-86.dat	xmrig
behavioral1/memory/2572-72-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2188-70-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/1488-69-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/files/0x00060000000175f1-63.dat	xmrig
behavioral1/files/0x0008000000016d22-62.dat	xmrig
behavioral1/files/0x0007000000016cab-46.dat	xmrig
behavioral1/memory/2724-45-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2852-32-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2712-3499-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2708-3619-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2804-3631-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2724-3726-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2604-3727-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/1488-3728-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/1744-4086-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2612-4268-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2628-4348-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2352-4349-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2912-4350-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2712	lAEgQOU.exe
2708	iWbmUJl.exe
2804	iuwHLYo.exe
2852	hmUYdQb.exe
2724	juDtlgd.exe
2572	skniNoi.exe
2604	fkHeCeT.exe
1488	JLeVhzp.exe
1744	EGDKsdQ.exe
2628	JCVWQxn.exe
1036	qoewxCr.exe
2912	pOyyYen.exe
2612	LXEZvuv.exe
2352	YsoGICC.exe
2280	NUKqOec.exe
2620	wIKuIgN.exe
1516	usVOLxO.exe
1132	TQNZTpN.exe
872	mGskdDp.exe
2832	MOmwTyz.exe
820	gXveVZE.exe
588	iFEylUC.exe
1048	kaLgUVB.exe
2976	ELKtCIC.exe
2808	brfEWOL.exe
2736	NGmlLCB.exe
2248	iOzbiNV.exe
2364	jQSpfby.exe
1160	wQiKJPo.exe
2044	QdGTHIO.exe
1084	sHEMYeB.exe
2128	AOrVyTY.exe
1452	OGohFbv.exe
1972	UtdRIoV.exe
984	LmuTmmg.exe
1608	TgIXAKd.exe
1872	eWSCilK.exe
2508	gEdcEYb.exe
696	GLyavzp.exe
936	JxqonSt.exe
884	ShBuXdn.exe
2152	NglUYcV.exe
2952	cLXkPlU.exe
1772	xnYJNMS.exe
1776	hSsHrbA.exe
2396	gxGWunx.exe
1728	eYdiWof.exe
1864	TdSXzak.exe
1328	SzSwclK.exe
1860	SpsbLEY.exe
2524	FZhSHpz.exe
1624	kqQpnLz.exe
2204	kNErKRT.exe
1792	fiGhtjP.exe
2344	NcAtqpH.exe
2480	MsJfkYC.exe
2104	NXuPEpO.exe
2992	kfTohic.exe
1976	KnNRjeS.exe
888	asCPtPr.exe
1968	OVotIoS.exe
1692	AADsMEl.exe
2476	UoxxNvd.exe
2244	lYHWOkF.exe

Loads dropped DLL 64 IoCs

pid	Process
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2188-0-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/files/0x000a000000012280-3.dat	upx
behavioral1/memory/2708-20-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/files/0x000800000001660e-7.dat	upx
behavioral1/memory/2804-22-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2712-19-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/files/0x0007000000016c89-24.dat	upx
behavioral1/files/0x0008000000016890-15.dat	upx
behavioral1/files/0x0007000000016ca0-38.dat	upx
behavioral1/files/0x00340000000162e4-33.dat	upx
behavioral1/memory/2604-66-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/1744-79-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/files/0x0005000000018697-91.dat	upx
behavioral1/files/0x0006000000018d83-122.dat	upx
behavioral1/memory/1488-260-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2604-259-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2724-200-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/files/0x0005000000019354-166.dat	upx
behavioral1/files/0x00050000000192a1-162.dat	upx
behavioral1/files/0x0005000000019299-158.dat	upx
behavioral1/files/0x000500000001927a-154.dat	upx
behavioral1/files/0x0005000000019274-150.dat	upx
behavioral1/files/0x0005000000019261-146.dat	upx
behavioral1/files/0x000500000001924f-142.dat	upx
behavioral1/files/0x0005000000019237-138.dat	upx
behavioral1/files/0x0005000000019203-134.dat	upx
behavioral1/files/0x0006000000019056-130.dat	upx
behavioral1/files/0x0006000000018fdf-126.dat	upx
behavioral1/files/0x0006000000018d7b-118.dat	upx
behavioral1/files/0x0006000000018be7-114.dat	upx
behavioral1/files/0x0005000000018745-110.dat	upx
behavioral1/files/0x000500000001871c-106.dat	upx
behavioral1/files/0x000500000001870c-102.dat	upx
behavioral1/files/0x0005000000018706-98.dat	upx
behavioral1/memory/2852-95-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2352-94-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2612-88-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2804-83-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2912-82-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/1036-81-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2628-80-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x00060000000175f7-78.dat	upx
behavioral1/files/0x0008000000017570-77.dat	upx
behavioral1/files/0x0009000000016cf0-76.dat	upx
behavioral1/files/0x000d000000018683-86.dat	upx
behavioral1/memory/2572-72-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2188-70-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/1488-69-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/files/0x00060000000175f1-63.dat	upx
behavioral1/files/0x0008000000016d22-62.dat	upx
behavioral1/files/0x0007000000016cab-46.dat	upx
behavioral1/memory/2724-45-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2852-32-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2712-3499-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2708-3619-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2804-3631-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2724-3726-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2604-3727-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/1488-3728-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/1744-4086-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2612-4268-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2628-4348-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2352-4349-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2912-4350-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\iFEylUC.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rugVZQG.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xMoHFqe.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AUDbpWd.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\puvJTND.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SUOLfUT.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NnymxuT.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Kxpjhix.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ImNHtIe.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\viWGHkM.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sXWlrYv.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aBhjRKD.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VuuSScg.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PCZsmMv.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XjAgjwV.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NTvnVxL.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IUUHxAK.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OrdRUEY.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mWmCkcG.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rJMMOZA.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hKaFUWb.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uxwCiBD.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EfIenLT.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hyxVxeu.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lWfXxRU.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cYMxxSK.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oQrapVF.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Xujpgmo.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vjXyUJv.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gPaLZzF.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SnmSPJo.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MxINHDI.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EWZTNJg.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZwrbUgi.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XXEENje.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AFmDyPq.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UtdRIoV.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SzOfiUK.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qylXZKt.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BYCGWiv.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oNqpRYu.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uLeooeQ.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MeiiDVh.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vMQctBk.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zPTwwcC.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\unNWRLV.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MvINacl.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QIPfywh.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EZEDnAV.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VfOkqAP.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YMwLsqC.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uHOmLUI.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fAROnvP.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PkHhocX.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uSYriwz.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nlJLbdj.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LqQCRAp.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YUCSAqB.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kKmTbHb.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HhIgJnU.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TmftObY.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eKwxgxl.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZBDzQGf.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aLLIGIm.exe	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2712	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2188 wrote to memory of 2712	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2188 wrote to memory of 2712	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2188 wrote to memory of 2804	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2188 wrote to memory of 2804	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2188 wrote to memory of 2804	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2188 wrote to memory of 2708	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2188 wrote to memory of 2708	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2188 wrote to memory of 2708	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2188 wrote to memory of 2852	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2188 wrote to memory of 2852	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2188 wrote to memory of 2852	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2188 wrote to memory of 2724	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2188 wrote to memory of 2724	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2188 wrote to memory of 2724	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2188 wrote to memory of 1744	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2188 wrote to memory of 1744	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2188 wrote to memory of 1744	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2188 wrote to memory of 2572	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2188 wrote to memory of 2572	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2188 wrote to memory of 2572	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2188 wrote to memory of 2628	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2188 wrote to memory of 2628	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2188 wrote to memory of 2628	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2188 wrote to memory of 2604	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2188 wrote to memory of 2604	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2188 wrote to memory of 2604	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2188 wrote to memory of 1036	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2188 wrote to memory of 1036	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2188 wrote to memory of 1036	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2188 wrote to memory of 1488	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2188 wrote to memory of 1488	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2188 wrote to memory of 1488	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2188 wrote to memory of 2912	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2188 wrote to memory of 2912	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2188 wrote to memory of 2912	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2188 wrote to memory of 2612	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2188 wrote to memory of 2612	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2188 wrote to memory of 2612	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2188 wrote to memory of 2352	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2188 wrote to memory of 2352	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2188 wrote to memory of 2352	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2188 wrote to memory of 2280	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2188 wrote to memory of 2280	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2188 wrote to memory of 2280	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2188 wrote to memory of 2620	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2188 wrote to memory of 2620	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2188 wrote to memory of 2620	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2188 wrote to memory of 1516	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2188 wrote to memory of 1516	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2188 wrote to memory of 1516	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2188 wrote to memory of 1132	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2188 wrote to memory of 1132	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2188 wrote to memory of 1132	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2188 wrote to memory of 872	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2188 wrote to memory of 872	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2188 wrote to memory of 872	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2188 wrote to memory of 2832	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2188 wrote to memory of 2832	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2188 wrote to memory of 2832	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2188 wrote to memory of 820	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2188 wrote to memory of 820	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2188 wrote to memory of 820	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2188 wrote to memory of 588	2188	2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-11_b6dcf7289a61091e14950827abd45cc1_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\System\lAEgQOU.exe
  C:\Windows\System\lAEgQOU.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\iuwHLYo.exe
  C:\Windows\System\iuwHLYo.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\iWbmUJl.exe
  C:\Windows\System\iWbmUJl.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\hmUYdQb.exe
  C:\Windows\System\hmUYdQb.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\juDtlgd.exe
  C:\Windows\System\juDtlgd.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\EGDKsdQ.exe
  C:\Windows\System\EGDKsdQ.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\skniNoi.exe
  C:\Windows\System\skniNoi.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\JCVWQxn.exe
  C:\Windows\System\JCVWQxn.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\fkHeCeT.exe
  C:\Windows\System\fkHeCeT.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\qoewxCr.exe
  C:\Windows\System\qoewxCr.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\JLeVhzp.exe
  C:\Windows\System\JLeVhzp.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\pOyyYen.exe
  C:\Windows\System\pOyyYen.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\LXEZvuv.exe
  C:\Windows\System\LXEZvuv.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\YsoGICC.exe
  C:\Windows\System\YsoGICC.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\NUKqOec.exe
  C:\Windows\System\NUKqOec.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\wIKuIgN.exe
  C:\Windows\System\wIKuIgN.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\usVOLxO.exe
  C:\Windows\System\usVOLxO.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\TQNZTpN.exe
  C:\Windows\System\TQNZTpN.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\mGskdDp.exe
  C:\Windows\System\mGskdDp.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\MOmwTyz.exe
  C:\Windows\System\MOmwTyz.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\gXveVZE.exe
  C:\Windows\System\gXveVZE.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\iFEylUC.exe
  C:\Windows\System\iFEylUC.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\kaLgUVB.exe
  C:\Windows\System\kaLgUVB.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\ELKtCIC.exe
  C:\Windows\System\ELKtCIC.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\brfEWOL.exe
  C:\Windows\System\brfEWOL.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\NGmlLCB.exe
  C:\Windows\System\NGmlLCB.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\iOzbiNV.exe
  C:\Windows\System\iOzbiNV.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\jQSpfby.exe
  C:\Windows\System\jQSpfby.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\wQiKJPo.exe
  C:\Windows\System\wQiKJPo.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\QdGTHIO.exe
  C:\Windows\System\QdGTHIO.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\sHEMYeB.exe
  C:\Windows\System\sHEMYeB.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\AOrVyTY.exe
  C:\Windows\System\AOrVyTY.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\OGohFbv.exe
  C:\Windows\System\OGohFbv.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\UtdRIoV.exe
  C:\Windows\System\UtdRIoV.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\LmuTmmg.exe
  C:\Windows\System\LmuTmmg.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\TgIXAKd.exe
  C:\Windows\System\TgIXAKd.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\eWSCilK.exe
  C:\Windows\System\eWSCilK.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\gEdcEYb.exe
  C:\Windows\System\gEdcEYb.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\GLyavzp.exe
  C:\Windows\System\GLyavzp.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\JxqonSt.exe
  C:\Windows\System\JxqonSt.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\ShBuXdn.exe
  C:\Windows\System\ShBuXdn.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\NglUYcV.exe
  C:\Windows\System\NglUYcV.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\cLXkPlU.exe
  C:\Windows\System\cLXkPlU.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\xnYJNMS.exe
  C:\Windows\System\xnYJNMS.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\hSsHrbA.exe
  C:\Windows\System\hSsHrbA.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\gxGWunx.exe
  C:\Windows\System\gxGWunx.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\eYdiWof.exe
  C:\Windows\System\eYdiWof.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\TdSXzak.exe
  C:\Windows\System\TdSXzak.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\SzSwclK.exe
  C:\Windows\System\SzSwclK.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\SpsbLEY.exe
  C:\Windows\System\SpsbLEY.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\FZhSHpz.exe
  C:\Windows\System\FZhSHpz.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\kqQpnLz.exe
  C:\Windows\System\kqQpnLz.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\kNErKRT.exe
  C:\Windows\System\kNErKRT.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\NcAtqpH.exe
  C:\Windows\System\NcAtqpH.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\fiGhtjP.exe
  C:\Windows\System\fiGhtjP.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\MsJfkYC.exe
  C:\Windows\System\MsJfkYC.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\NXuPEpO.exe
  C:\Windows\System\NXuPEpO.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\kfTohic.exe
  C:\Windows\System\kfTohic.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\KnNRjeS.exe
  C:\Windows\System\KnNRjeS.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\asCPtPr.exe
  C:\Windows\System\asCPtPr.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\OVotIoS.exe
  C:\Windows\System\OVotIoS.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\AADsMEl.exe
  C:\Windows\System\AADsMEl.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\UoxxNvd.exe
  C:\Windows\System\UoxxNvd.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\lYHWOkF.exe
  C:\Windows\System\lYHWOkF.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\JzyVnmB.exe
  C:\Windows\System\JzyVnmB.exe
  2⤵
  PID:1588
- C:\Windows\System\wJOJIjb.exe
  C:\Windows\System\wJOJIjb.exe
  2⤵
  PID:580
- C:\Windows\System\XMlxPUj.exe
  C:\Windows\System\XMlxPUj.exe
  2⤵
  PID:2696
- C:\Windows\System\NlLmcFW.exe
  C:\Windows\System\NlLmcFW.exe
  2⤵
  PID:2680
- C:\Windows\System\tiSsziJ.exe
  C:\Windows\System\tiSsziJ.exe
  2⤵
  PID:2956
- C:\Windows\System\DNramtK.exe
  C:\Windows\System\DNramtK.exe
  2⤵
  PID:2792
- C:\Windows\System\NkwUeGn.exe
  C:\Windows\System\NkwUeGn.exe
  2⤵
  PID:2756
- C:\Windows\System\BrulHsV.exe
  C:\Windows\System\BrulHsV.exe
  2⤵
  PID:2844
- C:\Windows\System\sqSNTDV.exe
  C:\Windows\System\sqSNTDV.exe
  2⤵
  PID:1732
- C:\Windows\System\mPZinEQ.exe
  C:\Windows\System\mPZinEQ.exe
  2⤵
  PID:2892
- C:\Windows\System\plzVijS.exe
  C:\Windows\System\plzVijS.exe
  2⤵
  PID:2548
- C:\Windows\System\mZUOfTA.exe
  C:\Windows\System\mZUOfTA.exe
  2⤵
  PID:1616
- C:\Windows\System\UaMfqAS.exe
  C:\Windows\System\UaMfqAS.exe
  2⤵
  PID:3016
- C:\Windows\System\qiTjEOJ.exe
  C:\Windows\System\qiTjEOJ.exe
  2⤵
  PID:1496
- C:\Windows\System\bpKUHOr.exe
  C:\Windows\System\bpKUHOr.exe
  2⤵
  PID:1524
- C:\Windows\System\uILoLuI.exe
  C:\Windows\System\uILoLuI.exe
  2⤵
  PID:2872
- C:\Windows\System\WzwwFbz.exe
  C:\Windows\System\WzwwFbz.exe
  2⤵
  PID:1636
- C:\Windows\System\QxEdEOp.exe
  C:\Windows\System\QxEdEOp.exe
  2⤵
  PID:2012
- C:\Windows\System\YAUMNxa.exe
  C:\Windows\System\YAUMNxa.exe
  2⤵
  PID:2356
- C:\Windows\System\cgTwQnM.exe
  C:\Windows\System\cgTwQnM.exe
  2⤵
  PID:2268
- C:\Windows\System\IMuLWCM.exe
  C:\Windows\System\IMuLWCM.exe
  2⤵
  PID:2192
- C:\Windows\System\XcQmDex.exe
  C:\Windows\System\XcQmDex.exe
  2⤵
  PID:408
- C:\Windows\System\EqkDJXD.exe
  C:\Windows\System\EqkDJXD.exe
  2⤵
  PID:2420
- C:\Windows\System\HbcXlPq.exe
  C:\Windows\System\HbcXlPq.exe
  2⤵
  PID:1896
- C:\Windows\System\HGnYLhS.exe
  C:\Windows\System\HGnYLhS.exe
  2⤵
  PID:2040
- C:\Windows\System\BtGrVhP.exe
  C:\Windows\System\BtGrVhP.exe
  2⤵
  PID:1868
- C:\Windows\System\fLcnscz.exe
  C:\Windows\System\fLcnscz.exe
  2⤵
  PID:2500
- C:\Windows\System\cfZxXod.exe
  C:\Windows\System\cfZxXod.exe
  2⤵
  PID:2020
- C:\Windows\System\wiDwMTf.exe
  C:\Windows\System\wiDwMTf.exe
  2⤵
  PID:776
- C:\Windows\System\dUSczUy.exe
  C:\Windows\System\dUSczUy.exe
  2⤵
  PID:3012
- C:\Windows\System\BYYCght.exe
  C:\Windows\System\BYYCght.exe
  2⤵
  PID:616
- C:\Windows\System\UvApsBq.exe
  C:\Windows\System\UvApsBq.exe
  2⤵
  PID:2324
- C:\Windows\System\mXwRQeW.exe
  C:\Windows\System\mXwRQeW.exe
  2⤵
  PID:844
- C:\Windows\System\yqOybfJ.exe
  C:\Windows\System\yqOybfJ.exe
  2⤵
  PID:2328
- C:\Windows\System\RTzyHti.exe
  C:\Windows\System\RTzyHti.exe
  2⤵
  PID:3008
- C:\Windows\System\eNdEPSW.exe
  C:\Windows\System\eNdEPSW.exe
  2⤵
  PID:2472
- C:\Windows\System\SnmSPJo.exe
  C:\Windows\System\SnmSPJo.exe
  2⤵
  PID:1964
- C:\Windows\System\HtzDfHQ.exe
  C:\Windows\System\HtzDfHQ.exe
  2⤵
  PID:2768
- C:\Windows\System\kqTcOCX.exe
  C:\Windows\System\kqTcOCX.exe
  2⤵
  PID:2492
- C:\Windows\System\ltTXnAn.exe
  C:\Windows\System\ltTXnAn.exe
  2⤵
  PID:2700
- C:\Windows\System\cbklmTW.exe
  C:\Windows\System\cbklmTW.exe
  2⤵
  PID:2784
- C:\Windows\System\bRloOEQ.exe
  C:\Windows\System\bRloOEQ.exe
  2⤵
  PID:2796
- C:\Windows\System\fTcScoz.exe
  C:\Windows\System\fTcScoz.exe
  2⤵
  PID:2856
- C:\Windows\System\wGNdKyQ.exe
  C:\Windows\System\wGNdKyQ.exe
  2⤵
  PID:2624
- C:\Windows\System\JkUNTGn.exe
  C:\Windows\System\JkUNTGn.exe
  2⤵
  PID:2728
- C:\Windows\System\nzhAFTJ.exe
  C:\Windows\System\nzhAFTJ.exe
  2⤵
  PID:576
- C:\Windows\System\IrHCQgB.exe
  C:\Windows\System\IrHCQgB.exe
  2⤵
  PID:1244
- C:\Windows\System\rGlzSKx.exe
  C:\Windows\System\rGlzSKx.exe
  2⤵
  PID:1484
- C:\Windows\System\hYmQyxK.exe
  C:\Windows\System\hYmQyxK.exe
  2⤵
  PID:2168
- C:\Windows\System\fxxnFtM.exe
  C:\Windows\System\fxxnFtM.exe
  2⤵
  PID:1932
- C:\Windows\System\zKAqdLU.exe
  C:\Windows\System\zKAqdLU.exe
  2⤵
  PID:2164
- C:\Windows\System\AqLkgTz.exe
  C:\Windows\System\AqLkgTz.exe
  2⤵
  PID:952
- C:\Windows\System\DjPxypq.exe
  C:\Windows\System\DjPxypq.exe
  2⤵
  PID:1552
- C:\Windows\System\NtVrQiB.exe
  C:\Windows\System\NtVrQiB.exe
  2⤵
  PID:1544
- C:\Windows\System\UODFhVa.exe
  C:\Windows\System\UODFhVa.exe
  2⤵
  PID:2300
- C:\Windows\System\jfqlcnl.exe
  C:\Windows\System\jfqlcnl.exe
  2⤵
  PID:3068
- C:\Windows\System\ebWQEqe.exe
  C:\Windows\System\ebWQEqe.exe
  2⤵
  PID:2064
- C:\Windows\System\XjAgjwV.exe
  C:\Windows\System\XjAgjwV.exe
  2⤵
  PID:1948
- C:\Windows\System\mKkncXy.exe
  C:\Windows\System\mKkncXy.exe
  2⤵
  PID:2288
- C:\Windows\System\wTckHZD.exe
  C:\Windows\System\wTckHZD.exe
  2⤵
  PID:3088
- C:\Windows\System\GOUycsx.exe
  C:\Windows\System\GOUycsx.exe
  2⤵
  PID:3104
- C:\Windows\System\vXwLmQJ.exe
  C:\Windows\System\vXwLmQJ.exe
  2⤵
  PID:3120
- C:\Windows\System\YHSytxI.exe
  C:\Windows\System\YHSytxI.exe
  2⤵
  PID:3136
- C:\Windows\System\zvtQLAe.exe
  C:\Windows\System\zvtQLAe.exe
  2⤵
  PID:3152
- C:\Windows\System\kGEXPPv.exe
  C:\Windows\System\kGEXPPv.exe
  2⤵
  PID:3168
- C:\Windows\System\KNGZUDK.exe
  C:\Windows\System\KNGZUDK.exe
  2⤵
  PID:3184
- C:\Windows\System\AEswZHl.exe
  C:\Windows\System\AEswZHl.exe
  2⤵
  PID:3200
- C:\Windows\System\oNqpRYu.exe
  C:\Windows\System\oNqpRYu.exe
  2⤵
  PID:3216
- C:\Windows\System\XULOMkK.exe
  C:\Windows\System\XULOMkK.exe
  2⤵
  PID:3232
- C:\Windows\System\ExuveKa.exe
  C:\Windows\System\ExuveKa.exe
  2⤵
  PID:3248
- C:\Windows\System\kjMfwuJ.exe
  C:\Windows\System\kjMfwuJ.exe
  2⤵
  PID:3264
- C:\Windows\System\hmBcwmP.exe
  C:\Windows\System\hmBcwmP.exe
  2⤵
  PID:3280
- C:\Windows\System\jlxFJNk.exe
  C:\Windows\System\jlxFJNk.exe
  2⤵
  PID:3296
- C:\Windows\System\nVpUQZs.exe
  C:\Windows\System\nVpUQZs.exe
  2⤵
  PID:3312
- C:\Windows\System\rhsxuAX.exe
  C:\Windows\System\rhsxuAX.exe
  2⤵
  PID:3328
- C:\Windows\System\WoxmrCT.exe
  C:\Windows\System\WoxmrCT.exe
  2⤵
  PID:3344
- C:\Windows\System\dHrJIXY.exe
  C:\Windows\System\dHrJIXY.exe
  2⤵
  PID:3360
- C:\Windows\System\DAflBgd.exe
  C:\Windows\System\DAflBgd.exe
  2⤵
  PID:3376
- C:\Windows\System\QWtSZaE.exe
  C:\Windows\System\QWtSZaE.exe
  2⤵
  PID:3392
- C:\Windows\System\jiblcMa.exe
  C:\Windows\System\jiblcMa.exe
  2⤵
  PID:3408
- C:\Windows\System\zuZiEHG.exe
  C:\Windows\System\zuZiEHG.exe
  2⤵
  PID:3424
- C:\Windows\System\eMgNPWt.exe
  C:\Windows\System\eMgNPWt.exe
  2⤵
  PID:3440
- C:\Windows\System\WsFoVjT.exe
  C:\Windows\System\WsFoVjT.exe
  2⤵
  PID:3456
- C:\Windows\System\QJElBXn.exe
  C:\Windows\System\QJElBXn.exe
  2⤵
  PID:3476
- C:\Windows\System\sEuGWlE.exe
  C:\Windows\System\sEuGWlE.exe
  2⤵
  PID:3492
- C:\Windows\System\vXbnxiG.exe
  C:\Windows\System\vXbnxiG.exe
  2⤵
  PID:3508
- C:\Windows\System\nKmjLCW.exe
  C:\Windows\System\nKmjLCW.exe
  2⤵
  PID:3524
- C:\Windows\System\CBHJyDo.exe
  C:\Windows\System\CBHJyDo.exe
  2⤵
  PID:3540
- C:\Windows\System\GmnOBjT.exe
  C:\Windows\System\GmnOBjT.exe
  2⤵
  PID:3556
- C:\Windows\System\eKIxvZJ.exe
  C:\Windows\System\eKIxvZJ.exe
  2⤵
  PID:3572
- C:\Windows\System\ULLGczW.exe
  C:\Windows\System\ULLGczW.exe
  2⤵
  PID:3588
- C:\Windows\System\MXzLfrF.exe
  C:\Windows\System\MXzLfrF.exe
  2⤵
  PID:3604
- C:\Windows\System\EuesGTu.exe
  C:\Windows\System\EuesGTu.exe
  2⤵
  PID:3620
- C:\Windows\System\ibzzPtT.exe
  C:\Windows\System\ibzzPtT.exe
  2⤵
  PID:3636
- C:\Windows\System\lJDVNbe.exe
  C:\Windows\System\lJDVNbe.exe
  2⤵
  PID:3652
- C:\Windows\System\IXbMUrR.exe
  C:\Windows\System\IXbMUrR.exe
  2⤵
  PID:3668
- C:\Windows\System\IcoGICo.exe
  C:\Windows\System\IcoGICo.exe
  2⤵
  PID:3684
- C:\Windows\System\EeVCobI.exe
  C:\Windows\System\EeVCobI.exe
  2⤵
  PID:3700
- C:\Windows\System\OOhUiUc.exe
  C:\Windows\System\OOhUiUc.exe
  2⤵
  PID:3716
- C:\Windows\System\obylUQW.exe
  C:\Windows\System\obylUQW.exe
  2⤵
  PID:3732
- C:\Windows\System\eunaTCK.exe
  C:\Windows\System\eunaTCK.exe
  2⤵
  PID:3748
- C:\Windows\System\XjNuyYf.exe
  C:\Windows\System\XjNuyYf.exe
  2⤵
  PID:3764
- C:\Windows\System\MOPIavq.exe
  C:\Windows\System\MOPIavq.exe
  2⤵
  PID:3780
- C:\Windows\System\FgUBqjZ.exe
  C:\Windows\System\FgUBqjZ.exe
  2⤵
  PID:3796
- C:\Windows\System\BieyfGO.exe
  C:\Windows\System\BieyfGO.exe
  2⤵
  PID:3812
- C:\Windows\System\SzOfiUK.exe
  C:\Windows\System\SzOfiUK.exe
  2⤵
  PID:3828
- C:\Windows\System\PAPbHDx.exe
  C:\Windows\System\PAPbHDx.exe
  2⤵
  PID:3844
- C:\Windows\System\KUemZbE.exe
  C:\Windows\System\KUemZbE.exe
  2⤵
  PID:3860
- C:\Windows\System\bEVabZU.exe
  C:\Windows\System\bEVabZU.exe
  2⤵
  PID:3876
- C:\Windows\System\JFUWoSd.exe
  C:\Windows\System\JFUWoSd.exe
  2⤵
  PID:3892
- C:\Windows\System\BaEUWOd.exe
  C:\Windows\System\BaEUWOd.exe
  2⤵
  PID:3908
- C:\Windows\System\jZFqTvN.exe
  C:\Windows\System\jZFqTvN.exe
  2⤵
  PID:3924
- C:\Windows\System\CxmCSof.exe
  C:\Windows\System\CxmCSof.exe
  2⤵
  PID:3940
- C:\Windows\System\drEietQ.exe
  C:\Windows\System\drEietQ.exe
  2⤵
  PID:3956
- C:\Windows\System\iZItClo.exe
  C:\Windows\System\iZItClo.exe
  2⤵
  PID:3972
- C:\Windows\System\HytUOGN.exe
  C:\Windows\System\HytUOGN.exe
  2⤵
  PID:3988
- C:\Windows\System\xvRSZNo.exe
  C:\Windows\System\xvRSZNo.exe
  2⤵
  PID:4004
- C:\Windows\System\pyDLqGk.exe
  C:\Windows\System\pyDLqGk.exe
  2⤵
  PID:4020
- C:\Windows\System\YXoqpOL.exe
  C:\Windows\System\YXoqpOL.exe
  2⤵
  PID:4036
- C:\Windows\System\KEEmvzv.exe
  C:\Windows\System\KEEmvzv.exe
  2⤵
  PID:4052
- C:\Windows\System\GPeyQlH.exe
  C:\Windows\System\GPeyQlH.exe
  2⤵
  PID:4068
- C:\Windows\System\WtXLgiV.exe
  C:\Windows\System\WtXLgiV.exe
  2⤵
  PID:4084
- C:\Windows\System\anTwkfe.exe
  C:\Windows\System\anTwkfe.exe
  2⤵
  PID:2560
- C:\Windows\System\STVyGVU.exe
  C:\Windows\System\STVyGVU.exe
  2⤵
  PID:2944
- C:\Windows\System\KJlSvwo.exe
  C:\Windows\System\KJlSvwo.exe
  2⤵
  PID:2760
- C:\Windows\System\xagSBqo.exe
  C:\Windows\System\xagSBqo.exe
  2⤵
  PID:1548
- C:\Windows\System\fabkXSU.exe
  C:\Windows\System\fabkXSU.exe
  2⤵
  PID:2972
- C:\Windows\System\pzMwTpK.exe
  C:\Windows\System\pzMwTpK.exe
  2⤵
  PID:840
- C:\Windows\System\eNefzfv.exe
  C:\Windows\System\eNefzfv.exe
  2⤵
  PID:568
- C:\Windows\System\VAzJTzp.exe
  C:\Windows\System\VAzJTzp.exe
  2⤵
  PID:784
- C:\Windows\System\jetuuyW.exe
  C:\Windows\System\jetuuyW.exe
  2⤵
  PID:900
- C:\Windows\System\FEIhBdF.exe
  C:\Windows\System\FEIhBdF.exe
  2⤵
  PID:2772
- C:\Windows\System\uACzEWG.exe
  C:\Windows\System\uACzEWG.exe
  2⤵
  PID:3084
- C:\Windows\System\IYuQlmg.exe
  C:\Windows\System\IYuQlmg.exe
  2⤵
  PID:3128
- C:\Windows\System\BOczSsp.exe
  C:\Windows\System\BOczSsp.exe
  2⤵
  PID:3180
- C:\Windows\System\NctmIls.exe
  C:\Windows\System\NctmIls.exe
  2⤵
  PID:3192
- C:\Windows\System\RjUPQCV.exe
  C:\Windows\System\RjUPQCV.exe
  2⤵
  PID:3224
- C:\Windows\System\MxINHDI.exe
  C:\Windows\System\MxINHDI.exe
  2⤵
  PID:3256
- C:\Windows\System\NTvnVxL.exe
  C:\Windows\System\NTvnVxL.exe
  2⤵
  PID:3288
- C:\Windows\System\Rvdojwg.exe
  C:\Windows\System\Rvdojwg.exe
  2⤵
  PID:3336
- C:\Windows\System\HnftYOt.exe
  C:\Windows\System\HnftYOt.exe
  2⤵
  PID:3368
- C:\Windows\System\WjiXKwu.exe
  C:\Windows\System\WjiXKwu.exe
  2⤵
  PID:3384
- C:\Windows\System\EfIenLT.exe
  C:\Windows\System\EfIenLT.exe
  2⤵
  PID:3416
- C:\Windows\System\qzYJtDw.exe
  C:\Windows\System\qzYJtDw.exe
  2⤵
  PID:3448
- C:\Windows\System\YFTmnxi.exe
  C:\Windows\System\YFTmnxi.exe
  2⤵
  PID:3500
- C:\Windows\System\kxdjqjJ.exe
  C:\Windows\System\kxdjqjJ.exe
  2⤵
  PID:3532
- C:\Windows\System\SGBTjJo.exe
  C:\Windows\System\SGBTjJo.exe
  2⤵
  PID:3548
- C:\Windows\System\pDcEXBT.exe
  C:\Windows\System\pDcEXBT.exe
  2⤵
  PID:3596
- C:\Windows\System\JJwJkrQ.exe
  C:\Windows\System\JJwJkrQ.exe
  2⤵
  PID:3628
- C:\Windows\System\yfrlwBE.exe
  C:\Windows\System\yfrlwBE.exe
  2⤵
  PID:3660
- C:\Windows\System\oXTNZsI.exe
  C:\Windows\System\oXTNZsI.exe
  2⤵
  PID:3692
- C:\Windows\System\VxUdCLX.exe
  C:\Windows\System\VxUdCLX.exe
  2⤵
  PID:3708
- C:\Windows\System\EJycwze.exe
  C:\Windows\System\EJycwze.exe
  2⤵
  PID:3756
- C:\Windows\System\bJEBONT.exe
  C:\Windows\System\bJEBONT.exe
  2⤵
  PID:3788
- C:\Windows\System\WtQVPBs.exe
  C:\Windows\System\WtQVPBs.exe
  2⤵
  PID:3820
- C:\Windows\System\CjoachL.exe
  C:\Windows\System\CjoachL.exe
  2⤵
  PID:3852
- C:\Windows\System\ZsqDWLw.exe
  C:\Windows\System\ZsqDWLw.exe
  2⤵
  PID:3840
- C:\Windows\System\saWfxoS.exe
  C:\Windows\System\saWfxoS.exe
  2⤵
  PID:3916
- C:\Windows\System\zeyyGvx.exe
  C:\Windows\System\zeyyGvx.exe
  2⤵
  PID:3932
- C:\Windows\System\EYEubmD.exe
  C:\Windows\System\EYEubmD.exe
  2⤵
  PID:3964
- C:\Windows\System\qJDjlNe.exe
  C:\Windows\System\qJDjlNe.exe
  2⤵
  PID:3968
- C:\Windows\System\AYBJoyi.exe
  C:\Windows\System\AYBJoyi.exe
  2⤵
  PID:4044
- C:\Windows\System\VjQukTR.exe
  C:\Windows\System\VjQukTR.exe
  2⤵
  PID:4060
- C:\Windows\System\MxWwdQb.exe
  C:\Windows\System\MxWwdQb.exe
  2⤵
  PID:4092
- C:\Windows\System\TDzAaCU.exe
  C:\Windows\System\TDzAaCU.exe
  2⤵
  PID:1912
- C:\Windows\System\DkKWrPk.exe
  C:\Windows\System\DkKWrPk.exe
  2⤵
  PID:1380
- C:\Windows\System\HlTFPqe.exe
  C:\Windows\System\HlTFPqe.exe
  2⤵
  PID:1248
- C:\Windows\System\GAUqsOG.exe
  C:\Windows\System\GAUqsOG.exe
  2⤵
  PID:996
- C:\Windows\System\AdtcUQE.exe
  C:\Windows\System\AdtcUQE.exe
  2⤵
  PID:3112
- C:\Windows\System\JAZhIMY.exe
  C:\Windows\System\JAZhIMY.exe
  2⤵
  PID:3148
- C:\Windows\System\sfzMJej.exe
  C:\Windows\System\sfzMJej.exe
  2⤵
  PID:3208
- C:\Windows\System\agDAkyJ.exe
  C:\Windows\System\agDAkyJ.exe
  2⤵
  PID:3308
- C:\Windows\System\lPwuccK.exe
  C:\Windows\System\lPwuccK.exe
  2⤵
  PID:3292
- C:\Windows\System\BwjZnnU.exe
  C:\Windows\System\BwjZnnU.exe
  2⤵
  PID:3340
- C:\Windows\System\oNYSwXT.exe
  C:\Windows\System\oNYSwXT.exe
  2⤵
  PID:3388
- C:\Windows\System\QivgWnR.exe
  C:\Windows\System\QivgWnR.exe
  2⤵
  PID:3504
- C:\Windows\System\qOlAdte.exe
  C:\Windows\System\qOlAdte.exe
  2⤵
  PID:3616
- C:\Windows\System\nLoMamj.exe
  C:\Windows\System\nLoMamj.exe
  2⤵
  PID:3612
- C:\Windows\System\iPyYJPd.exe
  C:\Windows\System\iPyYJPd.exe
  2⤵
  PID:3760
- C:\Windows\System\QxgJQHA.exe
  C:\Windows\System\QxgJQHA.exe
  2⤵
  PID:3676
- C:\Windows\System\hKffmRZ.exe
  C:\Windows\System\hKffmRZ.exe
  2⤵
  PID:3808
- C:\Windows\System\noTsObh.exe
  C:\Windows\System\noTsObh.exe
  2⤵
  PID:3872
- C:\Windows\System\XfVoJxN.exe
  C:\Windows\System\XfVoJxN.exe
  2⤵
  PID:3920
- C:\Windows\System\zrYagfG.exe
  C:\Windows\System\zrYagfG.exe
  2⤵
  PID:4000
- C:\Windows\System\hyxVxeu.exe
  C:\Windows\System\hyxVxeu.exe
  2⤵
  PID:3996
- C:\Windows\System\CiTRvUo.exe
  C:\Windows\System\CiTRvUo.exe
  2⤵
  PID:4048
- C:\Windows\System\iyFcrAu.exe
  C:\Windows\System\iyFcrAu.exe
  2⤵
  PID:2096
- C:\Windows\System\BLXSRfv.exe
  C:\Windows\System\BLXSRfv.exe
  2⤵
  PID:2312
- C:\Windows\System\rugVZQG.exe
  C:\Windows\System\rugVZQG.exe
  2⤵
  PID:3164
- C:\Windows\System\xFbXdLQ.exe
  C:\Windows\System\xFbXdLQ.exe
  2⤵
  PID:3356
- C:\Windows\System\RhjnMZG.exe
  C:\Windows\System\RhjnMZG.exe
  2⤵
  PID:3404
- C:\Windows\System\USVIJtO.exe
  C:\Windows\System\USVIJtO.exe
  2⤵
  PID:4104
- C:\Windows\System\zYrTMIV.exe
  C:\Windows\System\zYrTMIV.exe
  2⤵
  PID:4120
- C:\Windows\System\wJakQyD.exe
  C:\Windows\System\wJakQyD.exe
  2⤵
  PID:4136
- C:\Windows\System\lWfXxRU.exe
  C:\Windows\System\lWfXxRU.exe
  2⤵
  PID:4152
- C:\Windows\System\pgiGzsc.exe
  C:\Windows\System\pgiGzsc.exe
  2⤵
  PID:4168
- C:\Windows\System\uWSXywx.exe
  C:\Windows\System\uWSXywx.exe
  2⤵
  PID:4184
- C:\Windows\System\vApzSAD.exe
  C:\Windows\System\vApzSAD.exe
  2⤵
  PID:4200
- C:\Windows\System\maIclJq.exe
  C:\Windows\System\maIclJq.exe
  2⤵
  PID:4216
- C:\Windows\System\DQYDbUp.exe
  C:\Windows\System\DQYDbUp.exe
  2⤵
  PID:4232
- C:\Windows\System\SGqRLIL.exe
  C:\Windows\System\SGqRLIL.exe
  2⤵
  PID:4248
- C:\Windows\System\euDhFlA.exe
  C:\Windows\System\euDhFlA.exe
  2⤵
  PID:4264
- C:\Windows\System\TgoBepn.exe
  C:\Windows\System\TgoBepn.exe
  2⤵
  PID:4280
- C:\Windows\System\LqGLNcm.exe
  C:\Windows\System\LqGLNcm.exe
  2⤵
  PID:4296
- C:\Windows\System\tJotrNq.exe
  C:\Windows\System\tJotrNq.exe
  2⤵
  PID:4312
- C:\Windows\System\fNMLoue.exe
  C:\Windows\System\fNMLoue.exe
  2⤵
  PID:4328
- C:\Windows\System\DAiMaWQ.exe
  C:\Windows\System\DAiMaWQ.exe
  2⤵
  PID:4344
- C:\Windows\System\NVvpEFS.exe
  C:\Windows\System\NVvpEFS.exe
  2⤵
  PID:4360
- C:\Windows\System\PEkLbdg.exe
  C:\Windows\System\PEkLbdg.exe
  2⤵
  PID:4376
- C:\Windows\System\iZldKII.exe
  C:\Windows\System\iZldKII.exe
  2⤵
  PID:4392
- C:\Windows\System\CDZwgjA.exe
  C:\Windows\System\CDZwgjA.exe
  2⤵
  PID:4408
- C:\Windows\System\SlAISkm.exe
  C:\Windows\System\SlAISkm.exe
  2⤵
  PID:4424
- C:\Windows\System\bFXPpxE.exe
  C:\Windows\System\bFXPpxE.exe
  2⤵
  PID:4440
- C:\Windows\System\rapQYlT.exe
  C:\Windows\System\rapQYlT.exe
  2⤵
  PID:4456
- C:\Windows\System\krjrgAS.exe
  C:\Windows\System\krjrgAS.exe
  2⤵
  PID:4472
- C:\Windows\System\qvzVdns.exe
  C:\Windows\System\qvzVdns.exe
  2⤵
  PID:4488
- C:\Windows\System\MNVMYyK.exe
  C:\Windows\System\MNVMYyK.exe
  2⤵
  PID:4504
- C:\Windows\System\BvRRNRo.exe
  C:\Windows\System\BvRRNRo.exe
  2⤵
  PID:4520
- C:\Windows\System\hxKeFgi.exe
  C:\Windows\System\hxKeFgi.exe
  2⤵
  PID:4536
- C:\Windows\System\XnZqlgf.exe
  C:\Windows\System\XnZqlgf.exe
  2⤵
  PID:4552
- C:\Windows\System\qEYuJDi.exe
  C:\Windows\System\qEYuJDi.exe
  2⤵
  PID:4568
- C:\Windows\System\OiuRraf.exe
  C:\Windows\System\OiuRraf.exe
  2⤵
  PID:4584
- C:\Windows\System\IUUHxAK.exe
  C:\Windows\System\IUUHxAK.exe
  2⤵
  PID:4604
- C:\Windows\System\lgOzVwo.exe
  C:\Windows\System\lgOzVwo.exe
  2⤵
  PID:4620
- C:\Windows\System\JWyfyNr.exe
  C:\Windows\System\JWyfyNr.exe
  2⤵
  PID:4636
- C:\Windows\System\nozkDuM.exe
  C:\Windows\System\nozkDuM.exe
  2⤵
  PID:4652
- C:\Windows\System\AGGHEKC.exe
  C:\Windows\System\AGGHEKC.exe
  2⤵
  PID:4668
- C:\Windows\System\oDisPip.exe
  C:\Windows\System\oDisPip.exe
  2⤵
  PID:4684
- C:\Windows\System\JeUeTCV.exe
  C:\Windows\System\JeUeTCV.exe
  2⤵
  PID:4700
- C:\Windows\System\BeOwrAC.exe
  C:\Windows\System\BeOwrAC.exe
  2⤵
  PID:4716
- C:\Windows\System\VJzeokB.exe
  C:\Windows\System\VJzeokB.exe
  2⤵
  PID:4732
- C:\Windows\System\EvNvYkT.exe
  C:\Windows\System\EvNvYkT.exe
  2⤵
  PID:4748
- C:\Windows\System\SQaTZzP.exe
  C:\Windows\System\SQaTZzP.exe
  2⤵
  PID:4764
- C:\Windows\System\CXaDhAp.exe
  C:\Windows\System\CXaDhAp.exe
  2⤵
  PID:4780
- C:\Windows\System\IFcDtwh.exe
  C:\Windows\System\IFcDtwh.exe
  2⤵
  PID:4796
- C:\Windows\System\xbTzfqE.exe
  C:\Windows\System\xbTzfqE.exe
  2⤵
  PID:4812
- C:\Windows\System\LYUKRTL.exe
  C:\Windows\System\LYUKRTL.exe
  2⤵
  PID:4828
- C:\Windows\System\IGhObWI.exe
  C:\Windows\System\IGhObWI.exe
  2⤵
  PID:4844
- C:\Windows\System\Vtpeohy.exe
  C:\Windows\System\Vtpeohy.exe
  2⤵
  PID:4860
- C:\Windows\System\JqytRgI.exe
  C:\Windows\System\JqytRgI.exe
  2⤵
  PID:4876
- C:\Windows\System\ojEPCVT.exe
  C:\Windows\System\ojEPCVT.exe
  2⤵
  PID:4892
- C:\Windows\System\CSCBUbe.exe
  C:\Windows\System\CSCBUbe.exe
  2⤵
  PID:4908
- C:\Windows\System\irmRXWg.exe
  C:\Windows\System\irmRXWg.exe
  2⤵
  PID:4924
- C:\Windows\System\UldTHmt.exe
  C:\Windows\System\UldTHmt.exe
  2⤵
  PID:4940
- C:\Windows\System\MfoqiCD.exe
  C:\Windows\System\MfoqiCD.exe
  2⤵
  PID:4956
- C:\Windows\System\PmIuSTH.exe
  C:\Windows\System\PmIuSTH.exe
  2⤵
  PID:4972
- C:\Windows\System\UwyHKmo.exe
  C:\Windows\System\UwyHKmo.exe
  2⤵
  PID:4988
- C:\Windows\System\TlBNEDb.exe
  C:\Windows\System\TlBNEDb.exe
  2⤵
  PID:5004
- C:\Windows\System\bWsJvGH.exe
  C:\Windows\System\bWsJvGH.exe
  2⤵
  PID:5020
- C:\Windows\System\iIVidyA.exe
  C:\Windows\System\iIVidyA.exe
  2⤵
  PID:5036
- C:\Windows\System\TzcDodq.exe
  C:\Windows\System\TzcDodq.exe
  2⤵
  PID:5052
- C:\Windows\System\gfEaYjT.exe
  C:\Windows\System\gfEaYjT.exe
  2⤵
  PID:5068
- C:\Windows\System\BmBvtYE.exe
  C:\Windows\System\BmBvtYE.exe
  2⤵
  PID:5084
- C:\Windows\System\LUuZViZ.exe
  C:\Windows\System\LUuZViZ.exe
  2⤵
  PID:5100
- C:\Windows\System\VBwLTqK.exe
  C:\Windows\System\VBwLTqK.exe
  2⤵
  PID:5116
- C:\Windows\System\EfsXqWq.exe
  C:\Windows\System\EfsXqWq.exe
  2⤵
  PID:3744
- C:\Windows\System\qHEtugQ.exe
  C:\Windows\System\qHEtugQ.exe
  2⤵
  PID:3888
- C:\Windows\System\tUDlkSl.exe
  C:\Windows\System\tUDlkSl.exe
  2⤵
  PID:3904
- C:\Windows\System\JQrIGUI.exe
  C:\Windows\System\JQrIGUI.exe
  2⤵
  PID:2748
- C:\Windows\System\cYMxxSK.exe
  C:\Windows\System\cYMxxSK.exe
  2⤵
  PID:264
- C:\Windows\System\iGoCeXQ.exe
  C:\Windows\System\iGoCeXQ.exe
  2⤵
  PID:2800
- C:\Windows\System\sXngbxM.exe
  C:\Windows\System\sXngbxM.exe
  2⤵
  PID:3568
- C:\Windows\System\Zeffwbp.exe
  C:\Windows\System\Zeffwbp.exe
  2⤵
  PID:4100
- C:\Windows\System\BSnTxri.exe
  C:\Windows\System\BSnTxri.exe
  2⤵
  PID:4132
- C:\Windows\System\dJfNzJE.exe
  C:\Windows\System\dJfNzJE.exe
  2⤵
  PID:4192
- C:\Windows\System\sCBgdPf.exe
  C:\Windows\System\sCBgdPf.exe
  2⤵
  PID:4256
- C:\Windows\System\vrjmSbu.exe
  C:\Windows\System\vrjmSbu.exe
  2⤵
  PID:4180
- C:\Windows\System\PpWGruW.exe
  C:\Windows\System\PpWGruW.exe
  2⤵
  PID:4244
- C:\Windows\System\wgDctIH.exe
  C:\Windows\System\wgDctIH.exe
  2⤵
  PID:4320
- C:\Windows\System\krWIyeb.exe
  C:\Windows\System\krWIyeb.exe
  2⤵
  PID:4308
- C:\Windows\System\kCcuCEq.exe
  C:\Windows\System\kCcuCEq.exe
  2⤵
  PID:4356
- C:\Windows\System\VhjjpYA.exe
  C:\Windows\System\VhjjpYA.exe
  2⤵
  PID:4420
- C:\Windows\System\dbJlgso.exe
  C:\Windows\System\dbJlgso.exe
  2⤵
  PID:4372
- C:\Windows\System\uumNWcj.exe
  C:\Windows\System\uumNWcj.exe
  2⤵
  PID:4436
- C:\Windows\System\CmEifmz.exe
  C:\Windows\System\CmEifmz.exe
  2⤵
  PID:4512
- C:\Windows\System\JLwEFSF.exe
  C:\Windows\System\JLwEFSF.exe
  2⤵
  PID:4548
- C:\Windows\System\xXEIgIj.exe
  C:\Windows\System\xXEIgIj.exe
  2⤵
  PID:4532
- C:\Windows\System\rOwIowF.exe
  C:\Windows\System\rOwIowF.exe
  2⤵
  PID:4616
- C:\Windows\System\eUgzQun.exe
  C:\Windows\System\eUgzQun.exe
  2⤵
  PID:4560
- C:\Windows\System\PULoKPy.exe
  C:\Windows\System\PULoKPy.exe
  2⤵
  PID:4740
- C:\Windows\System\HJExQCX.exe
  C:\Windows\System\HJExQCX.exe
  2⤵
  PID:4628
- C:\Windows\System\MKsYGtO.exe
  C:\Windows\System\MKsYGtO.exe
  2⤵
  PID:4664
- C:\Windows\System\xjKTKPj.exe
  C:\Windows\System\xjKTKPj.exe
  2⤵
  PID:4728
- C:\Windows\System\TEynLNo.exe
  C:\Windows\System\TEynLNo.exe
  2⤵
  PID:4788
- C:\Windows\System\wHwEWLA.exe
  C:\Windows\System\wHwEWLA.exe
  2⤵
  PID:4836
- C:\Windows\System\Kxpjhix.exe
  C:\Windows\System\Kxpjhix.exe
  2⤵
  PID:4820
- C:\Windows\System\AhOSABh.exe
  C:\Windows\System\AhOSABh.exe
  2⤵
  PID:4904
- C:\Windows\System\PSVkBDu.exe
  C:\Windows\System\PSVkBDu.exe
  2⤵
  PID:4888
- C:\Windows\System\IXJDggx.exe
  C:\Windows\System\IXJDggx.exe
  2⤵
  PID:4920
- C:\Windows\System\QCSpQaC.exe
  C:\Windows\System\QCSpQaC.exe
  2⤵
  PID:4980
- C:\Windows\System\wfJyLmO.exe
  C:\Windows\System\wfJyLmO.exe
  2⤵
  PID:5028
- C:\Windows\System\OFJBZnC.exe
  C:\Windows\System\OFJBZnC.exe
  2⤵
  PID:5044
- C:\Windows\System\jLWPTjy.exe
  C:\Windows\System\jLWPTjy.exe
  2⤵
  PID:5092
- C:\Windows\System\JQbTZvG.exe
  C:\Windows\System\JQbTZvG.exe
  2⤵
  PID:4600
- C:\Windows\System\FVeJZrh.exe
  C:\Windows\System\FVeJZrh.exe
  2⤵
  PID:5112
- C:\Windows\System\KcTeDXv.exe
  C:\Windows\System\KcTeDXv.exe
  2⤵
  PID:3472
- C:\Windows\System\vPgDMZg.exe
  C:\Windows\System\vPgDMZg.exe
  2⤵
  PID:3176
- C:\Windows\System\KQwTJUe.exe
  C:\Windows\System\KQwTJUe.exe
  2⤵
  PID:3276
- C:\Windows\System\KtsRQoK.exe
  C:\Windows\System\KtsRQoK.exe
  2⤵
  PID:3436
- C:\Windows\System\CiCsHBN.exe
  C:\Windows\System\CiCsHBN.exe
  2⤵
  PID:4164
- C:\Windows\System\uLeooeQ.exe
  C:\Windows\System\uLeooeQ.exe
  2⤵
  PID:4304
- C:\Windows\System\ONXPgMq.exe
  C:\Windows\System\ONXPgMq.exe
  2⤵
  PID:4292
- C:\Windows\System\eIJjYiL.exe
  C:\Windows\System\eIJjYiL.exe
  2⤵
  PID:4340
- C:\Windows\System\XvopuZM.exe
  C:\Windows\System\XvopuZM.exe
  2⤵
  PID:4468
- C:\Windows\System\xsrczOu.exe
  C:\Windows\System\xsrczOu.exe
  2⤵
  PID:4484
- C:\Windows\System\imyxFQt.exe
  C:\Windows\System\imyxFQt.exe
  2⤵
  PID:4528
- C:\Windows\System\LYjKQsc.exe
  C:\Windows\System\LYjKQsc.exe
  2⤵
  PID:4712
- C:\Windows\System\ahzzHXb.exe
  C:\Windows\System\ahzzHXb.exe
  2⤵
  PID:4756
- C:\Windows\System\ZBeNJaP.exe
  C:\Windows\System\ZBeNJaP.exe
  2⤵
  PID:5128
- C:\Windows\System\njApyYs.exe
  C:\Windows\System\njApyYs.exe
  2⤵
  PID:5144
- C:\Windows\System\oxGrsxS.exe
  C:\Windows\System\oxGrsxS.exe
  2⤵
  PID:5160
- C:\Windows\System\ZMQkfTd.exe
  C:\Windows\System\ZMQkfTd.exe
  2⤵
  PID:5176
- C:\Windows\System\feSHFLG.exe
  C:\Windows\System\feSHFLG.exe
  2⤵
  PID:5192
- C:\Windows\System\DRFmNAy.exe
  C:\Windows\System\DRFmNAy.exe
  2⤵
  PID:5208
- C:\Windows\System\JOZxnzd.exe
  C:\Windows\System\JOZxnzd.exe
  2⤵
  PID:5224
- C:\Windows\System\RYkcBmi.exe
  C:\Windows\System\RYkcBmi.exe
  2⤵
  PID:5240
- C:\Windows\System\zPTwwcC.exe
  C:\Windows\System\zPTwwcC.exe
  2⤵
  PID:5260
- C:\Windows\System\ZMxDCaA.exe
  C:\Windows\System\ZMxDCaA.exe
  2⤵
  PID:5276
- C:\Windows\System\wYrYapH.exe
  C:\Windows\System\wYrYapH.exe
  2⤵
  PID:5292
- C:\Windows\System\ACRhqHV.exe
  C:\Windows\System\ACRhqHV.exe
  2⤵
  PID:5308
- C:\Windows\System\QuJoUCZ.exe
  C:\Windows\System\QuJoUCZ.exe
  2⤵
  PID:5324
- C:\Windows\System\xBxazWb.exe
  C:\Windows\System\xBxazWb.exe
  2⤵
  PID:5340
- C:\Windows\System\tMxbDUl.exe
  C:\Windows\System\tMxbDUl.exe
  2⤵
  PID:5356
- C:\Windows\System\pktxzhR.exe
  C:\Windows\System\pktxzhR.exe
  2⤵
  PID:5372
- C:\Windows\System\aVXUeJj.exe
  C:\Windows\System\aVXUeJj.exe
  2⤵
  PID:5388
- C:\Windows\System\QvxBNjL.exe
  C:\Windows\System\QvxBNjL.exe
  2⤵
  PID:5404
- C:\Windows\System\mWmCkcG.exe
  C:\Windows\System\mWmCkcG.exe
  2⤵
  PID:5420
- C:\Windows\System\LONytaO.exe
  C:\Windows\System\LONytaO.exe
  2⤵
  PID:5436
- C:\Windows\System\fwllTAd.exe
  C:\Windows\System\fwllTAd.exe
  2⤵
  PID:5452
- C:\Windows\System\IJEKwSe.exe
  C:\Windows\System\IJEKwSe.exe
  2⤵
  PID:5468
- C:\Windows\System\zXTawsN.exe
  C:\Windows\System\zXTawsN.exe
  2⤵
  PID:5484
- C:\Windows\System\epNndCH.exe
  C:\Windows\System\epNndCH.exe
  2⤵
  PID:5500
- C:\Windows\System\riQmGwc.exe
  C:\Windows\System\riQmGwc.exe
  2⤵
  PID:5520
- C:\Windows\System\LqQCRAp.exe
  C:\Windows\System\LqQCRAp.exe
  2⤵
  PID:5536
- C:\Windows\System\DzWZWfR.exe
  C:\Windows\System\DzWZWfR.exe
  2⤵
  PID:5552
- C:\Windows\System\tkNZevl.exe
  C:\Windows\System\tkNZevl.exe
  2⤵
  PID:5568
- C:\Windows\System\ZWCAuEt.exe
  C:\Windows\System\ZWCAuEt.exe
  2⤵
  PID:5584
- C:\Windows\System\eKwxgxl.exe
  C:\Windows\System\eKwxgxl.exe
  2⤵
  PID:5600
- C:\Windows\System\gGsKJgu.exe
  C:\Windows\System\gGsKJgu.exe
  2⤵
  PID:5616
- C:\Windows\System\bVfKdmD.exe
  C:\Windows\System\bVfKdmD.exe
  2⤵
  PID:5632
- C:\Windows\System\ofLUaSR.exe
  C:\Windows\System\ofLUaSR.exe
  2⤵
  PID:5648
- C:\Windows\System\CiqWtJo.exe
  C:\Windows\System\CiqWtJo.exe
  2⤵
  PID:5664
- C:\Windows\System\AlgcsGR.exe
  C:\Windows\System\AlgcsGR.exe
  2⤵
  PID:5680
- C:\Windows\System\hytySjf.exe
  C:\Windows\System\hytySjf.exe
  2⤵
  PID:5696
- C:\Windows\System\gNCPwYK.exe
  C:\Windows\System\gNCPwYK.exe
  2⤵
  PID:5712
- C:\Windows\System\zwgWeaG.exe
  C:\Windows\System\zwgWeaG.exe
  2⤵
  PID:5728
- C:\Windows\System\xwETNXA.exe
  C:\Windows\System\xwETNXA.exe
  2⤵
  PID:5744
- C:\Windows\System\BgeZedT.exe
  C:\Windows\System\BgeZedT.exe
  2⤵
  PID:5760
- C:\Windows\System\XvRQqzi.exe
  C:\Windows\System\XvRQqzi.exe
  2⤵
  PID:5776
- C:\Windows\System\EhAKBcx.exe
  C:\Windows\System\EhAKBcx.exe
  2⤵
  PID:5792
- C:\Windows\System\ibUFrDR.exe
  C:\Windows\System\ibUFrDR.exe
  2⤵
  PID:5808
- C:\Windows\System\WqnDICb.exe
  C:\Windows\System\WqnDICb.exe
  2⤵
  PID:5824
- C:\Windows\System\BRYIGNg.exe
  C:\Windows\System\BRYIGNg.exe
  2⤵
  PID:5840
- C:\Windows\System\dKjewaz.exe
  C:\Windows\System\dKjewaz.exe
  2⤵
  PID:5856
- C:\Windows\System\IXtJJpv.exe
  C:\Windows\System\IXtJJpv.exe
  2⤵
  PID:5872
- C:\Windows\System\OfwrkFL.exe
  C:\Windows\System\OfwrkFL.exe
  2⤵
  PID:5888
- C:\Windows\System\OPmrOXv.exe
  C:\Windows\System\OPmrOXv.exe
  2⤵
  PID:5904
- C:\Windows\System\gOmmzAn.exe
  C:\Windows\System\gOmmzAn.exe
  2⤵
  PID:5920
- C:\Windows\System\wBxBQpi.exe
  C:\Windows\System\wBxBQpi.exe
  2⤵
  PID:5936
- C:\Windows\System\VfYpIXD.exe
  C:\Windows\System\VfYpIXD.exe
  2⤵
  PID:5952
- C:\Windows\System\eGZMedP.exe
  C:\Windows\System\eGZMedP.exe
  2⤵
  PID:5968
- C:\Windows\System\cPgTYcK.exe
  C:\Windows\System\cPgTYcK.exe
  2⤵
  PID:5984
- C:\Windows\System\snhDWnb.exe
  C:\Windows\System\snhDWnb.exe
  2⤵
  PID:6000
- C:\Windows\System\aRWlAzv.exe
  C:\Windows\System\aRWlAzv.exe
  2⤵
  PID:6016
- C:\Windows\System\GzmeSpo.exe
  C:\Windows\System\GzmeSpo.exe
  2⤵
  PID:6032
- C:\Windows\System\unNWRLV.exe
  C:\Windows\System\unNWRLV.exe
  2⤵
  PID:6048
- C:\Windows\System\xMMtoYh.exe
  C:\Windows\System\xMMtoYh.exe
  2⤵
  PID:6064
- C:\Windows\System\ajekpum.exe
  C:\Windows\System\ajekpum.exe
  2⤵
  PID:6080
- C:\Windows\System\hexRsiG.exe
  C:\Windows\System\hexRsiG.exe
  2⤵
  PID:6096
- C:\Windows\System\GlktkxH.exe
  C:\Windows\System\GlktkxH.exe
  2⤵
  PID:6112
- C:\Windows\System\dMWNvqX.exe
  C:\Windows\System\dMWNvqX.exe
  2⤵
  PID:6128
- C:\Windows\System\HSYHPOU.exe
  C:\Windows\System\HSYHPOU.exe
  2⤵
  PID:4760
- C:\Windows\System\OmdmOvM.exe
  C:\Windows\System\OmdmOvM.exe
  2⤵
  PID:4824
- C:\Windows\System\wBMJkMV.exe
  C:\Windows\System\wBMJkMV.exe
  2⤵
  PID:4872
- C:\Windows\System\iOVhnqx.exe
  C:\Windows\System\iOVhnqx.exe
  2⤵
  PID:4964
- C:\Windows\System\HqJVQbC.exe
  C:\Windows\System\HqJVQbC.exe
  2⤵
  PID:4984
- C:\Windows\System\uGchwmu.exe
  C:\Windows\System\uGchwmu.exe
  2⤵
  PID:5064
- C:\Windows\System\YUCSAqB.exe
  C:\Windows\System\YUCSAqB.exe
  2⤵
  PID:2076
- C:\Windows\System\vgHXaog.exe
  C:\Windows\System\vgHXaog.exe
  2⤵
  PID:4016
- C:\Windows\System\dYMjOKF.exe
  C:\Windows\System\dYMjOKF.exe
  2⤵
  PID:4708
- C:\Windows\System\KeLpBlj.exe
  C:\Windows\System\KeLpBlj.exe
  2⤵
  PID:4240
- C:\Windows\System\tUgPUdV.exe
  C:\Windows\System\tUgPUdV.exe
  2⤵
  PID:4148
- C:\Windows\System\aobuuii.exe
  C:\Windows\System\aobuuii.exe
  2⤵
  PID:4368
- C:\Windows\System\FzDugkH.exe
  C:\Windows\System\FzDugkH.exe
  2⤵
  PID:4480
- C:\Windows\System\kWxsLeP.exe
  C:\Windows\System\kWxsLeP.exe
  2⤵
  PID:4676
- C:\Windows\System\PoFiYGA.exe
  C:\Windows\System\PoFiYGA.exe
  2⤵
  PID:5168
- C:\Windows\System\qzlBmbQ.exe
  C:\Windows\System\qzlBmbQ.exe
  2⤵
  PID:5204
- C:\Windows\System\JgyRrrZ.exe
  C:\Windows\System\JgyRrrZ.exe
  2⤵
  PID:5232
- C:\Windows\System\gBYecwd.exe
  C:\Windows\System\gBYecwd.exe
  2⤵
  PID:5268
- C:\Windows\System\qLDzHnT.exe
  C:\Windows\System\qLDzHnT.exe
  2⤵
  PID:5304
- C:\Windows\System\mCNzgqk.exe
  C:\Windows\System\mCNzgqk.exe
  2⤵
  PID:5332
- C:\Windows\System\OcAMQBO.exe
  C:\Windows\System\OcAMQBO.exe
  2⤵
  PID:5368
- C:\Windows\System\nUFzFlF.exe
  C:\Windows\System\nUFzFlF.exe
  2⤵
  PID:5396
- C:\Windows\System\LZlDWQs.exe
  C:\Windows\System\LZlDWQs.exe
  2⤵
  PID:5432
- C:\Windows\System\zWhFyZU.exe
  C:\Windows\System\zWhFyZU.exe
  2⤵
  PID:5460
- C:\Windows\System\nwwKMAS.exe
  C:\Windows\System\nwwKMAS.exe
  2⤵
  PID:5476
- C:\Windows\System\jKrTpzQ.exe
  C:\Windows\System\jKrTpzQ.exe
  2⤵
  PID:5508
- C:\Windows\System\gJpqpJh.exe
  C:\Windows\System\gJpqpJh.exe
  2⤵
  PID:5560
- C:\Windows\System\JBXWrBj.exe
  C:\Windows\System\JBXWrBj.exe
  2⤵
  PID:5592
- C:\Windows\System\qMUuYCR.exe
  C:\Windows\System\qMUuYCR.exe
  2⤵
  PID:5608
- C:\Windows\System\YKesgzQ.exe
  C:\Windows\System\YKesgzQ.exe
  2⤵
  PID:5656
- C:\Windows\System\OkswNrb.exe
  C:\Windows\System\OkswNrb.exe
  2⤵
  PID:5688
- C:\Windows\System\OFaRObZ.exe
  C:\Windows\System\OFaRObZ.exe
  2⤵
  PID:5672
- C:\Windows\System\vbGRlcq.exe
  C:\Windows\System\vbGRlcq.exe
  2⤵
  PID:5752
- C:\Windows\System\rJMMOZA.exe
  C:\Windows\System\rJMMOZA.exe
  2⤵
  PID:5784
- C:\Windows\System\fKfZyUJ.exe
  C:\Windows\System\fKfZyUJ.exe
  2⤵
  PID:5816
- C:\Windows\System\UmXiRkR.exe
  C:\Windows\System\UmXiRkR.exe
  2⤵
  PID:5848
- C:\Windows\System\bzcLoDg.exe
  C:\Windows\System\bzcLoDg.exe
  2⤵
  PID:5864
- C:\Windows\System\IeoeqVP.exe
  C:\Windows\System\IeoeqVP.exe
  2⤵
  PID:5912
- C:\Windows\System\PcnvQyK.exe
  C:\Windows\System\PcnvQyK.exe
  2⤵
  PID:5944
- C:\Windows\System\dirCjSY.exe
  C:\Windows\System\dirCjSY.exe
  2⤵
  PID:5948
- C:\Windows\System\yoyBZGM.exe
  C:\Windows\System\yoyBZGM.exe
  2⤵
  PID:5980
- C:\Windows\System\yFQUZMf.exe
  C:\Windows\System\yFQUZMf.exe
  2⤵
  PID:5996
- C:\Windows\System\yhiLYsr.exe
  C:\Windows\System\yhiLYsr.exe
  2⤵
  PID:6028
- C:\Windows\System\fAROnvP.exe
  C:\Windows\System\fAROnvP.exe
  2⤵
  PID:6076
- C:\Windows\System\xYaqeRT.exe
  C:\Windows\System\xYaqeRT.exe
  2⤵
  PID:6108
- C:\Windows\System\luOPdsO.exe
  C:\Windows\System\luOPdsO.exe
  2⤵
  PID:6140
- C:\Windows\System\HceJOuM.exe
  C:\Windows\System\HceJOuM.exe
  2⤵
  PID:4884
- C:\Windows\System\VUnDRBa.exe
  C:\Windows\System\VUnDRBa.exe
  2⤵
  PID:5032
- C:\Windows\System\ZBDzQGf.exe
  C:\Windows\System\ZBDzQGf.exe
  2⤵
  PID:3824
- C:\Windows\System\OEcqDkb.exe
  C:\Windows\System\OEcqDkb.exe
  2⤵
  PID:4128
- C:\Windows\System\CEqzqsG.exe
  C:\Windows\System\CEqzqsG.exe
  2⤵
  PID:4352
- C:\Windows\System\ptjHOZt.exe
  C:\Windows\System\ptjHOZt.exe
  2⤵
  PID:5136
- C:\Windows\System\sYSDwyP.exe
  C:\Windows\System\sYSDwyP.exe
  2⤵
  PID:5156
- C:\Windows\System\zJyKSLX.exe
  C:\Windows\System\zJyKSLX.exe
  2⤵
  PID:5220
- C:\Windows\System\uJCaNpf.exe
  C:\Windows\System\uJCaNpf.exe
  2⤵
  PID:5284
- C:\Windows\System\XnfArOb.exe
  C:\Windows\System\XnfArOb.exe
  2⤵
  PID:5352
- C:\Windows\System\pFhwuqH.exe
  C:\Windows\System\pFhwuqH.exe
  2⤵
  PID:5416
- C:\Windows\System\TjLauZo.exe
  C:\Windows\System\TjLauZo.exe
  2⤵
  PID:5480
- C:\Windows\System\tquyndu.exe
  C:\Windows\System\tquyndu.exe
  2⤵
  PID:5544
- C:\Windows\System\qkHkOxh.exe
  C:\Windows\System\qkHkOxh.exe
  2⤵
  PID:2196
- C:\Windows\System\FpjTjbh.exe
  C:\Windows\System\FpjTjbh.exe
  2⤵
  PID:5692
- C:\Windows\System\nbjYrHX.exe
  C:\Windows\System\nbjYrHX.exe
  2⤵
  PID:5736
- C:\Windows\System\TejnmmV.exe
  C:\Windows\System\TejnmmV.exe
  2⤵
  PID:5820
- C:\Windows\System\DWvQdBt.exe
  C:\Windows\System\DWvQdBt.exe
  2⤵
  PID:5884
- C:\Windows\System\LustoXK.exe
  C:\Windows\System\LustoXK.exe
  2⤵
  PID:5516
- C:\Windows\System\ECOLKwQ.exe
  C:\Windows\System\ECOLKwQ.exe
  2⤵
  PID:6008
- C:\Windows\System\RDHOpWB.exe
  C:\Windows\System\RDHOpWB.exe
  2⤵
  PID:6056
- C:\Windows\System\nDdvuVp.exe
  C:\Windows\System\nDdvuVp.exe
  2⤵
  PID:6136
- C:\Windows\System\JiXyfrG.exe
  C:\Windows\System\JiXyfrG.exe
  2⤵
  PID:6152
- C:\Windows\System\rjeNUAn.exe
  C:\Windows\System\rjeNUAn.exe
  2⤵
  PID:6168
- C:\Windows\System\TsRgaZn.exe
  C:\Windows\System\TsRgaZn.exe
  2⤵
  PID:6184
- C:\Windows\System\GTHnDVS.exe
  C:\Windows\System\GTHnDVS.exe
  2⤵
  PID:6200
- C:\Windows\System\zFIrfBi.exe
  C:\Windows\System\zFIrfBi.exe
  2⤵
  PID:6216
- C:\Windows\System\iwFkppI.exe
  C:\Windows\System\iwFkppI.exe
  2⤵
  PID:6232
- C:\Windows\System\nXqdOOv.exe
  C:\Windows\System\nXqdOOv.exe
  2⤵
  PID:6248
- C:\Windows\System\KUWxCRG.exe
  C:\Windows\System\KUWxCRG.exe
  2⤵
  PID:6264
- C:\Windows\System\GeXelhO.exe
  C:\Windows\System\GeXelhO.exe
  2⤵
  PID:6280
- C:\Windows\System\HBZROYA.exe
  C:\Windows\System\HBZROYA.exe
  2⤵
  PID:6296
- C:\Windows\System\JSqugaR.exe
  C:\Windows\System\JSqugaR.exe
  2⤵
  PID:6312
- C:\Windows\System\bHJbXTw.exe
  C:\Windows\System\bHJbXTw.exe
  2⤵
  PID:6328
- C:\Windows\System\XRfrPjw.exe
  C:\Windows\System\XRfrPjw.exe
  2⤵
  PID:6344
- C:\Windows\System\CsLnIfD.exe
  C:\Windows\System\CsLnIfD.exe
  2⤵
  PID:6360
- C:\Windows\System\cnozueR.exe
  C:\Windows\System\cnozueR.exe
  2⤵
  PID:6376
- C:\Windows\System\hGjpGng.exe
  C:\Windows\System\hGjpGng.exe
  2⤵
  PID:6392
- C:\Windows\System\CQFhJsO.exe
  C:\Windows\System\CQFhJsO.exe
  2⤵
  PID:6408
- C:\Windows\System\OPSWGoC.exe
  C:\Windows\System\OPSWGoC.exe
  2⤵
  PID:6424
- C:\Windows\System\ArbHHqu.exe
  C:\Windows\System\ArbHHqu.exe
  2⤵
  PID:6440
- C:\Windows\System\gzovJGC.exe
  C:\Windows\System\gzovJGC.exe
  2⤵
  PID:6456
- C:\Windows\System\PkHhocX.exe
  C:\Windows\System\PkHhocX.exe
  2⤵
  PID:6472
- C:\Windows\System\gobgSrM.exe
  C:\Windows\System\gobgSrM.exe
  2⤵
  PID:6492
- C:\Windows\System\hvqyBzj.exe
  C:\Windows\System\hvqyBzj.exe
  2⤵
  PID:6508
- C:\Windows\System\GLoTJVF.exe
  C:\Windows\System\GLoTJVF.exe
  2⤵
  PID:6524
- C:\Windows\System\nzRKGRh.exe
  C:\Windows\System\nzRKGRh.exe
  2⤵
  PID:6540
- C:\Windows\System\ihqdWTg.exe
  C:\Windows\System\ihqdWTg.exe
  2⤵
  PID:6556
- C:\Windows\System\wsqGgkV.exe
  C:\Windows\System\wsqGgkV.exe
  2⤵
  PID:6572
- C:\Windows\System\EWZTNJg.exe
  C:\Windows\System\EWZTNJg.exe
  2⤵
  PID:6588
- C:\Windows\System\iyMJKVj.exe
  C:\Windows\System\iyMJKVj.exe
  2⤵
  PID:6604
- C:\Windows\System\MpyGmYS.exe
  C:\Windows\System\MpyGmYS.exe
  2⤵
  PID:6620
- C:\Windows\System\PWoUoJL.exe
  C:\Windows\System\PWoUoJL.exe
  2⤵
  PID:6636
- C:\Windows\System\OHeFSZm.exe
  C:\Windows\System\OHeFSZm.exe
  2⤵
  PID:6652
- C:\Windows\System\KeqbZPh.exe
  C:\Windows\System\KeqbZPh.exe
  2⤵
  PID:6668
- C:\Windows\System\DWNOAoi.exe
  C:\Windows\System\DWNOAoi.exe
  2⤵
  PID:6684
- C:\Windows\System\riebBiS.exe
  C:\Windows\System\riebBiS.exe
  2⤵
  PID:6700
- C:\Windows\System\HDcoTJs.exe
  C:\Windows\System\HDcoTJs.exe
  2⤵
  PID:6716
- C:\Windows\System\KdGJFaC.exe
  C:\Windows\System\KdGJFaC.exe
  2⤵
  PID:6732
- C:\Windows\System\uSYriwz.exe
  C:\Windows\System\uSYriwz.exe
  2⤵
  PID:6748
- C:\Windows\System\doQRZCy.exe
  C:\Windows\System\doQRZCy.exe
  2⤵
  PID:6764
- C:\Windows\System\jKuIARO.exe
  C:\Windows\System\jKuIARO.exe
  2⤵
  PID:6784
- C:\Windows\System\NJakqcT.exe
  C:\Windows\System\NJakqcT.exe
  2⤵
  PID:6800
- C:\Windows\System\HwHCtlJ.exe
  C:\Windows\System\HwHCtlJ.exe
  2⤵
  PID:6816
- C:\Windows\System\pxeIXHV.exe
  C:\Windows\System\pxeIXHV.exe
  2⤵
  PID:6832
- C:\Windows\System\bUnRoJS.exe
  C:\Windows\System\bUnRoJS.exe
  2⤵
  PID:6848
- C:\Windows\System\DDxjoJo.exe
  C:\Windows\System\DDxjoJo.exe
  2⤵
  PID:6864
- C:\Windows\System\yoMwzxn.exe
  C:\Windows\System\yoMwzxn.exe
  2⤵
  PID:6880
- C:\Windows\System\DudtBtL.exe
  C:\Windows\System\DudtBtL.exe
  2⤵
  PID:6896
- C:\Windows\System\OBNdWKi.exe
  C:\Windows\System\OBNdWKi.exe
  2⤵
  PID:6912
- C:\Windows\System\UEhYbZi.exe
  C:\Windows\System\UEhYbZi.exe
  2⤵
  PID:6928
- C:\Windows\System\UheOmDF.exe
  C:\Windows\System\UheOmDF.exe
  2⤵
  PID:6944
- C:\Windows\System\FkdYwtG.exe
  C:\Windows\System\FkdYwtG.exe
  2⤵
  PID:6960
- C:\Windows\System\fZUoWST.exe
  C:\Windows\System\fZUoWST.exe
  2⤵
  PID:6976
- C:\Windows\System\SMvAMDN.exe
  C:\Windows\System\SMvAMDN.exe
  2⤵
  PID:6992
- C:\Windows\System\gUCSpFb.exe
  C:\Windows\System\gUCSpFb.exe
  2⤵
  PID:7008
- C:\Windows\System\HpLbKEt.exe
  C:\Windows\System\HpLbKEt.exe
  2⤵
  PID:7024
- C:\Windows\System\mbesEcn.exe
  C:\Windows\System\mbesEcn.exe
  2⤵
  PID:7040
- C:\Windows\System\NoFEson.exe
  C:\Windows\System\NoFEson.exe
  2⤵
  PID:7056
- C:\Windows\System\UJZMqfH.exe
  C:\Windows\System\UJZMqfH.exe
  2⤵
  PID:7072
- C:\Windows\System\oxvFPzr.exe
  C:\Windows\System\oxvFPzr.exe
  2⤵
  PID:7088
- C:\Windows\System\hqFKOQs.exe
  C:\Windows\System\hqFKOQs.exe
  2⤵
  PID:7104
- C:\Windows\System\xmBjZyF.exe
  C:\Windows\System\xmBjZyF.exe
  2⤵
  PID:7124
- C:\Windows\System\mrtblNI.exe
  C:\Windows\System\mrtblNI.exe
  2⤵
  PID:7140
- C:\Windows\System\Ixmokva.exe
  C:\Windows\System\Ixmokva.exe
  2⤵
  PID:7156
- C:\Windows\System\zAwrdng.exe
  C:\Windows\System\zAwrdng.exe
  2⤵
  PID:4900
- C:\Windows\System\UrvpOkP.exe
  C:\Windows\System\UrvpOkP.exe
  2⤵
  PID:4064
- C:\Windows\System\TnzCYkP.exe
  C:\Windows\System\TnzCYkP.exe
  2⤵
  PID:4692
- C:\Windows\System\pnOqyjJ.exe
  C:\Windows\System\pnOqyjJ.exe
  2⤵
  PID:5188
- C:\Windows\System\SxVDbjw.exe
  C:\Windows\System\SxVDbjw.exe
  2⤵
  PID:5320
- C:\Windows\System\wtAwySJ.exe
  C:\Windows\System\wtAwySJ.exe
  2⤵
  PID:5492
- C:\Windows\System\eQAjMqw.exe
  C:\Windows\System\eQAjMqw.exe
  2⤵
  PID:5548
- C:\Windows\System\ArQTpBv.exe
  C:\Windows\System\ArQTpBv.exe
  2⤵
  PID:5708
- C:\Windows\System\BYByXPp.exe
  C:\Windows\System\BYByXPp.exe
  2⤵
  PID:5804
- C:\Windows\System\EkomQSg.exe
  C:\Windows\System\EkomQSg.exe
  2⤵
  PID:5976
- C:\Windows\System\ohwzycV.exe
  C:\Windows\System\ohwzycV.exe
  2⤵
  PID:6104
- C:\Windows\System\URBceXt.exe
  C:\Windows\System\URBceXt.exe
  2⤵
  PID:6160
- C:\Windows\System\tGsUwCT.exe
  C:\Windows\System\tGsUwCT.exe
  2⤵
  PID:6192
- C:\Windows\System\QhvSbxo.exe
  C:\Windows\System\QhvSbxo.exe
  2⤵
  PID:6224
- C:\Windows\System\UILiTyR.exe
  C:\Windows\System\UILiTyR.exe
  2⤵
  PID:6244
- C:\Windows\System\bXxLGHA.exe
  C:\Windows\System\bXxLGHA.exe
  2⤵
  PID:6276
- C:\Windows\System\bONgQey.exe
  C:\Windows\System\bONgQey.exe
  2⤵
  PID:6308
- C:\Windows\System\mnDGVQZ.exe
  C:\Windows\System\mnDGVQZ.exe
  2⤵
  PID:6340
- C:\Windows\System\kSaWZFB.exe
  C:\Windows\System\kSaWZFB.exe
  2⤵
  PID:6372
- C:\Windows\System\NMjnNpY.exe
  C:\Windows\System\NMjnNpY.exe
  2⤵
  PID:6404
- C:\Windows\System\OrdRUEY.exe
  C:\Windows\System\OrdRUEY.exe
  2⤵
  PID:6436
- C:\Windows\System\OvxlkLZ.exe
  C:\Windows\System\OvxlkLZ.exe
  2⤵
  PID:6468
- C:\Windows\System\KBQvqeT.exe
  C:\Windows\System\KBQvqeT.exe
  2⤵
  PID:6504
- C:\Windows\System\LGHcawb.exe
  C:\Windows\System\LGHcawb.exe
  2⤵
  PID:6536
- C:\Windows\System\WZNKHLy.exe
  C:\Windows\System\WZNKHLy.exe
  2⤵
  PID:6564
- C:\Windows\System\SQgFSMN.exe
  C:\Windows\System\SQgFSMN.exe
  2⤵
  PID:6596
- C:\Windows\System\SBpgxqP.exe
  C:\Windows\System\SBpgxqP.exe
  2⤵
  PID:6612
- C:\Windows\System\VemHuNG.exe
  C:\Windows\System\VemHuNG.exe
  2⤵
  PID:6628
- C:\Windows\System\HmSJnke.exe
  C:\Windows\System\HmSJnke.exe
  2⤵
  PID:3048
- C:\Windows\System\MgGfgbJ.exe
  C:\Windows\System\MgGfgbJ.exe
  2⤵
  PID:6660
- C:\Windows\System\MDlIfvT.exe
  C:\Windows\System\MDlIfvT.exe
  2⤵
  PID:6680
- C:\Windows\System\FyJJvwr.exe
  C:\Windows\System\FyJJvwr.exe
  2⤵
  PID:6712
- C:\Windows\System\jARhcDZ.exe
  C:\Windows\System\jARhcDZ.exe
  2⤵
  PID:6744
- C:\Windows\System\NDYalEx.exe
  C:\Windows\System\NDYalEx.exe
  2⤵
  PID:6776
- C:\Windows\System\kemjuce.exe
  C:\Windows\System\kemjuce.exe
  2⤵
  PID:6808
- C:\Windows\System\RaEWxzG.exe
  C:\Windows\System\RaEWxzG.exe
  2⤵
  PID:6840
- C:\Windows\System\FJWheBc.exe
  C:\Windows\System\FJWheBc.exe
  2⤵
  PID:6876
- C:\Windows\System\ImNHtIe.exe
  C:\Windows\System\ImNHtIe.exe
  2⤵
  PID:6920
- C:\Windows\System\XtCGyxf.exe
  C:\Windows\System\XtCGyxf.exe
  2⤵
  PID:6952
- C:\Windows\System\QgxPyuf.exe
  C:\Windows\System\QgxPyuf.exe
  2⤵
  PID:1580
- C:\Windows\System\RkaLVKH.exe
  C:\Windows\System\RkaLVKH.exe
  2⤵
  PID:7000
- C:\Windows\System\xDoNVrP.exe
  C:\Windows\System\xDoNVrP.exe
  2⤵
  PID:484
- C:\Windows\System\sFRbmdR.exe
  C:\Windows\System\sFRbmdR.exe
  2⤵
  PID:7048
- C:\Windows\System\AzAerrJ.exe
  C:\Windows\System\AzAerrJ.exe
  2⤵
  PID:7080
- C:\Windows\System\dFUtGgB.exe
  C:\Windows\System\dFUtGgB.exe
  2⤵
  PID:7096
- C:\Windows\System\fKrBNCD.exe
  C:\Windows\System\fKrBNCD.exe
  2⤵
  PID:7120
- C:\Windows\System\PapZxma.exe
  C:\Windows\System\PapZxma.exe
  2⤵
  PID:7152
- C:\Windows\System\KMMhRNd.exe
  C:\Windows\System\KMMhRNd.exe
  2⤵
  PID:3724
- C:\Windows\System\oFrEazY.exe
  C:\Windows\System\oFrEazY.exe
  2⤵
  PID:5124
- C:\Windows\System\pZGUABV.exe
  C:\Windows\System\pZGUABV.exe
  2⤵
  PID:5428
- C:\Windows\System\XkamHqR.exe
  C:\Windows\System\XkamHqR.exe
  2⤵
  PID:5640
- C:\Windows\System\cGqBOSO.exe
  C:\Windows\System\cGqBOSO.exe
  2⤵
  PID:5916
- C:\Windows\System\nlJLbdj.exe
  C:\Windows\System\nlJLbdj.exe
  2⤵
  PID:6148
- C:\Windows\System\ycBFino.exe
  C:\Windows\System\ycBFino.exe
  2⤵
  PID:6212
- C:\Windows\System\OHSlTwO.exe
  C:\Windows\System\OHSlTwO.exe
  2⤵
  PID:600
- C:\Windows\System\LYvJVCF.exe
  C:\Windows\System\LYvJVCF.exe
  2⤵
  PID:6292
- C:\Windows\System\tPsqmtC.exe
  C:\Windows\System\tPsqmtC.exe
  2⤵
  PID:6356
- C:\Windows\System\hCsZkBx.exe
  C:\Windows\System\hCsZkBx.exe
  2⤵
  PID:6432
- C:\Windows\System\EnCxlhA.exe
  C:\Windows\System\EnCxlhA.exe
  2⤵
  PID:6484
- C:\Windows\System\GKthOhE.exe
  C:\Windows\System\GKthOhE.exe
  2⤵
  PID:6552
- C:\Windows\System\dIpPtre.exe
  C:\Windows\System\dIpPtre.exe
  2⤵
  PID:2240
- C:\Windows\System\CrNXTga.exe
  C:\Windows\System\CrNXTga.exe
  2⤵
  PID:6632
- C:\Windows\System\RmiGymH.exe
  C:\Windows\System\RmiGymH.exe
  2⤵
  PID:6664
- C:\Windows\System\uoRcbJl.exe
  C:\Windows\System\uoRcbJl.exe
  2⤵
  PID:6728
- C:\Windows\System\KtmTaaX.exe
  C:\Windows\System\KtmTaaX.exe
  2⤵
  PID:2224
- C:\Windows\System\MfRIHEf.exe
  C:\Windows\System\MfRIHEf.exe
  2⤵
  PID:6844
- C:\Windows\System\ecsLxyr.exe
  C:\Windows\System\ecsLxyr.exe
  2⤵
  PID:6924
- C:\Windows\System\xMoHFqe.exe
  C:\Windows\System\xMoHFqe.exe
  2⤵
  PID:6984
- C:\Windows\System\GZUCpIF.exe
  C:\Windows\System\GZUCpIF.exe
  2⤵
  PID:2540
- C:\Windows\System\ryzmIpS.exe
  C:\Windows\System\ryzmIpS.exe
  2⤵
  PID:6780
- C:\Windows\System\vWVQtXw.exe
  C:\Windows\System\vWVQtXw.exe
  2⤵
  PID:7112
- C:\Windows\System\sDlCQvJ.exe
  C:\Windows\System\sDlCQvJ.exe
  2⤵
  PID:4948
- C:\Windows\System\Cwnrpmk.exe
  C:\Windows\System\Cwnrpmk.exe
  2⤵
  PID:5580
- C:\Windows\System\TXLciLJ.exe
  C:\Windows\System\TXLciLJ.exe
  2⤵
  PID:6024
- C:\Windows\System\NlIeHfN.exe
  C:\Windows\System\NlIeHfN.exe
  2⤵
  PID:6260
- C:\Windows\System\TbOWLfp.exe
  C:\Windows\System\TbOWLfp.exe
  2⤵
  PID:6324
- C:\Windows\System\EegcPue.exe
  C:\Windows\System\EegcPue.exe
  2⤵
  PID:6464
- C:\Windows\System\IafGQFB.exe
  C:\Windows\System\IafGQFB.exe
  2⤵
  PID:6580
- C:\Windows\System\jzhRxZi.exe
  C:\Windows\System\jzhRxZi.exe
  2⤵
  PID:7180
- C:\Windows\System\iYqNKVS.exe
  C:\Windows\System\iYqNKVS.exe
  2⤵
  PID:7196
- C:\Windows\System\LyLgmfZ.exe
  C:\Windows\System\LyLgmfZ.exe
  2⤵
  PID:7212
- C:\Windows\System\HrDpkTY.exe
  C:\Windows\System\HrDpkTY.exe
  2⤵
  PID:7228
- C:\Windows\System\kKmDEBd.exe
  C:\Windows\System\kKmDEBd.exe
  2⤵
  PID:7244
- C:\Windows\System\GqxlXgV.exe
  C:\Windows\System\GqxlXgV.exe
  2⤵
  PID:7260
- C:\Windows\System\IwIhtyp.exe
  C:\Windows\System\IwIhtyp.exe
  2⤵
  PID:7276
- C:\Windows\System\XDrTtnx.exe
  C:\Windows\System\XDrTtnx.exe
  2⤵
  PID:7292
- C:\Windows\System\oropVmG.exe
  C:\Windows\System\oropVmG.exe
  2⤵
  PID:7308
- C:\Windows\System\pxLSojw.exe
  C:\Windows\System\pxLSojw.exe
  2⤵
  PID:7324
- C:\Windows\System\kjtaZfE.exe
  C:\Windows\System\kjtaZfE.exe
  2⤵
  PID:7340
- C:\Windows\System\AnFgVvV.exe
  C:\Windows\System\AnFgVvV.exe
  2⤵
  PID:7356
- C:\Windows\System\RtIHtHG.exe
  C:\Windows\System\RtIHtHG.exe
  2⤵
  PID:7372
- C:\Windows\System\AOnPnbj.exe
  C:\Windows\System\AOnPnbj.exe
  2⤵
  PID:7388
- C:\Windows\System\TTNiAvD.exe
  C:\Windows\System\TTNiAvD.exe
  2⤵
  PID:7404
- C:\Windows\System\MvINacl.exe
  C:\Windows\System\MvINacl.exe
  2⤵
  PID:7420
- C:\Windows\System\ugGYYWU.exe
  C:\Windows\System\ugGYYWU.exe
  2⤵
  PID:7436
- C:\Windows\System\iqyrTBg.exe
  C:\Windows\System\iqyrTBg.exe
  2⤵
  PID:7452
- C:\Windows\System\zGjyDwy.exe
  C:\Windows\System\zGjyDwy.exe
  2⤵
  PID:7468
- C:\Windows\System\BGVIbEE.exe
  C:\Windows\System\BGVIbEE.exe
  2⤵
  PID:7484
- C:\Windows\System\InjqJTo.exe
  C:\Windows\System\InjqJTo.exe
  2⤵
  PID:7500
- C:\Windows\System\GgXRnwZ.exe
  C:\Windows\System\GgXRnwZ.exe
  2⤵
  PID:7516
- C:\Windows\System\vyWFExA.exe
  C:\Windows\System\vyWFExA.exe
  2⤵
  PID:7532
- C:\Windows\System\hzYOvIr.exe
  C:\Windows\System\hzYOvIr.exe
  2⤵
  PID:7548
- C:\Windows\System\oOefsqT.exe
  C:\Windows\System\oOefsqT.exe
  2⤵
  PID:7564
- C:\Windows\System\ZwrbUgi.exe
  C:\Windows\System\ZwrbUgi.exe
  2⤵
  PID:7580
- C:\Windows\System\qKKrvsJ.exe
  C:\Windows\System\qKKrvsJ.exe
  2⤵
  PID:7596
- C:\Windows\System\KsEFijS.exe
  C:\Windows\System\KsEFijS.exe
  2⤵
  PID:7612
- C:\Windows\System\bvFRzKz.exe
  C:\Windows\System\bvFRzKz.exe
  2⤵
  PID:7628
- C:\Windows\System\wgDnBUJ.exe
  C:\Windows\System\wgDnBUJ.exe
  2⤵
  PID:7644
- C:\Windows\System\UxXIewP.exe
  C:\Windows\System\UxXIewP.exe
  2⤵
  PID:7660
- C:\Windows\System\CRlLqNr.exe
  C:\Windows\System\CRlLqNr.exe
  2⤵
  PID:7676
- C:\Windows\System\RGTmHnR.exe
  C:\Windows\System\RGTmHnR.exe
  2⤵
  PID:7692
- C:\Windows\System\nuaNpTJ.exe
  C:\Windows\System\nuaNpTJ.exe
  2⤵
  PID:7708
- C:\Windows\System\exsNDVV.exe
  C:\Windows\System\exsNDVV.exe
  2⤵
  PID:7728
- C:\Windows\System\axBXIsU.exe
  C:\Windows\System\axBXIsU.exe
  2⤵
  PID:7744
- C:\Windows\System\AcKgcuu.exe
  C:\Windows\System\AcKgcuu.exe
  2⤵
  PID:7760
- C:\Windows\System\wFkhLPV.exe
  C:\Windows\System\wFkhLPV.exe
  2⤵
  PID:7776
- C:\Windows\System\LjRVfdG.exe
  C:\Windows\System\LjRVfdG.exe
  2⤵
  PID:7792
- C:\Windows\System\QIPfywh.exe
  C:\Windows\System\QIPfywh.exe
  2⤵
  PID:7808
- C:\Windows\System\EZEDnAV.exe
  C:\Windows\System\EZEDnAV.exe
  2⤵
  PID:7824
- C:\Windows\System\CrTQVuv.exe
  C:\Windows\System\CrTQVuv.exe
  2⤵
  PID:7840
- C:\Windows\System\HgiAFQX.exe
  C:\Windows\System\HgiAFQX.exe
  2⤵
  PID:7860
- C:\Windows\System\LGxNObi.exe
  C:\Windows\System\LGxNObi.exe
  2⤵
  PID:7876
- C:\Windows\System\qkDfNhu.exe
  C:\Windows\System\qkDfNhu.exe
  2⤵
  PID:7892
- C:\Windows\System\RdxxwmR.exe
  C:\Windows\System\RdxxwmR.exe
  2⤵
  PID:7908
- C:\Windows\System\VJyUDin.exe
  C:\Windows\System\VJyUDin.exe
  2⤵
  PID:7924
- C:\Windows\System\izAcqLB.exe
  C:\Windows\System\izAcqLB.exe
  2⤵
  PID:7940
- C:\Windows\System\hosdafq.exe
  C:\Windows\System\hosdafq.exe
  2⤵
  PID:7956
- C:\Windows\System\OeXATtB.exe
  C:\Windows\System\OeXATtB.exe
  2⤵
  PID:7972
- C:\Windows\System\rzNtHgl.exe
  C:\Windows\System\rzNtHgl.exe
  2⤵
  PID:7988
- C:\Windows\System\VmESCVG.exe
  C:\Windows\System\VmESCVG.exe
  2⤵
  PID:8004
- C:\Windows\System\HUQuXCW.exe
  C:\Windows\System\HUQuXCW.exe
  2⤵
  PID:8020
- C:\Windows\System\dMsXzRr.exe
  C:\Windows\System\dMsXzRr.exe
  2⤵
  PID:8036
- C:\Windows\System\LOBfGeD.exe
  C:\Windows\System\LOBfGeD.exe
  2⤵
  PID:8052
- C:\Windows\System\qneucCw.exe
  C:\Windows\System\qneucCw.exe
  2⤵
  PID:8068
- C:\Windows\System\ZGEhZDE.exe
  C:\Windows\System\ZGEhZDE.exe
  2⤵
  PID:8084
- C:\Windows\System\zQSDYKw.exe
  C:\Windows\System\zQSDYKw.exe
  2⤵
  PID:8100
- C:\Windows\System\qcxiLwO.exe
  C:\Windows\System\qcxiLwO.exe
  2⤵
  PID:8116
- C:\Windows\System\mdUCnRX.exe
  C:\Windows\System\mdUCnRX.exe
  2⤵
  PID:8132
- C:\Windows\System\YtKuoXe.exe
  C:\Windows\System\YtKuoXe.exe
  2⤵
  PID:8148
- C:\Windows\System\HqYabYJ.exe
  C:\Windows\System\HqYabYJ.exe
  2⤵
  PID:8164
- C:\Windows\System\bVajEqE.exe
  C:\Windows\System\bVajEqE.exe
  2⤵
  PID:8180
- C:\Windows\System\OOeEeno.exe
  C:\Windows\System\OOeEeno.exe
  2⤵
  PID:6644
- C:\Windows\System\XIobWoj.exe
  C:\Windows\System\XIobWoj.exe
  2⤵
  PID:6740
- C:\Windows\System\rICEPag.exe
  C:\Windows\System\rICEPag.exe
  2⤵
  PID:6892
- C:\Windows\System\ZnoNNbi.exe
  C:\Windows\System\ZnoNNbi.exe
  2⤵
  PID:7016
- C:\Windows\System\NeVgVLC.exe
  C:\Windows\System\NeVgVLC.exe
  2⤵
  PID:7084
- C:\Windows\System\XSlVsWT.exe
  C:\Windows\System\XSlVsWT.exe
  2⤵
  PID:2668
- C:\Windows\System\VrsrXHa.exe
  C:\Windows\System\VrsrXHa.exe
  2⤵
  PID:6180
- C:\Windows\System\sDABwbO.exe
  C:\Windows\System\sDABwbO.exe
  2⤵
  PID:6336
- C:\Windows\System\bjZtXeT.exe
  C:\Windows\System\bjZtXeT.exe
  2⤵
  PID:3032
- C:\Windows\System\iAlvfGR.exe
  C:\Windows\System\iAlvfGR.exe
  2⤵
  PID:7192
- C:\Windows\System\RdjSygK.exe
  C:\Windows\System\RdjSygK.exe
  2⤵
  PID:7236
- C:\Windows\System\pJRDpho.exe
  C:\Windows\System\pJRDpho.exe
  2⤵
  PID:7268
- C:\Windows\System\QUDFujg.exe
  C:\Windows\System\QUDFujg.exe
  2⤵
  PID:7300
- C:\Windows\System\jxCQmGk.exe
  C:\Windows\System\jxCQmGk.exe
  2⤵
  PID:7332
- C:\Windows\System\PghjSwc.exe
  C:\Windows\System\PghjSwc.exe
  2⤵
  PID:7364
- C:\Windows\System\TmdNXKV.exe
  C:\Windows\System\TmdNXKV.exe
  2⤵
  PID:7384
- C:\Windows\System\DFNdNKe.exe
  C:\Windows\System\DFNdNKe.exe
  2⤵
  PID:7416
- C:\Windows\System\UmVAjRR.exe
  C:\Windows\System\UmVAjRR.exe
  2⤵
  PID:288
- C:\Windows\System\SLqrXxL.exe
  C:\Windows\System\SLqrXxL.exe
  2⤵
  PID:7476
- C:\Windows\System\BPGZiWU.exe
  C:\Windows\System\BPGZiWU.exe
  2⤵
  PID:7496
- C:\Windows\System\enDyotY.exe
  C:\Windows\System\enDyotY.exe
  2⤵
  PID:7528
- C:\Windows\System\fcTZJwf.exe
  C:\Windows\System\fcTZJwf.exe
  2⤵
  PID:7560
- C:\Windows\System\pAHyUpc.exe
  C:\Windows\System\pAHyUpc.exe
  2⤵
  PID:7592
- C:\Windows\System\eFokwYn.exe
  C:\Windows\System\eFokwYn.exe
  2⤵
  PID:7624
- C:\Windows\System\lwfOUqa.exe
  C:\Windows\System\lwfOUqa.exe
  2⤵
  PID:7656
- C:\Windows\System\mZDHeDr.exe
  C:\Windows\System\mZDHeDr.exe
  2⤵
  PID:7700
- C:\Windows\System\ZtnkahK.exe
  C:\Windows\System\ZtnkahK.exe
  2⤵
  PID:7736
- C:\Windows\System\dFeESxe.exe
  C:\Windows\System\dFeESxe.exe
  2⤵
  PID:7768
- C:\Windows\System\TSKYmCW.exe
  C:\Windows\System\TSKYmCW.exe
  2⤵
  PID:7800
- C:\Windows\System\Zlawwun.exe
  C:\Windows\System\Zlawwun.exe
  2⤵
  PID:7820
- C:\Windows\System\ILwLyAx.exe
  C:\Windows\System\ILwLyAx.exe
  2⤵
  PID:7868
- C:\Windows\System\EbQDZEi.exe
  C:\Windows\System\EbQDZEi.exe
  2⤵
  PID:7888
- C:\Windows\System\gfeDUOt.exe
  C:\Windows\System\gfeDUOt.exe
  2⤵
  PID:7932
- C:\Windows\System\nQgxKcw.exe
  C:\Windows\System\nQgxKcw.exe
  2⤵
  PID:7952
- C:\Windows\System\IJYeHHH.exe
  C:\Windows\System\IJYeHHH.exe
  2⤵
  PID:7996
- C:\Windows\System\GGBDcVm.exe
  C:\Windows\System\GGBDcVm.exe
  2⤵
  PID:8028
- C:\Windows\System\MCtlrsW.exe
  C:\Windows\System\MCtlrsW.exe
  2⤵
  PID:8060
- C:\Windows\System\tflnqlg.exe
  C:\Windows\System\tflnqlg.exe
  2⤵
  PID:8080
- C:\Windows\System\QbUQTAk.exe
  C:\Windows\System\QbUQTAk.exe
  2⤵
  PID:8112
- C:\Windows\System\tMCyyVJ.exe
  C:\Windows\System\tMCyyVJ.exe
  2⤵
  PID:8144
- C:\Windows\System\ysxChQX.exe
  C:\Windows\System\ysxChQX.exe
  2⤵
  PID:7856
- C:\Windows\System\LMIBKQE.exe
  C:\Windows\System\LMIBKQE.exe
  2⤵
  PID:6676
- C:\Windows\System\reHgqQu.exe
  C:\Windows\System\reHgqQu.exe
  2⤵
  PID:6904
- C:\Windows\System\jgUcNGC.exe
  C:\Windows\System\jgUcNGC.exe
  2⤵
  PID:7148
- C:\Windows\System\EpkAuQj.exe
  C:\Windows\System\EpkAuQj.exe
  2⤵
  PID:6272
- C:\Windows\System\vGrSGDn.exe
  C:\Windows\System\vGrSGDn.exe
  2⤵
  PID:7176
- C:\Windows\System\BKXwlQh.exe
  C:\Windows\System\BKXwlQh.exe
  2⤵
  PID:7252
- C:\Windows\System\GTFnbdI.exe
  C:\Windows\System\GTFnbdI.exe
  2⤵
  PID:7316
- C:\Windows\System\oQrapVF.exe
  C:\Windows\System\oQrapVF.exe
  2⤵
  PID:7412
- C:\Windows\System\JbLWMUB.exe
  C:\Windows\System\JbLWMUB.exe
  2⤵
  PID:7460
- C:\Windows\System\hFFiLYH.exe
  C:\Windows\System\hFFiLYH.exe
  2⤵
  PID:2052
- C:\Windows\System\OsKkUMQ.exe
  C:\Windows\System\OsKkUMQ.exe
  2⤵
  PID:7556
- C:\Windows\System\qylXZKt.exe
  C:\Windows\System\qylXZKt.exe
  2⤵
  PID:7752
- C:\Windows\System\DZMrZEC.exe
  C:\Windows\System\DZMrZEC.exe
  2⤵
  PID:7816
- C:\Windows\System\qhVmzkM.exe
  C:\Windows\System\qhVmzkM.exe
  2⤵
  PID:7872
- C:\Windows\System\JysMxYc.exe
  C:\Windows\System\JysMxYc.exe
  2⤵
  PID:7936
- C:\Windows\System\KMYyMBE.exe
  C:\Windows\System\KMYyMBE.exe
  2⤵
  PID:8012
- C:\Windows\System\zEwFLVT.exe
  C:\Windows\System\zEwFLVT.exe
  2⤵
  PID:2740
- C:\Windows\System\IczIhoF.exe
  C:\Windows\System\IczIhoF.exe
  2⤵
  PID:8160
- C:\Windows\System\NIeGGIx.exe
  C:\Windows\System\NIeGGIx.exe
  2⤵
  PID:6828
- C:\Windows\System\KdSiOmX.exe
  C:\Windows\System\KdSiOmX.exe
  2⤵
  PID:7220
- C:\Windows\System\FFlMSWk.exe
  C:\Windows\System\FFlMSWk.exe
  2⤵
  PID:7492
- C:\Windows\System\PosKJhc.exe
  C:\Windows\System\PosKJhc.exe
  2⤵
  PID:8176
- C:\Windows\System\PCWhAvL.exe
  C:\Windows\System\PCWhAvL.exe
  2⤵
  PID:7720
- C:\Windows\System\znJOlDZ.exe
  C:\Windows\System\znJOlDZ.exe
  2⤵
  PID:7288
- C:\Windows\System\YLdoRsQ.exe
  C:\Windows\System\YLdoRsQ.exe
  2⤵
  PID:2600
- C:\Windows\System\ehesotZ.exe
  C:\Windows\System\ehesotZ.exe
  2⤵
  PID:2880
- C:\Windows\System\Lbtvxkx.exe
  C:\Windows\System\Lbtvxkx.exe
  2⤵
  PID:7704
- C:\Windows\System\faAORbk.exe
  C:\Windows\System\faAORbk.exe
  2⤵
  PID:3028
- C:\Windows\System\dpkFQum.exe
  C:\Windows\System\dpkFQum.exe
  2⤵
  PID:8364
- C:\Windows\System\DCBsCSW.exe
  C:\Windows\System\DCBsCSW.exe
  2⤵
  PID:8384
- C:\Windows\System\vdicuRn.exe
  C:\Windows\System\vdicuRn.exe
  2⤵
  PID:8400
- C:\Windows\System\ZnGBByi.exe
  C:\Windows\System\ZnGBByi.exe
  2⤵
  PID:1256
- C:\Windows\System\eGPYjeP.exe
  C:\Windows\System\eGPYjeP.exe
  2⤵
  PID:8432
- C:\Windows\System\gArPJLj.exe
  C:\Windows\System\gArPJLj.exe
  2⤵
  PID:8448
- C:\Windows\System\sEQNhWt.exe
  C:\Windows\System\sEQNhWt.exe
  2⤵
  PID:8476
- C:\Windows\System\AQGNqSv.exe
  C:\Windows\System\AQGNqSv.exe
  2⤵
  PID:8492
- C:\Windows\System\npdGjnP.exe
  C:\Windows\System\npdGjnP.exe
  2⤵
  PID:8512
- C:\Windows\System\noOJUGc.exe
  C:\Windows\System\noOJUGc.exe
  2⤵
  PID:8528
- C:\Windows\System\EIPsdRq.exe
  C:\Windows\System\EIPsdRq.exe
  2⤵
  PID:8540
- C:\Windows\System\NgelBrx.exe
  C:\Windows\System\NgelBrx.exe
  2⤵
  PID:8560
- C:\Windows\System\KXiflxG.exe
  C:\Windows\System\KXiflxG.exe
  2⤵
  PID:8572
- C:\Windows\System\gDeDbSE.exe
  C:\Windows\System\gDeDbSE.exe
  2⤵
  PID:8588
- C:\Windows\System\mFPYurk.exe
  C:\Windows\System\mFPYurk.exe
  2⤵
  PID:8604
- C:\Windows\System\kiaXQin.exe
  C:\Windows\System\kiaXQin.exe
  2⤵
  PID:8764
- C:\Windows\System\spvmCsM.exe
  C:\Windows\System\spvmCsM.exe
  2⤵
  PID:8780
- C:\Windows\System\caejDaq.exe
  C:\Windows\System\caejDaq.exe
  2⤵
  PID:8792
- C:\Windows\System\GOnjngx.exe
  C:\Windows\System\GOnjngx.exe
  2⤵
  PID:8808
- C:\Windows\System\vNRjvDa.exe
  C:\Windows\System\vNRjvDa.exe
  2⤵
  PID:8824
- C:\Windows\System\cqyzBEa.exe
  C:\Windows\System\cqyzBEa.exe
  2⤵
  PID:8840
- C:\Windows\System\XFsqJDr.exe
  C:\Windows\System\XFsqJDr.exe
  2⤵
  PID:8852
- C:\Windows\System\TrRzRYr.exe
  C:\Windows\System\TrRzRYr.exe
  2⤵
  PID:8876
- C:\Windows\System\OzJitGQ.exe
  C:\Windows\System\OzJitGQ.exe
  2⤵
  PID:8308
- C:\Windows\System\SrWoKnp.exe
  C:\Windows\System\SrWoKnp.exe
  2⤵
  PID:8324
- C:\Windows\System\VXTTWlg.exe
  C:\Windows\System\VXTTWlg.exe
  2⤵
  PID:8460
- C:\Windows\System\kPyZeNz.exe
  C:\Windows\System\kPyZeNz.exe
  2⤵
  PID:9048
- C:\Windows\System\IOLYrJY.exe
  C:\Windows\System\IOLYrJY.exe
  2⤵
  PID:9068
- C:\Windows\System\WweEpue.exe
  C:\Windows\System\WweEpue.exe
  2⤵
  PID:9096
- C:\Windows\System\TfaNwtG.exe
  C:\Windows\System\TfaNwtG.exe
  2⤵
  PID:9112
- C:\Windows\System\QDaZajx.exe
  C:\Windows\System\QDaZajx.exe
  2⤵
  PID:9124
- C:\Windows\System\vWcbcsQ.exe
  C:\Windows\System\vWcbcsQ.exe
  2⤵
  PID:9136
- C:\Windows\System\PDsHtNx.exe
  C:\Windows\System\PDsHtNx.exe
  2⤵
  PID:8980
- C:\Windows\System\GjyrJpC.exe
  C:\Windows\System\GjyrJpC.exe
  2⤵
  PID:9156
- C:\Windows\System\zCJmwpc.exe
  C:\Windows\System\zCJmwpc.exe
  2⤵
  PID:2648
- C:\Windows\System\BYCGWiv.exe
  C:\Windows\System\BYCGWiv.exe
  2⤵
  PID:9088
- C:\Windows\System\DyqVXse.exe
  C:\Windows\System\DyqVXse.exe
  2⤵
  PID:9072
- C:\Windows\System\viWGHkM.exe
  C:\Windows\System\viWGHkM.exe
  2⤵
  PID:2964
- C:\Windows\System\NcBoBdm.exe
  C:\Windows\System\NcBoBdm.exe
  2⤵
  PID:2868
- C:\Windows\System\zdRGOKD.exe
  C:\Windows\System\zdRGOKD.exe
  2⤵
  PID:2416
- C:\Windows\System\qtbKwrA.exe
  C:\Windows\System\qtbKwrA.exe
  2⤵
  PID:9212
- C:\Windows\System\pOWKcuJ.exe
  C:\Windows\System\pOWKcuJ.exe
  2⤵
  PID:856
- C:\Windows\System\PEuhqEh.exe
  C:\Windows\System\PEuhqEh.exe
  2⤵
  PID:8064
- C:\Windows\System\hZaWJVH.exe
  C:\Windows\System\hZaWJVH.exe
  2⤵
  PID:7352
- C:\Windows\System\aBhjRKD.exe
  C:\Windows\System\aBhjRKD.exe
  2⤵
  PID:7444
- C:\Windows\System\fzzdsQX.exe
  C:\Windows\System\fzzdsQX.exe
  2⤵
  PID:5256
- C:\Windows\System\BusoWCJ.exe
  C:\Windows\System\BusoWCJ.exe
  2⤵
  PID:8216
- C:\Windows\System\EETIBik.exe
  C:\Windows\System\EETIBik.exe
  2⤵
  PID:8232
- C:\Windows\System\imcwwAw.exe
  C:\Windows\System\imcwwAw.exe
  2⤵
  PID:8248
- C:\Windows\System\zssours.exe
  C:\Windows\System\zssours.exe
  2⤵
  PID:8264
- C:\Windows\System\fhEwwGw.exe
  C:\Windows\System\fhEwwGw.exe
  2⤵
  PID:8276
- C:\Windows\System\WJCIRrh.exe
  C:\Windows\System\WJCIRrh.exe
  2⤵
  PID:8292
- C:\Windows\System\CkaMoqS.exe
  C:\Windows\System\CkaMoqS.exe
  2⤵
  PID:8340
- C:\Windows\System\vIXnWTI.exe
  C:\Windows\System\vIXnWTI.exe
  2⤵
  PID:8360
- C:\Windows\System\vBrLSOx.exe
  C:\Windows\System\vBrLSOx.exe
  2⤵
  PID:8332
- C:\Windows\System\XyiOQUI.exe
  C:\Windows\System\XyiOQUI.exe
  2⤵
  PID:8428
- C:\Windows\System\dJbvpDJ.exe
  C:\Windows\System\dJbvpDJ.exe
  2⤵
  PID:8472
- C:\Windows\System\cUBFmRz.exe
  C:\Windows\System\cUBFmRz.exe
  2⤵
  PID:8536
- C:\Windows\System\nVDCfjg.exe
  C:\Windows\System\nVDCfjg.exe
  2⤵
  PID:8596
- C:\Windows\System\aIURcRH.exe
  C:\Windows\System\aIURcRH.exe
  2⤵
  PID:7848
- C:\Windows\System\dBMVyPw.exe
  C:\Windows\System\dBMVyPw.exe
  2⤵
  PID:8096
- C:\Windows\System\lBZRaSL.exe
  C:\Windows\System\lBZRaSL.exe
  2⤵
  PID:8140
- C:\Windows\System\rodiZfF.exe
  C:\Windows\System\rodiZfF.exe
  2⤵
  PID:2584
- C:\Windows\System\qRhTQXm.exe
  C:\Windows\System\qRhTQXm.exe
  2⤵
  PID:8376
- C:\Windows\System\xxrJBIk.exe
  C:\Windows\System\xxrJBIk.exe
  2⤵
  PID:8440
- C:\Windows\System\fHjYctb.exe
  C:\Windows\System\fHjYctb.exe
  2⤵
  PID:8520
- C:\Windows\System\fEupvDH.exe
  C:\Windows\System\fEupvDH.exe
  2⤵
  PID:8580
- C:\Windows\System\ajTyUBf.exe
  C:\Windows\System\ajTyUBf.exe
  2⤵
  PID:8616
- C:\Windows\System\ubPoCPZ.exe
  C:\Windows\System\ubPoCPZ.exe
  2⤵
  PID:8632
- C:\Windows\System\pDqVcYh.exe
  C:\Windows\System\pDqVcYh.exe
  2⤵
  PID:8656
- C:\Windows\System\GSDRyoE.exe
  C:\Windows\System\GSDRyoE.exe
  2⤵
  PID:8672
- C:\Windows\System\ddcJdyd.exe
  C:\Windows\System\ddcJdyd.exe
  2⤵
  PID:8688
- C:\Windows\System\dtXNBiT.exe
  C:\Windows\System\dtXNBiT.exe
  2⤵
  PID:1056
- C:\Windows\System\HLErVYI.exe
  C:\Windows\System\HLErVYI.exe
  2⤵
  PID:8716
- C:\Windows\System\yfKaFZO.exe
  C:\Windows\System\yfKaFZO.exe
  2⤵
  PID:8732
- C:\Windows\System\hfrzFKm.exe
  C:\Windows\System\hfrzFKm.exe
  2⤵
  PID:8748
- C:\Windows\System\aCstdUO.exe
  C:\Windows\System\aCstdUO.exe
  2⤵
  PID:8760
- C:\Windows\System\tUhoxaS.exe
  C:\Windows\System\tUhoxaS.exe
  2⤵
  PID:8788
- C:\Windows\System\yzMNaOp.exe
  C:\Windows\System\yzMNaOp.exe
  2⤵
  PID:8848
- C:\Windows\System\iUjuurV.exe
  C:\Windows\System\iUjuurV.exe
  2⤵
  PID:8776
- C:\Windows\System\ciTEzRi.exe
  C:\Windows\System\ciTEzRi.exe
  2⤵
  PID:2816
- C:\Windows\System\QLePlHE.exe
  C:\Windows\System\QLePlHE.exe
  2⤵
  PID:8832
- C:\Windows\System\bFgZsck.exe
  C:\Windows\System\bFgZsck.exe
  2⤵
  PID:8872
- C:\Windows\System\EGfdetB.exe
  C:\Windows\System\EGfdetB.exe
  2⤵
  PID:2348
- C:\Windows\System\rtnOUNt.exe
  C:\Windows\System\rtnOUNt.exe
  2⤵
  PID:2984
- C:\Windows\System\QVISRoT.exe
  C:\Windows\System\QVISRoT.exe
  2⤵
  PID:8928
- C:\Windows\System\cuoiVxr.exe
  C:\Windows\System\cuoiVxr.exe
  2⤵
  PID:1944
- C:\Windows\System\JWBfqVa.exe
  C:\Windows\System\JWBfqVa.exe
  2⤵
  PID:9000
- C:\Windows\System\uaaJtfY.exe
  C:\Windows\System\uaaJtfY.exe
  2⤵
  PID:8992
- C:\Windows\System\qLThAyX.exe
  C:\Windows\System\qLThAyX.exe
  2⤵
  PID:8972
- C:\Windows\System\RJqJKRt.exe
  C:\Windows\System\RJqJKRt.exe
  2⤵
  PID:8976
- C:\Windows\System\bBUCqHK.exe
  C:\Windows\System\bBUCqHK.exe
  2⤵
  PID:8944
- C:\Windows\System\paZySXw.exe
  C:\Windows\System\paZySXw.exe
  2⤵
  PID:8940
- C:\Windows\System\YObBnxT.exe
  C:\Windows\System\YObBnxT.exe
  2⤵
  PID:9044
- C:\Windows\System\RvGJxQi.exe
  C:\Windows\System\RvGJxQi.exe
  2⤵
  PID:9104
- C:\Windows\System\OsPvEki.exe
  C:\Windows\System\OsPvEki.exe
  2⤵
  PID:9132
- C:\Windows\System\lTmIgwX.exe
  C:\Windows\System\lTmIgwX.exe
  2⤵
  PID:9148
- C:\Windows\System\bZFEOGg.exe
  C:\Windows\System\bZFEOGg.exe
  2⤵
  PID:9076
- C:\Windows\System\NfpOIlS.exe
  C:\Windows\System\NfpOIlS.exe
  2⤵
  PID:9208
- C:\Windows\System\AZeofiF.exe
  C:\Windows\System\AZeofiF.exe
  2⤵
  PID:7064
- C:\Windows\System\bCBAjRr.exe
  C:\Windows\System\bCBAjRr.exe
  2⤵
  PID:8256
- C:\Windows\System\qRZkAiC.exe
  C:\Windows\System\qRZkAiC.exe
  2⤵
  PID:8988
- C:\Windows\System\fhiWSTI.exe
  C:\Windows\System\fhiWSTI.exe
  2⤵
  PID:1012
- C:\Windows\System\qvfvPLU.exe
  C:\Windows\System\qvfvPLU.exe
  2⤵
  PID:1560
- C:\Windows\System\orbsyVU.exe
  C:\Windows\System\orbsyVU.exe
  2⤵
  PID:8228
- C:\Windows\System\xTTXuEt.exe
  C:\Windows\System\xTTXuEt.exe
  2⤵
  PID:8336
- C:\Windows\System\NvQzQDh.exe
  C:\Windows\System\NvQzQDh.exe
  2⤵
  PID:8568
- C:\Windows\System\BqQilrD.exe
  C:\Windows\System\BqQilrD.exe
  2⤵
  PID:8392
- C:\Windows\System\MVwehDl.exe
  C:\Windows\System\MVwehDl.exe
  2⤵
  PID:8548
- C:\Windows\System\rCYNxTA.exe
  C:\Windows\System\rCYNxTA.exe
  2⤵
  PID:7208
- C:\Windows\System\FEpyZWT.exe
  C:\Windows\System\FEpyZWT.exe
  2⤵
  PID:8628
- C:\Windows\System\ulTbxDC.exe
  C:\Windows\System\ulTbxDC.exe
  2⤵
  PID:8700
- C:\Windows\System\brrqXab.exe
  C:\Windows\System\brrqXab.exe
  2⤵
  PID:8756
- C:\Windows\System\xuxunyA.exe
  C:\Windows\System\xuxunyA.exe
  2⤵
  PID:8488
- C:\Windows\System\dpxggsA.exe
  C:\Windows\System\dpxggsA.exe
  2⤵
  PID:2916
- C:\Windows\System\ofnuuCU.exe
  C:\Windows\System\ofnuuCU.exe
  2⤵
  PID:1040
- C:\Windows\System\xaxToLp.exe
  C:\Windows\System\xaxToLp.exe
  2⤵
  PID:2236
- C:\Windows\System\mhLLgps.exe
  C:\Windows\System\mhLLgps.exe
  2⤵
  PID:8708
- C:\Windows\System\DBcNGCg.exe
  C:\Windows\System\DBcNGCg.exe
  2⤵
  PID:8784
- C:\Windows\System\ESzZZKM.exe
  C:\Windows\System\ESzZZKM.exe
  2⤵
  PID:8644
- C:\Windows\System\QhkaQpS.exe
  C:\Windows\System\QhkaQpS.exe
  2⤵
  PID:9028
- C:\Windows\System\uqNjBqC.exe
  C:\Windows\System\uqNjBqC.exe
  2⤵
  PID:8804
- C:\Windows\System\cPtSEHa.exe
  C:\Windows\System\cPtSEHa.exe
  2⤵
  PID:2252
- C:\Windows\System\pFGmLeH.exe
  C:\Windows\System\pFGmLeH.exe
  2⤵
  PID:7916
- C:\Windows\System\XwIwbrU.exe
  C:\Windows\System\XwIwbrU.exe
  2⤵
  PID:8300
- C:\Windows\System\WKIXdSG.exe
  C:\Windows\System\WKIXdSG.exe
  2⤵
  PID:9128
- C:\Windows\System\dRJTixy.exe
  C:\Windows\System\dRJTixy.exe
  2⤵
  PID:6708
- C:\Windows\System\CezXBTT.exe
  C:\Windows\System\CezXBTT.exe
  2⤵
  PID:8220
- C:\Windows\System\AxxzOvu.exe
  C:\Windows\System\AxxzOvu.exe
  2⤵
  PID:8468
- C:\Windows\System\jyIDcgO.exe
  C:\Windows\System\jyIDcgO.exe
  2⤵
  PID:8128
- C:\Windows\System\kmfzrlP.exe
  C:\Windows\System\kmfzrlP.exe
  2⤵
  PID:8936
- C:\Windows\System\SQEAEuB.exe
  C:\Windows\System\SQEAEuB.exe
  2⤵
  PID:8952
- C:\Windows\System\uihfHfq.exe
  C:\Windows\System\uihfHfq.exe
  2⤵
  PID:9032
- C:\Windows\System\JXpksXE.exe
  C:\Windows\System\JXpksXE.exe
  2⤵
  PID:2372
- C:\Windows\System\vdGVLFx.exe
  C:\Windows\System\vdGVLFx.exe
  2⤵
  PID:8504
- C:\Windows\System\iEjcuST.exe
  C:\Windows\System\iEjcuST.exe
  2⤵
  PID:2904
- C:\Windows\System\XeAdjMC.exe
  C:\Windows\System\XeAdjMC.exe
  2⤵
  PID:2080
- C:\Windows\System\gknQoag.exe
  C:\Windows\System\gknQoag.exe
  2⤵
  PID:8960
- C:\Windows\System\QBXrMAv.exe
  C:\Windows\System\QBXrMAv.exe
  2⤵
  PID:2264
- C:\Windows\System\kyveGHl.exe
  C:\Windows\System\kyveGHl.exe
  2⤵
  PID:8348
- C:\Windows\System\ZKISgsp.exe
  C:\Windows\System\ZKISgsp.exe
  2⤵
  PID:8412
- C:\Windows\System\FtcjmIK.exe
  C:\Windows\System\FtcjmIK.exe
  2⤵
  PID:8844
- C:\Windows\System\INhDfnR.exe
  C:\Windows\System\INhDfnR.exe
  2⤵
  PID:8772
- C:\Windows\System\sXWlrYv.exe
  C:\Windows\System\sXWlrYv.exe
  2⤵
  PID:2960
- C:\Windows\System\ebeLEsH.exe
  C:\Windows\System\ebeLEsH.exe
  2⤵
  PID:9036
- C:\Windows\System\QuLmOwK.exe
  C:\Windows\System\QuLmOwK.exe
  2⤵
  PID:2120
- C:\Windows\System\gvTxABi.exe
  C:\Windows\System\gvTxABi.exe
  2⤵
  PID:9168
- C:\Windows\System\TvUYlut.exe
  C:\Windows\System\TvUYlut.exe
  2⤵
  PID:8652
- C:\Windows\System\HzhPZjL.exe
  C:\Windows\System\HzhPZjL.exe
  2⤵
  PID:8740
- C:\Windows\System\EOECZzE.exe
  C:\Windows\System\EOECZzE.exe
  2⤵
  PID:8284
- C:\Windows\System\rIXXBIE.exe
  C:\Windows\System\rIXXBIE.exe
  2⤵
  PID:8552
- C:\Windows\System\YnYYexo.exe
  C:\Windows\System\YnYYexo.exe
  2⤵
  PID:9012
- C:\Windows\System\gclfRFU.exe
  C:\Windows\System\gclfRFU.exe
  2⤵
  PID:1360
- C:\Windows\System\UEdfBLV.exe
  C:\Windows\System\UEdfBLV.exe
  2⤵
  PID:2836
- C:\Windows\System\uWsBhdC.exe
  C:\Windows\System\uWsBhdC.exe
  2⤵
  PID:9196
- C:\Windows\System\QYgVySM.exe
  C:\Windows\System\QYgVySM.exe
  2⤵
  PID:8684
- C:\Windows\System\JPKbVtu.exe
  C:\Windows\System\JPKbVtu.exe
  2⤵
  PID:8272
- C:\Windows\System\RZgFmQF.exe
  C:\Windows\System\RZgFmQF.exe
  2⤵
  PID:2876
- C:\Windows\System\pEWLUDl.exe
  C:\Windows\System\pEWLUDl.exe
  2⤵
  PID:9224
- C:\Windows\System\KgwDewr.exe
  C:\Windows\System\KgwDewr.exe
  2⤵
  PID:9240
- C:\Windows\System\ZvoaQdG.exe
  C:\Windows\System\ZvoaQdG.exe
  2⤵
  PID:9256
- C:\Windows\System\KlepxLu.exe
  C:\Windows\System\KlepxLu.exe
  2⤵
  PID:9272
- C:\Windows\System\dqfIrBk.exe
  C:\Windows\System\dqfIrBk.exe
  2⤵
  PID:9292
- C:\Windows\System\hNXaZwY.exe
  C:\Windows\System\hNXaZwY.exe
  2⤵
  PID:9312
- C:\Windows\System\okxDGNp.exe
  C:\Windows\System\okxDGNp.exe
  2⤵
  PID:9340
- C:\Windows\System\bJMsbTT.exe
  C:\Windows\System\bJMsbTT.exe
  2⤵
  PID:9360
- C:\Windows\System\Xujpgmo.exe
  C:\Windows\System\Xujpgmo.exe
  2⤵
  PID:9376
- C:\Windows\System\RwbngBf.exe
  C:\Windows\System\RwbngBf.exe
  2⤵
  PID:9392
- C:\Windows\System\RtezQWF.exe
  C:\Windows\System\RtezQWF.exe
  2⤵
  PID:9424
- C:\Windows\System\HnlEDiU.exe
  C:\Windows\System\HnlEDiU.exe
  2⤵
  PID:9440
- C:\Windows\System\XXEENje.exe
  C:\Windows\System\XXEENje.exe
  2⤵
  PID:9496
- C:\Windows\System\nryHSvQ.exe
  C:\Windows\System\nryHSvQ.exe
  2⤵
  PID:9516
- C:\Windows\System\aLcFnNu.exe
  C:\Windows\System\aLcFnNu.exe
  2⤵
  PID:9532
- C:\Windows\System\GVFeIwD.exe
  C:\Windows\System\GVFeIwD.exe
  2⤵
  PID:9548
- C:\Windows\System\dViENUL.exe
  C:\Windows\System\dViENUL.exe
  2⤵
  PID:9564
- C:\Windows\System\ZzZxXZk.exe
  C:\Windows\System\ZzZxXZk.exe
  2⤵
  PID:9580
- C:\Windows\System\nkqyjTs.exe
  C:\Windows\System\nkqyjTs.exe
  2⤵
  PID:9596
- C:\Windows\System\suvuLhn.exe
  C:\Windows\System\suvuLhn.exe
  2⤵
  PID:9616
- C:\Windows\System\tPFmceA.exe
  C:\Windows\System\tPFmceA.exe
  2⤵
  PID:9632
- C:\Windows\System\dEZSoop.exe
  C:\Windows\System\dEZSoop.exe
  2⤵
  PID:9648
- C:\Windows\System\VfOkqAP.exe
  C:\Windows\System\VfOkqAP.exe
  2⤵
  PID:9664
- C:\Windows\System\zxGkbdq.exe
  C:\Windows\System\zxGkbdq.exe
  2⤵
  PID:9680
- C:\Windows\System\NKVAHUk.exe
  C:\Windows\System\NKVAHUk.exe
  2⤵
  PID:9696
- C:\Windows\System\WprTIos.exe
  C:\Windows\System\WprTIos.exe
  2⤵
  PID:9712
- C:\Windows\System\hqBvYee.exe
  C:\Windows\System\hqBvYee.exe
  2⤵
  PID:9728
- C:\Windows\System\JjhQHMI.exe
  C:\Windows\System\JjhQHMI.exe
  2⤵
  PID:9748
- C:\Windows\System\uaeqsYm.exe
  C:\Windows\System\uaeqsYm.exe
  2⤵
  PID:9764
- C:\Windows\System\RTsMEop.exe
  C:\Windows\System\RTsMEop.exe
  2⤵
  PID:9784
- C:\Windows\System\BSSjSer.exe
  C:\Windows\System\BSSjSer.exe
  2⤵
  PID:9800
- C:\Windows\System\RLDnhfD.exe
  C:\Windows\System\RLDnhfD.exe
  2⤵
  PID:9820
- C:\Windows\System\COpIsNK.exe
  C:\Windows\System\COpIsNK.exe
  2⤵
  PID:9840
- C:\Windows\System\yivqMzI.exe
  C:\Windows\System\yivqMzI.exe
  2⤵
  PID:9856
- C:\Windows\System\NmXGcRz.exe
  C:\Windows\System\NmXGcRz.exe
  2⤵
  PID:9876
- C:\Windows\System\YzhyKju.exe
  C:\Windows\System\YzhyKju.exe
  2⤵
  PID:9892
- C:\Windows\System\qqOPZwj.exe
  C:\Windows\System\qqOPZwj.exe
  2⤵
  PID:9908
- C:\Windows\System\wkYPgZt.exe
  C:\Windows\System\wkYPgZt.exe
  2⤵
  PID:9928
- C:\Windows\System\frdNXLj.exe
  C:\Windows\System\frdNXLj.exe
  2⤵
  PID:9944
- C:\Windows\System\gjvAFFB.exe
  C:\Windows\System\gjvAFFB.exe
  2⤵
  PID:9964
- C:\Windows\System\OfcjZXH.exe
  C:\Windows\System\OfcjZXH.exe
  2⤵
  PID:9980
- C:\Windows\System\caDyquN.exe
  C:\Windows\System\caDyquN.exe
  2⤵
  PID:9996
- C:\Windows\System\juZeuDS.exe
  C:\Windows\System\juZeuDS.exe
  2⤵
  PID:10012
- C:\Windows\System\hOgUCMD.exe
  C:\Windows\System\hOgUCMD.exe
  2⤵
  PID:10028
- C:\Windows\System\nhSsGIS.exe
  C:\Windows\System\nhSsGIS.exe
  2⤵
  PID:10044
- C:\Windows\System\JdHWPWt.exe
  C:\Windows\System\JdHWPWt.exe
  2⤵
  PID:10064
- C:\Windows\System\yyBaSHt.exe
  C:\Windows\System\yyBaSHt.exe
  2⤵
  PID:10096
- C:\Windows\System\bOrmxQw.exe
  C:\Windows\System\bOrmxQw.exe
  2⤵
  PID:10116
- C:\Windows\System\BXuipLt.exe
  C:\Windows\System\BXuipLt.exe
  2⤵
  PID:10132
- C:\Windows\System\UNXnqhR.exe
  C:\Windows\System\UNXnqhR.exe
  2⤵
  PID:10148
- C:\Windows\System\LcVjvSN.exe
  C:\Windows\System\LcVjvSN.exe
  2⤵
  PID:10164
- C:\Windows\System\JuaYSCP.exe
  C:\Windows\System\JuaYSCP.exe
  2⤵
  PID:10180
- C:\Windows\System\puvJTND.exe
  C:\Windows\System\puvJTND.exe
  2⤵
  PID:10196
- C:\Windows\System\lhlJOEy.exe
  C:\Windows\System\lhlJOEy.exe
  2⤵
  PID:10212
- C:\Windows\System\HGtMFMh.exe
  C:\Windows\System\HGtMFMh.exe
  2⤵
  PID:10228
- C:\Windows\System\aLLIGIm.exe
  C:\Windows\System\aLLIGIm.exe
  2⤵
  PID:9004
- C:\Windows\System\FfJdWOP.exe
  C:\Windows\System\FfJdWOP.exe
  2⤵
  PID:9280
- C:\Windows\System\ESwAkNa.exe
  C:\Windows\System\ESwAkNa.exe
  2⤵
  PID:9324
- C:\Windows\System\EDYnVtv.exe
  C:\Windows\System\EDYnVtv.exe
  2⤵
  PID:9372
- C:\Windows\System\jrhnwUf.exe
  C:\Windows\System\jrhnwUf.exe
  2⤵
  PID:9408
- C:\Windows\System\IszMKCL.exe
  C:\Windows\System\IszMKCL.exe
  2⤵
  PID:9448
- C:\Windows\System\IYHunUZ.exe
  C:\Windows\System\IYHunUZ.exe
  2⤵
  PID:9468
- C:\Windows\System\OplPMLj.exe
  C:\Windows\System\OplPMLj.exe
  2⤵
  PID:9484
- C:\Windows\System\bwVDNUF.exe
  C:\Windows\System\bwVDNUF.exe
  2⤵
  PID:8744
- C:\Windows\System\kZFpcnd.exe
  C:\Windows\System\kZFpcnd.exe
  2⤵
  PID:9180
- C:\Windows\System\eCbWPwL.exe
  C:\Windows\System\eCbWPwL.exe
  2⤵
  PID:9352
- C:\Windows\System\gQumgwk.exe
  C:\Windows\System\gQumgwk.exe
  2⤵
  PID:9264
- C:\Windows\System\JMpJTZr.exe
  C:\Windows\System\JMpJTZr.exe
  2⤵
  PID:9308
- C:\Windows\System\UXDWopl.exe
  C:\Windows\System\UXDWopl.exe
  2⤵
  PID:9388
- C:\Windows\System\QWTGzcJ.exe
  C:\Windows\System\QWTGzcJ.exe
  2⤵
  PID:9524
- C:\Windows\System\hADJrKG.exe
  C:\Windows\System\hADJrKG.exe
  2⤵
  PID:9588
- C:\Windows\System\zFmFGtB.exe
  C:\Windows\System\zFmFGtB.exe
  2⤵
  PID:9656
- C:\Windows\System\BGHJWQJ.exe
  C:\Windows\System\BGHJWQJ.exe
  2⤵
  PID:9720
- C:\Windows\System\yDwTnDn.exe
  C:\Windows\System\yDwTnDn.exe
  2⤵
  PID:9792
- C:\Windows\System\sYtGUsQ.exe
  C:\Windows\System\sYtGUsQ.exe
  2⤵
  PID:9836
- C:\Windows\System\QZhbSkT.exe
  C:\Windows\System\QZhbSkT.exe
  2⤵
  PID:9900
- C:\Windows\System\LWCYrSl.exe
  C:\Windows\System\LWCYrSl.exe
  2⤵
  PID:9976
- C:\Windows\System\UBUiIZf.exe
  C:\Windows\System\UBUiIZf.exe
  2⤵
  PID:10036
- C:\Windows\System\VfHDYbI.exe
  C:\Windows\System\VfHDYbI.exe
  2⤵
  PID:9644
- C:\Windows\System\zoxcybb.exe
  C:\Windows\System\zoxcybb.exe
  2⤵
  PID:9672
- C:\Windows\System\fICvREY.exe
  C:\Windows\System\fICvREY.exe
  2⤵
  PID:9576
- C:\Windows\System\YMwLsqC.exe
  C:\Windows\System\YMwLsqC.exe
  2⤵
  PID:9512
- C:\Windows\System\BuliUFz.exe
  C:\Windows\System\BuliUFz.exe
  2⤵
  PID:9772
- C:\Windows\System\TITCKJq.exe
  C:\Windows\System\TITCKJq.exe
  2⤵
  PID:9812
- C:\Windows\System\pQmgilT.exe
  C:\Windows\System\pQmgilT.exe
  2⤵
  PID:9888
- C:\Windows\System\kKmTbHb.exe
  C:\Windows\System\kKmTbHb.exe
  2⤵
  PID:9952
- C:\Windows\System\KBNVXGp.exe
  C:\Windows\System\KBNVXGp.exe
  2⤵
  PID:10192
- C:\Windows\System\iaKauTB.exe
  C:\Windows\System\iaKauTB.exe
  2⤵
  PID:9400
- C:\Windows\System\SvFVIsZ.exe
  C:\Windows\System\SvFVIsZ.exe
  2⤵
  PID:8664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AOrVyTY.exe

Filesize
6.0MB

MD5
79b1c7d90e90160f9bdddc3cb92049aa

SHA1
b70921fcf4f5baca20fadd46fb1149c37d53a3eb

SHA256
fb8a2b66ea995e6d4a3c75bb1c3df853923e4ddccef5ccb76fa33a76d18b1f75

SHA512
8ca30909276ba7c90b58cf206b4aba930da6dc2c7ca6e1ba353d54d53f36ad1b2241db9516665fa31be67404674d2fbe99bde5a609ee6ce355a8bd892423d870

Download Submit
C:\Windows\system\ELKtCIC.exe

Filesize
6.0MB

MD5
3ea0869cd9eb333c34fa2270b7b54324

SHA1
d10111ef0e6e77ac015f60fcf8ba1d37ae6514b0

SHA256
48777f2b15b9a14262dda6900140a5d619608abadf131b25ce9564a3f1d3dd01

SHA512
85a4f17096140d81f3d94a2797541fbb9364ca604fd33899ef94a2c9ebf84721e23d3d1acc0a98d81e1d8415dbaf65212f423ac56697c2e620211ad1b4100a2d

Download Submit
C:\Windows\system\JCVWQxn.exe

Filesize
6.0MB

MD5
e21b1276ef9ea153781f41e4289d6232

SHA1
7324af239939dcd1337d0e7ac1053c3a4909b35e

SHA256
e0ba135cf388bf60992ba9cef193de3283683c4da5d51308a15b88b8b76780c3

SHA512
79508282a4bfc282a5671c1402fd32ad6aa4099098f21cd85a955ed6ad5d2216e4a9ff6e0820398ed8b926859cb2dedfd8538b0774d2528aa6703208875483c5

Download Submit
C:\Windows\system\JLeVhzp.exe

Filesize
6.0MB

MD5
3452458ec5d3a83d51acc8098968bbe6

SHA1
b181407c054ab9acf461385d322c8e75c5682714

SHA256
5fed9246d3f25c182edccd57d19387994618738d751840983656db9190ed2e88

SHA512
52824df3ad5e936682ea16a201eda107e47916226b521ab5ea76f77318fa3a62b9b0794240180bf114b001037f621a8f43e26d26364b9c3e921753f407c08eb7

Download Submit
C:\Windows\system\LXEZvuv.exe

Filesize
6.0MB

MD5
5a8b3328ef707c9cb8f0bf4a875b8a43

SHA1
8219ec187ff3fe9be26da70deef7f8fdded246dc

SHA256
a379c4c480cedac6beb1f64815dbd241f2892ba3368ac24bf2c38c761cfc73ca

SHA512
23028f52d64c60539cdbd45809c4a77db79f11d44e8dda8bb71d6842fb4f7e03636370e3e237ca408ffb040dd25ede928610e4153b9073f700939f88a91959b9

Download Submit
C:\Windows\system\MOmwTyz.exe

Filesize
6.0MB

MD5
605fdcf0c91dc7b291a4dfc2c9e16664

SHA1
d251a63e9a95e1879bfa813804069556c90ca7dc

SHA256
52563032dfeb3932261b5d4c3b0669108faf615ed2ac67bde50b9d20c292320e

SHA512
59f8d0d06edca8027262382adccff04dc669447ad489382f506adbb1d26faf1c13fd4564888f6f8f1db81e2d9675dde1a4b881ebc3c269ac1a982c73bfceef58

Download Submit
C:\Windows\system\NGmlLCB.exe

Filesize
6.0MB

MD5
50f64f6a333d75a84b9e68c34c2252d8

SHA1
4b03d2d14aa8f5d6d459aa81e77c519bb4889d54

SHA256
422704484b03ad4265241172a0ef9bffbfd5326e5c7aa9dcab8eb845a36d9877

SHA512
cb4deeff840cc33c0e51bba348e0edcebc12926979a8d5cc1f6959d984462f0bc682de6485049678d7e61477de58c351f684c4bead85f27644b118a538548d22

Download Submit
C:\Windows\system\NUKqOec.exe

Filesize
6.0MB

MD5
62a9c69e6024b643b86805ef2ff601aa

SHA1
02cd949fd2d59f3dcfc9580c5d86d9b7e1d1f1e5

SHA256
2ada18557acc95305cd18bd4e102444269b4a4e3565a9a1c2d814186bb85a6bc

SHA512
169bd6595ef287012fec11faa07f80659db300428c2fa164cda199c7c1f7c75c672c190bc522c261a2d5e85e7f2d8e4d738b5adfc54ec0781102f30c71e143c1

Download Submit
C:\Windows\system\QdGTHIO.exe

Filesize
6.0MB

MD5
88eb15c2847d96fbda360478c5683949

SHA1
944b82dbe9287f6ef38d0d742c02c3c975bdbd10

SHA256
d5f1df4317eb1a4714f0c3641c7b3f0c94c9a769e316ec6ab473069f7a7a94a7

SHA512
abc5b0a06c4f4659a7e3b2a134d5edda752394cef6516fe13749d5013ccec495fa6dc5fa20738dfcfd0083607f3f2d2626bcf842a97930212816b057f04fa558

Download Submit
C:\Windows\system\TQNZTpN.exe

Filesize
6.0MB

MD5
1d82a5ee3bb4fb26a69b7abba17abe7a

SHA1
d5caf7f5fc8188c39d82232e70799e9c800bace5

SHA256
cf46fb0fff83b5f22a5cb1a53eacdee2ee5c86f3cc4f1e4576dcfaf4ee65b625

SHA512
4f6e841287a575a1bed933b091660452785b4ac04991fa706bbb64a14df28d8eae27b426feb13a5832d5ae506c80122d011992e74d9081a00a2c32cf5b1a148a

Download Submit
C:\Windows\system\YsoGICC.exe

Filesize
6.0MB

MD5
c014004fa6ebe4ad14fd695f57c78692

SHA1
8e0a3b5c018e8f3e09d36e2dc44dcde8e67b7004

SHA256
5128447c937083cd32e056ba31c61661044de7289fc20b858202812ffdd7e57d

SHA512
451041c54fc366bc5d9f0883151d00a4aa7fb2a7899274508b913f0b071b2e6317efa92d63702bb6f5c642f13842b5f697449f88b405e199a59b7ca1224267fe

Download Submit
C:\Windows\system\brfEWOL.exe

Filesize
6.0MB

MD5
1752a5b27cf09b8270d8ec01cc07e815

SHA1
634712027f121fa1455b7fcd2ed36fa022ea3768

SHA256
d07b62975c6104502f3db29ec2b82e77d83a60ecc24253fbfad0f4a8dc3ad141

SHA512
cc1e24451c89345bd5aaf068653f025ab2e3ace372da0f34a644fd1ab31744eb8cf962c94bff8945499cbf05f9b8137e4be7aae1ba7e89d665eb8379c39c228e

Download Submit
C:\Windows\system\fkHeCeT.exe

Filesize
6.0MB

MD5
c2a042da00dce650fb0b6ceae1ebf68c

SHA1
8171f39f93ba3ee4a772b1ac4dc9441d6f28763f

SHA256
2acad4d3faafbb818883cd5fb6c2f6150a31b7a767fa32b12bce3e198bbe20e0

SHA512
c33706d8b5ffd125a36952858bbf931754fca2decf3f848e5c6c906295410458fa071cb65609235a85540c0abb3d37b0c68f0651e07ebb35c17c50874d2f9ebc

Download Submit
C:\Windows\system\gXveVZE.exe

Filesize
6.0MB

MD5
2c728c9f5825256127fcf7c16a36cfe2

SHA1
7e36dd4b922845512969022ede93c98c0028ff65

SHA256
676d3963fd911b4637ea1d46e42219ca422e1074a2ee649eaaca878143b626bf

SHA512
47d61466e97f46c1d7e2a587093119e1043f34e4aa19a38a6c23a201f59b9cdb2a8d5a410baf04a16fbe1daee7635b339bc8bda51b26d27e777480e213bbf516

Download Submit
C:\Windows\system\iFEylUC.exe

Filesize
6.0MB

MD5
9ece07674a7e2dd2465796fe2464ea57

SHA1
6d31bad9114ac542267e8fc9a64d51664221083c

SHA256
c105a00f5218384597768ec0931a797b5d5ebe26a7142135c7b00720b6861a39

SHA512
29d1b159a74e904a0885e8279179f2b7a3ffea1292acd3730c31021c38a1094c49087418a18565ecb79cbe94eb54784d659e9923ba5359075076d07ec428f46f

Download Submit
C:\Windows\system\iOzbiNV.exe

Filesize
6.0MB

MD5
efa4b4984db7ab7f3d09aca2b0e46501

SHA1
c3b61a3064591432124cd88220666858c38aac82

SHA256
e6b269d325396454aea6dddf55662d431c3d8ce168b7aa7acaede7ce31752331

SHA512
fe9d2eaddfe4ea9e2a2ae6731b9c6c291c23677e4b0c51e7877ccf330e00c388679209091f0431aeb3dc4710c110f36453e7d205c23b375d624ca9d24f139365

Download Submit
C:\Windows\system\iWbmUJl.exe

Filesize
6.0MB

MD5
2e4f0a0e338ebb5f3c62c3fa7b72df97

SHA1
ab1a4f0b7045ae78d65e9c59d786d0d62351222f

SHA256
7aa92cbed077a21bbeed48e3d63d8ecf55d428ffbee191ab5b6f0eec8ce6b22e

SHA512
05cf1088d5d45c3d3f521dcb4aecea2896cc64299afe1bf1a07eb5176e03e11da2868845e36f2e11588a0ad8c868fbf137d3fe4c144e4f5c457a35b7cd6aadfc

Download Submit
C:\Windows\system\iuwHLYo.exe

Filesize
6.0MB

MD5
15e6e919670ebc5da0a4984cc16f653b

SHA1
32b96a4d62ed80ff3d34ef12aac1572bd8618d07

SHA256
6a134a4236ecfd0e17f67391b7b5eb0a4be789ecb155c2539ccb388bfaccf143

SHA512
9e0944e307d0832411775f8f239f51a7d5c98bb837ab8b2ece418b246d7f072582cdb61458d86f6d70f8f9b1a9f0adbf7de820c7a0e459e44d7e800d23d997be

Download Submit
C:\Windows\system\jQSpfby.exe

Filesize
6.0MB

MD5
1b4a72bec93c0fc4e2cd01713216fc96

SHA1
dcc52da13a81b68a416fda89b27d9b35a058f42b

SHA256
abecc05a067ffe9a4f91063903e3b1f1b4fa374e14d75fd3efda754bc065f24c

SHA512
b6dbcea4038d71d1566d210d58e77c7463996dfd7ef500229f646641617d9753f4e18cb141b160c8b3868ad084b64a1f5ee1f7f42fa02c9b14bd1e55dfcc1826

Download Submit
C:\Windows\system\juDtlgd.exe

Filesize
6.0MB

MD5
4bb38270209f4352b7039f43be06a405

SHA1
bf47897b25b914b9bd1b585d2c17a44be2f0de93

SHA256
1900e738d50c9da6f2c86fda48979a0c0b593fd648a56acd71d4db458884332d

SHA512
b45ce13838afe710ccdab52cdab42a9a2987d57ed2f5e63cd79c8cceb1425b294503281d17604dd0d8e80784c7cea1a1da3a94824303d4a15c0ffa0077b15a25

Download Submit
C:\Windows\system\kaLgUVB.exe

Filesize
6.0MB

MD5
1ebbfd7b2f549f4665df6506f833381c

SHA1
83227a217a9d3c3d3de3acc57dcdf25e754f0405

SHA256
3394b133093add0285254832188ae5e12544f5629a7fa27968160a6695c91c36

SHA512
97dabaab8abe41da368537dbed354ef333bfdb496518902d92471ea550eb47ed8605c28e4633f7a5f2314f743f348754224f41717cb6f40ffbd21348e01d242a

Download Submit
C:\Windows\system\mGskdDp.exe

Filesize
6.0MB

MD5
bcd9ba44cb30e33eb5a3c0a06fcac517

SHA1
ca72de2f7a032c420c50d9845a5014211cfd5fe2

SHA256
3fe331b8d3d646ccf094d948fff5d9b74b95d043ec6b1430f43b17b9c679a83b

SHA512
90aba9853c738e5789878a55aece2ba5a8d559837d185b6b6ef8389df45b02982b72792ce3b3e32d34ad8df0f1fd2327607b2e4fe539240746e0a2f833c8c5c7

Download Submit
C:\Windows\system\pOyyYen.exe

Filesize
6.0MB

MD5
3c7507288e3e68b53365dbec481ff139

SHA1
0846a77d986b3744ce56d8f67df24c27335145d0

SHA256
30532cd7c9cfae442ce20069681d676b3423366730af64417af4e7e5bc025ab7

SHA512
ce659001445ee0e4055150d7900093f4c7bf1f1ac781ef8462abda64457b9ad54dde9075634d4b57fd01b760ab7333b1608277b05223e333dd80ade910fc7fc9

Download Submit
C:\Windows\system\qoewxCr.exe

Filesize
6.0MB

MD5
03078876baa81bc13d003e360cebe369

SHA1
a506ce28b97e4d86c7607e31ff3b52cfd06d60c0

SHA256
06f35662e04068cfe678945c4054906387e307a9ad3e84aeee5b22006758bfeb

SHA512
c218e48f82131e9cfb2da6c6c437506fae81599d7974d121ab365ce0033b62b1fd78247096ad14ad77b4cb4d60a67b4a3b66047b2a6ff148570ed2233931ad36

Download Submit
C:\Windows\system\sHEMYeB.exe

Filesize
6.0MB

MD5
ad1a5ba9e2347855edf550231795dfe5

SHA1
eb3a8f44b5056107d2a8c5da2fcf70fd73a2101b

SHA256
470b8a6bb38d9ef7732bbcf50a8c3724bff2be3e109869096a348af8150e6687

SHA512
2960af1a7fa5936f7771b73dd28b05488510338f30f2a2d8b69c47c754a3295efc5d4fbce0512d2fcb59ab00cacaab240e8ff66fa6af36c82ad63d305822ca90

Download Submit
C:\Windows\system\skniNoi.exe

Filesize
6.0MB

MD5
b3ee9f4c92b914e89dfd048e4646aa2a

SHA1
3fdfa5a8469443feab322453fa51aab9038b4649

SHA256
22c02d1c6fd1e2227727b34ca7d4d314b872a7186d527e6f55ce146a05e7a390

SHA512
18c6ef7e931d791e2d8b0e2f3d280f601a6cd1bdbe523432a8dd746d4fb9bcf5aa2c6d4652ec454f84521253557d180ea49ddc8496ea7569be06e4ab3a156b74

Download Submit
C:\Windows\system\usVOLxO.exe

Filesize
6.0MB

MD5
d3de0b08d90d1aa4107bdea0c82c13fc

SHA1
623fe75e3eaac6ec63f952c2fee05fabdfe8dc9d

SHA256
e0e2dd75bfd40ee6d862da55ac67114973a5b3c39f8c35305ea13bb21422e650

SHA512
99b0ae318ff5eeb48db27d8355555940ca6bb367ced887c6af86efec223896c4989d7c255956e986a11ff14f10d4b7a650b9dc827e95cd05a391a83f1e0b484b

Download Submit
C:\Windows\system\wIKuIgN.exe

Filesize
6.0MB

MD5
d0b3ed60ed8e764476844dc04096fc7d

SHA1
4fc0792cc16d4de4f78f7ff00cd4d0806ecefae1

SHA256
9deeae48660181a0cbf79631270e2b5a17f865825ce3b04eb81eba5a6c37da77

SHA512
e69278340f5e21e75482a46fff27a4d2b08d015a124e401045b2d0fbe14161f82b60f33bb72627fef42775eeeef002986f779cf35fe2dee976819d3a7e68ac12

Download Submit
C:\Windows\system\wQiKJPo.exe

Filesize
6.0MB

MD5
489e21b346d698f0496d8688679460c1

SHA1
30223ff77a02b57cf819ea9a658a31ecf7bf0126

SHA256
d0ae29e7c1115b247e2033852a9450097d7a541ae19fba3a6ddcfdc8d72d7f50

SHA512
b2475641f06f61d9cda59e8f84f5867afadda31b4512d1ea238cfde92b062412091090be8fc8e9659ecc6b5a9fb597e778d3822d16625e74d011f5a3e277855d

Download Submit
\Windows\system\EGDKsdQ.exe

Filesize
6.0MB

MD5
88933ef75735b48e705f1d6e664d3ad0

SHA1
7d3d3a225f77099a394f11a522eca9aaf8534196

SHA256
9682bbdd9e736b3d66a820f36a71493bb03cc495c33c75dee85cfabb4c2e6e09

SHA512
e49d8f793c4eaa1716dd59e1c982dd34becf894496845e2fce40175940d756d2f07c8ee71e08a25af80a7488a0b841683f06a90bc60681dcb6979ac408618d12

Download Submit
\Windows\system\hmUYdQb.exe

Filesize
6.0MB

MD5
27407318b333974ed0089c868505a830

SHA1
e6f9a56d5fd5a3d702bdad5f447433b9cf9fd5db

SHA256
36cf6935bf2a0a0b427fbb273cc778caa5947a64d063c00ec75de4c07b4de9dc

SHA512
97f12149ffaa2b08bf03ecc4441b5259406a3b27c47edcf22831fbdbd302f174c4b001f2ecc342ee2e3432e9f092c565f89eed230c52f9080b6099fa9f2feab4

Download Submit
\Windows\system\lAEgQOU.exe

Filesize
6.0MB

MD5
74e1121540ea238f68a684b5bd9d6b43

SHA1
d66d9f45b144cd556c0c01ac5e4e0788702d241f

SHA256
0d3c5f1a30ef6fe6ce3df96bd2b8a0036b4139ac5cb1f5da1b5c0bc56415b7db

SHA512
5001c5a6946eb5ae6da0f97fc20e5d5971344a8ee7e07ee17fb84a0d3299b7a381ee3232513adbb7dfaaa40c14f52e7f787e4bf28b04d5d3645ab215336d5dfe

Download Submit
memory/1036-4351-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/1036-81-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/1488-3728-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1488-260-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1488-69-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1744-79-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/1744-4086-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2188-25-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2188-868-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2188-48-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-527-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-93-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2188-36-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2188-44-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2188-0-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2188-71-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-65-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2188-13-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2188-23-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2188-9-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-74-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2188-73-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2188-70-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2352-94-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2352-4349-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2572-72-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-259-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2604-66-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2604-3727-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2612-88-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-4268-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-80-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2628-4348-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3619-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2708-20-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3499-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-19-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-45-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-200-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3726-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-83-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2804-3631-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2804-22-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2852-32-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2852-95-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2912-4350-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-82-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download