cobaltstrike | 4c6025fc2b360c05fd4f8eeec9f5f9f9c6e458e7d16aa8eee133000ce4b32404

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17-11-2024 02:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

e202de85b1fae50954b9292e4d9a480c
SHA1

1b26c03fa93e50653bc0448f1da3631aa07d2f45
SHA256

4c6025fc2b360c05fd4f8eeec9f5f9f9c6e458e7d16aa8eee133000ce4b32404
SHA512

544f342cb1143ff97a549cd2ec2efcac9babaff6e1780ea91779ba5c75214c0ad15200cddf11503ad209db755bcbf32c67d5eea0830bd87079f72ee5df8e18e2
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUw:T+q56utgpPF8u/7w

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000012102-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000014714-9.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001471c-18.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014864-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014ac1-32.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c53-54.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d15-84.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016daf-124.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016da6-117.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dc1-129.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f6-186.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173ee-182.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001739b-172.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173b2-176.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017390-166.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016f97-161.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016e73-156.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d54-114.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d40-109.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d38-104.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d30-99.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d27-94.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d1f-89.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d0c-79.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d02-74.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cf6-69.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ccb-64.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c9b-59.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000014c00-49.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000014b38-45.dat	cobalt_reflective_dll
behavioral1/files/0x001b000000014504-40.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014a05-30.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1684-0-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/files/0x0008000000012102-6.dat	xmrig
behavioral1/memory/2924-8-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/files/0x0008000000014714-9.dat	xmrig
behavioral1/memory/1644-14-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/files/0x000800000001471c-18.dat	xmrig
behavioral1/memory/2052-21-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000014864-22.dat	xmrig
behavioral1/files/0x0007000000014ac1-32.dat	xmrig
behavioral1/files/0x0006000000016c53-54.dat	xmrig
behavioral1/files/0x0006000000016d15-84.dat	xmrig
behavioral1/files/0x0006000000016daf-124.dat	xmrig
behavioral1/files/0x0006000000016da6-117.dat	xmrig
behavioral1/files/0x0006000000016dc1-129.dat	xmrig
behavioral1/memory/2584-153-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/1684-152-0x00000000022C0000-0x0000000002614000-memory.dmp	xmrig
behavioral1/memory/2524-151-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/1684-150-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2664-149-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/files/0x00060000000173f6-186.dat	xmrig
behavioral1/memory/1644-755-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/1684-320-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/files/0x00060000000173ee-182.dat	xmrig
behavioral1/files/0x000600000001739b-172.dat	xmrig
behavioral1/files/0x00060000000173b2-176.dat	xmrig
behavioral1/files/0x0006000000017390-166.dat	xmrig
behavioral1/files/0x0006000000016f97-161.dat	xmrig
behavioral1/files/0x0006000000016e73-156.dat	xmrig
behavioral1/memory/2540-147-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2516-145-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2820-143-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2792-141-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2616-139-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/1684-138-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2780-137-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/1684-136-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2748-135-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2120-133-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d54-114.dat	xmrig
behavioral1/files/0x0006000000016d40-109.dat	xmrig
behavioral1/files/0x0006000000016d38-104.dat	xmrig
behavioral1/files/0x0006000000016d30-99.dat	xmrig
behavioral1/files/0x0006000000016d27-94.dat	xmrig
behavioral1/files/0x0006000000016d1f-89.dat	xmrig
behavioral1/files/0x0006000000016d0c-79.dat	xmrig
behavioral1/files/0x0006000000016d02-74.dat	xmrig
behavioral1/files/0x0006000000016cf6-69.dat	xmrig
behavioral1/files/0x0006000000016ccb-64.dat	xmrig
behavioral1/files/0x0006000000016c9b-59.dat	xmrig
behavioral1/files/0x0009000000014c00-49.dat	xmrig
behavioral1/files/0x0009000000014b38-45.dat	xmrig
behavioral1/files/0x001b000000014504-40.dat	xmrig
behavioral1/files/0x0007000000014a05-30.dat	xmrig
behavioral1/memory/1644-3905-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2820-3954-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2524-3958-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2052-3957-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2924-3956-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/2540-3955-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2616-3944-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2748-3942-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2584-3937-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2516-3984-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2780-3979-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2924	bOqLwCS.exe
1644	TgayMwU.exe
2052	fMeXqmb.exe
2584	MCCacJg.exe
2120	JuenxKR.exe
2748	pUjDygK.exe
2780	BNguMxR.exe
2616	EmFIJwf.exe
2792	ksYoZmv.exe
2820	PBVcDdf.exe
2516	zmsoaHX.exe
2540	pODyqfq.exe
2664	OhlygBv.exe
2524	YmdQWrn.exe
2660	kGahCuD.exe
2828	PYxRjdF.exe
1776	HWiyUSq.exe
568	QkrrSLo.exe
112	ntMZfdu.exe
1480	bDiUazb.exe
584	DkLoIES.exe
340	VJVcqqa.exe
1992	AmZaNSn.exe
1284	fPCGOvd.exe
1188	EVMBCre.exe
1920	mZdjpOL.exe
2716	CQbPCLl.exe
2840	vAYhGGK.exe
2192	JkaPdVB.exe
1512	guULNfm.exe
2476	FDpKwVC.exe
1792	ryTszPn.exe
2736	qHLAkau.exe
908	KUleHYf.exe
444	LONgDLa.exe
3032	fxKefPv.exe
3052	QnHxDpz.exe
1192	RibmlLC.exe
972	jFoTATj.exe
1636	UxcPeIp.exe
1328	ndtjXaM.exe
1156	lgMxQuW.exe
1744	xoOizRg.exe
912	XSRPjyv.exe
2200	xMRezJL.exe
1928	nASJFFV.exe
2168	KlvavXr.exe
2096	StjjKhq.exe
3068	ujJeTuu.exe
2864	aIqqAin.exe
704	XwdiPKt.exe
1504	RUpidqc.exe
2908	DoTQaxo.exe
2112	LIjpTAK.exe
1568	jYRFexY.exe
1604	xGWcWDy.exe
2976	ixsxwlr.exe
2856	fztGJJB.exe
2424	vpCabIZ.exe
2760	vTgerHo.exe
2644	XMznHMU.exe
2528	xxxSBJz.exe
1028	KKMJXha.exe
2812	fWEDmKY.exe

Loads dropped DLL 64 IoCs

pid	Process
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1684-0-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/files/0x0008000000012102-6.dat	upx
behavioral1/memory/2924-8-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/files/0x0008000000014714-9.dat	upx
behavioral1/memory/1644-14-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/files/0x000800000001471c-18.dat	upx
behavioral1/memory/2052-21-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/files/0x0007000000014864-22.dat	upx
behavioral1/files/0x0007000000014ac1-32.dat	upx
behavioral1/files/0x0006000000016c53-54.dat	upx
behavioral1/files/0x0006000000016d15-84.dat	upx
behavioral1/files/0x0006000000016daf-124.dat	upx
behavioral1/files/0x0006000000016da6-117.dat	upx
behavioral1/files/0x0006000000016dc1-129.dat	upx
behavioral1/memory/2584-153-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2524-151-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2664-149-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/files/0x00060000000173f6-186.dat	upx
behavioral1/memory/1644-755-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/1684-320-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/files/0x00060000000173ee-182.dat	upx
behavioral1/files/0x000600000001739b-172.dat	upx
behavioral1/files/0x00060000000173b2-176.dat	upx
behavioral1/files/0x0006000000017390-166.dat	upx
behavioral1/files/0x0006000000016f97-161.dat	upx
behavioral1/files/0x0006000000016e73-156.dat	upx
behavioral1/memory/2540-147-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2516-145-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2820-143-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2792-141-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2616-139-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2780-137-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2748-135-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2120-133-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/files/0x0006000000016d54-114.dat	upx
behavioral1/files/0x0006000000016d40-109.dat	upx
behavioral1/files/0x0006000000016d38-104.dat	upx
behavioral1/files/0x0006000000016d30-99.dat	upx
behavioral1/files/0x0006000000016d27-94.dat	upx
behavioral1/files/0x0006000000016d1f-89.dat	upx
behavioral1/files/0x0006000000016d0c-79.dat	upx
behavioral1/files/0x0006000000016d02-74.dat	upx
behavioral1/files/0x0006000000016cf6-69.dat	upx
behavioral1/files/0x0006000000016ccb-64.dat	upx
behavioral1/files/0x0006000000016c9b-59.dat	upx
behavioral1/files/0x0009000000014c00-49.dat	upx
behavioral1/files/0x0009000000014b38-45.dat	upx
behavioral1/files/0x001b000000014504-40.dat	upx
behavioral1/files/0x0007000000014a05-30.dat	upx
behavioral1/memory/1644-3905-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2820-3954-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2524-3958-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2052-3957-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2924-3956-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/2540-3955-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2616-3944-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2748-3942-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2584-3937-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2516-3984-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2780-3979-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2792-3986-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2120-3991-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/2664-3993-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\YCqsBvP.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NPzWoiD.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QjPsDbl.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yWXFzfw.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WnkNcUk.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AfxRKNT.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OccpxlM.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BpbgPSf.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QrvlFTr.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wONpCRH.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jxERivR.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Suepkuc.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CbMsNgI.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mzqCiyd.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xQRjlem.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JoBqmLy.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GxFkKvM.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YKcTwte.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zWaGtqK.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KbTVnEw.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\auqWDvf.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QFRFylk.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Vqpiqnc.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rpHVeWd.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QYMEIWV.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IPTxWHl.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VqwSZBR.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ecCthqa.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TPlcoJi.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IiNmJNN.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QRhznfK.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ezZzYBd.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cZHyFMs.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tRcQfZi.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ftHpktt.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hpCxMns.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EJDlRnV.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wgSIxQU.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sSOKJGc.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NInpBPX.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YQrQtqf.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HuAgoRD.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fDOBwDj.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FfRKWbw.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NjLhaTN.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uFbASwd.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qvTRgiX.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hyqLPZI.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hFGkgle.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FWmxdVV.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\elSkCSg.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MXWiVaK.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AUqjCmJ.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ssENiPF.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AmRkZru.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hrrsQRc.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\voTvUgh.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uEZojJZ.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hoYYCuu.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zIZTqwm.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xsqJXUs.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dxFHFlW.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TPSdgqk.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kqgWugi.exe	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 2924	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1684 wrote to memory of 2924	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1684 wrote to memory of 2924	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1684 wrote to memory of 1644	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1684 wrote to memory of 1644	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1684 wrote to memory of 1644	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1684 wrote to memory of 2052	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1684 wrote to memory of 2052	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1684 wrote to memory of 2052	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1684 wrote to memory of 2584	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1684 wrote to memory of 2584	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1684 wrote to memory of 2584	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1684 wrote to memory of 2120	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1684 wrote to memory of 2120	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1684 wrote to memory of 2120	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1684 wrote to memory of 2748	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1684 wrote to memory of 2748	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1684 wrote to memory of 2748	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1684 wrote to memory of 2780	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1684 wrote to memory of 2780	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1684 wrote to memory of 2780	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1684 wrote to memory of 2616	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1684 wrote to memory of 2616	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1684 wrote to memory of 2616	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1684 wrote to memory of 2792	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1684 wrote to memory of 2792	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1684 wrote to memory of 2792	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1684 wrote to memory of 2820	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1684 wrote to memory of 2820	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1684 wrote to memory of 2820	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1684 wrote to memory of 2516	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1684 wrote to memory of 2516	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1684 wrote to memory of 2516	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1684 wrote to memory of 2540	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1684 wrote to memory of 2540	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1684 wrote to memory of 2540	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1684 wrote to memory of 2664	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1684 wrote to memory of 2664	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1684 wrote to memory of 2664	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1684 wrote to memory of 2524	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1684 wrote to memory of 2524	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1684 wrote to memory of 2524	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1684 wrote to memory of 2660	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1684 wrote to memory of 2660	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1684 wrote to memory of 2660	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1684 wrote to memory of 2828	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1684 wrote to memory of 2828	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1684 wrote to memory of 2828	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1684 wrote to memory of 1776	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1684 wrote to memory of 1776	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1684 wrote to memory of 1776	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1684 wrote to memory of 568	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1684 wrote to memory of 568	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1684 wrote to memory of 568	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1684 wrote to memory of 112	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1684 wrote to memory of 112	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1684 wrote to memory of 112	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1684 wrote to memory of 1480	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1684 wrote to memory of 1480	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1684 wrote to memory of 1480	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1684 wrote to memory of 584	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1684 wrote to memory of 584	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1684 wrote to memory of 584	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1684 wrote to memory of 340	1684	2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-17_e202de85b1fae50954b9292e4d9a480c_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Windows\System\bOqLwCS.exe
  C:\Windows\System\bOqLwCS.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\TgayMwU.exe
  C:\Windows\System\TgayMwU.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\fMeXqmb.exe
  C:\Windows\System\fMeXqmb.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\MCCacJg.exe
  C:\Windows\System\MCCacJg.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\JuenxKR.exe
  C:\Windows\System\JuenxKR.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\pUjDygK.exe
  C:\Windows\System\pUjDygK.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\BNguMxR.exe
  C:\Windows\System\BNguMxR.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\EmFIJwf.exe
  C:\Windows\System\EmFIJwf.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\ksYoZmv.exe
  C:\Windows\System\ksYoZmv.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\PBVcDdf.exe
  C:\Windows\System\PBVcDdf.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\zmsoaHX.exe
  C:\Windows\System\zmsoaHX.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\pODyqfq.exe
  C:\Windows\System\pODyqfq.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\OhlygBv.exe
  C:\Windows\System\OhlygBv.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\YmdQWrn.exe
  C:\Windows\System\YmdQWrn.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\kGahCuD.exe
  C:\Windows\System\kGahCuD.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\PYxRjdF.exe
  C:\Windows\System\PYxRjdF.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\HWiyUSq.exe
  C:\Windows\System\HWiyUSq.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\QkrrSLo.exe
  C:\Windows\System\QkrrSLo.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\ntMZfdu.exe
  C:\Windows\System\ntMZfdu.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\bDiUazb.exe
  C:\Windows\System\bDiUazb.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\DkLoIES.exe
  C:\Windows\System\DkLoIES.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\VJVcqqa.exe
  C:\Windows\System\VJVcqqa.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\AmZaNSn.exe
  C:\Windows\System\AmZaNSn.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\fPCGOvd.exe
  C:\Windows\System\fPCGOvd.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\EVMBCre.exe
  C:\Windows\System\EVMBCre.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\mZdjpOL.exe
  C:\Windows\System\mZdjpOL.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\CQbPCLl.exe
  C:\Windows\System\CQbPCLl.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\vAYhGGK.exe
  C:\Windows\System\vAYhGGK.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\JkaPdVB.exe
  C:\Windows\System\JkaPdVB.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\guULNfm.exe
  C:\Windows\System\guULNfm.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\FDpKwVC.exe
  C:\Windows\System\FDpKwVC.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\ryTszPn.exe
  C:\Windows\System\ryTszPn.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\qHLAkau.exe
  C:\Windows\System\qHLAkau.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\KUleHYf.exe
  C:\Windows\System\KUleHYf.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\LONgDLa.exe
  C:\Windows\System\LONgDLa.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\fxKefPv.exe
  C:\Windows\System\fxKefPv.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\QnHxDpz.exe
  C:\Windows\System\QnHxDpz.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\RibmlLC.exe
  C:\Windows\System\RibmlLC.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\jFoTATj.exe
  C:\Windows\System\jFoTATj.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\UxcPeIp.exe
  C:\Windows\System\UxcPeIp.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\ndtjXaM.exe
  C:\Windows\System\ndtjXaM.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\lgMxQuW.exe
  C:\Windows\System\lgMxQuW.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\xoOizRg.exe
  C:\Windows\System\xoOizRg.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\XSRPjyv.exe
  C:\Windows\System\XSRPjyv.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\xMRezJL.exe
  C:\Windows\System\xMRezJL.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\nASJFFV.exe
  C:\Windows\System\nASJFFV.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\KlvavXr.exe
  C:\Windows\System\KlvavXr.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\StjjKhq.exe
  C:\Windows\System\StjjKhq.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\ujJeTuu.exe
  C:\Windows\System\ujJeTuu.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\aIqqAin.exe
  C:\Windows\System\aIqqAin.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\XwdiPKt.exe
  C:\Windows\System\XwdiPKt.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\RUpidqc.exe
  C:\Windows\System\RUpidqc.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\DoTQaxo.exe
  C:\Windows\System\DoTQaxo.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\LIjpTAK.exe
  C:\Windows\System\LIjpTAK.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\jYRFexY.exe
  C:\Windows\System\jYRFexY.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\xGWcWDy.exe
  C:\Windows\System\xGWcWDy.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\ixsxwlr.exe
  C:\Windows\System\ixsxwlr.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\fztGJJB.exe
  C:\Windows\System\fztGJJB.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\vpCabIZ.exe
  C:\Windows\System\vpCabIZ.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\vTgerHo.exe
  C:\Windows\System\vTgerHo.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\XMznHMU.exe
  C:\Windows\System\XMznHMU.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\xxxSBJz.exe
  C:\Windows\System\xxxSBJz.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\KKMJXha.exe
  C:\Windows\System\KKMJXha.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\fWEDmKY.exe
  C:\Windows\System\fWEDmKY.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\Eeaeaeg.exe
  C:\Windows\System\Eeaeaeg.exe
  2⤵
  PID:1652
- C:\Windows\System\DUtoKLR.exe
  C:\Windows\System\DUtoKLR.exe
  2⤵
  PID:2240
- C:\Windows\System\hIzIWHg.exe
  C:\Windows\System\hIzIWHg.exe
  2⤵
  PID:796
- C:\Windows\System\wKcLRqD.exe
  C:\Windows\System\wKcLRqD.exe
  2⤵
  PID:2288
- C:\Windows\System\KPOQCuy.exe
  C:\Windows\System\KPOQCuy.exe
  2⤵
  PID:2020
- C:\Windows\System\TTQOBWX.exe
  C:\Windows\System\TTQOBWX.exe
  2⤵
  PID:2276
- C:\Windows\System\yTsXxGN.exe
  C:\Windows\System\yTsXxGN.exe
  2⤵
  PID:2028
- C:\Windows\System\RnAjAug.exe
  C:\Windows\System\RnAjAug.exe
  2⤵
  PID:1996
- C:\Windows\System\YBUQOHb.exe
  C:\Windows\System\YBUQOHb.exe
  2⤵
  PID:2700
- C:\Windows\System\LubXIsd.exe
  C:\Windows\System\LubXIsd.exe
  2⤵
  PID:2676
- C:\Windows\System\dzEySCW.exe
  C:\Windows\System\dzEySCW.exe
  2⤵
  PID:2472
- C:\Windows\System\dvPjOIs.exe
  C:\Windows\System\dvPjOIs.exe
  2⤵
  PID:2928
- C:\Windows\System\aVvGdsV.exe
  C:\Windows\System\aVvGdsV.exe
  2⤵
  PID:108
- C:\Windows\System\Clxvvwu.exe
  C:\Windows\System\Clxvvwu.exe
  2⤵
  PID:3028
- C:\Windows\System\FYXtYiD.exe
  C:\Windows\System\FYXtYiD.exe
  2⤵
  PID:988
- C:\Windows\System\hvVoQuO.exe
  C:\Windows\System\hvVoQuO.exe
  2⤵
  PID:696
- C:\Windows\System\AgMwaQO.exe
  C:\Windows\System\AgMwaQO.exe
  2⤵
  PID:1324
- C:\Windows\System\MuZNPCV.exe
  C:\Windows\System\MuZNPCV.exe
  2⤵
  PID:1752
- C:\Windows\System\jChAdwc.exe
  C:\Windows\System\jChAdwc.exe
  2⤵
  PID:1160
- C:\Windows\System\skIfQsv.exe
  C:\Windows\System\skIfQsv.exe
  2⤵
  PID:2100
- C:\Windows\System\qetrAzm.exe
  C:\Windows\System\qetrAzm.exe
  2⤵
  PID:3016
- C:\Windows\System\ZrIxlhS.exe
  C:\Windows\System\ZrIxlhS.exe
  2⤵
  PID:956
- C:\Windows\System\xhwmSaX.exe
  C:\Windows\System\xhwmSaX.exe
  2⤵
  PID:2364
- C:\Windows\System\zCgZtKW.exe
  C:\Windows\System\zCgZtKW.exe
  2⤵
  PID:892
- C:\Windows\System\QjPsDbl.exe
  C:\Windows\System\QjPsDbl.exe
  2⤵
  PID:2904
- C:\Windows\System\qtGzuWE.exe
  C:\Windows\System\qtGzuWE.exe
  2⤵
  PID:1708
- C:\Windows\System\hoziXgw.exe
  C:\Windows\System\hoziXgw.exe
  2⤵
  PID:2576
- C:\Windows\System\exbovhh.exe
  C:\Windows\System\exbovhh.exe
  2⤵
  PID:2596
- C:\Windows\System\JqfPRon.exe
  C:\Windows\System\JqfPRon.exe
  2⤵
  PID:2788
- C:\Windows\System\jVnoHqV.exe
  C:\Windows\System\jVnoHqV.exe
  2⤵
  PID:2512
- C:\Windows\System\VAsItaY.exe
  C:\Windows\System\VAsItaY.exe
  2⤵
  PID:2772
- C:\Windows\System\NqNFbaS.exe
  C:\Windows\System\NqNFbaS.exe
  2⤵
  PID:2388
- C:\Windows\System\wrmRHIv.exe
  C:\Windows\System\wrmRHIv.exe
  2⤵
  PID:600
- C:\Windows\System\YmzJnyd.exe
  C:\Windows\System\YmzJnyd.exe
  2⤵
  PID:2016
- C:\Windows\System\ewWPxyI.exe
  C:\Windows\System\ewWPxyI.exe
  2⤵
  PID:2708
- C:\Windows\System\HRLwZWJ.exe
  C:\Windows\System\HRLwZWJ.exe
  2⤵
  PID:2844
- C:\Windows\System\RLtRIWD.exe
  C:\Windows\System\RLtRIWD.exe
  2⤵
  PID:2712
- C:\Windows\System\uWXvVeH.exe
  C:\Windows\System\uWXvVeH.exe
  2⤵
  PID:280
- C:\Windows\System\GKYHssA.exe
  C:\Windows\System\GKYHssA.exe
  2⤵
  PID:1088
- C:\Windows\System\WMGQnlj.exe
  C:\Windows\System\WMGQnlj.exe
  2⤵
  PID:1340
- C:\Windows\System\UopTXLN.exe
  C:\Windows\System\UopTXLN.exe
  2⤵
  PID:896
- C:\Windows\System\oJLModG.exe
  C:\Windows\System\oJLModG.exe
  2⤵
  PID:3064
- C:\Windows\System\HYsULSJ.exe
  C:\Windows\System\HYsULSJ.exe
  2⤵
  PID:2380
- C:\Windows\System\oZheDCb.exe
  C:\Windows\System\oZheDCb.exe
  2⤵
  PID:1384
- C:\Windows\System\GWvphyd.exe
  C:\Windows\System\GWvphyd.exe
  2⤵
  PID:1940
- C:\Windows\System\cxrHxtN.exe
  C:\Windows\System\cxrHxtN.exe
  2⤵
  PID:3048
- C:\Windows\System\HTnfCkW.exe
  C:\Windows\System\HTnfCkW.exe
  2⤵
  PID:2920
- C:\Windows\System\UbVJXia.exe
  C:\Windows\System\UbVJXia.exe
  2⤵
  PID:2324
- C:\Windows\System\yKSoSpt.exe
  C:\Windows\System\yKSoSpt.exe
  2⤵
  PID:2824
- C:\Windows\System\bQHxHPH.exe
  C:\Windows\System\bQHxHPH.exe
  2⤵
  PID:2944
- C:\Windows\System\kaOLjXs.exe
  C:\Windows\System\kaOLjXs.exe
  2⤵
  PID:2552
- C:\Windows\System\eFyHMQT.exe
  C:\Windows\System\eFyHMQT.exe
  2⤵
  PID:2308
- C:\Windows\System\pRCraFC.exe
  C:\Windows\System\pRCraFC.exe
  2⤵
  PID:2312
- C:\Windows\System\XGpTnRy.exe
  C:\Windows\System\XGpTnRy.exe
  2⤵
  PID:408
- C:\Windows\System\pRklyQF.exe
  C:\Windows\System\pRklyQF.exe
  2⤵
  PID:1256
- C:\Windows\System\ziDKvVX.exe
  C:\Windows\System\ziDKvVX.exe
  2⤵
  PID:3040
- C:\Windows\System\fxzbUIc.exe
  C:\Windows\System\fxzbUIc.exe
  2⤵
  PID:2152
- C:\Windows\System\ujwaKqJ.exe
  C:\Windows\System\ujwaKqJ.exe
  2⤵
  PID:1908
- C:\Windows\System\NgHBshT.exe
  C:\Windows\System\NgHBshT.exe
  2⤵
  PID:2372
- C:\Windows\System\IifUzyo.exe
  C:\Windows\System\IifUzyo.exe
  2⤵
  PID:3076
- C:\Windows\System\LbjRRyK.exe
  C:\Windows\System\LbjRRyK.exe
  2⤵
  PID:3096
- C:\Windows\System\uTJyRYv.exe
  C:\Windows\System\uTJyRYv.exe
  2⤵
  PID:3116
- C:\Windows\System\qUustQw.exe
  C:\Windows\System\qUustQw.exe
  2⤵
  PID:3136
- C:\Windows\System\rpHVeWd.exe
  C:\Windows\System\rpHVeWd.exe
  2⤵
  PID:3156
- C:\Windows\System\KyXZPqM.exe
  C:\Windows\System\KyXZPqM.exe
  2⤵
  PID:3176
- C:\Windows\System\WIjpTrT.exe
  C:\Windows\System\WIjpTrT.exe
  2⤵
  PID:3196
- C:\Windows\System\mMPhigG.exe
  C:\Windows\System\mMPhigG.exe
  2⤵
  PID:3216
- C:\Windows\System\PDHZLex.exe
  C:\Windows\System\PDHZLex.exe
  2⤵
  PID:3236
- C:\Windows\System\NnwAAAw.exe
  C:\Windows\System\NnwAAAw.exe
  2⤵
  PID:3256
- C:\Windows\System\gTagiKf.exe
  C:\Windows\System\gTagiKf.exe
  2⤵
  PID:3276
- C:\Windows\System\jfwLEuE.exe
  C:\Windows\System\jfwLEuE.exe
  2⤵
  PID:3296
- C:\Windows\System\Yvdfjay.exe
  C:\Windows\System\Yvdfjay.exe
  2⤵
  PID:3316
- C:\Windows\System\oDMvJfB.exe
  C:\Windows\System\oDMvJfB.exe
  2⤵
  PID:3336
- C:\Windows\System\MqjGMfz.exe
  C:\Windows\System\MqjGMfz.exe
  2⤵
  PID:3356
- C:\Windows\System\qewYuPe.exe
  C:\Windows\System\qewYuPe.exe
  2⤵
  PID:3376
- C:\Windows\System\woPppEO.exe
  C:\Windows\System\woPppEO.exe
  2⤵
  PID:3396
- C:\Windows\System\QYdPBgA.exe
  C:\Windows\System\QYdPBgA.exe
  2⤵
  PID:3416
- C:\Windows\System\NJWsesX.exe
  C:\Windows\System\NJWsesX.exe
  2⤵
  PID:3436
- C:\Windows\System\BzZTPIt.exe
  C:\Windows\System\BzZTPIt.exe
  2⤵
  PID:3456
- C:\Windows\System\itQfZXk.exe
  C:\Windows\System\itQfZXk.exe
  2⤵
  PID:3476
- C:\Windows\System\ogrDWRZ.exe
  C:\Windows\System\ogrDWRZ.exe
  2⤵
  PID:3496
- C:\Windows\System\eAeGsyK.exe
  C:\Windows\System\eAeGsyK.exe
  2⤵
  PID:3516
- C:\Windows\System\RFSPWYU.exe
  C:\Windows\System\RFSPWYU.exe
  2⤵
  PID:3536
- C:\Windows\System\sqUNsni.exe
  C:\Windows\System\sqUNsni.exe
  2⤵
  PID:3556
- C:\Windows\System\AWFXUUu.exe
  C:\Windows\System\AWFXUUu.exe
  2⤵
  PID:3576
- C:\Windows\System\hGYURcl.exe
  C:\Windows\System\hGYURcl.exe
  2⤵
  PID:3596
- C:\Windows\System\VBTByZh.exe
  C:\Windows\System\VBTByZh.exe
  2⤵
  PID:3616
- C:\Windows\System\xogxLzD.exe
  C:\Windows\System\xogxLzD.exe
  2⤵
  PID:3636
- C:\Windows\System\npLOPdb.exe
  C:\Windows\System\npLOPdb.exe
  2⤵
  PID:3656
- C:\Windows\System\DoWcfTL.exe
  C:\Windows\System\DoWcfTL.exe
  2⤵
  PID:3676
- C:\Windows\System\FCyBMns.exe
  C:\Windows\System\FCyBMns.exe
  2⤵
  PID:3696
- C:\Windows\System\RvqNucZ.exe
  C:\Windows\System\RvqNucZ.exe
  2⤵
  PID:3716
- C:\Windows\System\qDzgFgJ.exe
  C:\Windows\System\qDzgFgJ.exe
  2⤵
  PID:3736
- C:\Windows\System\BGDEuhl.exe
  C:\Windows\System\BGDEuhl.exe
  2⤵
  PID:3756
- C:\Windows\System\MmpEgHu.exe
  C:\Windows\System\MmpEgHu.exe
  2⤵
  PID:3776
- C:\Windows\System\nFqrrvK.exe
  C:\Windows\System\nFqrrvK.exe
  2⤵
  PID:3796
- C:\Windows\System\tQZApNC.exe
  C:\Windows\System\tQZApNC.exe
  2⤵
  PID:3816
- C:\Windows\System\HfJMCoH.exe
  C:\Windows\System\HfJMCoH.exe
  2⤵
  PID:3836
- C:\Windows\System\rJxCyaW.exe
  C:\Windows\System\rJxCyaW.exe
  2⤵
  PID:3856
- C:\Windows\System\ynpfwPy.exe
  C:\Windows\System\ynpfwPy.exe
  2⤵
  PID:3876
- C:\Windows\System\qmRSVoH.exe
  C:\Windows\System\qmRSVoH.exe
  2⤵
  PID:3896
- C:\Windows\System\UGvpLwS.exe
  C:\Windows\System\UGvpLwS.exe
  2⤵
  PID:3916
- C:\Windows\System\gMAqGPY.exe
  C:\Windows\System\gMAqGPY.exe
  2⤵
  PID:3936
- C:\Windows\System\FZPSPMx.exe
  C:\Windows\System\FZPSPMx.exe
  2⤵
  PID:3956
- C:\Windows\System\iEWAJuw.exe
  C:\Windows\System\iEWAJuw.exe
  2⤵
  PID:3976
- C:\Windows\System\vtxUfqr.exe
  C:\Windows\System\vtxUfqr.exe
  2⤵
  PID:3992
- C:\Windows\System\qgdXLjD.exe
  C:\Windows\System\qgdXLjD.exe
  2⤵
  PID:4016
- C:\Windows\System\NtyckyF.exe
  C:\Windows\System\NtyckyF.exe
  2⤵
  PID:4036
- C:\Windows\System\VKwszlZ.exe
  C:\Windows\System\VKwszlZ.exe
  2⤵
  PID:4056
- C:\Windows\System\skUDqZP.exe
  C:\Windows\System\skUDqZP.exe
  2⤵
  PID:4076
- C:\Windows\System\rnfyqMs.exe
  C:\Windows\System\rnfyqMs.exe
  2⤵
  PID:2044
- C:\Windows\System\ztBQbEK.exe
  C:\Windows\System\ztBQbEK.exe
  2⤵
  PID:1032
- C:\Windows\System\inzdKIs.exe
  C:\Windows\System\inzdKIs.exe
  2⤵
  PID:2572
- C:\Windows\System\mffBWeF.exe
  C:\Windows\System\mffBWeF.exe
  2⤵
  PID:1492
- C:\Windows\System\ODeUDeT.exe
  C:\Windows\System\ODeUDeT.exe
  2⤵
  PID:888
- C:\Windows\System\ucEKdho.exe
  C:\Windows\System\ucEKdho.exe
  2⤵
  PID:2688
- C:\Windows\System\txrLSDN.exe
  C:\Windows\System\txrLSDN.exe
  2⤵
  PID:2964
- C:\Windows\System\funPYZU.exe
  C:\Windows\System\funPYZU.exe
  2⤵
  PID:3092
- C:\Windows\System\TzMiwLk.exe
  C:\Windows\System\TzMiwLk.exe
  2⤵
  PID:3124
- C:\Windows\System\RCaPbId.exe
  C:\Windows\System\RCaPbId.exe
  2⤵
  PID:3172
- C:\Windows\System\FyTveqr.exe
  C:\Windows\System\FyTveqr.exe
  2⤵
  PID:3152
- C:\Windows\System\iChbXvG.exe
  C:\Windows\System\iChbXvG.exe
  2⤵
  PID:3184
- C:\Windows\System\xOstcoN.exe
  C:\Windows\System\xOstcoN.exe
  2⤵
  PID:3252
- C:\Windows\System\dXjwZQO.exe
  C:\Windows\System\dXjwZQO.exe
  2⤵
  PID:3264
- C:\Windows\System\ZNzUjwQ.exe
  C:\Windows\System\ZNzUjwQ.exe
  2⤵
  PID:3268
- C:\Windows\System\quFlXrJ.exe
  C:\Windows\System\quFlXrJ.exe
  2⤵
  PID:3312
- C:\Windows\System\ZGgJNGF.exe
  C:\Windows\System\ZGgJNGF.exe
  2⤵
  PID:3352
- C:\Windows\System\dAxnaTI.exe
  C:\Windows\System\dAxnaTI.exe
  2⤵
  PID:3408
- C:\Windows\System\uwUtFkb.exe
  C:\Windows\System\uwUtFkb.exe
  2⤵
  PID:3448
- C:\Windows\System\GbgfAkt.exe
  C:\Windows\System\GbgfAkt.exe
  2⤵
  PID:3464
- C:\Windows\System\nSRGlHR.exe
  C:\Windows\System\nSRGlHR.exe
  2⤵
  PID:3524
- C:\Windows\System\ftHpktt.exe
  C:\Windows\System\ftHpktt.exe
  2⤵
  PID:3504
- C:\Windows\System\FiSJEan.exe
  C:\Windows\System\FiSJEan.exe
  2⤵
  PID:3568
- C:\Windows\System\xQRjlem.exe
  C:\Windows\System\xQRjlem.exe
  2⤵
  PID:3604
- C:\Windows\System\LvVxZlF.exe
  C:\Windows\System\LvVxZlF.exe
  2⤵
  PID:3624
- C:\Windows\System\watHxTB.exe
  C:\Windows\System\watHxTB.exe
  2⤵
  PID:3688
- C:\Windows\System\nCSLFjq.exe
  C:\Windows\System\nCSLFjq.exe
  2⤵
  PID:3704
- C:\Windows\System\eOZxjAW.exe
  C:\Windows\System\eOZxjAW.exe
  2⤵
  PID:3732
- C:\Windows\System\jFmXppm.exe
  C:\Windows\System\jFmXppm.exe
  2⤵
  PID:3752
- C:\Windows\System\vXMmVbR.exe
  C:\Windows\System\vXMmVbR.exe
  2⤵
  PID:3784
- C:\Windows\System\QqoolFI.exe
  C:\Windows\System\QqoolFI.exe
  2⤵
  PID:3844
- C:\Windows\System\XGUTmsm.exe
  C:\Windows\System\XGUTmsm.exe
  2⤵
  PID:3884
- C:\Windows\System\xnIwUKn.exe
  C:\Windows\System\xnIwUKn.exe
  2⤵
  PID:3868
- C:\Windows\System\cWdCWVf.exe
  C:\Windows\System\cWdCWVf.exe
  2⤵
  PID:3908
- C:\Windows\System\MRbdbOW.exe
  C:\Windows\System\MRbdbOW.exe
  2⤵
  PID:3944
- C:\Windows\System\OdtMJvz.exe
  C:\Windows\System\OdtMJvz.exe
  2⤵
  PID:4012
- C:\Windows\System\wrRugRL.exe
  C:\Windows\System\wrRugRL.exe
  2⤵
  PID:4048
- C:\Windows\System\kCfRein.exe
  C:\Windows\System\kCfRein.exe
  2⤵
  PID:4084
- C:\Windows\System\KKIrUub.exe
  C:\Windows\System\KKIrUub.exe
  2⤵
  PID:2012
- C:\Windows\System\FSpxXBO.exe
  C:\Windows\System\FSpxXBO.exe
  2⤵
  PID:2652
- C:\Windows\System\xtTlWXS.exe
  C:\Windows\System\xtTlWXS.exe
  2⤵
  PID:2124
- C:\Windows\System\kdyRdIt.exe
  C:\Windows\System\kdyRdIt.exe
  2⤵
  PID:2060
- C:\Windows\System\zQzpTDw.exe
  C:\Windows\System\zQzpTDw.exe
  2⤵
  PID:2832
- C:\Windows\System\WngEUdK.exe
  C:\Windows\System\WngEUdK.exe
  2⤵
  PID:3084
- C:\Windows\System\QYMEIWV.exe
  C:\Windows\System\QYMEIWV.exe
  2⤵
  PID:3164
- C:\Windows\System\kOqInGx.exe
  C:\Windows\System\kOqInGx.exe
  2⤵
  PID:3204
- C:\Windows\System\FTatRJA.exe
  C:\Windows\System\FTatRJA.exe
  2⤵
  PID:3224
- C:\Windows\System\LYcNCzF.exe
  C:\Windows\System\LYcNCzF.exe
  2⤵
  PID:3364
- C:\Windows\System\YlZKoGN.exe
  C:\Windows\System\YlZKoGN.exe
  2⤵
  PID:3388
- C:\Windows\System\AfxRKNT.exe
  C:\Windows\System\AfxRKNT.exe
  2⤵
  PID:3404
- C:\Windows\System\iCFGPdt.exe
  C:\Windows\System\iCFGPdt.exe
  2⤵
  PID:3424
- C:\Windows\System\sYBAcIK.exe
  C:\Windows\System\sYBAcIK.exe
  2⤵
  PID:3548
- C:\Windows\System\eFLhHHJ.exe
  C:\Windows\System\eFLhHHJ.exe
  2⤵
  PID:3584
- C:\Windows\System\hNjgZUG.exe
  C:\Windows\System\hNjgZUG.exe
  2⤵
  PID:3672
- C:\Windows\System\lNHuBfM.exe
  C:\Windows\System\lNHuBfM.exe
  2⤵
  PID:3712
- C:\Windows\System\QAkOSpc.exe
  C:\Windows\System\QAkOSpc.exe
  2⤵
  PID:3804
- C:\Windows\System\KHFfZKC.exe
  C:\Windows\System\KHFfZKC.exe
  2⤵
  PID:3812
- C:\Windows\System\GyWIHHQ.exe
  C:\Windows\System\GyWIHHQ.exe
  2⤵
  PID:3848
- C:\Windows\System\bqHgYxj.exe
  C:\Windows\System\bqHgYxj.exe
  2⤵
  PID:3924
- C:\Windows\System\toRTfXQ.exe
  C:\Windows\System\toRTfXQ.exe
  2⤵
  PID:4000
- C:\Windows\System\fioNueK.exe
  C:\Windows\System\fioNueK.exe
  2⤵
  PID:644
- C:\Windows\System\ujrrfRy.exe
  C:\Windows\System\ujrrfRy.exe
  2⤵
  PID:4028
- C:\Windows\System\hCzXBsN.exe
  C:\Windows\System\hCzXBsN.exe
  2⤵
  PID:4068
- C:\Windows\System\kQCplgU.exe
  C:\Windows\System\kQCplgU.exe
  2⤵
  PID:3144
- C:\Windows\System\nnUwzTx.exe
  C:\Windows\System\nnUwzTx.exe
  2⤵
  PID:2336
- C:\Windows\System\caArELT.exe
  C:\Windows\System\caArELT.exe
  2⤵
  PID:3288
- C:\Windows\System\qMZPQeQ.exe
  C:\Windows\System\qMZPQeQ.exe
  2⤵
  PID:3372
- C:\Windows\System\GFWAJWX.exe
  C:\Windows\System\GFWAJWX.exe
  2⤵
  PID:3472
- C:\Windows\System\GfcxGpI.exe
  C:\Windows\System\GfcxGpI.exe
  2⤵
  PID:3644
- C:\Windows\System\eQGLTSt.exe
  C:\Windows\System\eQGLTSt.exe
  2⤵
  PID:3444
- C:\Windows\System\fxjOJtk.exe
  C:\Windows\System\fxjOJtk.exe
  2⤵
  PID:3668
- C:\Windows\System\XLOBbcw.exe
  C:\Windows\System\XLOBbcw.exe
  2⤵
  PID:3824
- C:\Windows\System\dbwesgi.exe
  C:\Windows\System\dbwesgi.exe
  2⤵
  PID:3932
- C:\Windows\System\qoIVjvn.exe
  C:\Windows\System\qoIVjvn.exe
  2⤵
  PID:3872
- C:\Windows\System\ZAwqGwx.exe
  C:\Windows\System\ZAwqGwx.exe
  2⤵
  PID:4008
- C:\Windows\System\IoZbXqb.exe
  C:\Windows\System\IoZbXqb.exe
  2⤵
  PID:4100
- C:\Windows\System\OrfAoEs.exe
  C:\Windows\System\OrfAoEs.exe
  2⤵
  PID:4120
- C:\Windows\System\CkUCwKX.exe
  C:\Windows\System\CkUCwKX.exe
  2⤵
  PID:4140
- C:\Windows\System\BbIbgwP.exe
  C:\Windows\System\BbIbgwP.exe
  2⤵
  PID:4160
- C:\Windows\System\uuORCIB.exe
  C:\Windows\System\uuORCIB.exe
  2⤵
  PID:4176
- C:\Windows\System\wufoOPo.exe
  C:\Windows\System\wufoOPo.exe
  2⤵
  PID:4200
- C:\Windows\System\MBWRRtL.exe
  C:\Windows\System\MBWRRtL.exe
  2⤵
  PID:4220
- C:\Windows\System\rnWjQyw.exe
  C:\Windows\System\rnWjQyw.exe
  2⤵
  PID:4240
- C:\Windows\System\wFvIoGU.exe
  C:\Windows\System\wFvIoGU.exe
  2⤵
  PID:4260
- C:\Windows\System\XQOvUmw.exe
  C:\Windows\System\XQOvUmw.exe
  2⤵
  PID:4280
- C:\Windows\System\FsXsxjM.exe
  C:\Windows\System\FsXsxjM.exe
  2⤵
  PID:4300
- C:\Windows\System\rEJaYqT.exe
  C:\Windows\System\rEJaYqT.exe
  2⤵
  PID:4320
- C:\Windows\System\BegZJJj.exe
  C:\Windows\System\BegZJJj.exe
  2⤵
  PID:4336
- C:\Windows\System\qhSZzjl.exe
  C:\Windows\System\qhSZzjl.exe
  2⤵
  PID:4360
- C:\Windows\System\hpDmjJI.exe
  C:\Windows\System\hpDmjJI.exe
  2⤵
  PID:4380
- C:\Windows\System\FKzCLlm.exe
  C:\Windows\System\FKzCLlm.exe
  2⤵
  PID:4400
- C:\Windows\System\fxnNqed.exe
  C:\Windows\System\fxnNqed.exe
  2⤵
  PID:4416
- C:\Windows\System\XXXZVon.exe
  C:\Windows\System\XXXZVon.exe
  2⤵
  PID:4436
- C:\Windows\System\KjeEnGc.exe
  C:\Windows\System\KjeEnGc.exe
  2⤵
  PID:4456
- C:\Windows\System\dTrNQfA.exe
  C:\Windows\System\dTrNQfA.exe
  2⤵
  PID:4476
- C:\Windows\System\cRONbeB.exe
  C:\Windows\System\cRONbeB.exe
  2⤵
  PID:4496
- C:\Windows\System\JkDbXHq.exe
  C:\Windows\System\JkDbXHq.exe
  2⤵
  PID:4520
- C:\Windows\System\MfBxyBu.exe
  C:\Windows\System\MfBxyBu.exe
  2⤵
  PID:4536
- C:\Windows\System\sLHRWFC.exe
  C:\Windows\System\sLHRWFC.exe
  2⤵
  PID:4560
- C:\Windows\System\Htbalmq.exe
  C:\Windows\System\Htbalmq.exe
  2⤵
  PID:4580
- C:\Windows\System\ZxfiwvY.exe
  C:\Windows\System\ZxfiwvY.exe
  2⤵
  PID:4600
- C:\Windows\System\QqAXRsa.exe
  C:\Windows\System\QqAXRsa.exe
  2⤵
  PID:4620
- C:\Windows\System\vdKWTZM.exe
  C:\Windows\System\vdKWTZM.exe
  2⤵
  PID:4640
- C:\Windows\System\wfDMHyi.exe
  C:\Windows\System\wfDMHyi.exe
  2⤵
  PID:4660
- C:\Windows\System\QrMwtst.exe
  C:\Windows\System\QrMwtst.exe
  2⤵
  PID:4680
- C:\Windows\System\VFAtTez.exe
  C:\Windows\System\VFAtTez.exe
  2⤵
  PID:4700
- C:\Windows\System\BRNWegP.exe
  C:\Windows\System\BRNWegP.exe
  2⤵
  PID:4720
- C:\Windows\System\fEtgglh.exe
  C:\Windows\System\fEtgglh.exe
  2⤵
  PID:4740
- C:\Windows\System\AJMAwmK.exe
  C:\Windows\System\AJMAwmK.exe
  2⤵
  PID:4760
- C:\Windows\System\nqrhBDz.exe
  C:\Windows\System\nqrhBDz.exe
  2⤵
  PID:4780
- C:\Windows\System\tyLSZgD.exe
  C:\Windows\System\tyLSZgD.exe
  2⤵
  PID:4800
- C:\Windows\System\RuhdYFH.exe
  C:\Windows\System\RuhdYFH.exe
  2⤵
  PID:4820
- C:\Windows\System\ulrqyxc.exe
  C:\Windows\System\ulrqyxc.exe
  2⤵
  PID:4840
- C:\Windows\System\uEPEVbY.exe
  C:\Windows\System\uEPEVbY.exe
  2⤵
  PID:4860
- C:\Windows\System\aKxNosB.exe
  C:\Windows\System\aKxNosB.exe
  2⤵
  PID:4880
- C:\Windows\System\DQTMfIp.exe
  C:\Windows\System\DQTMfIp.exe
  2⤵
  PID:4896
- C:\Windows\System\CsHIMxN.exe
  C:\Windows\System\CsHIMxN.exe
  2⤵
  PID:4920
- C:\Windows\System\EppUMQU.exe
  C:\Windows\System\EppUMQU.exe
  2⤵
  PID:4940
- C:\Windows\System\GDsfdPK.exe
  C:\Windows\System\GDsfdPK.exe
  2⤵
  PID:4960
- C:\Windows\System\MWuhHBs.exe
  C:\Windows\System\MWuhHBs.exe
  2⤵
  PID:4980
- C:\Windows\System\PoPfigk.exe
  C:\Windows\System\PoPfigk.exe
  2⤵
  PID:5004
- C:\Windows\System\xmwiPMk.exe
  C:\Windows\System\xmwiPMk.exe
  2⤵
  PID:5020
- C:\Windows\System\LxiOFfX.exe
  C:\Windows\System\LxiOFfX.exe
  2⤵
  PID:5044
- C:\Windows\System\MLrDWum.exe
  C:\Windows\System\MLrDWum.exe
  2⤵
  PID:5064
- C:\Windows\System\tseYFJS.exe
  C:\Windows\System\tseYFJS.exe
  2⤵
  PID:5084
- C:\Windows\System\mJhtAfC.exe
  C:\Windows\System\mJhtAfC.exe
  2⤵
  PID:5104
- C:\Windows\System\zZFemxV.exe
  C:\Windows\System\zZFemxV.exe
  2⤵
  PID:2164
- C:\Windows\System\cpsehqI.exe
  C:\Windows\System\cpsehqI.exe
  2⤵
  PID:2600
- C:\Windows\System\DpWQvOI.exe
  C:\Windows\System\DpWQvOI.exe
  2⤵
  PID:3232
- C:\Windows\System\PiRLjvE.exe
  C:\Windows\System\PiRLjvE.exe
  2⤵
  PID:3608
- C:\Windows\System\RfsYsrI.exe
  C:\Windows\System\RfsYsrI.exe
  2⤵
  PID:3772
- C:\Windows\System\UzzMPvR.exe
  C:\Windows\System\UzzMPvR.exe
  2⤵
  PID:3708
- C:\Windows\System\YqFPQyM.exe
  C:\Windows\System\YqFPQyM.exe
  2⤵
  PID:4004
- C:\Windows\System\qstKbpX.exe
  C:\Windows\System\qstKbpX.exe
  2⤵
  PID:4044
- C:\Windows\System\ujeCgtg.exe
  C:\Windows\System\ujeCgtg.exe
  2⤵
  PID:4148
- C:\Windows\System\CBGuXyT.exe
  C:\Windows\System\CBGuXyT.exe
  2⤵
  PID:4188
- C:\Windows\System\rvdzFRH.exe
  C:\Windows\System\rvdzFRH.exe
  2⤵
  PID:924
- C:\Windows\System\gSxnyEi.exe
  C:\Windows\System\gSxnyEi.exe
  2⤵
  PID:4228
- C:\Windows\System\WLhyjFN.exe
  C:\Windows\System\WLhyjFN.exe
  2⤵
  PID:4272
- C:\Windows\System\sdXMPux.exe
  C:\Windows\System\sdXMPux.exe
  2⤵
  PID:4248
- C:\Windows\System\JwBgwJr.exe
  C:\Windows\System\JwBgwJr.exe
  2⤵
  PID:4288
- C:\Windows\System\SfVKZXW.exe
  C:\Windows\System\SfVKZXW.exe
  2⤵
  PID:4356
- C:\Windows\System\CgVSyRL.exe
  C:\Windows\System\CgVSyRL.exe
  2⤵
  PID:4368
- C:\Windows\System\xMIsTBQ.exe
  C:\Windows\System\xMIsTBQ.exe
  2⤵
  PID:4376
- C:\Windows\System\yfLxBTC.exe
  C:\Windows\System\yfLxBTC.exe
  2⤵
  PID:4468
- C:\Windows\System\VSdkgwG.exe
  C:\Windows\System\VSdkgwG.exe
  2⤵
  PID:4484
- C:\Windows\System\rfpfuHk.exe
  C:\Windows\System\rfpfuHk.exe
  2⤵
  PID:4444
- C:\Windows\System\vHpqgaI.exe
  C:\Windows\System\vHpqgaI.exe
  2⤵
  PID:4556
- C:\Windows\System\UFGsnPo.exe
  C:\Windows\System\UFGsnPo.exe
  2⤵
  PID:4596
- C:\Windows\System\UwIppFe.exe
  C:\Windows\System\UwIppFe.exe
  2⤵
  PID:4628
- C:\Windows\System\HNIioPL.exe
  C:\Windows\System\HNIioPL.exe
  2⤵
  PID:4632
- C:\Windows\System\VBIlPvT.exe
  C:\Windows\System\VBIlPvT.exe
  2⤵
  PID:4652
- C:\Windows\System\dsscGkT.exe
  C:\Windows\System\dsscGkT.exe
  2⤵
  PID:4696
- C:\Windows\System\tmBacUs.exe
  C:\Windows\System\tmBacUs.exe
  2⤵
  PID:4752
- C:\Windows\System\onynDGw.exe
  C:\Windows\System\onynDGw.exe
  2⤵
  PID:4788
- C:\Windows\System\tvDslFp.exe
  C:\Windows\System\tvDslFp.exe
  2⤵
  PID:4776
- C:\Windows\System\oEGULxR.exe
  C:\Windows\System\oEGULxR.exe
  2⤵
  PID:4808
- C:\Windows\System\ssENiPF.exe
  C:\Windows\System\ssENiPF.exe
  2⤵
  PID:4876
- C:\Windows\System\Xsgufmx.exe
  C:\Windows\System\Xsgufmx.exe
  2⤵
  PID:4948
- C:\Windows\System\qUZQHEV.exe
  C:\Windows\System\qUZQHEV.exe
  2⤵
  PID:4952
- C:\Windows\System\lSnrjjJ.exe
  C:\Windows\System\lSnrjjJ.exe
  2⤵
  PID:4988
- C:\Windows\System\lPkUxNW.exe
  C:\Windows\System\lPkUxNW.exe
  2⤵
  PID:4996
- C:\Windows\System\fTcjPMV.exe
  C:\Windows\System\fTcjPMV.exe
  2⤵
  PID:5016
- C:\Windows\System\yEbfJxJ.exe
  C:\Windows\System\yEbfJxJ.exe
  2⤵
  PID:5072
- C:\Windows\System\wyPBZOJ.exe
  C:\Windows\System\wyPBZOJ.exe
  2⤵
  PID:1404
- C:\Windows\System\HfZPSps.exe
  C:\Windows\System\HfZPSps.exe
  2⤵
  PID:3104
- C:\Windows\System\ZPuSSZb.exe
  C:\Windows\System\ZPuSSZb.exe
  2⤵
  PID:3964
- C:\Windows\System\vGdycRU.exe
  C:\Windows\System\vGdycRU.exe
  2⤵
  PID:4116
- C:\Windows\System\wyRxhQD.exe
  C:\Windows\System\wyRxhQD.exe
  2⤵
  PID:4032
- C:\Windows\System\cgDZwCe.exe
  C:\Windows\System\cgDZwCe.exe
  2⤵
  PID:3648
- C:\Windows\System\DmmmCRZ.exe
  C:\Windows\System\DmmmCRZ.exe
  2⤵
  PID:3912
- C:\Windows\System\RxRlfJt.exe
  C:\Windows\System\RxRlfJt.exe
  2⤵
  PID:328
- C:\Windows\System\tEnLAAA.exe
  C:\Windows\System\tEnLAAA.exe
  2⤵
  PID:1308
- C:\Windows\System\poEwZUc.exe
  C:\Windows\System\poEwZUc.exe
  2⤵
  PID:1948
- C:\Windows\System\novjYHj.exe
  C:\Windows\System\novjYHj.exe
  2⤵
  PID:1968
- C:\Windows\System\OSPDURD.exe
  C:\Windows\System\OSPDURD.exe
  2⤵
  PID:1924
- C:\Windows\System\Frdoibd.exe
  C:\Windows\System\Frdoibd.exe
  2⤵
  PID:4172
- C:\Windows\System\qkrakTS.exe
  C:\Windows\System\qkrakTS.exe
  2⤵
  PID:4212
- C:\Windows\System\uCeaqmt.exe
  C:\Windows\System\uCeaqmt.exe
  2⤵
  PID:4216
- C:\Windows\System\TKkoVqR.exe
  C:\Windows\System\TKkoVqR.exe
  2⤵
  PID:4472
- C:\Windows\System\MPiAElh.exe
  C:\Windows\System\MPiAElh.exe
  2⤵
  PID:4504
- C:\Windows\System\eGkOESN.exe
  C:\Windows\System\eGkOESN.exe
  2⤵
  PID:4412
- C:\Windows\System\tEUUlRE.exe
  C:\Windows\System\tEUUlRE.exe
  2⤵
  PID:4544
- C:\Windows\System\UWEiSxb.exe
  C:\Windows\System\UWEiSxb.exe
  2⤵
  PID:4612
- C:\Windows\System\oxOoQFv.exe
  C:\Windows\System\oxOoQFv.exe
  2⤵
  PID:4672
- C:\Windows\System\tlxYeiw.exe
  C:\Windows\System\tlxYeiw.exe
  2⤵
  PID:4728
- C:\Windows\System\jpoyMMv.exe
  C:\Windows\System\jpoyMMv.exe
  2⤵
  PID:4816
- C:\Windows\System\NQNKcVk.exe
  C:\Windows\System\NQNKcVk.exe
  2⤵
  PID:4768
- C:\Windows\System\FcnGgay.exe
  C:\Windows\System\FcnGgay.exe
  2⤵
  PID:4936
- C:\Windows\System\uFbASwd.exe
  C:\Windows\System\uFbASwd.exe
  2⤵
  PID:4852
- C:\Windows\System\KThNvPK.exe
  C:\Windows\System\KThNvPK.exe
  2⤵
  PID:5036
- C:\Windows\System\LHTInTG.exe
  C:\Windows\System\LHTInTG.exe
  2⤵
  PID:5000
- C:\Windows\System\mbgaIHu.exe
  C:\Windows\System\mbgaIHu.exe
  2⤵
  PID:5052
- C:\Windows\System\TpFWnYG.exe
  C:\Windows\System\TpFWnYG.exe
  2⤵
  PID:5096
- C:\Windows\System\kPLnibi.exe
  C:\Windows\System\kPLnibi.exe
  2⤵
  PID:4112
- C:\Windows\System\MvTYptA.exe
  C:\Windows\System\MvTYptA.exe
  2⤵
  PID:1092
- C:\Windows\System\oEBoKnK.exe
  C:\Windows\System\oEBoKnK.exe
  2⤵
  PID:2284
- C:\Windows\System\pbMLhkF.exe
  C:\Windows\System\pbMLhkF.exe
  2⤵
  PID:2004
- C:\Windows\System\HJwufFM.exe
  C:\Windows\System\HJwufFM.exe
  2⤵
  PID:2560
- C:\Windows\System\ZsqUxfl.exe
  C:\Windows\System\ZsqUxfl.exe
  2⤵
  PID:4268
- C:\Windows\System\jRrjQNm.exe
  C:\Windows\System\jRrjQNm.exe
  2⤵
  PID:4316
- C:\Windows\System\XrQVlaZ.exe
  C:\Windows\System\XrQVlaZ.exe
  2⤵
  PID:2684
- C:\Windows\System\unjFSFx.exe
  C:\Windows\System\unjFSFx.exe
  2⤵
  PID:4428
- C:\Windows\System\plcoaDX.exe
  C:\Windows\System\plcoaDX.exe
  2⤵
  PID:4516
- C:\Windows\System\pbVXcLo.exe
  C:\Windows\System\pbVXcLo.exe
  2⤵
  PID:4712
- C:\Windows\System\iHuwUuQ.exe
  C:\Windows\System\iHuwUuQ.exe
  2⤵
  PID:4616
- C:\Windows\System\NHoCmDb.exe
  C:\Windows\System\NHoCmDb.exe
  2⤵
  PID:4676
- C:\Windows\System\IueFyFi.exe
  C:\Windows\System\IueFyFi.exe
  2⤵
  PID:4892
- C:\Windows\System\BhgURLK.exe
  C:\Windows\System\BhgURLK.exe
  2⤵
  PID:4832
- C:\Windows\System\QSCCyhL.exe
  C:\Windows\System\QSCCyhL.exe
  2⤵
  PID:5060
- C:\Windows\System\XYQWoDD.exe
  C:\Windows\System\XYQWoDD.exe
  2⤵
  PID:2740
- C:\Windows\System\trSYUmU.exe
  C:\Windows\System\trSYUmU.exe
  2⤵
  PID:3588
- C:\Windows\System\PFcexJk.exe
  C:\Windows\System\PFcexJk.exe
  2⤵
  PID:1980
- C:\Windows\System\alyAipC.exe
  C:\Windows\System\alyAipC.exe
  2⤵
  PID:4392
- C:\Windows\System\cqtTMJH.exe
  C:\Windows\System\cqtTMJH.exe
  2⤵
  PID:4232
- C:\Windows\System\BZxzvYS.exe
  C:\Windows\System\BZxzvYS.exe
  2⤵
  PID:4256
- C:\Windows\System\UYjsQhI.exe
  C:\Windows\System\UYjsQhI.exe
  2⤵
  PID:4448
- C:\Windows\System\OPwndVF.exe
  C:\Windows\System\OPwndVF.exe
  2⤵
  PID:4552
- C:\Windows\System\CahqkrB.exe
  C:\Windows\System\CahqkrB.exe
  2⤵
  PID:4688
- C:\Windows\System\UwlsDuK.exe
  C:\Windows\System\UwlsDuK.exe
  2⤵
  PID:4916
- C:\Windows\System\fksbGqz.exe
  C:\Windows\System\fksbGqz.exe
  2⤵
  PID:1108
- C:\Windows\System\CuPULwN.exe
  C:\Windows\System\CuPULwN.exe
  2⤵
  PID:5092
- C:\Windows\System\krALCLu.exe
  C:\Windows\System\krALCLu.exe
  2⤵
  PID:3384
- C:\Windows\System\zlIFEol.exe
  C:\Windows\System\zlIFEol.exe
  2⤵
  PID:2580
- C:\Windows\System\klciZqi.exe
  C:\Windows\System\klciZqi.exe
  2⤵
  PID:2752
- C:\Windows\System\ItBoknu.exe
  C:\Windows\System\ItBoknu.exe
  2⤵
  PID:3020
- C:\Windows\System\VDRLhRC.exe
  C:\Windows\System\VDRLhRC.exe
  2⤵
  PID:4836
- C:\Windows\System\zOKNlSw.exe
  C:\Windows\System\zOKNlSw.exe
  2⤵
  PID:5128
- C:\Windows\System\wiqgVmn.exe
  C:\Windows\System\wiqgVmn.exe
  2⤵
  PID:5152
- C:\Windows\System\SePKwxl.exe
  C:\Windows\System\SePKwxl.exe
  2⤵
  PID:5172
- C:\Windows\System\JNhuIWl.exe
  C:\Windows\System\JNhuIWl.exe
  2⤵
  PID:5192
- C:\Windows\System\yeLJXgx.exe
  C:\Windows\System\yeLJXgx.exe
  2⤵
  PID:5208
- C:\Windows\System\STbQTLw.exe
  C:\Windows\System\STbQTLw.exe
  2⤵
  PID:5232
- C:\Windows\System\sSOdBCm.exe
  C:\Windows\System\sSOdBCm.exe
  2⤵
  PID:5252
- C:\Windows\System\xZIjoYZ.exe
  C:\Windows\System\xZIjoYZ.exe
  2⤵
  PID:5272
- C:\Windows\System\JlryfXK.exe
  C:\Windows\System\JlryfXK.exe
  2⤵
  PID:5292
- C:\Windows\System\UjFjnDW.exe
  C:\Windows\System\UjFjnDW.exe
  2⤵
  PID:5312
- C:\Windows\System\aCiCGXT.exe
  C:\Windows\System\aCiCGXT.exe
  2⤵
  PID:5332
- C:\Windows\System\jtVBqYY.exe
  C:\Windows\System\jtVBqYY.exe
  2⤵
  PID:5352
- C:\Windows\System\zLRvRsu.exe
  C:\Windows\System\zLRvRsu.exe
  2⤵
  PID:5372
- C:\Windows\System\nVEZzgx.exe
  C:\Windows\System\nVEZzgx.exe
  2⤵
  PID:5392
- C:\Windows\System\PcqoWQc.exe
  C:\Windows\System\PcqoWQc.exe
  2⤵
  PID:5412
- C:\Windows\System\yQAuykr.exe
  C:\Windows\System\yQAuykr.exe
  2⤵
  PID:5432
- C:\Windows\System\pEkgOxm.exe
  C:\Windows\System\pEkgOxm.exe
  2⤵
  PID:5452
- C:\Windows\System\EYMrQlm.exe
  C:\Windows\System\EYMrQlm.exe
  2⤵
  PID:5472
- C:\Windows\System\IQECeAF.exe
  C:\Windows\System\IQECeAF.exe
  2⤵
  PID:5492
- C:\Windows\System\xIjtEfT.exe
  C:\Windows\System\xIjtEfT.exe
  2⤵
  PID:5512
- C:\Windows\System\IPTxWHl.exe
  C:\Windows\System\IPTxWHl.exe
  2⤵
  PID:5532
- C:\Windows\System\RQpblRa.exe
  C:\Windows\System\RQpblRa.exe
  2⤵
  PID:5552
- C:\Windows\System\jHgCZBJ.exe
  C:\Windows\System\jHgCZBJ.exe
  2⤵
  PID:5572
- C:\Windows\System\fuIQkoh.exe
  C:\Windows\System\fuIQkoh.exe
  2⤵
  PID:5592
- C:\Windows\System\LtdeLCL.exe
  C:\Windows\System\LtdeLCL.exe
  2⤵
  PID:5612
- C:\Windows\System\awaxygq.exe
  C:\Windows\System\awaxygq.exe
  2⤵
  PID:5632
- C:\Windows\System\CVHSqQK.exe
  C:\Windows\System\CVHSqQK.exe
  2⤵
  PID:5648
- C:\Windows\System\vEUAQyE.exe
  C:\Windows\System\vEUAQyE.exe
  2⤵
  PID:5668
- C:\Windows\System\WiLdnvX.exe
  C:\Windows\System\WiLdnvX.exe
  2⤵
  PID:5688
- C:\Windows\System\prjpmoe.exe
  C:\Windows\System\prjpmoe.exe
  2⤵
  PID:5708
- C:\Windows\System\wrEpqOx.exe
  C:\Windows\System\wrEpqOx.exe
  2⤵
  PID:5728
- C:\Windows\System\nnLRFye.exe
  C:\Windows\System\nnLRFye.exe
  2⤵
  PID:5748
- C:\Windows\System\BzaYWsY.exe
  C:\Windows\System\BzaYWsY.exe
  2⤵
  PID:5768
- C:\Windows\System\xWvGEOw.exe
  C:\Windows\System\xWvGEOw.exe
  2⤵
  PID:5788
- C:\Windows\System\segHIyF.exe
  C:\Windows\System\segHIyF.exe
  2⤵
  PID:5812
- C:\Windows\System\CqYihPe.exe
  C:\Windows\System\CqYihPe.exe
  2⤵
  PID:5832
- C:\Windows\System\DkbRNsB.exe
  C:\Windows\System\DkbRNsB.exe
  2⤵
  PID:5852
- C:\Windows\System\IwJVdvg.exe
  C:\Windows\System\IwJVdvg.exe
  2⤵
  PID:5872
- C:\Windows\System\ITpYIVR.exe
  C:\Windows\System\ITpYIVR.exe
  2⤵
  PID:5888
- C:\Windows\System\OIahfTW.exe
  C:\Windows\System\OIahfTW.exe
  2⤵
  PID:5912
- C:\Windows\System\rcfZlZO.exe
  C:\Windows\System\rcfZlZO.exe
  2⤵
  PID:5932
- C:\Windows\System\LeUfrmY.exe
  C:\Windows\System\LeUfrmY.exe
  2⤵
  PID:5948
- C:\Windows\System\JIRlsxJ.exe
  C:\Windows\System\JIRlsxJ.exe
  2⤵
  PID:5968
- C:\Windows\System\pGuljKE.exe
  C:\Windows\System\pGuljKE.exe
  2⤵
  PID:5988
- C:\Windows\System\TilkKUf.exe
  C:\Windows\System\TilkKUf.exe
  2⤵
  PID:6004
- C:\Windows\System\eclmHNJ.exe
  C:\Windows\System\eclmHNJ.exe
  2⤵
  PID:6032
- C:\Windows\System\ohrRkGn.exe
  C:\Windows\System\ohrRkGn.exe
  2⤵
  PID:6048
- C:\Windows\System\GaQTlyk.exe
  C:\Windows\System\GaQTlyk.exe
  2⤵
  PID:6064
- C:\Windows\System\jaRKTPB.exe
  C:\Windows\System\jaRKTPB.exe
  2⤵
  PID:6084
- C:\Windows\System\PMNPLQN.exe
  C:\Windows\System\PMNPLQN.exe
  2⤵
  PID:6100
- C:\Windows\System\wIkhwlx.exe
  C:\Windows\System\wIkhwlx.exe
  2⤵
  PID:6116
- C:\Windows\System\jxhRTkF.exe
  C:\Windows\System\jxhRTkF.exe
  2⤵
  PID:6136
- C:\Windows\System\VfWfUUT.exe
  C:\Windows\System\VfWfUUT.exe
  2⤵
  PID:2764
- C:\Windows\System\DRmmDYE.exe
  C:\Windows\System\DRmmDYE.exe
  2⤵
  PID:332
- C:\Windows\System\AWPLiSG.exe
  C:\Windows\System\AWPLiSG.exe
  2⤵
  PID:4956
- C:\Windows\System\nJdPXDw.exe
  C:\Windows\System\nJdPXDw.exe
  2⤵
  PID:324
- C:\Windows\System\xkKIyfH.exe
  C:\Windows\System\xkKIyfH.exe
  2⤵
  PID:1964
- C:\Windows\System\PEUdQZO.exe
  C:\Windows\System\PEUdQZO.exe
  2⤵
  PID:2868
- C:\Windows\System\nOetSXz.exe
  C:\Windows\System\nOetSXz.exe
  2⤵
  PID:5136
- C:\Windows\System\lCaxAwA.exe
  C:\Windows\System\lCaxAwA.exe
  2⤵
  PID:5148
- C:\Windows\System\zzcVKAn.exe
  C:\Windows\System\zzcVKAn.exe
  2⤵
  PID:5184
- C:\Windows\System\GyhHMtK.exe
  C:\Windows\System\GyhHMtK.exe
  2⤵
  PID:5216
- C:\Windows\System\sHpzHaD.exe
  C:\Windows\System\sHpzHaD.exe
  2⤵
  PID:5240
- C:\Windows\System\ogzhVii.exe
  C:\Windows\System\ogzhVii.exe
  2⤵
  PID:5300
- C:\Windows\System\FLUvkEg.exe
  C:\Windows\System\FLUvkEg.exe
  2⤵
  PID:5288
- C:\Windows\System\GAIkZjN.exe
  C:\Windows\System\GAIkZjN.exe
  2⤵
  PID:5348
- C:\Windows\System\BuxiURZ.exe
  C:\Windows\System\BuxiURZ.exe
  2⤵
  PID:5324
- C:\Windows\System\qlmqWop.exe
  C:\Windows\System\qlmqWop.exe
  2⤵
  PID:5420
- C:\Windows\System\kynbPCd.exe
  C:\Windows\System\kynbPCd.exe
  2⤵
  PID:2648
- C:\Windows\System\dkBVyNH.exe
  C:\Windows\System\dkBVyNH.exe
  2⤵
  PID:5468
- C:\Windows\System\WEDBuwK.exe
  C:\Windows\System\WEDBuwK.exe
  2⤵
  PID:5448
- C:\Windows\System\nRnDrjE.exe
  C:\Windows\System\nRnDrjE.exe
  2⤵
  PID:5484
- C:\Windows\System\XHwjWRg.exe
  C:\Windows\System\XHwjWRg.exe
  2⤵
  PID:5544
- C:\Windows\System\xxdfiGq.exe
  C:\Windows\System\xxdfiGq.exe
  2⤵
  PID:5588
- C:\Windows\System\sWdlZNu.exe
  C:\Windows\System\sWdlZNu.exe
  2⤵
  PID:5628
- C:\Windows\System\seySEiZ.exe
  C:\Windows\System\seySEiZ.exe
  2⤵
  PID:5660
- C:\Windows\System\LRchUzs.exe
  C:\Windows\System\LRchUzs.exe
  2⤵
  PID:5564
- C:\Windows\System\wZHTOEv.exe
  C:\Windows\System\wZHTOEv.exe
  2⤵
  PID:5744
- C:\Windows\System\iGsnYqU.exe
  C:\Windows\System\iGsnYqU.exe
  2⤵
  PID:2896
- C:\Windows\System\xHaQfAH.exe
  C:\Windows\System\xHaQfAH.exe
  2⤵
  PID:5684
- C:\Windows\System\opjwzhL.exe
  C:\Windows\System\opjwzhL.exe
  2⤵
  PID:2816
- C:\Windows\System\dtorQTL.exe
  C:\Windows\System\dtorQTL.exe
  2⤵
  PID:5764
- C:\Windows\System\lrNcNWX.exe
  C:\Windows\System\lrNcNWX.exe
  2⤵
  PID:2972
- C:\Windows\System\rDEKHPv.exe
  C:\Windows\System\rDEKHPv.exe
  2⤵
  PID:2084
- C:\Windows\System\fZmSkli.exe
  C:\Windows\System\fZmSkli.exe
  2⤵
  PID:2948
- C:\Windows\System\FPkFKYq.exe
  C:\Windows\System\FPkFKYq.exe
  2⤵
  PID:1144
- C:\Windows\System\mQtBgJv.exe
  C:\Windows\System\mQtBgJv.exe
  2⤵
  PID:5896
- C:\Windows\System\jEUAOHu.exe
  C:\Windows\System\jEUAOHu.exe
  2⤵
  PID:5904
- C:\Windows\System\ToTWsIX.exe
  C:\Windows\System\ToTWsIX.exe
  2⤵
  PID:1796
- C:\Windows\System\GrIYozE.exe
  C:\Windows\System\GrIYozE.exe
  2⤵
  PID:5900
- C:\Windows\System\lzCGXDh.exe
  C:\Windows\System\lzCGXDh.exe
  2⤵
  PID:2704
- C:\Windows\System\qZiUQGu.exe
  C:\Windows\System\qZiUQGu.exe
  2⤵
  PID:5964
- C:\Windows\System\IXLPZLa.exe
  C:\Windows\System\IXLPZLa.exe
  2⤵
  PID:5980
- C:\Windows\System\LQKUrIR.exe
  C:\Windows\System\LQKUrIR.exe
  2⤵
  PID:6020
- C:\Windows\System\gFNRlRo.exe
  C:\Windows\System\gFNRlRo.exe
  2⤵
  PID:6092
- C:\Windows\System\tZfMZhu.exe
  C:\Windows\System\tZfMZhu.exe
  2⤵
  PID:3272
- C:\Windows\System\QSPwDox.exe
  C:\Windows\System\QSPwDox.exe
  2⤵
  PID:940
- C:\Windows\System\PycvKqa.exe
  C:\Windows\System\PycvKqa.exe
  2⤵
  PID:2024
- C:\Windows\System\yClsZrU.exe
  C:\Windows\System\yClsZrU.exe
  2⤵
  PID:6040
- C:\Windows\System\WOTfXSX.exe
  C:\Windows\System\WOTfXSX.exe
  2⤵
  PID:5168
- C:\Windows\System\llpzmjt.exe
  C:\Windows\System\llpzmjt.exe
  2⤵
  PID:4748
- C:\Windows\System\EwAdXtN.exe
  C:\Windows\System\EwAdXtN.exe
  2⤵
  PID:6108
- C:\Windows\System\LCiijaa.exe
  C:\Windows\System\LCiijaa.exe
  2⤵
  PID:5112
- C:\Windows\System\RXtINVD.exe
  C:\Windows\System\RXtINVD.exe
  2⤵
  PID:2500
- C:\Windows\System\wPKOgIa.exe
  C:\Windows\System\wPKOgIa.exe
  2⤵
  PID:5264
- C:\Windows\System\zrxXJru.exe
  C:\Windows\System\zrxXJru.exe
  2⤵
  PID:1972
- C:\Windows\System\tCwvePd.exe
  C:\Windows\System\tCwvePd.exe
  2⤵
  PID:5404
- C:\Windows\System\PAuUfDG.exe
  C:\Windows\System\PAuUfDG.exe
  2⤵
  PID:5580
- C:\Windows\System\FWoGQim.exe
  C:\Windows\System\FWoGQim.exe
  2⤵
  PID:5736
- C:\Windows\System\EQiVbHz.exe
  C:\Windows\System\EQiVbHz.exe
  2⤵
  PID:5308
- C:\Windows\System\NHSvKJt.exe
  C:\Windows\System\NHSvKJt.exe
  2⤵
  PID:5700
- C:\Windows\System\uNNtfEE.exe
  C:\Windows\System\uNNtfEE.exe
  2⤵
  PID:5328
- C:\Windows\System\cticGuH.exe
  C:\Windows\System\cticGuH.exe
  2⤵
  PID:5620
- C:\Windows\System\GbxFUBr.exe
  C:\Windows\System\GbxFUBr.exe
  2⤵
  PID:5644
- C:\Windows\System\hbrotDu.exe
  C:\Windows\System\hbrotDu.exe
  2⤵
  PID:5680
- C:\Windows\System\skrmmgi.exe
  C:\Windows\System\skrmmgi.exe
  2⤵
  PID:5720
- C:\Windows\System\PFIxrzq.exe
  C:\Windows\System\PFIxrzq.exe
  2⤵
  PID:536
- C:\Windows\System\RHSnPTK.exe
  C:\Windows\System\RHSnPTK.exe
  2⤵
  PID:1096
- C:\Windows\System\dhwveZc.exe
  C:\Windows\System\dhwveZc.exe
  2⤵
  PID:5796
- C:\Windows\System\BelLsmu.exe
  C:\Windows\System\BelLsmu.exe
  2⤵
  PID:1064
- C:\Windows\System\wXaInCd.exe
  C:\Windows\System\wXaInCd.exe
  2⤵
  PID:2692
- C:\Windows\System\hGMUpEW.exe
  C:\Windows\System\hGMUpEW.exe
  2⤵
  PID:5940
- C:\Windows\System\wCHUCeI.exe
  C:\Windows\System\wCHUCeI.exe
  2⤵
  PID:6000
- C:\Windows\System\lgDemzj.exe
  C:\Windows\System\lgDemzj.exe
  2⤵
  PID:6124
- C:\Windows\System\XKQDSPI.exe
  C:\Windows\System\XKQDSPI.exe
  2⤵
  PID:6128
- C:\Windows\System\ljTOleI.exe
  C:\Windows\System\ljTOleI.exe
  2⤵
  PID:6044
- C:\Windows\System\ngUHSqF.exe
  C:\Windows\System\ngUHSqF.exe
  2⤵
  PID:6112
- C:\Windows\System\qjmlmWl.exe
  C:\Windows\System\qjmlmWl.exe
  2⤵
  PID:5200
- C:\Windows\System\MLpCPbZ.exe
  C:\Windows\System\MLpCPbZ.exe
  2⤵
  PID:4312
- C:\Windows\System\BncgESY.exe
  C:\Windows\System\BncgESY.exe
  2⤵
  PID:5400
- C:\Windows\System\vrItiLH.exe
  C:\Windows\System\vrItiLH.exe
  2⤵
  PID:4588
- C:\Windows\System\tEKPUoR.exe
  C:\Windows\System\tEKPUoR.exe
  2⤵
  PID:5480
- C:\Windows\System\ewuzGbc.exe
  C:\Windows\System\ewuzGbc.exe
  2⤵
  PID:5656
- C:\Windows\System\HOcMLHV.exe
  C:\Windows\System\HOcMLHV.exe
  2⤵
  PID:5604
- C:\Windows\System\qQHSKTr.exe
  C:\Windows\System\qQHSKTr.exe
  2⤵
  PID:5440
- C:\Windows\System\oCrtkUC.exe
  C:\Windows\System\oCrtkUC.exe
  2⤵
  PID:5320
- C:\Windows\System\aNgMAdO.exe
  C:\Windows\System\aNgMAdO.exe
  2⤵
  PID:5784
- C:\Windows\System\bXAbZrN.exe
  C:\Windows\System\bXAbZrN.exe
  2⤵
  PID:5716
- C:\Windows\System\USojSnu.exe
  C:\Windows\System\USojSnu.exe
  2⤵
  PID:2032
- C:\Windows\System\ryKkWVz.exe
  C:\Windows\System\ryKkWVz.exe
  2⤵
  PID:5848
- C:\Windows\System\gloSpJh.exe
  C:\Windows\System\gloSpJh.exe
  2⤵
  PID:2564
- C:\Windows\System\JCrgaXE.exe
  C:\Windows\System\JCrgaXE.exe
  2⤵
  PID:5160
- C:\Windows\System\CMEmxNP.exe
  C:\Windows\System\CMEmxNP.exe
  2⤵
  PID:5124
- C:\Windows\System\oClgSAm.exe
  C:\Windows\System\oClgSAm.exe
  2⤵
  PID:5424
- C:\Windows\System\BlAYcCV.exe
  C:\Windows\System\BlAYcCV.exe
  2⤵
  PID:1976
- C:\Windows\System\QJfnjeZ.exe
  C:\Windows\System\QJfnjeZ.exe
  2⤵
  PID:6072
- C:\Windows\System\uzSweOH.exe
  C:\Windows\System\uzSweOH.exe
  2⤵
  PID:5540
- C:\Windows\System\OJIIqYv.exe
  C:\Windows\System\OJIIqYv.exe
  2⤵
  PID:5760
- C:\Windows\System\iUGNYmt.exe
  C:\Windows\System\iUGNYmt.exe
  2⤵
  PID:5696
- C:\Windows\System\RQhZuGK.exe
  C:\Windows\System\RQhZuGK.exe
  2⤵
  PID:6132
- C:\Windows\System\fZSTSWl.exe
  C:\Windows\System\fZSTSWl.exe
  2⤵
  PID:5268
- C:\Windows\System\aDlrdOt.exe
  C:\Windows\System\aDlrdOt.exe
  2⤵
  PID:2188
- C:\Windows\System\cvkWOTb.exe
  C:\Windows\System\cvkWOTb.exe
  2⤵
  PID:3304
- C:\Windows\System\qZYzNnJ.exe
  C:\Windows\System\qZYzNnJ.exe
  2⤵
  PID:6160
- C:\Windows\System\sKTxCtc.exe
  C:\Windows\System\sKTxCtc.exe
  2⤵
  PID:6176
- C:\Windows\System\WQivgjB.exe
  C:\Windows\System\WQivgjB.exe
  2⤵
  PID:6200
- C:\Windows\System\qUUIIZY.exe
  C:\Windows\System\qUUIIZY.exe
  2⤵
  PID:6220
- C:\Windows\System\emuYkzX.exe
  C:\Windows\System\emuYkzX.exe
  2⤵
  PID:6236
- C:\Windows\System\hBltvec.exe
  C:\Windows\System\hBltvec.exe
  2⤵
  PID:6268
- C:\Windows\System\TZwZAiw.exe
  C:\Windows\System\TZwZAiw.exe
  2⤵
  PID:6312
- C:\Windows\System\JsacQyi.exe
  C:\Windows\System\JsacQyi.exe
  2⤵
  PID:6328
- C:\Windows\System\gqUZrvt.exe
  C:\Windows\System\gqUZrvt.exe
  2⤵
  PID:6344
- C:\Windows\System\svaEjLl.exe
  C:\Windows\System\svaEjLl.exe
  2⤵
  PID:6360
- C:\Windows\System\oZQvByq.exe
  C:\Windows\System\oZQvByq.exe
  2⤵
  PID:6380
- C:\Windows\System\ncfwhCy.exe
  C:\Windows\System\ncfwhCy.exe
  2⤵
  PID:6412
- C:\Windows\System\sNnUneQ.exe
  C:\Windows\System\sNnUneQ.exe
  2⤵
  PID:6428
- C:\Windows\System\Mctoprr.exe
  C:\Windows\System\Mctoprr.exe
  2⤵
  PID:6452
- C:\Windows\System\EyBhlbS.exe
  C:\Windows\System\EyBhlbS.exe
  2⤵
  PID:6468
- C:\Windows\System\usGbKkL.exe
  C:\Windows\System\usGbKkL.exe
  2⤵
  PID:6488
- C:\Windows\System\AIFjUYU.exe
  C:\Windows\System\AIFjUYU.exe
  2⤵
  PID:6504
- C:\Windows\System\jqfcVJX.exe
  C:\Windows\System\jqfcVJX.exe
  2⤵
  PID:6520
- C:\Windows\System\LhtErsM.exe
  C:\Windows\System\LhtErsM.exe
  2⤵
  PID:6544
- C:\Windows\System\vQEtDbQ.exe
  C:\Windows\System\vQEtDbQ.exe
  2⤵
  PID:6560
- C:\Windows\System\dewPkEb.exe
  C:\Windows\System\dewPkEb.exe
  2⤵
  PID:6580
- C:\Windows\System\NBPOrhX.exe
  C:\Windows\System\NBPOrhX.exe
  2⤵
  PID:6596
- C:\Windows\System\ceCSXhT.exe
  C:\Windows\System\ceCSXhT.exe
  2⤵
  PID:6612
- C:\Windows\System\ZzPTxWZ.exe
  C:\Windows\System\ZzPTxWZ.exe
  2⤵
  PID:6632
- C:\Windows\System\dYrzVai.exe
  C:\Windows\System\dYrzVai.exe
  2⤵
  PID:6648
- C:\Windows\System\eYyFXpG.exe
  C:\Windows\System\eYyFXpG.exe
  2⤵
  PID:6664
- C:\Windows\System\GGcroKt.exe
  C:\Windows\System\GGcroKt.exe
  2⤵
  PID:6680
- C:\Windows\System\yNWOftt.exe
  C:\Windows\System\yNWOftt.exe
  2⤵
  PID:6696
- C:\Windows\System\jafqWND.exe
  C:\Windows\System\jafqWND.exe
  2⤵
  PID:6716
- C:\Windows\System\anDQmgS.exe
  C:\Windows\System\anDQmgS.exe
  2⤵
  PID:6736
- C:\Windows\System\OIWoGQn.exe
  C:\Windows\System\OIWoGQn.exe
  2⤵
  PID:6756
- C:\Windows\System\wFxsMpU.exe
  C:\Windows\System\wFxsMpU.exe
  2⤵
  PID:6780
- C:\Windows\System\BMxfLBa.exe
  C:\Windows\System\BMxfLBa.exe
  2⤵
  PID:6824
- C:\Windows\System\BULBcQc.exe
  C:\Windows\System\BULBcQc.exe
  2⤵
  PID:6840
- C:\Windows\System\mxjcUGG.exe
  C:\Windows\System\mxjcUGG.exe
  2⤵
  PID:6876
- C:\Windows\System\rienwBf.exe
  C:\Windows\System\rienwBf.exe
  2⤵
  PID:6904
- C:\Windows\System\HyZsASR.exe
  C:\Windows\System\HyZsASR.exe
  2⤵
  PID:6920
- C:\Windows\System\uQtrsTb.exe
  C:\Windows\System\uQtrsTb.exe
  2⤵
  PID:6952
- C:\Windows\System\nDFkRBi.exe
  C:\Windows\System\nDFkRBi.exe
  2⤵
  PID:6968
- C:\Windows\System\mbEcmnm.exe
  C:\Windows\System\mbEcmnm.exe
  2⤵
  PID:6988
- C:\Windows\System\GYbwzCH.exe
  C:\Windows\System\GYbwzCH.exe
  2⤵
  PID:7004
- C:\Windows\System\BwcupRk.exe
  C:\Windows\System\BwcupRk.exe
  2⤵
  PID:7020
- C:\Windows\System\ajNnxVC.exe
  C:\Windows\System\ajNnxVC.exe
  2⤵
  PID:7036
- C:\Windows\System\wLToBvp.exe
  C:\Windows\System\wLToBvp.exe
  2⤵
  PID:7056
- C:\Windows\System\kOAxWQG.exe
  C:\Windows\System\kOAxWQG.exe
  2⤵
  PID:7072
- C:\Windows\System\rMVeaLJ.exe
  C:\Windows\System\rMVeaLJ.exe
  2⤵
  PID:7092
- C:\Windows\System\Bwrlbpe.exe
  C:\Windows\System\Bwrlbpe.exe
  2⤵
  PID:7112
- C:\Windows\System\jfWlKet.exe
  C:\Windows\System\jfWlKet.exe
  2⤵
  PID:7132
- C:\Windows\System\cXlfjBO.exe
  C:\Windows\System\cXlfjBO.exe
  2⤵
  PID:7148
- C:\Windows\System\BYojAYW.exe
  C:\Windows\System\BYojAYW.exe
  2⤵
  PID:808
- C:\Windows\System\wAUtQBx.exe
  C:\Windows\System\wAUtQBx.exe
  2⤵
  PID:2132
- C:\Windows\System\fpYIfpQ.exe
  C:\Windows\System\fpYIfpQ.exe
  2⤵
  PID:6196
- C:\Windows\System\WsXXcRk.exe
  C:\Windows\System\WsXXcRk.exe
  2⤵
  PID:6056
- C:\Windows\System\ldnEiic.exe
  C:\Windows\System\ldnEiic.exe
  2⤵
  PID:840
- C:\Windows\System\eDAWCjo.exe
  C:\Windows\System\eDAWCjo.exe
  2⤵
  PID:5600
- C:\Windows\System\spkQkBM.exe
  C:\Windows\System\spkQkBM.exe
  2⤵
  PID:5664
- C:\Windows\System\toJSaao.exe
  C:\Windows\System\toJSaao.exe
  2⤵
  PID:6284
- C:\Windows\System\bUgeltT.exe
  C:\Windows\System\bUgeltT.exe
  2⤵
  PID:6304
- C:\Windows\System\TPSdgqk.exe
  C:\Windows\System\TPSdgqk.exe
  2⤵
  PID:6376
- C:\Windows\System\MELPlSO.exe
  C:\Windows\System\MELPlSO.exe
  2⤵
  PID:6260
- C:\Windows\System\dupbrMI.exe
  C:\Windows\System\dupbrMI.exe
  2⤵
  PID:6500
- C:\Windows\System\OQBWEYX.exe
  C:\Windows\System\OQBWEYX.exe
  2⤵
  PID:6540
- C:\Windows\System\UMirOvn.exe
  C:\Windows\System\UMirOvn.exe
  2⤵
  PID:6604
- C:\Windows\System\shUWnjI.exe
  C:\Windows\System\shUWnjI.exe
  2⤵
  PID:6672
- C:\Windows\System\hKDGmBA.exe
  C:\Windows\System\hKDGmBA.exe
  2⤵
  PID:6744
- C:\Windows\System\OfEBnfZ.exe
  C:\Windows\System\OfEBnfZ.exe
  2⤵
  PID:6400
- C:\Windows\System\EWhjTRx.exe
  C:\Windows\System\EWhjTRx.exe
  2⤵
  PID:6264
- C:\Windows\System\vLVPgnN.exe
  C:\Windows\System\vLVPgnN.exe
  2⤵
  PID:6516
- C:\Windows\System\baLqwtr.exe
  C:\Windows\System\baLqwtr.exe
  2⤵
  PID:6620
- C:\Windows\System\ThkNtQl.exe
  C:\Windows\System\ThkNtQl.exe
  2⤵
  PID:6752
- C:\Windows\System\cBmBkLk.exe
  C:\Windows\System\cBmBkLk.exe
  2⤵
  PID:6660
- C:\Windows\System\zlhhUgH.exe
  C:\Windows\System\zlhhUgH.exe
  2⤵
  PID:6820
- C:\Windows\System\uVeDgxZ.exe
  C:\Windows\System\uVeDgxZ.exe
  2⤵
  PID:6848
- C:\Windows\System\qCoOUKZ.exe
  C:\Windows\System\qCoOUKZ.exe
  2⤵
  PID:6864
- C:\Windows\System\rzUzqfF.exe
  C:\Windows\System\rzUzqfF.exe
  2⤵
  PID:6732
- C:\Windows\System\YLuDuLf.exe
  C:\Windows\System\YLuDuLf.exe
  2⤵
  PID:6448
- C:\Windows\System\AnTYwLO.exe
  C:\Windows\System\AnTYwLO.exe
  2⤵
  PID:6320
- C:\Windows\System\OheXqqN.exe
  C:\Windows\System\OheXqqN.exe
  2⤵
  PID:6836
- C:\Windows\System\TPpYWrb.exe
  C:\Windows\System\TPpYWrb.exe
  2⤵
  PID:6896
- C:\Windows\System\JVigsuI.exe
  C:\Windows\System\JVigsuI.exe
  2⤵
  PID:6776
- C:\Windows\System\rEAnyTD.exe
  C:\Windows\System\rEAnyTD.exe
  2⤵
  PID:7064
- C:\Windows\System\KiMrOxH.exe
  C:\Windows\System\KiMrOxH.exe
  2⤵
  PID:7108
- C:\Windows\System\xKnYyfX.exe
  C:\Windows\System\xKnYyfX.exe
  2⤵
  PID:6976
- C:\Windows\System\YHVCcbY.exe
  C:\Windows\System\YHVCcbY.exe
  2⤵
  PID:1692
- C:\Windows\System\NwTHPPS.exe
  C:\Windows\System\NwTHPPS.exe
  2⤵
  PID:6152
- C:\Windows\System\qRfRIFi.exe
  C:\Windows\System\qRfRIFi.exe
  2⤵
  PID:5956
- C:\Windows\System\XHwpMmg.exe
  C:\Windows\System\XHwpMmg.exe
  2⤵
  PID:6172
- C:\Windows\System\NPaFvTk.exe
  C:\Windows\System\NPaFvTk.exe
  2⤵
  PID:1848
- C:\Windows\System\nJYxqBN.exe
  C:\Windows\System\nJYxqBN.exe
  2⤵
  PID:6016
- C:\Windows\System\SGSciqB.exe
  C:\Windows\System\SGSciqB.exe
  2⤵
  PID:6372
- C:\Windows\System\uTElykg.exe
  C:\Windows\System\uTElykg.exe
  2⤵
  PID:6704
- C:\Windows\System\AmRkZru.exe
  C:\Windows\System\AmRkZru.exe
  2⤵
  PID:6388
- C:\Windows\System\cvILJKe.exe
  C:\Windows\System\cvILJKe.exe
  2⤵
  PID:6420
- C:\Windows\System\OESUqlN.exe
  C:\Windows\System\OESUqlN.exe
  2⤵
  PID:6444
- C:\Windows\System\SbQketS.exe
  C:\Windows\System\SbQketS.exe
  2⤵
  PID:6692
- C:\Windows\System\KTKMhWT.exe
  C:\Windows\System\KTKMhWT.exe
  2⤵
  PID:6888
- C:\Windows\System\eoCrTbv.exe
  C:\Windows\System\eoCrTbv.exe
  2⤵
  PID:6792
- C:\Windows\System\JvZQfJC.exe
  C:\Windows\System\JvZQfJC.exe
  2⤵
  PID:6832
- C:\Windows\System\JJBuxPS.exe
  C:\Windows\System\JJBuxPS.exe
  2⤵
  PID:6552
- C:\Windows\System\nHzVQuV.exe
  C:\Windows\System\nHzVQuV.exe
  2⤵
  PID:6916
- C:\Windows\System\oCAHAew.exe
  C:\Windows\System\oCAHAew.exe
  2⤵
  PID:7012
- C:\Windows\System\QntzaZW.exe
  C:\Windows\System\QntzaZW.exe
  2⤵
  PID:6948
- C:\Windows\System\FvFAOEW.exe
  C:\Windows\System\FvFAOEW.exe
  2⤵
  PID:6356
- C:\Windows\System\htxqcEo.exe
  C:\Windows\System\htxqcEo.exe
  2⤵
  PID:7052
- C:\Windows\System\ZgQMVeL.exe
  C:\Windows\System\ZgQMVeL.exe
  2⤵
  PID:7124
- C:\Windows\System\mMclaZv.exe
  C:\Windows\System\mMclaZv.exe
  2⤵
  PID:2392
- C:\Windows\System\EdaEGer.exe
  C:\Windows\System\EdaEGer.exe
  2⤵
  PID:6280
- C:\Windows\System\RvQlLKQ.exe
  C:\Windows\System\RvQlLKQ.exe
  2⤵
  PID:6464
- C:\Windows\System\eXggSbx.exe
  C:\Windows\System\eXggSbx.exe
  2⤵
  PID:6336
- C:\Windows\System\yviLVkz.exe
  C:\Windows\System\yviLVkz.exe
  2⤵
  PID:6688
- C:\Windows\System\dfcHTtd.exe
  C:\Windows\System\dfcHTtd.exe
  2⤵
  PID:5996
- C:\Windows\System\lDXOYUU.exe
  C:\Windows\System\lDXOYUU.exe
  2⤵
  PID:6228
- C:\Windows\System\pHWzlEj.exe
  C:\Windows\System\pHWzlEj.exe
  2⤵
  PID:6392
- C:\Windows\System\xDRpIgE.exe
  C:\Windows\System\xDRpIgE.exe
  2⤵
  PID:6860
- C:\Windows\System\GqpXhSM.exe
  C:\Windows\System\GqpXhSM.exe
  2⤵
  PID:7100
- C:\Windows\System\jiBxPNF.exe
  C:\Windows\System\jiBxPNF.exe
  2⤵
  PID:7016
- C:\Windows\System\vjFgMDm.exe
  C:\Windows\System\vjFgMDm.exe
  2⤵
  PID:7164
- C:\Windows\System\VFgjbLl.exe
  C:\Windows\System\VFgjbLl.exe
  2⤵
  PID:7120
- C:\Windows\System\hOoWMJx.exe
  C:\Windows\System\hOoWMJx.exe
  2⤵
  PID:6936
- C:\Windows\System\gHqJAoH.exe
  C:\Windows\System\gHqJAoH.exe
  2⤵
  PID:6708
- C:\Windows\System\rGpuwrH.exe
  C:\Windows\System\rGpuwrH.exe
  2⤵
  PID:7156
- C:\Windows\System\sKGrBoJ.exe
  C:\Windows\System\sKGrBoJ.exe
  2⤵
  PID:7028
- C:\Windows\System\yXjfOxd.exe
  C:\Windows\System\yXjfOxd.exe
  2⤵
  PID:6816
- C:\Windows\System\GeoWQVf.exe
  C:\Windows\System\GeoWQVf.exe
  2⤵
  PID:6940
- C:\Windows\System\QljHpAV.exe
  C:\Windows\System\QljHpAV.exe
  2⤵
  PID:6872
- C:\Windows\System\KDOQpPv.exe
  C:\Windows\System\KDOQpPv.exe
  2⤵
  PID:6576
- C:\Windows\System\nFEiRcb.exe
  C:\Windows\System\nFEiRcb.exe
  2⤵
  PID:7032
- C:\Windows\System\xeWCEht.exe
  C:\Windows\System\xeWCEht.exe
  2⤵
  PID:6748
- C:\Windows\System\BGFxXbj.exe
  C:\Windows\System\BGFxXbj.exe
  2⤵
  PID:6296
- C:\Windows\System\scmbFnc.exe
  C:\Windows\System\scmbFnc.exe
  2⤵
  PID:2956
- C:\Windows\System\wQfLulh.exe
  C:\Windows\System\wQfLulh.exe
  2⤵
  PID:7044
- C:\Windows\System\lvAMyjk.exe
  C:\Windows\System\lvAMyjk.exe
  2⤵
  PID:7172
- C:\Windows\System\hqUXZOC.exe
  C:\Windows\System\hqUXZOC.exe
  2⤵
  PID:7192
- C:\Windows\System\UctJzqi.exe
  C:\Windows\System\UctJzqi.exe
  2⤵
  PID:7216
- C:\Windows\System\ZGIiZzL.exe
  C:\Windows\System\ZGIiZzL.exe
  2⤵
  PID:7232
- C:\Windows\System\LVOZwIK.exe
  C:\Windows\System\LVOZwIK.exe
  2⤵
  PID:7260
- C:\Windows\System\deftkFO.exe
  C:\Windows\System\deftkFO.exe
  2⤵
  PID:7280
- C:\Windows\System\HGHqxUc.exe
  C:\Windows\System\HGHqxUc.exe
  2⤵
  PID:7304
- C:\Windows\System\scfwuaI.exe
  C:\Windows\System\scfwuaI.exe
  2⤵
  PID:7320
- C:\Windows\System\BIhskwR.exe
  C:\Windows\System\BIhskwR.exe
  2⤵
  PID:7336
- C:\Windows\System\nWIiPya.exe
  C:\Windows\System\nWIiPya.exe
  2⤵
  PID:7372
- C:\Windows\System\tJvOEBM.exe
  C:\Windows\System\tJvOEBM.exe
  2⤵
  PID:7388
- C:\Windows\System\hhvRNaP.exe
  C:\Windows\System\hhvRNaP.exe
  2⤵
  PID:7404
- C:\Windows\System\LhQmeFp.exe
  C:\Windows\System\LhQmeFp.exe
  2⤵
  PID:7420
- C:\Windows\System\fLSAvWy.exe
  C:\Windows\System\fLSAvWy.exe
  2⤵
  PID:7436
- C:\Windows\System\QAoQJUO.exe
  C:\Windows\System\QAoQJUO.exe
  2⤵
  PID:7452
- C:\Windows\System\IJbEFKy.exe
  C:\Windows\System\IJbEFKy.exe
  2⤵
  PID:7468
- C:\Windows\System\uveyjDX.exe
  C:\Windows\System\uveyjDX.exe
  2⤵
  PID:7484
- C:\Windows\System\ygfVLaM.exe
  C:\Windows\System\ygfVLaM.exe
  2⤵
  PID:7500
- C:\Windows\System\ZxukYAt.exe
  C:\Windows\System\ZxukYAt.exe
  2⤵
  PID:7516
- C:\Windows\System\IKmHnNE.exe
  C:\Windows\System\IKmHnNE.exe
  2⤵
  PID:7532
- C:\Windows\System\mjoERlM.exe
  C:\Windows\System\mjoERlM.exe
  2⤵
  PID:7548
- C:\Windows\System\agfPScU.exe
  C:\Windows\System\agfPScU.exe
  2⤵
  PID:7564
- C:\Windows\System\HpLiXme.exe
  C:\Windows\System\HpLiXme.exe
  2⤵
  PID:7632
- C:\Windows\System\rvqeUMA.exe
  C:\Windows\System\rvqeUMA.exe
  2⤵
  PID:7648
- C:\Windows\System\CUJxdUl.exe
  C:\Windows\System\CUJxdUl.exe
  2⤵
  PID:7672
- C:\Windows\System\VUyqTeI.exe
  C:\Windows\System\VUyqTeI.exe
  2⤵
  PID:7688
- C:\Windows\System\LsDJpft.exe
  C:\Windows\System\LsDJpft.exe
  2⤵
  PID:7704
- C:\Windows\System\irelLdQ.exe
  C:\Windows\System\irelLdQ.exe
  2⤵
  PID:7720
- C:\Windows\System\unOwWIH.exe
  C:\Windows\System\unOwWIH.exe
  2⤵
  PID:7736
- C:\Windows\System\VUpGgmM.exe
  C:\Windows\System\VUpGgmM.exe
  2⤵
  PID:7752
- C:\Windows\System\RCPCclv.exe
  C:\Windows\System\RCPCclv.exe
  2⤵
  PID:7776
- C:\Windows\System\dMKzShL.exe
  C:\Windows\System\dMKzShL.exe
  2⤵
  PID:7792
- C:\Windows\System\KuCJlSy.exe
  C:\Windows\System\KuCJlSy.exe
  2⤵
  PID:7812
- C:\Windows\System\RvcJKNX.exe
  C:\Windows\System\RvcJKNX.exe
  2⤵
  PID:7836
- C:\Windows\System\biwDXUF.exe
  C:\Windows\System\biwDXUF.exe
  2⤵
  PID:7852
- C:\Windows\System\xNuvlpc.exe
  C:\Windows\System\xNuvlpc.exe
  2⤵
  PID:7868
- C:\Windows\System\xfitpKT.exe
  C:\Windows\System\xfitpKT.exe
  2⤵
  PID:7908
- C:\Windows\System\NgBsAMA.exe
  C:\Windows\System\NgBsAMA.exe
  2⤵
  PID:7932
- C:\Windows\System\sMVOZVl.exe
  C:\Windows\System\sMVOZVl.exe
  2⤵
  PID:7948
- C:\Windows\System\kuyMnJJ.exe
  C:\Windows\System\kuyMnJJ.exe
  2⤵
  PID:7964
- C:\Windows\System\alOfSlm.exe
  C:\Windows\System\alOfSlm.exe
  2⤵
  PID:7980
- C:\Windows\System\CJRuAur.exe
  C:\Windows\System\CJRuAur.exe
  2⤵
  PID:7996
- C:\Windows\System\rZVcliO.exe
  C:\Windows\System\rZVcliO.exe
  2⤵
  PID:8016
- C:\Windows\System\BMBfBoq.exe
  C:\Windows\System\BMBfBoq.exe
  2⤵
  PID:8032
- C:\Windows\System\hqKnajM.exe
  C:\Windows\System\hqKnajM.exe
  2⤵
  PID:8048
- C:\Windows\System\MtwgmpY.exe
  C:\Windows\System\MtwgmpY.exe
  2⤵
  PID:8064
- C:\Windows\System\ZfihlHo.exe
  C:\Windows\System\ZfihlHo.exe
  2⤵
  PID:8080
- C:\Windows\System\SnIViUw.exe
  C:\Windows\System\SnIViUw.exe
  2⤵
  PID:8100
- C:\Windows\System\GNvnwMq.exe
  C:\Windows\System\GNvnwMq.exe
  2⤵
  PID:8120
- C:\Windows\System\LLmPFrH.exe
  C:\Windows\System\LLmPFrH.exe
  2⤵
  PID:8164
- C:\Windows\System\ycBCnqW.exe
  C:\Windows\System\ycBCnqW.exe
  2⤵
  PID:8184
- C:\Windows\System\yJtwcKs.exe
  C:\Windows\System\yJtwcKs.exe
  2⤵
  PID:7180
- C:\Windows\System\SIDWwpf.exe
  C:\Windows\System\SIDWwpf.exe
  2⤵
  PID:7228
- C:\Windows\System\fTQDDZj.exe
  C:\Windows\System\fTQDDZj.exe
  2⤵
  PID:7088
- C:\Windows\System\gWdlPhR.exe
  C:\Windows\System\gWdlPhR.exe
  2⤵
  PID:7312
- C:\Windows\System\mzbMvdX.exe
  C:\Windows\System\mzbMvdX.exe
  2⤵
  PID:7240
- C:\Windows\System\osSwMbF.exe
  C:\Windows\System\osSwMbF.exe
  2⤵
  PID:7200
- C:\Windows\System\rFZpmQI.exe
  C:\Windows\System\rFZpmQI.exe
  2⤵
  PID:7212
- C:\Windows\System\AVnniYr.exe
  C:\Windows\System\AVnniYr.exe
  2⤵
  PID:7360
- C:\Windows\System\hgPDhoz.exe
  C:\Windows\System\hgPDhoz.exe
  2⤵
  PID:7332
- C:\Windows\System\Xujvwzb.exe
  C:\Windows\System\Xujvwzb.exe
  2⤵
  PID:7300
- C:\Windows\System\jKldDPL.exe
  C:\Windows\System\jKldDPL.exe
  2⤵
  PID:7540
- C:\Windows\System\aWgclvP.exe
  C:\Windows\System\aWgclvP.exe
  2⤵
  PID:7556
- C:\Windows\System\BRLXxZi.exe
  C:\Windows\System\BRLXxZi.exe
  2⤵
  PID:7560
- C:\Windows\System\moavWvm.exe
  C:\Windows\System\moavWvm.exe
  2⤵
  PID:7444
- C:\Windows\System\GsetwOH.exe
  C:\Windows\System\GsetwOH.exe
  2⤵
  PID:7588
- C:\Windows\System\NGxtYOo.exe
  C:\Windows\System\NGxtYOo.exe
  2⤵
  PID:7604
- C:\Windows\System\yZjCMyx.exe
  C:\Windows\System\yZjCMyx.exe
  2⤵
  PID:7644
- C:\Windows\System\UolSAlt.exe
  C:\Windows\System\UolSAlt.exe
  2⤵
  PID:7668
- C:\Windows\System\SDGvcZb.exe
  C:\Windows\System\SDGvcZb.exe
  2⤵
  PID:7716
- C:\Windows\System\UqyApNB.exe
  C:\Windows\System\UqyApNB.exe
  2⤵
  PID:7820
- C:\Windows\System\TVoRTNM.exe
  C:\Windows\System\TVoRTNM.exe
  2⤵
  PID:7696
- C:\Windows\System\mCisUUH.exe
  C:\Windows\System\mCisUUH.exe
  2⤵
  PID:7760
- C:\Windows\System\hWlLAxB.exe
  C:\Windows\System\hWlLAxB.exe
  2⤵
  PID:7864
- C:\Windows\System\vZWVguX.exe
  C:\Windows\System\vZWVguX.exe
  2⤵
  PID:7804
- C:\Windows\System\bMwYuNO.exe
  C:\Windows\System\bMwYuNO.exe
  2⤵
  PID:7920
- C:\Windows\System\dIJzPsw.exe
  C:\Windows\System\dIJzPsw.exe
  2⤵
  PID:7960
- C:\Windows\System\tlighPm.exe
  C:\Windows\System\tlighPm.exe
  2⤵
  PID:8028
- C:\Windows\System\JumDFvw.exe
  C:\Windows\System\JumDFvw.exe
  2⤵
  PID:8092
- C:\Windows\System\cguofTW.exe
  C:\Windows\System\cguofTW.exe
  2⤵
  PID:8144
- C:\Windows\System\awcgnOF.exe
  C:\Windows\System\awcgnOF.exe
  2⤵
  PID:8008
- C:\Windows\System\WBjFpRM.exe
  C:\Windows\System\WBjFpRM.exe
  2⤵
  PID:8044
- C:\Windows\System\hXArUnJ.exe
  C:\Windows\System\hXArUnJ.exe
  2⤵
  PID:8072
- C:\Windows\System\yGRSYAW.exe
  C:\Windows\System\yGRSYAW.exe
  2⤵
  PID:8116
- C:\Windows\System\RScaycc.exe
  C:\Windows\System\RScaycc.exe
  2⤵
  PID:8172
- C:\Windows\System\mbqFOFR.exe
  C:\Windows\System\mbqFOFR.exe
  2⤵
  PID:6476
- C:\Windows\System\yZctWJy.exe
  C:\Windows\System\yZctWJy.exe
  2⤵
  PID:7328
- C:\Windows\System\PeHUNoc.exe
  C:\Windows\System\PeHUNoc.exe
  2⤵
  PID:7460
- C:\Windows\System\sjlMWDf.exe
  C:\Windows\System\sjlMWDf.exe
  2⤵
  PID:7524
- C:\Windows\System\GjcjuVN.exe
  C:\Windows\System\GjcjuVN.exe
  2⤵
  PID:7348
- C:\Windows\System\acGSYmJ.exe
  C:\Windows\System\acGSYmJ.exe
  2⤵
  PID:7396
- C:\Windows\System\aMhdOAU.exe
  C:\Windows\System\aMhdOAU.exe
  2⤵
  PID:7572
- C:\Windows\System\LDkBiPP.exe
  C:\Windows\System\LDkBiPP.exe
  2⤵
  PID:7416
- C:\Windows\System\qvTRgiX.exe
  C:\Windows\System\qvTRgiX.exe
  2⤵
  PID:7784
- C:\Windows\System\EbBlnhj.exe
  C:\Windows\System\EbBlnhj.exe
  2⤵
  PID:7640
- C:\Windows\System\wGZhSMg.exe
  C:\Windows\System\wGZhSMg.exe
  2⤵
  PID:7828
- C:\Windows\System\gNFnLmV.exe
  C:\Windows\System\gNFnLmV.exe
  2⤵
  PID:7888
- C:\Windows\System\uVwAabn.exe
  C:\Windows\System\uVwAabn.exe
  2⤵
  PID:7904
- C:\Windows\System\ITVjgxO.exe
  C:\Windows\System\ITVjgxO.exe
  2⤵
  PID:7988
- C:\Windows\System\upDUZpd.exe
  C:\Windows\System\upDUZpd.exe
  2⤵
  PID:8160
- C:\Windows\System\PEdcDte.exe
  C:\Windows\System\PEdcDte.exe
  2⤵
  PID:5228
- C:\Windows\System\bqrsZPG.exe
  C:\Windows\System\bqrsZPG.exe
  2⤵
  PID:7480
- C:\Windows\System\gZSNZoS.exe
  C:\Windows\System\gZSNZoS.exe
  2⤵
  PID:7224
- C:\Windows\System\BOBVPFD.exe
  C:\Windows\System\BOBVPFD.exe
  2⤵
  PID:7256
- C:\Windows\System\uXUzOSn.exe
  C:\Windows\System\uXUzOSn.exe
  2⤵
  PID:7528
- C:\Windows\System\PALejgH.exe
  C:\Windows\System\PALejgH.exe
  2⤵
  PID:7428
- C:\Windows\System\RuMBHJm.exe
  C:\Windows\System\RuMBHJm.exe
  2⤵
  PID:8040
- C:\Windows\System\VxHZYKj.exe
  C:\Windows\System\VxHZYKj.exe
  2⤵
  PID:8088
- C:\Windows\System\bdopnEE.exe
  C:\Windows\System\bdopnEE.exe
  2⤵
  PID:7384
- C:\Windows\System\dnqcDyT.exe
  C:\Windows\System\dnqcDyT.exe
  2⤵
  PID:7748
- C:\Windows\System\wxgXAxf.exe
  C:\Windows\System\wxgXAxf.exe
  2⤵
  PID:7832
- C:\Windows\System\jXrrubI.exe
  C:\Windows\System\jXrrubI.exe
  2⤵
  PID:7768
- C:\Windows\System\wNBMzDp.exe
  C:\Windows\System\wNBMzDp.exe
  2⤵
  PID:7664
- C:\Windows\System\WtRssvC.exe
  C:\Windows\System\WtRssvC.exe
  2⤵
  PID:8004
- C:\Windows\System\NuPmTSx.exe
  C:\Windows\System\NuPmTSx.exe
  2⤵
  PID:7104
- C:\Windows\System\oJXQyXO.exe
  C:\Windows\System\oJXQyXO.exe
  2⤵
  PID:7276
- C:\Windows\System\GxiizmL.exe
  C:\Windows\System\GxiizmL.exe
  2⤵
  PID:7208
- C:\Windows\System\IgtzcoI.exe
  C:\Windows\System\IgtzcoI.exe
  2⤵
  PID:7292
- C:\Windows\System\bSxyjCN.exe
  C:\Windows\System\bSxyjCN.exe
  2⤵
  PID:7884
- C:\Windows\System\AFZSJyW.exe
  C:\Windows\System\AFZSJyW.exe
  2⤵
  PID:7296
- C:\Windows\System\xUNkCYb.exe
  C:\Windows\System\xUNkCYb.exe
  2⤵
  PID:7916
- C:\Windows\System\JqMJMzG.exe
  C:\Windows\System\JqMJMzG.exe
  2⤵
  PID:7512
- C:\Windows\System\oxdeXiv.exe
  C:\Windows\System\oxdeXiv.exe
  2⤵
  PID:8176
- C:\Windows\System\KHCZnnI.exe
  C:\Windows\System\KHCZnnI.exe
  2⤵
  PID:7576
- C:\Windows\System\nFbLovi.exe
  C:\Windows\System\nFbLovi.exe
  2⤵
  PID:7660
- C:\Windows\System\CQUwjrH.exe
  C:\Windows\System\CQUwjrH.exe
  2⤵
  PID:7876
- C:\Windows\System\TKrCvWb.exe
  C:\Windows\System\TKrCvWb.exe
  2⤵
  PID:7900
- C:\Windows\System\gFmHvHY.exe
  C:\Windows\System\gFmHvHY.exe
  2⤵
  PID:6216
- C:\Windows\System\mWipECf.exe
  C:\Windows\System\mWipECf.exe
  2⤵
  PID:8152
- C:\Windows\System\Smtuoeb.exe
  C:\Windows\System\Smtuoeb.exe
  2⤵
  PID:6156
- C:\Windows\System\JzjBJjC.exe
  C:\Windows\System\JzjBJjC.exe
  2⤵
  PID:7492
- C:\Windows\System\ypCkhAF.exe
  C:\Windows\System\ypCkhAF.exe
  2⤵
  PID:8204
- C:\Windows\System\jLQPnHw.exe
  C:\Windows\System\jLQPnHw.exe
  2⤵
  PID:8220
- C:\Windows\System\tIYCsDl.exe
  C:\Windows\System\tIYCsDl.exe
  2⤵
  PID:8236
- C:\Windows\System\IUqESed.exe
  C:\Windows\System\IUqESed.exe
  2⤵
  PID:8252
- C:\Windows\System\DAAFvyh.exe
  C:\Windows\System\DAAFvyh.exe
  2⤵
  PID:8268
- C:\Windows\System\WtWVJnX.exe
  C:\Windows\System\WtWVJnX.exe
  2⤵
  PID:8292
- C:\Windows\System\YcLmaqD.exe
  C:\Windows\System\YcLmaqD.exe
  2⤵
  PID:8308
- C:\Windows\System\aorYdcW.exe
  C:\Windows\System\aorYdcW.exe
  2⤵
  PID:8328
- C:\Windows\System\cQjWwLo.exe
  C:\Windows\System\cQjWwLo.exe
  2⤵
  PID:8344
- C:\Windows\System\SWYRsRz.exe
  C:\Windows\System\SWYRsRz.exe
  2⤵
  PID:8364
- C:\Windows\System\hyodNhO.exe
  C:\Windows\System\hyodNhO.exe
  2⤵
  PID:8388
- C:\Windows\System\iekgzEh.exe
  C:\Windows\System\iekgzEh.exe
  2⤵
  PID:8404
- C:\Windows\System\fVfgSlH.exe
  C:\Windows\System\fVfgSlH.exe
  2⤵
  PID:8420
- C:\Windows\System\PPrwlXJ.exe
  C:\Windows\System\PPrwlXJ.exe
  2⤵
  PID:8448
- C:\Windows\System\lPMHxuq.exe
  C:\Windows\System\lPMHxuq.exe
  2⤵
  PID:8468
- C:\Windows\System\vdACsnW.exe
  C:\Windows\System\vdACsnW.exe
  2⤵
  PID:8484
- C:\Windows\System\vHJLSWb.exe
  C:\Windows\System\vHJLSWb.exe
  2⤵
  PID:8508
- C:\Windows\System\ZFzxjQE.exe
  C:\Windows\System\ZFzxjQE.exe
  2⤵
  PID:8532
- C:\Windows\System\IFaYtfh.exe
  C:\Windows\System\IFaYtfh.exe
  2⤵
  PID:8552
- C:\Windows\System\iKanWgh.exe
  C:\Windows\System\iKanWgh.exe
  2⤵
  PID:8576
- C:\Windows\System\TsLeOOF.exe
  C:\Windows\System\TsLeOOF.exe
  2⤵
  PID:8608
- C:\Windows\System\lLGtBuM.exe
  C:\Windows\System\lLGtBuM.exe
  2⤵
  PID:8628
- C:\Windows\System\yXUOLsM.exe
  C:\Windows\System\yXUOLsM.exe
  2⤵
  PID:8644
- C:\Windows\System\GCgDOaC.exe
  C:\Windows\System\GCgDOaC.exe
  2⤵
  PID:8660
- C:\Windows\System\BuZbDTj.exe
  C:\Windows\System\BuZbDTj.exe
  2⤵
  PID:8692
- C:\Windows\System\KWJlazQ.exe
  C:\Windows\System\KWJlazQ.exe
  2⤵
  PID:8708
- C:\Windows\System\UtfBcLN.exe
  C:\Windows\System\UtfBcLN.exe
  2⤵
  PID:8728
- C:\Windows\System\fxdjHzh.exe
  C:\Windows\System\fxdjHzh.exe
  2⤵
  PID:8744
- C:\Windows\System\rgYwSwK.exe
  C:\Windows\System\rgYwSwK.exe
  2⤵
  PID:8772
- C:\Windows\System\vOpwEMr.exe
  C:\Windows\System\vOpwEMr.exe
  2⤵
  PID:8792
- C:\Windows\System\rQZGvAD.exe
  C:\Windows\System\rQZGvAD.exe
  2⤵
  PID:8808
- C:\Windows\System\qQwzpay.exe
  C:\Windows\System\qQwzpay.exe
  2⤵
  PID:8828
- C:\Windows\System\SJlbitp.exe
  C:\Windows\System\SJlbitp.exe
  2⤵
  PID:8844
- C:\Windows\System\bcuPouC.exe
  C:\Windows\System\bcuPouC.exe
  2⤵
  PID:8872
- C:\Windows\System\HMdYDok.exe
  C:\Windows\System\HMdYDok.exe
  2⤵
  PID:8892
- C:\Windows\System\RcUGjqZ.exe
  C:\Windows\System\RcUGjqZ.exe
  2⤵
  PID:8908
- C:\Windows\System\VlOybmn.exe
  C:\Windows\System\VlOybmn.exe
  2⤵
  PID:8924
- C:\Windows\System\COnhdTH.exe
  C:\Windows\System\COnhdTH.exe
  2⤵
  PID:8940
- C:\Windows\System\HgdDcua.exe
  C:\Windows\System\HgdDcua.exe
  2⤵
  PID:8956
- C:\Windows\System\tGUqOqG.exe
  C:\Windows\System\tGUqOqG.exe
  2⤵
  PID:8980
- C:\Windows\System\EwWyFHJ.exe
  C:\Windows\System\EwWyFHJ.exe
  2⤵
  PID:9000
- C:\Windows\System\eKFOPBC.exe
  C:\Windows\System\eKFOPBC.exe
  2⤵
  PID:9016
- C:\Windows\System\cYmRURB.exe
  C:\Windows\System\cYmRURB.exe
  2⤵
  PID:9040
- C:\Windows\System\bTmLtqN.exe
  C:\Windows\System\bTmLtqN.exe
  2⤵
  PID:9060
- C:\Windows\System\qmPNSgp.exe
  C:\Windows\System\qmPNSgp.exe
  2⤵
  PID:9076
- C:\Windows\System\GqkvEIS.exe
  C:\Windows\System\GqkvEIS.exe
  2⤵
  PID:9116
- C:\Windows\System\CvMTBGE.exe
  C:\Windows\System\CvMTBGE.exe
  2⤵
  PID:9132
- C:\Windows\System\eEVxLbQ.exe
  C:\Windows\System\eEVxLbQ.exe
  2⤵
  PID:9148
- C:\Windows\System\lLFfJeW.exe
  C:\Windows\System\lLFfJeW.exe
  2⤵
  PID:9164
- C:\Windows\System\vhlTSJA.exe
  C:\Windows\System\vhlTSJA.exe
  2⤵
  PID:9188
- C:\Windows\System\nnRzSlh.exe
  C:\Windows\System\nnRzSlh.exe
  2⤵
  PID:9204
- C:\Windows\System\GclokSn.exe
  C:\Windows\System\GclokSn.exe
  2⤵
  PID:8212
- C:\Windows\System\cjugpkS.exe
  C:\Windows\System\cjugpkS.exe
  2⤵
  PID:8300
- C:\Windows\System\qVsuehr.exe
  C:\Windows\System\qVsuehr.exe
  2⤵
  PID:8372
- C:\Windows\System\PwzbvhL.exe
  C:\Windows\System\PwzbvhL.exe
  2⤵
  PID:8412
- C:\Windows\System\RFHZvEV.exe
  C:\Windows\System\RFHZvEV.exe
  2⤵
  PID:8496
- C:\Windows\System\QgOeCpR.exe
  C:\Windows\System\QgOeCpR.exe
  2⤵
  PID:8396
- C:\Windows\System\hshUQwR.exe
  C:\Windows\System\hshUQwR.exe
  2⤵
  PID:8244
- C:\Windows\System\bSiwzpI.exe
  C:\Windows\System\bSiwzpI.exe
  2⤵
  PID:8276
- C:\Windows\System\ImyzSkX.exe
  C:\Windows\System\ImyzSkX.exe
  2⤵
  PID:8428
- C:\Windows\System\NUPLJuS.exe
  C:\Windows\System\NUPLJuS.exe
  2⤵
  PID:8476
- C:\Windows\System\yFSUzYK.exe
  C:\Windows\System\yFSUzYK.exe
  2⤵
  PID:8560
- C:\Windows\System\XWMhWBq.exe
  C:\Windows\System\XWMhWBq.exe
  2⤵
  PID:8588
- C:\Windows\System\CDctNtZ.exe
  C:\Windows\System\CDctNtZ.exe
  2⤵
  PID:8620
- C:\Windows\System\KtbwIRo.exe
  C:\Windows\System\KtbwIRo.exe
  2⤵
  PID:8656
- C:\Windows\System\QAtAGSQ.exe
  C:\Windows\System\QAtAGSQ.exe
  2⤵
  PID:7628
- C:\Windows\System\BzZsLez.exe
  C:\Windows\System\BzZsLez.exe
  2⤵
  PID:8720
- C:\Windows\System\xTiCQio.exe
  C:\Windows\System\xTiCQio.exe
  2⤵
  PID:8760
- C:\Windows\System\NfmKaXT.exe
  C:\Windows\System\NfmKaXT.exe
  2⤵
  PID:8684
- C:\Windows\System\qNgAMSu.exe
  C:\Windows\System\qNgAMSu.exe
  2⤵
  PID:8836
- C:\Windows\System\OHxLSfX.exe
  C:\Windows\System\OHxLSfX.exe
  2⤵
  PID:8852
- C:\Windows\System\GZjPdTb.exe
  C:\Windows\System\GZjPdTb.exe
  2⤵
  PID:8868
- C:\Windows\System\hpCxMns.exe
  C:\Windows\System\hpCxMns.exe
  2⤵
  PID:8920
- C:\Windows\System\kPyiBjG.exe
  C:\Windows\System\kPyiBjG.exe
  2⤵
  PID:8988
- C:\Windows\System\OvyhmcM.exe
  C:\Windows\System\OvyhmcM.exe
  2⤵
  PID:8936
- C:\Windows\System\jrvfPdM.exe
  C:\Windows\System\jrvfPdM.exe
  2⤵
  PID:9088
- C:\Windows\System\vmrIPoY.exe
  C:\Windows\System\vmrIPoY.exe
  2⤵
  PID:8964
- C:\Windows\System\Huuadck.exe
  C:\Windows\System\Huuadck.exe
  2⤵
  PID:9048
- C:\Windows\System\AWJQbWU.exe
  C:\Windows\System\AWJQbWU.exe
  2⤵
  PID:9128
- C:\Windows\System\Oeaivsf.exe
  C:\Windows\System\Oeaivsf.exe
  2⤵
  PID:8232
- C:\Windows\System\QRJHKXz.exe
  C:\Windows\System\QRJHKXz.exe
  2⤵
  PID:9140
- C:\Windows\System\neMoMJu.exe
  C:\Windows\System\neMoMJu.exe
  2⤵
  PID:8200
- C:\Windows\System\MiyCdaz.exe
  C:\Windows\System\MiyCdaz.exe
  2⤵
  PID:8264
- C:\Windows\System\JgdXcRq.exe
  C:\Windows\System\JgdXcRq.exe
  2⤵
  PID:8336
- C:\Windows\System\SGtwmVz.exe
  C:\Windows\System\SGtwmVz.exe
  2⤵
  PID:8284
- C:\Windows\System\xFrkhYM.exe
  C:\Windows\System\xFrkhYM.exe
  2⤵
  PID:8288
- C:\Windows\System\qszQxZG.exe
  C:\Windows\System\qszQxZG.exe
  2⤵
  PID:8436
- C:\Windows\System\AUlUgkM.exe
  C:\Windows\System\AUlUgkM.exe
  2⤵
  PID:8516
- C:\Windows\System\giFztot.exe
  C:\Windows\System\giFztot.exe
  2⤵
  PID:8616
- C:\Windows\System\PUFedQK.exe
  C:\Windows\System\PUFedQK.exe
  2⤵
  PID:8652
- C:\Windows\System\AeipfmJ.exe
  C:\Windows\System\AeipfmJ.exe
  2⤵
  PID:8704
- C:\Windows\System\OlJzBBy.exe
  C:\Windows\System\OlJzBBy.exe
  2⤵
  PID:8736
- C:\Windows\System\wMQWKSg.exe
  C:\Windows\System\wMQWKSg.exe
  2⤵
  PID:9100
- C:\Windows\System\tDJWuOE.exe
  C:\Windows\System\tDJWuOE.exe
  2⤵
  PID:8816
- C:\Windows\System\vMeSKwN.exe
  C:\Windows\System\vMeSKwN.exe
  2⤵
  PID:8864
- C:\Windows\System\ebLQRhs.exe
  C:\Windows\System\ebLQRhs.exe
  2⤵
  PID:8932
- C:\Windows\System\qyLACIb.exe
  C:\Windows\System\qyLACIb.exe
  2⤵
  PID:9032
- C:\Windows\System\NHeKYob.exe
  C:\Windows\System\NHeKYob.exe
  2⤵
  PID:9124
- C:\Windows\System\slpdgBu.exe
  C:\Windows\System\slpdgBu.exe
  2⤵
  PID:9160
- C:\Windows\System\JXTdmEX.exe
  C:\Windows\System\JXTdmEX.exe
  2⤵
  PID:8384
- C:\Windows\System\FbKnici.exe
  C:\Windows\System\FbKnici.exe
  2⤵
  PID:8456
- C:\Windows\System\yPLmlzF.exe
  C:\Windows\System\yPLmlzF.exe
  2⤵
  PID:8584
- C:\Windows\System\nhYHPaQ.exe
  C:\Windows\System\nhYHPaQ.exe
  2⤵
  PID:8196
- C:\Windows\System\OaMvwze.exe
  C:\Windows\System\OaMvwze.exe
  2⤵
  PID:8340
- C:\Windows\System\brZEsAX.exe
  C:\Windows\System\brZEsAX.exe
  2⤵
  PID:8352
- C:\Windows\System\fDUgQwg.exe
  C:\Windows\System\fDUgQwg.exe
  2⤵
  PID:8716
- C:\Windows\System\UAwiIgt.exe
  C:\Windows\System\UAwiIgt.exe
  2⤵
  PID:8884
- C:\Windows\System\meptUau.exe
  C:\Windows\System\meptUau.exe
  2⤵
  PID:8824
- C:\Windows\System\XhbwStL.exe
  C:\Windows\System\XhbwStL.exe
  2⤵
  PID:9024
- C:\Windows\System\kEsITge.exe
  C:\Windows\System\kEsITge.exe
  2⤵
  PID:8972
- C:\Windows\System\ZjUtbXp.exe
  C:\Windows\System\ZjUtbXp.exe
  2⤵
  PID:9200
- C:\Windows\System\kEhomhj.exe
  C:\Windows\System\kEhomhj.exe
  2⤵
  PID:9184
- C:\Windows\System\lZvHpIB.exe
  C:\Windows\System\lZvHpIB.exe
  2⤵
  PID:8400
- C:\Windows\System\SEOQFdG.exe
  C:\Windows\System\SEOQFdG.exe
  2⤵
  PID:8740
- C:\Windows\System\MqcAHKX.exe
  C:\Windows\System\MqcAHKX.exe
  2⤵
  PID:8596
- C:\Windows\System\RzidPpH.exe
  C:\Windows\System\RzidPpH.exe
  2⤵
  PID:8216
- C:\Windows\System\VYxWKol.exe
  C:\Windows\System\VYxWKol.exe
  2⤵
  PID:8380
- C:\Windows\System\jrQuDcG.exe
  C:\Windows\System\jrQuDcG.exe
  2⤵
  PID:8752
- C:\Windows\System\FkPYwmy.exe
  C:\Windows\System\FkPYwmy.exe
  2⤵
  PID:8604
- C:\Windows\System\EZLAvYv.exe
  C:\Windows\System\EZLAvYv.exe
  2⤵
  PID:8784
- C:\Windows\System\syKSHCQ.exe
  C:\Windows\System\syKSHCQ.exe
  2⤵
  PID:9008
- C:\Windows\System\sVOVzxp.exe
  C:\Windows\System\sVOVzxp.exe
  2⤵
  PID:8464
- C:\Windows\System\OiaIeQq.exe
  C:\Windows\System\OiaIeQq.exe
  2⤵
  PID:8444
- C:\Windows\System\FAvmrhZ.exe
  C:\Windows\System\FAvmrhZ.exe
  2⤵
  PID:8572
- C:\Windows\System\vinXult.exe
  C:\Windows\System\vinXult.exe
  2⤵
  PID:9224
- C:\Windows\System\CJGqomg.exe
  C:\Windows\System\CJGqomg.exe
  2⤵
  PID:9244
- C:\Windows\System\GrYyyeM.exe
  C:\Windows\System\GrYyyeM.exe
  2⤵
  PID:9260
- C:\Windows\System\VqwSZBR.exe
  C:\Windows\System\VqwSZBR.exe
  2⤵
  PID:9308
- C:\Windows\System\VznyMZi.exe
  C:\Windows\System\VznyMZi.exe
  2⤵
  PID:9336
- C:\Windows\System\GZkhEqJ.exe
  C:\Windows\System\GZkhEqJ.exe
  2⤵
  PID:9356
- C:\Windows\System\YFcOuta.exe
  C:\Windows\System\YFcOuta.exe
  2⤵
  PID:9376
- C:\Windows\System\MrrjMYJ.exe
  C:\Windows\System\MrrjMYJ.exe
  2⤵
  PID:9396
- C:\Windows\System\tBsoaih.exe
  C:\Windows\System\tBsoaih.exe
  2⤵
  PID:9500
- C:\Windows\System\tOWSBnf.exe
  C:\Windows\System\tOWSBnf.exe
  2⤵
  PID:9520
- C:\Windows\System\rWpusfy.exe
  C:\Windows\System\rWpusfy.exe
  2⤵
  PID:9540
- C:\Windows\System\AmWuhLk.exe
  C:\Windows\System\AmWuhLk.exe
  2⤵
  PID:9564
- C:\Windows\System\OPlPhfn.exe
  C:\Windows\System\OPlPhfn.exe
  2⤵
  PID:9580
- C:\Windows\System\kbmkZGi.exe
  C:\Windows\System\kbmkZGi.exe
  2⤵
  PID:9596
- C:\Windows\System\RqlCuZt.exe
  C:\Windows\System\RqlCuZt.exe
  2⤵
  PID:9616
- C:\Windows\System\clCNsNm.exe
  C:\Windows\System\clCNsNm.exe
  2⤵
  PID:9632
- C:\Windows\System\cSGYNsC.exe
  C:\Windows\System\cSGYNsC.exe
  2⤵
  PID:9656
- C:\Windows\System\GPySCYp.exe
  C:\Windows\System\GPySCYp.exe
  2⤵
  PID:9676
- C:\Windows\System\vSbOGKg.exe
  C:\Windows\System\vSbOGKg.exe
  2⤵
  PID:9700
- C:\Windows\System\zCkhWPZ.exe
  C:\Windows\System\zCkhWPZ.exe
  2⤵
  PID:9724
- C:\Windows\System\sgWlvDV.exe
  C:\Windows\System\sgWlvDV.exe
  2⤵
  PID:9740
- C:\Windows\System\HSAXsME.exe
  C:\Windows\System\HSAXsME.exe
  2⤵
  PID:9768
- C:\Windows\System\SuYtHaN.exe
  C:\Windows\System\SuYtHaN.exe
  2⤵
  PID:9784
- C:\Windows\System\EgoJUiu.exe
  C:\Windows\System\EgoJUiu.exe
  2⤵
  PID:9800
- C:\Windows\System\GiaCjph.exe
  C:\Windows\System\GiaCjph.exe
  2⤵
  PID:9816
- C:\Windows\System\erdxfVO.exe
  C:\Windows\System\erdxfVO.exe
  2⤵
  PID:9832
- C:\Windows\System\ZikHNWz.exe
  C:\Windows\System\ZikHNWz.exe
  2⤵
  PID:9856
- C:\Windows\System\EQgKKCu.exe
  C:\Windows\System\EQgKKCu.exe
  2⤵
  PID:9876
- C:\Windows\System\DaONhVp.exe
  C:\Windows\System\DaONhVp.exe
  2⤵
  PID:9896
- C:\Windows\System\htjvIvU.exe
  C:\Windows\System\htjvIvU.exe
  2⤵
  PID:9912
- C:\Windows\System\NbLxqRh.exe
  C:\Windows\System\NbLxqRh.exe
  2⤵
  PID:9940
- C:\Windows\System\lxRFxyV.exe
  C:\Windows\System\lxRFxyV.exe
  2⤵
  PID:9960
- C:\Windows\System\XYUouQz.exe
  C:\Windows\System\XYUouQz.exe
  2⤵
  PID:9976
- C:\Windows\System\aeGjdTD.exe
  C:\Windows\System\aeGjdTD.exe
  2⤵
  PID:9996
- C:\Windows\System\KedEKjC.exe
  C:\Windows\System\KedEKjC.exe
  2⤵
  PID:10020
- C:\Windows\System\HOggFNW.exe
  C:\Windows\System\HOggFNW.exe
  2⤵
  PID:10040
- C:\Windows\System\hdPfGWs.exe
  C:\Windows\System\hdPfGWs.exe
  2⤵
  PID:10056
- C:\Windows\System\sllRRmY.exe
  C:\Windows\System\sllRRmY.exe
  2⤵
  PID:10084
- C:\Windows\System\LRXxJbu.exe
  C:\Windows\System\LRXxJbu.exe
  2⤵
  PID:10112
- C:\Windows\System\QYKvXYT.exe
  C:\Windows\System\QYKvXYT.exe
  2⤵
  PID:10128
- C:\Windows\System\wcAAVwr.exe
  C:\Windows\System\wcAAVwr.exe
  2⤵
  PID:10152
- C:\Windows\System\JNjpGSq.exe
  C:\Windows\System\JNjpGSq.exe
  2⤵
  PID:10168
- C:\Windows\System\yTvhwVs.exe
  C:\Windows\System\yTvhwVs.exe
  2⤵
  PID:10192
- C:\Windows\System\dkqQNWA.exe
  C:\Windows\System\dkqQNWA.exe
  2⤵
  PID:10212
- C:\Windows\System\CcxlsXr.exe
  C:\Windows\System\CcxlsXr.exe
  2⤵
  PID:10232
- C:\Windows\System\GHGakju.exe
  C:\Windows\System\GHGakju.exe
  2⤵
  PID:9056
- C:\Windows\System\ezZzYBd.exe
  C:\Windows\System\ezZzYBd.exe
  2⤵
  PID:9252
- C:\Windows\System\AXFWsah.exe
  C:\Windows\System\AXFWsah.exe
  2⤵
  PID:9268
- C:\Windows\System\tahmhAd.exe
  C:\Windows\System\tahmhAd.exe
  2⤵
  PID:9292
- C:\Windows\System\SzAfHkZ.exe
  C:\Windows\System\SzAfHkZ.exe
  2⤵
  PID:9328
- C:\Windows\System\LMIAvlo.exe
  C:\Windows\System\LMIAvlo.exe
  2⤵
  PID:9352
- C:\Windows\System\ksjQBcv.exe
  C:\Windows\System\ksjQBcv.exe
  2⤵
  PID:9364
- C:\Windows\System\OpHaIOn.exe
  C:\Windows\System\OpHaIOn.exe
  2⤵
  PID:9412
- C:\Windows\System\PKNBLuc.exe
  C:\Windows\System\PKNBLuc.exe
  2⤵
  PID:9516
- C:\Windows\System\iQtwLtR.exe
  C:\Windows\System\iQtwLtR.exe
  2⤵
  PID:9548
- C:\Windows\System\ADrwfnu.exe
  C:\Windows\System\ADrwfnu.exe
  2⤵
  PID:9572
- C:\Windows\System\AQnguFK.exe
  C:\Windows\System\AQnguFK.exe
  2⤵
  PID:9612
- C:\Windows\System\bakoCLj.exe
  C:\Windows\System\bakoCLj.exe
  2⤵
  PID:9652
- C:\Windows\System\SpEinyk.exe
  C:\Windows\System\SpEinyk.exe
  2⤵
  PID:9696
- C:\Windows\System\gHGcqNd.exe
  C:\Windows\System\gHGcqNd.exe
  2⤵
  PID:9708
- C:\Windows\System\RqzLKKG.exe
  C:\Windows\System\RqzLKKG.exe
  2⤵
  PID:9732
- C:\Windows\System\BayVmYW.exe
  C:\Windows\System\BayVmYW.exe
  2⤵
  PID:9748
- C:\Windows\System\SKpUtEY.exe
  C:\Windows\System\SKpUtEY.exe
  2⤵
  PID:9808
- C:\Windows\System\RnAvpaC.exe
  C:\Windows\System\RnAvpaC.exe
  2⤵
  PID:9852
- C:\Windows\System\ujKQEuo.exe
  C:\Windows\System\ujKQEuo.exe
  2⤵
  PID:9888
- C:\Windows\System\tTYZCaR.exe
  C:\Windows\System\tTYZCaR.exe
  2⤵
  PID:9936
- C:\Windows\System\aRMZnDw.exe
  C:\Windows\System\aRMZnDw.exe
  2⤵
  PID:9864
- C:\Windows\System\pAuqhJt.exe
  C:\Windows\System\pAuqhJt.exe
  2⤵
  PID:10008
- C:\Windows\System\piZOVBm.exe
  C:\Windows\System\piZOVBm.exe
  2⤵
  PID:9948
- C:\Windows\System\KBaaykX.exe
  C:\Windows\System\KBaaykX.exe
  2⤵
  PID:9988
- C:\Windows\System\nPadASG.exe
  C:\Windows\System\nPadASG.exe
  2⤵
  PID:10104
- C:\Windows\System\sBNFeaJ.exe
  C:\Windows\System\sBNFeaJ.exe
  2⤵
  PID:10124
- C:\Windows\System\aSTVgeU.exe
  C:\Windows\System\aSTVgeU.exe
  2⤵
  PID:10160
- C:\Windows\System\ssIizTD.exe
  C:\Windows\System\ssIizTD.exe
  2⤵
  PID:10180
- C:\Windows\System\EPsrTug.exe
  C:\Windows\System\EPsrTug.exe
  2⤵
  PID:10220
- C:\Windows\System\USLNMAK.exe
  C:\Windows\System\USLNMAK.exe
  2⤵
  PID:9104
- C:\Windows\System\GvWLxGQ.exe
  C:\Windows\System\GvWLxGQ.exe
  2⤵
  PID:9220
- C:\Windows\System\tnOyVHf.exe
  C:\Windows\System\tnOyVHf.exe
  2⤵
  PID:9272
- C:\Windows\System\mNALKWc.exe
  C:\Windows\System\mNALKWc.exe
  2⤵
  PID:9368
- C:\Windows\System\MkqAfYm.exe
  C:\Windows\System\MkqAfYm.exe
  2⤵
  PID:9592
- C:\Windows\System\LprZyaZ.exe
  C:\Windows\System\LprZyaZ.exe
  2⤵
  PID:9688
- C:\Windows\System\egiktvS.exe
  C:\Windows\System\egiktvS.exe
  2⤵
  PID:9536
- C:\Windows\System\mzafmkn.exe
  C:\Windows\System\mzafmkn.exe
  2⤵
  PID:9968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BNguMxR.exe

Filesize
6.0MB

MD5
a872e7547b8a5367aa06e36dc436a42d

SHA1
b677f1748a1cc6f47565b420723cc7c794b0e673

SHA256
d3ff406dba3d0519c8bf0a522d80546abd14d5bc67f10112137777cecde6ac73

SHA512
d12c2adbbf15f032e32856f2afeb2a47771add4dcec5cc68ab1ada8ea95b3429310fc19d8466910d9aa7f5b15be02022891e6984a47ad522f6c151e77a22643e

Download Submit
C:\Windows\system\CQbPCLl.exe

Filesize
6.0MB

MD5
4308994dd5f658b49b51cf2b4ebd17ef

SHA1
c226acad1d2449c07c31724ccc1afea64899a157

SHA256
f51a5c0497edd99517f3b981f48ea9accfe04395c3448ae3b5440c48900b3f96

SHA512
f48d609a7b116fc581409dee407074537ca71e90ef1e355d8b4291e36dbd8d23c29780ffe35d0a8f52c2c49b2cc994b2a56202aed89c5f6ec82225fa1a9a2b48

Download Submit
C:\Windows\system\DkLoIES.exe

Filesize
6.0MB

MD5
3962054407ecbb05cd456eec98e4ba33

SHA1
ca3ca72557b303cf75f8be2c14b2e5b68c53d542

SHA256
5f8f0373b10e4a1fd833d2b5314a53b0fe35d4329122678563f392d4e9bf0c12

SHA512
753fc911bf9098872f3a90d7283b8e11a78f9a04c55e9918d81821ccfd1749d61f690a69b75888bc60691a1a8efe754db5944af166076f3d19f75f10dfc8c6a1

Download Submit
C:\Windows\system\EVMBCre.exe

Filesize
6.0MB

MD5
939f615912c5017ca330b4394b12f760

SHA1
8aaea208d84a6d05d3c075142316d59c6e7500d4

SHA256
b30494783bf15018e7a852b092360bd18475ee10f0d98e252435185414db7845

SHA512
cd7348654b58d7823845b326bcdd50c6d2c42ca5692f1a58554fa2327e4ef9fee5ad6ac26465256366607e7a209464227883ae835cf44cabcd36fe935aff44d6

Download Submit
C:\Windows\system\EmFIJwf.exe

Filesize
6.0MB

MD5
4eb4810c5a365172c3610b9b7463fb1f

SHA1
f686bc5c682a956a11030c8a93a9fa9d23af3c89

SHA256
40d7a6fe8a0ee64321e5f71bb511931cbaa3d7bee5dbbe794376440dda4158a9

SHA512
f1c9f410d7730403da0e42f66eff23840640eb1fc4e659e27d5d76f7a8775fba692f84d95c8db5e0442059886d96f4608f5c59ea43d6e5944f49c703e5f37460

Download Submit
C:\Windows\system\FDpKwVC.exe

Filesize
6.0MB

MD5
b8dddf54a27baab9cf43902a1c7fd150

SHA1
0ecb54f70b55f4e7f6c44e314498652af908255f

SHA256
c30cc4dcf43c4b005f318e1b4de3c4c9cb425602286c4ce02024b1ed3f9f41a0

SHA512
73833af421ebe6280bdf631bcc9e8cee047e07b9f3fb6a0cbd0241556025781e6808e0d5672e5c57ea1116b38c4f355aced43752335f31516889ae92b73285f0

Download Submit
C:\Windows\system\HWiyUSq.exe

Filesize
6.0MB

MD5
677ca10b58fdbd1687ab48e39ae5f6a4

SHA1
d50af9cc2f23b5a6c6516305b10f545042a79120

SHA256
90387dcb0e3dc5e3bfa1ea667eea5e5b33ac310ee62fe54d4cda93f3a445bbd8

SHA512
484ddb3b067009a6a335797d18018386f4ebbffe32f3249ea033209bb5dbdd027a6646983c1dbfd78df9f4e0bdcd741ecfb00609f0790b2da93da21aff79b389

Download Submit
C:\Windows\system\JkaPdVB.exe

Filesize
6.0MB

MD5
4a6d6782e734d25c1acdf60a3be7bc24

SHA1
43df37d78970fc16dccc636ee8b825cdd7e47555

SHA256
fa5d842829dcf28ddd8d772e524d0ff1fe55a9f1ed53a1b8c7b036171ef80158

SHA512
713042aa940edeb04699f269e75eee82b1a9188fc2714d3994bbb46d9c3b05ca8617221e56ba9b2cade8f56ce6f0abe54d053a1b67df810b271aaca4b10c2533

Download Submit
C:\Windows\system\JuenxKR.exe

Filesize
6.0MB

MD5
b20b6b623be06d5ad55204abdd1016cd

SHA1
1736ab0268bd7087e8af757b512f50d33eb9c4d2

SHA256
92804db89c1b6e5f44d27a372904501af87f1e4b807d34066f3b72bc4942c5bd

SHA512
2fea43d02a8f2df2dd681c82f6fd2153642eaaff4953f746dfdf29b24884e4121590ca7d5e8bd26c93bf48cd8535f97be152abbc16589a78fc1021312e651939

Download Submit
C:\Windows\system\OhlygBv.exe

Filesize
6.0MB

MD5
55ea72dc0ee408c1f38713a3d8fcf58c

SHA1
d294dd1b86a627d132986bce193c05572af8593b

SHA256
8001313484d12ed5c92431091f5e92ea5c67a99c57930278c74a03039c842a32

SHA512
6c5ac3749834cce8935b52d110eaac2e24fc458328ca75b525aaac5591b969ca382dfbc2408e712ad509f4bd7eed9eeb54579845502b10b87724b03ce4bdc94c

Download Submit
C:\Windows\system\PBVcDdf.exe

Filesize
6.0MB

MD5
8ae3e2ebd1f1d587850e7307c6cc1420

SHA1
132d32971018bd10cd473519ec36572b38a8b7d2

SHA256
396a91a5324d61163dc2599e4321db3f036d580808d7d7c5e357e57790840bef

SHA512
ae92a90207eb27a757bf87abdad677db10f5f86f21b7882eed593c6cca272af18f9dcce808f91138a1fd87b79de108680a1c20eabdcb27a6934fbab5e9a01bf6

Download Submit
C:\Windows\system\PYxRjdF.exe

Filesize
6.0MB

MD5
96bcb3ace8338d58a64c7a6c5b42d994

SHA1
6531432a806b15e67957fa1e933a81a136d5fa46

SHA256
a94ad431d97e9f9c1f251c64f99d0403742099066393e30bf3489c70fcb55ad1

SHA512
b67ae9727bf3fd1e11615b34df85f8aebff3c62ed583b1bff58429c9317809ee0c364723c51c9fd59b3af169766b87cf9fbc9d613d11276c685ada92d2cf5c64

Download Submit
C:\Windows\system\QkrrSLo.exe

Filesize
6.0MB

MD5
057ab4813ddb4dda259c969dcb04cebc

SHA1
4e09474a9128ce4b1acc51d94371f4f628a8453e

SHA256
783aaf4890511bdccb330229aff41faeee75e45b7043188ce1cb9a1d025bcbe3

SHA512
0ac0565443bd0e4a69f370bbdd56a7654621073c3368373a1705db396d698c671327ff255da1214a8095d60bae1ce1fb161f69f780bd24eac9db155d19390788

Download Submit
C:\Windows\system\VJVcqqa.exe

Filesize
6.0MB

MD5
947b5056313453f29aa3498472b75c3b

SHA1
f8151c0ab437e74e0c5168cc248fb33e12c3e50f

SHA256
ef40ea112b38bf728c0b8f9a5c8c66a92b791deaa0559c08227518404779aa88

SHA512
7b98d93872edf26c340b6188bc1864fe2104a1a95f8cc0670ef03a474010eaba9c52e7aadaa2a561fa14e9b5b6c59c01a0bd737c7141d3fa6d02f1cee3641440

Download Submit
C:\Windows\system\YmdQWrn.exe

Filesize
6.0MB

MD5
7c6b439d5f529f6018506e68dba819ed

SHA1
1b769543fc44401614ea8a3ddc7817f7a1884fd5

SHA256
e0adf03f19347b9fb5df993ce6cf81c779db699c2eecb87ab270c2fc497e0f47

SHA512
6bc42c09fce0d3ee30db412186310ddf8498a70ca181f78dfd481818c1302eba71b542af6d7a1dbb450a015be6a2a3692ab3998aca9c4d98a738c571048b4cee

Download Submit
C:\Windows\system\bDiUazb.exe

Filesize
6.0MB

MD5
31e62fb4c40dc1b16823124e952d42f5

SHA1
cf3ac3385e22ddf8dd1f068a8377d0b0dace42fa

SHA256
504f2bb8c089cc7661bd40d1e21b3f9aab3cbc9c98aa6fedc8354bfb444939ad

SHA512
e70509cd3789b47c7c3af22214e0507e88430692588a9dcd9af8b9909aae3957889f36ef26c75a1ef2351d2328367c9e744ca93f358e097e521d8b0f84528886

Download Submit
C:\Windows\system\bOqLwCS.exe

Filesize
6.0MB

MD5
d66c2b92b9ad0285c3cfd40573b6bceb

SHA1
53e64064ac63105c15d753df45818b515f2e93c9

SHA256
a45b1f72dea5da49f4ef111e063699a1725a11f09023a421d1a060ccfbb471af

SHA512
af8577e8ab0539617cee0b940eeb6a6681dcbd69af89b9d8b8dea4353c827518a5253e27cad632e020a1dd94bbdad51196871dcd8cb2129a7a40daa59b86bac2

Download Submit
C:\Windows\system\fMeXqmb.exe

Filesize
6.0MB

MD5
2a0fa18297a35c297d4f64b8fab59751

SHA1
93c2788bfe07a062754eeb1b9d7572fe39face9f

SHA256
fad81bf87d16d8109725b97e3ce4664d1df1646afa38bb121fbeb463adeca77e

SHA512
09553fd187fef80e78ce188b2a75522da97a756980539f8f64372b4ee12876a543334fce89935385e918ebbe8cad6e44f986ddc8a0a9188ac11d978cdb68c926

Download Submit
C:\Windows\system\fPCGOvd.exe

Filesize
6.0MB

MD5
8548427ad28cbfd964fc11a201eed1ae

SHA1
3d48ce0e32323889329edb84f0f973597d5af37f

SHA256
7a1b3501483cce02f1b24419249a91658820816255bdfd38b696c6bfd2f0e9a0

SHA512
a90515bbe3d293a6e0afc9ab9bd11cf6de896c77db8ef2d1da915bb1d29865c51a42040e6bb07455ae853f7c0600e00efbbafbd21415694a301e150eaab6dd53

Download Submit
C:\Windows\system\guULNfm.exe

Filesize
6.0MB

MD5
47e43153fd65f3e5ea2b23b73ab47c5f

SHA1
72c1e7c617974fa12175eedf9459da7c13ee4f4c

SHA256
39956724fdb59fa109af8cd0709beb4138edcb884b07435e118e6eb0243b3bdd

SHA512
19391c49a717ca6be05af8f98b4d9bfb101de341dc04e1db7ebe322e90c03e59c3192ccb3d486da124f747ff661ab83365f4f9cf2720b5fe0c0268e99b4f9b81

Download Submit
C:\Windows\system\kGahCuD.exe

Filesize
6.0MB

MD5
17f16ab2ba7dfec36dfe7b82b3f2f316

SHA1
b36a9a6b17c2dd89bbaf9fb01c29f89ee05469a8

SHA256
446604164d68375c1d9fdce33add117a5b104ca4081fa57f5a47ce737cc0a69e

SHA512
498352062896b100b5ffe41f0b7ad2db8a1fb32790bc5d8ad88aa6760cfecbf2c1420bc43dcacb1b875d43eed968676f4ae14cef7f12115bcdf8bfe51642a133

Download Submit
C:\Windows\system\ksYoZmv.exe

Filesize
6.0MB

MD5
280d128f24aeef43193b34dbbc4b6404

SHA1
11e34edc8e41b1d8c7ceb38ee6620d141ff340e4

SHA256
ad6a110e05133e33bed03b40802d40b8fbdd81df7f38a58c040fc7380eccfaae

SHA512
08ffb0745038d5b6211a9553d08207c5e1edbc761c447fb3007f94517110afead2c28940ebf34dc79fda37a4bc8236a32aaaf1b0a870aa16640539329bc93855

Download Submit
C:\Windows\system\mZdjpOL.exe

Filesize
6.0MB

MD5
e3247fbaaa6fde5023a9a23f8f922756

SHA1
5a9601f30bb18cd6e74b2128ccbdc2c66e16e6e1

SHA256
c40bef0f91f7cfe8f429569b08772f1e3eb3dde2cf6c425f9b7bfdeeabbcd10a

SHA512
387dd62225ed40076edd112688a75a0a1e90c7845bb55ed4b0b59131ab46908e0b023799d386f6f3e3400fe37eddd77bc8110d36f5beb494c9615771c406074e

Download Submit
C:\Windows\system\ntMZfdu.exe

Filesize
6.0MB

MD5
17b654e5820425b91fe6f269a1f2e9f8

SHA1
076eb02b4e4b1bb48b410164a887c1c5b2427293

SHA256
9b79fda5de1fa9f95bf57090cd1a0646f9d045e0f98988d29a5a9d97bacbd6ba

SHA512
8ea307bd18a14f76f3550e5da5df6d1253c630d4912800f891ebe41eb90e7fc45b4d63382a5beed002836a679051a2157f1861d442e9964b06e7c5ff2ff42cbf

Download Submit
C:\Windows\system\pODyqfq.exe

Filesize
6.0MB

MD5
8827aa95f22e2b7a54848bd1176a1147

SHA1
07316dc50179f3dd9f4c7844f6f3f444251e7979

SHA256
381794e6b5f99276d74b1360df9f23b1531b8d4fcdaba768706dab0cc72c1d9a

SHA512
f425105397eed373bc46547038f43d36fc654f919d0ce33754df605566191d2b778118bd54cda999d8463c8ca27931d6dbc7dea3412e31195e5fd8472a067210

Download Submit
C:\Windows\system\ryTszPn.exe

Filesize
6.0MB

MD5
e0600ba5f9d70dafc428977957ae45cb

SHA1
d589896ac4ca95c89d2ddf6cd1d97bff8da69fc7

SHA256
d64f80ed97b4732afa5428e6ee350e072f708ee0cf7c9086da860b1de837c57b

SHA512
7730dd6899c7f8e43087d9b6841c1ee871a7ea94815a52e1c1dac20141858021b82e3c08786dd8a53ce96b941be2dc41b941c10080e043303b2a271504d185d1

Download Submit
C:\Windows\system\sqrZcQv.exe

Filesize
8B

MD5
338fde68ae7dad6345c4ed67f5eeae08

SHA1
e27075153e543cd3aadd16044aaa8953be280bac

SHA256
eabac93986cc662d95c9ce1e7d66a47d211f822f2107fbf6b0f3254e13aefe02

SHA512
5274b072a8ff1840ef85ea16f6e28edf3b5d70d825dbe9f599c13ba172c7f168366f2095597819fa7d68b30cdecf4e71c6928ae607be7a8a82e62143e0309a4a

Download Submit
C:\Windows\system\vAYhGGK.exe

Filesize
6.0MB

MD5
c7808eb5c2972a870e5e9bb94b530785

SHA1
78b3e49aaff0550bccf3ea9e653e5ecdf7dda6df

SHA256
2b8108ed23b35db7383334ae89a9805dd938ab527c4dca36fa7813a9d7cf5b64

SHA512
a7cc643da62b90d08a7597d2ea3df833230b09633c0cec67e10d71db99a48c4b04bd4560ffb07ed835f485539a224ba3c907829e96d11fe2a383a7d1f31b9478

Download Submit
C:\Windows\system\zmsoaHX.exe

Filesize
6.0MB

MD5
1c49cb1f2159f2d1ac78f9971b20472c

SHA1
b3f94914fb636ece303bd8c83e3426d4d7022302

SHA256
fa632cc6ea2fb1c73b6a64559ec50f3d2b7eff8ec24f82f981a1188b3d4ed103

SHA512
24a7349f4bf1d85948e399b5f5ddedc3a219c5e69c330246e045918e3ccd9a6258a9ff056a822ae00b7d9a3f85befeb29a9fe2d43ef4a0eec814fb05aa11dcbb

Download Submit
\Windows\system\AmZaNSn.exe

Filesize
6.0MB

MD5
ccdd8a333c51199b9c431e4c8cdca333

SHA1
c08d6751b15720e7f1f42b3acc95cf1e35566a4c

SHA256
d48c47ff6fd93263a918458e49a4220a1f715756cc580273c742d0a467077ec6

SHA512
232467d90fa81fbaf32710611e94dc3146d7aa8ed7d264e725e5fbf61981907a4cd37ecf11e00d9dd27702106dd7f83e2da4cd81635213c8a46695ada84221ab

Download Submit
\Windows\system\MCCacJg.exe

Filesize
6.0MB

MD5
b09ce8e24cf7eedd6458c0854d24c5c5

SHA1
c6466f5869842e01a97f2f04ebca85a2cb382958

SHA256
27855cd1cb4f63bcdd132699a549b96051942b3a814cf79f62b3a7000c073a1f

SHA512
718a65b271fe22cd654be005b2334e8698fec69c5fb5cfd6800f1bf6f112ff213d820369ad8b03d8d4c93c16485a32816f24709036790b38d848b2ad5cdd1178

Download Submit
\Windows\system\TgayMwU.exe

Filesize
6.0MB

MD5
ec4326267d6a70fbc21a739882dd4913

SHA1
c927fd0b721a4121252959e472c63073e0b9cd60

SHA256
f9a13be5c9a742fe8eca61cfe045cc560cd69168527af2a22e82df414e4fd20d

SHA512
8c4e22bdb2b314f3baca27170d821223339b1be107f38372f308e2aa6bf27b8f7afebeae94e7b53cd6ff2c7a527d2a6fcc7f47c4a9b8491aeb18beae8558fa14

Download Submit
\Windows\system\pUjDygK.exe

Filesize
6.0MB

MD5
1b457d9cad2d79a63d5b4ab363fc5e70

SHA1
bd62999a71d47a9f89f563b53397bac6e9448eb3

SHA256
38361eabaf48fe80f6d227f6efd90c80d027907d71a86e267b64b81507d321f0

SHA512
6444eaf0f8ac7fa0f02ec00438e62413325a54e58b65e698a210a7b691db527f1e24bf593c02fe516917878672ff5a0e4e281611064196f9e9d363ac2b9bb39d

Download Submit
memory/1644-755-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-14-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-3905-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-150-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/1684-0-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/1684-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1684-142-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1684-20-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-140-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1684-132-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1684-138-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/1684-152-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1684-136-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-144-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1684-134-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/1684-972-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1684-1026-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1684-146-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-320-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/1684-148-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2052-3957-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2052-21-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-133-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2120-3991-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2516-3984-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2516-145-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2524-151-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2524-3958-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2540-3955-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-147-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-3937-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2584-153-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2616-139-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3944-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2664-3993-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2664-149-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3942-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2748-135-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2780-137-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3979-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-3986-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2792-141-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3954-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2820-143-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2924-3956-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2924-8-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download