cobaltstrike | f6e4ea0208e1a998e3644c54379288003c7074efa0ff77ad571767e5414fca2c

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26-11-2024 00:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

155caa66d594cd19c6e3d94aa84c17f4
SHA1

1ca8b107e800b4ed14d056d87fa4c59ac58c5358
SHA256

f6e4ea0208e1a998e3644c54379288003c7074efa0ff77ad571767e5414fca2c
SHA512

00fcc958b1bc54c29ee4a4a9d23259b7593ee283532349cd2d9cae013b39fedbb5d2b466324c554c558673821d0663a14b676c44d4bb6c8549420ee430c9af2f
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUH:T+q56utgpPF8u/7H

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
\Windows\system\KGoqkbn.exe	cobalt_reflective_dll
\Windows\system\LWbXjpb.exe	cobalt_reflective_dll
C:\Windows\system\xtKpzVi.exe	cobalt_reflective_dll
C:\Windows\system\TZjspVX.exe	cobalt_reflective_dll
\Windows\system\RPuQnfS.exe	cobalt_reflective_dll
\Windows\system\QgLpPEg.exe	cobalt_reflective_dll
C:\Windows\system\plndMjF.exe	cobalt_reflective_dll
\Windows\system\ouJiSKQ.exe	cobalt_reflective_dll
C:\Windows\system\AKcmQEh.exe	cobalt_reflective_dll
\Windows\system\KBHxDrH.exe	cobalt_reflective_dll
C:\Windows\system\LHKOAcl.exe	cobalt_reflective_dll
C:\Windows\system\sERNEEY.exe	cobalt_reflective_dll
C:\Windows\system\yCOTlRQ.exe	cobalt_reflective_dll
C:\Windows\system\ehWjNLE.exe	cobalt_reflective_dll
C:\Windows\system\VBEcedr.exe	cobalt_reflective_dll
C:\Windows\system\BPlsphW.exe	cobalt_reflective_dll
C:\Windows\system\MeTxgPx.exe	cobalt_reflective_dll
C:\Windows\system\FBbAFGU.exe	cobalt_reflective_dll
C:\Windows\system\SAEZQig.exe	cobalt_reflective_dll
C:\Windows\system\GVuGsQp.exe	cobalt_reflective_dll
C:\Windows\system\fpJMppo.exe	cobalt_reflective_dll
C:\Windows\system\BCgbYla.exe	cobalt_reflective_dll
C:\Windows\system\ZCDcWPA.exe	cobalt_reflective_dll
C:\Windows\system\HvOVoQj.exe	cobalt_reflective_dll
C:\Windows\system\DeqPOqt.exe	cobalt_reflective_dll
C:\Windows\system\RwnDFeV.exe	cobalt_reflective_dll
C:\Windows\system\zPFxuNc.exe	cobalt_reflective_dll
C:\Windows\system\mCyxSGS.exe	cobalt_reflective_dll
C:\Windows\system\fynMmOx.exe	cobalt_reflective_dll
C:\Windows\system\OuboUjH.exe	cobalt_reflective_dll
C:\Windows\system\ssAdkSn.exe	cobalt_reflective_dll
C:\Windows\system\QQWRKMm.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2352-0-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
\Windows\system\KGoqkbn.exe	xmrig
behavioral1/memory/2092-7-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
\Windows\system\LWbXjpb.exe	xmrig
C:\Windows\system\xtKpzVi.exe	xmrig
behavioral1/memory/1800-14-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2352-22-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2100-20-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2504-27-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
C:\Windows\system\TZjspVX.exe	xmrig
behavioral1/memory/2352-30-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2092-32-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
\Windows\system\RPuQnfS.exe	xmrig
behavioral1/memory/2784-40-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/1800-39-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
\Windows\system\QgLpPEg.exe	xmrig
behavioral1/memory/2728-47-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2100-46-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2816-56-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
C:\Windows\system\plndMjF.exe	xmrig
behavioral1/memory/2504-51-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2680-68-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
\Windows\system\ouJiSKQ.exe	xmrig
C:\Windows\system\AKcmQEh.exe	xmrig
\Windows\system\KBHxDrH.exe	xmrig
behavioral1/memory/2576-84-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
C:\Windows\system\LHKOAcl.exe	xmrig
behavioral1/memory/2384-81-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2784-80-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/1808-91-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/1764-106-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
C:\Windows\system\sERNEEY.exe	xmrig
C:\Windows\system\yCOTlRQ.exe	xmrig
behavioral1/memory/1820-681-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2352-580-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/1808-482-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2352-391-0x0000000002300000-0x0000000002654000-memory.dmp	xmrig
behavioral1/memory/2576-322-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2384-263-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2804-200-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
C:\Windows\system\ehWjNLE.exe	xmrig
C:\Windows\system\VBEcedr.exe	xmrig
C:\Windows\system\BPlsphW.exe	xmrig
C:\Windows\system\MeTxgPx.exe	xmrig
C:\Windows\system\FBbAFGU.exe	xmrig
C:\Windows\system\SAEZQig.exe	xmrig
C:\Windows\system\GVuGsQp.exe	xmrig
C:\Windows\system\fpJMppo.exe	xmrig
C:\Windows\system\BCgbYla.exe	xmrig
C:\Windows\system\ZCDcWPA.exe	xmrig
C:\Windows\system\HvOVoQj.exe	xmrig
C:\Windows\system\DeqPOqt.exe	xmrig
C:\Windows\system\RwnDFeV.exe	xmrig
C:\Windows\system\zPFxuNc.exe	xmrig
C:\Windows\system\mCyxSGS.exe	xmrig
C:\Windows\system\fynMmOx.exe	xmrig
C:\Windows\system\OuboUjH.exe	xmrig
behavioral1/memory/1820-100-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2816-99-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
C:\Windows\system\ssAdkSn.exe	xmrig
behavioral1/memory/2352-96-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2352-95-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
C:\Windows\system\QQWRKMm.exe	xmrig
behavioral1/memory/2728-87-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

KGoqkbn.exeLWbXjpb.exextKpzVi.exeTZjspVX.exeRPuQnfS.exeQgLpPEg.exeplndMjF.exeAKcmQEh.exeouJiSKQ.exeKBHxDrH.exeLHKOAcl.exeQQWRKMm.exessAdkSn.exeOuboUjH.exefynMmOx.exemCyxSGS.exesERNEEY.exezPFxuNc.exeRwnDFeV.exeyCOTlRQ.exeDeqPOqt.exeHvOVoQj.exeZCDcWPA.exeBCgbYla.exefpJMppo.exeGVuGsQp.exeSAEZQig.exeFBbAFGU.exeMeTxgPx.exeBPlsphW.exeVBEcedr.exeehWjNLE.exeXSrGWfK.exetTvdKeO.exeyFbSPwg.exeIDmwSOB.exezkPDYwA.exeIylYxNe.exeYgfVBun.exeHWrjSgC.exeEJMbdBT.exeCWuvbDG.exekmpdDjB.exehJearYa.exeObAIobr.exeMZviwpP.exeYCgmyWA.exefrTRAwB.execKYoYVv.exenZdAnmt.exehallIiL.exeubMMlkj.exesEcWzAP.exeNLmQgRG.exeMgzVUMs.exejkeFVlS.exevppoGYo.exeDoXbEke.exeOgjXVcz.exeYfxANCR.exeYSGIvEA.exeLKJKiSw.exeHYvkYWf.exejjBHPhD.exe

pid	process
2092	KGoqkbn.exe
1800	LWbXjpb.exe
2100	xtKpzVi.exe
2504	TZjspVX.exe
2784	RPuQnfS.exe
2728	QgLpPEg.exe
2816	plndMjF.exe
2680	AKcmQEh.exe
2804	ouJiSKQ.exe
2384	KBHxDrH.exe
2576	LHKOAcl.exe
1808	QQWRKMm.exe
1820	ssAdkSn.exe
1764	OuboUjH.exe
1772	fynMmOx.exe
1880	mCyxSGS.exe
1876	sERNEEY.exe
2344	zPFxuNc.exe
2028	RwnDFeV.exe
1400	yCOTlRQ.exe
1204	DeqPOqt.exe
1200	HvOVoQj.exe
2812	ZCDcWPA.exe
2896	BCgbYla.exe
1776	fpJMppo.exe
2528	GVuGsQp.exe
1088	SAEZQig.exe
2052	FBbAFGU.exe
3028	MeTxgPx.exe
916	BPlsphW.exe
2412	VBEcedr.exe
1092	ehWjNLE.exe
2480	XSrGWfK.exe
1548	tTvdKeO.exe
1948	yFbSPwg.exe
1112	IDmwSOB.exe
1264	zkPDYwA.exe
1252	IylYxNe.exe
1964	YgfVBun.exe
1584	HWrjSgC.exe
2568	EJMbdBT.exe
2260	CWuvbDG.exe
2424	kmpdDjB.exe
2908	hJearYa.exe
2156	ObAIobr.exe
2328	MZviwpP.exe
568	YCgmyWA.exe
2104	frTRAwB.exe
2948	cKYoYVv.exe
888	nZdAnmt.exe
2120	hallIiL.exe
1620	ubMMlkj.exe
1536	sEcWzAP.exe
2900	NLmQgRG.exe
2164	MgzVUMs.exe
2288	jkeFVlS.exe
1628	vppoGYo.exe
112	DoXbEke.exe
2492	OgjXVcz.exe
2520	YfxANCR.exe
1836	YSGIvEA.exe
2852	LKJKiSw.exe
2128	HYvkYWf.exe
2764	jjBHPhD.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2352-0-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
\Windows\system\KGoqkbn.exe	upx
behavioral1/memory/2092-7-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
\Windows\system\LWbXjpb.exe	upx
C:\Windows\system\xtKpzVi.exe	upx
behavioral1/memory/1800-14-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2100-20-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2504-27-0x000000013F440000-0x000000013F794000-memory.dmp	upx
C:\Windows\system\TZjspVX.exe	upx
behavioral1/memory/2352-30-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/2092-32-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
\Windows\system\RPuQnfS.exe	upx
behavioral1/memory/2784-40-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/1800-39-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
\Windows\system\QgLpPEg.exe	upx
behavioral1/memory/2728-47-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2100-46-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2816-56-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
C:\Windows\system\plndMjF.exe	upx
behavioral1/memory/2504-51-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2680-68-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
\Windows\system\ouJiSKQ.exe	upx
C:\Windows\system\AKcmQEh.exe	upx
\Windows\system\KBHxDrH.exe	upx
behavioral1/memory/2576-84-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
C:\Windows\system\LHKOAcl.exe	upx
behavioral1/memory/2384-81-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2784-80-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/1808-91-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/1764-106-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
C:\Windows\system\sERNEEY.exe	upx
C:\Windows\system\yCOTlRQ.exe	upx
behavioral1/memory/1820-681-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/1808-482-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2576-322-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2384-263-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2804-200-0x000000013F220000-0x000000013F574000-memory.dmp	upx
C:\Windows\system\ehWjNLE.exe	upx
C:\Windows\system\VBEcedr.exe	upx
C:\Windows\system\BPlsphW.exe	upx
C:\Windows\system\MeTxgPx.exe	upx
C:\Windows\system\FBbAFGU.exe	upx
C:\Windows\system\SAEZQig.exe	upx
C:\Windows\system\GVuGsQp.exe	upx
C:\Windows\system\fpJMppo.exe	upx
C:\Windows\system\BCgbYla.exe	upx
C:\Windows\system\ZCDcWPA.exe	upx
C:\Windows\system\HvOVoQj.exe	upx
C:\Windows\system\DeqPOqt.exe	upx
C:\Windows\system\RwnDFeV.exe	upx
C:\Windows\system\zPFxuNc.exe	upx
C:\Windows\system\mCyxSGS.exe	upx
C:\Windows\system\fynMmOx.exe	upx
C:\Windows\system\OuboUjH.exe	upx
behavioral1/memory/1820-100-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2816-99-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
C:\Windows\system\ssAdkSn.exe	upx
C:\Windows\system\QQWRKMm.exe	upx
behavioral1/memory/2728-87-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2804-78-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/1764-2412-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/1800-2656-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2092-2655-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2504-2657-0x000000013F440000-0x000000013F794000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\FGDarJi.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uOAWRtO.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xHDVhUC.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nhvgtIb.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GPgJQDD.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZafxSCz.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SVWdHcz.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wwlamJp.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LcaAvjS.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UkhmPrh.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ARbPGua.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HWzfhKT.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OobLiSp.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hszeJun.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JnxBjIr.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UWJpHLj.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RRtnoKX.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CjRFyPp.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rtJKCTg.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AKpcnae.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ljWLONp.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MGYfBSY.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iVezNYD.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fgbyQvV.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GojZIxq.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lNgMMru.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvRpLuz.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\krhRCrm.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZUyxkgE.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aRQaoay.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YnodwPT.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EZxOmYX.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\auoRDla.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XKihRIX.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eWusVmU.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IZnMkYh.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dtzqOYE.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UiRMDBh.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KiMgftH.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KkKiMaF.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DdrpQjP.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CxpzIjn.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sRiDZgE.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rHwpOqS.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qUvnhcK.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zUmRItr.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ubnyLyZ.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AnmEyoC.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\McLVCvN.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\olcncBy.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FAeOHCm.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lBsghNB.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zvzwYKo.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AISNROT.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DaHaVgd.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LWTzSrJ.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nkJLqOK.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XTUUUgI.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HpZFOYz.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VTuEeBq.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iyUyHcj.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WmpLmFb.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XmRznLO.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pwlpiyK.exe	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 2352 wrote to memory of 2092	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	KGoqkbn.exe
PID 2352 wrote to memory of 2092	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	KGoqkbn.exe
PID 2352 wrote to memory of 2092	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	KGoqkbn.exe
PID 2352 wrote to memory of 1800	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	LWbXjpb.exe
PID 2352 wrote to memory of 1800	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	LWbXjpb.exe
PID 2352 wrote to memory of 1800	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	LWbXjpb.exe
PID 2352 wrote to memory of 2100	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	xtKpzVi.exe
PID 2352 wrote to memory of 2100	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	xtKpzVi.exe
PID 2352 wrote to memory of 2100	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	xtKpzVi.exe
PID 2352 wrote to memory of 2504	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	TZjspVX.exe
PID 2352 wrote to memory of 2504	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	TZjspVX.exe
PID 2352 wrote to memory of 2504	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	TZjspVX.exe
PID 2352 wrote to memory of 2784	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	RPuQnfS.exe
PID 2352 wrote to memory of 2784	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	RPuQnfS.exe
PID 2352 wrote to memory of 2784	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	RPuQnfS.exe
PID 2352 wrote to memory of 2728	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	QgLpPEg.exe
PID 2352 wrote to memory of 2728	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	QgLpPEg.exe
PID 2352 wrote to memory of 2728	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	QgLpPEg.exe
PID 2352 wrote to memory of 2816	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	plndMjF.exe
PID 2352 wrote to memory of 2816	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	plndMjF.exe
PID 2352 wrote to memory of 2816	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	plndMjF.exe
PID 2352 wrote to memory of 2680	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	AKcmQEh.exe
PID 2352 wrote to memory of 2680	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	AKcmQEh.exe
PID 2352 wrote to memory of 2680	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	AKcmQEh.exe
PID 2352 wrote to memory of 2384	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	KBHxDrH.exe
PID 2352 wrote to memory of 2384	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	KBHxDrH.exe
PID 2352 wrote to memory of 2384	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	KBHxDrH.exe
PID 2352 wrote to memory of 2804	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	ouJiSKQ.exe
PID 2352 wrote to memory of 2804	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	ouJiSKQ.exe
PID 2352 wrote to memory of 2804	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	ouJiSKQ.exe
PID 2352 wrote to memory of 2576	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	LHKOAcl.exe
PID 2352 wrote to memory of 2576	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	LHKOAcl.exe
PID 2352 wrote to memory of 2576	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	LHKOAcl.exe
PID 2352 wrote to memory of 1808	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	QQWRKMm.exe
PID 2352 wrote to memory of 1808	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	QQWRKMm.exe
PID 2352 wrote to memory of 1808	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	QQWRKMm.exe
PID 2352 wrote to memory of 1820	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	ssAdkSn.exe
PID 2352 wrote to memory of 1820	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	ssAdkSn.exe
PID 2352 wrote to memory of 1820	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	ssAdkSn.exe
PID 2352 wrote to memory of 1764	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	OuboUjH.exe
PID 2352 wrote to memory of 1764	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	OuboUjH.exe
PID 2352 wrote to memory of 1764	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	OuboUjH.exe
PID 2352 wrote to memory of 1772	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	fynMmOx.exe
PID 2352 wrote to memory of 1772	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	fynMmOx.exe
PID 2352 wrote to memory of 1772	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	fynMmOx.exe
PID 2352 wrote to memory of 1880	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	mCyxSGS.exe
PID 2352 wrote to memory of 1880	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	mCyxSGS.exe
PID 2352 wrote to memory of 1880	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	mCyxSGS.exe
PID 2352 wrote to memory of 1876	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	sERNEEY.exe
PID 2352 wrote to memory of 1876	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	sERNEEY.exe
PID 2352 wrote to memory of 1876	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	sERNEEY.exe
PID 2352 wrote to memory of 2344	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	zPFxuNc.exe
PID 2352 wrote to memory of 2344	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	zPFxuNc.exe
PID 2352 wrote to memory of 2344	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	zPFxuNc.exe
PID 2352 wrote to memory of 2028	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	RwnDFeV.exe
PID 2352 wrote to memory of 2028	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	RwnDFeV.exe
PID 2352 wrote to memory of 2028	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	RwnDFeV.exe
PID 2352 wrote to memory of 1400	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	yCOTlRQ.exe
PID 2352 wrote to memory of 1400	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	yCOTlRQ.exe
PID 2352 wrote to memory of 1400	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	yCOTlRQ.exe
PID 2352 wrote to memory of 1204	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	DeqPOqt.exe
PID 2352 wrote to memory of 1204	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	DeqPOqt.exe
PID 2352 wrote to memory of 1204	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	DeqPOqt.exe
PID 2352 wrote to memory of 1200	2352	2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe	HvOVoQj.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-26_155caa66d594cd19c6e3d94aa84c17f4_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Windows\System\KGoqkbn.exe
  C:\Windows\System\KGoqkbn.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\LWbXjpb.exe
  C:\Windows\System\LWbXjpb.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\xtKpzVi.exe
  C:\Windows\System\xtKpzVi.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\TZjspVX.exe
  C:\Windows\System\TZjspVX.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\RPuQnfS.exe
  C:\Windows\System\RPuQnfS.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\QgLpPEg.exe
  C:\Windows\System\QgLpPEg.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\plndMjF.exe
  C:\Windows\System\plndMjF.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\AKcmQEh.exe
  C:\Windows\System\AKcmQEh.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\KBHxDrH.exe
  C:\Windows\System\KBHxDrH.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\ouJiSKQ.exe
  C:\Windows\System\ouJiSKQ.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\LHKOAcl.exe
  C:\Windows\System\LHKOAcl.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\QQWRKMm.exe
  C:\Windows\System\QQWRKMm.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\ssAdkSn.exe
  C:\Windows\System\ssAdkSn.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\OuboUjH.exe
  C:\Windows\System\OuboUjH.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\fynMmOx.exe
  C:\Windows\System\fynMmOx.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\mCyxSGS.exe
  C:\Windows\System\mCyxSGS.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\sERNEEY.exe
  C:\Windows\System\sERNEEY.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\zPFxuNc.exe
  C:\Windows\System\zPFxuNc.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\RwnDFeV.exe
  C:\Windows\System\RwnDFeV.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\yCOTlRQ.exe
  C:\Windows\System\yCOTlRQ.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\DeqPOqt.exe
  C:\Windows\System\DeqPOqt.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\HvOVoQj.exe
  C:\Windows\System\HvOVoQj.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\ZCDcWPA.exe
  C:\Windows\System\ZCDcWPA.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\BCgbYla.exe
  C:\Windows\System\BCgbYla.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\fpJMppo.exe
  C:\Windows\System\fpJMppo.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\GVuGsQp.exe
  C:\Windows\System\GVuGsQp.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\SAEZQig.exe
  C:\Windows\System\SAEZQig.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\FBbAFGU.exe
  C:\Windows\System\FBbAFGU.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\MeTxgPx.exe
  C:\Windows\System\MeTxgPx.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\BPlsphW.exe
  C:\Windows\System\BPlsphW.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\VBEcedr.exe
  C:\Windows\System\VBEcedr.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\ehWjNLE.exe
  C:\Windows\System\ehWjNLE.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\XSrGWfK.exe
  C:\Windows\System\XSrGWfK.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\tTvdKeO.exe
  C:\Windows\System\tTvdKeO.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\yFbSPwg.exe
  C:\Windows\System\yFbSPwg.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\IDmwSOB.exe
  C:\Windows\System\IDmwSOB.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\zkPDYwA.exe
  C:\Windows\System\zkPDYwA.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\IylYxNe.exe
  C:\Windows\System\IylYxNe.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\YgfVBun.exe
  C:\Windows\System\YgfVBun.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\HWrjSgC.exe
  C:\Windows\System\HWrjSgC.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\EJMbdBT.exe
  C:\Windows\System\EJMbdBT.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\CWuvbDG.exe
  C:\Windows\System\CWuvbDG.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\kmpdDjB.exe
  C:\Windows\System\kmpdDjB.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\hJearYa.exe
  C:\Windows\System\hJearYa.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\ObAIobr.exe
  C:\Windows\System\ObAIobr.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\MZviwpP.exe
  C:\Windows\System\MZviwpP.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\YCgmyWA.exe
  C:\Windows\System\YCgmyWA.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\frTRAwB.exe
  C:\Windows\System\frTRAwB.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\cKYoYVv.exe
  C:\Windows\System\cKYoYVv.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\nZdAnmt.exe
  C:\Windows\System\nZdAnmt.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\hallIiL.exe
  C:\Windows\System\hallIiL.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\ubMMlkj.exe
  C:\Windows\System\ubMMlkj.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\sEcWzAP.exe
  C:\Windows\System\sEcWzAP.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\NLmQgRG.exe
  C:\Windows\System\NLmQgRG.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\MgzVUMs.exe
  C:\Windows\System\MgzVUMs.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\jkeFVlS.exe
  C:\Windows\System\jkeFVlS.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\vppoGYo.exe
  C:\Windows\System\vppoGYo.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\DoXbEke.exe
  C:\Windows\System\DoXbEke.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\OgjXVcz.exe
  C:\Windows\System\OgjXVcz.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\YfxANCR.exe
  C:\Windows\System\YfxANCR.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\YSGIvEA.exe
  C:\Windows\System\YSGIvEA.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\LKJKiSw.exe
  C:\Windows\System\LKJKiSw.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\HYvkYWf.exe
  C:\Windows\System\HYvkYWf.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\jjBHPhD.exe
  C:\Windows\System\jjBHPhD.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\JgxCBja.exe
  C:\Windows\System\JgxCBja.exe
  2⤵
  PID:2604
- C:\Windows\System\wPIhbGz.exe
  C:\Windows\System\wPIhbGz.exe
  2⤵
  PID:2080
- C:\Windows\System\sdFRpgs.exe
  C:\Windows\System\sdFRpgs.exe
  2⤵
  PID:1972
- C:\Windows\System\dmhYkrM.exe
  C:\Windows\System\dmhYkrM.exe
  2⤵
  PID:1728
- C:\Windows\System\crcLCfP.exe
  C:\Windows\System\crcLCfP.exe
  2⤵
  PID:2824
- C:\Windows\System\BwoocQq.exe
  C:\Windows\System\BwoocQq.exe
  2⤵
  PID:1240
- C:\Windows\System\qrqUfHs.exe
  C:\Windows\System\qrqUfHs.exe
  2⤵
  PID:1812
- C:\Windows\System\ypZFVIm.exe
  C:\Windows\System\ypZFVIm.exe
  2⤵
  PID:2740
- C:\Windows\System\fiyyCVo.exe
  C:\Windows\System\fiyyCVo.exe
  2⤵
  PID:1080
- C:\Windows\System\WqkfMYv.exe
  C:\Windows\System\WqkfMYv.exe
  2⤵
  PID:836
- C:\Windows\System\qIIRmsh.exe
  C:\Windows\System\qIIRmsh.exe
  2⤵
  PID:2868
- C:\Windows\System\afBPVbi.exe
  C:\Windows\System\afBPVbi.exe
  2⤵
  PID:1732
- C:\Windows\System\lZQtpSw.exe
  C:\Windows\System\lZQtpSw.exe
  2⤵
  PID:1996
- C:\Windows\System\MPTICgh.exe
  C:\Windows\System\MPTICgh.exe
  2⤵
  PID:1540
- C:\Windows\System\nFgIVST.exe
  C:\Windows\System\nFgIVST.exe
  2⤵
  PID:2232
- C:\Windows\System\iBbNxxy.exe
  C:\Windows\System\iBbNxxy.exe
  2⤵
  PID:1484
- C:\Windows\System\KAypHAx.exe
  C:\Windows\System\KAypHAx.exe
  2⤵
  PID:1304
- C:\Windows\System\GZwSIcK.exe
  C:\Windows\System\GZwSIcK.exe
  2⤵
  PID:984
- C:\Windows\System\ILtwIqs.exe
  C:\Windows\System\ILtwIqs.exe
  2⤵
  PID:1476
- C:\Windows\System\kczathp.exe
  C:\Windows\System\kczathp.exe
  2⤵
  PID:600
- C:\Windows\System\DeUEvFj.exe
  C:\Windows\System\DeUEvFj.exe
  2⤵
  PID:892
- C:\Windows\System\upcBDQL.exe
  C:\Windows\System\upcBDQL.exe
  2⤵
  PID:2936
- C:\Windows\System\RQAOcpF.exe
  C:\Windows\System\RQAOcpF.exe
  2⤵
  PID:2920
- C:\Windows\System\iOyRIUy.exe
  C:\Windows\System\iOyRIUy.exe
  2⤵
  PID:616
- C:\Windows\System\nFTnrpD.exe
  C:\Windows\System\nFTnrpD.exe
  2⤵
  PID:704
- C:\Windows\System\QeMkRKE.exe
  C:\Windows\System\QeMkRKE.exe
  2⤵
  PID:1428
- C:\Windows\System\cAQMyGH.exe
  C:\Windows\System\cAQMyGH.exe
  2⤵
  PID:3036
- C:\Windows\System\xsBgPmP.exe
  C:\Windows\System\xsBgPmP.exe
  2⤵
  PID:1496
- C:\Windows\System\vXhMNWF.exe
  C:\Windows\System\vXhMNWF.exe
  2⤵
  PID:1528
- C:\Windows\System\GdvmnkH.exe
  C:\Windows\System\GdvmnkH.exe
  2⤵
  PID:2264
- C:\Windows\System\XvCIUKA.exe
  C:\Windows\System\XvCIUKA.exe
  2⤵
  PID:2500
- C:\Windows\System\kPAoSpS.exe
  C:\Windows\System\kPAoSpS.exe
  2⤵
  PID:2836
- C:\Windows\System\MXXVdyf.exe
  C:\Windows\System\MXXVdyf.exe
  2⤵
  PID:2832
- C:\Windows\System\prebqDN.exe
  C:\Windows\System\prebqDN.exe
  2⤵
  PID:2772
- C:\Windows\System\LYvaNjB.exe
  C:\Windows\System\LYvaNjB.exe
  2⤵
  PID:2704
- C:\Windows\System\QLYEUvA.exe
  C:\Windows\System\QLYEUvA.exe
  2⤵
  PID:2700
- C:\Windows\System\uOJzYju.exe
  C:\Windows\System\uOJzYju.exe
  2⤵
  PID:1976
- C:\Windows\System\nEjiBct.exe
  C:\Windows\System\nEjiBct.exe
  2⤵
  PID:1672
- C:\Windows\System\AjYadjB.exe
  C:\Windows\System\AjYadjB.exe
  2⤵
  PID:1116
- C:\Windows\System\lFNuvJp.exe
  C:\Windows\System\lFNuvJp.exe
  2⤵
  PID:1816
- C:\Windows\System\dGimwRP.exe
  C:\Windows\System\dGimwRP.exe
  2⤵
  PID:2464
- C:\Windows\System\pilajMS.exe
  C:\Windows\System\pilajMS.exe
  2⤵
  PID:2088
- C:\Windows\System\vJGCKRB.exe
  C:\Windows\System\vJGCKRB.exe
  2⤵
  PID:2444
- C:\Windows\System\Glzqvgu.exe
  C:\Windows\System\Glzqvgu.exe
  2⤵
  PID:844
- C:\Windows\System\KXVkZTH.exe
  C:\Windows\System\KXVkZTH.exe
  2⤵
  PID:1228
- C:\Windows\System\ioNGTId.exe
  C:\Windows\System\ioNGTId.exe
  2⤵
  PID:1580
- C:\Windows\System\SUlFYRM.exe
  C:\Windows\System\SUlFYRM.exe
  2⤵
  PID:1652
- C:\Windows\System\sYcPhJi.exe
  C:\Windows\System\sYcPhJi.exe
  2⤵
  PID:1780
- C:\Windows\System\HNWjRxS.exe
  C:\Windows\System\HNWjRxS.exe
  2⤵
  PID:2132
- C:\Windows\System\pLuhezS.exe
  C:\Windows\System\pLuhezS.exe
  2⤵
  PID:3048
- C:\Windows\System\HltffeQ.exe
  C:\Windows\System\HltffeQ.exe
  2⤵
  PID:2640
- C:\Windows\System\aDhGUEV.exe
  C:\Windows\System\aDhGUEV.exe
  2⤵
  PID:2436
- C:\Windows\System\NZesmJi.exe
  C:\Windows\System\NZesmJi.exe
  2⤵
  PID:1260
- C:\Windows\System\qHhnCdu.exe
  C:\Windows\System\qHhnCdu.exe
  2⤵
  PID:2204
- C:\Windows\System\buzfznM.exe
  C:\Windows\System\buzfznM.exe
  2⤵
  PID:2828
- C:\Windows\System\vnGDxVz.exe
  C:\Windows\System\vnGDxVz.exe
  2⤵
  PID:3092
- C:\Windows\System\jKFsYxD.exe
  C:\Windows\System\jKFsYxD.exe
  2⤵
  PID:3112
- C:\Windows\System\dnkKUFG.exe
  C:\Windows\System\dnkKUFG.exe
  2⤵
  PID:3132
- C:\Windows\System\ZsHsxuy.exe
  C:\Windows\System\ZsHsxuy.exe
  2⤵
  PID:3152
- C:\Windows\System\QTVIIgT.exe
  C:\Windows\System\QTVIIgT.exe
  2⤵
  PID:3176
- C:\Windows\System\GzRYLQq.exe
  C:\Windows\System\GzRYLQq.exe
  2⤵
  PID:3196
- C:\Windows\System\oMFcESZ.exe
  C:\Windows\System\oMFcESZ.exe
  2⤵
  PID:3216
- C:\Windows\System\rUdXgqF.exe
  C:\Windows\System\rUdXgqF.exe
  2⤵
  PID:3240
- C:\Windows\System\hXybqlN.exe
  C:\Windows\System\hXybqlN.exe
  2⤵
  PID:3260
- C:\Windows\System\EHKXnJk.exe
  C:\Windows\System\EHKXnJk.exe
  2⤵
  PID:3280
- C:\Windows\System\SPVXuzY.exe
  C:\Windows\System\SPVXuzY.exe
  2⤵
  PID:3300
- C:\Windows\System\MMChXsA.exe
  C:\Windows\System\MMChXsA.exe
  2⤵
  PID:3320
- C:\Windows\System\ThkHRws.exe
  C:\Windows\System\ThkHRws.exe
  2⤵
  PID:3340
- C:\Windows\System\djBpYdd.exe
  C:\Windows\System\djBpYdd.exe
  2⤵
  PID:3360
- C:\Windows\System\GVStLvK.exe
  C:\Windows\System\GVStLvK.exe
  2⤵
  PID:3380
- C:\Windows\System\SDdGfKq.exe
  C:\Windows\System\SDdGfKq.exe
  2⤵
  PID:3400
- C:\Windows\System\XTIICmQ.exe
  C:\Windows\System\XTIICmQ.exe
  2⤵
  PID:3420
- C:\Windows\System\IcvORiM.exe
  C:\Windows\System\IcvORiM.exe
  2⤵
  PID:3440
- C:\Windows\System\vEigZnQ.exe
  C:\Windows\System\vEigZnQ.exe
  2⤵
  PID:3460
- C:\Windows\System\BhEYjEd.exe
  C:\Windows\System\BhEYjEd.exe
  2⤵
  PID:3480
- C:\Windows\System\rIsvRlt.exe
  C:\Windows\System\rIsvRlt.exe
  2⤵
  PID:3500
- C:\Windows\System\ARDKCTS.exe
  C:\Windows\System\ARDKCTS.exe
  2⤵
  PID:3520
- C:\Windows\System\BuECSEi.exe
  C:\Windows\System\BuECSEi.exe
  2⤵
  PID:3540
- C:\Windows\System\rGMKiqo.exe
  C:\Windows\System\rGMKiqo.exe
  2⤵
  PID:3560
- C:\Windows\System\UXvQUhX.exe
  C:\Windows\System\UXvQUhX.exe
  2⤵
  PID:3580
- C:\Windows\System\rWUHjsR.exe
  C:\Windows\System\rWUHjsR.exe
  2⤵
  PID:3600
- C:\Windows\System\XGarLhN.exe
  C:\Windows\System\XGarLhN.exe
  2⤵
  PID:3620
- C:\Windows\System\BYapCjv.exe
  C:\Windows\System\BYapCjv.exe
  2⤵
  PID:3640
- C:\Windows\System\KWxruZU.exe
  C:\Windows\System\KWxruZU.exe
  2⤵
  PID:3660
- C:\Windows\System\ptSYrJm.exe
  C:\Windows\System\ptSYrJm.exe
  2⤵
  PID:3680
- C:\Windows\System\JBceFUZ.exe
  C:\Windows\System\JBceFUZ.exe
  2⤵
  PID:3700
- C:\Windows\System\IbCRUyR.exe
  C:\Windows\System\IbCRUyR.exe
  2⤵
  PID:3720
- C:\Windows\System\hBWrkwC.exe
  C:\Windows\System\hBWrkwC.exe
  2⤵
  PID:3740
- C:\Windows\System\XSakiMS.exe
  C:\Windows\System\XSakiMS.exe
  2⤵
  PID:3760
- C:\Windows\System\gChJLhP.exe
  C:\Windows\System\gChJLhP.exe
  2⤵
  PID:3784
- C:\Windows\System\zuIrfrn.exe
  C:\Windows\System\zuIrfrn.exe
  2⤵
  PID:3804
- C:\Windows\System\pYnaPOF.exe
  C:\Windows\System\pYnaPOF.exe
  2⤵
  PID:3824
- C:\Windows\System\VABAdLR.exe
  C:\Windows\System\VABAdLR.exe
  2⤵
  PID:3844
- C:\Windows\System\OziBaiK.exe
  C:\Windows\System\OziBaiK.exe
  2⤵
  PID:3868
- C:\Windows\System\FuQevyy.exe
  C:\Windows\System\FuQevyy.exe
  2⤵
  PID:3888
- C:\Windows\System\rtJKCTg.exe
  C:\Windows\System\rtJKCTg.exe
  2⤵
  PID:3908
- C:\Windows\System\JZJNSIq.exe
  C:\Windows\System\JZJNSIq.exe
  2⤵
  PID:3928
- C:\Windows\System\KnAVtJM.exe
  C:\Windows\System\KnAVtJM.exe
  2⤵
  PID:3952
- C:\Windows\System\fnaCezD.exe
  C:\Windows\System\fnaCezD.exe
  2⤵
  PID:3972
- C:\Windows\System\bkAmIvJ.exe
  C:\Windows\System\bkAmIvJ.exe
  2⤵
  PID:3992
- C:\Windows\System\PbZkobU.exe
  C:\Windows\System\PbZkobU.exe
  2⤵
  PID:4012
- C:\Windows\System\WgWOXHz.exe
  C:\Windows\System\WgWOXHz.exe
  2⤵
  PID:4032
- C:\Windows\System\MXOlioq.exe
  C:\Windows\System\MXOlioq.exe
  2⤵
  PID:4052
- C:\Windows\System\UbdpwHZ.exe
  C:\Windows\System\UbdpwHZ.exe
  2⤵
  PID:4072
- C:\Windows\System\RBMmxze.exe
  C:\Windows\System\RBMmxze.exe
  2⤵
  PID:4092
- C:\Windows\System\KHKpetX.exe
  C:\Windows\System\KHKpetX.exe
  2⤵
  PID:2776
- C:\Windows\System\gfmDBVa.exe
  C:\Windows\System\gfmDBVa.exe
  2⤵
  PID:1420
- C:\Windows\System\DWxnEow.exe
  C:\Windows\System\DWxnEow.exe
  2⤵
  PID:2484
- C:\Windows\System\MbxhqZf.exe
  C:\Windows\System\MbxhqZf.exe
  2⤵
  PID:3004
- C:\Windows\System\bzwVPOd.exe
  C:\Windows\System\bzwVPOd.exe
  2⤵
  PID:304
- C:\Windows\System\IvyeLov.exe
  C:\Windows\System\IvyeLov.exe
  2⤵
  PID:1952
- C:\Windows\System\qzjJxkP.exe
  C:\Windows\System\qzjJxkP.exe
  2⤵
  PID:1316
- C:\Windows\System\eJVowwP.exe
  C:\Windows\System\eJVowwP.exe
  2⤵
  PID:1840
- C:\Windows\System\VjZawwT.exe
  C:\Windows\System\VjZawwT.exe
  2⤵
  PID:2160
- C:\Windows\System\bWrwVQh.exe
  C:\Windows\System\bWrwVQh.exe
  2⤵
  PID:828
- C:\Windows\System\dcoKAfO.exe
  C:\Windows\System\dcoKAfO.exe
  2⤵
  PID:2428
- C:\Windows\System\AWrfcDJ.exe
  C:\Windows\System\AWrfcDJ.exe
  2⤵
  PID:1804
- C:\Windows\System\ipxPSBO.exe
  C:\Windows\System\ipxPSBO.exe
  2⤵
  PID:2800
- C:\Windows\System\mqLwEdo.exe
  C:\Windows\System\mqLwEdo.exe
  2⤵
  PID:3108
- C:\Windows\System\serxNGS.exe
  C:\Windows\System\serxNGS.exe
  2⤵
  PID:3124
- C:\Windows\System\igSiQlg.exe
  C:\Windows\System\igSiQlg.exe
  2⤵
  PID:3172
- C:\Windows\System\alhJHvp.exe
  C:\Windows\System\alhJHvp.exe
  2⤵
  PID:3204
- C:\Windows\System\tFSBQui.exe
  C:\Windows\System\tFSBQui.exe
  2⤵
  PID:3248
- C:\Windows\System\rnpTZCY.exe
  C:\Windows\System\rnpTZCY.exe
  2⤵
  PID:3272
- C:\Windows\System\OrXzGiU.exe
  C:\Windows\System\OrXzGiU.exe
  2⤵
  PID:3168
- C:\Windows\System\wOiBANI.exe
  C:\Windows\System\wOiBANI.exe
  2⤵
  PID:3356
- C:\Windows\System\LVrBWJx.exe
  C:\Windows\System\LVrBWJx.exe
  2⤵
  PID:3388
- C:\Windows\System\ROmWMak.exe
  C:\Windows\System\ROmWMak.exe
  2⤵
  PID:3408
- C:\Windows\System\DcbDWjp.exe
  C:\Windows\System\DcbDWjp.exe
  2⤵
  PID:3468
- C:\Windows\System\urwSRmt.exe
  C:\Windows\System\urwSRmt.exe
  2⤵
  PID:3472
- C:\Windows\System\DSuashc.exe
  C:\Windows\System\DSuashc.exe
  2⤵
  PID:3492
- C:\Windows\System\FULYIvu.exe
  C:\Windows\System\FULYIvu.exe
  2⤵
  PID:3532
- C:\Windows\System\zhkcqDr.exe
  C:\Windows\System\zhkcqDr.exe
  2⤵
  PID:3568
- C:\Windows\System\HURIcWx.exe
  C:\Windows\System\HURIcWx.exe
  2⤵
  PID:3616
- C:\Windows\System\OAlbhAS.exe
  C:\Windows\System\OAlbhAS.exe
  2⤵
  PID:3648
- C:\Windows\System\BkJziMq.exe
  C:\Windows\System\BkJziMq.exe
  2⤵
  PID:3672
- C:\Windows\System\MvnAnCi.exe
  C:\Windows\System\MvnAnCi.exe
  2⤵
  PID:3692
- C:\Windows\System\tGDiCvB.exe
  C:\Windows\System\tGDiCvB.exe
  2⤵
  PID:3736
- C:\Windows\System\rpUbMWf.exe
  C:\Windows\System\rpUbMWf.exe
  2⤵
  PID:3780
- C:\Windows\System\PFZaHOG.exe
  C:\Windows\System\PFZaHOG.exe
  2⤵
  PID:3820
- C:\Windows\System\VkIObux.exe
  C:\Windows\System\VkIObux.exe
  2⤵
  PID:3860
- C:\Windows\System\bzdGPsS.exe
  C:\Windows\System\bzdGPsS.exe
  2⤵
  PID:3896
- C:\Windows\System\DzaCYsE.exe
  C:\Windows\System\DzaCYsE.exe
  2⤵
  PID:3920
- C:\Windows\System\vgRImiN.exe
  C:\Windows\System\vgRImiN.exe
  2⤵
  PID:3968
- C:\Windows\System\HszrBWH.exe
  C:\Windows\System\HszrBWH.exe
  2⤵
  PID:4000
- C:\Windows\System\ayjZcnA.exe
  C:\Windows\System\ayjZcnA.exe
  2⤵
  PID:4024
- C:\Windows\System\wZevAJb.exe
  C:\Windows\System\wZevAJb.exe
  2⤵
  PID:4088
- C:\Windows\System\PeszZTe.exe
  C:\Windows\System\PeszZTe.exe
  2⤵
  PID:2588
- C:\Windows\System\hPNxPyK.exe
  C:\Windows\System\hPNxPyK.exe
  2⤵
  PID:2656
- C:\Windows\System\PNMeXXZ.exe
  C:\Windows\System\PNMeXXZ.exe
  2⤵
  PID:2364
- C:\Windows\System\XbYbauE.exe
  C:\Windows\System\XbYbauE.exe
  2⤵
  PID:908
- C:\Windows\System\RDlhDKb.exe
  C:\Windows\System\RDlhDKb.exe
  2⤵
  PID:2560
- C:\Windows\System\KBRHTiL.exe
  C:\Windows\System\KBRHTiL.exe
  2⤵
  PID:1648
- C:\Windows\System\JCMXMac.exe
  C:\Windows\System\JCMXMac.exe
  2⤵
  PID:2472
- C:\Windows\System\UElWgpU.exe
  C:\Windows\System\UElWgpU.exe
  2⤵
  PID:1868
- C:\Windows\System\oxJehit.exe
  C:\Windows\System\oxJehit.exe
  2⤵
  PID:3088
- C:\Windows\System\nUMjYJe.exe
  C:\Windows\System\nUMjYJe.exe
  2⤵
  PID:3160
- C:\Windows\System\GGJnbfx.exe
  C:\Windows\System\GGJnbfx.exe
  2⤵
  PID:3228
- C:\Windows\System\KySnTVM.exe
  C:\Windows\System\KySnTVM.exe
  2⤵
  PID:3256
- C:\Windows\System\gGUUmyf.exe
  C:\Windows\System\gGUUmyf.exe
  2⤵
  PID:3348
- C:\Windows\System\CYGwYms.exe
  C:\Windows\System\CYGwYms.exe
  2⤵
  PID:3428
- C:\Windows\System\RKpUItr.exe
  C:\Windows\System\RKpUItr.exe
  2⤵
  PID:3436
- C:\Windows\System\kELbzIh.exe
  C:\Windows\System\kELbzIh.exe
  2⤵
  PID:3496
- C:\Windows\System\nJjmJfU.exe
  C:\Windows\System\nJjmJfU.exe
  2⤵
  PID:3588
- C:\Windows\System\OjPFUtD.exe
  C:\Windows\System\OjPFUtD.exe
  2⤵
  PID:3592
- C:\Windows\System\ARJgCYk.exe
  C:\Windows\System\ARJgCYk.exe
  2⤵
  PID:3652
- C:\Windows\System\EpImtIC.exe
  C:\Windows\System\EpImtIC.exe
  2⤵
  PID:3748
- C:\Windows\System\BEYYkSW.exe
  C:\Windows\System\BEYYkSW.exe
  2⤵
  PID:3840
- C:\Windows\System\pYMJHRc.exe
  C:\Windows\System\pYMJHRc.exe
  2⤵
  PID:3856
- C:\Windows\System\xGWtdsk.exe
  C:\Windows\System\xGWtdsk.exe
  2⤵
  PID:3940
- C:\Windows\System\CBBYAVH.exe
  C:\Windows\System\CBBYAVH.exe
  2⤵
  PID:4028
- C:\Windows\System\rVUrzTV.exe
  C:\Windows\System\rVUrzTV.exe
  2⤵
  PID:4060
- C:\Windows\System\bZYuGBA.exe
  C:\Windows\System\bZYuGBA.exe
  2⤵
  PID:3800
- C:\Windows\System\gArGuLI.exe
  C:\Windows\System\gArGuLI.exe
  2⤵
  PID:1360
- C:\Windows\System\NvUFASo.exe
  C:\Windows\System\NvUFASo.exe
  2⤵
  PID:536
- C:\Windows\System\bylTFkJ.exe
  C:\Windows\System\bylTFkJ.exe
  2⤵
  PID:4108
- C:\Windows\System\MKErFyS.exe
  C:\Windows\System\MKErFyS.exe
  2⤵
  PID:4128
- C:\Windows\System\qjPnhnM.exe
  C:\Windows\System\qjPnhnM.exe
  2⤵
  PID:4148
- C:\Windows\System\IOQKXPQ.exe
  C:\Windows\System\IOQKXPQ.exe
  2⤵
  PID:4168
- C:\Windows\System\kqfpiNp.exe
  C:\Windows\System\kqfpiNp.exe
  2⤵
  PID:4192
- C:\Windows\System\oyeetvh.exe
  C:\Windows\System\oyeetvh.exe
  2⤵
  PID:4212
- C:\Windows\System\rklGUrA.exe
  C:\Windows\System\rklGUrA.exe
  2⤵
  PID:4232
- C:\Windows\System\dGXnafK.exe
  C:\Windows\System\dGXnafK.exe
  2⤵
  PID:4252
- C:\Windows\System\AUUbgoB.exe
  C:\Windows\System\AUUbgoB.exe
  2⤵
  PID:4272
- C:\Windows\System\lPruidV.exe
  C:\Windows\System\lPruidV.exe
  2⤵
  PID:4292
- C:\Windows\System\gKLRaaG.exe
  C:\Windows\System\gKLRaaG.exe
  2⤵
  PID:4316
- C:\Windows\System\zIreOLL.exe
  C:\Windows\System\zIreOLL.exe
  2⤵
  PID:4336
- C:\Windows\System\vpaATKj.exe
  C:\Windows\System\vpaATKj.exe
  2⤵
  PID:4356
- C:\Windows\System\cLvDeQT.exe
  C:\Windows\System\cLvDeQT.exe
  2⤵
  PID:4380
- C:\Windows\System\UGcTmQN.exe
  C:\Windows\System\UGcTmQN.exe
  2⤵
  PID:4400
- C:\Windows\System\qQetRIv.exe
  C:\Windows\System\qQetRIv.exe
  2⤵
  PID:4420
- C:\Windows\System\jApiKor.exe
  C:\Windows\System\jApiKor.exe
  2⤵
  PID:4440
- C:\Windows\System\JhWFXQs.exe
  C:\Windows\System\JhWFXQs.exe
  2⤵
  PID:4460
- C:\Windows\System\IZOcoCj.exe
  C:\Windows\System\IZOcoCj.exe
  2⤵
  PID:4480
- C:\Windows\System\WLJaVLU.exe
  C:\Windows\System\WLJaVLU.exe
  2⤵
  PID:4500
- C:\Windows\System\GAgrsez.exe
  C:\Windows\System\GAgrsez.exe
  2⤵
  PID:4520
- C:\Windows\System\CnCPfzO.exe
  C:\Windows\System\CnCPfzO.exe
  2⤵
  PID:4540
- C:\Windows\System\nbZxGvv.exe
  C:\Windows\System\nbZxGvv.exe
  2⤵
  PID:4560
- C:\Windows\System\OKmBZCx.exe
  C:\Windows\System\OKmBZCx.exe
  2⤵
  PID:4580
- C:\Windows\System\NpRaCDl.exe
  C:\Windows\System\NpRaCDl.exe
  2⤵
  PID:4600
- C:\Windows\System\EItTuBr.exe
  C:\Windows\System\EItTuBr.exe
  2⤵
  PID:4620
- C:\Windows\System\YiybzoG.exe
  C:\Windows\System\YiybzoG.exe
  2⤵
  PID:4640
- C:\Windows\System\ukdTVto.exe
  C:\Windows\System\ukdTVto.exe
  2⤵
  PID:4660
- C:\Windows\System\QYWqnTK.exe
  C:\Windows\System\QYWqnTK.exe
  2⤵
  PID:4680
- C:\Windows\System\HaEvDOc.exe
  C:\Windows\System\HaEvDOc.exe
  2⤵
  PID:4700
- C:\Windows\System\LgLEWqM.exe
  C:\Windows\System\LgLEWqM.exe
  2⤵
  PID:4720
- C:\Windows\System\auoRDla.exe
  C:\Windows\System\auoRDla.exe
  2⤵
  PID:4740
- C:\Windows\System\NoPEjNk.exe
  C:\Windows\System\NoPEjNk.exe
  2⤵
  PID:4760
- C:\Windows\System\scDtdsc.exe
  C:\Windows\System\scDtdsc.exe
  2⤵
  PID:4780
- C:\Windows\System\uCyKijw.exe
  C:\Windows\System\uCyKijw.exe
  2⤵
  PID:4800
- C:\Windows\System\UBkUawM.exe
  C:\Windows\System\UBkUawM.exe
  2⤵
  PID:4820
- C:\Windows\System\UOHwmxP.exe
  C:\Windows\System\UOHwmxP.exe
  2⤵
  PID:4840
- C:\Windows\System\mhAarAO.exe
  C:\Windows\System\mhAarAO.exe
  2⤵
  PID:4860
- C:\Windows\System\NDETMRh.exe
  C:\Windows\System\NDETMRh.exe
  2⤵
  PID:4880
- C:\Windows\System\FQbrlZy.exe
  C:\Windows\System\FQbrlZy.exe
  2⤵
  PID:4900
- C:\Windows\System\HoLLChI.exe
  C:\Windows\System\HoLLChI.exe
  2⤵
  PID:4920
- C:\Windows\System\VNMoOiu.exe
  C:\Windows\System\VNMoOiu.exe
  2⤵
  PID:4940
- C:\Windows\System\EICIETI.exe
  C:\Windows\System\EICIETI.exe
  2⤵
  PID:4960
- C:\Windows\System\vQepQoF.exe
  C:\Windows\System\vQepQoF.exe
  2⤵
  PID:4980
- C:\Windows\System\XTUUUgI.exe
  C:\Windows\System\XTUUUgI.exe
  2⤵
  PID:5000
- C:\Windows\System\kThfDEg.exe
  C:\Windows\System\kThfDEg.exe
  2⤵
  PID:5024
- C:\Windows\System\WrpyhEK.exe
  C:\Windows\System\WrpyhEK.exe
  2⤵
  PID:5044
- C:\Windows\System\XbOahns.exe
  C:\Windows\System\XbOahns.exe
  2⤵
  PID:5068
- C:\Windows\System\rGyaybT.exe
  C:\Windows\System\rGyaybT.exe
  2⤵
  PID:5088
- C:\Windows\System\GEptsvd.exe
  C:\Windows\System\GEptsvd.exe
  2⤵
  PID:5108
- C:\Windows\System\lYUeWVr.exe
  C:\Windows\System\lYUeWVr.exe
  2⤵
  PID:324
- C:\Windows\System\mZbEITE.exe
  C:\Windows\System\mZbEITE.exe
  2⤵
  PID:2272
- C:\Windows\System\FwEQQpj.exe
  C:\Windows\System\FwEQQpj.exe
  2⤵
  PID:3188
- C:\Windows\System\DeweEzW.exe
  C:\Windows\System\DeweEzW.exe
  2⤵
  PID:3328
- C:\Windows\System\unhBbBG.exe
  C:\Windows\System\unhBbBG.exe
  2⤵
  PID:3432
- C:\Windows\System\rPDaGuc.exe
  C:\Windows\System\rPDaGuc.exe
  2⤵
  PID:3528
- C:\Windows\System\cEtzYeQ.exe
  C:\Windows\System\cEtzYeQ.exe
  2⤵
  PID:3656
- C:\Windows\System\lRAmvGM.exe
  C:\Windows\System\lRAmvGM.exe
  2⤵
  PID:3708
- C:\Windows\System\GAMkcUO.exe
  C:\Windows\System\GAMkcUO.exe
  2⤵
  PID:3832
- C:\Windows\System\aNKGqCG.exe
  C:\Windows\System\aNKGqCG.exe
  2⤵
  PID:3924
- C:\Windows\System\bkncPtE.exe
  C:\Windows\System\bkncPtE.exe
  2⤵
  PID:4020
- C:\Windows\System\ADBCWVm.exe
  C:\Windows\System\ADBCWVm.exe
  2⤵
  PID:4064
- C:\Windows\System\liHOSfy.exe
  C:\Windows\System\liHOSfy.exe
  2⤵
  PID:2468
- C:\Windows\System\msOWGTP.exe
  C:\Windows\System\msOWGTP.exe
  2⤵
  PID:4136
- C:\Windows\System\dzqpBdU.exe
  C:\Windows\System\dzqpBdU.exe
  2⤵
  PID:4156
- C:\Windows\System\SlgVwUp.exe
  C:\Windows\System\SlgVwUp.exe
  2⤵
  PID:4180
- C:\Windows\System\BmgliTP.exe
  C:\Windows\System\BmgliTP.exe
  2⤵
  PID:4228
- C:\Windows\System\HWzfhKT.exe
  C:\Windows\System\HWzfhKT.exe
  2⤵
  PID:4268
- C:\Windows\System\DuGqNuP.exe
  C:\Windows\System\DuGqNuP.exe
  2⤵
  PID:4300
- C:\Windows\System\mMcBTcu.exe
  C:\Windows\System\mMcBTcu.exe
  2⤵
  PID:4332
- C:\Windows\System\WtWnrNw.exe
  C:\Windows\System\WtWnrNw.exe
  2⤵
  PID:4348
- C:\Windows\System\jUNriwb.exe
  C:\Windows\System\jUNriwb.exe
  2⤵
  PID:4396
- C:\Windows\System\hIfFycQ.exe
  C:\Windows\System\hIfFycQ.exe
  2⤵
  PID:4428
- C:\Windows\System\gXJdVjo.exe
  C:\Windows\System\gXJdVjo.exe
  2⤵
  PID:4452
- C:\Windows\System\guYpsaL.exe
  C:\Windows\System\guYpsaL.exe
  2⤵
  PID:4496
- C:\Windows\System\KmmIlQY.exe
  C:\Windows\System\KmmIlQY.exe
  2⤵
  PID:4528
- C:\Windows\System\ufbwjul.exe
  C:\Windows\System\ufbwjul.exe
  2⤵
  PID:4552
- C:\Windows\System\bZeHxAD.exe
  C:\Windows\System\bZeHxAD.exe
  2⤵
  PID:4596
- C:\Windows\System\sHagNSN.exe
  C:\Windows\System\sHagNSN.exe
  2⤵
  PID:4628
- C:\Windows\System\RAdrGSt.exe
  C:\Windows\System\RAdrGSt.exe
  2⤵
  PID:4652
- C:\Windows\System\WWqmXvL.exe
  C:\Windows\System\WWqmXvL.exe
  2⤵
  PID:4696
- C:\Windows\System\bPhFOdO.exe
  C:\Windows\System\bPhFOdO.exe
  2⤵
  PID:4728
- C:\Windows\System\LXGemPp.exe
  C:\Windows\System\LXGemPp.exe
  2⤵
  PID:4752
- C:\Windows\System\ILuvlCt.exe
  C:\Windows\System\ILuvlCt.exe
  2⤵
  PID:4792
- C:\Windows\System\SeskKsr.exe
  C:\Windows\System\SeskKsr.exe
  2⤵
  PID:4836
- C:\Windows\System\QrCalMC.exe
  C:\Windows\System\QrCalMC.exe
  2⤵
  PID:4868
- C:\Windows\System\avBElbT.exe
  C:\Windows\System\avBElbT.exe
  2⤵
  PID:4908
- C:\Windows\System\llPRaSq.exe
  C:\Windows\System\llPRaSq.exe
  2⤵
  PID:4936
- C:\Windows\System\qUAxmUN.exe
  C:\Windows\System\qUAxmUN.exe
  2⤵
  PID:4968
- C:\Windows\System\kJzVnvb.exe
  C:\Windows\System\kJzVnvb.exe
  2⤵
  PID:5008
- C:\Windows\System\NCExvzB.exe
  C:\Windows\System\NCExvzB.exe
  2⤵
  PID:5036
- C:\Windows\System\jauWFBv.exe
  C:\Windows\System\jauWFBv.exe
  2⤵
  PID:5084
- C:\Windows\System\fcrloeR.exe
  C:\Windows\System\fcrloeR.exe
  2⤵
  PID:1608
- C:\Windows\System\bEiATaA.exe
  C:\Windows\System\bEiATaA.exe
  2⤵
  PID:3128
- C:\Windows\System\smhkPER.exe
  C:\Windows\System\smhkPER.exe
  2⤵
  PID:3312
- C:\Windows\System\dmvRBWr.exe
  C:\Windows\System\dmvRBWr.exe
  2⤵
  PID:5020
- C:\Windows\System\PvmENUX.exe
  C:\Windows\System\PvmENUX.exe
  2⤵
  PID:3632
- C:\Windows\System\wtfSKRs.exe
  C:\Windows\System\wtfSKRs.exe
  2⤵
  PID:3728
- C:\Windows\System\PIobvDl.exe
  C:\Windows\System\PIobvDl.exe
  2⤵
  PID:3984
- C:\Windows\System\OhZWvVh.exe
  C:\Windows\System\OhZWvVh.exe
  2⤵
  PID:4068
- C:\Windows\System\FEzswWC.exe
  C:\Windows\System\FEzswWC.exe
  2⤵
  PID:4124
- C:\Windows\System\oVxPOfn.exe
  C:\Windows\System\oVxPOfn.exe
  2⤵
  PID:4208
- C:\Windows\System\LmGbumD.exe
  C:\Windows\System\LmGbumD.exe
  2⤵
  PID:4260
- C:\Windows\System\PijxePS.exe
  C:\Windows\System\PijxePS.exe
  2⤵
  PID:4324
- C:\Windows\System\vxTBNhi.exe
  C:\Windows\System\vxTBNhi.exe
  2⤵
  PID:4376
- C:\Windows\System\jRNkKDE.exe
  C:\Windows\System\jRNkKDE.exe
  2⤵
  PID:4412
- C:\Windows\System\RmvOVeW.exe
  C:\Windows\System\RmvOVeW.exe
  2⤵
  PID:4488
- C:\Windows\System\LgddwMa.exe
  C:\Windows\System\LgddwMa.exe
  2⤵
  PID:4516
- C:\Windows\System\KqIcAxp.exe
  C:\Windows\System\KqIcAxp.exe
  2⤵
  PID:4572
- C:\Windows\System\apmvCAy.exe
  C:\Windows\System\apmvCAy.exe
  2⤵
  PID:4616
- C:\Windows\System\hcmgJvx.exe
  C:\Windows\System\hcmgJvx.exe
  2⤵
  PID:4688
- C:\Windows\System\UZRjFIG.exe
  C:\Windows\System\UZRjFIG.exe
  2⤵
  PID:4716
- C:\Windows\System\zZyMltT.exe
  C:\Windows\System\zZyMltT.exe
  2⤵
  PID:4816
- C:\Windows\System\atUIZmk.exe
  C:\Windows\System\atUIZmk.exe
  2⤵
  PID:4872
- C:\Windows\System\PWdhAzs.exe
  C:\Windows\System\PWdhAzs.exe
  2⤵
  PID:4916
- C:\Windows\System\KBCAIbI.exe
  C:\Windows\System\KBCAIbI.exe
  2⤵
  PID:4932
- C:\Windows\System\IRRstTg.exe
  C:\Windows\System\IRRstTg.exe
  2⤵
  PID:5040
- C:\Windows\System\hAwLnqG.exe
  C:\Windows\System\hAwLnqG.exe
  2⤵
  PID:5096
- C:\Windows\System\gWBzdBE.exe
  C:\Windows\System\gWBzdBE.exe
  2⤵
  PID:3080
- C:\Windows\System\yPzPQww.exe
  C:\Windows\System\yPzPQww.exe
  2⤵
  PID:3368
- C:\Windows\System\cvNzfTa.exe
  C:\Windows\System\cvNzfTa.exe
  2⤵
  PID:3628
- C:\Windows\System\pvUttaf.exe
  C:\Windows\System\pvUttaf.exe
  2⤵
  PID:3900
- C:\Windows\System\MteACNh.exe
  C:\Windows\System\MteACNh.exe
  2⤵
  PID:4116
- C:\Windows\System\wxZvgpM.exe
  C:\Windows\System\wxZvgpM.exe
  2⤵
  PID:4240
- C:\Windows\System\XFfENWi.exe
  C:\Windows\System\XFfENWi.exe
  2⤵
  PID:4188
- C:\Windows\System\vkxveaI.exe
  C:\Windows\System\vkxveaI.exe
  2⤵
  PID:4408
- C:\Windows\System\NdYbTWi.exe
  C:\Windows\System\NdYbTWi.exe
  2⤵
  PID:4456
- C:\Windows\System\rbBOuDG.exe
  C:\Windows\System\rbBOuDG.exe
  2⤵
  PID:5140
- C:\Windows\System\kgxboLw.exe
  C:\Windows\System\kgxboLw.exe
  2⤵
  PID:5160
- C:\Windows\System\wogEQAW.exe
  C:\Windows\System\wogEQAW.exe
  2⤵
  PID:5180
- C:\Windows\System\xEDyrrS.exe
  C:\Windows\System\xEDyrrS.exe
  2⤵
  PID:5200
- C:\Windows\System\cdWdSzn.exe
  C:\Windows\System\cdWdSzn.exe
  2⤵
  PID:5220
- C:\Windows\System\tePUiTU.exe
  C:\Windows\System\tePUiTU.exe
  2⤵
  PID:5240
- C:\Windows\System\tKYAwlX.exe
  C:\Windows\System\tKYAwlX.exe
  2⤵
  PID:5260
- C:\Windows\System\KOHhMCU.exe
  C:\Windows\System\KOHhMCU.exe
  2⤵
  PID:5280
- C:\Windows\System\RPaSEby.exe
  C:\Windows\System\RPaSEby.exe
  2⤵
  PID:5300
- C:\Windows\System\HstrFIg.exe
  C:\Windows\System\HstrFIg.exe
  2⤵
  PID:5320
- C:\Windows\System\jAIJCVV.exe
  C:\Windows\System\jAIJCVV.exe
  2⤵
  PID:5340
- C:\Windows\System\hNEYunN.exe
  C:\Windows\System\hNEYunN.exe
  2⤵
  PID:5360
- C:\Windows\System\nPZpSLG.exe
  C:\Windows\System\nPZpSLG.exe
  2⤵
  PID:5380
- C:\Windows\System\cDJRgte.exe
  C:\Windows\System\cDJRgte.exe
  2⤵
  PID:5404
- C:\Windows\System\ozsvDgk.exe
  C:\Windows\System\ozsvDgk.exe
  2⤵
  PID:5424
- C:\Windows\System\rWxzWTQ.exe
  C:\Windows\System\rWxzWTQ.exe
  2⤵
  PID:5444
- C:\Windows\System\YASHhqd.exe
  C:\Windows\System\YASHhqd.exe
  2⤵
  PID:5464
- C:\Windows\System\PCmGMMo.exe
  C:\Windows\System\PCmGMMo.exe
  2⤵
  PID:5484
- C:\Windows\System\FDwjCMf.exe
  C:\Windows\System\FDwjCMf.exe
  2⤵
  PID:5504
- C:\Windows\System\UctJkhc.exe
  C:\Windows\System\UctJkhc.exe
  2⤵
  PID:5524
- C:\Windows\System\nHOMByf.exe
  C:\Windows\System\nHOMByf.exe
  2⤵
  PID:5544
- C:\Windows\System\GRyAppp.exe
  C:\Windows\System\GRyAppp.exe
  2⤵
  PID:5564
- C:\Windows\System\mnFtxCS.exe
  C:\Windows\System\mnFtxCS.exe
  2⤵
  PID:5584
- C:\Windows\System\ilNprXW.exe
  C:\Windows\System\ilNprXW.exe
  2⤵
  PID:5604
- C:\Windows\System\AtdUZJy.exe
  C:\Windows\System\AtdUZJy.exe
  2⤵
  PID:5624
- C:\Windows\System\tLVpNGZ.exe
  C:\Windows\System\tLVpNGZ.exe
  2⤵
  PID:5648
- C:\Windows\System\vwuBVtN.exe
  C:\Windows\System\vwuBVtN.exe
  2⤵
  PID:5668
- C:\Windows\System\EpZDvGv.exe
  C:\Windows\System\EpZDvGv.exe
  2⤵
  PID:5688
- C:\Windows\System\lDNSJie.exe
  C:\Windows\System\lDNSJie.exe
  2⤵
  PID:5708
- C:\Windows\System\vtJyLpD.exe
  C:\Windows\System\vtJyLpD.exe
  2⤵
  PID:5728
- C:\Windows\System\cQsBnsp.exe
  C:\Windows\System\cQsBnsp.exe
  2⤵
  PID:5748
- C:\Windows\System\EKoHdYV.exe
  C:\Windows\System\EKoHdYV.exe
  2⤵
  PID:5768
- C:\Windows\System\zXigUFP.exe
  C:\Windows\System\zXigUFP.exe
  2⤵
  PID:5788
- C:\Windows\System\AqNsWZH.exe
  C:\Windows\System\AqNsWZH.exe
  2⤵
  PID:5808
- C:\Windows\System\PvTMVpy.exe
  C:\Windows\System\PvTMVpy.exe
  2⤵
  PID:5828
- C:\Windows\System\vyhpYgi.exe
  C:\Windows\System\vyhpYgi.exe
  2⤵
  PID:5848
- C:\Windows\System\hbVYwOr.exe
  C:\Windows\System\hbVYwOr.exe
  2⤵
  PID:5868
- C:\Windows\System\djYewNc.exe
  C:\Windows\System\djYewNc.exe
  2⤵
  PID:5888
- C:\Windows\System\dxtRoHx.exe
  C:\Windows\System\dxtRoHx.exe
  2⤵
  PID:5908
- C:\Windows\System\kefJKHb.exe
  C:\Windows\System\kefJKHb.exe
  2⤵
  PID:5928
- C:\Windows\System\ZajhQQs.exe
  C:\Windows\System\ZajhQQs.exe
  2⤵
  PID:5948
- C:\Windows\System\owDMDSM.exe
  C:\Windows\System\owDMDSM.exe
  2⤵
  PID:5968
- C:\Windows\System\KrSFLmh.exe
  C:\Windows\System\KrSFLmh.exe
  2⤵
  PID:5988
- C:\Windows\System\rzaclyU.exe
  C:\Windows\System\rzaclyU.exe
  2⤵
  PID:6008
- C:\Windows\System\JbCMgBd.exe
  C:\Windows\System\JbCMgBd.exe
  2⤵
  PID:6028
- C:\Windows\System\AvIOLOh.exe
  C:\Windows\System\AvIOLOh.exe
  2⤵
  PID:6048
- C:\Windows\System\SWZXEdB.exe
  C:\Windows\System\SWZXEdB.exe
  2⤵
  PID:6068
- C:\Windows\System\UvrcrVf.exe
  C:\Windows\System\UvrcrVf.exe
  2⤵
  PID:6088
- C:\Windows\System\dlaCixI.exe
  C:\Windows\System\dlaCixI.exe
  2⤵
  PID:6108
- C:\Windows\System\RzJugwA.exe
  C:\Windows\System\RzJugwA.exe
  2⤵
  PID:6128
- C:\Windows\System\NrsNVZC.exe
  C:\Windows\System\NrsNVZC.exe
  2⤵
  PID:4532
- C:\Windows\System\fWSXhiJ.exe
  C:\Windows\System\fWSXhiJ.exe
  2⤵
  PID:4612
- C:\Windows\System\IQTxsTs.exe
  C:\Windows\System\IQTxsTs.exe
  2⤵
  PID:4708
- C:\Windows\System\yWnPPrr.exe
  C:\Windows\System\yWnPPrr.exe
  2⤵
  PID:4748
- C:\Windows\System\lZThhbH.exe
  C:\Windows\System\lZThhbH.exe
  2⤵
  PID:4888
- C:\Windows\System\VimHmkM.exe
  C:\Windows\System\VimHmkM.exe
  2⤵
  PID:4992
- C:\Windows\System\xHbrUpo.exe
  C:\Windows\System\xHbrUpo.exe
  2⤵
  PID:5076
- C:\Windows\System\VdYaGJQ.exe
  C:\Windows\System\VdYaGJQ.exe
  2⤵
  PID:3476
- C:\Windows\System\cCdisZZ.exe
  C:\Windows\System\cCdisZZ.exe
  2⤵
  PID:3792
- C:\Windows\System\nuyUsPY.exe
  C:\Windows\System\nuyUsPY.exe
  2⤵
  PID:1832
- C:\Windows\System\zcAZyxM.exe
  C:\Windows\System\zcAZyxM.exe
  2⤵
  PID:4160
- C:\Windows\System\WiPapKr.exe
  C:\Windows\System\WiPapKr.exe
  2⤵
  PID:4352
- C:\Windows\System\ngLoRpn.exe
  C:\Windows\System\ngLoRpn.exe
  2⤵
  PID:5136
- C:\Windows\System\dRirSEd.exe
  C:\Windows\System\dRirSEd.exe
  2⤵
  PID:5188
- C:\Windows\System\HPpHgiv.exe
  C:\Windows\System\HPpHgiv.exe
  2⤵
  PID:5192
- C:\Windows\System\JAuJDmY.exe
  C:\Windows\System\JAuJDmY.exe
  2⤵
  PID:5212
- C:\Windows\System\hhtyFAF.exe
  C:\Windows\System\hhtyFAF.exe
  2⤵
  PID:5276
- C:\Windows\System\PZpowtN.exe
  C:\Windows\System\PZpowtN.exe
  2⤵
  PID:5316
- C:\Windows\System\yPjvTFD.exe
  C:\Windows\System\yPjvTFD.exe
  2⤵
  PID:5356
- C:\Windows\System\DYzRdSH.exe
  C:\Windows\System\DYzRdSH.exe
  2⤵
  PID:5368
- C:\Windows\System\OszQMQN.exe
  C:\Windows\System\OszQMQN.exe
  2⤵
  PID:5392
- C:\Windows\System\FAeOHCm.exe
  C:\Windows\System\FAeOHCm.exe
  2⤵
  PID:5440
- C:\Windows\System\vHZHHOw.exe
  C:\Windows\System\vHZHHOw.exe
  2⤵
  PID:5456
- C:\Windows\System\nPZKjJl.exe
  C:\Windows\System\nPZKjJl.exe
  2⤵
  PID:5512
- C:\Windows\System\duHYNqp.exe
  C:\Windows\System\duHYNqp.exe
  2⤵
  PID:2632
- C:\Windows\System\NnvIciD.exe
  C:\Windows\System\NnvIciD.exe
  2⤵
  PID:5556
- C:\Windows\System\eQeLYnB.exe
  C:\Windows\System\eQeLYnB.exe
  2⤵
  PID:5592
- C:\Windows\System\usMwkXd.exe
  C:\Windows\System\usMwkXd.exe
  2⤵
  PID:5612
- C:\Windows\System\rwQbyCZ.exe
  C:\Windows\System\rwQbyCZ.exe
  2⤵
  PID:5636
- C:\Windows\System\lNgMMru.exe
  C:\Windows\System\lNgMMru.exe
  2⤵
  PID:5664
- C:\Windows\System\OKKVRGL.exe
  C:\Windows\System\OKKVRGL.exe
  2⤵
  PID:2284
- C:\Windows\System\GaAvNpN.exe
  C:\Windows\System\GaAvNpN.exe
  2⤵
  PID:5724
- C:\Windows\System\OgIjAay.exe
  C:\Windows\System\OgIjAay.exe
  2⤵
  PID:5756
- C:\Windows\System\nUfgJMU.exe
  C:\Windows\System\nUfgJMU.exe
  2⤵
  PID:5784
- C:\Windows\System\HOlRpLm.exe
  C:\Windows\System\HOlRpLm.exe
  2⤵
  PID:5816
- C:\Windows\System\GYsBalC.exe
  C:\Windows\System\GYsBalC.exe
  2⤵
  PID:5840
- C:\Windows\System\bmrVOJz.exe
  C:\Windows\System\bmrVOJz.exe
  2⤵
  PID:5884
- C:\Windows\System\lEXNCVb.exe
  C:\Windows\System\lEXNCVb.exe
  2⤵
  PID:5904
- C:\Windows\System\SagYCMR.exe
  C:\Windows\System\SagYCMR.exe
  2⤵
  PID:5940
- C:\Windows\System\tltogNO.exe
  C:\Windows\System\tltogNO.exe
  2⤵
  PID:5996
- C:\Windows\System\ifNDhBm.exe
  C:\Windows\System\ifNDhBm.exe
  2⤵
  PID:6024
- C:\Windows\System\JjMhPnX.exe
  C:\Windows\System\JjMhPnX.exe
  2⤵
  PID:6056
- C:\Windows\System\SzuRcYm.exe
  C:\Windows\System\SzuRcYm.exe
  2⤵
  PID:6096
- C:\Windows\System\CYMxYHT.exe
  C:\Windows\System\CYMxYHT.exe
  2⤵
  PID:6120
- C:\Windows\System\PwLOGza.exe
  C:\Windows\System\PwLOGza.exe
  2⤵
  PID:4576
- C:\Windows\System\zqwvRsf.exe
  C:\Windows\System\zqwvRsf.exe
  2⤵
  PID:4648
- C:\Windows\System\uVeMcUJ.exe
  C:\Windows\System\uVeMcUJ.exe
  2⤵
  PID:4848
- C:\Windows\System\uPeVOCD.exe
  C:\Windows\System\uPeVOCD.exe
  2⤵
  PID:5064
- C:\Windows\System\yWhJlYz.exe
  C:\Windows\System\yWhJlYz.exe
  2⤵
  PID:3316
- C:\Windows\System\MfgrUrY.exe
  C:\Windows\System\MfgrUrY.exe
  2⤵
  PID:3948
- C:\Windows\System\KQnmxpW.exe
  C:\Windows\System\KQnmxpW.exe
  2⤵
  PID:4308
- C:\Windows\System\RvhyhEx.exe
  C:\Windows\System\RvhyhEx.exe
  2⤵
  PID:4448
- C:\Windows\System\zffOHhT.exe
  C:\Windows\System\zffOHhT.exe
  2⤵
  PID:5216
- C:\Windows\System\VbyZXOK.exe
  C:\Windows\System\VbyZXOK.exe
  2⤵
  PID:5272
- C:\Windows\System\qScLAlW.exe
  C:\Windows\System\qScLAlW.exe
  2⤵
  PID:5308
- C:\Windows\System\TnYytIT.exe
  C:\Windows\System\TnYytIT.exe
  2⤵
  PID:5332
- C:\Windows\System\ICzxrIB.exe
  C:\Windows\System\ICzxrIB.exe
  2⤵
  PID:5432
- C:\Windows\System\PjcuIPy.exe
  C:\Windows\System\PjcuIPy.exe
  2⤵
  PID:5500
- C:\Windows\System\tpncHEs.exe
  C:\Windows\System\tpncHEs.exe
  2⤵
  PID:5552
- C:\Windows\System\CcVDDBo.exe
  C:\Windows\System\CcVDDBo.exe
  2⤵
  PID:5572
- C:\Windows\System\HrWTjjM.exe
  C:\Windows\System\HrWTjjM.exe
  2⤵
  PID:5596
- C:\Windows\System\zrBOeTI.exe
  C:\Windows\System\zrBOeTI.exe
  2⤵
  PID:2392
- C:\Windows\System\RJvvdco.exe
  C:\Windows\System\RJvvdco.exe
  2⤵
  PID:5680
- C:\Windows\System\IgfsXUq.exe
  C:\Windows\System\IgfsXUq.exe
  2⤵
  PID:5740
- C:\Windows\System\UuAwSDj.exe
  C:\Windows\System\UuAwSDj.exe
  2⤵
  PID:1888
- C:\Windows\System\EGJmLlP.exe
  C:\Windows\System\EGJmLlP.exe
  2⤵
  PID:5824
- C:\Windows\System\YDbykhZ.exe
  C:\Windows\System\YDbykhZ.exe
  2⤵
  PID:5896
- C:\Windows\System\cgdzjDt.exe
  C:\Windows\System\cgdzjDt.exe
  2⤵
  PID:5944
- C:\Windows\System\KikufBk.exe
  C:\Windows\System\KikufBk.exe
  2⤵
  PID:6000
- C:\Windows\System\RfcqTKD.exe
  C:\Windows\System\RfcqTKD.exe
  2⤵
  PID:5980
- C:\Windows\System\nNcQFJa.exe
  C:\Windows\System\nNcQFJa.exe
  2⤵
  PID:6116
- C:\Windows\System\ByduJcw.exe
  C:\Windows\System\ByduJcw.exe
  2⤵
  PID:4280
- C:\Windows\System\ffPlNDV.exe
  C:\Windows\System\ffPlNDV.exe
  2⤵
  PID:4952
- C:\Windows\System\dmQohuo.exe
  C:\Windows\System\dmQohuo.exe
  2⤵
  PID:3252
- C:\Windows\System\ouYTztY.exe
  C:\Windows\System\ouYTztY.exe
  2⤵
  PID:4288
- C:\Windows\System\dlIymue.exe
  C:\Windows\System\dlIymue.exe
  2⤵
  PID:5236
- C:\Windows\System\MXEOQQj.exe
  C:\Windows\System\MXEOQQj.exe
  2⤵
  PID:1492
- C:\Windows\System\ECQIbJC.exe
  C:\Windows\System\ECQIbJC.exe
  2⤵
  PID:5352
- C:\Windows\System\njxTIIe.exe
  C:\Windows\System\njxTIIe.exe
  2⤵
  PID:5420
- C:\Windows\System\cbHjVuE.exe
  C:\Windows\System\cbHjVuE.exe
  2⤵
  PID:6084
- C:\Windows\System\eCeacLH.exe
  C:\Windows\System\eCeacLH.exe
  2⤵
  PID:5496
- C:\Windows\System\HqGaIAB.exe
  C:\Windows\System\HqGaIAB.exe
  2⤵
  PID:5616
- C:\Windows\System\iwWpvNM.exe
  C:\Windows\System\iwWpvNM.exe
  2⤵
  PID:3044
- C:\Windows\System\xCpYddh.exe
  C:\Windows\System\xCpYddh.exe
  2⤵
  PID:5776
- C:\Windows\System\lwhbAof.exe
  C:\Windows\System\lwhbAof.exe
  2⤵
  PID:5864
- C:\Windows\System\bsoKDpW.exe
  C:\Windows\System\bsoKDpW.exe
  2⤵
  PID:236
- C:\Windows\System\YcgjooR.exe
  C:\Windows\System\YcgjooR.exe
  2⤵
  PID:6020
- C:\Windows\System\RyoJMUD.exe
  C:\Windows\System\RyoJMUD.exe
  2⤵
  PID:6100
- C:\Windows\System\aurhVCE.exe
  C:\Windows\System\aurhVCE.exe
  2⤵
  PID:4732
- C:\Windows\System\VZIUppq.exe
  C:\Windows\System\VZIUppq.exe
  2⤵
  PID:3148
- C:\Windows\System\CPVEpUU.exe
  C:\Windows\System\CPVEpUU.exe
  2⤵
  PID:6160
- C:\Windows\System\YivScMf.exe
  C:\Windows\System\YivScMf.exe
  2⤵
  PID:6180
- C:\Windows\System\bAzzDlX.exe
  C:\Windows\System\bAzzDlX.exe
  2⤵
  PID:6200
- C:\Windows\System\oZYTcia.exe
  C:\Windows\System\oZYTcia.exe
  2⤵
  PID:6220
- C:\Windows\System\QlsZDOQ.exe
  C:\Windows\System\QlsZDOQ.exe
  2⤵
  PID:6240
- C:\Windows\System\mRRrJoL.exe
  C:\Windows\System\mRRrJoL.exe
  2⤵
  PID:6260
- C:\Windows\System\zCJNoMk.exe
  C:\Windows\System\zCJNoMk.exe
  2⤵
  PID:6280
- C:\Windows\System\zXjSSRQ.exe
  C:\Windows\System\zXjSSRQ.exe
  2⤵
  PID:6300
- C:\Windows\System\dPWaEeN.exe
  C:\Windows\System\dPWaEeN.exe
  2⤵
  PID:6320
- C:\Windows\System\GxWdNVC.exe
  C:\Windows\System\GxWdNVC.exe
  2⤵
  PID:6340
- C:\Windows\System\dgcgGmx.exe
  C:\Windows\System\dgcgGmx.exe
  2⤵
  PID:6360
- C:\Windows\System\XoVmiDQ.exe
  C:\Windows\System\XoVmiDQ.exe
  2⤵
  PID:6380
- C:\Windows\System\AlnfEau.exe
  C:\Windows\System\AlnfEau.exe
  2⤵
  PID:6400
- C:\Windows\System\oGUUOdg.exe
  C:\Windows\System\oGUUOdg.exe
  2⤵
  PID:6424
- C:\Windows\System\VkqIfVF.exe
  C:\Windows\System\VkqIfVF.exe
  2⤵
  PID:6444
- C:\Windows\System\LZenqpr.exe
  C:\Windows\System\LZenqpr.exe
  2⤵
  PID:6464
- C:\Windows\System\nDOhncq.exe
  C:\Windows\System\nDOhncq.exe
  2⤵
  PID:6484
- C:\Windows\System\ZjMGOYd.exe
  C:\Windows\System\ZjMGOYd.exe
  2⤵
  PID:6504
- C:\Windows\System\biqLVAc.exe
  C:\Windows\System\biqLVAc.exe
  2⤵
  PID:6524
- C:\Windows\System\rwIyzzb.exe
  C:\Windows\System\rwIyzzb.exe
  2⤵
  PID:6544
- C:\Windows\System\jhXbOKO.exe
  C:\Windows\System\jhXbOKO.exe
  2⤵
  PID:6564
- C:\Windows\System\hseNnJE.exe
  C:\Windows\System\hseNnJE.exe
  2⤵
  PID:6584
- C:\Windows\System\FaesTzX.exe
  C:\Windows\System\FaesTzX.exe
  2⤵
  PID:6604
- C:\Windows\System\GCydkyq.exe
  C:\Windows\System\GCydkyq.exe
  2⤵
  PID:6624
- C:\Windows\System\lBsghNB.exe
  C:\Windows\System\lBsghNB.exe
  2⤵
  PID:6644
- C:\Windows\System\IJLckjs.exe
  C:\Windows\System\IJLckjs.exe
  2⤵
  PID:6664
- C:\Windows\System\GlksFHp.exe
  C:\Windows\System\GlksFHp.exe
  2⤵
  PID:6684
- C:\Windows\System\RphTyFc.exe
  C:\Windows\System\RphTyFc.exe
  2⤵
  PID:6704
- C:\Windows\System\XoBTKMK.exe
  C:\Windows\System\XoBTKMK.exe
  2⤵
  PID:6724
- C:\Windows\System\ggcVyvD.exe
  C:\Windows\System\ggcVyvD.exe
  2⤵
  PID:6744
- C:\Windows\System\RSGPkir.exe
  C:\Windows\System\RSGPkir.exe
  2⤵
  PID:6764
- C:\Windows\System\QGMIzBy.exe
  C:\Windows\System\QGMIzBy.exe
  2⤵
  PID:6788
- C:\Windows\System\WmuYaAj.exe
  C:\Windows\System\WmuYaAj.exe
  2⤵
  PID:6808
- C:\Windows\System\ELvyYkh.exe
  C:\Windows\System\ELvyYkh.exe
  2⤵
  PID:6828
- C:\Windows\System\GGCTUTo.exe
  C:\Windows\System\GGCTUTo.exe
  2⤵
  PID:6848
- C:\Windows\System\dsrezcb.exe
  C:\Windows\System\dsrezcb.exe
  2⤵
  PID:6868
- C:\Windows\System\gLByuTu.exe
  C:\Windows\System\gLByuTu.exe
  2⤵
  PID:6888
- C:\Windows\System\hRvrFVE.exe
  C:\Windows\System\hRvrFVE.exe
  2⤵
  PID:6908
- C:\Windows\System\fntCoEe.exe
  C:\Windows\System\fntCoEe.exe
  2⤵
  PID:6928
- C:\Windows\System\HIuBYaK.exe
  C:\Windows\System\HIuBYaK.exe
  2⤵
  PID:6948
- C:\Windows\System\RgpnjkS.exe
  C:\Windows\System\RgpnjkS.exe
  2⤵
  PID:6968
- C:\Windows\System\tccOFWO.exe
  C:\Windows\System\tccOFWO.exe
  2⤵
  PID:6988
- C:\Windows\System\lBnQhAm.exe
  C:\Windows\System\lBnQhAm.exe
  2⤵
  PID:7008
- C:\Windows\System\qZyjvUN.exe
  C:\Windows\System\qZyjvUN.exe
  2⤵
  PID:7028
- C:\Windows\System\lQSEwlS.exe
  C:\Windows\System\lQSEwlS.exe
  2⤵
  PID:7048
- C:\Windows\System\SrBmThU.exe
  C:\Windows\System\SrBmThU.exe
  2⤵
  PID:7072
- C:\Windows\System\NERzjUz.exe
  C:\Windows\System\NERzjUz.exe
  2⤵
  PID:7092
- C:\Windows\System\YYdEmqU.exe
  C:\Windows\System\YYdEmqU.exe
  2⤵
  PID:7112
- C:\Windows\System\jnsxobZ.exe
  C:\Windows\System\jnsxobZ.exe
  2⤵
  PID:7132
- C:\Windows\System\IJSEZYk.exe
  C:\Windows\System\IJSEZYk.exe
  2⤵
  PID:7152
- C:\Windows\System\sxATvlr.exe
  C:\Windows\System\sxATvlr.exe
  2⤵
  PID:4988
- C:\Windows\System\rUqUFKG.exe
  C:\Windows\System\rUqUFKG.exe
  2⤵
  PID:5168
- C:\Windows\System\OtKNhWc.exe
  C:\Windows\System\OtKNhWc.exe
  2⤵
  PID:5376
- C:\Windows\System\xBaaXgy.exe
  C:\Windows\System\xBaaXgy.exe
  2⤵
  PID:2016
- C:\Windows\System\LpZnlZQ.exe
  C:\Windows\System\LpZnlZQ.exe
  2⤵
  PID:5632
- C:\Windows\System\kNtQABC.exe
  C:\Windows\System\kNtQABC.exe
  2⤵
  PID:5704
- C:\Windows\System\fIgjfpl.exe
  C:\Windows\System\fIgjfpl.exe
  2⤵
  PID:5800
- C:\Windows\System\euTGzKu.exe
  C:\Windows\System\euTGzKu.exe
  2⤵
  PID:5984
- C:\Windows\System\uzpfUhC.exe
  C:\Windows\System\uzpfUhC.exe
  2⤵
  PID:6080
- C:\Windows\System\SRIHxvd.exe
  C:\Windows\System\SRIHxvd.exe
  2⤵
  PID:3812
- C:\Windows\System\xOIkSpc.exe
  C:\Windows\System\xOIkSpc.exe
  2⤵
  PID:6152
- C:\Windows\System\sjqfOIR.exe
  C:\Windows\System\sjqfOIR.exe
  2⤵
  PID:6192
- C:\Windows\System\sfLcrlR.exe
  C:\Windows\System\sfLcrlR.exe
  2⤵
  PID:6248
- C:\Windows\System\ThcBGSC.exe
  C:\Windows\System\ThcBGSC.exe
  2⤵
  PID:6268
- C:\Windows\System\gCLmOOw.exe
  C:\Windows\System\gCLmOOw.exe
  2⤵
  PID:6296
- C:\Windows\System\uBXWfdg.exe
  C:\Windows\System\uBXWfdg.exe
  2⤵
  PID:6328
- C:\Windows\System\ZPckRBV.exe
  C:\Windows\System\ZPckRBV.exe
  2⤵
  PID:6356
- C:\Windows\System\CDpwmwZ.exe
  C:\Windows\System\CDpwmwZ.exe
  2⤵
  PID:6396
- C:\Windows\System\ZRGDqME.exe
  C:\Windows\System\ZRGDqME.exe
  2⤵
  PID:6432
- C:\Windows\System\EjxEpDt.exe
  C:\Windows\System\EjxEpDt.exe
  2⤵
  PID:6456
- C:\Windows\System\ktyqhws.exe
  C:\Windows\System\ktyqhws.exe
  2⤵
  PID:6496
- C:\Windows\System\BNuZXSp.exe
  C:\Windows\System\BNuZXSp.exe
  2⤵
  PID:6540
- C:\Windows\System\ZAibvtY.exe
  C:\Windows\System\ZAibvtY.exe
  2⤵
  PID:6572
- C:\Windows\System\ljyfhzc.exe
  C:\Windows\System\ljyfhzc.exe
  2⤵
  PID:6596
- C:\Windows\System\hZXMKrn.exe
  C:\Windows\System\hZXMKrn.exe
  2⤵
  PID:6640
- C:\Windows\System\xtTSAMC.exe
  C:\Windows\System\xtTSAMC.exe
  2⤵
  PID:6672
- C:\Windows\System\mEvsEXW.exe
  C:\Windows\System\mEvsEXW.exe
  2⤵
  PID:6696
- C:\Windows\System\nCBLsuO.exe
  C:\Windows\System\nCBLsuO.exe
  2⤵
  PID:6736
- C:\Windows\System\zqaqSsz.exe
  C:\Windows\System\zqaqSsz.exe
  2⤵
  PID:6756
- C:\Windows\System\PVOhZrc.exe
  C:\Windows\System\PVOhZrc.exe
  2⤵
  PID:6824
- C:\Windows\System\HpZFOYz.exe
  C:\Windows\System\HpZFOYz.exe
  2⤵
  PID:6856
- C:\Windows\System\bvcBagW.exe
  C:\Windows\System\bvcBagW.exe
  2⤵
  PID:6884
- C:\Windows\System\yMrtzNz.exe
  C:\Windows\System\yMrtzNz.exe
  2⤵
  PID:6916
- C:\Windows\System\pHRmWRv.exe
  C:\Windows\System\pHRmWRv.exe
  2⤵
  PID:6940
- C:\Windows\System\BFgAiDt.exe
  C:\Windows\System\BFgAiDt.exe
  2⤵
  PID:6984
- C:\Windows\System\XPwyKNx.exe
  C:\Windows\System\XPwyKNx.exe
  2⤵
  PID:7004
- C:\Windows\System\XvNljMR.exe
  C:\Windows\System\XvNljMR.exe
  2⤵
  PID:7056
- C:\Windows\System\ixXDPPN.exe
  C:\Windows\System\ixXDPPN.exe
  2⤵
  PID:7060
- C:\Windows\System\ltjqhZN.exe
  C:\Windows\System\ltjqhZN.exe
  2⤵
  PID:7088
- C:\Windows\System\TbJIFAC.exe
  C:\Windows\System\TbJIFAC.exe
  2⤵
  PID:7140
- C:\Windows\System\rCMdKrd.exe
  C:\Windows\System\rCMdKrd.exe
  2⤵
  PID:5156
- C:\Windows\System\dEVovON.exe
  C:\Windows\System\dEVovON.exe
  2⤵
  PID:5268
- C:\Windows\System\UvruZrE.exe
  C:\Windows\System\UvruZrE.exe
  2⤵
  PID:5536
- C:\Windows\System\uVzEjbk.exe
  C:\Windows\System\uVzEjbk.exe
  2⤵
  PID:5676
- C:\Windows\System\CXoXSaI.exe
  C:\Windows\System\CXoXSaI.exe
  2⤵
  PID:5860
- C:\Windows\System\XsHSaAG.exe
  C:\Windows\System\XsHSaAG.exe
  2⤵
  PID:6140
- C:\Windows\System\YDbQZob.exe
  C:\Windows\System\YDbQZob.exe
  2⤵
  PID:6172
- C:\Windows\System\tSlyHOx.exe
  C:\Windows\System\tSlyHOx.exe
  2⤵
  PID:6228
- C:\Windows\System\zBpIJbl.exe
  C:\Windows\System\zBpIJbl.exe
  2⤵
  PID:5660
- C:\Windows\System\HqKRdXl.exe
  C:\Windows\System\HqKRdXl.exe
  2⤵
  PID:6332
- C:\Windows\System\stbQUhL.exe
  C:\Windows\System\stbQUhL.exe
  2⤵
  PID:6372
- C:\Windows\System\komROja.exe
  C:\Windows\System\komROja.exe
  2⤵
  PID:6416
- C:\Windows\System\hgDZkIY.exe
  C:\Windows\System\hgDZkIY.exe
  2⤵
  PID:6516
- C:\Windows\System\oGaYwMt.exe
  C:\Windows\System\oGaYwMt.exe
  2⤵
  PID:6560
- C:\Windows\System\XoTAqRI.exe
  C:\Windows\System\XoTAqRI.exe
  2⤵
  PID:6632
- C:\Windows\System\uwbTsQu.exe
  C:\Windows\System\uwbTsQu.exe
  2⤵
  PID:6720
- C:\Windows\System\hghhLwM.exe
  C:\Windows\System\hghhLwM.exe
  2⤵
  PID:6716
- C:\Windows\System\WNJRMAp.exe
  C:\Windows\System\WNJRMAp.exe
  2⤵
  PID:6804
- C:\Windows\System\SoQGRbi.exe
  C:\Windows\System\SoQGRbi.exe
  2⤵
  PID:6876
- C:\Windows\System\kDkRhbg.exe
  C:\Windows\System\kDkRhbg.exe
  2⤵
  PID:6944
- C:\Windows\System\vLEWPAt.exe
  C:\Windows\System\vLEWPAt.exe
  2⤵
  PID:6960
- C:\Windows\System\IOZJTMC.exe
  C:\Windows\System\IOZJTMC.exe
  2⤵
  PID:7020
- C:\Windows\System\XvmLICi.exe
  C:\Windows\System\XvmLICi.exe
  2⤵
  PID:7040
- C:\Windows\System\KChtqqx.exe
  C:\Windows\System\KChtqqx.exe
  2⤵
  PID:7128
- C:\Windows\System\RXyUpvQ.exe
  C:\Windows\System\RXyUpvQ.exe
  2⤵
  PID:5328
- C:\Windows\System\yMhOtBB.exe
  C:\Windows\System\yMhOtBB.exe
  2⤵
  PID:1784
- C:\Windows\System\CAgtnSN.exe
  C:\Windows\System\CAgtnSN.exe
  2⤵
  PID:5804
- C:\Windows\System\beLFhCo.exe
  C:\Windows\System\beLFhCo.exe
  2⤵
  PID:5976
- C:\Windows\System\LZjXYSk.exe
  C:\Windows\System\LZjXYSk.exe
  2⤵
  PID:6168
- C:\Windows\System\XgLCzKz.exe
  C:\Windows\System\XgLCzKz.exe
  2⤵
  PID:6232
- C:\Windows\System\uvRpLuz.exe
  C:\Windows\System\uvRpLuz.exe
  2⤵
  PID:6252
- C:\Windows\System\TDCFTjd.exe
  C:\Windows\System\TDCFTjd.exe
  2⤵
  PID:6368
- C:\Windows\System\YaojrUS.exe
  C:\Windows\System\YaojrUS.exe
  2⤵
  PID:6476
- C:\Windows\System\gOgeIsP.exe
  C:\Windows\System\gOgeIsP.exe
  2⤵
  PID:6656
- C:\Windows\System\dmMgadu.exe
  C:\Windows\System\dmMgadu.exe
  2⤵
  PID:6796
- C:\Windows\System\FnSSCpQ.exe
  C:\Windows\System\FnSSCpQ.exe
  2⤵
  PID:6692
- C:\Windows\System\UgxhSrx.exe
  C:\Windows\System\UgxhSrx.exe
  2⤵
  PID:6844
- C:\Windows\System\rVGJLrW.exe
  C:\Windows\System\rVGJLrW.exe
  2⤵
  PID:6920
- C:\Windows\System\TsMoKOt.exe
  C:\Windows\System\TsMoKOt.exe
  2⤵
  PID:7016
- C:\Windows\System\fSsXPUH.exe
  C:\Windows\System\fSsXPUH.exe
  2⤵
  PID:7120
- C:\Windows\System\QRYYyOQ.exe
  C:\Windows\System\QRYYyOQ.exe
  2⤵
  PID:5132
- C:\Windows\System\fmrkRKK.exe
  C:\Windows\System\fmrkRKK.exe
  2⤵
  PID:5560
- C:\Windows\System\DrVgXxj.exe
  C:\Windows\System\DrVgXxj.exe
  2⤵
  PID:6156
- C:\Windows\System\woPUVcs.exe
  C:\Windows\System\woPUVcs.exe
  2⤵
  PID:2608
- C:\Windows\System\gBIgAYb.exe
  C:\Windows\System\gBIgAYb.exe
  2⤵
  PID:6388
- C:\Windows\System\UvHMPZa.exe
  C:\Windows\System\UvHMPZa.exe
  2⤵
  PID:7180
- C:\Windows\System\HkIQCaF.exe
  C:\Windows\System\HkIQCaF.exe
  2⤵
  PID:7200
- C:\Windows\System\gXdmrxh.exe
  C:\Windows\System\gXdmrxh.exe
  2⤵
  PID:7220
- C:\Windows\System\WCYotmC.exe
  C:\Windows\System\WCYotmC.exe
  2⤵
  PID:7240
- C:\Windows\System\HXCcwQM.exe
  C:\Windows\System\HXCcwQM.exe
  2⤵
  PID:7260
- C:\Windows\System\fRgjSzZ.exe
  C:\Windows\System\fRgjSzZ.exe
  2⤵
  PID:7280
- C:\Windows\System\dNNPmcl.exe
  C:\Windows\System\dNNPmcl.exe
  2⤵
  PID:7300
- C:\Windows\System\ZVAbruA.exe
  C:\Windows\System\ZVAbruA.exe
  2⤵
  PID:7320
- C:\Windows\System\gsxHwnJ.exe
  C:\Windows\System\gsxHwnJ.exe
  2⤵
  PID:7340
- C:\Windows\System\TXrJYGl.exe
  C:\Windows\System\TXrJYGl.exe
  2⤵
  PID:7360
- C:\Windows\System\ltRajzC.exe
  C:\Windows\System\ltRajzC.exe
  2⤵
  PID:7380
- C:\Windows\System\WFuatbG.exe
  C:\Windows\System\WFuatbG.exe
  2⤵
  PID:7400
- C:\Windows\System\srDpfOJ.exe
  C:\Windows\System\srDpfOJ.exe
  2⤵
  PID:7420
- C:\Windows\System\iXWvQbo.exe
  C:\Windows\System\iXWvQbo.exe
  2⤵
  PID:7440
- C:\Windows\System\tiVuaCQ.exe
  C:\Windows\System\tiVuaCQ.exe
  2⤵
  PID:7460
- C:\Windows\System\hygQYVx.exe
  C:\Windows\System\hygQYVx.exe
  2⤵
  PID:7480
- C:\Windows\System\kwOdvlJ.exe
  C:\Windows\System\kwOdvlJ.exe
  2⤵
  PID:7500
- C:\Windows\System\jXFYhvN.exe
  C:\Windows\System\jXFYhvN.exe
  2⤵
  PID:7516
- C:\Windows\System\Sbsnokm.exe
  C:\Windows\System\Sbsnokm.exe
  2⤵
  PID:7540
- C:\Windows\System\GuuzAAR.exe
  C:\Windows\System\GuuzAAR.exe
  2⤵
  PID:7560
- C:\Windows\System\ZcdSVbo.exe
  C:\Windows\System\ZcdSVbo.exe
  2⤵
  PID:7584
- C:\Windows\System\YLWKytx.exe
  C:\Windows\System\YLWKytx.exe
  2⤵
  PID:7604
- C:\Windows\System\CRZzgtt.exe
  C:\Windows\System\CRZzgtt.exe
  2⤵
  PID:7624
- C:\Windows\System\bmshHKb.exe
  C:\Windows\System\bmshHKb.exe
  2⤵
  PID:7644
- C:\Windows\System\shZpQYu.exe
  C:\Windows\System\shZpQYu.exe
  2⤵
  PID:7664
- C:\Windows\System\lavAXac.exe
  C:\Windows\System\lavAXac.exe
  2⤵
  PID:7684
- C:\Windows\System\GPgJQDD.exe
  C:\Windows\System\GPgJQDD.exe
  2⤵
  PID:7704
- C:\Windows\System\VTuEeBq.exe
  C:\Windows\System\VTuEeBq.exe
  2⤵
  PID:7724
- C:\Windows\System\kmaZuqS.exe
  C:\Windows\System\kmaZuqS.exe
  2⤵
  PID:7748
- C:\Windows\System\exKTsJL.exe
  C:\Windows\System\exKTsJL.exe
  2⤵
  PID:7768
- C:\Windows\System\cnUoASi.exe
  C:\Windows\System\cnUoASi.exe
  2⤵
  PID:7788
- C:\Windows\System\HPBjuEw.exe
  C:\Windows\System\HPBjuEw.exe
  2⤵
  PID:7808
- C:\Windows\System\SnBrEUR.exe
  C:\Windows\System\SnBrEUR.exe
  2⤵
  PID:7828
- C:\Windows\System\QUCugan.exe
  C:\Windows\System\QUCugan.exe
  2⤵
  PID:7848
- C:\Windows\System\CmMmRpI.exe
  C:\Windows\System\CmMmRpI.exe
  2⤵
  PID:7872
- C:\Windows\System\UqqLMZn.exe
  C:\Windows\System\UqqLMZn.exe
  2⤵
  PID:7892
- C:\Windows\System\NecWWAL.exe
  C:\Windows\System\NecWWAL.exe
  2⤵
  PID:7912
- C:\Windows\System\ryvafBQ.exe
  C:\Windows\System\ryvafBQ.exe
  2⤵
  PID:7932
- C:\Windows\System\BJxtLJR.exe
  C:\Windows\System\BJxtLJR.exe
  2⤵
  PID:7952
- C:\Windows\System\RSUAZoF.exe
  C:\Windows\System\RSUAZoF.exe
  2⤵
  PID:7972
- C:\Windows\System\KHrtraL.exe
  C:\Windows\System\KHrtraL.exe
  2⤵
  PID:7992
- C:\Windows\System\JufxwzM.exe
  C:\Windows\System\JufxwzM.exe
  2⤵
  PID:8012
- C:\Windows\System\EEMnAHc.exe
  C:\Windows\System\EEMnAHc.exe
  2⤵
  PID:8032
- C:\Windows\System\YjTSrmp.exe
  C:\Windows\System\YjTSrmp.exe
  2⤵
  PID:8052
- C:\Windows\System\YklWvEe.exe
  C:\Windows\System\YklWvEe.exe
  2⤵
  PID:8072
- C:\Windows\System\gAmPUex.exe
  C:\Windows\System\gAmPUex.exe
  2⤵
  PID:8092
- C:\Windows\System\LvwvuOu.exe
  C:\Windows\System\LvwvuOu.exe
  2⤵
  PID:8112
- C:\Windows\System\ruTiQSq.exe
  C:\Windows\System\ruTiQSq.exe
  2⤵
  PID:8132
- C:\Windows\System\otrgypN.exe
  C:\Windows\System\otrgypN.exe
  2⤵
  PID:8152
- C:\Windows\System\biQUulK.exe
  C:\Windows\System\biQUulK.exe
  2⤵
  PID:8172
- C:\Windows\System\PxNeYLf.exe
  C:\Windows\System\PxNeYLf.exe
  2⤵
  PID:6576
- C:\Windows\System\freKXvO.exe
  C:\Windows\System\freKXvO.exe
  2⤵
  PID:6700
- C:\Windows\System\tlVwhsL.exe
  C:\Windows\System\tlVwhsL.exe
  2⤵
  PID:6896
- C:\Windows\System\pWhhIhf.exe
  C:\Windows\System\pWhhIhf.exe
  2⤵
  PID:6924
- C:\Windows\System\sflFbjX.exe
  C:\Windows\System\sflFbjX.exe
  2⤵
  PID:6780
- C:\Windows\System\VPmgjcQ.exe
  C:\Windows\System\VPmgjcQ.exe
  2⤵
  PID:7164
- C:\Windows\System\tQHJDCb.exe
  C:\Windows\System\tQHJDCb.exe
  2⤵
  PID:6216
- C:\Windows\System\ZNUPaOW.exe
  C:\Windows\System\ZNUPaOW.exe
  2⤵
  PID:6272
- C:\Windows\System\HjNrwnJ.exe
  C:\Windows\System\HjNrwnJ.exe
  2⤵
  PID:7172
- C:\Windows\System\FCLlTtg.exe
  C:\Windows\System\FCLlTtg.exe
  2⤵
  PID:7192
- C:\Windows\System\NuNxuey.exe
  C:\Windows\System\NuNxuey.exe
  2⤵
  PID:7248
- C:\Windows\System\nlUOiKI.exe
  C:\Windows\System\nlUOiKI.exe
  2⤵
  PID:7288
- C:\Windows\System\pYUxUyA.exe
  C:\Windows\System\pYUxUyA.exe
  2⤵
  PID:7316
- C:\Windows\System\HmzhhDN.exe
  C:\Windows\System\HmzhhDN.exe
  2⤵
  PID:7368
- C:\Windows\System\trTYjFZ.exe
  C:\Windows\System\trTYjFZ.exe
  2⤵
  PID:7356
- C:\Windows\System\aLBWQUy.exe
  C:\Windows\System\aLBWQUy.exe
  2⤵
  PID:7412
- C:\Windows\System\mjyknVA.exe
  C:\Windows\System\mjyknVA.exe
  2⤵
  PID:7432
- C:\Windows\System\ZdwPINN.exe
  C:\Windows\System\ZdwPINN.exe
  2⤵
  PID:7476
- C:\Windows\System\piugefU.exe
  C:\Windows\System\piugefU.exe
  2⤵
  PID:7508
- C:\Windows\System\UzxEJCa.exe
  C:\Windows\System\UzxEJCa.exe
  2⤵
  PID:7528
- C:\Windows\System\ADTDQDZ.exe
  C:\Windows\System\ADTDQDZ.exe
  2⤵
  PID:7552
- C:\Windows\System\iFRRRTb.exe
  C:\Windows\System\iFRRRTb.exe
  2⤵
  PID:7600
- C:\Windows\System\HPTWqZL.exe
  C:\Windows\System\HPTWqZL.exe
  2⤵
  PID:7652
- C:\Windows\System\KQDRatz.exe
  C:\Windows\System\KQDRatz.exe
  2⤵
  PID:7692
- C:\Windows\System\zgmqmVx.exe
  C:\Windows\System\zgmqmVx.exe
  2⤵
  PID:7712
- C:\Windows\System\vRBADDi.exe
  C:\Windows\System\vRBADDi.exe
  2⤵
  PID:3392
- C:\Windows\System\uERKVLd.exe
  C:\Windows\System\uERKVLd.exe
  2⤵
  PID:7776
- C:\Windows\System\mdwczmY.exe
  C:\Windows\System\mdwczmY.exe
  2⤵
  PID:7816
- C:\Windows\System\mYYPxxr.exe
  C:\Windows\System\mYYPxxr.exe
  2⤵
  PID:7836
- C:\Windows\System\TVgpzVp.exe
  C:\Windows\System\TVgpzVp.exe
  2⤵
  PID:7880
- C:\Windows\System\HhoLxcF.exe
  C:\Windows\System\HhoLxcF.exe
  2⤵
  PID:7904
- C:\Windows\System\qxODEra.exe
  C:\Windows\System\qxODEra.exe
  2⤵
  PID:7948
- C:\Windows\System\QLAHogp.exe
  C:\Windows\System\QLAHogp.exe
  2⤵
  PID:7964
- C:\Windows\System\PljJwqR.exe
  C:\Windows\System\PljJwqR.exe
  2⤵
  PID:8020
- C:\Windows\System\YKujJHZ.exe
  C:\Windows\System\YKujJHZ.exe
  2⤵
  PID:8040
- C:\Windows\System\MoRJVJV.exe
  C:\Windows\System\MoRJVJV.exe
  2⤵
  PID:8064
- C:\Windows\System\wohqATm.exe
  C:\Windows\System\wohqATm.exe
  2⤵
  PID:8084
- C:\Windows\System\rdQlJVp.exe
  C:\Windows\System\rdQlJVp.exe
  2⤵
  PID:8120
- C:\Windows\System\uxJDWmn.exe
  C:\Windows\System\uxJDWmn.exe
  2⤵
  PID:8180
- C:\Windows\System\ndqotxu.exe
  C:\Windows\System\ndqotxu.exe
  2⤵
  PID:8164
- C:\Windows\System\LJzynDQ.exe
  C:\Windows\System\LJzynDQ.exe
  2⤵
  PID:6660
- C:\Windows\System\tTOlXYU.exe
  C:\Windows\System\tTOlXYU.exe
  2⤵
  PID:2620
- C:\Windows\System\xSCkzwF.exe
  C:\Windows\System\xSCkzwF.exe
  2⤵
  PID:7036
- C:\Windows\System\FGGttRN.exe
  C:\Windows\System\FGGttRN.exe
  2⤵
  PID:2396
- C:\Windows\System\WQULVby.exe
  C:\Windows\System\WQULVby.exe
  2⤵
  PID:6044
- C:\Windows\System\ZrICFGn.exe
  C:\Windows\System\ZrICFGn.exe
  2⤵
  PID:7228
- C:\Windows\System\mLyeIUe.exe
  C:\Windows\System\mLyeIUe.exe
  2⤵
  PID:7292
- C:\Windows\System\mrdPOgy.exe
  C:\Windows\System\mrdPOgy.exe
  2⤵
  PID:7348
- C:\Windows\System\LVMzfxt.exe
  C:\Windows\System\LVMzfxt.exe
  2⤵
  PID:7388
- C:\Windows\System\DXORpzL.exe
  C:\Windows\System\DXORpzL.exe
  2⤵
  PID:7428
- C:\Windows\System\hXEhffN.exe
  C:\Windows\System\hXEhffN.exe
  2⤵
  PID:7452
- C:\Windows\System\kwCALVI.exe
  C:\Windows\System\kwCALVI.exe
  2⤵
  PID:7556
- C:\Windows\System\TjNawVL.exe
  C:\Windows\System\TjNawVL.exe
  2⤵
  PID:7620
- C:\Windows\System\qvMMIvD.exe
  C:\Windows\System\qvMMIvD.exe
  2⤵
  PID:1884
- C:\Windows\System\yQMaDeK.exe
  C:\Windows\System\yQMaDeK.exe
  2⤵
  PID:7700
- C:\Windows\System\YEuXoUz.exe
  C:\Windows\System\YEuXoUz.exe
  2⤵
  PID:7716
- C:\Windows\System\FAbQQzR.exe
  C:\Windows\System\FAbQQzR.exe
  2⤵
  PID:7804
- C:\Windows\System\wTrDgOz.exe
  C:\Windows\System\wTrDgOz.exe
  2⤵
  PID:7864
- C:\Windows\System\uWScyCm.exe
  C:\Windows\System\uWScyCm.exe
  2⤵
  PID:7900
- C:\Windows\System\bxYbthn.exe
  C:\Windows\System\bxYbthn.exe
  2⤵
  PID:7968
- C:\Windows\System\wmXGvHR.exe
  C:\Windows\System\wmXGvHR.exe
  2⤵
  PID:7984
- C:\Windows\System\aIXCKBa.exe
  C:\Windows\System\aIXCKBa.exe
  2⤵
  PID:8100
- C:\Windows\System\qeOyRAw.exe
  C:\Windows\System\qeOyRAw.exe
  2⤵
  PID:8128
- C:\Windows\System\FDaylhi.exe
  C:\Windows\System\FDaylhi.exe
  2⤵
  PID:1544
- C:\Windows\System\EQpqvmP.exe
  C:\Windows\System\EQpqvmP.exe
  2⤵
  PID:1844
- C:\Windows\System\EYOiVkD.exe
  C:\Windows\System\EYOiVkD.exe
  2⤵
  PID:6492
- C:\Windows\System\CdybIAa.exe
  C:\Windows\System\CdybIAa.exe
  2⤵
  PID:6836
- C:\Windows\System\NkTFDrG.exe
  C:\Windows\System\NkTFDrG.exe
  2⤵
  PID:7144
- C:\Windows\System\ICGcLaf.exe
  C:\Windows\System\ICGcLaf.exe
  2⤵
  PID:7272
- C:\Windows\System\RDdxGAl.exe
  C:\Windows\System\RDdxGAl.exe
  2⤵
  PID:7336
- C:\Windows\System\sObOTGc.exe
  C:\Windows\System\sObOTGc.exe
  2⤵
  PID:7436
- C:\Windows\System\zheZKQU.exe
  C:\Windows\System\zheZKQU.exe
  2⤵
  PID:7532
- C:\Windows\System\QWPlYwB.exe
  C:\Windows\System\QWPlYwB.exe
  2⤵
  PID:1380
- C:\Windows\System\ciAprgA.exe
  C:\Windows\System\ciAprgA.exe
  2⤵
  PID:7672
- C:\Windows\System\BLzVRGU.exe
  C:\Windows\System\BLzVRGU.exe
  2⤵
  PID:1224
- C:\Windows\System\MdIfqZM.exe
  C:\Windows\System\MdIfqZM.exe
  2⤵
  PID:7764
- C:\Windows\System\DAQuHlk.exe
  C:\Windows\System\DAQuHlk.exe
  2⤵
  PID:7884
- C:\Windows\System\XhikrNB.exe
  C:\Windows\System\XhikrNB.exe
  2⤵
  PID:8024
- C:\Windows\System\knKzfyb.exe
  C:\Windows\System\knKzfyb.exe
  2⤵
  PID:8048
- C:\Windows\System\jitTaTf.exe
  C:\Windows\System\jitTaTf.exe
  2⤵
  PID:376
- C:\Windows\System\sIvgIVa.exe
  C:\Windows\System\sIvgIVa.exe
  2⤵
  PID:8160
- C:\Windows\System\OobLiSp.exe
  C:\Windows\System\OobLiSp.exe
  2⤵
  PID:2880
- C:\Windows\System\aafyheW.exe
  C:\Windows\System\aafyheW.exe
  2⤵
  PID:1712
- C:\Windows\System\cZOPeIm.exe
  C:\Windows\System\cZOPeIm.exe
  2⤵
  PID:5780
- C:\Windows\System\VNRUdox.exe
  C:\Windows\System\VNRUdox.exe
  2⤵
  PID:7216
- C:\Windows\System\DvgmxbF.exe
  C:\Windows\System\DvgmxbF.exe
  2⤵
  PID:1472
- C:\Windows\System\vVrognG.exe
  C:\Windows\System\vVrognG.exe
  2⤵
  PID:7252
- C:\Windows\System\SkSaXQy.exe
  C:\Windows\System\SkSaXQy.exe
  2⤵
  PID:2676
- C:\Windows\System\gMkwzzy.exe
  C:\Windows\System\gMkwzzy.exe
  2⤵
  PID:7592
- C:\Windows\System\SUmBIQy.exe
  C:\Windows\System\SUmBIQy.exe
  2⤵
  PID:2940
- C:\Windows\System\cuYWZGd.exe
  C:\Windows\System\cuYWZGd.exe
  2⤵
  PID:7760
- C:\Windows\System\WtPvHBo.exe
  C:\Windows\System\WtPvHBo.exe
  2⤵
  PID:2276
- C:\Windows\System\cdbUAEm.exe
  C:\Windows\System\cdbUAEm.exe
  2⤵
  PID:2300
- C:\Windows\System\IWsUkLD.exe
  C:\Windows\System\IWsUkLD.exe
  2⤵
  PID:7276
- C:\Windows\System\URslAYG.exe
  C:\Windows\System\URslAYG.exe
  2⤵
  PID:2336
- C:\Windows\System\XmVaSTA.exe
  C:\Windows\System\XmVaSTA.exe
  2⤵
  PID:2596
- C:\Windows\System\WNkypmD.exe
  C:\Windows\System\WNkypmD.exe
  2⤵
  PID:8028
- C:\Windows\System\FcSTJVn.exe
  C:\Windows\System\FcSTJVn.exe
  2⤵
  PID:1656
- C:\Windows\System\XwERSmm.exe
  C:\Windows\System\XwERSmm.exe
  2⤵
  PID:6816
- C:\Windows\System\battNpI.exe
  C:\Windows\System\battNpI.exe
  2⤵
  PID:7416
- C:\Windows\System\zTwxEnl.exe
  C:\Windows\System\zTwxEnl.exe
  2⤵
  PID:1160
- C:\Windows\System\PKRosPF.exe
  C:\Windows\System\PKRosPF.exe
  2⤵
  PID:7568
- C:\Windows\System\mZQWgoB.exe
  C:\Windows\System\mZQWgoB.exe
  2⤵
  PID:8168
- C:\Windows\System\yDHBOxc.exe
  C:\Windows\System\yDHBOxc.exe
  2⤵
  PID:2644
- C:\Windows\System\vIkVXqA.exe
  C:\Windows\System\vIkVXqA.exe
  2⤵
  PID:7512
- C:\Windows\System\zvNOnMj.exe
  C:\Windows\System\zvNOnMj.exe
  2⤵
  PID:8124
- C:\Windows\System\uPLMPGP.exe
  C:\Windows\System\uPLMPGP.exe
  2⤵
  PID:7352
- C:\Windows\System\jcmBxVq.exe
  C:\Windows\System\jcmBxVq.exe
  2⤵
  PID:7744
- C:\Windows\System\ZNrCNJe.exe
  C:\Windows\System\ZNrCNJe.exe
  2⤵
  PID:2788
- C:\Windows\System\uAAQSgt.exe
  C:\Windows\System\uAAQSgt.exe
  2⤵
  PID:1588
- C:\Windows\System\jmuWPRr.exe
  C:\Windows\System\jmuWPRr.exe
  2⤵
  PID:8068
- C:\Windows\System\tBetsgS.exe
  C:\Windows\System\tBetsgS.exe
  2⤵
  PID:7676
- C:\Windows\System\XVKOHtE.exe
  C:\Windows\System\XVKOHtE.exe
  2⤵
  PID:756
- C:\Windows\System\JfMzdiv.exe
  C:\Windows\System\JfMzdiv.exe
  2⤵
  PID:8220
- C:\Windows\System\YKtvQQF.exe
  C:\Windows\System\YKtvQQF.exe
  2⤵
  PID:8236
- C:\Windows\System\hDuRBNH.exe
  C:\Windows\System\hDuRBNH.exe
  2⤵
  PID:8260
- C:\Windows\System\WonKpCC.exe
  C:\Windows\System\WonKpCC.exe
  2⤵
  PID:8276
- C:\Windows\System\vpFlZEh.exe
  C:\Windows\System\vpFlZEh.exe
  2⤵
  PID:8292
- C:\Windows\System\HvsiDnR.exe
  C:\Windows\System\HvsiDnR.exe
  2⤵
  PID:8316
- C:\Windows\System\NywNImO.exe
  C:\Windows\System\NywNImO.exe
  2⤵
  PID:8336
- C:\Windows\System\WMUqquK.exe
  C:\Windows\System\WMUqquK.exe
  2⤵
  PID:8352
- C:\Windows\System\OGhNhLi.exe
  C:\Windows\System\OGhNhLi.exe
  2⤵
  PID:8368
- C:\Windows\System\EhXcbLB.exe
  C:\Windows\System\EhXcbLB.exe
  2⤵
  PID:8392
- C:\Windows\System\VUEFxvf.exe
  C:\Windows\System\VUEFxvf.exe
  2⤵
  PID:8408
- C:\Windows\System\TpAlDFV.exe
  C:\Windows\System\TpAlDFV.exe
  2⤵
  PID:8440
- C:\Windows\System\FnAEVPG.exe
  C:\Windows\System\FnAEVPG.exe
  2⤵
  PID:8460
- C:\Windows\System\iaURfBL.exe
  C:\Windows\System\iaURfBL.exe
  2⤵
  PID:8476
- C:\Windows\System\RMblMxa.exe
  C:\Windows\System\RMblMxa.exe
  2⤵
  PID:8492
- C:\Windows\System\nFKoDQS.exe
  C:\Windows\System\nFKoDQS.exe
  2⤵
  PID:8512
- C:\Windows\System\rQpmXRM.exe
  C:\Windows\System\rQpmXRM.exe
  2⤵
  PID:8544
- C:\Windows\System\LXMdgOg.exe
  C:\Windows\System\LXMdgOg.exe
  2⤵
  PID:8576
- C:\Windows\System\sjJzspD.exe
  C:\Windows\System\sjJzspD.exe
  2⤵
  PID:8600
- C:\Windows\System\CXiwjis.exe
  C:\Windows\System\CXiwjis.exe
  2⤵
  PID:8616
- C:\Windows\System\RoMsywZ.exe
  C:\Windows\System\RoMsywZ.exe
  2⤵
  PID:8632
- C:\Windows\System\VnRbyou.exe
  C:\Windows\System\VnRbyou.exe
  2⤵
  PID:8648
- C:\Windows\System\gJeDBaq.exe
  C:\Windows\System\gJeDBaq.exe
  2⤵
  PID:8664
- C:\Windows\System\cZBKxRB.exe
  C:\Windows\System\cZBKxRB.exe
  2⤵
  PID:8704
- C:\Windows\System\YaMyTod.exe
  C:\Windows\System\YaMyTod.exe
  2⤵
  PID:8720
- C:\Windows\System\GBmjtsq.exe
  C:\Windows\System\GBmjtsq.exe
  2⤵
  PID:8740
- C:\Windows\System\ThMaYcq.exe
  C:\Windows\System\ThMaYcq.exe
  2⤵
  PID:8756
- C:\Windows\System\EuyTZNl.exe
  C:\Windows\System\EuyTZNl.exe
  2⤵
  PID:8776
- C:\Windows\System\KgulzOI.exe
  C:\Windows\System\KgulzOI.exe
  2⤵
  PID:8792
- C:\Windows\System\AtDeiwv.exe
  C:\Windows\System\AtDeiwv.exe
  2⤵
  PID:8812
- C:\Windows\System\RXXhkzl.exe
  C:\Windows\System\RXXhkzl.exe
  2⤵
  PID:8828
- C:\Windows\System\iDRDLoX.exe
  C:\Windows\System\iDRDLoX.exe
  2⤵
  PID:8844
- C:\Windows\System\EFtYBcm.exe
  C:\Windows\System\EFtYBcm.exe
  2⤵
  PID:8860
- C:\Windows\System\mggDqHQ.exe
  C:\Windows\System\mggDqHQ.exe
  2⤵
  PID:8896
- C:\Windows\System\dCFxshg.exe
  C:\Windows\System\dCFxshg.exe
  2⤵
  PID:8916
- C:\Windows\System\riAEZtO.exe
  C:\Windows\System\riAEZtO.exe
  2⤵
  PID:8936
- C:\Windows\System\UFbhDmu.exe
  C:\Windows\System\UFbhDmu.exe
  2⤵
  PID:8952
- C:\Windows\System\WWyPlWB.exe
  C:\Windows\System\WWyPlWB.exe
  2⤵
  PID:8968
- C:\Windows\System\UbzCZhS.exe
  C:\Windows\System\UbzCZhS.exe
  2⤵
  PID:8984
- C:\Windows\System\RhyXhLG.exe
  C:\Windows\System\RhyXhLG.exe
  2⤵
  PID:9004
- C:\Windows\System\bLZXNSL.exe
  C:\Windows\System\bLZXNSL.exe
  2⤵
  PID:9032
- C:\Windows\System\VWrPfRD.exe
  C:\Windows\System\VWrPfRD.exe
  2⤵
  PID:9048
- C:\Windows\System\CCXNGWC.exe
  C:\Windows\System\CCXNGWC.exe
  2⤵
  PID:9068
- C:\Windows\System\kKfNekS.exe
  C:\Windows\System\kKfNekS.exe
  2⤵
  PID:9104
- C:\Windows\System\RQtGWBP.exe
  C:\Windows\System\RQtGWBP.exe
  2⤵
  PID:9144
- C:\Windows\System\DRzAaOY.exe
  C:\Windows\System\DRzAaOY.exe
  2⤵
  PID:9160
- C:\Windows\System\ifbAhom.exe
  C:\Windows\System\ifbAhom.exe
  2⤵
  PID:9176
- C:\Windows\System\csZnMEz.exe
  C:\Windows\System\csZnMEz.exe
  2⤵
  PID:9192
- C:\Windows\System\ghVppRU.exe
  C:\Windows\System\ghVppRU.exe
  2⤵
  PID:9212
- C:\Windows\System\SAmaREV.exe
  C:\Windows\System\SAmaREV.exe
  2⤵
  PID:8268
- C:\Windows\System\eFGwHZh.exe
  C:\Windows\System\eFGwHZh.exe
  2⤵
  PID:1632
- C:\Windows\System\PoVgIQk.exe
  C:\Windows\System\PoVgIQk.exe
  2⤵
  PID:8348
- C:\Windows\System\XrqYpcN.exe
  C:\Windows\System\XrqYpcN.exe
  2⤵
  PID:8208
- C:\Windows\System\IIqMNsA.exe
  C:\Windows\System\IIqMNsA.exe
  2⤵
  PID:8388
- C:\Windows\System\cvjtjDK.exe
  C:\Windows\System\cvjtjDK.exe
  2⤵
  PID:8252
- C:\Windows\System\vFsnxZD.exe
  C:\Windows\System\vFsnxZD.exe
  2⤵
  PID:8364
- C:\Windows\System\qmKzHxe.exe
  C:\Windows\System\qmKzHxe.exe
  2⤵
  PID:8428
- C:\Windows\System\mGtjcOI.exe
  C:\Windows\System\mGtjcOI.exe
  2⤵
  PID:8468
- C:\Windows\System\FDPPRfy.exe
  C:\Windows\System\FDPPRfy.exe
  2⤵
  PID:8508
- C:\Windows\System\nZstaTg.exe
  C:\Windows\System\nZstaTg.exe
  2⤵
  PID:8520
- C:\Windows\System\jmUYldx.exe
  C:\Windows\System\jmUYldx.exe
  2⤵
  PID:8540
- C:\Windows\System\CURlmIE.exe
  C:\Windows\System\CURlmIE.exe
  2⤵
  PID:7940
- C:\Windows\System\yGxHJZO.exe
  C:\Windows\System\yGxHJZO.exe
  2⤵
  PID:8608
- C:\Windows\System\SCILRXK.exe
  C:\Windows\System\SCILRXK.exe
  2⤵
  PID:8640
- C:\Windows\System\QyZZdrU.exe
  C:\Windows\System\QyZZdrU.exe
  2⤵
  PID:8660
- C:\Windows\System\uWfiMhf.exe
  C:\Windows\System\uWfiMhf.exe
  2⤵
  PID:8696
- C:\Windows\System\lELHAsx.exe
  C:\Windows\System\lELHAsx.exe
  2⤵
  PID:8716
- C:\Windows\System\DosiVkp.exe
  C:\Windows\System\DosiVkp.exe
  2⤵
  PID:8784
- C:\Windows\System\jUvJAdw.exe
  C:\Windows\System\jUvJAdw.exe
  2⤵
  PID:8788
- C:\Windows\System\aNOfedk.exe
  C:\Windows\System\aNOfedk.exe
  2⤵
  PID:8880
- C:\Windows\System\catgnWW.exe
  C:\Windows\System\catgnWW.exe
  2⤵
  PID:8928
- C:\Windows\System\XRNbpwl.exe
  C:\Windows\System\XRNbpwl.exe
  2⤵
  PID:8992
- C:\Windows\System\pouXOKp.exe
  C:\Windows\System\pouXOKp.exe
  2⤵
  PID:9040
- C:\Windows\System\ddsKJvC.exe
  C:\Windows\System\ddsKJvC.exe
  2⤵
  PID:8904
- C:\Windows\System\nHAyicj.exe
  C:\Windows\System\nHAyicj.exe
  2⤵
  PID:9088
- C:\Windows\System\DTUckAB.exe
  C:\Windows\System\DTUckAB.exe
  2⤵
  PID:8944
- C:\Windows\System\AkdRadw.exe
  C:\Windows\System\AkdRadw.exe
  2⤵
  PID:9064
- C:\Windows\System\QpMblbT.exe
  C:\Windows\System\QpMblbT.exe
  2⤵
  PID:8692
- C:\Windows\System\bfqMKzW.exe
  C:\Windows\System\bfqMKzW.exe
  2⤵
  PID:9188
- C:\Windows\System\rSHjRlI.exe
  C:\Windows\System\rSHjRlI.exe
  2⤵
  PID:8228
- C:\Windows\System\ELqnlsz.exe
  C:\Windows\System\ELqnlsz.exe
  2⤵
  PID:9208
- C:\Windows\System\XlaBasE.exe
  C:\Windows\System\XlaBasE.exe
  2⤵
  PID:8200
- C:\Windows\System\fPgTjFg.exe
  C:\Windows\System\fPgTjFg.exe
  2⤵
  PID:7908
- C:\Windows\System\SkRfCkh.exe
  C:\Windows\System\SkRfCkh.exe
  2⤵
  PID:7492
- C:\Windows\System\gffiQHM.exe
  C:\Windows\System\gffiQHM.exe
  2⤵
  PID:7820
- C:\Windows\System\DXSnFmh.exe
  C:\Windows\System\DXSnFmh.exe
  2⤵
  PID:8216
- C:\Windows\System\OjuScaZ.exe
  C:\Windows\System\OjuScaZ.exe
  2⤵
  PID:8436
- C:\Windows\System\jicMTha.exe
  C:\Windows\System\jicMTha.exe
  2⤵
  PID:8500
- C:\Windows\System\CxmHvuC.exe
  C:\Windows\System\CxmHvuC.exe
  2⤵
  PID:8524
- C:\Windows\System\WYyaXei.exe
  C:\Windows\System\WYyaXei.exe
  2⤵
  PID:8572
- C:\Windows\System\bHWzAaP.exe
  C:\Windows\System\bHWzAaP.exe
  2⤵
  PID:8688
- C:\Windows\System\GoLMnHv.exe
  C:\Windows\System\GoLMnHv.exe
  2⤵
  PID:8768
- C:\Windows\System\oRqcYDO.exe
  C:\Windows\System\oRqcYDO.exe
  2⤵
  PID:8732
- C:\Windows\System\KrPuMzX.exe
  C:\Windows\System\KrPuMzX.exe
  2⤵
  PID:8836
- C:\Windows\System\VYEjhQc.exe
  C:\Windows\System\VYEjhQc.exe
  2⤵
  PID:8852
- C:\Windows\System\bbXPQSe.exe
  C:\Windows\System\bbXPQSe.exe
  2⤵
  PID:8892
- C:\Windows\System\AalEOXL.exe
  C:\Windows\System\AalEOXL.exe
  2⤵
  PID:8824
- C:\Windows\System\reKRwTg.exe
  C:\Windows\System\reKRwTg.exe
  2⤵
  PID:9112
- C:\Windows\System\AjoIsSF.exe
  C:\Windows\System\AjoIsSF.exe
  2⤵
  PID:9140
- C:\Windows\System\DlXIJMf.exe
  C:\Windows\System\DlXIJMf.exe
  2⤵
  PID:8256
- C:\Windows\System\EVDuaNJ.exe
  C:\Windows\System\EVDuaNJ.exe
  2⤵
  PID:8332
- C:\Windows\System\eyEKOvF.exe
  C:\Windows\System\eyEKOvF.exe
  2⤵
  PID:8400
- C:\Windows\System\wVzbREq.exe
  C:\Windows\System\wVzbREq.exe
  2⤵
  PID:8560
- C:\Windows\System\BnONxDQ.exe
  C:\Windows\System\BnONxDQ.exe
  2⤵
  PID:8808
- C:\Windows\System\ponhVIV.exe
  C:\Windows\System\ponhVIV.exe
  2⤵
  PID:8384
- C:\Windows\System\yWfuuWD.exe
  C:\Windows\System\yWfuuWD.exe
  2⤵
  PID:9124
- C:\Windows\System\OMLsKLm.exe
  C:\Windows\System\OMLsKLm.exe
  2⤵
  PID:8532
- C:\Windows\System\RJDaMqr.exe
  C:\Windows\System\RJDaMqr.exe
  2⤵
  PID:8728
- C:\Windows\System\uLLluGD.exe
  C:\Windows\System\uLLluGD.exe
  2⤵
  PID:8976
- C:\Windows\System\bfRycUm.exe
  C:\Windows\System\bfRycUm.exe
  2⤵
  PID:8980
- C:\Windows\System\HqAPzzd.exe
  C:\Windows\System\HqAPzzd.exe
  2⤵
  PID:9016
- C:\Windows\System\lgLyBZK.exe
  C:\Windows\System\lgLyBZK.exe
  2⤵
  PID:9120
- C:\Windows\System\meJLBuT.exe
  C:\Windows\System\meJLBuT.exe
  2⤵
  PID:8448
- C:\Windows\System\Mpdlyma.exe
  C:\Windows\System\Mpdlyma.exe
  2⤵
  PID:8840
- C:\Windows\System\pmLBKrE.exe
  C:\Windows\System\pmLBKrE.exe
  2⤵
  PID:8712
- C:\Windows\System\yRZUDOj.exe
  C:\Windows\System\yRZUDOj.exe
  2⤵
  PID:9084
- C:\Windows\System\KGsXIsq.exe
  C:\Windows\System\KGsXIsq.exe
  2⤵
  PID:8628
- C:\Windows\System\PdObylb.exe
  C:\Windows\System\PdObylb.exe
  2⤵
  PID:8884
- C:\Windows\System\yfmaIBm.exe
  C:\Windows\System\yfmaIBm.exe
  2⤵
  PID:9024
- C:\Windows\System\uyyesWU.exe
  C:\Windows\System\uyyesWU.exe
  2⤵
  PID:8564
- C:\Windows\System\udaoabO.exe
  C:\Windows\System\udaoabO.exe
  2⤵
  PID:8432
- C:\Windows\System\KaLUzpH.exe
  C:\Windows\System\KaLUzpH.exe
  2⤵
  PID:8924
- C:\Windows\System\qggrMIk.exe
  C:\Windows\System\qggrMIk.exe
  2⤵
  PID:8960
- C:\Windows\System\FQYwijG.exe
  C:\Windows\System\FQYwijG.exe
  2⤵
  PID:9092
- C:\Windows\System\rRhexNs.exe
  C:\Windows\System\rRhexNs.exe
  2⤵
  PID:9200
- C:\Windows\System\XKihRIX.exe
  C:\Windows\System\XKihRIX.exe
  2⤵
  PID:9252
- C:\Windows\System\ZafxSCz.exe
  C:\Windows\System\ZafxSCz.exe
  2⤵
  PID:9268
- C:\Windows\System\FRbbcJL.exe
  C:\Windows\System\FRbbcJL.exe
  2⤵
  PID:9288
- C:\Windows\System\dJATxFe.exe
  C:\Windows\System\dJATxFe.exe
  2⤵
  PID:9308
- C:\Windows\System\UUJvxdN.exe
  C:\Windows\System\UUJvxdN.exe
  2⤵
  PID:9328
- C:\Windows\System\gyAwBqt.exe
  C:\Windows\System\gyAwBqt.exe
  2⤵
  PID:9348
- C:\Windows\System\eoQvdwI.exe
  C:\Windows\System\eoQvdwI.exe
  2⤵
  PID:9364
- C:\Windows\System\XQlogNf.exe
  C:\Windows\System\XQlogNf.exe
  2⤵
  PID:9380
- C:\Windows\System\XPbkJEc.exe
  C:\Windows\System\XPbkJEc.exe
  2⤵
  PID:9404
- C:\Windows\System\UGkilza.exe
  C:\Windows\System\UGkilza.exe
  2⤵
  PID:9428
- C:\Windows\System\vQmmhBb.exe
  C:\Windows\System\vQmmhBb.exe
  2⤵
  PID:9444
- C:\Windows\System\GRhRudF.exe
  C:\Windows\System\GRhRudF.exe
  2⤵
  PID:9460
- C:\Windows\System\muTLVCK.exe
  C:\Windows\System\muTLVCK.exe
  2⤵
  PID:9480
- C:\Windows\System\UUZMVAV.exe
  C:\Windows\System\UUZMVAV.exe
  2⤵
  PID:9500
- C:\Windows\System\ikfnTQq.exe
  C:\Windows\System\ikfnTQq.exe
  2⤵
  PID:9532
- C:\Windows\System\yFzLdmQ.exe
  C:\Windows\System\yFzLdmQ.exe
  2⤵
  PID:9548
- C:\Windows\System\bHTeSWA.exe
  C:\Windows\System\bHTeSWA.exe
  2⤵
  PID:9572
- C:\Windows\System\SKsHQyQ.exe
  C:\Windows\System\SKsHQyQ.exe
  2⤵
  PID:9596
- C:\Windows\System\yVZVtec.exe
  C:\Windows\System\yVZVtec.exe
  2⤵
  PID:9620
- C:\Windows\System\aVubTAN.exe
  C:\Windows\System\aVubTAN.exe
  2⤵
  PID:9644
- C:\Windows\System\TMlzOJT.exe
  C:\Windows\System\TMlzOJT.exe
  2⤵
  PID:9664
- C:\Windows\System\poHlzlT.exe
  C:\Windows\System\poHlzlT.exe
  2⤵
  PID:9684
- C:\Windows\System\bcqqhaz.exe
  C:\Windows\System\bcqqhaz.exe
  2⤵
  PID:9700
- C:\Windows\System\zSAWUQR.exe
  C:\Windows\System\zSAWUQR.exe
  2⤵
  PID:9732
- C:\Windows\System\zeCkghk.exe
  C:\Windows\System\zeCkghk.exe
  2⤵
  PID:9748
- C:\Windows\System\ZUEpTDI.exe
  C:\Windows\System\ZUEpTDI.exe
  2⤵
  PID:9772
- C:\Windows\System\assoHkf.exe
  C:\Windows\System\assoHkf.exe
  2⤵
  PID:9796
- C:\Windows\System\uGbUitI.exe
  C:\Windows\System\uGbUitI.exe
  2⤵
  PID:9828
- C:\Windows\System\GoDQzzo.exe
  C:\Windows\System\GoDQzzo.exe
  2⤵
  PID:9844
- C:\Windows\System\GOvuJjW.exe
  C:\Windows\System\GOvuJjW.exe
  2⤵
  PID:9872
- C:\Windows\System\FQeRdJp.exe
  C:\Windows\System\FQeRdJp.exe
  2⤵
  PID:9888
- C:\Windows\System\bToRHim.exe
  C:\Windows\System\bToRHim.exe
  2⤵
  PID:9908
- C:\Windows\System\NQKGjfU.exe
  C:\Windows\System\NQKGjfU.exe
  2⤵
  PID:9924
- C:\Windows\System\PnDVdTY.exe
  C:\Windows\System\PnDVdTY.exe
  2⤵
  PID:9952
- C:\Windows\System\EsqGCjs.exe
  C:\Windows\System\EsqGCjs.exe
  2⤵
  PID:9972
- C:\Windows\System\OGXAIXF.exe
  C:\Windows\System\OGXAIXF.exe
  2⤵
  PID:10000
- C:\Windows\System\DGYBMHO.exe
  C:\Windows\System\DGYBMHO.exe
  2⤵
  PID:10020
- C:\Windows\System\whPSOJJ.exe
  C:\Windows\System\whPSOJJ.exe
  2⤵
  PID:10044
- C:\Windows\System\oIIBNwB.exe
  C:\Windows\System\oIIBNwB.exe
  2⤵
  PID:10064
- C:\Windows\System\IxsVPOf.exe
  C:\Windows\System\IxsVPOf.exe
  2⤵
  PID:10080
- C:\Windows\System\jBsBapK.exe
  C:\Windows\System\jBsBapK.exe
  2⤵
  PID:10100
- C:\Windows\System\RaSTuTS.exe
  C:\Windows\System\RaSTuTS.exe
  2⤵
  PID:10120
- C:\Windows\System\RSOpCeJ.exe
  C:\Windows\System\RSOpCeJ.exe
  2⤵
  PID:10144
- C:\Windows\System\BBwPhtv.exe
  C:\Windows\System\BBwPhtv.exe
  2⤵
  PID:10164
- C:\Windows\System\jcQsjba.exe
  C:\Windows\System\jcQsjba.exe
  2⤵
  PID:10184
- C:\Windows\System\NfMCbnq.exe
  C:\Windows\System\NfMCbnq.exe
  2⤵
  PID:10204
- C:\Windows\System\EPlMSRM.exe
  C:\Windows\System\EPlMSRM.exe
  2⤵
  PID:10220
- C:\Windows\System\SzBLTTY.exe
  C:\Windows\System\SzBLTTY.exe
  2⤵
  PID:8244
- C:\Windows\System\FVRlFUB.exe
  C:\Windows\System\FVRlFUB.exe
  2⤵
  PID:8528
- C:\Windows\System\xovScqJ.exe
  C:\Windows\System\xovScqJ.exe
  2⤵
  PID:8360
- C:\Windows\System\VBBzARE.exe
  C:\Windows\System\VBBzARE.exe
  2⤵
  PID:9276
- C:\Windows\System\xiFOMRW.exe
  C:\Windows\System\xiFOMRW.exe
  2⤵
  PID:9156
- C:\Windows\System\ePsmQKz.exe
  C:\Windows\System\ePsmQKz.exe
  2⤵
  PID:9264
- C:\Windows\System\bjpdDMr.exe
  C:\Windows\System\bjpdDMr.exe
  2⤵
  PID:9400
- C:\Windows\System\aEAHmxT.exe
  C:\Windows\System\aEAHmxT.exe
  2⤵
  PID:9344
- C:\Windows\System\JGzLYnb.exe
  C:\Windows\System\JGzLYnb.exe
  2⤵
  PID:9436
- C:\Windows\System\oOJOHLm.exe
  C:\Windows\System\oOJOHLm.exe
  2⤵
  PID:9440
- C:\Windows\System\zOvistq.exe
  C:\Windows\System\zOvistq.exe
  2⤵
  PID:9512
- C:\Windows\System\hREzZDr.exe
  C:\Windows\System\hREzZDr.exe
  2⤵
  PID:9516
- C:\Windows\System\FyQdFXO.exe
  C:\Windows\System\FyQdFXO.exe
  2⤵
  PID:9556
- C:\Windows\System\ZPybLMR.exe
  C:\Windows\System\ZPybLMR.exe
  2⤵
  PID:9544
- C:\Windows\System\HNidwhF.exe
  C:\Windows\System\HNidwhF.exe
  2⤵
  PID:9616
- C:\Windows\System\SbXsVkw.exe
  C:\Windows\System\SbXsVkw.exe
  2⤵
  PID:9636
- C:\Windows\System\PWarvUl.exe
  C:\Windows\System\PWarvUl.exe
  2⤵
  PID:9692
- C:\Windows\System\FyGZjlW.exe
  C:\Windows\System\FyGZjlW.exe
  2⤵
  PID:9712
- C:\Windows\System\KNUHnxB.exe
  C:\Windows\System\KNUHnxB.exe
  2⤵
  PID:9740
- C:\Windows\System\gcOgNqO.exe
  C:\Windows\System\gcOgNqO.exe
  2⤵
  PID:9792
- C:\Windows\System\XuCaYfE.exe
  C:\Windows\System\XuCaYfE.exe
  2⤵
  PID:9656
- C:\Windows\System\GeHnwRc.exe
  C:\Windows\System\GeHnwRc.exe
  2⤵
  PID:9856
- C:\Windows\System\XJeqvfg.exe
  C:\Windows\System\XJeqvfg.exe
  2⤵
  PID:9860
- C:\Windows\System\meOPRsF.exe
  C:\Windows\System\meOPRsF.exe
  2⤵
  PID:9904
- C:\Windows\System\vhLkqUc.exe
  C:\Windows\System\vhLkqUc.exe
  2⤵
  PID:9936
- C:\Windows\System\VvvhfYh.exe
  C:\Windows\System\VvvhfYh.exe
  2⤵
  PID:9812
- C:\Windows\System\SVWdHcz.exe
  C:\Windows\System\SVWdHcz.exe
  2⤵
  PID:9868
- C:\Windows\System\rsYToWj.exe
  C:\Windows\System\rsYToWj.exe
  2⤵
  PID:10032
- C:\Windows\System\tJMHSia.exe
  C:\Windows\System\tJMHSia.exe
  2⤵
  PID:10040
- C:\Windows\System\qESxTlo.exe
  C:\Windows\System\qESxTlo.exe
  2⤵
  PID:10092
- C:\Windows\System\tuapFvh.exe
  C:\Windows\System\tuapFvh.exe
  2⤵
  PID:10136
- C:\Windows\System\VEQnnVo.exe
  C:\Windows\System\VEQnnVo.exe
  2⤵
  PID:10152
- C:\Windows\System\kAekllT.exe
  C:\Windows\System\kAekllT.exe
  2⤵
  PID:10180
- C:\Windows\System\rRtNzKt.exe
  C:\Windows\System\rRtNzKt.exe
  2⤵
  PID:10200
- C:\Windows\System\rMxiljp.exe
  C:\Windows\System\rMxiljp.exe
  2⤵
  PID:8684
- C:\Windows\System\UAjViZr.exe
  C:\Windows\System\UAjViZr.exe
  2⤵
  PID:9228
- C:\Windows\System\OXxfYRR.exe
  C:\Windows\System\OXxfYRR.exe
  2⤵
  PID:9324
- C:\Windows\System\ftdvTJl.exe
  C:\Windows\System\ftdvTJl.exe
  2⤵
  PID:9296
- C:\Windows\System\viHJFIs.exe
  C:\Windows\System\viHJFIs.exe
  2⤵
  PID:9336
- C:\Windows\System\KkKiMaF.exe
  C:\Windows\System\KkKiMaF.exe
  2⤵
  PID:9424
- C:\Windows\System\ODBzBlR.exe
  C:\Windows\System\ODBzBlR.exe
  2⤵
  PID:9528
- C:\Windows\System\dhIFyCI.exe
  C:\Windows\System\dhIFyCI.exe
  2⤵
  PID:9496
- C:\Windows\System\vxgHltJ.exe
  C:\Windows\System\vxgHltJ.exe
  2⤵
  PID:9588
- C:\Windows\System\hbwbRmG.exe
  C:\Windows\System\hbwbRmG.exe
  2⤵
  PID:9652
- C:\Windows\System\DzTitNH.exe
  C:\Windows\System\DzTitNH.exe
  2⤵
  PID:9672
- C:\Windows\System\ZCYZMnh.exe
  C:\Windows\System\ZCYZMnh.exe
  2⤵
  PID:9756
- C:\Windows\System\RySHcPR.exe
  C:\Windows\System\RySHcPR.exe
  2⤵
  PID:9816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AKcmQEh.exe

Filesize
6.0MB

MD5
3a417d8a969687bf08310d1f4219dd61

SHA1
3d688b79bddeb405d39afabba67086ea3f79f8f9

SHA256
f64f892ee93cf1127d07437b96ef4a0de16e715601804eeeee923a1083a01be2

SHA512
bb519a3935b301b82c7720832a0ec2880d591f2b13438018611b40723068dbb05c6cd59709a37dcb8e85061dacf350d9db21b76d08e4b36a0068f39131e39757

Download Submit
C:\Windows\system\BCgbYla.exe

Filesize
6.0MB

MD5
a334cbb32ddd01e1a22cec8b8ef4c46a

SHA1
856137fa2f8a79e09ad719c45cc581579924bfcd

SHA256
edcfefbcc98b0dff41c9c97d1378fec592bdca2f03c931ae31412d0fe28f2fc8

SHA512
ec73710f19ffd9268c082f0f84b757a6f7f83a447494846baa4ccaa8f82209d575d339e6b7d4037cb736869651aacb510140b1a27eb80416d55f49a433d8a388

Download Submit
C:\Windows\system\BPlsphW.exe

Filesize
6.0MB

MD5
ecc5e518aacb412205c55b26dfb51475

SHA1
b669c473436366b4fa187b2fc811d94ccc725555

SHA256
597a1a869d25a85848649751df0d197230dbe0f1141af9b8640791fc67cedda3

SHA512
c29b7a1bd5ba4f414bf70b671ef348c46ef07bdbe6b77d6012b03a67f1de721ef7aedb297e45970cd126b68b4b15a15e8ac46284337a7ebe36eaad32b5f187cb

Download Submit
C:\Windows\system\DeqPOqt.exe

Filesize
6.0MB

MD5
41fd93024d0b3ac3061ff19bb46c100d

SHA1
329349dd8f4460478d833c77b030bed61b5e1a8a

SHA256
09c330e0f652924c77a318229c9c925d125f7afc726ade42e4b9d74c35b68c53

SHA512
87a2b48d29f4bd8f76446c55691fd65b856d5abd284aef2be5567fe4907736bfb0c3e2dc0da29053bae1a4368b3f948047f0addf10f1c08b01285035140cbfdd

Download Submit
C:\Windows\system\FBbAFGU.exe

Filesize
6.0MB

MD5
c49eb8583e16ddd51ed27755754f9159

SHA1
1a1abc4c38e927bba9fa2c2485aa6803129ea0fe

SHA256
65a2c894c621d669a87c5fbdae032d719f526b822bb96df40e197d701e220631

SHA512
05ff14cee42fccc6565cd8e5fb9e8228442e95e5b2cc443a38b72593beb411aef3159e5da7186ba2389ddeffabf4860df337cb7ec132f53ed74af1d6fa223f0a

Download Submit
C:\Windows\system\GVuGsQp.exe

Filesize
6.0MB

MD5
6d2157ab952529ab1b614bdd6ddf9c0e

SHA1
eb68df1ef0e8e5858784e5c5788cce0d66bce912

SHA256
8bc6d18910971306bff58bcc90df8273aa3f362204aed5b20269dcf4d45dfda4

SHA512
ade656e0793924c6c2677f4ee00ba6688ddccc77c41217fe17a8d05fe8f8240f4ae7756991c9b51d0217617404f09d60f2c81bbe9f3961b4e9d5944f74cf1e90

Download Submit
C:\Windows\system\HvOVoQj.exe

Filesize
6.0MB

MD5
21dbc3cbc0f93a53e50d42efc072dc4d

SHA1
b398de5bf50801ccb029f512dfc2163049277a0d

SHA256
003dafabd343d5b85f27a1d4e92cd959d2faa6dc95c5d931e00e8e215c7e7f21

SHA512
5a8daf0c82176ed077f0b4f1939f1412e111a99caa9e6a5c12b2d3c49ba66f58c8d04c29dd0f6ed2db631a77d71014d395ee440e80ece452ab424f74e3b8b6d1

Download Submit
C:\Windows\system\LHKOAcl.exe

Filesize
6.0MB

MD5
d438fdd8214bb84ea53c2574621ae919

SHA1
e7222def7d2750451aa1a34710a874aed3335c98

SHA256
c3282681af589b167adccea4195044fdd0dd907137c547d3ba81ed35fecc1ea9

SHA512
9245e9fff98a550ab56a890f42f1eedd7a32a2924ecd750a486a4f2157f71661b47ce8de0e6fba1a9ddcd79e7423955778aef4e0b915af26d23023f3dd08fd9f

Download Submit
C:\Windows\system\MeTxgPx.exe

Filesize
6.0MB

MD5
8520abc84203b01930e902b9cd066f80

SHA1
d0d6f7c05d316efe6163787d6fadf64516c20979

SHA256
0638b425b43e53cf4330dd93bbaec8aa22c1758dc8f1fa84e13daf8825e7f05d

SHA512
4f70de5456d20252103d611045146a78ecc9e09e745feb515d130b7c43563bfe4322feffd9501998034157f2fcdfc57a0a1ff3e0a6fcfc175891d466e0badea8

Download Submit
C:\Windows\system\NAOJQym.exe

Filesize
8B

MD5
baf7953f8a3761f81190967135bb6041

SHA1
8ed4c65aaab224ea970ecf55d020389b7d187c6a

SHA256
36c33032abcf891f98ed1f99c3559680e0ad954a58c15b1a429787b866c16255

SHA512
f0a5cffd07e633d013eccd763502c3756428887cce860a06eecacdb52efc9bc4ad6f1c7c20990b42b6eec7e2bbb435800a619c33fd546337dc91f0b4bc253d55

Download Submit
C:\Windows\system\OuboUjH.exe

Filesize
6.0MB

MD5
0f3e5a8b9ef1ca6352913c07546df31b

SHA1
38cec9d68e4f200e4b50b519b7fafe366e7f7481

SHA256
953c7af5bf3beb8c286baccdfd482c44442c21df908d201fe7db9b44d8da7319

SHA512
a19646741a35425fd1e74e4d0a3cdb316283bc6d7dc42aec3a13994ee584b813c8c745a65fd4e076093eb071662d83c7c2364ebf05527b02833823f0162cc7e8

Download Submit
C:\Windows\system\QQWRKMm.exe

Filesize
6.0MB

MD5
8798e4994c9418b28f455b277e1e3995

SHA1
5ece50f0a8089b933aace52c791cd521f82c64b8

SHA256
f7cfca4b5b53b16fdf260b57f827b43328597fe6d95c6dc6d026572fc2f5bab7

SHA512
fd131676aa61af6abccff46a3f3fced916814998d9aab3afc99dab0fed2c11e5102baf0904dcd08143902c8d624b525f937661f3de53429db8e6e4cb13ce4435

Download Submit
C:\Windows\system\RwnDFeV.exe

Filesize
6.0MB

MD5
fb502c0e3fd054b5ad3de1bf1d952396

SHA1
5b24bd34517d94876f7085c437d455bebfb186d7

SHA256
2e9863851989c89b53341a94b66b294d78851e8e80df53ffbc987b1bd78d826d

SHA512
62fc118d450fcdd98011724cac6af734a963af6b0972a844dcf5177ae858da6340a5d29b0ec4f292233293b7edf72ed36e10fa0701f6548c436d899d1b349a1c

Download Submit
C:\Windows\system\SAEZQig.exe

Filesize
6.0MB

MD5
14b6cd0b46a257ca70991c64fa1ce533

SHA1
102b8ed4c8ad7d147c30a1a38fb1a90e366fed06

SHA256
4534e3fa8d4cafb16c7a9333151e571c1e6f4279215b24f840365e04c6690de4

SHA512
4f33490c45b3e0edc73b4c0aa8ae98b46d65964c244025baf4283eee1aab9115401d6b664979e07566e93511b760e41fede675a1e8e7f6a48fc4d2a4558be5cd

Download Submit
C:\Windows\system\TZjspVX.exe

Filesize
6.0MB

MD5
da965356dcb04b6818f831810154a1f3

SHA1
62c287601cdeeca6e8f27a1701f82f5cbadc22a2

SHA256
89f9d35a8d9ae8d3be6ee74b0d8e52deea99659a5709d7a7b82e23f5156b60ae

SHA512
31a7d5469dbc9701b5b36147717d80794716a2d07e54c48ca44bac28e88a5784365eea2c61bc9a6ffc485cecfdc089c318eaf29e62ef73dac0262625564ba726

Download Submit
C:\Windows\system\VBEcedr.exe

Filesize
6.0MB

MD5
cf335a66d9b2b5390cd709d2082740bf

SHA1
50f1a16f8f9a125bac8810b90346e3c4a3e4a428

SHA256
e48d79b0458076c5866a3c3b63858e7b999e430c02c1b3b6ceebc1ce6c60c465

SHA512
6fed7dc88aab8fa55b47a35a26590927ec1e8b45f8dad773c5f85461feef4f4e708f16ac9944d8f99f24460bde0f5ea897496ee4e8d5c1d16c8ee110a5cd4d52

Download Submit
C:\Windows\system\ZCDcWPA.exe

Filesize
6.0MB

MD5
2c0adf15199c4b4c035cedb0cef1bdbf

SHA1
54202dbfb316828f172283d42f2b2bfbdf7dcdbd

SHA256
be3a1e4cb481d681af44c5ad4cc99e799ed7c7e5c93b962a4e3fd77a53e85c76

SHA512
218bac5f69e5bbe989a78d0e168a97214a6ec8774736fc598b9bd43efd781169f1d033182c23367de0d4531d95d79c1da51e53ee7a33c3daca03cf183eca6e33

Download Submit
C:\Windows\system\ehWjNLE.exe

Filesize
6.0MB

MD5
fca4fa713d9f84ea9c76894cb15c8131

SHA1
5ec8a3e891715d78ffa618c2ce59a10e3d9b11d1

SHA256
57be1ee67fa99acf954e774b42bd6b99a473c54c9f70ef5e292dcf3052429e49

SHA512
6ce6f70a12868a24d599ac31da03045e5948d589113ab1e8c3361bd659813e580a6682bf7f702582f31e73ef7a0fe17f3b3edbe9f3404baa00ee7ceccf69943f

Download Submit
C:\Windows\system\fpJMppo.exe

Filesize
6.0MB

MD5
4e01a82c5ac0c7e95ec850a1742d2f2e

SHA1
c836b0afc35fd8ee1393f361fb5fbded2f6d2483

SHA256
55e9ccc66b183ae653a0de432b648367bc2ed767d4e48b245f949bbec8608f63

SHA512
cca8f24ae2839cc81b4b8dd4ddf49057d61b5a32a8d404707626b1b371839875fd4da9cb56e9f0fce378031fb32c930f4a301cbbf1c5820cbcfa660c44061ffe

Download Submit
C:\Windows\system\fynMmOx.exe

Filesize
6.0MB

MD5
d30f1c1e22bcdf62082840c184ad850c

SHA1
0523bc2fed6d82970cf260de3a178fb603d28e8b

SHA256
ee0420a12dadb6e422ea9b8a4a97ee35ebf6080acad71225bec7ddef652a648b

SHA512
3ee4d474e85776e7017eb98b3c772031e5760dccc80b53d83116189998c0d14a1175e70071fac8064e03169f23d288fb88229354f9e1ffe3d7b5ea0002f77e1d

Download Submit
C:\Windows\system\mCyxSGS.exe

Filesize
6.0MB

MD5
f16ea61b3ce60f1a43015cb880dbd7cd

SHA1
a1a12ca1df97a7aa0baa7fed9cb527fa0d50dccb

SHA256
0722d6ce203fa264ee09facd785b4bb35b96c4edbeae8ac9cff4f9c46892f52c

SHA512
c8ebeb7e991c9da29fd75ab2214041c660ddc1a458e87aa9b036953abae7afcbb5043460e26e307891a0a113a7a67b6e62baf072e2a58e7a4f528e92e7596e70

Download Submit
C:\Windows\system\plndMjF.exe

Filesize
6.0MB

MD5
b06fdca937bcfebada8a0d0d6270a1c1

SHA1
14fe9b82fa6b61bdbc77a8970fab848e412fadc0

SHA256
0f88b9af39501e5c82a0ff440cd14862dca77d354e34d48cc7de2c61913606f8

SHA512
d00fa26ff3d1c24e473c0acda16a513eb3b73e4c29b6485d37b9b44c539f8fd18e5ebc71af88bddd8342301a7dc0cc22297a5e4c790a009a9522140c2422f8ba

Download Submit
C:\Windows\system\sERNEEY.exe

Filesize
6.0MB

MD5
d8f49b428512d7afc5def270aba88f38

SHA1
ab21df27de73729d38db7deb9510913e560184ea

SHA256
39e8b01448f5f338ce4a563e80e7c7fd31e4938ce8dd4cbd64f209379d618ae1

SHA512
59e9c60bbf4d189f5d736aa4e9694f30a18af4546e38dce798d3d445943975b33286e3453d6857e33c25dd5e4cbd55c7ca7a8a88e62969960ef9d7fd50e9ff58

Download Submit
C:\Windows\system\ssAdkSn.exe

Filesize
6.0MB

MD5
af4a9f2a697ca7deff3888c718f96458

SHA1
29e38776900eb173c1b5336b7b9a1e2949437bd1

SHA256
d3c311f0e231d84154319f5fa7c56f754c3e28172bcbafc2e7dea4cc80da4b65

SHA512
8f4b4283fa195bde1c64053fae14af46022216d23b87ef6f8c5c444cb257d3b71517bb98c716a4faa738664cb4987247264286d72f19f13fa3a20eed326066d8

Download Submit
C:\Windows\system\xtKpzVi.exe

Filesize
6.0MB

MD5
0c214e6162962a80f00519467f268b00

SHA1
9db0502df522605d343c0a32140eedb6fa5035a8

SHA256
e9a2e54ff05b810f75e3ecf5de4611b608fc27a570144d5fdcaee1a33d807c96

SHA512
1c1c0ce034ed5a487ce15142a38a90bde3b45640b35931a6a76f30aa2bacbe1e9b799bd0eebc2c922a3e4a329d0aec1eddc25e3ff11885ad1449a1fce14d9814

Download Submit
C:\Windows\system\yCOTlRQ.exe

Filesize
6.0MB

MD5
83bb8f3838d9735011bd89417002cc84

SHA1
9a352e7fe39b8ff57b10354cfb8f923abd87d644

SHA256
15aeb68acdec2a6d135c17f7fca5afc6a391f118e87aa01232e7039cb34e4127

SHA512
309c2cba6f44a1cea16447269c2f3482c934ca78db68a5d482abf009ed4820d782b6d9b1390e985f3000363a8ebc86d73be1789e8c5f37773170f1c902082bcc

Download Submit
C:\Windows\system\zPFxuNc.exe

Filesize
6.0MB

MD5
2731b4773e346c757cfa0a9ef7d6dd87

SHA1
e6c2045f62f0c962aa4302645e943818ba05a072

SHA256
3bfecf08a2a686b13f2db7d17b4c2c705561ee2c93947813c127a439837f94e8

SHA512
eea6f1cf867081e025ee67e6879677515919c1c6b073320f1acb2c1836e1beba0bebd945c9e1586ef9cd610903fc28e74ea0467867d54007bf5ec766e209ef73

Download Submit
\Windows\system\KBHxDrH.exe

Filesize
6.0MB

MD5
43c2cbcf65974709dfe33020735b39d0

SHA1
3ec6e22d1603d8d72df500ce06e65d3c3472a5db

SHA256
4613c2ad6ebe7aab1e04f7e79c84210d08108d972254ca1d1caf68f51cce2bfb

SHA512
828440ec517bb9c33b9eb6880b514849e608d768c53c2330e56fc49fd0c1099022eb67c5c1edc087552a73e82a8239fecbab31aeb3c45f0abf33e147c8b83215

Download Submit
\Windows\system\KGoqkbn.exe

Filesize
6.0MB

MD5
4ea0c59ff03c63a9c1f9305c56d51fc7

SHA1
3350f9839dff515e50fdbe810f846463f14a00f0

SHA256
0a54550ca0018143e44c6afa3116cbd3ca562b7b826dff682ae2045e4abe7721

SHA512
385c9efd76db69f0e56da080af20b3ae41c5bd151e2cd1695dd86e0cd24b8a4fea8577eae1e45c9fb74910a0401a78fd5e05d76151e3d722081975e224cd7e65

Download Submit
\Windows\system\LWbXjpb.exe

Filesize
6.0MB

MD5
0221b85cc82566f71baa8cf3ec46b595

SHA1
c2da7c287eec8e469eb85f3eddba6978ac18fdf4

SHA256
69fe1f4ff960ff1312ce8a0cc785abed74428374173a1ae6aec4634eeca6d7e1

SHA512
b31945fcd29740d909f58c2c503c805226c13aaebabb68dd1935cc9761edc50b98944058bd35ed19e034f1c3590260465f30ae66921dbc35aa5766b83348e04e

Download Submit
\Windows\system\QgLpPEg.exe

Filesize
6.0MB

MD5
860c423587a6a7168c101f974132f8e9

SHA1
f79f4ef34e3a106ebdb3f04a8f421b76876b0d53

SHA256
70d9c39e97f5cf733ce2fdb364853f421acc116d39b04d261d9dce72e2bca03a

SHA512
7a5b870c2cf76734fa4dd4a8862293ff30e8c76a133b5ebe1a5060f0b9e9b11ac4e340a8b6df2ff910f6794606cf0a3fb96fb52e4395ec69c322815d53e9eb19

Download Submit
\Windows\system\RPuQnfS.exe

Filesize
6.0MB

MD5
14e3456a483ecf6037e0872ad9987a52

SHA1
4842d0f122e5ef2cb08081db7a8249aa9d6266b2

SHA256
0a68a312552bd1c008bf13a83a5d61b73361032760aed56b08ed41f3eaef8ab9

SHA512
319a419e12be7974b60f3b6a87616c9ebb35ca741c3004b1c9839490cc5b0fa555276f8813fc27b3cff23f4d262b5e88eab24bce9caaf00b1010aa976c2794db

Download Submit
\Windows\system\ouJiSKQ.exe

Filesize
6.0MB

MD5
3a40d0c5d4b2279532629df3c98d04ea

SHA1
12d4665a690f9c68bed7fcb3e62878bc94b78008

SHA256
7c94516d73000e087c835f1f3363a98b57256b7d3eedbf38e9dd8da859dd2ebb

SHA512
c80d097158223a1a5634b7f3469b94d7f631acf1a4a02864704aea0216b23c1c9f6b3b408b3a45bceca121dd59a714706430aecd22ffd326cb865b6b24a16c22

Download Submit
memory/1764-3015-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-2412-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-106-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-39-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-14-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-2656-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1808-3006-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/1808-91-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/1808-482-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/1820-100-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/1820-681-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/1820-3011-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2092-32-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2092-2655-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2092-7-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2100-46-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2100-20-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2100-2658-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2352-96-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-36-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2352-30-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-31-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2352-391-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2352-580-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-88-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2352-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2352-2484-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2352-83-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2352-72-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2352-75-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2352-76-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2352-52-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2352-18-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2352-110-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2352-34-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-12-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-22-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2352-44-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2352-0-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-95-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2384-2988-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2384-81-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2384-263-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2504-27-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2504-51-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2504-2657-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2576-5244-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-84-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-322-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-68-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2680-2980-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2728-87-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2728-2960-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2728-47-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2784-2834-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2784-40-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2784-80-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2804-2989-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2804-78-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2804-200-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2816-2996-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2816-99-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2816-56-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download