cobaltstrike | 32e51885c3a646a46c64458b8771e99bca30b99e4507a3bcbe18e5b7978e1d59

Analysis

max time kernel
141s
max time network
123s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
05-12-2024 10:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

d06cd7aee04341095585deb819a03910
SHA1

32e7c7252f49a968e43ea459bbf7e9d15d1f4368
SHA256

32e51885c3a646a46c64458b8771e99bca30b99e4507a3bcbe18e5b7978e1d59
SHA512

6c8ceb26caf615735bfd34958e0d84c366328865d2d8981cd1112e39d86eac9b8700934a2a50752c6a651dc896da43bb1f33eb233574c8cedfa7bef57cd46217
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUE:T+q56utgpPF8u/7E

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0009000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d79-7.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d81-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d89-25.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ec4-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f25-39.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4b-62.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d43-69.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d67-78.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6b-83.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de8-101.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-169.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018744-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-164.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017497-131.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-129.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017049-123.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-147.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-136.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df3-113.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ecf-119.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dea-108.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9f-98.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d77-93.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6f-89.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d54-73.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001610d-60.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d2a-48.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f7b-47.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2656-0-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x0009000000012117-6.dat	xmrig
behavioral1/files/0x0007000000015d79-7.dat	xmrig
behavioral1/memory/1884-15-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2308-14-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d81-9.dat	xmrig
behavioral1/files/0x0007000000015d89-25.dat	xmrig
behavioral1/memory/2124-28-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2800-35-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/files/0x0007000000015ec4-32.dat	xmrig
behavioral1/files/0x0007000000015f25-39.dat	xmrig
behavioral1/files/0x0006000000016d4b-62.dat	xmrig
behavioral1/files/0x0008000000016d43-69.dat	xmrig
behavioral1/files/0x0006000000016d67-78.dat	xmrig
behavioral1/files/0x0006000000016d6b-83.dat	xmrig
behavioral1/files/0x0006000000016de8-101.dat	xmrig
behavioral1/files/0x00050000000186f1-152.dat	xmrig
behavioral1/files/0x0005000000018686-140.dat	xmrig
behavioral1/files/0x0005000000018739-169.dat	xmrig
behavioral1/memory/2656-1568-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2868-1867-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2712-1993-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2816-2030-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2656-2084-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2656-2122-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2744-2071-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/3016-1933-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2896-1710-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2124-2357-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/files/0x00050000000186f4-155.dat	xmrig
behavioral1/files/0x00050000000186ed-148.dat	xmrig
behavioral1/files/0x0005000000018744-174.dat	xmrig
behavioral1/files/0x0005000000018704-164.dat	xmrig
behavioral1/files/0x0006000000017497-131.dat	xmrig
behavioral1/files/0x000600000001749c-129.dat	xmrig
behavioral1/files/0x0006000000017049-123.dat	xmrig
behavioral1/files/0x00050000000186e7-147.dat	xmrig
behavioral1/files/0x000600000001755b-136.dat	xmrig
behavioral1/files/0x0006000000016df3-113.dat	xmrig
behavioral1/files/0x0006000000016ecf-119.dat	xmrig
behavioral1/files/0x0006000000016dea-108.dat	xmrig
behavioral1/files/0x0006000000016d9f-98.dat	xmrig
behavioral1/files/0x0006000000016d77-93.dat	xmrig
behavioral1/files/0x0006000000016d6f-89.dat	xmrig
behavioral1/files/0x0006000000016d54-73.dat	xmrig
behavioral1/files/0x000800000001610d-60.dat	xmrig
behavioral1/memory/2840-58-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/files/0x0009000000015d2a-48.dat	xmrig
behavioral1/files/0x0007000000015f7b-47.dat	xmrig
behavioral1/memory/2972-43-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/388-26-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/1884-2542-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2840-2545-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/388-2543-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2800-2539-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2948-2548-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2308-2541-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2124-2540-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2972-2553-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2816-2564-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2744-2571-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2896-2567-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2712-2570-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2868-2561-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1884	rzNtqCT.exe
2308	ZcTcsEb.exe
388	iZRouEr.exe
2124	GiUIALI.exe
2800	zGoNsuO.exe
2972	ADYaUNr.exe
2840	iXNpeLI.exe
2948	MjRRDaU.exe
2896	CSMstpO.exe
2868	IkrXBHA.exe
3016	WiZGvZc.exe
2712	LNIzOeU.exe
2816	agDuvhS.exe
2744	hmekDfP.exe
1752	Qqcshut.exe
2756	IJBvEZB.exe
2888	iCUlfyZ.exe
3012	SNIbXmo.exe
2040	DcwcuIr.exe
3040	dYuCGES.exe
3036	LAckpBS.exe
560	AOxGFnx.exe
340	xKLpKCe.exe
108	qorONnN.exe
1552	LbEUbCI.exe
2516	HboVGgM.exe
2400	sMsdzDO.exe
2024	JltPdMR.exe
2152	vaDIest.exe
2512	rugqNeG.exe
2652	bnXHFTC.exe
2164	phtGGLL.exe
3008	mOWFYDs.exe
2176	QExBYhF.exe
1192	RdfHXDM.exe
2044	DJWsEQj.exe
624	iIzsrll.exe
1324	WfISKug.exe
1928	TcKxKIg.exe
1304	qxnBnBL.exe
324	hHawfsW.exe
2268	XIIaoUP.exe
2292	weeaxma.exe
1256	QdhvivO.exe
1500	PCFzMaW.exe
2836	okopZXy.exe
2172	RqeOoyf.exe
1164	EWKhBpC.exe
1220	VuLoJiU.exe
2300	zZobyJp.exe
2196	kufeNdw.exe
2416	owQODhT.exe
2072	kXXsvlt.exe
1984	uuYUENU.exe
848	AxiWeNz.exe
764	tWhzFKC.exe
1532	HrKiWsH.exe
1660	NYIiCfc.exe
1536	xVHFqEx.exe
2776	mrIfpGo.exe
2088	qwgHlZl.exe
2936	LlvmSIU.exe
2700	GZlmjIc.exe
2188	fWRzrhB.exe

Loads dropped DLL 64 IoCs

pid	Process
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2656-0-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/files/0x0009000000012117-6.dat	upx
behavioral1/files/0x0007000000015d79-7.dat	upx
behavioral1/memory/1884-15-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2308-14-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/files/0x0008000000015d81-9.dat	upx
behavioral1/files/0x0007000000015d89-25.dat	upx
behavioral1/memory/2124-28-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2800-35-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/files/0x0007000000015ec4-32.dat	upx
behavioral1/files/0x0007000000015f25-39.dat	upx
behavioral1/files/0x0006000000016d4b-62.dat	upx
behavioral1/files/0x0008000000016d43-69.dat	upx
behavioral1/files/0x0006000000016d67-78.dat	upx
behavioral1/files/0x0006000000016d6b-83.dat	upx
behavioral1/files/0x0006000000016de8-101.dat	upx
behavioral1/files/0x00050000000186f1-152.dat	upx
behavioral1/files/0x0005000000018686-140.dat	upx
behavioral1/files/0x0005000000018739-169.dat	upx
behavioral1/memory/2868-1867-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2712-1993-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2816-2030-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2656-2084-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2744-2071-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/3016-1933-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2896-1710-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2124-2357-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/files/0x00050000000186f4-155.dat	upx
behavioral1/files/0x00050000000186ed-148.dat	upx
behavioral1/files/0x0005000000018744-174.dat	upx
behavioral1/files/0x0005000000018704-164.dat	upx
behavioral1/files/0x0006000000017497-131.dat	upx
behavioral1/files/0x000600000001749c-129.dat	upx
behavioral1/files/0x0006000000017049-123.dat	upx
behavioral1/files/0x00050000000186e7-147.dat	upx
behavioral1/files/0x000600000001755b-136.dat	upx
behavioral1/files/0x0006000000016df3-113.dat	upx
behavioral1/files/0x0006000000016ecf-119.dat	upx
behavioral1/files/0x0006000000016dea-108.dat	upx
behavioral1/files/0x0006000000016d9f-98.dat	upx
behavioral1/files/0x0006000000016d77-93.dat	upx
behavioral1/files/0x0006000000016d6f-89.dat	upx
behavioral1/files/0x0006000000016d54-73.dat	upx
behavioral1/files/0x000800000001610d-60.dat	upx
behavioral1/memory/2840-58-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/files/0x0009000000015d2a-48.dat	upx
behavioral1/files/0x0007000000015f7b-47.dat	upx
behavioral1/memory/2972-43-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/388-26-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/1884-2542-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2840-2545-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/388-2543-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2800-2539-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2948-2548-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2308-2541-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2124-2540-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2972-2553-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2816-2564-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2744-2571-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2896-2567-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2712-2570-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2868-2561-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/3016-2558-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\IzlWDNt.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pabiKwd.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oWegEih.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VQIzNwy.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EUIPQRv.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\umKzlvy.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hmsDvQn.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XWavTSQ.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LxAWEcc.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HxAUKSn.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WSAtymu.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RdQBDTc.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WBpzwzn.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GmuPnEQ.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lmJpYcX.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WZsJOJM.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bikuetC.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SUgxHTo.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GXCkcTD.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xSTYMsO.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QGrugMp.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BllRyhP.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ciWzBWk.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OyfzPCj.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PzmKFpf.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MPNAtzG.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kJvkJXo.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZkYOwpY.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PxJNolk.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\easmHxV.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DqrJAhd.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WshZWxp.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VnJpRce.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IyDHJYl.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fpjhkAS.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wcIVFmT.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ynAiPUZ.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WPCaWIF.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSTnXiv.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SNIbXmo.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qxnBnBL.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fQDLuzI.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LUNZoeB.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UxUyrtD.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PkdEUOA.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\waMdMJC.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FThlZNb.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hnjCUwb.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yWDWNTy.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\irGHweo.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CBunNwt.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iEDnOmO.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UgwLDdQ.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lRbyiRV.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bdwNhUS.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPaWhYH.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YtXfYFh.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZiogWHh.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XfVUjle.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IVGezxS.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AGXVVVE.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\waiRdJD.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yCYvoCF.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QhYsdGC.exe	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 1884	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2656 wrote to memory of 1884	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2656 wrote to memory of 1884	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2656 wrote to memory of 2308	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2656 wrote to memory of 2308	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2656 wrote to memory of 2308	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2656 wrote to memory of 388	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2656 wrote to memory of 388	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2656 wrote to memory of 388	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2656 wrote to memory of 2124	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2656 wrote to memory of 2124	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2656 wrote to memory of 2124	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2656 wrote to memory of 2800	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2656 wrote to memory of 2800	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2656 wrote to memory of 2800	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2656 wrote to memory of 2972	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2656 wrote to memory of 2972	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2656 wrote to memory of 2972	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2656 wrote to memory of 2840	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2656 wrote to memory of 2840	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2656 wrote to memory of 2840	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2656 wrote to memory of 2896	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2656 wrote to memory of 2896	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2656 wrote to memory of 2896	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2656 wrote to memory of 2948	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2656 wrote to memory of 2948	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2656 wrote to memory of 2948	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2656 wrote to memory of 3016	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2656 wrote to memory of 3016	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2656 wrote to memory of 3016	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2656 wrote to memory of 2868	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2656 wrote to memory of 2868	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2656 wrote to memory of 2868	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2656 wrote to memory of 2712	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2656 wrote to memory of 2712	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2656 wrote to memory of 2712	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2656 wrote to memory of 2816	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2656 wrote to memory of 2816	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2656 wrote to memory of 2816	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2656 wrote to memory of 2744	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2656 wrote to memory of 2744	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2656 wrote to memory of 2744	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2656 wrote to memory of 1752	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2656 wrote to memory of 1752	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2656 wrote to memory of 1752	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2656 wrote to memory of 2756	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2656 wrote to memory of 2756	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2656 wrote to memory of 2756	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2656 wrote to memory of 2888	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2656 wrote to memory of 2888	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2656 wrote to memory of 2888	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2656 wrote to memory of 3012	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2656 wrote to memory of 3012	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2656 wrote to memory of 3012	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2656 wrote to memory of 2040	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2656 wrote to memory of 2040	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2656 wrote to memory of 2040	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2656 wrote to memory of 3040	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2656 wrote to memory of 3040	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2656 wrote to memory of 3040	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2656 wrote to memory of 3036	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2656 wrote to memory of 3036	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2656 wrote to memory of 3036	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2656 wrote to memory of 560	2656	2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-05_d06cd7aee04341095585deb819a03910_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Windows\System\rzNtqCT.exe
  C:\Windows\System\rzNtqCT.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\ZcTcsEb.exe
  C:\Windows\System\ZcTcsEb.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\iZRouEr.exe
  C:\Windows\System\iZRouEr.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\GiUIALI.exe
  C:\Windows\System\GiUIALI.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\zGoNsuO.exe
  C:\Windows\System\zGoNsuO.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\ADYaUNr.exe
  C:\Windows\System\ADYaUNr.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\iXNpeLI.exe
  C:\Windows\System\iXNpeLI.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\CSMstpO.exe
  C:\Windows\System\CSMstpO.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\MjRRDaU.exe
  C:\Windows\System\MjRRDaU.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\WiZGvZc.exe
  C:\Windows\System\WiZGvZc.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\IkrXBHA.exe
  C:\Windows\System\IkrXBHA.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\LNIzOeU.exe
  C:\Windows\System\LNIzOeU.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\agDuvhS.exe
  C:\Windows\System\agDuvhS.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\hmekDfP.exe
  C:\Windows\System\hmekDfP.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\Qqcshut.exe
  C:\Windows\System\Qqcshut.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\IJBvEZB.exe
  C:\Windows\System\IJBvEZB.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\iCUlfyZ.exe
  C:\Windows\System\iCUlfyZ.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\SNIbXmo.exe
  C:\Windows\System\SNIbXmo.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\DcwcuIr.exe
  C:\Windows\System\DcwcuIr.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\dYuCGES.exe
  C:\Windows\System\dYuCGES.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\LAckpBS.exe
  C:\Windows\System\LAckpBS.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\AOxGFnx.exe
  C:\Windows\System\AOxGFnx.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\xKLpKCe.exe
  C:\Windows\System\xKLpKCe.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\LbEUbCI.exe
  C:\Windows\System\LbEUbCI.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\qorONnN.exe
  C:\Windows\System\qorONnN.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\JltPdMR.exe
  C:\Windows\System\JltPdMR.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\HboVGgM.exe
  C:\Windows\System\HboVGgM.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\rugqNeG.exe
  C:\Windows\System\rugqNeG.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\sMsdzDO.exe
  C:\Windows\System\sMsdzDO.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\phtGGLL.exe
  C:\Windows\System\phtGGLL.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\vaDIest.exe
  C:\Windows\System\vaDIest.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\mOWFYDs.exe
  C:\Windows\System\mOWFYDs.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\bnXHFTC.exe
  C:\Windows\System\bnXHFTC.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\RdfHXDM.exe
  C:\Windows\System\RdfHXDM.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\QExBYhF.exe
  C:\Windows\System\QExBYhF.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\iIzsrll.exe
  C:\Windows\System\iIzsrll.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\DJWsEQj.exe
  C:\Windows\System\DJWsEQj.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\WfISKug.exe
  C:\Windows\System\WfISKug.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\TcKxKIg.exe
  C:\Windows\System\TcKxKIg.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\qxnBnBL.exe
  C:\Windows\System\qxnBnBL.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\hHawfsW.exe
  C:\Windows\System\hHawfsW.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\XIIaoUP.exe
  C:\Windows\System\XIIaoUP.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\weeaxma.exe
  C:\Windows\System\weeaxma.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\QdhvivO.exe
  C:\Windows\System\QdhvivO.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\PCFzMaW.exe
  C:\Windows\System\PCFzMaW.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\okopZXy.exe
  C:\Windows\System\okopZXy.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\RqeOoyf.exe
  C:\Windows\System\RqeOoyf.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\zZobyJp.exe
  C:\Windows\System\zZobyJp.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\EWKhBpC.exe
  C:\Windows\System\EWKhBpC.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\owQODhT.exe
  C:\Windows\System\owQODhT.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\VuLoJiU.exe
  C:\Windows\System\VuLoJiU.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\kXXsvlt.exe
  C:\Windows\System\kXXsvlt.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\kufeNdw.exe
  C:\Windows\System\kufeNdw.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\tWhzFKC.exe
  C:\Windows\System\tWhzFKC.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\uuYUENU.exe
  C:\Windows\System\uuYUENU.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\NYIiCfc.exe
  C:\Windows\System\NYIiCfc.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\AxiWeNz.exe
  C:\Windows\System\AxiWeNz.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\xVHFqEx.exe
  C:\Windows\System\xVHFqEx.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\HrKiWsH.exe
  C:\Windows\System\HrKiWsH.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\mrIfpGo.exe
  C:\Windows\System\mrIfpGo.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\qwgHlZl.exe
  C:\Windows\System\qwgHlZl.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\LlvmSIU.exe
  C:\Windows\System\LlvmSIU.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\GZlmjIc.exe
  C:\Windows\System\GZlmjIc.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\fWRzrhB.exe
  C:\Windows\System\fWRzrhB.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\ZUulKax.exe
  C:\Windows\System\ZUulKax.exe
  2⤵
  PID:2812
- C:\Windows\System\hexAlPi.exe
  C:\Windows\System\hexAlPi.exe
  2⤵
  PID:2872
- C:\Windows\System\LIViZMk.exe
  C:\Windows\System\LIViZMk.exe
  2⤵
  PID:2772
- C:\Windows\System\YUXvawJ.exe
  C:\Windows\System\YUXvawJ.exe
  2⤵
  PID:2736
- C:\Windows\System\DIytBrl.exe
  C:\Windows\System\DIytBrl.exe
  2⤵
  PID:1880
- C:\Windows\System\bIpplZj.exe
  C:\Windows\System\bIpplZj.exe
  2⤵
  PID:2984
- C:\Windows\System\SpDFymO.exe
  C:\Windows\System\SpDFymO.exe
  2⤵
  PID:1588
- C:\Windows\System\ewMSiac.exe
  C:\Windows\System\ewMSiac.exe
  2⤵
  PID:1456
- C:\Windows\System\pykixGV.exe
  C:\Windows\System\pykixGV.exe
  2⤵
  PID:1464
- C:\Windows\System\BEbqtCt.exe
  C:\Windows\System\BEbqtCt.exe
  2⤵
  PID:1048
- C:\Windows\System\HEXXErh.exe
  C:\Windows\System\HEXXErh.exe
  2⤵
  PID:2160
- C:\Windows\System\PVNweoz.exe
  C:\Windows\System\PVNweoz.exe
  2⤵
  PID:2216
- C:\Windows\System\gfHXMdU.exe
  C:\Windows\System\gfHXMdU.exe
  2⤵
  PID:2412
- C:\Windows\System\ykwOhum.exe
  C:\Windows\System\ykwOhum.exe
  2⤵
  PID:2668
- C:\Windows\System\GsujhXV.exe
  C:\Windows\System\GsujhXV.exe
  2⤵
  PID:832
- C:\Windows\System\wsqWwoW.exe
  C:\Windows\System\wsqWwoW.exe
  2⤵
  PID:664
- C:\Windows\System\bdflFIX.exe
  C:\Windows\System\bdflFIX.exe
  2⤵
  PID:1792
- C:\Windows\System\ECiiYAy.exe
  C:\Windows\System\ECiiYAy.exe
  2⤵
  PID:2876
- C:\Windows\System\grzMmVI.exe
  C:\Windows\System\grzMmVI.exe
  2⤵
  PID:604
- C:\Windows\System\wiZXbpo.exe
  C:\Windows\System\wiZXbpo.exe
  2⤵
  PID:1872
- C:\Windows\System\AcRXtTy.exe
  C:\Windows\System\AcRXtTy.exe
  2⤵
  PID:2436
- C:\Windows\System\mpnYIVF.exe
  C:\Windows\System\mpnYIVF.exe
  2⤵
  PID:836
- C:\Windows\System\KzLSNtN.exe
  C:\Windows\System\KzLSNtN.exe
  2⤵
  PID:1688
- C:\Windows\System\QkESUuJ.exe
  C:\Windows\System\QkESUuJ.exe
  2⤵
  PID:2636
- C:\Windows\System\zTpHuCc.exe
  C:\Windows\System\zTpHuCc.exe
  2⤵
  PID:2148
- C:\Windows\System\imwwqhl.exe
  C:\Windows\System\imwwqhl.exe
  2⤵
  PID:1788
- C:\Windows\System\hbEnTMo.exe
  C:\Windows\System\hbEnTMo.exe
  2⤵
  PID:1212
- C:\Windows\System\UaYobQj.exe
  C:\Windows\System\UaYobQj.exe
  2⤵
  PID:1652
- C:\Windows\System\nZxqtGD.exe
  C:\Windows\System\nZxqtGD.exe
  2⤵
  PID:1924
- C:\Windows\System\fliQrGX.exe
  C:\Windows\System\fliQrGX.exe
  2⤵
  PID:2444
- C:\Windows\System\QGrugMp.exe
  C:\Windows\System\QGrugMp.exe
  2⤵
  PID:2788
- C:\Windows\System\XCavDQi.exe
  C:\Windows\System\XCavDQi.exe
  2⤵
  PID:3000
- C:\Windows\System\KbFBTSa.exe
  C:\Windows\System\KbFBTSa.exe
  2⤵
  PID:2916
- C:\Windows\System\SejwOiy.exe
  C:\Windows\System\SejwOiy.exe
  2⤵
  PID:2560
- C:\Windows\System\fuUVxOY.exe
  C:\Windows\System\fuUVxOY.exe
  2⤵
  PID:2536
- C:\Windows\System\wsEoeZz.exe
  C:\Windows\System\wsEoeZz.exe
  2⤵
  PID:3004
- C:\Windows\System\LocEtjP.exe
  C:\Windows\System\LocEtjP.exe
  2⤵
  PID:1236
- C:\Windows\System\yieJcFe.exe
  C:\Windows\System\yieJcFe.exe
  2⤵
  PID:2572
- C:\Windows\System\invUGxa.exe
  C:\Windows\System\invUGxa.exe
  2⤵
  PID:1432
- C:\Windows\System\svdRWux.exe
  C:\Windows\System\svdRWux.exe
  2⤵
  PID:1012
- C:\Windows\System\BbQbpJE.exe
  C:\Windows\System\BbQbpJE.exe
  2⤵
  PID:1124
- C:\Windows\System\BDSSjfl.exe
  C:\Windows\System\BDSSjfl.exe
  2⤵
  PID:2556
- C:\Windows\System\HUKahgQ.exe
  C:\Windows\System\HUKahgQ.exe
  2⤵
  PID:2200
- C:\Windows\System\juNLlTS.exe
  C:\Windows\System\juNLlTS.exe
  2⤵
  PID:1904
- C:\Windows\System\ZkYOwpY.exe
  C:\Windows\System\ZkYOwpY.exe
  2⤵
  PID:1188
- C:\Windows\System\UKKaHYZ.exe
  C:\Windows\System\UKKaHYZ.exe
  2⤵
  PID:932
- C:\Windows\System\bCRdynJ.exe
  C:\Windows\System\bCRdynJ.exe
  2⤵
  PID:2480
- C:\Windows\System\qlFxmNr.exe
  C:\Windows\System\qlFxmNr.exe
  2⤵
  PID:2008
- C:\Windows\System\ykeGAna.exe
  C:\Windows\System\ykeGAna.exe
  2⤵
  PID:2460
- C:\Windows\System\DooQjnY.exe
  C:\Windows\System\DooQjnY.exe
  2⤵
  PID:2384
- C:\Windows\System\TJnmwwo.exe
  C:\Windows\System\TJnmwwo.exe
  2⤵
  PID:1640
- C:\Windows\System\EnfKmWx.exe
  C:\Windows\System\EnfKmWx.exe
  2⤵
  PID:2304
- C:\Windows\System\VbIcKKW.exe
  C:\Windows\System\VbIcKKW.exe
  2⤵
  PID:2768
- C:\Windows\System\kjARtIZ.exe
  C:\Windows\System\kjARtIZ.exe
  2⤵
  PID:2964
- C:\Windows\System\lfcLmFL.exe
  C:\Windows\System\lfcLmFL.exe
  2⤵
  PID:3084
- C:\Windows\System\IFquRrA.exe
  C:\Windows\System\IFquRrA.exe
  2⤵
  PID:3104
- C:\Windows\System\gMDSyRa.exe
  C:\Windows\System\gMDSyRa.exe
  2⤵
  PID:3124
- C:\Windows\System\OsKOjLK.exe
  C:\Windows\System\OsKOjLK.exe
  2⤵
  PID:3144
- C:\Windows\System\dtqjUKE.exe
  C:\Windows\System\dtqjUKE.exe
  2⤵
  PID:3160
- C:\Windows\System\hnDYPJV.exe
  C:\Windows\System\hnDYPJV.exe
  2⤵
  PID:3184
- C:\Windows\System\qFPuxzR.exe
  C:\Windows\System\qFPuxzR.exe
  2⤵
  PID:3200
- C:\Windows\System\MyYXDwk.exe
  C:\Windows\System\MyYXDwk.exe
  2⤵
  PID:3220
- C:\Windows\System\YoaNvDO.exe
  C:\Windows\System\YoaNvDO.exe
  2⤵
  PID:3240
- C:\Windows\System\PPlwOoE.exe
  C:\Windows\System\PPlwOoE.exe
  2⤵
  PID:3256
- C:\Windows\System\AuVTcAy.exe
  C:\Windows\System\AuVTcAy.exe
  2⤵
  PID:3280
- C:\Windows\System\kbnPHWM.exe
  C:\Windows\System\kbnPHWM.exe
  2⤵
  PID:3300
- C:\Windows\System\IZtLcdv.exe
  C:\Windows\System\IZtLcdv.exe
  2⤵
  PID:3320
- C:\Windows\System\CaxQmUB.exe
  C:\Windows\System\CaxQmUB.exe
  2⤵
  PID:3344
- C:\Windows\System\bBQlbgV.exe
  C:\Windows\System\bBQlbgV.exe
  2⤵
  PID:3360
- C:\Windows\System\zxUxRvM.exe
  C:\Windows\System\zxUxRvM.exe
  2⤵
  PID:3376
- C:\Windows\System\XMHLNlE.exe
  C:\Windows\System\XMHLNlE.exe
  2⤵
  PID:3400
- C:\Windows\System\oRwkjHZ.exe
  C:\Windows\System\oRwkjHZ.exe
  2⤵
  PID:3420
- C:\Windows\System\sxCUfgr.exe
  C:\Windows\System\sxCUfgr.exe
  2⤵
  PID:3440
- C:\Windows\System\PZlyhTz.exe
  C:\Windows\System\PZlyhTz.exe
  2⤵
  PID:3456
- C:\Windows\System\qvSbVbk.exe
  C:\Windows\System\qvSbVbk.exe
  2⤵
  PID:3484
- C:\Windows\System\JrpLYFb.exe
  C:\Windows\System\JrpLYFb.exe
  2⤵
  PID:3500
- C:\Windows\System\UgwLDdQ.exe
  C:\Windows\System\UgwLDdQ.exe
  2⤵
  PID:3524
- C:\Windows\System\NyNNech.exe
  C:\Windows\System\NyNNech.exe
  2⤵
  PID:3540
- C:\Windows\System\kLjEJPN.exe
  C:\Windows\System\kLjEJPN.exe
  2⤵
  PID:3560
- C:\Windows\System\KAzktOV.exe
  C:\Windows\System\KAzktOV.exe
  2⤵
  PID:3580
- C:\Windows\System\ZVzGFJV.exe
  C:\Windows\System\ZVzGFJV.exe
  2⤵
  PID:3600
- C:\Windows\System\xFQGvma.exe
  C:\Windows\System\xFQGvma.exe
  2⤵
  PID:3620
- C:\Windows\System\NmhEIDz.exe
  C:\Windows\System\NmhEIDz.exe
  2⤵
  PID:3648
- C:\Windows\System\AgqJrCb.exe
  C:\Windows\System\AgqJrCb.exe
  2⤵
  PID:3664
- C:\Windows\System\wiLqOns.exe
  C:\Windows\System\wiLqOns.exe
  2⤵
  PID:3684
- C:\Windows\System\tZQjZyN.exe
  C:\Windows\System\tZQjZyN.exe
  2⤵
  PID:3704
- C:\Windows\System\HhWsyHp.exe
  C:\Windows\System\HhWsyHp.exe
  2⤵
  PID:3724
- C:\Windows\System\VwkkuqI.exe
  C:\Windows\System\VwkkuqI.exe
  2⤵
  PID:3740
- C:\Windows\System\eFNSGwG.exe
  C:\Windows\System\eFNSGwG.exe
  2⤵
  PID:3760
- C:\Windows\System\OjrxfeA.exe
  C:\Windows\System\OjrxfeA.exe
  2⤵
  PID:3776
- C:\Windows\System\mxBLpUP.exe
  C:\Windows\System\mxBLpUP.exe
  2⤵
  PID:3796
- C:\Windows\System\miazBZk.exe
  C:\Windows\System\miazBZk.exe
  2⤵
  PID:3816
- C:\Windows\System\tBxzLhe.exe
  C:\Windows\System\tBxzLhe.exe
  2⤵
  PID:3848
- C:\Windows\System\VztszTz.exe
  C:\Windows\System\VztszTz.exe
  2⤵
  PID:3868
- C:\Windows\System\OrZmCzd.exe
  C:\Windows\System\OrZmCzd.exe
  2⤵
  PID:3888
- C:\Windows\System\DMasYtT.exe
  C:\Windows\System\DMasYtT.exe
  2⤵
  PID:3904
- C:\Windows\System\xLpnvQS.exe
  C:\Windows\System\xLpnvQS.exe
  2⤵
  PID:3924
- C:\Windows\System\DxzxnBz.exe
  C:\Windows\System\DxzxnBz.exe
  2⤵
  PID:3944
- C:\Windows\System\ZzKNbym.exe
  C:\Windows\System\ZzKNbym.exe
  2⤵
  PID:3964
- C:\Windows\System\LcLWYEa.exe
  C:\Windows\System\LcLWYEa.exe
  2⤵
  PID:3984
- C:\Windows\System\iLyHbyt.exe
  C:\Windows\System\iLyHbyt.exe
  2⤵
  PID:4000
- C:\Windows\System\OymCyPA.exe
  C:\Windows\System\OymCyPA.exe
  2⤵
  PID:4016
- C:\Windows\System\SWqUQNN.exe
  C:\Windows\System\SWqUQNN.exe
  2⤵
  PID:4040
- C:\Windows\System\kInhqvI.exe
  C:\Windows\System\kInhqvI.exe
  2⤵
  PID:4056
- C:\Windows\System\eXNZqFd.exe
  C:\Windows\System\eXNZqFd.exe
  2⤵
  PID:4076
- C:\Windows\System\itYuovY.exe
  C:\Windows\System\itYuovY.exe
  2⤵
  PID:4092
- C:\Windows\System\xMdqXnh.exe
  C:\Windows\System\xMdqXnh.exe
  2⤵
  PID:1804
- C:\Windows\System\bgIlbZS.exe
  C:\Windows\System\bgIlbZS.exe
  2⤵
  PID:1720
- C:\Windows\System\jdyYxyz.exe
  C:\Windows\System\jdyYxyz.exe
  2⤵
  PID:2732
- C:\Windows\System\NhyssuJ.exe
  C:\Windows\System\NhyssuJ.exe
  2⤵
  PID:3048
- C:\Windows\System\GfjCXXH.exe
  C:\Windows\System\GfjCXXH.exe
  2⤵
  PID:1592
- C:\Windows\System\VbKzcXn.exe
  C:\Windows\System\VbKzcXn.exe
  2⤵
  PID:1992
- C:\Windows\System\dezQGfJ.exe
  C:\Windows\System\dezQGfJ.exe
  2⤵
  PID:2708
- C:\Windows\System\GWRwYmr.exe
  C:\Windows\System\GWRwYmr.exe
  2⤵
  PID:2828
- C:\Windows\System\xaYrcqe.exe
  C:\Windows\System\xaYrcqe.exe
  2⤵
  PID:1632
- C:\Windows\System\IEBdklW.exe
  C:\Windows\System\IEBdklW.exe
  2⤵
  PID:3140
- C:\Windows\System\crhXrDh.exe
  C:\Windows\System\crhXrDh.exe
  2⤵
  PID:3172
- C:\Windows\System\zhOSoUn.exe
  C:\Windows\System\zhOSoUn.exe
  2⤵
  PID:2380
- C:\Windows\System\dtakEcS.exe
  C:\Windows\System\dtakEcS.exe
  2⤵
  PID:3076
- C:\Windows\System\KskaiLa.exe
  C:\Windows\System\KskaiLa.exe
  2⤵
  PID:3112
- C:\Windows\System\FrWrOAd.exe
  C:\Windows\System\FrWrOAd.exe
  2⤵
  PID:3288
- C:\Windows\System\CCJyVTu.exe
  C:\Windows\System\CCJyVTu.exe
  2⤵
  PID:3340
- C:\Windows\System\FJzIGhM.exe
  C:\Windows\System\FJzIGhM.exe
  2⤵
  PID:3228
- C:\Windows\System\RIIukjW.exe
  C:\Windows\System\RIIukjW.exe
  2⤵
  PID:3276
- C:\Windows\System\KYFMWnr.exe
  C:\Windows\System\KYFMWnr.exe
  2⤵
  PID:3416
- C:\Windows\System\RIWibSY.exe
  C:\Windows\System\RIWibSY.exe
  2⤵
  PID:3352
- C:\Windows\System\urBlRlI.exe
  C:\Windows\System\urBlRlI.exe
  2⤵
  PID:3496
- C:\Windows\System\CPlJfLq.exe
  C:\Windows\System\CPlJfLq.exe
  2⤵
  PID:3572
- C:\Windows\System\EFeqilY.exe
  C:\Windows\System\EFeqilY.exe
  2⤵
  PID:3432
- C:\Windows\System\KWOaauE.exe
  C:\Windows\System\KWOaauE.exe
  2⤵
  PID:3388
- C:\Windows\System\vhSBcuj.exe
  C:\Windows\System\vhSBcuj.exe
  2⤵
  PID:3468
- C:\Windows\System\aYljyaa.exe
  C:\Windows\System\aYljyaa.exe
  2⤵
  PID:3480
- C:\Windows\System\tpikaCA.exe
  C:\Windows\System\tpikaCA.exe
  2⤵
  PID:3592
- C:\Windows\System\IXlWbEw.exe
  C:\Windows\System\IXlWbEw.exe
  2⤵
  PID:3548
- C:\Windows\System\WsdbTpT.exe
  C:\Windows\System\WsdbTpT.exe
  2⤵
  PID:3632
- C:\Windows\System\OtcSuwH.exe
  C:\Windows\System\OtcSuwH.exe
  2⤵
  PID:3864
- C:\Windows\System\bixYPVM.exe
  C:\Windows\System\bixYPVM.exe
  2⤵
  PID:3932
- C:\Windows\System\XgjZymY.exe
  C:\Windows\System\XgjZymY.exe
  2⤵
  PID:3976
- C:\Windows\System\LVyaXUm.exe
  C:\Windows\System\LVyaXUm.exe
  2⤵
  PID:3756
- C:\Windows\System\XhiciBf.exe
  C:\Windows\System\XhiciBf.exe
  2⤵
  PID:3712
- C:\Windows\System\sYUcOBz.exe
  C:\Windows\System\sYUcOBz.exe
  2⤵
  PID:3836
- C:\Windows\System\YBgmjgo.exe
  C:\Windows\System\YBgmjgo.exe
  2⤵
  PID:4084
- C:\Windows\System\QyyFPuu.exe
  C:\Windows\System\QyyFPuu.exe
  2⤵
  PID:3880
- C:\Windows\System\ckFKDyW.exe
  C:\Windows\System\ckFKDyW.exe
  2⤵
  PID:3916
- C:\Windows\System\waiRdJD.exe
  C:\Windows\System\waiRdJD.exe
  2⤵
  PID:1748
- C:\Windows\System\pnqkGhI.exe
  C:\Windows\System\pnqkGhI.exe
  2⤵
  PID:4072
- C:\Windows\System\oajXaxx.exe
  C:\Windows\System\oajXaxx.exe
  2⤵
  PID:4028
- C:\Windows\System\pbqlvhG.exe
  C:\Windows\System\pbqlvhG.exe
  2⤵
  PID:2324
- C:\Windows\System\nDgYhPF.exe
  C:\Windows\System\nDgYhPF.exe
  2⤵
  PID:496
- C:\Windows\System\eFjASeu.exe
  C:\Windows\System\eFjASeu.exe
  2⤵
  PID:1612
- C:\Windows\System\ygjozME.exe
  C:\Windows\System\ygjozME.exe
  2⤵
  PID:3100
- C:\Windows\System\BSoiVPC.exe
  C:\Windows\System\BSoiVPC.exe
  2⤵
  PID:3120
- C:\Windows\System\lRbyiRV.exe
  C:\Windows\System\lRbyiRV.exe
  2⤵
  PID:3236
- C:\Windows\System\mRWZJdo.exe
  C:\Windows\System\mRWZJdo.exe
  2⤵
  PID:2892
- C:\Windows\System\GfhEIJc.exe
  C:\Windows\System\GfhEIJc.exe
  2⤵
  PID:3536
- C:\Windows\System\YILgxEl.exe
  C:\Windows\System\YILgxEl.exe
  2⤵
  PID:3692
- C:\Windows\System\agSPHNT.exe
  C:\Windows\System\agSPHNT.exe
  2⤵
  PID:3176
- C:\Windows\System\ddKBCHD.exe
  C:\Windows\System\ddKBCHD.exe
  2⤵
  PID:3368
- C:\Windows\System\NEOjGRK.exe
  C:\Windows\System\NEOjGRK.exe
  2⤵
  PID:3508
- C:\Windows\System\lSCotCm.exe
  C:\Windows\System\lSCotCm.exe
  2⤵
  PID:3408
- C:\Windows\System\CQjoGIm.exe
  C:\Windows\System\CQjoGIm.exe
  2⤵
  PID:3392
- C:\Windows\System\qcDOIGe.exe
  C:\Windows\System\qcDOIGe.exe
  2⤵
  PID:3808
- C:\Windows\System\OCUkNwy.exe
  C:\Windows\System\OCUkNwy.exe
  2⤵
  PID:3312
- C:\Windows\System\HZXGRqJ.exe
  C:\Windows\System\HZXGRqJ.exe
  2⤵
  PID:3696
- C:\Windows\System\QrRCLfZ.exe
  C:\Windows\System\QrRCLfZ.exe
  2⤵
  PID:3972
- C:\Windows\System\QuZIqXz.exe
  C:\Windows\System\QuZIqXz.exe
  2⤵
  PID:3716
- C:\Windows\System\zGYDtPr.exe
  C:\Windows\System\zGYDtPr.exe
  2⤵
  PID:4012
- C:\Windows\System\XfVUjle.exe
  C:\Windows\System\XfVUjle.exe
  2⤵
  PID:3844
- C:\Windows\System\cjDzyrv.exe
  C:\Windows\System\cjDzyrv.exe
  2⤵
  PID:3912
- C:\Windows\System\KBGNhva.exe
  C:\Windows\System\KBGNhva.exe
  2⤵
  PID:2588
- C:\Windows\System\mbVRhaD.exe
  C:\Windows\System\mbVRhaD.exe
  2⤵
  PID:3952
- C:\Windows\System\MWcMNCG.exe
  C:\Windows\System\MWcMNCG.exe
  2⤵
  PID:1240
- C:\Windows\System\JAZCmLx.exe
  C:\Windows\System\JAZCmLx.exe
  2⤵
  PID:2248
- C:\Windows\System\HooYsUI.exe
  C:\Windows\System\HooYsUI.exe
  2⤵
  PID:3212
- C:\Windows\System\CZTtbFl.exe
  C:\Windows\System\CZTtbFl.exe
  2⤵
  PID:3992
- C:\Windows\System\afzRGwd.exe
  C:\Windows\System\afzRGwd.exe
  2⤵
  PID:3336
- C:\Windows\System\cRfrLuG.exe
  C:\Windows\System\cRfrLuG.exe
  2⤵
  PID:3736
- C:\Windows\System\frtJONN.exe
  C:\Windows\System\frtJONN.exe
  2⤵
  PID:3552
- C:\Windows\System\iGgUSQP.exe
  C:\Windows\System\iGgUSQP.exe
  2⤵
  PID:3556
- C:\Windows\System\pdZWlzP.exe
  C:\Windows\System\pdZWlzP.exe
  2⤵
  PID:3752
- C:\Windows\System\ztDhGOz.exe
  C:\Windows\System\ztDhGOz.exe
  2⤵
  PID:3252
- C:\Windows\System\EounGHO.exe
  C:\Windows\System\EounGHO.exe
  2⤵
  PID:2616
- C:\Windows\System\yoyXMSW.exe
  C:\Windows\System\yoyXMSW.exe
  2⤵
  PID:3772
- C:\Windows\System\MCKlfMK.exe
  C:\Windows\System\MCKlfMK.exe
  2⤵
  PID:2000
- C:\Windows\System\LPbKRCT.exe
  C:\Windows\System\LPbKRCT.exe
  2⤵
  PID:4108
- C:\Windows\System\tqwuwoz.exe
  C:\Windows\System\tqwuwoz.exe
  2⤵
  PID:4128
- C:\Windows\System\NjEcGBG.exe
  C:\Windows\System\NjEcGBG.exe
  2⤵
  PID:4148
- C:\Windows\System\TBbhUoD.exe
  C:\Windows\System\TBbhUoD.exe
  2⤵
  PID:4164
- C:\Windows\System\tGUHYbb.exe
  C:\Windows\System\tGUHYbb.exe
  2⤵
  PID:4184
- C:\Windows\System\PuWiSAg.exe
  C:\Windows\System\PuWiSAg.exe
  2⤵
  PID:4204
- C:\Windows\System\SjDvbyW.exe
  C:\Windows\System\SjDvbyW.exe
  2⤵
  PID:4224
- C:\Windows\System\AdBaRny.exe
  C:\Windows\System\AdBaRny.exe
  2⤵
  PID:4244
- C:\Windows\System\RgxzHxC.exe
  C:\Windows\System\RgxzHxC.exe
  2⤵
  PID:4264
- C:\Windows\System\DkEAuvi.exe
  C:\Windows\System\DkEAuvi.exe
  2⤵
  PID:4284
- C:\Windows\System\SwCGisO.exe
  C:\Windows\System\SwCGisO.exe
  2⤵
  PID:4320
- C:\Windows\System\HjSrprH.exe
  C:\Windows\System\HjSrprH.exe
  2⤵
  PID:4340
- C:\Windows\System\XSdvegW.exe
  C:\Windows\System\XSdvegW.exe
  2⤵
  PID:4360
- C:\Windows\System\GGhBhox.exe
  C:\Windows\System\GGhBhox.exe
  2⤵
  PID:4376
- C:\Windows\System\tYawUxx.exe
  C:\Windows\System\tYawUxx.exe
  2⤵
  PID:4400
- C:\Windows\System\XEInODI.exe
  C:\Windows\System\XEInODI.exe
  2⤵
  PID:4420
- C:\Windows\System\kDbmDsu.exe
  C:\Windows\System\kDbmDsu.exe
  2⤵
  PID:4440
- C:\Windows\System\zptcRgf.exe
  C:\Windows\System\zptcRgf.exe
  2⤵
  PID:4456
- C:\Windows\System\UNyCSWV.exe
  C:\Windows\System\UNyCSWV.exe
  2⤵
  PID:4476
- C:\Windows\System\nXearQX.exe
  C:\Windows\System\nXearQX.exe
  2⤵
  PID:4500
- C:\Windows\System\eyNYOmw.exe
  C:\Windows\System\eyNYOmw.exe
  2⤵
  PID:4520
- C:\Windows\System\pFZhWyP.exe
  C:\Windows\System\pFZhWyP.exe
  2⤵
  PID:4540
- C:\Windows\System\BOTVlfO.exe
  C:\Windows\System\BOTVlfO.exe
  2⤵
  PID:4556
- C:\Windows\System\qOyruia.exe
  C:\Windows\System\qOyruia.exe
  2⤵
  PID:4580
- C:\Windows\System\dLOqoXt.exe
  C:\Windows\System\dLOqoXt.exe
  2⤵
  PID:4596
- C:\Windows\System\IzlWDNt.exe
  C:\Windows\System\IzlWDNt.exe
  2⤵
  PID:4612
- C:\Windows\System\eaiqWow.exe
  C:\Windows\System\eaiqWow.exe
  2⤵
  PID:4636
- C:\Windows\System\zGnDeSl.exe
  C:\Windows\System\zGnDeSl.exe
  2⤵
  PID:4656
- C:\Windows\System\RzSlYbD.exe
  C:\Windows\System\RzSlYbD.exe
  2⤵
  PID:4676
- C:\Windows\System\nqkHOEa.exe
  C:\Windows\System\nqkHOEa.exe
  2⤵
  PID:4692
- C:\Windows\System\efClvrQ.exe
  C:\Windows\System\efClvrQ.exe
  2⤵
  PID:4716
- C:\Windows\System\PTkPxsd.exe
  C:\Windows\System\PTkPxsd.exe
  2⤵
  PID:4732
- C:\Windows\System\OBjEQQs.exe
  C:\Windows\System\OBjEQQs.exe
  2⤵
  PID:4756
- C:\Windows\System\VnJpRce.exe
  C:\Windows\System\VnJpRce.exe
  2⤵
  PID:4776
- C:\Windows\System\uSSIEzX.exe
  C:\Windows\System\uSSIEzX.exe
  2⤵
  PID:4792
- C:\Windows\System\wdFClna.exe
  C:\Windows\System\wdFClna.exe
  2⤵
  PID:4816
- C:\Windows\System\LFXHXFq.exe
  C:\Windows\System\LFXHXFq.exe
  2⤵
  PID:4832
- C:\Windows\System\KMmQNZI.exe
  C:\Windows\System\KMmQNZI.exe
  2⤵
  PID:4852
- C:\Windows\System\JqEeZVi.exe
  C:\Windows\System\JqEeZVi.exe
  2⤵
  PID:4880
- C:\Windows\System\PtDVPlK.exe
  C:\Windows\System\PtDVPlK.exe
  2⤵
  PID:4904
- C:\Windows\System\bljGdfK.exe
  C:\Windows\System\bljGdfK.exe
  2⤵
  PID:4920
- C:\Windows\System\NhoSnOT.exe
  C:\Windows\System\NhoSnOT.exe
  2⤵
  PID:4936
- C:\Windows\System\aAHzyWA.exe
  C:\Windows\System\aAHzyWA.exe
  2⤵
  PID:4960
- C:\Windows\System\tnOLKeA.exe
  C:\Windows\System\tnOLKeA.exe
  2⤵
  PID:4980
- C:\Windows\System\tqTxPjf.exe
  C:\Windows\System\tqTxPjf.exe
  2⤵
  PID:5000
- C:\Windows\System\PfhUhqF.exe
  C:\Windows\System\PfhUhqF.exe
  2⤵
  PID:5020
- C:\Windows\System\dGDHCvG.exe
  C:\Windows\System\dGDHCvG.exe
  2⤵
  PID:5044
- C:\Windows\System\ycfTGYu.exe
  C:\Windows\System\ycfTGYu.exe
  2⤵
  PID:5064
- C:\Windows\System\jggcNUl.exe
  C:\Windows\System\jggcNUl.exe
  2⤵
  PID:5084
- C:\Windows\System\uAwIQpK.exe
  C:\Windows\System\uAwIQpK.exe
  2⤵
  PID:5104
- C:\Windows\System\WotcpiU.exe
  C:\Windows\System\WotcpiU.exe
  2⤵
  PID:3132
- C:\Windows\System\LBvZNGO.exe
  C:\Windows\System\LBvZNGO.exe
  2⤵
  PID:3588
- C:\Windows\System\BqsEdsY.exe
  C:\Windows\System\BqsEdsY.exe
  2⤵
  PID:3900
- C:\Windows\System\mQkVzIX.exe
  C:\Windows\System\mQkVzIX.exe
  2⤵
  PID:3828
- C:\Windows\System\ITdlyWU.exe
  C:\Windows\System\ITdlyWU.exe
  2⤵
  PID:3660
- C:\Windows\System\zDFOaLV.exe
  C:\Windows\System\zDFOaLV.exe
  2⤵
  PID:2752
- C:\Windows\System\RhgJbHS.exe
  C:\Windows\System\RhgJbHS.exe
  2⤵
  PID:4124
- C:\Windows\System\QDJpZtE.exe
  C:\Windows\System\QDJpZtE.exe
  2⤵
  PID:3452
- C:\Windows\System\WNNtksN.exe
  C:\Windows\System\WNNtksN.exe
  2⤵
  PID:2220
- C:\Windows\System\kXLYNEI.exe
  C:\Windows\System\kXLYNEI.exe
  2⤵
  PID:3700
- C:\Windows\System\pmhSmEb.exe
  C:\Windows\System\pmhSmEb.exe
  2⤵
  PID:4196
- C:\Windows\System\LfcnsNI.exe
  C:\Windows\System\LfcnsNI.exe
  2⤵
  PID:2988
- C:\Windows\System\pIgnPed.exe
  C:\Windows\System\pIgnPed.exe
  2⤵
  PID:4144
- C:\Windows\System\kOsweyR.exe
  C:\Windows\System\kOsweyR.exe
  2⤵
  PID:2960
- C:\Windows\System\mrujjzq.exe
  C:\Windows\System\mrujjzq.exe
  2⤵
  PID:4172
- C:\Windows\System\gRDichy.exe
  C:\Windows\System\gRDichy.exe
  2⤵
  PID:4292
- C:\Windows\System\sIZMbZC.exe
  C:\Windows\System\sIZMbZC.exe
  2⤵
  PID:4260
- C:\Windows\System\FDITQMA.exe
  C:\Windows\System\FDITQMA.exe
  2⤵
  PID:4312
- C:\Windows\System\TbPUfkB.exe
  C:\Windows\System\TbPUfkB.exe
  2⤵
  PID:2080
- C:\Windows\System\HdZwvPZ.exe
  C:\Windows\System\HdZwvPZ.exe
  2⤵
  PID:4384
- C:\Windows\System\vXSfANF.exe
  C:\Windows\System\vXSfANF.exe
  2⤵
  PID:4496
- C:\Windows\System\qaCywPA.exe
  C:\Windows\System\qaCywPA.exe
  2⤵
  PID:4532
- C:\Windows\System\zkOiPXd.exe
  C:\Windows\System\zkOiPXd.exe
  2⤵
  PID:4432
- C:\Windows\System\owWeYMK.exe
  C:\Windows\System\owWeYMK.exe
  2⤵
  PID:4464
- C:\Windows\System\spTmpGU.exe
  C:\Windows\System\spTmpGU.exe
  2⤵
  PID:4516
- C:\Windows\System\FbmlHTM.exe
  C:\Windows\System\FbmlHTM.exe
  2⤵
  PID:4648
- C:\Windows\System\fDcdXfF.exe
  C:\Windows\System\fDcdXfF.exe
  2⤵
  PID:4724
- C:\Windows\System\NhSueiZ.exe
  C:\Windows\System\NhSueiZ.exe
  2⤵
  PID:4588
- C:\Windows\System\KswLsSU.exe
  C:\Windows\System\KswLsSU.exe
  2⤵
  PID:4772
- C:\Windows\System\nBAAfZz.exe
  C:\Windows\System\nBAAfZz.exe
  2⤵
  PID:4672
- C:\Windows\System\JwDVCHE.exe
  C:\Windows\System\JwDVCHE.exe
  2⤵
  PID:4712
- C:\Windows\System\mSbfwAs.exe
  C:\Windows\System\mSbfwAs.exe
  2⤵
  PID:4744
- C:\Windows\System\AcaoKgD.exe
  C:\Windows\System\AcaoKgD.exe
  2⤵
  PID:4784
- C:\Windows\System\ErQOrRD.exe
  C:\Windows\System\ErQOrRD.exe
  2⤵
  PID:4896
- C:\Windows\System\ssCoAAa.exe
  C:\Windows\System\ssCoAAa.exe
  2⤵
  PID:4876
- C:\Windows\System\rBMdVkD.exe
  C:\Windows\System\rBMdVkD.exe
  2⤵
  PID:4968
- C:\Windows\System\jXWuODb.exe
  C:\Windows\System\jXWuODb.exe
  2⤵
  PID:5008
- C:\Windows\System\KaHsifX.exe
  C:\Windows\System\KaHsifX.exe
  2⤵
  PID:4948
- C:\Windows\System\mNhMSvL.exe
  C:\Windows\System\mNhMSvL.exe
  2⤵
  PID:4996
- C:\Windows\System\qifAkVP.exe
  C:\Windows\System\qifAkVP.exe
  2⤵
  PID:5060
- C:\Windows\System\QshdDwa.exe
  C:\Windows\System\QshdDwa.exe
  2⤵
  PID:3328
- C:\Windows\System\OaGubGU.exe
  C:\Windows\System\OaGubGU.exe
  2⤵
  PID:5112
- C:\Windows\System\qlrDwdk.exe
  C:\Windows\System\qlrDwdk.exe
  2⤵
  PID:5116
- C:\Windows\System\KTLXEhb.exe
  C:\Windows\System\KTLXEhb.exe
  2⤵
  PID:3676
- C:\Windows\System\LDHlicP.exe
  C:\Windows\System\LDHlicP.exe
  2⤵
  PID:3628
- C:\Windows\System\JvIQWmK.exe
  C:\Windows\System\JvIQWmK.exe
  2⤵
  PID:2500
- C:\Windows\System\EGdkaOH.exe
  C:\Windows\System\EGdkaOH.exe
  2⤵
  PID:4160
- C:\Windows\System\Sfkltsr.exe
  C:\Windows\System\Sfkltsr.exe
  2⤵
  PID:4220
- C:\Windows\System\ZJjEGOE.exe
  C:\Windows\System\ZJjEGOE.exe
  2⤵
  PID:2956
- C:\Windows\System\VIZbMDP.exe
  C:\Windows\System\VIZbMDP.exe
  2⤵
  PID:4256
- C:\Windows\System\GlEvNuf.exe
  C:\Windows\System\GlEvNuf.exe
  2⤵
  PID:4212
- C:\Windows\System\MjDtieM.exe
  C:\Windows\System\MjDtieM.exe
  2⤵
  PID:4332
- C:\Windows\System\WBpzwzn.exe
  C:\Windows\System\WBpzwzn.exe
  2⤵
  PID:4308
- C:\Windows\System\oMzRjnN.exe
  C:\Windows\System\oMzRjnN.exe
  2⤵
  PID:4452
- C:\Windows\System\Szhpnom.exe
  C:\Windows\System\Szhpnom.exe
  2⤵
  PID:4428
- C:\Windows\System\TwUyvYe.exe
  C:\Windows\System\TwUyvYe.exe
  2⤵
  PID:4568
- C:\Windows\System\GNKxnZc.exe
  C:\Windows\System\GNKxnZc.exe
  2⤵
  PID:4508
- C:\Windows\System\LtfRVJv.exe
  C:\Windows\System\LtfRVJv.exe
  2⤵
  PID:4668
- C:\Windows\System\NIWfhVr.exe
  C:\Windows\System\NIWfhVr.exe
  2⤵
  PID:4752
- C:\Windows\System\ntsqgcU.exe
  C:\Windows\System\ntsqgcU.exe
  2⤵
  PID:4700
- C:\Windows\System\EbpUSaB.exe
  C:\Windows\System\EbpUSaB.exe
  2⤵
  PID:4844
- C:\Windows\System\AtWGNjo.exe
  C:\Windows\System\AtWGNjo.exe
  2⤵
  PID:4912
- C:\Windows\System\fOjOcgr.exe
  C:\Windows\System\fOjOcgr.exe
  2⤵
  PID:4944
- C:\Windows\System\QyWmASE.exe
  C:\Windows\System\QyWmASE.exe
  2⤵
  PID:5032
- C:\Windows\System\SFxDxPO.exe
  C:\Windows\System\SFxDxPO.exe
  2⤵
  PID:2824
- C:\Windows\System\iAIwNMb.exe
  C:\Windows\System\iAIwNMb.exe
  2⤵
  PID:4992
- C:\Windows\System\MHPyOvK.exe
  C:\Windows\System\MHPyOvK.exe
  2⤵
  PID:5072
- C:\Windows\System\mkCQpiX.exe
  C:\Windows\System\mkCQpiX.exe
  2⤵
  PID:4116
- C:\Windows\System\OFZIARG.exe
  C:\Windows\System\OFZIARG.exe
  2⤵
  PID:3060
- C:\Windows\System\HZyzPeQ.exe
  C:\Windows\System\HZyzPeQ.exe
  2⤵
  PID:4240
- C:\Windows\System\XZUsXbu.exe
  C:\Windows\System\XZUsXbu.exe
  2⤵
  PID:3832
- C:\Windows\System\rtqZRym.exe
  C:\Windows\System\rtqZRym.exe
  2⤵
  PID:4416
- C:\Windows\System\lGVFTMC.exe
  C:\Windows\System\lGVFTMC.exe
  2⤵
  PID:4276
- C:\Windows\System\chcwMId.exe
  C:\Windows\System\chcwMId.exe
  2⤵
  PID:4572
- C:\Windows\System\GmuPnEQ.exe
  C:\Windows\System\GmuPnEQ.exe
  2⤵
  PID:4296
- C:\Windows\System\OHowsJX.exe
  C:\Windows\System\OHowsJX.exe
  2⤵
  PID:4888
- C:\Windows\System\gMAxadB.exe
  C:\Windows\System\gMAxadB.exe
  2⤵
  PID:4576
- C:\Windows\System\IyDHJYl.exe
  C:\Windows\System\IyDHJYl.exe
  2⤵
  PID:4608
- C:\Windows\System\nQAakSp.exe
  C:\Windows\System\nQAakSp.exe
  2⤵
  PID:4892
- C:\Windows\System\pGTihLo.exe
  C:\Windows\System\pGTihLo.exe
  2⤵
  PID:5040
- C:\Windows\System\zcKLdmJ.exe
  C:\Windows\System\zcKLdmJ.exe
  2⤵
  PID:3876
- C:\Windows\System\husWSOS.exe
  C:\Windows\System\husWSOS.exe
  2⤵
  PID:2844
- C:\Windows\System\gyymAph.exe
  C:\Windows\System\gyymAph.exe
  2⤵
  PID:4368
- C:\Windows\System\LZiXZGV.exe
  C:\Windows\System\LZiXZGV.exe
  2⤵
  PID:4632
- C:\Windows\System\MsYVFHz.exe
  C:\Windows\System\MsYVFHz.exe
  2⤵
  PID:5140
- C:\Windows\System\XCeGodU.exe
  C:\Windows\System\XCeGodU.exe
  2⤵
  PID:5156
- C:\Windows\System\rshjXXn.exe
  C:\Windows\System\rshjXXn.exe
  2⤵
  PID:5180
- C:\Windows\System\zDtYCGg.exe
  C:\Windows\System\zDtYCGg.exe
  2⤵
  PID:5196
- C:\Windows\System\AxHjABH.exe
  C:\Windows\System\AxHjABH.exe
  2⤵
  PID:5216
- C:\Windows\System\UsIwgFJ.exe
  C:\Windows\System\UsIwgFJ.exe
  2⤵
  PID:5232
- C:\Windows\System\TGzjVXi.exe
  C:\Windows\System\TGzjVXi.exe
  2⤵
  PID:5256
- C:\Windows\System\WZSZXvK.exe
  C:\Windows\System\WZSZXvK.exe
  2⤵
  PID:5280
- C:\Windows\System\gepHXjP.exe
  C:\Windows\System\gepHXjP.exe
  2⤵
  PID:5308
- C:\Windows\System\PJkpNRU.exe
  C:\Windows\System\PJkpNRU.exe
  2⤵
  PID:5324
- C:\Windows\System\cDgWETm.exe
  C:\Windows\System\cDgWETm.exe
  2⤵
  PID:5352
- C:\Windows\System\EVuhIEH.exe
  C:\Windows\System\EVuhIEH.exe
  2⤵
  PID:5368
- C:\Windows\System\rSCvDrH.exe
  C:\Windows\System\rSCvDrH.exe
  2⤵
  PID:5388
- C:\Windows\System\lyMTnpk.exe
  C:\Windows\System\lyMTnpk.exe
  2⤵
  PID:5404
- C:\Windows\System\NrXPqTH.exe
  C:\Windows\System\NrXPqTH.exe
  2⤵
  PID:5424
- C:\Windows\System\hBVPvAj.exe
  C:\Windows\System\hBVPvAj.exe
  2⤵
  PID:5440
- C:\Windows\System\WYLtOuD.exe
  C:\Windows\System\WYLtOuD.exe
  2⤵
  PID:5460
- C:\Windows\System\lmJpYcX.exe
  C:\Windows\System\lmJpYcX.exe
  2⤵
  PID:5476
- C:\Windows\System\lwOAPze.exe
  C:\Windows\System\lwOAPze.exe
  2⤵
  PID:5500
- C:\Windows\System\XgqOnKI.exe
  C:\Windows\System\XgqOnKI.exe
  2⤵
  PID:5516
- C:\Windows\System\ocvrFoK.exe
  C:\Windows\System\ocvrFoK.exe
  2⤵
  PID:5540
- C:\Windows\System\KLwrYJP.exe
  C:\Windows\System\KLwrYJP.exe
  2⤵
  PID:5556
- C:\Windows\System\nOVUWbD.exe
  C:\Windows\System\nOVUWbD.exe
  2⤵
  PID:5580
- C:\Windows\System\WZsJOJM.exe
  C:\Windows\System\WZsJOJM.exe
  2⤵
  PID:5596
- C:\Windows\System\NTyJwMP.exe
  C:\Windows\System\NTyJwMP.exe
  2⤵
  PID:5620
- C:\Windows\System\aGMskVW.exe
  C:\Windows\System\aGMskVW.exe
  2⤵
  PID:5636
- C:\Windows\System\bbGReTe.exe
  C:\Windows\System\bbGReTe.exe
  2⤵
  PID:5656
- C:\Windows\System\PWvILYq.exe
  C:\Windows\System\PWvILYq.exe
  2⤵
  PID:5672
- C:\Windows\System\WSEjINI.exe
  C:\Windows\System\WSEjINI.exe
  2⤵
  PID:5692
- C:\Windows\System\EfgQWfU.exe
  C:\Windows\System\EfgQWfU.exe
  2⤵
  PID:5712
- C:\Windows\System\RTNCwMz.exe
  C:\Windows\System\RTNCwMz.exe
  2⤵
  PID:5732
- C:\Windows\System\grTjPKl.exe
  C:\Windows\System\grTjPKl.exe
  2⤵
  PID:5748
- C:\Windows\System\tYMVGVD.exe
  C:\Windows\System\tYMVGVD.exe
  2⤵
  PID:5768
- C:\Windows\System\VtIArHK.exe
  C:\Windows\System\VtIArHK.exe
  2⤵
  PID:5784
- C:\Windows\System\Gqiifkf.exe
  C:\Windows\System\Gqiifkf.exe
  2⤵
  PID:5800
- C:\Windows\System\cPlFwWP.exe
  C:\Windows\System\cPlFwWP.exe
  2⤵
  PID:5816
- C:\Windows\System\ckYjdwD.exe
  C:\Windows\System\ckYjdwD.exe
  2⤵
  PID:5832
- C:\Windows\System\bAOpkym.exe
  C:\Windows\System\bAOpkym.exe
  2⤵
  PID:5852
- C:\Windows\System\JFpxQba.exe
  C:\Windows\System\JFpxQba.exe
  2⤵
  PID:5872
- C:\Windows\System\AzVpCML.exe
  C:\Windows\System\AzVpCML.exe
  2⤵
  PID:5892
- C:\Windows\System\YYhnNgP.exe
  C:\Windows\System\YYhnNgP.exe
  2⤵
  PID:5912
- C:\Windows\System\MgYISzg.exe
  C:\Windows\System\MgYISzg.exe
  2⤵
  PID:5936
- C:\Windows\System\EhgepOV.exe
  C:\Windows\System\EhgepOV.exe
  2⤵
  PID:5960
- C:\Windows\System\auBEZxY.exe
  C:\Windows\System\auBEZxY.exe
  2⤵
  PID:6020
- C:\Windows\System\AjdBfsH.exe
  C:\Windows\System\AjdBfsH.exe
  2⤵
  PID:6036
- C:\Windows\System\qAzIQFP.exe
  C:\Windows\System\qAzIQFP.exe
  2⤵
  PID:6052
- C:\Windows\System\XaiLvdW.exe
  C:\Windows\System\XaiLvdW.exe
  2⤵
  PID:6068
- C:\Windows\System\YZqhmAm.exe
  C:\Windows\System\YZqhmAm.exe
  2⤵
  PID:6088
- C:\Windows\System\eFLjuDt.exe
  C:\Windows\System\eFLjuDt.exe
  2⤵
  PID:6112
- C:\Windows\System\alETtVw.exe
  C:\Windows\System\alETtVw.exe
  2⤵
  PID:6132
- C:\Windows\System\zuqhJSK.exe
  C:\Windows\System\zuqhJSK.exe
  2⤵
  PID:4972
- C:\Windows\System\uKnsjDi.exe
  C:\Windows\System\uKnsjDi.exe
  2⤵
  PID:4704
- C:\Windows\System\DSKlkUZ.exe
  C:\Windows\System\DSKlkUZ.exe
  2⤵
  PID:1364
- C:\Windows\System\dsiOzay.exe
  C:\Windows\System\dsiOzay.exe
  2⤵
  PID:5092
- C:\Windows\System\eEEYdQQ.exe
  C:\Windows\System\eEEYdQQ.exe
  2⤵
  PID:3640
- C:\Windows\System\ynuGcoS.exe
  C:\Windows\System\ynuGcoS.exe
  2⤵
  PID:5188
- C:\Windows\System\FdWBcSl.exe
  C:\Windows\System\FdWBcSl.exe
  2⤵
  PID:4408
- C:\Windows\System\urBRino.exe
  C:\Windows\System\urBRino.exe
  2⤵
  PID:4396
- C:\Windows\System\UKnaoQB.exe
  C:\Windows\System\UKnaoQB.exe
  2⤵
  PID:4932
- C:\Windows\System\SmCRXGg.exe
  C:\Windows\System\SmCRXGg.exe
  2⤵
  PID:5276
- C:\Windows\System\EHjmIfd.exe
  C:\Windows\System\EHjmIfd.exe
  2⤵
  PID:5360
- C:\Windows\System\CFNCgyf.exe
  C:\Windows\System\CFNCgyf.exe
  2⤵
  PID:5136
- C:\Windows\System\IcFXBXs.exe
  C:\Windows\System\IcFXBXs.exe
  2⤵
  PID:5208
- C:\Windows\System\RdkVJOi.exe
  C:\Windows\System\RdkVJOi.exe
  2⤵
  PID:5244
- C:\Windows\System\DJgoUoK.exe
  C:\Windows\System\DJgoUoK.exe
  2⤵
  PID:5164
- C:\Windows\System\SQnxJmW.exe
  C:\Windows\System\SQnxJmW.exe
  2⤵
  PID:5548
- C:\Windows\System\XxTNlTl.exe
  C:\Windows\System\XxTNlTl.exe
  2⤵
  PID:5632
- C:\Windows\System\qkENeIg.exe
  C:\Windows\System\qkENeIg.exe
  2⤵
  PID:5708
- C:\Windows\System\sccqJNQ.exe
  C:\Windows\System\sccqJNQ.exe
  2⤵
  PID:5780
- C:\Windows\System\spIJUqO.exe
  C:\Windows\System\spIJUqO.exe
  2⤵
  PID:5880
- C:\Windows\System\yoFVBzW.exe
  C:\Windows\System\yoFVBzW.exe
  2⤵
  PID:5292
- C:\Windows\System\wKopuKD.exe
  C:\Windows\System\wKopuKD.exe
  2⤵
  PID:5924
- C:\Windows\System\rLcJiGy.exe
  C:\Windows\System\rLcJiGy.exe
  2⤵
  PID:5348
- C:\Windows\System\BLtxsBj.exe
  C:\Windows\System\BLtxsBj.exe
  2⤵
  PID:5416
- C:\Windows\System\YxUhtTs.exe
  C:\Windows\System\YxUhtTs.exe
  2⤵
  PID:2952
- C:\Windows\System\aHwzCps.exe
  C:\Windows\System\aHwzCps.exe
  2⤵
  PID:2928
- C:\Windows\System\ZCqFpmk.exe
  C:\Windows\System\ZCqFpmk.exe
  2⤵
  PID:5688
- C:\Windows\System\knimNbI.exe
  C:\Windows\System\knimNbI.exe
  2⤵
  PID:5908
- C:\Windows\System\JGkeumK.exe
  C:\Windows\System\JGkeumK.exe
  2⤵
  PID:5928
- C:\Windows\System\irRGUym.exe
  C:\Windows\System\irRGUym.exe
  2⤵
  PID:5980
- C:\Windows\System\uZaGRbw.exe
  C:\Windows\System\uZaGRbw.exe
  2⤵
  PID:6004
- C:\Windows\System\IYPhGas.exe
  C:\Windows\System\IYPhGas.exe
  2⤵
  PID:5488
- C:\Windows\System\ljhdvBA.exe
  C:\Windows\System\ljhdvBA.exe
  2⤵
  PID:6044
- C:\Windows\System\wcdXHAn.exe
  C:\Windows\System\wcdXHAn.exe
  2⤵
  PID:5860
- C:\Windows\System\cXqcQtQ.exe
  C:\Windows\System\cXqcQtQ.exe
  2⤵
  PID:5760
- C:\Windows\System\zooJYSS.exe
  C:\Windows\System\zooJYSS.exe
  2⤵
  PID:5684
- C:\Windows\System\XtTwFVE.exe
  C:\Windows\System\XtTwFVE.exe
  2⤵
  PID:5604
- C:\Windows\System\XoDMQHh.exe
  C:\Windows\System\XoDMQHh.exe
  2⤵
  PID:4592
- C:\Windows\System\kkoIVTX.exe
  C:\Windows\System\kkoIVTX.exe
  2⤵
  PID:5952
- C:\Windows\System\TjRMcAj.exe
  C:\Windows\System\TjRMcAj.exe
  2⤵
  PID:5956
- C:\Windows\System\PhAwimx.exe
  C:\Windows\System\PhAwimx.exe
  2⤵
  PID:6032
- C:\Windows\System\DvLzyNa.exe
  C:\Windows\System\DvLzyNa.exe
  2⤵
  PID:6060
- C:\Windows\System\HitWAMp.exe
  C:\Windows\System\HitWAMp.exe
  2⤵
  PID:5248
- C:\Windows\System\vmhIDtm.exe
  C:\Windows\System\vmhIDtm.exe
  2⤵
  PID:4872
- C:\Windows\System\rwytMmI.exe
  C:\Windows\System\rwytMmI.exe
  2⤵
  PID:4804
- C:\Windows\System\kLBvqIB.exe
  C:\Windows\System\kLBvqIB.exe
  2⤵
  PID:6140
- C:\Windows\System\YsAVfxI.exe
  C:\Windows\System\YsAVfxI.exe
  2⤵
  PID:2676
- C:\Windows\System\IYssVbS.exe
  C:\Windows\System\IYssVbS.exe
  2⤵
  PID:4528
- C:\Windows\System\XJMRbPP.exe
  C:\Windows\System\XJMRbPP.exe
  2⤵
  PID:3056
- C:\Windows\System\kUycbxq.exe
  C:\Windows\System\kUycbxq.exe
  2⤵
  PID:5700
- C:\Windows\System\SGblhgH.exe
  C:\Windows\System\SGblhgH.exe
  2⤵
  PID:5840
- C:\Windows\System\ffTzeyx.exe
  C:\Windows\System\ffTzeyx.exe
  2⤵
  PID:5304
- C:\Windows\System\nEobIFK.exe
  C:\Windows\System\nEobIFK.exe
  2⤵
  PID:5496
- C:\Windows\System\KWHOjnK.exe
  C:\Windows\System\KWHOjnK.exe
  2⤵
  PID:5552
- C:\Windows\System\aDbcnJS.exe
  C:\Windows\System\aDbcnJS.exe
  2⤵
  PID:5592
- C:\Windows\System\IySiLri.exe
  C:\Windows\System\IySiLri.exe
  2⤵
  PID:5744
- C:\Windows\System\fQDLuzI.exe
  C:\Windows\System\fQDLuzI.exe
  2⤵
  PID:5524
- C:\Windows\System\bFrCnEj.exe
  C:\Windows\System\bFrCnEj.exe
  2⤵
  PID:6120
- C:\Windows\System\iRpDeOO.exe
  C:\Windows\System\iRpDeOO.exe
  2⤵
  PID:5616
- C:\Windows\System\YxgeGJr.exe
  C:\Windows\System\YxgeGJr.exe
  2⤵
  PID:4548
- C:\Windows\System\gjtAJRI.exe
  C:\Windows\System\gjtAJRI.exe
  2⤵
  PID:5932
- C:\Windows\System\SrxzfAS.exe
  C:\Windows\System\SrxzfAS.exe
  2⤵
  PID:4620
- C:\Windows\System\zBosfbU.exe
  C:\Windows\System\zBosfbU.exe
  2⤵
  PID:4916
- C:\Windows\System\EtmjkSz.exe
  C:\Windows\System\EtmjkSz.exe
  2⤵
  PID:2900
- C:\Windows\System\rnurrTz.exe
  C:\Windows\System\rnurrTz.exe
  2⤵
  PID:4192
- C:\Windows\System\casXJFr.exe
  C:\Windows\System\casXJFr.exe
  2⤵
  PID:5648
- C:\Windows\System\cIzNKtu.exe
  C:\Windows\System\cIzNKtu.exe
  2⤵
  PID:6104
- C:\Windows\System\PDfRwTn.exe
  C:\Windows\System\PDfRwTn.exe
  2⤵
  PID:5468
- C:\Windows\System\BtWgwVG.exe
  C:\Windows\System\BtWgwVG.exe
  2⤵
  PID:5864
- C:\Windows\System\QQvjuSR.exe
  C:\Windows\System\QQvjuSR.exe
  2⤵
  PID:352
- C:\Windows\System\OuuGMrp.exe
  C:\Windows\System\OuuGMrp.exe
  2⤵
  PID:3272
- C:\Windows\System\QUAPAbl.exe
  C:\Windows\System\QUAPAbl.exe
  2⤵
  PID:5776
- C:\Windows\System\XwhkIYE.exe
  C:\Windows\System\XwhkIYE.exe
  2⤵
  PID:5412
- C:\Windows\System\NlqnXVl.exe
  C:\Windows\System\NlqnXVl.exe
  2⤵
  PID:5152
- C:\Windows\System\tcMhQhQ.exe
  C:\Windows\System\tcMhQhQ.exe
  2⤵
  PID:5668
- C:\Windows\System\TFldlaV.exe
  C:\Windows\System\TFldlaV.exe
  2⤵
  PID:5336
- C:\Windows\System\IIcPUSY.exe
  C:\Windows\System\IIcPUSY.exe
  2⤵
  PID:5724
- C:\Windows\System\wyhfAab.exe
  C:\Windows\System\wyhfAab.exe
  2⤵
  PID:5452
- C:\Windows\System\kMOAyTR.exe
  C:\Windows\System\kMOAyTR.exe
  2⤵
  PID:5224
- C:\Windows\System\xBwoMZy.exe
  C:\Windows\System\xBwoMZy.exe
  2⤵
  PID:1448
- C:\Windows\System\ZXjAPBE.exe
  C:\Windows\System\ZXjAPBE.exe
  2⤵
  PID:608
- C:\Windows\System\chjujzC.exe
  C:\Windows\System\chjujzC.exe
  2⤵
  PID:4956
- C:\Windows\System\gNRijZc.exe
  C:\Windows\System\gNRijZc.exe
  2⤵
  PID:4484
- C:\Windows\System\hrDsEdH.exe
  C:\Windows\System\hrDsEdH.exe
  2⤵
  PID:6096
- C:\Windows\System\MBJSVgj.exe
  C:\Windows\System\MBJSVgj.exe
  2⤵
  PID:748
- C:\Windows\System\KnkqodY.exe
  C:\Windows\System\KnkqodY.exe
  2⤵
  PID:1196
- C:\Windows\System\PSBxDsp.exe
  C:\Windows\System\PSBxDsp.exe
  2⤵
  PID:5720
- C:\Windows\System\LUNZoeB.exe
  C:\Windows\System\LUNZoeB.exe
  2⤵
  PID:5436
- C:\Windows\System\RRzVFBT.exe
  C:\Windows\System\RRzVFBT.exe
  2⤵
  PID:5988
- C:\Windows\System\ObzJlek.exe
  C:\Windows\System\ObzJlek.exe
  2⤵
  PID:6000
- C:\Windows\System\SMmLxvs.exe
  C:\Windows\System\SMmLxvs.exe
  2⤵
  PID:2496
- C:\Windows\System\BYyjPIN.exe
  C:\Windows\System\BYyjPIN.exe
  2⤵
  PID:1504
- C:\Windows\System\YLCMvOX.exe
  C:\Windows\System\YLCMvOX.exe
  2⤵
  PID:2804
- C:\Windows\System\bJqkYcy.exe
  C:\Windows\System\bJqkYcy.exe
  2⤵
  PID:2552
- C:\Windows\System\kMAobnZ.exe
  C:\Windows\System\kMAobnZ.exe
  2⤵
  PID:5848
- C:\Windows\System\JglBmIk.exe
  C:\Windows\System\JglBmIk.exe
  2⤵
  PID:5996
- C:\Windows\System\iPGFCJj.exe
  C:\Windows\System\iPGFCJj.exe
  2⤵
  PID:2144
- C:\Windows\System\jzvUAuc.exe
  C:\Windows\System\jzvUAuc.exe
  2⤵
  PID:2808
- C:\Windows\System\LdpmBOA.exe
  C:\Windows\System\LdpmBOA.exe
  2⤵
  PID:2028
- C:\Windows\System\KitZDrF.exe
  C:\Windows\System\KitZDrF.exe
  2⤵
  PID:5384
- C:\Windows\System\xPtdkIL.exe
  C:\Windows\System\xPtdkIL.exe
  2⤵
  PID:2992
- C:\Windows\System\NfltMAy.exe
  C:\Windows\System\NfltMAy.exe
  2⤵
  PID:2452
- C:\Windows\System\kGPYVJv.exe
  C:\Windows\System\kGPYVJv.exe
  2⤵
  PID:6160
- C:\Windows\System\GSJUYYH.exe
  C:\Windows\System\GSJUYYH.exe
  2⤵
  PID:6176
- C:\Windows\System\wYtxFzl.exe
  C:\Windows\System\wYtxFzl.exe
  2⤵
  PID:6192
- C:\Windows\System\PXXqOCB.exe
  C:\Windows\System\PXXqOCB.exe
  2⤵
  PID:6208
- C:\Windows\System\DczdItR.exe
  C:\Windows\System\DczdItR.exe
  2⤵
  PID:6224
- C:\Windows\System\nKPFwtX.exe
  C:\Windows\System\nKPFwtX.exe
  2⤵
  PID:6240
- C:\Windows\System\cwwPlhE.exe
  C:\Windows\System\cwwPlhE.exe
  2⤵
  PID:6256
- C:\Windows\System\hAZNtNa.exe
  C:\Windows\System\hAZNtNa.exe
  2⤵
  PID:6272
- C:\Windows\System\lwXKjXN.exe
  C:\Windows\System\lwXKjXN.exe
  2⤵
  PID:6288
- C:\Windows\System\yeVCEYr.exe
  C:\Windows\System\yeVCEYr.exe
  2⤵
  PID:6304
- C:\Windows\System\xltWWYo.exe
  C:\Windows\System\xltWWYo.exe
  2⤵
  PID:6384
- C:\Windows\System\AfTjmYs.exe
  C:\Windows\System\AfTjmYs.exe
  2⤵
  PID:6400
- C:\Windows\System\mOKqhFC.exe
  C:\Windows\System\mOKqhFC.exe
  2⤵
  PID:6416
- C:\Windows\System\BPXzzRw.exe
  C:\Windows\System\BPXzzRw.exe
  2⤵
  PID:6436
- C:\Windows\System\dWTApdp.exe
  C:\Windows\System\dWTApdp.exe
  2⤵
  PID:6468
- C:\Windows\System\FJsJfsh.exe
  C:\Windows\System\FJsJfsh.exe
  2⤵
  PID:6484
- C:\Windows\System\kpLDwkm.exe
  C:\Windows\System\kpLDwkm.exe
  2⤵
  PID:6500
- C:\Windows\System\PCloaoG.exe
  C:\Windows\System\PCloaoG.exe
  2⤵
  PID:6516
- C:\Windows\System\WEESCGC.exe
  C:\Windows\System\WEESCGC.exe
  2⤵
  PID:6532
- C:\Windows\System\XPSkKgf.exe
  C:\Windows\System\XPSkKgf.exe
  2⤵
  PID:6548
- C:\Windows\System\PxBkykP.exe
  C:\Windows\System\PxBkykP.exe
  2⤵
  PID:6564
- C:\Windows\System\bTQFXvY.exe
  C:\Windows\System\bTQFXvY.exe
  2⤵
  PID:6580
- C:\Windows\System\FIZotRc.exe
  C:\Windows\System\FIZotRc.exe
  2⤵
  PID:6596
- C:\Windows\System\apRbHei.exe
  C:\Windows\System\apRbHei.exe
  2⤵
  PID:6612
- C:\Windows\System\dqqnOjj.exe
  C:\Windows\System\dqqnOjj.exe
  2⤵
  PID:6632
- C:\Windows\System\NrwXIiA.exe
  C:\Windows\System\NrwXIiA.exe
  2⤵
  PID:6652
- C:\Windows\System\URMPQrs.exe
  C:\Windows\System\URMPQrs.exe
  2⤵
  PID:6684
- C:\Windows\System\VMkeFYL.exe
  C:\Windows\System\VMkeFYL.exe
  2⤵
  PID:6700
- C:\Windows\System\pBoApnB.exe
  C:\Windows\System\pBoApnB.exe
  2⤵
  PID:6736
- C:\Windows\System\yoWKViw.exe
  C:\Windows\System\yoWKViw.exe
  2⤵
  PID:6752
- C:\Windows\System\wcIVFmT.exe
  C:\Windows\System\wcIVFmT.exe
  2⤵
  PID:6772
- C:\Windows\System\umRVEWc.exe
  C:\Windows\System\umRVEWc.exe
  2⤵
  PID:6796
- C:\Windows\System\toFxMtp.exe
  C:\Windows\System\toFxMtp.exe
  2⤵
  PID:6812
- C:\Windows\System\dOuEPbX.exe
  C:\Windows\System\dOuEPbX.exe
  2⤵
  PID:6832
- C:\Windows\System\LXUjeXT.exe
  C:\Windows\System\LXUjeXT.exe
  2⤵
  PID:6848
- C:\Windows\System\EWaGHlV.exe
  C:\Windows\System\EWaGHlV.exe
  2⤵
  PID:6864
- C:\Windows\System\kwNAlUE.exe
  C:\Windows\System\kwNAlUE.exe
  2⤵
  PID:6884
- C:\Windows\System\WWnxEsG.exe
  C:\Windows\System\WWnxEsG.exe
  2⤵
  PID:6908
- C:\Windows\System\OrAMAtj.exe
  C:\Windows\System\OrAMAtj.exe
  2⤵
  PID:6932
- C:\Windows\System\EXswuYk.exe
  C:\Windows\System\EXswuYk.exe
  2⤵
  PID:6948
- C:\Windows\System\tOeXoNw.exe
  C:\Windows\System\tOeXoNw.exe
  2⤵
  PID:6964
- C:\Windows\System\jEJLvoY.exe
  C:\Windows\System\jEJLvoY.exe
  2⤵
  PID:6980
- C:\Windows\System\UxUyrtD.exe
  C:\Windows\System\UxUyrtD.exe
  2⤵
  PID:7000
- C:\Windows\System\RPGbBLj.exe
  C:\Windows\System\RPGbBLj.exe
  2⤵
  PID:7024
- C:\Windows\System\SpeFfWB.exe
  C:\Windows\System\SpeFfWB.exe
  2⤵
  PID:7044
- C:\Windows\System\zJnUqXN.exe
  C:\Windows\System\zJnUqXN.exe
  2⤵
  PID:7064
- C:\Windows\System\xkMXrqX.exe
  C:\Windows\System\xkMXrqX.exe
  2⤵
  PID:7084
- C:\Windows\System\SVCmOBR.exe
  C:\Windows\System\SVCmOBR.exe
  2⤵
  PID:7108
- C:\Windows\System\YpYmYwc.exe
  C:\Windows\System\YpYmYwc.exe
  2⤵
  PID:7124
- C:\Windows\System\bzaARTk.exe
  C:\Windows\System\bzaARTk.exe
  2⤵
  PID:7144
- C:\Windows\System\TJLqYup.exe
  C:\Windows\System\TJLqYup.exe
  2⤵
  PID:7164
- C:\Windows\System\aGSaxcZ.exe
  C:\Windows\System\aGSaxcZ.exe
  2⤵
  PID:6080
- C:\Windows\System\jmaQVrX.exe
  C:\Windows\System\jmaQVrX.exe
  2⤵
  PID:6232
- C:\Windows\System\auJlvXZ.exe
  C:\Windows\System\auJlvXZ.exe
  2⤵
  PID:5340
- C:\Windows\System\KKjeViH.exe
  C:\Windows\System\KKjeViH.exe
  2⤵
  PID:6188
- C:\Windows\System\VXGGjPW.exe
  C:\Windows\System\VXGGjPW.exe
  2⤵
  PID:6280
- C:\Windows\System\SjDzMOK.exe
  C:\Windows\System\SjDzMOK.exe
  2⤵
  PID:6184
- C:\Windows\System\OTTdrIC.exe
  C:\Windows\System\OTTdrIC.exe
  2⤵
  PID:6356
- C:\Windows\System\gHBxlhR.exe
  C:\Windows\System\gHBxlhR.exe
  2⤵
  PID:6320
- C:\Windows\System\KYvkDFf.exe
  C:\Windows\System\KYvkDFf.exe
  2⤵
  PID:6408
- C:\Windows\System\xGEHuEa.exe
  C:\Windows\System\xGEHuEa.exe
  2⤵
  PID:6428
- C:\Windows\System\uJtbatR.exe
  C:\Windows\System\uJtbatR.exe
  2⤵
  PID:6452
- C:\Windows\System\PUgENUF.exe
  C:\Windows\System\PUgENUF.exe
  2⤵
  PID:6524
- C:\Windows\System\QPcsfvz.exe
  C:\Windows\System\QPcsfvz.exe
  2⤵
  PID:6624
- C:\Windows\System\RoVGVFo.exe
  C:\Windows\System\RoVGVFo.exe
  2⤵
  PID:6668
- C:\Windows\System\coCTycx.exe
  C:\Windows\System\coCTycx.exe
  2⤵
  PID:2856
- C:\Windows\System\bzwvjMY.exe
  C:\Windows\System\bzwvjMY.exe
  2⤵
  PID:6644
- C:\Windows\System\NVuIbMO.exe
  C:\Windows\System\NVuIbMO.exe
  2⤵
  PID:6728
- C:\Windows\System\LtYjCmi.exe
  C:\Windows\System\LtYjCmi.exe
  2⤵
  PID:6508
- C:\Windows\System\RXYoXFZ.exe
  C:\Windows\System\RXYoXFZ.exe
  2⤵
  PID:6696
- C:\Windows\System\IyZVURq.exe
  C:\Windows\System\IyZVURq.exe
  2⤵
  PID:6648
- C:\Windows\System\guvcbkb.exe
  C:\Windows\System\guvcbkb.exe
  2⤵
  PID:6828
- C:\Windows\System\TGFBiUy.exe
  C:\Windows\System\TGFBiUy.exe
  2⤵
  PID:6768
- C:\Windows\System\krqhQNS.exe
  C:\Windows\System\krqhQNS.exe
  2⤵
  PID:6844
- C:\Windows\System\FKMYxos.exe
  C:\Windows\System\FKMYxos.exe
  2⤵
  PID:6880
- C:\Windows\System\qZoNLoH.exe
  C:\Windows\System\qZoNLoH.exe
  2⤵
  PID:6904
- C:\Windows\System\KxSTXuz.exe
  C:\Windows\System\KxSTXuz.exe
  2⤵
  PID:2912
- C:\Windows\System\gIEwPaQ.exe
  C:\Windows\System\gIEwPaQ.exe
  2⤵
  PID:7012
- C:\Windows\System\lCeVflW.exe
  C:\Windows\System\lCeVflW.exe
  2⤵
  PID:7060
- C:\Windows\System\yVAdKwo.exe
  C:\Windows\System\yVAdKwo.exe
  2⤵
  PID:7100
- C:\Windows\System\whVvkat.exe
  C:\Windows\System\whVvkat.exe
  2⤵
  PID:7032
- C:\Windows\System\ixsNKmF.exe
  C:\Windows\System\ixsNKmF.exe
  2⤵
  PID:7160
- C:\Windows\System\nQzSwUY.exe
  C:\Windows\System\nQzSwUY.exe
  2⤵
  PID:6268
- C:\Windows\System\yHBlfEa.exe
  C:\Windows\System\yHBlfEa.exe
  2⤵
  PID:6168
- C:\Windows\System\DQGdLwq.exe
  C:\Windows\System\DQGdLwq.exe
  2⤵
  PID:6152
- C:\Windows\System\uFxCbMN.exe
  C:\Windows\System\uFxCbMN.exe
  2⤵
  PID:6324
- C:\Windows\System\dfMQZqX.exe
  C:\Windows\System\dfMQZqX.exe
  2⤵
  PID:6340
- C:\Windows\System\HccdBfW.exe
  C:\Windows\System\HccdBfW.exe
  2⤵
  PID:6364
- C:\Windows\System\czPglwO.exe
  C:\Windows\System\czPglwO.exe
  2⤵
  PID:6396
- C:\Windows\System\BPqrNob.exe
  C:\Windows\System\BPqrNob.exe
  2⤵
  PID:6448
- C:\Windows\System\PkdEUOA.exe
  C:\Windows\System\PkdEUOA.exe
  2⤵
  PID:2760
- C:\Windows\System\KtWQWnt.exe
  C:\Windows\System\KtWQWnt.exe
  2⤵
  PID:6464
- C:\Windows\System\QduLxyq.exe
  C:\Windows\System\QduLxyq.exe
  2⤵
  PID:6576
- C:\Windows\System\idjpVUm.exe
  C:\Windows\System\idjpVUm.exe
  2⤵
  PID:6708
- C:\Windows\System\hbvISsp.exe
  C:\Windows\System\hbvISsp.exe
  2⤵
  PID:6640
- C:\Windows\System\KkyAdBv.exe
  C:\Windows\System\KkyAdBv.exe
  2⤵
  PID:6916
- C:\Windows\System\VjiRPLa.exe
  C:\Windows\System\VjiRPLa.exe
  2⤵
  PID:6896
- C:\Windows\System\NYhFbUc.exe
  C:\Windows\System\NYhFbUc.exe
  2⤵
  PID:6928
- C:\Windows\System\kXKwQZT.exe
  C:\Windows\System\kXKwQZT.exe
  2⤵
  PID:7020
- C:\Windows\System\uyVQxhA.exe
  C:\Windows\System\uyVQxhA.exe
  2⤵
  PID:712
- C:\Windows\System\DmzSADn.exe
  C:\Windows\System\DmzSADn.exe
  2⤵
  PID:6732
- C:\Windows\System\yfjGbgE.exe
  C:\Windows\System\yfjGbgE.exe
  2⤵
  PID:2724
- C:\Windows\System\UFzntxQ.exe
  C:\Windows\System\UFzntxQ.exe
  2⤵
  PID:7076
- C:\Windows\System\JlGugVV.exe
  C:\Windows\System\JlGugVV.exe
  2⤵
  PID:1620
- C:\Windows\System\jOgDotT.exe
  C:\Windows\System\jOgDotT.exe
  2⤵
  PID:7136
- C:\Windows\System\ojWJIIZ.exe
  C:\Windows\System\ojWJIIZ.exe
  2⤵
  PID:6100
- C:\Windows\System\YUYhLVZ.exe
  C:\Windows\System\YUYhLVZ.exe
  2⤵
  PID:6336
- C:\Windows\System\NtZDsPp.exe
  C:\Windows\System\NtZDsPp.exe
  2⤵
  PID:580
- C:\Windows\System\LrUQnQh.exe
  C:\Windows\System\LrUQnQh.exe
  2⤵
  PID:1624
- C:\Windows\System\vwWygQu.exe
  C:\Windows\System\vwWygQu.exe
  2⤵
  PID:6296
- C:\Windows\System\huvMFcl.exe
  C:\Windows\System\huvMFcl.exe
  2⤵
  PID:6492
- C:\Windows\System\nzqCPZr.exe
  C:\Windows\System\nzqCPZr.exe
  2⤵
  PID:6876
- C:\Windows\System\WFZlULk.exe
  C:\Windows\System\WFZlULk.exe
  2⤵
  PID:6692
- C:\Windows\System\fCfnYBV.exe
  C:\Windows\System\fCfnYBV.exe
  2⤵
  PID:7056
- C:\Windows\System\yylCChw.exe
  C:\Windows\System\yylCChw.exe
  2⤵
  PID:6972
- C:\Windows\System\EvwDSrl.exe
  C:\Windows\System\EvwDSrl.exe
  2⤵
  PID:7156
- C:\Windows\System\uWPdThX.exe
  C:\Windows\System\uWPdThX.exe
  2⤵
  PID:6996
- C:\Windows\System\coRxTSa.exe
  C:\Windows\System\coRxTSa.exe
  2⤵
  PID:5172
- C:\Windows\System\cVdkwPA.exe
  C:\Windows\System\cVdkwPA.exe
  2⤵
  PID:7140
- C:\Windows\System\wXrXeSW.exe
  C:\Windows\System\wXrXeSW.exe
  2⤵
  PID:6332
- C:\Windows\System\WCRpRrT.exe
  C:\Windows\System\WCRpRrT.exe
  2⤵
  PID:6572
- C:\Windows\System\ylhQAve.exe
  C:\Windows\System\ylhQAve.exe
  2⤵
  PID:1916
- C:\Windows\System\TwHwmPs.exe
  C:\Windows\System\TwHwmPs.exe
  2⤵
  PID:6764
- C:\Windows\System\AFaMSMI.exe
  C:\Windows\System\AFaMSMI.exe
  2⤵
  PID:6664
- C:\Windows\System\OFMQBDm.exe
  C:\Windows\System\OFMQBDm.exe
  2⤵
  PID:7080
- C:\Windows\System\yMrurPU.exe
  C:\Windows\System\yMrurPU.exe
  2⤵
  PID:5920
- C:\Windows\System\McmIToQ.exe
  C:\Windows\System\McmIToQ.exe
  2⤵
  PID:948
- C:\Windows\System\sECwyRV.exe
  C:\Windows\System\sECwyRV.exe
  2⤵
  PID:1692
- C:\Windows\System\MXwZPLo.exe
  C:\Windows\System\MXwZPLo.exe
  2⤵
  PID:7036
- C:\Windows\System\ChjuNOF.exe
  C:\Windows\System\ChjuNOF.exe
  2⤵
  PID:6264
- C:\Windows\System\GrouYrM.exe
  C:\Windows\System\GrouYrM.exe
  2⤵
  PID:6544
- C:\Windows\System\inCRhbp.exe
  C:\Windows\System\inCRhbp.exe
  2⤵
  PID:6372
- C:\Windows\System\pFKdFre.exe
  C:\Windows\System\pFKdFre.exe
  2⤵
  PID:6300
- C:\Windows\System\XdDsyyT.exe
  C:\Windows\System\XdDsyyT.exe
  2⤵
  PID:7092
- C:\Windows\System\PTTDnxG.exe
  C:\Windows\System\PTTDnxG.exe
  2⤵
  PID:6992
- C:\Windows\System\ElrZcGk.exe
  C:\Windows\System\ElrZcGk.exe
  2⤵
  PID:7192
- C:\Windows\System\qbAqYIH.exe
  C:\Windows\System\qbAqYIH.exe
  2⤵
  PID:7220
- C:\Windows\System\wLDnJTE.exe
  C:\Windows\System\wLDnJTE.exe
  2⤵
  PID:7236
- C:\Windows\System\trRkyDl.exe
  C:\Windows\System\trRkyDl.exe
  2⤵
  PID:7252
- C:\Windows\System\EGhboBh.exe
  C:\Windows\System\EGhboBh.exe
  2⤵
  PID:7268
- C:\Windows\System\VPtzqUx.exe
  C:\Windows\System\VPtzqUx.exe
  2⤵
  PID:7284
- C:\Windows\System\oBkbWeA.exe
  C:\Windows\System\oBkbWeA.exe
  2⤵
  PID:7308
- C:\Windows\System\RBORStx.exe
  C:\Windows\System\RBORStx.exe
  2⤵
  PID:7328
- C:\Windows\System\XqVDgPk.exe
  C:\Windows\System\XqVDgPk.exe
  2⤵
  PID:7344
- C:\Windows\System\JFZxvOg.exe
  C:\Windows\System\JFZxvOg.exe
  2⤵
  PID:7368
- C:\Windows\System\XOLafIZ.exe
  C:\Windows\System\XOLafIZ.exe
  2⤵
  PID:7384
- C:\Windows\System\BllRyhP.exe
  C:\Windows\System\BllRyhP.exe
  2⤵
  PID:7400
- C:\Windows\System\waMdMJC.exe
  C:\Windows\System\waMdMJC.exe
  2⤵
  PID:7416
- C:\Windows\System\uBaCZvM.exe
  C:\Windows\System\uBaCZvM.exe
  2⤵
  PID:7436
- C:\Windows\System\vPxNHcK.exe
  C:\Windows\System\vPxNHcK.exe
  2⤵
  PID:7460
- C:\Windows\System\AoMjTjj.exe
  C:\Windows\System\AoMjTjj.exe
  2⤵
  PID:7480
- C:\Windows\System\xsMEzby.exe
  C:\Windows\System\xsMEzby.exe
  2⤵
  PID:7500
- C:\Windows\System\oRaSbVZ.exe
  C:\Windows\System\oRaSbVZ.exe
  2⤵
  PID:7516
- C:\Windows\System\BqMiMeg.exe
  C:\Windows\System\BqMiMeg.exe
  2⤵
  PID:7532
- C:\Windows\System\HzPTrjx.exe
  C:\Windows\System\HzPTrjx.exe
  2⤵
  PID:7552
- C:\Windows\System\VcTyzKa.exe
  C:\Windows\System\VcTyzKa.exe
  2⤵
  PID:7568
- C:\Windows\System\TUftKNi.exe
  C:\Windows\System\TUftKNi.exe
  2⤵
  PID:7588
- C:\Windows\System\HiGFoNI.exe
  C:\Windows\System\HiGFoNI.exe
  2⤵
  PID:7624
- C:\Windows\System\aHdgxDe.exe
  C:\Windows\System\aHdgxDe.exe
  2⤵
  PID:7644
- C:\Windows\System\PzhZdaj.exe
  C:\Windows\System\PzhZdaj.exe
  2⤵
  PID:7664
- C:\Windows\System\SqcsRPK.exe
  C:\Windows\System\SqcsRPK.exe
  2⤵
  PID:7688
- C:\Windows\System\kUAuRhY.exe
  C:\Windows\System\kUAuRhY.exe
  2⤵
  PID:7708
- C:\Windows\System\CPaWxVH.exe
  C:\Windows\System\CPaWxVH.exe
  2⤵
  PID:7728
- C:\Windows\System\rcZJIaw.exe
  C:\Windows\System\rcZJIaw.exe
  2⤵
  PID:7744
- C:\Windows\System\NjUHfvo.exe
  C:\Windows\System\NjUHfvo.exe
  2⤵
  PID:7764
- C:\Windows\System\QVdlJnS.exe
  C:\Windows\System\QVdlJnS.exe
  2⤵
  PID:7808
- C:\Windows\System\ltnffWD.exe
  C:\Windows\System\ltnffWD.exe
  2⤵
  PID:7828
- C:\Windows\System\vklJltG.exe
  C:\Windows\System\vklJltG.exe
  2⤵
  PID:7844
- C:\Windows\System\TuIsIUG.exe
  C:\Windows\System\TuIsIUG.exe
  2⤵
  PID:7864
- C:\Windows\System\MnfThEr.exe
  C:\Windows\System\MnfThEr.exe
  2⤵
  PID:7896
- C:\Windows\System\tPepOiY.exe
  C:\Windows\System\tPepOiY.exe
  2⤵
  PID:7920
- C:\Windows\System\whILocq.exe
  C:\Windows\System\whILocq.exe
  2⤵
  PID:7936
- C:\Windows\System\YYdmsaL.exe
  C:\Windows\System\YYdmsaL.exe
  2⤵
  PID:7952
- C:\Windows\System\YwqihXE.exe
  C:\Windows\System\YwqihXE.exe
  2⤵
  PID:7968
- C:\Windows\System\xuGERTR.exe
  C:\Windows\System\xuGERTR.exe
  2⤵
  PID:7984
- C:\Windows\System\xWUZurY.exe
  C:\Windows\System\xWUZurY.exe
  2⤵
  PID:8000
- C:\Windows\System\NFMBbhn.exe
  C:\Windows\System\NFMBbhn.exe
  2⤵
  PID:8016
- C:\Windows\System\ynAiPUZ.exe
  C:\Windows\System\ynAiPUZ.exe
  2⤵
  PID:8032
- C:\Windows\System\DfufUny.exe
  C:\Windows\System\DfufUny.exe
  2⤵
  PID:8048
- C:\Windows\System\KPPswCG.exe
  C:\Windows\System\KPPswCG.exe
  2⤵
  PID:8108
- C:\Windows\System\lgUVajZ.exe
  C:\Windows\System\lgUVajZ.exe
  2⤵
  PID:8124
- C:\Windows\System\sjIiGjj.exe
  C:\Windows\System\sjIiGjj.exe
  2⤵
  PID:8140
- C:\Windows\System\wSeOtJs.exe
  C:\Windows\System\wSeOtJs.exe
  2⤵
  PID:8156
- C:\Windows\System\tTHpzry.exe
  C:\Windows\System\tTHpzry.exe
  2⤵
  PID:8172
- C:\Windows\System\nSpQorM.exe
  C:\Windows\System\nSpQorM.exe
  2⤵
  PID:8188
- C:\Windows\System\dWzzAkU.exe
  C:\Windows\System\dWzzAkU.exe
  2⤵
  PID:7176
- C:\Windows\System\TamzbLz.exe
  C:\Windows\System\TamzbLz.exe
  2⤵
  PID:6592
- C:\Windows\System\tDJYSNv.exe
  C:\Windows\System\tDJYSNv.exe
  2⤵
  PID:7260
- C:\Windows\System\GWvscOV.exe
  C:\Windows\System\GWvscOV.exe
  2⤵
  PID:7300
- C:\Windows\System\UTvzsWw.exe
  C:\Windows\System\UTvzsWw.exe
  2⤵
  PID:7408
- C:\Windows\System\pawbedC.exe
  C:\Windows\System\pawbedC.exe
  2⤵
  PID:7456
- C:\Windows\System\yxCmfyu.exe
  C:\Windows\System\yxCmfyu.exe
  2⤵
  PID:6316
- C:\Windows\System\ErSOhdg.exe
  C:\Windows\System\ErSOhdg.exe
  2⤵
  PID:7276
- C:\Windows\System\ntcpgzP.exe
  C:\Windows\System\ntcpgzP.exe
  2⤵
  PID:7496
- C:\Windows\System\zDTMxgX.exe
  C:\Windows\System\zDTMxgX.exe
  2⤵
  PID:7564
- C:\Windows\System\XainpPf.exe
  C:\Windows\System\XainpPf.exe
  2⤵
  PID:7620
- C:\Windows\System\WLzSZZE.exe
  C:\Windows\System\WLzSZZE.exe
  2⤵
  PID:6248
- C:\Windows\System\bLhmvvt.exe
  C:\Windows\System\bLhmvvt.exe
  2⤵
  PID:7212
- C:\Windows\System\Zrwwkag.exe
  C:\Windows\System\Zrwwkag.exe
  2⤵
  PID:7580
- C:\Windows\System\EkCPpna.exe
  C:\Windows\System\EkCPpna.exe
  2⤵
  PID:7736
- C:\Windows\System\emZZZus.exe
  C:\Windows\System\emZZZus.exe
  2⤵
  PID:7280
- C:\Windows\System\MxlBICU.exe
  C:\Windows\System\MxlBICU.exe
  2⤵
  PID:7324
- C:\Windows\System\fJUVGYC.exe
  C:\Windows\System\fJUVGYC.exe
  2⤵
  PID:7716
- C:\Windows\System\MmOhjil.exe
  C:\Windows\System\MmOhjil.exe
  2⤵
  PID:7776
- C:\Windows\System\fvcgmzy.exe
  C:\Windows\System\fvcgmzy.exe
  2⤵
  PID:7796
- C:\Windows\System\tXlrQhX.exe
  C:\Windows\System\tXlrQhX.exe
  2⤵
  PID:7816
- C:\Windows\System\ULFtPSS.exe
  C:\Windows\System\ULFtPSS.exe
  2⤵
  PID:7860
- C:\Windows\System\OcIGuQb.exe
  C:\Windows\System\OcIGuQb.exe
  2⤵
  PID:7884
- C:\Windows\System\viLIOBU.exe
  C:\Windows\System\viLIOBU.exe
  2⤵
  PID:7824
- C:\Windows\System\zuyCNnE.exe
  C:\Windows\System\zuyCNnE.exe
  2⤵
  PID:7120
- C:\Windows\System\wHMUDQW.exe
  C:\Windows\System\wHMUDQW.exe
  2⤵
  PID:7916
- C:\Windows\System\qgbyjyF.exe
  C:\Windows\System\qgbyjyF.exe
  2⤵
  PID:8012
- C:\Windows\System\UdTPtAD.exe
  C:\Windows\System\UdTPtAD.exe
  2⤵
  PID:7992
- C:\Windows\System\JfPpBav.exe
  C:\Windows\System\JfPpBav.exe
  2⤵
  PID:8044
- C:\Windows\System\yJMnupq.exe
  C:\Windows\System\yJMnupq.exe
  2⤵
  PID:8060
- C:\Windows\System\EcnFQui.exe
  C:\Windows\System\EcnFQui.exe
  2⤵
  PID:8080
- C:\Windows\System\dDPuUwo.exe
  C:\Windows\System\dDPuUwo.exe
  2⤵
  PID:8104
- C:\Windows\System\LAuInVj.exe
  C:\Windows\System\LAuInVj.exe
  2⤵
  PID:8132
- C:\Windows\System\kLIQNLW.exe
  C:\Windows\System\kLIQNLW.exe
  2⤵
  PID:7172
- C:\Windows\System\TOwXCHo.exe
  C:\Windows\System\TOwXCHo.exe
  2⤵
  PID:7600
- C:\Windows\System\dhYvocb.exe
  C:\Windows\System\dhYvocb.exe
  2⤵
  PID:7304
- C:\Windows\System\SYPLqkx.exe
  C:\Windows\System\SYPLqkx.exe
  2⤵
  PID:8180
- C:\Windows\System\tnoWtSA.exe
  C:\Windows\System\tnoWtSA.exe
  2⤵
  PID:7412
- C:\Windows\System\ByCwQea.exe
  C:\Windows\System\ByCwQea.exe
  2⤵
  PID:7560
- C:\Windows\System\ISRzDpn.exe
  C:\Windows\System\ISRzDpn.exe
  2⤵
  PID:7244
- C:\Windows\System\SnXeTTF.exe
  C:\Windows\System\SnXeTTF.exe
  2⤵
  PID:6840
- C:\Windows\System\VQIzNwy.exe
  C:\Windows\System\VQIzNwy.exe
  2⤵
  PID:7576
- C:\Windows\System\nFpSogO.exe
  C:\Windows\System\nFpSogO.exe
  2⤵
  PID:7512
- C:\Windows\System\KCaxEHn.exe
  C:\Windows\System\KCaxEHn.exe
  2⤵
  PID:7636
- C:\Windows\System\CHdmLhM.exe
  C:\Windows\System\CHdmLhM.exe
  2⤵
  PID:7680
- C:\Windows\System\wQzCWzo.exe
  C:\Windows\System\wQzCWzo.exe
  2⤵
  PID:7752
- C:\Windows\System\nXuCsvb.exe
  C:\Windows\System\nXuCsvb.exe
  2⤵
  PID:7804
- C:\Windows\System\vvLrvWR.exe
  C:\Windows\System\vvLrvWR.exe
  2⤵
  PID:7872
- C:\Windows\System\IPYRAlM.exe
  C:\Windows\System\IPYRAlM.exe
  2⤵
  PID:7980
- C:\Windows\System\fbaXUDz.exe
  C:\Windows\System\fbaXUDz.exe
  2⤵
  PID:8076
- C:\Windows\System\KgrChGx.exe
  C:\Windows\System\KgrChGx.exe
  2⤵
  PID:7892
- C:\Windows\System\HUHUzVL.exe
  C:\Windows\System\HUHUzVL.exe
  2⤵
  PID:7964
- C:\Windows\System\BIxbdJG.exe
  C:\Windows\System\BIxbdJG.exe
  2⤵
  PID:7880
- C:\Windows\System\LViIKCz.exe
  C:\Windows\System\LViIKCz.exe
  2⤵
  PID:8100
- C:\Windows\System\FWldRnK.exe
  C:\Windows\System\FWldRnK.exe
  2⤵
  PID:7232
- C:\Windows\System\yeictlj.exe
  C:\Windows\System\yeictlj.exe
  2⤵
  PID:7488
- C:\Windows\System\UmlsYHP.exe
  C:\Windows\System\UmlsYHP.exe
  2⤵
  PID:7584
- C:\Windows\System\cRINVbN.exe
  C:\Windows\System\cRINVbN.exe
  2⤵
  PID:7908
- C:\Windows\System\TqHwfaG.exe
  C:\Windows\System\TqHwfaG.exe
  2⤵
  PID:8120
- C:\Windows\System\bikuetC.exe
  C:\Windows\System\bikuetC.exe
  2⤵
  PID:7208
- C:\Windows\System\wOlmEOQ.exe
  C:\Windows\System\wOlmEOQ.exe
  2⤵
  PID:7508
- C:\Windows\System\EVcbOPx.exe
  C:\Windows\System\EVcbOPx.exe
  2⤵
  PID:7700
- C:\Windows\System\fTVIUbP.exe
  C:\Windows\System\fTVIUbP.exe
  2⤵
  PID:7432
- C:\Windows\System\xbrULtd.exe
  C:\Windows\System\xbrULtd.exe
  2⤵
  PID:7548
- C:\Windows\System\PxJNolk.exe
  C:\Windows\System\PxJNolk.exe
  2⤵
  PID:7840
- C:\Windows\System\UQYlnqO.exe
  C:\Windows\System\UQYlnqO.exe
  2⤵
  PID:1004
- C:\Windows\System\NZAnodA.exe
  C:\Windows\System\NZAnodA.exe
  2⤵
  PID:7676
- C:\Windows\System\irPQZCh.exe
  C:\Windows\System\irPQZCh.exe
  2⤵
  PID:7960
- C:\Windows\System\vACKPlI.exe
  C:\Windows\System\vACKPlI.exe
  2⤵
  PID:6424
- C:\Windows\System\MWnWjTd.exe
  C:\Windows\System\MWnWjTd.exe
  2⤵
  PID:7424
- C:\Windows\System\QzomAFM.exe
  C:\Windows\System\QzomAFM.exe
  2⤵
  PID:1512
- C:\Windows\System\UbyAytl.exe
  C:\Windows\System\UbyAytl.exe
  2⤵
  PID:7788
- C:\Windows\System\uDdTJaU.exe
  C:\Windows\System\uDdTJaU.exe
  2⤵
  PID:8072
- C:\Windows\System\BptnAor.exe
  C:\Windows\System\BptnAor.exe
  2⤵
  PID:6200
- C:\Windows\System\DpHUZfq.exe
  C:\Windows\System\DpHUZfq.exe
  2⤵
  PID:8088
- C:\Windows\System\PwRHGkk.exe
  C:\Windows\System\PwRHGkk.exe
  2⤵
  PID:7444
- C:\Windows\System\wGYtYWb.exe
  C:\Windows\System\wGYtYWb.exe
  2⤵
  PID:7652
- C:\Windows\System\vFGhVvw.exe
  C:\Windows\System\vFGhVvw.exe
  2⤵
  PID:7616
- C:\Windows\System\CjyTMnP.exe
  C:\Windows\System\CjyTMnP.exe
  2⤵
  PID:7720
- C:\Windows\System\bdVpGsC.exe
  C:\Windows\System\bdVpGsC.exe
  2⤵
  PID:8204
- C:\Windows\System\vFmaHBx.exe
  C:\Windows\System\vFmaHBx.exe
  2⤵
  PID:8220
- C:\Windows\System\NTlgmgH.exe
  C:\Windows\System\NTlgmgH.exe
  2⤵
  PID:8236
- C:\Windows\System\sMoybUv.exe
  C:\Windows\System\sMoybUv.exe
  2⤵
  PID:8252
- C:\Windows\System\cGgjLep.exe
  C:\Windows\System\cGgjLep.exe
  2⤵
  PID:8268
- C:\Windows\System\IuNRuSP.exe
  C:\Windows\System\IuNRuSP.exe
  2⤵
  PID:8284
- C:\Windows\System\qHZFUUJ.exe
  C:\Windows\System\qHZFUUJ.exe
  2⤵
  PID:8300
- C:\Windows\System\mquLmIr.exe
  C:\Windows\System\mquLmIr.exe
  2⤵
  PID:8316
- C:\Windows\System\KTYlErv.exe
  C:\Windows\System\KTYlErv.exe
  2⤵
  PID:8332
- C:\Windows\System\nBxWRXp.exe
  C:\Windows\System\nBxWRXp.exe
  2⤵
  PID:8348
- C:\Windows\System\QJSOgKd.exe
  C:\Windows\System\QJSOgKd.exe
  2⤵
  PID:8364
- C:\Windows\System\KAWCjlG.exe
  C:\Windows\System\KAWCjlG.exe
  2⤵
  PID:8380
- C:\Windows\System\VLwLFBZ.exe
  C:\Windows\System\VLwLFBZ.exe
  2⤵
  PID:8396
- C:\Windows\System\BuazrPc.exe
  C:\Windows\System\BuazrPc.exe
  2⤵
  PID:8412
- C:\Windows\System\PgsSSAa.exe
  C:\Windows\System\PgsSSAa.exe
  2⤵
  PID:8428
- C:\Windows\System\ANUPJHP.exe
  C:\Windows\System\ANUPJHP.exe
  2⤵
  PID:8476
- C:\Windows\System\ciWzBWk.exe
  C:\Windows\System\ciWzBWk.exe
  2⤵
  PID:8492
- C:\Windows\System\NIYGwwg.exe
  C:\Windows\System\NIYGwwg.exe
  2⤵
  PID:8508
- C:\Windows\System\WAyqzhn.exe
  C:\Windows\System\WAyqzhn.exe
  2⤵
  PID:8524
- C:\Windows\System\NTWYvQI.exe
  C:\Windows\System\NTWYvQI.exe
  2⤵
  PID:8576
- C:\Windows\System\uYWZIRX.exe
  C:\Windows\System\uYWZIRX.exe
  2⤵
  PID:8592
- C:\Windows\System\JrjKvij.exe
  C:\Windows\System\JrjKvij.exe
  2⤵
  PID:8648
- C:\Windows\System\gRONBGV.exe
  C:\Windows\System\gRONBGV.exe
  2⤵
  PID:8668
- C:\Windows\System\wHxIaJy.exe
  C:\Windows\System\wHxIaJy.exe
  2⤵
  PID:8684
- C:\Windows\System\wKwRHnD.exe
  C:\Windows\System\wKwRHnD.exe
  2⤵
  PID:8704
- C:\Windows\System\nwmyPuM.exe
  C:\Windows\System\nwmyPuM.exe
  2⤵
  PID:8724
- C:\Windows\System\SxZJsaq.exe
  C:\Windows\System\SxZJsaq.exe
  2⤵
  PID:8744
- C:\Windows\System\mdmbJOn.exe
  C:\Windows\System\mdmbJOn.exe
  2⤵
  PID:8764
- C:\Windows\System\yVEKacw.exe
  C:\Windows\System\yVEKacw.exe
  2⤵
  PID:8784
- C:\Windows\System\iuYUvya.exe
  C:\Windows\System\iuYUvya.exe
  2⤵
  PID:8804
- C:\Windows\System\HGPVyMb.exe
  C:\Windows\System\HGPVyMb.exe
  2⤵
  PID:8828
- C:\Windows\System\zfuBLvJ.exe
  C:\Windows\System\zfuBLvJ.exe
  2⤵
  PID:8852
- C:\Windows\System\JcPcNbN.exe
  C:\Windows\System\JcPcNbN.exe
  2⤵
  PID:8868
- C:\Windows\System\SliSomL.exe
  C:\Windows\System\SliSomL.exe
  2⤵
  PID:8896
- C:\Windows\System\qEYPxWb.exe
  C:\Windows\System\qEYPxWb.exe
  2⤵
  PID:8940
- C:\Windows\System\fpjhkAS.exe
  C:\Windows\System\fpjhkAS.exe
  2⤵
  PID:8980
- C:\Windows\System\easmHxV.exe
  C:\Windows\System\easmHxV.exe
  2⤵
  PID:9016
- C:\Windows\System\AFGOENc.exe
  C:\Windows\System\AFGOENc.exe
  2⤵
  PID:9068
- C:\Windows\System\xqiDJfb.exe
  C:\Windows\System\xqiDJfb.exe
  2⤵
  PID:9084
- C:\Windows\System\pevjgvH.exe
  C:\Windows\System\pevjgvH.exe
  2⤵
  PID:9108
- C:\Windows\System\TcpLKEu.exe
  C:\Windows\System\TcpLKEu.exe
  2⤵
  PID:9128
- C:\Windows\System\pImCyvb.exe
  C:\Windows\System\pImCyvb.exe
  2⤵
  PID:9148
- C:\Windows\System\LjpiQvI.exe
  C:\Windows\System\LjpiQvI.exe
  2⤵
  PID:9172
- C:\Windows\System\TcOHPKw.exe
  C:\Windows\System\TcOHPKw.exe
  2⤵
  PID:9192
- C:\Windows\System\oGJNLRY.exe
  C:\Windows\System\oGJNLRY.exe
  2⤵
  PID:9212
- C:\Windows\System\unUKlIi.exe
  C:\Windows\System\unUKlIi.exe
  2⤵
  PID:7528
- C:\Windows\System\fvuDduN.exe
  C:\Windows\System\fvuDduN.exe
  2⤵
  PID:8212
- C:\Windows\System\hcFGTNr.exe
  C:\Windows\System\hcFGTNr.exe
  2⤵
  PID:6976
- C:\Windows\System\gFLXdCj.exe
  C:\Windows\System\gFLXdCj.exe
  2⤵
  PID:8280
- C:\Windows\System\JOsXlPX.exe
  C:\Windows\System\JOsXlPX.exe
  2⤵
  PID:7852
- C:\Windows\System\fHIshEB.exe
  C:\Windows\System\fHIshEB.exe
  2⤵
  PID:8232
- C:\Windows\System\sNwerzE.exe
  C:\Windows\System\sNwerzE.exe
  2⤵
  PID:8292
- C:\Windows\System\UCyrvPg.exe
  C:\Windows\System\UCyrvPg.exe
  2⤵
  PID:8324
- C:\Windows\System\QVKiGOw.exe
  C:\Windows\System\QVKiGOw.exe
  2⤵
  PID:8392
- C:\Windows\System\OueMcRv.exe
  C:\Windows\System\OueMcRv.exe
  2⤵
  PID:8464
- C:\Windows\System\EtkLMzV.exe
  C:\Windows\System\EtkLMzV.exe
  2⤵
  PID:8456
- C:\Windows\System\iwYwOzy.exe
  C:\Windows\System\iwYwOzy.exe
  2⤵
  PID:8520
- C:\Windows\System\hEmNwxu.exe
  C:\Windows\System\hEmNwxu.exe
  2⤵
  PID:8484
- C:\Windows\System\kqIsrnr.exe
  C:\Windows\System\kqIsrnr.exe
  2⤵
  PID:8548
- C:\Windows\System\BKHQrrE.exe
  C:\Windows\System\BKHQrrE.exe
  2⤵
  PID:8600
- C:\Windows\System\mEzYFQu.exe
  C:\Windows\System\mEzYFQu.exe
  2⤵
  PID:8612
- C:\Windows\System\uVFXgMh.exe
  C:\Windows\System\uVFXgMh.exe
  2⤵
  PID:8640
- C:\Windows\System\DSQiQya.exe
  C:\Windows\System\DSQiQya.exe
  2⤵
  PID:8712
- C:\Windows\System\hgtFvJI.exe
  C:\Windows\System\hgtFvJI.exe
  2⤵
  PID:8776
- C:\Windows\System\FEiahzb.exe
  C:\Windows\System\FEiahzb.exe
  2⤵
  PID:8796
- C:\Windows\System\RdUXIZR.exe
  C:\Windows\System\RdUXIZR.exe
  2⤵
  PID:8864
- C:\Windows\System\lmwdVWp.exe
  C:\Windows\System\lmwdVWp.exe
  2⤵
  PID:8880
- C:\Windows\System\zsRTYiT.exe
  C:\Windows\System\zsRTYiT.exe
  2⤵
  PID:8892
- C:\Windows\System\FoozBdT.exe
  C:\Windows\System\FoozBdT.exe
  2⤵
  PID:8932
- C:\Windows\System\jxPlWCj.exe
  C:\Windows\System\jxPlWCj.exe
  2⤵
  PID:8948
- C:\Windows\System\HuNkvuy.exe
  C:\Windows\System\HuNkvuy.exe
  2⤵
  PID:8968
- C:\Windows\System\XgNqGnj.exe
  C:\Windows\System\XgNqGnj.exe
  2⤵
  PID:9008
- C:\Windows\System\GtnHErD.exe
  C:\Windows\System\GtnHErD.exe
  2⤵
  PID:9032
- C:\Windows\System\mnIWJzw.exe
  C:\Windows\System\mnIWJzw.exe
  2⤵
  PID:9048
- C:\Windows\System\JgetTSY.exe
  C:\Windows\System\JgetTSY.exe
  2⤵
  PID:9080
- C:\Windows\System\SulBkfd.exe
  C:\Windows\System\SulBkfd.exe
  2⤵
  PID:9124
- C:\Windows\System\KIdOTqh.exe
  C:\Windows\System\KIdOTqh.exe
  2⤵
  PID:9140
- C:\Windows\System\lPYjHSN.exe
  C:\Windows\System\lPYjHSN.exe
  2⤵
  PID:9200
- C:\Windows\System\DRsgbvB.exe
  C:\Windows\System\DRsgbvB.exe
  2⤵
  PID:9184
- C:\Windows\System\aijbwSX.exe
  C:\Windows\System\aijbwSX.exe
  2⤵
  PID:7364
- C:\Windows\System\XKjOMej.exe
  C:\Windows\System\XKjOMej.exe
  2⤵
  PID:7904
- C:\Windows\System\ajbwGEc.exe
  C:\Windows\System\ajbwGEc.exe
  2⤵
  PID:8248
- C:\Windows\System\hVPaPul.exe
  C:\Windows\System\hVPaPul.exe
  2⤵
  PID:8820
- C:\Windows\System\eSzxUJH.exe
  C:\Windows\System\eSzxUJH.exe
  2⤵
  PID:8624
- C:\Windows\System\eDQCAKt.exe
  C:\Windows\System\eDQCAKt.exe
  2⤵
  PID:8632
- C:\Windows\System\yCYvoCF.exe
  C:\Windows\System\yCYvoCF.exe
  2⤵
  PID:8296
- C:\Windows\System\qhFrHrg.exe
  C:\Windows\System\qhFrHrg.exe
  2⤵
  PID:8376
- C:\Windows\System\YjiOIGq.exe
  C:\Windows\System\YjiOIGq.exe
  2⤵
  PID:8388
- C:\Windows\System\AjiwLbY.exe
  C:\Windows\System\AjiwLbY.exe
  2⤵
  PID:8500
- C:\Windows\System\kVtaQRK.exe
  C:\Windows\System\kVtaQRK.exe
  2⤵
  PID:8448
- C:\Windows\System\rHHsuuS.exe
  C:\Windows\System\rHHsuuS.exe
  2⤵
  PID:8452
- C:\Windows\System\wTyArRt.exe
  C:\Windows\System\wTyArRt.exe
  2⤵
  PID:8560
- C:\Windows\System\VdmyQKb.exe
  C:\Windows\System\VdmyQKb.exe
  2⤵
  PID:8584
- C:\Windows\System\GKEYHdB.exe
  C:\Windows\System\GKEYHdB.exe
  2⤵
  PID:8716
- C:\Windows\System\uKLfXbJ.exe
  C:\Windows\System\uKLfXbJ.exe
  2⤵
  PID:8696
- C:\Windows\System\lUrCNTa.exe
  C:\Windows\System\lUrCNTa.exe
  2⤵
  PID:8736
- C:\Windows\System\EeKjOGY.exe
  C:\Windows\System\EeKjOGY.exe
  2⤵
  PID:8860
- C:\Windows\System\YtfDVwI.exe
  C:\Windows\System\YtfDVwI.exe
  2⤵
  PID:8912
- C:\Windows\System\KeNERom.exe
  C:\Windows\System\KeNERom.exe
  2⤵
  PID:8920
- C:\Windows\System\oBOozLJ.exe
  C:\Windows\System\oBOozLJ.exe
  2⤵
  PID:8564
- C:\Windows\System\QvKPPJt.exe
  C:\Windows\System\QvKPPJt.exe
  2⤵
  PID:8924
- C:\Windows\System\QiJmmMi.exe
  C:\Windows\System\QiJmmMi.exe
  2⤵
  PID:8996
- C:\Windows\System\uftmobK.exe
  C:\Windows\System\uftmobK.exe
  2⤵
  PID:9028
- C:\Windows\System\jXcClhJ.exe
  C:\Windows\System\jXcClhJ.exe
  2⤵
  PID:9064
- C:\Windows\System\GWjhyGG.exe
  C:\Windows\System\GWjhyGG.exe
  2⤵
  PID:9120
- C:\Windows\System\pNvzVrt.exe
  C:\Windows\System\pNvzVrt.exe
  2⤵
  PID:9136
- C:\Windows\System\jboPDUj.exe
  C:\Windows\System\jboPDUj.exe
  2⤵
  PID:8700
- C:\Windows\System\iARztQk.exe
  C:\Windows\System\iARztQk.exe
  2⤵
  PID:7352
- C:\Windows\System\YAaNFpR.exe
  C:\Windows\System\YAaNFpR.exe
  2⤵
  PID:7836
- C:\Windows\System\FThlZNb.exe
  C:\Windows\System\FThlZNb.exe
  2⤵
  PID:7396
- C:\Windows\System\tkMEQWn.exe
  C:\Windows\System\tkMEQWn.exe
  2⤵
  PID:8436
- C:\Windows\System\BujIKqg.exe
  C:\Windows\System\BujIKqg.exe
  2⤵
  PID:8644
- C:\Windows\System\srxWCaE.exe
  C:\Windows\System\srxWCaE.exe
  2⤵
  PID:8844
- C:\Windows\System\FbWJzxT.exe
  C:\Windows\System\FbWJzxT.exe
  2⤵
  PID:8404
- C:\Windows\System\fKNtoAp.exe
  C:\Windows\System\fKNtoAp.exe
  2⤵
  PID:8408
- C:\Windows\System\eHolzhe.exe
  C:\Windows\System\eHolzhe.exe
  2⤵
  PID:8536
- C:\Windows\System\WPCaWIF.exe
  C:\Windows\System\WPCaWIF.exe
  2⤵
  PID:8760
- C:\Windows\System\BvBUgOg.exe
  C:\Windows\System\BvBUgOg.exe
  2⤵
  PID:8972
- C:\Windows\System\MfwyjcD.exe
  C:\Windows\System\MfwyjcD.exe
  2⤵
  PID:9040
- C:\Windows\System\lUiaTor.exe
  C:\Windows\System\lUiaTor.exe
  2⤵
  PID:8720
- C:\Windows\System\RhhGRkT.exe
  C:\Windows\System\RhhGRkT.exe
  2⤵
  PID:9168
- C:\Windows\System\vHsifsL.exe
  C:\Windows\System\vHsifsL.exe
  2⤵
  PID:9188
- C:\Windows\System\wJNiAZb.exe
  C:\Windows\System\wJNiAZb.exe
  2⤵
  PID:8444
- C:\Windows\System\najdFpf.exe
  C:\Windows\System\najdFpf.exe
  2⤵
  PID:8344
- C:\Windows\System\VStwMQP.exe
  C:\Windows\System\VStwMQP.exe
  2⤵
  PID:8516
- C:\Windows\System\ZtdqLgY.exe
  C:\Windows\System\ZtdqLgY.exe
  2⤵
  PID:8800
- C:\Windows\System\rdOSYIj.exe
  C:\Windows\System\rdOSYIj.exe
  2⤵
  PID:8888
- C:\Windows\System\uByUslG.exe
  C:\Windows\System\uByUslG.exe
  2⤵
  PID:9044
- C:\Windows\System\FBuNMxl.exe
  C:\Windows\System\FBuNMxl.exe
  2⤵
  PID:8440
- C:\Windows\System\qHRkxNv.exe
  C:\Windows\System\qHRkxNv.exe
  2⤵
  PID:9012
- C:\Windows\System\qCCjHHW.exe
  C:\Windows\System\qCCjHHW.exe
  2⤵
  PID:9116
- C:\Windows\System\FvrnmBV.exe
  C:\Windows\System\FvrnmBV.exe
  2⤵
  PID:9228
- C:\Windows\System\gAHSZWu.exe
  C:\Windows\System\gAHSZWu.exe
  2⤵
  PID:9244
- C:\Windows\System\kdDCusD.exe
  C:\Windows\System\kdDCusD.exe
  2⤵
  PID:9260
- C:\Windows\System\IQQjbJG.exe
  C:\Windows\System\IQQjbJG.exe
  2⤵
  PID:9276
- C:\Windows\System\hnjCUwb.exe
  C:\Windows\System\hnjCUwb.exe
  2⤵
  PID:9292
- C:\Windows\System\bwrQUib.exe
  C:\Windows\System\bwrQUib.exe
  2⤵
  PID:9308
- C:\Windows\System\cnYJjEx.exe
  C:\Windows\System\cnYJjEx.exe
  2⤵
  PID:9324
- C:\Windows\System\vUkaVJb.exe
  C:\Windows\System\vUkaVJb.exe
  2⤵
  PID:9340
- C:\Windows\System\QMdMWfq.exe
  C:\Windows\System\QMdMWfq.exe
  2⤵
  PID:9356
- C:\Windows\System\RkqpmUW.exe
  C:\Windows\System\RkqpmUW.exe
  2⤵
  PID:9372
- C:\Windows\System\WwMMPgf.exe
  C:\Windows\System\WwMMPgf.exe
  2⤵
  PID:9388
- C:\Windows\System\HhcaVru.exe
  C:\Windows\System\HhcaVru.exe
  2⤵
  PID:9404
- C:\Windows\System\gwFRatk.exe
  C:\Windows\System\gwFRatk.exe
  2⤵
  PID:9420
- C:\Windows\System\kruTjtT.exe
  C:\Windows\System\kruTjtT.exe
  2⤵
  PID:9436
- C:\Windows\System\OReepZB.exe
  C:\Windows\System\OReepZB.exe
  2⤵
  PID:9452
- C:\Windows\System\hjqcbiq.exe
  C:\Windows\System\hjqcbiq.exe
  2⤵
  PID:9468
- C:\Windows\System\qElNuEw.exe
  C:\Windows\System\qElNuEw.exe
  2⤵
  PID:9484
- C:\Windows\System\VbWHmXs.exe
  C:\Windows\System\VbWHmXs.exe
  2⤵
  PID:9500
- C:\Windows\System\YesCndg.exe
  C:\Windows\System\YesCndg.exe
  2⤵
  PID:9516
- C:\Windows\System\HgAFqgZ.exe
  C:\Windows\System\HgAFqgZ.exe
  2⤵
  PID:9536
- C:\Windows\System\Gpdasua.exe
  C:\Windows\System\Gpdasua.exe
  2⤵
  PID:9552
- C:\Windows\System\OFBsdNp.exe
  C:\Windows\System\OFBsdNp.exe
  2⤵
  PID:9572
- C:\Windows\System\Tzhllhd.exe
  C:\Windows\System\Tzhllhd.exe
  2⤵
  PID:9588
- C:\Windows\System\OGzNzBa.exe
  C:\Windows\System\OGzNzBa.exe
  2⤵
  PID:9604
- C:\Windows\System\SYHQuFG.exe
  C:\Windows\System\SYHQuFG.exe
  2⤵
  PID:9620
- C:\Windows\System\LxAWEcc.exe
  C:\Windows\System\LxAWEcc.exe
  2⤵
  PID:9636
- C:\Windows\System\YuDqtKT.exe
  C:\Windows\System\YuDqtKT.exe
  2⤵
  PID:9652
- C:\Windows\System\nALJuag.exe
  C:\Windows\System\nALJuag.exe
  2⤵
  PID:9668
- C:\Windows\System\ApPIDZc.exe
  C:\Windows\System\ApPIDZc.exe
  2⤵
  PID:9684
- C:\Windows\System\EwDnTXI.exe
  C:\Windows\System\EwDnTXI.exe
  2⤵
  PID:9700
- C:\Windows\System\BJhDAfP.exe
  C:\Windows\System\BJhDAfP.exe
  2⤵
  PID:9716
- C:\Windows\System\YEfQpkF.exe
  C:\Windows\System\YEfQpkF.exe
  2⤵
  PID:9732
- C:\Windows\System\sAWaMWC.exe
  C:\Windows\System\sAWaMWC.exe
  2⤵
  PID:9752
- C:\Windows\System\djkEVlI.exe
  C:\Windows\System\djkEVlI.exe
  2⤵
  PID:9768
- C:\Windows\System\lEOULSc.exe
  C:\Windows\System\lEOULSc.exe
  2⤵
  PID:9784
- C:\Windows\System\ZWZxgpa.exe
  C:\Windows\System\ZWZxgpa.exe
  2⤵
  PID:9800
- C:\Windows\System\FRbwVVL.exe
  C:\Windows\System\FRbwVVL.exe
  2⤵
  PID:9816
- C:\Windows\System\yxjgmye.exe
  C:\Windows\System\yxjgmye.exe
  2⤵
  PID:9832
- C:\Windows\System\JoxQJhd.exe
  C:\Windows\System\JoxQJhd.exe
  2⤵
  PID:9848
- C:\Windows\System\jXBXFVm.exe
  C:\Windows\System\jXBXFVm.exe
  2⤵
  PID:9864
- C:\Windows\System\oyFyjhf.exe
  C:\Windows\System\oyFyjhf.exe
  2⤵
  PID:9880
- C:\Windows\System\rRbsIBg.exe
  C:\Windows\System\rRbsIBg.exe
  2⤵
  PID:9896
- C:\Windows\System\ZVAFtgs.exe
  C:\Windows\System\ZVAFtgs.exe
  2⤵
  PID:9912
- C:\Windows\System\CsCnxmn.exe
  C:\Windows\System\CsCnxmn.exe
  2⤵
  PID:9928
- C:\Windows\System\KIUJUmI.exe
  C:\Windows\System\KIUJUmI.exe
  2⤵
  PID:9944
- C:\Windows\System\JOuYSQm.exe
  C:\Windows\System\JOuYSQm.exe
  2⤵
  PID:9960
- C:\Windows\System\xGNaTEO.exe
  C:\Windows\System\xGNaTEO.exe
  2⤵
  PID:9976
- C:\Windows\System\TnRQtbU.exe
  C:\Windows\System\TnRQtbU.exe
  2⤵
  PID:9992
- C:\Windows\System\ExTfDzB.exe
  C:\Windows\System\ExTfDzB.exe
  2⤵
  PID:10008
- C:\Windows\System\DbeZnyI.exe
  C:\Windows\System\DbeZnyI.exe
  2⤵
  PID:10024
- C:\Windows\System\TNBYVgo.exe
  C:\Windows\System\TNBYVgo.exe
  2⤵
  PID:10040
- C:\Windows\System\YEDoOvt.exe
  C:\Windows\System\YEDoOvt.exe
  2⤵
  PID:10060
- C:\Windows\System\rELnFjl.exe
  C:\Windows\System\rELnFjl.exe
  2⤵
  PID:10076
- C:\Windows\System\KfnqfUQ.exe
  C:\Windows\System\KfnqfUQ.exe
  2⤵
  PID:10092
- C:\Windows\System\MltrvBt.exe
  C:\Windows\System\MltrvBt.exe
  2⤵
  PID:10108
- C:\Windows\System\JQhatRM.exe
  C:\Windows\System\JQhatRM.exe
  2⤵
  PID:10124
- C:\Windows\System\UAElBSZ.exe
  C:\Windows\System\UAElBSZ.exe
  2⤵
  PID:10140
- C:\Windows\System\nHjMNEp.exe
  C:\Windows\System\nHjMNEp.exe
  2⤵
  PID:10156
- C:\Windows\System\yWDWNTy.exe
  C:\Windows\System\yWDWNTy.exe
  2⤵
  PID:10172
- C:\Windows\System\ObxyVMV.exe
  C:\Windows\System\ObxyVMV.exe
  2⤵
  PID:10188
- C:\Windows\System\bSUZBRQ.exe
  C:\Windows\System\bSUZBRQ.exe
  2⤵
  PID:10204
- C:\Windows\System\VNoKiub.exe
  C:\Windows\System\VNoKiub.exe
  2⤵
  PID:10220
- C:\Windows\System\HXjMMyg.exe
  C:\Windows\System\HXjMMyg.exe
  2⤵
  PID:10236
- C:\Windows\System\wKhzDnk.exe
  C:\Windows\System\wKhzDnk.exe
  2⤵
  PID:9256
- C:\Windows\System\vRVrFJx.exe
  C:\Windows\System\vRVrFJx.exe
  2⤵
  PID:8276
- C:\Windows\System\ujvlVLL.exe
  C:\Windows\System\ujvlVLL.exe
  2⤵
  PID:8608
- C:\Windows\System\hNFxVeQ.exe
  C:\Windows\System\hNFxVeQ.exe
  2⤵
  PID:8908
- C:\Windows\System\LMEZYpz.exe
  C:\Windows\System\LMEZYpz.exe
  2⤵
  PID:9320
- C:\Windows\System\cTnEWYn.exe
  C:\Windows\System\cTnEWYn.exe
  2⤵
  PID:9348
- C:\Windows\System\ObudTPv.exe
  C:\Windows\System\ObudTPv.exe
  2⤵
  PID:9384
- C:\Windows\System\kdbEtxQ.exe
  C:\Windows\System\kdbEtxQ.exe
  2⤵
  PID:9416
- C:\Windows\System\DIwQDrK.exe
  C:\Windows\System\DIwQDrK.exe
  2⤵
  PID:9508
- C:\Windows\System\eUIfpfO.exe
  C:\Windows\System\eUIfpfO.exe
  2⤵
  PID:9364
- C:\Windows\System\sbzwOzy.exe
  C:\Windows\System\sbzwOzy.exe
  2⤵
  PID:9428
- C:\Windows\System\BSbzeJI.exe
  C:\Windows\System\BSbzeJI.exe
  2⤵
  PID:9524
- C:\Windows\System\FkEowPt.exe
  C:\Windows\System\FkEowPt.exe
  2⤵
  PID:9528
- C:\Windows\System\MXEEwVp.exe
  C:\Windows\System\MXEEwVp.exe
  2⤵
  PID:9580
- C:\Windows\System\qQzVMyH.exe
  C:\Windows\System\qQzVMyH.exe
  2⤵
  PID:9600
- C:\Windows\System\FdcLhit.exe
  C:\Windows\System\FdcLhit.exe
  2⤵
  PID:9632
- C:\Windows\System\WZnrhQA.exe
  C:\Windows\System\WZnrhQA.exe
  2⤵
  PID:9692
- C:\Windows\System\NNjBuHe.exe
  C:\Windows\System\NNjBuHe.exe
  2⤵
  PID:9744
- C:\Windows\System\LXMUxNi.exe
  C:\Windows\System\LXMUxNi.exe
  2⤵
  PID:9728
- C:\Windows\System\jjtaeLa.exe
  C:\Windows\System\jjtaeLa.exe
  2⤵
  PID:9748
- C:\Windows\System\TGrenus.exe
  C:\Windows\System\TGrenus.exe
  2⤵
  PID:9764
- C:\Windows\System\oTDDUAO.exe
  C:\Windows\System\oTDDUAO.exe
  2⤵
  PID:9776
- C:\Windows\System\cXGDXmO.exe
  C:\Windows\System\cXGDXmO.exe
  2⤵
  PID:9828
- C:\Windows\System\GxcIoWj.exe
  C:\Windows\System\GxcIoWj.exe
  2⤵
  PID:9892
- C:\Windows\System\JVeAPer.exe
  C:\Windows\System\JVeAPer.exe
  2⤵
  PID:9952
- C:\Windows\System\DAbXfxx.exe
  C:\Windows\System\DAbXfxx.exe
  2⤵
  PID:9972
- C:\Windows\System\JLeaCbQ.exe
  C:\Windows\System\JLeaCbQ.exe
  2⤵
  PID:9936
- C:\Windows\System\zroFjbO.exe
  C:\Windows\System\zroFjbO.exe
  2⤵
  PID:10068
- C:\Windows\System\zGbjZxG.exe
  C:\Windows\System\zGbjZxG.exe
  2⤵
  PID:10104
- C:\Windows\System\jvZYjli.exe
  C:\Windows\System\jvZYjli.exe
  2⤵
  PID:10020
- C:\Windows\System\tEOAijk.exe
  C:\Windows\System\tEOAijk.exe
  2⤵
  PID:10196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ADYaUNr.exe

Filesize
6.0MB

MD5
7948494a369dc53e4915ece8765f29d2

SHA1
765d3152bc6944ad336f529b1694f82b87217dbe

SHA256
101e4779443b62236abb3d09cecb7532e52e903d89c28f3248966648f4471dd9

SHA512
9d11337f8098b1bec2e1976ca577355a4c8b8743eb7a453425e2ccdc7c1dd31a83dc40e8e6aa8524d18268d0cf3e7b830f0c4fb13a84d583243121ffe7aa9038

Download Submit
C:\Windows\system\AOxGFnx.exe

Filesize
6.0MB

MD5
f7fb6ab3df018f5f89d159fe4855e2cb

SHA1
50d7b292ba98df46f2b50382b23cf55e71fb8fa8

SHA256
e72bfd45a15805209b04c084765d7e58e8c5517a4e788027cb71a9c4ca437bd0

SHA512
b053a9f6464e1889dc72a579a4aaa9abc80b3054b9ad6f86449b269737d123138fcd92702778ab8a681eaec2123242aa95f883e762c6bbf676b7b850062ab93d

Download Submit
C:\Windows\system\DcwcuIr.exe

Filesize
6.0MB

MD5
f784c936821fa959d477e70de61ea112

SHA1
e2b8703f7cc0492ea97d9dff01614486728a3d37

SHA256
26de96e115ef605d6a8a0aa18e455860895200fcf6603833ce3b6245fce25e52

SHA512
db8f81cf4ada3d9f9e0ef5d51c86232843739f40a2b06ddb6342a59f5130017b93b83ea2fb3802b87b67d12128fc77c480904fa98141ac52c5f46c149b9f638f

Download Submit
C:\Windows\system\GiUIALI.exe

Filesize
6.0MB

MD5
f4689c167e6db30d99a854520e4b71d8

SHA1
bcc5168c0a725d5f66d75f5270f8fd7612e8328c

SHA256
ad90959a8f0f5f793490affe796f66b9050106de0cf3a8b5e97e5609dbaea1d3

SHA512
1e6c9b501133ef476b7281da31bb5102f4ed1c4f8a8e5809b65f0af3e52f45010344fc91f8ca15283d8cca77cbe72b73cdc159d4194bc3948b849932e2359f46

Download Submit
C:\Windows\system\HboVGgM.exe

Filesize
6.0MB

MD5
b1b319fb53e3ac3e28053e7be1fd701a

SHA1
c71f2fdf40100e70e909b2ec20cb0b5bdde47fe3

SHA256
06eeddf34a9f798285255ae143bad09492f786649747e6d90b599a5e6d76fd7a

SHA512
aeac8eb45ccc9a9bb384544f96ef139c386ce3aa16c16c8ecfe8cee82142ea3ce6b3b8c7f6187d1635193f748971eaaac082f967977b419526fff1f3a99fbc98

Download Submit
C:\Windows\system\IJBvEZB.exe

Filesize
6.0MB

MD5
54ca7b5d65d7cc18639d0cb36cab4af2

SHA1
e2ad0139928859ba3fa670ec73fbb4c6ee6f24e1

SHA256
30bc2b10929ba7b42a7e19f71450cb0a342efc8434e6235f373a5974bd55c31e

SHA512
a2f2e6b4b644d8d2681573c708dba23b3a1476ee2e5fbd51a49c3adc1d6cd5e82c8fc3b294b23669b5137ba71a61b3f28b0ceddf439fcb2c61d1b7a06498a825

Download Submit
C:\Windows\system\LAckpBS.exe

Filesize
6.0MB

MD5
023d9d9cf944caacc28941cb82a43fea

SHA1
c7ad2ff4d48b26a0666125d710d529bb50cbb729

SHA256
5ce55c9b3026afe6380e550e60cd409ea00fb44dde1b2cb848f5e0aee76446fa

SHA512
a060f8b073f89474a97c6d9774e61bb1ee255ba39208994d59acedb443bd8f533fa312ed31e59e7505f23537eab543fcd50884f49f6f7fe9ebf39c0b67c639cb

Download Submit
C:\Windows\system\LNIzOeU.exe

Filesize
6.0MB

MD5
7ebc163584cf3a0f3f5c61da2a1f72ea

SHA1
27cfc67ce8003dbbbdf8027094ddcf9064f0df24

SHA256
1a805d382b754e60f773b12784977e551e99aa927d64fc990dbc296b4cae3f2c

SHA512
21e234b397fe59fbd11420bf872fbabdca939798391c201c95de884bc9df52ae05d30efe0ed9d7416530a8b40d905d46ab59578ec928b6ee8eec63003a537e69

Download Submit
C:\Windows\system\MjRRDaU.exe

Filesize
6.0MB

MD5
9fe6873536e3c2814570a747f2c7d212

SHA1
e312769240c7e37968fd3b2c8019127b2813a97e

SHA256
0e80031fdd3239e2ee430a89d285c9a7a3c9cb687b0891505dee49f57feae8af

SHA512
88ca56ee2a1661cd209738975237536d9dbdd50fa97f784ed4fd5c5590151a36e72672bc01752efb4c29e489e15a2adf59ed445dea22365c40f2196ddc802ad8

Download Submit
C:\Windows\system\Qqcshut.exe

Filesize
6.0MB

MD5
6937a6451aac9236c796364d9cbb6c74

SHA1
35f611d24452c73870c325016d058ec7f0ea4b7f

SHA256
a271f324d7e280db4f563244a48434a60eef298d30536f472283a07185d91790

SHA512
fd2db2953264c7c233a26f5a4d8fdcf73894973501ddeec773e690ae036458ce0798938627d1c2e9c178a0386540a1418e3dd1a3e34e5019646853a3f642db64

Download Submit
C:\Windows\system\WiZGvZc.exe

Filesize
6.0MB

MD5
beed54bce63cd20509ae79da38514e92

SHA1
12ac789978165c9d564298928e30084813e7b1d4

SHA256
07e0056cd397fc8b88670e6b3e3c2eb8ac7b998a48de12be328f17c6a27e4672

SHA512
7c6149a85fbe92704edb555b6c7fe36d2ea1c355d5208e8aff6f78b09dc357731a8b6d4cb04ed41178ab56f3589943e0328610784163555d6574c54f36d8de36

Download Submit
C:\Windows\system\agDuvhS.exe

Filesize
6.0MB

MD5
8d00d657ccd2a52295cfadb2a56d7b24

SHA1
ff9957548eb0054ce2132139b809a9b6d120eda7

SHA256
51ed9e02d148d1144c717393ae28654ccc4d5178caddc9b9eb8db4babc1a7469

SHA512
d5795e8242175750591f2c30f65a27b275d8e17858dee7e7df1da1c4d1f799af304a088775ba1205091a8924d7079aeec76a501daba61df2e70896c55fd9376f

Download Submit
C:\Windows\system\bnXHFTC.exe

Filesize
6.0MB

MD5
d74029565801044c892adb2094d8cfa2

SHA1
be9617213bf2efb2c0c9ff0a3a69d2fb92f3c3ba

SHA256
28022454f33a7587adbfaf431a53090e80741271281aa49e539c26b66a214102

SHA512
2461f83531812d369d38cd6a854a513dd92630a423a1b60ee4dab67301226f46c6b2191086ad21c48ece2ec6bc7d39edde132763365e398e75b08d2b8de8d77f

Download Submit
C:\Windows\system\dYuCGES.exe

Filesize
6.0MB

MD5
921271d8870a9eef2c2f2da4f29f53b0

SHA1
f87ed8d5b1119c74e071beacba12b83d014c82ad

SHA256
368f438216d214b2491906bf5f19aa1fff9fba18493ded12849b6b888c63d545

SHA512
e604cda7f3d740a1eac3b997c8a36c261e222614130d9fe67a2df36ac7819ce841486d63bb71fcee85e3dabd1a6fc2b239d72d9142bc9cab0091ffc1518a014b

Download Submit
C:\Windows\system\hmekDfP.exe

Filesize
6.0MB

MD5
8e51528a635fa24bd5508c2cbb680f7d

SHA1
256bc4a264cf924a6a158d6bed246b4bac77b939

SHA256
0ee943f6bc437755d1a40151053bbf20e8f11dd5c177f861605ae77245b37422

SHA512
182cb65e58eaacbf3617827f18c597ce399989a2d73e38d25babdbf1421bc0b1e7107f991ea95f450bdfad64e854a2589bb2b7570858afbd5ee96572bc067f4d

Download Submit
C:\Windows\system\iCUlfyZ.exe

Filesize
6.0MB

MD5
924ce574dcc17ef188b5318e3833cfc8

SHA1
979db7873fe9e047738c648347ad5ff7b55b6054

SHA256
749e4140deb7b33c01d0699370517efbdd9bbc0b6a6d0832974758302af8ce4d

SHA512
1898b452fad74660a2dfc4efe21209789fc18d88c22a87cfc50ff8a3d9393bbe0e2c547e4668b8aa4d505cc0dd704f02cf6e3441d4858f08e28a9abf4b7bac08

Download Submit
C:\Windows\system\iXNpeLI.exe

Filesize
6.0MB

MD5
f4e208d41fbce76066796d56560fc5b9

SHA1
5036548e59ff14ff98b3c6426d51bbf9665f7208

SHA256
1843c70acd098ae8fd1628c7b286e6b73168565e58ee9138ff3237e35e196a9e

SHA512
171af4d18faa956a47c9c26014351af2a4cb32ab1a51e0e67f7003c710ec5632954d55dfb9e0c1988109f299ebde103e230e184e67929562b56853c555293ae3

Download Submit
C:\Windows\system\iZRouEr.exe

Filesize
6.0MB

MD5
8d9cd0f6602e869e3c32e915d499abe1

SHA1
132257c757f066bc63177519211c3366ca0849e2

SHA256
72035a5c7d1474a78e37f37571880c80d6e432273e0d31834342d9afdaa9acbe

SHA512
be7832cc67bad126a6529ac5d0385257a93c3e070cfbecc6ae1d5d5f7610aed4b34254a7015a17ab66db07d8f98121e97f345011ada2e8a52a2c28ada44043f9

Download Submit
C:\Windows\system\qorONnN.exe

Filesize
6.0MB

MD5
3d876a4324138faf8de24547d78c53e1

SHA1
7cf7f5f2bb311ec9779cf9daba724500bb3a091c

SHA256
58e4f6b4e227f108b50ddd6ed066860e09bc2c75dc833f9e031cf92775940f33

SHA512
fbaf2d1d3f2cf07826a0c7e588bbf62dd6614a772e13ed5119773fc6054af7432fd0c49d0fe30cacc3fe473c7601a2cce76cf131481185bf0cfa7d28f236e7b4

Download Submit
C:\Windows\system\rzNtqCT.exe

Filesize
6.0MB

MD5
f7a48bcf24bad6785f74a4b9cc6b795a

SHA1
012402104acda831ff99c5164c8215f3402d37bb

SHA256
e0db1f1e947e63e95e4fa34e003a22450e0d17b8f9f57fa42618f86aa3963a65

SHA512
4ad5e4f9c741a729b397bea80e0c1e7018176b7e2013148a47c6e2169cf86d1ee32c3197d24f4cac988a862f1d84e4b7b9941d7e3469b31bf24a8c3650756801

Download Submit
C:\Windows\system\vaDIest.exe

Filesize
6.0MB

MD5
a8f3fa70af213ce57eb6ab9f61acdb82

SHA1
2d8345c2e1f9a8606d8db6e3195430324158092b

SHA256
30ac5e24aa67a2918fb8fe5c8ce298e6f73009d24d44a08d03d50e3ef64619bc

SHA512
f69c2157a1232e1ae6b50e56a39201e55845e41a640c3144ae83497ee41f4f1c4f6b6fe171a269e8c5cbb3a79b73417f5647a4c4c21d664b99a60f1397aa2dbe

Download Submit
C:\Windows\system\xKLpKCe.exe

Filesize
6.0MB

MD5
02d5bbec9190589dac3a4730804cf78e

SHA1
6d1cac86ed926555e65036e62266d628b19061e5

SHA256
fb2933e3602c24e6cecbde6583531a709a423ddd0172a32f0b906669243428c8

SHA512
a3b4cba184c194152e41f059ec38dacdf76d894855001502c3cfae038b4f158988c59791666293588dcf6a505b4db877657aa2e5e34857edb527d416570b3903

Download Submit
C:\Windows\system\zGoNsuO.exe

Filesize
6.0MB

MD5
eff04b96a640d43f4b251d5ac74482e7

SHA1
746e39fff5260e218cf85f3c7d4b1290083d61ab

SHA256
76f3d8189546c74694ba29ead7a2baef7d5bffabfbeb79212612e1037b3a18f2

SHA512
c0c980fc5b5312df010fefa1cfa272d75b267209d4195ea0f0649aa3c7481db9a2851cb833963bf2c0a52474bcf846506c7c9a30b7c3e760f8a71a4e2cddc6df

Download Submit
\Windows\system\CSMstpO.exe

Filesize
6.0MB

MD5
66cb756af3f72f3b97088f4fa656fbcc

SHA1
1a2a03b548542a21226cee243be8d43fb17541d2

SHA256
c9d1ee12ac6e2fc83aca5ca1b8e670afbe505653e7bb20477e19e011030ddd7e

SHA512
517fab0c1eaaf691554276ab90475c34cd87009217c2514cc531094233d79bf714a20c2418b5c04293b28331db9e46d72c218c8744e4cf6c9ef34cb8d58dcd2e

Download Submit
\Windows\system\IkrXBHA.exe

Filesize
6.0MB

MD5
8273a89207391d112c49fc8ea370eb10

SHA1
9cff37663b7e28fa1ec899517ced52ac8689d761

SHA256
c3e821fbd11cc818f2bf2ce123e3748e16b82a9bdeb0c9eaba1303c375342623

SHA512
522b12b4ab6e04ca0d64a7ad7139ce23f9f48482267140d3e971bd4e115ff57561aad2b910640fe7a4ed68073f26224f8ec183bfa30ccd0cccd115770015d02f

Download Submit
\Windows\system\JltPdMR.exe

Filesize
6.0MB

MD5
230aba3f59849dfdfd6532019ba5fe36

SHA1
d9e23a5a3e2e9b741a5243169df539e778f801ce

SHA256
417ea7387b041eff587a1f6187af08c3c8a9c067cf3b41bfc942473efb5ade8a

SHA512
a79d433049818f3b165b8ad0c744d8fc6f193362b63f2de6f40c1ecee6852b66d591d451a7b35dab84c62fdd4d1f8ab4c7c59f4913d2389dbcd6bb3be06f04fa

Download Submit
\Windows\system\LbEUbCI.exe

Filesize
6.0MB

MD5
a763e19b5d23359487f6c1bf6a386b26

SHA1
b54773150d1ff54ff4b4a7c4b5bee740e3b522d2

SHA256
f4bab89eaf9f0921d0c30808c862a15cfa46442b2137be496bce52444711b13b

SHA512
6a866a71394f35c063f8f156fc23bb074691c8e938e19af29b8ea5a85a3e7739e8e18665e3d16834ace2043b5270e6a09efc5d0c72ef1e1e77c99f1756409ab1

Download Submit
\Windows\system\SNIbXmo.exe

Filesize
6.0MB

MD5
7bfbe5a13c206ec0ea77f7c97d09a7f8

SHA1
59c62647bf430fb1606732456108398b1564fc6b

SHA256
951f744ad265b08d25f39c66d4f26474b375b1b5647b1a9165feb88a92245632

SHA512
df9b6bff94f4de24869975932a765a544fe2672423a35eac42614332e9902cf48585de544ed98a7dd6a2fd67eda0c43a5c24f15420574a93d073adfd9f87a29e

Download Submit
\Windows\system\ZcTcsEb.exe

Filesize
6.0MB

MD5
eb3758a65b2da6f30d555d63b7c39b2c

SHA1
9cc19ae99aa34f8a6a0a359dd915b63e98696062

SHA256
b486ac207ac3dc7e1bdd07ef75469e5bbd70e8dc298a42575b5bae93f535b942

SHA512
19f1a73d79c242836edd3317a166faacc93df481baf8aef1b02ee6a6329900a05cb5def4b6ef2db7ae1463276a33cb1ada5d3d79897b2d0c42f1c8a27322d71c

Download Submit
\Windows\system\mOWFYDs.exe

Filesize
6.0MB

MD5
289f79657e63e2e3c1ed107154392819

SHA1
7360f695f423cba1c2d17a81d498e6d69381d44b

SHA256
b1a66636bab10355dcefca8b2a9c2da57640bc3582cc66f500184662e5b4ce0e

SHA512
12c3da8b660e919a17396f92707844723a48848165d15937a1e2b32afe0e0c039ac4bec00d03bd6b1a2b9ad0b8cb9b04a4e663d558290431e230bad372d14623

Download Submit
\Windows\system\phtGGLL.exe

Filesize
6.0MB

MD5
db929d5da0ec8ae1e73794281bb4ea37

SHA1
5d8e6d12c77d53e7413db43b3d7df0dfa0b23328

SHA256
31ea12ca17a892c4aae518f28ff418de70200acd59f35995148710f3078939e0

SHA512
d9b66f2365d86e289581a8f5f480718135fd7c433448ee84cf13e13a9baa384893e847712ed9b94881fa4855789c1af052de63174ebf357720232c887847ff06

Download Submit
\Windows\system\rugqNeG.exe

Filesize
6.0MB

MD5
d32fb2b9fc99ae0d24153e092639e833

SHA1
a2a3e0c83516d4abe352df1e16b412304598f4d3

SHA256
95da0a80ff09518a549af220e0a8427dcb4e347f1b3778c30fba01b767dc4f4b

SHA512
19d1ebcce3ebd7fa67e77ad06ec7fd3c694147d48101c86ce934d0d29641a5212fa5f8f48c55ce33485cbc1af7db3ff2e06df22ab3a95c8e99d50552f21e725e

Download Submit
\Windows\system\sMsdzDO.exe

Filesize
6.0MB

MD5
3b553e88090919726439ac5d6c7ef1be

SHA1
ec991f506dd5be5e084879920b175e2755e57671

SHA256
f98d5a4b12316344343ff7027f75d104b2fea5b491ac95a4a1c3b512511bc71e

SHA512
ab5e1601121e5c2646ee9f36fe82b598809cabb0bc1b75c6713c6f79ad88a5b68278986cc81dab5a0c83efb3f95f5b679bed8b55411e371a0f29710895eb53b5

Download Submit
memory/388-2543-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/388-26-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1884-2542-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/1884-15-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2124-2540-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-28-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-2357-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-2541-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2308-14-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2656-2084-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2656-34-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2656-2031-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-24-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1998-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1935-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1573-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1568-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2656-0-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2656-2122-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2656-27-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-2409-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2656-2356-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-2170-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-2076-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2656-41-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-51-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-10-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1-0x0000000000100000-0x0000000000110000-memory.dmp

Filesize
64KB

Download
memory/2656-2203-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2712-2570-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2712-1993-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2744-2071-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-2571-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-2539-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2800-35-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2816-2030-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2816-2564-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2840-58-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-2545-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-1867-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-2561-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-1710-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2896-2567-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2948-2548-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-43-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-2553-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-1933-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/3016-2558-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download