cobaltstrike | 83a3e52e047ff379b0dab5283ac5eef8eec145d8d8b3e258ac2e0f18ddb511cc

Analysis

max time kernel
136s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08-12-2024 11:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

ca8de1beec3f1a0f17de816f241aff8a
SHA1

76c306ff9159139753c7c0dfe297e619bc65ffdd
SHA256

83a3e52e047ff379b0dab5283ac5eef8eec145d8d8b3e258ac2e0f18ddb511cc
SHA512

d3302a3f044b747681cb5dc1bd42f5c491598cc92dc68885ffcf248f9e5bc243df0b9f5a156d0047ed82f1f48b16563fb1c79876df37357e20eca06f082b80f7
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lU4:eOl56utgpPF8u/74

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120f9-6.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001707f-11.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174b4-12.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000175f1-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017570-21.dat	cobalt_reflective_dll
behavioral1/files/0x000f000000018683-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018697-42.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-47.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-62.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d0-92.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952b-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019520-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019518-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019510-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019508-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019502-137.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e1-132.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d5-127.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c3-122.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ad-116.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019428-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-107.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f9-102.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193dc-97.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-87.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939f-82.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-76.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019358-72.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-67.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019299-56.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001927a-52.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000175f7-32.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 56 IoCs

miner

resource	yara_rule
behavioral1/memory/1204-0-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/files/0x00080000000120f9-6.dat	xmrig
behavioral1/files/0x000900000001707f-11.dat	xmrig
behavioral1/files/0x00080000000174b4-12.dat	xmrig
behavioral1/files/0x00070000000175f1-22.dat	xmrig
behavioral1/files/0x0007000000017570-21.dat	xmrig
behavioral1/memory/1204-26-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/files/0x000f000000018683-36.dat	xmrig
behavioral1/files/0x0007000000018697-42.dat	xmrig
behavioral1/files/0x0005000000019274-47.dat	xmrig
behavioral1/files/0x00050000000192a1-62.dat	xmrig
behavioral1/files/0x00050000000193d0-92.dat	xmrig
behavioral1/memory/2492-1986-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2768-2210-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2784-2281-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/2628-2256-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2924-2162-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2716-2121-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2284-2079-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2484-2030-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/1204-2031-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/files/0x000500000001952b-162.dat	xmrig
behavioral1/files/0x0005000000019520-157.dat	xmrig
behavioral1/files/0x0005000000019518-152.dat	xmrig
behavioral1/files/0x0005000000019510-147.dat	xmrig
behavioral1/files/0x0005000000019508-142.dat	xmrig
behavioral1/files/0x0005000000019502-137.dat	xmrig
behavioral1/files/0x00050000000194e1-132.dat	xmrig
behavioral1/files/0x00050000000194d5-127.dat	xmrig
behavioral1/files/0x00050000000194c3-122.dat	xmrig
behavioral1/files/0x00050000000194ad-116.dat	xmrig
behavioral1/files/0x0005000000019428-112.dat	xmrig
behavioral1/files/0x0005000000019426-107.dat	xmrig
behavioral1/files/0x00050000000193f9-102.dat	xmrig
behavioral1/files/0x00050000000193dc-97.dat	xmrig
behavioral1/files/0x00050000000193cc-87.dat	xmrig
behavioral1/files/0x000500000001939f-82.dat	xmrig
behavioral1/files/0x000500000001938e-76.dat	xmrig
behavioral1/files/0x0005000000019358-72.dat	xmrig
behavioral1/files/0x0005000000019354-67.dat	xmrig
behavioral1/files/0x0005000000019299-56.dat	xmrig
behavioral1/files/0x000500000001927a-52.dat	xmrig
behavioral1/files/0x00070000000175f7-32.dat	xmrig
behavioral1/memory/1892-30-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/1204-2743-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/1204-2805-0x00000000023E0000-0x0000000002734000-memory.dmp	xmrig
behavioral1/memory/1204-2852-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2284-3140-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/1892-3139-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2492-3144-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2484-3165-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2924-3195-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2784-3199-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/2716-3198-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2628-3215-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2768-3200-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1892	eWqyXpf.exe
2492	EZpfJkq.exe
2484	MjFuOcY.exe
2284	KgmlDeO.exe
2716	CcUEtfz.exe
2924	gDvxAxb.exe
2768	fUFBIbj.exe
2628	XSJrCaO.exe
2784	GvJomKR.exe
2644	EUwFGnW.exe
2760	EPFrEci.exe
2624	iSFNPVF.exe
2688	mFjjtdM.exe
1860	lCHAhqr.exe
2144	GoWeezo.exe
2816	WfydaPc.exe
1040	ifItiRV.exe
1880	brRoFwY.exe
476	GeoNvSJ.exe
2952	yMAKVSe.exe
2960	PKdrZMB.exe
2988	rJWkKSe.exe
3016	jofRbox.exe
1188	iEzhlQA.exe
2248	KUGBvPZ.exe
592	knSsTQk.exe
2116	hucqsnq.exe
1408	ghZooWO.exe
1664	CRjZofG.exe
2072	iMbmJpU.exe
2396	sNFwMwC.exe
2800	QJYooXd.exe
2064	LMVOLLI.exe
740	xzWmrTg.exe
448	nCvUyOG.exe
912	mqyryJu.exe
2604	YbhIJPv.exe
1924	aKKrlBG.exe
1304	holFdcV.exe
2376	HvnJEGh.exe
1792	zKiIytI.exe
1608	InyMSPt.exe
1484	nqjnNFT.exe
2804	CiOWqIT.exe
1212	aAupEVa.exe
688	jLaDIBf.exe
948	KrtktoZ.exe
2240	GNuKfae.exe
2112	PDUvtyt.exe
1480	WDnlRQO.exe
2184	NGVWyDj.exe
976	CkGWkWl.exe
1000	faXTfsI.exe
2040	tddrhaI.exe
1744	BMQxoLZ.exe
1564	NheFlWC.exe
876	yEVrMnJ.exe
2160	SCBELjh.exe
1928	alnceGB.exe
2432	SjckIBv.exe
2708	ZoVZOcs.exe
2260	DJvaAnb.exe
2932	XNNwyku.exe
2872	PgJIadO.exe

Loads dropped DLL 64 IoCs

pid	Process
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 52 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1204-0-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/files/0x00080000000120f9-6.dat	upx
behavioral1/files/0x000900000001707f-11.dat	upx
behavioral1/files/0x00080000000174b4-12.dat	upx
behavioral1/files/0x00070000000175f1-22.dat	upx
behavioral1/files/0x0007000000017570-21.dat	upx
behavioral1/files/0x000f000000018683-36.dat	upx
behavioral1/files/0x0007000000018697-42.dat	upx
behavioral1/files/0x0005000000019274-47.dat	upx
behavioral1/files/0x00050000000192a1-62.dat	upx
behavioral1/files/0x00050000000193d0-92.dat	upx
behavioral1/memory/2492-1986-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2768-2210-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2784-2281-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2628-2256-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2924-2162-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2716-2121-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2284-2079-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2484-2030-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/files/0x000500000001952b-162.dat	upx
behavioral1/files/0x0005000000019520-157.dat	upx
behavioral1/files/0x0005000000019518-152.dat	upx
behavioral1/files/0x0005000000019510-147.dat	upx
behavioral1/files/0x0005000000019508-142.dat	upx
behavioral1/files/0x0005000000019502-137.dat	upx
behavioral1/files/0x00050000000194e1-132.dat	upx
behavioral1/files/0x00050000000194d5-127.dat	upx
behavioral1/files/0x00050000000194c3-122.dat	upx
behavioral1/files/0x00050000000194ad-116.dat	upx
behavioral1/files/0x0005000000019428-112.dat	upx
behavioral1/files/0x0005000000019426-107.dat	upx
behavioral1/files/0x00050000000193f9-102.dat	upx
behavioral1/files/0x00050000000193dc-97.dat	upx
behavioral1/files/0x00050000000193cc-87.dat	upx
behavioral1/files/0x000500000001939f-82.dat	upx
behavioral1/files/0x000500000001938e-76.dat	upx
behavioral1/files/0x0005000000019358-72.dat	upx
behavioral1/files/0x0005000000019354-67.dat	upx
behavioral1/files/0x0005000000019299-56.dat	upx
behavioral1/files/0x000500000001927a-52.dat	upx
behavioral1/files/0x00070000000175f7-32.dat	upx
behavioral1/memory/1892-30-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/1204-2743-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2284-3140-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/1892-3139-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2492-3144-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2484-3165-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2924-3195-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2784-3199-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2716-3198-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2628-3215-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2768-3200-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jLaDIBf.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZbcApou.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wBSYLOq.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vqXxniR.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sYxVEYA.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TDjyjRz.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TkzbXya.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\giicNqA.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zBTVMOm.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oBWuKLO.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\orslzDJ.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\miJhney.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FwuPtKj.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ftbRFag.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\StLlrbc.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UYLtAYP.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ufzxmci.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RJUpbfq.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bmnQpwX.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CaMNHJO.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TRlbrlh.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vtDIFdR.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fhxKBGS.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vLJGeJc.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zbYiIeJ.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TSaMlrI.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NqITgOa.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nuLhJLh.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eKwmxCG.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fADFQCB.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IssNoFO.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iMzUjws.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aSxxVMv.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WZJixaK.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DGYeynW.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oAPTCmi.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zPNFrfV.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\neWsYTx.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NqASdRq.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jdhQpeH.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\barGviD.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eWsOipc.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eUzKnjt.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FfymNih.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hmeadAZ.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cWfLdYC.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wwDIguE.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\avRJCXk.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vSrTVNT.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uoWGRmm.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TWQNgRb.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZcKPtDe.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HVJqmIJ.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DcdrHYI.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nVVljTe.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PRDEslz.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NnUzrCQ.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cwEnKnM.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EOXgkMM.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZlLrLbv.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SCBELjh.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mOGzHAz.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jBWcXnm.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PoNjLqH.exe	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 1892	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1204 wrote to memory of 1892	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1204 wrote to memory of 1892	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1204 wrote to memory of 2492	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1204 wrote to memory of 2492	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1204 wrote to memory of 2492	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1204 wrote to memory of 2484	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1204 wrote to memory of 2484	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1204 wrote to memory of 2484	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1204 wrote to memory of 2284	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1204 wrote to memory of 2284	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1204 wrote to memory of 2284	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1204 wrote to memory of 2716	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1204 wrote to memory of 2716	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1204 wrote to memory of 2716	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1204 wrote to memory of 2924	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1204 wrote to memory of 2924	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1204 wrote to memory of 2924	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1204 wrote to memory of 2768	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1204 wrote to memory of 2768	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1204 wrote to memory of 2768	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1204 wrote to memory of 2628	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1204 wrote to memory of 2628	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1204 wrote to memory of 2628	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1204 wrote to memory of 2784	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1204 wrote to memory of 2784	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1204 wrote to memory of 2784	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1204 wrote to memory of 2644	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1204 wrote to memory of 2644	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1204 wrote to memory of 2644	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1204 wrote to memory of 2760	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1204 wrote to memory of 2760	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1204 wrote to memory of 2760	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1204 wrote to memory of 2624	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1204 wrote to memory of 2624	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1204 wrote to memory of 2624	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1204 wrote to memory of 2688	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1204 wrote to memory of 2688	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1204 wrote to memory of 2688	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1204 wrote to memory of 1860	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1204 wrote to memory of 1860	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1204 wrote to memory of 1860	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1204 wrote to memory of 2144	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1204 wrote to memory of 2144	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1204 wrote to memory of 2144	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1204 wrote to memory of 2816	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1204 wrote to memory of 2816	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1204 wrote to memory of 2816	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1204 wrote to memory of 1040	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1204 wrote to memory of 1040	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1204 wrote to memory of 1040	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1204 wrote to memory of 1880	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1204 wrote to memory of 1880	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1204 wrote to memory of 1880	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1204 wrote to memory of 476	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1204 wrote to memory of 476	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1204 wrote to memory of 476	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1204 wrote to memory of 2952	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1204 wrote to memory of 2952	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1204 wrote to memory of 2952	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1204 wrote to memory of 2960	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1204 wrote to memory of 2960	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1204 wrote to memory of 2960	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1204 wrote to memory of 2988	1204	2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-08_ca8de1beec3f1a0f17de816f241aff8a_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Windows\System\eWqyXpf.exe
  C:\Windows\System\eWqyXpf.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\EZpfJkq.exe
  C:\Windows\System\EZpfJkq.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\MjFuOcY.exe
  C:\Windows\System\MjFuOcY.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\KgmlDeO.exe
  C:\Windows\System\KgmlDeO.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\CcUEtfz.exe
  C:\Windows\System\CcUEtfz.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\gDvxAxb.exe
  C:\Windows\System\gDvxAxb.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\fUFBIbj.exe
  C:\Windows\System\fUFBIbj.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\XSJrCaO.exe
  C:\Windows\System\XSJrCaO.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\GvJomKR.exe
  C:\Windows\System\GvJomKR.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\EUwFGnW.exe
  C:\Windows\System\EUwFGnW.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\EPFrEci.exe
  C:\Windows\System\EPFrEci.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\iSFNPVF.exe
  C:\Windows\System\iSFNPVF.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\mFjjtdM.exe
  C:\Windows\System\mFjjtdM.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\lCHAhqr.exe
  C:\Windows\System\lCHAhqr.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\GoWeezo.exe
  C:\Windows\System\GoWeezo.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\WfydaPc.exe
  C:\Windows\System\WfydaPc.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\ifItiRV.exe
  C:\Windows\System\ifItiRV.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\brRoFwY.exe
  C:\Windows\System\brRoFwY.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\GeoNvSJ.exe
  C:\Windows\System\GeoNvSJ.exe
  2⤵
  - Executes dropped EXE
  PID:476
- C:\Windows\System\yMAKVSe.exe
  C:\Windows\System\yMAKVSe.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\PKdrZMB.exe
  C:\Windows\System\PKdrZMB.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\rJWkKSe.exe
  C:\Windows\System\rJWkKSe.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\jofRbox.exe
  C:\Windows\System\jofRbox.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\iEzhlQA.exe
  C:\Windows\System\iEzhlQA.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\KUGBvPZ.exe
  C:\Windows\System\KUGBvPZ.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\knSsTQk.exe
  C:\Windows\System\knSsTQk.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\hucqsnq.exe
  C:\Windows\System\hucqsnq.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\ghZooWO.exe
  C:\Windows\System\ghZooWO.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\CRjZofG.exe
  C:\Windows\System\CRjZofG.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\iMbmJpU.exe
  C:\Windows\System\iMbmJpU.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\sNFwMwC.exe
  C:\Windows\System\sNFwMwC.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\QJYooXd.exe
  C:\Windows\System\QJYooXd.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\LMVOLLI.exe
  C:\Windows\System\LMVOLLI.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\xzWmrTg.exe
  C:\Windows\System\xzWmrTg.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\nCvUyOG.exe
  C:\Windows\System\nCvUyOG.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\mqyryJu.exe
  C:\Windows\System\mqyryJu.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\YbhIJPv.exe
  C:\Windows\System\YbhIJPv.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\aKKrlBG.exe
  C:\Windows\System\aKKrlBG.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\holFdcV.exe
  C:\Windows\System\holFdcV.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\HvnJEGh.exe
  C:\Windows\System\HvnJEGh.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\zKiIytI.exe
  C:\Windows\System\zKiIytI.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\InyMSPt.exe
  C:\Windows\System\InyMSPt.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\nqjnNFT.exe
  C:\Windows\System\nqjnNFT.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\CiOWqIT.exe
  C:\Windows\System\CiOWqIT.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\aAupEVa.exe
  C:\Windows\System\aAupEVa.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\jLaDIBf.exe
  C:\Windows\System\jLaDIBf.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\KrtktoZ.exe
  C:\Windows\System\KrtktoZ.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\GNuKfae.exe
  C:\Windows\System\GNuKfae.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\PDUvtyt.exe
  C:\Windows\System\PDUvtyt.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\WDnlRQO.exe
  C:\Windows\System\WDnlRQO.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\NGVWyDj.exe
  C:\Windows\System\NGVWyDj.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\CkGWkWl.exe
  C:\Windows\System\CkGWkWl.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\faXTfsI.exe
  C:\Windows\System\faXTfsI.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\tddrhaI.exe
  C:\Windows\System\tddrhaI.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\BMQxoLZ.exe
  C:\Windows\System\BMQxoLZ.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\NheFlWC.exe
  C:\Windows\System\NheFlWC.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\yEVrMnJ.exe
  C:\Windows\System\yEVrMnJ.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\SCBELjh.exe
  C:\Windows\System\SCBELjh.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\alnceGB.exe
  C:\Windows\System\alnceGB.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\SjckIBv.exe
  C:\Windows\System\SjckIBv.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\ZoVZOcs.exe
  C:\Windows\System\ZoVZOcs.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\DJvaAnb.exe
  C:\Windows\System\DJvaAnb.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\XNNwyku.exe
  C:\Windows\System\XNNwyku.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\PgJIadO.exe
  C:\Windows\System\PgJIadO.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\VCefTYT.exe
  C:\Windows\System\VCefTYT.exe
  2⤵
  PID:2756
- C:\Windows\System\wLrLLCS.exe
  C:\Windows\System\wLrLLCS.exe
  2⤵
  PID:3048
- C:\Windows\System\lFSPPdw.exe
  C:\Windows\System\lFSPPdw.exe
  2⤵
  PID:3028
- C:\Windows\System\GvdYEDY.exe
  C:\Windows\System\GvdYEDY.exe
  2⤵
  PID:2340
- C:\Windows\System\DxZYdzK.exe
  C:\Windows\System\DxZYdzK.exe
  2⤵
  PID:2680
- C:\Windows\System\NcTVVtq.exe
  C:\Windows\System\NcTVVtq.exe
  2⤵
  PID:2892
- C:\Windows\System\qDCdUff.exe
  C:\Windows\System\qDCdUff.exe
  2⤵
  PID:868
- C:\Windows\System\LSDClAh.exe
  C:\Windows\System\LSDClAh.exe
  2⤵
  PID:2944
- C:\Windows\System\GhyRqKi.exe
  C:\Windows\System\GhyRqKi.exe
  2⤵
  PID:2948
- C:\Windows\System\HrCEsBt.exe
  C:\Windows\System\HrCEsBt.exe
  2⤵
  PID:3040
- C:\Windows\System\cwZnbhf.exe
  C:\Windows\System\cwZnbhf.exe
  2⤵
  PID:2908
- C:\Windows\System\FxUfbqw.exe
  C:\Windows\System\FxUfbqw.exe
  2⤵
  PID:1580
- C:\Windows\System\szflVho.exe
  C:\Windows\System\szflVho.exe
  2⤵
  PID:2388
- C:\Windows\System\iJgwYaa.exe
  C:\Windows\System\iJgwYaa.exe
  2⤵
  PID:1416
- C:\Windows\System\jDRJInq.exe
  C:\Windows\System\jDRJInq.exe
  2⤵
  PID:2088
- C:\Windows\System\fozFtXd.exe
  C:\Windows\System\fozFtXd.exe
  2⤵
  PID:1692
- C:\Windows\System\TTUrdAP.exe
  C:\Windows\System\TTUrdAP.exe
  2⤵
  PID:1704
- C:\Windows\System\WhZSZDi.exe
  C:\Windows\System\WhZSZDi.exe
  2⤵
  PID:1072
- C:\Windows\System\tHdWYKX.exe
  C:\Windows\System\tHdWYKX.exe
  2⤵
  PID:2152
- C:\Windows\System\ZJRkoHE.exe
  C:\Windows\System\ZJRkoHE.exe
  2⤵
  PID:1796
- C:\Windows\System\GLPoOtA.exe
  C:\Windows\System\GLPoOtA.exe
  2⤵
  PID:1064
- C:\Windows\System\avRJCXk.exe
  C:\Windows\System\avRJCXk.exe
  2⤵
  PID:1476
- C:\Windows\System\YQhfVSD.exe
  C:\Windows\System\YQhfVSD.exe
  2⤵
  PID:1720
- C:\Windows\System\LlHSSnL.exe
  C:\Windows\System\LlHSSnL.exe
  2⤵
  PID:656
- C:\Windows\System\snTJbVB.exe
  C:\Windows\System\snTJbVB.exe
  2⤵
  PID:2576
- C:\Windows\System\xEUwcoc.exe
  C:\Windows\System\xEUwcoc.exe
  2⤵
  PID:1876
- C:\Windows\System\StLlrbc.exe
  C:\Windows\System\StLlrbc.exe
  2⤵
  PID:2236
- C:\Windows\System\qZIZBAz.exe
  C:\Windows\System\qZIZBAz.exe
  2⤵
  PID:536
- C:\Windows\System\AYhFsAj.exe
  C:\Windows\System\AYhFsAj.exe
  2⤵
  PID:2136
- C:\Windows\System\FQdFJHz.exe
  C:\Windows\System\FQdFJHz.exe
  2⤵
  PID:1592
- C:\Windows\System\ShnMuYz.exe
  C:\Windows\System\ShnMuYz.exe
  2⤵
  PID:2392
- C:\Windows\System\EGRlxfe.exe
  C:\Windows\System\EGRlxfe.exe
  2⤵
  PID:1532
- C:\Windows\System\vSrTVNT.exe
  C:\Windows\System\vSrTVNT.exe
  2⤵
  PID:1920
- C:\Windows\System\uEdcoak.exe
  C:\Windows\System\uEdcoak.exe
  2⤵
  PID:2860
- C:\Windows\System\OMqbFnN.exe
  C:\Windows\System\OMqbFnN.exe
  2⤵
  PID:2836
- C:\Windows\System\mHTrZuS.exe
  C:\Windows\System\mHTrZuS.exe
  2⤵
  PID:2828
- C:\Windows\System\giicNqA.exe
  C:\Windows\System\giicNqA.exe
  2⤵
  PID:2736
- C:\Windows\System\cayXTEY.exe
  C:\Windows\System\cayXTEY.exe
  2⤵
  PID:2900
- C:\Windows\System\ivxwiGI.exe
  C:\Windows\System\ivxwiGI.exe
  2⤵
  PID:2984
- C:\Windows\System\przxhgy.exe
  C:\Windows\System\przxhgy.exe
  2⤵
  PID:3000
- C:\Windows\System\qVhUdyB.exe
  C:\Windows\System\qVhUdyB.exe
  2⤵
  PID:1988
- C:\Windows\System\rUNBsDp.exe
  C:\Windows\System\rUNBsDp.exe
  2⤵
  PID:1996
- C:\Windows\System\npILZYJ.exe
  C:\Windows\System\npILZYJ.exe
  2⤵
  PID:2220
- C:\Windows\System\QxDHKuV.exe
  C:\Windows\System\QxDHKuV.exe
  2⤵
  PID:1784
- C:\Windows\System\aOYiUFm.exe
  C:\Windows\System\aOYiUFm.exe
  2⤵
  PID:1760
- C:\Windows\System\yHfuDTD.exe
  C:\Windows\System\yHfuDTD.exe
  2⤵
  PID:608
- C:\Windows\System\nZxRxbm.exe
  C:\Windows\System\nZxRxbm.exe
  2⤵
  PID:1596
- C:\Windows\System\cYGqWxR.exe
  C:\Windows\System\cYGqWxR.exe
  2⤵
  PID:2964
- C:\Windows\System\YNByCgt.exe
  C:\Windows\System\YNByCgt.exe
  2⤵
  PID:1708
- C:\Windows\System\ztlJdwe.exe
  C:\Windows\System\ztlJdwe.exe
  2⤵
  PID:2056
- C:\Windows\System\aOgZRnQ.exe
  C:\Windows\System\aOgZRnQ.exe
  2⤵
  PID:2232
- C:\Windows\System\RXAxVyt.exe
  C:\Windows\System\RXAxVyt.exe
  2⤵
  PID:2512
- C:\Windows\System\aoFggvd.exe
  C:\Windows\System\aoFggvd.exe
  2⤵
  PID:1656
- C:\Windows\System\YtVhDis.exe
  C:\Windows\System\YtVhDis.exe
  2⤵
  PID:2140
- C:\Windows\System\BkdfNyw.exe
  C:\Windows\System\BkdfNyw.exe
  2⤵
  PID:2812
- C:\Windows\System\vhlQAVs.exe
  C:\Windows\System\vhlQAVs.exe
  2⤵
  PID:3084
- C:\Windows\System\SFxuEdV.exe
  C:\Windows\System\SFxuEdV.exe
  2⤵
  PID:3108
- C:\Windows\System\iEWdMJm.exe
  C:\Windows\System\iEWdMJm.exe
  2⤵
  PID:3124
- C:\Windows\System\qluUZMs.exe
  C:\Windows\System\qluUZMs.exe
  2⤵
  PID:3148
- C:\Windows\System\PrKwVop.exe
  C:\Windows\System\PrKwVop.exe
  2⤵
  PID:3168
- C:\Windows\System\UmtUAKA.exe
  C:\Windows\System\UmtUAKA.exe
  2⤵
  PID:3188
- C:\Windows\System\NqITgOa.exe
  C:\Windows\System\NqITgOa.exe
  2⤵
  PID:3204
- C:\Windows\System\lHklpnw.exe
  C:\Windows\System\lHklpnw.exe
  2⤵
  PID:3228
- C:\Windows\System\nyCtDQx.exe
  C:\Windows\System\nyCtDQx.exe
  2⤵
  PID:3248
- C:\Windows\System\OOBEmhv.exe
  C:\Windows\System\OOBEmhv.exe
  2⤵
  PID:3264
- C:\Windows\System\DYpPjJJ.exe
  C:\Windows\System\DYpPjJJ.exe
  2⤵
  PID:3292
- C:\Windows\System\VnqEwaR.exe
  C:\Windows\System\VnqEwaR.exe
  2⤵
  PID:3308
- C:\Windows\System\fSvCgsO.exe
  C:\Windows\System\fSvCgsO.exe
  2⤵
  PID:3332
- C:\Windows\System\mRiMpAc.exe
  C:\Windows\System\mRiMpAc.exe
  2⤵
  PID:3352
- C:\Windows\System\cKEGRPe.exe
  C:\Windows\System\cKEGRPe.exe
  2⤵
  PID:3372
- C:\Windows\System\SudjEKa.exe
  C:\Windows\System\SudjEKa.exe
  2⤵
  PID:3388
- C:\Windows\System\vemElmt.exe
  C:\Windows\System\vemElmt.exe
  2⤵
  PID:3412
- C:\Windows\System\rpIgsYL.exe
  C:\Windows\System\rpIgsYL.exe
  2⤵
  PID:3428
- C:\Windows\System\uxhFKnd.exe
  C:\Windows\System\uxhFKnd.exe
  2⤵
  PID:3452
- C:\Windows\System\UoKzLPm.exe
  C:\Windows\System\UoKzLPm.exe
  2⤵
  PID:3472
- C:\Windows\System\mQsjSlO.exe
  C:\Windows\System\mQsjSlO.exe
  2⤵
  PID:3492
- C:\Windows\System\GBzbzCb.exe
  C:\Windows\System\GBzbzCb.exe
  2⤵
  PID:3512
- C:\Windows\System\QRsKOoq.exe
  C:\Windows\System\QRsKOoq.exe
  2⤵
  PID:3532
- C:\Windows\System\mfBaitY.exe
  C:\Windows\System\mfBaitY.exe
  2⤵
  PID:3552
- C:\Windows\System\YwTtVUl.exe
  C:\Windows\System\YwTtVUl.exe
  2⤵
  PID:3572
- C:\Windows\System\owbOweq.exe
  C:\Windows\System\owbOweq.exe
  2⤵
  PID:3592
- C:\Windows\System\pzpMHjB.exe
  C:\Windows\System\pzpMHjB.exe
  2⤵
  PID:3608
- C:\Windows\System\nvJnymT.exe
  C:\Windows\System\nvJnymT.exe
  2⤵
  PID:3628
- C:\Windows\System\hyMNWmC.exe
  C:\Windows\System\hyMNWmC.exe
  2⤵
  PID:3652
- C:\Windows\System\halloCC.exe
  C:\Windows\System\halloCC.exe
  2⤵
  PID:3672
- C:\Windows\System\thqAlaa.exe
  C:\Windows\System\thqAlaa.exe
  2⤵
  PID:3692
- C:\Windows\System\KMkbVzS.exe
  C:\Windows\System\KMkbVzS.exe
  2⤵
  PID:3712
- C:\Windows\System\ipnmsnk.exe
  C:\Windows\System\ipnmsnk.exe
  2⤵
  PID:3728
- C:\Windows\System\AwGCbxa.exe
  C:\Windows\System\AwGCbxa.exe
  2⤵
  PID:3744
- C:\Windows\System\YLdBpVP.exe
  C:\Windows\System\YLdBpVP.exe
  2⤵
  PID:3772
- C:\Windows\System\zunwKjt.exe
  C:\Windows\System\zunwKjt.exe
  2⤵
  PID:3788
- C:\Windows\System\dmRwJJw.exe
  C:\Windows\System\dmRwJJw.exe
  2⤵
  PID:3808
- C:\Windows\System\uSgFsmq.exe
  C:\Windows\System\uSgFsmq.exe
  2⤵
  PID:3828
- C:\Windows\System\pVBVkny.exe
  C:\Windows\System\pVBVkny.exe
  2⤵
  PID:3848
- C:\Windows\System\xVvbDWv.exe
  C:\Windows\System\xVvbDWv.exe
  2⤵
  PID:3868
- C:\Windows\System\LhbWCRu.exe
  C:\Windows\System\LhbWCRu.exe
  2⤵
  PID:3892
- C:\Windows\System\VhrihJx.exe
  C:\Windows\System\VhrihJx.exe
  2⤵
  PID:3908
- C:\Windows\System\johSehG.exe
  C:\Windows\System\johSehG.exe
  2⤵
  PID:3924
- C:\Windows\System\oFwaxcp.exe
  C:\Windows\System\oFwaxcp.exe
  2⤵
  PID:3944
- C:\Windows\System\rlhxPSq.exe
  C:\Windows\System\rlhxPSq.exe
  2⤵
  PID:3960
- C:\Windows\System\fTqoWVn.exe
  C:\Windows\System\fTqoWVn.exe
  2⤵
  PID:3980
- C:\Windows\System\HyxShiO.exe
  C:\Windows\System\HyxShiO.exe
  2⤵
  PID:4000
- C:\Windows\System\QbHohWY.exe
  C:\Windows\System\QbHohWY.exe
  2⤵
  PID:4028
- C:\Windows\System\qqfeTee.exe
  C:\Windows\System\qqfeTee.exe
  2⤵
  PID:4052
- C:\Windows\System\FpaWbuy.exe
  C:\Windows\System\FpaWbuy.exe
  2⤵
  PID:4072
- C:\Windows\System\lnPbfAH.exe
  C:\Windows\System\lnPbfAH.exe
  2⤵
  PID:4092
- C:\Windows\System\qiVXyhl.exe
  C:\Windows\System\qiVXyhl.exe
  2⤵
  PID:2292
- C:\Windows\System\XBbWduT.exe
  C:\Windows\System\XBbWduT.exe
  2⤵
  PID:2636
- C:\Windows\System\djOSUij.exe
  C:\Windows\System\djOSUij.exe
  2⤵
  PID:3032
- C:\Windows\System\XLOjpPn.exe
  C:\Windows\System\XLOjpPn.exe
  2⤵
  PID:1844
- C:\Windows\System\GjOKYwu.exe
  C:\Windows\System\GjOKYwu.exe
  2⤵
  PID:3012
- C:\Windows\System\IBnuXVu.exe
  C:\Windows\System\IBnuXVu.exe
  2⤵
  PID:1112
- C:\Windows\System\fYFqryq.exe
  C:\Windows\System\fYFqryq.exe
  2⤵
  PID:2092
- C:\Windows\System\sWjRFAt.exe
  C:\Windows\System\sWjRFAt.exe
  2⤵
  PID:1508
- C:\Windows\System\uOegyDc.exe
  C:\Windows\System\uOegyDc.exe
  2⤵
  PID:1748
- C:\Windows\System\iTQbNAi.exe
  C:\Windows\System\iTQbNAi.exe
  2⤵
  PID:2588
- C:\Windows\System\wpGUaaL.exe
  C:\Windows\System\wpGUaaL.exe
  2⤵
  PID:604
- C:\Windows\System\JGLpMwA.exe
  C:\Windows\System\JGLpMwA.exe
  2⤵
  PID:2336
- C:\Windows\System\ZdbJlAm.exe
  C:\Windows\System\ZdbJlAm.exe
  2⤵
  PID:3080
- C:\Windows\System\ssXitNo.exe
  C:\Windows\System\ssXitNo.exe
  2⤵
  PID:3116
- C:\Windows\System\URzCTfe.exe
  C:\Windows\System\URzCTfe.exe
  2⤵
  PID:3140
- C:\Windows\System\RJUpbfq.exe
  C:\Windows\System\RJUpbfq.exe
  2⤵
  PID:3176
- C:\Windows\System\uoWGRmm.exe
  C:\Windows\System\uoWGRmm.exe
  2⤵
  PID:3236
- C:\Windows\System\kEulNyO.exe
  C:\Windows\System\kEulNyO.exe
  2⤵
  PID:3272
- C:\Windows\System\vkpiLou.exe
  C:\Windows\System\vkpiLou.exe
  2⤵
  PID:3284
- C:\Windows\System\QHMybDB.exe
  C:\Windows\System\QHMybDB.exe
  2⤵
  PID:3328
- C:\Windows\System\dytJcVf.exe
  C:\Windows\System\dytJcVf.exe
  2⤵
  PID:3364
- C:\Windows\System\iyQSJEF.exe
  C:\Windows\System\iyQSJEF.exe
  2⤵
  PID:3380
- C:\Windows\System\QHuoElE.exe
  C:\Windows\System\QHuoElE.exe
  2⤵
  PID:3384
- C:\Windows\System\FjrvrtW.exe
  C:\Windows\System\FjrvrtW.exe
  2⤵
  PID:3424
- C:\Windows\System\BzXpnXh.exe
  C:\Windows\System\BzXpnXh.exe
  2⤵
  PID:3520
- C:\Windows\System\QSeckfY.exe
  C:\Windows\System\QSeckfY.exe
  2⤵
  PID:3564
- C:\Windows\System\NkXInBA.exe
  C:\Windows\System\NkXInBA.exe
  2⤵
  PID:3504
- C:\Windows\System\bpwlTkj.exe
  C:\Windows\System\bpwlTkj.exe
  2⤵
  PID:3600
- C:\Windows\System\PGOqnIW.exe
  C:\Windows\System\PGOqnIW.exe
  2⤵
  PID:3644
- C:\Windows\System\tfMimhY.exe
  C:\Windows\System\tfMimhY.exe
  2⤵
  PID:3624
- C:\Windows\System\NZJZKdc.exe
  C:\Windows\System\NZJZKdc.exe
  2⤵
  PID:3664
- C:\Windows\System\UxEbGiI.exe
  C:\Windows\System\UxEbGiI.exe
  2⤵
  PID:3756
- C:\Windows\System\SKjroRr.exe
  C:\Windows\System\SKjroRr.exe
  2⤵
  PID:3700
- C:\Windows\System\YJbhZWs.exe
  C:\Windows\System\YJbhZWs.exe
  2⤵
  PID:3804
- C:\Windows\System\XZzBerX.exe
  C:\Windows\System\XZzBerX.exe
  2⤵
  PID:3840
- C:\Windows\System\nZahcOy.exe
  C:\Windows\System\nZahcOy.exe
  2⤵
  PID:3824
- C:\Windows\System\lcwRGtz.exe
  C:\Windows\System\lcwRGtz.exe
  2⤵
  PID:3916
- C:\Windows\System\TGwxXiw.exe
  C:\Windows\System\TGwxXiw.exe
  2⤵
  PID:3956
- C:\Windows\System\klHfWPQ.exe
  C:\Windows\System\klHfWPQ.exe
  2⤵
  PID:3996
- C:\Windows\System\DaZNakK.exe
  C:\Windows\System\DaZNakK.exe
  2⤵
  PID:3900
- C:\Windows\System\lGePRfl.exe
  C:\Windows\System\lGePRfl.exe
  2⤵
  PID:4012
- C:\Windows\System\KkpPowk.exe
  C:\Windows\System\KkpPowk.exe
  2⤵
  PID:4024
- C:\Windows\System\eUzKnjt.exe
  C:\Windows\System\eUzKnjt.exe
  2⤵
  PID:4064
- C:\Windows\System\uMlsoEl.exe
  C:\Windows\System\uMlsoEl.exe
  2⤵
  PID:1752
- C:\Windows\System\iZSxhmF.exe
  C:\Windows\System\iZSxhmF.exe
  2⤵
  PID:2692
- C:\Windows\System\sPEqvnv.exe
  C:\Windows\System\sPEqvnv.exe
  2⤵
  PID:1568
- C:\Windows\System\YRXeVka.exe
  C:\Windows\System\YRXeVka.exe
  2⤵
  PID:900
- C:\Windows\System\rhjZkif.exe
  C:\Windows\System\rhjZkif.exe
  2⤵
  PID:2460
- C:\Windows\System\KeHHDrQ.exe
  C:\Windows\System\KeHHDrQ.exe
  2⤵
  PID:744
- C:\Windows\System\ZbcApou.exe
  C:\Windows\System\ZbcApou.exe
  2⤵
  PID:872
- C:\Windows\System\iHSRVMb.exe
  C:\Windows\System\iHSRVMb.exe
  2⤵
  PID:2076
- C:\Windows\System\WLMLPak.exe
  C:\Windows\System\WLMLPak.exe
  2⤵
  PID:3196
- C:\Windows\System\yFdvgQg.exe
  C:\Windows\System\yFdvgQg.exe
  2⤵
  PID:3216
- C:\Windows\System\mrtmsHr.exe
  C:\Windows\System\mrtmsHr.exe
  2⤵
  PID:3224
- C:\Windows\System\TxlyNhk.exe
  C:\Windows\System\TxlyNhk.exe
  2⤵
  PID:3280
- C:\Windows\System\WelkSdC.exe
  C:\Windows\System\WelkSdC.exe
  2⤵
  PID:3348
- C:\Windows\System\pYXgzuA.exe
  C:\Windows\System\pYXgzuA.exe
  2⤵
  PID:3400
- C:\Windows\System\OLicYgS.exe
  C:\Windows\System\OLicYgS.exe
  2⤵
  PID:3524
- C:\Windows\System\xbArIFQ.exe
  C:\Windows\System\xbArIFQ.exe
  2⤵
  PID:3464
- C:\Windows\System\cnptlyY.exe
  C:\Windows\System\cnptlyY.exe
  2⤵
  PID:3548
- C:\Windows\System\YXzSblQ.exe
  C:\Windows\System\YXzSblQ.exe
  2⤵
  PID:3620
- C:\Windows\System\ufMWbar.exe
  C:\Windows\System\ufMWbar.exe
  2⤵
  PID:3720
- C:\Windows\System\qtOKlpw.exe
  C:\Windows\System\qtOKlpw.exe
  2⤵
  PID:3796
- C:\Windows\System\CgSsvdX.exe
  C:\Windows\System\CgSsvdX.exe
  2⤵
  PID:3880
- C:\Windows\System\giuHsJr.exe
  C:\Windows\System\giuHsJr.exe
  2⤵
  PID:3856
- C:\Windows\System\zGwvnRa.exe
  C:\Windows\System\zGwvnRa.exe
  2⤵
  PID:3920
- C:\Windows\System\wWZxiIn.exe
  C:\Windows\System\wWZxiIn.exe
  2⤵
  PID:3904
- C:\Windows\System\AcLFaFn.exe
  C:\Windows\System\AcLFaFn.exe
  2⤵
  PID:3932
- C:\Windows\System\uqqimAz.exe
  C:\Windows\System\uqqimAz.exe
  2⤵
  PID:4084
- C:\Windows\System\zIPFNJl.exe
  C:\Windows\System\zIPFNJl.exe
  2⤵
  PID:1404
- C:\Windows\System\fQejama.exe
  C:\Windows\System\fQejama.exe
  2⤵
  PID:2424
- C:\Windows\System\XBNQuZt.exe
  C:\Windows\System\XBNQuZt.exe
  2⤵
  PID:1464
- C:\Windows\System\JcBSEIF.exe
  C:\Windows\System\JcBSEIF.exe
  2⤵
  PID:2528
- C:\Windows\System\wzaqbVm.exe
  C:\Windows\System\wzaqbVm.exe
  2⤵
  PID:1528
- C:\Windows\System\hchZyCE.exe
  C:\Windows\System\hchZyCE.exe
  2⤵
  PID:3132
- C:\Windows\System\uzzmpBw.exe
  C:\Windows\System\uzzmpBw.exe
  2⤵
  PID:3316
- C:\Windows\System\fCMOkoN.exe
  C:\Windows\System\fCMOkoN.exe
  2⤵
  PID:3304
- C:\Windows\System\MKBQLFa.exe
  C:\Windows\System\MKBQLFa.exe
  2⤵
  PID:3408
- C:\Windows\System\HTDcxTS.exe
  C:\Windows\System\HTDcxTS.exe
  2⤵
  PID:3580
- C:\Windows\System\zoqBGLf.exe
  C:\Windows\System\zoqBGLf.exe
  2⤵
  PID:3588
- C:\Windows\System\BJilCRW.exe
  C:\Windows\System\BJilCRW.exe
  2⤵
  PID:3740
- C:\Windows\System\PqxQMnk.exe
  C:\Windows\System\PqxQMnk.exe
  2⤵
  PID:3784
- C:\Windows\System\iAqHnvm.exe
  C:\Windows\System\iAqHnvm.exe
  2⤵
  PID:3976
- C:\Windows\System\kZKbsjg.exe
  C:\Windows\System\kZKbsjg.exe
  2⤵
  PID:4008
- C:\Windows\System\fRAZeel.exe
  C:\Windows\System\fRAZeel.exe
  2⤵
  PID:2620
- C:\Windows\System\kueaMYs.exe
  C:\Windows\System\kueaMYs.exe
  2⤵
  PID:1684
- C:\Windows\System\bplJpcg.exe
  C:\Windows\System\bplJpcg.exe
  2⤵
  PID:4108
- C:\Windows\System\CZlSdVV.exe
  C:\Windows\System\CZlSdVV.exe
  2⤵
  PID:4128
- C:\Windows\System\YVQdHCL.exe
  C:\Windows\System\YVQdHCL.exe
  2⤵
  PID:4148
- C:\Windows\System\bfcVWZe.exe
  C:\Windows\System\bfcVWZe.exe
  2⤵
  PID:4168
- C:\Windows\System\LlYHabm.exe
  C:\Windows\System\LlYHabm.exe
  2⤵
  PID:4188
- C:\Windows\System\osNaBgH.exe
  C:\Windows\System\osNaBgH.exe
  2⤵
  PID:4208
- C:\Windows\System\teCrFcK.exe
  C:\Windows\System\teCrFcK.exe
  2⤵
  PID:4228
- C:\Windows\System\HADYLZk.exe
  C:\Windows\System\HADYLZk.exe
  2⤵
  PID:4248
- C:\Windows\System\MZzQzRh.exe
  C:\Windows\System\MZzQzRh.exe
  2⤵
  PID:4268
- C:\Windows\System\pYvTWNd.exe
  C:\Windows\System\pYvTWNd.exe
  2⤵
  PID:4288
- C:\Windows\System\wPAiLQi.exe
  C:\Windows\System\wPAiLQi.exe
  2⤵
  PID:4308
- C:\Windows\System\XGQcDfH.exe
  C:\Windows\System\XGQcDfH.exe
  2⤵
  PID:4328
- C:\Windows\System\zUvLWpW.exe
  C:\Windows\System\zUvLWpW.exe
  2⤵
  PID:4348
- C:\Windows\System\rCDGsFW.exe
  C:\Windows\System\rCDGsFW.exe
  2⤵
  PID:4368
- C:\Windows\System\lpNtSdZ.exe
  C:\Windows\System\lpNtSdZ.exe
  2⤵
  PID:4388
- C:\Windows\System\urZwdhw.exe
  C:\Windows\System\urZwdhw.exe
  2⤵
  PID:4408
- C:\Windows\System\UbGmPyX.exe
  C:\Windows\System\UbGmPyX.exe
  2⤵
  PID:4428
- C:\Windows\System\kZNSGJG.exe
  C:\Windows\System\kZNSGJG.exe
  2⤵
  PID:4448
- C:\Windows\System\tTzDGwe.exe
  C:\Windows\System\tTzDGwe.exe
  2⤵
  PID:4468
- C:\Windows\System\MnIbkwi.exe
  C:\Windows\System\MnIbkwi.exe
  2⤵
  PID:4488
- C:\Windows\System\HJpSTOH.exe
  C:\Windows\System\HJpSTOH.exe
  2⤵
  PID:4508
- C:\Windows\System\YfuqCYb.exe
  C:\Windows\System\YfuqCYb.exe
  2⤵
  PID:4528
- C:\Windows\System\SvKEQgg.exe
  C:\Windows\System\SvKEQgg.exe
  2⤵
  PID:4548
- C:\Windows\System\eoYCPYI.exe
  C:\Windows\System\eoYCPYI.exe
  2⤵
  PID:4568
- C:\Windows\System\GfannRG.exe
  C:\Windows\System\GfannRG.exe
  2⤵
  PID:4588
- C:\Windows\System\UaxFUXa.exe
  C:\Windows\System\UaxFUXa.exe
  2⤵
  PID:4608
- C:\Windows\System\Vdzxkgs.exe
  C:\Windows\System\Vdzxkgs.exe
  2⤵
  PID:4628
- C:\Windows\System\uRVtLqL.exe
  C:\Windows\System\uRVtLqL.exe
  2⤵
  PID:4648
- C:\Windows\System\qqYwoby.exe
  C:\Windows\System\qqYwoby.exe
  2⤵
  PID:4668
- C:\Windows\System\lplmkXY.exe
  C:\Windows\System\lplmkXY.exe
  2⤵
  PID:4688
- C:\Windows\System\svpEjIU.exe
  C:\Windows\System\svpEjIU.exe
  2⤵
  PID:4708
- C:\Windows\System\cnPawxj.exe
  C:\Windows\System\cnPawxj.exe
  2⤵
  PID:4728
- C:\Windows\System\qdFUkbS.exe
  C:\Windows\System\qdFUkbS.exe
  2⤵
  PID:4748
- C:\Windows\System\dnpJidw.exe
  C:\Windows\System\dnpJidw.exe
  2⤵
  PID:4768
- C:\Windows\System\xaqKtNV.exe
  C:\Windows\System\xaqKtNV.exe
  2⤵
  PID:4788
- C:\Windows\System\VSVtwxH.exe
  C:\Windows\System\VSVtwxH.exe
  2⤵
  PID:4808
- C:\Windows\System\iZZuINj.exe
  C:\Windows\System\iZZuINj.exe
  2⤵
  PID:4828
- C:\Windows\System\dFQnEtn.exe
  C:\Windows\System\dFQnEtn.exe
  2⤵
  PID:4848
- C:\Windows\System\AAyGBOw.exe
  C:\Windows\System\AAyGBOw.exe
  2⤵
  PID:4868
- C:\Windows\System\pioZvqP.exe
  C:\Windows\System\pioZvqP.exe
  2⤵
  PID:4888
- C:\Windows\System\kKUbFSN.exe
  C:\Windows\System\kKUbFSN.exe
  2⤵
  PID:4908
- C:\Windows\System\LENRYbB.exe
  C:\Windows\System\LENRYbB.exe
  2⤵
  PID:4928
- C:\Windows\System\GkjCHnc.exe
  C:\Windows\System\GkjCHnc.exe
  2⤵
  PID:4948
- C:\Windows\System\RnslgzY.exe
  C:\Windows\System\RnslgzY.exe
  2⤵
  PID:4968
- C:\Windows\System\ZJvppul.exe
  C:\Windows\System\ZJvppul.exe
  2⤵
  PID:4988
- C:\Windows\System\PZGteKD.exe
  C:\Windows\System\PZGteKD.exe
  2⤵
  PID:5008
- C:\Windows\System\PZgTnrn.exe
  C:\Windows\System\PZgTnrn.exe
  2⤵
  PID:5028
- C:\Windows\System\duAwDGn.exe
  C:\Windows\System\duAwDGn.exe
  2⤵
  PID:5048
- C:\Windows\System\Xkmudsn.exe
  C:\Windows\System\Xkmudsn.exe
  2⤵
  PID:5068
- C:\Windows\System\qzLjNXs.exe
  C:\Windows\System\qzLjNXs.exe
  2⤵
  PID:5088
- C:\Windows\System\LgkAPiU.exe
  C:\Windows\System\LgkAPiU.exe
  2⤵
  PID:5108
- C:\Windows\System\LcGSxpC.exe
  C:\Windows\System\LcGSxpC.exe
  2⤵
  PID:2440
- C:\Windows\System\JmjFGDW.exe
  C:\Windows\System\JmjFGDW.exe
  2⤵
  PID:3136
- C:\Windows\System\thxoEBZ.exe
  C:\Windows\System\thxoEBZ.exe
  2⤵
  PID:3420
- C:\Windows\System\yQLcXsI.exe
  C:\Windows\System\yQLcXsI.exe
  2⤵
  PID:3480
- C:\Windows\System\fGkBJSG.exe
  C:\Windows\System\fGkBJSG.exe
  2⤵
  PID:3640
- C:\Windows\System\wBSYLOq.exe
  C:\Windows\System\wBSYLOq.exe
  2⤵
  PID:3724
- C:\Windows\System\YmwFDzb.exe
  C:\Windows\System\YmwFDzb.exe
  2⤵
  PID:3936
- C:\Windows\System\vWCHhtI.exe
  C:\Windows\System\vWCHhtI.exe
  2⤵
  PID:2204
- C:\Windows\System\XdVweyx.exe
  C:\Windows\System\XdVweyx.exe
  2⤵
  PID:2008
- C:\Windows\System\bzSYMGQ.exe
  C:\Windows\System\bzSYMGQ.exe
  2⤵
  PID:4120
- C:\Windows\System\ZLRVFmn.exe
  C:\Windows\System\ZLRVFmn.exe
  2⤵
  PID:4164
- C:\Windows\System\dwRQHZw.exe
  C:\Windows\System\dwRQHZw.exe
  2⤵
  PID:4196
- C:\Windows\System\RQAmMld.exe
  C:\Windows\System\RQAmMld.exe
  2⤵
  PID:4220
- C:\Windows\System\fcjwOxN.exe
  C:\Windows\System\fcjwOxN.exe
  2⤵
  PID:4264
- C:\Windows\System\zBTVMOm.exe
  C:\Windows\System\zBTVMOm.exe
  2⤵
  PID:4296
- C:\Windows\System\ByFhFAL.exe
  C:\Windows\System\ByFhFAL.exe
  2⤵
  PID:4320
- C:\Windows\System\nwgKkxU.exe
  C:\Windows\System\nwgKkxU.exe
  2⤵
  PID:4344
- C:\Windows\System\QZxeCav.exe
  C:\Windows\System\QZxeCav.exe
  2⤵
  PID:4396
- C:\Windows\System\yAVoiiv.exe
  C:\Windows\System\yAVoiiv.exe
  2⤵
  PID:4420
- C:\Windows\System\oTbtHnm.exe
  C:\Windows\System\oTbtHnm.exe
  2⤵
  PID:4464
- C:\Windows\System\oGxqfxn.exe
  C:\Windows\System\oGxqfxn.exe
  2⤵
  PID:4496
- C:\Windows\System\RnIsvDn.exe
  C:\Windows\System\RnIsvDn.exe
  2⤵
  PID:4520
- C:\Windows\System\FNGIsVR.exe
  C:\Windows\System\FNGIsVR.exe
  2⤵
  PID:4564
- C:\Windows\System\hrVpLwo.exe
  C:\Windows\System\hrVpLwo.exe
  2⤵
  PID:4596
- C:\Windows\System\OnCRYqS.exe
  C:\Windows\System\OnCRYqS.exe
  2⤵
  PID:4636
- C:\Windows\System\aFgocwf.exe
  C:\Windows\System\aFgocwf.exe
  2⤵
  PID:4664
- C:\Windows\System\UkpJYoa.exe
  C:\Windows\System\UkpJYoa.exe
  2⤵
  PID:4696
- C:\Windows\System\PTQvJHA.exe
  C:\Windows\System\PTQvJHA.exe
  2⤵
  PID:4720
- C:\Windows\System\oKiKwYK.exe
  C:\Windows\System\oKiKwYK.exe
  2⤵
  PID:4764
- C:\Windows\System\JevqvEe.exe
  C:\Windows\System\JevqvEe.exe
  2⤵
  PID:4804
- C:\Windows\System\MWVLvDI.exe
  C:\Windows\System\MWVLvDI.exe
  2⤵
  PID:4820
- C:\Windows\System\NnUzrCQ.exe
  C:\Windows\System\NnUzrCQ.exe
  2⤵
  PID:4864
- C:\Windows\System\bbVsrXB.exe
  C:\Windows\System\bbVsrXB.exe
  2⤵
  PID:4896
- C:\Windows\System\SwPiMpH.exe
  C:\Windows\System\SwPiMpH.exe
  2⤵
  PID:4920
- C:\Windows\System\zPNFrfV.exe
  C:\Windows\System\zPNFrfV.exe
  2⤵
  PID:4964
- C:\Windows\System\zFsZGkr.exe
  C:\Windows\System\zFsZGkr.exe
  2⤵
  PID:4980
- C:\Windows\System\iYBKdVo.exe
  C:\Windows\System\iYBKdVo.exe
  2⤵
  PID:5036
- C:\Windows\System\hxnFwtH.exe
  C:\Windows\System\hxnFwtH.exe
  2⤵
  PID:5076
- C:\Windows\System\pFnFlFf.exe
  C:\Windows\System\pFnFlFf.exe
  2⤵
  PID:5096
- C:\Windows\System\mzLfPqr.exe
  C:\Windows\System\mzLfPqr.exe
  2⤵
  PID:1936
- C:\Windows\System\UwgFVvl.exe
  C:\Windows\System\UwgFVvl.exe
  2⤵
  PID:3244
- C:\Windows\System\JQXrDHj.exe
  C:\Windows\System\JQXrDHj.exe
  2⤵
  PID:3344
- C:\Windows\System\YkbvUYT.exe
  C:\Windows\System\YkbvUYT.exe
  2⤵
  PID:3736
- C:\Windows\System\qlkECOx.exe
  C:\Windows\System\qlkECOx.exe
  2⤵
  PID:4060
- C:\Windows\System\wuRStMJ.exe
  C:\Windows\System\wuRStMJ.exe
  2⤵
  PID:4100
- C:\Windows\System\fVHcODF.exe
  C:\Windows\System\fVHcODF.exe
  2⤵
  PID:4140
- C:\Windows\System\HbKBTOs.exe
  C:\Windows\System\HbKBTOs.exe
  2⤵
  PID:4224
- C:\Windows\System\MfpwlUQ.exe
  C:\Windows\System\MfpwlUQ.exe
  2⤵
  PID:4240
- C:\Windows\System\iVOUfBv.exe
  C:\Windows\System\iVOUfBv.exe
  2⤵
  PID:4316
- C:\Windows\System\zvqNsSl.exe
  C:\Windows\System\zvqNsSl.exe
  2⤵
  PID:4380
- C:\Windows\System\LjpmnXh.exe
  C:\Windows\System\LjpmnXh.exe
  2⤵
  PID:4444
- C:\Windows\System\edKfWCE.exe
  C:\Windows\System\edKfWCE.exe
  2⤵
  PID:4480
- C:\Windows\System\nsVNZCB.exe
  C:\Windows\System\nsVNZCB.exe
  2⤵
  PID:4556
- C:\Windows\System\LLkydJn.exe
  C:\Windows\System\LLkydJn.exe
  2⤵
  PID:4600
- C:\Windows\System\afAxjRh.exe
  C:\Windows\System\afAxjRh.exe
  2⤵
  PID:4640
- C:\Windows\System\elQlnFW.exe
  C:\Windows\System\elQlnFW.exe
  2⤵
  PID:4724
- C:\Windows\System\zxOUtvD.exe
  C:\Windows\System\zxOUtvD.exe
  2⤵
  PID:4776
- C:\Windows\System\KtmcIdI.exe
  C:\Windows\System\KtmcIdI.exe
  2⤵
  PID:4816
- C:\Windows\System\TTnSxej.exe
  C:\Windows\System\TTnSxej.exe
  2⤵
  PID:4840
- C:\Windows\System\BqkCXEI.exe
  C:\Windows\System\BqkCXEI.exe
  2⤵
  PID:4916
- C:\Windows\System\vnxjcPO.exe
  C:\Windows\System\vnxjcPO.exe
  2⤵
  PID:5000
- C:\Windows\System\ZBsfPuM.exe
  C:\Windows\System\ZBsfPuM.exe
  2⤵
  PID:5056
- C:\Windows\System\znyOBpJ.exe
  C:\Windows\System\znyOBpJ.exe
  2⤵
  PID:5104
- C:\Windows\System\ULbNXMy.exe
  C:\Windows\System\ULbNXMy.exe
  2⤵
  PID:3100
- C:\Windows\System\qupoSfP.exe
  C:\Windows\System\qupoSfP.exe
  2⤵
  PID:3488
- C:\Windows\System\kntwMkn.exe
  C:\Windows\System\kntwMkn.exe
  2⤵
  PID:2824
- C:\Windows\System\ozuFKPt.exe
  C:\Windows\System\ozuFKPt.exe
  2⤵
  PID:4200
- C:\Windows\System\qWUToRT.exe
  C:\Windows\System\qWUToRT.exe
  2⤵
  PID:5136
- C:\Windows\System\pBTnBUt.exe
  C:\Windows\System\pBTnBUt.exe
  2⤵
  PID:5156
- C:\Windows\System\ZYSyLfj.exe
  C:\Windows\System\ZYSyLfj.exe
  2⤵
  PID:5176
- C:\Windows\System\AbmoAzN.exe
  C:\Windows\System\AbmoAzN.exe
  2⤵
  PID:5196
- C:\Windows\System\FwzRYlY.exe
  C:\Windows\System\FwzRYlY.exe
  2⤵
  PID:5216
- C:\Windows\System\bYHmLsD.exe
  C:\Windows\System\bYHmLsD.exe
  2⤵
  PID:5236
- C:\Windows\System\rgvNSac.exe
  C:\Windows\System\rgvNSac.exe
  2⤵
  PID:5256
- C:\Windows\System\nbDdRQW.exe
  C:\Windows\System\nbDdRQW.exe
  2⤵
  PID:5276
- C:\Windows\System\cVZcLLr.exe
  C:\Windows\System\cVZcLLr.exe
  2⤵
  PID:5296
- C:\Windows\System\pEelGDI.exe
  C:\Windows\System\pEelGDI.exe
  2⤵
  PID:5316
- C:\Windows\System\MXyoltO.exe
  C:\Windows\System\MXyoltO.exe
  2⤵
  PID:5336
- C:\Windows\System\aoJvIvq.exe
  C:\Windows\System\aoJvIvq.exe
  2⤵
  PID:5356
- C:\Windows\System\mWqAnIx.exe
  C:\Windows\System\mWqAnIx.exe
  2⤵
  PID:5384
- C:\Windows\System\xGWGBoH.exe
  C:\Windows\System\xGWGBoH.exe
  2⤵
  PID:5404
- C:\Windows\System\AXbAPaJ.exe
  C:\Windows\System\AXbAPaJ.exe
  2⤵
  PID:5428
- C:\Windows\System\NZTkzvs.exe
  C:\Windows\System\NZTkzvs.exe
  2⤵
  PID:5448
- C:\Windows\System\ABChPcS.exe
  C:\Windows\System\ABChPcS.exe
  2⤵
  PID:5468
- C:\Windows\System\QIUHzeE.exe
  C:\Windows\System\QIUHzeE.exe
  2⤵
  PID:5488
- C:\Windows\System\KYLyick.exe
  C:\Windows\System\KYLyick.exe
  2⤵
  PID:5508
- C:\Windows\System\MqBwPKO.exe
  C:\Windows\System\MqBwPKO.exe
  2⤵
  PID:5532
- C:\Windows\System\lefAbkb.exe
  C:\Windows\System\lefAbkb.exe
  2⤵
  PID:5556
- C:\Windows\System\IZLPcfY.exe
  C:\Windows\System\IZLPcfY.exe
  2⤵
  PID:5580
- C:\Windows\System\sVMQava.exe
  C:\Windows\System\sVMQava.exe
  2⤵
  PID:5600
- C:\Windows\System\nSFZvpG.exe
  C:\Windows\System\nSFZvpG.exe
  2⤵
  PID:5620
- C:\Windows\System\ytpLXvn.exe
  C:\Windows\System\ytpLXvn.exe
  2⤵
  PID:5640
- C:\Windows\System\dRXxRPT.exe
  C:\Windows\System\dRXxRPT.exe
  2⤵
  PID:5660
- C:\Windows\System\LNCjLNd.exe
  C:\Windows\System\LNCjLNd.exe
  2⤵
  PID:5680
- C:\Windows\System\YOVAiGA.exe
  C:\Windows\System\YOVAiGA.exe
  2⤵
  PID:5708
- C:\Windows\System\vthmyxF.exe
  C:\Windows\System\vthmyxF.exe
  2⤵
  PID:5728
- C:\Windows\System\cPVnGRD.exe
  C:\Windows\System\cPVnGRD.exe
  2⤵
  PID:5748
- C:\Windows\System\hnBtmYJ.exe
  C:\Windows\System\hnBtmYJ.exe
  2⤵
  PID:5768
- C:\Windows\System\YErHnpM.exe
  C:\Windows\System\YErHnpM.exe
  2⤵
  PID:5788
- C:\Windows\System\uQUbTTq.exe
  C:\Windows\System\uQUbTTq.exe
  2⤵
  PID:5808
- C:\Windows\System\eiShPLl.exe
  C:\Windows\System\eiShPLl.exe
  2⤵
  PID:5828
- C:\Windows\System\UYLtAYP.exe
  C:\Windows\System\UYLtAYP.exe
  2⤵
  PID:5848
- C:\Windows\System\BHFowwp.exe
  C:\Windows\System\BHFowwp.exe
  2⤵
  PID:5868
- C:\Windows\System\bXwUftQ.exe
  C:\Windows\System\bXwUftQ.exe
  2⤵
  PID:5888
- C:\Windows\System\AbKldqX.exe
  C:\Windows\System\AbKldqX.exe
  2⤵
  PID:5908
- C:\Windows\System\Lddickj.exe
  C:\Windows\System\Lddickj.exe
  2⤵
  PID:5928
- C:\Windows\System\ZTkygWy.exe
  C:\Windows\System\ZTkygWy.exe
  2⤵
  PID:5952
- C:\Windows\System\GkEVgYS.exe
  C:\Windows\System\GkEVgYS.exe
  2⤵
  PID:5972
- C:\Windows\System\UgnBLUl.exe
  C:\Windows\System\UgnBLUl.exe
  2⤵
  PID:5996
- C:\Windows\System\VfQVzHs.exe
  C:\Windows\System\VfQVzHs.exe
  2⤵
  PID:6016
- C:\Windows\System\YNKmmkD.exe
  C:\Windows\System\YNKmmkD.exe
  2⤵
  PID:6036
- C:\Windows\System\TegdGoB.exe
  C:\Windows\System\TegdGoB.exe
  2⤵
  PID:6056
- C:\Windows\System\EKNopjs.exe
  C:\Windows\System\EKNopjs.exe
  2⤵
  PID:6076
- C:\Windows\System\vCzzScU.exe
  C:\Windows\System\vCzzScU.exe
  2⤵
  PID:6096
- C:\Windows\System\rOwKhTw.exe
  C:\Windows\System\rOwKhTw.exe
  2⤵
  PID:6116
- C:\Windows\System\dXxyaRo.exe
  C:\Windows\System\dXxyaRo.exe
  2⤵
  PID:6136
- C:\Windows\System\FdugwPF.exe
  C:\Windows\System\FdugwPF.exe
  2⤵
  PID:4284
- C:\Windows\System\zWKzwUg.exe
  C:\Windows\System\zWKzwUg.exe
  2⤵
  PID:4376
- C:\Windows\System\xZTtGID.exe
  C:\Windows\System\xZTtGID.exe
  2⤵
  PID:4456
- C:\Windows\System\CRhnYLX.exe
  C:\Windows\System\CRhnYLX.exe
  2⤵
  PID:4576
- C:\Windows\System\DIOesiq.exe
  C:\Windows\System\DIOesiq.exe
  2⤵
  PID:4620
- C:\Windows\System\ZEgOFVC.exe
  C:\Windows\System\ZEgOFVC.exe
  2⤵
  PID:4744
- C:\Windows\System\EWPVgQc.exe
  C:\Windows\System\EWPVgQc.exe
  2⤵
  PID:4784
- C:\Windows\System\wCWaDUd.exe
  C:\Windows\System\wCWaDUd.exe
  2⤵
  PID:4944
- C:\Windows\System\EzCVVRw.exe
  C:\Windows\System\EzCVVRw.exe
  2⤵
  PID:4984
- C:\Windows\System\sycKTZt.exe
  C:\Windows\System\sycKTZt.exe
  2⤵
  PID:5080
- C:\Windows\System\gSIIGsk.exe
  C:\Windows\System\gSIIGsk.exe
  2⤵
  PID:3668
- C:\Windows\System\oBeywDx.exe
  C:\Windows\System\oBeywDx.exe
  2⤵
  PID:308
- C:\Windows\System\sQdUHUD.exe
  C:\Windows\System\sQdUHUD.exe
  2⤵
  PID:5144
- C:\Windows\System\OnrAHOS.exe
  C:\Windows\System\OnrAHOS.exe
  2⤵
  PID:5172
- C:\Windows\System\ZSYjQQm.exe
  C:\Windows\System\ZSYjQQm.exe
  2⤵
  PID:5204
- C:\Windows\System\LNDlBqS.exe
  C:\Windows\System\LNDlBqS.exe
  2⤵
  PID:5228
- C:\Windows\System\uyyreCp.exe
  C:\Windows\System\uyyreCp.exe
  2⤵
  PID:5248
- C:\Windows\System\XPNlTrc.exe
  C:\Windows\System\XPNlTrc.exe
  2⤵
  PID:5304
- C:\Windows\System\cqEvfgp.exe
  C:\Windows\System\cqEvfgp.exe
  2⤵
  PID:2732
- C:\Windows\System\tujypya.exe
  C:\Windows\System\tujypya.exe
  2⤵
  PID:5364
- C:\Windows\System\hzoeLBx.exe
  C:\Windows\System\hzoeLBx.exe
  2⤵
  PID:5392
- C:\Windows\System\LIvllbn.exe
  C:\Windows\System\LIvllbn.exe
  2⤵
  PID:5456
- C:\Windows\System\SOfmYsK.exe
  C:\Windows\System\SOfmYsK.exe
  2⤵
  PID:5476
- C:\Windows\System\Nqyizsy.exe
  C:\Windows\System\Nqyizsy.exe
  2⤵
  PID:5500
- C:\Windows\System\VnQIApV.exe
  C:\Windows\System\VnQIApV.exe
  2⤵
  PID:5520
- C:\Windows\System\Ouwywov.exe
  C:\Windows\System\Ouwywov.exe
  2⤵
  PID:5568
- C:\Windows\System\hWIhRZz.exe
  C:\Windows\System\hWIhRZz.exe
  2⤵
  PID:5612
- C:\Windows\System\iFnvKol.exe
  C:\Windows\System\iFnvKol.exe
  2⤵
  PID:5656
- C:\Windows\System\XwabFSG.exe
  C:\Windows\System\XwabFSG.exe
  2⤵
  PID:5688
- C:\Windows\System\rQoeFGO.exe
  C:\Windows\System\rQoeFGO.exe
  2⤵
  PID:5720
- C:\Windows\System\VWbNarY.exe
  C:\Windows\System\VWbNarY.exe
  2⤵
  PID:5764
- C:\Windows\System\JXwziJu.exe
  C:\Windows\System\JXwziJu.exe
  2⤵
  PID:5796
- C:\Windows\System\rMjTgrT.exe
  C:\Windows\System\rMjTgrT.exe
  2⤵
  PID:5836
- C:\Windows\System\NTURNAO.exe
  C:\Windows\System\NTURNAO.exe
  2⤵
  PID:5856
- C:\Windows\System\qcMMnHV.exe
  C:\Windows\System\qcMMnHV.exe
  2⤵
  PID:5880
- C:\Windows\System\YPUWRlF.exe
  C:\Windows\System\YPUWRlF.exe
  2⤵
  PID:5900
- C:\Windows\System\aUTkbbf.exe
  C:\Windows\System\aUTkbbf.exe
  2⤵
  PID:5960
- C:\Windows\System\ZQJZSDj.exe
  C:\Windows\System\ZQJZSDj.exe
  2⤵
  PID:5988
- C:\Windows\System\qlwHtpT.exe
  C:\Windows\System\qlwHtpT.exe
  2⤵
  PID:6024
- C:\Windows\System\BtEEQyC.exe
  C:\Windows\System\BtEEQyC.exe
  2⤵
  PID:6048
- C:\Windows\System\uxcrHMt.exe
  C:\Windows\System\uxcrHMt.exe
  2⤵
  PID:6068
- C:\Windows\System\jlzPdEo.exe
  C:\Windows\System\jlzPdEo.exe
  2⤵
  PID:6132
- C:\Windows\System\yMKclxi.exe
  C:\Windows\System\yMKclxi.exe
  2⤵
  PID:4324
- C:\Windows\System\RCKFhYo.exe
  C:\Windows\System\RCKFhYo.exe
  2⤵
  PID:4524
- C:\Windows\System\KTvLsBe.exe
  C:\Windows\System\KTvLsBe.exe
  2⤵
  PID:4580
- C:\Windows\System\vfsEiwd.exe
  C:\Windows\System\vfsEiwd.exe
  2⤵
  PID:4740
- C:\Windows\System\tZehmpT.exe
  C:\Windows\System\tZehmpT.exe
  2⤵
  PID:4860
- C:\Windows\System\iPKXLdV.exe
  C:\Windows\System\iPKXLdV.exe
  2⤵
  PID:5044
- C:\Windows\System\lvbfXeB.exe
  C:\Windows\System\lvbfXeB.exe
  2⤵
  PID:3952
- C:\Windows\System\pIQvTtw.exe
  C:\Windows\System\pIQvTtw.exe
  2⤵
  PID:5128
- C:\Windows\System\YvXSncK.exe
  C:\Windows\System\YvXSncK.exe
  2⤵
  PID:5188
- C:\Windows\System\rhoddgM.exe
  C:\Windows\System\rhoddgM.exe
  2⤵
  PID:5252
- C:\Windows\System\AriEhwt.exe
  C:\Windows\System\AriEhwt.exe
  2⤵
  PID:5292
- C:\Windows\System\IMIwCZI.exe
  C:\Windows\System\IMIwCZI.exe
  2⤵
  PID:5348
- C:\Windows\System\SUTafEh.exe
  C:\Windows\System\SUTafEh.exe
  2⤵
  PID:5412
- C:\Windows\System\Xfjforn.exe
  C:\Windows\System\Xfjforn.exe
  2⤵
  PID:992
- C:\Windows\System\fBZoGpn.exe
  C:\Windows\System\fBZoGpn.exe
  2⤵
  PID:5540
- C:\Windows\System\gRGTjcX.exe
  C:\Windows\System\gRGTjcX.exe
  2⤵
  PID:5572
- C:\Windows\System\EuLCaGL.exe
  C:\Windows\System\EuLCaGL.exe
  2⤵
  PID:5648
- C:\Windows\System\wzjSwsY.exe
  C:\Windows\System\wzjSwsY.exe
  2⤵
  PID:5676
- C:\Windows\System\feGGPkc.exe
  C:\Windows\System\feGGPkc.exe
  2⤵
  PID:5756
- C:\Windows\System\BRNZMSG.exe
  C:\Windows\System\BRNZMSG.exe
  2⤵
  PID:5820
- C:\Windows\System\IlhwqOW.exe
  C:\Windows\System\IlhwqOW.exe
  2⤵
  PID:5876
- C:\Windows\System\ZWFXJfk.exe
  C:\Windows\System\ZWFXJfk.exe
  2⤵
  PID:5916
- C:\Windows\System\uNTictP.exe
  C:\Windows\System\uNTictP.exe
  2⤵
  PID:5980
- C:\Windows\System\YcWBmBK.exe
  C:\Windows\System\YcWBmBK.exe
  2⤵
  PID:6012
- C:\Windows\System\fZzhbgs.exe
  C:\Windows\System\fZzhbgs.exe
  2⤵
  PID:6084
- C:\Windows\System\NHrdGna.exe
  C:\Windows\System\NHrdGna.exe
  2⤵
  PID:4300
- C:\Windows\System\orslzDJ.exe
  C:\Windows\System\orslzDJ.exe
  2⤵
  PID:4416
- C:\Windows\System\QOPYsBr.exe
  C:\Windows\System\QOPYsBr.exe
  2⤵
  PID:4656
- C:\Windows\System\GxMyNFo.exe
  C:\Windows\System\GxMyNFo.exe
  2⤵
  PID:5016
- C:\Windows\System\ZQeQiea.exe
  C:\Windows\System\ZQeQiea.exe
  2⤵
  PID:3864
- C:\Windows\System\vtcarvr.exe
  C:\Windows\System\vtcarvr.exe
  2⤵
  PID:5148
- C:\Windows\System\cciGHsu.exe
  C:\Windows\System\cciGHsu.exe
  2⤵
  PID:5288
- C:\Windows\System\sgzCQkt.exe
  C:\Windows\System\sgzCQkt.exe
  2⤵
  PID:5368
- C:\Windows\System\bVdbaHr.exe
  C:\Windows\System\bVdbaHr.exe
  2⤵
  PID:5444
- C:\Windows\System\OXolGUo.exe
  C:\Windows\System\OXolGUo.exe
  2⤵
  PID:5504
- C:\Windows\System\MdSeDkT.exe
  C:\Windows\System\MdSeDkT.exe
  2⤵
  PID:5616
- C:\Windows\System\XSNicYC.exe
  C:\Windows\System\XSNicYC.exe
  2⤵
  PID:6152
- C:\Windows\System\BlgEFxq.exe
  C:\Windows\System\BlgEFxq.exe
  2⤵
  PID:6172
- C:\Windows\System\veNARRk.exe
  C:\Windows\System\veNARRk.exe
  2⤵
  PID:6192
- C:\Windows\System\znpZlto.exe
  C:\Windows\System\znpZlto.exe
  2⤵
  PID:6212
- C:\Windows\System\ufeGPGn.exe
  C:\Windows\System\ufeGPGn.exe
  2⤵
  PID:6232
- C:\Windows\System\dWAbePW.exe
  C:\Windows\System\dWAbePW.exe
  2⤵
  PID:6252
- C:\Windows\System\swHLjIz.exe
  C:\Windows\System\swHLjIz.exe
  2⤵
  PID:6272
- C:\Windows\System\ZCMVmIk.exe
  C:\Windows\System\ZCMVmIk.exe
  2⤵
  PID:6292
- C:\Windows\System\OTNBbOh.exe
  C:\Windows\System\OTNBbOh.exe
  2⤵
  PID:6312
- C:\Windows\System\SvCFtjV.exe
  C:\Windows\System\SvCFtjV.exe
  2⤵
  PID:6332
- C:\Windows\System\MxKrcgM.exe
  C:\Windows\System\MxKrcgM.exe
  2⤵
  PID:6352
- C:\Windows\System\pWXdyJg.exe
  C:\Windows\System\pWXdyJg.exe
  2⤵
  PID:6372
- C:\Windows\System\mOGzHAz.exe
  C:\Windows\System\mOGzHAz.exe
  2⤵
  PID:6392
- C:\Windows\System\FekuvJn.exe
  C:\Windows\System\FekuvJn.exe
  2⤵
  PID:6412
- C:\Windows\System\uXIKYKc.exe
  C:\Windows\System\uXIKYKc.exe
  2⤵
  PID:6432
- C:\Windows\System\xQKwwas.exe
  C:\Windows\System\xQKwwas.exe
  2⤵
  PID:6452
- C:\Windows\System\aMhQARd.exe
  C:\Windows\System\aMhQARd.exe
  2⤵
  PID:6472
- C:\Windows\System\EukWRvW.exe
  C:\Windows\System\EukWRvW.exe
  2⤵
  PID:6492
- C:\Windows\System\lfGEbth.exe
  C:\Windows\System\lfGEbth.exe
  2⤵
  PID:6512
- C:\Windows\System\lmDmuaQ.exe
  C:\Windows\System\lmDmuaQ.exe
  2⤵
  PID:6532
- C:\Windows\System\rqrPERT.exe
  C:\Windows\System\rqrPERT.exe
  2⤵
  PID:6552
- C:\Windows\System\neWsYTx.exe
  C:\Windows\System\neWsYTx.exe
  2⤵
  PID:6572
- C:\Windows\System\BnwVpmm.exe
  C:\Windows\System\BnwVpmm.exe
  2⤵
  PID:6592
- C:\Windows\System\OROZizq.exe
  C:\Windows\System\OROZizq.exe
  2⤵
  PID:6612
- C:\Windows\System\rVViirD.exe
  C:\Windows\System\rVViirD.exe
  2⤵
  PID:6632
- C:\Windows\System\qwZGcgB.exe
  C:\Windows\System\qwZGcgB.exe
  2⤵
  PID:6652
- C:\Windows\System\pFFgqle.exe
  C:\Windows\System\pFFgqle.exe
  2⤵
  PID:6672
- C:\Windows\System\MpiwXOD.exe
  C:\Windows\System\MpiwXOD.exe
  2⤵
  PID:6692
- C:\Windows\System\HFizaBm.exe
  C:\Windows\System\HFizaBm.exe
  2⤵
  PID:6712
- C:\Windows\System\SmrgOgM.exe
  C:\Windows\System\SmrgOgM.exe
  2⤵
  PID:6732
- C:\Windows\System\YcOKZAl.exe
  C:\Windows\System\YcOKZAl.exe
  2⤵
  PID:6752
- C:\Windows\System\cDyzKtP.exe
  C:\Windows\System\cDyzKtP.exe
  2⤵
  PID:6772
- C:\Windows\System\sbQmYYN.exe
  C:\Windows\System\sbQmYYN.exe
  2⤵
  PID:6792
- C:\Windows\System\urOJnpQ.exe
  C:\Windows\System\urOJnpQ.exe
  2⤵
  PID:6812
- C:\Windows\System\TWQNgRb.exe
  C:\Windows\System\TWQNgRb.exe
  2⤵
  PID:6832
- C:\Windows\System\LQgLhBh.exe
  C:\Windows\System\LQgLhBh.exe
  2⤵
  PID:6852
- C:\Windows\System\uGGlvga.exe
  C:\Windows\System\uGGlvga.exe
  2⤵
  PID:6872
- C:\Windows\System\OvpGzkF.exe
  C:\Windows\System\OvpGzkF.exe
  2⤵
  PID:6896
- C:\Windows\System\WkrAMoD.exe
  C:\Windows\System\WkrAMoD.exe
  2⤵
  PID:6916
- C:\Windows\System\QeDSRCs.exe
  C:\Windows\System\QeDSRCs.exe
  2⤵
  PID:6936
- C:\Windows\System\hARQIkl.exe
  C:\Windows\System\hARQIkl.exe
  2⤵
  PID:6956
- C:\Windows\System\qHMDUuI.exe
  C:\Windows\System\qHMDUuI.exe
  2⤵
  PID:6976
- C:\Windows\System\SkfOqeL.exe
  C:\Windows\System\SkfOqeL.exe
  2⤵
  PID:6996
- C:\Windows\System\gvDMbFS.exe
  C:\Windows\System\gvDMbFS.exe
  2⤵
  PID:7016
- C:\Windows\System\ECHNTNa.exe
  C:\Windows\System\ECHNTNa.exe
  2⤵
  PID:7036
- C:\Windows\System\NwGWLpm.exe
  C:\Windows\System\NwGWLpm.exe
  2⤵
  PID:7056
- C:\Windows\System\zsBKckd.exe
  C:\Windows\System\zsBKckd.exe
  2⤵
  PID:7076
- C:\Windows\System\LZHHIdl.exe
  C:\Windows\System\LZHHIdl.exe
  2⤵
  PID:7096
- C:\Windows\System\NZMAykt.exe
  C:\Windows\System\NZMAykt.exe
  2⤵
  PID:7116
- C:\Windows\System\ShstzzR.exe
  C:\Windows\System\ShstzzR.exe
  2⤵
  PID:7136
- C:\Windows\System\FfsotXk.exe
  C:\Windows\System\FfsotXk.exe
  2⤵
  PID:7156
- C:\Windows\System\jscZToc.exe
  C:\Windows\System\jscZToc.exe
  2⤵
  PID:5800
- C:\Windows\System\EXKcEUb.exe
  C:\Windows\System\EXKcEUb.exe
  2⤵
  PID:5860
- C:\Windows\System\GgZPyae.exe
  C:\Windows\System\GgZPyae.exe
  2⤵
  PID:5940
- C:\Windows\System\CCpBZYc.exe
  C:\Windows\System\CCpBZYc.exe
  2⤵
  PID:6092
- C:\Windows\System\ivWqLyp.exe
  C:\Windows\System\ivWqLyp.exe
  2⤵
  PID:4276
- C:\Windows\System\FBcUitd.exe
  C:\Windows\System\FBcUitd.exe
  2⤵
  PID:4440
- C:\Windows\System\GWYbTHf.exe
  C:\Windows\System\GWYbTHf.exe
  2⤵
  PID:5100
- C:\Windows\System\KFtcufR.exe
  C:\Windows\System\KFtcufR.exe
  2⤵
  PID:5232
- C:\Windows\System\NLqcPdn.exe
  C:\Windows\System\NLqcPdn.exe
  2⤵
  PID:5324
- C:\Windows\System\DcdrHYI.exe
  C:\Windows\System\DcdrHYI.exe
  2⤵
  PID:5636
- C:\Windows\System\uohnKzL.exe
  C:\Windows\System\uohnKzL.exe
  2⤵
  PID:5692
- C:\Windows\System\lLRUUel.exe
  C:\Windows\System\lLRUUel.exe
  2⤵
  PID:6164
- C:\Windows\System\QVlZcvj.exe
  C:\Windows\System\QVlZcvj.exe
  2⤵
  PID:6184
- C:\Windows\System\eysgUCv.exe
  C:\Windows\System\eysgUCv.exe
  2⤵
  PID:6240
- C:\Windows\System\VSPMgzF.exe
  C:\Windows\System\VSPMgzF.exe
  2⤵
  PID:6264
- C:\Windows\System\OVsUURZ.exe
  C:\Windows\System\OVsUURZ.exe
  2⤵
  PID:6308
- C:\Windows\System\LwAnLjt.exe
  C:\Windows\System\LwAnLjt.exe
  2⤵
  PID:6340
- C:\Windows\System\goBoglv.exe
  C:\Windows\System\goBoglv.exe
  2⤵
  PID:6344
- C:\Windows\System\LMETlRA.exe
  C:\Windows\System\LMETlRA.exe
  2⤵
  PID:6408
- C:\Windows\System\FIkWuFF.exe
  C:\Windows\System\FIkWuFF.exe
  2⤵
  PID:6440
- C:\Windows\System\XQJRbaa.exe
  C:\Windows\System\XQJRbaa.exe
  2⤵
  PID:6464
- C:\Windows\System\scuuIgx.exe
  C:\Windows\System\scuuIgx.exe
  2⤵
  PID:6504
- C:\Windows\System\ZZISzFo.exe
  C:\Windows\System\ZZISzFo.exe
  2⤵
  PID:6560
- C:\Windows\System\NhoZUfN.exe
  C:\Windows\System\NhoZUfN.exe
  2⤵
  PID:6564
- C:\Windows\System\KDVLnpR.exe
  C:\Windows\System\KDVLnpR.exe
  2⤵
  PID:6604
- C:\Windows\System\fBlcTHF.exe
  C:\Windows\System\fBlcTHF.exe
  2⤵
  PID:6648
- C:\Windows\System\UKuctaY.exe
  C:\Windows\System\UKuctaY.exe
  2⤵
  PID:6680
- C:\Windows\System\TTheKJf.exe
  C:\Windows\System\TTheKJf.exe
  2⤵
  PID:6704
- C:\Windows\System\nuLhJLh.exe
  C:\Windows\System\nuLhJLh.exe
  2⤵
  PID:6748
- C:\Windows\System\hellqWW.exe
  C:\Windows\System\hellqWW.exe
  2⤵
  PID:6780
- C:\Windows\System\wqyTrBX.exe
  C:\Windows\System\wqyTrBX.exe
  2⤵
  PID:6808
- C:\Windows\System\XtdwOEc.exe
  C:\Windows\System\XtdwOEc.exe
  2⤵
  PID:6844
- C:\Windows\System\yuAJzDO.exe
  C:\Windows\System\yuAJzDO.exe
  2⤵
  PID:6892
- C:\Windows\System\cuTbLcv.exe
  C:\Windows\System\cuTbLcv.exe
  2⤵
  PID:6924
- C:\Windows\System\opPpcdz.exe
  C:\Windows\System\opPpcdz.exe
  2⤵
  PID:6952
- C:\Windows\System\ufzxmci.exe
  C:\Windows\System\ufzxmci.exe
  2⤵
  PID:6984
- C:\Windows\System\JFvkkEz.exe
  C:\Windows\System\JFvkkEz.exe
  2⤵
  PID:7008
- C:\Windows\System\AxTzCUo.exe
  C:\Windows\System\AxTzCUo.exe
  2⤵
  PID:7028
- C:\Windows\System\UhAjEYw.exe
  C:\Windows\System\UhAjEYw.exe
  2⤵
  PID:7092
- C:\Windows\System\gPjNuuF.exe
  C:\Windows\System\gPjNuuF.exe
  2⤵
  PID:7104
- C:\Windows\System\uWTOvaC.exe
  C:\Windows\System\uWTOvaC.exe
  2⤵
  PID:7152
- C:\Windows\System\MhrPXhs.exe
  C:\Windows\System\MhrPXhs.exe
  2⤵
  PID:5816
- C:\Windows\System\KMxegwH.exe
  C:\Windows\System\KMxegwH.exe
  2⤵
  PID:2448
- C:\Windows\System\sCIWZiE.exe
  C:\Windows\System\sCIWZiE.exe
  2⤵
  PID:6072
- C:\Windows\System\sspVcyT.exe
  C:\Windows\System\sspVcyT.exe
  2⤵
  PID:4684
- C:\Windows\System\XegsZVM.exe
  C:\Windows\System\XegsZVM.exe
  2⤵
  PID:5164
- C:\Windows\System\IUQpBMQ.exe
  C:\Windows\System\IUQpBMQ.exe
  2⤵
  PID:5496
- C:\Windows\System\gsBnlpv.exe
  C:\Windows\System\gsBnlpv.exe
  2⤵
  PID:5716
- C:\Windows\System\nVOsCHW.exe
  C:\Windows\System\nVOsCHW.exe
  2⤵
  PID:6200
- C:\Windows\System\QIQnxZr.exe
  C:\Windows\System\QIQnxZr.exe
  2⤵
  PID:6228
- C:\Windows\System\ADWqGww.exe
  C:\Windows\System\ADWqGww.exe
  2⤵
  PID:6300
- C:\Windows\System\FdrWGbB.exe
  C:\Windows\System\FdrWGbB.exe
  2⤵
  PID:6368
- C:\Windows\System\vTevFIq.exe
  C:\Windows\System\vTevFIq.exe
  2⤵
  PID:6428
- C:\Windows\System\dSIIpit.exe
  C:\Windows\System\dSIIpit.exe
  2⤵
  PID:6508
- C:\Windows\System\pDvRYXh.exe
  C:\Windows\System\pDvRYXh.exe
  2⤵
  PID:6588
- C:\Windows\System\jBWcXnm.exe
  C:\Windows\System\jBWcXnm.exe
  2⤵
  PID:6584
- C:\Windows\System\hDaqBUF.exe
  C:\Windows\System\hDaqBUF.exe
  2⤵
  PID:6664
- C:\Windows\System\uwsIBND.exe
  C:\Windows\System\uwsIBND.exe
  2⤵
  PID:6728
- C:\Windows\System\tvyDwvZ.exe
  C:\Windows\System\tvyDwvZ.exe
  2⤵
  PID:6800
- C:\Windows\System\QyXbbma.exe
  C:\Windows\System\QyXbbma.exe
  2⤵
  PID:2472
- C:\Windows\System\EtIENRf.exe
  C:\Windows\System\EtIENRf.exe
  2⤵
  PID:6868
- C:\Windows\System\AytuhwA.exe
  C:\Windows\System\AytuhwA.exe
  2⤵
  PID:6904
- C:\Windows\System\oBdYghx.exe
  C:\Windows\System\oBdYghx.exe
  2⤵
  PID:6988
- C:\Windows\System\sQhyTPu.exe
  C:\Windows\System\sQhyTPu.exe
  2⤵
  PID:7044
- C:\Windows\System\uIgOLai.exe
  C:\Windows\System\uIgOLai.exe
  2⤵
  PID:7088
- C:\Windows\System\UlmbvpL.exe
  C:\Windows\System\UlmbvpL.exe
  2⤵
  PID:7128
- C:\Windows\System\TMiAnjd.exe
  C:\Windows\System\TMiAnjd.exe
  2⤵
  PID:5744
- C:\Windows\System\hTnvmGD.exe
  C:\Windows\System\hTnvmGD.exe
  2⤵
  PID:4900
- C:\Windows\System\XSNjPfN.exe
  C:\Windows\System\XSNjPfN.exe
  2⤵
  PID:5168
- C:\Windows\System\ZSaoOzp.exe
  C:\Windows\System\ZSaoOzp.exe
  2⤵
  PID:5528
- C:\Windows\System\FRhlUHl.exe
  C:\Windows\System\FRhlUHl.exe
  2⤵
  PID:6208
- C:\Windows\System\gprhPrV.exe
  C:\Windows\System\gprhPrV.exe
  2⤵
  PID:6288
- C:\Windows\System\AvdzZVk.exe
  C:\Windows\System\AvdzZVk.exe
  2⤵
  PID:6364
- C:\Windows\System\CrsFrYp.exe
  C:\Windows\System\CrsFrYp.exe
  2⤵
  PID:6484
- C:\Windows\System\DKwfSQZ.exe
  C:\Windows\System\DKwfSQZ.exe
  2⤵
  PID:6608
- C:\Windows\System\SHMtaHG.exe
  C:\Windows\System\SHMtaHG.exe
  2⤵
  PID:6660
- C:\Windows\System\cwEnKnM.exe
  C:\Windows\System\cwEnKnM.exe
  2⤵
  PID:6848
- C:\Windows\System\ijdTvzU.exe
  C:\Windows\System\ijdTvzU.exe
  2⤵
  PID:6944
- C:\Windows\System\pnVyOXd.exe
  C:\Windows\System\pnVyOXd.exe
  2⤵
  PID:6964
- C:\Windows\System\trDYoJo.exe
  C:\Windows\System\trDYoJo.exe
  2⤵
  PID:7072
- C:\Windows\System\ZpZTYCv.exe
  C:\Windows\System\ZpZTYCv.exe
  2⤵
  PID:7064
- C:\Windows\System\RbfCiAR.exe
  C:\Windows\System\RbfCiAR.exe
  2⤵
  PID:4184
- C:\Windows\System\hSlIxQR.exe
  C:\Windows\System\hSlIxQR.exe
  2⤵
  PID:2464
- C:\Windows\System\WerfvuT.exe
  C:\Windows\System\WerfvuT.exe
  2⤵
  PID:6324
- C:\Windows\System\oXWgSJj.exe
  C:\Windows\System\oXWgSJj.exe
  2⤵
  PID:5332
- C:\Windows\System\yacwBoZ.exe
  C:\Windows\System\yacwBoZ.exe
  2⤵
  PID:6460
- C:\Windows\System\xkgdTFo.exe
  C:\Windows\System\xkgdTFo.exe
  2⤵
  PID:6548
- C:\Windows\System\OUvLubx.exe
  C:\Windows\System\OUvLubx.exe
  2⤵
  PID:6820
- C:\Windows\System\sVddfPL.exe
  C:\Windows\System\sVddfPL.exe
  2⤵
  PID:6880
- C:\Windows\System\DTsVrDE.exe
  C:\Windows\System\DTsVrDE.exe
  2⤵
  PID:7184
- C:\Windows\System\VETmQEa.exe
  C:\Windows\System\VETmQEa.exe
  2⤵
  PID:7204
- C:\Windows\System\RbLMrCu.exe
  C:\Windows\System\RbLMrCu.exe
  2⤵
  PID:7224
- C:\Windows\System\vLJGeJc.exe
  C:\Windows\System\vLJGeJc.exe
  2⤵
  PID:7244
- C:\Windows\System\YVIzGuP.exe
  C:\Windows\System\YVIzGuP.exe
  2⤵
  PID:7264
- C:\Windows\System\MeKRYhw.exe
  C:\Windows\System\MeKRYhw.exe
  2⤵
  PID:7284
- C:\Windows\System\LtQvvDp.exe
  C:\Windows\System\LtQvvDp.exe
  2⤵
  PID:7304
- C:\Windows\System\weoZCqk.exe
  C:\Windows\System\weoZCqk.exe
  2⤵
  PID:7324
- C:\Windows\System\bgahOHl.exe
  C:\Windows\System\bgahOHl.exe
  2⤵
  PID:7344
- C:\Windows\System\JCNDJUP.exe
  C:\Windows\System\JCNDJUP.exe
  2⤵
  PID:7364
- C:\Windows\System\nclyHkt.exe
  C:\Windows\System\nclyHkt.exe
  2⤵
  PID:7384
- C:\Windows\System\wDgHDOX.exe
  C:\Windows\System\wDgHDOX.exe
  2⤵
  PID:7404
- C:\Windows\System\bagShLV.exe
  C:\Windows\System\bagShLV.exe
  2⤵
  PID:7428
- C:\Windows\System\ryuBWUU.exe
  C:\Windows\System\ryuBWUU.exe
  2⤵
  PID:7452
- C:\Windows\System\NXoiTsy.exe
  C:\Windows\System\NXoiTsy.exe
  2⤵
  PID:7472
- C:\Windows\System\QkDfXpd.exe
  C:\Windows\System\QkDfXpd.exe
  2⤵
  PID:7492
- C:\Windows\System\knUleWU.exe
  C:\Windows\System\knUleWU.exe
  2⤵
  PID:7512
- C:\Windows\System\hlCUrxQ.exe
  C:\Windows\System\hlCUrxQ.exe
  2⤵
  PID:7532
- C:\Windows\System\ZVwnAKT.exe
  C:\Windows\System\ZVwnAKT.exe
  2⤵
  PID:7552
- C:\Windows\System\MRkjnsa.exe
  C:\Windows\System\MRkjnsa.exe
  2⤵
  PID:7572
- C:\Windows\System\ohKoyKT.exe
  C:\Windows\System\ohKoyKT.exe
  2⤵
  PID:7596
- C:\Windows\System\HldtfWc.exe
  C:\Windows\System\HldtfWc.exe
  2⤵
  PID:7620
- C:\Windows\System\olOBoVt.exe
  C:\Windows\System\olOBoVt.exe
  2⤵
  PID:7640
- C:\Windows\System\PLayLUD.exe
  C:\Windows\System\PLayLUD.exe
  2⤵
  PID:7660
- C:\Windows\System\MsfYYqa.exe
  C:\Windows\System\MsfYYqa.exe
  2⤵
  PID:7680
- C:\Windows\System\WpOavJC.exe
  C:\Windows\System\WpOavJC.exe
  2⤵
  PID:7700
- C:\Windows\System\tLRFwRb.exe
  C:\Windows\System\tLRFwRb.exe
  2⤵
  PID:7720
- C:\Windows\System\imVMGHW.exe
  C:\Windows\System\imVMGHW.exe
  2⤵
  PID:7740
- C:\Windows\System\XclJqXR.exe
  C:\Windows\System\XclJqXR.exe
  2⤵
  PID:7760
- C:\Windows\System\RgURerj.exe
  C:\Windows\System\RgURerj.exe
  2⤵
  PID:7784
- C:\Windows\System\DesmyeW.exe
  C:\Windows\System\DesmyeW.exe
  2⤵
  PID:7808
- C:\Windows\System\vqXxniR.exe
  C:\Windows\System\vqXxniR.exe
  2⤵
  PID:7828
- C:\Windows\System\LthXEpy.exe
  C:\Windows\System\LthXEpy.exe
  2⤵
  PID:7848
- C:\Windows\System\ksxClJn.exe
  C:\Windows\System\ksxClJn.exe
  2⤵
  PID:7868
- C:\Windows\System\uECqmbf.exe
  C:\Windows\System\uECqmbf.exe
  2⤵
  PID:7888
- C:\Windows\System\AzWhPJr.exe
  C:\Windows\System\AzWhPJr.exe
  2⤵
  PID:7908
- C:\Windows\System\wXJRHLP.exe
  C:\Windows\System\wXJRHLP.exe
  2⤵
  PID:7928
- C:\Windows\System\MxQiVXO.exe
  C:\Windows\System\MxQiVXO.exe
  2⤵
  PID:7948
- C:\Windows\System\izXUGaT.exe
  C:\Windows\System\izXUGaT.exe
  2⤵
  PID:7968
- C:\Windows\System\zZTdSjY.exe
  C:\Windows\System\zZTdSjY.exe
  2⤵
  PID:7988
- C:\Windows\System\nVVljTe.exe
  C:\Windows\System\nVVljTe.exe
  2⤵
  PID:8008
- C:\Windows\System\LyYlYwn.exe
  C:\Windows\System\LyYlYwn.exe
  2⤵
  PID:8032
- C:\Windows\System\RYUTSQr.exe
  C:\Windows\System\RYUTSQr.exe
  2⤵
  PID:8052
- C:\Windows\System\McQUxdU.exe
  C:\Windows\System\McQUxdU.exe
  2⤵
  PID:8072
- C:\Windows\System\TrqtYMG.exe
  C:\Windows\System\TrqtYMG.exe
  2⤵
  PID:8092
- C:\Windows\System\oczvQuK.exe
  C:\Windows\System\oczvQuK.exe
  2⤵
  PID:8116
- C:\Windows\System\aTsNZfv.exe
  C:\Windows\System\aTsNZfv.exe
  2⤵
  PID:8136
- C:\Windows\System\HjJEOvm.exe
  C:\Windows\System\HjJEOvm.exe
  2⤵
  PID:8156
- C:\Windows\System\fADFQCB.exe
  C:\Windows\System\fADFQCB.exe
  2⤵
  PID:8176
- C:\Windows\System\UCUfEhB.exe
  C:\Windows\System\UCUfEhB.exe
  2⤵
  PID:7032
- C:\Windows\System\PoNjLqH.exe
  C:\Windows\System\PoNjLqH.exe
  2⤵
  PID:6112
- C:\Windows\System\TGuxmvo.exe
  C:\Windows\System\TGuxmvo.exe
  2⤵
  PID:3056
- C:\Windows\System\UIgPRWJ.exe
  C:\Windows\System\UIgPRWJ.exe
  2⤵
  PID:4116
- C:\Windows\System\zQoSfWI.exe
  C:\Windows\System\zQoSfWI.exe
  2⤵
  PID:6224
- C:\Windows\System\zPjPKCJ.exe
  C:\Windows\System\zPjPKCJ.exe
  2⤵
  PID:6928
- C:\Windows\System\gTMVUtI.exe
  C:\Windows\System\gTMVUtI.exe
  2⤵
  PID:7180
- C:\Windows\System\ZcKPtDe.exe
  C:\Windows\System\ZcKPtDe.exe
  2⤵
  PID:7272
- C:\Windows\System\GNSvmHw.exe
  C:\Windows\System\GNSvmHw.exe
  2⤵
  PID:7252
- C:\Windows\System\IssNoFO.exe
  C:\Windows\System\IssNoFO.exe
  2⤵
  PID:7300
- C:\Windows\System\gGrvKIS.exe
  C:\Windows\System\gGrvKIS.exe
  2⤵
  PID:7352
- C:\Windows\System\uctYsOR.exe
  C:\Windows\System\uctYsOR.exe
  2⤵
  PID:7336
- C:\Windows\System\qQKlDgf.exe
  C:\Windows\System\qQKlDgf.exe
  2⤵
  PID:7376
- C:\Windows\System\Gyqcdwm.exe
  C:\Windows\System\Gyqcdwm.exe
  2⤵
  PID:7416
- C:\Windows\System\iDfmWYk.exe
  C:\Windows\System\iDfmWYk.exe
  2⤵
  PID:7488
- C:\Windows\System\qjvCNPu.exe
  C:\Windows\System\qjvCNPu.exe
  2⤵
  PID:7468
- C:\Windows\System\yNZnAfD.exe
  C:\Windows\System\yNZnAfD.exe
  2⤵
  PID:7500
- C:\Windows\System\cUkEQGW.exe
  C:\Windows\System\cUkEQGW.exe
  2⤵
  PID:7544
- C:\Windows\System\bKLvFkF.exe
  C:\Windows\System\bKLvFkF.exe
  2⤵
  PID:7612
- C:\Windows\System\RdsjaUU.exe
  C:\Windows\System\RdsjaUU.exe
  2⤵
  PID:7688
- C:\Windows\System\CToOMTE.exe
  C:\Windows\System\CToOMTE.exe
  2⤵
  PID:7632
- C:\Windows\System\bPwTtXx.exe
  C:\Windows\System\bPwTtXx.exe
  2⤵
  PID:7708
- C:\Windows\System\TTZXtUm.exe
  C:\Windows\System\TTZXtUm.exe
  2⤵
  PID:7712
- C:\Windows\System\qKeoXXB.exe
  C:\Windows\System\qKeoXXB.exe
  2⤵
  PID:7796
- C:\Windows\System\whjrEXN.exe
  C:\Windows\System\whjrEXN.exe
  2⤵
  PID:7820
- C:\Windows\System\ShIECWA.exe
  C:\Windows\System\ShIECWA.exe
  2⤵
  PID:7840
- C:\Windows\System\KoZyrsU.exe
  C:\Windows\System\KoZyrsU.exe
  2⤵
  PID:7904
- C:\Windows\System\bYfSASG.exe
  C:\Windows\System\bYfSASG.exe
  2⤵
  PID:2852
- C:\Windows\System\szdIQFT.exe
  C:\Windows\System\szdIQFT.exe
  2⤵
  PID:7920
- C:\Windows\System\uXGrhjR.exe
  C:\Windows\System\uXGrhjR.exe
  2⤵
  PID:7960
- C:\Windows\System\piUQafN.exe
  C:\Windows\System\piUQafN.exe
  2⤵
  PID:8024
- C:\Windows\System\LoxEyED.exe
  C:\Windows\System\LoxEyED.exe
  2⤵
  PID:8068
- C:\Windows\System\URsBYDA.exe
  C:\Windows\System\URsBYDA.exe
  2⤵
  PID:8080
- C:\Windows\System\TYueCgC.exe
  C:\Windows\System\TYueCgC.exe
  2⤵
  PID:8112
- C:\Windows\System\iIfUrbi.exe
  C:\Windows\System\iIfUrbi.exe
  2⤵
  PID:8128
- C:\Windows\System\ihOxhMe.exe
  C:\Windows\System\ihOxhMe.exe
  2⤵
  PID:8184
- C:\Windows\System\krXMfKb.exe
  C:\Windows\System\krXMfKb.exe
  2⤵
  PID:5776
- C:\Windows\System\gUUqVex.exe
  C:\Windows\System\gUUqVex.exe
  2⤵
  PID:1992
- C:\Windows\System\ENQfnoo.exe
  C:\Windows\System\ENQfnoo.exe
  2⤵
  PID:2212
- C:\Windows\System\fXaKfYQ.exe
  C:\Windows\System\fXaKfYQ.exe
  2⤵
  PID:2496
- C:\Windows\System\WiXyAOm.exe
  C:\Windows\System\WiXyAOm.exe
  2⤵
  PID:7200
- C:\Windows\System\OdNeoxW.exe
  C:\Windows\System\OdNeoxW.exe
  2⤵
  PID:7232
- C:\Windows\System\fDEFobg.exe
  C:\Windows\System\fDEFobg.exe
  2⤵
  PID:7320
- C:\Windows\System\VaFHVHl.exe
  C:\Windows\System\VaFHVHl.exe
  2⤵
  PID:7256
- C:\Windows\System\TGnGbdM.exe
  C:\Windows\System\TGnGbdM.exe
  2⤵
  PID:7340
- C:\Windows\System\fhDvJRF.exe
  C:\Windows\System\fhDvJRF.exe
  2⤵
  PID:7412
- C:\Windows\System\SzGHUew.exe
  C:\Windows\System\SzGHUew.exe
  2⤵
  PID:7568
- C:\Windows\System\YZaukOP.exe
  C:\Windows\System\YZaukOP.exe
  2⤵
  PID:2700
- C:\Windows\System\StRiHQb.exe
  C:\Windows\System\StRiHQb.exe
  2⤵
  PID:7520
- C:\Windows\System\RkQbsuB.exe
  C:\Windows\System\RkQbsuB.exe
  2⤵
  PID:7636
- C:\Windows\System\foAlzKh.exe
  C:\Windows\System\foAlzKh.exe
  2⤵
  PID:7628
- C:\Windows\System\hJCZUsy.exe
  C:\Windows\System\hJCZUsy.exe
  2⤵
  PID:7672
- C:\Windows\System\ESVZgaL.exe
  C:\Windows\System\ESVZgaL.exe
  2⤵
  PID:2728
- C:\Windows\System\QZExzOl.exe
  C:\Windows\System\QZExzOl.exe
  2⤵
  PID:2632
- C:\Windows\System\pGjCACq.exe
  C:\Windows\System\pGjCACq.exe
  2⤵
  PID:7936
- C:\Windows\System\xDlwExL.exe
  C:\Windows\System\xDlwExL.exe
  2⤵
  PID:7924
- C:\Windows\System\PHuJbOu.exe
  C:\Windows\System\PHuJbOu.exe
  2⤵
  PID:7976
- C:\Windows\System\uhCNdMq.exe
  C:\Windows\System\uhCNdMq.exe
  2⤵
  PID:7996
- C:\Windows\System\fgbNfAI.exe
  C:\Windows\System\fgbNfAI.exe
  2⤵
  PID:8060
- C:\Windows\System\NBcpqsT.exe
  C:\Windows\System\NBcpqsT.exe
  2⤵
  PID:2820
- C:\Windows\System\tkAEwes.exe
  C:\Windows\System\tkAEwes.exe
  2⤵
  PID:5984
- C:\Windows\System\SzOKPgr.exe
  C:\Windows\System\SzOKPgr.exe
  2⤵
  PID:6424
- C:\Windows\System\ELMHDgv.exe
  C:\Windows\System\ELMHDgv.exe
  2⤵
  PID:692
- C:\Windows\System\fpmWPIi.exe
  C:\Windows\System\fpmWPIi.exe
  2⤵
  PID:7192
- C:\Windows\System\UxDibLr.exe
  C:\Windows\System\UxDibLr.exe
  2⤵
  PID:1984
- C:\Windows\System\ONwvmkc.exe
  C:\Windows\System\ONwvmkc.exe
  2⤵
  PID:3008
- C:\Windows\System\RLCuWsF.exe
  C:\Windows\System\RLCuWsF.exe
  2⤵
  PID:7400
- C:\Windows\System\meFFaIz.exe
  C:\Windows\System\meFFaIz.exe
  2⤵
  PID:7480
- C:\Windows\System\SLSjvHI.exe
  C:\Windows\System\SLSjvHI.exe
  2⤵
  PID:7564
- C:\Windows\System\Ipaqxzs.exe
  C:\Windows\System\Ipaqxzs.exe
  2⤵
  PID:776
- C:\Windows\System\QFVIPeV.exe
  C:\Windows\System\QFVIPeV.exe
  2⤵
  PID:1800
- C:\Windows\System\YNRkyUo.exe
  C:\Windows\System\YNRkyUo.exe
  2⤵
  PID:2592
- C:\Windows\System\usrjxPg.exe
  C:\Windows\System\usrjxPg.exe
  2⤵
  PID:7656
- C:\Windows\System\MXrtMrA.exe
  C:\Windows\System\MXrtMrA.exe
  2⤵
  PID:7748
- C:\Windows\System\LXFOykL.exe
  C:\Windows\System\LXFOykL.exe
  2⤵
  PID:1512
- C:\Windows\System\zDryfvZ.exe
  C:\Windows\System\zDryfvZ.exe
  2⤵
  PID:2468
- C:\Windows\System\oQyHuSn.exe
  C:\Windows\System\oQyHuSn.exe
  2⤵
  PID:8000
- C:\Windows\System\NqASdRq.exe
  C:\Windows\System\NqASdRq.exe
  2⤵
  PID:8164
- C:\Windows\System\mOjQUoy.exe
  C:\Windows\System\mOjQUoy.exe
  2⤵
  PID:7132
- C:\Windows\System\pqWSMUu.exe
  C:\Windows\System\pqWSMUu.exe
  2⤵
  PID:2992
- C:\Windows\System\JcDtFCm.exe
  C:\Windows\System\JcDtFCm.exe
  2⤵
  PID:2668
- C:\Windows\System\IeDNchx.exe
  C:\Windows\System\IeDNchx.exe
  2⤵
  PID:2456
- C:\Windows\System\WoJrtHU.exe
  C:\Windows\System\WoJrtHU.exe
  2⤵
  PID:7436
- C:\Windows\System\jZzYZdm.exe
  C:\Windows\System\jZzYZdm.exe
  2⤵
  PID:2832
- C:\Windows\System\hwobDMV.exe
  C:\Windows\System\hwobDMV.exe
  2⤵
  PID:7548
- C:\Windows\System\FhTRsQL.exe
  C:\Windows\System\FhTRsQL.exe
  2⤵
  PID:2796
- C:\Windows\System\TRlbrlh.exe
  C:\Windows\System\TRlbrlh.exe
  2⤵
  PID:7756
- C:\Windows\System\oWKaYcH.exe
  C:\Windows\System\oWKaYcH.exe
  2⤵
  PID:2664
- C:\Windows\System\HflYPjJ.exe
  C:\Windows\System\HflYPjJ.exe
  2⤵
  PID:7856
- C:\Windows\System\KPSFVIY.exe
  C:\Windows\System\KPSFVIY.exe
  2⤵
  PID:8188
- C:\Windows\System\TInpIbw.exe
  C:\Windows\System\TInpIbw.exe
  2⤵
  PID:664
- C:\Windows\System\gqBwxiX.exe
  C:\Windows\System\gqBwxiX.exe
  2⤵
  PID:3068
- C:\Windows\System\VuTqsBf.exe
  C:\Windows\System\VuTqsBf.exe
  2⤵
  PID:7196
- C:\Windows\System\OxofUKu.exe
  C:\Windows\System\OxofUKu.exe
  2⤵
  PID:7356
- C:\Windows\System\yRQYkrQ.exe
  C:\Windows\System\yRQYkrQ.exe
  2⤵
  PID:3004
- C:\Windows\System\BPyKbub.exe
  C:\Windows\System\BPyKbub.exe
  2⤵
  PID:7696
- C:\Windows\System\FfymNih.exe
  C:\Windows\System\FfymNih.exe
  2⤵
  PID:7772
- C:\Windows\System\TkzbXya.exe
  C:\Windows\System\TkzbXya.exe
  2⤵
  PID:2104
- C:\Windows\System\MWmpkaN.exe
  C:\Windows\System\MWmpkaN.exe
  2⤵
  PID:8044
- C:\Windows\System\FVQsIqu.exe
  C:\Windows\System\FVQsIqu.exe
  2⤵
  PID:5208
- C:\Windows\System\VScQDpb.exe
  C:\Windows\System\VScQDpb.exe
  2⤵
  PID:2712
- C:\Windows\System\yiRjeML.exe
  C:\Windows\System\yiRjeML.exe
  2⤵
  PID:7392
- C:\Windows\System\fMwpxmS.exe
  C:\Windows\System\fMwpxmS.exe
  2⤵
  PID:7752
- C:\Windows\System\mJQegzP.exe
  C:\Windows\System\mJQegzP.exe
  2⤵
  PID:7844
- C:\Windows\System\CSgdPFc.exe
  C:\Windows\System\CSgdPFc.exe
  2⤵
  PID:2684
- C:\Windows\System\sIIVYoQ.exe
  C:\Windows\System\sIIVYoQ.exe
  2⤵
  PID:7424
- C:\Windows\System\YIYmMbY.exe
  C:\Windows\System\YIYmMbY.exe
  2⤵
  PID:7460
- C:\Windows\System\UGDwbmB.exe
  C:\Windows\System\UGDwbmB.exe
  2⤵
  PID:2896
- C:\Windows\System\mxIgcqW.exe
  C:\Windows\System\mxIgcqW.exe
  2⤵
  PID:8196
- C:\Windows\System\VKSkmAe.exe
  C:\Windows\System\VKSkmAe.exe
  2⤵
  PID:8216
- C:\Windows\System\nwTqztU.exe
  C:\Windows\System\nwTqztU.exe
  2⤵
  PID:8244
- C:\Windows\System\oDjsVTW.exe
  C:\Windows\System\oDjsVTW.exe
  2⤵
  PID:8264
- C:\Windows\System\LsJNrIs.exe
  C:\Windows\System\LsJNrIs.exe
  2⤵
  PID:8312
- C:\Windows\System\GcQhBQy.exe
  C:\Windows\System\GcQhBQy.exe
  2⤵
  PID:8328
- C:\Windows\System\isiVvjO.exe
  C:\Windows\System\isiVvjO.exe
  2⤵
  PID:8344
- C:\Windows\System\YAKIJgO.exe
  C:\Windows\System\YAKIJgO.exe
  2⤵
  PID:8360
- C:\Windows\System\uYMBbNw.exe
  C:\Windows\System\uYMBbNw.exe
  2⤵
  PID:8376
- C:\Windows\System\QaWdIry.exe
  C:\Windows\System\QaWdIry.exe
  2⤵
  PID:8392
- C:\Windows\System\PAOwGsJ.exe
  C:\Windows\System\PAOwGsJ.exe
  2⤵
  PID:8412
- C:\Windows\System\HkVpnMb.exe
  C:\Windows\System\HkVpnMb.exe
  2⤵
  PID:8428
- C:\Windows\System\dmoWjML.exe
  C:\Windows\System\dmoWjML.exe
  2⤵
  PID:8444
- C:\Windows\System\hcvgzey.exe
  C:\Windows\System\hcvgzey.exe
  2⤵
  PID:8460
- C:\Windows\System\FXHJzzf.exe
  C:\Windows\System\FXHJzzf.exe
  2⤵
  PID:8476
- C:\Windows\System\BTIxIGo.exe
  C:\Windows\System\BTIxIGo.exe
  2⤵
  PID:8492
- C:\Windows\System\jQLGuGx.exe
  C:\Windows\System\jQLGuGx.exe
  2⤵
  PID:8508
- C:\Windows\System\RekhDSm.exe
  C:\Windows\System\RekhDSm.exe
  2⤵
  PID:8528
- C:\Windows\System\aVljScN.exe
  C:\Windows\System\aVljScN.exe
  2⤵
  PID:8544
- C:\Windows\System\rLtKHqm.exe
  C:\Windows\System\rLtKHqm.exe
  2⤵
  PID:8564
- C:\Windows\System\HrTtDWE.exe
  C:\Windows\System\HrTtDWE.exe
  2⤵
  PID:8580
- C:\Windows\System\WDKttBS.exe
  C:\Windows\System\WDKttBS.exe
  2⤵
  PID:8596
- C:\Windows\System\KqZvkuZ.exe
  C:\Windows\System\KqZvkuZ.exe
  2⤵
  PID:8612
- C:\Windows\System\mJAtWtc.exe
  C:\Windows\System\mJAtWtc.exe
  2⤵
  PID:8628
- C:\Windows\System\VxeebLQ.exe
  C:\Windows\System\VxeebLQ.exe
  2⤵
  PID:8644
- C:\Windows\System\cXCsEhN.exe
  C:\Windows\System\cXCsEhN.exe
  2⤵
  PID:8660
- C:\Windows\System\dwchpqa.exe
  C:\Windows\System\dwchpqa.exe
  2⤵
  PID:8676
- C:\Windows\System\KjgBHlF.exe
  C:\Windows\System\KjgBHlF.exe
  2⤵
  PID:8696
- C:\Windows\System\tJUSgcX.exe
  C:\Windows\System\tJUSgcX.exe
  2⤵
  PID:8768
- C:\Windows\System\xqwGHHn.exe
  C:\Windows\System\xqwGHHn.exe
  2⤵
  PID:8816
- C:\Windows\System\KzmUMcX.exe
  C:\Windows\System\KzmUMcX.exe
  2⤵
  PID:8832
- C:\Windows\System\NbcVxvx.exe
  C:\Windows\System\NbcVxvx.exe
  2⤵
  PID:8848
- C:\Windows\System\TRpSQCa.exe
  C:\Windows\System\TRpSQCa.exe
  2⤵
  PID:8864
- C:\Windows\System\LJnuHDY.exe
  C:\Windows\System\LJnuHDY.exe
  2⤵
  PID:8884
- C:\Windows\System\jdhQpeH.exe
  C:\Windows\System\jdhQpeH.exe
  2⤵
  PID:8900
- C:\Windows\System\yrNSEeh.exe
  C:\Windows\System\yrNSEeh.exe
  2⤵
  PID:8920
- C:\Windows\System\QzARrGP.exe
  C:\Windows\System\QzARrGP.exe
  2⤵
  PID:8936
- C:\Windows\System\hILwWHk.exe
  C:\Windows\System\hILwWHk.exe
  2⤵
  PID:8956
- C:\Windows\System\EpMTyfR.exe
  C:\Windows\System\EpMTyfR.exe
  2⤵
  PID:8972
- C:\Windows\System\FmMIboP.exe
  C:\Windows\System\FmMIboP.exe
  2⤵
  PID:8988
- C:\Windows\System\hOivBAC.exe
  C:\Windows\System\hOivBAC.exe
  2⤵
  PID:9004
- C:\Windows\System\PRDEslz.exe
  C:\Windows\System\PRDEslz.exe
  2⤵
  PID:9020
- C:\Windows\System\VvHUkAj.exe
  C:\Windows\System\VvHUkAj.exe
  2⤵
  PID:9036
- C:\Windows\System\JkyvzdL.exe
  C:\Windows\System\JkyvzdL.exe
  2⤵
  PID:9052
- C:\Windows\System\loTIQcw.exe
  C:\Windows\System\loTIQcw.exe
  2⤵
  PID:9072
- C:\Windows\System\jSeijAU.exe
  C:\Windows\System\jSeijAU.exe
  2⤵
  PID:9088
- C:\Windows\System\zSIrzTa.exe
  C:\Windows\System\zSIrzTa.exe
  2⤵
  PID:9104
- C:\Windows\System\vZEkauY.exe
  C:\Windows\System\vZEkauY.exe
  2⤵
  PID:9120
- C:\Windows\System\AcjNkgb.exe
  C:\Windows\System\AcjNkgb.exe
  2⤵
  PID:9136
- C:\Windows\System\xByWdyK.exe
  C:\Windows\System\xByWdyK.exe
  2⤵
  PID:588
- C:\Windows\System\wtKxBuM.exe
  C:\Windows\System\wtKxBuM.exe
  2⤵
  PID:832
- C:\Windows\System\uRrkNlO.exe
  C:\Windows\System\uRrkNlO.exe
  2⤵
  PID:8224
- C:\Windows\System\WcATbxc.exe
  C:\Windows\System\WcATbxc.exe
  2⤵
  PID:2364
- C:\Windows\System\PkJlMqB.exe
  C:\Windows\System\PkJlMqB.exe
  2⤵
  PID:1236
- C:\Windows\System\oOlOCmi.exe
  C:\Windows\System\oOlOCmi.exe
  2⤵
  PID:8280
- C:\Windows\System\duYYuCx.exe
  C:\Windows\System\duYYuCx.exe
  2⤵
  PID:8296
- C:\Windows\System\DpTuCvb.exe
  C:\Windows\System\DpTuCvb.exe
  2⤵
  PID:8320
- C:\Windows\System\YLXfoaD.exe
  C:\Windows\System\YLXfoaD.exe
  2⤵
  PID:8384
- C:\Windows\System\XzuAXLj.exe
  C:\Windows\System\XzuAXLj.exe
  2⤵
  PID:8452
- C:\Windows\System\AVbznut.exe
  C:\Windows\System\AVbznut.exe
  2⤵
  PID:8516
- C:\Windows\System\oFigTsU.exe
  C:\Windows\System\oFigTsU.exe
  2⤵
  PID:8560
- C:\Windows\System\zsYtiun.exe
  C:\Windows\System\zsYtiun.exe
  2⤵
  PID:8504
- C:\Windows\System\kzvpsXn.exe
  C:\Windows\System\kzvpsXn.exe
  2⤵
  PID:8408
- C:\Windows\System\RqXqJHR.exe
  C:\Windows\System\RqXqJHR.exe
  2⤵
  PID:8368
- C:\Windows\System\OMYpXhI.exe
  C:\Windows\System\OMYpXhI.exe
  2⤵
  PID:8688
- C:\Windows\System\XaBFAIB.exe
  C:\Windows\System\XaBFAIB.exe
  2⤵
  PID:8752
- C:\Windows\System\ISGaGGg.exe
  C:\Windows\System\ISGaGGg.exe
  2⤵
  PID:8724
- C:\Windows\System\XwMpAZj.exe
  C:\Windows\System\XwMpAZj.exe
  2⤵
  PID:8744
- C:\Windows\System\bVhfEcc.exe
  C:\Windows\System\bVhfEcc.exe
  2⤵
  PID:8800
- C:\Windows\System\MAacGNX.exe
  C:\Windows\System\MAacGNX.exe
  2⤵
  PID:8784
- C:\Windows\System\feZFYJY.exe
  C:\Windows\System\feZFYJY.exe
  2⤵
  PID:8808
- C:\Windows\System\fzsIkbZ.exe
  C:\Windows\System\fzsIkbZ.exe
  2⤵
  PID:8856
- C:\Windows\System\QeKMJaF.exe
  C:\Windows\System\QeKMJaF.exe
  2⤵
  PID:8928
- C:\Windows\System\zpjaLhl.exe
  C:\Windows\System\zpjaLhl.exe
  2⤵
  PID:8944
- C:\Windows\System\vCnMeZL.exe
  C:\Windows\System\vCnMeZL.exe
  2⤵
  PID:8908
- C:\Windows\System\jsdzqXA.exe
  C:\Windows\System\jsdzqXA.exe
  2⤵
  PID:9028
- C:\Windows\System\fQmtNTH.exe
  C:\Windows\System\fQmtNTH.exe
  2⤵
  PID:9060
- C:\Windows\System\AuSpFcx.exe
  C:\Windows\System\AuSpFcx.exe
  2⤵
  PID:9132
- C:\Windows\System\DxKVcXU.exe
  C:\Windows\System\DxKVcXU.exe
  2⤵
  PID:8980
- C:\Windows\System\qebIozG.exe
  C:\Windows\System\qebIozG.exe
  2⤵
  PID:9048
- C:\Windows\System\yekyfUf.exe
  C:\Windows\System\yekyfUf.exe
  2⤵
  PID:9116
- C:\Windows\System\cwqJsEy.exe
  C:\Windows\System\cwqJsEy.exe
  2⤵
  PID:9156
- C:\Windows\System\RabhFOT.exe
  C:\Windows\System\RabhFOT.exe
  2⤵
  PID:9180
- C:\Windows\System\WlZZnuA.exe
  C:\Windows\System\WlZZnuA.exe
  2⤵
  PID:9200
- C:\Windows\System\NfXswJi.exe
  C:\Windows\System\NfXswJi.exe
  2⤵
  PID:1788
- C:\Windows\System\PGxMTgH.exe
  C:\Windows\System\PGxMTgH.exe
  2⤵
  PID:7860
- C:\Windows\System\uEwXbcX.exe
  C:\Windows\System\uEwXbcX.exe
  2⤵
  PID:8272
- C:\Windows\System\HVJqmIJ.exe
  C:\Windows\System\HVJqmIJ.exe
  2⤵
  PID:8424
- C:\Windows\System\KNoThuY.exe
  C:\Windows\System\KNoThuY.exe
  2⤵
  PID:8356
- C:\Windows\System\THyPZsd.exe
  C:\Windows\System\THyPZsd.exe
  2⤵
  PID:8400
- C:\Windows\System\fEqvLgU.exe
  C:\Windows\System\fEqvLgU.exe
  2⤵
  PID:8440
- C:\Windows\System\zFrFmSQ.exe
  C:\Windows\System\zFrFmSQ.exe
  2⤵
  PID:8588
- C:\Windows\System\TpRxUZI.exe
  C:\Windows\System\TpRxUZI.exe
  2⤵
  PID:8732
- C:\Windows\System\eKwmxCG.exe
  C:\Windows\System\eKwmxCG.exe
  2⤵
  PID:8804
- C:\Windows\System\HZIiwlc.exe
  C:\Windows\System\HZIiwlc.exe
  2⤵
  PID:9032
- C:\Windows\System\srfymtR.exe
  C:\Windows\System\srfymtR.exe
  2⤵
  PID:8916
- C:\Windows\System\omJLNNq.exe
  C:\Windows\System\omJLNNq.exe
  2⤵
  PID:9084
- C:\Windows\System\ROGHNNc.exe
  C:\Windows\System\ROGHNNc.exe
  2⤵
  PID:9160
- C:\Windows\System\WpShyPF.exe
  C:\Windows\System\WpShyPF.exe
  2⤵
  PID:8300
- C:\Windows\System\DzJiRdd.exe
  C:\Windows\System\DzJiRdd.exe
  2⤵
  PID:1088
- C:\Windows\System\GDHOGSq.exe
  C:\Windows\System\GDHOGSq.exe
  2⤵
  PID:9168
- C:\Windows\System\PjelgfQ.exe
  C:\Windows\System\PjelgfQ.exe
  2⤵
  PID:9212
- C:\Windows\System\JxuHUjl.exe
  C:\Windows\System\JxuHUjl.exe
  2⤵
  PID:8240
- C:\Windows\System\JfTMESt.exe
  C:\Windows\System\JfTMESt.exe
  2⤵
  PID:1776
- C:\Windows\System\PRzIavb.exe
  C:\Windows\System\PRzIavb.exe
  2⤵
  PID:8436
- C:\Windows\System\cXbyVHR.exe
  C:\Windows\System\cXbyVHR.exe
  2⤵
  PID:8500
- C:\Windows\System\LOzzEGa.exe
  C:\Windows\System\LOzzEGa.exe
  2⤵
  PID:8636
- C:\Windows\System\JleIrGR.exe
  C:\Windows\System\JleIrGR.exe
  2⤵
  PID:8716
- C:\Windows\System\iHevyRc.exe
  C:\Windows\System\iHevyRc.exe
  2⤵
  PID:8912
- C:\Windows\System\BhAuoyH.exe
  C:\Windows\System\BhAuoyH.exe
  2⤵
  PID:8876
- C:\Windows\System\GTyQOrK.exe
  C:\Windows\System\GTyQOrK.exe
  2⤵
  PID:8872
- C:\Windows\System\eQFNOQZ.exe
  C:\Windows\System\eQFNOQZ.exe
  2⤵
  PID:9128
- C:\Windows\System\LcxlnGX.exe
  C:\Windows\System\LcxlnGX.exe
  2⤵
  PID:9000
- C:\Windows\System\jswGqnn.exe
  C:\Windows\System\jswGqnn.exe
  2⤵
  PID:8520
- C:\Windows\System\DlikqHE.exe
  C:\Windows\System\DlikqHE.exe
  2⤵
  PID:8556
- C:\Windows\System\aSxxVMv.exe
  C:\Windows\System\aSxxVMv.exe
  2⤵
  PID:8792
- C:\Windows\System\RsujHsi.exe
  C:\Windows\System\RsujHsi.exe
  2⤵
  PID:2724
- C:\Windows\System\sddVvVl.exe
  C:\Windows\System\sddVvVl.exe
  2⤵
  PID:8692
- C:\Windows\System\EdRbSTV.exe
  C:\Windows\System\EdRbSTV.exe
  2⤵
  PID:8668
- C:\Windows\System\qQjPbAl.exe
  C:\Windows\System\qQjPbAl.exe
  2⤵
  PID:8152
- C:\Windows\System\vxMqQXb.exe
  C:\Windows\System\vxMqQXb.exe
  2⤵
  PID:7276
- C:\Windows\System\hedfcFe.exe
  C:\Windows\System\hedfcFe.exe
  2⤵
  PID:9096
- C:\Windows\System\THzVUfF.exe
  C:\Windows\System\THzVUfF.exe
  2⤵
  PID:9232
- C:\Windows\System\ZwLnqeJ.exe
  C:\Windows\System\ZwLnqeJ.exe
  2⤵
  PID:9248
- C:\Windows\System\eObjUvW.exe
  C:\Windows\System\eObjUvW.exe
  2⤵
  PID:9264
- C:\Windows\System\vwXPceu.exe
  C:\Windows\System\vwXPceu.exe
  2⤵
  PID:9280
- C:\Windows\System\zUrBqJD.exe
  C:\Windows\System\zUrBqJD.exe
  2⤵
  PID:9296
- C:\Windows\System\mWhqZDd.exe
  C:\Windows\System\mWhqZDd.exe
  2⤵
  PID:9312
- C:\Windows\System\WftCyEG.exe
  C:\Windows\System\WftCyEG.exe
  2⤵
  PID:9328
- C:\Windows\System\UJEhmFe.exe
  C:\Windows\System\UJEhmFe.exe
  2⤵
  PID:9352
- C:\Windows\System\DUwAczg.exe
  C:\Windows\System\DUwAczg.exe
  2⤵
  PID:9372
- C:\Windows\System\dTurvkC.exe
  C:\Windows\System\dTurvkC.exe
  2⤵
  PID:9388
- C:\Windows\System\fBdNOlP.exe
  C:\Windows\System\fBdNOlP.exe
  2⤵
  PID:9404
- C:\Windows\System\yhyKZwV.exe
  C:\Windows\System\yhyKZwV.exe
  2⤵
  PID:9420
- C:\Windows\System\MSLwzwA.exe
  C:\Windows\System\MSLwzwA.exe
  2⤵
  PID:9436
- C:\Windows\System\grwpHYR.exe
  C:\Windows\System\grwpHYR.exe
  2⤵
  PID:9452
- C:\Windows\System\kxVkWay.exe
  C:\Windows\System\kxVkWay.exe
  2⤵
  PID:9468
- C:\Windows\System\ebVdDji.exe
  C:\Windows\System\ebVdDji.exe
  2⤵
  PID:9484
- C:\Windows\System\IySyuoG.exe
  C:\Windows\System\IySyuoG.exe
  2⤵
  PID:9500
- C:\Windows\System\TDlAyPj.exe
  C:\Windows\System\TDlAyPj.exe
  2⤵
  PID:9516
- C:\Windows\System\HtdFfvY.exe
  C:\Windows\System\HtdFfvY.exe
  2⤵
  PID:9532
- C:\Windows\System\BGTnpjN.exe
  C:\Windows\System\BGTnpjN.exe
  2⤵
  PID:9548
- C:\Windows\System\cdKRabT.exe
  C:\Windows\System\cdKRabT.exe
  2⤵
  PID:9564
- C:\Windows\System\MijkXmT.exe
  C:\Windows\System\MijkXmT.exe
  2⤵
  PID:9580
- C:\Windows\System\TjLvcxB.exe
  C:\Windows\System\TjLvcxB.exe
  2⤵
  PID:9600
- C:\Windows\System\OtwoHLN.exe
  C:\Windows\System\OtwoHLN.exe
  2⤵
  PID:9616
- C:\Windows\System\pRcZbPo.exe
  C:\Windows\System\pRcZbPo.exe
  2⤵
  PID:9632
- C:\Windows\System\LZgQtBM.exe
  C:\Windows\System\LZgQtBM.exe
  2⤵
  PID:9648
- C:\Windows\System\OeXiOlT.exe
  C:\Windows\System\OeXiOlT.exe
  2⤵
  PID:9664
- C:\Windows\System\dprNAaZ.exe
  C:\Windows\System\dprNAaZ.exe
  2⤵
  PID:9680
- C:\Windows\System\uULgznT.exe
  C:\Windows\System\uULgznT.exe
  2⤵
  PID:9696
- C:\Windows\System\stdBAeP.exe
  C:\Windows\System\stdBAeP.exe
  2⤵
  PID:9712
- C:\Windows\System\BBkRTYQ.exe
  C:\Windows\System\BBkRTYQ.exe
  2⤵
  PID:9728
- C:\Windows\System\RdVcLzm.exe
  C:\Windows\System\RdVcLzm.exe
  2⤵
  PID:9744
- C:\Windows\System\HEVvbde.exe
  C:\Windows\System\HEVvbde.exe
  2⤵
  PID:9760
- C:\Windows\System\cVClugZ.exe
  C:\Windows\System\cVClugZ.exe
  2⤵
  PID:9776
- C:\Windows\System\pvHDyGj.exe
  C:\Windows\System\pvHDyGj.exe
  2⤵
  PID:9792
- C:\Windows\System\RrhyTLE.exe
  C:\Windows\System\RrhyTLE.exe
  2⤵
  PID:9808
- C:\Windows\System\DOdTUnU.exe
  C:\Windows\System\DOdTUnU.exe
  2⤵
  PID:9824
- C:\Windows\System\kAQYGmF.exe
  C:\Windows\System\kAQYGmF.exe
  2⤵
  PID:9852
- C:\Windows\System\dAwOqem.exe
  C:\Windows\System\dAwOqem.exe
  2⤵
  PID:9880
- C:\Windows\System\pPKrsYK.exe
  C:\Windows\System\pPKrsYK.exe
  2⤵
  PID:9900
- C:\Windows\System\NWAUmer.exe
  C:\Windows\System\NWAUmer.exe
  2⤵
  PID:9944
- C:\Windows\System\GSgNvEr.exe
  C:\Windows\System\GSgNvEr.exe
  2⤵
  PID:9976
- C:\Windows\System\vTxaHHP.exe
  C:\Windows\System\vTxaHHP.exe
  2⤵
  PID:10032
- C:\Windows\System\yroTlBH.exe
  C:\Windows\System\yroTlBH.exe
  2⤵
  PID:10060
- C:\Windows\System\JjsKfwW.exe
  C:\Windows\System\JjsKfwW.exe
  2⤵
  PID:10088
- C:\Windows\System\GasjxjC.exe
  C:\Windows\System\GasjxjC.exe
  2⤵
  PID:10132
- C:\Windows\System\xYpLbkJ.exe
  C:\Windows\System\xYpLbkJ.exe
  2⤵
  PID:10168
- C:\Windows\System\sUHIbxJ.exe
  C:\Windows\System\sUHIbxJ.exe
  2⤵
  PID:10192
- C:\Windows\System\HBFvovE.exe
  C:\Windows\System\HBFvovE.exe
  2⤵
  PID:10220
- C:\Windows\System\YJetMdW.exe
  C:\Windows\System\YJetMdW.exe
  2⤵
  PID:10236
- C:\Windows\System\SFMqYjz.exe
  C:\Windows\System\SFMqYjz.exe
  2⤵
  PID:9112
- C:\Windows\System\gxgLszf.exe
  C:\Windows\System\gxgLszf.exe
  2⤵
  PID:9240
- C:\Windows\System\QHnqjgY.exe
  C:\Windows\System\QHnqjgY.exe
  2⤵
  PID:9304
- C:\Windows\System\jENgthD.exe
  C:\Windows\System\jENgthD.exe
  2⤵
  PID:8336
- C:\Windows\System\QghDNqD.exe
  C:\Windows\System\QghDNqD.exe
  2⤵
  PID:9224
- C:\Windows\System\kOWcxsr.exe
  C:\Windows\System\kOWcxsr.exe
  2⤵
  PID:9360
- C:\Windows\System\QiwctgA.exe
  C:\Windows\System\QiwctgA.exe
  2⤵
  PID:9428
- C:\Windows\System\VJymtJi.exe
  C:\Windows\System\VJymtJi.exe
  2⤵
  PID:9624
- C:\Windows\System\cuQTAQC.exe
  C:\Windows\System\cuQTAQC.exe
  2⤵
  PID:9412
- C:\Windows\System\XbcjKic.exe
  C:\Windows\System\XbcjKic.exe
  2⤵
  PID:9544
- C:\Windows\System\jbQrOwW.exe
  C:\Windows\System\jbQrOwW.exe
  2⤵
  PID:9688
- C:\Windows\System\FGzyLmI.exe
  C:\Windows\System\FGzyLmI.exe
  2⤵
  PID:8608
- C:\Windows\System\HtPjWFg.exe
  C:\Windows\System\HtPjWFg.exe
  2⤵
  PID:9724
- C:\Windows\System\xcbHAFj.exe
  C:\Windows\System\xcbHAFj.exe
  2⤵
  PID:9816
- C:\Windows\System\lYtEwNr.exe
  C:\Windows\System\lYtEwNr.exe
  2⤵
  PID:9860
- C:\Windows\System\hpWvaOT.exe
  C:\Windows\System\hpWvaOT.exe
  2⤵
  PID:9912
- C:\Windows\System\vpAdCza.exe
  C:\Windows\System\vpAdCza.exe
  2⤵
  PID:9704
- C:\Windows\System\ltTnNtF.exe
  C:\Windows\System\ltTnNtF.exe
  2⤵
  PID:9768
- C:\Windows\System\hJPIlfC.exe
  C:\Windows\System\hJPIlfC.exe
  2⤵
  PID:9836
- C:\Windows\System\ZHVfhNm.exe
  C:\Windows\System\ZHVfhNm.exe
  2⤵
  PID:9984
- C:\Windows\System\tUlCkIA.exe
  C:\Windows\System\tUlCkIA.exe
  2⤵
  PID:9952
- C:\Windows\System\sLbZKPp.exe
  C:\Windows\System\sLbZKPp.exe
  2⤵
  PID:9968
- C:\Windows\System\nbTEaRs.exe
  C:\Windows\System\nbTEaRs.exe
  2⤵
  PID:9988
- C:\Windows\System\uNPMcLQ.exe
  C:\Windows\System\uNPMcLQ.exe
  2⤵
  PID:10020
- C:\Windows\System\eglbRSn.exe
  C:\Windows\System\eglbRSn.exe
  2⤵
  PID:10072
- C:\Windows\System\SfclseT.exe
  C:\Windows\System\SfclseT.exe
  2⤵
  PID:10056
- C:\Windows\System\caCvjTj.exe
  C:\Windows\System\caCvjTj.exe
  2⤵
  PID:10100
- C:\Windows\System\tPyxJst.exe
  C:\Windows\System\tPyxJst.exe
  2⤵
  PID:9344
- C:\Windows\System\plnRGwr.exe
  C:\Windows\System\plnRGwr.exe
  2⤵
  PID:10152
- C:\Windows\System\ULrFDSx.exe
  C:\Windows\System\ULrFDSx.exe
  2⤵
  PID:10128
- C:\Windows\System\XdTRpuN.exe
  C:\Windows\System\XdTRpuN.exe
  2⤵
  PID:9364
- C:\Windows\System\actIAcB.exe
  C:\Windows\System\actIAcB.exe
  2⤵
  PID:10232
- C:\Windows\System\DwfUiLc.exe
  C:\Windows\System\DwfUiLc.exe
  2⤵
  PID:9588
- C:\Windows\System\HuunFiV.exe
  C:\Windows\System\HuunFiV.exe
  2⤵
  PID:9340
- C:\Windows\System\ksCwBgo.exe
  C:\Windows\System\ksCwBgo.exe
  2⤵
  PID:9288
- C:\Windows\System\LiOBGsw.exe
  C:\Windows\System\LiOBGsw.exe
  2⤵
  PID:9460
- C:\Windows\System\MqImkdL.exe
  C:\Windows\System\MqImkdL.exe
  2⤵
  PID:9400
- C:\Windows\System\yEuvirp.exe
  C:\Windows\System\yEuvirp.exe
  2⤵
  PID:9556
- C:\Windows\System\qEsecGH.exe
  C:\Windows\System\qEsecGH.exe
  2⤵
  PID:9444
- C:\Windows\System\APMXYqi.exe
  C:\Windows\System\APMXYqi.exe
  2⤵
  PID:9480
- C:\Windows\System\XLAXpim.exe
  C:\Windows\System\XLAXpim.exe
  2⤵
  PID:9540
- C:\Windows\System\gRubxXr.exe
  C:\Windows\System\gRubxXr.exe
  2⤵
  PID:9756
- C:\Windows\System\ErnnEiJ.exe
  C:\Windows\System\ErnnEiJ.exe
  2⤵
  PID:9660
- C:\Windows\System\PlWWiXp.exe
  C:\Windows\System\PlWWiXp.exe
  2⤵
  PID:9920
- C:\Windows\System\gWOhMAR.exe
  C:\Windows\System\gWOhMAR.exe
  2⤵
  PID:9788
- C:\Windows\System\bexWzjq.exe
  C:\Windows\System\bexWzjq.exe
  2⤵
  PID:9736
- C:\Windows\System\bNLRvYU.exe
  C:\Windows\System\bNLRvYU.exe
  2⤵
  PID:9964
- C:\Windows\System\vUacrrA.exe
  C:\Windows\System\vUacrrA.exe
  2⤵
  PID:10052
- C:\Windows\System\ZYcNlpV.exe
  C:\Windows\System\ZYcNlpV.exe
  2⤵
  PID:10084
- C:\Windows\System\SclJTXY.exe
  C:\Windows\System\SclJTXY.exe
  2⤵
  PID:9804
- C:\Windows\System\vtDIFdR.exe
  C:\Windows\System\vtDIFdR.exe
  2⤵
  PID:10184
- C:\Windows\System\mxvpBqO.exe
  C:\Windows\System\mxvpBqO.exe
  2⤵
  PID:10124
- C:\Windows\System\kSIChyy.exe
  C:\Windows\System\kSIChyy.exe
  2⤵
  PID:10148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CRjZofG.exe

Filesize
6.0MB

MD5
73faf43104286458728ec38fdb7ba3a1

SHA1
aa2341de23b1088397f8c9c5aaba54a70b7d3147

SHA256
75085044e74354152714c0e47eb15c510e24fcaca00b56c73b5d778f6001c655

SHA512
b3bf4473ac87f5cf04a44adab13501355903262dcc858ca5309e0e776cd031c659db95fe741191cfad80ed49d9ed088d18c475abbfb22f364203f2009727b93a

Download Submit
C:\Windows\system\EPFrEci.exe

Filesize
6.0MB

MD5
c049eb4c74a33037b8ea189f0f8ce6f0

SHA1
950ff15e2e8d38b25f704516484a4cc0e6d7ea3b

SHA256
dcd928f1a068e0736b7b54bcce8aa54324410f3c70911d86747d5afd6dc4cb7b

SHA512
3e5e68e9b2ad74d508d094cec79b7cea9ed3d92f8efdc2fae079fe09d88c598253cfec430ae57d13d543c1b1950cbd4520269128900724d971828a4bfb1f161c

Download Submit
C:\Windows\system\EUwFGnW.exe

Filesize
6.0MB

MD5
2c8f39af1e148cbda324f342e07927d1

SHA1
13e4b65f9c46f600d0abb1982be32c180e35da18

SHA256
2daa87b13ea8fd782503705f13d44ea82334944ab20aa1c4935445c4b933d6be

SHA512
35786237bf0ae3acbeca21149394687a61284205a47f165acd90eecddaed1715193b04e83db89aa685ba7d3b755da10f3ab772b53675567717120598c4012bf4

Download Submit
C:\Windows\system\EZpfJkq.exe

Filesize
6.0MB

MD5
9567215121c9c981850c3a66e68a592c

SHA1
f42a7ce5cf49eb19e163735abb67f36c6c56c94a

SHA256
a870da2ea7d7be411ffbd5d1efb6aab09c12d56d62f009958d394ef11369bcad

SHA512
b48f36a133ab7f9f9e026a5182ff5ec8901dce29952b8eb5d6be3154284b351ce98cfa4466d6f091d2de13138047ee23fe6a308df9685ed05be352983621117b

Download Submit
C:\Windows\system\GeoNvSJ.exe

Filesize
6.0MB

MD5
749654499c58ea62c327866cc0083c30

SHA1
874cfbdd3672e57418dd2f5f18ef63835f1ef51d

SHA256
772ca1c83cfb12d760fbd4ca45fd25a5eb1a8da28af035d2e59b11e888123631

SHA512
eebd0c6ce518a986f62d6e7c59589ce34e153016e8ad032739c60b17b3641a51baf6818aedd8c8eb5ff5ebc44223e08308474a5d623ef4ead46ee8c59ecdb133

Download Submit
C:\Windows\system\GoWeezo.exe

Filesize
6.0MB

MD5
5e99fbdd0eff3390449683de7f6b6d92

SHA1
37bbcf6550707dfea6ffb3ec8b6a1e3118bb2fbb

SHA256
1737f5841c6ac46e07b3aa0f35755f21091b2c126385b559fde98de3fa13588a

SHA512
9bb5f6a306cc9901afd3d547b9ef5bcd427d292669ea99df13b549403a42e105667a1ba5e3adf17199fd3554059c8046062ca0672221e5c95fe967677a0b87b7

Download Submit
C:\Windows\system\GvJomKR.exe

Filesize
6.0MB

MD5
ce2fd7a94cbf48e77e131bbe0a60fe52

SHA1
13e988cf87814f290eb2d9155ce75d37c970aaf4

SHA256
1c3e86516b6469df73cdee807de20a80c86ef9a17983f0475c60ae905ff5e5d5

SHA512
17c358bba680340ca29d792514e3a379eb60c212b8a88040583aff866bb7fd9ce5d1caf4e3e7ea6945b9998f269b37723d1c739859fa17f62dd1fd62b30c3205

Download Submit
C:\Windows\system\KUGBvPZ.exe

Filesize
6.0MB

MD5
312b1cb6f2edd2d84ae2e6cdf8d6e671

SHA1
fc63e8f7ce6f78950922c19629b7f27e9f9cf9b4

SHA256
8fdc5d4f3272ee22c03756fdf08f9a51648872ce2503aaf62e1054e0517f4c97

SHA512
7e3fbc45da8f5e71d404b60a707361e07dea87d6daa89cde295829eea524defe9acda0af4716b0a9c0f4c7af899afd05b238d7cad90d8fe603c3b228492be55b

Download Submit
C:\Windows\system\KgmlDeO.exe

Filesize
6.0MB

MD5
be91ffc65eb5a0f3c29c0fd2eb768853

SHA1
9f711a2983fa54e27451ae30eea35af1b0004093

SHA256
8407b23f21b4e17fc1709ca65b37220a3590c7b5147c21de5b992acfc450be9c

SHA512
5c604eefa50e2bc0161b5d1f67f33a526e586dc1fe9631f62ad4ec195db5f20832cc6d6b44aa646ab97376d15cb951435931b2b39949e1516f46c146a80f7ac1

Download Submit
C:\Windows\system\PKdrZMB.exe

Filesize
6.0MB

MD5
c1762a2403c095ffae8ff9aece682d5c

SHA1
dc4375c8031fd8fb80683a52dd67c00ef0ae0dff

SHA256
f9805028251af5192b448b82912d3e4f9798f2cd719851b2a7f05f8a2183ce06

SHA512
01c3d985d2481661859ffbd86898d42377994cd3ed8a2c32caa542f780f2523be81606f2f383e6b4ccd01605aebf2064430e0b3e964038a59b57f32989a3d6ec

Download Submit
C:\Windows\system\QJYooXd.exe

Filesize
6.0MB

MD5
d6f39c95cf9521ded4fb66ce05445a3d

SHA1
5b4393a2ab61b92035030408938dfeb67ea2103f

SHA256
08652461cbc7902009601f54869b659930a6b76582b463b03a4abd62bb1fa3a4

SHA512
91a2c48903dc61ce300db43852cd42d8fa4678bce1870b394766ec67281b67b4872e4aee2e4faec8cf4dfeecf045a65ab109b2c05e50785336b2bd1abf6dddba

Download Submit
C:\Windows\system\WfydaPc.exe

Filesize
6.0MB

MD5
1dbb7a3d2c4923914092fb294acf78ac

SHA1
41af76407113d724b7b5aeb0d8300e36257cb520

SHA256
9d7089b2dc05aacefd8d54d0b0412ba261785f47f68d151a73b5c2b5db6b649d

SHA512
990824e7cc9766d21256ee463d7d580192cd9397c587ea3e82a029cc65e130b1ec09f7c96aa1185db1ad6b196a89d4d3172a8f2f29f3a959317f6dc5d5777413

Download Submit
C:\Windows\system\XSJrCaO.exe

Filesize
6.0MB

MD5
46ccede0b51612711fbce9fcbb262092

SHA1
ab39d0cf0293f68646d2e022470f83dfe21d6bba

SHA256
e96d20747a65e4080ea4eccb6a0102a3d565c32d5e8284b69a036696d433f8af

SHA512
8e3b8d3759ee2cd03f99fe7bc8f4d12a268890e1d254cc6016c97bb39443daf1c1605b0250a42219c3c23078d8b469b2a6c1dc4bf8d7b80144d597975a01ca65

Download Submit
C:\Windows\system\brRoFwY.exe

Filesize
6.0MB

MD5
824cb77543318568322fc83a6092116f

SHA1
596c87575c96d209b3e17906688db8dd81f9530d

SHA256
8798c2bda544f7c0e3818224fa23d4b961a8fcc48f52e3ffd773256f1c51b78a

SHA512
997ec9384fde1870736905cb5d45aa7e943f82ecc132cef41a0ba9cd0fb6e8b6e466fd7197d6642a3da4d076e3f70abccf772411cabe9deaa8b19f6af4e8ba9c

Download Submit
C:\Windows\system\eWqyXpf.exe

Filesize
6.0MB

MD5
850414b8426eb6f0b119b9404e1ecbd5

SHA1
68408f724dde0c91ce654dd949da51ff86161a10

SHA256
635e43c60e00ab563b62101c8d51f642e5a9d33623d18431a87dd4cb1f450f30

SHA512
bf0a60afedd9a1f94742540eec4de1b20d2f26b14f418bf68fcee6062553e723c87013279cb3378317749fa11936f819f2f963a3e9b9525d4aa07b809f46b4a5

Download Submit
C:\Windows\system\fUFBIbj.exe

Filesize
6.0MB

MD5
8c7e7fd9e13b2e182bd462c781235caa

SHA1
60aa7e941ce13b2a00783db5d9f4dcf7d3710b12

SHA256
f985eb86e6195c763a2504d940ab5e2e61763cc05c8766a62f6519beb8aa428f

SHA512
5fa6caaaf57a2914ee93ad1949527bbe5f2f857da373952ca8eec5659f49bb3caeeb6c7539e75a8d072c68f76649502c7af157f0fc4e88a08c99a32d1ec3b547

Download Submit
C:\Windows\system\gDvxAxb.exe

Filesize
6.0MB

MD5
aa41e6c8ef0936e6c59f2dfec939efe9

SHA1
08c3ee97cc66dadba566a7eac15c023d6536f5bf

SHA256
73f8e732af5aed2af9aa0f2c547fe6fc0e4122eb92521fed3df84368c9c50307

SHA512
7a8a5dd088f8b1532873509d428e4d9d729b0fe76fc1bfd782a4eec8d223a4b0fe01f138342d6397680ea64429b505607e83300325cde7e4d2b0eb4f258eb729

Download Submit
C:\Windows\system\ghZooWO.exe

Filesize
6.0MB

MD5
36bc948af36c04043bf552769ff28765

SHA1
179f50a653f6d4f280238fc9ee9ba84a7f8ff0ef

SHA256
ca14d79fdadeb0f6c8132e54b076199bc56e8faddf91c976bdc2ee863e523fab

SHA512
f77343a7f66a2ded0322385031d2951df0b3d16c14189d37caee81d82f127b0a99048de4c31c40fe6c3de219b8c61c7c7654a1d037ac4ffbb749395aa47bc84a

Download Submit
C:\Windows\system\hucqsnq.exe

Filesize
6.0MB

MD5
3297b5d90096c3608c2831fef57d5107

SHA1
44f9528794141053856e45ded553ed3c45e364c0

SHA256
d34c914d2f31c503c419b17268b044d6a26f73bb5666930bcccd612137a20064

SHA512
2aeca2f7c222b68e91b9b71342b022149cf597ffb81d2dc4c46e02e97713ea41e86946a46349b9ed05ddcecf775882d89607dc53be8e16b34b9ee2784672b9a7

Download Submit
C:\Windows\system\iEzhlQA.exe

Filesize
6.0MB

MD5
a0362a08280ce198fcadcc2f06c0f1e0

SHA1
8668d9f1aa124dac04c52faf6b1b10f480599478

SHA256
1cbe581e887a9251f132e177f333b5a62d3a57e986666e49f1bfb36117018346

SHA512
b61135d9fe688d7fbec2bbbeb5ef5ed90a8a0cdbff4a94cd963fc9ed33c8f7eb859fcc8aedb6692ab14086e04d193ac5174c68be86b118d783d1e6dcc311b8ee

Download Submit
C:\Windows\system\iMbmJpU.exe

Filesize
6.0MB

MD5
c9d34ab0accfcdafabebba6fe230861e

SHA1
087d26c373ca9d414f568a8b80cdc4222db14a36

SHA256
9ce4b0341b8f0f5a7a8852862d018b87b72f756054a5076a7be044998046c143

SHA512
8e5fd75828d825a5fb86acc0dbf68f0fdebf29a6c9356412a60770f93c8038b4d4fd514c64ae9b63d3f77df019324722eb3d3e2950fc06915046533c53bf6428

Download Submit
C:\Windows\system\iSFNPVF.exe

Filesize
6.0MB

MD5
6d92e4aa342566a84be782c68baf2314

SHA1
5551c4664ae50b3a39336ac9c4d0163e624b1436

SHA256
74498d0ad992f807a60a6bcbf26f09a8b675335687bcdd67c1e681b9eb3c2739

SHA512
8dc5410f75ad3d5c4139ac20b4d33d0a768439be1bab023585f54ae5fe6cb36c46b6cc3056afea244800f162914ba1750fbed89831308970edbf0c9776d8c3c2

Download Submit
C:\Windows\system\ifItiRV.exe

Filesize
6.0MB

MD5
f7437d5d2d814f6f20147f6ee24320b5

SHA1
975de2d5fb58857d4b5c38e6c1ae4bb92b491fcc

SHA256
f5e47dec15f8a1c67003cd7b5654a9e2679e34dcb38d956b3a7a507184e42ffd

SHA512
42816d38e2161b6852736813f20ad96d4c1c4a86e2cea6b6ef13fdda639328ffaa26e96797cc046f30128409d62a888d5b0ffef917d5c9a7fa7dfea876d30e42

Download Submit
C:\Windows\system\jofRbox.exe

Filesize
6.0MB

MD5
a6ce88ec79de85f223fba1c03bc6f7b5

SHA1
3772edfb89d2bef561e235879f4766694763ee41

SHA256
09e1b975b1c48d0b429e11cd4f4e8e96572206097757684423e5d4a3cd6cdf65

SHA512
c1c5b817ba2befbd6ae665afef1631fcc5d911cd2f4545a3b4ea6caa2de8736ae2e468778a7fa1f0550bd19c494a38c540f552a87cbee55626df6fb7314283fe

Download Submit
C:\Windows\system\knSsTQk.exe

Filesize
6.0MB

MD5
153b5892ec499ceded8eb2bc17abc47a

SHA1
a0a377ebc31b485799d915ea2200fe7c88891185

SHA256
74d4d8356dce99fbaf74141ccf5f0d0da3c93925c0c180869cd9639d2dea0e97

SHA512
3881b8c7615c61d932fdb358c6e276baab299d8e3ebaaa486538746a5c081c41470fbe9451645e7e1fc6ab48f4e224f525fbac8ae213bb35bf6911f49f595055

Download Submit
C:\Windows\system\lCHAhqr.exe

Filesize
6.0MB

MD5
038af06a7c3d305ae7cfdaf619efed4f

SHA1
7966011dc86dced5145181cbba9668f1d4edf103

SHA256
3b5f73dd1862f3863959589755772457a2fb1c7a019cf0d5e307f6ba59be09fe

SHA512
476e1a5b60654dae55fa48080aa90d9c4b8c1febca10651519902d72d292b47eec258d62047eee71985701df3e658933768c8da18892d5cd1569cf0550c95262

Download Submit
C:\Windows\system\mFjjtdM.exe

Filesize
6.0MB

MD5
749646e4d92d3c63ce6f7c8b2a192917

SHA1
9d0a3f6172b939a57d8420cd46b8a3fd934b9b3a

SHA256
7d7f63126aea877c5d1209af63b51e5e894e77bc83588163e47df6569dd449c8

SHA512
784ac9311266076633a9b4729d284b9efe018693b9f9ce9e8cd43d3d82ac807d7ae831c9118c20c9f52e3a0e995d3bba2ccfc1f316eac506755a5f1181b95205

Download Submit
C:\Windows\system\rJWkKSe.exe

Filesize
6.0MB

MD5
ac6329b5d0611b07791c37451f79d26c

SHA1
bd3e1b7199ed2ec24e1b7e085064266445a76792

SHA256
4aa9e61b22a070868be6903c0490e43ca8b86b8090d0345ad7e5dc3df444d801

SHA512
25fa36575d0221b8d1cc23046a588ea735ff61b8c160305ecc724eb18e01478a77d89d79522aa967cd37952acd11e1a139b125739953660a1d63960b488d466d

Download Submit
C:\Windows\system\sNFwMwC.exe

Filesize
6.0MB

MD5
0d237b6ce3925daeb639f148ed6389ba

SHA1
2cf540e40a5a290eabf5ef7424d2ff2832a0f049

SHA256
70f438e6711063e5179468cc6791c6865719981eeeca3702de1e10229f866291

SHA512
b09596edcf990f0f518bf1bd13489c3db7af2f5e82e1334bc549817289228302b3a82750d3cb5cda272ee694173653f6d0b45d93c625d059c4020ecf6ff284aa

Download Submit
C:\Windows\system\yMAKVSe.exe

Filesize
6.0MB

MD5
ffc89412b1767d9fbd70b0951496c6b6

SHA1
7e07c152e462c089feca3d36f7039a489be66132

SHA256
871cf5e8daecc6d90465647cc9468ed16450feb7f4468aaf5ebb1a70f2b8c387

SHA512
efaa94d771098801b656c7495c055a7d6e22df4ebb6a75c3823741a85f3e22645f88254c05859ebabf0780216f591dce40ca6616b283bf8ae831f95afe950a32

Download Submit
\Windows\system\CcUEtfz.exe

Filesize
6.0MB

MD5
886483057b8571b009513ea0bae56298

SHA1
1a8f2b471f6c8c56c234ac8384f7c43e5904df52

SHA256
3a5a12712da4a9f5266b9736aedbc78473885c10fb65e8d6bca243ffb68e05ec

SHA512
78e98bebd5fe008f62082f1d5ad7a0c627dcecbc505d567543b88f855adc087484230772b5ef65cbe86b3b39736222fa455ce3d849606e9b72756e62fca06415

Download Submit
\Windows\system\MjFuOcY.exe

Filesize
6.0MB

MD5
5a57829daedd879f522ecff92305ff59

SHA1
8166ff53af8e3a7c901c6661fe07acb96ae41ff9

SHA256
548093c91545cd0f4a97f9e94fd446d60368c8c7cd8fe620633abb885147df54

SHA512
09d56a88a365df9665296d3a1dd2b42ceb23db331467a3ec1175c6e3ae8df421569e4eff1b35a5b57238f2f5dddf1386fbacc3b41878eae28b7442deb0ebc15e

Download Submit
memory/1204-2880-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1204-2849-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1204-2257-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1204-0-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/1204-2852-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/1204-2213-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/1204-2165-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1204-1987-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1204-2850-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1204-2031-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/1204-2828-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/1204-26-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/1204-2082-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1204-2805-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1204-2744-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/1204-2743-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/1204-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1892-30-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/1892-3139-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2284-3140-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2284-2079-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2484-3165-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2484-2030-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2492-1986-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2492-3144-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2628-2256-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2628-3215-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2716-3198-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2716-2121-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2768-2210-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3200-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2784-2281-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-3199-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2924-3195-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2924-2162-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download