cobaltstrike | 67ec69ae6079e5ae8c4d309fafccd27a9839737f0c35d3a39dbe7ba47d7d1e76

Analysis

max time kernel
87s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
11-12-2024 05:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

8cb399420e5b69654a18ca186c193f65
SHA1

df670c259023a65ac59a9781e589638630ff0ac4
SHA256

67ec69ae6079e5ae8c4d309fafccd27a9839737f0c35d3a39dbe7ba47d7d1e76
SHA512

444297cc63a6a945be3fbaabc2930a76cf0353986e29ff5703f3e41fdd9328f9f78590c51cbe277522d1875e231bb42277b9e912b6fb310a4afddab64c49c67e
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUv:T+q56utgpPF8u/7v

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120fd-6.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186ca-11.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186d9-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018710-21.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018766-26.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018780-30.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b62-36.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018bf3-41.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961e-60.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961c-56.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-50.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001933b-45.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09e-172.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a307-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07e-175.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f94-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a359-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a075-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dbf-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f8a-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cca-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8e-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c57-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cba-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3e-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019926-108.dat	cobalt_reflective_dll
behavioral1/files/0x0035000000017530-101.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a1-96.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-84.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1744-0-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fd-6.dat	xmrig
behavioral1/files/0x00070000000186ca-11.dat	xmrig
behavioral1/files/0x00070000000186d9-15.dat	xmrig
behavioral1/files/0x0007000000018710-21.dat	xmrig
behavioral1/files/0x0006000000018766-26.dat	xmrig
behavioral1/files/0x0006000000018780-30.dat	xmrig
behavioral1/files/0x0007000000018b62-36.dat	xmrig
behavioral1/files/0x0009000000018bf3-41.dat	xmrig
behavioral1/files/0x000500000001961e-60.dat	xmrig
behavioral1/files/0x000500000001961c-56.dat	xmrig
behavioral1/files/0x000500000001960c-50.dat	xmrig
behavioral1/files/0x000700000001933b-45.dat	xmrig
behavioral1/files/0x000500000001a09e-172.dat	xmrig
behavioral1/memory/1056-1042-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/1744-683-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41b-188.dat	xmrig
behavioral1/files/0x000500000001a307-176.dat	xmrig
behavioral1/files/0x000500000001a07e-175.dat	xmrig
behavioral1/files/0x0005000000019f94-166.dat	xmrig
behavioral1/files/0x000500000001a359-181.dat	xmrig
behavioral1/files/0x000500000001a075-160.dat	xmrig
behavioral1/files/0x0005000000019dbf-149.dat	xmrig
behavioral1/files/0x0005000000019f8a-153.dat	xmrig
behavioral1/files/0x0005000000019cca-139.dat	xmrig
behavioral1/files/0x0005000000019d8e-144.dat	xmrig
behavioral1/files/0x0005000000019c57-128.dat	xmrig
behavioral1/files/0x0005000000019cba-132.dat	xmrig
behavioral1/files/0x0005000000019c3c-119.dat	xmrig
behavioral1/files/0x0005000000019c3e-123.dat	xmrig
behavioral1/files/0x0005000000019c34-113.dat	xmrig
behavioral1/files/0x0005000000019926-108.dat	xmrig
behavioral1/files/0x0035000000017530-101.dat	xmrig
behavioral1/memory/1056-98-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000196a1-96.dat	xmrig
behavioral1/memory/2828-77-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2756-75-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/3024-73-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/1744-72-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2792-71-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/1744-70-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2856-69-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2780-67-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2332-65-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2432-92-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/1744-91-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/3004-89-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/672-88-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2640-87-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/1744-86-0x0000000002340000-0x0000000002694000-memory.dmp	xmrig
behavioral1/memory/2812-85-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019667-84.dat	xmrig
behavioral1/memory/1744-83-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/852-82-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/1744-81-0x0000000002340000-0x0000000002694000-memory.dmp	xmrig
behavioral1/memory/1056-3991-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/3024-4007-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2432-4008-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2856-4014-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2828-4013-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2792-4061-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2756-4060-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/2640-4059-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/3004-4058-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
672	owSJmHa.exe
3004	kbmdroS.exe
2332	HHUyTsu.exe
2780	WqjVUqm.exe
2856	dEGvLOr.exe
2792	yrepUZd.exe
3024	UBHJWmD.exe
2756	YgEOVRq.exe
2828	fOdTCCe.exe
852	MlPZUyg.exe
2812	BepEQpU.exe
2640	bAaheHe.exe
2432	MYPTvma.exe
1056	DEprJsX.exe
2996	KYJDnpG.exe
960	xLlxcxN.exe
1292	lBzGxBH.exe
2880	UGaDauJ.exe
2956	vcRbvhj.exe
2568	HgDmsbi.exe
2960	aYdawHE.exe
1484	bkIpJag.exe
2536	xbCedPR.exe
1444	edeSgiA.exe
3044	ABrjkQc.exe
2436	wrLtdVK.exe
2624	fDHGeOE.exe
2120	OgOrgHK.exe
2608	iGyfGZG.exe
2820	nfWClUN.exe
1156	DvQwWNU.exe
1644	zkxQrNI.exe
2528	wbVGCVf.exe
1836	KKAqXka.exe
1636	gHLonda.exe
576	dTzNeKz.exe
2172	vsOwETz.exe
2276	kZOaQMY.exe
2192	nPcVvDl.exe
1816	nirsCEd.exe
1052	vjBKGtg.exe
1940	nKJMjGD.exe
2068	DnEYACJ.exe
1008	uZpnQwA.exe
584	wTBjhOr.exe
1832	xGvHvoX.exe
2392	ZjyuwTb.exe
932	DoDkODm.exe
1704	UyIRYss.exe
1660	nBuJkNn.exe
1088	oEeqTPJ.exe
2396	MIFNcup.exe
1716	PoAhzdp.exe
888	AZXVPyC.exe
604	NgbjDGN.exe
3056	OYvpQFX.exe
2840	xibpJDh.exe
2376	cvFxxma.exe
2836	TaZFYIQ.exe
2728	IPzSaxV.exe
2788	MmuTtMT.exe
2688	CaiEAsx.exe
2652	eVrinyc.exe
2500	IZXmiab.exe

Loads dropped DLL 64 IoCs

pid	Process
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1744-0-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/files/0x00080000000120fd-6.dat	upx
behavioral1/files/0x00070000000186ca-11.dat	upx
behavioral1/files/0x00070000000186d9-15.dat	upx
behavioral1/files/0x0007000000018710-21.dat	upx
behavioral1/files/0x0006000000018766-26.dat	upx
behavioral1/files/0x0006000000018780-30.dat	upx
behavioral1/files/0x0007000000018b62-36.dat	upx
behavioral1/files/0x0009000000018bf3-41.dat	upx
behavioral1/files/0x000500000001961e-60.dat	upx
behavioral1/files/0x000500000001961c-56.dat	upx
behavioral1/files/0x000500000001960c-50.dat	upx
behavioral1/files/0x000700000001933b-45.dat	upx
behavioral1/files/0x000500000001a09e-172.dat	upx
behavioral1/memory/1056-1042-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/1744-683-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/files/0x000500000001a41b-188.dat	upx
behavioral1/files/0x000500000001a307-176.dat	upx
behavioral1/files/0x000500000001a07e-175.dat	upx
behavioral1/files/0x0005000000019f94-166.dat	upx
behavioral1/files/0x000500000001a359-181.dat	upx
behavioral1/files/0x000500000001a075-160.dat	upx
behavioral1/files/0x0005000000019dbf-149.dat	upx
behavioral1/files/0x0005000000019f8a-153.dat	upx
behavioral1/files/0x0005000000019cca-139.dat	upx
behavioral1/files/0x0005000000019d8e-144.dat	upx
behavioral1/files/0x0005000000019c57-128.dat	upx
behavioral1/files/0x0005000000019cba-132.dat	upx
behavioral1/files/0x0005000000019c3c-119.dat	upx
behavioral1/files/0x0005000000019c3e-123.dat	upx
behavioral1/files/0x0005000000019c34-113.dat	upx
behavioral1/files/0x0005000000019926-108.dat	upx
behavioral1/files/0x0035000000017530-101.dat	upx
behavioral1/memory/1056-98-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/files/0x00050000000196a1-96.dat	upx
behavioral1/memory/2828-77-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2756-75-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/3024-73-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2792-71-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2856-69-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2780-67-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2332-65-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2432-92-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/3004-89-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/672-88-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2640-87-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2812-85-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/files/0x0005000000019667-84.dat	upx
behavioral1/memory/852-82-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/1056-3991-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/3024-4007-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2432-4008-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2856-4014-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2828-4013-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2792-4061-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2756-4060-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/2640-4059-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/3004-4058-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/852-4057-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2780-4056-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2812-4012-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/672-4010-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2332-4011-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\owSJmHa.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PupKUBq.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oxadfsy.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VBJkKxN.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mkhWPuW.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nhIYUmi.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vHHvQkr.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VQKCvZJ.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rAuvOOb.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LSueMJO.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hLyqDEX.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WOyyebq.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BWrkkmJ.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dCLGINa.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SikQBDM.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wpvhklZ.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YXrzavT.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BQnuBHF.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zeGFzSe.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NLJjSRH.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UKWcJds.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MlPZUyg.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DquvmEe.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NZqgIcq.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\khLlhps.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jnCsdaN.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xZfmWmI.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kRawaXL.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wqJOdKv.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPNlUrF.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZJPVnQv.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NBSFjmw.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NSbOaJq.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nmjXGPA.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AqoprlJ.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XMLrhuf.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DkOXDzv.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eysFqSJ.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jpxSxVE.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dacLRpX.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PcTogPx.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NUVQbML.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\krNJpFM.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GJJuGvj.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SpTpDVl.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jCqfWfI.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DYaWfsh.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GZfLWNc.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OYLGdbQ.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sdKRufA.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ezmVPpU.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uTVrAWI.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qMxCeHB.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pnnUUgF.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bmBGiGW.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nkIEHkf.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XLwfrNm.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ExayijO.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NHLwtHW.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZCYEHvn.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wKhMDir.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lGnUOrk.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WVwtKJg.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YhvwMJP.exe	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1744 wrote to memory of 672	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1744 wrote to memory of 672	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1744 wrote to memory of 672	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1744 wrote to memory of 3004	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1744 wrote to memory of 3004	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1744 wrote to memory of 3004	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1744 wrote to memory of 2332	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1744 wrote to memory of 2332	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1744 wrote to memory of 2332	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1744 wrote to memory of 2780	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1744 wrote to memory of 2780	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1744 wrote to memory of 2780	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1744 wrote to memory of 2856	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1744 wrote to memory of 2856	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1744 wrote to memory of 2856	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1744 wrote to memory of 2792	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1744 wrote to memory of 2792	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1744 wrote to memory of 2792	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1744 wrote to memory of 3024	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1744 wrote to memory of 3024	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1744 wrote to memory of 3024	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1744 wrote to memory of 2756	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1744 wrote to memory of 2756	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1744 wrote to memory of 2756	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1744 wrote to memory of 2828	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1744 wrote to memory of 2828	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1744 wrote to memory of 2828	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1744 wrote to memory of 852	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1744 wrote to memory of 852	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1744 wrote to memory of 852	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1744 wrote to memory of 2812	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1744 wrote to memory of 2812	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1744 wrote to memory of 2812	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1744 wrote to memory of 2640	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1744 wrote to memory of 2640	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1744 wrote to memory of 2640	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1744 wrote to memory of 2432	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1744 wrote to memory of 2432	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1744 wrote to memory of 2432	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1744 wrote to memory of 1056	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1744 wrote to memory of 1056	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1744 wrote to memory of 1056	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1744 wrote to memory of 2996	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1744 wrote to memory of 2996	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1744 wrote to memory of 2996	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1744 wrote to memory of 960	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1744 wrote to memory of 960	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1744 wrote to memory of 960	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1744 wrote to memory of 1292	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1744 wrote to memory of 1292	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1744 wrote to memory of 1292	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1744 wrote to memory of 2880	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1744 wrote to memory of 2880	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1744 wrote to memory of 2880	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1744 wrote to memory of 2956	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1744 wrote to memory of 2956	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1744 wrote to memory of 2956	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1744 wrote to memory of 2568	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1744 wrote to memory of 2568	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1744 wrote to memory of 2568	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1744 wrote to memory of 2960	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1744 wrote to memory of 2960	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1744 wrote to memory of 2960	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1744 wrote to memory of 1484	1744	2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-11_8cb399420e5b69654a18ca186c193f65_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1744
- C:\Windows\System\owSJmHa.exe
  C:\Windows\System\owSJmHa.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\kbmdroS.exe
  C:\Windows\System\kbmdroS.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\HHUyTsu.exe
  C:\Windows\System\HHUyTsu.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\WqjVUqm.exe
  C:\Windows\System\WqjVUqm.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\dEGvLOr.exe
  C:\Windows\System\dEGvLOr.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\yrepUZd.exe
  C:\Windows\System\yrepUZd.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\UBHJWmD.exe
  C:\Windows\System\UBHJWmD.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\YgEOVRq.exe
  C:\Windows\System\YgEOVRq.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\fOdTCCe.exe
  C:\Windows\System\fOdTCCe.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\MlPZUyg.exe
  C:\Windows\System\MlPZUyg.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\BepEQpU.exe
  C:\Windows\System\BepEQpU.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\bAaheHe.exe
  C:\Windows\System\bAaheHe.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\MYPTvma.exe
  C:\Windows\System\MYPTvma.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\DEprJsX.exe
  C:\Windows\System\DEprJsX.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\KYJDnpG.exe
  C:\Windows\System\KYJDnpG.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\xLlxcxN.exe
  C:\Windows\System\xLlxcxN.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\lBzGxBH.exe
  C:\Windows\System\lBzGxBH.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\UGaDauJ.exe
  C:\Windows\System\UGaDauJ.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\vcRbvhj.exe
  C:\Windows\System\vcRbvhj.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\HgDmsbi.exe
  C:\Windows\System\HgDmsbi.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\aYdawHE.exe
  C:\Windows\System\aYdawHE.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\bkIpJag.exe
  C:\Windows\System\bkIpJag.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\xbCedPR.exe
  C:\Windows\System\xbCedPR.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\edeSgiA.exe
  C:\Windows\System\edeSgiA.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\ABrjkQc.exe
  C:\Windows\System\ABrjkQc.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\fDHGeOE.exe
  C:\Windows\System\fDHGeOE.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\wrLtdVK.exe
  C:\Windows\System\wrLtdVK.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\iGyfGZG.exe
  C:\Windows\System\iGyfGZG.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\OgOrgHK.exe
  C:\Windows\System\OgOrgHK.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\nfWClUN.exe
  C:\Windows\System\nfWClUN.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\DvQwWNU.exe
  C:\Windows\System\DvQwWNU.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\zkxQrNI.exe
  C:\Windows\System\zkxQrNI.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\wbVGCVf.exe
  C:\Windows\System\wbVGCVf.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\KKAqXka.exe
  C:\Windows\System\KKAqXka.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\gHLonda.exe
  C:\Windows\System\gHLonda.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\dTzNeKz.exe
  C:\Windows\System\dTzNeKz.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\vsOwETz.exe
  C:\Windows\System\vsOwETz.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\kZOaQMY.exe
  C:\Windows\System\kZOaQMY.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\nPcVvDl.exe
  C:\Windows\System\nPcVvDl.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\nirsCEd.exe
  C:\Windows\System\nirsCEd.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\vjBKGtg.exe
  C:\Windows\System\vjBKGtg.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\uZpnQwA.exe
  C:\Windows\System\uZpnQwA.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\nKJMjGD.exe
  C:\Windows\System\nKJMjGD.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\xGvHvoX.exe
  C:\Windows\System\xGvHvoX.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\DnEYACJ.exe
  C:\Windows\System\DnEYACJ.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\DoDkODm.exe
  C:\Windows\System\DoDkODm.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\wTBjhOr.exe
  C:\Windows\System\wTBjhOr.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\nBuJkNn.exe
  C:\Windows\System\nBuJkNn.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\ZjyuwTb.exe
  C:\Windows\System\ZjyuwTb.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\oEeqTPJ.exe
  C:\Windows\System\oEeqTPJ.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\UyIRYss.exe
  C:\Windows\System\UyIRYss.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\AZXVPyC.exe
  C:\Windows\System\AZXVPyC.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\MIFNcup.exe
  C:\Windows\System\MIFNcup.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\OYvpQFX.exe
  C:\Windows\System\OYvpQFX.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\PoAhzdp.exe
  C:\Windows\System\PoAhzdp.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\cvFxxma.exe
  C:\Windows\System\cvFxxma.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\NgbjDGN.exe
  C:\Windows\System\NgbjDGN.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\TaZFYIQ.exe
  C:\Windows\System\TaZFYIQ.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\xibpJDh.exe
  C:\Windows\System\xibpJDh.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\MmuTtMT.exe
  C:\Windows\System\MmuTtMT.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\IPzSaxV.exe
  C:\Windows\System\IPzSaxV.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\CaiEAsx.exe
  C:\Windows\System\CaiEAsx.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\eVrinyc.exe
  C:\Windows\System\eVrinyc.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\IZXmiab.exe
  C:\Windows\System\IZXmiab.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\ZhYWwky.exe
  C:\Windows\System\ZhYWwky.exe
  2⤵
  PID:2336
- C:\Windows\System\iaFFtkX.exe
  C:\Windows\System\iaFFtkX.exe
  2⤵
  PID:2872
- C:\Windows\System\EMVEhKb.exe
  C:\Windows\System\EMVEhKb.exe
  2⤵
  PID:2860
- C:\Windows\System\ZfOTwhO.exe
  C:\Windows\System\ZfOTwhO.exe
  2⤵
  PID:2204
- C:\Windows\System\CtIlXkK.exe
  C:\Windows\System\CtIlXkK.exe
  2⤵
  PID:1996
- C:\Windows\System\kNZSiRQ.exe
  C:\Windows\System\kNZSiRQ.exe
  2⤵
  PID:640
- C:\Windows\System\jnCsdaN.exe
  C:\Windows\System\jnCsdaN.exe
  2⤵
  PID:1784
- C:\Windows\System\aeIpYNB.exe
  C:\Windows\System\aeIpYNB.exe
  2⤵
  PID:1668
- C:\Windows\System\eZuQNKp.exe
  C:\Windows\System\eZuQNKp.exe
  2⤵
  PID:2992
- C:\Windows\System\mvoYpXA.exe
  C:\Windows\System\mvoYpXA.exe
  2⤵
  PID:2124
- C:\Windows\System\PrPAXia.exe
  C:\Windows\System\PrPAXia.exe
  2⤵
  PID:560
- C:\Windows\System\PupKUBq.exe
  C:\Windows\System\PupKUBq.exe
  2⤵
  PID:2320
- C:\Windows\System\ZrFzTPo.exe
  C:\Windows\System\ZrFzTPo.exe
  2⤵
  PID:1576
- C:\Windows\System\GTGuThM.exe
  C:\Windows\System\GTGuThM.exe
  2⤵
  PID:2236
- C:\Windows\System\pTxQYSt.exe
  C:\Windows\System\pTxQYSt.exe
  2⤵
  PID:1628
- C:\Windows\System\nhIYUmi.exe
  C:\Windows\System\nhIYUmi.exe
  2⤵
  PID:936
- C:\Windows\System\RuODGEn.exe
  C:\Windows\System\RuODGEn.exe
  2⤵
  PID:648
- C:\Windows\System\dKhiQTK.exe
  C:\Windows\System\dKhiQTK.exe
  2⤵
  PID:796
- C:\Windows\System\RPsSbCb.exe
  C:\Windows\System\RPsSbCb.exe
  2⤵
  PID:1508
- C:\Windows\System\wLEiKrE.exe
  C:\Windows\System\wLEiKrE.exe
  2⤵
  PID:1488
- C:\Windows\System\hbyCvWW.exe
  C:\Windows\System\hbyCvWW.exe
  2⤵
  PID:1840
- C:\Windows\System\sOgyDcD.exe
  C:\Windows\System\sOgyDcD.exe
  2⤵
  PID:2360
- C:\Windows\System\IWOhQWR.exe
  C:\Windows\System\IWOhQWR.exe
  2⤵
  PID:2032
- C:\Windows\System\nmjXGPA.exe
  C:\Windows\System\nmjXGPA.exe
  2⤵
  PID:3016
- C:\Windows\System\qZpeLgE.exe
  C:\Windows\System\qZpeLgE.exe
  2⤵
  PID:1612
- C:\Windows\System\RQKUAJq.exe
  C:\Windows\System\RQKUAJq.exe
  2⤵
  PID:2516
- C:\Windows\System\yPecQpp.exe
  C:\Windows\System\yPecQpp.exe
  2⤵
  PID:2160
- C:\Windows\System\JNWaQmg.exe
  C:\Windows\System\JNWaQmg.exe
  2⤵
  PID:3000
- C:\Windows\System\DhopIKd.exe
  C:\Windows\System\DhopIKd.exe
  2⤵
  PID:2944
- C:\Windows\System\STwzLBc.exe
  C:\Windows\System\STwzLBc.exe
  2⤵
  PID:2700
- C:\Windows\System\ORwIzBM.exe
  C:\Windows\System\ORwIzBM.exe
  2⤵
  PID:2552
- C:\Windows\System\fvflDOB.exe
  C:\Windows\System\fvflDOB.exe
  2⤵
  PID:1172
- C:\Windows\System\YWdmFhJ.exe
  C:\Windows\System\YWdmFhJ.exe
  2⤵
  PID:3040
- C:\Windows\System\MjZxaAv.exe
  C:\Windows\System\MjZxaAv.exe
  2⤵
  PID:2168
- C:\Windows\System\ysrpaPb.exe
  C:\Windows\System\ysrpaPb.exe
  2⤵
  PID:2064
- C:\Windows\System\AqoprlJ.exe
  C:\Windows\System\AqoprlJ.exe
  2⤵
  PID:1936
- C:\Windows\System\WXJLkAX.exe
  C:\Windows\System\WXJLkAX.exe
  2⤵
  PID:1568
- C:\Windows\System\ltLefDC.exe
  C:\Windows\System\ltLefDC.exe
  2⤵
  PID:2256
- C:\Windows\System\UqzMkps.exe
  C:\Windows\System\UqzMkps.exe
  2⤵
  PID:2484
- C:\Windows\System\VGuueQj.exe
  C:\Windows\System\VGuueQj.exe
  2⤵
  PID:2572
- C:\Windows\System\sPefHOj.exe
  C:\Windows\System\sPefHOj.exe
  2⤵
  PID:3080
- C:\Windows\System\GPQDxTW.exe
  C:\Windows\System\GPQDxTW.exe
  2⤵
  PID:3096
- C:\Windows\System\gobhoaj.exe
  C:\Windows\System\gobhoaj.exe
  2⤵
  PID:3112
- C:\Windows\System\FICkLaE.exe
  C:\Windows\System\FICkLaE.exe
  2⤵
  PID:3132
- C:\Windows\System\KZJnZsH.exe
  C:\Windows\System\KZJnZsH.exe
  2⤵
  PID:3156
- C:\Windows\System\TTkdCif.exe
  C:\Windows\System\TTkdCif.exe
  2⤵
  PID:3172
- C:\Windows\System\qTLSXuV.exe
  C:\Windows\System\qTLSXuV.exe
  2⤵
  PID:3200
- C:\Windows\System\DEKiccu.exe
  C:\Windows\System\DEKiccu.exe
  2⤵
  PID:3220
- C:\Windows\System\sKiuqFm.exe
  C:\Windows\System\sKiuqFm.exe
  2⤵
  PID:3236
- C:\Windows\System\OoAVSVe.exe
  C:\Windows\System\OoAVSVe.exe
  2⤵
  PID:3252
- C:\Windows\System\jvaqplT.exe
  C:\Windows\System\jvaqplT.exe
  2⤵
  PID:3276
- C:\Windows\System\XiyAdcU.exe
  C:\Windows\System\XiyAdcU.exe
  2⤵
  PID:3292
- C:\Windows\System\NMUmSWl.exe
  C:\Windows\System\NMUmSWl.exe
  2⤵
  PID:3320
- C:\Windows\System\JUxoiuF.exe
  C:\Windows\System\JUxoiuF.exe
  2⤵
  PID:3340
- C:\Windows\System\zgkKEql.exe
  C:\Windows\System\zgkKEql.exe
  2⤵
  PID:3360
- C:\Windows\System\BetyhXl.exe
  C:\Windows\System\BetyhXl.exe
  2⤵
  PID:3376
- C:\Windows\System\ZFpSoSp.exe
  C:\Windows\System\ZFpSoSp.exe
  2⤵
  PID:3396
- C:\Windows\System\krNJpFM.exe
  C:\Windows\System\krNJpFM.exe
  2⤵
  PID:3416
- C:\Windows\System\jrSHbUe.exe
  C:\Windows\System\jrSHbUe.exe
  2⤵
  PID:3436
- C:\Windows\System\IZKWKGW.exe
  C:\Windows\System\IZKWKGW.exe
  2⤵
  PID:3456
- C:\Windows\System\GLjIuAg.exe
  C:\Windows\System\GLjIuAg.exe
  2⤵
  PID:3476
- C:\Windows\System\iSQRsCg.exe
  C:\Windows\System\iSQRsCg.exe
  2⤵
  PID:3496
- C:\Windows\System\DJZGgJj.exe
  C:\Windows\System\DJZGgJj.exe
  2⤵
  PID:3516
- C:\Windows\System\uWKZdiO.exe
  C:\Windows\System\uWKZdiO.exe
  2⤵
  PID:3536
- C:\Windows\System\JnSkzzv.exe
  C:\Windows\System\JnSkzzv.exe
  2⤵
  PID:3556
- C:\Windows\System\gGlsqUL.exe
  C:\Windows\System\gGlsqUL.exe
  2⤵
  PID:3576
- C:\Windows\System\hgcMawr.exe
  C:\Windows\System\hgcMawr.exe
  2⤵
  PID:3596
- C:\Windows\System\YklOcKA.exe
  C:\Windows\System\YklOcKA.exe
  2⤵
  PID:3620
- C:\Windows\System\jtgaOTQ.exe
  C:\Windows\System\jtgaOTQ.exe
  2⤵
  PID:3640
- C:\Windows\System\kPgseqM.exe
  C:\Windows\System\kPgseqM.exe
  2⤵
  PID:3656
- C:\Windows\System\FqdTYop.exe
  C:\Windows\System\FqdTYop.exe
  2⤵
  PID:3676
- C:\Windows\System\MGWSxJK.exe
  C:\Windows\System\MGWSxJK.exe
  2⤵
  PID:3692
- C:\Windows\System\IMfTcsV.exe
  C:\Windows\System\IMfTcsV.exe
  2⤵
  PID:3712
- C:\Windows\System\JaDKcLY.exe
  C:\Windows\System\JaDKcLY.exe
  2⤵
  PID:3736
- C:\Windows\System\XlGrDUa.exe
  C:\Windows\System\XlGrDUa.exe
  2⤵
  PID:3760
- C:\Windows\System\gMgNzxE.exe
  C:\Windows\System\gMgNzxE.exe
  2⤵
  PID:3776
- C:\Windows\System\AswNFBS.exe
  C:\Windows\System\AswNFBS.exe
  2⤵
  PID:3800
- C:\Windows\System\PWPLVRH.exe
  C:\Windows\System\PWPLVRH.exe
  2⤵
  PID:3816
- C:\Windows\System\HxJtOiy.exe
  C:\Windows\System\HxJtOiy.exe
  2⤵
  PID:3840
- C:\Windows\System\JKciMQr.exe
  C:\Windows\System\JKciMQr.exe
  2⤵
  PID:3856
- C:\Windows\System\PYnSNeV.exe
  C:\Windows\System\PYnSNeV.exe
  2⤵
  PID:3876
- C:\Windows\System\WBhjVIQ.exe
  C:\Windows\System\WBhjVIQ.exe
  2⤵
  PID:3896
- C:\Windows\System\kjVzprG.exe
  C:\Windows\System\kjVzprG.exe
  2⤵
  PID:3916
- C:\Windows\System\CmVPgRE.exe
  C:\Windows\System\CmVPgRE.exe
  2⤵
  PID:3932
- C:\Windows\System\JoJxlId.exe
  C:\Windows\System\JoJxlId.exe
  2⤵
  PID:3948
- C:\Windows\System\boDEFUk.exe
  C:\Windows\System\boDEFUk.exe
  2⤵
  PID:3964
- C:\Windows\System\ptWGUoK.exe
  C:\Windows\System\ptWGUoK.exe
  2⤵
  PID:3988
- C:\Windows\System\xISDrEq.exe
  C:\Windows\System\xISDrEq.exe
  2⤵
  PID:4012
- C:\Windows\System\Yaqdntx.exe
  C:\Windows\System\Yaqdntx.exe
  2⤵
  PID:4040
- C:\Windows\System\MbWGEjw.exe
  C:\Windows\System\MbWGEjw.exe
  2⤵
  PID:4060
- C:\Windows\System\GZfLWNc.exe
  C:\Windows\System\GZfLWNc.exe
  2⤵
  PID:4076
- C:\Windows\System\CJeKzVk.exe
  C:\Windows\System\CJeKzVk.exe
  2⤵
  PID:4092
- C:\Windows\System\thMSCMI.exe
  C:\Windows\System\thMSCMI.exe
  2⤵
  PID:1672
- C:\Windows\System\nTeWuoU.exe
  C:\Windows\System\nTeWuoU.exe
  2⤵
  PID:1080
- C:\Windows\System\uAgKMqh.exe
  C:\Windows\System\uAgKMqh.exe
  2⤵
  PID:2456
- C:\Windows\System\LVLhVsZ.exe
  C:\Windows\System\LVLhVsZ.exe
  2⤵
  PID:1176
- C:\Windows\System\jGxvgjp.exe
  C:\Windows\System\jGxvgjp.exe
  2⤵
  PID:2672
- C:\Windows\System\TfYsRhX.exe
  C:\Windows\System\TfYsRhX.exe
  2⤵
  PID:2844
- C:\Windows\System\vvAVYFj.exe
  C:\Windows\System\vvAVYFj.exe
  2⤵
  PID:2964
- C:\Windows\System\RJYjEVO.exe
  C:\Windows\System\RJYjEVO.exe
  2⤵
  PID:2884
- C:\Windows\System\mPBCuhn.exe
  C:\Windows\System\mPBCuhn.exe
  2⤵
  PID:1948
- C:\Windows\System\ZlUyqLS.exe
  C:\Windows\System\ZlUyqLS.exe
  2⤵
  PID:2080
- C:\Windows\System\PIWFSws.exe
  C:\Windows\System\PIWFSws.exe
  2⤵
  PID:1764
- C:\Windows\System\UdXPtUI.exe
  C:\Windows\System\UdXPtUI.exe
  2⤵
  PID:1060
- C:\Windows\System\LWfihNQ.exe
  C:\Windows\System\LWfihNQ.exe
  2⤵
  PID:3120
- C:\Windows\System\vosLwRD.exe
  C:\Windows\System\vosLwRD.exe
  2⤵
  PID:3076
- C:\Windows\System\uDXikax.exe
  C:\Windows\System\uDXikax.exe
  2⤵
  PID:3104
- C:\Windows\System\UqBncbL.exe
  C:\Windows\System\UqBncbL.exe
  2⤵
  PID:3180
- C:\Windows\System\wpvhklZ.exe
  C:\Windows\System\wpvhklZ.exe
  2⤵
  PID:3196
- C:\Windows\System\qWROvqv.exe
  C:\Windows\System\qWROvqv.exe
  2⤵
  PID:3228
- C:\Windows\System\kEEelRI.exe
  C:\Windows\System\kEEelRI.exe
  2⤵
  PID:3272
- C:\Windows\System\rSXeTQQ.exe
  C:\Windows\System\rSXeTQQ.exe
  2⤵
  PID:3304
- C:\Windows\System\CGyjkeO.exe
  C:\Windows\System\CGyjkeO.exe
  2⤵
  PID:3348
- C:\Windows\System\vWESwiA.exe
  C:\Windows\System\vWESwiA.exe
  2⤵
  PID:3352
- C:\Windows\System\JrSLBOS.exe
  C:\Windows\System\JrSLBOS.exe
  2⤵
  PID:3408
- C:\Windows\System\VLJojVG.exe
  C:\Windows\System\VLJojVG.exe
  2⤵
  PID:3432
- C:\Windows\System\fSsnXXB.exe
  C:\Windows\System\fSsnXXB.exe
  2⤵
  PID:3524
- C:\Windows\System\kYaJRWx.exe
  C:\Windows\System\kYaJRWx.exe
  2⤵
  PID:3468
- C:\Windows\System\ifsPWhz.exe
  C:\Windows\System\ifsPWhz.exe
  2⤵
  PID:3512
- C:\Windows\System\PfKSbQM.exe
  C:\Windows\System\PfKSbQM.exe
  2⤵
  PID:3548
- C:\Windows\System\cJqqCJQ.exe
  C:\Windows\System\cJqqCJQ.exe
  2⤵
  PID:3608
- C:\Windows\System\hLWMdNX.exe
  C:\Windows\System\hLWMdNX.exe
  2⤵
  PID:3664
- C:\Windows\System\kGwXAWn.exe
  C:\Windows\System\kGwXAWn.exe
  2⤵
  PID:3688
- C:\Windows\System\PMOWDrO.exe
  C:\Windows\System\PMOWDrO.exe
  2⤵
  PID:3728
- C:\Windows\System\oeiVVri.exe
  C:\Windows\System\oeiVVri.exe
  2⤵
  PID:3744
- C:\Windows\System\AmxsxCp.exe
  C:\Windows\System\AmxsxCp.exe
  2⤵
  PID:3788
- C:\Windows\System\HVWaNea.exe
  C:\Windows\System\HVWaNea.exe
  2⤵
  PID:3848
- C:\Windows\System\xZfmWmI.exe
  C:\Windows\System\xZfmWmI.exe
  2⤵
  PID:3836
- C:\Windows\System\zQQEHsa.exe
  C:\Windows\System\zQQEHsa.exe
  2⤵
  PID:3928
- C:\Windows\System\XxXqmhz.exe
  C:\Windows\System\XxXqmhz.exe
  2⤵
  PID:4000
- C:\Windows\System\sOcYdyr.exe
  C:\Windows\System\sOcYdyr.exe
  2⤵
  PID:4004
- C:\Windows\System\wZbCOND.exe
  C:\Windows\System\wZbCOND.exe
  2⤵
  PID:3976
- C:\Windows\System\CHFGcGG.exe
  C:\Windows\System\CHFGcGG.exe
  2⤵
  PID:4024
- C:\Windows\System\MBzUNeP.exe
  C:\Windows\System\MBzUNeP.exe
  2⤵
  PID:4028
- C:\Windows\System\yQQQsAq.exe
  C:\Windows\System\yQQQsAq.exe
  2⤵
  PID:2156
- C:\Windows\System\bsSjptE.exe
  C:\Windows\System\bsSjptE.exe
  2⤵
  PID:836
- C:\Windows\System\sUfeVNL.exe
  C:\Windows\System\sUfeVNL.exe
  2⤵
  PID:2136
- C:\Windows\System\wYwDbQz.exe
  C:\Windows\System\wYwDbQz.exe
  2⤵
  PID:1100
- C:\Windows\System\fOqOfef.exe
  C:\Windows\System\fOqOfef.exe
  2⤵
  PID:2736
- C:\Windows\System\lGnUOrk.exe
  C:\Windows\System\lGnUOrk.exe
  2⤵
  PID:1648
- C:\Windows\System\LrpveeM.exe
  C:\Windows\System\LrpveeM.exe
  2⤵
  PID:2440
- C:\Windows\System\DZvxFbn.exe
  C:\Windows\System\DZvxFbn.exe
  2⤵
  PID:2588
- C:\Windows\System\gjUQUTU.exe
  C:\Windows\System\gjUQUTU.exe
  2⤵
  PID:3208
- C:\Windows\System\gkuMqej.exe
  C:\Windows\System\gkuMqej.exe
  2⤵
  PID:3164
- C:\Windows\System\MZdOMCt.exe
  C:\Windows\System\MZdOMCt.exe
  2⤵
  PID:3140
- C:\Windows\System\BWrkkmJ.exe
  C:\Windows\System\BWrkkmJ.exe
  2⤵
  PID:3192
- C:\Windows\System\bGcPGUB.exe
  C:\Windows\System\bGcPGUB.exe
  2⤵
  PID:3300
- C:\Windows\System\cRdBmpC.exe
  C:\Windows\System\cRdBmpC.exe
  2⤵
  PID:3312
- C:\Windows\System\JvGTBva.exe
  C:\Windows\System\JvGTBva.exe
  2⤵
  PID:3424
- C:\Windows\System\NGhsNfz.exe
  C:\Windows\System\NGhsNfz.exe
  2⤵
  PID:3316
- C:\Windows\System\eZBpMgl.exe
  C:\Windows\System\eZBpMgl.exe
  2⤵
  PID:3404
- C:\Windows\System\EYumeRl.exe
  C:\Windows\System\EYumeRl.exe
  2⤵
  PID:3508
- C:\Windows\System\AyQqzhh.exe
  C:\Windows\System\AyQqzhh.exe
  2⤵
  PID:3592
- C:\Windows\System\DkMrXeu.exe
  C:\Windows\System\DkMrXeu.exe
  2⤵
  PID:3756
- C:\Windows\System\OptGWBP.exe
  C:\Windows\System\OptGWBP.exe
  2⤵
  PID:3684
- C:\Windows\System\HsaKGbp.exe
  C:\Windows\System\HsaKGbp.exe
  2⤵
  PID:3792
- C:\Windows\System\zfhfynz.exe
  C:\Windows\System\zfhfynz.exe
  2⤵
  PID:3888
- C:\Windows\System\jHnFyhJ.exe
  C:\Windows\System\jHnFyhJ.exe
  2⤵
  PID:3912
- C:\Windows\System\GmTRluP.exe
  C:\Windows\System\GmTRluP.exe
  2⤵
  PID:4032
- C:\Windows\System\EhdkVCx.exe
  C:\Windows\System\EhdkVCx.exe
  2⤵
  PID:4068
- C:\Windows\System\xOhVIvX.exe
  C:\Windows\System\xOhVIvX.exe
  2⤵
  PID:1348
- C:\Windows\System\qYBZuVv.exe
  C:\Windows\System\qYBZuVv.exe
  2⤵
  PID:3012
- C:\Windows\System\aAvRBjm.exe
  C:\Windows\System\aAvRBjm.exe
  2⤵
  PID:2544
- C:\Windows\System\lIdpSPo.exe
  C:\Windows\System\lIdpSPo.exe
  2⤵
  PID:1924
- C:\Windows\System\zSDDUeD.exe
  C:\Windows\System\zSDDUeD.exe
  2⤵
  PID:1984
- C:\Windows\System\UVZMrCT.exe
  C:\Windows\System\UVZMrCT.exe
  2⤵
  PID:3148
- C:\Windows\System\hTAOQBK.exe
  C:\Windows\System\hTAOQBK.exe
  2⤵
  PID:3268
- C:\Windows\System\DquvmEe.exe
  C:\Windows\System\DquvmEe.exe
  2⤵
  PID:3492
- C:\Windows\System\VZTyzKv.exe
  C:\Windows\System\VZTyzKv.exe
  2⤵
  PID:4112
- C:\Windows\System\dCpRFcY.exe
  C:\Windows\System\dCpRFcY.exe
  2⤵
  PID:4140
- C:\Windows\System\IhgWTCI.exe
  C:\Windows\System\IhgWTCI.exe
  2⤵
  PID:4156
- C:\Windows\System\OkPjBiD.exe
  C:\Windows\System\OkPjBiD.exe
  2⤵
  PID:4172
- C:\Windows\System\YXrzavT.exe
  C:\Windows\System\YXrzavT.exe
  2⤵
  PID:4188
- C:\Windows\System\DlZFphU.exe
  C:\Windows\System\DlZFphU.exe
  2⤵
  PID:4208
- C:\Windows\System\EUJvExl.exe
  C:\Windows\System\EUJvExl.exe
  2⤵
  PID:4224
- C:\Windows\System\NZqgIcq.exe
  C:\Windows\System\NZqgIcq.exe
  2⤵
  PID:4240
- C:\Windows\System\mytujdg.exe
  C:\Windows\System\mytujdg.exe
  2⤵
  PID:4256
- C:\Windows\System\maJCFMV.exe
  C:\Windows\System\maJCFMV.exe
  2⤵
  PID:4272
- C:\Windows\System\hwwLwgJ.exe
  C:\Windows\System\hwwLwgJ.exe
  2⤵
  PID:4288
- C:\Windows\System\WwrhGkL.exe
  C:\Windows\System\WwrhGkL.exe
  2⤵
  PID:4304
- C:\Windows\System\WuJyvcJ.exe
  C:\Windows\System\WuJyvcJ.exe
  2⤵
  PID:4340
- C:\Windows\System\NFmTgnj.exe
  C:\Windows\System\NFmTgnj.exe
  2⤵
  PID:4360
- C:\Windows\System\UnLaNGT.exe
  C:\Windows\System\UnLaNGT.exe
  2⤵
  PID:4380
- C:\Windows\System\qjRpche.exe
  C:\Windows\System\qjRpche.exe
  2⤵
  PID:4400
- C:\Windows\System\ZRbgRus.exe
  C:\Windows\System\ZRbgRus.exe
  2⤵
  PID:4420
- C:\Windows\System\DCtGLmb.exe
  C:\Windows\System\DCtGLmb.exe
  2⤵
  PID:4440
- C:\Windows\System\vHHvQkr.exe
  C:\Windows\System\vHHvQkr.exe
  2⤵
  PID:4504
- C:\Windows\System\hclTtps.exe
  C:\Windows\System\hclTtps.exe
  2⤵
  PID:4520
- C:\Windows\System\yzOxTBF.exe
  C:\Windows\System\yzOxTBF.exe
  2⤵
  PID:4536
- C:\Windows\System\SmTYrFA.exe
  C:\Windows\System\SmTYrFA.exe
  2⤵
  PID:4560
- C:\Windows\System\ymTIXVk.exe
  C:\Windows\System\ymTIXVk.exe
  2⤵
  PID:4576
- C:\Windows\System\ZiluiVi.exe
  C:\Windows\System\ZiluiVi.exe
  2⤵
  PID:4604
- C:\Windows\System\cSBRMLX.exe
  C:\Windows\System\cSBRMLX.exe
  2⤵
  PID:4620
- C:\Windows\System\LZCrkRj.exe
  C:\Windows\System\LZCrkRj.exe
  2⤵
  PID:4644
- C:\Windows\System\iTGzzFu.exe
  C:\Windows\System\iTGzzFu.exe
  2⤵
  PID:4660
- C:\Windows\System\YOFPwLc.exe
  C:\Windows\System\YOFPwLc.exe
  2⤵
  PID:4680
- C:\Windows\System\BecixRr.exe
  C:\Windows\System\BecixRr.exe
  2⤵
  PID:4696
- C:\Windows\System\FQqYWIv.exe
  C:\Windows\System\FQqYWIv.exe
  2⤵
  PID:4712
- C:\Windows\System\hzKSRLp.exe
  C:\Windows\System\hzKSRLp.exe
  2⤵
  PID:4728
- C:\Windows\System\XMLKfxZ.exe
  C:\Windows\System\XMLKfxZ.exe
  2⤵
  PID:4748
- C:\Windows\System\TbLDFTv.exe
  C:\Windows\System\TbLDFTv.exe
  2⤵
  PID:4764
- C:\Windows\System\sXTzkJS.exe
  C:\Windows\System\sXTzkJS.exe
  2⤵
  PID:4788
- C:\Windows\System\XwdTpgL.exe
  C:\Windows\System\XwdTpgL.exe
  2⤵
  PID:4804
- C:\Windows\System\Ydthizh.exe
  C:\Windows\System\Ydthizh.exe
  2⤵
  PID:4820
- C:\Windows\System\PZIcWwB.exe
  C:\Windows\System\PZIcWwB.exe
  2⤵
  PID:4836
- C:\Windows\System\isvxYCl.exe
  C:\Windows\System\isvxYCl.exe
  2⤵
  PID:4852
- C:\Windows\System\LyrQzDc.exe
  C:\Windows\System\LyrQzDc.exe
  2⤵
  PID:4872
- C:\Windows\System\kRawaXL.exe
  C:\Windows\System\kRawaXL.exe
  2⤵
  PID:4896
- C:\Windows\System\wzWrnHp.exe
  C:\Windows\System\wzWrnHp.exe
  2⤵
  PID:4916
- C:\Windows\System\PurwWfu.exe
  C:\Windows\System\PurwWfu.exe
  2⤵
  PID:4932
- C:\Windows\System\TOQHuBn.exe
  C:\Windows\System\TOQHuBn.exe
  2⤵
  PID:4948
- C:\Windows\System\sEhxBDV.exe
  C:\Windows\System\sEhxBDV.exe
  2⤵
  PID:4964
- C:\Windows\System\CAxMZSk.exe
  C:\Windows\System\CAxMZSk.exe
  2⤵
  PID:4980
- C:\Windows\System\FBMEILj.exe
  C:\Windows\System\FBMEILj.exe
  2⤵
  PID:4996
- C:\Windows\System\xdEUNip.exe
  C:\Windows\System\xdEUNip.exe
  2⤵
  PID:5020
- C:\Windows\System\uHnpgKL.exe
  C:\Windows\System\uHnpgKL.exe
  2⤵
  PID:5036
- C:\Windows\System\rnlYgrq.exe
  C:\Windows\System\rnlYgrq.exe
  2⤵
  PID:5052
- C:\Windows\System\HXMjNhf.exe
  C:\Windows\System\HXMjNhf.exe
  2⤵
  PID:5068
- C:\Windows\System\DwBzBpN.exe
  C:\Windows\System\DwBzBpN.exe
  2⤵
  PID:5084
- C:\Windows\System\ljJYSqX.exe
  C:\Windows\System\ljJYSqX.exe
  2⤵
  PID:5100
- C:\Windows\System\qTwzRaB.exe
  C:\Windows\System\qTwzRaB.exe
  2⤵
  PID:5116
- C:\Windows\System\VXQdWhk.exe
  C:\Windows\System\VXQdWhk.exe
  2⤵
  PID:3752
- C:\Windows\System\kFCtnIw.exe
  C:\Windows\System\kFCtnIw.exe
  2⤵
  PID:3768
- C:\Windows\System\ivcaQQV.exe
  C:\Windows\System\ivcaQQV.exe
  2⤵
  PID:4020
- C:\Windows\System\FRwIlZa.exe
  C:\Windows\System\FRwIlZa.exe
  2⤵
  PID:1584
- C:\Windows\System\GQPWKij.exe
  C:\Windows\System\GQPWKij.exe
  2⤵
  PID:2696
- C:\Windows\System\lnoHUSO.exe
  C:\Windows\System\lnoHUSO.exe
  2⤵
  PID:4168
- C:\Windows\System\YrtZwgf.exe
  C:\Windows\System\YrtZwgf.exe
  2⤵
  PID:3824
- C:\Windows\System\IjDIjnq.exe
  C:\Windows\System\IjDIjnq.exe
  2⤵
  PID:3892
- C:\Windows\System\JulDbDi.exe
  C:\Windows\System\JulDbDi.exe
  2⤵
  PID:2972
- C:\Windows\System\SGGAbVC.exe
  C:\Windows\System\SGGAbVC.exe
  2⤵
  PID:4084
- C:\Windows\System\DFCyGAK.exe
  C:\Windows\System\DFCyGAK.exe
  2⤵
  PID:1428
- C:\Windows\System\dRTLKuv.exe
  C:\Windows\System\dRTLKuv.exe
  2⤵
  PID:3284
- C:\Windows\System\jvgjZDh.exe
  C:\Windows\System\jvgjZDh.exe
  2⤵
  PID:4396
- C:\Windows\System\TBsxdaW.exe
  C:\Windows\System\TBsxdaW.exe
  2⤵
  PID:4428
- C:\Windows\System\iLVcHLF.exe
  C:\Windows\System\iLVcHLF.exe
  2⤵
  PID:4544
- C:\Windows\System\ocQzbRc.exe
  C:\Windows\System\ocQzbRc.exe
  2⤵
  PID:4588
- C:\Windows\System\fUBFjmT.exe
  C:\Windows\System\fUBFjmT.exe
  2⤵
  PID:4628
- C:\Windows\System\ehmaDQk.exe
  C:\Windows\System\ehmaDQk.exe
  2⤵
  PID:4704
- C:\Windows\System\jbmqYwI.exe
  C:\Windows\System\jbmqYwI.exe
  2⤵
  PID:4744
- C:\Windows\System\pBYRHWQ.exe
  C:\Windows\System\pBYRHWQ.exe
  2⤵
  PID:4784
- C:\Windows\System\VRvFsNR.exe
  C:\Windows\System\VRvFsNR.exe
  2⤵
  PID:4844
- C:\Windows\System\xcbTZpX.exe
  C:\Windows\System\xcbTZpX.exe
  2⤵
  PID:4924
- C:\Windows\System\etJbxxh.exe
  C:\Windows\System\etJbxxh.exe
  2⤵
  PID:4988
- C:\Windows\System\WVwtKJg.exe
  C:\Windows\System\WVwtKJg.exe
  2⤵
  PID:4148
- C:\Windows\System\ptSHgGq.exe
  C:\Windows\System\ptSHgGq.exe
  2⤵
  PID:4284
- C:\Windows\System\ILeyUtY.exe
  C:\Windows\System\ILeyUtY.exe
  2⤵
  PID:4336
- C:\Windows\System\JtFvbeY.exe
  C:\Windows\System\JtFvbeY.exe
  2⤵
  PID:4408
- C:\Windows\System\JicSsku.exe
  C:\Windows\System\JicSsku.exe
  2⤵
  PID:4180
- C:\Windows\System\JGiMwfB.exe
  C:\Windows\System\JGiMwfB.exe
  2⤵
  PID:4476
- C:\Windows\System\qbLuinz.exe
  C:\Windows\System\qbLuinz.exe
  2⤵
  PID:5096
- C:\Windows\System\pHUdHGX.exe
  C:\Windows\System\pHUdHGX.exe
  2⤵
  PID:4528
- C:\Windows\System\pKEkoMT.exe
  C:\Windows\System\pKEkoMT.exe
  2⤵
  PID:4652
- C:\Windows\System\ByHxxZA.exe
  C:\Windows\System\ByHxxZA.exe
  2⤵
  PID:1720
- C:\Windows\System\DXAqJGr.exe
  C:\Windows\System\DXAqJGr.exe
  2⤵
  PID:4908
- C:\Windows\System\dlpWANr.exe
  C:\Windows\System\dlpWANr.exe
  2⤵
  PID:3584
- C:\Windows\System\nEmvVZZ.exe
  C:\Windows\System\nEmvVZZ.exe
  2⤵
  PID:3216
- C:\Windows\System\XMLrhuf.exe
  C:\Windows\System\XMLrhuf.exe
  2⤵
  PID:3184
- C:\Windows\System\yJeNMbR.exe
  C:\Windows\System\yJeNMbR.exe
  2⤵
  PID:3828
- C:\Windows\System\ePfSGjK.exe
  C:\Windows\System\ePfSGjK.exe
  2⤵
  PID:4356
- C:\Windows\System\MAZYUkI.exe
  C:\Windows\System\MAZYUkI.exe
  2⤵
  PID:3868
- C:\Windows\System\OqgNToA.exe
  C:\Windows\System\OqgNToA.exe
  2⤵
  PID:5108
- C:\Windows\System\nCAhegl.exe
  C:\Windows\System\nCAhegl.exe
  2⤵
  PID:5044
- C:\Windows\System\geqZFBm.exe
  C:\Windows\System\geqZFBm.exe
  2⤵
  PID:4940
- C:\Windows\System\BDysDHs.exe
  C:\Windows\System\BDysDHs.exe
  2⤵
  PID:4832
- C:\Windows\System\JJzqveV.exe
  C:\Windows\System\JJzqveV.exe
  2⤵
  PID:4756
- C:\Windows\System\spdQenD.exe
  C:\Windows\System\spdQenD.exe
  2⤵
  PID:4124
- C:\Windows\System\hXTyyBA.exe
  C:\Windows\System\hXTyyBA.exe
  2⤵
  PID:4516
- C:\Windows\System\fQEcIGS.exe
  C:\Windows\System\fQEcIGS.exe
  2⤵
  PID:4600
- C:\Windows\System\vTXpJsZ.exe
  C:\Windows\System\vTXpJsZ.exe
  2⤵
  PID:4848
- C:\Windows\System\JsCZPoF.exe
  C:\Windows\System\JsCZPoF.exe
  2⤵
  PID:4296
- C:\Windows\System\cYXXdWW.exe
  C:\Windows\System\cYXXdWW.exe
  2⤵
  PID:3248
- C:\Windows\System\OVLZDHg.exe
  C:\Windows\System\OVLZDHg.exe
  2⤵
  PID:4584
- C:\Windows\System\jzpbTly.exe
  C:\Windows\System\jzpbTly.exe
  2⤵
  PID:4668
- C:\Windows\System\YROWIvd.exe
  C:\Windows\System\YROWIvd.exe
  2⤵
  PID:4220
- C:\Windows\System\fkpytvK.exe
  C:\Windows\System\fkpytvK.exe
  2⤵
  PID:4468
- C:\Windows\System\YwJkalp.exe
  C:\Windows\System\YwJkalp.exe
  2⤵
  PID:4892
- C:\Windows\System\IzaeRud.exe
  C:\Windows\System\IzaeRud.exe
  2⤵
  PID:4184
- C:\Windows\System\mRHImGv.exe
  C:\Windows\System\mRHImGv.exe
  2⤵
  PID:4492
- C:\Windows\System\OYLGdbQ.exe
  C:\Windows\System\OYLGdbQ.exe
  2⤵
  PID:5064
- C:\Windows\System\gfRThzk.exe
  C:\Windows\System\gfRThzk.exe
  2⤵
  PID:2264
- C:\Windows\System\wdqipUD.exe
  C:\Windows\System\wdqipUD.exe
  2⤵
  PID:3572
- C:\Windows\System\MkKXOdP.exe
  C:\Windows\System\MkKXOdP.exe
  2⤵
  PID:2936
- C:\Windows\System\XrQLHAE.exe
  C:\Windows\System\XrQLHAE.exe
  2⤵
  PID:3308
- C:\Windows\System\xZlePxW.exe
  C:\Windows\System\xZlePxW.exe
  2⤵
  PID:2304
- C:\Windows\System\KPZTaiB.exe
  C:\Windows\System\KPZTaiB.exe
  2⤵
  PID:5112
- C:\Windows\System\YrYvuxu.exe
  C:\Windows\System\YrYvuxu.exe
  2⤵
  PID:5132
- C:\Windows\System\FUlveeA.exe
  C:\Windows\System\FUlveeA.exe
  2⤵
  PID:5148
- C:\Windows\System\gtrYWaX.exe
  C:\Windows\System\gtrYWaX.exe
  2⤵
  PID:5164
- C:\Windows\System\SGbGMaa.exe
  C:\Windows\System\SGbGMaa.exe
  2⤵
  PID:5180
- C:\Windows\System\NoWZqMt.exe
  C:\Windows\System\NoWZqMt.exe
  2⤵
  PID:5196
- C:\Windows\System\iWYKXLN.exe
  C:\Windows\System\iWYKXLN.exe
  2⤵
  PID:5212
- C:\Windows\System\CuBsyQx.exe
  C:\Windows\System\CuBsyQx.exe
  2⤵
  PID:5228
- C:\Windows\System\oWZXhmm.exe
  C:\Windows\System\oWZXhmm.exe
  2⤵
  PID:5248
- C:\Windows\System\pBgUHLb.exe
  C:\Windows\System\pBgUHLb.exe
  2⤵
  PID:5264
- C:\Windows\System\AznQohr.exe
  C:\Windows\System\AznQohr.exe
  2⤵
  PID:5280
- C:\Windows\System\AlaeWbR.exe
  C:\Windows\System\AlaeWbR.exe
  2⤵
  PID:5308
- C:\Windows\System\eOFIgSq.exe
  C:\Windows\System\eOFIgSq.exe
  2⤵
  PID:5340
- C:\Windows\System\zSwzRWj.exe
  C:\Windows\System\zSwzRWj.exe
  2⤵
  PID:5360
- C:\Windows\System\phXPqfJ.exe
  C:\Windows\System\phXPqfJ.exe
  2⤵
  PID:5380
- C:\Windows\System\gaTbTLo.exe
  C:\Windows\System\gaTbTLo.exe
  2⤵
  PID:5400
- C:\Windows\System\yzJWCxP.exe
  C:\Windows\System\yzJWCxP.exe
  2⤵
  PID:5452
- C:\Windows\System\gRqFPcc.exe
  C:\Windows\System\gRqFPcc.exe
  2⤵
  PID:5476
- C:\Windows\System\tHZLmsd.exe
  C:\Windows\System\tHZLmsd.exe
  2⤵
  PID:5492
- C:\Windows\System\bFbKMZN.exe
  C:\Windows\System\bFbKMZN.exe
  2⤵
  PID:5520
- C:\Windows\System\ppUcuTx.exe
  C:\Windows\System\ppUcuTx.exe
  2⤵
  PID:5540
- C:\Windows\System\qiTxATV.exe
  C:\Windows\System\qiTxATV.exe
  2⤵
  PID:5560
- C:\Windows\System\sbWiNBU.exe
  C:\Windows\System\sbWiNBU.exe
  2⤵
  PID:5576
- C:\Windows\System\KxdrXzP.exe
  C:\Windows\System\KxdrXzP.exe
  2⤵
  PID:5600
- C:\Windows\System\XGKvBUC.exe
  C:\Windows\System\XGKvBUC.exe
  2⤵
  PID:5620
- C:\Windows\System\LvMHXWu.exe
  C:\Windows\System\LvMHXWu.exe
  2⤵
  PID:5640
- C:\Windows\System\hcjMBIJ.exe
  C:\Windows\System\hcjMBIJ.exe
  2⤵
  PID:5660
- C:\Windows\System\XXMOsiF.exe
  C:\Windows\System\XXMOsiF.exe
  2⤵
  PID:5676
- C:\Windows\System\UQQBAUU.exe
  C:\Windows\System\UQQBAUU.exe
  2⤵
  PID:5696
- C:\Windows\System\OYZPWBf.exe
  C:\Windows\System\OYZPWBf.exe
  2⤵
  PID:5716
- C:\Windows\System\bnjtCxp.exe
  C:\Windows\System\bnjtCxp.exe
  2⤵
  PID:5736
- C:\Windows\System\dzTDjvw.exe
  C:\Windows\System\dzTDjvw.exe
  2⤵
  PID:5760
- C:\Windows\System\QOYvAwd.exe
  C:\Windows\System\QOYvAwd.exe
  2⤵
  PID:5780
- C:\Windows\System\XvIWxVM.exe
  C:\Windows\System\XvIWxVM.exe
  2⤵
  PID:5800
- C:\Windows\System\ySDtqFE.exe
  C:\Windows\System\ySDtqFE.exe
  2⤵
  PID:5820
- C:\Windows\System\KCuVGcN.exe
  C:\Windows\System\KCuVGcN.exe
  2⤵
  PID:5840
- C:\Windows\System\MROWJjS.exe
  C:\Windows\System\MROWJjS.exe
  2⤵
  PID:5860
- C:\Windows\System\OpPOXyw.exe
  C:\Windows\System\OpPOXyw.exe
  2⤵
  PID:5876
- C:\Windows\System\HUQhqlC.exe
  C:\Windows\System\HUQhqlC.exe
  2⤵
  PID:5896
- C:\Windows\System\MQfauPx.exe
  C:\Windows\System\MQfauPx.exe
  2⤵
  PID:5916
- C:\Windows\System\NZZgJCn.exe
  C:\Windows\System\NZZgJCn.exe
  2⤵
  PID:5932
- C:\Windows\System\LxtpEqo.exe
  C:\Windows\System\LxtpEqo.exe
  2⤵
  PID:5952
- C:\Windows\System\tTajYWC.exe
  C:\Windows\System\tTajYWC.exe
  2⤵
  PID:5972
- C:\Windows\System\NGyvZOr.exe
  C:\Windows\System\NGyvZOr.exe
  2⤵
  PID:5992
- C:\Windows\System\GpIFdfn.exe
  C:\Windows\System\GpIFdfn.exe
  2⤵
  PID:6020
- C:\Windows\System\Kwyvlpf.exe
  C:\Windows\System\Kwyvlpf.exe
  2⤵
  PID:6040
- C:\Windows\System\qiJlDFU.exe
  C:\Windows\System\qiJlDFU.exe
  2⤵
  PID:6060
- C:\Windows\System\EKZUtEe.exe
  C:\Windows\System\EKZUtEe.exe
  2⤵
  PID:6080
- C:\Windows\System\oXGmGtS.exe
  C:\Windows\System\oXGmGtS.exe
  2⤵
  PID:6100
- C:\Windows\System\KToXHUQ.exe
  C:\Windows\System\KToXHUQ.exe
  2⤵
  PID:6120
- C:\Windows\System\dwiWfwp.exe
  C:\Windows\System\dwiWfwp.exe
  2⤵
  PID:5004
- C:\Windows\System\rfPwgVw.exe
  C:\Windows\System\rfPwgVw.exe
  2⤵
  PID:4796
- C:\Windows\System\HyQZOLC.exe
  C:\Windows\System\HyQZOLC.exe
  2⤵
  PID:4736
- C:\Windows\System\BuKQBor.exe
  C:\Windows\System\BuKQBor.exe
  2⤵
  PID:4268
- C:\Windows\System\sDAzZmw.exe
  C:\Windows\System\sDAzZmw.exe
  2⤵
  PID:4632
- C:\Windows\System\WVeUTdF.exe
  C:\Windows\System\WVeUTdF.exe
  2⤵
  PID:4780
- C:\Windows\System\KqXNFWp.exe
  C:\Windows\System\KqXNFWp.exe
  2⤵
  PID:2492
- C:\Windows\System\GleqEZa.exe
  C:\Windows\System\GleqEZa.exe
  2⤵
  PID:3648
- C:\Windows\System\OnQvkQi.exe
  C:\Windows\System\OnQvkQi.exe
  2⤵
  PID:4488
- C:\Windows\System\coNbjlo.exe
  C:\Windows\System\coNbjlo.exe
  2⤵
  PID:2292
- C:\Windows\System\lUNQMbD.exe
  C:\Windows\System\lUNQMbD.exe
  2⤵
  PID:4352
- C:\Windows\System\WeJveqk.exe
  C:\Windows\System\WeJveqk.exe
  2⤵
  PID:4864
- C:\Windows\System\KKGTkUi.exe
  C:\Windows\System\KKGTkUi.exe
  2⤵
  PID:5144
- C:\Windows\System\lhTkAkI.exe
  C:\Windows\System\lhTkAkI.exe
  2⤵
  PID:3668
- C:\Windows\System\Sbpiouo.exe
  C:\Windows\System\Sbpiouo.exe
  2⤵
  PID:5236
- C:\Windows\System\DyupFXd.exe
  C:\Windows\System\DyupFXd.exe
  2⤵
  PID:5272
- C:\Windows\System\gCfsvID.exe
  C:\Windows\System\gCfsvID.exe
  2⤵
  PID:4252
- C:\Windows\System\htVywwe.exe
  C:\Windows\System\htVywwe.exe
  2⤵
  PID:2340
- C:\Windows\System\oykkVLZ.exe
  C:\Windows\System\oykkVLZ.exe
  2⤵
  PID:5328
- C:\Windows\System\hAatLfD.exe
  C:\Windows\System\hAatLfD.exe
  2⤵
  PID:5032
- C:\Windows\System\CeHUykc.exe
  C:\Windows\System\CeHUykc.exe
  2⤵
  PID:5376
- C:\Windows\System\MnosTdU.exe
  C:\Windows\System\MnosTdU.exe
  2⤵
  PID:5292
- C:\Windows\System\afAsnjI.exe
  C:\Windows\System\afAsnjI.exe
  2⤵
  PID:5352
- C:\Windows\System\vMtFDjS.exe
  C:\Windows\System\vMtFDjS.exe
  2⤵
  PID:5224
- C:\Windows\System\NSbWNFD.exe
  C:\Windows\System\NSbWNFD.exe
  2⤵
  PID:5156
- C:\Windows\System\ZgllGHV.exe
  C:\Windows\System\ZgllGHV.exe
  2⤵
  PID:3264
- C:\Windows\System\dTUoCFO.exe
  C:\Windows\System\dTUoCFO.exe
  2⤵
  PID:5420
- C:\Windows\System\fGLQHrF.exe
  C:\Windows\System\fGLQHrF.exe
  2⤵
  PID:5440
- C:\Windows\System\LUdyFMi.exe
  C:\Windows\System\LUdyFMi.exe
  2⤵
  PID:5468
- C:\Windows\System\qrnKlRY.exe
  C:\Windows\System\qrnKlRY.exe
  2⤵
  PID:5528
- C:\Windows\System\oXIwlaR.exe
  C:\Windows\System\oXIwlaR.exe
  2⤵
  PID:5508
- C:\Windows\System\gWiSHrW.exe
  C:\Windows\System\gWiSHrW.exe
  2⤵
  PID:5608
- C:\Windows\System\IlUrfsm.exe
  C:\Windows\System\IlUrfsm.exe
  2⤵
  PID:5588
- C:\Windows\System\jaBYxGo.exe
  C:\Windows\System\jaBYxGo.exe
  2⤵
  PID:5652
- C:\Windows\System\VQKCvZJ.exe
  C:\Windows\System\VQKCvZJ.exe
  2⤵
  PID:5668
- C:\Windows\System\ICSOTQD.exe
  C:\Windows\System\ICSOTQD.exe
  2⤵
  PID:5708
- C:\Windows\System\kMDauye.exe
  C:\Windows\System\kMDauye.exe
  2⤵
  PID:5768
- C:\Windows\System\KwcAfod.exe
  C:\Windows\System\KwcAfod.exe
  2⤵
  PID:5756
- C:\Windows\System\svxwuMh.exe
  C:\Windows\System\svxwuMh.exe
  2⤵
  PID:5788
- C:\Windows\System\EXzxAKH.exe
  C:\Windows\System\EXzxAKH.exe
  2⤵
  PID:5832
- C:\Windows\System\OGbUSBS.exe
  C:\Windows\System\OGbUSBS.exe
  2⤵
  PID:5872
- C:\Windows\System\hYsyApe.exe
  C:\Windows\System\hYsyApe.exe
  2⤵
  PID:5928
- C:\Windows\System\wNwQWxm.exe
  C:\Windows\System\wNwQWxm.exe
  2⤵
  PID:5968
- C:\Windows\System\akRhmPi.exe
  C:\Windows\System\akRhmPi.exe
  2⤵
  PID:5940
- C:\Windows\System\wqJOdKv.exe
  C:\Windows\System\wqJOdKv.exe
  2⤵
  PID:6008
- C:\Windows\System\WigglSt.exe
  C:\Windows\System\WigglSt.exe
  2⤵
  PID:6048
- C:\Windows\System\NDofIRh.exe
  C:\Windows\System\NDofIRh.exe
  2⤵
  PID:6068
- C:\Windows\System\SwEbciS.exe
  C:\Windows\System\SwEbciS.exe
  2⤵
  PID:6096
- C:\Windows\System\TuqvVKF.exe
  C:\Windows\System\TuqvVKF.exe
  2⤵
  PID:6132
- C:\Windows\System\aISKJaO.exe
  C:\Windows\System\aISKJaO.exe
  2⤵
  PID:4972
- C:\Windows\System\psuRLIp.exe
  C:\Windows\System\psuRLIp.exe
  2⤵
  PID:4556
- C:\Windows\System\WQVWRca.exe
  C:\Windows\System\WQVWRca.exe
  2⤵
  PID:1064
- C:\Windows\System\miBaRwY.exe
  C:\Windows\System\miBaRwY.exe
  2⤵
  PID:4676
- C:\Windows\System\NHLGGTp.exe
  C:\Windows\System\NHLGGTp.exe
  2⤵
  PID:5012
- C:\Windows\System\igigrig.exe
  C:\Windows\System\igigrig.exe
  2⤵
  PID:3984
- C:\Windows\System\DkOXDzv.exe
  C:\Windows\System\DkOXDzv.exe
  2⤵
  PID:4904
- C:\Windows\System\edssLWC.exe
  C:\Windows\System\edssLWC.exe
  2⤵
  PID:5176
- C:\Windows\System\AGojDjb.exe
  C:\Windows\System\AGojDjb.exe
  2⤵
  PID:3464
- C:\Windows\System\wfceSoh.exe
  C:\Windows\System\wfceSoh.exe
  2⤵
  PID:4104
- C:\Windows\System\tRmWjvK.exe
  C:\Windows\System\tRmWjvK.exe
  2⤵
  PID:4484
- C:\Windows\System\hpyVVkq.exe
  C:\Windows\System\hpyVVkq.exe
  2⤵
  PID:4332
- C:\Windows\System\mZFGkmG.exe
  C:\Windows\System\mZFGkmG.exe
  2⤵
  PID:5288
- C:\Windows\System\SaFlQvg.exe
  C:\Windows\System\SaFlQvg.exe
  2⤵
  PID:1376
- C:\Windows\System\RaGGQml.exe
  C:\Windows\System\RaGGQml.exe
  2⤵
  PID:5392
- C:\Windows\System\jPrEQew.exe
  C:\Windows\System\jPrEQew.exe
  2⤵
  PID:4616
- C:\Windows\System\elPIeuC.exe
  C:\Windows\System\elPIeuC.exe
  2⤵
  PID:5432
- C:\Windows\System\DEFmgFi.exe
  C:\Windows\System\DEFmgFi.exe
  2⤵
  PID:5460
- C:\Windows\System\HlPZdCY.exe
  C:\Windows\System\HlPZdCY.exe
  2⤵
  PID:5556
- C:\Windows\System\ImLimGM.exe
  C:\Windows\System\ImLimGM.exe
  2⤵
  PID:5592
- C:\Windows\System\lliGOoy.exe
  C:\Windows\System\lliGOoy.exe
  2⤵
  PID:5632
- C:\Windows\System\GggJjxi.exe
  C:\Windows\System\GggJjxi.exe
  2⤵
  PID:5728
- C:\Windows\System\RJgIzdE.exe
  C:\Windows\System\RJgIzdE.exe
  2⤵
  PID:5808
- C:\Windows\System\rAuvOOb.exe
  C:\Windows\System\rAuvOOb.exe
  2⤵
  PID:5796
- C:\Windows\System\SlVgaVm.exe
  C:\Windows\System\SlVgaVm.exe
  2⤵
  PID:5924
- C:\Windows\System\TSZGNuX.exe
  C:\Windows\System\TSZGNuX.exe
  2⤵
  PID:5948
- C:\Windows\System\xTiNlWZ.exe
  C:\Windows\System\xTiNlWZ.exe
  2⤵
  PID:6012
- C:\Windows\System\VqokmiR.exe
  C:\Windows\System\VqokmiR.exe
  2⤵
  PID:6052
- C:\Windows\System\aTnxbvV.exe
  C:\Windows\System\aTnxbvV.exe
  2⤵
  PID:6108
- C:\Windows\System\gEReNYs.exe
  C:\Windows\System\gEReNYs.exe
  2⤵
  PID:4164
- C:\Windows\System\tJAwRvS.exe
  C:\Windows\System\tJAwRvS.exe
  2⤵
  PID:2300
- C:\Windows\System\jCTjqSi.exe
  C:\Windows\System\jCTjqSi.exe
  2⤵
  PID:2476
- C:\Windows\System\VmPpftG.exe
  C:\Windows\System\VmPpftG.exe
  2⤵
  PID:3488
- C:\Windows\System\NgYuUso.exe
  C:\Windows\System\NgYuUso.exe
  2⤵
  PID:4688
- C:\Windows\System\eysFqSJ.exe
  C:\Windows\System\eysFqSJ.exe
  2⤵
  PID:4372
- C:\Windows\System\YheLDvM.exe
  C:\Windows\System\YheLDvM.exe
  2⤵
  PID:5276
- C:\Windows\System\XmhSzby.exe
  C:\Windows\System\XmhSzby.exe
  2⤵
  PID:5256
- C:\Windows\System\PQTSeHs.exe
  C:\Windows\System\PQTSeHs.exe
  2⤵
  PID:5192
- C:\Windows\System\DXyXslr.exe
  C:\Windows\System\DXyXslr.exe
  2⤵
  PID:5416
- C:\Windows\System\nXMyFuf.exe
  C:\Windows\System\nXMyFuf.exe
  2⤵
  PID:5472
- C:\Windows\System\OcIKbNu.exe
  C:\Windows\System\OcIKbNu.exe
  2⤵
  PID:6160
- C:\Windows\System\pCMDOsi.exe
  C:\Windows\System\pCMDOsi.exe
  2⤵
  PID:6180
- C:\Windows\System\cVDRZPO.exe
  C:\Windows\System\cVDRZPO.exe
  2⤵
  PID:6200
- C:\Windows\System\nXmbtEJ.exe
  C:\Windows\System\nXmbtEJ.exe
  2⤵
  PID:6220
- C:\Windows\System\IFykafg.exe
  C:\Windows\System\IFykafg.exe
  2⤵
  PID:6240
- C:\Windows\System\vuLTBCw.exe
  C:\Windows\System\vuLTBCw.exe
  2⤵
  PID:6260
- C:\Windows\System\qbKgoMh.exe
  C:\Windows\System\qbKgoMh.exe
  2⤵
  PID:6280
- C:\Windows\System\wpCPXZj.exe
  C:\Windows\System\wpCPXZj.exe
  2⤵
  PID:6300
- C:\Windows\System\KyTqDBt.exe
  C:\Windows\System\KyTqDBt.exe
  2⤵
  PID:6320
- C:\Windows\System\qMxCeHB.exe
  C:\Windows\System\qMxCeHB.exe
  2⤵
  PID:6340
- C:\Windows\System\ugSXbqg.exe
  C:\Windows\System\ugSXbqg.exe
  2⤵
  PID:6360
- C:\Windows\System\guorriR.exe
  C:\Windows\System\guorriR.exe
  2⤵
  PID:6380
- C:\Windows\System\HFwgVBz.exe
  C:\Windows\System\HFwgVBz.exe
  2⤵
  PID:6400
- C:\Windows\System\rPAXwWp.exe
  C:\Windows\System\rPAXwWp.exe
  2⤵
  PID:6420
- C:\Windows\System\UjgIpnR.exe
  C:\Windows\System\UjgIpnR.exe
  2⤵
  PID:6440
- C:\Windows\System\LSkYxnn.exe
  C:\Windows\System\LSkYxnn.exe
  2⤵
  PID:6460
- C:\Windows\System\QlsEJiF.exe
  C:\Windows\System\QlsEJiF.exe
  2⤵
  PID:6480
- C:\Windows\System\kkdrCeY.exe
  C:\Windows\System\kkdrCeY.exe
  2⤵
  PID:6500
- C:\Windows\System\DJnVYKV.exe
  C:\Windows\System\DJnVYKV.exe
  2⤵
  PID:6520
- C:\Windows\System\cOLXpdg.exe
  C:\Windows\System\cOLXpdg.exe
  2⤵
  PID:6540
- C:\Windows\System\HrvplCW.exe
  C:\Windows\System\HrvplCW.exe
  2⤵
  PID:6560
- C:\Windows\System\ofwrgXa.exe
  C:\Windows\System\ofwrgXa.exe
  2⤵
  PID:6580
- C:\Windows\System\XhPxRaS.exe
  C:\Windows\System\XhPxRaS.exe
  2⤵
  PID:6604
- C:\Windows\System\ZzDwouu.exe
  C:\Windows\System\ZzDwouu.exe
  2⤵
  PID:6624
- C:\Windows\System\uySbnyh.exe
  C:\Windows\System\uySbnyh.exe
  2⤵
  PID:6644
- C:\Windows\System\ftMewhb.exe
  C:\Windows\System\ftMewhb.exe
  2⤵
  PID:6664
- C:\Windows\System\sdKRufA.exe
  C:\Windows\System\sdKRufA.exe
  2⤵
  PID:6684
- C:\Windows\System\swqvOzT.exe
  C:\Windows\System\swqvOzT.exe
  2⤵
  PID:6704
- C:\Windows\System\mnxiJGR.exe
  C:\Windows\System\mnxiJGR.exe
  2⤵
  PID:6724
- C:\Windows\System\unLAWBu.exe
  C:\Windows\System\unLAWBu.exe
  2⤵
  PID:6744
- C:\Windows\System\IUjNiil.exe
  C:\Windows\System\IUjNiil.exe
  2⤵
  PID:6764
- C:\Windows\System\VCAIYLe.exe
  C:\Windows\System\VCAIYLe.exe
  2⤵
  PID:6784
- C:\Windows\System\qKzMGdh.exe
  C:\Windows\System\qKzMGdh.exe
  2⤵
  PID:6804
- C:\Windows\System\izBnhpj.exe
  C:\Windows\System\izBnhpj.exe
  2⤵
  PID:6824
- C:\Windows\System\UAiQwuI.exe
  C:\Windows\System\UAiQwuI.exe
  2⤵
  PID:6844
- C:\Windows\System\OLPCnYi.exe
  C:\Windows\System\OLPCnYi.exe
  2⤵
  PID:6864
- C:\Windows\System\MXCvisG.exe
  C:\Windows\System\MXCvisG.exe
  2⤵
  PID:6884
- C:\Windows\System\zeUtqDJ.exe
  C:\Windows\System\zeUtqDJ.exe
  2⤵
  PID:6904
- C:\Windows\System\zJzCRmD.exe
  C:\Windows\System\zJzCRmD.exe
  2⤵
  PID:6924
- C:\Windows\System\tghkDcS.exe
  C:\Windows\System\tghkDcS.exe
  2⤵
  PID:6944
- C:\Windows\System\cHbuswK.exe
  C:\Windows\System\cHbuswK.exe
  2⤵
  PID:6964
- C:\Windows\System\BQnuBHF.exe
  C:\Windows\System\BQnuBHF.exe
  2⤵
  PID:6980
- C:\Windows\System\dvuBbwd.exe
  C:\Windows\System\dvuBbwd.exe
  2⤵
  PID:7004
- C:\Windows\System\LSueMJO.exe
  C:\Windows\System\LSueMJO.exe
  2⤵
  PID:7024
- C:\Windows\System\pnnUUgF.exe
  C:\Windows\System\pnnUUgF.exe
  2⤵
  PID:7044
- C:\Windows\System\dzVuVKh.exe
  C:\Windows\System\dzVuVKh.exe
  2⤵
  PID:7064
- C:\Windows\System\ixpcagu.exe
  C:\Windows\System\ixpcagu.exe
  2⤵
  PID:7084
- C:\Windows\System\hLyqDEX.exe
  C:\Windows\System\hLyqDEX.exe
  2⤵
  PID:7104
- C:\Windows\System\jywLZLy.exe
  C:\Windows\System\jywLZLy.exe
  2⤵
  PID:7124
- C:\Windows\System\KecKJVj.exe
  C:\Windows\System\KecKJVj.exe
  2⤵
  PID:7144
- C:\Windows\System\EOMrCTy.exe
  C:\Windows\System\EOMrCTy.exe
  2⤵
  PID:7164
- C:\Windows\System\mOGrEyK.exe
  C:\Windows\System\mOGrEyK.exe
  2⤵
  PID:5512
- C:\Windows\System\TnsJhel.exe
  C:\Windows\System\TnsJhel.exe
  2⤵
  PID:5704
- C:\Windows\System\JFALUQm.exe
  C:\Windows\System\JFALUQm.exe
  2⤵
  PID:5816
- C:\Windows\System\SEBZmSJ.exe
  C:\Windows\System\SEBZmSJ.exe
  2⤵
  PID:5852
- C:\Windows\System\oFhKXZI.exe
  C:\Windows\System\oFhKXZI.exe
  2⤵
  PID:5984
- C:\Windows\System\QWQUask.exe
  C:\Windows\System\QWQUask.exe
  2⤵
  PID:2732
- C:\Windows\System\ggoImFe.exe
  C:\Windows\System\ggoImFe.exe
  2⤵
  PID:6112
- C:\Windows\System\YhvwMJP.exe
  C:\Windows\System\YhvwMJP.exe
  2⤵
  PID:4128
- C:\Windows\System\ppRbTIy.exe
  C:\Windows\System\ppRbTIy.exe
  2⤵
  PID:5048
- C:\Windows\System\DYbvlYc.exe
  C:\Windows\System\DYbvlYc.exe
  2⤵
  PID:4264
- C:\Windows\System\zBSuFQR.exe
  C:\Windows\System\zBSuFQR.exe
  2⤵
  PID:4328
- C:\Windows\System\eWOmVJJ.exe
  C:\Windows\System\eWOmVJJ.exe
  2⤵
  PID:5368
- C:\Windows\System\GLGWvyy.exe
  C:\Windows\System\GLGWvyy.exe
  2⤵
  PID:5124
- C:\Windows\System\cISrlVx.exe
  C:\Windows\System\cISrlVx.exe
  2⤵
  PID:6168
- C:\Windows\System\yXSxdfx.exe
  C:\Windows\System\yXSxdfx.exe
  2⤵
  PID:6208
- C:\Windows\System\FNwkFQC.exe
  C:\Windows\System\FNwkFQC.exe
  2⤵
  PID:6228
- C:\Windows\System\CmmMGFe.exe
  C:\Windows\System\CmmMGFe.exe
  2⤵
  PID:6252
- C:\Windows\System\uaShJSM.exe
  C:\Windows\System\uaShJSM.exe
  2⤵
  PID:6276
- C:\Windows\System\mCVTSTq.exe
  C:\Windows\System\mCVTSTq.exe
  2⤵
  PID:6316
- C:\Windows\System\TIBWWjL.exe
  C:\Windows\System\TIBWWjL.exe
  2⤵
  PID:6368
- C:\Windows\System\xfddChb.exe
  C:\Windows\System\xfddChb.exe
  2⤵
  PID:6396
- C:\Windows\System\fKQHheX.exe
  C:\Windows\System\fKQHheX.exe
  2⤵
  PID:6448
- C:\Windows\System\LDqCItE.exe
  C:\Windows\System\LDqCItE.exe
  2⤵
  PID:6452
- C:\Windows\System\xFLSLoo.exe
  C:\Windows\System\xFLSLoo.exe
  2⤵
  PID:6496
- C:\Windows\System\icgOVrp.exe
  C:\Windows\System\icgOVrp.exe
  2⤵
  PID:6532
- C:\Windows\System\xcqjCXd.exe
  C:\Windows\System\xcqjCXd.exe
  2⤵
  PID:6552
- C:\Windows\System\CYvOXWe.exe
  C:\Windows\System\CYvOXWe.exe
  2⤵
  PID:6612
- C:\Windows\System\HAigurw.exe
  C:\Windows\System\HAigurw.exe
  2⤵
  PID:6632
- C:\Windows\System\ZQHeLJn.exe
  C:\Windows\System\ZQHeLJn.exe
  2⤵
  PID:6640
- C:\Windows\System\viDLzRZ.exe
  C:\Windows\System\viDLzRZ.exe
  2⤵
  PID:6696
- C:\Windows\System\pkBJmMN.exe
  C:\Windows\System\pkBJmMN.exe
  2⤵
  PID:6720
- C:\Windows\System\AFykcVj.exe
  C:\Windows\System\AFykcVj.exe
  2⤵
  PID:6752
- C:\Windows\System\bmBGiGW.exe
  C:\Windows\System\bmBGiGW.exe
  2⤵
  PID:6792
- C:\Windows\System\obHlEpe.exe
  C:\Windows\System\obHlEpe.exe
  2⤵
  PID:6832
- C:\Windows\System\rELZVsE.exe
  C:\Windows\System\rELZVsE.exe
  2⤵
  PID:6856
- C:\Windows\System\rmKAiwE.exe
  C:\Windows\System\rmKAiwE.exe
  2⤵
  PID:6876
- C:\Windows\System\vjtoJPC.exe
  C:\Windows\System\vjtoJPC.exe
  2⤵
  PID:6912
- C:\Windows\System\oxadfsy.exe
  C:\Windows\System\oxadfsy.exe
  2⤵
  PID:6952
- C:\Windows\System\CFUrvCF.exe
  C:\Windows\System\CFUrvCF.exe
  2⤵
  PID:6996
- C:\Windows\System\eUgIxuG.exe
  C:\Windows\System\eUgIxuG.exe
  2⤵
  PID:6992
- C:\Windows\System\lhSCXHo.exe
  C:\Windows\System\lhSCXHo.exe
  2⤵
  PID:7040
- C:\Windows\System\kpUJLap.exe
  C:\Windows\System\kpUJLap.exe
  2⤵
  PID:7100
- C:\Windows\System\VOoSale.exe
  C:\Windows\System\VOoSale.exe
  2⤵
  PID:7120
- C:\Windows\System\dfDZGHs.exe
  C:\Windows\System\dfDZGHs.exe
  2⤵
  PID:7152
- C:\Windows\System\QwGUfwZ.exe
  C:\Windows\System\QwGUfwZ.exe
  2⤵
  PID:600
- C:\Windows\System\uyxfOep.exe
  C:\Windows\System\uyxfOep.exe
  2⤵
  PID:5724
- C:\Windows\System\FmDrbPE.exe
  C:\Windows\System\FmDrbPE.exe
  2⤵
  PID:5892
- C:\Windows\System\rGVNvhX.exe
  C:\Windows\System\rGVNvhX.exe
  2⤵
  PID:6076
- C:\Windows\System\aeDAanU.exe
  C:\Windows\System\aeDAanU.exe
  2⤵
  PID:4740
- C:\Windows\System\bfRkznl.exe
  C:\Windows\System\bfRkznl.exe
  2⤵
  PID:4120
- C:\Windows\System\TCyuJOz.exe
  C:\Windows\System\TCyuJOz.exe
  2⤵
  PID:3212
- C:\Windows\System\nkIEHkf.exe
  C:\Windows\System\nkIEHkf.exe
  2⤵
  PID:4612
- C:\Windows\System\IYlUYzQ.exe
  C:\Windows\System\IYlUYzQ.exe
  2⤵
  PID:6188
- C:\Windows\System\ZKKgqAH.exe
  C:\Windows\System\ZKKgqAH.exe
  2⤵
  PID:6212
- C:\Windows\System\vqTqoxY.exe
  C:\Windows\System\vqTqoxY.exe
  2⤵
  PID:6288
- C:\Windows\System\MGSckOu.exe
  C:\Windows\System\MGSckOu.exe
  2⤵
  PID:6292
- C:\Windows\System\QGsLGBe.exe
  C:\Windows\System\QGsLGBe.exe
  2⤵
  PID:2864
- C:\Windows\System\JPNlUrF.exe
  C:\Windows\System\JPNlUrF.exe
  2⤵
  PID:2312
- C:\Windows\System\GiCkAJV.exe
  C:\Windows\System\GiCkAJV.exe
  2⤵
  PID:924
- C:\Windows\System\uGutiUz.exe
  C:\Windows\System\uGutiUz.exe
  2⤵
  PID:2680
- C:\Windows\System\TMIUSNj.exe
  C:\Windows\System\TMIUSNj.exe
  2⤵
  PID:6508
- C:\Windows\System\vbLiJMD.exe
  C:\Windows\System\vbLiJMD.exe
  2⤵
  PID:6516
- C:\Windows\System\tbYyMdG.exe
  C:\Windows\System\tbYyMdG.exe
  2⤵
  PID:6548
- C:\Windows\System\AjIguYa.exe
  C:\Windows\System\AjIguYa.exe
  2⤵
  PID:6596
- C:\Windows\System\iGTiDMd.exe
  C:\Windows\System\iGTiDMd.exe
  2⤵
  PID:6700
- C:\Windows\System\RKzQBCp.exe
  C:\Windows\System\RKzQBCp.exe
  2⤵
  PID:6756
- C:\Windows\System\pNEhnul.exe
  C:\Windows\System\pNEhnul.exe
  2⤵
  PID:6776
- C:\Windows\System\lQKvnnF.exe
  C:\Windows\System\lQKvnnF.exe
  2⤵
  PID:6816
- C:\Windows\System\xCQPIjy.exe
  C:\Windows\System\xCQPIjy.exe
  2⤵
  PID:6932
- C:\Windows\System\lmChaZo.exe
  C:\Windows\System\lmChaZo.exe
  2⤵
  PID:6936
- C:\Windows\System\nrHEjHg.exe
  C:\Windows\System\nrHEjHg.exe
  2⤵
  PID:7020
- C:\Windows\System\SvECFEd.exe
  C:\Windows\System\SvECFEd.exe
  2⤵
  PID:7096
- C:\Windows\System\RNrgVzm.exe
  C:\Windows\System\RNrgVzm.exe
  2⤵
  PID:7080
- C:\Windows\System\bvTQOGd.exe
  C:\Windows\System\bvTQOGd.exe
  2⤵
  PID:3036
- C:\Windows\System\RWsGlUU.exe
  C:\Windows\System\RWsGlUU.exe
  2⤵
  PID:7136
- C:\Windows\System\kqumznN.exe
  C:\Windows\System\kqumznN.exe
  2⤵
  PID:6072
- C:\Windows\System\lVWJcbJ.exe
  C:\Windows\System\lVWJcbJ.exe
  2⤵
  PID:3960
- C:\Windows\System\SZwCjrx.exe
  C:\Windows\System\SZwCjrx.exe
  2⤵
  PID:4720
- C:\Windows\System\DvJnGzg.exe
  C:\Windows\System\DvJnGzg.exe
  2⤵
  PID:6196
- C:\Windows\System\XLwfrNm.exe
  C:\Windows\System\XLwfrNm.exe
  2⤵
  PID:5484
- C:\Windows\System\bNSDHNc.exe
  C:\Windows\System\bNSDHNc.exe
  2⤵
  PID:6328
- C:\Windows\System\ZJPVnQv.exe
  C:\Windows\System\ZJPVnQv.exe
  2⤵
  PID:6388
- C:\Windows\System\HGbQrLo.exe
  C:\Windows\System\HGbQrLo.exe
  2⤵
  PID:6456
- C:\Windows\System\vVozxtN.exe
  C:\Windows\System\vVozxtN.exe
  2⤵
  PID:6432
- C:\Windows\System\qTWyreb.exe
  C:\Windows\System\qTWyreb.exe
  2⤵
  PID:6476
- C:\Windows\System\fzJgESH.exe
  C:\Windows\System\fzJgESH.exe
  2⤵
  PID:6740
- C:\Windows\System\modVszL.exe
  C:\Windows\System\modVszL.exe
  2⤵
  PID:5744
- C:\Windows\System\EzXBFGh.exe
  C:\Windows\System\EzXBFGh.exe
  2⤵
  PID:6900
- C:\Windows\System\KtUykDv.exe
  C:\Windows\System\KtUykDv.exe
  2⤵
  PID:6872
- C:\Windows\System\EtJFdBu.exe
  C:\Windows\System\EtJFdBu.exe
  2⤵
  PID:6972
- C:\Windows\System\qFtfGwG.exe
  C:\Windows\System\qFtfGwG.exe
  2⤵
  PID:7016
- C:\Windows\System\QsvSpxi.exe
  C:\Windows\System\QsvSpxi.exe
  2⤵
  PID:5888
- C:\Windows\System\zhsAEiv.exe
  C:\Windows\System\zhsAEiv.exe
  2⤵
  PID:5868
- C:\Windows\System\YPejJLz.exe
  C:\Windows\System\YPejJLz.exe
  2⤵
  PID:5448
- C:\Windows\System\rzZTAZS.exe
  C:\Windows\System\rzZTAZS.exe
  2⤵
  PID:7180
- C:\Windows\System\fLaqogN.exe
  C:\Windows\System\fLaqogN.exe
  2⤵
  PID:7200
- C:\Windows\System\AyaicNl.exe
  C:\Windows\System\AyaicNl.exe
  2⤵
  PID:7220
- C:\Windows\System\vAJgOYK.exe
  C:\Windows\System\vAJgOYK.exe
  2⤵
  PID:7240
- C:\Windows\System\AtarWDN.exe
  C:\Windows\System\AtarWDN.exe
  2⤵
  PID:7256
- C:\Windows\System\tIlJjHb.exe
  C:\Windows\System\tIlJjHb.exe
  2⤵
  PID:7276
- C:\Windows\System\rZBLIXR.exe
  C:\Windows\System\rZBLIXR.exe
  2⤵
  PID:7300
- C:\Windows\System\EXxRjQw.exe
  C:\Windows\System\EXxRjQw.exe
  2⤵
  PID:7316
- C:\Windows\System\OahDZXj.exe
  C:\Windows\System\OahDZXj.exe
  2⤵
  PID:7340
- C:\Windows\System\INYVDpH.exe
  C:\Windows\System\INYVDpH.exe
  2⤵
  PID:7360
- C:\Windows\System\sbKeZBL.exe
  C:\Windows\System\sbKeZBL.exe
  2⤵
  PID:7380
- C:\Windows\System\TONzDOk.exe
  C:\Windows\System\TONzDOk.exe
  2⤵
  PID:7400
- C:\Windows\System\XJERywc.exe
  C:\Windows\System\XJERywc.exe
  2⤵
  PID:7420
- C:\Windows\System\kbPVODA.exe
  C:\Windows\System\kbPVODA.exe
  2⤵
  PID:7440
- C:\Windows\System\jpxSxVE.exe
  C:\Windows\System\jpxSxVE.exe
  2⤵
  PID:7460
- C:\Windows\System\sfzaHxy.exe
  C:\Windows\System\sfzaHxy.exe
  2⤵
  PID:7480
- C:\Windows\System\BqXuMct.exe
  C:\Windows\System\BqXuMct.exe
  2⤵
  PID:7500
- C:\Windows\System\QlhqpUJ.exe
  C:\Windows\System\QlhqpUJ.exe
  2⤵
  PID:7520
- C:\Windows\System\xyPsKwP.exe
  C:\Windows\System\xyPsKwP.exe
  2⤵
  PID:7540
- C:\Windows\System\mdBIyBk.exe
  C:\Windows\System\mdBIyBk.exe
  2⤵
  PID:7560
- C:\Windows\System\yakURaC.exe
  C:\Windows\System\yakURaC.exe
  2⤵
  PID:7580
- C:\Windows\System\uEFSyJN.exe
  C:\Windows\System\uEFSyJN.exe
  2⤵
  PID:7608
- C:\Windows\System\HlaPVtG.exe
  C:\Windows\System\HlaPVtG.exe
  2⤵
  PID:7628
- C:\Windows\System\YgNwmbJ.exe
  C:\Windows\System\YgNwmbJ.exe
  2⤵
  PID:7644
- C:\Windows\System\FKVkJDL.exe
  C:\Windows\System\FKVkJDL.exe
  2⤵
  PID:7660
- C:\Windows\System\obcebkS.exe
  C:\Windows\System\obcebkS.exe
  2⤵
  PID:7684
- C:\Windows\System\EaathwD.exe
  C:\Windows\System\EaathwD.exe
  2⤵
  PID:7700
- C:\Windows\System\ONCMbTQ.exe
  C:\Windows\System\ONCMbTQ.exe
  2⤵
  PID:7724
- C:\Windows\System\yGugcGH.exe
  C:\Windows\System\yGugcGH.exe
  2⤵
  PID:7748
- C:\Windows\System\JGzDnvR.exe
  C:\Windows\System\JGzDnvR.exe
  2⤵
  PID:7764
- C:\Windows\System\hvLtUDL.exe
  C:\Windows\System\hvLtUDL.exe
  2⤵
  PID:7780
- C:\Windows\System\mZSbent.exe
  C:\Windows\System\mZSbent.exe
  2⤵
  PID:7800
- C:\Windows\System\VzpIVdN.exe
  C:\Windows\System\VzpIVdN.exe
  2⤵
  PID:7824
- C:\Windows\System\kelcRUO.exe
  C:\Windows\System\kelcRUO.exe
  2⤵
  PID:7840
- C:\Windows\System\IGALPwm.exe
  C:\Windows\System\IGALPwm.exe
  2⤵
  PID:7856
- C:\Windows\System\MWEfUxN.exe
  C:\Windows\System\MWEfUxN.exe
  2⤵
  PID:7884
- C:\Windows\System\riGUnSy.exe
  C:\Windows\System\riGUnSy.exe
  2⤵
  PID:7904
- C:\Windows\System\zLfyVuw.exe
  C:\Windows\System\zLfyVuw.exe
  2⤵
  PID:7920
- C:\Windows\System\GNZgzyU.exe
  C:\Windows\System\GNZgzyU.exe
  2⤵
  PID:7936
- C:\Windows\System\FbmbuQl.exe
  C:\Windows\System\FbmbuQl.exe
  2⤵
  PID:7960
- C:\Windows\System\GTDDeEx.exe
  C:\Windows\System\GTDDeEx.exe
  2⤵
  PID:7980
- C:\Windows\System\hjiTsTu.exe
  C:\Windows\System\hjiTsTu.exe
  2⤵
  PID:8000
- C:\Windows\System\stUvXkX.exe
  C:\Windows\System\stUvXkX.exe
  2⤵
  PID:8020
- C:\Windows\System\kdlvZQi.exe
  C:\Windows\System\kdlvZQi.exe
  2⤵
  PID:8040
- C:\Windows\System\CnaEWJE.exe
  C:\Windows\System\CnaEWJE.exe
  2⤵
  PID:8060
- C:\Windows\System\cxerKDe.exe
  C:\Windows\System\cxerKDe.exe
  2⤵
  PID:8080
- C:\Windows\System\xpYTbEA.exe
  C:\Windows\System\xpYTbEA.exe
  2⤵
  PID:8100
- C:\Windows\System\GJJuGvj.exe
  C:\Windows\System\GJJuGvj.exe
  2⤵
  PID:8120
- C:\Windows\System\xQWHunT.exe
  C:\Windows\System\xQWHunT.exe
  2⤵
  PID:8148
- C:\Windows\System\eYtJAau.exe
  C:\Windows\System\eYtJAau.exe
  2⤵
  PID:8168
- C:\Windows\System\XYWHdLc.exe
  C:\Windows\System\XYWHdLc.exe
  2⤵
  PID:8188
- C:\Windows\System\FHiIQjO.exe
  C:\Windows\System\FHiIQjO.exe
  2⤵
  PID:2628
- C:\Windows\System\zOhndAt.exe
  C:\Windows\System\zOhndAt.exe
  2⤵
  PID:6412
- C:\Windows\System\lnKcMQS.exe
  C:\Windows\System\lnKcMQS.exe
  2⤵
  PID:5160
- C:\Windows\System\nJcLaKO.exe
  C:\Windows\System\nJcLaKO.exe
  2⤵
  PID:6556
- C:\Windows\System\abSqwMp.exe
  C:\Windows\System\abSqwMp.exe
  2⤵
  PID:6672
- C:\Windows\System\dHCLLit.exe
  C:\Windows\System\dHCLLit.exe
  2⤵
  PID:6896
- C:\Windows\System\wYjzuUd.exe
  C:\Windows\System\wYjzuUd.exe
  2⤵
  PID:2908
- C:\Windows\System\FjoafpX.exe
  C:\Windows\System\FjoafpX.exe
  2⤵
  PID:6772
- C:\Windows\System\TkuXwXn.exe
  C:\Windows\System\TkuXwXn.exe
  2⤵
  PID:7052
- C:\Windows\System\irHJOsP.exe
  C:\Windows\System\irHJOsP.exe
  2⤵
  PID:7156
- C:\Windows\System\YdTQUkp.exe
  C:\Windows\System\YdTQUkp.exe
  2⤵
  PID:7208
- C:\Windows\System\KDqdbQb.exe
  C:\Windows\System\KDqdbQb.exe
  2⤵
  PID:5208
- C:\Windows\System\QoAoAfS.exe
  C:\Windows\System\QoAoAfS.exe
  2⤵
  PID:7248
- C:\Windows\System\lcIvcDG.exe
  C:\Windows\System\lcIvcDG.exe
  2⤵
  PID:7296
- C:\Windows\System\lnRomqj.exe
  C:\Windows\System\lnRomqj.exe
  2⤵
  PID:7332
- C:\Windows\System\oHrneOG.exe
  C:\Windows\System\oHrneOG.exe
  2⤵
  PID:7312
- C:\Windows\System\CQsSeUm.exe
  C:\Windows\System\CQsSeUm.exe
  2⤵
  PID:7408
- C:\Windows\System\vmRbdVe.exe
  C:\Windows\System\vmRbdVe.exe
  2⤵
  PID:7352
- C:\Windows\System\aJvihFk.exe
  C:\Windows\System\aJvihFk.exe
  2⤵
  PID:7392
- C:\Windows\System\fpvqzYJ.exe
  C:\Windows\System\fpvqzYJ.exe
  2⤵
  PID:7436
- C:\Windows\System\ManZQOo.exe
  C:\Windows\System\ManZQOo.exe
  2⤵
  PID:7472
- C:\Windows\System\CWYSido.exe
  C:\Windows\System\CWYSido.exe
  2⤵
  PID:7572
- C:\Windows\System\boVufcY.exe
  C:\Windows\System\boVufcY.exe
  2⤵
  PID:7656
- C:\Windows\System\ytGbHRn.exe
  C:\Windows\System\ytGbHRn.exe
  2⤵
  PID:7556
- C:\Windows\System\KJnsqBv.exe
  C:\Windows\System\KJnsqBv.exe
  2⤵
  PID:2924
- C:\Windows\System\rYwGDkn.exe
  C:\Windows\System\rYwGDkn.exe
  2⤵
  PID:7744
- C:\Windows\System\NabLDoX.exe
  C:\Windows\System\NabLDoX.exe
  2⤵
  PID:7808
- C:\Windows\System\XYtsyKy.exe
  C:\Windows\System\XYtsyKy.exe
  2⤵
  PID:7668
- C:\Windows\System\mjMyMjB.exe
  C:\Windows\System\mjMyMjB.exe
  2⤵
  PID:7848
- C:\Windows\System\RNJcjix.exe
  C:\Windows\System\RNJcjix.exe
  2⤵
  PID:7896
- C:\Windows\System\lvrdmzO.exe
  C:\Windows\System\lvrdmzO.exe
  2⤵
  PID:7760
- C:\Windows\System\zhjwiHv.exe
  C:\Windows\System\zhjwiHv.exe
  2⤵
  PID:7932
- C:\Windows\System\mlDLYsH.exe
  C:\Windows\System\mlDLYsH.exe
  2⤵
  PID:8008
- C:\Windows\System\zyOHZRw.exe
  C:\Windows\System\zyOHZRw.exe
  2⤵
  PID:7876
- C:\Windows\System\ATVaxbg.exe
  C:\Windows\System\ATVaxbg.exe
  2⤵
  PID:7912
- C:\Windows\System\PYyCTMn.exe
  C:\Windows\System\PYyCTMn.exe
  2⤵
  PID:2132
- C:\Windows\System\enAJuQu.exe
  C:\Windows\System\enAJuQu.exe
  2⤵
  PID:7956
- C:\Windows\System\cUwSOCx.exe
  C:\Windows\System\cUwSOCx.exe
  2⤵
  PID:8092
- C:\Windows\System\gHkchaG.exe
  C:\Windows\System\gHkchaG.exe
  2⤵
  PID:8140
- C:\Windows\System\OWPtBlt.exe
  C:\Windows\System\OWPtBlt.exe
  2⤵
  PID:8028
- C:\Windows\System\LFjTwrv.exe
  C:\Windows\System\LFjTwrv.exe
  2⤵
  PID:8116
- C:\Windows\System\tltkkpb.exe
  C:\Windows\System\tltkkpb.exe
  2⤵
  PID:8164
- C:\Windows\System\GbAqYMp.exe
  C:\Windows\System\GbAqYMp.exe
  2⤵
  PID:6172
- C:\Windows\System\ZhNudtS.exe
  C:\Windows\System\ZhNudtS.exe
  2⤵
  PID:6472
- C:\Windows\System\HiYkzLy.exe
  C:\Windows\System\HiYkzLy.exe
  2⤵
  PID:6692
- C:\Windows\System\CuJGpUP.exe
  C:\Windows\System\CuJGpUP.exe
  2⤵
  PID:2668
- C:\Windows\System\KXQvqhJ.exe
  C:\Windows\System\KXQvqhJ.exe
  2⤵
  PID:6840
- C:\Windows\System\iTlEjjg.exe
  C:\Windows\System\iTlEjjg.exe
  2⤵
  PID:6988
- C:\Windows\System\HlShRJV.exe
  C:\Windows\System\HlShRJV.exe
  2⤵
  PID:6028
- C:\Windows\System\EnxQToF.exe
  C:\Windows\System\EnxQToF.exe
  2⤵
  PID:7172
- C:\Windows\System\TCHmsTT.exe
  C:\Windows\System\TCHmsTT.exe
  2⤵
  PID:7308
- C:\Windows\System\YOzwsBd.exe
  C:\Windows\System\YOzwsBd.exe
  2⤵
  PID:7412
- C:\Windows\System\gUnuPhX.exe
  C:\Windows\System\gUnuPhX.exe
  2⤵
  PID:7452
- C:\Windows\System\LmlKMtG.exe
  C:\Windows\System\LmlKMtG.exe
  2⤵
  PID:7492
- C:\Windows\System\ElvjNqG.exe
  C:\Windows\System\ElvjNqG.exe
  2⤵
  PID:7528
- C:\Windows\System\FdWTlMC.exe
  C:\Windows\System\FdWTlMC.exe
  2⤵
  PID:7512
- C:\Windows\System\yNUSkmn.exe
  C:\Windows\System\yNUSkmn.exe
  2⤵
  PID:7600
- C:\Windows\System\lIEDXZC.exe
  C:\Windows\System\lIEDXZC.exe
  2⤵
  PID:7732
- C:\Windows\System\DxVWFeO.exe
  C:\Windows\System\DxVWFeO.exe
  2⤵
  PID:7820
- C:\Windows\System\GjMEiZu.exe
  C:\Windows\System\GjMEiZu.exe
  2⤵
  PID:7676
- C:\Windows\System\INrnxVP.exe
  C:\Windows\System\INrnxVP.exe
  2⤵
  PID:4052
- C:\Windows\System\AEFDEyh.exe
  C:\Windows\System\AEFDEyh.exe
  2⤵
  PID:7796
- C:\Windows\System\JOrqwDx.exe
  C:\Windows\System\JOrqwDx.exe
  2⤵
  PID:7872
- C:\Windows\System\SECoofB.exe
  C:\Windows\System\SECoofB.exe
  2⤵
  PID:8012
- C:\Windows\System\ySvHftk.exe
  C:\Windows\System\ySvHftk.exe
  2⤵
  PID:7948
- C:\Windows\System\CSCrkEf.exe
  C:\Windows\System\CSCrkEf.exe
  2⤵
  PID:8032
- C:\Windows\System\GQgmHpY.exe
  C:\Windows\System\GQgmHpY.exe
  2⤵
  PID:8176
- C:\Windows\System\KqIPIPh.exe
  C:\Windows\System\KqIPIPh.exe
  2⤵
  PID:8072
- C:\Windows\System\fYnFgfY.exe
  C:\Windows\System\fYnFgfY.exe
  2⤵
  PID:6348
- C:\Windows\System\gkUptMX.exe
  C:\Windows\System\gkUptMX.exe
  2⤵
  PID:7132
- C:\Windows\System\oOGIhPQ.exe
  C:\Windows\System\oOGIhPQ.exe
  2⤵
  PID:1956
- C:\Windows\System\ThzordN.exe
  C:\Windows\System\ThzordN.exe
  2⤵
  PID:2816
- C:\Windows\System\vpdXMNU.exe
  C:\Windows\System\vpdXMNU.exe
  2⤵
  PID:908
- C:\Windows\System\oUYoqil.exe
  C:\Windows\System\oUYoqil.exe
  2⤵
  PID:1972
- C:\Windows\System\vRoYjOt.exe
  C:\Windows\System\vRoYjOt.exe
  2⤵
  PID:7176
- C:\Windows\System\yMKIViu.exe
  C:\Windows\System\yMKIViu.exe
  2⤵
  PID:7264
- C:\Windows\System\OiajIAX.exe
  C:\Windows\System\OiajIAX.exe
  2⤵
  PID:400
- C:\Windows\System\vbwmgha.exe
  C:\Windows\System\vbwmgha.exe
  2⤵
  PID:7272
- C:\Windows\System\JFxhCac.exe
  C:\Windows\System\JFxhCac.exe
  2⤵
  PID:2060
- C:\Windows\System\uzjSguh.exe
  C:\Windows\System\uzjSguh.exe
  2⤵
  PID:7532
- C:\Windows\System\xGpjVoF.exe
  C:\Windows\System\xGpjVoF.exe
  2⤵
  PID:7696
- C:\Windows\System\BrbwTsG.exe
  C:\Windows\System\BrbwTsG.exe
  2⤵
  PID:7852
- C:\Windows\System\qjlVMpy.exe
  C:\Windows\System\qjlVMpy.exe
  2⤵
  PID:7776
- C:\Windows\System\PHiPnxw.exe
  C:\Windows\System\PHiPnxw.exe
  2⤵
  PID:7720
- C:\Windows\System\eQBLNeO.exe
  C:\Windows\System\eQBLNeO.exe
  2⤵
  PID:8056
- C:\Windows\System\qfAYVCV.exe
  C:\Windows\System\qfAYVCV.exe
  2⤵
  PID:7952
- C:\Windows\System\fREmGQV.exe
  C:\Windows\System\fREmGQV.exe
  2⤵
  PID:7996
- C:\Windows\System\aDFFasd.exe
  C:\Windows\System\aDFFasd.exe
  2⤵
  PID:8112
- C:\Windows\System\SpTpDVl.exe
  C:\Windows\System\SpTpDVl.exe
  2⤵
  PID:6336
- C:\Windows\System\hTnPdHo.exe
  C:\Windows\System\hTnPdHo.exe
  2⤵
  PID:7160
- C:\Windows\System\eKGqBMb.exe
  C:\Windows\System\eKGqBMb.exe
  2⤵
  PID:2852
- C:\Windows\System\oJIEuPE.exe
  C:\Windows\System\oJIEuPE.exe
  2⤵
  PID:6016
- C:\Windows\System\WgpIGGd.exe
  C:\Windows\System\WgpIGGd.exe
  2⤵
  PID:7268
- C:\Windows\System\KRBBpIS.exe
  C:\Windows\System\KRBBpIS.exe
  2⤵
  PID:2676
- C:\Windows\System\qLKTdOP.exe
  C:\Windows\System\qLKTdOP.exe
  2⤵
  PID:7192
- C:\Windows\System\PcyaDYm.exe
  C:\Windows\System\PcyaDYm.exe
  2⤵
  PID:7456
- C:\Windows\System\fkyVBbV.exe
  C:\Windows\System\fkyVBbV.exe
  2⤵
  PID:7892
- C:\Windows\System\nObbOKG.exe
  C:\Windows\System\nObbOKG.exe
  2⤵
  PID:7712
- C:\Windows\System\ADVXhwZ.exe
  C:\Windows\System\ADVXhwZ.exe
  2⤵
  PID:7868
- C:\Windows\System\QamfBfA.exe
  C:\Windows\System\QamfBfA.exe
  2⤵
  PID:7972
- C:\Windows\System\jCqfWfI.exe
  C:\Windows\System\jCqfWfI.exe
  2⤵
  PID:8096
- C:\Windows\System\QoFfJAb.exe
  C:\Windows\System\QoFfJAb.exe
  2⤵
  PID:2656
- C:\Windows\System\VBJkKxN.exe
  C:\Windows\System\VBJkKxN.exe
  2⤵
  PID:1732
- C:\Windows\System\XCERNIl.exe
  C:\Windows\System\XCERNIl.exe
  2⤵
  PID:2076
- C:\Windows\System\JITyorB.exe
  C:\Windows\System\JITyorB.exe
  2⤵
  PID:3032
- C:\Windows\System\SkFuETU.exe
  C:\Windows\System\SkFuETU.exe
  2⤵
  PID:2084
- C:\Windows\System\WkcyOXK.exe
  C:\Windows\System\WkcyOXK.exe
  2⤵
  PID:940
- C:\Windows\System\dwvhkgV.exe
  C:\Windows\System\dwvhkgV.exe
  2⤵
  PID:2928
- C:\Windows\System\eAOXRqv.exe
  C:\Windows\System\eAOXRqv.exe
  2⤵
  PID:2232
- C:\Windows\System\fuFLEgF.exe
  C:\Windows\System\fuFLEgF.exe
  2⤵
  PID:1356
- C:\Windows\System\Hextizc.exe
  C:\Windows\System\Hextizc.exe
  2⤵
  PID:7356
- C:\Windows\System\BHBXwQH.exe
  C:\Windows\System\BHBXwQH.exe
  2⤵
  PID:7788
- C:\Windows\System\LqShudg.exe
  C:\Windows\System\LqShudg.exe
  2⤵
  PID:7324
- C:\Windows\System\vVHmAwh.exe
  C:\Windows\System\vVHmAwh.exe
  2⤵
  PID:2620
- C:\Windows\System\eyfnnuE.exe
  C:\Windows\System\eyfnnuE.exe
  2⤵
  PID:6660
- C:\Windows\System\jZjbwkd.exe
  C:\Windows\System\jZjbwkd.exe
  2⤵
  PID:904
- C:\Windows\System\JAXXRtQ.exe
  C:\Windows\System\JAXXRtQ.exe
  2⤵
  PID:2000
- C:\Windows\System\YqYftnn.exe
  C:\Windows\System\YqYftnn.exe
  2⤵
  PID:7548
- C:\Windows\System\oWgrShv.exe
  C:\Windows\System\oWgrShv.exe
  2⤵
  PID:3052
- C:\Windows\System\pBbTRmL.exe
  C:\Windows\System\pBbTRmL.exe
  2⤵
  PID:7740
- C:\Windows\System\EzlkYgb.exe
  C:\Windows\System\EzlkYgb.exe
  2⤵
  PID:3008
- C:\Windows\System\XpdrZLu.exe
  C:\Windows\System\XpdrZLu.exe
  2⤵
  PID:8200
- C:\Windows\System\Fdkhtii.exe
  C:\Windows\System\Fdkhtii.exe
  2⤵
  PID:8220
- C:\Windows\System\DrhIuOU.exe
  C:\Windows\System\DrhIuOU.exe
  2⤵
  PID:8236
- C:\Windows\System\eavdhtg.exe
  C:\Windows\System\eavdhtg.exe
  2⤵
  PID:8252
- C:\Windows\System\nVlqKSj.exe
  C:\Windows\System\nVlqKSj.exe
  2⤵
  PID:8276
- C:\Windows\System\NPbyHMs.exe
  C:\Windows\System\NPbyHMs.exe
  2⤵
  PID:8292
- C:\Windows\System\wbxOzFM.exe
  C:\Windows\System\wbxOzFM.exe
  2⤵
  PID:8316
- C:\Windows\System\zbhQRoC.exe
  C:\Windows\System\zbhQRoC.exe
  2⤵
  PID:8344
- C:\Windows\System\rebzrib.exe
  C:\Windows\System\rebzrib.exe
  2⤵
  PID:8364
- C:\Windows\System\yCSpIRs.exe
  C:\Windows\System\yCSpIRs.exe
  2⤵
  PID:8380
- C:\Windows\System\VJpeFoY.exe
  C:\Windows\System\VJpeFoY.exe
  2⤵
  PID:8400
- C:\Windows\System\ztjeRxF.exe
  C:\Windows\System\ztjeRxF.exe
  2⤵
  PID:8420
- C:\Windows\System\sbYpBbF.exe
  C:\Windows\System\sbYpBbF.exe
  2⤵
  PID:8436
- C:\Windows\System\OLOsnFz.exe
  C:\Windows\System\OLOsnFz.exe
  2⤵
  PID:8452
- C:\Windows\System\XwyvDTc.exe
  C:\Windows\System\XwyvDTc.exe
  2⤵
  PID:8472
- C:\Windows\System\HRxbEHA.exe
  C:\Windows\System\HRxbEHA.exe
  2⤵
  PID:8488
- C:\Windows\System\JJyoLDB.exe
  C:\Windows\System\JJyoLDB.exe
  2⤵
  PID:8508
- C:\Windows\System\UGotfun.exe
  C:\Windows\System\UGotfun.exe
  2⤵
  PID:8524
- C:\Windows\System\SOwMhZx.exe
  C:\Windows\System\SOwMhZx.exe
  2⤵
  PID:8596
- C:\Windows\System\zDASIgy.exe
  C:\Windows\System\zDASIgy.exe
  2⤵
  PID:8612
- C:\Windows\System\nlpJebu.exe
  C:\Windows\System\nlpJebu.exe
  2⤵
  PID:8628
- C:\Windows\System\lGqktlN.exe
  C:\Windows\System\lGqktlN.exe
  2⤵
  PID:8644
- C:\Windows\System\nvzhXwa.exe
  C:\Windows\System\nvzhXwa.exe
  2⤵
  PID:8660
- C:\Windows\System\hOYfbYk.exe
  C:\Windows\System\hOYfbYk.exe
  2⤵
  PID:8676
- C:\Windows\System\qcZWXxj.exe
  C:\Windows\System\qcZWXxj.exe
  2⤵
  PID:8692
- C:\Windows\System\UUvckfu.exe
  C:\Windows\System\UUvckfu.exe
  2⤵
  PID:8712
- C:\Windows\System\wnPoTim.exe
  C:\Windows\System\wnPoTim.exe
  2⤵
  PID:8728
- C:\Windows\System\WvnmfBF.exe
  C:\Windows\System\WvnmfBF.exe
  2⤵
  PID:8748
- C:\Windows\System\vPndnkh.exe
  C:\Windows\System\vPndnkh.exe
  2⤵
  PID:8764
- C:\Windows\System\PIsZkLB.exe
  C:\Windows\System\PIsZkLB.exe
  2⤵
  PID:8780
- C:\Windows\System\xOjJGpQ.exe
  C:\Windows\System\xOjJGpQ.exe
  2⤵
  PID:8796
- C:\Windows\System\DsVcTCo.exe
  C:\Windows\System\DsVcTCo.exe
  2⤵
  PID:8812
- C:\Windows\System\nTChbEX.exe
  C:\Windows\System\nTChbEX.exe
  2⤵
  PID:8828
- C:\Windows\System\smFWndQ.exe
  C:\Windows\System\smFWndQ.exe
  2⤵
  PID:8844
- C:\Windows\System\CgfcgEy.exe
  C:\Windows\System\CgfcgEy.exe
  2⤵
  PID:8860
- C:\Windows\System\IAeLozD.exe
  C:\Windows\System\IAeLozD.exe
  2⤵
  PID:8876
- C:\Windows\System\Usitaep.exe
  C:\Windows\System\Usitaep.exe
  2⤵
  PID:8892
- C:\Windows\System\VoDpOBs.exe
  C:\Windows\System\VoDpOBs.exe
  2⤵
  PID:8912
- C:\Windows\System\tkhgYvR.exe
  C:\Windows\System\tkhgYvR.exe
  2⤵
  PID:8928
- C:\Windows\System\YMfCEKT.exe
  C:\Windows\System\YMfCEKT.exe
  2⤵
  PID:8944
- C:\Windows\System\JubovlL.exe
  C:\Windows\System\JubovlL.exe
  2⤵
  PID:8960
- C:\Windows\System\DGENmaQ.exe
  C:\Windows\System\DGENmaQ.exe
  2⤵
  PID:8976
- C:\Windows\System\NmdXZqE.exe
  C:\Windows\System\NmdXZqE.exe
  2⤵
  PID:8992
- C:\Windows\System\uRwGzMP.exe
  C:\Windows\System\uRwGzMP.exe
  2⤵
  PID:9008
- C:\Windows\System\suTrWPA.exe
  C:\Windows\System\suTrWPA.exe
  2⤵
  PID:9024
- C:\Windows\System\XFEUZLg.exe
  C:\Windows\System\XFEUZLg.exe
  2⤵
  PID:9040
- C:\Windows\System\HOVzKqb.exe
  C:\Windows\System\HOVzKqb.exe
  2⤵
  PID:9108
- C:\Windows\System\MAYvHjf.exe
  C:\Windows\System\MAYvHjf.exe
  2⤵
  PID:9200
- C:\Windows\System\KMQsWSH.exe
  C:\Windows\System\KMQsWSH.exe
  2⤵
  PID:1588
- C:\Windows\System\dpLbUcF.exe
  C:\Windows\System\dpLbUcF.exe
  2⤵
  PID:7992
- C:\Windows\System\pKMAhao.exe
  C:\Windows\System\pKMAhao.exe
  2⤵
  PID:8212
- C:\Windows\System\lBkrcrv.exe
  C:\Windows\System\lBkrcrv.exe
  2⤵
  PID:1656
- C:\Windows\System\IkwbRsv.exe
  C:\Windows\System\IkwbRsv.exe
  2⤵
  PID:2508
- C:\Windows\System\GDUjQIr.exe
  C:\Windows\System\GDUjQIr.exe
  2⤵
  PID:8336
- C:\Windows\System\AsdPWWR.exe
  C:\Windows\System\AsdPWWR.exe
  2⤵
  PID:8408
- C:\Windows\System\YRvplRG.exe
  C:\Windows\System\YRvplRG.exe
  2⤵
  PID:8516
- C:\Windows\System\RiAUarv.exe
  C:\Windows\System\RiAUarv.exe
  2⤵
  PID:2824
- C:\Windows\System\UymJPbb.exe
  C:\Windows\System\UymJPbb.exe
  2⤵
  PID:8300
- C:\Windows\System\ayJBPja.exe
  C:\Windows\System\ayJBPja.exe
  2⤵
  PID:2592
- C:\Windows\System\Bdnscyq.exe
  C:\Windows\System\Bdnscyq.exe
  2⤵
  PID:8308
- C:\Windows\System\JJZQMxL.exe
  C:\Windows\System\JJZQMxL.exe
  2⤵
  PID:8544
- C:\Windows\System\ZQwtVFn.exe
  C:\Windows\System\ZQwtVFn.exe
  2⤵
  PID:8356
- C:\Windows\System\ftzZxxR.exe
  C:\Windows\System\ftzZxxR.exe
  2⤵
  PID:8392
- C:\Windows\System\vfPNEir.exe
  C:\Windows\System\vfPNEir.exe
  2⤵
  PID:8576
- C:\Windows\System\snmYHnL.exe
  C:\Windows\System\snmYHnL.exe
  2⤵
  PID:8504
- C:\Windows\System\dRLimdt.exe
  C:\Windows\System\dRLimdt.exe
  2⤵
  PID:8552
- C:\Windows\System\JdfkqIm.exe
  C:\Windows\System\JdfkqIm.exe
  2⤵
  PID:8608
- C:\Windows\System\uDgUegX.exe
  C:\Windows\System\uDgUegX.exe
  2⤵
  PID:8572
- C:\Windows\System\XhPUGmh.exe
  C:\Windows\System\XhPUGmh.exe
  2⤵
  PID:8824
- C:\Windows\System\JudxYZn.exe
  C:\Windows\System\JudxYZn.exe
  2⤵
  PID:8884
- C:\Windows\System\YLIhSlN.exe
  C:\Windows\System\YLIhSlN.exe
  2⤵
  PID:8852
- C:\Windows\System\ITxhtjA.exe
  C:\Windows\System\ITxhtjA.exe
  2⤵
  PID:8872
- C:\Windows\System\yWUtjys.exe
  C:\Windows\System\yWUtjys.exe
  2⤵
  PID:8952
- C:\Windows\System\ccbOxnR.exe
  C:\Windows\System\ccbOxnR.exe
  2⤵
  PID:9016
- C:\Windows\System\EBYERxu.exe
  C:\Windows\System\EBYERxu.exe
  2⤵
  PID:8936
- C:\Windows\System\tuqQOpT.exe
  C:\Windows\System\tuqQOpT.exe
  2⤵
  PID:8920
- C:\Windows\System\txVRQSS.exe
  C:\Windows\System\txVRQSS.exe
  2⤵
  PID:9052
- C:\Windows\System\caAYYYK.exe
  C:\Windows\System\caAYYYK.exe
  2⤵
  PID:9068
- C:\Windows\System\fCkvwPM.exe
  C:\Windows\System\fCkvwPM.exe
  2⤵
  PID:9096
- C:\Windows\System\MeXOKRw.exe
  C:\Windows\System\MeXOKRw.exe
  2⤵
  PID:9132
- C:\Windows\System\oPSuFVr.exe
  C:\Windows\System\oPSuFVr.exe
  2⤵
  PID:9152
- C:\Windows\System\MvDnkZr.exe
  C:\Windows\System\MvDnkZr.exe
  2⤵
  PID:9160
- C:\Windows\System\HjLaczf.exe
  C:\Windows\System\HjLaczf.exe
  2⤵
  PID:9176
- C:\Windows\System\jxdjhSa.exe
  C:\Windows\System\jxdjhSa.exe
  2⤵
  PID:9192
- C:\Windows\System\jIlfaBm.exe
  C:\Windows\System\jIlfaBm.exe
  2⤵
  PID:2184
- C:\Windows\System\ywZPbcy.exe
  C:\Windows\System\ywZPbcy.exe
  2⤵
  PID:1152
- C:\Windows\System\DsvmHnY.exe
  C:\Windows\System\DsvmHnY.exe
  2⤵
  PID:8416
- C:\Windows\System\aYUfvsn.exe
  C:\Windows\System\aYUfvsn.exe
  2⤵
  PID:8228
- C:\Windows\System\FymtTJG.exe
  C:\Windows\System\FymtTJG.exe
  2⤵
  PID:8328
- C:\Windows\System\JywpUgI.exe
  C:\Windows\System\JywpUgI.exe
  2⤵
  PID:8264
- C:\Windows\System\SlWsJvo.exe
  C:\Windows\System\SlWsJvo.exe
  2⤵
  PID:8468
- C:\Windows\System\xCRumpq.exe
  C:\Windows\System\xCRumpq.exe
  2⤵
  PID:8548
- C:\Windows\System\RtStUyJ.exe
  C:\Windows\System\RtStUyJ.exe
  2⤵
  PID:8568
- C:\Windows\System\UWSTUvY.exe
  C:\Windows\System\UWSTUvY.exe
  2⤵
  PID:8624
- C:\Windows\System\TUqxqfy.exe
  C:\Windows\System\TUqxqfy.exe
  2⤵
  PID:8700
- C:\Windows\System\UJgbOCx.exe
  C:\Windows\System\UJgbOCx.exe
  2⤵
  PID:8972
- C:\Windows\System\nOpdGTz.exe
  C:\Windows\System\nOpdGTz.exe
  2⤵
  PID:9124
- C:\Windows\System\WijPiZv.exe
  C:\Windows\System\WijPiZv.exe
  2⤵
  PID:8956
- C:\Windows\System\QmdnQxQ.exe
  C:\Windows\System\QmdnQxQ.exe
  2⤵
  PID:9136
- C:\Windows\System\iFWjjDv.exe
  C:\Windows\System\iFWjjDv.exe
  2⤵
  PID:9168
- C:\Windows\System\uJcFFMl.exe
  C:\Windows\System\uJcFFMl.exe
  2⤵
  PID:4568
- C:\Windows\System\DYaWfsh.exe
  C:\Windows\System\DYaWfsh.exe
  2⤵
  PID:7792
- C:\Windows\System\KrUUiEz.exe
  C:\Windows\System\KrUUiEz.exe
  2⤵
  PID:8284
- C:\Windows\System\azGiidI.exe
  C:\Windows\System\azGiidI.exe
  2⤵
  PID:8324
- C:\Windows\System\GGALeGV.exe
  C:\Windows\System\GGALeGV.exe
  2⤵
  PID:8372
- C:\Windows\System\pywwXDM.exe
  C:\Windows\System\pywwXDM.exe
  2⤵
  PID:8620
- C:\Windows\System\nYdHQVU.exe
  C:\Windows\System\nYdHQVU.exe
  2⤵
  PID:8672
- C:\Windows\System\sEZypHA.exe
  C:\Windows\System\sEZypHA.exe
  2⤵
  PID:8720
- C:\Windows\System\FDwqCqh.exe
  C:\Windows\System\FDwqCqh.exe
  2⤵
  PID:8776
- C:\Windows\System\lvpbbCr.exe
  C:\Windows\System\lvpbbCr.exe
  2⤵
  PID:8840
- C:\Windows\System\irBpPVf.exe
  C:\Windows\System\irBpPVf.exe
  2⤵
  PID:9032
- C:\Windows\System\rbLLRkl.exe
  C:\Windows\System\rbLLRkl.exe
  2⤵
  PID:9048
- C:\Windows\System\ZPOQkUI.exe
  C:\Windows\System\ZPOQkUI.exe
  2⤵
  PID:9076
- C:\Windows\System\mqbWHEB.exe
  C:\Windows\System\mqbWHEB.exe
  2⤵
  PID:9184
- C:\Windows\System\KaZJiYa.exe
  C:\Windows\System\KaZJiYa.exe
  2⤵
  PID:8288
- C:\Windows\System\tLBYHyQ.exe
  C:\Windows\System\tLBYHyQ.exe
  2⤵
  PID:8484
- C:\Windows\System\PxALZcU.exe
  C:\Windows\System\PxALZcU.exe
  2⤵
  PID:8304
- C:\Windows\System\xXYfplB.exe
  C:\Windows\System\xXYfplB.exe
  2⤵
  PID:8588
- C:\Windows\System\cIRgofk.exe
  C:\Windows\System\cIRgofk.exe
  2⤵
  PID:8820
- C:\Windows\System\xmbIeth.exe
  C:\Windows\System\xmbIeth.exe
  2⤵
  PID:9224
- C:\Windows\System\uPCUosX.exe
  C:\Windows\System\uPCUosX.exe
  2⤵
  PID:9240
- C:\Windows\System\YFJsjCI.exe
  C:\Windows\System\YFJsjCI.exe
  2⤵
  PID:9256
- C:\Windows\System\OFxHJSu.exe
  C:\Windows\System\OFxHJSu.exe
  2⤵
  PID:9276
- C:\Windows\System\jWiLWuJ.exe
  C:\Windows\System\jWiLWuJ.exe
  2⤵
  PID:9296
- C:\Windows\System\LKbMqfr.exe
  C:\Windows\System\LKbMqfr.exe
  2⤵
  PID:9316
- C:\Windows\System\ilZneJO.exe
  C:\Windows\System\ilZneJO.exe
  2⤵
  PID:9332
- C:\Windows\System\kibwtnR.exe
  C:\Windows\System\kibwtnR.exe
  2⤵
  PID:9348
- C:\Windows\System\OhLFexj.exe
  C:\Windows\System\OhLFexj.exe
  2⤵
  PID:9364
- C:\Windows\System\jpXSGZa.exe
  C:\Windows\System\jpXSGZa.exe
  2⤵
  PID:9384
- C:\Windows\System\sRdLTOp.exe
  C:\Windows\System\sRdLTOp.exe
  2⤵
  PID:9404
- C:\Windows\System\vmcKYJL.exe
  C:\Windows\System\vmcKYJL.exe
  2⤵
  PID:9420
- C:\Windows\System\gbotXlw.exe
  C:\Windows\System\gbotXlw.exe
  2⤵
  PID:9440
- C:\Windows\System\gDelYWe.exe
  C:\Windows\System\gDelYWe.exe
  2⤵
  PID:9456
- C:\Windows\System\rXZznCd.exe
  C:\Windows\System\rXZznCd.exe
  2⤵
  PID:9472
- C:\Windows\System\WWmevIL.exe
  C:\Windows\System\WWmevIL.exe
  2⤵
  PID:9492
- C:\Windows\System\uUDhJOB.exe
  C:\Windows\System\uUDhJOB.exe
  2⤵
  PID:9516
- C:\Windows\System\tvwczIz.exe
  C:\Windows\System\tvwczIz.exe
  2⤵
  PID:9536
- C:\Windows\System\NFQAijs.exe
  C:\Windows\System\NFQAijs.exe
  2⤵
  PID:9556
- C:\Windows\System\QkZtnOk.exe
  C:\Windows\System\QkZtnOk.exe
  2⤵
  PID:9576
- C:\Windows\System\GfFCcQz.exe
  C:\Windows\System\GfFCcQz.exe
  2⤵
  PID:9592
- C:\Windows\System\GoYjacn.exe
  C:\Windows\System\GoYjacn.exe
  2⤵
  PID:9612
- C:\Windows\System\ezbCjOB.exe
  C:\Windows\System\ezbCjOB.exe
  2⤵
  PID:9640
- C:\Windows\System\kQORCiD.exe
  C:\Windows\System\kQORCiD.exe
  2⤵
  PID:9656
- C:\Windows\System\OmPgvDP.exe
  C:\Windows\System\OmPgvDP.exe
  2⤵
  PID:9708
- C:\Windows\System\eRXwXCO.exe
  C:\Windows\System\eRXwXCO.exe
  2⤵
  PID:9724
- C:\Windows\System\uMmytRg.exe
  C:\Windows\System\uMmytRg.exe
  2⤵
  PID:9744
- C:\Windows\System\AmYTqhd.exe
  C:\Windows\System\AmYTqhd.exe
  2⤵
  PID:9764
- C:\Windows\System\VfKgSLU.exe
  C:\Windows\System\VfKgSLU.exe
  2⤵
  PID:9780
- C:\Windows\System\sOCLZDN.exe
  C:\Windows\System\sOCLZDN.exe
  2⤵
  PID:9796
- C:\Windows\System\bJyZPju.exe
  C:\Windows\System\bJyZPju.exe
  2⤵
  PID:9812
- C:\Windows\System\NJWboFs.exe
  C:\Windows\System\NJWboFs.exe
  2⤵
  PID:9832
- C:\Windows\System\YEiBWQd.exe
  C:\Windows\System\YEiBWQd.exe
  2⤵
  PID:9852
- C:\Windows\System\bvLVLrO.exe
  C:\Windows\System\bvLVLrO.exe
  2⤵
  PID:9872
- C:\Windows\System\QUdDEyr.exe
  C:\Windows\System\QUdDEyr.exe
  2⤵
  PID:9888
- C:\Windows\System\QOqfSgy.exe
  C:\Windows\System\QOqfSgy.exe
  2⤵
  PID:9908
- C:\Windows\System\vVinhkA.exe
  C:\Windows\System\vVinhkA.exe
  2⤵
  PID:9924
- C:\Windows\System\UJIJzox.exe
  C:\Windows\System\UJIJzox.exe
  2⤵
  PID:9944
- C:\Windows\System\KNacXec.exe
  C:\Windows\System\KNacXec.exe
  2⤵
  PID:10004
- C:\Windows\System\HegjnUw.exe
  C:\Windows\System\HegjnUw.exe
  2⤵
  PID:10020
- C:\Windows\System\KJFQLmz.exe
  C:\Windows\System\KJFQLmz.exe
  2⤵
  PID:10072
- C:\Windows\System\RaHmVhp.exe
  C:\Windows\System\RaHmVhp.exe
  2⤵
  PID:10092
- C:\Windows\System\SuNeRLE.exe
  C:\Windows\System\SuNeRLE.exe
  2⤵
  PID:10112
- C:\Windows\System\utodcPN.exe
  C:\Windows\System\utodcPN.exe
  2⤵
  PID:10132
- C:\Windows\System\eKuceBR.exe
  C:\Windows\System\eKuceBR.exe
  2⤵
  PID:10152
- C:\Windows\System\BcxzLes.exe
  C:\Windows\System\BcxzLes.exe
  2⤵
  PID:10172
- C:\Windows\System\HbSVCIp.exe
  C:\Windows\System\HbSVCIp.exe
  2⤵
  PID:10196
- C:\Windows\System\CbyVBku.exe
  C:\Windows\System\CbyVBku.exe
  2⤵
  PID:10212
- C:\Windows\System\hTGFOgV.exe
  C:\Windows\System\hTGFOgV.exe
  2⤵
  PID:10232
- C:\Windows\System\irAqIZx.exe
  C:\Windows\System\irAqIZx.exe
  2⤵
  PID:9172
- C:\Windows\System\RKmYRit.exe
  C:\Windows\System\RKmYRit.exe
  2⤵
  PID:8500
- C:\Windows\System\RYKGVhg.exe
  C:\Windows\System\RYKGVhg.exe
  2⤵
  PID:9220
- C:\Windows\System\ArSoMkL.exe
  C:\Windows\System\ArSoMkL.exe
  2⤵
  PID:9328
- C:\Windows\System\TlJslpu.exe
  C:\Windows\System\TlJslpu.exe
  2⤵
  PID:9432
- C:\Windows\System\UPnBQlV.exe
  C:\Windows\System\UPnBQlV.exe
  2⤵
  PID:9468
- C:\Windows\System\HHphhKw.exe
  C:\Windows\System\HHphhKw.exe
  2⤵
  PID:9548
- C:\Windows\System\PzXjhIm.exe
  C:\Windows\System\PzXjhIm.exe
  2⤵
  PID:9624
- C:\Windows\System\qzgdewy.exe
  C:\Windows\System\qzgdewy.exe
  2⤵
  PID:9632
- C:\Windows\System\ezmVPpU.exe
  C:\Windows\System\ezmVPpU.exe
  2⤵
  PID:8744
- C:\Windows\System\oMZClzY.exe
  C:\Windows\System\oMZClzY.exe
  2⤵
  PID:8968
- C:\Windows\System\ZNVPPkD.exe
  C:\Windows\System\ZNVPPkD.exe
  2⤵
  PID:9196
- C:\Windows\System\unKFnER.exe
  C:\Windows\System\unKFnER.exe
  2⤵
  PID:8376
- C:\Windows\System\sdxzVjf.exe
  C:\Windows\System\sdxzVjf.exe
  2⤵
  PID:9236
- C:\Windows\System\IBcPHGk.exe
  C:\Windows\System\IBcPHGk.exe
  2⤵
  PID:9312
- C:\Windows\System\Hhnmilf.exe
  C:\Windows\System\Hhnmilf.exe
  2⤵
  PID:9376
- C:\Windows\System\NBSFjmw.exe
  C:\Windows\System\NBSFjmw.exe
  2⤵
  PID:9416
- C:\Windows\System\PlUtoQy.exe
  C:\Windows\System\PlUtoQy.exe
  2⤵
  PID:9484
- C:\Windows\System\rTKfdFV.exe
  C:\Windows\System\rTKfdFV.exe
  2⤵
  PID:9532
- C:\Windows\System\BgtKKgf.exe
  C:\Windows\System\BgtKKgf.exe
  2⤵
  PID:9608
- C:\Windows\System\mBXrbBr.exe
  C:\Windows\System\mBXrbBr.exe
  2⤵
  PID:9684
- C:\Windows\System\EnDXXAd.exe
  C:\Windows\System\EnDXXAd.exe
  2⤵
  PID:9704
- C:\Windows\System\civwenL.exe
  C:\Windows\System\civwenL.exe
  2⤵
  PID:9736
- C:\Windows\System\ipdxHrq.exe
  C:\Windows\System\ipdxHrq.exe
  2⤵
  PID:9804
- C:\Windows\System\FnrZuBv.exe
  C:\Windows\System\FnrZuBv.exe
  2⤵
  PID:9848
- C:\Windows\System\VZfWVpS.exe
  C:\Windows\System\VZfWVpS.exe
  2⤵
  PID:9920
- C:\Windows\System\OoWQsnI.exe
  C:\Windows\System\OoWQsnI.exe
  2⤵
  PID:9980
- C:\Windows\System\xgQmxXC.exe
  C:\Windows\System\xgQmxXC.exe
  2⤵
  PID:9996
- C:\Windows\System\BPXdVTS.exe
  C:\Windows\System\BPXdVTS.exe
  2⤵
  PID:9960
- C:\Windows\System\MqmJWIH.exe
  C:\Windows\System\MqmJWIH.exe
  2⤵
  PID:10032
- C:\Windows\System\DyoLcEr.exe
  C:\Windows\System\DyoLcEr.exe
  2⤵
  PID:9860
- C:\Windows\System\NAyMCVu.exe
  C:\Windows\System\NAyMCVu.exe
  2⤵
  PID:9716
- C:\Windows\System\iDYkAhz.exe
  C:\Windows\System\iDYkAhz.exe
  2⤵
  PID:9932
- C:\Windows\System\VjVGkVo.exe
  C:\Windows\System\VjVGkVo.exe
  2⤵
  PID:9792
- C:\Windows\System\tpohHUp.exe
  C:\Windows\System\tpohHUp.exe
  2⤵
  PID:10012
- C:\Windows\System\esAmrUV.exe
  C:\Windows\System\esAmrUV.exe
  2⤵
  PID:10068
- C:\Windows\System\MyYtCnb.exe
  C:\Windows\System\MyYtCnb.exe
  2⤵
  PID:10124
- C:\Windows\System\dacLRpX.exe
  C:\Windows\System\dacLRpX.exe
  2⤵
  PID:10180
- C:\Windows\System\ZbwzIuq.exe
  C:\Windows\System\ZbwzIuq.exe
  2⤵
  PID:10148
- C:\Windows\System\IogBuWm.exe
  C:\Windows\System\IogBuWm.exe
  2⤵
  PID:10208
- C:\Windows\System\SzTkCFr.exe
  C:\Windows\System\SzTkCFr.exe
  2⤵
  PID:10220
- C:\Windows\System\MKRiTsb.exe
  C:\Windows\System\MKRiTsb.exe
  2⤵
  PID:9292
- C:\Windows\System\aHiHaUr.exe
  C:\Windows\System\aHiHaUr.exe
  2⤵
  PID:8388
- C:\Windows\System\ChHfEFA.exe
  C:\Windows\System\ChHfEFA.exe
  2⤵
  PID:9360
- C:\Windows\System\VtkLfJf.exe
  C:\Windows\System\VtkLfJf.exe
  2⤵
  PID:9428
- C:\Windows\System\VnZDCHK.exe
  C:\Windows\System\VnZDCHK.exe
  2⤵
  PID:9588
- C:\Windows\System\iuRiRBB.exe
  C:\Windows\System\iuRiRBB.exe
  2⤵
  PID:9636
- C:\Windows\System\iiWbrEX.exe
  C:\Windows\System\iiWbrEX.exe
  2⤵
  PID:9264
- C:\Windows\System\YdYrQPs.exe
  C:\Windows\System\YdYrQPs.exe
  2⤵
  PID:8788
- C:\Windows\System\veFqKLI.exe
  C:\Windows\System\veFqKLI.exe
  2⤵
  PID:9600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ABrjkQc.exe

Filesize
6.0MB

MD5
eefac3af6a34bd611c83b200e62ffff3

SHA1
f93950bb90f2a52d02a74faa57f21ae8fdd73f3c

SHA256
b214d3fa2ff949522b4f724c6a2e40ecbf9d95e380da80180c0ada8050056e51

SHA512
f382a704c19047a3a5ff1c20e3457fa60659cfdd52adc10351d6ad5114789599b0d4aa53472addb23fe94ce67f9c4b4d68547fbdbd2e0c91372d441563fb4c61

Download Submit
C:\Windows\system\BepEQpU.exe

Filesize
6.0MB

MD5
18344d56c2acf0697322108621d73b04

SHA1
671f4d65dc5b9603e342be17fe89b1eead4b37ea

SHA256
29879acbbe1990c38f53f6e1e3658321b93569d318a685818918c17ae2a4952e

SHA512
0a3c0c18f1e34f90b7823bb362ad83050cb3efbae0c1d0a05b889dc614a910d1a0c34cade1f2a6875956756432455aee88f2c730ab7d0d1defa8bc3a2946bc53

Download Submit
C:\Windows\system\DEprJsX.exe

Filesize
6.0MB

MD5
7e17ec0852e74c2cb7ee02543dac210a

SHA1
849a1e9e1da939f2d66f2d647672a75e4d40c49c

SHA256
d3112de6b28e11b74f4caed7210e35518c75d9c6e6f691fd9b8e55cc1e84f849

SHA512
2c9ac6005b239f4102f5e9fd6061105f179fb09bc6da2a2c19b594e27d822d80c81341b32f438fb1707f319d9c9a74ff70caa8f2ce35885ced851169a04eaf82

Download Submit
C:\Windows\system\DvQwWNU.exe

Filesize
6.0MB

MD5
4194b6d241d59422a8c0713f4f3ec475

SHA1
7fead3e3628437d8bffefa6ddef1cbe2d0373187

SHA256
f4940faaa7330e6f9d7e386ab25848f22446b4719261b5eca906f54b592be224

SHA512
b8b2c39d155d4018d9793d95dc11b2a584abbb917e5f616b32a8915323928d710843e89e8a7e9197cc0196b4303e40fa015d0193b1e8aa5976576d9d0fbc2c00

Download Submit
C:\Windows\system\HHUyTsu.exe

Filesize
6.0MB

MD5
a3ab90d792c13fbc912d909ad265c5e2

SHA1
98b98aba7d4d40430cce1746d99ce9330fb47572

SHA256
2b55a1ddaf623fc4cb1d21676f5d53b68f1683124e7e5269ada4f7f2a55c668d

SHA512
559e8ce3300c718737e77b9e2f76223687a4ac8e090f5d464ec9e6d90778ea1078923c889546c466c44c0bb0631fe5bc3857511740de6fb920a5da66e938fc0c

Download Submit
C:\Windows\system\HgDmsbi.exe

Filesize
6.0MB

MD5
00e7d82a2e2fad0e8fb0caaafb7320a9

SHA1
4e37c3746d680468dc8b401db98ca582ceaa6e09

SHA256
e7b95718763990b83bbb810ab483afdf8ad05b7fbe849cf279182c185a38e904

SHA512
a7dddb5c3ebf83cef1025b6a3cb2b1d119d339374735962903d75b84a77c8d3f77fedd0163ac1ac6f5357201fec00106cf5f7e6aa6243d5bc611638e3b927684

Download Submit
C:\Windows\system\KYJDnpG.exe

Filesize
6.0MB

MD5
e75f90d33547e9e11a31bc87ed79c779

SHA1
fd1c46169ce281d1fb635278cb70cac76516f38d

SHA256
1cb3298db8e69e4cefdba6861c978490850728f07e3be100c7561ff9d464fa7b

SHA512
0924a54f42325f064502f04dae6a7db3c2185301d5a47f796bfe5da6f17026c9c2adb70dac00dfb063bc4c9eacc5bc2903a111c2867e9016768d020bf8b52652

Download Submit
C:\Windows\system\MYPTvma.exe

Filesize
6.0MB

MD5
fe163255ffb24e959346947f3677a8fc

SHA1
6ab2960776836320d6642f9cc284a9e7f9578618

SHA256
b6474048f5ffdecc987eacaf301b69a1a37648d8efcb32c2c7b2af1d7ddb5b51

SHA512
5d251faa4e81b8f8a6196dfc595e17f99fddd105e048dca213bdd8eeeeeb5e8feadacaa46a52d97f3d892969b40681cb85dae867c0b570e54d6b05a1c148c1fc

Download Submit
C:\Windows\system\MlPZUyg.exe

Filesize
6.0MB

MD5
e5ff8dfcc9434d398bfa6b9d1798518b

SHA1
2160bf909988ab7ee85250e091808655358a7009

SHA256
f8e2e69584d1f32c02e42167a71ffad33945838ab5c26fe1d3b3cc2e0d74365d

SHA512
f3d8acd05db3a05574cf41f0ef84e218d48d1c97a304e9aec3b91518026af06290111959e24777331badfe2e2444fc2c305cce670c68e21b7c4ca3cbdf7473af

Download Submit
C:\Windows\system\OgOrgHK.exe

Filesize
6.0MB

MD5
8a2c5bd2e3c0063d035c37c280be9da3

SHA1
84eeed394a3f3ecc13b6dbd7fd5e55b3bc87f8cd

SHA256
4d39c35c6603c7d3789b704994209f2e1a97ac1502986dd06988a6c9c5250dff

SHA512
09dd003bedee182d991f4558a09790dd3fb09b9e6532a4e5157541c9fc4bcf341ad223058067c1928d46ec328664949e82f731d9b2e325b3081c5b654b4d2fba

Download Submit
C:\Windows\system\UBHJWmD.exe

Filesize
6.0MB

MD5
9b66583ef07725c896562b9edc06ff73

SHA1
66e351b444fe43d7bb326a6c4b89bbd03065daa3

SHA256
0bd2ba3feef40b903c56c80eebb751297b81a92bc31e292a31d2d37fd2f5d835

SHA512
f1cbca7d25c38ef2423ad276dab71656b6211bc22c98e0bc690c9ba13a0782f57dfeeb9663f52b577a30c1f22cf6a470af65841d5a1b834a8f818b4501669ad8

Download Submit
C:\Windows\system\UGaDauJ.exe

Filesize
6.0MB

MD5
1280f7c9d11c217a530e511432126d89

SHA1
d2bbcabced3bfa666592dc4cf3a42e8550f933fe

SHA256
829b4920afed7914bef1b331860bc2eca835a37ff01e5655b73898894e302e93

SHA512
921b2f8e985b17891f6699b39fa9757df08aebecc57d017942318f95170620ecdc900b9fd6eb7721c7d513a0d9eb2c0128a0206f2b3214955a3a149f00b7dc0f

Download Submit
C:\Windows\system\WqjVUqm.exe

Filesize
6.0MB

MD5
d6122aeb36ce4ffed73227c5a6727c93

SHA1
90e35272c6a7061663054ffa991b58d1e5102adc

SHA256
d1fa0d97f1a124cb94e8d2968691916bba08634c609ac1d9e67a2246915c547b

SHA512
33547f02544a4835faf108eb46acc0126f144648a4156c15d1c0699948af771975a0b575c5acefef86806ddf4497bec82b2355e16cbf719ef117ba60d1abaec6

Download Submit
C:\Windows\system\YgEOVRq.exe

Filesize
6.0MB

MD5
c70a01e0a58550897ccd93c1e1053140

SHA1
c601da5ba1002f06ddd54826dea4a5bbc0dbfcd1

SHA256
fa3c1673c43282d4e16d8661f62f89e20580fefada6ac9c9c92d88f67eece35a

SHA512
3eeffce2265b75aaf1546f921833f66d1da8ee7c2e99cee054f67fe3f0d083eb36c3a7b81bb31f64379c68c81832ba0101143381fa9fcf9030f049838ba0f554

Download Submit
C:\Windows\system\aYdawHE.exe

Filesize
6.0MB

MD5
499d9ff9c894cdf029208344a3a64a87

SHA1
75b3b21b778a44054ebf81062420f68bca072e79

SHA256
6b5e0ec59a5a82a14fbf45d768a5c1dc5032e3574bc07c6a6112acfc4aedb498

SHA512
45ffebf3ac52b28552c8ae969e99bc6c11b778c8b30fdcac7df57ac8a242eb3cc50941e94f21b7de67500f5e64681efdd6fdf069a7748d07dcbe8eb666f100a5

Download Submit
C:\Windows\system\bAaheHe.exe

Filesize
6.0MB

MD5
6a6a0a2fdb9415829d8fc08abcf7cc20

SHA1
695cac11ceced40f7a2fc7c5c676ad62af4f261c

SHA256
817e003478aa8bad8883f0328ba901e1a4ed68e09533f99eaf3b328b19b861d1

SHA512
4fa87c424d132d9b53ceb95fbf45e0a47cdd6209a94c1296982d39e7018b63f2ab67e83919b1a7c586890088a6c5a434de1384646e60ffc712895266494bf2f4

Download Submit
C:\Windows\system\bkIpJag.exe

Filesize
6.0MB

MD5
9094cf50c3931d3565a9849a30e92330

SHA1
14d4bcca95682e4a448e1187e2801245a9736070

SHA256
fc9a640cd0023353a466cea14b3f8d85312d9b4806feb16c23aa2a58721f2515

SHA512
5f828a1410f1313fa58bf3458c19781a4c9bac157254fd6c0729d68f5a70de25f4696ea4821faed4c152fac4088aa994900dd9aa00559694028f497a735afaef

Download Submit
C:\Windows\system\dEGvLOr.exe

Filesize
6.0MB

MD5
07e3bf5d16f84283bfe6338924d0cbfe

SHA1
2042ca908a64f35090f3679a74d91ad7fa60b461

SHA256
139486925279befbab84c93376a632eda17ce56635ed5f7053f6391ee0086cc6

SHA512
d6d9e69f01882164e462e234ec7ee125e05276d24bb07a48e500f71f16830c14b0b49b90811b34f4769242c85600df87a99b174c2c53e887b5d4817c52178281

Download Submit
C:\Windows\system\edeSgiA.exe

Filesize
6.0MB

MD5
73b9d74b53a6c207124c47ac6b430b2b

SHA1
be042ef8b1ce93d1f0a45c3d5e5370531fc5ce57

SHA256
a6eabe064737321e3a0a16eb78f887be3c1f9b67ed83e04ce4280c8e1415b007

SHA512
d084ae2783ca17ddc80e94ff4abf007d43226e42247969d398164bd38a4a10619991ab9ccb238fb9452d45722245450d56636d625004aa82d48b4ab9f1c59e78

Download Submit
C:\Windows\system\fDHGeOE.exe

Filesize
6.0MB

MD5
054da572284c19243b350314c9c674c6

SHA1
f282234c04829570c446f4b44318590efd1ca643

SHA256
812b70ec0651c277f7ebfa2a4f316e384b65d8494919ed4d900b841e001a138a

SHA512
e7272de7153f2ae79a847d1b55e77ee203d25ce5c2c6335101ef6c9afef9cb6f8c231412460774f0355c0e19c0fb673a6b69b22e7488643bbd8fbb77f40169b0

Download Submit
C:\Windows\system\fOdTCCe.exe

Filesize
6.0MB

MD5
9f194f19c83fbf0ce35767389382c2a3

SHA1
9c1f6cf85741876c086441ffee9779749d2a04c5

SHA256
c8e97f592e02cac765f32d732b42e69df4b49dbd2aa0fbcba7d2b2814d116ea2

SHA512
6b3ca497981a79d0733e6836ca304c44e7cc667b2958021960db2330f661c37d663caa34b5390de89e2d01d5aa712288caa6a6a4efaab01af4f84de761f94e36

Download Submit
C:\Windows\system\iGyfGZG.exe

Filesize
6.0MB

MD5
1864e588a5d61787e1c3c2daf423d1db

SHA1
4678c88a00e848e0dfa7b3196d51196979429fc5

SHA256
840780535108026a5eb65bfdf275a16b8f5f1d68bda22107fab81f10c31513e9

SHA512
2fd6db0397cbb0b4a20eb48ca034d78ca52d861967dc07a8638d3d61455a06c572966ae3fece85bf42305b68417527ea79b2a21de0af4182be4f2bd69852543e

Download Submit
C:\Windows\system\kbmdroS.exe

Filesize
6.0MB

MD5
7126cbc9550e1ef6b0c8388f4f4df37c

SHA1
586a2ec7d78afa9a28f8a804c2da663c8d02e2de

SHA256
0c8a3447f8cab4be8c16aee8f272791472215b7ad96b1dc8d81459f1d96f449d

SHA512
9e6c0ed5925ec0b5a8b991dc658b6c163df40f88ed30be018603f3cf16fcd4d1d7ed50529a957aa39b488becf54d6be8bc2b6efc6ccf03979db1072c9365a28d

Download Submit
C:\Windows\system\lBzGxBH.exe

Filesize
6.0MB

MD5
e9f0513e918e7825123293d4ff9aba71

SHA1
011c394a91c1f3c6c0841fb7765f95a2fb14aea9

SHA256
7a524ec87685e0fed350c65aabf4c1442b7197a96220b034fce24eaf4e56de0d

SHA512
b3eaa5ab16466153fd01afaa920fde75293d5b47569bcaafbb6345dca8994b572297c8dc5b2a7cd16a6869c6fcd96eefc96dbbcb4ebdf025afbfb3c77c3fde5a

Download Submit
C:\Windows\system\nfWClUN.exe

Filesize
6.0MB

MD5
5d998c329e29f384c655413508394e53

SHA1
64c68b3aee0c041454c7d5570fe7d60327b01bdd

SHA256
c6240bdee1d9d9c4dc2db1be90f63932f71267bc938b6113cdcb5fa9a7e847fe

SHA512
58d5fc1f0992b0525c2f29180e2658a996eb7a1dc6b7aa5fad1af1a590b0c67dc34690816d233ee01be0e9f9db0185abbbafd34f0d63dcf0983414eb9f70c046

Download Submit
C:\Windows\system\owSJmHa.exe

Filesize
6.0MB

MD5
34e403ed806ec648e625a8417d27750a

SHA1
e07bebb3bda32df607741f60fa650f32444d0c2d

SHA256
5e6e73e6eeb15f39c8257d500f2fbca87ea750633aba196b38a57de6034a1f9e

SHA512
0ba3da13c2dc650987589d2357673bd1213daa94011b3a54297bac2e35ec0cadf27534f9f9d8a6ca24bc23235d086143a7122bf7bb71cfa9a30a08b5bdbc0c53

Download Submit
C:\Windows\system\vcRbvhj.exe

Filesize
6.0MB

MD5
9ed3682e61db32362f52db40b6ad6f93

SHA1
82c6237d3cfa2b3886ba3519ba0611fab043c253

SHA256
414b879a9673199f5c22c0ccd7e3d052f70c794ba70cfb2a399c30380f2e4b23

SHA512
36a526c2d9ca7b6059115d5b4740d28a93d2a41189a1e63dde1c7170285e31c25d1648227ab2f13b37c00e1923ff6227d9a0564c02847eb82ba8e8b0f43b083c

Download Submit
C:\Windows\system\wrLtdVK.exe

Filesize
6.0MB

MD5
133c1bef6139f836a98562097b83a14f

SHA1
bd54f6a8e531cc3a2b67f488b9b6a166ba98b8f2

SHA256
fe27cf4d053387d95bd2151711c36cf3d4b59a27e979aca9ce6b61baf9e92c95

SHA512
972a64ab668cf93cf08229cf5a647ff3e1a016e731f302766dbac19ce65ef6da344da3ff046c6206ad5bacba37d8aea700335a441205caf6489f546077475841

Download Submit
C:\Windows\system\xLlxcxN.exe

Filesize
6.0MB

MD5
802e63b22c6facb679ef094dec500a2c

SHA1
e177ef79e53a340e2bb9b09852a2923b1fb20d75

SHA256
76eff8b2b765302ffa42a635d4e8a2a72bae9b5a2935e411706095bfb19d9283

SHA512
13484f519c2146d40e1885523ff2ed6d4f9bf6f15b461b0c5296a632c215be6e2ed090a2f440f8475a52148c3670b514ab3cc8097c6934f8a5c61e70246199c6

Download Submit
C:\Windows\system\xbCedPR.exe

Filesize
6.0MB

MD5
acffdd993052d8ba933e628b3cb47386

SHA1
156bc2b4bb56a470274d54eb6709006918c7b68f

SHA256
92a1c5a1882798da3129aef460f5f0adc633c8916514b3439fdb79fd32aa45bb

SHA512
ea3794e238fefc8aad388e4f2810174fea1dcccc353105f54175adcfd158a99aae3077d1438d8adde5cb44dd25f2802d8c626eb6165894ae6245e1a2a24c41f2

Download Submit
C:\Windows\system\yrepUZd.exe

Filesize
6.0MB

MD5
4d1318feac4ae9261e071eba419b8727

SHA1
d95ae6ba893abcb2db343457dce401ed41ec042d

SHA256
ce7449ac9622509677af0fef2aa128644819122dd92e0cef937c58c59570b2f8

SHA512
673e014969ae00b3a0ddb90eee79fe3b5c079de060b3859e291fe45cb13dd3e62721f9a65a034b3404aa9a9fe89298540ae13a1ce8ad6ccaf16fb5dac768fc53

Download Submit
C:\Windows\system\zkxQrNI.exe

Filesize
6.0MB

MD5
f0eeef860ed7bae461259daa924f9996

SHA1
0d83709fad3194a837d518b196d4c81c80e6e1fb

SHA256
71ac0c7516d7fd1129c05814ee1c476fde713f5fb72c22341d3bdd7a9e8c5416

SHA512
c002984352a4885bee7427ce96b0f34f9fd3baf8ef6fab9e9a4d772969d91fe1ab8c7a412bc0de30962cc602fa9b69fb73d6b7467fd8be34c065880767421945

Download Submit
memory/672-88-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/672-4010-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/852-82-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/852-4057-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-98-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-3991-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-1042-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/1744-1295-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/1744-97-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/1744-684-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/1744-794-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/1744-76-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/1744-64-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/1744-74-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/1744-81-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/1744-72-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/1744-63-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/1744-70-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/1744-683-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/1744-68-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/1744-83-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/1744-66-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/1744-105-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/1744-86-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/1744-91-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/1744-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1744-0-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2332-4011-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2332-65-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2432-92-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2432-4008-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2640-4059-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2640-87-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2756-4060-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-75-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-67-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2780-4056-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2792-71-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-4061-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-4012-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-85-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-77-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-4013-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-69-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2856-4014-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/3004-4058-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-89-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-4007-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/3024-73-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download