cobaltstrike | 844889df4dcb605067c6a0fd5be0d2d9d048eba5e79bcd44b653cc895ee317d6

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
17-12-2024 12:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

5cd31e06808cbc2860b80764606870b6
SHA1

c0bd05cb153ff312758c6d8f92f387d9f0a94a0d
SHA256

844889df4dcb605067c6a0fd5be0d2d9d048eba5e79bcd44b653cc895ee317d6
SHA512

a384e2bc0323eb10bc2146a821e407d065ade21e11472dca037c73e60b81f1014ebb45db79ac9511442d32a583ce73ff7b08d9f6e6d0572fc9a00b508e3e0a40
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUK:T+q56utgpPF8u/7K

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012268-3.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194d0-26.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194e4-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019551-56.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d4-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d1-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cd-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cf-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cb-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c9-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c7-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c5-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c3-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c1-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bf-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bd-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b9-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-108.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-97.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019429-91.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ad-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ab-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a5-69.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a495-62.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000194e6-50.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194da-34.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001949d-20.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019490-12.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2120-0-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/files/0x000b000000012268-3.dat	xmrig
behavioral1/memory/2120-15-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/files/0x00060000000194d0-26.dat	xmrig
behavioral1/memory/2484-27-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/files/0x00060000000194e4-36.dat	xmrig
behavioral1/memory/2364-21-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/2856-44-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2748-35-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/files/0x0007000000019551-56.dat	xmrig
behavioral1/memory/2756-58-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2668-71-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2748-70-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2860-77-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4bb-124.dat	xmrig
behavioral1/memory/2120-366-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4d4-173.dat	xmrig
behavioral1/files/0x000500000001a4d1-168.dat	xmrig
behavioral1/files/0x000500000001a4cd-161.dat	xmrig
behavioral1/files/0x000500000001a4cf-164.dat	xmrig
behavioral1/files/0x000500000001a4cb-156.dat	xmrig
behavioral1/files/0x000500000001a4c9-153.dat	xmrig
behavioral1/files/0x000500000001a4c7-148.dat	xmrig
behavioral1/files/0x000500000001a4c5-145.dat	xmrig
behavioral1/files/0x000500000001a4c3-140.dat	xmrig
behavioral1/files/0x000500000001a4c1-137.dat	xmrig
behavioral1/files/0x000500000001a4bf-132.dat	xmrig
behavioral1/files/0x000500000001a4bd-129.dat	xmrig
behavioral1/files/0x000500000001a4b9-121.dat	xmrig
behavioral1/files/0x000500000001a4b7-116.dat	xmrig
behavioral1/files/0x000500000001a4b5-113.dat	xmrig
behavioral1/files/0x000500000001a4b3-108.dat	xmrig
behavioral1/files/0x000500000001a4b1-105.dat	xmrig
behavioral1/memory/2440-98-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4af-97.dat	xmrig
behavioral1/memory/784-92-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x0008000000019429-91.dat	xmrig
behavioral1/memory/1204-85-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4ad-84.dat	xmrig
behavioral1/memory/2120-80-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2856-76-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4ab-75.dat	xmrig
behavioral1/files/0x000500000001a4a5-69.dat	xmrig
behavioral1/memory/2836-64-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2484-63-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a495-62.dat	xmrig
behavioral1/memory/2120-60-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2364-57-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/2268-51-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/files/0x00070000000194e6-50.dat	xmrig
behavioral1/memory/2120-49-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2368-46-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/files/0x00060000000194da-34.dat	xmrig
behavioral1/memory/2304-40-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x000700000001949d-20.dat	xmrig
behavioral1/memory/2120-37-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2368-13-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/files/0x0006000000019490-12.dat	xmrig
behavioral1/memory/2304-11-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2856-3398-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2368-3403-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2484-3404-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2304-3412-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2364-3417-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2304	AaNEClt.exe
2368	iSMOTyh.exe
2364	pUpPASN.exe
2484	EiyahMY.exe
2748	gSeyTyK.exe
2856	EvUkfDj.exe
2268	BtObkro.exe
2756	ItPqFAT.exe
2836	ABdwbQl.exe
2668	pvclqew.exe
2860	nCkThQh.exe
1204	HsZIzwi.exe
784	isYdpNj.exe
2440	MqZFfhx.exe
580	hiOVpND.exe
2088	DGDLTDT.exe
1980	RepegxN.exe
2012	tBAuqza.exe
2708	LhxqeBZ.exe
2976	jCixxcM.exe
2980	YUoNZJU.exe
316	fwFCQVx.exe
1988	uZwZVCk.exe
2136	RvkCpWW.exe
2996	fsPSXom.exe
2680	LhKEpTx.exe
2416	tnMiGuo.exe
1944	XefrPQm.exe
772	ALUVBvb.exe
2348	UsjuFUR.exe
408	RbranIq.exe
1544	BcLbiwK.exe
1520	sBJbhjT.exe
2224	cSiQdVj.exe
1064	kCrZbID.exe
1620	BwpCMVy.exe
760	CwCVbSk.exe
3052	HwxdPxY.exe
1584	AuXIziS.exe
1676	aJjljvg.exe
1012	dmWgvMc.exe
908	RZcKgoL.exe
944	wEdnsfe.exe
1728	hJLZnof.exe
1388	rsMMqQM.exe
1540	qJzYGky.exe
2620	kvqlzAt.exe
1284	UKXUXco.exe
3064	mdujzPW.exe
3020	AWYEOFd.exe
1348	MprJvcd.exe
2156	FNbJOXy.exe
2448	sicLQTN.exe
2060	DKzmFLW.exe
1940	RsZMXpn.exe
496	RYvQdNw.exe
2096	WohrRCF.exe
2332	MrVnJoV.exe
2064	HjZUHff.exe
2344	TDOJtbC.exe
2184	ujPzfpt.exe
1604	iAlAMYr.exe
2176	NuIpLCb.exe
2376	MEEPQdB.exe

Loads dropped DLL 64 IoCs

pid	Process
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2120-0-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/files/0x000b000000012268-3.dat	upx
behavioral1/memory/2120-6-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x00060000000194d0-26.dat	upx
behavioral1/memory/2484-27-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/files/0x00060000000194e4-36.dat	upx
behavioral1/memory/2364-21-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2856-44-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2748-35-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/files/0x0007000000019551-56.dat	upx
behavioral1/memory/2756-58-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2668-71-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2748-70-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2860-77-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/files/0x000500000001a4bb-124.dat	upx
behavioral1/files/0x000500000001a4d4-173.dat	upx
behavioral1/files/0x000500000001a4d1-168.dat	upx
behavioral1/files/0x000500000001a4cd-161.dat	upx
behavioral1/files/0x000500000001a4cf-164.dat	upx
behavioral1/files/0x000500000001a4cb-156.dat	upx
behavioral1/files/0x000500000001a4c9-153.dat	upx
behavioral1/files/0x000500000001a4c7-148.dat	upx
behavioral1/files/0x000500000001a4c5-145.dat	upx
behavioral1/files/0x000500000001a4c3-140.dat	upx
behavioral1/files/0x000500000001a4c1-137.dat	upx
behavioral1/files/0x000500000001a4bf-132.dat	upx
behavioral1/files/0x000500000001a4bd-129.dat	upx
behavioral1/files/0x000500000001a4b9-121.dat	upx
behavioral1/files/0x000500000001a4b7-116.dat	upx
behavioral1/files/0x000500000001a4b5-113.dat	upx
behavioral1/files/0x000500000001a4b3-108.dat	upx
behavioral1/files/0x000500000001a4b1-105.dat	upx
behavioral1/memory/2440-98-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/files/0x000500000001a4af-97.dat	upx
behavioral1/memory/784-92-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x0008000000019429-91.dat	upx
behavioral1/memory/1204-85-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/files/0x000500000001a4ad-84.dat	upx
behavioral1/memory/2856-76-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/files/0x000500000001a4ab-75.dat	upx
behavioral1/files/0x000500000001a4a5-69.dat	upx
behavioral1/memory/2836-64-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2484-63-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/files/0x000500000001a495-62.dat	upx
behavioral1/memory/2364-57-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2268-51-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/files/0x00070000000194e6-50.dat	upx
behavioral1/memory/2368-46-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/files/0x00060000000194da-34.dat	upx
behavioral1/memory/2304-40-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x000700000001949d-20.dat	upx
behavioral1/memory/2120-37-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2368-13-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/files/0x0006000000019490-12.dat	upx
behavioral1/memory/2304-11-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2856-3398-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2368-3403-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2484-3404-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2304-3412-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2364-3417-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2756-4053-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2668-4052-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2748-4054-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/1204-4051-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ktPkNUc.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\obKfAHk.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rtteGUT.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zbFCwda.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fNLsmjF.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QYBfdTg.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rPSxGZT.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OFJwNOK.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hAeYCyc.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MYeUTXB.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lWrsjnL.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vcFJjNc.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ioYLdJw.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kGqORIA.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FYikkIh.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FpKLejp.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\otCstzb.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uKelkja.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ujPzfpt.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lwchacN.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TTkhhMj.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aHPtaoY.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VLtHCCQ.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BAqfaem.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cnZpbNJ.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CbQOXdV.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mnNhwzo.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oqbreKq.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tYnVEJk.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hMcsFpA.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EgBGkOb.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MsjIYAF.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WZgpACm.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FTVkLtM.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UIeqtJy.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mTHlfHf.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZRZYzdL.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NdzYuyq.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fMBYRjx.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XhGWiwX.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JriGZHd.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ibBFWgT.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ptZTGfK.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UkBlYbV.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FywIgOd.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CAQrxmm.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hpKIsJc.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UsjuFUR.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\osaiijd.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uCCjvYN.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AurtwYS.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yQXpZFT.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DvyfTaO.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nlOcHce.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NelrLgA.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NDkGKWd.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HvXxDAx.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PhszvYj.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ddfSYlw.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JloaSjO.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zClVxLP.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\toDsCoE.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HAQHnmu.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kNjRmyN.exe	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 2304	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2120 wrote to memory of 2304	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2120 wrote to memory of 2304	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2120 wrote to memory of 2368	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2120 wrote to memory of 2368	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2120 wrote to memory of 2368	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2120 wrote to memory of 2364	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2120 wrote to memory of 2364	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2120 wrote to memory of 2364	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2120 wrote to memory of 2484	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2120 wrote to memory of 2484	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2120 wrote to memory of 2484	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2120 wrote to memory of 2748	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2120 wrote to memory of 2748	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2120 wrote to memory of 2748	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2120 wrote to memory of 2856	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2120 wrote to memory of 2856	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2120 wrote to memory of 2856	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2120 wrote to memory of 2268	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2120 wrote to memory of 2268	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2120 wrote to memory of 2268	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2120 wrote to memory of 2756	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2120 wrote to memory of 2756	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2120 wrote to memory of 2756	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2120 wrote to memory of 2836	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2120 wrote to memory of 2836	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2120 wrote to memory of 2836	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2120 wrote to memory of 2668	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2120 wrote to memory of 2668	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2120 wrote to memory of 2668	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2120 wrote to memory of 2860	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2120 wrote to memory of 2860	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2120 wrote to memory of 2860	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2120 wrote to memory of 1204	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2120 wrote to memory of 1204	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2120 wrote to memory of 1204	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2120 wrote to memory of 784	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2120 wrote to memory of 784	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2120 wrote to memory of 784	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2120 wrote to memory of 2440	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2120 wrote to memory of 2440	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2120 wrote to memory of 2440	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2120 wrote to memory of 580	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2120 wrote to memory of 580	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2120 wrote to memory of 580	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2120 wrote to memory of 2088	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2120 wrote to memory of 2088	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2120 wrote to memory of 2088	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2120 wrote to memory of 1980	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2120 wrote to memory of 1980	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2120 wrote to memory of 1980	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2120 wrote to memory of 2012	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2120 wrote to memory of 2012	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2120 wrote to memory of 2012	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2120 wrote to memory of 2708	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2120 wrote to memory of 2708	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2120 wrote to memory of 2708	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2120 wrote to memory of 2976	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2120 wrote to memory of 2976	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2120 wrote to memory of 2976	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2120 wrote to memory of 2980	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2120 wrote to memory of 2980	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2120 wrote to memory of 2980	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2120 wrote to memory of 316	2120	2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-17_5cd31e06808cbc2860b80764606870b6_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Windows\System\AaNEClt.exe
  C:\Windows\System\AaNEClt.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\iSMOTyh.exe
  C:\Windows\System\iSMOTyh.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\pUpPASN.exe
  C:\Windows\System\pUpPASN.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\EiyahMY.exe
  C:\Windows\System\EiyahMY.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\gSeyTyK.exe
  C:\Windows\System\gSeyTyK.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\EvUkfDj.exe
  C:\Windows\System\EvUkfDj.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\BtObkro.exe
  C:\Windows\System\BtObkro.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\ItPqFAT.exe
  C:\Windows\System\ItPqFAT.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\ABdwbQl.exe
  C:\Windows\System\ABdwbQl.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\pvclqew.exe
  C:\Windows\System\pvclqew.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\nCkThQh.exe
  C:\Windows\System\nCkThQh.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\HsZIzwi.exe
  C:\Windows\System\HsZIzwi.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\isYdpNj.exe
  C:\Windows\System\isYdpNj.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\MqZFfhx.exe
  C:\Windows\System\MqZFfhx.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\hiOVpND.exe
  C:\Windows\System\hiOVpND.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\DGDLTDT.exe
  C:\Windows\System\DGDLTDT.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\RepegxN.exe
  C:\Windows\System\RepegxN.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\tBAuqza.exe
  C:\Windows\System\tBAuqza.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\LhxqeBZ.exe
  C:\Windows\System\LhxqeBZ.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\jCixxcM.exe
  C:\Windows\System\jCixxcM.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\YUoNZJU.exe
  C:\Windows\System\YUoNZJU.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\fwFCQVx.exe
  C:\Windows\System\fwFCQVx.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\uZwZVCk.exe
  C:\Windows\System\uZwZVCk.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\RvkCpWW.exe
  C:\Windows\System\RvkCpWW.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\fsPSXom.exe
  C:\Windows\System\fsPSXom.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\LhKEpTx.exe
  C:\Windows\System\LhKEpTx.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\tnMiGuo.exe
  C:\Windows\System\tnMiGuo.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\XefrPQm.exe
  C:\Windows\System\XefrPQm.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\ALUVBvb.exe
  C:\Windows\System\ALUVBvb.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\UsjuFUR.exe
  C:\Windows\System\UsjuFUR.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\RbranIq.exe
  C:\Windows\System\RbranIq.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\BcLbiwK.exe
  C:\Windows\System\BcLbiwK.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\sBJbhjT.exe
  C:\Windows\System\sBJbhjT.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\cSiQdVj.exe
  C:\Windows\System\cSiQdVj.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\kCrZbID.exe
  C:\Windows\System\kCrZbID.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\BwpCMVy.exe
  C:\Windows\System\BwpCMVy.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\CwCVbSk.exe
  C:\Windows\System\CwCVbSk.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\HwxdPxY.exe
  C:\Windows\System\HwxdPxY.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\AuXIziS.exe
  C:\Windows\System\AuXIziS.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\aJjljvg.exe
  C:\Windows\System\aJjljvg.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\dmWgvMc.exe
  C:\Windows\System\dmWgvMc.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\RZcKgoL.exe
  C:\Windows\System\RZcKgoL.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\wEdnsfe.exe
  C:\Windows\System\wEdnsfe.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\hJLZnof.exe
  C:\Windows\System\hJLZnof.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\rsMMqQM.exe
  C:\Windows\System\rsMMqQM.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\qJzYGky.exe
  C:\Windows\System\qJzYGky.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\kvqlzAt.exe
  C:\Windows\System\kvqlzAt.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\UKXUXco.exe
  C:\Windows\System\UKXUXco.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\mdujzPW.exe
  C:\Windows\System\mdujzPW.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\AWYEOFd.exe
  C:\Windows\System\AWYEOFd.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\MprJvcd.exe
  C:\Windows\System\MprJvcd.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\FNbJOXy.exe
  C:\Windows\System\FNbJOXy.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\sicLQTN.exe
  C:\Windows\System\sicLQTN.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\DKzmFLW.exe
  C:\Windows\System\DKzmFLW.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\RsZMXpn.exe
  C:\Windows\System\RsZMXpn.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\RYvQdNw.exe
  C:\Windows\System\RYvQdNw.exe
  2⤵
  - Executes dropped EXE
  PID:496
- C:\Windows\System\WohrRCF.exe
  C:\Windows\System\WohrRCF.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\MrVnJoV.exe
  C:\Windows\System\MrVnJoV.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\HjZUHff.exe
  C:\Windows\System\HjZUHff.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\TDOJtbC.exe
  C:\Windows\System\TDOJtbC.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\ujPzfpt.exe
  C:\Windows\System\ujPzfpt.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\iAlAMYr.exe
  C:\Windows\System\iAlAMYr.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\NuIpLCb.exe
  C:\Windows\System\NuIpLCb.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\MEEPQdB.exe
  C:\Windows\System\MEEPQdB.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\abHzmPA.exe
  C:\Windows\System\abHzmPA.exe
  2⤵
  PID:2872
- C:\Windows\System\FYKuvcI.exe
  C:\Windows\System\FYKuvcI.exe
  2⤵
  PID:2128
- C:\Windows\System\evLQFrt.exe
  C:\Windows\System\evLQFrt.exe
  2⤵
  PID:2784
- C:\Windows\System\ZpqgBYy.exe
  C:\Windows\System\ZpqgBYy.exe
  2⤵
  PID:2648
- C:\Windows\System\GUTzagE.exe
  C:\Windows\System\GUTzagE.exe
  2⤵
  PID:2492
- C:\Windows\System\lwchacN.exe
  C:\Windows\System\lwchacN.exe
  2⤵
  PID:2752
- C:\Windows\System\kCWkEFi.exe
  C:\Windows\System\kCWkEFi.exe
  2⤵
  PID:1736
- C:\Windows\System\ilHioxa.exe
  C:\Windows\System\ilHioxa.exe
  2⤵
  PID:2052
- C:\Windows\System\Snyzgnc.exe
  C:\Windows\System\Snyzgnc.exe
  2⤵
  PID:1640
- C:\Windows\System\lSDcLcS.exe
  C:\Windows\System\lSDcLcS.exe
  2⤵
  PID:1652
- C:\Windows\System\CqsCxZZ.exe
  C:\Windows\System\CqsCxZZ.exe
  2⤵
  PID:1588
- C:\Windows\System\FhGWOVm.exe
  C:\Windows\System\FhGWOVm.exe
  2⤵
  PID:888
- C:\Windows\System\uaqDmWU.exe
  C:\Windows\System\uaqDmWU.exe
  2⤵
  PID:1768
- C:\Windows\System\YotBGSm.exe
  C:\Windows\System\YotBGSm.exe
  2⤵
  PID:3004
- C:\Windows\System\PTSpPSj.exe
  C:\Windows\System\PTSpPSj.exe
  2⤵
  PID:620
- C:\Windows\System\StTWjnZ.exe
  C:\Windows\System\StTWjnZ.exe
  2⤵
  PID:2148
- C:\Windows\System\DKaPAxA.exe
  C:\Windows\System\DKaPAxA.exe
  2⤵
  PID:1104
- C:\Windows\System\dKKzAaF.exe
  C:\Windows\System\dKKzAaF.exe
  2⤵
  PID:1260
- C:\Windows\System\mQNPKlz.exe
  C:\Windows\System\mQNPKlz.exe
  2⤵
  PID:300
- C:\Windows\System\FjggEBQ.exe
  C:\Windows\System\FjggEBQ.exe
  2⤵
  PID:1868
- C:\Windows\System\BXYaFHx.exe
  C:\Windows\System\BXYaFHx.exe
  2⤵
  PID:484
- C:\Windows\System\EFIhoRT.exe
  C:\Windows\System\EFIhoRT.exe
  2⤵
  PID:900
- C:\Windows\System\nTUSuju.exe
  C:\Windows\System\nTUSuju.exe
  2⤵
  PID:1656
- C:\Windows\System\AWUuFJu.exe
  C:\Windows\System\AWUuFJu.exe
  2⤵
  PID:2532
- C:\Windows\System\uHPIqWu.exe
  C:\Windows\System\uHPIqWu.exe
  2⤵
  PID:2228
- C:\Windows\System\wtuldQw.exe
  C:\Windows\System\wtuldQw.exe
  2⤵
  PID:2412
- C:\Windows\System\OOxEoVZ.exe
  C:\Windows\System\OOxEoVZ.exe
  2⤵
  PID:2428
- C:\Windows\System\WkcBrFf.exe
  C:\Windows\System\WkcBrFf.exe
  2⤵
  PID:2056
- C:\Windows\System\ATGAXZM.exe
  C:\Windows\System\ATGAXZM.exe
  2⤵
  PID:1760
- C:\Windows\System\iqcuuBP.exe
  C:\Windows\System\iqcuuBP.exe
  2⤵
  PID:872
- C:\Windows\System\DoHZqbq.exe
  C:\Windows\System\DoHZqbq.exe
  2⤵
  PID:2464
- C:\Windows\System\XhGWiwX.exe
  C:\Windows\System\XhGWiwX.exe
  2⤵
  PID:1608
- C:\Windows\System\jsvovIX.exe
  C:\Windows\System\jsvovIX.exe
  2⤵
  PID:2108
- C:\Windows\System\uIpcFsk.exe
  C:\Windows\System\uIpcFsk.exe
  2⤵
  PID:2780
- C:\Windows\System\rxeDwGB.exe
  C:\Windows\System\rxeDwGB.exe
  2⤵
  PID:2740
- C:\Windows\System\zeGLKNV.exe
  C:\Windows\System\zeGLKNV.exe
  2⤵
  PID:2656
- C:\Windows\System\pEmUkqK.exe
  C:\Windows\System\pEmUkqK.exe
  2⤵
  PID:2008
- C:\Windows\System\WztlltA.exe
  C:\Windows\System\WztlltA.exe
  2⤵
  PID:2968
- C:\Windows\System\jLVmPhH.exe
  C:\Windows\System\jLVmPhH.exe
  2⤵
  PID:2132
- C:\Windows\System\PBskGCu.exe
  C:\Windows\System\PBskGCu.exe
  2⤵
  PID:2248
- C:\Windows\System\jkFoVUX.exe
  C:\Windows\System\jkFoVUX.exe
  2⤵
  PID:1592
- C:\Windows\System\NGCjsmh.exe
  C:\Windows\System\NGCjsmh.exe
  2⤵
  PID:1380
- C:\Windows\System\XRVkSvC.exe
  C:\Windows\System\XRVkSvC.exe
  2⤵
  PID:352
- C:\Windows\System\YueMGmK.exe
  C:\Windows\System\YueMGmK.exe
  2⤵
  PID:3084
- C:\Windows\System\BhDGXUD.exe
  C:\Windows\System\BhDGXUD.exe
  2⤵
  PID:3100
- C:\Windows\System\XTzliHb.exe
  C:\Windows\System\XTzliHb.exe
  2⤵
  PID:3116
- C:\Windows\System\MvScdUW.exe
  C:\Windows\System\MvScdUW.exe
  2⤵
  PID:3132
- C:\Windows\System\wzCRgze.exe
  C:\Windows\System\wzCRgze.exe
  2⤵
  PID:3148
- C:\Windows\System\lYjXibK.exe
  C:\Windows\System\lYjXibK.exe
  2⤵
  PID:3164
- C:\Windows\System\qOoFXhH.exe
  C:\Windows\System\qOoFXhH.exe
  2⤵
  PID:3180
- C:\Windows\System\mwwizNm.exe
  C:\Windows\System\mwwizNm.exe
  2⤵
  PID:3196
- C:\Windows\System\RRFWXHD.exe
  C:\Windows\System\RRFWXHD.exe
  2⤵
  PID:3212
- C:\Windows\System\XfzaeDq.exe
  C:\Windows\System\XfzaeDq.exe
  2⤵
  PID:3228
- C:\Windows\System\SBqQgvl.exe
  C:\Windows\System\SBqQgvl.exe
  2⤵
  PID:3244
- C:\Windows\System\xHbuJwU.exe
  C:\Windows\System\xHbuJwU.exe
  2⤵
  PID:3260
- C:\Windows\System\njQFBFu.exe
  C:\Windows\System\njQFBFu.exe
  2⤵
  PID:3276
- C:\Windows\System\tUXzUqN.exe
  C:\Windows\System\tUXzUqN.exe
  2⤵
  PID:3292
- C:\Windows\System\nfMibbM.exe
  C:\Windows\System\nfMibbM.exe
  2⤵
  PID:3308
- C:\Windows\System\ZodcLdE.exe
  C:\Windows\System\ZodcLdE.exe
  2⤵
  PID:3324
- C:\Windows\System\CpxUple.exe
  C:\Windows\System\CpxUple.exe
  2⤵
  PID:3340
- C:\Windows\System\JriGZHd.exe
  C:\Windows\System\JriGZHd.exe
  2⤵
  PID:3356
- C:\Windows\System\XrBlKXl.exe
  C:\Windows\System\XrBlKXl.exe
  2⤵
  PID:3372
- C:\Windows\System\BRwehKw.exe
  C:\Windows\System\BRwehKw.exe
  2⤵
  PID:3388
- C:\Windows\System\kXWcaDO.exe
  C:\Windows\System\kXWcaDO.exe
  2⤵
  PID:3404
- C:\Windows\System\PkKfsDx.exe
  C:\Windows\System\PkKfsDx.exe
  2⤵
  PID:3424
- C:\Windows\System\KGnXnvA.exe
  C:\Windows\System\KGnXnvA.exe
  2⤵
  PID:3440
- C:\Windows\System\YVUaiRV.exe
  C:\Windows\System\YVUaiRV.exe
  2⤵
  PID:3456
- C:\Windows\System\kprwPrK.exe
  C:\Windows\System\kprwPrK.exe
  2⤵
  PID:3472
- C:\Windows\System\mhHYxXW.exe
  C:\Windows\System\mhHYxXW.exe
  2⤵
  PID:3488
- C:\Windows\System\lGsTrAW.exe
  C:\Windows\System\lGsTrAW.exe
  2⤵
  PID:3504
- C:\Windows\System\sQKXZqq.exe
  C:\Windows\System\sQKXZqq.exe
  2⤵
  PID:3520
- C:\Windows\System\uVaJztb.exe
  C:\Windows\System\uVaJztb.exe
  2⤵
  PID:3536
- C:\Windows\System\YCTkmom.exe
  C:\Windows\System\YCTkmom.exe
  2⤵
  PID:3552
- C:\Windows\System\qpFzlww.exe
  C:\Windows\System\qpFzlww.exe
  2⤵
  PID:3568
- C:\Windows\System\jsvqlLd.exe
  C:\Windows\System\jsvqlLd.exe
  2⤵
  PID:3584
- C:\Windows\System\bunfZAc.exe
  C:\Windows\System\bunfZAc.exe
  2⤵
  PID:3600
- C:\Windows\System\jqvhvPS.exe
  C:\Windows\System\jqvhvPS.exe
  2⤵
  PID:3616
- C:\Windows\System\lWrsjnL.exe
  C:\Windows\System\lWrsjnL.exe
  2⤵
  PID:3632
- C:\Windows\System\iQDLrSC.exe
  C:\Windows\System\iQDLrSC.exe
  2⤵
  PID:3648
- C:\Windows\System\ibBFWgT.exe
  C:\Windows\System\ibBFWgT.exe
  2⤵
  PID:3664
- C:\Windows\System\kEYmCQt.exe
  C:\Windows\System\kEYmCQt.exe
  2⤵
  PID:3680
- C:\Windows\System\CGypRfB.exe
  C:\Windows\System\CGypRfB.exe
  2⤵
  PID:3696
- C:\Windows\System\jrMgWeF.exe
  C:\Windows\System\jrMgWeF.exe
  2⤵
  PID:3712
- C:\Windows\System\WFicAhu.exe
  C:\Windows\System\WFicAhu.exe
  2⤵
  PID:3728
- C:\Windows\System\UaCLUqD.exe
  C:\Windows\System\UaCLUqD.exe
  2⤵
  PID:3744
- C:\Windows\System\djwilkD.exe
  C:\Windows\System\djwilkD.exe
  2⤵
  PID:3760
- C:\Windows\System\jHxsYQX.exe
  C:\Windows\System\jHxsYQX.exe
  2⤵
  PID:3776
- C:\Windows\System\FRqHAqK.exe
  C:\Windows\System\FRqHAqK.exe
  2⤵
  PID:3792
- C:\Windows\System\hXxpBrZ.exe
  C:\Windows\System\hXxpBrZ.exe
  2⤵
  PID:3808
- C:\Windows\System\HjsKsyz.exe
  C:\Windows\System\HjsKsyz.exe
  2⤵
  PID:3824
- C:\Windows\System\UhptGWT.exe
  C:\Windows\System\UhptGWT.exe
  2⤵
  PID:3840
- C:\Windows\System\RWZxwIa.exe
  C:\Windows\System\RWZxwIa.exe
  2⤵
  PID:3856
- C:\Windows\System\SuDjpoO.exe
  C:\Windows\System\SuDjpoO.exe
  2⤵
  PID:3872
- C:\Windows\System\viaZMJF.exe
  C:\Windows\System\viaZMJF.exe
  2⤵
  PID:3888
- C:\Windows\System\FiHtvOA.exe
  C:\Windows\System\FiHtvOA.exe
  2⤵
  PID:3904
- C:\Windows\System\DVcqBGk.exe
  C:\Windows\System\DVcqBGk.exe
  2⤵
  PID:3920
- C:\Windows\System\OrSLHAS.exe
  C:\Windows\System\OrSLHAS.exe
  2⤵
  PID:3936
- C:\Windows\System\xhQhdEW.exe
  C:\Windows\System\xhQhdEW.exe
  2⤵
  PID:3952
- C:\Windows\System\sKgxlAM.exe
  C:\Windows\System\sKgxlAM.exe
  2⤵
  PID:3968
- C:\Windows\System\BAPqfLj.exe
  C:\Windows\System\BAPqfLj.exe
  2⤵
  PID:3984
- C:\Windows\System\CGlThzx.exe
  C:\Windows\System\CGlThzx.exe
  2⤵
  PID:4000
- C:\Windows\System\YYlHhZa.exe
  C:\Windows\System\YYlHhZa.exe
  2⤵
  PID:4016
- C:\Windows\System\LeAGBHC.exe
  C:\Windows\System\LeAGBHC.exe
  2⤵
  PID:4032
- C:\Windows\System\qEgUBOY.exe
  C:\Windows\System\qEgUBOY.exe
  2⤵
  PID:4048
- C:\Windows\System\UgIPAPI.exe
  C:\Windows\System\UgIPAPI.exe
  2⤵
  PID:4064
- C:\Windows\System\cuvHLEY.exe
  C:\Windows\System\cuvHLEY.exe
  2⤵
  PID:4080
- C:\Windows\System\RBXCzXr.exe
  C:\Windows\System\RBXCzXr.exe
  2⤵
  PID:548
- C:\Windows\System\dctqzjo.exe
  C:\Windows\System\dctqzjo.exe
  2⤵
  PID:2472
- C:\Windows\System\tpqbcHH.exe
  C:\Windows\System\tpqbcHH.exe
  2⤵
  PID:688
- C:\Windows\System\bqzVAJL.exe
  C:\Windows\System\bqzVAJL.exe
  2⤵
  PID:1896
- C:\Windows\System\QjXmgkK.exe
  C:\Windows\System\QjXmgkK.exe
  2⤵
  PID:1884
- C:\Windows\System\NnMblOZ.exe
  C:\Windows\System\NnMblOZ.exe
  2⤵
  PID:1680
- C:\Windows\System\IkdZPeE.exe
  C:\Windows\System\IkdZPeE.exe
  2⤵
  PID:2196
- C:\Windows\System\KyKDcah.exe
  C:\Windows\System\KyKDcah.exe
  2⤵
  PID:2992
- C:\Windows\System\NigLTma.exe
  C:\Windows\System\NigLTma.exe
  2⤵
  PID:1052
- C:\Windows\System\JCgyGiG.exe
  C:\Windows\System\JCgyGiG.exe
  2⤵
  PID:1920
- C:\Windows\System\vcFJjNc.exe
  C:\Windows\System\vcFJjNc.exe
  2⤵
  PID:1704
- C:\Windows\System\cWqIQJz.exe
  C:\Windows\System\cWqIQJz.exe
  2⤵
  PID:3080
- C:\Windows\System\tDSlAyQ.exe
  C:\Windows\System\tDSlAyQ.exe
  2⤵
  PID:3124
- C:\Windows\System\yBbtUGN.exe
  C:\Windows\System\yBbtUGN.exe
  2⤵
  PID:3160
- C:\Windows\System\TNPtdxO.exe
  C:\Windows\System\TNPtdxO.exe
  2⤵
  PID:3176
- C:\Windows\System\mnNhwzo.exe
  C:\Windows\System\mnNhwzo.exe
  2⤵
  PID:3220
- C:\Windows\System\bYAMGIS.exe
  C:\Windows\System\bYAMGIS.exe
  2⤵
  PID:3240
- C:\Windows\System\hgANYqN.exe
  C:\Windows\System\hgANYqN.exe
  2⤵
  PID:3284
- C:\Windows\System\VVMFDPd.exe
  C:\Windows\System\VVMFDPd.exe
  2⤵
  PID:3320
- C:\Windows\System\cEllFca.exe
  C:\Windows\System\cEllFca.exe
  2⤵
  PID:3336
- C:\Windows\System\pWsKAQP.exe
  C:\Windows\System\pWsKAQP.exe
  2⤵
  PID:3380
- C:\Windows\System\YRrevbA.exe
  C:\Windows\System\YRrevbA.exe
  2⤵
  PID:3416
- C:\Windows\System\UChlTKF.exe
  C:\Windows\System\UChlTKF.exe
  2⤵
  PID:3452
- C:\Windows\System\gSrXDMA.exe
  C:\Windows\System\gSrXDMA.exe
  2⤵
  PID:3468
- C:\Windows\System\cGDkfAW.exe
  C:\Windows\System\cGDkfAW.exe
  2⤵
  PID:3516
- C:\Windows\System\gblWelm.exe
  C:\Windows\System\gblWelm.exe
  2⤵
  PID:3548
- C:\Windows\System\IpZpUaR.exe
  C:\Windows\System\IpZpUaR.exe
  2⤵
  PID:3580
- C:\Windows\System\WFloWcR.exe
  C:\Windows\System\WFloWcR.exe
  2⤵
  PID:3612
- C:\Windows\System\fLjdoCs.exe
  C:\Windows\System\fLjdoCs.exe
  2⤵
  PID:3644
- C:\Windows\System\Tfjhhxj.exe
  C:\Windows\System\Tfjhhxj.exe
  2⤵
  PID:3660
- C:\Windows\System\FCwEChW.exe
  C:\Windows\System\FCwEChW.exe
  2⤵
  PID:3692
- C:\Windows\System\uvZpyZT.exe
  C:\Windows\System\uvZpyZT.exe
  2⤵
  PID:3740
- C:\Windows\System\JqVaUub.exe
  C:\Windows\System\JqVaUub.exe
  2⤵
  PID:3756
- C:\Windows\System\ZZQGPnm.exe
  C:\Windows\System\ZZQGPnm.exe
  2⤵
  PID:3788
- C:\Windows\System\qafSwOg.exe
  C:\Windows\System\qafSwOg.exe
  2⤵
  PID:3820
- C:\Windows\System\ZiltyaG.exe
  C:\Windows\System\ZiltyaG.exe
  2⤵
  PID:3868
- C:\Windows\System\XbsrZlL.exe
  C:\Windows\System\XbsrZlL.exe
  2⤵
  PID:3900
- C:\Windows\System\UFXhGOH.exe
  C:\Windows\System\UFXhGOH.exe
  2⤵
  PID:3916
- C:\Windows\System\oGPDtPo.exe
  C:\Windows\System\oGPDtPo.exe
  2⤵
  PID:3964
- C:\Windows\System\IyebJkq.exe
  C:\Windows\System\IyebJkq.exe
  2⤵
  PID:3996
- C:\Windows\System\BttdixA.exe
  C:\Windows\System\BttdixA.exe
  2⤵
  PID:4028
- C:\Windows\System\kxVLFoT.exe
  C:\Windows\System\kxVLFoT.exe
  2⤵
  PID:4060
- C:\Windows\System\lcrpDGF.exe
  C:\Windows\System\lcrpDGF.exe
  2⤵
  PID:4076
- C:\Windows\System\xKEqsuD.exe
  C:\Windows\System\xKEqsuD.exe
  2⤵
  PID:1628
- C:\Windows\System\vDOpQvW.exe
  C:\Windows\System\vDOpQvW.exe
  2⤵
  PID:2732
- C:\Windows\System\zOjcQfj.exe
  C:\Windows\System\zOjcQfj.exe
  2⤵
  PID:1708
- C:\Windows\System\nlOcHce.exe
  C:\Windows\System\nlOcHce.exe
  2⤵
  PID:3068
- C:\Windows\System\EFVfjZj.exe
  C:\Windows\System\EFVfjZj.exe
  2⤵
  PID:1892
- C:\Windows\System\AmvjXzS.exe
  C:\Windows\System\AmvjXzS.exe
  2⤵
  PID:3076
- C:\Windows\System\EWnrTqU.exe
  C:\Windows\System\EWnrTqU.exe
  2⤵
  PID:3156
- C:\Windows\System\yJymbcJ.exe
  C:\Windows\System\yJymbcJ.exe
  2⤵
  PID:3268
- C:\Windows\System\YHUZsIo.exe
  C:\Windows\System\YHUZsIo.exe
  2⤵
  PID:3316
- C:\Windows\System\bZPUNQJ.exe
  C:\Windows\System\bZPUNQJ.exe
  2⤵
  PID:3368
- C:\Windows\System\cBUdUQH.exe
  C:\Windows\System\cBUdUQH.exe
  2⤵
  PID:3412
- C:\Windows\System\McmtBXj.exe
  C:\Windows\System\McmtBXj.exe
  2⤵
  PID:3484
- C:\Windows\System\idlCFcJ.exe
  C:\Windows\System\idlCFcJ.exe
  2⤵
  PID:3532
- C:\Windows\System\LXpLxYL.exe
  C:\Windows\System\LXpLxYL.exe
  2⤵
  PID:3628
- C:\Windows\System\CMpDVpD.exe
  C:\Windows\System\CMpDVpD.exe
  2⤵
  PID:3676
- C:\Windows\System\IAfaWNg.exe
  C:\Windows\System\IAfaWNg.exe
  2⤵
  PID:3724
- C:\Windows\System\OdOjrEv.exe
  C:\Windows\System\OdOjrEv.exe
  2⤵
  PID:3804
- C:\Windows\System\imfktNU.exe
  C:\Windows\System\imfktNU.exe
  2⤵
  PID:3852
- C:\Windows\System\aavsXSv.exe
  C:\Windows\System\aavsXSv.exe
  2⤵
  PID:3932
- C:\Windows\System\CVcHJCQ.exe
  C:\Windows\System\CVcHJCQ.exe
  2⤵
  PID:4024
- C:\Windows\System\UerUpPP.exe
  C:\Windows\System\UerUpPP.exe
  2⤵
  PID:4056
- C:\Windows\System\Akowgxx.exe
  C:\Windows\System\Akowgxx.exe
  2⤵
  PID:3012
- C:\Windows\System\HwtWtoF.exe
  C:\Windows\System\HwtWtoF.exe
  2⤵
  PID:2520
- C:\Windows\System\bImdIOk.exe
  C:\Windows\System\bImdIOk.exe
  2⤵
  PID:2496
- C:\Windows\System\iOzPkiZ.exe
  C:\Windows\System\iOzPkiZ.exe
  2⤵
  PID:3188
- C:\Windows\System\sFFxACV.exe
  C:\Windows\System\sFFxACV.exe
  2⤵
  PID:3348
- C:\Windows\System\oKVMmDg.exe
  C:\Windows\System\oKVMmDg.exe
  2⤵
  PID:3448
- C:\Windows\System\uJYRdYN.exe
  C:\Windows\System\uJYRdYN.exe
  2⤵
  PID:3564
- C:\Windows\System\MhOsUxf.exe
  C:\Windows\System\MhOsUxf.exe
  2⤵
  PID:3708
- C:\Windows\System\iTKcuSE.exe
  C:\Windows\System\iTKcuSE.exe
  2⤵
  PID:3836
- C:\Windows\System\MsjHaBo.exe
  C:\Windows\System\MsjHaBo.exe
  2⤵
  PID:3960
- C:\Windows\System\MzdlLIf.exe
  C:\Windows\System\MzdlLIf.exe
  2⤵
  PID:4092
- C:\Windows\System\mEuTazz.exe
  C:\Windows\System\mEuTazz.exe
  2⤵
  PID:2272
- C:\Windows\System\NgOPFgj.exe
  C:\Windows\System\NgOPFgj.exe
  2⤵
  PID:3272
- C:\Windows\System\nSeiXQY.exe
  C:\Windows\System\nSeiXQY.exe
  2⤵
  PID:3436
- C:\Windows\System\mTHlfHf.exe
  C:\Windows\System\mTHlfHf.exe
  2⤵
  PID:4108
- C:\Windows\System\wvKowJR.exe
  C:\Windows\System\wvKowJR.exe
  2⤵
  PID:4124
- C:\Windows\System\UHRcBHd.exe
  C:\Windows\System\UHRcBHd.exe
  2⤵
  PID:4140
- C:\Windows\System\vFsYTOG.exe
  C:\Windows\System\vFsYTOG.exe
  2⤵
  PID:4156
- C:\Windows\System\nzdMwTy.exe
  C:\Windows\System\nzdMwTy.exe
  2⤵
  PID:4172
- C:\Windows\System\RdNmqNx.exe
  C:\Windows\System\RdNmqNx.exe
  2⤵
  PID:4188
- C:\Windows\System\QwFIBtC.exe
  C:\Windows\System\QwFIBtC.exe
  2⤵
  PID:4204
- C:\Windows\System\CVuTkUr.exe
  C:\Windows\System\CVuTkUr.exe
  2⤵
  PID:4220
- C:\Windows\System\gqlejVo.exe
  C:\Windows\System\gqlejVo.exe
  2⤵
  PID:4236
- C:\Windows\System\AaBQWlR.exe
  C:\Windows\System\AaBQWlR.exe
  2⤵
  PID:4252
- C:\Windows\System\ZiuCPMf.exe
  C:\Windows\System\ZiuCPMf.exe
  2⤵
  PID:4268
- C:\Windows\System\npDuXjL.exe
  C:\Windows\System\npDuXjL.exe
  2⤵
  PID:4284
- C:\Windows\System\vgeLzrp.exe
  C:\Windows\System\vgeLzrp.exe
  2⤵
  PID:4300
- C:\Windows\System\NNGTjyE.exe
  C:\Windows\System\NNGTjyE.exe
  2⤵
  PID:4316
- C:\Windows\System\GnlIRJa.exe
  C:\Windows\System\GnlIRJa.exe
  2⤵
  PID:4332
- C:\Windows\System\rNLhzKV.exe
  C:\Windows\System\rNLhzKV.exe
  2⤵
  PID:4348
- C:\Windows\System\OYztMNd.exe
  C:\Windows\System\OYztMNd.exe
  2⤵
  PID:4364
- C:\Windows\System\GUoMejL.exe
  C:\Windows\System\GUoMejL.exe
  2⤵
  PID:4380
- C:\Windows\System\RHNdnvN.exe
  C:\Windows\System\RHNdnvN.exe
  2⤵
  PID:4396
- C:\Windows\System\GhTSqJu.exe
  C:\Windows\System\GhTSqJu.exe
  2⤵
  PID:4412
- C:\Windows\System\rlpJIqP.exe
  C:\Windows\System\rlpJIqP.exe
  2⤵
  PID:4432
- C:\Windows\System\IzcgKxQ.exe
  C:\Windows\System\IzcgKxQ.exe
  2⤵
  PID:4448
- C:\Windows\System\ZQOSRPD.exe
  C:\Windows\System\ZQOSRPD.exe
  2⤵
  PID:4464
- C:\Windows\System\UprpwZa.exe
  C:\Windows\System\UprpwZa.exe
  2⤵
  PID:4480
- C:\Windows\System\JWSmKoi.exe
  C:\Windows\System\JWSmKoi.exe
  2⤵
  PID:4496
- C:\Windows\System\tcgIhXj.exe
  C:\Windows\System\tcgIhXj.exe
  2⤵
  PID:4512
- C:\Windows\System\JKUKRkc.exe
  C:\Windows\System\JKUKRkc.exe
  2⤵
  PID:4528
- C:\Windows\System\pZxUIqm.exe
  C:\Windows\System\pZxUIqm.exe
  2⤵
  PID:4544
- C:\Windows\System\AJLeNfQ.exe
  C:\Windows\System\AJLeNfQ.exe
  2⤵
  PID:4560
- C:\Windows\System\ISojdox.exe
  C:\Windows\System\ISojdox.exe
  2⤵
  PID:4576
- C:\Windows\System\LlQAWKs.exe
  C:\Windows\System\LlQAWKs.exe
  2⤵
  PID:4592
- C:\Windows\System\ifzNfGB.exe
  C:\Windows\System\ifzNfGB.exe
  2⤵
  PID:4608
- C:\Windows\System\BklGave.exe
  C:\Windows\System\BklGave.exe
  2⤵
  PID:4624
- C:\Windows\System\uRkohdU.exe
  C:\Windows\System\uRkohdU.exe
  2⤵
  PID:4640
- C:\Windows\System\BXkVHdZ.exe
  C:\Windows\System\BXkVHdZ.exe
  2⤵
  PID:4656
- C:\Windows\System\OHxsAUg.exe
  C:\Windows\System\OHxsAUg.exe
  2⤵
  PID:4672
- C:\Windows\System\uucpMZQ.exe
  C:\Windows\System\uucpMZQ.exe
  2⤵
  PID:4688
- C:\Windows\System\gCzQefj.exe
  C:\Windows\System\gCzQefj.exe
  2⤵
  PID:4704
- C:\Windows\System\VChNRBJ.exe
  C:\Windows\System\VChNRBJ.exe
  2⤵
  PID:4720
- C:\Windows\System\TzyxzPG.exe
  C:\Windows\System\TzyxzPG.exe
  2⤵
  PID:4736
- C:\Windows\System\uSmppNz.exe
  C:\Windows\System\uSmppNz.exe
  2⤵
  PID:4752
- C:\Windows\System\JoAqMfQ.exe
  C:\Windows\System\JoAqMfQ.exe
  2⤵
  PID:4768
- C:\Windows\System\rqhOZxb.exe
  C:\Windows\System\rqhOZxb.exe
  2⤵
  PID:4784
- C:\Windows\System\vxwXkOy.exe
  C:\Windows\System\vxwXkOy.exe
  2⤵
  PID:4800
- C:\Windows\System\QlLWzFA.exe
  C:\Windows\System\QlLWzFA.exe
  2⤵
  PID:4816
- C:\Windows\System\QcEdmmX.exe
  C:\Windows\System\QcEdmmX.exe
  2⤵
  PID:4832
- C:\Windows\System\oDjUKiN.exe
  C:\Windows\System\oDjUKiN.exe
  2⤵
  PID:4848
- C:\Windows\System\QcsAxsX.exe
  C:\Windows\System\QcsAxsX.exe
  2⤵
  PID:4864
- C:\Windows\System\erEejjq.exe
  C:\Windows\System\erEejjq.exe
  2⤵
  PID:4880
- C:\Windows\System\iYZFgcP.exe
  C:\Windows\System\iYZFgcP.exe
  2⤵
  PID:4896
- C:\Windows\System\FOfyUkv.exe
  C:\Windows\System\FOfyUkv.exe
  2⤵
  PID:4912
- C:\Windows\System\QYBfdTg.exe
  C:\Windows\System\QYBfdTg.exe
  2⤵
  PID:4928
- C:\Windows\System\OjuAcyC.exe
  C:\Windows\System\OjuAcyC.exe
  2⤵
  PID:4944
- C:\Windows\System\CAQrxmm.exe
  C:\Windows\System\CAQrxmm.exe
  2⤵
  PID:4960
- C:\Windows\System\HoDueoq.exe
  C:\Windows\System\HoDueoq.exe
  2⤵
  PID:4976
- C:\Windows\System\YoQKTJw.exe
  C:\Windows\System\YoQKTJw.exe
  2⤵
  PID:4992
- C:\Windows\System\skgHBAA.exe
  C:\Windows\System\skgHBAA.exe
  2⤵
  PID:5008
- C:\Windows\System\LjBGMAX.exe
  C:\Windows\System\LjBGMAX.exe
  2⤵
  PID:5024
- C:\Windows\System\NUPNJSO.exe
  C:\Windows\System\NUPNJSO.exe
  2⤵
  PID:5040
- C:\Windows\System\TwbfEqF.exe
  C:\Windows\System\TwbfEqF.exe
  2⤵
  PID:5056
- C:\Windows\System\EFwMwDq.exe
  C:\Windows\System\EFwMwDq.exe
  2⤵
  PID:5072
- C:\Windows\System\Mznjiwi.exe
  C:\Windows\System\Mznjiwi.exe
  2⤵
  PID:5088
- C:\Windows\System\xOSLQYI.exe
  C:\Windows\System\xOSLQYI.exe
  2⤵
  PID:5104
- C:\Windows\System\JujLGXo.exe
  C:\Windows\System\JujLGXo.exe
  2⤵
  PID:1696
- C:\Windows\System\vGwTrEW.exe
  C:\Windows\System\vGwTrEW.exe
  2⤵
  PID:3832
- C:\Windows\System\DRYLlYK.exe
  C:\Windows\System\DRYLlYK.exe
  2⤵
  PID:3948
- C:\Windows\System\udOULVU.exe
  C:\Windows\System\udOULVU.exe
  2⤵
  PID:680
- C:\Windows\System\JmRilNe.exe
  C:\Windows\System\JmRilNe.exe
  2⤵
  PID:4104
- C:\Windows\System\bBErlZs.exe
  C:\Windows\System\bBErlZs.exe
  2⤵
  PID:4136
- C:\Windows\System\JYnqsRf.exe
  C:\Windows\System\JYnqsRf.exe
  2⤵
  PID:4152
- C:\Windows\System\AnmEkKG.exe
  C:\Windows\System\AnmEkKG.exe
  2⤵
  PID:4200
- C:\Windows\System\WZgpACm.exe
  C:\Windows\System\WZgpACm.exe
  2⤵
  PID:4216
- C:\Windows\System\YaVpdrV.exe
  C:\Windows\System\YaVpdrV.exe
  2⤵
  PID:4248
- C:\Windows\System\ddyZtQa.exe
  C:\Windows\System\ddyZtQa.exe
  2⤵
  PID:4276
- C:\Windows\System\MdOJCGK.exe
  C:\Windows\System\MdOJCGK.exe
  2⤵
  PID:4308
- C:\Windows\System\CYaBhDs.exe
  C:\Windows\System\CYaBhDs.exe
  2⤵
  PID:4340
- C:\Windows\System\QKOEtJS.exe
  C:\Windows\System\QKOEtJS.exe
  2⤵
  PID:4372
- C:\Windows\System\FWQMpAw.exe
  C:\Windows\System\FWQMpAw.exe
  2⤵
  PID:4404
- C:\Windows\System\EMThjDa.exe
  C:\Windows\System\EMThjDa.exe
  2⤵
  PID:4440
- C:\Windows\System\MuSNltn.exe
  C:\Windows\System\MuSNltn.exe
  2⤵
  PID:4472
- C:\Windows\System\LONxLkD.exe
  C:\Windows\System\LONxLkD.exe
  2⤵
  PID:4504
- C:\Windows\System\RIZkOur.exe
  C:\Windows\System\RIZkOur.exe
  2⤵
  PID:4536
- C:\Windows\System\TTkhhMj.exe
  C:\Windows\System\TTkhhMj.exe
  2⤵
  PID:4568
- C:\Windows\System\rlBZXGE.exe
  C:\Windows\System\rlBZXGE.exe
  2⤵
  PID:4616
- C:\Windows\System\xbqrAXL.exe
  C:\Windows\System\xbqrAXL.exe
  2⤵
  PID:2868
- C:\Windows\System\zJbBYKk.exe
  C:\Windows\System\zJbBYKk.exe
  2⤵
  PID:4680
- C:\Windows\System\CphyqRZ.exe
  C:\Windows\System\CphyqRZ.exe
  2⤵
  PID:4712
- C:\Windows\System\ZRZYzdL.exe
  C:\Windows\System\ZRZYzdL.exe
  2⤵
  PID:4728
- C:\Windows\System\svufNlD.exe
  C:\Windows\System\svufNlD.exe
  2⤵
  PID:4760
- C:\Windows\System\jycmhLs.exe
  C:\Windows\System\jycmhLs.exe
  2⤵
  PID:4776
- C:\Windows\System\qibTLxc.exe
  C:\Windows\System\qibTLxc.exe
  2⤵
  PID:4808
- C:\Windows\System\hvRKZHI.exe
  C:\Windows\System\hvRKZHI.exe
  2⤵
  PID:536
- C:\Windows\System\YVVrXlI.exe
  C:\Windows\System\YVVrXlI.exe
  2⤵
  PID:2508
- C:\Windows\System\cYOfDAt.exe
  C:\Windows\System\cYOfDAt.exe
  2⤵
  PID:2684
- C:\Windows\System\aHPtaoY.exe
  C:\Windows\System\aHPtaoY.exe
  2⤵
  PID:3024
- C:\Windows\System\PzJmNZn.exe
  C:\Windows\System\PzJmNZn.exe
  2⤵
  PID:4872
- C:\Windows\System\rHUxCiA.exe
  C:\Windows\System\rHUxCiA.exe
  2⤵
  PID:4860
- C:\Windows\System\yRetfqa.exe
  C:\Windows\System\yRetfqa.exe
  2⤵
  PID:4892
- C:\Windows\System\oWrPElM.exe
  C:\Windows\System\oWrPElM.exe
  2⤵
  PID:4924
- C:\Windows\System\olImCtv.exe
  C:\Windows\System\olImCtv.exe
  2⤵
  PID:4956
- C:\Windows\System\BPIARLk.exe
  C:\Windows\System\BPIARLk.exe
  2⤵
  PID:4988
- C:\Windows\System\ktPkNUc.exe
  C:\Windows\System\ktPkNUc.exe
  2⤵
  PID:5036
- C:\Windows\System\pjOYLdX.exe
  C:\Windows\System\pjOYLdX.exe
  2⤵
  PID:5068
- C:\Windows\System\sIzltMN.exe
  C:\Windows\System\sIzltMN.exe
  2⤵
  PID:5100
- C:\Windows\System\oqbreKq.exe
  C:\Windows\System\oqbreKq.exe
  2⤵
  PID:348
- C:\Windows\System\NzeDzek.exe
  C:\Windows\System\NzeDzek.exe
  2⤵
  PID:3980
- C:\Windows\System\JtbYEzb.exe
  C:\Windows\System\JtbYEzb.exe
  2⤵
  PID:4100
- C:\Windows\System\HrnkFyQ.exe
  C:\Windows\System\HrnkFyQ.exe
  2⤵
  PID:4180
- C:\Windows\System\qIypGdV.exe
  C:\Windows\System\qIypGdV.exe
  2⤵
  PID:628
- C:\Windows\System\VbnFLbt.exe
  C:\Windows\System\VbnFLbt.exe
  2⤵
  PID:4296
- C:\Windows\System\ioYLdJw.exe
  C:\Windows\System\ioYLdJw.exe
  2⤵
  PID:2140
- C:\Windows\System\gIQYTTk.exe
  C:\Windows\System\gIQYTTk.exe
  2⤵
  PID:4344
- C:\Windows\System\HaqvDzE.exe
  C:\Windows\System\HaqvDzE.exe
  2⤵
  PID:4392
- C:\Windows\System\FqOjulw.exe
  C:\Windows\System\FqOjulw.exe
  2⤵
  PID:4492
- C:\Windows\System\vMKElzm.exe
  C:\Windows\System\vMKElzm.exe
  2⤵
  PID:2824
- C:\Windows\System\JRXHLSK.exe
  C:\Windows\System\JRXHLSK.exe
  2⤵
  PID:4508
- C:\Windows\System\LkAmckI.exe
  C:\Windows\System\LkAmckI.exe
  2⤵
  PID:4604
- C:\Windows\System\pSieAJy.exe
  C:\Windows\System\pSieAJy.exe
  2⤵
  PID:2932
- C:\Windows\System\qPKKCFa.exe
  C:\Windows\System\qPKKCFa.exe
  2⤵
  PID:4748
- C:\Windows\System\SlqcboB.exe
  C:\Windows\System\SlqcboB.exe
  2⤵
  PID:4732
- C:\Windows\System\KPkrOFz.exe
  C:\Windows\System\KPkrOFz.exe
  2⤵
  PID:1824
- C:\Windows\System\EAjUwBD.exe
  C:\Windows\System\EAjUwBD.exe
  2⤵
  PID:2908
- C:\Windows\System\VjbHfzw.exe
  C:\Windows\System\VjbHfzw.exe
  2⤵
  PID:4840
- C:\Windows\System\xcrlALY.exe
  C:\Windows\System\xcrlALY.exe
  2⤵
  PID:4856
- C:\Windows\System\ZHiEIoO.exe
  C:\Windows\System\ZHiEIoO.exe
  2⤵
  PID:4904
- C:\Windows\System\xnQqDcY.exe
  C:\Windows\System\xnQqDcY.exe
  2⤵
  PID:4984
- C:\Windows\System\oZfhYko.exe
  C:\Windows\System\oZfhYko.exe
  2⤵
  PID:5048
- C:\Windows\System\RJOUwMF.exe
  C:\Windows\System\RJOUwMF.exe
  2⤵
  PID:5080
- C:\Windows\System\Rjlngsw.exe
  C:\Windows\System\Rjlngsw.exe
  2⤵
  PID:3596
- C:\Windows\System\kGqORIA.exe
  C:\Windows\System\kGqORIA.exe
  2⤵
  PID:4196
- C:\Windows\System\auQIVfc.exe
  C:\Windows\System\auQIVfc.exe
  2⤵
  PID:4292
- C:\Windows\System\zpuBoXZ.exe
  C:\Windows\System\zpuBoXZ.exe
  2⤵
  PID:4328
- C:\Windows\System\ptZTGfK.exe
  C:\Windows\System\ptZTGfK.exe
  2⤵
  PID:4424
- C:\Windows\System\JcpYEIn.exe
  C:\Windows\System\JcpYEIn.exe
  2⤵
  PID:4588
- C:\Windows\System\eHpykai.exe
  C:\Windows\System\eHpykai.exe
  2⤵
  PID:4652
- C:\Windows\System\kodjZZO.exe
  C:\Windows\System\kodjZZO.exe
  2⤵
  PID:1044
- C:\Windows\System\TMDeBAh.exe
  C:\Windows\System\TMDeBAh.exe
  2⤵
  PID:2808
- C:\Windows\System\pXNGAIU.exe
  C:\Windows\System\pXNGAIU.exe
  2⤵
  PID:4828
- C:\Windows\System\JLmzWgc.exe
  C:\Windows\System\JLmzWgc.exe
  2⤵
  PID:4968
- C:\Windows\System\INOVhqL.exe
  C:\Windows\System\INOVhqL.exe
  2⤵
  PID:5064
- C:\Windows\System\qQQazMD.exe
  C:\Windows\System\qQQazMD.exe
  2⤵
  PID:4244
- C:\Windows\System\MQzcIEU.exe
  C:\Windows\System\MQzcIEU.exe
  2⤵
  PID:4360
- C:\Windows\System\KfCFukM.exe
  C:\Windows\System\KfCFukM.exe
  2⤵
  PID:2328
- C:\Windows\System\CGTxyol.exe
  C:\Windows\System\CGTxyol.exe
  2⤵
  PID:2616
- C:\Windows\System\zuBfYug.exe
  C:\Windows\System\zuBfYug.exe
  2⤵
  PID:2444
- C:\Windows\System\VLtHCCQ.exe
  C:\Windows\System\VLtHCCQ.exe
  2⤵
  PID:4824
- C:\Windows\System\mepirCO.exe
  C:\Windows\System\mepirCO.exe
  2⤵
  PID:5016
- C:\Windows\System\kHheyGt.exe
  C:\Windows\System\kHheyGt.exe
  2⤵
  PID:5136
- C:\Windows\System\ZMZFXBv.exe
  C:\Windows\System\ZMZFXBv.exe
  2⤵
  PID:5152
- C:\Windows\System\CccVILr.exe
  C:\Windows\System\CccVILr.exe
  2⤵
  PID:5168
- C:\Windows\System\fTsJsVL.exe
  C:\Windows\System\fTsJsVL.exe
  2⤵
  PID:5184
- C:\Windows\System\IYygFXg.exe
  C:\Windows\System\IYygFXg.exe
  2⤵
  PID:5200
- C:\Windows\System\oBmHJcH.exe
  C:\Windows\System\oBmHJcH.exe
  2⤵
  PID:5216
- C:\Windows\System\urzAxwW.exe
  C:\Windows\System\urzAxwW.exe
  2⤵
  PID:5232
- C:\Windows\System\uNYEhbt.exe
  C:\Windows\System\uNYEhbt.exe
  2⤵
  PID:5248
- C:\Windows\System\ySePwjN.exe
  C:\Windows\System\ySePwjN.exe
  2⤵
  PID:5264
- C:\Windows\System\uUWRdJQ.exe
  C:\Windows\System\uUWRdJQ.exe
  2⤵
  PID:5280
- C:\Windows\System\jGrFfbA.exe
  C:\Windows\System\jGrFfbA.exe
  2⤵
  PID:5296
- C:\Windows\System\dbqQLNH.exe
  C:\Windows\System\dbqQLNH.exe
  2⤵
  PID:5312
- C:\Windows\System\SOKzryK.exe
  C:\Windows\System\SOKzryK.exe
  2⤵
  PID:5328
- C:\Windows\System\ccQGEIJ.exe
  C:\Windows\System\ccQGEIJ.exe
  2⤵
  PID:5344
- C:\Windows\System\AoDSJlE.exe
  C:\Windows\System\AoDSJlE.exe
  2⤵
  PID:5360
- C:\Windows\System\QRtJYqN.exe
  C:\Windows\System\QRtJYqN.exe
  2⤵
  PID:5376
- C:\Windows\System\xhoTONV.exe
  C:\Windows\System\xhoTONV.exe
  2⤵
  PID:5392
- C:\Windows\System\ZDHbJqh.exe
  C:\Windows\System\ZDHbJqh.exe
  2⤵
  PID:5408
- C:\Windows\System\cZvzGFE.exe
  C:\Windows\System\cZvzGFE.exe
  2⤵
  PID:5424
- C:\Windows\System\SaFJSoc.exe
  C:\Windows\System\SaFJSoc.exe
  2⤵
  PID:5440
- C:\Windows\System\ShjYLOd.exe
  C:\Windows\System\ShjYLOd.exe
  2⤵
  PID:5456
- C:\Windows\System\yGMmMLH.exe
  C:\Windows\System\yGMmMLH.exe
  2⤵
  PID:5476
- C:\Windows\System\fErgVOs.exe
  C:\Windows\System\fErgVOs.exe
  2⤵
  PID:5492
- C:\Windows\System\RbjOnSR.exe
  C:\Windows\System\RbjOnSR.exe
  2⤵
  PID:5632
- C:\Windows\System\bWjQotM.exe
  C:\Windows\System\bWjQotM.exe
  2⤵
  PID:5652
- C:\Windows\System\dLQFmzS.exe
  C:\Windows\System\dLQFmzS.exe
  2⤵
  PID:5672
- C:\Windows\System\eUSotzO.exe
  C:\Windows\System\eUSotzO.exe
  2⤵
  PID:5796
- C:\Windows\System\oEFAuYC.exe
  C:\Windows\System\oEFAuYC.exe
  2⤵
  PID:5812
- C:\Windows\System\FYikkIh.exe
  C:\Windows\System\FYikkIh.exe
  2⤵
  PID:5828
- C:\Windows\System\rCkuVnf.exe
  C:\Windows\System\rCkuVnf.exe
  2⤵
  PID:5844
- C:\Windows\System\eidMzYR.exe
  C:\Windows\System\eidMzYR.exe
  2⤵
  PID:5860
- C:\Windows\System\vEOSsMh.exe
  C:\Windows\System\vEOSsMh.exe
  2⤵
  PID:5876
- C:\Windows\System\RkwWKnu.exe
  C:\Windows\System\RkwWKnu.exe
  2⤵
  PID:5892
- C:\Windows\System\GBlUXGy.exe
  C:\Windows\System\GBlUXGy.exe
  2⤵
  PID:5908
- C:\Windows\System\DSQWgoU.exe
  C:\Windows\System\DSQWgoU.exe
  2⤵
  PID:5924
- C:\Windows\System\AwyAEFg.exe
  C:\Windows\System\AwyAEFg.exe
  2⤵
  PID:5940
- C:\Windows\System\KJXqrcC.exe
  C:\Windows\System\KJXqrcC.exe
  2⤵
  PID:5956
- C:\Windows\System\DgkmhMb.exe
  C:\Windows\System\DgkmhMb.exe
  2⤵
  PID:5972
- C:\Windows\System\qhoaTab.exe
  C:\Windows\System\qhoaTab.exe
  2⤵
  PID:5988
- C:\Windows\System\XStcpJg.exe
  C:\Windows\System\XStcpJg.exe
  2⤵
  PID:6004
- C:\Windows\System\ndQhRDu.exe
  C:\Windows\System\ndQhRDu.exe
  2⤵
  PID:6020
- C:\Windows\System\rwmvDGe.exe
  C:\Windows\System\rwmvDGe.exe
  2⤵
  PID:6040
- C:\Windows\System\uszPmTR.exe
  C:\Windows\System\uszPmTR.exe
  2⤵
  PID:6064
- C:\Windows\System\WRwxGav.exe
  C:\Windows\System\WRwxGav.exe
  2⤵
  PID:6112
- C:\Windows\System\LAcReFu.exe
  C:\Windows\System\LAcReFu.exe
  2⤵
  PID:6128
- C:\Windows\System\CEnevsE.exe
  C:\Windows\System\CEnevsE.exe
  2⤵
  PID:5112
- C:\Windows\System\GDudwVW.exe
  C:\Windows\System\GDudwVW.exe
  2⤵
  PID:4408
- C:\Windows\System\nrmsDSV.exe
  C:\Windows\System\nrmsDSV.exe
  2⤵
  PID:5144
- C:\Windows\System\URsnwJG.exe
  C:\Windows\System\URsnwJG.exe
  2⤵
  PID:5208
- C:\Windows\System\osaiijd.exe
  C:\Windows\System\osaiijd.exe
  2⤵
  PID:5244
- C:\Windows\System\NdzYuyq.exe
  C:\Windows\System\NdzYuyq.exe
  2⤵
  PID:5308
- C:\Windows\System\lwzaOJY.exe
  C:\Windows\System\lwzaOJY.exe
  2⤵
  PID:5372
- C:\Windows\System\vCQlAqL.exe
  C:\Windows\System\vCQlAqL.exe
  2⤵
  PID:5436
- C:\Windows\System\DTEFXYr.exe
  C:\Windows\System\DTEFXYr.exe
  2⤵
  PID:5472
- C:\Windows\System\doMHKhD.exe
  C:\Windows\System\doMHKhD.exe
  2⤵
  PID:5512
- C:\Windows\System\DNUeFgo.exe
  C:\Windows\System\DNUeFgo.exe
  2⤵
  PID:5528
- C:\Windows\System\yTCYzBV.exe
  C:\Windows\System\yTCYzBV.exe
  2⤵
  PID:5544
- C:\Windows\System\asJLUhM.exe
  C:\Windows\System\asJLUhM.exe
  2⤵
  PID:5560
- C:\Windows\System\LjDplIe.exe
  C:\Windows\System\LjDplIe.exe
  2⤵
  PID:1264
- C:\Windows\System\ImirUtB.exe
  C:\Windows\System\ImirUtB.exe
  2⤵
  PID:5160
- C:\Windows\System\SKPRvlB.exe
  C:\Windows\System\SKPRvlB.exe
  2⤵
  PID:5584
- C:\Windows\System\frpLiPD.exe
  C:\Windows\System\frpLiPD.exe
  2⤵
  PID:5600
- C:\Windows\System\bNYmVPu.exe
  C:\Windows\System\bNYmVPu.exe
  2⤵
  PID:5616
- C:\Windows\System\jEJWtWq.exe
  C:\Windows\System\jEJWtWq.exe
  2⤵
  PID:5572
- C:\Windows\System\srhZqNF.exe
  C:\Windows\System\srhZqNF.exe
  2⤵
  PID:5196
- C:\Windows\System\eovYzgQ.exe
  C:\Windows\System\eovYzgQ.exe
  2⤵
  PID:5260
- C:\Windows\System\MYQetLJ.exe
  C:\Windows\System\MYQetLJ.exe
  2⤵
  PID:5320
- C:\Windows\System\PHUixdq.exe
  C:\Windows\System\PHUixdq.exe
  2⤵
  PID:5388
- C:\Windows\System\ItikOqJ.exe
  C:\Windows\System\ItikOqJ.exe
  2⤵
  PID:5452
- C:\Windows\System\bkDczDB.exe
  C:\Windows\System\bkDczDB.exe
  2⤵
  PID:5668
- C:\Windows\System\LzVegKZ.exe
  C:\Windows\System\LzVegKZ.exe
  2⤵
  PID:5680
- C:\Windows\System\CfgiLyD.exe
  C:\Windows\System\CfgiLyD.exe
  2⤵
  PID:5808
- C:\Windows\System\NirbMaE.exe
  C:\Windows\System\NirbMaE.exe
  2⤵
  PID:5700
- C:\Windows\System\FyGHixt.exe
  C:\Windows\System\FyGHixt.exe
  2⤵
  PID:3420
- C:\Windows\System\tWeNFqK.exe
  C:\Windows\System\tWeNFqK.exe
  2⤵
  PID:5760
- C:\Windows\System\AAGReCR.exe
  C:\Windows\System\AAGReCR.exe
  2⤵
  PID:5836
- C:\Windows\System\vkhAZcR.exe
  C:\Windows\System\vkhAZcR.exe
  2⤵
  PID:5868
- C:\Windows\System\ZiEyAJd.exe
  C:\Windows\System\ZiEyAJd.exe
  2⤵
  PID:5932
- C:\Windows\System\DaizmoK.exe
  C:\Windows\System\DaizmoK.exe
  2⤵
  PID:5996
- C:\Windows\System\bfuErIF.exe
  C:\Windows\System\bfuErIF.exe
  2⤵
  PID:5980
- C:\Windows\System\OtgJjUO.exe
  C:\Windows\System\OtgJjUO.exe
  2⤵
  PID:5916
- C:\Windows\System\fqxTpvC.exe
  C:\Windows\System\fqxTpvC.exe
  2⤵
  PID:6012
- C:\Windows\System\XDEctdS.exe
  C:\Windows\System\XDEctdS.exe
  2⤵
  PID:6028
- C:\Windows\System\yywYKXf.exe
  C:\Windows\System\yywYKXf.exe
  2⤵
  PID:2884
- C:\Windows\System\GMSAANu.exe
  C:\Windows\System\GMSAANu.exe
  2⤵
  PID:6060
- C:\Windows\System\fDzFBeO.exe
  C:\Windows\System\fDzFBeO.exe
  2⤵
  PID:864
- C:\Windows\System\rFXRbsR.exe
  C:\Windows\System\rFXRbsR.exe
  2⤵
  PID:6080
- C:\Windows\System\yEbBiSy.exe
  C:\Windows\System\yEbBiSy.exe
  2⤵
  PID:6088
- C:\Windows\System\LPMlprf.exe
  C:\Windows\System\LPMlprf.exe
  2⤵
  PID:1312
- C:\Windows\System\SZUtFWw.exe
  C:\Windows\System\SZUtFWw.exe
  2⤵
  PID:6104
- C:\Windows\System\iCZQVHx.exe
  C:\Windows\System\iCZQVHx.exe
  2⤵
  PID:2956
- C:\Windows\System\uUjiUye.exe
  C:\Windows\System\uUjiUye.exe
  2⤵
  PID:6120
- C:\Windows\System\oPDYkZK.exe
  C:\Windows\System\oPDYkZK.exe
  2⤵
  PID:6124
- C:\Windows\System\zEqjIme.exe
  C:\Windows\System\zEqjIme.exe
  2⤵
  PID:5240
- C:\Windows\System\cSXNtEb.exe
  C:\Windows\System\cSXNtEb.exe
  2⤵
  PID:2460
- C:\Windows\System\xwahobR.exe
  C:\Windows\System\xwahobR.exe
  2⤵
  PID:5340
- C:\Windows\System\hkDuXQR.exe
  C:\Windows\System\hkDuXQR.exe
  2⤵
  PID:2728
- C:\Windows\System\qAsPWmO.exe
  C:\Windows\System\qAsPWmO.exe
  2⤵
  PID:5304
- C:\Windows\System\mHTtuBl.exe
  C:\Windows\System\mHTtuBl.exe
  2⤵
  PID:3704
- C:\Windows\System\uCCjvYN.exe
  C:\Windows\System\uCCjvYN.exe
  2⤵
  PID:5552
- C:\Windows\System\DVGkqRE.exe
  C:\Windows\System\DVGkqRE.exe
  2⤵
  PID:5508
- C:\Windows\System\cyyOayn.exe
  C:\Windows\System\cyyOayn.exe
  2⤵
  PID:5592
- C:\Windows\System\SMjQydw.exe
  C:\Windows\System\SMjQydw.exe
  2⤵
  PID:1524
- C:\Windows\System\fQimzxz.exe
  C:\Windows\System\fQimzxz.exe
  2⤵
  PID:5256
- C:\Windows\System\ZAWPsST.exe
  C:\Windows\System\ZAWPsST.exe
  2⤵
  PID:5580
- C:\Windows\System\cclnGtQ.exe
  C:\Windows\System\cclnGtQ.exe
  2⤵
  PID:5664
- C:\Windows\System\aqJeiNE.exe
  C:\Windows\System\aqJeiNE.exe
  2⤵
  PID:2812
- C:\Windows\System\RLuoGIM.exe
  C:\Windows\System\RLuoGIM.exe
  2⤵
  PID:5708
- C:\Windows\System\ytlDcoc.exe
  C:\Windows\System\ytlDcoc.exe
  2⤵
  PID:6072
- C:\Windows\System\CDCOIGr.exe
  C:\Windows\System\CDCOIGr.exe
  2⤵
  PID:2104
- C:\Windows\System\uOcBPXh.exe
  C:\Windows\System\uOcBPXh.exe
  2⤵
  PID:5736
- C:\Windows\System\yyCoUyi.exe
  C:\Windows\System\yyCoUyi.exe
  2⤵
  PID:5740
- C:\Windows\System\dWPujFN.exe
  C:\Windows\System\dWPujFN.exe
  2⤵
  PID:5780
- C:\Windows\System\ADduiMA.exe
  C:\Windows\System\ADduiMA.exe
  2⤵
  PID:5788
- C:\Windows\System\YDayaEo.exe
  C:\Windows\System\YDayaEo.exe
  2⤵
  PID:1948
- C:\Windows\System\HHDYOmR.exe
  C:\Windows\System\HHDYOmR.exe
  2⤵
  PID:5884
- C:\Windows\System\obKfAHk.exe
  C:\Windows\System\obKfAHk.exe
  2⤵
  PID:5856
- C:\Windows\System\Ojfeuvc.exe
  C:\Windows\System\Ojfeuvc.exe
  2⤵
  PID:5948
- C:\Windows\System\McIwobK.exe
  C:\Windows\System\McIwobK.exe
  2⤵
  PID:1992
- C:\Windows\System\rZMwXBw.exe
  C:\Windows\System\rZMwXBw.exe
  2⤵
  PID:6100
- C:\Windows\System\TaTYmnR.exe
  C:\Windows\System\TaTYmnR.exe
  2⤵
  PID:4920
- C:\Windows\System\gAlRZef.exe
  C:\Windows\System\gAlRZef.exe
  2⤵
  PID:1804
- C:\Windows\System\tADNUHr.exe
  C:\Windows\System\tADNUHr.exe
  2⤵
  PID:4636
- C:\Windows\System\hbOLvQN.exe
  C:\Windows\System\hbOLvQN.exe
  2⤵
  PID:5524
- C:\Windows\System\UkBlYbV.exe
  C:\Windows\System\UkBlYbV.exe
  2⤵
  PID:5568
- C:\Windows\System\eZONCjU.exe
  C:\Windows\System\eZONCjU.exe
  2⤵
  PID:2352
- C:\Windows\System\uCJOUiQ.exe
  C:\Windows\System\uCJOUiQ.exe
  2⤵
  PID:2988
- C:\Windows\System\JloaSjO.exe
  C:\Windows\System\JloaSjO.exe
  2⤵
  PID:5384
- C:\Windows\System\IrOzTEv.exe
  C:\Windows\System\IrOzTEv.exe
  2⤵
  PID:5292
- C:\Windows\System\ursSBUe.exe
  C:\Windows\System\ursSBUe.exe
  2⤵
  PID:5696
- C:\Windows\System\bKWacWF.exe
  C:\Windows\System\bKWacWF.exe
  2⤵
  PID:5784
- C:\Windows\System\HntpLrl.exe
  C:\Windows\System\HntpLrl.exe
  2⤵
  PID:2832
- C:\Windows\System\nCBQAFL.exe
  C:\Windows\System\nCBQAFL.exe
  2⤵
  PID:5732
- C:\Windows\System\yMhYvdZ.exe
  C:\Windows\System\yMhYvdZ.exe
  2⤵
  PID:2144
- C:\Windows\System\iipBjWh.exe
  C:\Windows\System\iipBjWh.exe
  2⤵
  PID:5968
- C:\Windows\System\pJmshKp.exe
  C:\Windows\System\pJmshKp.exe
  2⤵
  PID:5824
- C:\Windows\System\JzNIldK.exe
  C:\Windows\System\JzNIldK.exe
  2⤵
  PID:6052
- C:\Windows\System\qIkJfPW.exe
  C:\Windows\System\qIkJfPW.exe
  2⤵
  PID:6076
- C:\Windows\System\QfBboUW.exe
  C:\Windows\System\QfBboUW.exe
  2⤵
  PID:5504
- C:\Windows\System\GKKZiRe.exe
  C:\Windows\System\GKKZiRe.exe
  2⤵
  PID:5228
- C:\Windows\System\RVzhTId.exe
  C:\Windows\System\RVzhTId.exe
  2⤵
  PID:1616
- C:\Windows\System\haxMKFn.exe
  C:\Windows\System\haxMKFn.exe
  2⤵
  PID:5888
- C:\Windows\System\kzwBfFq.exe
  C:\Windows\System\kzwBfFq.exe
  2⤵
  PID:5212
- C:\Windows\System\OgNWGnH.exe
  C:\Windows\System\OgNWGnH.exe
  2⤵
  PID:2644
- C:\Windows\System\vPtCjGd.exe
  C:\Windows\System\vPtCjGd.exe
  2⤵
  PID:540
- C:\Windows\System\HMZbRUc.exe
  C:\Windows\System\HMZbRUc.exe
  2⤵
  PID:6160
- C:\Windows\System\qKWPdff.exe
  C:\Windows\System\qKWPdff.exe
  2⤵
  PID:6176
- C:\Windows\System\GvQyFQt.exe
  C:\Windows\System\GvQyFQt.exe
  2⤵
  PID:6200
- C:\Windows\System\snzhuZj.exe
  C:\Windows\System\snzhuZj.exe
  2⤵
  PID:6232
- C:\Windows\System\TmpZThJ.exe
  C:\Windows\System\TmpZThJ.exe
  2⤵
  PID:6260
- C:\Windows\System\QlJjNyL.exe
  C:\Windows\System\QlJjNyL.exe
  2⤵
  PID:6276
- C:\Windows\System\sEpggsV.exe
  C:\Windows\System\sEpggsV.exe
  2⤵
  PID:6296
- C:\Windows\System\uglxDAB.exe
  C:\Windows\System\uglxDAB.exe
  2⤵
  PID:6312
- C:\Windows\System\sbnFAeX.exe
  C:\Windows\System\sbnFAeX.exe
  2⤵
  PID:6348
- C:\Windows\System\LNyrrNz.exe
  C:\Windows\System\LNyrrNz.exe
  2⤵
  PID:6372
- C:\Windows\System\HJubAvJ.exe
  C:\Windows\System\HJubAvJ.exe
  2⤵
  PID:6388
- C:\Windows\System\FNjwZXY.exe
  C:\Windows\System\FNjwZXY.exe
  2⤵
  PID:6404
- C:\Windows\System\SeFeBUW.exe
  C:\Windows\System\SeFeBUW.exe
  2⤵
  PID:6424
- C:\Windows\System\VVsbthR.exe
  C:\Windows\System\VVsbthR.exe
  2⤵
  PID:6440
- C:\Windows\System\YTonXiC.exe
  C:\Windows\System\YTonXiC.exe
  2⤵
  PID:6456
- C:\Windows\System\oIOgOwT.exe
  C:\Windows\System\oIOgOwT.exe
  2⤵
  PID:6472
- C:\Windows\System\AjiBkDu.exe
  C:\Windows\System\AjiBkDu.exe
  2⤵
  PID:6500
- C:\Windows\System\XZzdWiB.exe
  C:\Windows\System\XZzdWiB.exe
  2⤵
  PID:6568
- C:\Windows\System\ganRwKV.exe
  C:\Windows\System\ganRwKV.exe
  2⤵
  PID:6584
- C:\Windows\System\CLsWlbL.exe
  C:\Windows\System\CLsWlbL.exe
  2⤵
  PID:6600
- C:\Windows\System\xwMRokp.exe
  C:\Windows\System\xwMRokp.exe
  2⤵
  PID:6616
- C:\Windows\System\MvZfZZu.exe
  C:\Windows\System\MvZfZZu.exe
  2⤵
  PID:6644
- C:\Windows\System\kFmAIyY.exe
  C:\Windows\System\kFmAIyY.exe
  2⤵
  PID:6676
- C:\Windows\System\qcoAkwi.exe
  C:\Windows\System\qcoAkwi.exe
  2⤵
  PID:6692
- C:\Windows\System\BbDPFmx.exe
  C:\Windows\System\BbDPFmx.exe
  2⤵
  PID:6712
- C:\Windows\System\yBRrkyZ.exe
  C:\Windows\System\yBRrkyZ.exe
  2⤵
  PID:6728
- C:\Windows\System\zGVkbRz.exe
  C:\Windows\System\zGVkbRz.exe
  2⤵
  PID:6744
- C:\Windows\System\LOcUxcO.exe
  C:\Windows\System\LOcUxcO.exe
  2⤵
  PID:6764
- C:\Windows\System\vjdVugN.exe
  C:\Windows\System\vjdVugN.exe
  2⤵
  PID:6780
- C:\Windows\System\sRSQOCh.exe
  C:\Windows\System\sRSQOCh.exe
  2⤵
  PID:6796
- C:\Windows\System\TxBVNAM.exe
  C:\Windows\System\TxBVNAM.exe
  2⤵
  PID:6824
- C:\Windows\System\JsegXps.exe
  C:\Windows\System\JsegXps.exe
  2⤵
  PID:6840
- C:\Windows\System\bYilVvU.exe
  C:\Windows\System\bYilVvU.exe
  2⤵
  PID:6860
- C:\Windows\System\XmGqPgs.exe
  C:\Windows\System\XmGqPgs.exe
  2⤵
  PID:6876
- C:\Windows\System\QKnJfco.exe
  C:\Windows\System\QKnJfco.exe
  2⤵
  PID:6912
- C:\Windows\System\GMWVHON.exe
  C:\Windows\System\GMWVHON.exe
  2⤵
  PID:6928
- C:\Windows\System\gEqtblg.exe
  C:\Windows\System\gEqtblg.exe
  2⤵
  PID:6948
- C:\Windows\System\cIUlNWu.exe
  C:\Windows\System\cIUlNWu.exe
  2⤵
  PID:6968
- C:\Windows\System\FRXvJHp.exe
  C:\Windows\System\FRXvJHp.exe
  2⤵
  PID:6996
- C:\Windows\System\NelrLgA.exe
  C:\Windows\System\NelrLgA.exe
  2⤵
  PID:7012
- C:\Windows\System\rijPelK.exe
  C:\Windows\System\rijPelK.exe
  2⤵
  PID:7028
- C:\Windows\System\DinKNlq.exe
  C:\Windows\System\DinKNlq.exe
  2⤵
  PID:7056
- C:\Windows\System\mZbhjXv.exe
  C:\Windows\System\mZbhjXv.exe
  2⤵
  PID:7072
- C:\Windows\System\bWaesah.exe
  C:\Windows\System\bWaesah.exe
  2⤵
  PID:7088
- C:\Windows\System\uEvpEbc.exe
  C:\Windows\System\uEvpEbc.exe
  2⤵
  PID:7104
- C:\Windows\System\LTxZvtj.exe
  C:\Windows\System\LTxZvtj.exe
  2⤵
  PID:7120
- C:\Windows\System\JdJDjEH.exe
  C:\Windows\System\JdJDjEH.exe
  2⤵
  PID:7136
- C:\Windows\System\bEvmfhw.exe
  C:\Windows\System\bEvmfhw.exe
  2⤵
  PID:7164
- C:\Windows\System\mRrFAyc.exe
  C:\Windows\System\mRrFAyc.exe
  2⤵
  PID:6188
- C:\Windows\System\gcXfwIw.exe
  C:\Windows\System\gcXfwIw.exe
  2⤵
  PID:1092
- C:\Windows\System\WVGuGZS.exe
  C:\Windows\System\WVGuGZS.exe
  2⤵
  PID:5648
- C:\Windows\System\WbmoISy.exe
  C:\Windows\System\WbmoISy.exe
  2⤵
  PID:5748
- C:\Windows\System\IyLqUaR.exe
  C:\Windows\System\IyLqUaR.exe
  2⤵
  PID:6172
- C:\Windows\System\XYQzRyh.exe
  C:\Windows\System\XYQzRyh.exe
  2⤵
  PID:5132
- C:\Windows\System\hZDuiTI.exe
  C:\Windows\System\hZDuiTI.exe
  2⤵
  PID:5448
- C:\Windows\System\sdEnUXH.exe
  C:\Windows\System\sdEnUXH.exe
  2⤵
  PID:2960
- C:\Windows\System\RQRDMSA.exe
  C:\Windows\System\RQRDMSA.exe
  2⤵
  PID:6248
- C:\Windows\System\GZFXFhN.exe
  C:\Windows\System\GZFXFhN.exe
  2⤵
  PID:5720
- C:\Windows\System\MBXaIIB.exe
  C:\Windows\System\MBXaIIB.exe
  2⤵
  PID:6292
- C:\Windows\System\JJInUYa.exe
  C:\Windows\System\JJInUYa.exe
  2⤵
  PID:6328
- C:\Windows\System\NaGDhsI.exe
  C:\Windows\System\NaGDhsI.exe
  2⤵
  PID:6332
- C:\Windows\System\iblzAHq.exe
  C:\Windows\System\iblzAHq.exe
  2⤵
  PID:6380
- C:\Windows\System\IgDttjZ.exe
  C:\Windows\System\IgDttjZ.exe
  2⤵
  PID:6420
- C:\Windows\System\LlyFHzS.exe
  C:\Windows\System\LlyFHzS.exe
  2⤵
  PID:6480
- C:\Windows\System\YZkqkPG.exe
  C:\Windows\System\YZkqkPG.exe
  2⤵
  PID:6464
- C:\Windows\System\hhAdXte.exe
  C:\Windows\System\hhAdXte.exe
  2⤵
  PID:6308
- C:\Windows\System\GFwRZxR.exe
  C:\Windows\System\GFwRZxR.exe
  2⤵
  PID:6520
- C:\Windows\System\jdbxeCd.exe
  C:\Windows\System\jdbxeCd.exe
  2⤵
  PID:6532
- C:\Windows\System\UuNzOzu.exe
  C:\Windows\System\UuNzOzu.exe
  2⤵
  PID:6580
- C:\Windows\System\bsVUGet.exe
  C:\Windows\System\bsVUGet.exe
  2⤵
  PID:6660
- C:\Windows\System\tolOimk.exe
  C:\Windows\System\tolOimk.exe
  2⤵
  PID:6668
- C:\Windows\System\RbXfexN.exe
  C:\Windows\System\RbXfexN.exe
  2⤵
  PID:6592
- C:\Windows\System\wntJTDu.exe
  C:\Windows\System\wntJTDu.exe
  2⤵
  PID:6672
- C:\Windows\System\uNvQyrM.exe
  C:\Windows\System\uNvQyrM.exe
  2⤵
  PID:6736
- C:\Windows\System\HjhOhAT.exe
  C:\Windows\System\HjhOhAT.exe
  2⤵
  PID:6804
- C:\Windows\System\zClVxLP.exe
  C:\Windows\System\zClVxLP.exe
  2⤵
  PID:6684
- C:\Windows\System\BuFXbJy.exe
  C:\Windows\System\BuFXbJy.exe
  2⤵
  PID:6872
- C:\Windows\System\mvzViDg.exe
  C:\Windows\System\mvzViDg.exe
  2⤵
  PID:6992
- C:\Windows\System\lxcSiiz.exe
  C:\Windows\System\lxcSiiz.exe
  2⤵
  PID:6924
- C:\Windows\System\UyKwKzL.exe
  C:\Windows\System\UyKwKzL.exe
  2⤵
  PID:7096
- C:\Windows\System\IdfgLFC.exe
  C:\Windows\System\IdfgLFC.exe
  2⤵
  PID:7008
- C:\Windows\System\FQDgzqr.exe
  C:\Windows\System\FQDgzqr.exe
  2⤵
  PID:7048
- C:\Windows\System\KeJNawb.exe
  C:\Windows\System\KeJNawb.exe
  2⤵
  PID:7144
- C:\Windows\System\zVIcAzG.exe
  C:\Windows\System\zVIcAzG.exe
  2⤵
  PID:7160
- C:\Windows\System\Nkmiggp.exe
  C:\Windows\System\Nkmiggp.exe
  2⤵
  PID:6196
- C:\Windows\System\LgFxPWB.exe
  C:\Windows\System\LgFxPWB.exe
  2⤵
  PID:6216
- C:\Windows\System\jdERdrN.exe
  C:\Windows\System\jdERdrN.exe
  2⤵
  PID:5628
- C:\Windows\System\bAXaOhc.exe
  C:\Windows\System\bAXaOhc.exe
  2⤵
  PID:6240
- C:\Windows\System\hZLLDrA.exe
  C:\Windows\System\hZLLDrA.exe
  2⤵
  PID:6344
- C:\Windows\System\WadWszW.exe
  C:\Windows\System\WadWszW.exe
  2⤵
  PID:6224
- C:\Windows\System\gBcrCJm.exe
  C:\Windows\System\gBcrCJm.exe
  2⤵
  PID:6528
- C:\Windows\System\eeKtCYN.exe
  C:\Windows\System\eeKtCYN.exe
  2⤵
  PID:6508
- C:\Windows\System\qPxOKVV.exe
  C:\Windows\System\qPxOKVV.exe
  2⤵
  PID:6552
- C:\Windows\System\TzaAYLF.exe
  C:\Windows\System\TzaAYLF.exe
  2⤵
  PID:6664
- C:\Windows\System\NPupKbi.exe
  C:\Windows\System\NPupKbi.exe
  2⤵
  PID:6776
- C:\Windows\System\ZbWcQwF.exe
  C:\Windows\System\ZbWcQwF.exe
  2⤵
  PID:6368
- C:\Windows\System\mtTBkCt.exe
  C:\Windows\System\mtTBkCt.exe
  2⤵
  PID:6612
- C:\Windows\System\pfaoRMn.exe
  C:\Windows\System\pfaoRMn.exe
  2⤵
  PID:6816
- C:\Windows\System\eDPziIW.exe
  C:\Windows\System\eDPziIW.exe
  2⤵
  PID:6320
- C:\Windows\System\ODNrdmA.exe
  C:\Windows\System\ODNrdmA.exe
  2⤵
  PID:6900
- C:\Windows\System\ibmmlra.exe
  C:\Windows\System\ibmmlra.exe
  2⤵
  PID:6908
- C:\Windows\System\KuerSeT.exe
  C:\Windows\System\KuerSeT.exe
  2⤵
  PID:6836
- C:\Windows\System\octqDiO.exe
  C:\Windows\System\octqDiO.exe
  2⤵
  PID:6868
- C:\Windows\System\lzjUVMV.exe
  C:\Windows\System\lzjUVMV.exe
  2⤵
  PID:7024
- C:\Windows\System\IsslaER.exe
  C:\Windows\System\IsslaER.exe
  2⤵
  PID:6956
- C:\Windows\System\tAUSves.exe
  C:\Windows\System\tAUSves.exe
  2⤵
  PID:6980
- C:\Windows\System\iEYNJxw.exe
  C:\Windows\System\iEYNJxw.exe
  2⤵
  PID:7116
- C:\Windows\System\waWuYSG.exe
  C:\Windows\System\waWuYSG.exe
  2⤵
  PID:7040
- C:\Windows\System\wsZAnxX.exe
  C:\Windows\System\wsZAnxX.exe
  2⤵
  PID:868
- C:\Windows\System\WWsxxee.exe
  C:\Windows\System\WWsxxee.exe
  2⤵
  PID:584
- C:\Windows\System\bFlArfd.exe
  C:\Windows\System\bFlArfd.exe
  2⤵
  PID:6452
- C:\Windows\System\WDVcwCE.exe
  C:\Windows\System\WDVcwCE.exe
  2⤵
  PID:2876
- C:\Windows\System\djVAyAz.exe
  C:\Windows\System\djVAyAz.exe
  2⤵
  PID:6772
- C:\Windows\System\BAqfaem.exe
  C:\Windows\System\BAqfaem.exe
  2⤵
  PID:6384
- C:\Windows\System\mUEFjCp.exe
  C:\Windows\System\mUEFjCp.exe
  2⤵
  PID:6896
- C:\Windows\System\EGKdlcS.exe
  C:\Windows\System\EGKdlcS.exe
  2⤵
  PID:6964
- C:\Windows\System\mIKePCT.exe
  C:\Windows\System\mIKePCT.exe
  2⤵
  PID:5920
- C:\Windows\System\dVGaHIG.exe
  C:\Windows\System\dVGaHIG.exe
  2⤵
  PID:6820
- C:\Windows\System\upKHiCT.exe
  C:\Windows\System\upKHiCT.exe
  2⤵
  PID:5804
- C:\Windows\System\rVTpRvK.exe
  C:\Windows\System\rVTpRvK.exe
  2⤵
  PID:6940
- C:\Windows\System\VYsFsuj.exe
  C:\Windows\System\VYsFsuj.exe
  2⤵
  PID:7100
- C:\Windows\System\PMhFAcj.exe
  C:\Windows\System\PMhFAcj.exe
  2⤵
  PID:7152
- C:\Windows\System\puduIpu.exe
  C:\Windows\System\puduIpu.exe
  2⤵
  PID:6356
- C:\Windows\System\mcLshNH.exe
  C:\Windows\System\mcLshNH.exe
  2⤵
  PID:7080
- C:\Windows\System\FjRxKCY.exe
  C:\Windows\System\FjRxKCY.exe
  2⤵
  PID:6564
- C:\Windows\System\SjwAEeq.exe
  C:\Windows\System\SjwAEeq.exe
  2⤵
  PID:6652
- C:\Windows\System\vgEncsQ.exe
  C:\Windows\System\vgEncsQ.exe
  2⤵
  PID:7148
- C:\Windows\System\rtteGUT.exe
  C:\Windows\System\rtteGUT.exe
  2⤵
  PID:272
- C:\Windows\System\GFuijjJ.exe
  C:\Windows\System\GFuijjJ.exe
  2⤵
  PID:6516
- C:\Windows\System\XqyAeWV.exe
  C:\Windows\System\XqyAeWV.exe
  2⤵
  PID:6272
- C:\Windows\System\dotHKsF.exe
  C:\Windows\System\dotHKsF.exe
  2⤵
  PID:6892
- C:\Windows\System\EWtxbMw.exe
  C:\Windows\System\EWtxbMw.exe
  2⤵
  PID:6640
- C:\Windows\System\vXRLzgx.exe
  C:\Windows\System\vXRLzgx.exe
  2⤵
  PID:7132
- C:\Windows\System\jGpenzE.exe
  C:\Windows\System\jGpenzE.exe
  2⤵
  PID:6432
- C:\Windows\System\XOodAaP.exe
  C:\Windows\System\XOodAaP.exe
  2⤵
  PID:6884
- C:\Windows\System\AKJDwQc.exe
  C:\Windows\System\AKJDwQc.exe
  2⤵
  PID:7172
- C:\Windows\System\uOJxttC.exe
  C:\Windows\System\uOJxttC.exe
  2⤵
  PID:7188
- C:\Windows\System\GLEOTMf.exe
  C:\Windows\System\GLEOTMf.exe
  2⤵
  PID:7204
- C:\Windows\System\oPZzEnf.exe
  C:\Windows\System\oPZzEnf.exe
  2⤵
  PID:7220
- C:\Windows\System\TGitMTD.exe
  C:\Windows\System\TGitMTD.exe
  2⤵
  PID:7236
- C:\Windows\System\cyhvrNM.exe
  C:\Windows\System\cyhvrNM.exe
  2⤵
  PID:7348
- C:\Windows\System\aIZOOKw.exe
  C:\Windows\System\aIZOOKw.exe
  2⤵
  PID:7424
- C:\Windows\System\HKQAEQF.exe
  C:\Windows\System\HKQAEQF.exe
  2⤵
  PID:7452
- C:\Windows\System\OpenYFq.exe
  C:\Windows\System\OpenYFq.exe
  2⤵
  PID:7468
- C:\Windows\System\lKibwwb.exe
  C:\Windows\System\lKibwwb.exe
  2⤵
  PID:7496
- C:\Windows\System\KIYhCoo.exe
  C:\Windows\System\KIYhCoo.exe
  2⤵
  PID:7528
- C:\Windows\System\HvfzeEg.exe
  C:\Windows\System\HvfzeEg.exe
  2⤵
  PID:7544
- C:\Windows\System\JiHGiXa.exe
  C:\Windows\System\JiHGiXa.exe
  2⤵
  PID:7560
- C:\Windows\System\setZmsN.exe
  C:\Windows\System\setZmsN.exe
  2⤵
  PID:7576
- C:\Windows\System\cNoodIo.exe
  C:\Windows\System\cNoodIo.exe
  2⤵
  PID:7592
- C:\Windows\System\TIdjCKf.exe
  C:\Windows\System\TIdjCKf.exe
  2⤵
  PID:7612
- C:\Windows\System\fqzTSld.exe
  C:\Windows\System\fqzTSld.exe
  2⤵
  PID:7628
- C:\Windows\System\GGWvttP.exe
  C:\Windows\System\GGWvttP.exe
  2⤵
  PID:7668
- C:\Windows\System\VbGIRiR.exe
  C:\Windows\System\VbGIRiR.exe
  2⤵
  PID:7684
- C:\Windows\System\SewTeID.exe
  C:\Windows\System\SewTeID.exe
  2⤵
  PID:7712
- C:\Windows\System\epDTDeR.exe
  C:\Windows\System\epDTDeR.exe
  2⤵
  PID:7732
- C:\Windows\System\qlNFcxQ.exe
  C:\Windows\System\qlNFcxQ.exe
  2⤵
  PID:7748
- C:\Windows\System\IcUMOYe.exe
  C:\Windows\System\IcUMOYe.exe
  2⤵
  PID:7764
- C:\Windows\System\NveSejl.exe
  C:\Windows\System\NveSejl.exe
  2⤵
  PID:7784
- C:\Windows\System\pvyabms.exe
  C:\Windows\System\pvyabms.exe
  2⤵
  PID:7804
- C:\Windows\System\YFVRvOC.exe
  C:\Windows\System\YFVRvOC.exe
  2⤵
  PID:7824
- C:\Windows\System\zMHIeOU.exe
  C:\Windows\System\zMHIeOU.exe
  2⤵
  PID:7840
- C:\Windows\System\TERISDa.exe
  C:\Windows\System\TERISDa.exe
  2⤵
  PID:7856
- C:\Windows\System\ISrqnGL.exe
  C:\Windows\System\ISrqnGL.exe
  2⤵
  PID:7872
- C:\Windows\System\geKmlfr.exe
  C:\Windows\System\geKmlfr.exe
  2⤵
  PID:7888
- C:\Windows\System\xEuUXMc.exe
  C:\Windows\System\xEuUXMc.exe
  2⤵
  PID:7908
- C:\Windows\System\tOKlpqs.exe
  C:\Windows\System\tOKlpqs.exe
  2⤵
  PID:7924
- C:\Windows\System\WZSLOLu.exe
  C:\Windows\System\WZSLOLu.exe
  2⤵
  PID:7940
- C:\Windows\System\CJvLKdt.exe
  C:\Windows\System\CJvLKdt.exe
  2⤵
  PID:7956
- C:\Windows\System\ywOorDI.exe
  C:\Windows\System\ywOorDI.exe
  2⤵
  PID:7972
- C:\Windows\System\rwODJqI.exe
  C:\Windows\System\rwODJqI.exe
  2⤵
  PID:7988
- C:\Windows\System\DuIrHDE.exe
  C:\Windows\System\DuIrHDE.exe
  2⤵
  PID:8004
- C:\Windows\System\PlogIXZ.exe
  C:\Windows\System\PlogIXZ.exe
  2⤵
  PID:8020
- C:\Windows\System\KhZZzga.exe
  C:\Windows\System\KhZZzga.exe
  2⤵
  PID:8036
- C:\Windows\System\GQsELIb.exe
  C:\Windows\System\GQsELIb.exe
  2⤵
  PID:8052
- C:\Windows\System\liEfutm.exe
  C:\Windows\System\liEfutm.exe
  2⤵
  PID:8128
- C:\Windows\System\IQJvvIL.exe
  C:\Windows\System\IQJvvIL.exe
  2⤵
  PID:8148
- C:\Windows\System\KlptuGS.exe
  C:\Windows\System\KlptuGS.exe
  2⤵
  PID:8176
- C:\Windows\System\AgyqCaL.exe
  C:\Windows\System\AgyqCaL.exe
  2⤵
  PID:804
- C:\Windows\System\zUAZZDK.exe
  C:\Windows\System\zUAZZDK.exe
  2⤵
  PID:6936
- C:\Windows\System\ksNkHCz.exe
  C:\Windows\System\ksNkHCz.exe
  2⤵
  PID:7228
- C:\Windows\System\otCstzb.exe
  C:\Windows\System\otCstzb.exe
  2⤵
  PID:6340
- C:\Windows\System\qbEizFr.exe
  C:\Windows\System\qbEizFr.exe
  2⤵
  PID:7256
- C:\Windows\System\lljAsXs.exe
  C:\Windows\System\lljAsXs.exe
  2⤵
  PID:952
- C:\Windows\System\rbiDUnS.exe
  C:\Windows\System\rbiDUnS.exe
  2⤵
  PID:7324
- C:\Windows\System\UYqGoYf.exe
  C:\Windows\System\UYqGoYf.exe
  2⤵
  PID:7340
- C:\Windows\System\iXPHluT.exe
  C:\Windows\System\iXPHluT.exe
  2⤵
  PID:7440
- C:\Windows\System\RXRaZwR.exe
  C:\Windows\System\RXRaZwR.exe
  2⤵
  PID:7484
- C:\Windows\System\AurtwYS.exe
  C:\Windows\System\AurtwYS.exe
  2⤵
  PID:7572
- C:\Windows\System\MRyWgiY.exe
  C:\Windows\System\MRyWgiY.exe
  2⤵
  PID:7636
- C:\Windows\System\gmLiSGf.exe
  C:\Windows\System\gmLiSGf.exe
  2⤵
  PID:7512
- C:\Windows\System\DWnxOrO.exe
  C:\Windows\System\DWnxOrO.exe
  2⤵
  PID:7376
- C:\Windows\System\zNGupEZ.exe
  C:\Windows\System\zNGupEZ.exe
  2⤵
  PID:7392
- C:\Windows\System\hUWlvTZ.exe
  C:\Windows\System\hUWlvTZ.exe
  2⤵
  PID:7404
- C:\Windows\System\YAqzNDr.exe
  C:\Windows\System\YAqzNDr.exe
  2⤵
  PID:7420
- C:\Windows\System\GWmybAz.exe
  C:\Windows\System\GWmybAz.exe
  2⤵
  PID:7656
- C:\Windows\System\HlBGGUE.exe
  C:\Windows\System\HlBGGUE.exe
  2⤵
  PID:7556
- C:\Windows\System\ivbnbtD.exe
  C:\Windows\System\ivbnbtD.exe
  2⤵
  PID:7696
- C:\Windows\System\yguZxzr.exe
  C:\Windows\System\yguZxzr.exe
  2⤵
  PID:7588
- C:\Windows\System\efQxrTe.exe
  C:\Windows\System\efQxrTe.exe
  2⤵
  PID:7744
- C:\Windows\System\RdDZKIj.exe
  C:\Windows\System\RdDZKIj.exe
  2⤵
  PID:7780
- C:\Windows\System\FpKLejp.exe
  C:\Windows\System\FpKLejp.exe
  2⤵
  PID:7848
- C:\Windows\System\QsBPhay.exe
  C:\Windows\System\QsBPhay.exe
  2⤵
  PID:7916
- C:\Windows\System\wdiaMpj.exe
  C:\Windows\System\wdiaMpj.exe
  2⤵
  PID:7980
- C:\Windows\System\esmsNox.exe
  C:\Windows\System\esmsNox.exe
  2⤵
  PID:8044
- C:\Windows\System\rBNICvw.exe
  C:\Windows\System\rBNICvw.exe
  2⤵
  PID:7832
- C:\Windows\System\rWCzCuX.exe
  C:\Windows\System\rWCzCuX.exe
  2⤵
  PID:8032
- C:\Windows\System\RCHwTLs.exe
  C:\Windows\System\RCHwTLs.exe
  2⤵
  PID:8084
- C:\Windows\System\wrMOesR.exe
  C:\Windows\System\wrMOesR.exe
  2⤵
  PID:8028
- C:\Windows\System\zeyYuiL.exe
  C:\Windows\System\zeyYuiL.exe
  2⤵
  PID:8072
- C:\Windows\System\HexYwEz.exe
  C:\Windows\System\HexYwEz.exe
  2⤵
  PID:7796
- C:\Windows\System\pmxVgxG.exe
  C:\Windows\System\pmxVgxG.exe
  2⤵
  PID:7936
- C:\Windows\System\UUhGJfT.exe
  C:\Windows\System\UUhGJfT.exe
  2⤵
  PID:8184
- C:\Windows\System\aBynaXf.exe
  C:\Windows\System\aBynaXf.exe
  2⤵
  PID:8160
- C:\Windows\System\NDkGKWd.exe
  C:\Windows\System\NDkGKWd.exe
  2⤵
  PID:8124
- C:\Windows\System\nRvSDtM.exe
  C:\Windows\System\nRvSDtM.exe
  2⤵
  PID:8104
- C:\Windows\System\lmfoDta.exe
  C:\Windows\System\lmfoDta.exe
  2⤵
  PID:7212
- C:\Windows\System\wmjPsNW.exe
  C:\Windows\System\wmjPsNW.exe
  2⤵
  PID:7232
- C:\Windows\System\KcpiMui.exe
  C:\Windows\System\KcpiMui.exe
  2⤵
  PID:7504
- C:\Windows\System\orCxbFl.exe
  C:\Windows\System\orCxbFl.exe
  2⤵
  PID:7244
- C:\Windows\System\ltnmfIF.exe
  C:\Windows\System\ltnmfIF.exe
  2⤵
  PID:7412
- C:\Windows\System\GcNgQff.exe
  C:\Windows\System\GcNgQff.exe
  2⤵
  PID:7584
- C:\Windows\System\jPknaHR.exe
  C:\Windows\System\jPknaHR.exe
  2⤵
  PID:7708
- C:\Windows\System\EhcHMnX.exe
  C:\Windows\System\EhcHMnX.exe
  2⤵
  PID:6496
- C:\Windows\System\ngzBdUc.exe
  C:\Windows\System\ngzBdUc.exe
  2⤵
  PID:7196
- C:\Windows\System\hfdrvsQ.exe
  C:\Windows\System\hfdrvsQ.exe
  2⤵
  PID:8012
- C:\Windows\System\jbmrgxK.exe
  C:\Windows\System\jbmrgxK.exe
  2⤵
  PID:8100
- C:\Windows\System\bcrUZsO.exe
  C:\Windows\System\bcrUZsO.exe
  2⤵
  PID:8060
- C:\Windows\System\xejgjrj.exe
  C:\Windows\System\xejgjrj.exe
  2⤵
  PID:7320
- C:\Windows\System\SEuCLqK.exe
  C:\Windows\System\SEuCLqK.exe
  2⤵
  PID:2624
- C:\Windows\System\HnxcqEO.exe
  C:\Windows\System\HnxcqEO.exe
  2⤵
  PID:7332
- C:\Windows\System\qIxBbBI.exe
  C:\Windows\System\qIxBbBI.exe
  2⤵
  PID:7368
- C:\Windows\System\WSFyeTK.exe
  C:\Windows\System\WSFyeTK.exe
  2⤵
  PID:7896
- C:\Windows\System\fBhMYmE.exe
  C:\Windows\System\fBhMYmE.exe
  2⤵
  PID:8092
- C:\Windows\System\GGlzHaa.exe
  C:\Windows\System\GGlzHaa.exe
  2⤵
  PID:7648
- C:\Windows\System\bVZMKCH.exe
  C:\Windows\System\bVZMKCH.exe
  2⤵
  PID:7372
- C:\Windows\System\tYPTDsJ.exe
  C:\Windows\System\tYPTDsJ.exe
  2⤵
  PID:8080
- C:\Windows\System\kPZxBvD.exe
  C:\Windows\System\kPZxBvD.exe
  2⤵
  PID:8140
- C:\Windows\System\LVddjdu.exe
  C:\Windows\System\LVddjdu.exe
  2⤵
  PID:7820
- C:\Windows\System\XLLNuMn.exe
  C:\Windows\System\XLLNuMn.exe
  2⤵
  PID:7252
- C:\Windows\System\efAyIhL.exe
  C:\Windows\System\efAyIhL.exe
  2⤵
  PID:7384
- C:\Windows\System\fDZlLKt.exe
  C:\Windows\System\fDZlLKt.exe
  2⤵
  PID:7704
- C:\Windows\System\bRVZCJk.exe
  C:\Windows\System\bRVZCJk.exe
  2⤵
  PID:7996
- C:\Windows\System\wKBuRMT.exe
  C:\Windows\System\wKBuRMT.exe
  2⤵
  PID:8108
- C:\Windows\System\dJdAVoj.exe
  C:\Windows\System\dJdAVoj.exe
  2⤵
  PID:7652
- C:\Windows\System\GhhzKSR.exe
  C:\Windows\System\GhhzKSR.exe
  2⤵
  PID:7968
- C:\Windows\System\SNBUrCQ.exe
  C:\Windows\System\SNBUrCQ.exe
  2⤵
  PID:7536
- C:\Windows\System\zDAuESt.exe
  C:\Windows\System\zDAuESt.exe
  2⤵
  PID:7436
- C:\Windows\System\PRLxnVu.exe
  C:\Windows\System\PRLxnVu.exe
  2⤵
  PID:7608
- C:\Windows\System\dhIQCGu.exe
  C:\Windows\System\dhIQCGu.exe
  2⤵
  PID:7388
- C:\Windows\System\zCaDEaS.exe
  C:\Windows\System\zCaDEaS.exe
  2⤵
  PID:7216
- C:\Windows\System\mNCMxvU.exe
  C:\Windows\System\mNCMxvU.exe
  2⤵
  PID:8000
- C:\Windows\System\TyzAQkP.exe
  C:\Windows\System\TyzAQkP.exe
  2⤵
  PID:7756
- C:\Windows\System\TjDsfjB.exe
  C:\Windows\System\TjDsfjB.exe
  2⤵
  PID:7604
- C:\Windows\System\uoFVfuD.exe
  C:\Windows\System\uoFVfuD.exe
  2⤵
  PID:8196
- C:\Windows\System\WgbybWj.exe
  C:\Windows\System\WgbybWj.exe
  2⤵
  PID:8212
- C:\Windows\System\RrhmnOt.exe
  C:\Windows\System\RrhmnOt.exe
  2⤵
  PID:8228
- C:\Windows\System\WUKtKSh.exe
  C:\Windows\System\WUKtKSh.exe
  2⤵
  PID:8248
- C:\Windows\System\yyVtqJP.exe
  C:\Windows\System\yyVtqJP.exe
  2⤵
  PID:8264
- C:\Windows\System\CCiiPIn.exe
  C:\Windows\System\CCiiPIn.exe
  2⤵
  PID:8280
- C:\Windows\System\yQXjjXt.exe
  C:\Windows\System\yQXjjXt.exe
  2⤵
  PID:8296
- C:\Windows\System\pXDFoIP.exe
  C:\Windows\System\pXDFoIP.exe
  2⤵
  PID:8312
- C:\Windows\System\osbYGNo.exe
  C:\Windows\System\osbYGNo.exe
  2⤵
  PID:8328
- C:\Windows\System\AZMSXhK.exe
  C:\Windows\System\AZMSXhK.exe
  2⤵
  PID:8344
- C:\Windows\System\CTZRchY.exe
  C:\Windows\System\CTZRchY.exe
  2⤵
  PID:8360
- C:\Windows\System\LZBnGKN.exe
  C:\Windows\System\LZBnGKN.exe
  2⤵
  PID:8376
- C:\Windows\System\niisvzo.exe
  C:\Windows\System\niisvzo.exe
  2⤵
  PID:8392
- C:\Windows\System\jswrbEI.exe
  C:\Windows\System\jswrbEI.exe
  2⤵
  PID:8408
- C:\Windows\System\oTQwtuF.exe
  C:\Windows\System\oTQwtuF.exe
  2⤵
  PID:8424
- C:\Windows\System\pkYKBot.exe
  C:\Windows\System\pkYKBot.exe
  2⤵
  PID:8440
- C:\Windows\System\phKqTOr.exe
  C:\Windows\System\phKqTOr.exe
  2⤵
  PID:8456
- C:\Windows\System\PLULgDA.exe
  C:\Windows\System\PLULgDA.exe
  2⤵
  PID:8472
- C:\Windows\System\IGEJfas.exe
  C:\Windows\System\IGEJfas.exe
  2⤵
  PID:8488
- C:\Windows\System\rkERAcZ.exe
  C:\Windows\System\rkERAcZ.exe
  2⤵
  PID:8504
- C:\Windows\System\wyFGnXC.exe
  C:\Windows\System\wyFGnXC.exe
  2⤵
  PID:8520
- C:\Windows\System\ulVIGoP.exe
  C:\Windows\System\ulVIGoP.exe
  2⤵
  PID:8536
- C:\Windows\System\rPSxGZT.exe
  C:\Windows\System\rPSxGZT.exe
  2⤵
  PID:8552
- C:\Windows\System\TMedHAs.exe
  C:\Windows\System\TMedHAs.exe
  2⤵
  PID:8576
- C:\Windows\System\toDsCoE.exe
  C:\Windows\System\toDsCoE.exe
  2⤵
  PID:8600
- C:\Windows\System\nqcyGPu.exe
  C:\Windows\System\nqcyGPu.exe
  2⤵
  PID:8616
- C:\Windows\System\xeLIMCz.exe
  C:\Windows\System\xeLIMCz.exe
  2⤵
  PID:8632
- C:\Windows\System\jKJFpDK.exe
  C:\Windows\System\jKJFpDK.exe
  2⤵
  PID:8652
- C:\Windows\System\HXGTEot.exe
  C:\Windows\System\HXGTEot.exe
  2⤵
  PID:8668
- C:\Windows\System\HAQHnmu.exe
  C:\Windows\System\HAQHnmu.exe
  2⤵
  PID:8684
- C:\Windows\System\YhEVfKN.exe
  C:\Windows\System\YhEVfKN.exe
  2⤵
  PID:8700
- C:\Windows\System\qLtMhne.exe
  C:\Windows\System\qLtMhne.exe
  2⤵
  PID:8720
- C:\Windows\System\qWtIZCV.exe
  C:\Windows\System\qWtIZCV.exe
  2⤵
  PID:8736
- C:\Windows\System\XzJprvz.exe
  C:\Windows\System\XzJprvz.exe
  2⤵
  PID:8752
- C:\Windows\System\IyfZjqv.exe
  C:\Windows\System\IyfZjqv.exe
  2⤵
  PID:8768
- C:\Windows\System\mfDszxz.exe
  C:\Windows\System\mfDszxz.exe
  2⤵
  PID:8784
- C:\Windows\System\bblAMLz.exe
  C:\Windows\System\bblAMLz.exe
  2⤵
  PID:8800
- C:\Windows\System\wYCjHTe.exe
  C:\Windows\System\wYCjHTe.exe
  2⤵
  PID:8816
- C:\Windows\System\aANnWWl.exe
  C:\Windows\System\aANnWWl.exe
  2⤵
  PID:8832
- C:\Windows\System\scTIfuE.exe
  C:\Windows\System\scTIfuE.exe
  2⤵
  PID:8848
- C:\Windows\System\YwjzaWl.exe
  C:\Windows\System\YwjzaWl.exe
  2⤵
  PID:8864
- C:\Windows\System\lhRkvqa.exe
  C:\Windows\System\lhRkvqa.exe
  2⤵
  PID:8880
- C:\Windows\System\MhCMtKf.exe
  C:\Windows\System\MhCMtKf.exe
  2⤵
  PID:8896
- C:\Windows\System\bfYWPlR.exe
  C:\Windows\System\bfYWPlR.exe
  2⤵
  PID:8912
- C:\Windows\System\Ksgiihb.exe
  C:\Windows\System\Ksgiihb.exe
  2⤵
  PID:8928
- C:\Windows\System\VbMpdNq.exe
  C:\Windows\System\VbMpdNq.exe
  2⤵
  PID:8944
- C:\Windows\System\OrnIPQA.exe
  C:\Windows\System\OrnIPQA.exe
  2⤵
  PID:8960
- C:\Windows\System\fMYFKDk.exe
  C:\Windows\System\fMYFKDk.exe
  2⤵
  PID:8976
- C:\Windows\System\VCROHTJ.exe
  C:\Windows\System\VCROHTJ.exe
  2⤵
  PID:8992
- C:\Windows\System\NJvtwez.exe
  C:\Windows\System\NJvtwez.exe
  2⤵
  PID:9012
- C:\Windows\System\lmWlBDw.exe
  C:\Windows\System\lmWlBDw.exe
  2⤵
  PID:9028
- C:\Windows\System\bytXiAy.exe
  C:\Windows\System\bytXiAy.exe
  2⤵
  PID:9044
- C:\Windows\System\FwpXdso.exe
  C:\Windows\System\FwpXdso.exe
  2⤵
  PID:9060
- C:\Windows\System\qWpWcpg.exe
  C:\Windows\System\qWpWcpg.exe
  2⤵
  PID:9076
- C:\Windows\System\qrWGNqk.exe
  C:\Windows\System\qrWGNqk.exe
  2⤵
  PID:9092
- C:\Windows\System\tsfGfLU.exe
  C:\Windows\System\tsfGfLU.exe
  2⤵
  PID:9108
- C:\Windows\System\ZSpWScl.exe
  C:\Windows\System\ZSpWScl.exe
  2⤵
  PID:9124
- C:\Windows\System\IapCywo.exe
  C:\Windows\System\IapCywo.exe
  2⤵
  PID:9140
- C:\Windows\System\QSaEakj.exe
  C:\Windows\System\QSaEakj.exe
  2⤵
  PID:9156
- C:\Windows\System\BYyxNnH.exe
  C:\Windows\System\BYyxNnH.exe
  2⤵
  PID:9176
- C:\Windows\System\fxZVstj.exe
  C:\Windows\System\fxZVstj.exe
  2⤵
  PID:9192
- C:\Windows\System\YFFyQYn.exe
  C:\Windows\System\YFFyQYn.exe
  2⤵
  PID:9212
- C:\Windows\System\GujsREK.exe
  C:\Windows\System\GujsREK.exe
  2⤵
  PID:8220
- C:\Windows\System\wkqaiqA.exe
  C:\Windows\System\wkqaiqA.exe
  2⤵
  PID:7884
- C:\Windows\System\qYaQNuc.exe
  C:\Windows\System\qYaQNuc.exe
  2⤵
  PID:7480
- C:\Windows\System\lzzaCMD.exe
  C:\Windows\System\lzzaCMD.exe
  2⤵
  PID:7624
- C:\Windows\System\wtWXtpC.exe
  C:\Windows\System\wtWXtpC.exe
  2⤵
  PID:8208
- C:\Windows\System\DMufCdz.exe
  C:\Windows\System\DMufCdz.exe
  2⤵
  PID:8260
- C:\Windows\System\wYXRFqu.exe
  C:\Windows\System\wYXRFqu.exe
  2⤵
  PID:8324
- C:\Windows\System\MIMLWaU.exe
  C:\Windows\System\MIMLWaU.exe
  2⤵
  PID:8388
- C:\Windows\System\tURiBig.exe
  C:\Windows\System\tURiBig.exe
  2⤵
  PID:8240
- C:\Windows\System\bLCXjgs.exe
  C:\Windows\System\bLCXjgs.exe
  2⤵
  PID:8308
- C:\Windows\System\vYGzjEe.exe
  C:\Windows\System\vYGzjEe.exe
  2⤵
  PID:8336
- C:\Windows\System\uYxMhKB.exe
  C:\Windows\System\uYxMhKB.exe
  2⤵
  PID:8432
- C:\Windows\System\dktOhPp.exe
  C:\Windows\System\dktOhPp.exe
  2⤵
  PID:8512
- C:\Windows\System\ORpMDhk.exe
  C:\Windows\System\ORpMDhk.exe
  2⤵
  PID:8496
- C:\Windows\System\iJcwTAM.exe
  C:\Windows\System\iJcwTAM.exe
  2⤵
  PID:8548
- C:\Windows\System\wBVsloJ.exe
  C:\Windows\System\wBVsloJ.exe
  2⤵
  PID:8588
- C:\Windows\System\FDGCWYr.exe
  C:\Windows\System\FDGCWYr.exe
  2⤵
  PID:8564
- C:\Windows\System\GjuZEHP.exe
  C:\Windows\System\GjuZEHP.exe
  2⤵
  PID:8628
- C:\Windows\System\wUpRFby.exe
  C:\Windows\System\wUpRFby.exe
  2⤵
  PID:8648
- C:\Windows\System\JdjIXPn.exe
  C:\Windows\System\JdjIXPn.exe
  2⤵
  PID:8696
- C:\Windows\System\GkDpwcH.exe
  C:\Windows\System\GkDpwcH.exe
  2⤵
  PID:8716
- C:\Windows\System\rIOsMwi.exe
  C:\Windows\System\rIOsMwi.exe
  2⤵
  PID:8764
- C:\Windows\System\rnxzUtK.exe
  C:\Windows\System\rnxzUtK.exe
  2⤵
  PID:8712
- C:\Windows\System\eLYObYV.exe
  C:\Windows\System\eLYObYV.exe
  2⤵
  PID:8888
- C:\Windows\System\eAXydOG.exe
  C:\Windows\System\eAXydOG.exe
  2⤵
  PID:8952
- C:\Windows\System\MfFAURh.exe
  C:\Windows\System\MfFAURh.exe
  2⤵
  PID:8872
- C:\Windows\System\iNrutSw.exe
  C:\Windows\System\iNrutSw.exe
  2⤵
  PID:9056
- C:\Windows\System\vfaVXNi.exe
  C:\Windows\System\vfaVXNi.exe
  2⤵
  PID:8744
- C:\Windows\System\zpqtBMH.exe
  C:\Windows\System\zpqtBMH.exe
  2⤵
  PID:8812
- C:\Windows\System\JPQpTDt.exe
  C:\Windows\System\JPQpTDt.exe
  2⤵
  PID:8908
- C:\Windows\System\vrAWlYl.exe
  C:\Windows\System\vrAWlYl.exe
  2⤵
  PID:9000
- C:\Windows\System\IwcBCDj.exe
  C:\Windows\System\IwcBCDj.exe
  2⤵
  PID:8840
- C:\Windows\System\qiPrKjk.exe
  C:\Windows\System\qiPrKjk.exe
  2⤵
  PID:9068
- C:\Windows\System\sdYAeok.exe
  C:\Windows\System\sdYAeok.exe
  2⤵
  PID:9148
- C:\Windows\System\aNdJJxW.exe
  C:\Windows\System\aNdJJxW.exe
  2⤵
  PID:9188
- C:\Windows\System\aPspbXn.exe
  C:\Windows\System\aPspbXn.exe
  2⤵
  PID:9164
- C:\Windows\System\afKylKi.exe
  C:\Windows\System\afKylKi.exe
  2⤵
  PID:9204
- C:\Windows\System\XDmictE.exe
  C:\Windows\System\XDmictE.exe
  2⤵
  PID:7664
- C:\Windows\System\vUYfFAY.exe
  C:\Windows\System\vUYfFAY.exe
  2⤵
  PID:8304
- C:\Windows\System\SYMOMoP.exe
  C:\Windows\System\SYMOMoP.exe
  2⤵
  PID:8400
- C:\Windows\System\jHzZDHS.exe
  C:\Windows\System\jHzZDHS.exe
  2⤵
  PID:8856
- C:\Windows\System\cvoyzjz.exe
  C:\Windows\System\cvoyzjz.exe
  2⤵
  PID:8732
- C:\Windows\System\NDvvDqZ.exe
  C:\Windows\System\NDvvDqZ.exe
  2⤵
  PID:9052
- C:\Windows\System\Faqione.exe
  C:\Windows\System\Faqione.exe
  2⤵
  PID:8972
- C:\Windows\System\HXtLEiN.exe
  C:\Windows\System\HXtLEiN.exe
  2⤵
  PID:9116
- C:\Windows\System\HnkfXKG.exe
  C:\Windows\System\HnkfXKG.exe
  2⤵
  PID:8808
- C:\Windows\System\FzwCvob.exe
  C:\Windows\System\FzwCvob.exe
  2⤵
  PID:9132
- C:\Windows\System\MoOSriZ.exe
  C:\Windows\System\MoOSriZ.exe
  2⤵
  PID:7364
- C:\Windows\System\UYYTdjF.exe
  C:\Windows\System\UYYTdjF.exe
  2⤵
  PID:8244
- C:\Windows\System\NsdtDMO.exe
  C:\Windows\System\NsdtDMO.exe
  2⤵
  PID:8356
- C:\Windows\System\OCrTOTW.exe
  C:\Windows\System\OCrTOTW.exe
  2⤵
  PID:8236
- C:\Windows\System\ycTHQTB.exe
  C:\Windows\System\ycTHQTB.exe
  2⤵
  PID:8420
- C:\Windows\System\SoLIeKp.exe
  C:\Windows\System\SoLIeKp.exe
  2⤵
  PID:8796
- C:\Windows\System\reDATWG.exe
  C:\Windows\System\reDATWG.exe
  2⤵
  PID:8924
- C:\Windows\System\zbFCwda.exe
  C:\Windows\System\zbFCwda.exe
  2⤵
  PID:2280
- C:\Windows\System\CqDHnvO.exe
  C:\Windows\System\CqDHnvO.exe
  2⤵
  PID:9040
- C:\Windows\System\eanWKyJ.exe
  C:\Windows\System\eanWKyJ.exe
  2⤵
  PID:9120
- C:\Windows\System\lBXhXVz.exe
  C:\Windows\System\lBXhXVz.exe
  2⤵
  PID:9200
- C:\Windows\System\BXbUiar.exe
  C:\Windows\System\BXbUiar.exe
  2⤵
  PID:8292
- C:\Windows\System\CyrQVKx.exe
  C:\Windows\System\CyrQVKx.exe
  2⤵
  PID:8320
- C:\Windows\System\Deoehxg.exe
  C:\Windows\System\Deoehxg.exe
  2⤵
  PID:9008
- C:\Windows\System\ZPZgGgL.exe
  C:\Windows\System\ZPZgGgL.exe
  2⤵
  PID:8676
- C:\Windows\System\vGxlrrH.exe
  C:\Windows\System\vGxlrrH.exe
  2⤵
  PID:8608
- C:\Windows\System\odzEwmH.exe
  C:\Windows\System\odzEwmH.exe
  2⤵
  PID:8480
- C:\Windows\System\EwIeFvs.exe
  C:\Windows\System\EwIeFvs.exe
  2⤵
  PID:8708
- C:\Windows\System\yQXpZFT.exe
  C:\Windows\System\yQXpZFT.exe
  2⤵
  PID:7724
- C:\Windows\System\LUdPVQd.exe
  C:\Windows\System\LUdPVQd.exe
  2⤵
  PID:8692
- C:\Windows\System\LffXjQa.exe
  C:\Windows\System\LffXjQa.exe
  2⤵
  PID:8464
- C:\Windows\System\mGKTfxf.exe
  C:\Windows\System\mGKTfxf.exe
  2⤵
  PID:8448
- C:\Windows\System\odTjwyY.exe
  C:\Windows\System\odTjwyY.exe
  2⤵
  PID:8560
- C:\Windows\System\RIzzFTM.exe
  C:\Windows\System\RIzzFTM.exe
  2⤵
  PID:8596
- C:\Windows\System\zqhQllh.exe
  C:\Windows\System\zqhQllh.exe
  2⤵
  PID:2292
- C:\Windows\System\HNDCETe.exe
  C:\Windows\System\HNDCETe.exe
  2⤵
  PID:8644
- C:\Windows\System\uJwtXiu.exe
  C:\Windows\System\uJwtXiu.exe
  2⤵
  PID:9220
- C:\Windows\System\bPrXvIU.exe
  C:\Windows\System\bPrXvIU.exe
  2⤵
  PID:9236
- C:\Windows\System\vIuBJOa.exe
  C:\Windows\System\vIuBJOa.exe
  2⤵
  PID:9256
- C:\Windows\System\lQfiVJQ.exe
  C:\Windows\System\lQfiVJQ.exe
  2⤵
  PID:9276
- C:\Windows\System\QfFfjuG.exe
  C:\Windows\System\QfFfjuG.exe
  2⤵
  PID:9296
- C:\Windows\System\tRmFBEv.exe
  C:\Windows\System\tRmFBEv.exe
  2⤵
  PID:9312
- C:\Windows\System\GqNFLBb.exe
  C:\Windows\System\GqNFLBb.exe
  2⤵
  PID:9344
- C:\Windows\System\OgdKEIv.exe
  C:\Windows\System\OgdKEIv.exe
  2⤵
  PID:9360
- C:\Windows\System\UhjfybF.exe
  C:\Windows\System\UhjfybF.exe
  2⤵
  PID:9380
- C:\Windows\System\FxblVFT.exe
  C:\Windows\System\FxblVFT.exe
  2⤵
  PID:9400
- C:\Windows\System\qRNTPJk.exe
  C:\Windows\System\qRNTPJk.exe
  2⤵
  PID:9416
- C:\Windows\System\GGtgYou.exe
  C:\Windows\System\GGtgYou.exe
  2⤵
  PID:9436
- C:\Windows\System\LsyCmzu.exe
  C:\Windows\System\LsyCmzu.exe
  2⤵
  PID:9460
- C:\Windows\System\Hxlpmye.exe
  C:\Windows\System\Hxlpmye.exe
  2⤵
  PID:9484
- C:\Windows\System\iQdVsZb.exe
  C:\Windows\System\iQdVsZb.exe
  2⤵
  PID:9504
- C:\Windows\System\cBAGVuY.exe
  C:\Windows\System\cBAGVuY.exe
  2⤵
  PID:9524
- C:\Windows\System\wYqbEwy.exe
  C:\Windows\System\wYqbEwy.exe
  2⤵
  PID:9544
- C:\Windows\System\tYnVEJk.exe
  C:\Windows\System\tYnVEJk.exe
  2⤵
  PID:9560
- C:\Windows\System\CZcDJiZ.exe
  C:\Windows\System\CZcDJiZ.exe
  2⤵
  PID:9588
- C:\Windows\System\zGHNSTN.exe
  C:\Windows\System\zGHNSTN.exe
  2⤵
  PID:9608
- C:\Windows\System\jBjjbEO.exe
  C:\Windows\System\jBjjbEO.exe
  2⤵
  PID:9624
- C:\Windows\System\HtGXwkl.exe
  C:\Windows\System\HtGXwkl.exe
  2⤵
  PID:9644
- C:\Windows\System\fIkrJpZ.exe
  C:\Windows\System\fIkrJpZ.exe
  2⤵
  PID:9664
- C:\Windows\System\QVqeKvq.exe
  C:\Windows\System\QVqeKvq.exe
  2⤵
  PID:9684
- C:\Windows\System\ffZwCWM.exe
  C:\Windows\System\ffZwCWM.exe
  2⤵
  PID:9708
- C:\Windows\System\VSUXvdI.exe
  C:\Windows\System\VSUXvdI.exe
  2⤵
  PID:9724
- C:\Windows\System\MkTUgFh.exe
  C:\Windows\System\MkTUgFh.exe
  2⤵
  PID:9744
- C:\Windows\System\GgLiGjy.exe
  C:\Windows\System\GgLiGjy.exe
  2⤵
  PID:9760
- C:\Windows\System\DBmznwY.exe
  C:\Windows\System\DBmznwY.exe
  2⤵
  PID:9780
- C:\Windows\System\TDUEUYj.exe
  C:\Windows\System\TDUEUYj.exe
  2⤵
  PID:9796
- C:\Windows\System\iMwxpRd.exe
  C:\Windows\System\iMwxpRd.exe
  2⤵
  PID:9816
- C:\Windows\System\DzettgB.exe
  C:\Windows\System\DzettgB.exe
  2⤵
  PID:9844
- C:\Windows\System\eVXQqhL.exe
  C:\Windows\System\eVXQqhL.exe
  2⤵
  PID:9860
- C:\Windows\System\FleWrGu.exe
  C:\Windows\System\FleWrGu.exe
  2⤵
  PID:9880
- C:\Windows\System\kNjRmyN.exe
  C:\Windows\System\kNjRmyN.exe
  2⤵
  PID:9896
- C:\Windows\System\IFjdSYU.exe
  C:\Windows\System\IFjdSYU.exe
  2⤵
  PID:9932
- C:\Windows\System\LzAZGDt.exe
  C:\Windows\System\LzAZGDt.exe
  2⤵
  PID:9952
- C:\Windows\System\PkBVtFB.exe
  C:\Windows\System\PkBVtFB.exe
  2⤵
  PID:9968
- C:\Windows\System\toDPlDy.exe
  C:\Windows\System\toDPlDy.exe
  2⤵
  PID:9984
- C:\Windows\System\FytYQZl.exe
  C:\Windows\System\FytYQZl.exe
  2⤵
  PID:10000
- C:\Windows\System\bYUKnaN.exe
  C:\Windows\System\bYUKnaN.exe
  2⤵
  PID:10028
- C:\Windows\System\fFEJcjq.exe
  C:\Windows\System\fFEJcjq.exe
  2⤵
  PID:10044
- C:\Windows\System\zgZPpEq.exe
  C:\Windows\System\zgZPpEq.exe
  2⤵
  PID:10060
- C:\Windows\System\BuakKar.exe
  C:\Windows\System\BuakKar.exe
  2⤵
  PID:10084
- C:\Windows\System\iXcOZfB.exe
  C:\Windows\System\iXcOZfB.exe
  2⤵
  PID:10112
- C:\Windows\System\MQWEumG.exe
  C:\Windows\System\MQWEumG.exe
  2⤵
  PID:10136
- C:\Windows\System\XpsUSTt.exe
  C:\Windows\System\XpsUSTt.exe
  2⤵
  PID:10152
- C:\Windows\System\OCpdtqQ.exe
  C:\Windows\System\OCpdtqQ.exe
  2⤵
  PID:10168
- C:\Windows\System\AyWcvRH.exe
  C:\Windows\System\AyWcvRH.exe
  2⤵
  PID:10196
- C:\Windows\System\fKTrMmO.exe
  C:\Windows\System\fKTrMmO.exe
  2⤵
  PID:10216
- C:\Windows\System\KjJYOGe.exe
  C:\Windows\System\KjJYOGe.exe
  2⤵
  PID:10236
- C:\Windows\System\PBpJPKu.exe
  C:\Windows\System\PBpJPKu.exe
  2⤵
  PID:9268
- C:\Windows\System\BIVJNje.exe
  C:\Windows\System\BIVJNje.exe
  2⤵
  PID:9248
- C:\Windows\System\uouEeky.exe
  C:\Windows\System\uouEeky.exe
  2⤵
  PID:9308
- C:\Windows\System\pgLaGpH.exe
  C:\Windows\System\pgLaGpH.exe
  2⤵
  PID:9324
- C:\Windows\System\OfNfShx.exe
  C:\Windows\System\OfNfShx.exe
  2⤵
  PID:9356
- C:\Windows\System\SrYbLSP.exe
  C:\Windows\System\SrYbLSP.exe
  2⤵
  PID:9392
- C:\Windows\System\Tvmzujr.exe
  C:\Windows\System\Tvmzujr.exe
  2⤵
  PID:9424
- C:\Windows\System\hlJbSZk.exe
  C:\Windows\System\hlJbSZk.exe
  2⤵
  PID:9452
- C:\Windows\System\UOBHszu.exe
  C:\Windows\System\UOBHszu.exe
  2⤵
  PID:9480
- C:\Windows\System\QoptYrf.exe
  C:\Windows\System\QoptYrf.exe
  2⤵
  PID:9492
- C:\Windows\System\fFTzKSc.exe
  C:\Windows\System\fFTzKSc.exe
  2⤵
  PID:9532
- C:\Windows\System\gmMZLVH.exe
  C:\Windows\System\gmMZLVH.exe
  2⤵
  PID:9576
- C:\Windows\System\lEiKCYz.exe
  C:\Windows\System\lEiKCYz.exe
  2⤵
  PID:9616
- C:\Windows\System\WXJzioI.exe
  C:\Windows\System\WXJzioI.exe
  2⤵
  PID:9652
- C:\Windows\System\VlIKjtD.exe
  C:\Windows\System\VlIKjtD.exe
  2⤵
  PID:9692
- C:\Windows\System\PtjTTpC.exe
  C:\Windows\System\PtjTTpC.exe
  2⤵
  PID:9720
- C:\Windows\System\TDxPyhz.exe
  C:\Windows\System\TDxPyhz.exe
  2⤵
  PID:9752
- C:\Windows\System\NiBJAmv.exe
  C:\Windows\System\NiBJAmv.exe
  2⤵
  PID:9828
- C:\Windows\System\naddIvs.exe
  C:\Windows\System\naddIvs.exe
  2⤵
  PID:9812
- C:\Windows\System\iWrzdUi.exe
  C:\Windows\System\iWrzdUi.exe
  2⤵
  PID:9904
- C:\Windows\System\DPQQNkX.exe
  C:\Windows\System\DPQQNkX.exe
  2⤵
  PID:9804
- C:\Windows\System\XFGVdIU.exe
  C:\Windows\System\XFGVdIU.exe
  2⤵
  PID:9892
- C:\Windows\System\oqTsasY.exe
  C:\Windows\System\oqTsasY.exe
  2⤵
  PID:9940
- C:\Windows\System\PeFMBDo.exe
  C:\Windows\System\PeFMBDo.exe
  2⤵
  PID:9964
- C:\Windows\System\XjNUoUH.exe
  C:\Windows\System\XjNUoUH.exe
  2⤵
  PID:10016
- C:\Windows\System\mCGNRKL.exe
  C:\Windows\System\mCGNRKL.exe
  2⤵
  PID:10076
- C:\Windows\System\uITSyCA.exe
  C:\Windows\System\uITSyCA.exe
  2⤵
  PID:10120
- C:\Windows\System\tJmQEvG.exe
  C:\Windows\System\tJmQEvG.exe
  2⤵
  PID:10124
- C:\Windows\System\eEfMOaI.exe
  C:\Windows\System\eEfMOaI.exe
  2⤵
  PID:10164
- C:\Windows\System\VQKLkEc.exe
  C:\Windows\System\VQKLkEc.exe
  2⤵
  PID:10212
- C:\Windows\System\iXVzHSB.exe
  C:\Windows\System\iXVzHSB.exe
  2⤵
  PID:10232
- C:\Windows\System\wdLuRef.exe
  C:\Windows\System\wdLuRef.exe
  2⤵
  PID:9244
- C:\Windows\System\knzqmHL.exe
  C:\Windows\System\knzqmHL.exe
  2⤵
  PID:9184
- C:\Windows\System\UUjHYzb.exe
  C:\Windows\System\UUjHYzb.exe
  2⤵
  PID:9408
- C:\Windows\System\WjVHRvf.exe
  C:\Windows\System\WjVHRvf.exe
  2⤵
  PID:9412
- C:\Windows\System\jWJRMNo.exe
  C:\Windows\System\jWJRMNo.exe
  2⤵
  PID:9332
- C:\Windows\System\SIVUsnx.exe
  C:\Windows\System\SIVUsnx.exe
  2⤵
  PID:9328
- C:\Windows\System\UUstnBw.exe
  C:\Windows\System\UUstnBw.exe
  2⤵
  PID:9680
- C:\Windows\System\dnZQmGm.exe
  C:\Windows\System\dnZQmGm.exe
  2⤵
  PID:9568
- C:\Windows\System\uKelkja.exe
  C:\Windows\System\uKelkja.exe
  2⤵
  PID:9640
- C:\Windows\System\YHLTHly.exe
  C:\Windows\System\YHLTHly.exe
  2⤵
  PID:9836
- C:\Windows\System\HhqKTSj.exe
  C:\Windows\System\HhqKTSj.exe
  2⤵
  PID:10128
- C:\Windows\System\mOcXsaY.exe
  C:\Windows\System\mOcXsaY.exe
  2⤵
  PID:9996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ABdwbQl.exe

Filesize
6.0MB

MD5
afc2fe181e463714c562ec51483e99df

SHA1
1bcd8ef9b21d527302926e5bd13252e0193802a5

SHA256
f1c8187aa8a1fc7873f2a6985cea6d40205f34cd5555f591a86388fc478ecb58

SHA512
186b8954ca73ba26fede10ac9c831bd757bb919792ef1721b4bdb934c326c547aa3aee8e4c63bbab2c05119dbe048f833c34fb9dd3987b268f6569d839b9225e

Download Submit
C:\Windows\system\ALUVBvb.exe

Filesize
6.0MB

MD5
66062d571fce61bcb9b78220e435d9e3

SHA1
992e2df1523790475c14ba6abfe4e603460806e4

SHA256
3f8b9badbec001d9c22b72001fadd535b160e8c01596e4d7c4c22edaeaebafde

SHA512
ff477de75c9c2cd3c2ede2b29d43ece4429fa7358f64c78c104f1da7d021d33040b490a43701051fd9e74e8cb3362f4c6f5417878c595e3bc0a4fc315ea67229

Download Submit
C:\Windows\system\BcLbiwK.exe

Filesize
6.0MB

MD5
eb8e221c9abe639611755b877a7df815

SHA1
7572be7a127270323c955277c42b6f542547388c

SHA256
7dbe017e39ff4651b258943a86fb2c37252035b778400d444f65e4e893830aa8

SHA512
c4cd046165edb515a8d345bab27904ef7b745c30c75426480108ce0b95deebc17e5308a71c5c2fa1a3313f1f234728cb86aedafeec460f22702e4cf6c03ba711

Download Submit
C:\Windows\system\BtObkro.exe

Filesize
6.0MB

MD5
6b5a08f6c1287dea76956e565528a04f

SHA1
09510a3db5adc85098838ba8736b1932ed0fbf54

SHA256
4645f78e4bacb8547522b3aa82ac9e9bf5fba1c8e4c95765f783397911b0edee

SHA512
3b5732207c1a1e0e47870d91fa0dc5d66074b7f39c42766f7dc55c3ef963a997300ea0b76a054d3bea5414571018e6c2115677f2f297f7490f177c6a2a05d0e7

Download Submit
C:\Windows\system\DGDLTDT.exe

Filesize
6.0MB

MD5
e7dcdd1c413a085a48f9377e11ec46e7

SHA1
1d3b7f8e8db8e74598598401ae0a32913e7722d8

SHA256
164d2d4c6dd11f01e3bf2086e37d3edb3ee7cd03558ba64a1664c9672c9a5ebc

SHA512
a6e869f62433825520af47f9be2621e38da69c7b5ba691077163b84f4b2afd82e97afd06820d46af83a57c135a749ce051b85a2eaad2eb0d215d193b12c24fda

Download Submit
C:\Windows\system\EiyahMY.exe

Filesize
6.0MB

MD5
9949e0281c00109ed1d6e050c341db17

SHA1
9b2194aa487231d9621deb3398908d1f055fbc89

SHA256
edda76e6248eb0cb7efc271db64d2dd29684a3e84fba93b218e83e697a42726b

SHA512
493295a5cf8173cdd807477bb3238045d759ef0e8b2e478006704c9c78aebc6ab0788faf65dae7deff8956771227d66b58e7bfab118a38a1054b2c971f394146

Download Submit
C:\Windows\system\HsZIzwi.exe

Filesize
6.0MB

MD5
3e2c43ed29166c9c9b18f24647438d91

SHA1
30416db3c484d9bcde6714905bb075051245b33c

SHA256
f942df60a4c02f0c93e6fea463fe058dc5c76fbb929361b64d00c4529cd9f09b

SHA512
ff7cbfbb93acecb1dd01dc888e08b661a6541088ee2ce273927945edd153701676d2b1fab30125993827ffdda997dfb569f18add1855106d2187819420c98b07

Download Submit
C:\Windows\system\ItPqFAT.exe

Filesize
6.0MB

MD5
95a6e7c08eace14fc5de3d080f0fe734

SHA1
8a58ba84fe491873c0e73ae54acd8a5d2f310393

SHA256
25e976bdd92a943b71ee34ce325ca5b72d1f78dacada2c471c9cf498cdc38100

SHA512
bb1d6a5069ffd1fb43ba1baa44ff95e242c6e9bd0a7d6411f4622c11bd20e0b0a3cd22e40439831928fb788affabe49b01b19db9b8c6a149ba31da1b0ead1cb2

Download Submit
C:\Windows\system\LhKEpTx.exe

Filesize
6.0MB

MD5
fc776cf16d384be295932d10dad61c48

SHA1
33882333ceca1c7f2840f21a3f262e73c9394d77

SHA256
5e81ff6dff10c732c980e697db7c11a278bea7cece4f675a150bf89f30e13c87

SHA512
5473591532f553673ba88b12778385583e811d35b3effe65f64ca11d9a213e40c2dc4cf3ec1d55b4be2e01ac1888c6e204ebc2b7c14628691b4f8d5f762f1fff

Download Submit
C:\Windows\system\LhxqeBZ.exe

Filesize
6.0MB

MD5
21276c4d4211417c9639b9b83137393d

SHA1
ead6ce06cdf066f7c917e7e9df9777022d7b12e5

SHA256
331f9f72b2b086d5ce7f7fc6e5d25e4ad1c19532b06a85573535f17f83efa80b

SHA512
a2b21d4474d72c8961215400f4f9af99f577495add6b5488986fcfc5d011ecb5ff62227b9026ec06e7186a80343eb39273f68ad4e3bc4533e6f474c01c874ef0

Download Submit
C:\Windows\system\MqZFfhx.exe

Filesize
6.0MB

MD5
72afe62033c13f198a167b6fb3085770

SHA1
0b49e16adf25fe180b0814fa21c94acbe17cacc9

SHA256
a526ae8abf1a26cea6d16d00e89c70e88c4cddaf98106b11fe1f176ca71b59dd

SHA512
0a86daf29fe2a8a3fd9a57b0fc1430bbce8dd72e41622987bdd02a3f30fd1e0ac309267e691fd365db36fa76a199aa9ee7b55750d63d495581d9926c73d9f4f9

Download Submit
C:\Windows\system\RbranIq.exe

Filesize
6.0MB

MD5
ede0f57792d6ff6a83750fd021bbe11b

SHA1
74ecbdf1183a64b173a2f44f9dff1880d3f7a352

SHA256
4038f3aef34f65c5476d748ccb6233cf9e83bbcf3448292af0795c4fca84ebfa

SHA512
d0475b591f8a1f5a17f73523ab8072a554927e6e29d038c391d035a52bdf34748cd994f52a96273ab2db127a0cbe84f16f226a7cab5fd454fa38c79d5a089842

Download Submit
C:\Windows\system\RepegxN.exe

Filesize
6.0MB

MD5
9a302b77fec429481bc95142d9c1b07e

SHA1
958c77e495a2702846bb1c746278c95b41bec45c

SHA256
a9928e5a204c739a6e7d2cb2d36d4c04ed25639ebf965e3911a9e52ac0862a17

SHA512
231f292c6290cb81280820b261d9905fff878e809bdc98d956cb9a3c0d79a5e4f060b0f35d949d61748336185297e732d3df24f5caea8c6e3097143f7dbe4714

Download Submit
C:\Windows\system\RvkCpWW.exe

Filesize
6.0MB

MD5
d1e2346cea75b1f2caea4b127dba1943

SHA1
05b83fd2800f6cc17354d9ca3151653d09a01f1a

SHA256
a1b029faffb16ffbbf1e9c96ccf4d713a4e2dd6af5fbd8285688d29c4153e66c

SHA512
ba64aec6c73def06bad75725e3f668133df7ca99b7205b20ab95d3b0b77845bc496b77c43fb0317eaa62a77b3f2d23e4db24da571fa4340126a7e436a6e10f07

Download Submit
C:\Windows\system\UsjuFUR.exe

Filesize
6.0MB

MD5
0fabe5bacba702c74c3d061512463310

SHA1
a69e8ddb13fba6c23b7001260bd465e5e0e16836

SHA256
69ffc2310e402b8029fa728596c321630aabfe47492113ca062f97122554a369

SHA512
11fb1a218359fbcd94367a2cd2a93889cb1e9770453cdb92d6c2658c221823c3457f30527b09e84ecd5f625170372644bf81c6fe410c210be441b9996780fe97

Download Submit
C:\Windows\system\XefrPQm.exe

Filesize
6.0MB

MD5
3257757dddbf3faafa11a995ec0a713f

SHA1
c45d300300b0b0ede83bfd24b8c3409c4e5aadc5

SHA256
9b94b6b71f79a1be007fb78b15cfd93810dc43b483878d42e180040821a29fcf

SHA512
0059a0e35b2d4f50e5b9d1ea8361b775f8dd5f453b6af15173518d3e48380f02342cb344d440a8c4748095d059f58c882dfdcb281807d75316172a11a052b534

Download Submit
C:\Windows\system\YUoNZJU.exe

Filesize
6.0MB

MD5
cb1677b8b4081e44a490292c15bbd230

SHA1
c8e4cce7572a68e6bc321f70011c3679446f4060

SHA256
ff64ab3073a529ba4cfb380d0103d7738edb978de4429f14ea8d1eb1de553cc4

SHA512
57d0ce0fcf1eaf0c8708142e1daee6172eb9f3979844be5cf2c93ddf8333bbfc38b94ecf35333d32cbdd6cecb09426f9be9acf0d7e232f1a058d661d6adaacb7

Download Submit
C:\Windows\system\fsPSXom.exe

Filesize
6.0MB

MD5
2d80802cd97dcaedc99b946a8c251cf5

SHA1
d8abdd90af607146c4f1be913e36ad5905713bbb

SHA256
7f8be649f23a6f55d05ad16f4b0dcb0a8130227fc3c43972b4842fa74b279647

SHA512
905af872a3682dc8f4c688a8da2be5aabe033f452b21a1518e3e8618fff0d48fe0e5aa02937ec3b67e0e962699fcea48635e2a376715305d03dc0501f75113fb

Download Submit
C:\Windows\system\fwFCQVx.exe

Filesize
6.0MB

MD5
a0aca71243630ed42e73228e05716ec3

SHA1
533ae813c21a1aa3627975502807521f4d941036

SHA256
c1a2358f95a813437aee44dc441616512c77e68beebeb637afa9d0e85a0d502b

SHA512
0d2a1d28f2e3e7a6e1a58a8d2a6742b8132ee76392c815e8e70c65909ed96a1be9de66ddabae3a14766c9c38bc663f06e62984085e8002c7d764a7a4e816b2fb

Download Submit
C:\Windows\system\gSeyTyK.exe

Filesize
6.0MB

MD5
badd7993ba926789ab9bc8207fb7fc55

SHA1
06c41f0c8748f03cb24b2fa38fb2c4b6bfed6ded

SHA256
4e495737c5f9067e3ed71a29dc16e64c9fa3901e948f7990d74d247b1db15106

SHA512
3ed3e77aa3d75057ff214bd8a03a63a89a62e125871132f1bab89f57f19962e6b8edd294062f56c81ebd8506d3d4946681815dc26d79c52d13b484ed6904b09e

Download Submit
C:\Windows\system\hiOVpND.exe

Filesize
6.0MB

MD5
7f755a1ca0ac3819fbb957ac7b4b4638

SHA1
4f72dbfa5981806e478b55803a78dfd8ce2c614d

SHA256
e86a646a25c8ae3adfeb59452468740e13c98cabe1baaadb47452e07ef905eb9

SHA512
c4ba0feeee19fe573999c7447a607f899db3277c3b9c3aa0b21ea41586ae42b258f4a692532162b95bfba16561d7f197d91d5ed30f9a660da24667a425fe6485

Download Submit
C:\Windows\system\iSMOTyh.exe

Filesize
6.0MB

MD5
d3e0804a6d95b58ad01e509ff1d7186a

SHA1
2271bc3ec838a4d2828862f5ac56018544202bb8

SHA256
ae03d8a7888381aad0fcf1a121114828cf5940ed1b8e326f03c31afb38bed826

SHA512
c3feb59daa8440da3de2e0ee1dc4bcaaaaa478fb03f85cbcf722dfd34396a24ea34a3d130051070aa41e9fc0aa35b8896f221c0be42a6260e62ff99ab8cfc1c4

Download Submit
C:\Windows\system\isYdpNj.exe

Filesize
6.0MB

MD5
42ed767ea5a4b14e746db52ace4f3d35

SHA1
432564f7168814f1ec8f41a18bc765d585512507

SHA256
dc7667537fc14eefe00decbfc697d7a5d0992876219dd2cde4876ed8e5aa9006

SHA512
c6e79dc8839f78954004189ab598b2291ab593b4a98e69f90f845965223537a2778686e59c64cd08557a76769015ed6eadb227694423f0c0157ad62081680315

Download Submit
C:\Windows\system\jCixxcM.exe

Filesize
6.0MB

MD5
13f03caf2e5ea008164e2a298f6de5d0

SHA1
c1c977842163eecd6a71cdd969b71f15212b81e6

SHA256
92d9d4366d51413653677fae292562f2f6b3a36081dd9b74a4a473e4a612326e

SHA512
ab9c8b8fc4c084ad681947e55bbecbebe312d5090a7267867b9b8fa7afdfdf29a19f0eaf565e9f844ee7ac3a5134c0c519c7bfd31088c702be6352edf9ee0782

Download Submit
C:\Windows\system\nCkThQh.exe

Filesize
6.0MB

MD5
c1d155cfef7d8417ff747ea57c860994

SHA1
571a3d71491373ec4ddb53c8bfce9fe213cdb2c5

SHA256
9b5b475c9071c98ae242827b9e838f98a18767f26391d83d0e5449a05cbecba6

SHA512
04806f9eff357e54685fb4a06441035d6b1c44945bc7725f4fe4bd80d6558a6f0d1418d77384fd08bc3c8a8ad0383a9e5f4c88a798071bb67eab0f2eef5eccb4

Download Submit
C:\Windows\system\pUpPASN.exe

Filesize
6.0MB

MD5
62a9837e4e8bd9d89a7d89e8d9377711

SHA1
136006eec5b67c8e0089d56a5fe61c123b97b69c

SHA256
ff821e2f40e26a598b724ecb943dbc278948db1ad5c2db49828e155603de32e4

SHA512
8b612c3b0fa98d439caca04459e50ce33ac6e36150c2239a8a9e4cbc616ba557d8d53e2fe15c95dbe6105d20ac7e8e188bdb78e0d8287c6a8f117263c4869371

Download Submit
C:\Windows\system\pvclqew.exe

Filesize
6.0MB

MD5
6f57456b278e27cdc1d4059338b92fda

SHA1
2bac701d46fbf9fcb0fc30af62f36303b90c7279

SHA256
6a299115272bedfcfad1f83a8563c80bdabe852d6be8ba92b7388d6f3c030e12

SHA512
eaa0a579abf9133f4ab2a86fe28f04d4939dc42f41031930a1a393bc036f1e4c0da962e5e5b409837d8e67e9673669df8978b60d7aa1e925ee2f456640bc7ce9

Download Submit
C:\Windows\system\tBAuqza.exe

Filesize
6.0MB

MD5
0786a4c76653242ed665e51a50a80558

SHA1
cd9a674fbb0f0819f5ef4e3d03229c10664fe89d

SHA256
73d4736bd808baab6e98d39b20731055f9720020b206c8d9556ef5d193bff011

SHA512
4de794479be6a9e04196b4d97530ec9e71460dfd845560bb0f1f53aee08c7ebf6374473766a431e76c96e64811892a0edddc813c0e8fc28652577dbfedd24d10

Download Submit
C:\Windows\system\tnMiGuo.exe

Filesize
6.0MB

MD5
e2ab6ec66f8b317939f53d72cd06f8e1

SHA1
7b4f3935d92453a40e6b16e0322e9b2cab284e31

SHA256
edab82bbee576a079f72e164473f55de9e2c8fce13b85fccba31323554a81b29

SHA512
79d3d018910b9afab6f38d78a82521af7ca920c06df182e5c90834ec632d8cb79766560e3631fdf6118091672e642acdaa2f79f3f42eb9e293ba7ad9f982f663

Download Submit
C:\Windows\system\uZwZVCk.exe

Filesize
6.0MB

MD5
10901c0b33b0344ca2b72cb646ad744d

SHA1
60b47ed273eeaae2a5152b0f54979756555862e5

SHA256
80f7609be51db64054d033322a2776176bc43d635c0409432adb4a695c938a45

SHA512
72fc47d355d8e468eb71ff6002af284fdd7ec2ae617ea12aaea64b1cb52b545d6bfebf0be3fcd4b87decbc9f1a3b038c9a534af2635c40df0cd12892cea02941

Download Submit
\Windows\system\AaNEClt.exe

Filesize
6.0MB

MD5
4c1bf0e952f0c9a015bd7f8578b8bc8f

SHA1
3a30a1ee5a5c686a586114dffd7cb08d66470d47

SHA256
0a281a0f53143f33c4da72f4f76f4ef857ab39ba30f27afa6f1ae1aa17b3ecb5

SHA512
da197d3ebac9e6ee32a2ac3c1f463fc5a0c7dd3210971e9ac7b21b95556144bf8eca1a4c5e74d7c8b95fef472678e24a9c0e651deb7eda979553818f43c14193

Download Submit
\Windows\system\EvUkfDj.exe

Filesize
6.0MB

MD5
7a973e7f4f7ef053e8b56936e0d0fd82

SHA1
dc584e7b1288b2a0d2033a9dba00efd1c7d71190

SHA256
b1afb15c3cb26c9bd625ce26d923b212fdfa17e528a9432157d9cb02cb039378

SHA512
149319983e395cf188c8bd0a87fcfc597208a9666b60a6e2952c3014ef06124b8504d2186274af144a6aa51b88802f35fac278e9a7612e1a00609caad2b18fbd

Download Submit
memory/784-92-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/784-4055-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/1204-85-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1204-4051-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-25-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2120-87-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2120-779-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2120-102-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2120-101-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2120-648-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2120-1-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/2120-94-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-0-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2120-53-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2120-88-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-95-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2120-493-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-37-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2120-81-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-80-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-19-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-6-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-29-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2120-67-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2120-15-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2120-49-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-366-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-60-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2268-51-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2268-4056-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-11-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-40-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-3412-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-57-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-3417-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-21-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-13-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2368-3403-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2368-46-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2440-4050-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2440-98-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2484-27-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-3404-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-63-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-71-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2668-4052-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2748-35-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2748-4054-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2748-70-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2756-4053-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2756-58-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2836-64-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-4058-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-3398-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-76-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-44-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-4057-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-77-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download