cobaltstrike | 496b9cf762d989abcaf79d728cfbcb6d6c1bcdc17a290d076f66280d715bf757

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
20-12-2024 00:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

860a36a48c2af627c94a6d09fcff3eed
SHA1

e60a508a79087babdd999f35527c4c0a3e86e15b
SHA256

496b9cf762d989abcaf79d728cfbcb6d6c1bcdc17a290d076f66280d715bf757
SHA512

0676e743264b8fc27b440e995f955ca2fb337ed56ea4ab04c9ed4bada624f1ab857c76489ec2c2aa792889bf07e8995412d9c5af1cc0d5f6062c45119459bf80
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUP:T+q56utgpPF8u/7P

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b00000001225c-6.dat	cobalt_reflective_dll
behavioral1/files/0x002e00000001604c-8.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001660b-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ace-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c10-30.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016fc9-53.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948c-77.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a3-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-127.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-185.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-191.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-180.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-171.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-174.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-165.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b1-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-146.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-141.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-114.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-109.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194eb-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019490-84.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019480-66.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019489-74.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-61.dat	cobalt_reflective_dll
behavioral1/files/0x001200000001626d-45.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c23-44.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1852-0-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/files/0x000b00000001225c-6.dat	xmrig
behavioral1/files/0x002e00000001604c-8.dat	xmrig
behavioral1/files/0x000900000001660b-12.dat	xmrig
behavioral1/memory/2792-21-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/1760-22-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/files/0x0008000000016ace-23.dat	xmrig
behavioral1/memory/2028-19-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2928-29-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c10-30.dat	xmrig
behavioral1/memory/2860-37-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2672-48-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/files/0x0008000000016fc9-53.dat	xmrig
behavioral1/memory/2680-56-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x000500000001948c-77.dat	xmrig
behavioral1/files/0x00050000000194a3-95.dat	xmrig
behavioral1/files/0x0005000000019515-119.dat	xmrig
behavioral1/files/0x0005000000019547-124.dat	xmrig
behavioral1/files/0x000500000001957c-127.dat	xmrig
behavioral1/files/0x00050000000195ad-151.dat	xmrig
behavioral1/files/0x00050000000195bd-185.dat	xmrig
behavioral1/memory/1760-1800-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2028-1799-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2792-1798-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2928-1816-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2860-1857-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2836-1873-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2680-1894-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/1056-1933-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2544-1968-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/1612-1964-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/392-1955-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2820-1954-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/3012-1952-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2672-1872-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/1852-497-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2544-468-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/3012-358-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2820-283-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/1852-282-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c1-191.dat	xmrig
behavioral1/files/0x00050000000195bb-180.dat	xmrig
behavioral1/files/0x00050000000195b5-171.dat	xmrig
behavioral1/files/0x00050000000195b7-174.dat	xmrig
behavioral1/files/0x00050000000195b3-165.dat	xmrig
behavioral1/files/0x00050000000195b1-161.dat	xmrig
behavioral1/files/0x00050000000195af-155.dat	xmrig
behavioral1/files/0x00050000000195ab-146.dat	xmrig
behavioral1/files/0x00050000000195a9-141.dat	xmrig
behavioral1/files/0x00050000000195a7-135.dat	xmrig
behavioral1/memory/1056-130-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/files/0x000500000001950f-114.dat	xmrig
behavioral1/files/0x00050000000194ef-109.dat	xmrig
behavioral1/memory/1612-100-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/files/0x00050000000194eb-103.dat	xmrig
behavioral1/memory/2680-99-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2544-92-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2860-71-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2820-69-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/1852-68-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/1852-90-0x0000000002400000-0x0000000002754000-memory.dmp	xmrig
behavioral1/memory/392-88-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/3012-86-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x0005000000019490-84.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1760	IHvRkfC.exe
2028	mypuksh.exe
2792	PhGOkGF.exe
2928	YTCeWGO.exe
2860	SkjAwRA.exe
2836	WtLKLbF.exe
2672	acDjqUX.exe
2680	QyZTwpu.exe
1056	KIKxhli.exe
2820	rtAmbsl.exe
3012	yNTxMRr.exe
392	ObLwZRI.exe
2544	memhubr.exe
1612	ifrSvgv.exe
2956	faJkxdC.exe
3000	EmfXVEV.exe
1148	WAHXAXc.exe
2988	XcOkiRk.exe
1656	qrybxez.exe
1800	UBnHCHl.exe
460	svjVIPc.exe
756	eLBIdhj.exe
1572	upDSpGX.exe
2324	hMkpGWN.exe
2084	rahRrTu.exe
2416	GyaOThS.exe
2300	EKfZFur.exe
2564	ZyilBvh.exe
2068	iMdtYHM.exe
996	EcNczFq.exe
1124	jPLpxfv.exe
1232	seaMaMi.exe
1036	mUnIdzN.exe
1456	dLtniQe.exe
1096	ygTDjpd.exe
932	zlIcpYy.exe
1996	qXuaKWU.exe
2484	AzYyGZN.exe
716	VGQdEgM.exe
1080	SqBtljU.exe
1492	cBOdnYj.exe
2520	mGllAYg.exe
1604	AIcydiV.exe
612	EeduifU.exe
2252	UaATNQV.exe
2524	OeHxAoe.exe
1952	UdtDJzo.exe
2396	kXoKwFX.exe
2504	lNoPnyX.exe
1668	LoRnGeb.exe
1632	jyELcZm.exe
1480	NGJmJHu.exe
2036	QGdCVvZ.exe
2292	ZqzcPSJ.exe
1600	BaNajqb.exe
2940	tTURAqJ.exe
2872	EhQArkL.exe
1508	XwsWGWH.exe
2864	QqHwxrA.exe
2816	BxLZrcy.exe
2320	peSOmcr.exe
1032	iOcofkh.exe
1768	gWEplhC.exe
2964	XOEaOHT.exe

Loads dropped DLL 64 IoCs

pid	Process
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1852-0-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/files/0x000b00000001225c-6.dat	upx
behavioral1/files/0x002e00000001604c-8.dat	upx
behavioral1/files/0x000900000001660b-12.dat	upx
behavioral1/memory/2792-21-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/1760-22-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/files/0x0008000000016ace-23.dat	upx
behavioral1/memory/2028-19-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2928-29-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/files/0x0007000000016c10-30.dat	upx
behavioral1/memory/2860-37-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2672-48-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/files/0x0008000000016fc9-53.dat	upx
behavioral1/memory/2680-56-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x000500000001948c-77.dat	upx
behavioral1/files/0x00050000000194a3-95.dat	upx
behavioral1/files/0x0005000000019515-119.dat	upx
behavioral1/files/0x0005000000019547-124.dat	upx
behavioral1/files/0x000500000001957c-127.dat	upx
behavioral1/files/0x00050000000195ad-151.dat	upx
behavioral1/files/0x00050000000195bd-185.dat	upx
behavioral1/memory/1760-1800-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2028-1799-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2792-1798-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2928-1816-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2860-1857-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2836-1873-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2680-1894-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/1056-1933-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2544-1968-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/1612-1964-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/392-1955-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2820-1954-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/3012-1952-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2672-1872-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2544-468-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/3012-358-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2820-283-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/files/0x00050000000195c1-191.dat	upx
behavioral1/files/0x00050000000195bb-180.dat	upx
behavioral1/files/0x00050000000195b5-171.dat	upx
behavioral1/files/0x00050000000195b7-174.dat	upx
behavioral1/files/0x00050000000195b3-165.dat	upx
behavioral1/files/0x00050000000195b1-161.dat	upx
behavioral1/files/0x00050000000195af-155.dat	upx
behavioral1/files/0x00050000000195ab-146.dat	upx
behavioral1/files/0x00050000000195a9-141.dat	upx
behavioral1/files/0x00050000000195a7-135.dat	upx
behavioral1/memory/1056-130-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/files/0x000500000001950f-114.dat	upx
behavioral1/files/0x00050000000194ef-109.dat	upx
behavioral1/memory/1612-100-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x00050000000194eb-103.dat	upx
behavioral1/memory/2680-99-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2544-92-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2860-71-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2820-69-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/392-88-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/3012-86-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x0005000000019490-84.dat	upx
behavioral1/files/0x0006000000019480-66.dat	upx
behavioral1/files/0x0005000000019489-74.dat	upx
behavioral1/memory/1852-54-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/1056-63-0x000000013F740000-0x000000013FA94000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\TIHvgnb.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JBDpzGJ.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jNUIsmf.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ClNkdyl.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cmfgjeB.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bkOFCSy.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZaKTDuc.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WutZqGi.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SbJGABa.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xVrdFlb.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LqkDpwz.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fzdUQIb.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\siZCmBc.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vIUnLFY.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\trivfkd.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VNKUlTn.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zIxlOJQ.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CtzgidE.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ucsnbRz.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oFUryYQ.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TUfYueY.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XoyRhSZ.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OMyiyYH.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JyFdwih.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KOiLVgc.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TUZcKFT.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\owqrDAw.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\erowbQh.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lmtAVTs.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tAxroIG.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AKlgrMC.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ugJdEWW.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xECNivo.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FQNzFIQ.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tNGzFCR.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xeOtLrV.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YezyYsW.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IHyLudf.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YYfNSVN.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EmfXVEV.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vByJiey.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aAuttia.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LminEkv.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xtoaElk.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PxvGVGy.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tmpRprf.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LslxfPC.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dUHYhxZ.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fDXxTAv.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sEnEXnH.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PgWCwJq.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BkVmQkI.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AvUEOxO.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HEGEsXf.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ANwUpdq.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DroZpHO.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VYGjpEr.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gXoVuNC.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RRqGDRK.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YWBDecM.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QLsvXbZ.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DVnvUUb.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QlrJLks.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jgnInBa.exe	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1852 wrote to memory of 1760	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1852 wrote to memory of 1760	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1852 wrote to memory of 1760	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1852 wrote to memory of 2028	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1852 wrote to memory of 2028	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1852 wrote to memory of 2028	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1852 wrote to memory of 2792	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1852 wrote to memory of 2792	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1852 wrote to memory of 2792	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1852 wrote to memory of 2928	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1852 wrote to memory of 2928	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1852 wrote to memory of 2928	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1852 wrote to memory of 2860	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1852 wrote to memory of 2860	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1852 wrote to memory of 2860	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1852 wrote to memory of 2672	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1852 wrote to memory of 2672	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1852 wrote to memory of 2672	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1852 wrote to memory of 2836	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1852 wrote to memory of 2836	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1852 wrote to memory of 2836	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1852 wrote to memory of 2680	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1852 wrote to memory of 2680	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1852 wrote to memory of 2680	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1852 wrote to memory of 1056	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1852 wrote to memory of 1056	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1852 wrote to memory of 1056	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1852 wrote to memory of 2820	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1852 wrote to memory of 2820	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1852 wrote to memory of 2820	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1852 wrote to memory of 3012	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1852 wrote to memory of 3012	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1852 wrote to memory of 3012	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1852 wrote to memory of 2544	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1852 wrote to memory of 2544	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1852 wrote to memory of 2544	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1852 wrote to memory of 392	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1852 wrote to memory of 392	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1852 wrote to memory of 392	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1852 wrote to memory of 1612	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1852 wrote to memory of 1612	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1852 wrote to memory of 1612	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1852 wrote to memory of 2956	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1852 wrote to memory of 2956	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1852 wrote to memory of 2956	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1852 wrote to memory of 3000	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1852 wrote to memory of 3000	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1852 wrote to memory of 3000	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1852 wrote to memory of 1148	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1852 wrote to memory of 1148	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1852 wrote to memory of 1148	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1852 wrote to memory of 2988	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1852 wrote to memory of 2988	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1852 wrote to memory of 2988	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1852 wrote to memory of 1656	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1852 wrote to memory of 1656	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1852 wrote to memory of 1656	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1852 wrote to memory of 1800	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1852 wrote to memory of 1800	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1852 wrote to memory of 1800	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1852 wrote to memory of 460	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1852 wrote to memory of 460	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1852 wrote to memory of 460	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1852 wrote to memory of 756	1852	2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-20_860a36a48c2af627c94a6d09fcff3eed_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1852
- C:\Windows\System\IHvRkfC.exe
  C:\Windows\System\IHvRkfC.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\mypuksh.exe
  C:\Windows\System\mypuksh.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\PhGOkGF.exe
  C:\Windows\System\PhGOkGF.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\YTCeWGO.exe
  C:\Windows\System\YTCeWGO.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\SkjAwRA.exe
  C:\Windows\System\SkjAwRA.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\acDjqUX.exe
  C:\Windows\System\acDjqUX.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\WtLKLbF.exe
  C:\Windows\System\WtLKLbF.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\QyZTwpu.exe
  C:\Windows\System\QyZTwpu.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\KIKxhli.exe
  C:\Windows\System\KIKxhli.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\rtAmbsl.exe
  C:\Windows\System\rtAmbsl.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\yNTxMRr.exe
  C:\Windows\System\yNTxMRr.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\memhubr.exe
  C:\Windows\System\memhubr.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\ObLwZRI.exe
  C:\Windows\System\ObLwZRI.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\ifrSvgv.exe
  C:\Windows\System\ifrSvgv.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\faJkxdC.exe
  C:\Windows\System\faJkxdC.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\EmfXVEV.exe
  C:\Windows\System\EmfXVEV.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\WAHXAXc.exe
  C:\Windows\System\WAHXAXc.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\XcOkiRk.exe
  C:\Windows\System\XcOkiRk.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\qrybxez.exe
  C:\Windows\System\qrybxez.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\UBnHCHl.exe
  C:\Windows\System\UBnHCHl.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\svjVIPc.exe
  C:\Windows\System\svjVIPc.exe
  2⤵
  - Executes dropped EXE
  PID:460
- C:\Windows\System\eLBIdhj.exe
  C:\Windows\System\eLBIdhj.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\upDSpGX.exe
  C:\Windows\System\upDSpGX.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\hMkpGWN.exe
  C:\Windows\System\hMkpGWN.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\rahRrTu.exe
  C:\Windows\System\rahRrTu.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\GyaOThS.exe
  C:\Windows\System\GyaOThS.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\EKfZFur.exe
  C:\Windows\System\EKfZFur.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\ZyilBvh.exe
  C:\Windows\System\ZyilBvh.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\iMdtYHM.exe
  C:\Windows\System\iMdtYHM.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\EcNczFq.exe
  C:\Windows\System\EcNczFq.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\jPLpxfv.exe
  C:\Windows\System\jPLpxfv.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\seaMaMi.exe
  C:\Windows\System\seaMaMi.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\mUnIdzN.exe
  C:\Windows\System\mUnIdzN.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\dLtniQe.exe
  C:\Windows\System\dLtniQe.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\ygTDjpd.exe
  C:\Windows\System\ygTDjpd.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\qXuaKWU.exe
  C:\Windows\System\qXuaKWU.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\zlIcpYy.exe
  C:\Windows\System\zlIcpYy.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\AzYyGZN.exe
  C:\Windows\System\AzYyGZN.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\VGQdEgM.exe
  C:\Windows\System\VGQdEgM.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\SqBtljU.exe
  C:\Windows\System\SqBtljU.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\cBOdnYj.exe
  C:\Windows\System\cBOdnYj.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\mGllAYg.exe
  C:\Windows\System\mGllAYg.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\AIcydiV.exe
  C:\Windows\System\AIcydiV.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\EeduifU.exe
  C:\Windows\System\EeduifU.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\UaATNQV.exe
  C:\Windows\System\UaATNQV.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\OeHxAoe.exe
  C:\Windows\System\OeHxAoe.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\UdtDJzo.exe
  C:\Windows\System\UdtDJzo.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\kXoKwFX.exe
  C:\Windows\System\kXoKwFX.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\lNoPnyX.exe
  C:\Windows\System\lNoPnyX.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\LoRnGeb.exe
  C:\Windows\System\LoRnGeb.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\jyELcZm.exe
  C:\Windows\System\jyELcZm.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\NGJmJHu.exe
  C:\Windows\System\NGJmJHu.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\QGdCVvZ.exe
  C:\Windows\System\QGdCVvZ.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\ZqzcPSJ.exe
  C:\Windows\System\ZqzcPSJ.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\BaNajqb.exe
  C:\Windows\System\BaNajqb.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\tTURAqJ.exe
  C:\Windows\System\tTURAqJ.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\EhQArkL.exe
  C:\Windows\System\EhQArkL.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\XwsWGWH.exe
  C:\Windows\System\XwsWGWH.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\QqHwxrA.exe
  C:\Windows\System\QqHwxrA.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\BxLZrcy.exe
  C:\Windows\System\BxLZrcy.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\peSOmcr.exe
  C:\Windows\System\peSOmcr.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\gWEplhC.exe
  C:\Windows\System\gWEplhC.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\iOcofkh.exe
  C:\Windows\System\iOcofkh.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\XOEaOHT.exe
  C:\Windows\System\XOEaOHT.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\tFiJPZA.exe
  C:\Windows\System\tFiJPZA.exe
  2⤵
  PID:2164
- C:\Windows\System\kSEZlAY.exe
  C:\Windows\System\kSEZlAY.exe
  2⤵
  PID:1964
- C:\Windows\System\xtoaElk.exe
  C:\Windows\System\xtoaElk.exe
  2⤵
  PID:2568
- C:\Windows\System\RMpaPhV.exe
  C:\Windows\System\RMpaPhV.exe
  2⤵
  PID:1384
- C:\Windows\System\sEnEXnH.exe
  C:\Windows\System\sEnEXnH.exe
  2⤵
  PID:2176
- C:\Windows\System\GypMWpI.exe
  C:\Windows\System\GypMWpI.exe
  2⤵
  PID:2412
- C:\Windows\System\bvQaCLJ.exe
  C:\Windows\System\bvQaCLJ.exe
  2⤵
  PID:604
- C:\Windows\System\nDXeEpk.exe
  C:\Windows\System\nDXeEpk.exe
  2⤵
  PID:2312
- C:\Windows\System\UnbUSXF.exe
  C:\Windows\System\UnbUSXF.exe
  2⤵
  PID:1652
- C:\Windows\System\fmEdHXA.exe
  C:\Windows\System\fmEdHXA.exe
  2⤵
  PID:2332
- C:\Windows\System\WVfsvMH.exe
  C:\Windows\System\WVfsvMH.exe
  2⤵
  PID:2604
- C:\Windows\System\VSSMFFI.exe
  C:\Windows\System\VSSMFFI.exe
  2⤵
  PID:568
- C:\Windows\System\CUwDPpj.exe
  C:\Windows\System\CUwDPpj.exe
  2⤵
  PID:1316
- C:\Windows\System\LNgpsoY.exe
  C:\Windows\System\LNgpsoY.exe
  2⤵
  PID:1580
- C:\Windows\System\nOLZjKo.exe
  C:\Windows\System\nOLZjKo.exe
  2⤵
  PID:540
- C:\Windows\System\loxMKML.exe
  C:\Windows\System\loxMKML.exe
  2⤵
  PID:2184
- C:\Windows\System\PAfjQCj.exe
  C:\Windows\System\PAfjQCj.exe
  2⤵
  PID:2188
- C:\Windows\System\SJpZGeQ.exe
  C:\Windows\System\SJpZGeQ.exe
  2⤵
  PID:2532
- C:\Windows\System\PxvGVGy.exe
  C:\Windows\System\PxvGVGy.exe
  2⤵
  PID:2060
- C:\Windows\System\QVVFuXG.exe
  C:\Windows\System\QVVFuXG.exe
  2⤵
  PID:2916
- C:\Windows\System\exrNEOM.exe
  C:\Windows\System\exrNEOM.exe
  2⤵
  PID:908
- C:\Windows\System\HnnAjXp.exe
  C:\Windows\System\HnnAjXp.exe
  2⤵
  PID:928
- C:\Windows\System\NRuKzvY.exe
  C:\Windows\System\NRuKzvY.exe
  2⤵
  PID:3036
- C:\Windows\System\VZOugkV.exe
  C:\Windows\System\VZOugkV.exe
  2⤵
  PID:1884
- C:\Windows\System\njYtWXv.exe
  C:\Windows\System\njYtWXv.exe
  2⤵
  PID:2496
- C:\Windows\System\oYwFZvj.exe
  C:\Windows\System\oYwFZvj.exe
  2⤵
  PID:2904
- C:\Windows\System\maEEozN.exe
  C:\Windows\System\maEEozN.exe
  2⤵
  PID:2644
- C:\Windows\System\CtzgidE.exe
  C:\Windows\System\CtzgidE.exe
  2⤵
  PID:2716
- C:\Windows\System\zlwKLhs.exe
  C:\Windows\System\zlwKLhs.exe
  2⤵
  PID:2580
- C:\Windows\System\jsSjSWB.exe
  C:\Windows\System\jsSjSWB.exe
  2⤵
  PID:2996
- C:\Windows\System\ccdpRkO.exe
  C:\Windows\System\ccdpRkO.exe
  2⤵
  PID:2236
- C:\Windows\System\NjsLJWU.exe
  C:\Windows\System\NjsLJWU.exe
  2⤵
  PID:2420
- C:\Windows\System\DroZpHO.exe
  C:\Windows\System\DroZpHO.exe
  2⤵
  PID:1092
- C:\Windows\System\oBLMJCy.exe
  C:\Windows\System\oBLMJCy.exe
  2⤵
  PID:2452
- C:\Windows\System\sqlZtHY.exe
  C:\Windows\System\sqlZtHY.exe
  2⤵
  PID:936
- C:\Windows\System\nwMwUaa.exe
  C:\Windows\System\nwMwUaa.exe
  2⤵
  PID:948
- C:\Windows\System\MIZwBnz.exe
  C:\Windows\System\MIZwBnz.exe
  2⤵
  PID:1904
- C:\Windows\System\AKlgrMC.exe
  C:\Windows\System\AKlgrMC.exe
  2⤵
  PID:1520
- C:\Windows\System\AOOsGrc.exe
  C:\Windows\System\AOOsGrc.exe
  2⤵
  PID:1412
- C:\Windows\System\XROeHZj.exe
  C:\Windows\System\XROeHZj.exe
  2⤵
  PID:508
- C:\Windows\System\YOAXGOL.exe
  C:\Windows\System\YOAXGOL.exe
  2⤵
  PID:1864
- C:\Windows\System\BqHsfvZ.exe
  C:\Windows\System\BqHsfvZ.exe
  2⤵
  PID:1460
- C:\Windows\System\Lblmllk.exe
  C:\Windows\System\Lblmllk.exe
  2⤵
  PID:1568
- C:\Windows\System\eZNkAIj.exe
  C:\Windows\System\eZNkAIj.exe
  2⤵
  PID:2880
- C:\Windows\System\gRtsFPM.exe
  C:\Windows\System\gRtsFPM.exe
  2⤵
  PID:2684
- C:\Windows\System\EGYbIMw.exe
  C:\Windows\System\EGYbIMw.exe
  2⤵
  PID:3088
- C:\Windows\System\cKWdQiu.exe
  C:\Windows\System\cKWdQiu.exe
  2⤵
  PID:3108
- C:\Windows\System\bNHENpv.exe
  C:\Windows\System\bNHENpv.exe
  2⤵
  PID:3128
- C:\Windows\System\nhCToes.exe
  C:\Windows\System\nhCToes.exe
  2⤵
  PID:3148
- C:\Windows\System\IbQeEqz.exe
  C:\Windows\System\IbQeEqz.exe
  2⤵
  PID:3168
- C:\Windows\System\BCnZSzE.exe
  C:\Windows\System\BCnZSzE.exe
  2⤵
  PID:3188
- C:\Windows\System\xCtBicT.exe
  C:\Windows\System\xCtBicT.exe
  2⤵
  PID:3208
- C:\Windows\System\VYGjpEr.exe
  C:\Windows\System\VYGjpEr.exe
  2⤵
  PID:3228
- C:\Windows\System\TGYdGNm.exe
  C:\Windows\System\TGYdGNm.exe
  2⤵
  PID:3248
- C:\Windows\System\CpEyTel.exe
  C:\Windows\System\CpEyTel.exe
  2⤵
  PID:3268
- C:\Windows\System\KpxEEbl.exe
  C:\Windows\System\KpxEEbl.exe
  2⤵
  PID:3288
- C:\Windows\System\FkHbNbV.exe
  C:\Windows\System\FkHbNbV.exe
  2⤵
  PID:3308
- C:\Windows\System\wJXwUwS.exe
  C:\Windows\System\wJXwUwS.exe
  2⤵
  PID:3324
- C:\Windows\System\yGqGApA.exe
  C:\Windows\System\yGqGApA.exe
  2⤵
  PID:3364
- C:\Windows\System\AOggzem.exe
  C:\Windows\System\AOggzem.exe
  2⤵
  PID:3380
- C:\Windows\System\jlgNXFA.exe
  C:\Windows\System\jlgNXFA.exe
  2⤵
  PID:3404
- C:\Windows\System\ApyrTVC.exe
  C:\Windows\System\ApyrTVC.exe
  2⤵
  PID:3420
- C:\Windows\System\qjFaUDX.exe
  C:\Windows\System\qjFaUDX.exe
  2⤵
  PID:3444
- C:\Windows\System\urTIbBH.exe
  C:\Windows\System\urTIbBH.exe
  2⤵
  PID:3464
- C:\Windows\System\JFansnw.exe
  C:\Windows\System\JFansnw.exe
  2⤵
  PID:3480
- C:\Windows\System\IWSQWss.exe
  C:\Windows\System\IWSQWss.exe
  2⤵
  PID:3504
- C:\Windows\System\sVcNEOI.exe
  C:\Windows\System\sVcNEOI.exe
  2⤵
  PID:3524
- C:\Windows\System\xZCABuX.exe
  C:\Windows\System\xZCABuX.exe
  2⤵
  PID:3544
- C:\Windows\System\vCiMGXT.exe
  C:\Windows\System\vCiMGXT.exe
  2⤵
  PID:3568
- C:\Windows\System\OuAyUyz.exe
  C:\Windows\System\OuAyUyz.exe
  2⤵
  PID:3588
- C:\Windows\System\YpeICyv.exe
  C:\Windows\System\YpeICyv.exe
  2⤵
  PID:3608
- C:\Windows\System\IMPqMZY.exe
  C:\Windows\System\IMPqMZY.exe
  2⤵
  PID:3628
- C:\Windows\System\NjKpIBu.exe
  C:\Windows\System\NjKpIBu.exe
  2⤵
  PID:3648
- C:\Windows\System\IpCxJmz.exe
  C:\Windows\System\IpCxJmz.exe
  2⤵
  PID:3672
- C:\Windows\System\ATSEaDY.exe
  C:\Windows\System\ATSEaDY.exe
  2⤵
  PID:3692
- C:\Windows\System\JseaatQ.exe
  C:\Windows\System\JseaatQ.exe
  2⤵
  PID:3712
- C:\Windows\System\jZNrwWG.exe
  C:\Windows\System\jZNrwWG.exe
  2⤵
  PID:3728
- C:\Windows\System\DwIpiYk.exe
  C:\Windows\System\DwIpiYk.exe
  2⤵
  PID:3752
- C:\Windows\System\XPmxzDV.exe
  C:\Windows\System\XPmxzDV.exe
  2⤵
  PID:3772
- C:\Windows\System\bSaKLZJ.exe
  C:\Windows\System\bSaKLZJ.exe
  2⤵
  PID:3792
- C:\Windows\System\IhSoHTM.exe
  C:\Windows\System\IhSoHTM.exe
  2⤵
  PID:3812
- C:\Windows\System\HNUqIZx.exe
  C:\Windows\System\HNUqIZx.exe
  2⤵
  PID:3832
- C:\Windows\System\mTmyJHZ.exe
  C:\Windows\System\mTmyJHZ.exe
  2⤵
  PID:3848
- C:\Windows\System\PCfpfiu.exe
  C:\Windows\System\PCfpfiu.exe
  2⤵
  PID:3872
- C:\Windows\System\yKSekvk.exe
  C:\Windows\System\yKSekvk.exe
  2⤵
  PID:3892
- C:\Windows\System\QwmOzLd.exe
  C:\Windows\System\QwmOzLd.exe
  2⤵
  PID:3912
- C:\Windows\System\wGtpSag.exe
  C:\Windows\System\wGtpSag.exe
  2⤵
  PID:3932
- C:\Windows\System\Atfotzu.exe
  C:\Windows\System\Atfotzu.exe
  2⤵
  PID:3952
- C:\Windows\System\WlwTTZK.exe
  C:\Windows\System\WlwTTZK.exe
  2⤵
  PID:3972
- C:\Windows\System\DkInKWY.exe
  C:\Windows\System\DkInKWY.exe
  2⤵
  PID:3992
- C:\Windows\System\nOtPWWY.exe
  C:\Windows\System\nOtPWWY.exe
  2⤵
  PID:4012
- C:\Windows\System\AhZeWqS.exe
  C:\Windows\System\AhZeWqS.exe
  2⤵
  PID:4032
- C:\Windows\System\KWNnigZ.exe
  C:\Windows\System\KWNnigZ.exe
  2⤵
  PID:4052
- C:\Windows\System\FxItPma.exe
  C:\Windows\System\FxItPma.exe
  2⤵
  PID:4068
- C:\Windows\System\ZngMfcc.exe
  C:\Windows\System\ZngMfcc.exe
  2⤵
  PID:4092
- C:\Windows\System\zggiSMq.exe
  C:\Windows\System\zggiSMq.exe
  2⤵
  PID:2212
- C:\Windows\System\TnGozPq.exe
  C:\Windows\System\TnGozPq.exe
  2⤵
  PID:2944
- C:\Windows\System\wnohgxO.exe
  C:\Windows\System\wnohgxO.exe
  2⤵
  PID:264
- C:\Windows\System\ALIWPjo.exe
  C:\Windows\System\ALIWPjo.exe
  2⤵
  PID:808
- C:\Windows\System\kLPfXxz.exe
  C:\Windows\System\kLPfXxz.exe
  2⤵
  PID:2848
- C:\Windows\System\uKNQzrW.exe
  C:\Windows\System\uKNQzrW.exe
  2⤵
  PID:1804
- C:\Windows\System\Qyfjuao.exe
  C:\Windows\System\Qyfjuao.exe
  2⤵
  PID:2492
- C:\Windows\System\yYlBSuY.exe
  C:\Windows\System\yYlBSuY.exe
  2⤵
  PID:1300
- C:\Windows\System\gTFoUJz.exe
  C:\Windows\System\gTFoUJz.exe
  2⤵
  PID:2508
- C:\Windows\System\jRjvAsq.exe
  C:\Windows\System\jRjvAsq.exe
  2⤵
  PID:2896
- C:\Windows\System\VNKUlTn.exe
  C:\Windows\System\VNKUlTn.exe
  2⤵
  PID:1312
- C:\Windows\System\IdxiLtL.exe
  C:\Windows\System\IdxiLtL.exe
  2⤵
  PID:3076
- C:\Windows\System\LaehMQM.exe
  C:\Windows\System\LaehMQM.exe
  2⤵
  PID:3104
- C:\Windows\System\PHZmkGA.exe
  C:\Windows\System\PHZmkGA.exe
  2⤵
  PID:3120
- C:\Windows\System\zXBvqDx.exe
  C:\Windows\System\zXBvqDx.exe
  2⤵
  PID:3160
- C:\Windows\System\AbnKtEK.exe
  C:\Windows\System\AbnKtEK.exe
  2⤵
  PID:3180
- C:\Windows\System\IiFFmXg.exe
  C:\Windows\System\IiFFmXg.exe
  2⤵
  PID:3240
- C:\Windows\System\oDkuXqh.exe
  C:\Windows\System\oDkuXqh.exe
  2⤵
  PID:3256
- C:\Windows\System\asVpsnZ.exe
  C:\Windows\System\asVpsnZ.exe
  2⤵
  PID:3304
- C:\Windows\System\AcOebPo.exe
  C:\Windows\System\AcOebPo.exe
  2⤵
  PID:3336
- C:\Windows\System\wEWekVv.exe
  C:\Windows\System\wEWekVv.exe
  2⤵
  PID:3376
- C:\Windows\System\EJSYdJp.exe
  C:\Windows\System\EJSYdJp.exe
  2⤵
  PID:3400
- C:\Windows\System\bfOsPvq.exe
  C:\Windows\System\bfOsPvq.exe
  2⤵
  PID:3460
- C:\Windows\System\WAvjdCO.exe
  C:\Windows\System\WAvjdCO.exe
  2⤵
  PID:3496
- C:\Windows\System\WfZgbou.exe
  C:\Windows\System\WfZgbou.exe
  2⤵
  PID:3476
- C:\Windows\System\ypLIElx.exe
  C:\Windows\System\ypLIElx.exe
  2⤵
  PID:3520
- C:\Windows\System\udMjJzh.exe
  C:\Windows\System\udMjJzh.exe
  2⤵
  PID:3560
- C:\Windows\System\xdgJhoq.exe
  C:\Windows\System\xdgJhoq.exe
  2⤵
  PID:3604
- C:\Windows\System\nVuZOnB.exe
  C:\Windows\System\nVuZOnB.exe
  2⤵
  PID:3664
- C:\Windows\System\vfkwkbF.exe
  C:\Windows\System\vfkwkbF.exe
  2⤵
  PID:3644
- C:\Windows\System\UVUQDFJ.exe
  C:\Windows\System\UVUQDFJ.exe
  2⤵
  PID:3684
- C:\Windows\System\DivuucQ.exe
  C:\Windows\System\DivuucQ.exe
  2⤵
  PID:3748
- C:\Windows\System\bfQvJYU.exe
  C:\Windows\System\bfQvJYU.exe
  2⤵
  PID:3788
- C:\Windows\System\ZOOjaNT.exe
  C:\Windows\System\ZOOjaNT.exe
  2⤵
  PID:3824
- C:\Windows\System\ZaKTDuc.exe
  C:\Windows\System\ZaKTDuc.exe
  2⤵
  PID:3868
- C:\Windows\System\wnLJDYN.exe
  C:\Windows\System\wnLJDYN.exe
  2⤵
  PID:3880
- C:\Windows\System\Oszxhmv.exe
  C:\Windows\System\Oszxhmv.exe
  2⤵
  PID:3920
- C:\Windows\System\MIjUdsn.exe
  C:\Windows\System\MIjUdsn.exe
  2⤵
  PID:3944
- C:\Windows\System\WagvAKN.exe
  C:\Windows\System\WagvAKN.exe
  2⤵
  PID:4020
- C:\Windows\System\wZxQUYH.exe
  C:\Windows\System\wZxQUYH.exe
  2⤵
  PID:3964
- C:\Windows\System\XraxDfU.exe
  C:\Windows\System\XraxDfU.exe
  2⤵
  PID:4040
- C:\Windows\System\ugJdEWW.exe
  C:\Windows\System\ugJdEWW.exe
  2⤵
  PID:2868
- C:\Windows\System\bIrpYLb.exe
  C:\Windows\System\bIrpYLb.exe
  2⤵
  PID:4080
- C:\Windows\System\nFjohnZ.exe
  C:\Windows\System\nFjohnZ.exe
  2⤵
  PID:2056
- C:\Windows\System\MjIWFlP.exe
  C:\Windows\System\MjIWFlP.exe
  2⤵
  PID:660
- C:\Windows\System\qlgihkD.exe
  C:\Windows\System\qlgihkD.exe
  2⤵
  PID:744
- C:\Windows\System\zsiZDOS.exe
  C:\Windows\System\zsiZDOS.exe
  2⤵
  PID:296
- C:\Windows\System\SSCnxmh.exe
  C:\Windows\System\SSCnxmh.exe
  2⤵
  PID:2540
- C:\Windows\System\yaBvvzs.exe
  C:\Windows\System\yaBvvzs.exe
  2⤵
  PID:3080
- C:\Windows\System\djnUqsf.exe
  C:\Windows\System\djnUqsf.exe
  2⤵
  PID:1468
- C:\Windows\System\ucsnbRz.exe
  C:\Windows\System\ucsnbRz.exe
  2⤵
  PID:3236
- C:\Windows\System\KrTqQGJ.exe
  C:\Windows\System\KrTqQGJ.exe
  2⤵
  PID:3224
- C:\Windows\System\CIqPrVx.exe
  C:\Windows\System\CIqPrVx.exe
  2⤵
  PID:3284
- C:\Windows\System\DnbTcFA.exe
  C:\Windows\System\DnbTcFA.exe
  2⤵
  PID:3372
- C:\Windows\System\xZGGITU.exe
  C:\Windows\System\xZGGITU.exe
  2⤵
  PID:3220
- C:\Windows\System\WwNZOBy.exe
  C:\Windows\System\WwNZOBy.exe
  2⤵
  PID:3388
- C:\Windows\System\cEHhKXz.exe
  C:\Windows\System\cEHhKXz.exe
  2⤵
  PID:3472
- C:\Windows\System\hZYDNvA.exe
  C:\Windows\System\hZYDNvA.exe
  2⤵
  PID:3552
- C:\Windows\System\BcrCMNS.exe
  C:\Windows\System\BcrCMNS.exe
  2⤵
  PID:3656
- C:\Windows\System\JQcOvNE.exe
  C:\Windows\System\JQcOvNE.exe
  2⤵
  PID:2472
- C:\Windows\System\guQHDLy.exe
  C:\Windows\System\guQHDLy.exe
  2⤵
  PID:3580
- C:\Windows\System\qCRYZcv.exe
  C:\Windows\System\qCRYZcv.exe
  2⤵
  PID:3744
- C:\Windows\System\HLjECBG.exe
  C:\Windows\System\HLjECBG.exe
  2⤵
  PID:3636
- C:\Windows\System\lSwGusQ.exe
  C:\Windows\System\lSwGusQ.exe
  2⤵
  PID:3800
- C:\Windows\System\vjTogop.exe
  C:\Windows\System\vjTogop.exe
  2⤵
  PID:4064
- C:\Windows\System\zIxlOJQ.exe
  C:\Windows\System\zIxlOJQ.exe
  2⤵
  PID:3844
- C:\Windows\System\zbnazNH.exe
  C:\Windows\System\zbnazNH.exe
  2⤵
  PID:3928
- C:\Windows\System\lLuEojN.exe
  C:\Windows\System\lLuEojN.exe
  2⤵
  PID:4044
- C:\Windows\System\IiepLHu.exe
  C:\Windows\System\IiepLHu.exe
  2⤵
  PID:2676
- C:\Windows\System\aDgcWYM.exe
  C:\Windows\System\aDgcWYM.exe
  2⤵
  PID:2456
- C:\Windows\System\wbEdbIu.exe
  C:\Windows\System\wbEdbIu.exe
  2⤵
  PID:3244
- C:\Windows\System\EiQJDPa.exe
  C:\Windows\System\EiQJDPa.exe
  2⤵
  PID:924
- C:\Windows\System\woXZBhT.exe
  C:\Windows\System\woXZBhT.exe
  2⤵
  PID:3164
- C:\Windows\System\OMyiyYH.exe
  C:\Windows\System\OMyiyYH.exe
  2⤵
  PID:3428
- C:\Windows\System\rrBkMIJ.exe
  C:\Windows\System\rrBkMIJ.exe
  2⤵
  PID:3492
- C:\Windows\System\KyYqyOX.exe
  C:\Windows\System\KyYqyOX.exe
  2⤵
  PID:3276
- C:\Windows\System\DPwQNDU.exe
  C:\Windows\System\DPwQNDU.exe
  2⤵
  PID:3680
- C:\Windows\System\mhvPmrR.exe
  C:\Windows\System\mhvPmrR.exe
  2⤵
  PID:3780
- C:\Windows\System\gKfNRlw.exe
  C:\Windows\System\gKfNRlw.exe
  2⤵
  PID:3360
- C:\Windows\System\XSdQjFt.exe
  C:\Windows\System\XSdQjFt.exe
  2⤵
  PID:3960
- C:\Windows\System\KHerKqt.exe
  C:\Windows\System\KHerKqt.exe
  2⤵
  PID:4108
- C:\Windows\System\wyKqAEM.exe
  C:\Windows\System\wyKqAEM.exe
  2⤵
  PID:4132
- C:\Windows\System\lwFspST.exe
  C:\Windows\System\lwFspST.exe
  2⤵
  PID:4156
- C:\Windows\System\xqOkRYM.exe
  C:\Windows\System\xqOkRYM.exe
  2⤵
  PID:4176
- C:\Windows\System\TqfJgdZ.exe
  C:\Windows\System\TqfJgdZ.exe
  2⤵
  PID:4200
- C:\Windows\System\clUZQgM.exe
  C:\Windows\System\clUZQgM.exe
  2⤵
  PID:4220
- C:\Windows\System\ACwFFMc.exe
  C:\Windows\System\ACwFFMc.exe
  2⤵
  PID:4240
- C:\Windows\System\iJYjhci.exe
  C:\Windows\System\iJYjhci.exe
  2⤵
  PID:4256
- C:\Windows\System\mMgXaHs.exe
  C:\Windows\System\mMgXaHs.exe
  2⤵
  PID:4272
- C:\Windows\System\rrfHuqE.exe
  C:\Windows\System\rrfHuqE.exe
  2⤵
  PID:4300
- C:\Windows\System\rccmmEe.exe
  C:\Windows\System\rccmmEe.exe
  2⤵
  PID:4320
- C:\Windows\System\SntsjML.exe
  C:\Windows\System\SntsjML.exe
  2⤵
  PID:4340
- C:\Windows\System\GBdEtmr.exe
  C:\Windows\System\GBdEtmr.exe
  2⤵
  PID:4360
- C:\Windows\System\ElTwZZX.exe
  C:\Windows\System\ElTwZZX.exe
  2⤵
  PID:4384
- C:\Windows\System\YezyYsW.exe
  C:\Windows\System\YezyYsW.exe
  2⤵
  PID:4404
- C:\Windows\System\frdQCVA.exe
  C:\Windows\System\frdQCVA.exe
  2⤵
  PID:4424
- C:\Windows\System\SyQaOkV.exe
  C:\Windows\System\SyQaOkV.exe
  2⤵
  PID:4440
- C:\Windows\System\UPzZqRB.exe
  C:\Windows\System\UPzZqRB.exe
  2⤵
  PID:4460
- C:\Windows\System\okNmXxB.exe
  C:\Windows\System\okNmXxB.exe
  2⤵
  PID:4484
- C:\Windows\System\vRlxabC.exe
  C:\Windows\System\vRlxabC.exe
  2⤵
  PID:4508
- C:\Windows\System\WsgMaaO.exe
  C:\Windows\System\WsgMaaO.exe
  2⤵
  PID:4528
- C:\Windows\System\LZUwjBx.exe
  C:\Windows\System\LZUwjBx.exe
  2⤵
  PID:4544
- C:\Windows\System\NEAFuNq.exe
  C:\Windows\System\NEAFuNq.exe
  2⤵
  PID:4568
- C:\Windows\System\YCVOMxi.exe
  C:\Windows\System\YCVOMxi.exe
  2⤵
  PID:4584
- C:\Windows\System\jCnxWew.exe
  C:\Windows\System\jCnxWew.exe
  2⤵
  PID:4604
- C:\Windows\System\LWMrSqt.exe
  C:\Windows\System\LWMrSqt.exe
  2⤵
  PID:4628
- C:\Windows\System\DGLpCII.exe
  C:\Windows\System\DGLpCII.exe
  2⤵
  PID:4648
- C:\Windows\System\lCsITJn.exe
  C:\Windows\System\lCsITJn.exe
  2⤵
  PID:4668
- C:\Windows\System\KOiLVgc.exe
  C:\Windows\System\KOiLVgc.exe
  2⤵
  PID:4688
- C:\Windows\System\DUKdFbw.exe
  C:\Windows\System\DUKdFbw.exe
  2⤵
  PID:4708
- C:\Windows\System\ulIeBsP.exe
  C:\Windows\System\ulIeBsP.exe
  2⤵
  PID:4728
- C:\Windows\System\BRCGghD.exe
  C:\Windows\System\BRCGghD.exe
  2⤵
  PID:4744
- C:\Windows\System\byHlTrX.exe
  C:\Windows\System\byHlTrX.exe
  2⤵
  PID:4764
- C:\Windows\System\yOURIBi.exe
  C:\Windows\System\yOURIBi.exe
  2⤵
  PID:4788
- C:\Windows\System\XKQIFyJ.exe
  C:\Windows\System\XKQIFyJ.exe
  2⤵
  PID:4808
- C:\Windows\System\LqvtrJR.exe
  C:\Windows\System\LqvtrJR.exe
  2⤵
  PID:4824
- C:\Windows\System\RjmYLuS.exe
  C:\Windows\System\RjmYLuS.exe
  2⤵
  PID:4840
- C:\Windows\System\yWjonci.exe
  C:\Windows\System\yWjonci.exe
  2⤵
  PID:4864
- C:\Windows\System\VkTMftd.exe
  C:\Windows\System\VkTMftd.exe
  2⤵
  PID:4892
- C:\Windows\System\QXewobb.exe
  C:\Windows\System\QXewobb.exe
  2⤵
  PID:4916
- C:\Windows\System\CDMnvcB.exe
  C:\Windows\System\CDMnvcB.exe
  2⤵
  PID:4936
- C:\Windows\System\UhcpVbk.exe
  C:\Windows\System\UhcpVbk.exe
  2⤵
  PID:4956
- C:\Windows\System\cSERAux.exe
  C:\Windows\System\cSERAux.exe
  2⤵
  PID:4976
- C:\Windows\System\UuWZcqk.exe
  C:\Windows\System\UuWZcqk.exe
  2⤵
  PID:4992
- C:\Windows\System\xEvtKqN.exe
  C:\Windows\System\xEvtKqN.exe
  2⤵
  PID:5008
- C:\Windows\System\UIrizax.exe
  C:\Windows\System\UIrizax.exe
  2⤵
  PID:5096
- C:\Windows\System\cbiKqgE.exe
  C:\Windows\System\cbiKqgE.exe
  2⤵
  PID:5116
- C:\Windows\System\JrYpuur.exe
  C:\Windows\System\JrYpuur.exe
  2⤵
  PID:3764
- C:\Windows\System\JqAzNUF.exe
  C:\Windows\System\JqAzNUF.exe
  2⤵
  PID:3736
- C:\Windows\System\GDUMfHt.exe
  C:\Windows\System\GDUMfHt.exe
  2⤵
  PID:3884
- C:\Windows\System\bvCjdeA.exe
  C:\Windows\System\bvCjdeA.exe
  2⤵
  PID:912
- C:\Windows\System\MenuFBj.exe
  C:\Windows\System\MenuFBj.exe
  2⤵
  PID:2976
- C:\Windows\System\DzqpZcQ.exe
  C:\Windows\System\DzqpZcQ.exe
  2⤵
  PID:3436
- C:\Windows\System\vwqogLk.exe
  C:\Windows\System\vwqogLk.exe
  2⤵
  PID:2884
- C:\Windows\System\zVPINsK.exe
  C:\Windows\System\zVPINsK.exe
  2⤵
  PID:3668
- C:\Windows\System\iSLuNwq.exe
  C:\Windows\System\iSLuNwq.exe
  2⤵
  PID:3624
- C:\Windows\System\xAgDKns.exe
  C:\Windows\System\xAgDKns.exe
  2⤵
  PID:3456
- C:\Windows\System\dpWXDzT.exe
  C:\Windows\System\dpWXDzT.exe
  2⤵
  PID:4152
- C:\Windows\System\ixaolXM.exe
  C:\Windows\System\ixaolXM.exe
  2⤵
  PID:3320
- C:\Windows\System\ajKycwz.exe
  C:\Windows\System\ajKycwz.exe
  2⤵
  PID:4168
- C:\Windows\System\QVagEGv.exe
  C:\Windows\System\QVagEGv.exe
  2⤵
  PID:4192
- C:\Windows\System\ANwUpdq.exe
  C:\Windows\System\ANwUpdq.exe
  2⤵
  PID:4268
- C:\Windows\System\lyVGmOG.exe
  C:\Windows\System\lyVGmOG.exe
  2⤵
  PID:4212
- C:\Windows\System\eeAdvSj.exe
  C:\Windows\System\eeAdvSj.exe
  2⤵
  PID:4284
- C:\Windows\System\WutZqGi.exe
  C:\Windows\System\WutZqGi.exe
  2⤵
  PID:4280
- C:\Windows\System\JhidCCt.exe
  C:\Windows\System\JhidCCt.exe
  2⤵
  PID:3988
- C:\Windows\System\TwsbNud.exe
  C:\Windows\System\TwsbNud.exe
  2⤵
  PID:4380
- C:\Windows\System\MHiOZyp.exe
  C:\Windows\System\MHiOZyp.exe
  2⤵
  PID:4420
- C:\Windows\System\xaGLpIW.exe
  C:\Windows\System\xaGLpIW.exe
  2⤵
  PID:2668
- C:\Windows\System\KgFqXjM.exe
  C:\Windows\System\KgFqXjM.exe
  2⤵
  PID:4448
- C:\Windows\System\QZmcAQc.exe
  C:\Windows\System\QZmcAQc.exe
  2⤵
  PID:4500
- C:\Windows\System\SLUZWZU.exe
  C:\Windows\System\SLUZWZU.exe
  2⤵
  PID:4536
- C:\Windows\System\BopbpfO.exe
  C:\Windows\System\BopbpfO.exe
  2⤵
  PID:4576
- C:\Windows\System\cWgEUCi.exe
  C:\Windows\System\cWgEUCi.exe
  2⤵
  PID:4644
- C:\Windows\System\EyTJvRj.exe
  C:\Windows\System\EyTJvRj.exe
  2⤵
  PID:4616
- C:\Windows\System\QcIfcia.exe
  C:\Windows\System\QcIfcia.exe
  2⤵
  PID:4716
- C:\Windows\System\ohIhviX.exe
  C:\Windows\System\ohIhviX.exe
  2⤵
  PID:2080
- C:\Windows\System\yNdrFql.exe
  C:\Windows\System\yNdrFql.exe
  2⤵
  PID:4704
- C:\Windows\System\LjbXUFx.exe
  C:\Windows\System\LjbXUFx.exe
  2⤵
  PID:4776
- C:\Windows\System\jgnInBa.exe
  C:\Windows\System\jgnInBa.exe
  2⤵
  PID:4796
- C:\Windows\System\HcrpLlv.exe
  C:\Windows\System\HcrpLlv.exe
  2⤵
  PID:4832
- C:\Windows\System\MCMhcMB.exe
  C:\Windows\System\MCMhcMB.exe
  2⤵
  PID:4816
- C:\Windows\System\NxaBrNn.exe
  C:\Windows\System\NxaBrNn.exe
  2⤵
  PID:4860
- C:\Windows\System\LGxhRnA.exe
  C:\Windows\System\LGxhRnA.exe
  2⤵
  PID:4912
- C:\Windows\System\xVrdFlb.exe
  C:\Windows\System\xVrdFlb.exe
  2⤵
  PID:4964
- C:\Windows\System\PdyYBkK.exe
  C:\Windows\System\PdyYBkK.exe
  2⤵
  PID:4984
- C:\Windows\System\UfpSBTx.exe
  C:\Windows\System\UfpSBTx.exe
  2⤵
  PID:5032
- C:\Windows\System\XZBHWBQ.exe
  C:\Windows\System\XZBHWBQ.exe
  2⤵
  PID:2788
- C:\Windows\System\tYHMQqF.exe
  C:\Windows\System\tYHMQqF.exe
  2⤵
  PID:2576
- C:\Windows\System\LqYilJS.exe
  C:\Windows\System\LqYilJS.exe
  2⤵
  PID:2628
- C:\Windows\System\qjyxLHV.exe
  C:\Windows\System\qjyxLHV.exe
  2⤵
  PID:2720
- C:\Windows\System\gtWQtHG.exe
  C:\Windows\System\gtWQtHG.exe
  2⤵
  PID:2948
- C:\Windows\System\ozkHvxI.exe
  C:\Windows\System\ozkHvxI.exe
  2⤵
  PID:4076
- C:\Windows\System\RGCdRvl.exe
  C:\Windows\System\RGCdRvl.exe
  2⤵
  PID:4000
- C:\Windows\System\VTrVwMG.exe
  C:\Windows\System\VTrVwMG.exe
  2⤵
  PID:3124
- C:\Windows\System\IafEZHw.exe
  C:\Windows\System\IafEZHw.exe
  2⤵
  PID:3700
- C:\Windows\System\eRzfzbX.exe
  C:\Windows\System\eRzfzbX.exe
  2⤵
  PID:2444
- C:\Windows\System\KDhNfwb.exe
  C:\Windows\System\KDhNfwb.exe
  2⤵
  PID:4184
- C:\Windows\System\dvOJfIo.exe
  C:\Windows\System\dvOJfIo.exe
  2⤵
  PID:2952
- C:\Windows\System\vByJiey.exe
  C:\Windows\System\vByJiey.exe
  2⤵
  PID:3576
- C:\Windows\System\wLmiemq.exe
  C:\Windows\System\wLmiemq.exe
  2⤵
  PID:3924
- C:\Windows\System\bRBSpJX.exe
  C:\Windows\System\bRBSpJX.exe
  2⤵
  PID:4128
- C:\Windows\System\UhYVUDJ.exe
  C:\Windows\System\UhYVUDJ.exe
  2⤵
  PID:4264
- C:\Windows\System\xUPdwAS.exe
  C:\Windows\System\xUPdwAS.exe
  2⤵
  PID:4296
- C:\Windows\System\lYJQgrn.exe
  C:\Windows\System\lYJQgrn.exe
  2⤵
  PID:4248
- C:\Windows\System\KDeZLfP.exe
  C:\Windows\System\KDeZLfP.exe
  2⤵
  PID:4516
- C:\Windows\System\YYxsxBs.exe
  C:\Windows\System\YYxsxBs.exe
  2⤵
  PID:4540
- C:\Windows\System\CWqktEF.exe
  C:\Windows\System\CWqktEF.exe
  2⤵
  PID:4676
- C:\Windows\System\BkKRCBa.exe
  C:\Windows\System\BkKRCBa.exe
  2⤵
  PID:4720
- C:\Windows\System\LqkDpwz.exe
  C:\Windows\System\LqkDpwz.exe
  2⤵
  PID:4560
- C:\Windows\System\FrqyANV.exe
  C:\Windows\System\FrqyANV.exe
  2⤵
  PID:2856
- C:\Windows\System\EFhugQx.exe
  C:\Windows\System\EFhugQx.exe
  2⤵
  PID:4664
- C:\Windows\System\kAlSduB.exe
  C:\Windows\System\kAlSduB.exe
  2⤵
  PID:4856
- C:\Windows\System\dyTRdIl.exe
  C:\Windows\System\dyTRdIl.exe
  2⤵
  PID:2448
- C:\Windows\System\IySIuhS.exe
  C:\Windows\System\IySIuhS.exe
  2⤵
  PID:2760
- C:\Windows\System\NIXYyoh.exe
  C:\Windows\System\NIXYyoh.exe
  2⤵
  PID:5028
- C:\Windows\System\nEOrtMF.exe
  C:\Windows\System\nEOrtMF.exe
  2⤵
  PID:4908
- C:\Windows\System\WHmcmic.exe
  C:\Windows\System\WHmcmic.exe
  2⤵
  PID:5016
- C:\Windows\System\hpCiREh.exe
  C:\Windows\System\hpCiREh.exe
  2⤵
  PID:3008
- C:\Windows\System\HfIRpMh.exe
  C:\Windows\System\HfIRpMh.exe
  2⤵
  PID:884
- C:\Windows\System\YYfNSVN.exe
  C:\Windows\System\YYfNSVN.exe
  2⤵
  PID:5108
- C:\Windows\System\TPLiZGG.exe
  C:\Windows\System\TPLiZGG.exe
  2⤵
  PID:2588
- C:\Windows\System\rtyYvyb.exe
  C:\Windows\System\rtyYvyb.exe
  2⤵
  PID:3704
- C:\Windows\System\gGmiiDg.exe
  C:\Windows\System\gGmiiDg.exe
  2⤵
  PID:1376
- C:\Windows\System\QNZLFzs.exe
  C:\Windows\System\QNZLFzs.exe
  2⤵
  PID:1076
- C:\Windows\System\TVcCXzI.exe
  C:\Windows\System\TVcCXzI.exe
  2⤵
  PID:4208
- C:\Windows\System\yyMEUqr.exe
  C:\Windows\System\yyMEUqr.exe
  2⤵
  PID:4236
- C:\Windows\System\oDfwFNX.exe
  C:\Windows\System\oDfwFNX.exe
  2⤵
  PID:4368
- C:\Windows\System\UNTHBrF.exe
  C:\Windows\System\UNTHBrF.exe
  2⤵
  PID:4524
- C:\Windows\System\MeOGeay.exe
  C:\Windows\System\MeOGeay.exe
  2⤵
  PID:4624
- C:\Windows\System\mvyKEKl.exe
  C:\Windows\System\mvyKEKl.exe
  2⤵
  PID:1808
- C:\Windows\System\AvUEOxO.exe
  C:\Windows\System\AvUEOxO.exe
  2⤵
  PID:4680
- C:\Windows\System\EXwOsuh.exe
  C:\Windows\System\EXwOsuh.exe
  2⤵
  PID:4684
- C:\Windows\System\BKdDSYc.exe
  C:\Windows\System\BKdDSYc.exe
  2⤵
  PID:4780
- C:\Windows\System\riipCbc.exe
  C:\Windows\System\riipCbc.exe
  2⤵
  PID:4888
- C:\Windows\System\huGBAep.exe
  C:\Windows\System\huGBAep.exe
  2⤵
  PID:4948
- C:\Windows\System\FbdnHMw.exe
  C:\Windows\System\FbdnHMw.exe
  2⤵
  PID:5000
- C:\Windows\System\YTGMFqi.exe
  C:\Windows\System\YTGMFqi.exe
  2⤵
  PID:2152
- C:\Windows\System\AEBIPYg.exe
  C:\Windows\System\AEBIPYg.exe
  2⤵
  PID:3888
- C:\Windows\System\oIqTdMh.exe
  C:\Windows\System\oIqTdMh.exe
  2⤵
  PID:5112
- C:\Windows\System\abktika.exe
  C:\Windows\System\abktika.exe
  2⤵
  PID:4004
- C:\Windows\System\zEpHZPA.exe
  C:\Windows\System\zEpHZPA.exe
  2⤵
  PID:4140
- C:\Windows\System\CjfyJyQ.exe
  C:\Windows\System\CjfyJyQ.exe
  2⤵
  PID:2488
- C:\Windows\System\uWzXiNz.exe
  C:\Windows\System\uWzXiNz.exe
  2⤵
  PID:4564
- C:\Windows\System\hltETfi.exe
  C:\Windows\System\hltETfi.exe
  2⤵
  PID:4752
- C:\Windows\System\CbyMzLs.exe
  C:\Windows\System\CbyMzLs.exe
  2⤵
  PID:4880
- C:\Windows\System\sueonGB.exe
  C:\Windows\System\sueonGB.exe
  2⤵
  PID:4876
- C:\Windows\System\EGklstu.exe
  C:\Windows\System\EGklstu.exe
  2⤵
  PID:4968
- C:\Windows\System\wDBctTv.exe
  C:\Windows\System\wDBctTv.exe
  2⤵
  PID:4612
- C:\Windows\System\pAwxGMZ.exe
  C:\Windows\System\pAwxGMZ.exe
  2⤵
  PID:2360
- C:\Windows\System\TLLZuMD.exe
  C:\Windows\System\TLLZuMD.exe
  2⤵
  PID:5092
- C:\Windows\System\OgRpxsd.exe
  C:\Windows\System\OgRpxsd.exe
  2⤵
  PID:4228
- C:\Windows\System\tNNIjYz.exe
  C:\Windows\System\tNNIjYz.exe
  2⤵
  PID:2340
- C:\Windows\System\XWxEKDq.exe
  C:\Windows\System\XWxEKDq.exe
  2⤵
  PID:5132
- C:\Windows\System\hfbdwvy.exe
  C:\Windows\System\hfbdwvy.exe
  2⤵
  PID:5152
- C:\Windows\System\IcUwbHp.exe
  C:\Windows\System\IcUwbHp.exe
  2⤵
  PID:5172
- C:\Windows\System\SObNueb.exe
  C:\Windows\System\SObNueb.exe
  2⤵
  PID:5188
- C:\Windows\System\BnxghpH.exe
  C:\Windows\System\BnxghpH.exe
  2⤵
  PID:5212
- C:\Windows\System\IfOSaIc.exe
  C:\Windows\System\IfOSaIc.exe
  2⤵
  PID:5232
- C:\Windows\System\GrYggEk.exe
  C:\Windows\System\GrYggEk.exe
  2⤵
  PID:5248
- C:\Windows\System\TXrBWJk.exe
  C:\Windows\System\TXrBWJk.exe
  2⤵
  PID:5272
- C:\Windows\System\RsvTkqq.exe
  C:\Windows\System\RsvTkqq.exe
  2⤵
  PID:5292
- C:\Windows\System\FfjOQcD.exe
  C:\Windows\System\FfjOQcD.exe
  2⤵
  PID:5308
- C:\Windows\System\ojQdgfM.exe
  C:\Windows\System\ojQdgfM.exe
  2⤵
  PID:5324
- C:\Windows\System\SlzfauR.exe
  C:\Windows\System\SlzfauR.exe
  2⤵
  PID:5348
- C:\Windows\System\tHSLQaq.exe
  C:\Windows\System\tHSLQaq.exe
  2⤵
  PID:5368
- C:\Windows\System\YWBDecM.exe
  C:\Windows\System\YWBDecM.exe
  2⤵
  PID:5392
- C:\Windows\System\etNoGQs.exe
  C:\Windows\System\etNoGQs.exe
  2⤵
  PID:5408
- C:\Windows\System\axwysuO.exe
  C:\Windows\System\axwysuO.exe
  2⤵
  PID:5428
- C:\Windows\System\sOokmKF.exe
  C:\Windows\System\sOokmKF.exe
  2⤵
  PID:5448
- C:\Windows\System\XJbnJAM.exe
  C:\Windows\System\XJbnJAM.exe
  2⤵
  PID:5468
- C:\Windows\System\ZqSPCHW.exe
  C:\Windows\System\ZqSPCHW.exe
  2⤵
  PID:5488
- C:\Windows\System\RsXssvr.exe
  C:\Windows\System\RsXssvr.exe
  2⤵
  PID:5504
- C:\Windows\System\pzsBrwz.exe
  C:\Windows\System\pzsBrwz.exe
  2⤵
  PID:5528
- C:\Windows\System\OhesMmd.exe
  C:\Windows\System\OhesMmd.exe
  2⤵
  PID:5548
- C:\Windows\System\MkHmoIt.exe
  C:\Windows\System\MkHmoIt.exe
  2⤵
  PID:5568
- C:\Windows\System\dtPxRZW.exe
  C:\Windows\System\dtPxRZW.exe
  2⤵
  PID:5592
- C:\Windows\System\QvAhSUj.exe
  C:\Windows\System\QvAhSUj.exe
  2⤵
  PID:5608
- C:\Windows\System\DkOtAoR.exe
  C:\Windows\System\DkOtAoR.exe
  2⤵
  PID:5632
- C:\Windows\System\AiZKiTo.exe
  C:\Windows\System\AiZKiTo.exe
  2⤵
  PID:5648
- C:\Windows\System\mToDKsE.exe
  C:\Windows\System\mToDKsE.exe
  2⤵
  PID:5664
- C:\Windows\System\jOMBznx.exe
  C:\Windows\System\jOMBznx.exe
  2⤵
  PID:5680
- C:\Windows\System\gFWujnC.exe
  C:\Windows\System\gFWujnC.exe
  2⤵
  PID:5700
- C:\Windows\System\sgxvTjr.exe
  C:\Windows\System\sgxvTjr.exe
  2⤵
  PID:5720
- C:\Windows\System\sWZbGJL.exe
  C:\Windows\System\sWZbGJL.exe
  2⤵
  PID:5748
- C:\Windows\System\xaEvIsH.exe
  C:\Windows\System\xaEvIsH.exe
  2⤵
  PID:5768
- C:\Windows\System\NZBMMiL.exe
  C:\Windows\System\NZBMMiL.exe
  2⤵
  PID:5788
- C:\Windows\System\TBAvvzS.exe
  C:\Windows\System\TBAvvzS.exe
  2⤵
  PID:5812
- C:\Windows\System\HuQsLUg.exe
  C:\Windows\System\HuQsLUg.exe
  2⤵
  PID:5832
- C:\Windows\System\HEGEsXf.exe
  C:\Windows\System\HEGEsXf.exe
  2⤵
  PID:5852
- C:\Windows\System\vEAQsCq.exe
  C:\Windows\System\vEAQsCq.exe
  2⤵
  PID:5872
- C:\Windows\System\WaTFEEG.exe
  C:\Windows\System\WaTFEEG.exe
  2⤵
  PID:5892
- C:\Windows\System\XqHlFtg.exe
  C:\Windows\System\XqHlFtg.exe
  2⤵
  PID:5912
- C:\Windows\System\IgmVkqI.exe
  C:\Windows\System\IgmVkqI.exe
  2⤵
  PID:5932
- C:\Windows\System\mYWeTMs.exe
  C:\Windows\System\mYWeTMs.exe
  2⤵
  PID:5948
- C:\Windows\System\KvlaqhA.exe
  C:\Windows\System\KvlaqhA.exe
  2⤵
  PID:5968
- C:\Windows\System\tdEYxPL.exe
  C:\Windows\System\tdEYxPL.exe
  2⤵
  PID:5988
- C:\Windows\System\KjDtIGt.exe
  C:\Windows\System\KjDtIGt.exe
  2⤵
  PID:6012
- C:\Windows\System\qsqtZmq.exe
  C:\Windows\System\qsqtZmq.exe
  2⤵
  PID:6028
- C:\Windows\System\keYXxWE.exe
  C:\Windows\System\keYXxWE.exe
  2⤵
  PID:6048
- C:\Windows\System\HGHTFuY.exe
  C:\Windows\System\HGHTFuY.exe
  2⤵
  PID:6072
- C:\Windows\System\nwAdLQd.exe
  C:\Windows\System\nwAdLQd.exe
  2⤵
  PID:6088
- C:\Windows\System\poZTvMa.exe
  C:\Windows\System\poZTvMa.exe
  2⤵
  PID:6104
- C:\Windows\System\WEqqtEd.exe
  C:\Windows\System\WEqqtEd.exe
  2⤵
  PID:6124
- C:\Windows\System\ouhirpM.exe
  C:\Windows\System\ouhirpM.exe
  2⤵
  PID:4620
- C:\Windows\System\xXYqsVw.exe
  C:\Windows\System\xXYqsVw.exe
  2⤵
  PID:4800
- C:\Windows\System\QLsvXbZ.exe
  C:\Windows\System\QLsvXbZ.exe
  2⤵
  PID:4740
- C:\Windows\System\RqnPbLz.exe
  C:\Windows\System\RqnPbLz.exe
  2⤵
  PID:3100
- C:\Windows\System\wapbvLF.exe
  C:\Windows\System\wapbvLF.exe
  2⤵
  PID:5140
- C:\Windows\System\xwVUAJd.exe
  C:\Windows\System\xwVUAJd.exe
  2⤵
  PID:4232
- C:\Windows\System\XhJsGsA.exe
  C:\Windows\System\XhJsGsA.exe
  2⤵
  PID:5180
- C:\Windows\System\HdNJyDC.exe
  C:\Windows\System\HdNJyDC.exe
  2⤵
  PID:5256
- C:\Windows\System\TvJtMki.exe
  C:\Windows\System\TvJtMki.exe
  2⤵
  PID:5168
- C:\Windows\System\YCopHus.exe
  C:\Windows\System\YCopHus.exe
  2⤵
  PID:5240
- C:\Windows\System\BkVmQkI.exe
  C:\Windows\System\BkVmQkI.exe
  2⤵
  PID:5304
- C:\Windows\System\JEPORbg.exe
  C:\Windows\System\JEPORbg.exe
  2⤵
  PID:3024
- C:\Windows\System\GtrQEmi.exe
  C:\Windows\System\GtrQEmi.exe
  2⤵
  PID:5280
- C:\Windows\System\jcbAQIB.exe
  C:\Windows\System\jcbAQIB.exe
  2⤵
  PID:5320
- C:\Windows\System\fqbNBgp.exe
  C:\Windows\System\fqbNBgp.exe
  2⤵
  PID:5356
- C:\Windows\System\ijYBsoJ.exe
  C:\Windows\System\ijYBsoJ.exe
  2⤵
  PID:5360
- C:\Windows\System\TNbponA.exe
  C:\Windows\System\TNbponA.exe
  2⤵
  PID:5576
- C:\Windows\System\yDDQori.exe
  C:\Windows\System\yDDQori.exe
  2⤵
  PID:5624
- C:\Windows\System\WjKKwPt.exe
  C:\Windows\System\WjKKwPt.exe
  2⤵
  PID:5436
- C:\Windows\System\AaKqYwW.exe
  C:\Windows\System\AaKqYwW.exe
  2⤵
  PID:5480
- C:\Windows\System\BZEbBAN.exe
  C:\Windows\System\BZEbBAN.exe
  2⤵
  PID:5692
- C:\Windows\System\ZzCPSng.exe
  C:\Windows\System\ZzCPSng.exe
  2⤵
  PID:5564
- C:\Windows\System\SXmUxoI.exe
  C:\Windows\System\SXmUxoI.exe
  2⤵
  PID:2652
- C:\Windows\System\OLUiSmy.exe
  C:\Windows\System\OLUiSmy.exe
  2⤵
  PID:5644
- C:\Windows\System\rQptzhC.exe
  C:\Windows\System\rQptzhC.exe
  2⤵
  PID:5780
- C:\Windows\System\ZYqgqAB.exe
  C:\Windows\System\ZYqgqAB.exe
  2⤵
  PID:5820
- C:\Windows\System\jEQoWMp.exe
  C:\Windows\System\jEQoWMp.exe
  2⤵
  PID:5764
- C:\Windows\System\XcXZdDx.exe
  C:\Windows\System\XcXZdDx.exe
  2⤵
  PID:5804
- C:\Windows\System\odaorHW.exe
  C:\Windows\System\odaorHW.exe
  2⤵
  PID:5900
- C:\Windows\System\aazIPkl.exe
  C:\Windows\System\aazIPkl.exe
  2⤵
  PID:5940
- C:\Windows\System\GltTxYk.exe
  C:\Windows\System\GltTxYk.exe
  2⤵
  PID:5984
- C:\Windows\System\tdrjGfB.exe
  C:\Windows\System\tdrjGfB.exe
  2⤵
  PID:6056
- C:\Windows\System\ItAgnDV.exe
  C:\Windows\System\ItAgnDV.exe
  2⤵
  PID:6096
- C:\Windows\System\rTGbYJv.exe
  C:\Windows\System\rTGbYJv.exe
  2⤵
  PID:6136
- C:\Windows\System\SsbkdtT.exe
  C:\Windows\System\SsbkdtT.exe
  2⤵
  PID:5996
- C:\Windows\System\SIBjmkY.exe
  C:\Windows\System\SIBjmkY.exe
  2⤵
  PID:4412
- C:\Windows\System\HNdkFhD.exe
  C:\Windows\System\HNdkFhD.exe
  2⤵
  PID:4480
- C:\Windows\System\CFhizAg.exe
  C:\Windows\System\CFhizAg.exe
  2⤵
  PID:5160
- C:\Windows\System\sxcfFZE.exe
  C:\Windows\System\sxcfFZE.exe
  2⤵
  PID:4120
- C:\Windows\System\sqWYekT.exe
  C:\Windows\System\sqWYekT.exe
  2⤵
  PID:2260
- C:\Windows\System\wfJVVqC.exe
  C:\Windows\System\wfJVVqC.exe
  2⤵
  PID:5388
- C:\Windows\System\BcuNgxG.exe
  C:\Windows\System\BcuNgxG.exe
  2⤵
  PID:6120
- C:\Windows\System\mzroSpC.exe
  C:\Windows\System\mzroSpC.exe
  2⤵
  PID:5196
- C:\Windows\System\pzySrZH.exe
  C:\Windows\System\pzySrZH.exe
  2⤵
  PID:5144
- C:\Windows\System\aAuttia.exe
  C:\Windows\System\aAuttia.exe
  2⤵
  PID:5228
- C:\Windows\System\mfiGNdj.exe
  C:\Windows\System\mfiGNdj.exe
  2⤵
  PID:5284
- C:\Windows\System\eAGQMMg.exe
  C:\Windows\System\eAGQMMg.exe
  2⤵
  PID:5464
- C:\Windows\System\sWirUlo.exe
  C:\Windows\System\sWirUlo.exe
  2⤵
  PID:5540
- C:\Windows\System\HTQkXbC.exe
  C:\Windows\System\HTQkXbC.exe
  2⤵
  PID:2740
- C:\Windows\System\dZXJNtO.exe
  C:\Windows\System\dZXJNtO.exe
  2⤵
  PID:5500
- C:\Windows\System\nrIjaME.exe
  C:\Windows\System\nrIjaME.exe
  2⤵
  PID:5584
- C:\Windows\System\oZTkFRD.exe
  C:\Windows\System\oZTkFRD.exe
  2⤵
  PID:2876
- C:\Windows\System\ovqXDcD.exe
  C:\Windows\System\ovqXDcD.exe
  2⤵
  PID:5516
- C:\Windows\System\HvTGPpq.exe
  C:\Windows\System\HvTGPpq.exe
  2⤵
  PID:5604
- C:\Windows\System\UpEpGnJ.exe
  C:\Windows\System\UpEpGnJ.exe
  2⤵
  PID:5560
- C:\Windows\System\xNQESij.exe
  C:\Windows\System\xNQESij.exe
  2⤵
  PID:2156
- C:\Windows\System\TIHvgnb.exe
  C:\Windows\System\TIHvgnb.exe
  2⤵
  PID:680
- C:\Windows\System\hwgyKdW.exe
  C:\Windows\System\hwgyKdW.exe
  2⤵
  PID:5640
- C:\Windows\System\hvyHJLu.exe
  C:\Windows\System\hvyHJLu.exe
  2⤵
  PID:5708
- C:\Windows\System\qHDXyYG.exe
  C:\Windows\System\qHDXyYG.exe
  2⤵
  PID:5976
- C:\Windows\System\CrlraRM.exe
  C:\Windows\System\CrlraRM.exe
  2⤵
  PID:5848
- C:\Windows\System\XXLJGiX.exe
  C:\Windows\System\XXLJGiX.exe
  2⤵
  PID:6060
- C:\Windows\System\zEQeKxl.exe
  C:\Windows\System\zEQeKxl.exe
  2⤵
  PID:6132
- C:\Windows\System\BOZipYh.exe
  C:\Windows\System\BOZipYh.exe
  2⤵
  PID:5924
- C:\Windows\System\FqmeRek.exe
  C:\Windows\System\FqmeRek.exe
  2⤵
  PID:2344
- C:\Windows\System\kkKSXcI.exe
  C:\Windows\System\kkKSXcI.exe
  2⤵
  PID:6080
- C:\Windows\System\WgNWHWt.exe
  C:\Windows\System\WgNWHWt.exe
  2⤵
  PID:5268
- C:\Windows\System\oeTqpcF.exe
  C:\Windows\System\oeTqpcF.exe
  2⤵
  PID:5384
- C:\Windows\System\uVUiXXx.exe
  C:\Windows\System\uVUiXXx.exe
  2⤵
  PID:5264
- C:\Windows\System\vyUDbJO.exe
  C:\Windows\System\vyUDbJO.exe
  2⤵
  PID:6112
- C:\Windows\System\dYeLYbk.exe
  C:\Windows\System\dYeLYbk.exe
  2⤵
  PID:5460
- C:\Windows\System\QnOxLHt.exe
  C:\Windows\System\QnOxLHt.exe
  2⤵
  PID:5628
- C:\Windows\System\NbZsncH.exe
  C:\Windows\System\NbZsncH.exe
  2⤵
  PID:5660
- C:\Windows\System\tHmickX.exe
  C:\Windows\System\tHmickX.exe
  2⤵
  PID:2132
- C:\Windows\System\KioBIEf.exe
  C:\Windows\System\KioBIEf.exe
  2⤵
  PID:5688
- C:\Windows\System\DiEFQEy.exe
  C:\Windows\System\DiEFQEy.exe
  2⤵
  PID:1912
- C:\Windows\System\cIKsGZh.exe
  C:\Windows\System\cIKsGZh.exe
  2⤵
  PID:2424
- C:\Windows\System\SbJGABa.exe
  C:\Windows\System\SbJGABa.exe
  2⤵
  PID:876
- C:\Windows\System\OBxFWGE.exe
  C:\Windows\System\OBxFWGE.exe
  2⤵
  PID:5676
- C:\Windows\System\iwGBxOS.exe
  C:\Windows\System\iwGBxOS.exe
  2⤵
  PID:5880
- C:\Windows\System\txkDmyo.exe
  C:\Windows\System\txkDmyo.exe
  2⤵
  PID:6020
- C:\Windows\System\RWvYrbm.exe
  C:\Windows\System\RWvYrbm.exe
  2⤵
  PID:6000
- C:\Windows\System\UBTUhpY.exe
  C:\Windows\System\UBTUhpY.exe
  2⤵
  PID:5476
- C:\Windows\System\SiNPRHz.exe
  C:\Windows\System\SiNPRHz.exe
  2⤵
  PID:1732
- C:\Windows\System\cpFGEvn.exe
  C:\Windows\System\cpFGEvn.exe
  2⤵
  PID:4884
- C:\Windows\System\QGSFCUR.exe
  C:\Windows\System\QGSFCUR.exe
  2⤵
  PID:2724
- C:\Windows\System\BVUeiGQ.exe
  C:\Windows\System\BVUeiGQ.exe
  2⤵
  PID:5220
- C:\Windows\System\ibbKUKJ.exe
  C:\Windows\System\ibbKUKJ.exe
  2⤵
  PID:4952
- C:\Windows\System\sfLKqXu.exe
  C:\Windows\System\sfLKqXu.exe
  2⤵
  PID:2972
- C:\Windows\System\GswGbEV.exe
  C:\Windows\System\GswGbEV.exe
  2⤵
  PID:5800
- C:\Windows\System\GMfWbrd.exe
  C:\Windows\System\GMfWbrd.exe
  2⤵
  PID:2648
- C:\Windows\System\fQHJSuI.exe
  C:\Windows\System\fQHJSuI.exe
  2⤵
  PID:992
- C:\Windows\System\kEzKmVW.exe
  C:\Windows\System\kEzKmVW.exe
  2⤵
  PID:2468
- C:\Windows\System\rHKPNtM.exe
  C:\Windows\System\rHKPNtM.exe
  2⤵
  PID:5716
- C:\Windows\System\kkhGUGx.exe
  C:\Windows\System\kkhGUGx.exe
  2⤵
  PID:2984
- C:\Windows\System\PzPGWQH.exe
  C:\Windows\System\PzPGWQH.exe
  2⤵
  PID:900
- C:\Windows\System\XgJjgfr.exe
  C:\Windows\System\XgJjgfr.exe
  2⤵
  PID:2960
- C:\Windows\System\oGflVnX.exe
  C:\Windows\System\oGflVnX.exe
  2⤵
  PID:5336
- C:\Windows\System\ikxOgUQ.exe
  C:\Windows\System\ikxOgUQ.exe
  2⤵
  PID:5300
- C:\Windows\System\NZsbBnZ.exe
  C:\Windows\System\NZsbBnZ.exe
  2⤵
  PID:5424
- C:\Windows\System\QgFUNel.exe
  C:\Windows\System\QgFUNel.exe
  2⤵
  PID:5756
- C:\Windows\System\cwOufqH.exe
  C:\Windows\System\cwOufqH.exe
  2⤵
  PID:664
- C:\Windows\System\KpEdRDY.exe
  C:\Windows\System\KpEdRDY.exe
  2⤵
  PID:428
- C:\Windows\System\dqhPRHf.exe
  C:\Windows\System\dqhPRHf.exe
  2⤵
  PID:812
- C:\Windows\System\ykwdGYX.exe
  C:\Windows\System\ykwdGYX.exe
  2⤵
  PID:6140
- C:\Windows\System\dgmGIPI.exe
  C:\Windows\System\dgmGIPI.exe
  2⤵
  PID:2040
- C:\Windows\System\bisgHtA.exe
  C:\Windows\System\bisgHtA.exe
  2⤵
  PID:2404
- C:\Windows\System\FrxAUue.exe
  C:\Windows\System\FrxAUue.exe
  2⤵
  PID:5444
- C:\Windows\System\lRpntMi.exe
  C:\Windows\System\lRpntMi.exe
  2⤵
  PID:5128
- C:\Windows\System\nAQvIpW.exe
  C:\Windows\System\nAQvIpW.exe
  2⤵
  PID:5784
- C:\Windows\System\kuVhpDt.exe
  C:\Windows\System\kuVhpDt.exe
  2⤵
  PID:5672
- C:\Windows\System\nHGwdfv.exe
  C:\Windows\System\nHGwdfv.exe
  2⤵
  PID:1664
- C:\Windows\System\pytJhqX.exe
  C:\Windows\System\pytJhqX.exe
  2⤵
  PID:5728
- C:\Windows\System\tiivmbS.exe
  C:\Windows\System\tiivmbS.exe
  2⤵
  PID:6044
- C:\Windows\System\nsZwVeN.exe
  C:\Windows\System\nsZwVeN.exe
  2⤵
  PID:2384
- C:\Windows\System\BZoKkmw.exe
  C:\Windows\System\BZoKkmw.exe
  2⤵
  PID:6160
- C:\Windows\System\qzoqqhs.exe
  C:\Windows\System\qzoqqhs.exe
  2⤵
  PID:6176
- C:\Windows\System\qQRlMHK.exe
  C:\Windows\System\qQRlMHK.exe
  2⤵
  PID:6192
- C:\Windows\System\oOFJpPW.exe
  C:\Windows\System\oOFJpPW.exe
  2⤵
  PID:6208
- C:\Windows\System\CaOztRy.exe
  C:\Windows\System\CaOztRy.exe
  2⤵
  PID:6224
- C:\Windows\System\odMBorn.exe
  C:\Windows\System\odMBorn.exe
  2⤵
  PID:6244
- C:\Windows\System\xHQkTZA.exe
  C:\Windows\System\xHQkTZA.exe
  2⤵
  PID:6260
- C:\Windows\System\UDASsYp.exe
  C:\Windows\System\UDASsYp.exe
  2⤵
  PID:6276
- C:\Windows\System\AemxSqH.exe
  C:\Windows\System\AemxSqH.exe
  2⤵
  PID:6292
- C:\Windows\System\vIUnLFY.exe
  C:\Windows\System\vIUnLFY.exe
  2⤵
  PID:6340
- C:\Windows\System\uCHDsnL.exe
  C:\Windows\System\uCHDsnL.exe
  2⤵
  PID:6372
- C:\Windows\System\AKZeePB.exe
  C:\Windows\System\AKZeePB.exe
  2⤵
  PID:6392
- C:\Windows\System\GQbBkqy.exe
  C:\Windows\System\GQbBkqy.exe
  2⤵
  PID:6420
- C:\Windows\System\eDMMhFL.exe
  C:\Windows\System\eDMMhFL.exe
  2⤵
  PID:6440
- C:\Windows\System\uxyeelx.exe
  C:\Windows\System\uxyeelx.exe
  2⤵
  PID:6456
- C:\Windows\System\gDfbBkH.exe
  C:\Windows\System\gDfbBkH.exe
  2⤵
  PID:6472
- C:\Windows\System\aEoXhJF.exe
  C:\Windows\System\aEoXhJF.exe
  2⤵
  PID:6488
- C:\Windows\System\ZAZRWtd.exe
  C:\Windows\System\ZAZRWtd.exe
  2⤵
  PID:6504
- C:\Windows\System\gmwMrtY.exe
  C:\Windows\System\gmwMrtY.exe
  2⤵
  PID:6520
- C:\Windows\System\MGSjzow.exe
  C:\Windows\System\MGSjzow.exe
  2⤵
  PID:6536
- C:\Windows\System\fksFkoe.exe
  C:\Windows\System\fksFkoe.exe
  2⤵
  PID:6552
- C:\Windows\System\bBSlxzb.exe
  C:\Windows\System\bBSlxzb.exe
  2⤵
  PID:6568
- C:\Windows\System\MTYyEnb.exe
  C:\Windows\System\MTYyEnb.exe
  2⤵
  PID:6584
- C:\Windows\System\QiHKOyF.exe
  C:\Windows\System\QiHKOyF.exe
  2⤵
  PID:6600
- C:\Windows\System\tcLtLNq.exe
  C:\Windows\System\tcLtLNq.exe
  2⤵
  PID:6628
- C:\Windows\System\VOJoPqp.exe
  C:\Windows\System\VOJoPqp.exe
  2⤵
  PID:6672
- C:\Windows\System\lecDGIG.exe
  C:\Windows\System\lecDGIG.exe
  2⤵
  PID:6692
- C:\Windows\System\LWWiqKD.exe
  C:\Windows\System\LWWiqKD.exe
  2⤵
  PID:6712
- C:\Windows\System\XkcmJtb.exe
  C:\Windows\System\XkcmJtb.exe
  2⤵
  PID:6732
- C:\Windows\System\RTJgjQG.exe
  C:\Windows\System\RTJgjQG.exe
  2⤵
  PID:6748
- C:\Windows\System\mJOYacu.exe
  C:\Windows\System\mJOYacu.exe
  2⤵
  PID:6792
- C:\Windows\System\aIIXrWa.exe
  C:\Windows\System\aIIXrWa.exe
  2⤵
  PID:6808
- C:\Windows\System\vbRllye.exe
  C:\Windows\System\vbRllye.exe
  2⤵
  PID:6828
- C:\Windows\System\WlEgisR.exe
  C:\Windows\System\WlEgisR.exe
  2⤵
  PID:6848
- C:\Windows\System\KHeyYoh.exe
  C:\Windows\System\KHeyYoh.exe
  2⤵
  PID:6864
- C:\Windows\System\OPVbaAu.exe
  C:\Windows\System\OPVbaAu.exe
  2⤵
  PID:6880
- C:\Windows\System\cqIOJfN.exe
  C:\Windows\System\cqIOJfN.exe
  2⤵
  PID:6900
- C:\Windows\System\dwKBvoh.exe
  C:\Windows\System\dwKBvoh.exe
  2⤵
  PID:6920
- C:\Windows\System\tXZUZlJ.exe
  C:\Windows\System\tXZUZlJ.exe
  2⤵
  PID:6940
- C:\Windows\System\AoOrquQ.exe
  C:\Windows\System\AoOrquQ.exe
  2⤵
  PID:6980
- C:\Windows\System\rNeSUPi.exe
  C:\Windows\System\rNeSUPi.exe
  2⤵
  PID:6996
- C:\Windows\System\eWiIlLL.exe
  C:\Windows\System\eWiIlLL.exe
  2⤵
  PID:7016
- C:\Windows\System\nNSMBit.exe
  C:\Windows\System\nNSMBit.exe
  2⤵
  PID:7032
- C:\Windows\System\bWUNHgP.exe
  C:\Windows\System\bWUNHgP.exe
  2⤵
  PID:7056
- C:\Windows\System\ncmqdrj.exe
  C:\Windows\System\ncmqdrj.exe
  2⤵
  PID:7072
- C:\Windows\System\NEzEjzD.exe
  C:\Windows\System\NEzEjzD.exe
  2⤵
  PID:7088
- C:\Windows\System\GRCnqSV.exe
  C:\Windows\System\GRCnqSV.exe
  2⤵
  PID:7104
- C:\Windows\System\JlwKBWw.exe
  C:\Windows\System\JlwKBWw.exe
  2⤵
  PID:7128
- C:\Windows\System\LXMduaR.exe
  C:\Windows\System\LXMduaR.exe
  2⤵
  PID:7148
- C:\Windows\System\BSYnoQw.exe
  C:\Windows\System\BSYnoQw.exe
  2⤵
  PID:7164
- C:\Windows\System\xoxUsTB.exe
  C:\Windows\System\xoxUsTB.exe
  2⤵
  PID:5200
- C:\Windows\System\vdkmZeZ.exe
  C:\Windows\System\vdkmZeZ.exe
  2⤵
  PID:6172
- C:\Windows\System\cJbpcGw.exe
  C:\Windows\System\cJbpcGw.exe
  2⤵
  PID:6240
- C:\Windows\System\UWjQQNa.exe
  C:\Windows\System\UWjQQNa.exe
  2⤵
  PID:6284
- C:\Windows\System\Gsojoju.exe
  C:\Windows\System\Gsojoju.exe
  2⤵
  PID:6184
- C:\Windows\System\kitPpme.exe
  C:\Windows\System\kitPpme.exe
  2⤵
  PID:6380
- C:\Windows\System\YZnEvug.exe
  C:\Windows\System\YZnEvug.exe
  2⤵
  PID:6360
- C:\Windows\System\jBXBLTe.exe
  C:\Windows\System\jBXBLTe.exe
  2⤵
  PID:6428
- C:\Windows\System\MmnCxoL.exe
  C:\Windows\System\MmnCxoL.exe
  2⤵
  PID:6464
- C:\Windows\System\nPEBUnz.exe
  C:\Windows\System\nPEBUnz.exe
  2⤵
  PID:6560
- C:\Windows\System\rrcNZPe.exe
  C:\Windows\System\rrcNZPe.exe
  2⤵
  PID:6448
- C:\Windows\System\UOKQkQX.exe
  C:\Windows\System\UOKQkQX.exe
  2⤵
  PID:6616
- C:\Windows\System\nKRpGSu.exe
  C:\Windows\System\nKRpGSu.exe
  2⤵
  PID:6688
- C:\Windows\System\GlzTizI.exe
  C:\Windows\System\GlzTizI.exe
  2⤵
  PID:6640
- C:\Windows\System\ynCpEWm.exe
  C:\Windows\System\ynCpEWm.exe
  2⤵
  PID:6660
- C:\Windows\System\LmUUIqk.exe
  C:\Windows\System\LmUUIqk.exe
  2⤵
  PID:6724
- C:\Windows\System\gRjLKtd.exe
  C:\Windows\System\gRjLKtd.exe
  2⤵
  PID:6704
- C:\Windows\System\WZBZDNo.exe
  C:\Windows\System\WZBZDNo.exe
  2⤵
  PID:6760
- C:\Windows\System\JnHRAAW.exe
  C:\Windows\System\JnHRAAW.exe
  2⤵
  PID:6856
- C:\Windows\System\lulRdlA.exe
  C:\Windows\System\lulRdlA.exe
  2⤵
  PID:6844
- C:\Windows\System\rueSYan.exe
  C:\Windows\System\rueSYan.exe
  2⤵
  PID:6892
- C:\Windows\System\yEiUHcn.exe
  C:\Windows\System\yEiUHcn.exe
  2⤵
  PID:6912
- C:\Windows\System\qZyWzrq.exe
  C:\Windows\System\qZyWzrq.exe
  2⤵
  PID:6960
- C:\Windows\System\Ggznszh.exe
  C:\Windows\System\Ggznszh.exe
  2⤵
  PID:6952
- C:\Windows\System\cDXqSTW.exe
  C:\Windows\System\cDXqSTW.exe
  2⤵
  PID:7004
- C:\Windows\System\KMdVYKh.exe
  C:\Windows\System\KMdVYKh.exe
  2⤵
  PID:7048
- C:\Windows\System\BpDVMRg.exe
  C:\Windows\System\BpDVMRg.exe
  2⤵
  PID:7064
- C:\Windows\System\SmbIfsg.exe
  C:\Windows\System\SmbIfsg.exe
  2⤵
  PID:7096
- C:\Windows\System\NVBaMXm.exe
  C:\Windows\System\NVBaMXm.exe
  2⤵
  PID:7140
- C:\Windows\System\xWWHUqM.exe
  C:\Windows\System\xWWHUqM.exe
  2⤵
  PID:6148
- C:\Windows\System\IvOCTRR.exe
  C:\Windows\System\IvOCTRR.exe
  2⤵
  PID:6236
- C:\Windows\System\BKpNNwG.exe
  C:\Windows\System\BKpNNwG.exe
  2⤵
  PID:2004
- C:\Windows\System\ueQipsa.exe
  C:\Windows\System\ueQipsa.exe
  2⤵
  PID:6188
- C:\Windows\System\RfRrRBt.exe
  C:\Windows\System\RfRrRBt.exe
  2⤵
  PID:6328
- C:\Windows\System\DgKChRH.exe
  C:\Windows\System\DgKChRH.exe
  2⤵
  PID:6404
- C:\Windows\System\hsvZQVF.exe
  C:\Windows\System\hsvZQVF.exe
  2⤵
  PID:6528
- C:\Windows\System\snwvssQ.exe
  C:\Windows\System\snwvssQ.exe
  2⤵
  PID:6544
- C:\Windows\System\BSPqRYe.exe
  C:\Windows\System\BSPqRYe.exe
  2⤵
  PID:6592
- C:\Windows\System\bQuMhtB.exe
  C:\Windows\System\bQuMhtB.exe
  2⤵
  PID:6608
- C:\Windows\System\voeFvMl.exe
  C:\Windows\System\voeFvMl.exe
  2⤵
  PID:6576
- C:\Windows\System\HkTBhjB.exe
  C:\Windows\System\HkTBhjB.exe
  2⤵
  PID:6668
- C:\Windows\System\triepOT.exe
  C:\Windows\System\triepOT.exe
  2⤵
  PID:6652
- C:\Windows\System\GQYTZth.exe
  C:\Windows\System\GQYTZth.exe
  2⤵
  PID:6788
- C:\Windows\System\NBmOduH.exe
  C:\Windows\System\NBmOduH.exe
  2⤵
  PID:6872
- C:\Windows\System\wrHkYKu.exe
  C:\Windows\System\wrHkYKu.exe
  2⤵
  PID:6776
- C:\Windows\System\fnuZHHD.exe
  C:\Windows\System\fnuZHHD.exe
  2⤵
  PID:7044
- C:\Windows\System\oJNhmfo.exe
  C:\Windows\System\oJNhmfo.exe
  2⤵
  PID:6204
- C:\Windows\System\BPFXrPF.exe
  C:\Windows\System\BPFXrPF.exe
  2⤵
  PID:7156
- C:\Windows\System\MtaorTb.exe
  C:\Windows\System\MtaorTb.exe
  2⤵
  PID:6800
- C:\Windows\System\QbUNiYQ.exe
  C:\Windows\System\QbUNiYQ.exe
  2⤵
  PID:6516
- C:\Windows\System\klIXyVt.exe
  C:\Windows\System\klIXyVt.exe
  2⤵
  PID:6656
- C:\Windows\System\uOWuGoG.exe
  C:\Windows\System\uOWuGoG.exe
  2⤵
  PID:6744
- C:\Windows\System\epoKyOy.exe
  C:\Windows\System\epoKyOy.exe
  2⤵
  PID:6756
- C:\Windows\System\GGSavbV.exe
  C:\Windows\System\GGSavbV.exe
  2⤵
  PID:7084
- C:\Windows\System\CTvNQcz.exe
  C:\Windows\System\CTvNQcz.exe
  2⤵
  PID:6288
- C:\Windows\System\ugjjcPw.exe
  C:\Windows\System\ugjjcPw.exe
  2⤵
  PID:6320
- C:\Windows\System\goCTvxh.exe
  C:\Windows\System\goCTvxh.exe
  2⤵
  PID:6316
- C:\Windows\System\wYpBKQe.exe
  C:\Windows\System\wYpBKQe.exe
  2⤵
  PID:7052
- C:\Windows\System\IRsiUmn.exe
  C:\Windows\System\IRsiUmn.exe
  2⤵
  PID:5740
- C:\Windows\System\YpabMxW.exe
  C:\Windows\System\YpabMxW.exe
  2⤵
  PID:6596
- C:\Windows\System\CypJGWu.exe
  C:\Windows\System\CypJGWu.exe
  2⤵
  PID:6784
- C:\Windows\System\MDfZTXK.exe
  C:\Windows\System\MDfZTXK.exe
  2⤵
  PID:6356
- C:\Windows\System\tjkZUTo.exe
  C:\Windows\System\tjkZUTo.exe
  2⤵
  PID:1524
- C:\Windows\System\NvBPyoD.exe
  C:\Windows\System\NvBPyoD.exe
  2⤵
  PID:7160
- C:\Windows\System\ylToeMa.exe
  C:\Windows\System\ylToeMa.exe
  2⤵
  PID:6816
- C:\Windows\System\ADFAFqi.exe
  C:\Windows\System\ADFAFqi.exe
  2⤵
  PID:6308
- C:\Windows\System\FHsojiB.exe
  C:\Windows\System\FHsojiB.exe
  2⤵
  PID:6232
- C:\Windows\System\VVmIURw.exe
  C:\Windows\System\VVmIURw.exe
  2⤵
  PID:6168
- C:\Windows\System\BndIgtR.exe
  C:\Windows\System\BndIgtR.exe
  2⤵
  PID:6804
- C:\Windows\System\RzMrphh.exe
  C:\Windows\System\RzMrphh.exe
  2⤵
  PID:6532
- C:\Windows\System\obHiHhg.exe
  C:\Windows\System\obHiHhg.exe
  2⤵
  PID:6968
- C:\Windows\System\FEfbyzK.exe
  C:\Windows\System\FEfbyzK.exe
  2⤵
  PID:2464
- C:\Windows\System\oqHUfub.exe
  C:\Windows\System\oqHUfub.exe
  2⤵
  PID:6480
- C:\Windows\System\kXFagYh.exe
  C:\Windows\System\kXFagYh.exe
  2⤵
  PID:6408
- C:\Windows\System\pmWBJoz.exe
  C:\Windows\System\pmWBJoz.exe
  2⤵
  PID:7192
- C:\Windows\System\KLQepxq.exe
  C:\Windows\System\KLQepxq.exe
  2⤵
  PID:7208
- C:\Windows\System\SyRDevj.exe
  C:\Windows\System\SyRDevj.exe
  2⤵
  PID:7224
- C:\Windows\System\pbVcJay.exe
  C:\Windows\System\pbVcJay.exe
  2⤵
  PID:7240
- C:\Windows\System\baInaRI.exe
  C:\Windows\System\baInaRI.exe
  2⤵
  PID:7260
- C:\Windows\System\YgzzttS.exe
  C:\Windows\System\YgzzttS.exe
  2⤵
  PID:7276
- C:\Windows\System\ijaWqJy.exe
  C:\Windows\System\ijaWqJy.exe
  2⤵
  PID:7296
- C:\Windows\System\FfcFcLa.exe
  C:\Windows\System\FfcFcLa.exe
  2⤵
  PID:7312
- C:\Windows\System\pHqMnZu.exe
  C:\Windows\System\pHqMnZu.exe
  2⤵
  PID:7328
- C:\Windows\System\BhXnlTp.exe
  C:\Windows\System\BhXnlTp.exe
  2⤵
  PID:7344
- C:\Windows\System\HEfERRv.exe
  C:\Windows\System\HEfERRv.exe
  2⤵
  PID:7360
- C:\Windows\System\IrIEpjo.exe
  C:\Windows\System\IrIEpjo.exe
  2⤵
  PID:7376
- C:\Windows\System\LaPcSMw.exe
  C:\Windows\System\LaPcSMw.exe
  2⤵
  PID:7392
- C:\Windows\System\ayMPQJX.exe
  C:\Windows\System\ayMPQJX.exe
  2⤵
  PID:7408
- C:\Windows\System\eRQAnGT.exe
  C:\Windows\System\eRQAnGT.exe
  2⤵
  PID:7424
- C:\Windows\System\JBDpzGJ.exe
  C:\Windows\System\JBDpzGJ.exe
  2⤵
  PID:7448
- C:\Windows\System\FsaBWRS.exe
  C:\Windows\System\FsaBWRS.exe
  2⤵
  PID:7472
- C:\Windows\System\WVeSWWc.exe
  C:\Windows\System\WVeSWWc.exe
  2⤵
  PID:7500
- C:\Windows\System\BkOqCdl.exe
  C:\Windows\System\BkOqCdl.exe
  2⤵
  PID:7516
- C:\Windows\System\SrRAtSr.exe
  C:\Windows\System\SrRAtSr.exe
  2⤵
  PID:7536
- C:\Windows\System\tHZHOsb.exe
  C:\Windows\System\tHZHOsb.exe
  2⤵
  PID:7552
- C:\Windows\System\PrExYAg.exe
  C:\Windows\System\PrExYAg.exe
  2⤵
  PID:7572
- C:\Windows\System\PgSngui.exe
  C:\Windows\System\PgSngui.exe
  2⤵
  PID:7588
- C:\Windows\System\wfuDSUn.exe
  C:\Windows\System\wfuDSUn.exe
  2⤵
  PID:7608
- C:\Windows\System\cQefigc.exe
  C:\Windows\System\cQefigc.exe
  2⤵
  PID:7624
- C:\Windows\System\WnZSpna.exe
  C:\Windows\System\WnZSpna.exe
  2⤵
  PID:7640
- C:\Windows\System\CSKgsuq.exe
  C:\Windows\System\CSKgsuq.exe
  2⤵
  PID:7656
- C:\Windows\System\NwwnuNl.exe
  C:\Windows\System\NwwnuNl.exe
  2⤵
  PID:7672
- C:\Windows\System\gxWeYci.exe
  C:\Windows\System\gxWeYci.exe
  2⤵
  PID:7692
- C:\Windows\System\SpqpXTW.exe
  C:\Windows\System\SpqpXTW.exe
  2⤵
  PID:7708
- C:\Windows\System\iuvqKpq.exe
  C:\Windows\System\iuvqKpq.exe
  2⤵
  PID:7724
- C:\Windows\System\hLgLZEE.exe
  C:\Windows\System\hLgLZEE.exe
  2⤵
  PID:7740
- C:\Windows\System\jveIxyP.exe
  C:\Windows\System\jveIxyP.exe
  2⤵
  PID:7756
- C:\Windows\System\xxJPIef.exe
  C:\Windows\System\xxJPIef.exe
  2⤵
  PID:7772
- C:\Windows\System\QMTUKlE.exe
  C:\Windows\System\QMTUKlE.exe
  2⤵
  PID:7788
- C:\Windows\System\kQghwGy.exe
  C:\Windows\System\kQghwGy.exe
  2⤵
  PID:7804
- C:\Windows\System\cQVUcEJ.exe
  C:\Windows\System\cQVUcEJ.exe
  2⤵
  PID:7820
- C:\Windows\System\VNKFZGw.exe
  C:\Windows\System\VNKFZGw.exe
  2⤵
  PID:7836
- C:\Windows\System\WckNYof.exe
  C:\Windows\System\WckNYof.exe
  2⤵
  PID:7852
- C:\Windows\System\IHyLudf.exe
  C:\Windows\System\IHyLudf.exe
  2⤵
  PID:7868
- C:\Windows\System\VSrAuse.exe
  C:\Windows\System\VSrAuse.exe
  2⤵
  PID:7884
- C:\Windows\System\mpmhqPu.exe
  C:\Windows\System\mpmhqPu.exe
  2⤵
  PID:7900
- C:\Windows\System\Fvbwmhw.exe
  C:\Windows\System\Fvbwmhw.exe
  2⤵
  PID:7920
- C:\Windows\System\TpnbFUR.exe
  C:\Windows\System\TpnbFUR.exe
  2⤵
  PID:7936
- C:\Windows\System\lagLJvy.exe
  C:\Windows\System\lagLJvy.exe
  2⤵
  PID:7952
- C:\Windows\System\jcARGVy.exe
  C:\Windows\System\jcARGVy.exe
  2⤵
  PID:7980
- C:\Windows\System\wxrkeEc.exe
  C:\Windows\System\wxrkeEc.exe
  2⤵
  PID:7996
- C:\Windows\System\qUNVAhR.exe
  C:\Windows\System\qUNVAhR.exe
  2⤵
  PID:8012
- C:\Windows\System\TEIejDv.exe
  C:\Windows\System\TEIejDv.exe
  2⤵
  PID:8028
- C:\Windows\System\dnawGqr.exe
  C:\Windows\System\dnawGqr.exe
  2⤵
  PID:8052
- C:\Windows\System\rrtzNcx.exe
  C:\Windows\System\rrtzNcx.exe
  2⤵
  PID:8076
- C:\Windows\System\TmmBrjb.exe
  C:\Windows\System\TmmBrjb.exe
  2⤵
  PID:8092
- C:\Windows\System\KbVLoHB.exe
  C:\Windows\System\KbVLoHB.exe
  2⤵
  PID:8112
- C:\Windows\System\mENfpgf.exe
  C:\Windows\System\mENfpgf.exe
  2⤵
  PID:8128
- C:\Windows\System\rkjiPMF.exe
  C:\Windows\System\rkjiPMF.exe
  2⤵
  PID:8144
- C:\Windows\System\zViqFLs.exe
  C:\Windows\System\zViqFLs.exe
  2⤵
  PID:8160
- C:\Windows\System\gsrPJQD.exe
  C:\Windows\System\gsrPJQD.exe
  2⤵
  PID:8184
- C:\Windows\System\aGnnick.exe
  C:\Windows\System\aGnnick.exe
  2⤵
  PID:6368
- C:\Windows\System\uyRpojF.exe
  C:\Windows\System\uyRpojF.exe
  2⤵
  PID:6312
- C:\Windows\System\qpHuvLk.exe
  C:\Windows\System\qpHuvLk.exe
  2⤵
  PID:6348
- C:\Windows\System\bajChgD.exe
  C:\Windows\System\bajChgD.exe
  2⤵
  PID:7284
- C:\Windows\System\OGOWAVw.exe
  C:\Windows\System\OGOWAVw.exe
  2⤵
  PID:7248
- C:\Windows\System\cDXzyDN.exe
  C:\Windows\System\cDXzyDN.exe
  2⤵
  PID:7204
- C:\Windows\System\DGQLjek.exe
  C:\Windows\System\DGQLjek.exe
  2⤵
  PID:7304
- C:\Windows\System\wZlGVef.exe
  C:\Windows\System\wZlGVef.exe
  2⤵
  PID:7356
- C:\Windows\System\wGLSnhL.exe
  C:\Windows\System\wGLSnhL.exe
  2⤵
  PID:7416
- C:\Windows\System\GctqOEd.exe
  C:\Windows\System\GctqOEd.exe
  2⤵
  PID:7372
- C:\Windows\System\crYrttT.exe
  C:\Windows\System\crYrttT.exe
  2⤵
  PID:7492
- C:\Windows\System\XmfKtDw.exe
  C:\Windows\System\XmfKtDw.exe
  2⤵
  PID:7484
- C:\Windows\System\kJdueRY.exe
  C:\Windows\System\kJdueRY.exe
  2⤵
  PID:7524
- C:\Windows\System\AvKEMpG.exe
  C:\Windows\System\AvKEMpG.exe
  2⤵
  PID:7560
- C:\Windows\System\RIBNSCh.exe
  C:\Windows\System\RIBNSCh.exe
  2⤵
  PID:7568
- C:\Windows\System\PaMfVvX.exe
  C:\Windows\System\PaMfVvX.exe
  2⤵
  PID:7648
- C:\Windows\System\FQNzFIQ.exe
  C:\Windows\System\FQNzFIQ.exe
  2⤵
  PID:7700
- C:\Windows\System\kFfuhES.exe
  C:\Windows\System\kFfuhES.exe
  2⤵
  PID:7716
- C:\Windows\System\lqzCAln.exe
  C:\Windows\System\lqzCAln.exe
  2⤵
  PID:7764
- C:\Windows\System\gIsdSPB.exe
  C:\Windows\System\gIsdSPB.exe
  2⤵
  PID:7748
- C:\Windows\System\MYHUsBG.exe
  C:\Windows\System\MYHUsBG.exe
  2⤵
  PID:7812
- C:\Windows\System\UkJVRgL.exe
  C:\Windows\System\UkJVRgL.exe
  2⤵
  PID:7876
- C:\Windows\System\iVFlNoX.exe
  C:\Windows\System\iVFlNoX.exe
  2⤵
  PID:7944
- C:\Windows\System\jvTxRap.exe
  C:\Windows\System\jvTxRap.exe
  2⤵
  PID:7860
- C:\Windows\System\CmmCXrv.exe
  C:\Windows\System\CmmCXrv.exe
  2⤵
  PID:7896
- C:\Windows\System\numLUtL.exe
  C:\Windows\System\numLUtL.exe
  2⤵
  PID:7964
- C:\Windows\System\fxdsgmW.exe
  C:\Windows\System\fxdsgmW.exe
  2⤵
  PID:8024
- C:\Windows\System\GIUSDej.exe
  C:\Windows\System\GIUSDej.exe
  2⤵
  PID:8068
- C:\Windows\System\TbZYuNO.exe
  C:\Windows\System\TbZYuNO.exe
  2⤵
  PID:8036
- C:\Windows\System\LfTPhQc.exe
  C:\Windows\System\LfTPhQc.exe
  2⤵
  PID:8072
- C:\Windows\System\UmuvQoN.exe
  C:\Windows\System\UmuvQoN.exe
  2⤵
  PID:8084
- C:\Windows\System\UfcDGYq.exe
  C:\Windows\System\UfcDGYq.exe
  2⤵
  PID:8140
- C:\Windows\System\zMkCjDG.exe
  C:\Windows\System\zMkCjDG.exe
  2⤵
  PID:8180
- C:\Windows\System\WbLFfIk.exe
  C:\Windows\System\WbLFfIk.exe
  2⤵
  PID:6684
- C:\Windows\System\WrpDJly.exe
  C:\Windows\System\WrpDJly.exe
  2⤵
  PID:7184
- C:\Windows\System\hnepFmf.exe
  C:\Windows\System\hnepFmf.exe
  2⤵
  PID:7220
- C:\Windows\System\oUgObvn.exe
  C:\Windows\System\oUgObvn.exe
  2⤵
  PID:7272
- C:\Windows\System\LxkQUeV.exe
  C:\Windows\System\LxkQUeV.exe
  2⤵
  PID:7468
- C:\Windows\System\ayJAYqi.exe
  C:\Windows\System\ayJAYqi.exe
  2⤵
  PID:7508
- C:\Windows\System\BkLNINW.exe
  C:\Windows\System\BkLNINW.exe
  2⤵
  PID:7480
- C:\Windows\System\xazKySR.exe
  C:\Windows\System\xazKySR.exe
  2⤵
  PID:7528
- C:\Windows\System\dXuozFO.exe
  C:\Windows\System\dXuozFO.exe
  2⤵
  PID:7496
- C:\Windows\System\YXjobVA.exe
  C:\Windows\System\YXjobVA.exe
  2⤵
  PID:7564
- C:\Windows\System\AxiNtUY.exe
  C:\Windows\System\AxiNtUY.exe
  2⤵
  PID:7636
- C:\Windows\System\YisAOal.exe
  C:\Windows\System\YisAOal.exe
  2⤵
  PID:7736
- C:\Windows\System\IsyPaKr.exe
  C:\Windows\System\IsyPaKr.exe
  2⤵
  PID:7800
- C:\Windows\System\tSWBJLm.exe
  C:\Windows\System\tSWBJLm.exe
  2⤵
  PID:7960
- C:\Windows\System\PqApCBX.exe
  C:\Windows\System\PqApCBX.exe
  2⤵
  PID:7844
- C:\Windows\System\GaWqXZM.exe
  C:\Windows\System\GaWqXZM.exe
  2⤵
  PID:8136
- C:\Windows\System\kjnaude.exe
  C:\Windows\System\kjnaude.exe
  2⤵
  PID:6352
- C:\Windows\System\MxJiBTP.exe
  C:\Windows\System\MxJiBTP.exe
  2⤵
  PID:7976
- C:\Windows\System\YOZDJWs.exe
  C:\Windows\System\YOZDJWs.exe
  2⤵
  PID:8020
- C:\Windows\System\RLTQITN.exe
  C:\Windows\System\RLTQITN.exe
  2⤵
  PID:8168
- C:\Windows\System\ECVHPqJ.exe
  C:\Windows\System\ECVHPqJ.exe
  2⤵
  PID:6624
- C:\Windows\System\KkzNGrU.exe
  C:\Windows\System\KkzNGrU.exe
  2⤵
  PID:7288
- C:\Windows\System\kPTGpIA.exe
  C:\Windows\System\kPTGpIA.exe
  2⤵
  PID:7388
- C:\Windows\System\TKaslnT.exe
  C:\Windows\System\TKaslnT.exe
  2⤵
  PID:6680
- C:\Windows\System\GuNlJqI.exe
  C:\Windows\System\GuNlJqI.exe
  2⤵
  PID:7684
- C:\Windows\System\dzTokLn.exe
  C:\Windows\System\dzTokLn.exe
  2⤵
  PID:7752
- C:\Windows\System\bVuEqLV.exe
  C:\Windows\System\bVuEqLV.exe
  2⤵
  PID:6988
- C:\Windows\System\kQziHqU.exe
  C:\Windows\System\kQziHqU.exe
  2⤵
  PID:7832
- C:\Windows\System\bnDKdXr.exe
  C:\Windows\System\bnDKdXr.exe
  2⤵
  PID:8004
- C:\Windows\System\wKxMste.exe
  C:\Windows\System\wKxMste.exe
  2⤵
  PID:7040
- C:\Windows\System\MsNlLie.exe
  C:\Windows\System\MsNlLie.exe
  2⤵
  PID:7432
- C:\Windows\System\bzQIVur.exe
  C:\Windows\System\bzQIVur.exe
  2⤵
  PID:7600
- C:\Windows\System\RTMaHWa.exe
  C:\Windows\System\RTMaHWa.exe
  2⤵
  PID:8064
- C:\Windows\System\SkeHHdZ.exe
  C:\Windows\System\SkeHHdZ.exe
  2⤵
  PID:8108
- C:\Windows\System\VbwxRmJ.exe
  C:\Windows\System\VbwxRmJ.exe
  2⤵
  PID:7992
- C:\Windows\System\cbAwNTO.exe
  C:\Windows\System\cbAwNTO.exe
  2⤵
  PID:7616
- C:\Windows\System\wRwNAUS.exe
  C:\Windows\System\wRwNAUS.exe
  2⤵
  PID:8204
- C:\Windows\System\fJeDOtk.exe
  C:\Windows\System\fJeDOtk.exe
  2⤵
  PID:8220
- C:\Windows\System\hKYbARJ.exe
  C:\Windows\System\hKYbARJ.exe
  2⤵
  PID:8236
- C:\Windows\System\xliDjQC.exe
  C:\Windows\System\xliDjQC.exe
  2⤵
  PID:8264
- C:\Windows\System\BSfEVPD.exe
  C:\Windows\System\BSfEVPD.exe
  2⤵
  PID:8292
- C:\Windows\System\GQXUToS.exe
  C:\Windows\System\GQXUToS.exe
  2⤵
  PID:8312
- C:\Windows\System\TfnAyJK.exe
  C:\Windows\System\TfnAyJK.exe
  2⤵
  PID:8376
- C:\Windows\System\JeRNbar.exe
  C:\Windows\System\JeRNbar.exe
  2⤵
  PID:8408
- C:\Windows\System\hMCHPvJ.exe
  C:\Windows\System\hMCHPvJ.exe
  2⤵
  PID:8432
- C:\Windows\System\QNtFnHJ.exe
  C:\Windows\System\QNtFnHJ.exe
  2⤵
  PID:8448
- C:\Windows\System\OgJxjGR.exe
  C:\Windows\System\OgJxjGR.exe
  2⤵
  PID:8468
- C:\Windows\System\kxpiMcy.exe
  C:\Windows\System\kxpiMcy.exe
  2⤵
  PID:8484
- C:\Windows\System\HVRgdRH.exe
  C:\Windows\System\HVRgdRH.exe
  2⤵
  PID:8504
- C:\Windows\System\GTbfJjN.exe
  C:\Windows\System\GTbfJjN.exe
  2⤵
  PID:8552
- C:\Windows\System\druoQRU.exe
  C:\Windows\System\druoQRU.exe
  2⤵
  PID:8568
- C:\Windows\System\DNqZAeV.exe
  C:\Windows\System\DNqZAeV.exe
  2⤵
  PID:8588
- C:\Windows\System\mkzLFRe.exe
  C:\Windows\System\mkzLFRe.exe
  2⤵
  PID:8604
- C:\Windows\System\pQBhKSt.exe
  C:\Windows\System\pQBhKSt.exe
  2⤵
  PID:8628
- C:\Windows\System\bmTtzFd.exe
  C:\Windows\System\bmTtzFd.exe
  2⤵
  PID:8644
- C:\Windows\System\ZzeNxjM.exe
  C:\Windows\System\ZzeNxjM.exe
  2⤵
  PID:8660
- C:\Windows\System\PXxTRSn.exe
  C:\Windows\System\PXxTRSn.exe
  2⤵
  PID:8680
- C:\Windows\System\PgWCwJq.exe
  C:\Windows\System\PgWCwJq.exe
  2⤵
  PID:8700
- C:\Windows\System\nqYktPP.exe
  C:\Windows\System\nqYktPP.exe
  2⤵
  PID:8716
- C:\Windows\System\xilUjDt.exe
  C:\Windows\System\xilUjDt.exe
  2⤵
  PID:8736
- C:\Windows\System\vXiQAUW.exe
  C:\Windows\System\vXiQAUW.exe
  2⤵
  PID:8780
- C:\Windows\System\ZQMjIRE.exe
  C:\Windows\System\ZQMjIRE.exe
  2⤵
  PID:8796
- C:\Windows\System\UINECWZ.exe
  C:\Windows\System\UINECWZ.exe
  2⤵
  PID:8812
- C:\Windows\System\DXfgrHQ.exe
  C:\Windows\System\DXfgrHQ.exe
  2⤵
  PID:8832
- C:\Windows\System\LUjKmgv.exe
  C:\Windows\System\LUjKmgv.exe
  2⤵
  PID:8856
- C:\Windows\System\eqPVdYD.exe
  C:\Windows\System\eqPVdYD.exe
  2⤵
  PID:8872
- C:\Windows\System\RSbKPrN.exe
  C:\Windows\System\RSbKPrN.exe
  2⤵
  PID:8888
- C:\Windows\System\DfJabAa.exe
  C:\Windows\System\DfJabAa.exe
  2⤵
  PID:8908
- C:\Windows\System\xZllpqE.exe
  C:\Windows\System\xZllpqE.exe
  2⤵
  PID:8932
- C:\Windows\System\ukIBqyc.exe
  C:\Windows\System\ukIBqyc.exe
  2⤵
  PID:8948
- C:\Windows\System\tZLqDRa.exe
  C:\Windows\System\tZLqDRa.exe
  2⤵
  PID:8964
- C:\Windows\System\sEvDppK.exe
  C:\Windows\System\sEvDppK.exe
  2⤵
  PID:8992
- C:\Windows\System\dbzhMWU.exe
  C:\Windows\System\dbzhMWU.exe
  2⤵
  PID:9012
- C:\Windows\System\pCzEsyA.exe
  C:\Windows\System\pCzEsyA.exe
  2⤵
  PID:9028
- C:\Windows\System\gSwgryG.exe
  C:\Windows\System\gSwgryG.exe
  2⤵
  PID:9056
- C:\Windows\System\HCCLzMG.exe
  C:\Windows\System\HCCLzMG.exe
  2⤵
  PID:9072
- C:\Windows\System\ZuIQuCF.exe
  C:\Windows\System\ZuIQuCF.exe
  2⤵
  PID:9088
- C:\Windows\System\IZNorWm.exe
  C:\Windows\System\IZNorWm.exe
  2⤵
  PID:9104
- C:\Windows\System\MCMtOKt.exe
  C:\Windows\System\MCMtOKt.exe
  2⤵
  PID:9136
- C:\Windows\System\NnIyLLp.exe
  C:\Windows\System\NnIyLLp.exe
  2⤵
  PID:9156
- C:\Windows\System\CHjsinl.exe
  C:\Windows\System\CHjsinl.exe
  2⤵
  PID:9180
- C:\Windows\System\Jubwjeg.exe
  C:\Windows\System\Jubwjeg.exe
  2⤵
  PID:9196
- C:\Windows\System\mITBtAZ.exe
  C:\Windows\System\mITBtAZ.exe
  2⤵
  PID:9212
- C:\Windows\System\mGofRqE.exe
  C:\Windows\System\mGofRqE.exe
  2⤵
  PID:8124
- C:\Windows\System\TJgciWZ.exe
  C:\Windows\System\TJgciWZ.exe
  2⤵
  PID:7916
- C:\Windows\System\jnMZHiI.exe
  C:\Windows\System\jnMZHiI.exe
  2⤵
  PID:7352
- C:\Windows\System\qQsOLHe.exe
  C:\Windows\System\qQsOLHe.exe
  2⤵
  PID:8232
- C:\Windows\System\IiidbCe.exe
  C:\Windows\System\IiidbCe.exe
  2⤵
  PID:8360
- C:\Windows\System\OZLosiQ.exe
  C:\Windows\System\OZLosiQ.exe
  2⤵
  PID:8368
- C:\Windows\System\TUDVztx.exe
  C:\Windows\System\TUDVztx.exe
  2⤵
  PID:8288
- C:\Windows\System\rYsuVNA.exe
  C:\Windows\System\rYsuVNA.exe
  2⤵
  PID:8420
- C:\Windows\System\AKhqctx.exe
  C:\Windows\System\AKhqctx.exe
  2⤵
  PID:8336
- C:\Windows\System\vUMIgFA.exe
  C:\Windows\System\vUMIgFA.exe
  2⤵
  PID:8372
- C:\Windows\System\rOzLqBp.exe
  C:\Windows\System\rOzLqBp.exe
  2⤵
  PID:8492
- C:\Windows\System\djtwFmV.exe
  C:\Windows\System\djtwFmV.exe
  2⤵
  PID:8476
- C:\Windows\System\rKprtDF.exe
  C:\Windows\System\rKprtDF.exe
  2⤵
  PID:8248
- C:\Windows\System\BPxvNrb.exe
  C:\Windows\System\BPxvNrb.exe
  2⤵
  PID:8304
- C:\Windows\System\dpbFnts.exe
  C:\Windows\System\dpbFnts.exe
  2⤵
  PID:8512
- C:\Windows\System\cttNySx.exe
  C:\Windows\System\cttNySx.exe
  2⤵
  PID:8396
- C:\Windows\System\owcnHfk.exe
  C:\Windows\System\owcnHfk.exe
  2⤵
  PID:8444
- C:\Windows\System\jAapHfS.exe
  C:\Windows\System\jAapHfS.exe
  2⤵
  PID:8544
- C:\Windows\System\tWPIkZB.exe
  C:\Windows\System\tWPIkZB.exe
  2⤵
  PID:8612
- C:\Windows\System\EORtXRD.exe
  C:\Windows\System\EORtXRD.exe
  2⤵
  PID:8584
- C:\Windows\System\mSWjBXh.exe
  C:\Windows\System\mSWjBXh.exe
  2⤵
  PID:8668
- C:\Windows\System\NifHozi.exe
  C:\Windows\System\NifHozi.exe
  2⤵
  PID:8620
- C:\Windows\System\IFDLOpQ.exe
  C:\Windows\System\IFDLOpQ.exe
  2⤵
  PID:8688
- C:\Windows\System\mdnMtRf.exe
  C:\Windows\System\mdnMtRf.exe
  2⤵
  PID:8728
- C:\Windows\System\vtwUMwW.exe
  C:\Windows\System\vtwUMwW.exe
  2⤵
  PID:8708
- C:\Windows\System\WCLdgpe.exe
  C:\Windows\System\WCLdgpe.exe
  2⤵
  PID:8748
- C:\Windows\System\TlPxzVp.exe
  C:\Windows\System\TlPxzVp.exe
  2⤵
  PID:8792
- C:\Windows\System\jNUIsmf.exe
  C:\Windows\System\jNUIsmf.exe
  2⤵
  PID:8820
- C:\Windows\System\ALoywfW.exe
  C:\Windows\System\ALoywfW.exe
  2⤵
  PID:8844
- C:\Windows\System\bUhWtDw.exe
  C:\Windows\System\bUhWtDw.exe
  2⤵
  PID:8808
- C:\Windows\System\GMnVjzt.exe
  C:\Windows\System\GMnVjzt.exe
  2⤵
  PID:8972
- C:\Windows\System\VjVJkPe.exe
  C:\Windows\System\VjVJkPe.exe
  2⤵
  PID:8960
- C:\Windows\System\oWzNnAA.exe
  C:\Windows\System\oWzNnAA.exe
  2⤵
  PID:9008
- C:\Windows\System\fJyfGdr.exe
  C:\Windows\System\fJyfGdr.exe
  2⤵
  PID:8984
- C:\Windows\System\xnvBkaD.exe
  C:\Windows\System\xnvBkaD.exe
  2⤵
  PID:9020
- C:\Windows\System\onmxFkN.exe
  C:\Windows\System\onmxFkN.exe
  2⤵
  PID:9080
- C:\Windows\System\gaDBtqw.exe
  C:\Windows\System\gaDBtqw.exe
  2⤵
  PID:9048
- C:\Windows\System\EQqUuQX.exe
  C:\Windows\System\EQqUuQX.exe
  2⤵
  PID:9128
- C:\Windows\System\LIHKirC.exe
  C:\Windows\System\LIHKirC.exe
  2⤵
  PID:9176
- C:\Windows\System\wGcbGXB.exe
  C:\Windows\System\wGcbGXB.exe
  2⤵
  PID:9100
- C:\Windows\System\kcbgpGE.exe
  C:\Windows\System\kcbgpGE.exe
  2⤵
  PID:9148
- C:\Windows\System\jwZPwIq.exe
  C:\Windows\System\jwZPwIq.exe
  2⤵
  PID:7180
- C:\Windows\System\pCRblnH.exe
  C:\Windows\System\pCRblnH.exe
  2⤵
  PID:9192
- C:\Windows\System\vZNlZUF.exe
  C:\Windows\System\vZNlZUF.exe
  2⤵
  PID:8352
- C:\Windows\System\banQImp.exe
  C:\Windows\System\banQImp.exe
  2⤵
  PID:8324
- C:\Windows\System\qQNwlNC.exe
  C:\Windows\System\qQNwlNC.exe
  2⤵
  PID:8328
- C:\Windows\System\hHttHiy.exe
  C:\Windows\System\hHttHiy.exe
  2⤵
  PID:8464
- C:\Windows\System\dHlisLL.exe
  C:\Windows\System\dHlisLL.exe
  2⤵
  PID:8300
- C:\Windows\System\zJsfyux.exe
  C:\Windows\System\zJsfyux.exe
  2⤵
  PID:8216
- C:\Windows\System\GzXEWVZ.exe
  C:\Windows\System\GzXEWVZ.exe
  2⤵
  PID:8540
- C:\Windows\System\WlzakTT.exe
  C:\Windows\System\WlzakTT.exe
  2⤵
  PID:8560
- C:\Windows\System\yNNfity.exe
  C:\Windows\System\yNNfity.exe
  2⤵
  PID:8548
- C:\Windows\System\HvLOlbS.exe
  C:\Windows\System\HvLOlbS.exe
  2⤵
  PID:8712
- C:\Windows\System\BJLCBlv.exe
  C:\Windows\System\BJLCBlv.exe
  2⤵
  PID:8768
- C:\Windows\System\saMuKHX.exe
  C:\Windows\System\saMuKHX.exe
  2⤵
  PID:8788
- C:\Windows\System\zRvxywL.exe
  C:\Windows\System\zRvxywL.exe
  2⤵
  PID:8904
- C:\Windows\System\xBKqDyD.exe
  C:\Windows\System\xBKqDyD.exe
  2⤵
  PID:8924
- C:\Windows\System\lADvcRV.exe
  C:\Windows\System\lADvcRV.exe
  2⤵
  PID:9044
- C:\Windows\System\paXGmXW.exe
  C:\Windows\System\paXGmXW.exe
  2⤵
  PID:9112
- C:\Windows\System\yISLZpo.exe
  C:\Windows\System\yISLZpo.exe
  2⤵
  PID:9096
- C:\Windows\System\MlGPgrZ.exe
  C:\Windows\System\MlGPgrZ.exe
  2⤵
  PID:9120
- C:\Windows\System\RCFetxZ.exe
  C:\Windows\System\RCFetxZ.exe
  2⤵
  PID:9040
- C:\Windows\System\qlJLSAM.exe
  C:\Windows\System\qlJLSAM.exe
  2⤵
  PID:8276
- C:\Windows\System\siedodY.exe
  C:\Windows\System\siedodY.exe
  2⤵
  PID:8260
- C:\Windows\System\AwZBiHI.exe
  C:\Windows\System\AwZBiHI.exe
  2⤵
  PID:9152
- C:\Windows\System\ahvkSyc.exe
  C:\Windows\System\ahvkSyc.exe
  2⤵
  PID:8332
- C:\Windows\System\PxwlAeJ.exe
  C:\Windows\System\PxwlAeJ.exe
  2⤵
  PID:8616
- C:\Windows\System\CxcCArl.exe
  C:\Windows\System\CxcCArl.exe
  2⤵
  PID:8676
- C:\Windows\System\RMsZatH.exe
  C:\Windows\System\RMsZatH.exe
  2⤵
  PID:8752
- C:\Windows\System\dHHTyCw.exe
  C:\Windows\System\dHHTyCw.exe
  2⤵
  PID:9004
- C:\Windows\System\RrNQsjh.exe
  C:\Windows\System\RrNQsjh.exe
  2⤵
  PID:9124
- C:\Windows\System\AAbnCHp.exe
  C:\Windows\System\AAbnCHp.exe
  2⤵
  PID:9036
- C:\Windows\System\aggKtFf.exe
  C:\Windows\System\aggKtFf.exe
  2⤵
  PID:8272
- C:\Windows\System\TZRNlOT.exe
  C:\Windows\System\TZRNlOT.exe
  2⤵
  PID:8348
- C:\Windows\System\nBLVFqJ.exe
  C:\Windows\System\nBLVFqJ.exe
  2⤵
  PID:8524
- C:\Windows\System\pSIvaLx.exe
  C:\Windows\System\pSIvaLx.exe
  2⤵
  PID:8696
- C:\Windows\System\vuncAvl.exe
  C:\Windows\System\vuncAvl.exe
  2⤵
  PID:8804
- C:\Windows\System\SbkxIAw.exe
  C:\Windows\System\SbkxIAw.exe
  2⤵
  PID:9068
- C:\Windows\System\tWfOqBv.exe
  C:\Windows\System\tWfOqBv.exe
  2⤵
  PID:8600
- C:\Windows\System\WcDYZCg.exe
  C:\Windows\System\WcDYZCg.exe
  2⤵
  PID:9188
- C:\Windows\System\NTDOYAL.exe
  C:\Windows\System\NTDOYAL.exe
  2⤵
  PID:8652
- C:\Windows\System\xokHDSE.exe
  C:\Windows\System\xokHDSE.exe
  2⤵
  PID:7948
- C:\Windows\System\JbPCqHC.exe
  C:\Windows\System\JbPCqHC.exe
  2⤵
  PID:8916
- C:\Windows\System\YSRmVyx.exe
  C:\Windows\System\YSRmVyx.exe
  2⤵
  PID:8320
- C:\Windows\System\HHvZYgN.exe
  C:\Windows\System\HHvZYgN.exe
  2⤵
  PID:8976
- C:\Windows\System\KmLVLcp.exe
  C:\Windows\System\KmLVLcp.exe
  2⤵
  PID:9236
- C:\Windows\System\xAYVDNw.exe
  C:\Windows\System\xAYVDNw.exe
  2⤵
  PID:9412
- C:\Windows\System\tkIKtlz.exe
  C:\Windows\System\tkIKtlz.exe
  2⤵
  PID:9428
- C:\Windows\System\sEJHkXq.exe
  C:\Windows\System\sEJHkXq.exe
  2⤵
  PID:9512
- C:\Windows\System\OVZZiay.exe
  C:\Windows\System\OVZZiay.exe
  2⤵
  PID:9528
- C:\Windows\System\dccWvkS.exe
  C:\Windows\System\dccWvkS.exe
  2⤵
  PID:9544
- C:\Windows\System\ixicBba.exe
  C:\Windows\System\ixicBba.exe
  2⤵
  PID:9560
- C:\Windows\System\SqhVGht.exe
  C:\Windows\System\SqhVGht.exe
  2⤵
  PID:9576
- C:\Windows\System\xLNdYSa.exe
  C:\Windows\System\xLNdYSa.exe
  2⤵
  PID:9592
- C:\Windows\System\nToWPeI.exe
  C:\Windows\System\nToWPeI.exe
  2⤵
  PID:9608
- C:\Windows\System\VsQIhke.exe
  C:\Windows\System\VsQIhke.exe
  2⤵
  PID:9624
- C:\Windows\System\vFimevZ.exe
  C:\Windows\System\vFimevZ.exe
  2⤵
  PID:9640
- C:\Windows\System\jchyRRD.exe
  C:\Windows\System\jchyRRD.exe
  2⤵
  PID:9656
- C:\Windows\System\HksNZuK.exe
  C:\Windows\System\HksNZuK.exe
  2⤵
  PID:9672
- C:\Windows\System\CbbaetK.exe
  C:\Windows\System\CbbaetK.exe
  2⤵
  PID:9688
- C:\Windows\System\ymlEHUP.exe
  C:\Windows\System\ymlEHUP.exe
  2⤵
  PID:9704
- C:\Windows\System\nHSoCgz.exe
  C:\Windows\System\nHSoCgz.exe
  2⤵
  PID:9724
- C:\Windows\System\qJVQpkQ.exe
  C:\Windows\System\qJVQpkQ.exe
  2⤵
  PID:9740
- C:\Windows\System\QqhhfWR.exe
  C:\Windows\System\QqhhfWR.exe
  2⤵
  PID:9756
- C:\Windows\System\EecNObh.exe
  C:\Windows\System\EecNObh.exe
  2⤵
  PID:9772
- C:\Windows\System\bbsRCuc.exe
  C:\Windows\System\bbsRCuc.exe
  2⤵
  PID:9788
- C:\Windows\System\WrNMZqj.exe
  C:\Windows\System\WrNMZqj.exe
  2⤵
  PID:9804
- C:\Windows\System\PlEDgbJ.exe
  C:\Windows\System\PlEDgbJ.exe
  2⤵
  PID:9820
- C:\Windows\System\XezuQQB.exe
  C:\Windows\System\XezuQQB.exe
  2⤵
  PID:9836
- C:\Windows\System\Kgmhnbi.exe
  C:\Windows\System\Kgmhnbi.exe
  2⤵
  PID:9852
- C:\Windows\System\UZZXGbD.exe
  C:\Windows\System\UZZXGbD.exe
  2⤵
  PID:9868
- C:\Windows\System\xIzLhfD.exe
  C:\Windows\System\xIzLhfD.exe
  2⤵
  PID:9884
- C:\Windows\System\VqvMstg.exe
  C:\Windows\System\VqvMstg.exe
  2⤵
  PID:9900
- C:\Windows\System\mCZFirw.exe
  C:\Windows\System\mCZFirw.exe
  2⤵
  PID:9916
- C:\Windows\System\FdHHmFW.exe
  C:\Windows\System\FdHHmFW.exe
  2⤵
  PID:9932
- C:\Windows\System\uUKlIHP.exe
  C:\Windows\System\uUKlIHP.exe
  2⤵
  PID:9948
- C:\Windows\System\RTEfLsU.exe
  C:\Windows\System\RTEfLsU.exe
  2⤵
  PID:9964
- C:\Windows\System\QyymJUj.exe
  C:\Windows\System\QyymJUj.exe
  2⤵
  PID:9980
- C:\Windows\System\UsQLCzl.exe
  C:\Windows\System\UsQLCzl.exe
  2⤵
  PID:9996
- C:\Windows\System\OFSkrZu.exe
  C:\Windows\System\OFSkrZu.exe
  2⤵
  PID:10012
- C:\Windows\System\ozltnSW.exe
  C:\Windows\System\ozltnSW.exe
  2⤵
  PID:10028
- C:\Windows\System\WAfYHMY.exe
  C:\Windows\System\WAfYHMY.exe
  2⤵
  PID:10044
- C:\Windows\System\HyPoIIL.exe
  C:\Windows\System\HyPoIIL.exe
  2⤵
  PID:10060
- C:\Windows\System\levIEID.exe
  C:\Windows\System\levIEID.exe
  2⤵
  PID:10076
- C:\Windows\System\vZcTWLj.exe
  C:\Windows\System\vZcTWLj.exe
  2⤵
  PID:10092
- C:\Windows\System\GoNRscl.exe
  C:\Windows\System\GoNRscl.exe
  2⤵
  PID:10108
- C:\Windows\System\WQhZvZG.exe
  C:\Windows\System\WQhZvZG.exe
  2⤵
  PID:10124
- C:\Windows\System\iKSrkih.exe
  C:\Windows\System\iKSrkih.exe
  2⤵
  PID:10140
- C:\Windows\System\fFLgvYV.exe
  C:\Windows\System\fFLgvYV.exe
  2⤵
  PID:10156
- C:\Windows\System\suSxEtR.exe
  C:\Windows\System\suSxEtR.exe
  2⤵
  PID:10172
- C:\Windows\System\HGzZJHT.exe
  C:\Windows\System\HGzZJHT.exe
  2⤵
  PID:10188
- C:\Windows\System\opzThNE.exe
  C:\Windows\System\opzThNE.exe
  2⤵
  PID:10204
- C:\Windows\System\FGiuKvb.exe
  C:\Windows\System\FGiuKvb.exe
  2⤵
  PID:10224
- C:\Windows\System\EQHBJEF.exe
  C:\Windows\System\EQHBJEF.exe
  2⤵
  PID:9172
- C:\Windows\System\izjNGEp.exe
  C:\Windows\System\izjNGEp.exe
  2⤵
  PID:9232
- C:\Windows\System\jpmFZQl.exe
  C:\Windows\System\jpmFZQl.exe
  2⤵
  PID:9260
- C:\Windows\System\yRPjOup.exe
  C:\Windows\System\yRPjOup.exe
  2⤵
  PID:9276
- C:\Windows\System\CUrvAKl.exe
  C:\Windows\System\CUrvAKl.exe
  2⤵
  PID:9296
- C:\Windows\System\NDSkqnh.exe
  C:\Windows\System\NDSkqnh.exe
  2⤵
  PID:9312
- C:\Windows\System\azuPnBl.exe
  C:\Windows\System\azuPnBl.exe
  2⤵
  PID:9328
- C:\Windows\System\vDaXwrw.exe
  C:\Windows\System\vDaXwrw.exe
  2⤵
  PID:9344
- C:\Windows\System\aCzCGLT.exe
  C:\Windows\System\aCzCGLT.exe
  2⤵
  PID:9356
- C:\Windows\System\chhiWIA.exe
  C:\Windows\System\chhiWIA.exe
  2⤵
  PID:9380
- C:\Windows\System\rISMZFl.exe
  C:\Windows\System\rISMZFl.exe
  2⤵
  PID:9396
- C:\Windows\System\gCMtMyL.exe
  C:\Windows\System\gCMtMyL.exe
  2⤵
  PID:9376
- C:\Windows\System\YtbXCUl.exe
  C:\Windows\System\YtbXCUl.exe
  2⤵
  PID:9424
- C:\Windows\System\ufhjgeH.exe
  C:\Windows\System\ufhjgeH.exe
  2⤵
  PID:9448
- C:\Windows\System\iljUDQp.exe
  C:\Windows\System\iljUDQp.exe
  2⤵
  PID:9468
- C:\Windows\System\jGoONBt.exe
  C:\Windows\System\jGoONBt.exe
  2⤵
  PID:9484
- C:\Windows\System\ClNkdyl.exe
  C:\Windows\System\ClNkdyl.exe
  2⤵
  PID:9504
- C:\Windows\System\HolcuVH.exe
  C:\Windows\System\HolcuVH.exe
  2⤵
  PID:9540
- C:\Windows\System\wMhuffy.exe
  C:\Windows\System\wMhuffy.exe
  2⤵
  PID:9552
- C:\Windows\System\mGhSUPv.exe
  C:\Windows\System\mGhSUPv.exe
  2⤵
  PID:9584
- C:\Windows\System\TFnTzqc.exe
  C:\Windows\System\TFnTzqc.exe
  2⤵
  PID:9652
- C:\Windows\System\EaceXkb.exe
  C:\Windows\System\EaceXkb.exe
  2⤵
  PID:9720
- C:\Windows\System\HEGrali.exe
  C:\Windows\System\HEGrali.exe
  2⤵
  PID:9600
- C:\Windows\System\dytCNWv.exe
  C:\Windows\System\dytCNWv.exe
  2⤵
  PID:9784
- C:\Windows\System\FwvrnCR.exe
  C:\Windows\System\FwvrnCR.exe
  2⤵
  PID:9696
- C:\Windows\System\XHWoxld.exe
  C:\Windows\System\XHWoxld.exe
  2⤵
  PID:9700
- C:\Windows\System\gOYJYnh.exe
  C:\Windows\System\gOYJYnh.exe
  2⤵
  PID:9768
- C:\Windows\System\zLMfMXW.exe
  C:\Windows\System\zLMfMXW.exe
  2⤵
  PID:9832
- C:\Windows\System\gzJGWwW.exe
  C:\Windows\System\gzJGWwW.exe
  2⤵
  PID:9912
- C:\Windows\System\XFgdxwe.exe
  C:\Windows\System\XFgdxwe.exe
  2⤵
  PID:9864
- C:\Windows\System\TzzWrPb.exe
  C:\Windows\System\TzzWrPb.exe
  2⤵
  PID:9928
- C:\Windows\System\tbTsmGg.exe
  C:\Windows\System\tbTsmGg.exe
  2⤵
  PID:9960
- C:\Windows\System\MKdhWct.exe
  C:\Windows\System\MKdhWct.exe
  2⤵
  PID:10008
- C:\Windows\System\FnPwKdo.exe
  C:\Windows\System\FnPwKdo.exe
  2⤵
  PID:10020
- C:\Windows\System\fcPQnpg.exe
  C:\Windows\System\fcPQnpg.exe
  2⤵
  PID:10052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EKfZFur.exe

Filesize
6.0MB

MD5
d0a5ed0c3d26edd5ed73648fa53a13d5

SHA1
a4861af4b698a513fc24237d4851efe87c1993f5

SHA256
684504468b31a4ae74f48c573aa37ed7f78d0315824d4ccdf6a1834e4140dc44

SHA512
2472f7101ac0f41802d60c5f499ab0c0f447149849928e0241908602d62545fb37e65638b76da7878371f4b98813bc24b0189072fe8cddb9ab12dde06b9b4828

Download Submit
C:\Windows\system\EcNczFq.exe

Filesize
6.0MB

MD5
f667e90009b57e40e955a0df533b872a

SHA1
8156ed653cf170e79f26da61e3c9860a39c80bcc

SHA256
2c4d1788d0e0603c95a3fdb6f593682652d9e7d3b23482571ab216f7fb0da263

SHA512
4e2382749efa8eda16fc93524c9c5191add2f84a4adc85673cc65db3481374b088a75f1c7fc7eb686691a9e253eda43d2eb4677f499972fb0aa79e7aa61b57af

Download Submit
C:\Windows\system\EmfXVEV.exe

Filesize
6.0MB

MD5
5e4eeb796d23e6806e95b6b9ad75bde1

SHA1
b6aaed7149ac8667581bd38a5979939dd03197e0

SHA256
15fe2c6208b90e4b58dd14775c039d118dfc665c14519e1b4f9e5576eccb32bb

SHA512
237d657c8be61ded58e468de023850c7e999cdcb5953685cad63a5ba630069c702ec754a00966b0ac2e2112b49ee0e8fbb67ca06f72dad3df86ec2b45c21867d

Download Submit
C:\Windows\system\GyaOThS.exe

Filesize
6.0MB

MD5
33a72350c0c6793b1d2c12ce73371753

SHA1
36565689a5e1080b264a5c51bd14b269e64fc1fc

SHA256
935057c44d4e645115340774955482625c196717d6f2647af74d203f0c898711

SHA512
5165fe35110b95c611349a397c771dfcfbd9b467b5acfb67ccf2eac47c8781f5ac5bf51b13435c3579da3b1ddb2cfa8cd197e6e670221003a6384da87a416acf

Download Submit
C:\Windows\system\IHvRkfC.exe

Filesize
6.0MB

MD5
22848ffe1a1e5a2e4907747fbdb49dfc

SHA1
a194d119908ae06ce2d8b17c1d33c8efe2028133

SHA256
8b5945bc4e9dbed199ed11a78ec9922a09c06848f35f6d06e8a25941ce893144

SHA512
60a19ce67be906d9ce8708535131085ac541a4c6eecd0bb890afdceeffe0c1f763a4c20a24afee7624c8ae63a8203f652b6bacfcb2bf4cfe61d80785f1462e36

Download Submit
C:\Windows\system\KIKxhli.exe

Filesize
6.0MB

MD5
b2fc654b9b41e325b0358dafe2ca43c3

SHA1
822facaa98cbf5ac2f9cbef6a657b3da009dce38

SHA256
9a7e1ee6ccc65b138f174b43f79a07a6d1f04ff4700261a9b3006de1d950fd1f

SHA512
b912507bbf028a3799734acb249159be520c34cc3bc7b3337b93e41c9abab7ef9b027fa24fd22361fdd6065ad559dcc34ab1e1c2b4107dbdfbfe8f84d647ab16

Download Submit
C:\Windows\system\ObLwZRI.exe

Filesize
6.0MB

MD5
9b3d40eab67c14b77c6e70cbd8f54c02

SHA1
5c64031eb926515384da82be87655fda8ebd6334

SHA256
06e14d8c16d7ddb06eb0355ebd35d5971c4d6a1e9a01f91455e1fe3e6a499352

SHA512
7a3e458c1031a18e9106adce42c26e43714e4ac7d2add8fcdbdfb89ef7c2ab974e56a5bddcd1ef8fbfa3cc2e2cde31e8e4201cabbc1a1e735c44d74494737876

Download Submit
C:\Windows\system\QyZTwpu.exe

Filesize
6.0MB

MD5
a9567ae4f16d36a43d8c65bac2880f20

SHA1
ee06182bcbca4ecd6def01807e3041c7ce192a74

SHA256
cadb0826e4ebb9a097ef98db565d79b9d22de91910bf4409e9da4b2b4b58ec93

SHA512
b03e168108e4e1c4477e4c09585bc052168ed498e4c33f68e52ebe63ed90b508a9553751998755b245b411ce33c838571332bccf92425a32ed68dba5570a9774

Download Submit
C:\Windows\system\WAHXAXc.exe

Filesize
6.0MB

MD5
c590ebda8eadb4e7bacde3d1ef426012

SHA1
3939b4df90bc9ef7a43697e634f847ed43bb1c3a

SHA256
5977f228ac09f98228a1e41f278e79384161b8ed6a8374c5e6e6656c14ad9188

SHA512
5fe09f6bf66287bdedc00a51ebd00403b4f2b162edac9fac706ce7832867b5b90e18c19e0d775eef3028ac11601d606136f54083a318c4dea2b92e4fa1ed1867

Download Submit
C:\Windows\system\WtLKLbF.exe

Filesize
6.0MB

MD5
1c207fecde1662fe200dba83cede46fb

SHA1
04c0b27958c4276eaa35aa2fb931eebfbf346a6b

SHA256
db8cb0eb0ca2ff352f299aa2fea9068b47001330edaf4c6f187e875812b1640f

SHA512
6ff1b3543ccc6e551c7ac13125b761600f1a890b6896c6b192266410a97266d5964e08f8ac459c2973b59cb65538ec9850544c7d521bb10f7eb8c3e3b80f5fbb

Download Submit
C:\Windows\system\XcOkiRk.exe

Filesize
6.0MB

MD5
0f39fa8511651ed4f39cdcbfc1ea7979

SHA1
fd8a8e38b4eb6c900225462682294c47082c9a1e

SHA256
25c35a9a26345f5b92d4915db1ae9584134c2d7c2afd59810539d2e7b1b51dfb

SHA512
a339023eba73b60862edbe590b0888ec7c7907457180f75d865a6d4556646d59f846e8cf00acbd94e30f075d7a3974bdd321bd17df083dfea001b96022ad94cb

Download Submit
C:\Windows\system\ZyilBvh.exe

Filesize
6.0MB

MD5
7607b63a6dd858e85915d50d855db91a

SHA1
447eb6652b2b5f44e6a1898edc416b7c8ec0b79c

SHA256
5b43d10312b1c3714a42d5c804ddf26f173352957eee7d43aaf2f875727bbe66

SHA512
d2a83da3001d9ecdd412e8968158ec320b537640bb31d609b8d295b5931b7cd37034908567d7c77919033573f76c68f10067ed79fa8a7b6b309dfb4cab5ee0a6

Download Submit
C:\Windows\system\acDjqUX.exe

Filesize
6.0MB

MD5
befc5c65e30fc28c89446f1174d9b34b

SHA1
2c88a7efd0eac5acae847825faff1a64bd756bef

SHA256
b3d6c5c20b73a40d5de80ae9f1091fa50ce8d9f33b7849e266f1d8d1177a47d1

SHA512
0ee5b32941855e4a728fdb8628789dab6d460bf709ad31a852ec521fd96895674dab55563f6e45de8c1161c261a41b8f6fae135aee1d328eda5716b78df29b4a

Download Submit
C:\Windows\system\eLBIdhj.exe

Filesize
6.0MB

MD5
4fdf8f01b6556ff7685da2ac5365adc2

SHA1
effa74316305c5d8000090dfee6468098eb40095

SHA256
726252ff2b662702a86459c3590ec46960529fd7b99d624ea8606ac14cc57051

SHA512
265c05dbe6fa067ba4a8183d13b48c5f9b8299c77b52c67a2934661704312394b1692585cae008ef6b092a020e168cf06257661172c451ce9d408d722294bc8f

Download Submit
C:\Windows\system\faJkxdC.exe

Filesize
6.0MB

MD5
faf1271cc262ee4398fb8ec3b8761be3

SHA1
2176d910a65ce7e7c502ebf5efbf517d04e5a1ed

SHA256
c9a26ab5e43e1e5254217a0ca9f2db1378a13bf9ae64abd656d3625fea5a63ee

SHA512
467f6c161a9ab3f5fc3ef3947fc4f2516ef8785e8d0f6fc1c230f55e687a5be896355797d923955149f042404384759390c8435940b1df816c1385cc1ba0ada4

Download Submit
C:\Windows\system\hMkpGWN.exe

Filesize
6.0MB

MD5
3867be44118696485c793c8303d0df8f

SHA1
ebd182ffe3dc8f018f035c0e39417d13c8ec6ea0

SHA256
d2f24c2ec51e6e737beb53361d7c5b29331f5b0fb699a71ea70767c1a19d57ca

SHA512
df40b3a2e8f10b4034c3ed1df505eb498bacf2f33c4c4650867e3d0e637f9d37f9c79f2c5a41fdd1914a23c0cb720ee0cb2ce67514cd50cb50f9f5464e41d112

Download Submit
C:\Windows\system\iMdtYHM.exe

Filesize
6.0MB

MD5
b7b0dd59b4ee4f41e3304bd5c289323d

SHA1
bdf12e8150a964faa7e78c0a3faf1ed4817bb307

SHA256
caec1f3b1ff66becf9885c646e57265f6c9bcfca6eba31139c17aa95b7550bda

SHA512
91ae6770cca92ec13572bf98545e96919ea2106127a857bb13c2149fb9e60e04b12ec8a74ddff647157f383d4eb7739feaf83b08c42227e251d6229cb2c827aa

Download Submit
C:\Windows\system\ifrSvgv.exe

Filesize
6.0MB

MD5
501a165d9028b140a5978bdd5df0af30

SHA1
4aadf40c17a737f612b25665b2647022147ca795

SHA256
ba952bb46fe0c87529f82139bea09aba53e3c319a78e074710a6e1dd00733a51

SHA512
a6f34dac6bd8446a07fd70f07dd9d63a09edf7ef5280f26fb3555d99a3d80d5c86d289ccbb1fc25bc34f3fbbe15abb489900e6af70113d7504404614a65aaba5

Download Submit
C:\Windows\system\jPLpxfv.exe

Filesize
6.0MB

MD5
d34e79472ea4c00026d6bc6e7a72fa50

SHA1
66e0470a2c4a756a0456047291c56c9d86966543

SHA256
03db371c938f64bdd6d3321440c3ed68130fde85c34dd6f5151f5aabe7cc4fd9

SHA512
3aa783dd2e02356103e9958edfdd858380a5ca8920e1448dc93ff88c694e7d84e838bf8d65a15b9627766828dbb088e381b01a15012bbce47b82c1d63bdff431

Download Submit
C:\Windows\system\qrybxez.exe

Filesize
6.0MB

MD5
6242ff065855c6b1790798d8b7f346e4

SHA1
8a3cd99ff61a1ea702b722ddc4cfad265191e97e

SHA256
58a128e156ce8218a08bcad44e4a4c9e94510a7bf8c41d4eb24bc267ba48ec4a

SHA512
5c732c93656f83ce2d8cd983017875aa1457110ad9b111b986e77edb0006a8939d343c8bbffe4d75c52a7c5cd98eb7682be8d484114c10a663a9a782126269bd

Download Submit
C:\Windows\system\rahRrTu.exe

Filesize
6.0MB

MD5
7b0a78f82a6fa25763c9befb41dc3de0

SHA1
144930ba448d797a2ade824c4af096a6e74852b7

SHA256
75ea7da9babaf12f7cb99a0c61c1ff7a130c8a85fc970a3ac40d9eb74f29c375

SHA512
34098181b488c1c579790d58cca6729eb1a9e07cdac5356a66c0334ab85732e75cdd6f393708b2ac1e7043969334181e1a3b5e3629b0bfea1831431d05f5421d

Download Submit
C:\Windows\system\rtAmbsl.exe

Filesize
6.0MB

MD5
b77de6ae99ea9c2b37eef68d54b2ee32

SHA1
7f8af2c723a95cee1d441d26861f218b464190a0

SHA256
22feaa38d34ce5f15c20ca5aa5046cb26d0104229521f76dd9be5ed2ae49489e

SHA512
5d967b6c14abb13da1979fc3a7d576bd25d43eded5a07ccdb75baa0aaa8890a11f553fb1336573c7e81899e60790128cfef681cf4c82f985235ffc680e9605c8

Download Submit
C:\Windows\system\seaMaMi.exe

Filesize
6.0MB

MD5
015140a23d63128cf7850058ad2cc900

SHA1
a2ae4cb09d1571a147101b048a4897fedcc069d4

SHA256
8f0b148310284bee848ffbdd6d8a81967d60186ae7317ebad12df5a692de5a67

SHA512
3cc478e4526a7ff6528353b952897db77cbbd3a3aa2104ec3f22dfcd3bd882251f199c44105613475a9d9cf1f4e6c173bf85003a895ac1ca22149c79250ce655

Download Submit
C:\Windows\system\svjVIPc.exe

Filesize
6.0MB

MD5
e1c5f24b0fbf70466b4662770a55549f

SHA1
a95316ce6b3c41e16ff44932d5d1b0b1a9db3d92

SHA256
eaf1e0d51d8aae94fd98080ff7f5e58c777f8426e88c5b987993459d516ef293

SHA512
000140fda184809a063ebfe7e1313fe7c987a77a047ec7856959042aabdf5c390eec465058e77f5a96d9d86e332118267802143253f7560c6e574a78a604abdf

Download Submit
C:\Windows\system\upDSpGX.exe

Filesize
6.0MB

MD5
088c159791ad538b687b5ea25082d4bf

SHA1
d76a73883a5e5327405ef2db4cd0c06770efbedb

SHA256
8ca8efcbe40b0cdfe43c33b1af3fc3accbdfc51c77d9a2e3d832336a74946712

SHA512
27e5d1ef1dde0fcd494bfd7c72e3a0ef702fc50c2db634a3eddd978ff16807fcea48b74ced4532133705c910284f4cd2590c082c86dc277a651e26deba8a168a

Download Submit
C:\Windows\system\yNTxMRr.exe

Filesize
6.0MB

MD5
677504a292e0b39196b0e66a6f29daa7

SHA1
abda2385c30e96b0b9a14678d149b869b8e740c0

SHA256
013114e42833ae17b58306394dfd96a5f201515dbdef3f2dcea58e40f053065a

SHA512
b35d317a6b6a96b406acdbc54a2b557dbce68ef752b12e536c6e052ce5dee310ec6966aeec290123b798b316f6f24c763eebd7411db47df33cb52cd08a8d2320

Download Submit
\Windows\system\PhGOkGF.exe

Filesize
6.0MB

MD5
63e82520c7013fc0d5aface4cdbe45b5

SHA1
eb92d5b738853b9f0eb4af729700f82ab6b15632

SHA256
6e133b51c2cad696414f729bc083a2f360dee1004cc282d565d0f1c051553678

SHA512
da6bd039a414e6d5b0476b430f78b2303ce87605a614df66c7c302508015a80bd9895197b6585be08a1e051fdb2bb158e375516468d82d4d8a3def6a163cae42

Download Submit
\Windows\system\SkjAwRA.exe

Filesize
6.0MB

MD5
1eea8afec7cf1e741640fd2a2c7741cc

SHA1
2bcc8ba7a0f60c73281d632920080ebda8094ff7

SHA256
d6ba1a98461a269999664e9ab52ca3fd99204d0da0d5d8f0734935a036ce60d9

SHA512
53d98071497d7130d83a1acd893913ae3ff9c052cf3a1d6b0c3c5482eb7466a44d8967a06a75b2778255d055c5d6b63be10c4d5c7ef1ac57b7811c4d36c86c64

Download Submit
\Windows\system\UBnHCHl.exe

Filesize
6.0MB

MD5
7aab5bef6685ce1048d1dc7d25cb82d5

SHA1
362112133d5083179ccc3255df906189ed8263e5

SHA256
a53ac7db440200675ef61e74440d3d6623cd89b4d93f7e5216ba03d0cd26e3b9

SHA512
241cd367155ad99a2c928d75da3b3c3b7b0b7cb5cd27b27ea39ce8ef55d1f627b287b362c6347555e6b0c7371cc199953beb4dde6f69bc6772a47a0f9dcf78ab

Download Submit
\Windows\system\YTCeWGO.exe

Filesize
6.0MB

MD5
5e6895a8c3099034f3f94a838f724c4c

SHA1
73b4da247a240da18e3d6c73b2b33574061c8168

SHA256
5b7df18bbded534940aa1bf0c65de31187444766612a33da25114104b1ed85c2

SHA512
0c65a0e80fdfd997333398632a530eb5e7b6331a213d5449c5692c1eb156d77dbdce1df22ddf874750e61ea2dedbcdb123881afefa55f07b08aad809499a2191

Download Submit
\Windows\system\memhubr.exe

Filesize
6.0MB

MD5
9f23a9eda9b11edce3d1706147ff9997

SHA1
607ed2af77b39dc8a374d5e41880999ca9b2e61e

SHA256
1ab17aea8c3b7c21d1413db57fd49c0cbd1a4a3f3a8e137815354a29058029c7

SHA512
5e9f5d463300a3396afc2404777b0f2c3a8e537996ecc23fcc7c86609a6fbbab4e7f3cc0109867cb7625a74478d400456319a6c3f9a290f20156552c6345bac4

Download Submit
\Windows\system\mypuksh.exe

Filesize
6.0MB

MD5
13d2aca60eb616f5964b31a4884eeff2

SHA1
a99aaf2236022fc36d6ee0e1edab3e0925dc1715

SHA256
95dfa3a6980199496035bc02f63ca1e668f61c35f5f10d7e36597accb100c6a0

SHA512
a182cd57a8ecbcb42c61ca503c22ce47f02dc81bbf2ea8b2cee725ba07d2837f7a9153e89409aa5258d08848a76f0d4ccac5777c079dbd1faa61647afebb9286

Download Submit
memory/392-88-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/392-1955-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/1056-130-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/1056-63-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/1056-1933-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/1612-100-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1612-1964-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1760-22-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/1760-1800-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/1852-282-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/1852-55-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/1852-497-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1852-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1852-62-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/1852-357-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/1852-24-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/1852-0-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/1852-54-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/1852-617-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/1852-20-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/1852-41-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/1852-18-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/1852-90-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/1852-68-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/1852-33-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/1852-467-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/1852-106-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/1852-91-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/1852-80-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2028-19-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2028-1799-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2544-92-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2544-468-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2544-1968-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-1872-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2672-48-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2680-1894-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2680-99-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2680-56-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2792-21-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2792-1798-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2820-69-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-283-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-1954-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-1873-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2836-49-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2860-1857-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2860-71-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2860-37-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2928-1816-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2928-29-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/3012-86-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/3012-358-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/3012-1952-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download