cobaltstrike | f41ac840f36f1c4c0755d4ffdd7e7807f344a6c48d4a21190c142a0286305325

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-12-2024 00:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

caec68e556d47d354832f77537f4950c
SHA1

561c81814236a5b01cf32662b33005172762394c
SHA256

f41ac840f36f1c4c0755d4ffdd7e7807f344a6c48d4a21190c142a0286305325
SHA512

cc031ac090d55b50d66b17bc8e29ea4510d5b2836bd80fc99ac8fdedd5310592709f311ffc32ce26c7b8a4dd577c734fcfe8027838aee0bd257d3b4668a5a86a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU4:T+q56utgpPF8u/74

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012029-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d0d-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d5c-24.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-66.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d6d-43.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016858-61.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186de-53.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d50-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d64-52.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015cdb-77.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001920f-112.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192f0-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019384-153.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a2-156.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c9-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019346-148.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193af-167.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f8-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933e-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019241-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925c-129.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903d-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019228-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-120.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d68-98.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018bcd-92.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019030-104.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d63-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018761-88.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001875d-81.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d2e-10.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2828-0-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/files/0x000b000000012029-6.dat	xmrig
behavioral1/files/0x0008000000015d0d-8.dat	xmrig
behavioral1/memory/2884-27-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/files/0x0007000000015d5c-24.dat	xmrig
behavioral1/memory/1988-64-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/files/0x00050000000186ee-66.dat	xmrig
behavioral1/files/0x0007000000015d6d-43.dat	xmrig
behavioral1/memory/2784-65-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2600-63-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016858-61.dat	xmrig
behavioral1/memory/2828-60-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/1956-59-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2124-56-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/files/0x00060000000186de-53.dat	xmrig
behavioral1/files/0x0007000000015d50-41.dat	xmrig
behavioral1/files/0x0007000000015d64-52.dat	xmrig
behavioral1/memory/1128-51-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2500-72-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/files/0x0009000000015cdb-77.dat	xmrig
behavioral1/files/0x000500000001920f-112.dat	xmrig
behavioral1/files/0x00050000000192f0-134.dat	xmrig
behavioral1/files/0x0005000000019384-153.dat	xmrig
behavioral1/files/0x00050000000193a2-156.dat	xmrig
behavioral1/memory/2524-429-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2260-449-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2368-544-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/files/0x00050000000193c9-161.dat	xmrig
behavioral1/files/0x0005000000019346-148.dat	xmrig
behavioral1/files/0x00050000000193af-167.dat	xmrig
behavioral1/files/0x00050000000193f8-164.dat	xmrig
behavioral1/files/0x000500000001933e-145.dat	xmrig
behavioral1/files/0x000500000001932a-140.dat	xmrig
behavioral1/files/0x0005000000019273-132.dat	xmrig
behavioral1/files/0x0005000000019241-124.dat	xmrig
behavioral1/files/0x000500000001925c-129.dat	xmrig
behavioral1/files/0x000600000001903d-115.dat	xmrig
behavioral1/files/0x0005000000019228-113.dat	xmrig
behavioral1/files/0x0005000000019234-120.dat	xmrig
behavioral1/files/0x0006000000018d68-98.dat	xmrig
behavioral1/files/0x0006000000018bcd-92.dat	xmrig
behavioral1/files/0x0006000000019030-104.dat	xmrig
behavioral1/files/0x0006000000018d63-97.dat	xmrig
behavioral1/files/0x0005000000018761-88.dat	xmrig
behavioral1/memory/2548-85-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2828-83-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/files/0x000500000001875d-81.dat	xmrig
behavioral1/memory/2764-78-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/268-30-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2828-36-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d2e-10.dat	xmrig
behavioral1/memory/2368-18-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2828-17-0x0000000002240000-0x0000000002594000-memory.dmp	xmrig
behavioral1/memory/2500-3667-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2764-3876-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2548-3879-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/268-4018-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2884-4019-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2368-4020-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2124-4021-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/1988-4024-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2600-4023-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/1128-4022-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/1956-4025-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
268	QUdFzSv.exe
2368	gNpjXdD.exe
2884	DUmYxkp.exe
2124	nqpNabn.exe
1128	dtOBSah.exe
1956	xAMwYbK.exe
1988	gcFoGlY.exe
2600	pPsxhHr.exe
2784	EmkDaBn.exe
2500	dWQZKor.exe
2764	eYawGwd.exe
2548	ZRicoul.exe
2524	bRLllfd.exe
2260	USwgtmY.exe
2980	poXqSIn.exe
2264	mgTFfuP.exe
1824	oTspKJA.exe
2320	YfvDMnl.exe
1872	iNVpaNa.exe
2292	pThtPzF.exe
1760	UqVmQOF.exe
1056	WlyMouW.exe
1792	gFGMCMA.exe
796	UljxryB.exe
328	RinfjRE.exe
2248	NuwfctN.exe
1280	LAuOsEm.exe
1416	buLfzzg.exe
1624	IEbdPoT.exe
1612	eKzKraz.exe
1676	ukeVxot.exe
2808	JDmQOUN.exe
1892	nJRSygm.exe
2800	bASjUmC.exe
2012	vRBYOqq.exe
2676	mnRQZFj.exe
1124	EijgfGw.exe
1868	QCgJSCd.exe
1848	FiuTRYZ.exe
1688	jpISNCo.exe
680	QLWrslt.exe
1144	zwouVkl.exe
308	rgNoekq.exe
948	GYHPhBP.exe
1968	icUcvgT.exe
2560	XsqbCga.exe
1788	ZtxyRIo.exe
1660	spYvbqQ.exe
1384	tFZlcXX.exe
1936	yqXXCsy.exe
1928	DxMYVYt.exe
1084	ORZwnKV.exe
836	drlxWUl.exe
1648	uHRnCUX.exe
564	GvgZQvT.exe
1772	ypYRrRb.exe
1344	NceNpPT.exe
2076	iPikbqO.exe
3008	fnSChNR.exe
868	ZikqvKX.exe
2116	dbaldEC.exe
1592	mENiOGb.exe
684	UQBosOh.exe
888	QSMIhGa.exe

Loads dropped DLL 64 IoCs

pid	Process
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2828-0-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/files/0x000b000000012029-6.dat	upx
behavioral1/files/0x0008000000015d0d-8.dat	upx
behavioral1/memory/2884-27-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/files/0x0007000000015d5c-24.dat	upx
behavioral1/memory/1988-64-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/files/0x00050000000186ee-66.dat	upx
behavioral1/files/0x0007000000015d6d-43.dat	upx
behavioral1/memory/2784-65-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2600-63-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/files/0x0008000000016858-61.dat	upx
behavioral1/memory/1956-59-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2124-56-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/files/0x00060000000186de-53.dat	upx
behavioral1/files/0x0007000000015d50-41.dat	upx
behavioral1/files/0x0007000000015d64-52.dat	upx
behavioral1/memory/1128-51-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2500-72-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/files/0x0009000000015cdb-77.dat	upx
behavioral1/files/0x000500000001920f-112.dat	upx
behavioral1/files/0x00050000000192f0-134.dat	upx
behavioral1/files/0x0005000000019384-153.dat	upx
behavioral1/files/0x00050000000193a2-156.dat	upx
behavioral1/memory/2524-429-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2260-449-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2368-544-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/files/0x00050000000193c9-161.dat	upx
behavioral1/files/0x0005000000019346-148.dat	upx
behavioral1/files/0x00050000000193af-167.dat	upx
behavioral1/files/0x00050000000193f8-164.dat	upx
behavioral1/files/0x000500000001933e-145.dat	upx
behavioral1/files/0x000500000001932a-140.dat	upx
behavioral1/files/0x0005000000019273-132.dat	upx
behavioral1/files/0x0005000000019241-124.dat	upx
behavioral1/files/0x000500000001925c-129.dat	upx
behavioral1/files/0x000600000001903d-115.dat	upx
behavioral1/files/0x0005000000019228-113.dat	upx
behavioral1/files/0x0005000000019234-120.dat	upx
behavioral1/files/0x0006000000018d68-98.dat	upx
behavioral1/files/0x0006000000018bcd-92.dat	upx
behavioral1/files/0x0006000000019030-104.dat	upx
behavioral1/files/0x0006000000018d63-97.dat	upx
behavioral1/files/0x0005000000018761-88.dat	upx
behavioral1/memory/2548-85-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2828-83-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/files/0x000500000001875d-81.dat	upx
behavioral1/memory/2764-78-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/268-30-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/files/0x0008000000015d2e-10.dat	upx
behavioral1/memory/2368-18-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2500-3667-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2764-3876-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2548-3879-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/268-4018-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2884-4019-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2368-4020-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2124-4021-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/1988-4024-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2600-4023-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/1128-4022-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/1956-4025-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2784-4026-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2500-4027-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2764-4028-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\KECswNq.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jZTNNIg.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\taOldGl.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xkdEwed.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ycNfuqR.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NpfQRwa.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VZTMUZS.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NuwfctN.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zwouVkl.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EDitrzw.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CezirNx.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mDAYxgH.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JZgfJAy.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zsSSlwv.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pPpIYzk.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CGXPGsI.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eMjNXFj.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TvukciF.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GIPxebu.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CqWEhcs.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WyaZRdD.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\owxCwte.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gqLyTPd.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nmCFTiN.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\boeagDv.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CmGEbvf.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xAvonuM.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MffwAip.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oRzehtr.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\frevdgg.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SrFQnSE.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pWryZpa.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xGHMXuY.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DLPxWRL.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PRdjQea.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GcxGMRB.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eKVbxFi.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qbyzdQY.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jrEpqiE.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KRVrXQm.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rvMzCTw.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AxLXeaM.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ynGJyeR.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TusjxmH.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hPBlLoh.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qnnIGYy.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zKVDszp.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TpFwVzl.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YHbOrBS.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ukeVxot.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bkwcIDM.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lJNAflW.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jTrKBuT.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uayHQDw.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OrzFIUI.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xmMHwDF.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ElqCYiF.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fwwlYQM.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QxKZAsR.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJORINn.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WkmRBkd.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\twJTLZt.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vCPDDAr.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QfbOiTP.exe	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2828 wrote to memory of 268	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2828 wrote to memory of 268	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2828 wrote to memory of 268	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2828 wrote to memory of 2368	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2828 wrote to memory of 2368	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2828 wrote to memory of 2368	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2828 wrote to memory of 2884	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2828 wrote to memory of 2884	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2828 wrote to memory of 2884	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2828 wrote to memory of 1128	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2828 wrote to memory of 1128	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2828 wrote to memory of 1128	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2828 wrote to memory of 2124	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2828 wrote to memory of 2124	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2828 wrote to memory of 2124	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2828 wrote to memory of 1988	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2828 wrote to memory of 1988	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2828 wrote to memory of 1988	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2828 wrote to memory of 1956	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2828 wrote to memory of 1956	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2828 wrote to memory of 1956	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2828 wrote to memory of 2784	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2828 wrote to memory of 2784	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2828 wrote to memory of 2784	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2828 wrote to memory of 2600	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2828 wrote to memory of 2600	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2828 wrote to memory of 2600	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2828 wrote to memory of 2500	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2828 wrote to memory of 2500	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2828 wrote to memory of 2500	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2828 wrote to memory of 2764	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2828 wrote to memory of 2764	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2828 wrote to memory of 2764	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2828 wrote to memory of 2548	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2828 wrote to memory of 2548	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2828 wrote to memory of 2548	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2828 wrote to memory of 2524	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2828 wrote to memory of 2524	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2828 wrote to memory of 2524	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2828 wrote to memory of 2260	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2828 wrote to memory of 2260	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2828 wrote to memory of 2260	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2828 wrote to memory of 2980	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2828 wrote to memory of 2980	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2828 wrote to memory of 2980	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2828 wrote to memory of 2264	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2828 wrote to memory of 2264	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2828 wrote to memory of 2264	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2828 wrote to memory of 1824	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2828 wrote to memory of 1824	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2828 wrote to memory of 1824	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2828 wrote to memory of 1872	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2828 wrote to memory of 1872	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2828 wrote to memory of 1872	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2828 wrote to memory of 2320	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2828 wrote to memory of 2320	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2828 wrote to memory of 2320	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2828 wrote to memory of 1760	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2828 wrote to memory of 1760	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2828 wrote to memory of 1760	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2828 wrote to memory of 2292	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2828 wrote to memory of 2292	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2828 wrote to memory of 2292	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2828 wrote to memory of 1056	2828	2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-20_caec68e556d47d354832f77537f4950c_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2828
- C:\Windows\System\QUdFzSv.exe
  C:\Windows\System\QUdFzSv.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\gNpjXdD.exe
  C:\Windows\System\gNpjXdD.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\DUmYxkp.exe
  C:\Windows\System\DUmYxkp.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\dtOBSah.exe
  C:\Windows\System\dtOBSah.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\nqpNabn.exe
  C:\Windows\System\nqpNabn.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\gcFoGlY.exe
  C:\Windows\System\gcFoGlY.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\xAMwYbK.exe
  C:\Windows\System\xAMwYbK.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\EmkDaBn.exe
  C:\Windows\System\EmkDaBn.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\pPsxhHr.exe
  C:\Windows\System\pPsxhHr.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\dWQZKor.exe
  C:\Windows\System\dWQZKor.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\eYawGwd.exe
  C:\Windows\System\eYawGwd.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\ZRicoul.exe
  C:\Windows\System\ZRicoul.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\bRLllfd.exe
  C:\Windows\System\bRLllfd.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\USwgtmY.exe
  C:\Windows\System\USwgtmY.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\poXqSIn.exe
  C:\Windows\System\poXqSIn.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\mgTFfuP.exe
  C:\Windows\System\mgTFfuP.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\oTspKJA.exe
  C:\Windows\System\oTspKJA.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\iNVpaNa.exe
  C:\Windows\System\iNVpaNa.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\YfvDMnl.exe
  C:\Windows\System\YfvDMnl.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\UqVmQOF.exe
  C:\Windows\System\UqVmQOF.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\pThtPzF.exe
  C:\Windows\System\pThtPzF.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\WlyMouW.exe
  C:\Windows\System\WlyMouW.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\gFGMCMA.exe
  C:\Windows\System\gFGMCMA.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\UljxryB.exe
  C:\Windows\System\UljxryB.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\RinfjRE.exe
  C:\Windows\System\RinfjRE.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\NuwfctN.exe
  C:\Windows\System\NuwfctN.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\LAuOsEm.exe
  C:\Windows\System\LAuOsEm.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\buLfzzg.exe
  C:\Windows\System\buLfzzg.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\IEbdPoT.exe
  C:\Windows\System\IEbdPoT.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\eKzKraz.exe
  C:\Windows\System\eKzKraz.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\ukeVxot.exe
  C:\Windows\System\ukeVxot.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\nJRSygm.exe
  C:\Windows\System\nJRSygm.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\JDmQOUN.exe
  C:\Windows\System\JDmQOUN.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\vRBYOqq.exe
  C:\Windows\System\vRBYOqq.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\bASjUmC.exe
  C:\Windows\System\bASjUmC.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\mnRQZFj.exe
  C:\Windows\System\mnRQZFj.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\EijgfGw.exe
  C:\Windows\System\EijgfGw.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\QCgJSCd.exe
  C:\Windows\System\QCgJSCd.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\FiuTRYZ.exe
  C:\Windows\System\FiuTRYZ.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\jpISNCo.exe
  C:\Windows\System\jpISNCo.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\QLWrslt.exe
  C:\Windows\System\QLWrslt.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\zwouVkl.exe
  C:\Windows\System\zwouVkl.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\rgNoekq.exe
  C:\Windows\System\rgNoekq.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\GYHPhBP.exe
  C:\Windows\System\GYHPhBP.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\icUcvgT.exe
  C:\Windows\System\icUcvgT.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\XsqbCga.exe
  C:\Windows\System\XsqbCga.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\ZtxyRIo.exe
  C:\Windows\System\ZtxyRIo.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\spYvbqQ.exe
  C:\Windows\System\spYvbqQ.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\tFZlcXX.exe
  C:\Windows\System\tFZlcXX.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\yqXXCsy.exe
  C:\Windows\System\yqXXCsy.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\DxMYVYt.exe
  C:\Windows\System\DxMYVYt.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\ORZwnKV.exe
  C:\Windows\System\ORZwnKV.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\drlxWUl.exe
  C:\Windows\System\drlxWUl.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\uHRnCUX.exe
  C:\Windows\System\uHRnCUX.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\GvgZQvT.exe
  C:\Windows\System\GvgZQvT.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\ypYRrRb.exe
  C:\Windows\System\ypYRrRb.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\NceNpPT.exe
  C:\Windows\System\NceNpPT.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\iPikbqO.exe
  C:\Windows\System\iPikbqO.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\fnSChNR.exe
  C:\Windows\System\fnSChNR.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\ZikqvKX.exe
  C:\Windows\System\ZikqvKX.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\dbaldEC.exe
  C:\Windows\System\dbaldEC.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\UQBosOh.exe
  C:\Windows\System\UQBosOh.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\mENiOGb.exe
  C:\Windows\System\mENiOGb.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\QSMIhGa.exe
  C:\Windows\System\QSMIhGa.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\HGtvbsm.exe
  C:\Windows\System\HGtvbsm.exe
  2⤵
  PID:1048
- C:\Windows\System\fwwlYQM.exe
  C:\Windows\System\fwwlYQM.exe
  2⤵
  PID:2332
- C:\Windows\System\lTweyRb.exe
  C:\Windows\System\lTweyRb.exe
  2⤵
  PID:2452
- C:\Windows\System\AvbcjTo.exe
  C:\Windows\System\AvbcjTo.exe
  2⤵
  PID:1596
- C:\Windows\System\dgCuBXo.exe
  C:\Windows\System\dgCuBXo.exe
  2⤵
  PID:1904
- C:\Windows\System\cFVvDed.exe
  C:\Windows\System\cFVvDed.exe
  2⤵
  PID:1288
- C:\Windows\System\kvixCfK.exe
  C:\Windows\System\kvixCfK.exe
  2⤵
  PID:288
- C:\Windows\System\TWVjASC.exe
  C:\Windows\System\TWVjASC.exe
  2⤵
  PID:2900
- C:\Windows\System\aEXutQO.exe
  C:\Windows\System\aEXutQO.exe
  2⤵
  PID:2096
- C:\Windows\System\chwgWcl.exe
  C:\Windows\System\chwgWcl.exe
  2⤵
  PID:2976
- C:\Windows\System\diSfDBG.exe
  C:\Windows\System\diSfDBG.exe
  2⤵
  PID:2620
- C:\Windows\System\nNlVKSv.exe
  C:\Windows\System\nNlVKSv.exe
  2⤵
  PID:1980
- C:\Windows\System\OlhvPuY.exe
  C:\Windows\System\OlhvPuY.exe
  2⤵
  PID:2652
- C:\Windows\System\YcgwByQ.exe
  C:\Windows\System\YcgwByQ.exe
  2⤵
  PID:1932
- C:\Windows\System\okQcraK.exe
  C:\Windows\System\okQcraK.exe
  2⤵
  PID:3064
- C:\Windows\System\UqVIvJe.exe
  C:\Windows\System\UqVIvJe.exe
  2⤵
  PID:1620
- C:\Windows\System\KevdZCv.exe
  C:\Windows\System\KevdZCv.exe
  2⤵
  PID:1564
- C:\Windows\System\nYFOfrr.exe
  C:\Windows\System\nYFOfrr.exe
  2⤵
  PID:740
- C:\Windows\System\WbzfOwG.exe
  C:\Windows\System\WbzfOwG.exe
  2⤵
  PID:2992
- C:\Windows\System\DPmZmAm.exe
  C:\Windows\System\DPmZmAm.exe
  2⤵
  PID:2148
- C:\Windows\System\owxCwte.exe
  C:\Windows\System\owxCwte.exe
  2⤵
  PID:572
- C:\Windows\System\UXZpQre.exe
  C:\Windows\System\UXZpQre.exe
  2⤵
  PID:3024
- C:\Windows\System\XLBwoeh.exe
  C:\Windows\System\XLBwoeh.exe
  2⤵
  PID:1912
- C:\Windows\System\RJUlxCI.exe
  C:\Windows\System\RJUlxCI.exe
  2⤵
  PID:1504
- C:\Windows\System\exTCbjs.exe
  C:\Windows\System\exTCbjs.exe
  2⤵
  PID:2896
- C:\Windows\System\bSZrQsk.exe
  C:\Windows\System\bSZrQsk.exe
  2⤵
  PID:2684
- C:\Windows\System\SbfvZlx.exe
  C:\Windows\System\SbfvZlx.exe
  2⤵
  PID:2740
- C:\Windows\System\tMZLBku.exe
  C:\Windows\System\tMZLBku.exe
  2⤵
  PID:2596
- C:\Windows\System\ywyTcne.exe
  C:\Windows\System\ywyTcne.exe
  2⤵
  PID:2664
- C:\Windows\System\WqHiiAt.exe
  C:\Windows\System\WqHiiAt.exe
  2⤵
  PID:2920
- C:\Windows\System\jhSJwHs.exe
  C:\Windows\System\jhSJwHs.exe
  2⤵
  PID:2952
- C:\Windows\System\iVVpZhp.exe
  C:\Windows\System\iVVpZhp.exe
  2⤵
  PID:832
- C:\Windows\System\ryynlPh.exe
  C:\Windows\System\ryynlPh.exe
  2⤵
  PID:2300
- C:\Windows\System\daKgAkW.exe
  C:\Windows\System\daKgAkW.exe
  2⤵
  PID:2056
- C:\Windows\System\IxGkZiM.exe
  C:\Windows\System\IxGkZiM.exe
  2⤵
  PID:1196
- C:\Windows\System\vmmlWbA.exe
  C:\Windows\System\vmmlWbA.exe
  2⤵
  PID:2400
- C:\Windows\System\nEwaEUL.exe
  C:\Windows\System\nEwaEUL.exe
  2⤵
  PID:3068
- C:\Windows\System\ysFCymE.exe
  C:\Windows\System\ysFCymE.exe
  2⤵
  PID:2256
- C:\Windows\System\cALPVdt.exe
  C:\Windows\System\cALPVdt.exe
  2⤵
  PID:2728
- C:\Windows\System\NwvUUSi.exe
  C:\Windows\System\NwvUUSi.exe
  2⤵
  PID:2156
- C:\Windows\System\qXULxek.exe
  C:\Windows\System\qXULxek.exe
  2⤵
  PID:340
- C:\Windows\System\jPMybpk.exe
  C:\Windows\System\jPMybpk.exe
  2⤵
  PID:2352
- C:\Windows\System\oGpMRDg.exe
  C:\Windows\System\oGpMRDg.exe
  2⤵
  PID:3056
- C:\Windows\System\ZmkPhZE.exe
  C:\Windows\System\ZmkPhZE.exe
  2⤵
  PID:1032
- C:\Windows\System\gSIYJDl.exe
  C:\Windows\System\gSIYJDl.exe
  2⤵
  PID:2564
- C:\Windows\System\sBhHrwW.exe
  C:\Windows\System\sBhHrwW.exe
  2⤵
  PID:2536
- C:\Windows\System\XNrBhFB.exe
  C:\Windows\System\XNrBhFB.exe
  2⤵
  PID:1296
- C:\Windows\System\vGBiqCR.exe
  C:\Windows\System\vGBiqCR.exe
  2⤵
  PID:3076
- C:\Windows\System\dStrOir.exe
  C:\Windows\System\dStrOir.exe
  2⤵
  PID:3092
- C:\Windows\System\XXczztC.exe
  C:\Windows\System\XXczztC.exe
  2⤵
  PID:3112
- C:\Windows\System\hXmrYlR.exe
  C:\Windows\System\hXmrYlR.exe
  2⤵
  PID:3132
- C:\Windows\System\bkwcIDM.exe
  C:\Windows\System\bkwcIDM.exe
  2⤵
  PID:3148
- C:\Windows\System\SQVeBrD.exe
  C:\Windows\System\SQVeBrD.exe
  2⤵
  PID:3168
- C:\Windows\System\eKqtlUm.exe
  C:\Windows\System\eKqtlUm.exe
  2⤵
  PID:3184
- C:\Windows\System\xfNpnln.exe
  C:\Windows\System\xfNpnln.exe
  2⤵
  PID:3200
- C:\Windows\System\ajTkFYh.exe
  C:\Windows\System\ajTkFYh.exe
  2⤵
  PID:3216
- C:\Windows\System\yaSMWqX.exe
  C:\Windows\System\yaSMWqX.exe
  2⤵
  PID:3232
- C:\Windows\System\NvrVSHK.exe
  C:\Windows\System\NvrVSHK.exe
  2⤵
  PID:3248
- C:\Windows\System\QnDzAHB.exe
  C:\Windows\System\QnDzAHB.exe
  2⤵
  PID:3268
- C:\Windows\System\HUyemLZ.exe
  C:\Windows\System\HUyemLZ.exe
  2⤵
  PID:3284
- C:\Windows\System\uFCyOpM.exe
  C:\Windows\System\uFCyOpM.exe
  2⤵
  PID:3300
- C:\Windows\System\YYkHJfq.exe
  C:\Windows\System\YYkHJfq.exe
  2⤵
  PID:3320
- C:\Windows\System\eqmwMHo.exe
  C:\Windows\System\eqmwMHo.exe
  2⤵
  PID:3336
- C:\Windows\System\FTYbuIC.exe
  C:\Windows\System\FTYbuIC.exe
  2⤵
  PID:3352
- C:\Windows\System\rLmQltw.exe
  C:\Windows\System\rLmQltw.exe
  2⤵
  PID:3372
- C:\Windows\System\ksLrKJL.exe
  C:\Windows\System\ksLrKJL.exe
  2⤵
  PID:3388
- C:\Windows\System\Jauxjcg.exe
  C:\Windows\System\Jauxjcg.exe
  2⤵
  PID:3404
- C:\Windows\System\UmpiqDv.exe
  C:\Windows\System\UmpiqDv.exe
  2⤵
  PID:3420
- C:\Windows\System\KGvsIxT.exe
  C:\Windows\System\KGvsIxT.exe
  2⤵
  PID:3436
- C:\Windows\System\UDzpywl.exe
  C:\Windows\System\UDzpywl.exe
  2⤵
  PID:3456
- C:\Windows\System\oEuqMwJ.exe
  C:\Windows\System\oEuqMwJ.exe
  2⤵
  PID:3476
- C:\Windows\System\kOuoDpP.exe
  C:\Windows\System\kOuoDpP.exe
  2⤵
  PID:3492
- C:\Windows\System\ETRaEFt.exe
  C:\Windows\System\ETRaEFt.exe
  2⤵
  PID:3508
- C:\Windows\System\lNUtrqw.exe
  C:\Windows\System\lNUtrqw.exe
  2⤵
  PID:3524
- C:\Windows\System\zkiUYBR.exe
  C:\Windows\System\zkiUYBR.exe
  2⤵
  PID:3540
- C:\Windows\System\anMZfev.exe
  C:\Windows\System\anMZfev.exe
  2⤵
  PID:3556
- C:\Windows\System\gBvZtQV.exe
  C:\Windows\System\gBvZtQV.exe
  2⤵
  PID:3572
- C:\Windows\System\lgxwzHF.exe
  C:\Windows\System\lgxwzHF.exe
  2⤵
  PID:3592
- C:\Windows\System\MZiRONs.exe
  C:\Windows\System\MZiRONs.exe
  2⤵
  PID:3608
- C:\Windows\System\JvGxsiM.exe
  C:\Windows\System\JvGxsiM.exe
  2⤵
  PID:3632
- C:\Windows\System\AAzEqMx.exe
  C:\Windows\System\AAzEqMx.exe
  2⤵
  PID:3652
- C:\Windows\System\fMEJsyy.exe
  C:\Windows\System\fMEJsyy.exe
  2⤵
  PID:3672
- C:\Windows\System\ToXIRIJ.exe
  C:\Windows\System\ToXIRIJ.exe
  2⤵
  PID:3688
- C:\Windows\System\PjySqjX.exe
  C:\Windows\System\PjySqjX.exe
  2⤵
  PID:3720
- C:\Windows\System\rtgLaFs.exe
  C:\Windows\System\rtgLaFs.exe
  2⤵
  PID:3912
- C:\Windows\System\uPTxyRz.exe
  C:\Windows\System\uPTxyRz.exe
  2⤵
  PID:3932
- C:\Windows\System\qqVHBYO.exe
  C:\Windows\System\qqVHBYO.exe
  2⤵
  PID:3956
- C:\Windows\System\JlFWTTi.exe
  C:\Windows\System\JlFWTTi.exe
  2⤵
  PID:3972
- C:\Windows\System\PnhVBeM.exe
  C:\Windows\System\PnhVBeM.exe
  2⤵
  PID:3988
- C:\Windows\System\YLWZBut.exe
  C:\Windows\System\YLWZBut.exe
  2⤵
  PID:4008
- C:\Windows\System\EmEIPgV.exe
  C:\Windows\System\EmEIPgV.exe
  2⤵
  PID:4048
- C:\Windows\System\HQpWayc.exe
  C:\Windows\System\HQpWayc.exe
  2⤵
  PID:4064
- C:\Windows\System\OwDidLn.exe
  C:\Windows\System\OwDidLn.exe
  2⤵
  PID:4080
- C:\Windows\System\aZJwcNq.exe
  C:\Windows\System\aZJwcNq.exe
  2⤵
  PID:688
- C:\Windows\System\FAgAiKy.exe
  C:\Windows\System\FAgAiKy.exe
  2⤵
  PID:2172
- C:\Windows\System\RSRMwMi.exe
  C:\Windows\System\RSRMwMi.exe
  2⤵
  PID:1604
- C:\Windows\System\dIUeHGV.exe
  C:\Windows\System\dIUeHGV.exe
  2⤵
  PID:1876
- C:\Windows\System\ZUPlzon.exe
  C:\Windows\System\ZUPlzon.exe
  2⤵
  PID:2508
- C:\Windows\System\sWdpbgr.exe
  C:\Windows\System\sWdpbgr.exe
  2⤵
  PID:3100
- C:\Windows\System\yTtIkOl.exe
  C:\Windows\System\yTtIkOl.exe
  2⤵
  PID:3144
- C:\Windows\System\KKQhuDK.exe
  C:\Windows\System\KKQhuDK.exe
  2⤵
  PID:300
- C:\Windows\System\ALQFMBq.exe
  C:\Windows\System\ALQFMBq.exe
  2⤵
  PID:2120
- C:\Windows\System\FjCXbKs.exe
  C:\Windows\System\FjCXbKs.exe
  2⤵
  PID:800
- C:\Windows\System\eCikToV.exe
  C:\Windows\System\eCikToV.exe
  2⤵
  PID:2220
- C:\Windows\System\kpFPNsL.exe
  C:\Windows\System\kpFPNsL.exe
  2⤵
  PID:1948
- C:\Windows\System\CGXPGsI.exe
  C:\Windows\System\CGXPGsI.exe
  2⤵
  PID:2636
- C:\Windows\System\DQRtNgk.exe
  C:\Windows\System\DQRtNgk.exe
  2⤵
  PID:2744
- C:\Windows\System\wbOLnpl.exe
  C:\Windows\System\wbOLnpl.exe
  2⤵
  PID:3212
- C:\Windows\System\FUwizEE.exe
  C:\Windows\System\FUwizEE.exe
  2⤵
  PID:3280
- C:\Windows\System\ZRpzXNS.exe
  C:\Windows\System\ZRpzXNS.exe
  2⤵
  PID:3348
- C:\Windows\System\pHSEnid.exe
  C:\Windows\System\pHSEnid.exe
  2⤵
  PID:3416
- C:\Windows\System\lMSjhpL.exe
  C:\Windows\System\lMSjhpL.exe
  2⤵
  PID:3484
- C:\Windows\System\GNGoySX.exe
  C:\Windows\System\GNGoySX.exe
  2⤵
  PID:3516
- C:\Windows\System\eRxQBzU.exe
  C:\Windows\System\eRxQBzU.exe
  2⤵
  PID:3548
- C:\Windows\System\xCwnbAb.exe
  C:\Windows\System\xCwnbAb.exe
  2⤵
  PID:3580
- C:\Windows\System\ekMfvQO.exe
  C:\Windows\System\ekMfvQO.exe
  2⤵
  PID:1684
- C:\Windows\System\uBkIlEm.exe
  C:\Windows\System\uBkIlEm.exe
  2⤵
  PID:3620
- C:\Windows\System\WDQzGfM.exe
  C:\Windows\System\WDQzGfM.exe
  2⤵
  PID:3660
- C:\Windows\System\cqJYpjw.exe
  C:\Windows\System\cqJYpjw.exe
  2⤵
  PID:1680
- C:\Windows\System\xOZbHMV.exe
  C:\Windows\System\xOZbHMV.exe
  2⤵
  PID:3708
- C:\Windows\System\rLGaVAX.exe
  C:\Windows\System\rLGaVAX.exe
  2⤵
  PID:748
- C:\Windows\System\MYTPFhb.exe
  C:\Windows\System\MYTPFhb.exe
  2⤵
  PID:3228
- C:\Windows\System\nuAOEYe.exe
  C:\Windows\System\nuAOEYe.exe
  2⤵
  PID:3296
- C:\Windows\System\OTJsYET.exe
  C:\Windows\System\OTJsYET.exe
  2⤵
  PID:3360
- C:\Windows\System\pgeHYJo.exe
  C:\Windows\System\pgeHYJo.exe
  2⤵
  PID:3428
- C:\Windows\System\giIJodH.exe
  C:\Windows\System\giIJodH.exe
  2⤵
  PID:3472
- C:\Windows\System\yqoEWnE.exe
  C:\Windows\System\yqoEWnE.exe
  2⤵
  PID:3536
- C:\Windows\System\lnoHPAE.exe
  C:\Windows\System\lnoHPAE.exe
  2⤵
  PID:3604
- C:\Windows\System\wxMhirK.exe
  C:\Windows\System\wxMhirK.exe
  2⤵
  PID:3680
- C:\Windows\System\krqPNsL.exe
  C:\Windows\System\krqPNsL.exe
  2⤵
  PID:3736
- C:\Windows\System\VRwZmee.exe
  C:\Windows\System\VRwZmee.exe
  2⤵
  PID:1808
- C:\Windows\System\osInoBR.exe
  C:\Windows\System\osInoBR.exe
  2⤵
  PID:3160
- C:\Windows\System\WcjUgag.exe
  C:\Windows\System\WcjUgag.exe
  2⤵
  PID:3084
- C:\Windows\System\dYjyUmG.exe
  C:\Windows\System\dYjyUmG.exe
  2⤵
  PID:3820
- C:\Windows\System\BDYVPdh.exe
  C:\Windows\System\BDYVPdh.exe
  2⤵
  PID:3836
- C:\Windows\System\zyvuDWJ.exe
  C:\Windows\System\zyvuDWJ.exe
  2⤵
  PID:3852
- C:\Windows\System\usghJKg.exe
  C:\Windows\System\usghJKg.exe
  2⤵
  PID:3868
- C:\Windows\System\xozSIyx.exe
  C:\Windows\System\xozSIyx.exe
  2⤵
  PID:3884
- C:\Windows\System\sWuJyDZ.exe
  C:\Windows\System\sWuJyDZ.exe
  2⤵
  PID:3900
- C:\Windows\System\aDqFTKY.exe
  C:\Windows\System\aDqFTKY.exe
  2⤵
  PID:3924
- C:\Windows\System\kicxUFr.exe
  C:\Windows\System\kicxUFr.exe
  2⤵
  PID:2936
- C:\Windows\System\rCULUTc.exe
  C:\Windows\System\rCULUTc.exe
  2⤵
  PID:2916
- C:\Windows\System\ckCmoQy.exe
  C:\Windows\System\ckCmoQy.exe
  2⤵
  PID:2624
- C:\Windows\System\kFWiROv.exe
  C:\Windows\System\kFWiROv.exe
  2⤵
  PID:2836
- C:\Windows\System\HxdKlxf.exe
  C:\Windows\System\HxdKlxf.exe
  2⤵
  PID:1228
- C:\Windows\System\efWlSAX.exe
  C:\Windows\System\efWlSAX.exe
  2⤵
  PID:2972
- C:\Windows\System\LdGXBah.exe
  C:\Windows\System\LdGXBah.exe
  2⤵
  PID:2876
- C:\Windows\System\cQzjROj.exe
  C:\Windows\System\cQzjROj.exe
  2⤵
  PID:2128
- C:\Windows\System\QSoecnI.exe
  C:\Windows\System\QSoecnI.exe
  2⤵
  PID:2704
- C:\Windows\System\eNZQuTD.exe
  C:\Windows\System\eNZQuTD.exe
  2⤵
  PID:3964
- C:\Windows\System\FvDqIGm.exe
  C:\Windows\System\FvDqIGm.exe
  2⤵
  PID:4000
- C:\Windows\System\bhJwBbA.exe
  C:\Windows\System\bhJwBbA.exe
  2⤵
  PID:3036
- C:\Windows\System\smhDKwk.exe
  C:\Windows\System\smhDKwk.exe
  2⤵
  PID:3260
- C:\Windows\System\gbeASOU.exe
  C:\Windows\System\gbeASOU.exe
  2⤵
  PID:4040
- C:\Windows\System\waAfFmT.exe
  C:\Windows\System\waAfFmT.exe
  2⤵
  PID:4036
- C:\Windows\System\eTnoRDG.exe
  C:\Windows\System\eTnoRDG.exe
  2⤵
  PID:4076
- C:\Windows\System\woRCbea.exe
  C:\Windows\System\woRCbea.exe
  2⤵
  PID:480
- C:\Windows\System\LWoKZnq.exe
  C:\Windows\System\LWoKZnq.exe
  2⤵
  PID:1692
- C:\Windows\System\wZHSrsE.exe
  C:\Windows\System\wZHSrsE.exe
  2⤵
  PID:2008
- C:\Windows\System\qKNFLpg.exe
  C:\Windows\System\qKNFLpg.exe
  2⤵
  PID:1640
- C:\Windows\System\czvIHuB.exe
  C:\Windows\System\czvIHuB.exe
  2⤵
  PID:900
- C:\Windows\System\VSUniWO.exe
  C:\Windows\System\VSUniWO.exe
  2⤵
  PID:3012
- C:\Windows\System\fDZkWRY.exe
  C:\Windows\System\fDZkWRY.exe
  2⤵
  PID:988
- C:\Windows\System\MaJrOuJ.exe
  C:\Windows\System\MaJrOuJ.exe
  2⤵
  PID:1256
- C:\Windows\System\GAFBoRs.exe
  C:\Windows\System\GAFBoRs.exe
  2⤵
  PID:3244
- C:\Windows\System\MtgIBtY.exe
  C:\Windows\System\MtgIBtY.exe
  2⤵
  PID:3384
- C:\Windows\System\lBvTEzj.exe
  C:\Windows\System\lBvTEzj.exe
  2⤵
  PID:2340
- C:\Windows\System\BsgIfYP.exe
  C:\Windows\System\BsgIfYP.exe
  2⤵
  PID:2748
- C:\Windows\System\PBHdzJV.exe
  C:\Windows\System\PBHdzJV.exe
  2⤵
  PID:3616
- C:\Windows\System\DeHllKm.exe
  C:\Windows\System\DeHllKm.exe
  2⤵
  PID:1440
- C:\Windows\System\lLNPlXh.exe
  C:\Windows\System\lLNPlXh.exe
  2⤵
  PID:3128
- C:\Windows\System\YqbSMGx.exe
  C:\Windows\System\YqbSMGx.exe
  2⤵
  PID:3256
- C:\Windows\System\Auroyjt.exe
  C:\Windows\System\Auroyjt.exe
  2⤵
  PID:3396
- C:\Windows\System\zquFtmO.exe
  C:\Windows\System\zquFtmO.exe
  2⤵
  PID:3504
- C:\Windows\System\PQjCNTo.exe
  C:\Windows\System\PQjCNTo.exe
  2⤵
  PID:3644
- C:\Windows\System\OavRkGX.exe
  C:\Windows\System\OavRkGX.exe
  2⤵
  PID:3832
- C:\Windows\System\HSNwVuT.exe
  C:\Windows\System\HSNwVuT.exe
  2⤵
  PID:3904
- C:\Windows\System\InBPbsn.exe
  C:\Windows\System\InBPbsn.exe
  2⤵
  PID:2948
- C:\Windows\System\lJNAflW.exe
  C:\Windows\System\lJNAflW.exe
  2⤵
  PID:2700
- C:\Windows\System\JfaauOY.exe
  C:\Windows\System\JfaauOY.exe
  2⤵
  PID:2844
- C:\Windows\System\FCDYiEX.exe
  C:\Windows\System\FCDYiEX.exe
  2⤵
  PID:2236
- C:\Windows\System\QWHDerq.exe
  C:\Windows\System\QWHDerq.exe
  2⤵
  PID:2512
- C:\Windows\System\QGddqBQ.exe
  C:\Windows\System\QGddqBQ.exe
  2⤵
  PID:3760
- C:\Windows\System\rsUwWPL.exe
  C:\Windows\System\rsUwWPL.exe
  2⤵
  PID:4016
- C:\Windows\System\ppZIvSi.exe
  C:\Windows\System\ppZIvSi.exe
  2⤵
  PID:3756
- C:\Windows\System\FIbrkSb.exe
  C:\Windows\System\FIbrkSb.exe
  2⤵
  PID:4032
- C:\Windows\System\glxFhaE.exe
  C:\Windows\System\glxFhaE.exe
  2⤵
  PID:4092
- C:\Windows\System\lJNKtaI.exe
  C:\Windows\System\lJNKtaI.exe
  2⤵
  PID:880
- C:\Windows\System\TClGqCZ.exe
  C:\Windows\System\TClGqCZ.exe
  2⤵
  PID:3140
- C:\Windows\System\VtOSuXs.exe
  C:\Windows\System\VtOSuXs.exe
  2⤵
  PID:1532
- C:\Windows\System\ToxQWMH.exe
  C:\Windows\System\ToxQWMH.exe
  2⤵
  PID:3276
- C:\Windows\System\nAjtlmD.exe
  C:\Windows\System\nAjtlmD.exe
  2⤵
  PID:3452
- C:\Windows\System\BWBtisX.exe
  C:\Windows\System\BWBtisX.exe
  2⤵
  PID:2924
- C:\Windows\System\DLwbVaN.exe
  C:\Windows\System\DLwbVaN.exe
  2⤵
  PID:3704
- C:\Windows\System\GMxqtVl.exe
  C:\Windows\System\GMxqtVl.exe
  2⤵
  PID:3400
- C:\Windows\System\mZhDFuD.exe
  C:\Windows\System\mZhDFuD.exe
  2⤵
  PID:3600
- C:\Windows\System\kGHxxVm.exe
  C:\Windows\System\kGHxxVm.exe
  2⤵
  PID:3880
- C:\Windows\System\LrYXQUV.exe
  C:\Windows\System\LrYXQUV.exe
  2⤵
  PID:3940
- C:\Windows\System\WovgSPH.exe
  C:\Windows\System\WovgSPH.exe
  2⤵
  PID:2360
- C:\Windows\System\GvrJLxB.exe
  C:\Windows\System\GvrJLxB.exe
  2⤵
  PID:3104
- C:\Windows\System\qnlrwUK.exe
  C:\Windows\System\qnlrwUK.exe
  2⤵
  PID:2796
- C:\Windows\System\UbGFSck.exe
  C:\Windows\System\UbGFSck.exe
  2⤵
  PID:1964
- C:\Windows\System\HBxgJPj.exe
  C:\Windows\System\HBxgJPj.exe
  2⤵
  PID:3156
- C:\Windows\System\rhxTmLA.exe
  C:\Windows\System\rhxTmLA.exe
  2⤵
  PID:3816
- C:\Windows\System\KyuSHPK.exe
  C:\Windows\System\KyuSHPK.exe
  2⤵
  PID:3892
- C:\Windows\System\WrUdoko.exe
  C:\Windows\System\WrUdoko.exe
  2⤵
  PID:2432
- C:\Windows\System\tOclJro.exe
  C:\Windows\System\tOclJro.exe
  2⤵
  PID:3264
- C:\Windows\System\yivBrgn.exe
  C:\Windows\System\yivBrgn.exe
  2⤵
  PID:4028
- C:\Windows\System\KnhMMLc.exe
  C:\Windows\System\KnhMMLc.exe
  2⤵
  PID:1832
- C:\Windows\System\TzICIcV.exe
  C:\Windows\System\TzICIcV.exe
  2⤵
  PID:3196
- C:\Windows\System\mfFiRjD.exe
  C:\Windows\System\mfFiRjD.exe
  2⤵
  PID:2648
- C:\Windows\System\JAlnaWH.exe
  C:\Windows\System\JAlnaWH.exe
  2⤵
  PID:3316
- C:\Windows\System\kjSKHXa.exe
  C:\Windows\System\kjSKHXa.exe
  2⤵
  PID:4060
- C:\Windows\System\FKyqBBG.exe
  C:\Windows\System\FKyqBBG.exe
  2⤵
  PID:2556
- C:\Windows\System\KbLHbYW.exe
  C:\Windows\System\KbLHbYW.exe
  2⤵
  PID:2708
- C:\Windows\System\MGpkxsl.exe
  C:\Windows\System\MGpkxsl.exe
  2⤵
  PID:3732
- C:\Windows\System\GMSMxCT.exe
  C:\Windows\System\GMSMxCT.exe
  2⤵
  PID:2752
- C:\Windows\System\KIecIvM.exe
  C:\Windows\System\KIecIvM.exe
  2⤵
  PID:3664
- C:\Windows\System\PRdjQea.exe
  C:\Windows\System\PRdjQea.exe
  2⤵
  PID:3848
- C:\Windows\System\eMjNXFj.exe
  C:\Windows\System\eMjNXFj.exe
  2⤵
  PID:2568
- C:\Windows\System\aRqfGnW.exe
  C:\Windows\System\aRqfGnW.exe
  2⤵
  PID:2656
- C:\Windows\System\QdFnwgX.exe
  C:\Windows\System\QdFnwgX.exe
  2⤵
  PID:4104
- C:\Windows\System\rQxfCHt.exe
  C:\Windows\System\rQxfCHt.exe
  2⤵
  PID:4120
- C:\Windows\System\NLgHbMg.exe
  C:\Windows\System\NLgHbMg.exe
  2⤵
  PID:4136
- C:\Windows\System\DVsGqSI.exe
  C:\Windows\System\DVsGqSI.exe
  2⤵
  PID:4152
- C:\Windows\System\rfsrpHT.exe
  C:\Windows\System\rfsrpHT.exe
  2⤵
  PID:4168
- C:\Windows\System\wYcgpEy.exe
  C:\Windows\System\wYcgpEy.exe
  2⤵
  PID:4196
- C:\Windows\System\onbRSFk.exe
  C:\Windows\System\onbRSFk.exe
  2⤵
  PID:4216
- C:\Windows\System\WrwOXZj.exe
  C:\Windows\System\WrwOXZj.exe
  2⤵
  PID:4240
- C:\Windows\System\ztqOpVt.exe
  C:\Windows\System\ztqOpVt.exe
  2⤵
  PID:4256
- C:\Windows\System\DWZlsMK.exe
  C:\Windows\System\DWZlsMK.exe
  2⤵
  PID:4272
- C:\Windows\System\anKqbeZ.exe
  C:\Windows\System\anKqbeZ.exe
  2⤵
  PID:4296
- C:\Windows\System\iDqvwfL.exe
  C:\Windows\System\iDqvwfL.exe
  2⤵
  PID:4320
- C:\Windows\System\fFJwRty.exe
  C:\Windows\System\fFJwRty.exe
  2⤵
  PID:4336
- C:\Windows\System\mVQyews.exe
  C:\Windows\System\mVQyews.exe
  2⤵
  PID:4360
- C:\Windows\System\VMUcgiV.exe
  C:\Windows\System\VMUcgiV.exe
  2⤵
  PID:4376
- C:\Windows\System\iFKoGAD.exe
  C:\Windows\System\iFKoGAD.exe
  2⤵
  PID:4392
- C:\Windows\System\GxGWCmB.exe
  C:\Windows\System\GxGWCmB.exe
  2⤵
  PID:4412
- C:\Windows\System\qbyzdQY.exe
  C:\Windows\System\qbyzdQY.exe
  2⤵
  PID:4428
- C:\Windows\System\VrHoxIA.exe
  C:\Windows\System\VrHoxIA.exe
  2⤵
  PID:4448
- C:\Windows\System\smVvqlK.exe
  C:\Windows\System\smVvqlK.exe
  2⤵
  PID:4464
- C:\Windows\System\RANaOLs.exe
  C:\Windows\System\RANaOLs.exe
  2⤵
  PID:4480
- C:\Windows\System\uxGOzUH.exe
  C:\Windows\System\uxGOzUH.exe
  2⤵
  PID:4496
- C:\Windows\System\ADtfKrG.exe
  C:\Windows\System\ADtfKrG.exe
  2⤵
  PID:4512
- C:\Windows\System\OgecrVZ.exe
  C:\Windows\System\OgecrVZ.exe
  2⤵
  PID:4528
- C:\Windows\System\GAtPgDv.exe
  C:\Windows\System\GAtPgDv.exe
  2⤵
  PID:4544
- C:\Windows\System\tRMiKMT.exe
  C:\Windows\System\tRMiKMT.exe
  2⤵
  PID:4560
- C:\Windows\System\fPRCFnW.exe
  C:\Windows\System\fPRCFnW.exe
  2⤵
  PID:4576
- C:\Windows\System\gCRMsVh.exe
  C:\Windows\System\gCRMsVh.exe
  2⤵
  PID:4592
- C:\Windows\System\EZXbpxY.exe
  C:\Windows\System\EZXbpxY.exe
  2⤵
  PID:4608
- C:\Windows\System\BVBxGvJ.exe
  C:\Windows\System\BVBxGvJ.exe
  2⤵
  PID:4624
- C:\Windows\System\NEYOInp.exe
  C:\Windows\System\NEYOInp.exe
  2⤵
  PID:4640
- C:\Windows\System\YxcqBeU.exe
  C:\Windows\System\YxcqBeU.exe
  2⤵
  PID:4656
- C:\Windows\System\DjuXSwM.exe
  C:\Windows\System\DjuXSwM.exe
  2⤵
  PID:4672
- C:\Windows\System\cgHmAZj.exe
  C:\Windows\System\cgHmAZj.exe
  2⤵
  PID:4688
- C:\Windows\System\MNevvOD.exe
  C:\Windows\System\MNevvOD.exe
  2⤵
  PID:4708
- C:\Windows\System\fpLjkSA.exe
  C:\Windows\System\fpLjkSA.exe
  2⤵
  PID:4724
- C:\Windows\System\cfeFVFM.exe
  C:\Windows\System\cfeFVFM.exe
  2⤵
  PID:4740
- C:\Windows\System\HLVgsLG.exe
  C:\Windows\System\HLVgsLG.exe
  2⤵
  PID:4760
- C:\Windows\System\TnwrUnR.exe
  C:\Windows\System\TnwrUnR.exe
  2⤵
  PID:4776
- C:\Windows\System\kpveeie.exe
  C:\Windows\System\kpveeie.exe
  2⤵
  PID:4792
- C:\Windows\System\dgaSIqB.exe
  C:\Windows\System\dgaSIqB.exe
  2⤵
  PID:4808
- C:\Windows\System\UTgWboC.exe
  C:\Windows\System\UTgWboC.exe
  2⤵
  PID:4824
- C:\Windows\System\vwKtjGX.exe
  C:\Windows\System\vwKtjGX.exe
  2⤵
  PID:4840
- C:\Windows\System\hZbhvZU.exe
  C:\Windows\System\hZbhvZU.exe
  2⤵
  PID:4856
- C:\Windows\System\lHNsAkA.exe
  C:\Windows\System\lHNsAkA.exe
  2⤵
  PID:4872
- C:\Windows\System\dLIbdav.exe
  C:\Windows\System\dLIbdav.exe
  2⤵
  PID:4888
- C:\Windows\System\YWGRSEU.exe
  C:\Windows\System\YWGRSEU.exe
  2⤵
  PID:4904
- C:\Windows\System\EDitrzw.exe
  C:\Windows\System\EDitrzw.exe
  2⤵
  PID:4920
- C:\Windows\System\RJGSWtL.exe
  C:\Windows\System\RJGSWtL.exe
  2⤵
  PID:4936
- C:\Windows\System\nabnUSt.exe
  C:\Windows\System\nabnUSt.exe
  2⤵
  PID:4952
- C:\Windows\System\LwTgSzV.exe
  C:\Windows\System\LwTgSzV.exe
  2⤵
  PID:4968
- C:\Windows\System\WnmspxR.exe
  C:\Windows\System\WnmspxR.exe
  2⤵
  PID:4984
- C:\Windows\System\TvukciF.exe
  C:\Windows\System\TvukciF.exe
  2⤵
  PID:5000
- C:\Windows\System\jAMnWRn.exe
  C:\Windows\System\jAMnWRn.exe
  2⤵
  PID:5016
- C:\Windows\System\nylumpu.exe
  C:\Windows\System\nylumpu.exe
  2⤵
  PID:5032
- C:\Windows\System\ycNfuqR.exe
  C:\Windows\System\ycNfuqR.exe
  2⤵
  PID:5048
- C:\Windows\System\aIkzDLC.exe
  C:\Windows\System\aIkzDLC.exe
  2⤵
  PID:5068
- C:\Windows\System\PVQcPrd.exe
  C:\Windows\System\PVQcPrd.exe
  2⤵
  PID:5084
- C:\Windows\System\srpEoIj.exe
  C:\Windows\System\srpEoIj.exe
  2⤵
  PID:5100
- C:\Windows\System\NwpkLdJ.exe
  C:\Windows\System\NwpkLdJ.exe
  2⤵
  PID:5116
- C:\Windows\System\nMphynu.exe
  C:\Windows\System\nMphynu.exe
  2⤵
  PID:3120
- C:\Windows\System\NcxAQrX.exe
  C:\Windows\System\NcxAQrX.exe
  2⤵
  PID:4144
- C:\Windows\System\irwGMeb.exe
  C:\Windows\System\irwGMeb.exe
  2⤵
  PID:3448
- C:\Windows\System\mOnyVqv.exe
  C:\Windows\System\mOnyVqv.exe
  2⤵
  PID:3588
- C:\Windows\System\mCkjWOj.exe
  C:\Windows\System\mCkjWOj.exe
  2⤵
  PID:4164
- C:\Windows\System\yVPHsnf.exe
  C:\Windows\System\yVPHsnf.exe
  2⤵
  PID:372
- C:\Windows\System\MQTusZl.exe
  C:\Windows\System\MQTusZl.exe
  2⤵
  PID:2296
- C:\Windows\System\MhvijCv.exe
  C:\Windows\System\MhvijCv.exe
  2⤵
  PID:1784
- C:\Windows\System\zBHLuJZ.exe
  C:\Windows\System\zBHLuJZ.exe
  2⤵
  PID:2252
- C:\Windows\System\UuKsNAG.exe
  C:\Windows\System\UuKsNAG.exe
  2⤵
  PID:2496
- C:\Windows\System\UzPaRAg.exe
  C:\Windows\System\UzPaRAg.exe
  2⤵
  PID:4212
- C:\Windows\System\YRQxObk.exe
  C:\Windows\System\YRQxObk.exe
  2⤵
  PID:1356
- C:\Windows\System\ETpHMBX.exe
  C:\Windows\System\ETpHMBX.exe
  2⤵
  PID:4252
- C:\Windows\System\FwsiSiQ.exe
  C:\Windows\System\FwsiSiQ.exe
  2⤵
  PID:4284
- C:\Windows\System\LNEFAWC.exe
  C:\Windows\System\LNEFAWC.exe
  2⤵
  PID:1636
- C:\Windows\System\CUbUEQd.exe
  C:\Windows\System\CUbUEQd.exe
  2⤵
  PID:4308
- C:\Windows\System\SRYlayr.exe
  C:\Windows\System\SRYlayr.exe
  2⤵
  PID:2200
- C:\Windows\System\pkDHwMo.exe
  C:\Windows\System\pkDHwMo.exe
  2⤵
  PID:4020
- C:\Windows\System\qPIFuXh.exe
  C:\Windows\System\qPIFuXh.exe
  2⤵
  PID:2272
- C:\Windows\System\fwptqwr.exe
  C:\Windows\System\fwptqwr.exe
  2⤵
  PID:4332
- C:\Windows\System\BvfLZvQ.exe
  C:\Windows\System\BvfLZvQ.exe
  2⤵
  PID:4420
- C:\Windows\System\qnifnhj.exe
  C:\Windows\System\qnifnhj.exe
  2⤵
  PID:4372
- C:\Windows\System\vZyNGlj.exe
  C:\Windows\System\vZyNGlj.exe
  2⤵
  PID:4436
- C:\Windows\System\bnMpnVp.exe
  C:\Windows\System\bnMpnVp.exe
  2⤵
  PID:752
- C:\Windows\System\kSknaAP.exe
  C:\Windows\System\kSknaAP.exe
  2⤵
  PID:4488
- C:\Windows\System\vUiFUJZ.exe
  C:\Windows\System\vUiFUJZ.exe
  2⤵
  PID:4552
- C:\Windows\System\YCusqYT.exe
  C:\Windows\System\YCusqYT.exe
  2⤵
  PID:4476
- C:\Windows\System\NZIuYdt.exe
  C:\Windows\System\NZIuYdt.exe
  2⤵
  PID:4540
- C:\Windows\System\dLgGOUc.exe
  C:\Windows\System\dLgGOUc.exe
  2⤵
  PID:4632
- C:\Windows\System\eywXsWH.exe
  C:\Windows\System\eywXsWH.exe
  2⤵
  PID:4604
- C:\Windows\System\WdTpOav.exe
  C:\Windows\System\WdTpOav.exe
  2⤵
  PID:4648
- C:\Windows\System\rFGcXfQ.exe
  C:\Windows\System\rFGcXfQ.exe
  2⤵
  PID:4680
- C:\Windows\System\fWuxxmW.exe
  C:\Windows\System\fWuxxmW.exe
  2⤵
  PID:4704
- C:\Windows\System\IMsjkWf.exe
  C:\Windows\System\IMsjkWf.exe
  2⤵
  PID:4736
- C:\Windows\System\iavaCFF.exe
  C:\Windows\System\iavaCFF.exe
  2⤵
  PID:4816
- C:\Windows\System\frevdgg.exe
  C:\Windows\System\frevdgg.exe
  2⤵
  PID:4848
- C:\Windows\System\OjbCOGM.exe
  C:\Windows\System\OjbCOGM.exe
  2⤵
  PID:4912
- C:\Windows\System\aamAJrl.exe
  C:\Windows\System\aamAJrl.exe
  2⤵
  PID:848
- C:\Windows\System\USZzSlS.exe
  C:\Windows\System\USZzSlS.exe
  2⤵
  PID:5008
- C:\Windows\System\mqKFdQd.exe
  C:\Windows\System\mqKFdQd.exe
  2⤵
  PID:4928
- C:\Windows\System\IDkcVmB.exe
  C:\Windows\System\IDkcVmB.exe
  2⤵
  PID:4836
- C:\Windows\System\CfyIsnx.exe
  C:\Windows\System\CfyIsnx.exe
  2⤵
  PID:4960
- C:\Windows\System\ufwNXgu.exe
  C:\Windows\System\ufwNXgu.exe
  2⤵
  PID:5012
- C:\Windows\System\MXiRcFz.exe
  C:\Windows\System\MXiRcFz.exe
  2⤵
  PID:5044
- C:\Windows\System\YHLhVIg.exe
  C:\Windows\System\YHLhVIg.exe
  2⤵
  PID:5112
- C:\Windows\System\KciHfVg.exe
  C:\Windows\System\KciHfVg.exe
  2⤵
  PID:5060
- C:\Windows\System\qECOBKS.exe
  C:\Windows\System\qECOBKS.exe
  2⤵
  PID:2232
- C:\Windows\System\KoLdvHZ.exe
  C:\Windows\System\KoLdvHZ.exe
  2⤵
  PID:3968
- C:\Windows\System\hbfNfni.exe
  C:\Windows\System\hbfNfni.exe
  2⤵
  PID:4188
- C:\Windows\System\qGPAdew.exe
  C:\Windows\System\qGPAdew.exe
  2⤵
  PID:1292
- C:\Windows\System\NcYxeYX.exe
  C:\Windows\System\NcYxeYX.exe
  2⤵
  PID:4280
- C:\Windows\System\orrUUqT.exe
  C:\Windows\System\orrUUqT.exe
  2⤵
  PID:4292
- C:\Windows\System\AmmyPap.exe
  C:\Windows\System\AmmyPap.exe
  2⤵
  PID:1712
- C:\Windows\System\JwEpqNa.exe
  C:\Windows\System\JwEpqNa.exe
  2⤵
  PID:4440
- C:\Windows\System\KWqRxtp.exe
  C:\Windows\System\KWqRxtp.exe
  2⤵
  PID:4520
- C:\Windows\System\juRosrW.exe
  C:\Windows\System\juRosrW.exe
  2⤵
  PID:2280
- C:\Windows\System\xbYvEWS.exe
  C:\Windows\System\xbYvEWS.exe
  2⤵
  PID:4684
- C:\Windows\System\SNqUzhM.exe
  C:\Windows\System\SNqUzhM.exe
  2⤵
  PID:4820
- C:\Windows\System\FJjxlAV.exe
  C:\Windows\System\FJjxlAV.exe
  2⤵
  PID:4456
- C:\Windows\System\jqvtiOG.exe
  C:\Windows\System\jqvtiOG.exe
  2⤵
  PID:4752
- C:\Windows\System\zhYjwhw.exe
  C:\Windows\System\zhYjwhw.exe
  2⤵
  PID:4868
- C:\Windows\System\ERPPzlU.exe
  C:\Windows\System\ERPPzlU.exe
  2⤵
  PID:4880
- C:\Windows\System\ynwmpaj.exe
  C:\Windows\System\ynwmpaj.exe
  2⤵
  PID:5064
- C:\Windows\System\lGlUUQE.exe
  C:\Windows\System\lGlUUQE.exe
  2⤵
  PID:4944
- C:\Windows\System\LVtDKZt.exe
  C:\Windows\System\LVtDKZt.exe
  2⤵
  PID:4980
- C:\Windows\System\JwgyYrm.exe
  C:\Windows\System\JwgyYrm.exe
  2⤵
  PID:4996
- C:\Windows\System\zrWBLgb.exe
  C:\Windows\System\zrWBLgb.exe
  2⤵
  PID:2812
- C:\Windows\System\wibJdbb.exe
  C:\Windows\System\wibJdbb.exe
  2⤵
  PID:2180
- C:\Windows\System\xxEmWgu.exe
  C:\Windows\System\xxEmWgu.exe
  2⤵
  PID:2792
- C:\Windows\System\DYMiUOn.exe
  C:\Windows\System\DYMiUOn.exe
  2⤵
  PID:4192
- C:\Windows\System\wldSFZR.exe
  C:\Windows\System\wldSFZR.exe
  2⤵
  PID:4204
- C:\Windows\System\FHPNYme.exe
  C:\Windows\System\FHPNYme.exe
  2⤵
  PID:4356
- C:\Windows\System\WvrFDpt.exe
  C:\Windows\System\WvrFDpt.exe
  2⤵
  PID:4696
- C:\Windows\System\qrsWyDQ.exe
  C:\Windows\System\qrsWyDQ.exe
  2⤵
  PID:4508
- C:\Windows\System\lQwaSEr.exe
  C:\Windows\System\lQwaSEr.exe
  2⤵
  PID:5040
- C:\Windows\System\sbbgvPC.exe
  C:\Windows\System\sbbgvPC.exe
  2⤵
  PID:5056
- C:\Windows\System\tTLPZij.exe
  C:\Windows\System\tTLPZij.exe
  2⤵
  PID:2288
- C:\Windows\System\IkGrvrW.exe
  C:\Windows\System\IkGrvrW.exe
  2⤵
  PID:4784
- C:\Windows\System\qgVdmlE.exe
  C:\Windows\System\qgVdmlE.exe
  2⤵
  PID:4348
- C:\Windows\System\zmSkWSO.exe
  C:\Windows\System\zmSkWSO.exe
  2⤵
  PID:4992
- C:\Windows\System\HRWKfCu.exe
  C:\Windows\System\HRWKfCu.exe
  2⤵
  PID:4620
- C:\Windows\System\POhAGRy.exe
  C:\Windows\System\POhAGRy.exe
  2⤵
  PID:1372
- C:\Windows\System\oQdlTks.exe
  C:\Windows\System\oQdlTks.exe
  2⤵
  PID:5096
- C:\Windows\System\CezirNx.exe
  C:\Windows\System\CezirNx.exe
  2⤵
  PID:4720
- C:\Windows\System\puhPHkb.exe
  C:\Windows\System\puhPHkb.exe
  2⤵
  PID:5028
- C:\Windows\System\HOYusSK.exe
  C:\Windows\System\HOYusSK.exe
  2⤵
  PID:5128
- C:\Windows\System\DLquDwk.exe
  C:\Windows\System\DLquDwk.exe
  2⤵
  PID:5144
- C:\Windows\System\yLXKBFT.exe
  C:\Windows\System\yLXKBFT.exe
  2⤵
  PID:5164
- C:\Windows\System\WskVyvP.exe
  C:\Windows\System\WskVyvP.exe
  2⤵
  PID:5180
- C:\Windows\System\GTGNydN.exe
  C:\Windows\System\GTGNydN.exe
  2⤵
  PID:5196
- C:\Windows\System\BTgYgyA.exe
  C:\Windows\System\BTgYgyA.exe
  2⤵
  PID:5212
- C:\Windows\System\Ifqdvyz.exe
  C:\Windows\System\Ifqdvyz.exe
  2⤵
  PID:5264
- C:\Windows\System\cVoolcV.exe
  C:\Windows\System\cVoolcV.exe
  2⤵
  PID:5280
- C:\Windows\System\wNGuQdB.exe
  C:\Windows\System\wNGuQdB.exe
  2⤵
  PID:5296
- C:\Windows\System\kMUtqbG.exe
  C:\Windows\System\kMUtqbG.exe
  2⤵
  PID:5312
- C:\Windows\System\HWlzNCG.exe
  C:\Windows\System\HWlzNCG.exe
  2⤵
  PID:5328
- C:\Windows\System\kmBLbZP.exe
  C:\Windows\System\kmBLbZP.exe
  2⤵
  PID:5344
- C:\Windows\System\FIshrfi.exe
  C:\Windows\System\FIshrfi.exe
  2⤵
  PID:5360
- C:\Windows\System\PWtVLzp.exe
  C:\Windows\System\PWtVLzp.exe
  2⤵
  PID:5376
- C:\Windows\System\tGUJlsH.exe
  C:\Windows\System\tGUJlsH.exe
  2⤵
  PID:5392
- C:\Windows\System\ZKutPoP.exe
  C:\Windows\System\ZKutPoP.exe
  2⤵
  PID:5412
- C:\Windows\System\BPkRtYs.exe
  C:\Windows\System\BPkRtYs.exe
  2⤵
  PID:5428
- C:\Windows\System\yPHrepe.exe
  C:\Windows\System\yPHrepe.exe
  2⤵
  PID:5448
- C:\Windows\System\xJnqIqZ.exe
  C:\Windows\System\xJnqIqZ.exe
  2⤵
  PID:5464
- C:\Windows\System\SrFQnSE.exe
  C:\Windows\System\SrFQnSE.exe
  2⤵
  PID:5480
- C:\Windows\System\AOWsZxW.exe
  C:\Windows\System\AOWsZxW.exe
  2⤵
  PID:5496
- C:\Windows\System\JKGHHqX.exe
  C:\Windows\System\JKGHHqX.exe
  2⤵
  PID:5512
- C:\Windows\System\uuppSuf.exe
  C:\Windows\System\uuppSuf.exe
  2⤵
  PID:5528
- C:\Windows\System\rgdLKqW.exe
  C:\Windows\System\rgdLKqW.exe
  2⤵
  PID:5544
- C:\Windows\System\hMPTdju.exe
  C:\Windows\System\hMPTdju.exe
  2⤵
  PID:5560
- C:\Windows\System\YhZJPvP.exe
  C:\Windows\System\YhZJPvP.exe
  2⤵
  PID:5576
- C:\Windows\System\DCRtHlS.exe
  C:\Windows\System\DCRtHlS.exe
  2⤵
  PID:5592
- C:\Windows\System\jvBPnfS.exe
  C:\Windows\System\jvBPnfS.exe
  2⤵
  PID:5608
- C:\Windows\System\NFByBFP.exe
  C:\Windows\System\NFByBFP.exe
  2⤵
  PID:5624
- C:\Windows\System\UoUNsdq.exe
  C:\Windows\System\UoUNsdq.exe
  2⤵
  PID:5640
- C:\Windows\System\iMnEdiL.exe
  C:\Windows\System\iMnEdiL.exe
  2⤵
  PID:5656
- C:\Windows\System\dZMVjXk.exe
  C:\Windows\System\dZMVjXk.exe
  2⤵
  PID:5672
- C:\Windows\System\MXzmKsO.exe
  C:\Windows\System\MXzmKsO.exe
  2⤵
  PID:5688
- C:\Windows\System\DQlXNdH.exe
  C:\Windows\System\DQlXNdH.exe
  2⤵
  PID:5704
- C:\Windows\System\wGurqpi.exe
  C:\Windows\System\wGurqpi.exe
  2⤵
  PID:5720
- C:\Windows\System\KfRAkkx.exe
  C:\Windows\System\KfRAkkx.exe
  2⤵
  PID:5736
- C:\Windows\System\NHsPJUb.exe
  C:\Windows\System\NHsPJUb.exe
  2⤵
  PID:5752
- C:\Windows\System\cLCCmYk.exe
  C:\Windows\System\cLCCmYk.exe
  2⤵
  PID:5768
- C:\Windows\System\XfFUaBp.exe
  C:\Windows\System\XfFUaBp.exe
  2⤵
  PID:5788
- C:\Windows\System\sHtvrzb.exe
  C:\Windows\System\sHtvrzb.exe
  2⤵
  PID:5804
- C:\Windows\System\aroWJEH.exe
  C:\Windows\System\aroWJEH.exe
  2⤵
  PID:5820
- C:\Windows\System\vYzdGyU.exe
  C:\Windows\System\vYzdGyU.exe
  2⤵
  PID:5836
- C:\Windows\System\dunCHDu.exe
  C:\Windows\System\dunCHDu.exe
  2⤵
  PID:5852
- C:\Windows\System\pWryZpa.exe
  C:\Windows\System\pWryZpa.exe
  2⤵
  PID:5868
- C:\Windows\System\sUTRtty.exe
  C:\Windows\System\sUTRtty.exe
  2⤵
  PID:5884
- C:\Windows\System\BnbDtmn.exe
  C:\Windows\System\BnbDtmn.exe
  2⤵
  PID:5900
- C:\Windows\System\STHedaw.exe
  C:\Windows\System\STHedaw.exe
  2⤵
  PID:5916
- C:\Windows\System\liywJiZ.exe
  C:\Windows\System\liywJiZ.exe
  2⤵
  PID:5932
- C:\Windows\System\MuepLJY.exe
  C:\Windows\System\MuepLJY.exe
  2⤵
  PID:5952
- C:\Windows\System\cuvvfyd.exe
  C:\Windows\System\cuvvfyd.exe
  2⤵
  PID:5968
- C:\Windows\System\SrRcWiA.exe
  C:\Windows\System\SrRcWiA.exe
  2⤵
  PID:5984
- C:\Windows\System\EuCToES.exe
  C:\Windows\System\EuCToES.exe
  2⤵
  PID:6000
- C:\Windows\System\PJieLYz.exe
  C:\Windows\System\PJieLYz.exe
  2⤵
  PID:6016
- C:\Windows\System\qQnRWDV.exe
  C:\Windows\System\qQnRWDV.exe
  2⤵
  PID:6032
- C:\Windows\System\wGRVfhK.exe
  C:\Windows\System\wGRVfhK.exe
  2⤵
  PID:6048
- C:\Windows\System\bxhTEWs.exe
  C:\Windows\System\bxhTEWs.exe
  2⤵
  PID:5260
- C:\Windows\System\nfZOfVg.exe
  C:\Windows\System\nfZOfVg.exe
  2⤵
  PID:5292
- C:\Windows\System\LDqiINE.exe
  C:\Windows\System\LDqiINE.exe
  2⤵
  PID:5384
- C:\Windows\System\oPPvzgn.exe
  C:\Windows\System\oPPvzgn.exe
  2⤵
  PID:5340
- C:\Windows\System\LpnotEG.exe
  C:\Windows\System\LpnotEG.exe
  2⤵
  PID:5404
- C:\Windows\System\wlfeVBG.exe
  C:\Windows\System\wlfeVBG.exe
  2⤵
  PID:5456
- C:\Windows\System\jswMyxb.exe
  C:\Windows\System\jswMyxb.exe
  2⤵
  PID:5408
- C:\Windows\System\IlRdJdZ.exe
  C:\Windows\System\IlRdJdZ.exe
  2⤵
  PID:5524
- C:\Windows\System\GcxGMRB.exe
  C:\Windows\System\GcxGMRB.exe
  2⤵
  PID:5556
- C:\Windows\System\ErbIEcg.exe
  C:\Windows\System\ErbIEcg.exe
  2⤵
  PID:5588
- C:\Windows\System\CqRgJpW.exe
  C:\Windows\System\CqRgJpW.exe
  2⤵
  PID:5504
- C:\Windows\System\hRpeHtt.exe
  C:\Windows\System\hRpeHtt.exe
  2⤵
  PID:5540
- C:\Windows\System\iTzkOoR.exe
  C:\Windows\System\iTzkOoR.exe
  2⤵
  PID:5652
- C:\Windows\System\DnSnUOH.exe
  C:\Windows\System\DnSnUOH.exe
  2⤵
  PID:5744
- C:\Windows\System\zKVDszp.exe
  C:\Windows\System\zKVDszp.exe
  2⤵
  PID:5732
- C:\Windows\System\FcLkGyf.exe
  C:\Windows\System\FcLkGyf.exe
  2⤵
  PID:5764
- C:\Windows\System\QxKZAsR.exe
  C:\Windows\System\QxKZAsR.exe
  2⤵
  PID:5796
- C:\Windows\System\zidgEbE.exe
  C:\Windows\System\zidgEbE.exe
  2⤵
  PID:5844
- C:\Windows\System\IHhnoii.exe
  C:\Windows\System\IHhnoii.exe
  2⤵
  PID:5908
- C:\Windows\System\jtCRVlf.exe
  C:\Windows\System\jtCRVlf.exe
  2⤵
  PID:5892
- C:\Windows\System\HjQTFOo.exe
  C:\Windows\System\HjQTFOo.exe
  2⤵
  PID:5944
- C:\Windows\System\xMeZayz.exe
  C:\Windows\System\xMeZayz.exe
  2⤵
  PID:6072
- C:\Windows\System\lEcLGJZ.exe
  C:\Windows\System\lEcLGJZ.exe
  2⤵
  PID:6100
- C:\Windows\System\OBOAlzy.exe
  C:\Windows\System\OBOAlzy.exe
  2⤵
  PID:6116
- C:\Windows\System\NmTecWm.exe
  C:\Windows\System\NmTecWm.exe
  2⤵
  PID:6132
- C:\Windows\System\gtmxfpG.exe
  C:\Windows\System\gtmxfpG.exe
  2⤵
  PID:4472
- C:\Windows\System\zgBRyAv.exe
  C:\Windows\System\zgBRyAv.exe
  2⤵
  PID:4404
- C:\Windows\System\waCKCcF.exe
  C:\Windows\System\waCKCcF.exe
  2⤵
  PID:4556
- C:\Windows\System\zveNkYM.exe
  C:\Windows\System\zveNkYM.exe
  2⤵
  PID:4884
- C:\Windows\System\YKluvJw.exe
  C:\Windows\System\YKluvJw.exe
  2⤵
  PID:5136
- C:\Windows\System\AqCUKAb.exe
  C:\Windows\System\AqCUKAb.exe
  2⤵
  PID:5172
- C:\Windows\System\asgGZdz.exe
  C:\Windows\System\asgGZdz.exe
  2⤵
  PID:5176
- C:\Windows\System\bHEXJts.exe
  C:\Windows\System\bHEXJts.exe
  2⤵
  PID:5228
- C:\Windows\System\tlMSulr.exe
  C:\Windows\System\tlMSulr.exe
  2⤵
  PID:5240
- C:\Windows\System\VqPkFDy.exe
  C:\Windows\System\VqPkFDy.exe
  2⤵
  PID:5356
- C:\Windows\System\YeoYJTv.exe
  C:\Windows\System\YeoYJTv.exe
  2⤵
  PID:5320
- C:\Windows\System\VzWCXSb.exe
  C:\Windows\System\VzWCXSb.exe
  2⤵
  PID:5304
- C:\Windows\System\fsPFXtn.exe
  C:\Windows\System\fsPFXtn.exe
  2⤵
  PID:5492
- C:\Windows\System\vzZoFuZ.exe
  C:\Windows\System\vzZoFuZ.exe
  2⤵
  PID:5616
- C:\Windows\System\HBOOnJp.exe
  C:\Windows\System\HBOOnJp.exe
  2⤵
  PID:5156
- C:\Windows\System\NpfQRwa.exe
  C:\Windows\System\NpfQRwa.exe
  2⤵
  PID:5696
- C:\Windows\System\fmPFpsq.exe
  C:\Windows\System\fmPFpsq.exe
  2⤵
  PID:5784
- C:\Windows\System\wHASNDy.exe
  C:\Windows\System\wHASNDy.exe
  2⤵
  PID:5604
- C:\Windows\System\SVgdvLW.exe
  C:\Windows\System\SVgdvLW.exe
  2⤵
  PID:5700
- C:\Windows\System\CntxBYu.exe
  C:\Windows\System\CntxBYu.exe
  2⤵
  PID:5876
- C:\Windows\System\isRvUZs.exe
  C:\Windows\System\isRvUZs.exe
  2⤵
  PID:5896
- C:\Windows\System\soznWIi.exe
  C:\Windows\System\soznWIi.exe
  2⤵
  PID:6012
- C:\Windows\System\VBKhMZB.exe
  C:\Windows\System\VBKhMZB.exe
  2⤵
  PID:6028
- C:\Windows\System\uEUNUmh.exe
  C:\Windows\System\uEUNUmh.exe
  2⤵
  PID:6044
- C:\Windows\System\xPukBTd.exe
  C:\Windows\System\xPukBTd.exe
  2⤵
  PID:6060
- C:\Windows\System\npRsoAb.exe
  C:\Windows\System\npRsoAb.exe
  2⤵
  PID:6108
- C:\Windows\System\KUnQxSz.exe
  C:\Windows\System\KUnQxSz.exe
  2⤵
  PID:4444
- C:\Windows\System\OrCCyIB.exe
  C:\Windows\System\OrCCyIB.exe
  2⤵
  PID:5192
- C:\Windows\System\KQKmWuE.exe
  C:\Windows\System\KQKmWuE.exe
  2⤵
  PID:6084
- C:\Windows\System\jMdZaMr.exe
  C:\Windows\System\jMdZaMr.exe
  2⤵
  PID:6128
- C:\Windows\System\RICoaTm.exe
  C:\Windows\System\RICoaTm.exe
  2⤵
  PID:4900
- C:\Windows\System\RtdxrxA.exe
  C:\Windows\System\RtdxrxA.exe
  2⤵
  PID:5400
- C:\Windows\System\VVJqRJg.exe
  C:\Windows\System\VVJqRJg.exe
  2⤵
  PID:5140
- C:\Windows\System\KfVdKWY.exe
  C:\Windows\System\KfVdKWY.exe
  2⤵
  PID:5220
- C:\Windows\System\ACtGMGd.exe
  C:\Windows\System\ACtGMGd.exe
  2⤵
  PID:5424
- C:\Windows\System\AsszLlJ.exe
  C:\Windows\System\AsszLlJ.exe
  2⤵
  PID:5684
- C:\Windows\System\CSAuRoc.exe
  C:\Windows\System\CSAuRoc.exe
  2⤵
  PID:5828
- C:\Windows\System\gyzbhPE.exe
  C:\Windows\System\gyzbhPE.exe
  2⤵
  PID:5924
- C:\Windows\System\ChQehOT.exe
  C:\Windows\System\ChQehOT.exe
  2⤵
  PID:5976
- C:\Windows\System\VeehvCA.exe
  C:\Windows\System\VeehvCA.exe
  2⤵
  PID:6024
- C:\Windows\System\LTlxlvh.exe
  C:\Windows\System\LTlxlvh.exe
  2⤵
  PID:6140
- C:\Windows\System\faKoXoF.exe
  C:\Windows\System\faKoXoF.exe
  2⤵
  PID:4896
- C:\Windows\System\eiBGyqf.exe
  C:\Windows\System\eiBGyqf.exe
  2⤵
  PID:5256
- C:\Windows\System\FVhkkjY.exe
  C:\Windows\System\FVhkkjY.exe
  2⤵
  PID:5600
- C:\Windows\System\DApmdCf.exe
  C:\Windows\System\DApmdCf.exe
  2⤵
  PID:5520
- C:\Windows\System\iCQLZGZ.exe
  C:\Windows\System\iCQLZGZ.exe
  2⤵
  PID:6160
- C:\Windows\System\oEjVTTi.exe
  C:\Windows\System\oEjVTTi.exe
  2⤵
  PID:6176
- C:\Windows\System\XsTsMDS.exe
  C:\Windows\System\XsTsMDS.exe
  2⤵
  PID:6196
- C:\Windows\System\ueUCGRW.exe
  C:\Windows\System\ueUCGRW.exe
  2⤵
  PID:6216
- C:\Windows\System\YAcAogu.exe
  C:\Windows\System\YAcAogu.exe
  2⤵
  PID:6232
- C:\Windows\System\tUYWjuz.exe
  C:\Windows\System\tUYWjuz.exe
  2⤵
  PID:6264
- C:\Windows\System\NldEEvh.exe
  C:\Windows\System\NldEEvh.exe
  2⤵
  PID:6280
- C:\Windows\System\krNxDOe.exe
  C:\Windows\System\krNxDOe.exe
  2⤵
  PID:6296
- C:\Windows\System\FMClbZV.exe
  C:\Windows\System\FMClbZV.exe
  2⤵
  PID:6312
- C:\Windows\System\MqtFRkT.exe
  C:\Windows\System\MqtFRkT.exe
  2⤵
  PID:6328
- C:\Windows\System\ImyxtdJ.exe
  C:\Windows\System\ImyxtdJ.exe
  2⤵
  PID:6344
- C:\Windows\System\mBWeRKy.exe
  C:\Windows\System\mBWeRKy.exe
  2⤵
  PID:6360
- C:\Windows\System\zqRNagQ.exe
  C:\Windows\System\zqRNagQ.exe
  2⤵
  PID:6376
- C:\Windows\System\wvduFst.exe
  C:\Windows\System\wvduFst.exe
  2⤵
  PID:6392
- C:\Windows\System\BhOocag.exe
  C:\Windows\System\BhOocag.exe
  2⤵
  PID:6408
- C:\Windows\System\QIRKlrW.exe
  C:\Windows\System\QIRKlrW.exe
  2⤵
  PID:6424
- C:\Windows\System\DJxtUjZ.exe
  C:\Windows\System\DJxtUjZ.exe
  2⤵
  PID:6448
- C:\Windows\System\ZwklTbk.exe
  C:\Windows\System\ZwklTbk.exe
  2⤵
  PID:6464
- C:\Windows\System\twJTLZt.exe
  C:\Windows\System\twJTLZt.exe
  2⤵
  PID:6480
- C:\Windows\System\EmjAsrQ.exe
  C:\Windows\System\EmjAsrQ.exe
  2⤵
  PID:6496
- C:\Windows\System\yJbozwr.exe
  C:\Windows\System\yJbozwr.exe
  2⤵
  PID:6512
- C:\Windows\System\BaeinHV.exe
  C:\Windows\System\BaeinHV.exe
  2⤵
  PID:6528
- C:\Windows\System\LQioHwa.exe
  C:\Windows\System\LQioHwa.exe
  2⤵
  PID:6544
- C:\Windows\System\fCFRxQj.exe
  C:\Windows\System\fCFRxQj.exe
  2⤵
  PID:6560
- C:\Windows\System\FZDoQqD.exe
  C:\Windows\System\FZDoQqD.exe
  2⤵
  PID:6576
- C:\Windows\System\KbWpVqe.exe
  C:\Windows\System\KbWpVqe.exe
  2⤵
  PID:6592
- C:\Windows\System\sltTyfy.exe
  C:\Windows\System\sltTyfy.exe
  2⤵
  PID:6608
- C:\Windows\System\RlggNnY.exe
  C:\Windows\System\RlggNnY.exe
  2⤵
  PID:6624
- C:\Windows\System\dbmJJNS.exe
  C:\Windows\System\dbmJJNS.exe
  2⤵
  PID:6640
- C:\Windows\System\OoBeyZX.exe
  C:\Windows\System\OoBeyZX.exe
  2⤵
  PID:6656
- C:\Windows\System\AvrOAbm.exe
  C:\Windows\System\AvrOAbm.exe
  2⤵
  PID:6672
- C:\Windows\System\vbYpZwu.exe
  C:\Windows\System\vbYpZwu.exe
  2⤵
  PID:6688
- C:\Windows\System\mgEClXH.exe
  C:\Windows\System\mgEClXH.exe
  2⤵
  PID:6704
- C:\Windows\System\bqOwSit.exe
  C:\Windows\System\bqOwSit.exe
  2⤵
  PID:6720
- C:\Windows\System\TYbGFVT.exe
  C:\Windows\System\TYbGFVT.exe
  2⤵
  PID:6736
- C:\Windows\System\LWZEDYW.exe
  C:\Windows\System\LWZEDYW.exe
  2⤵
  PID:6752
- C:\Windows\System\zdDKSUe.exe
  C:\Windows\System\zdDKSUe.exe
  2⤵
  PID:6768
- C:\Windows\System\sOYCOdZ.exe
  C:\Windows\System\sOYCOdZ.exe
  2⤵
  PID:6784
- C:\Windows\System\kMOcjSo.exe
  C:\Windows\System\kMOcjSo.exe
  2⤵
  PID:6800
- C:\Windows\System\lqjkPPC.exe
  C:\Windows\System\lqjkPPC.exe
  2⤵
  PID:6816
- C:\Windows\System\xeuClYE.exe
  C:\Windows\System\xeuClYE.exe
  2⤵
  PID:6832
- C:\Windows\System\GvXyicT.exe
  C:\Windows\System\GvXyicT.exe
  2⤵
  PID:6848
- C:\Windows\System\pvJblJr.exe
  C:\Windows\System\pvJblJr.exe
  2⤵
  PID:6864
- C:\Windows\System\AJORINn.exe
  C:\Windows\System\AJORINn.exe
  2⤵
  PID:6880
- C:\Windows\System\lqcViMc.exe
  C:\Windows\System\lqcViMc.exe
  2⤵
  PID:6896
- C:\Windows\System\zdggxZI.exe
  C:\Windows\System\zdggxZI.exe
  2⤵
  PID:6912
- C:\Windows\System\dIMEjAd.exe
  C:\Windows\System\dIMEjAd.exe
  2⤵
  PID:6928
- C:\Windows\System\yUkrUMk.exe
  C:\Windows\System\yUkrUMk.exe
  2⤵
  PID:6944
- C:\Windows\System\BXgKBiW.exe
  C:\Windows\System\BXgKBiW.exe
  2⤵
  PID:6960
- C:\Windows\System\oVCnsef.exe
  C:\Windows\System\oVCnsef.exe
  2⤵
  PID:6976
- C:\Windows\System\NfGNPjb.exe
  C:\Windows\System\NfGNPjb.exe
  2⤵
  PID:6992
- C:\Windows\System\gTnzhAX.exe
  C:\Windows\System\gTnzhAX.exe
  2⤵
  PID:7008
- C:\Windows\System\jZTNNIg.exe
  C:\Windows\System\jZTNNIg.exe
  2⤵
  PID:7024
- C:\Windows\System\LSOGoKf.exe
  C:\Windows\System\LSOGoKf.exe
  2⤵
  PID:7040
- C:\Windows\System\HCXwKAK.exe
  C:\Windows\System\HCXwKAK.exe
  2⤵
  PID:7056
- C:\Windows\System\RsdTHpy.exe
  C:\Windows\System\RsdTHpy.exe
  2⤵
  PID:7072
- C:\Windows\System\GZVxebZ.exe
  C:\Windows\System\GZVxebZ.exe
  2⤵
  PID:7088
- C:\Windows\System\GgxFvsz.exe
  C:\Windows\System\GgxFvsz.exe
  2⤵
  PID:7104
- C:\Windows\System\UEQSAfb.exe
  C:\Windows\System\UEQSAfb.exe
  2⤵
  PID:7120
- C:\Windows\System\vigrKUe.exe
  C:\Windows\System\vigrKUe.exe
  2⤵
  PID:7136
- C:\Windows\System\qtqEHxU.exe
  C:\Windows\System\qtqEHxU.exe
  2⤵
  PID:7152
- C:\Windows\System\RboLIkH.exe
  C:\Windows\System\RboLIkH.exe
  2⤵
  PID:5928
- C:\Windows\System\CZWxPJg.exe
  C:\Windows\System\CZWxPJg.exe
  2⤵
  PID:6124
- C:\Windows\System\pXObhGG.exe
  C:\Windows\System\pXObhGG.exe
  2⤵
  PID:5476
- C:\Windows\System\CqiRdfz.exe
  C:\Windows\System\CqiRdfz.exe
  2⤵
  PID:5636
- C:\Windows\System\HHYfSTY.exe
  C:\Windows\System\HHYfSTY.exe
  2⤵
  PID:5232
- C:\Windows\System\ZanlSkY.exe
  C:\Windows\System\ZanlSkY.exe
  2⤵
  PID:6096
- C:\Windows\System\AonufDT.exe
  C:\Windows\System\AonufDT.exe
  2⤵
  PID:6172
- C:\Windows\System\MOupHOD.exe
  C:\Windows\System\MOupHOD.exe
  2⤵
  PID:6156
- C:\Windows\System\mawIemM.exe
  C:\Windows\System\mawIemM.exe
  2⤵
  PID:6192
- C:\Windows\System\LbDViFK.exe
  C:\Windows\System\LbDViFK.exe
  2⤵
  PID:6244
- C:\Windows\System\Tjcpjcr.exe
  C:\Windows\System\Tjcpjcr.exe
  2⤵
  PID:6288
- C:\Windows\System\onimZrU.exe
  C:\Windows\System\onimZrU.exe
  2⤵
  PID:6356
- C:\Windows\System\isZgZsa.exe
  C:\Windows\System\isZgZsa.exe
  2⤵
  PID:6324
- C:\Windows\System\hznIAVR.exe
  C:\Windows\System\hznIAVR.exe
  2⤵
  PID:6304
- C:\Windows\System\FeByWFk.exe
  C:\Windows\System\FeByWFk.exe
  2⤵
  PID:6368
- C:\Windows\System\sZZlxfn.exe
  C:\Windows\System\sZZlxfn.exe
  2⤵
  PID:6432
- C:\Windows\System\iuFWCHS.exe
  C:\Windows\System\iuFWCHS.exe
  2⤵
  PID:6492
- C:\Windows\System\yWcuzzN.exe
  C:\Windows\System\yWcuzzN.exe
  2⤵
  PID:6520
- C:\Windows\System\ygTAKTe.exe
  C:\Windows\System\ygTAKTe.exe
  2⤵
  PID:6504
- C:\Windows\System\ifDNENP.exe
  C:\Windows\System\ifDNENP.exe
  2⤵
  PID:6616
- C:\Windows\System\XflqFuH.exe
  C:\Windows\System\XflqFuH.exe
  2⤵
  PID:6712
- C:\Windows\System\uVdbxbr.exe
  C:\Windows\System\uVdbxbr.exe
  2⤵
  PID:6508
- C:\Windows\System\hlFTYdh.exe
  C:\Windows\System\hlFTYdh.exe
  2⤵
  PID:6780
- C:\Windows\System\sLscYDw.exe
  C:\Windows\System\sLscYDw.exe
  2⤵
  PID:6728
- C:\Windows\System\aHJkedY.exe
  C:\Windows\System\aHJkedY.exe
  2⤵
  PID:6540
- C:\Windows\System\dYifKCW.exe
  C:\Windows\System\dYifKCW.exe
  2⤵
  PID:6632
- C:\Windows\System\cSPxnQp.exe
  C:\Windows\System\cSPxnQp.exe
  2⤵
  PID:6696
- C:\Windows\System\FiSvxIv.exe
  C:\Windows\System\FiSvxIv.exe
  2⤵
  PID:6764
- C:\Windows\System\TiHISCm.exe
  C:\Windows\System\TiHISCm.exe
  2⤵
  PID:6872
- C:\Windows\System\ZsQyrmk.exe
  C:\Windows\System\ZsQyrmk.exe
  2⤵
  PID:6828
- C:\Windows\System\mXBuIcZ.exe
  C:\Windows\System\mXBuIcZ.exe
  2⤵
  PID:6972
- C:\Windows\System\TkIfdwE.exe
  C:\Windows\System\TkIfdwE.exe
  2⤵
  PID:7000
- C:\Windows\System\BofHlDz.exe
  C:\Windows\System\BofHlDz.exe
  2⤵
  PID:7100
- C:\Windows\System\nHksVGy.exe
  C:\Windows\System\nHksVGy.exe
  2⤵
  PID:6856
- C:\Windows\System\XeBrzBp.exe
  C:\Windows\System\XeBrzBp.exe
  2⤵
  PID:7160
- C:\Windows\System\eLlXDQt.exe
  C:\Windows\System\eLlXDQt.exe
  2⤵
  PID:6888
- C:\Windows\System\iwZMxdL.exe
  C:\Windows\System\iwZMxdL.exe
  2⤵
  PID:5832
- C:\Windows\System\lZdCpDI.exe
  C:\Windows\System\lZdCpDI.exe
  2⤵
  PID:7148
- C:\Windows\System\goJiDHl.exe
  C:\Windows\System\goJiDHl.exe
  2⤵
  PID:7048
- C:\Windows\System\FzNDIaR.exe
  C:\Windows\System\FzNDIaR.exe
  2⤵
  PID:6168
- C:\Windows\System\kZliwMA.exe
  C:\Windows\System\kZliwMA.exe
  2⤵
  PID:6388
- C:\Windows\System\hkubpHA.exe
  C:\Windows\System\hkubpHA.exe
  2⤵
  PID:7112
- C:\Windows\System\XQHvPUu.exe
  C:\Windows\System\XQHvPUu.exe
  2⤵
  PID:6460
- C:\Windows\System\SiaJyUy.exe
  C:\Windows\System\SiaJyUy.exe
  2⤵
  PID:4248
- C:\Windows\System\aZAdIRy.exe
  C:\Windows\System\aZAdIRy.exe
  2⤵
  PID:5552
- C:\Windows\System\ZgrEMrY.exe
  C:\Windows\System\ZgrEMrY.exe
  2⤵
  PID:6440
- C:\Windows\System\xZvlOkI.exe
  C:\Windows\System\xZvlOkI.exe
  2⤵
  PID:6276
- C:\Windows\System\pDBENPe.exe
  C:\Windows\System\pDBENPe.exe
  2⤵
  PID:6652
- C:\Windows\System\NLzYUsl.exe
  C:\Windows\System\NLzYUsl.exe
  2⤵
  PID:6620
- C:\Windows\System\HNdikXD.exe
  C:\Windows\System\HNdikXD.exe
  2⤵
  PID:6604
- C:\Windows\System\wgmWLgd.exe
  C:\Windows\System\wgmWLgd.exe
  2⤵
  PID:6824
- C:\Windows\System\xoKWiQF.exe
  C:\Windows\System\xoKWiQF.exe
  2⤵
  PID:6940
- C:\Windows\System\hCIPeYc.exe
  C:\Windows\System\hCIPeYc.exe
  2⤵
  PID:6476
- C:\Windows\System\TetZmtF.exe
  C:\Windows\System\TetZmtF.exe
  2⤵
  PID:5160
- C:\Windows\System\nzpjAQe.exe
  C:\Windows\System\nzpjAQe.exe
  2⤵
  PID:7020
- C:\Windows\System\mqcxFwO.exe
  C:\Windows\System\mqcxFwO.exe
  2⤵
  PID:6572
- C:\Windows\System\uxtCODE.exe
  C:\Windows\System\uxtCODE.exe
  2⤵
  PID:6700
- C:\Windows\System\FRcOdxt.exe
  C:\Windows\System\FRcOdxt.exe
  2⤵
  PID:6956
- C:\Windows\System\CuVWiIT.exe
  C:\Windows\System\CuVWiIT.exe
  2⤵
  PID:7080
- C:\Windows\System\CnRxyXX.exe
  C:\Windows\System\CnRxyXX.exe
  2⤵
  PID:6340
- C:\Windows\System\JHXFdZb.exe
  C:\Windows\System\JHXFdZb.exe
  2⤵
  PID:6208
- C:\Windows\System\UtHnTMD.exe
  C:\Windows\System\UtHnTMD.exe
  2⤵
  PID:6320
- C:\Windows\System\lHnwuam.exe
  C:\Windows\System\lHnwuam.exe
  2⤵
  PID:6076
- C:\Windows\System\vEKYHIZ.exe
  C:\Windows\System\vEKYHIZ.exe
  2⤵
  PID:6600
- C:\Windows\System\MSmAFan.exe
  C:\Windows\System\MSmAFan.exe
  2⤵
  PID:7132
- C:\Windows\System\ypGTPxZ.exe
  C:\Windows\System\ypGTPxZ.exe
  2⤵
  PID:5272
- C:\Windows\System\JqDNOoX.exe
  C:\Windows\System\JqDNOoX.exe
  2⤵
  PID:6256
- C:\Windows\System\XIWpFAh.exe
  C:\Windows\System\XIWpFAh.exe
  2⤵
  PID:6416
- C:\Windows\System\lTIpNZw.exe
  C:\Windows\System\lTIpNZw.exe
  2⤵
  PID:6860
- C:\Windows\System\bGgpeOV.exe
  C:\Windows\System\bGgpeOV.exe
  2⤵
  PID:6352
- C:\Windows\System\DXPqLpQ.exe
  C:\Windows\System\DXPqLpQ.exe
  2⤵
  PID:7172
- C:\Windows\System\vxQijVm.exe
  C:\Windows\System\vxQijVm.exe
  2⤵
  PID:7188
- C:\Windows\System\gqLyTPd.exe
  C:\Windows\System\gqLyTPd.exe
  2⤵
  PID:7204
- C:\Windows\System\LWBvgwp.exe
  C:\Windows\System\LWBvgwp.exe
  2⤵
  PID:7220
- C:\Windows\System\sDjefYZ.exe
  C:\Windows\System\sDjefYZ.exe
  2⤵
  PID:7236
- C:\Windows\System\bsjnahM.exe
  C:\Windows\System\bsjnahM.exe
  2⤵
  PID:7252
- C:\Windows\System\ryKrWmG.exe
  C:\Windows\System\ryKrWmG.exe
  2⤵
  PID:7268
- C:\Windows\System\nJamKuA.exe
  C:\Windows\System\nJamKuA.exe
  2⤵
  PID:7284
- C:\Windows\System\yGRSVAp.exe
  C:\Windows\System\yGRSVAp.exe
  2⤵
  PID:7848
- C:\Windows\System\UVVKEYk.exe
  C:\Windows\System\UVVKEYk.exe
  2⤵
  PID:7864
- C:\Windows\System\MIKybTu.exe
  C:\Windows\System\MIKybTu.exe
  2⤵
  PID:7880
- C:\Windows\System\dTRBXvU.exe
  C:\Windows\System\dTRBXvU.exe
  2⤵
  PID:7896
- C:\Windows\System\aMprvos.exe
  C:\Windows\System\aMprvos.exe
  2⤵
  PID:7912
- C:\Windows\System\WDrgnvC.exe
  C:\Windows\System\WDrgnvC.exe
  2⤵
  PID:7928
- C:\Windows\System\fzVRXGf.exe
  C:\Windows\System\fzVRXGf.exe
  2⤵
  PID:7944
- C:\Windows\System\AjWOxeZ.exe
  C:\Windows\System\AjWOxeZ.exe
  2⤵
  PID:7960
- C:\Windows\System\WuZoOne.exe
  C:\Windows\System\WuZoOne.exe
  2⤵
  PID:7976
- C:\Windows\System\pMRxbce.exe
  C:\Windows\System\pMRxbce.exe
  2⤵
  PID:7992
- C:\Windows\System\XzMOssD.exe
  C:\Windows\System\XzMOssD.exe
  2⤵
  PID:8008
- C:\Windows\System\CZGgeWH.exe
  C:\Windows\System\CZGgeWH.exe
  2⤵
  PID:8024
- C:\Windows\System\AeWmLiI.exe
  C:\Windows\System\AeWmLiI.exe
  2⤵
  PID:8040
- C:\Windows\System\TduFUae.exe
  C:\Windows\System\TduFUae.exe
  2⤵
  PID:8056
- C:\Windows\System\wVBdSoP.exe
  C:\Windows\System\wVBdSoP.exe
  2⤵
  PID:8072
- C:\Windows\System\fipBKBx.exe
  C:\Windows\System\fipBKBx.exe
  2⤵
  PID:8088
- C:\Windows\System\rLvWgXV.exe
  C:\Windows\System\rLvWgXV.exe
  2⤵
  PID:8104
- C:\Windows\System\cqNOlev.exe
  C:\Windows\System\cqNOlev.exe
  2⤵
  PID:8120
- C:\Windows\System\ZSfvIJf.exe
  C:\Windows\System\ZSfvIJf.exe
  2⤵
  PID:8136
- C:\Windows\System\kXkObPZ.exe
  C:\Windows\System\kXkObPZ.exe
  2⤵
  PID:8152
- C:\Windows\System\MFSRiEn.exe
  C:\Windows\System\MFSRiEn.exe
  2⤵
  PID:8168
- C:\Windows\System\HMIbXai.exe
  C:\Windows\System\HMIbXai.exe
  2⤵
  PID:8184
- C:\Windows\System\vFrlUuK.exe
  C:\Windows\System\vFrlUuK.exe
  2⤵
  PID:6748
- C:\Windows\System\EdNavEJ.exe
  C:\Windows\System\EdNavEJ.exe
  2⤵
  PID:6488
- C:\Windows\System\WFyoiDk.exe
  C:\Windows\System\WFyoiDk.exe
  2⤵
  PID:7064
- C:\Windows\System\xiuGqzw.exe
  C:\Windows\System\xiuGqzw.exe
  2⤵
  PID:7200
- C:\Windows\System\LWEphKT.exe
  C:\Windows\System\LWEphKT.exe
  2⤵
  PID:7184
- C:\Windows\System\pJlwstu.exe
  C:\Windows\System\pJlwstu.exe
  2⤵
  PID:7248
- C:\Windows\System\kSsmfLD.exe
  C:\Windows\System\kSsmfLD.exe
  2⤵
  PID:7232
- C:\Windows\System\nZIrmkj.exe
  C:\Windows\System\nZIrmkj.exe
  2⤵
  PID:5536
- C:\Windows\System\kzAhTVX.exe
  C:\Windows\System\kzAhTVX.exe
  2⤵
  PID:7304
- C:\Windows\System\ZYLglix.exe
  C:\Windows\System\ZYLglix.exe
  2⤵
  PID:7336
- C:\Windows\System\BYqdrQW.exe
  C:\Windows\System\BYqdrQW.exe
  2⤵
  PID:7372
- C:\Windows\System\lprnlPC.exe
  C:\Windows\System\lprnlPC.exe
  2⤵
  PID:7392
- C:\Windows\System\QAzzSfC.exe
  C:\Windows\System\QAzzSfC.exe
  2⤵
  PID:7424
- C:\Windows\System\gnjSrrT.exe
  C:\Windows\System\gnjSrrT.exe
  2⤵
  PID:7444
- C:\Windows\System\WooNqvk.exe
  C:\Windows\System\WooNqvk.exe
  2⤵
  PID:7488
- C:\Windows\System\FEwpzHP.exe
  C:\Windows\System\FEwpzHP.exe
  2⤵
  PID:7504
- C:\Windows\System\tkjoxIs.exe
  C:\Windows\System\tkjoxIs.exe
  2⤵
  PID:7520
- C:\Windows\System\FIVjoUq.exe
  C:\Windows\System\FIVjoUq.exe
  2⤵
  PID:7536
- C:\Windows\System\aJuOSwx.exe
  C:\Windows\System\aJuOSwx.exe
  2⤵
  PID:7552
- C:\Windows\System\MEAHtWh.exe
  C:\Windows\System\MEAHtWh.exe
  2⤵
  PID:7568
- C:\Windows\System\ONytYXV.exe
  C:\Windows\System\ONytYXV.exe
  2⤵
  PID:7584
- C:\Windows\System\pbuFBgB.exe
  C:\Windows\System\pbuFBgB.exe
  2⤵
  PID:7604
- C:\Windows\System\FkGpeSk.exe
  C:\Windows\System\FkGpeSk.exe
  2⤵
  PID:7624
- C:\Windows\System\xjGFgjE.exe
  C:\Windows\System\xjGFgjE.exe
  2⤵
  PID:7644
- C:\Windows\System\DmwKJjK.exe
  C:\Windows\System\DmwKJjK.exe
  2⤵
  PID:7660
- C:\Windows\System\UcFjqha.exe
  C:\Windows\System\UcFjqha.exe
  2⤵
  PID:7676
- C:\Windows\System\aupccpC.exe
  C:\Windows\System\aupccpC.exe
  2⤵
  PID:7692
- C:\Windows\System\LgZyXhb.exe
  C:\Windows\System\LgZyXhb.exe
  2⤵
  PID:7708
- C:\Windows\System\crtTptK.exe
  C:\Windows\System\crtTptK.exe
  2⤵
  PID:7724
- C:\Windows\System\MOiCncY.exe
  C:\Windows\System\MOiCncY.exe
  2⤵
  PID:7740
- C:\Windows\System\IKfgEIN.exe
  C:\Windows\System\IKfgEIN.exe
  2⤵
  PID:7756
- C:\Windows\System\wArBLlO.exe
  C:\Windows\System\wArBLlO.exe
  2⤵
  PID:7784
- C:\Windows\System\SCBpqxi.exe
  C:\Windows\System\SCBpqxi.exe
  2⤵
  PID:7800
- C:\Windows\System\qsSxKjF.exe
  C:\Windows\System\qsSxKjF.exe
  2⤵
  PID:7816
- C:\Windows\System\TpFwVzl.exe
  C:\Windows\System\TpFwVzl.exe
  2⤵
  PID:7832
- C:\Windows\System\tPtpAvr.exe
  C:\Windows\System\tPtpAvr.exe
  2⤵
  PID:7296
- C:\Windows\System\CNbjvPy.exe
  C:\Windows\System\CNbjvPy.exe
  2⤵
  PID:7760
- C:\Windows\System\ypCLAOd.exe
  C:\Windows\System\ypCLAOd.exe
  2⤵
  PID:8036
- C:\Windows\System\EjRjwqK.exe
  C:\Windows\System\EjRjwqK.exe
  2⤵
  PID:8096
- C:\Windows\System\TUGCRPD.exe
  C:\Windows\System\TUGCRPD.exe
  2⤵
  PID:8160
- C:\Windows\System\nQaXTuA.exe
  C:\Windows\System\nQaXTuA.exe
  2⤵
  PID:7068
- C:\Windows\System\WdPgrTn.exe
  C:\Windows\System\WdPgrTn.exe
  2⤵
  PID:7888
- C:\Windows\System\vfjBPDq.exe
  C:\Windows\System\vfjBPDq.exe
  2⤵
  PID:7952
- C:\Windows\System\DoczoIH.exe
  C:\Windows\System\DoczoIH.exe
  2⤵
  PID:8016
- C:\Windows\System\LgCgmCv.exe
  C:\Windows\System\LgCgmCv.exe
  2⤵
  PID:8112
- C:\Windows\System\PxqNoAA.exe
  C:\Windows\System\PxqNoAA.exe
  2⤵
  PID:8176
- C:\Windows\System\VZWsMsk.exe
  C:\Windows\System\VZWsMsk.exe
  2⤵
  PID:7280
- C:\Windows\System\WudPNqA.exe
  C:\Windows\System\WudPNqA.exe
  2⤵
  PID:7328
- C:\Windows\System\qyhRLZe.exe
  C:\Windows\System\qyhRLZe.exe
  2⤵
  PID:7312
- C:\Windows\System\WstkcAy.exe
  C:\Windows\System\WstkcAy.exe
  2⤵
  PID:7360
- C:\Windows\System\ABGJjAD.exe
  C:\Windows\System\ABGJjAD.exe
  2⤵
  PID:7300
- C:\Windows\System\QaxDtba.exe
  C:\Windows\System\QaxDtba.exe
  2⤵
  PID:7368
- C:\Windows\System\GARWpaJ.exe
  C:\Windows\System\GARWpaJ.exe
  2⤵
  PID:7428
- C:\Windows\System\KdtZyAm.exe
  C:\Windows\System\KdtZyAm.exe
  2⤵
  PID:7516
- C:\Windows\System\zSoMrfs.exe
  C:\Windows\System\zSoMrfs.exe
  2⤵
  PID:7580
- C:\Windows\System\ZawiugJ.exe
  C:\Windows\System\ZawiugJ.exe
  2⤵
  PID:7652
- C:\Windows\System\boeagDv.exe
  C:\Windows\System\boeagDv.exe
  2⤵
  PID:7216
- C:\Windows\System\mWDGHMZ.exe
  C:\Windows\System\mWDGHMZ.exe
  2⤵
  PID:7340
- C:\Windows\System\mBwCApp.exe
  C:\Windows\System\mBwCApp.exe
  2⤵
  PID:7720
- C:\Windows\System\PfamqbE.exe
  C:\Windows\System\PfamqbE.exe
  2⤵
  PID:7752
- C:\Windows\System\xShSUUm.exe
  C:\Windows\System\xShSUUm.exe
  2⤵
  PID:7436
- C:\Windows\System\fEICSiU.exe
  C:\Windows\System\fEICSiU.exe
  2⤵
  PID:7484
- C:\Windows\System\FQWtCJu.exe
  C:\Windows\System\FQWtCJu.exe
  2⤵
  PID:6088
- C:\Windows\System\lvkTLfc.exe
  C:\Windows\System\lvkTLfc.exe
  2⤵
  PID:7512
- C:\Windows\System\eKVbxFi.exe
  C:\Windows\System\eKVbxFi.exe
  2⤵
  PID:7324
- C:\Windows\System\POzZnON.exe
  C:\Windows\System\POzZnON.exe
  2⤵
  PID:8132
- C:\Windows\System\kTAIvXj.exe
  C:\Windows\System\kTAIvXj.exe
  2⤵
  PID:7576
- C:\Windows\System\YxIFlZi.exe
  C:\Windows\System\YxIFlZi.exe
  2⤵
  PID:7688
- C:\Windows\System\QVREIlR.exe
  C:\Windows\System\QVREIlR.exe
  2⤵
  PID:7500
- C:\Windows\System\fycysWp.exe
  C:\Windows\System\fycysWp.exe
  2⤵
  PID:7532
- C:\Windows\System\QsQKYwS.exe
  C:\Windows\System\QsQKYwS.exe
  2⤵
  PID:7596
- C:\Windows\System\aWUMQMk.exe
  C:\Windows\System\aWUMQMk.exe
  2⤵
  PID:7668
- C:\Windows\System\cZMunmm.exe
  C:\Windows\System\cZMunmm.exe
  2⤵
  PID:7736
- C:\Windows\System\OJYHJpa.exe
  C:\Windows\System\OJYHJpa.exe
  2⤵
  PID:7844
- C:\Windows\System\TszPSvG.exe
  C:\Windows\System\TszPSvG.exe
  2⤵
  PID:7876
- C:\Windows\System\TusjxmH.exe
  C:\Windows\System\TusjxmH.exe
  2⤵
  PID:7612
- C:\Windows\System\DfmRajC.exe
  C:\Windows\System\DfmRajC.exe
  2⤵
  PID:7096
- C:\Windows\System\XcLLyuU.exe
  C:\Windows\System\XcLLyuU.exe
  2⤵
  PID:7348
- C:\Windows\System\uhBCaks.exe
  C:\Windows\System\uhBCaks.exe
  2⤵
  PID:7860
- C:\Windows\System\xexvONB.exe
  C:\Windows\System\xexvONB.exe
  2⤵
  PID:7988
- C:\Windows\System\vVlqdqh.exe
  C:\Windows\System\vVlqdqh.exe
  2⤵
  PID:8004
- C:\Windows\System\zAzVwPI.exe
  C:\Windows\System\zAzVwPI.exe
  2⤵
  PID:7180
- C:\Windows\System\SNEUKos.exe
  C:\Windows\System\SNEUKos.exe
  2⤵
  PID:7700
- C:\Windows\System\NOQSiGe.exe
  C:\Windows\System\NOQSiGe.exe
  2⤵
  PID:7388
- C:\Windows\System\fAoYgMR.exe
  C:\Windows\System\fAoYgMR.exe
  2⤵
  PID:7940
- C:\Windows\System\UWLVONG.exe
  C:\Windows\System\UWLVONG.exe
  2⤵
  PID:7412
- C:\Windows\System\HOdamWg.exe
  C:\Windows\System\HOdamWg.exe
  2⤵
  PID:7732
- C:\Windows\System\iqlgdfx.exe
  C:\Windows\System\iqlgdfx.exe
  2⤵
  PID:6684
- C:\Windows\System\cJJMpce.exe
  C:\Windows\System\cJJMpce.exe
  2⤵
  PID:7480
- C:\Windows\System\tFHOiKY.exe
  C:\Windows\System\tFHOiKY.exe
  2⤵
  PID:5960
- C:\Windows\System\RjIXkfi.exe
  C:\Windows\System\RjIXkfi.exe
  2⤵
  PID:7936
- C:\Windows\System\mDAYxgH.exe
  C:\Windows\System\mDAYxgH.exe
  2⤵
  PID:7476
- C:\Windows\System\UyFqbzp.exe
  C:\Windows\System\UyFqbzp.exe
  2⤵
  PID:7196
- C:\Windows\System\RGCWYYJ.exe
  C:\Windows\System\RGCWYYJ.exe
  2⤵
  PID:8200
- C:\Windows\System\qxnIinJ.exe
  C:\Windows\System\qxnIinJ.exe
  2⤵
  PID:8220
- C:\Windows\System\CmGEbvf.exe
  C:\Windows\System\CmGEbvf.exe
  2⤵
  PID:8240
- C:\Windows\System\VSVVuze.exe
  C:\Windows\System\VSVVuze.exe
  2⤵
  PID:8280
- C:\Windows\System\qdLzAVa.exe
  C:\Windows\System\qdLzAVa.exe
  2⤵
  PID:8296
- C:\Windows\System\bIkOWhV.exe
  C:\Windows\System\bIkOWhV.exe
  2⤵
  PID:8312
- C:\Windows\System\taOldGl.exe
  C:\Windows\System\taOldGl.exe
  2⤵
  PID:8328
- C:\Windows\System\JZgfJAy.exe
  C:\Windows\System\JZgfJAy.exe
  2⤵
  PID:8344
- C:\Windows\System\kATHEiz.exe
  C:\Windows\System\kATHEiz.exe
  2⤵
  PID:8360
- C:\Windows\System\jTrKBuT.exe
  C:\Windows\System\jTrKBuT.exe
  2⤵
  PID:8380
- C:\Windows\System\nmCFTiN.exe
  C:\Windows\System\nmCFTiN.exe
  2⤵
  PID:8396
- C:\Windows\System\pCOheAM.exe
  C:\Windows\System\pCOheAM.exe
  2⤵
  PID:8416
- C:\Windows\System\hPBlLoh.exe
  C:\Windows\System\hPBlLoh.exe
  2⤵
  PID:8436
- C:\Windows\System\YHeHjrz.exe
  C:\Windows\System\YHeHjrz.exe
  2⤵
  PID:8456
- C:\Windows\System\kcHChur.exe
  C:\Windows\System\kcHChur.exe
  2⤵
  PID:8480
- C:\Windows\System\ndvmbqj.exe
  C:\Windows\System\ndvmbqj.exe
  2⤵
  PID:8500
- C:\Windows\System\YKLbZwS.exe
  C:\Windows\System\YKLbZwS.exe
  2⤵
  PID:8520
- C:\Windows\System\qVLVfeR.exe
  C:\Windows\System\qVLVfeR.exe
  2⤵
  PID:8540
- C:\Windows\System\DfEJdYm.exe
  C:\Windows\System\DfEJdYm.exe
  2⤵
  PID:8560
- C:\Windows\System\AKNazuO.exe
  C:\Windows\System\AKNazuO.exe
  2⤵
  PID:8584
- C:\Windows\System\BLaapfr.exe
  C:\Windows\System\BLaapfr.exe
  2⤵
  PID:8604
- C:\Windows\System\CiRoqLT.exe
  C:\Windows\System\CiRoqLT.exe
  2⤵
  PID:8628
- C:\Windows\System\aEhudBM.exe
  C:\Windows\System\aEhudBM.exe
  2⤵
  PID:8652
- C:\Windows\System\RIcOYlD.exe
  C:\Windows\System\RIcOYlD.exe
  2⤵
  PID:8672
- C:\Windows\System\UOQsnQm.exe
  C:\Windows\System\UOQsnQm.exe
  2⤵
  PID:8696
- C:\Windows\System\BWWTXCL.exe
  C:\Windows\System\BWWTXCL.exe
  2⤵
  PID:8716
- C:\Windows\System\MlwCiir.exe
  C:\Windows\System\MlwCiir.exe
  2⤵
  PID:8740
- C:\Windows\System\RwiBqBz.exe
  C:\Windows\System\RwiBqBz.exe
  2⤵
  PID:8760
- C:\Windows\System\lsCqrDy.exe
  C:\Windows\System\lsCqrDy.exe
  2⤵
  PID:8788
- C:\Windows\System\kxSZKTA.exe
  C:\Windows\System\kxSZKTA.exe
  2⤵
  PID:8808
- C:\Windows\System\xlTrElX.exe
  C:\Windows\System\xlTrElX.exe
  2⤵
  PID:8824
- C:\Windows\System\xkdEwed.exe
  C:\Windows\System\xkdEwed.exe
  2⤵
  PID:8840
- C:\Windows\System\WdYeOYS.exe
  C:\Windows\System\WdYeOYS.exe
  2⤵
  PID:8856
- C:\Windows\System\wwaBiIG.exe
  C:\Windows\System\wwaBiIG.exe
  2⤵
  PID:8872
- C:\Windows\System\vMBBFRM.exe
  C:\Windows\System\vMBBFRM.exe
  2⤵
  PID:8892
- C:\Windows\System\tcvuavZ.exe
  C:\Windows\System\tcvuavZ.exe
  2⤵
  PID:8912
- C:\Windows\System\rFGzngq.exe
  C:\Windows\System\rFGzngq.exe
  2⤵
  PID:8928
- C:\Windows\System\ushbjnZ.exe
  C:\Windows\System\ushbjnZ.exe
  2⤵
  PID:8948
- C:\Windows\System\xwxepet.exe
  C:\Windows\System\xwxepet.exe
  2⤵
  PID:8964
- C:\Windows\System\VrDdCgT.exe
  C:\Windows\System\VrDdCgT.exe
  2⤵
  PID:8980
- C:\Windows\System\UrDFwZu.exe
  C:\Windows\System\UrDFwZu.exe
  2⤵
  PID:9000
- C:\Windows\System\qnnIGYy.exe
  C:\Windows\System\qnnIGYy.exe
  2⤵
  PID:9016
- C:\Windows\System\AEFYtgY.exe
  C:\Windows\System\AEFYtgY.exe
  2⤵
  PID:9032
- C:\Windows\System\kEncTtC.exe
  C:\Windows\System\kEncTtC.exe
  2⤵
  PID:9048
- C:\Windows\System\vgPFUwC.exe
  C:\Windows\System\vgPFUwC.exe
  2⤵
  PID:9064
- C:\Windows\System\EjVNrmf.exe
  C:\Windows\System\EjVNrmf.exe
  2⤵
  PID:9080
- C:\Windows\System\LQQhuXX.exe
  C:\Windows\System\LQQhuXX.exe
  2⤵
  PID:9096
- C:\Windows\System\nQpStCt.exe
  C:\Windows\System\nQpStCt.exe
  2⤵
  PID:9112
- C:\Windows\System\pWklVvb.exe
  C:\Windows\System\pWklVvb.exe
  2⤵
  PID:9128
- C:\Windows\System\ZVysnem.exe
  C:\Windows\System\ZVysnem.exe
  2⤵
  PID:9148
- C:\Windows\System\PqjMbYj.exe
  C:\Windows\System\PqjMbYj.exe
  2⤵
  PID:9168
- C:\Windows\System\gbPidFw.exe
  C:\Windows\System\gbPidFw.exe
  2⤵
  PID:9184
- C:\Windows\System\KaLazuJ.exe
  C:\Windows\System\KaLazuJ.exe
  2⤵
  PID:9204
- C:\Windows\System\znYJBQu.exe
  C:\Windows\System\znYJBQu.exe
  2⤵
  PID:7496
- C:\Windows\System\kkISMsM.exe
  C:\Windows\System\kkISMsM.exe
  2⤵
  PID:7420
- C:\Windows\System\kZnpuBl.exe
  C:\Windows\System\kZnpuBl.exe
  2⤵
  PID:7472
- C:\Windows\System\apwnrNN.exe
  C:\Windows\System\apwnrNN.exe
  2⤵
  PID:7564
- C:\Windows\System\whJETox.exe
  C:\Windows\System\whJETox.exe
  2⤵
  PID:7468
- C:\Windows\System\LuVmNkx.exe
  C:\Windows\System\LuVmNkx.exe
  2⤵
  PID:8216
- C:\Windows\System\DkdkdHP.exe
  C:\Windows\System\DkdkdHP.exe
  2⤵
  PID:8268
- C:\Windows\System\SwIsmLe.exe
  C:\Windows\System\SwIsmLe.exe
  2⤵
  PID:8352
- C:\Windows\System\gKtCkVB.exe
  C:\Windows\System\gKtCkVB.exe
  2⤵
  PID:8388
- C:\Windows\System\bvjUTJx.exe
  C:\Windows\System\bvjUTJx.exe
  2⤵
  PID:8432
- C:\Windows\System\xAvonuM.exe
  C:\Windows\System\xAvonuM.exe
  2⤵
  PID:8476
- C:\Windows\System\RTCDmKr.exe
  C:\Windows\System\RTCDmKr.exe
  2⤵
  PID:8548
- C:\Windows\System\mxrBQXW.exe
  C:\Windows\System\mxrBQXW.exe
  2⤵
  PID:8596
- C:\Windows\System\YGWuzZE.exe
  C:\Windows\System\YGWuzZE.exe
  2⤵
  PID:8644
- C:\Windows\System\SdIPsMv.exe
  C:\Windows\System\SdIPsMv.exe
  2⤵
  PID:8688
- C:\Windows\System\GjddYHJ.exe
  C:\Windows\System\GjddYHJ.exe
  2⤵
  PID:8732
- C:\Windows\System\UiCnlXV.exe
  C:\Windows\System\UiCnlXV.exe
  2⤵
  PID:8308
- C:\Windows\System\gdbPXgF.exe
  C:\Windows\System\gdbPXgF.exe
  2⤵
  PID:8780
- C:\Windows\System\YHbOrBS.exe
  C:\Windows\System\YHbOrBS.exe
  2⤵
  PID:8412
- C:\Windows\System\wDIVUUf.exe
  C:\Windows\System\wDIVUUf.exe
  2⤵
  PID:8528
- C:\Windows\System\MfMXbxr.exe
  C:\Windows\System\MfMXbxr.exe
  2⤵
  PID:8880
- C:\Windows\System\ROMmHEg.exe
  C:\Windows\System\ROMmHEg.exe
  2⤵
  PID:8368
- C:\Windows\System\ethnkhJ.exe
  C:\Windows\System\ethnkhJ.exe
  2⤵
  PID:8492
- C:\Windows\System\IEhsddf.exe
  C:\Windows\System\IEhsddf.exe
  2⤵
  PID:8864
- C:\Windows\System\HpvYWKz.exe
  C:\Windows\System\HpvYWKz.exe
  2⤵
  PID:8336
- C:\Windows\System\wfNTWud.exe
  C:\Windows\System\wfNTWud.exe
  2⤵
  PID:8660
- C:\Windows\System\HhJHUtK.exe
  C:\Windows\System\HhJHUtK.exe
  2⤵
  PID:8796
- C:\Windows\System\TcTFPKe.exe
  C:\Windows\System\TcTFPKe.exe
  2⤵
  PID:8960
- C:\Windows\System\Cesgiqo.exe
  C:\Windows\System\Cesgiqo.exe
  2⤵
  PID:8536
- C:\Windows\System\YSpeQTY.exe
  C:\Windows\System\YSpeQTY.exe
  2⤵
  PID:8664
- C:\Windows\System\gxloHVD.exe
  C:\Windows\System\gxloHVD.exe
  2⤵
  PID:8712
- C:\Windows\System\cYxaeao.exe
  C:\Windows\System\cYxaeao.exe
  2⤵
  PID:8996
- C:\Windows\System\ZZNPYdr.exe
  C:\Windows\System\ZZNPYdr.exe
  2⤵
  PID:8908
- C:\Windows\System\auJTxIb.exe
  C:\Windows\System\auJTxIb.exe
  2⤵
  PID:8940
- C:\Windows\System\oeRVWkZ.exe
  C:\Windows\System\oeRVWkZ.exe
  2⤵
  PID:9088
- C:\Windows\System\tfGIhnU.exe
  C:\Windows\System\tfGIhnU.exe
  2⤵
  PID:9040
- C:\Windows\System\pSLAQjO.exe
  C:\Windows\System\pSLAQjO.exe
  2⤵
  PID:9104
- C:\Windows\System\HLBOVVG.exe
  C:\Windows\System\HLBOVVG.exe
  2⤵
  PID:9140
- C:\Windows\System\pjuJtli.exe
  C:\Windows\System\pjuJtli.exe
  2⤵
  PID:9200
- C:\Windows\System\ZskqSWi.exe
  C:\Windows\System\ZskqSWi.exe
  2⤵
  PID:7464
- C:\Windows\System\IfRHSiQ.exe
  C:\Windows\System\IfRHSiQ.exe
  2⤵
  PID:7768
- C:\Windows\System\qGnGGJk.exe
  C:\Windows\System\qGnGGJk.exe
  2⤵
  PID:8936
- C:\Windows\System\fpOeRRH.exe
  C:\Windows\System\fpOeRRH.exe
  2⤵
  PID:9124
- C:\Windows\System\vtfAqDZ.exe
  C:\Windows\System\vtfAqDZ.exe
  2⤵
  PID:8452
- C:\Windows\System\RoOPnKR.exe
  C:\Windows\System\RoOPnKR.exe
  2⤵
  PID:8992
- C:\Windows\System\pQFfJGN.exe
  C:\Windows\System\pQFfJGN.exe
  2⤵
  PID:8408
- C:\Windows\System\yOQjoGV.exe
  C:\Windows\System\yOQjoGV.exe
  2⤵
  PID:8868
- C:\Windows\System\MffwAip.exe
  C:\Windows\System\MffwAip.exe
  2⤵
  PID:9120
- C:\Windows\System\FPrWWHz.exe
  C:\Windows\System\FPrWWHz.exe
  2⤵
  PID:9196
- C:\Windows\System\OTJYJhm.exe
  C:\Windows\System\OTJYJhm.exe
  2⤵
  PID:8428
- C:\Windows\System\ySrCzjl.exe
  C:\Windows\System\ySrCzjl.exe
  2⤵
  PID:9008
- C:\Windows\System\gAKhxaw.exe
  C:\Windows\System\gAKhxaw.exe
  2⤵
  PID:8448
- C:\Windows\System\nVfTIJN.exe
  C:\Windows\System\nVfTIJN.exe
  2⤵
  PID:8580
- C:\Windows\System\EVfnhNM.exe
  C:\Windows\System\EVfnhNM.exe
  2⤵
  PID:8372
- C:\Windows\System\uayHQDw.exe
  C:\Windows\System\uayHQDw.exe
  2⤵
  PID:8260
- C:\Windows\System\tacHJzq.exe
  C:\Windows\System\tacHJzq.exe
  2⤵
  PID:8256
- C:\Windows\System\jQZikWz.exe
  C:\Windows\System\jQZikWz.exe
  2⤵
  PID:8920
- C:\Windows\System\zyxjceD.exe
  C:\Windows\System\zyxjceD.exe
  2⤵
  PID:8612
- C:\Windows\System\fbTLviN.exe
  C:\Windows\System\fbTLviN.exe
  2⤵
  PID:8684
- C:\Windows\System\qMYkFKL.exe
  C:\Windows\System\qMYkFKL.exe
  2⤵
  PID:9072
- C:\Windows\System\aiiXArq.exe
  C:\Windows\System\aiiXArq.exe
  2⤵
  PID:8324
- C:\Windows\System\IrzVsWI.exe
  C:\Windows\System\IrzVsWI.exe
  2⤵
  PID:7352
- C:\Windows\System\EZQWCDQ.exe
  C:\Windows\System\EZQWCDQ.exe
  2⤵
  PID:8636
- C:\Windows\System\GqcyJBJ.exe
  C:\Windows\System\GqcyJBJ.exe
  2⤵
  PID:8376
- C:\Windows\System\cgVmKkM.exe
  C:\Windows\System\cgVmKkM.exe
  2⤵
  PID:8572
- C:\Windows\System\eCADnRx.exe
  C:\Windows\System\eCADnRx.exe
  2⤵
  PID:8320
- C:\Windows\System\CEVdTSE.exe
  C:\Windows\System\CEVdTSE.exe
  2⤵
  PID:8888
- C:\Windows\System\WcYBxeC.exe
  C:\Windows\System\WcYBxeC.exe
  2⤵
  PID:7244
- C:\Windows\System\nTMXATz.exe
  C:\Windows\System\nTMXATz.exe
  2⤵
  PID:8264
- C:\Windows\System\BIwLvId.exe
  C:\Windows\System\BIwLvId.exe
  2⤵
  PID:8640
- C:\Windows\System\YwZESUv.exe
  C:\Windows\System\YwZESUv.exe
  2⤵
  PID:8236
- C:\Windows\System\RpiZMcQ.exe
  C:\Windows\System\RpiZMcQ.exe
  2⤵
  PID:9224
- C:\Windows\System\MsTbKEQ.exe
  C:\Windows\System\MsTbKEQ.exe
  2⤵
  PID:9408
- C:\Windows\System\LXdhKVA.exe
  C:\Windows\System\LXdhKVA.exe
  2⤵
  PID:9488
- C:\Windows\System\zDXlWpW.exe
  C:\Windows\System\zDXlWpW.exe
  2⤵
  PID:9548
- C:\Windows\System\jABSQLf.exe
  C:\Windows\System\jABSQLf.exe
  2⤵
  PID:9568
- C:\Windows\System\VZTMUZS.exe
  C:\Windows\System\VZTMUZS.exe
  2⤵
  PID:9584
- C:\Windows\System\TdgTFmA.exe
  C:\Windows\System\TdgTFmA.exe
  2⤵
  PID:9600
- C:\Windows\System\aVgaimS.exe
  C:\Windows\System\aVgaimS.exe
  2⤵
  PID:9636
- C:\Windows\System\vAQOXxZ.exe
  C:\Windows\System\vAQOXxZ.exe
  2⤵
  PID:9676
- C:\Windows\System\OmIALld.exe
  C:\Windows\System\OmIALld.exe
  2⤵
  PID:9796
- C:\Windows\System\iYgtCoH.exe
  C:\Windows\System\iYgtCoH.exe
  2⤵
  PID:9820
- C:\Windows\System\sooUmOl.exe
  C:\Windows\System\sooUmOl.exe
  2⤵
  PID:9856
- C:\Windows\System\vOgQFos.exe
  C:\Windows\System\vOgQFos.exe
  2⤵
  PID:9884
- C:\Windows\System\MkuEaZE.exe
  C:\Windows\System\MkuEaZE.exe
  2⤵
  PID:9900
- C:\Windows\System\HojzqXO.exe
  C:\Windows\System\HojzqXO.exe
  2⤵
  PID:9920
- C:\Windows\System\NvMHgHr.exe
  C:\Windows\System\NvMHgHr.exe
  2⤵
  PID:9936
- C:\Windows\System\dPnnCOd.exe
  C:\Windows\System\dPnnCOd.exe
  2⤵
  PID:9952
- C:\Windows\System\FdSVARf.exe
  C:\Windows\System\FdSVARf.exe
  2⤵
  PID:9968
- C:\Windows\System\bnvcUwd.exe
  C:\Windows\System\bnvcUwd.exe
  2⤵
  PID:9984
- C:\Windows\System\AkSafdB.exe
  C:\Windows\System\AkSafdB.exe
  2⤵
  PID:10000
- C:\Windows\System\BiDNdaX.exe
  C:\Windows\System\BiDNdaX.exe
  2⤵
  PID:10016
- C:\Windows\System\EioXRkN.exe
  C:\Windows\System\EioXRkN.exe
  2⤵
  PID:10032
- C:\Windows\System\rbsqeeZ.exe
  C:\Windows\System\rbsqeeZ.exe
  2⤵
  PID:10048
- C:\Windows\System\jBwrEaa.exe
  C:\Windows\System\jBwrEaa.exe
  2⤵
  PID:10064
- C:\Windows\System\czFSwFQ.exe
  C:\Windows\System\czFSwFQ.exe
  2⤵
  PID:10088
- C:\Windows\System\JzgtZbD.exe
  C:\Windows\System\JzgtZbD.exe
  2⤵
  PID:10128
- C:\Windows\System\JsERhSs.exe
  C:\Windows\System\JsERhSs.exe
  2⤵
  PID:10160
- C:\Windows\System\MeTXqPm.exe
  C:\Windows\System\MeTXqPm.exe
  2⤵
  PID:10180
- C:\Windows\System\tIMhjnM.exe
  C:\Windows\System\tIMhjnM.exe
  2⤵
  PID:10196
- C:\Windows\System\jrEpqiE.exe
  C:\Windows\System\jrEpqiE.exe
  2⤵
  PID:10212
- C:\Windows\System\nmYIXTD.exe
  C:\Windows\System\nmYIXTD.exe
  2⤵
  PID:10228
- C:\Windows\System\AnmaNvW.exe
  C:\Windows\System\AnmaNvW.exe
  2⤵
  PID:7636
- C:\Windows\System\JKXFLNJ.exe
  C:\Windows\System\JKXFLNJ.exe
  2⤵
  PID:7920
- C:\Windows\System\oICsyAu.exe
  C:\Windows\System\oICsyAu.exe
  2⤵
  PID:8752
- C:\Windows\System\hQDNxoV.exe
  C:\Windows\System\hQDNxoV.exe
  2⤵
  PID:8972
- C:\Windows\System\tLczCwF.exe
  C:\Windows\System\tLczCwF.exe
  2⤵
  PID:9136
- C:\Windows\System\aKqbiJF.exe
  C:\Windows\System\aKqbiJF.exe
  2⤵
  PID:9236
- C:\Windows\System\qPpKdVF.exe
  C:\Windows\System\qPpKdVF.exe
  2⤵
  PID:9256
- C:\Windows\System\hFScRcd.exe
  C:\Windows\System\hFScRcd.exe
  2⤵
  PID:7924
- C:\Windows\System\hvxwWgK.exe
  C:\Windows\System\hvxwWgK.exe
  2⤵
  PID:9332
- C:\Windows\System\prhFZQY.exe
  C:\Windows\System\prhFZQY.exe
  2⤵
  PID:9348
- C:\Windows\System\ZcWAsQA.exe
  C:\Windows\System\ZcWAsQA.exe
  2⤵
  PID:9364
- C:\Windows\System\ASmremM.exe
  C:\Windows\System\ASmremM.exe
  2⤵
  PID:9380
- C:\Windows\System\xUtGyee.exe
  C:\Windows\System\xUtGyee.exe
  2⤵
  PID:9396
- C:\Windows\System\WlQreNF.exe
  C:\Windows\System\WlQreNF.exe
  2⤵
  PID:9424
- C:\Windows\System\isNWbZV.exe
  C:\Windows\System\isNWbZV.exe
  2⤵
  PID:9508
- C:\Windows\System\UkgCTlw.exe
  C:\Windows\System\UkgCTlw.exe
  2⤵
  PID:9524
- C:\Windows\System\jddHmqb.exe
  C:\Windows\System\jddHmqb.exe
  2⤵
  PID:9480
- C:\Windows\System\DOuXuXd.exe
  C:\Windows\System\DOuXuXd.exe
  2⤵
  PID:9456
- C:\Windows\System\OrvdnpW.exe
  C:\Windows\System\OrvdnpW.exe
  2⤵
  PID:9440
- C:\Windows\System\dYVPGzi.exe
  C:\Windows\System\dYVPGzi.exe
  2⤵
  PID:9536
- C:\Windows\System\wUyWbuM.exe
  C:\Windows\System\wUyWbuM.exe
  2⤵
  PID:9652
- C:\Windows\System\pqscKjB.exe
  C:\Windows\System\pqscKjB.exe
  2⤵
  PID:9704
- C:\Windows\System\yTGsGqn.exe
  C:\Windows\System\yTGsGqn.exe
  2⤵
  PID:9544
- C:\Windows\System\zwMkzFh.exe
  C:\Windows\System\zwMkzFh.exe
  2⤵
  PID:9632
- C:\Windows\System\muVcLUe.exe
  C:\Windows\System\muVcLUe.exe
  2⤵
  PID:9252
- C:\Windows\System\fwfdpEp.exe
  C:\Windows\System\fwfdpEp.exe
  2⤵
  PID:9660
- C:\Windows\System\WWkNCBR.exe
  C:\Windows\System\WWkNCBR.exe
  2⤵
  PID:9716
- C:\Windows\System\GIPxebu.exe
  C:\Windows\System\GIPxebu.exe
  2⤵
  PID:9740
- C:\Windows\System\EpwZzbL.exe
  C:\Windows\System\EpwZzbL.exe
  2⤵
  PID:9748
- C:\Windows\System\JjwVAeN.exe
  C:\Windows\System\JjwVAeN.exe
  2⤵
  PID:9768
- C:\Windows\System\NOznueY.exe
  C:\Windows\System\NOznueY.exe
  2⤵
  PID:9624
- C:\Windows\System\LFPHgJR.exe
  C:\Windows\System\LFPHgJR.exe
  2⤵
  PID:9776
- C:\Windows\System\dgpewDw.exe
  C:\Windows\System\dgpewDw.exe
  2⤵
  PID:9792
- C:\Windows\System\zkaNhVx.exe
  C:\Windows\System\zkaNhVx.exe
  2⤵
  PID:9816
- C:\Windows\System\YTbMSGb.exe
  C:\Windows\System\YTbMSGb.exe
  2⤵
  PID:9840
- C:\Windows\System\qjDPFmJ.exe
  C:\Windows\System\qjDPFmJ.exe
  2⤵
  PID:9880
- C:\Windows\System\VxpaMTk.exe
  C:\Windows\System\VxpaMTk.exe
  2⤵
  PID:9916
- C:\Windows\System\sZftTmk.exe
  C:\Windows\System\sZftTmk.exe
  2⤵
  PID:9992
- C:\Windows\System\fAZHAWG.exe
  C:\Windows\System\fAZHAWG.exe
  2⤵
  PID:10040
- C:\Windows\System\TZoYNIg.exe
  C:\Windows\System\TZoYNIg.exe
  2⤵
  PID:10044
- C:\Windows\System\FdCiErC.exe
  C:\Windows\System\FdCiErC.exe
  2⤵
  PID:9848
- C:\Windows\System\pvVaVfA.exe
  C:\Windows\System\pvVaVfA.exe
  2⤵
  PID:9932
- C:\Windows\System\swJTovc.exe
  C:\Windows\System\swJTovc.exe
  2⤵
  PID:10120
- C:\Windows\System\mvgIJaO.exe
  C:\Windows\System\mvgIJaO.exe
  2⤵
  PID:10084
- C:\Windows\System\NjGqRLY.exe
  C:\Windows\System\NjGqRLY.exe
  2⤵
  PID:10144
- C:\Windows\System\kVoHvmP.exe
  C:\Windows\System\kVoHvmP.exe
  2⤵
  PID:10172
- C:\Windows\System\zsSSlwv.exe
  C:\Windows\System\zsSSlwv.exe
  2⤵
  PID:10192
- C:\Windows\System\topzcZn.exe
  C:\Windows\System\topzcZn.exe
  2⤵
  PID:10236
- C:\Windows\System\LWOcDoM.exe
  C:\Windows\System\LWOcDoM.exe
  2⤵
  PID:9012
- C:\Windows\System\NDyJVIW.exe
  C:\Windows\System\NDyJVIW.exe
  2⤵
  PID:9388
- C:\Windows\System\dzXIExC.exe
  C:\Windows\System\dzXIExC.exe
  2⤵
  PID:10224
- C:\Windows\System\IfFWuoi.exe
  C:\Windows\System\IfFWuoi.exe
  2⤵
  PID:9428
- C:\Windows\System\dYjdUpg.exe
  C:\Windows\System\dYjdUpg.exe
  2⤵
  PID:9220
- C:\Windows\System\OcHukty.exe
  C:\Windows\System\OcHukty.exe
  2⤵
  PID:9404
- C:\Windows\System\yrkglAX.exe
  C:\Windows\System\yrkglAX.exe
  2⤵
  PID:9420
- C:\Windows\System\tycRWFp.exe
  C:\Windows\System\tycRWFp.exe
  2⤵
  PID:9432
- C:\Windows\System\UdHzGFv.exe
  C:\Windows\System\UdHzGFv.exe
  2⤵
  PID:9696
- C:\Windows\System\hNygOQk.exe
  C:\Windows\System\hNygOQk.exe
  2⤵
  PID:9672
- C:\Windows\System\tGbygNm.exe
  C:\Windows\System\tGbygNm.exe
  2⤵
  PID:9836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DUmYxkp.exe

Filesize
6.0MB

MD5
b82bc85da953606b8da8a03ecf91a9b0

SHA1
f5fc8397cb5f773ac19053bbe6d5c43dca4d6ec6

SHA256
d9a9e656c7a1a741e2e7487b232c4bfb828d052e053ca208fe6240697c3d1fdd

SHA512
5f28b5d646923bea17c3dbd9d4a219ba760ec0983e3a154567a6f1ddc8ada0fc488b760363a00606a4d773f2679338e0b6df0f314e9a97c8452c3c10b549196c

Download Submit
C:\Windows\system\EmkDaBn.exe

Filesize
6.0MB

MD5
c924b5053b769df926307c55219c9821

SHA1
8e3b5010222fcacda9db56c13b52316edbf4461f

SHA256
2ac708db7e5ed5c43062f1a63987481a9119dcc5024e60e3e1ddf4fb4cc961da

SHA512
79e481c01209170dfe26a6f42c403470923de61efbb418ae53db8d0494a552ec4f2018a237453a3ec72fdf202ab3707cc646e0794c43891e97f832e99f2daae7

Download Submit
C:\Windows\system\IEbdPoT.exe

Filesize
6.0MB

MD5
deddd51da726196cd5fd271b712b985c

SHA1
9393c1abe3323db098b8a61d716e4fd693627d6a

SHA256
e35889c6931a607a8faae28789c1312f79086840b21374b249683a9b74578afe

SHA512
1a7090ab1e5a3390036f10210150dfbabf195b742170562882191071f5dbd39f1be9b2c23f4f11a313310c47000dbc771726768426ec399ceb03cb1d598892b1

Download Submit
C:\Windows\system\LAuOsEm.exe

Filesize
6.0MB

MD5
1792cd7738c5a1eacec8143ecd8df3d7

SHA1
be8fa3dd6df7e3d5dfae7f0a0f9a0e8ee2423404

SHA256
5fc20df7d43e47244cf68d6adde7afe0c35fc05322f8216501448dfd1bdfbdec

SHA512
2cda228fb037a9fb9eba5df4d757e57d83c26b6b98c66d9f0f958cb0377d94b577dd3d34d6f53e6b674bda1bda79e9f6fc6bcce3e901bf4d8700432e3520d583

Download Submit
C:\Windows\system\NuwfctN.exe

Filesize
6.0MB

MD5
4fef222c730803db4a443521abbe9606

SHA1
d422ac6e0ccdb7b3ddd4b7c1f6b5d2b62f2b19b9

SHA256
ed21f2e010490e1d3cb266f54f0333a15942dc2d81b5d2ede65f5ec919df7acc

SHA512
98ac78731e594ccada8c0f402c40b0add132c685481a61219390da72134f4eae101f520b6e25bceec23359a394d6fe078399b94f902a22cb00853f1d19f28a5e

Download Submit
C:\Windows\system\QUdFzSv.exe

Filesize
6.0MB

MD5
caed3926667e65a569130ee51d4b09fe

SHA1
2967103eed64e882df8a6b4117ebb894d0b14ed5

SHA256
48752ad79825db0997baa1eeb0177d07a7790f351fe5708eb128c3a6a064c570

SHA512
028feebbcbe18229ea27762bc7acedd6c59282814dffa280ac3c69a822f6e332433f396861677b7537b9621c3b534ae0246be9cff0230945bfda1b6ec966294a

Download Submit
C:\Windows\system\USwgtmY.exe

Filesize
6.0MB

MD5
a3e38a83a32146fc36654551881c7b18

SHA1
c533c5a5a953a30512b2e94259e49317f21f2055

SHA256
eb91889a0f8249582a798dbed2f83734b86f4f8b5d10cec20d4b0ca54c3288ad

SHA512
3a5ebe2abc7d8625033e2178a337195490d049e56ef4e8fb2f10aa553cd17352929de90ae1f0492f58923e8e2029b143f3d014cb42f5919ecab6235bc2fa4c9c

Download Submit
C:\Windows\system\UljxryB.exe

Filesize
6.0MB

MD5
63011e4e59eae4ad2b32f5dfc72d1ea6

SHA1
718cd41bb917c16311517ca9ded54feb30d18552

SHA256
e0b45fc01611dd9f2b11cc3f396f7465edbc974293ec1df00f4df7cb535eddb2

SHA512
725f29f2f0cae62d68eb9a0a26e73084c79083dd8fa7b34a607c739009c670a46d25d2a7c076d9e801f715816dfefc7560e3c88fc853f27c25dbfb45dc6f5cc6

Download Submit
C:\Windows\system\WlyMouW.exe

Filesize
6.0MB

MD5
0836bc732bb4b725faefac7d186f25e8

SHA1
62e14f5e167724126204976d006509175cc39569

SHA256
0b510d34379f32dc6b9615b9314b6abab28013eb8743919ddd50e6d48ba3d888

SHA512
e8f432216d56e24b534d5db0bf9c42629813332a03421839cfd98ee4a185c3acdd86585634317d834587bf29c9044d33919bbd23af3817a4a95126757f81d26e

Download Submit
C:\Windows\system\YfvDMnl.exe

Filesize
6.0MB

MD5
27c2d49f2b82346f851cdfe1e98b5652

SHA1
aab19c26aa5d9024460f399dbd2acd3411426218

SHA256
bfe2be5b08aa7e4924937d35104e25ef329ab3e6a76d5b8f90d083471f1bbc03

SHA512
e79ec1baf6ee76c9801511b21bb9298dcedabe4418fbf3c2bb47c97f8a7bd147476076f56b0557dac60f8fdf9469fc054a640fe93039e6f64f007ee11bd2f4ea

Download Submit
C:\Windows\system\ZRicoul.exe

Filesize
6.0MB

MD5
b18094933124527c940e8bf36ceb4e9d

SHA1
0f22d156d3a07597bf0611d4b49292cca85cdc48

SHA256
8340e5f425f32e269a9e8573bde252ffe20127c4d1f73a83590e949a4fe4d94f

SHA512
c3d2fbc3c9e099f497f9dc6521e0ec1eadaac831982411474213df8d6a960b49216a7122eec78d015bb0a5a645a880d1dceb8bf0a3ef3741f490b6e442bfb34a

Download Submit
C:\Windows\system\bRLllfd.exe

Filesize
6.0MB

MD5
2ac8416daa186b024f4b35024e4ef76b

SHA1
fc18cd7a4fa18261c3fd6dc6e2a6ee82a3d3cf39

SHA256
d0bfd79ce0b189c4c479720e2880bca09593b04f95a34018d06cc7e4cacaddf3

SHA512
3c6d2393d5b4db7a7f860cf4e027e82bcc3db1d3129ad45bbba13055fc5e67525ae4b0da25ef9590b54b2bed1d0054f84983652e1ca67e7cc81c56aa709ada5a

Download Submit
C:\Windows\system\buLfzzg.exe

Filesize
6.0MB

MD5
15f187061ee9198fb0fc4ad298993053

SHA1
e8d1b2d16c871d11c71140254d893a7d7b9bee6f

SHA256
b9d3bc782519c7231221b4315f78aece54fd40ef404599bf61df27cf53410648

SHA512
11e5607291b7ed6dc30e358df63d08205f5ad6d4779b45f0602bb8b8fe099513047e6d00664b1d91b23508e359d2ef791f01c4b3f5505b8ba0a44f733c5e8327

Download Submit
C:\Windows\system\dtOBSah.exe

Filesize
6.0MB

MD5
ca27fbea0326b17905ffb66f768d84db

SHA1
f323f15d7309e588a65a459e009d8e433dc811be

SHA256
38d3cbb69c0377db6c9ff88892752de3971a843eb18340ba368dfc480c5361d3

SHA512
f1f64b3c767e454fa0279446d26c590d540f478eff25341171a36b62efbe7cec88bb3f6d4c687111c36a921b221cfead1b9246728d54f100dc4fb40f3c36b156

Download Submit
C:\Windows\system\eKzKraz.exe

Filesize
6.0MB

MD5
8530ba03d19b49b90f9b752f77cae38d

SHA1
f85a02652d68731e37643e63433917354ad0d002

SHA256
8d30560c42f082a3784da15591617b67df2f658f3869d70e1d7fca00a6ad016b

SHA512
875489255a5a40ef1571a9f4a6353bf6e38c403ebd8738460b14abfeb3aea247347984ee866c5ee84593c459e7e3abf3fbcfd04317d95e0526a16eccf29c69c3

Download Submit
C:\Windows\system\eYawGwd.exe

Filesize
6.0MB

MD5
aa91b4a2909f795164ccab367a679317

SHA1
48763e1973f429c2bcb237be87ea5cd5fd658787

SHA256
5652ec389d355ca9ad630065afad5d16185e84fb8e29e3de7c975e1377ca54e8

SHA512
68ffa523fc8c7c9788766df0fe9f24d5bea293fb2bdbdcd1418e9f2d8bf007c9325d8b8bd9403033a01a5b335c0558d97570eb7eb100b146a5d18e2952d8cce3

Download Submit
C:\Windows\system\gFGMCMA.exe

Filesize
6.0MB

MD5
7462fdc470d9ba164ada340349082e96

SHA1
bc63187ed43f6156566271f08e9ded9734a52bfc

SHA256
20a30d68a99d7fc3900fe966fd5f244920be75c0852f08d9f49cbbdbb6e9602a

SHA512
2240eb114e08de41888ff90dcb17e792209e4abed2783c87b1651270bfb84d2100a3cb7f53b10e3be64868dabd986b25fd0f23b1d5f4c83c3b88a66a8bbccdb2

Download Submit
C:\Windows\system\gcFoGlY.exe

Filesize
6.0MB

MD5
1638cc171407fad76f98412bb33021a8

SHA1
8e8f293992b8cc2f9461145c41948cae66d745b1

SHA256
fe83d664e56dd029a89602b0228a9cf283753c0100b892435e9d6efc9fd36389

SHA512
be10fa778dd63ced3740d6983a2e03247867fb62438b59ae859dc0a213358e0a717d0daee0b824e4f12b5ec35eee6dfc477c29eb22a896997160f34365c421b0

Download Submit
C:\Windows\system\iNVpaNa.exe

Filesize
6.0MB

MD5
754792a883c15ddbc9a692c1f195ed4a

SHA1
770af579b6069981e62ded265ec0c3c5d939b5e8

SHA256
55de00c62148e95028baebd42aad7725ebadd5ae297e3b4340ae8e8008a70f9f

SHA512
494ea7526f81e63e274bf1782241d6ae12a7c9af44bb37424ea6209a1e8aabc27ed180a349886d2ee2d37141a6a6b604d7cc5c7cd44107858449a50c9ffee343

Download Submit
C:\Windows\system\oTspKJA.exe

Filesize
6.0MB

MD5
1bda265063f49016345b3014a883a289

SHA1
d2911352542f02886ef14758708cafc70c02dea6

SHA256
67ae622f373cfc1890c684286dbdc7bb284f4424d8863c091171b14a5ebe9150

SHA512
fb4450ef90b82ec213d5a4ce4359bc01a60fe7c721e6fd95a6af805e0d1059dc7cf6f39d107a85a84f20f56ba39a50f4efa6e3bef4e0e5af871e2cc03222adb4

Download Submit
C:\Windows\system\pPsxhHr.exe

Filesize
6.0MB

MD5
ffa61db6f084bd7ade0398b59c0dd16d

SHA1
9124cdafeeaa721d6236dcfbada3cd432ad0b7ff

SHA256
08957707a61309e593a0e5596d5c4da22fd896d75a995482fbac674efa6ec69b

SHA512
b65a97f1ca19c29e66ae75a325d537df7390085704a1dbffa1edc1645039fb43365d578059aa1cc68491f2d0b852ff0f5d62d9025551d17c8d7491a0374af9ef

Download Submit
C:\Windows\system\pThtPzF.exe

Filesize
6.0MB

MD5
2f5b79519ea35673337b99c235d0bce0

SHA1
bb0520c12c739eab75b12c09dff6b6a2e3e54020

SHA256
c33eeb8ec970d261136a7c51525fb624b61dcb32f6967461f0c1a8413f7ca5a4

SHA512
c3175c069c50c763947c75965223f1f9d82745a42cabfe0194bbb01751aef4772c884cdb6c1d7e8aa38523c238122eda0481ddd3c721ab3c9620ce581d67ba27

Download Submit
C:\Windows\system\poXqSIn.exe

Filesize
6.0MB

MD5
8b889dd42f3fe4aeb75d69e10d7e8212

SHA1
b2cffb92e05ac3e7c0d8ba2f0f9f0fa6f0b01967

SHA256
3d74272e4bda7806bf0c6f6d3dd5e76a345bc1578fc9fc04bd5078f6310057dc

SHA512
1e9e4fbabf316aec6b9f2f3b25860d1ac43fbcc50a63122958c51e4fee10e8e4ee354119949d42c137df990be5d978ae053524381db92c9125648ff987faf694

Download Submit
C:\Windows\system\ukeVxot.exe

Filesize
6.0MB

MD5
79c734450291efb3ba6af3ff9e54d72a

SHA1
b4661bd27361de50e72f484c3912f8f87e169041

SHA256
9729d54fb455838e64a6ecb7e59d39ba94aa940247573d8023e7ac5d3845a8ef

SHA512
02b2ab2f0a60ded7533b3050e71c12257de31f1b663734c65fd79b290cd0de651e00d4903ae9a30e55426df37f4dac09ea192fb79fbba8ca8961207999fa6506

Download Submit
C:\Windows\system\xAMwYbK.exe

Filesize
6.0MB

MD5
b2239d3876eafea7d42b6c9880226c30

SHA1
961621824eddd10a6d271a1f021834de377fe3e1

SHA256
5ebba7485624eff6e7211e40e95b2ceefd8c16e8c05dae11010172362b7852ed

SHA512
40a49c6fe46203e91518e7b30b27da48cee53220a7f99c8d73504404720d3a01c25d983926e45b4e232288ba21bb27fde36242b6f448ad60e4cf3482ed27fd15

Download Submit
\Windows\system\JDmQOUN.exe

Filesize
6.0MB

MD5
6144ae912478d9804058b119a1fc0cbd

SHA1
639cf020f5848df749625012eb86b680d06cf7ba

SHA256
f2472457f8a07008158fe1b1750bdd5dc14710910734817da30b2b6432d49945

SHA512
dd23257f7eb5c2ee1a5aba5f4b776934afe2dbc99c8b264db7e4ee4d448b8aca65179422dfb16aae1ad7eb4663bed1b491df98fdf9120ee3706e48215460eb05

Download Submit
\Windows\system\RinfjRE.exe

Filesize
6.0MB

MD5
8f66c416c284cd239e0ead40936a4fa4

SHA1
47afa0c684125f24da41e82f4911cb8927ede0b9

SHA256
be3bf89df29129c39dc4c20a4b7033e33a65ea9af0ae9e1553b08bb949d01428

SHA512
9dcf50ab146d0faf54a5eed6a592fdd3f41b061d2efca71c3add4448eb4c6e9f5d6b2a9e44d7e78d04a55a1a98107eae1f4cbc41abc112f3ff682559bbc64e7b

Download Submit
\Windows\system\UqVmQOF.exe

Filesize
6.0MB

MD5
28a5bb31c92e5d9f4e044abf84b79c80

SHA1
45811f5f7038726f9143e18ebcfa81e5eb5ceafb

SHA256
e3a46ad87978c030e0b6c0fda3ede6e7164424a16c40509d3b3d70bba161a7c3

SHA512
65df4e7a7152626686d9978662fbd5041e7183bdb6fc7590db681888554d52de2ac5a68a5bd3496b27bab3f43591f4486e78eda9baa0802434a203ba63a7da1c

Download Submit
\Windows\system\dWQZKor.exe

Filesize
6.0MB

MD5
7740aa7f5b67d6620fdb358bc2d04af3

SHA1
76a0665d3aab5a18247d4c43f818ff0b6ed3fdfb

SHA256
15abf8fcc3ec2387f4bcd93840d78c31ba7b0ad7715af10eb087219c3abbe66f

SHA512
1b45ca200d5848a4ee82fea87b094e5fa20dbec70acd9d2058e46b9751e087145ede4e3489f5c2f52bf14352e6f1cda3a88d3da87814ff833055fe76367a154e

Download Submit
\Windows\system\gNpjXdD.exe

Filesize
6.0MB

MD5
98ea217b7f50d315c916847a0897d842

SHA1
da4c9fc777364b7d41f18206e85e98389d14b63c

SHA256
ee202af432e6798d63a602ca63c03d6e5ba115caf8708d8ba21d6395204194a9

SHA512
6d09caf1774648a29d61dc166783f32ec72c03f2fa3c7cdc329a9d905543de56433f2454c87ca636406c74566085c4b2b49da82af98733b87ce131759780e89c

Download Submit
\Windows\system\mgTFfuP.exe

Filesize
6.0MB

MD5
4963f5915f97a39a3aaa25e4b8574641

SHA1
a9ba25cf36f3965d00054778a722e4feb4847867

SHA256
f2987efe7a422de0e06a72e827cb8eec73d3aed0753afa5a0c1e50bca0f470d3

SHA512
a8fe7e2689ea003b09a40d8ab66379f3c32df4cb6aa88309bdaa3a129804c79d6ecd7ebb40b5a1d259516e2d4d743f109f546b6c75c8a701a77808ccf8f8ad00

Download Submit
\Windows\system\nJRSygm.exe

Filesize
6.0MB

MD5
8d37b646a7c0ee21cf7c2b4364faae32

SHA1
342e569eb58850c1be54dabb01e80a438a0a1b48

SHA256
f3bc589a2dd81221efc656421c2c5cf5b9cbf3e9a7d045f0556c0b5befb13c4c

SHA512
dd09585da93387119dfa97910c6c3293044674d5792c86d6039880b46f29235bf43b4cd73179b4abf7e743d08673535351de8949182395cf58fa2a07bde468d3

Download Submit
\Windows\system\nqpNabn.exe

Filesize
6.0MB

MD5
392b2e58db23b71f14e8cc27173ffc5b

SHA1
110b07be4873e8faa9e0e33a1e2e95f604a3b709

SHA256
f67a7bbeca93fc1f505e8d2ffc3d01a731eff718195502a645f028e0790769ec

SHA512
3e3beb3bcc20f771bddcddee4ae8406718a5b018c33281d58ca06b72ee00d3d7a56178f2bc673f9df56e13123b41c9adf28693a4834e4611ffc2ae1d526c4a8d

Download Submit
memory/268-30-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/268-4018-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/1128-4022-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/1128-51-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/1956-4025-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-59-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/1988-64-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/1988-4024-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2124-56-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2124-4021-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2260-4031-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2260-449-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2368-18-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2368-4020-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2368-544-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2500-3667-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2500-72-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2500-4027-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2524-4030-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2524-429-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2548-3879-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-4029-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-85-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-4023-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-63-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3876-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2764-78-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2764-4028-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2784-65-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2784-4026-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2828-3978-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2828-60-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-54-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2828-17-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-3185-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-44-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2828-3804-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-58-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-67-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2828-4003-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-83-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2828-4017-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-441-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2828-42-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2828-512-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-513-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2828-514-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-455-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-36-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2828-1-0x0000000001B20000-0x0000000001B30000-memory.dmp

Filesize
64KB

Download
memory/2828-23-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2828-50-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-76-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-0-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2884-4019-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2884-27-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download