cobaltstrike | 1a9e9fa8d3652ade505e492425fbf1a9186318b3ed5795bae86065c3dc0c11c7

Analysis

max time kernel
149s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/12/2024, 04:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

192820843ad50a946722f33af44b86e4
SHA1

fae91a00e73c10d8e39b5239561e396f1bfcf150
SHA256

1a9e9fa8d3652ade505e492425fbf1a9186318b3ed5795bae86065c3dc0c11c7
SHA512

1064cd3b60f602296cb34035868444888067b7dc0d4066e5311db78c1488c93ec520296d0f43d092d7dfae90e6798c0a84ff69bbe84fd9d7d606f9e8731f44fa
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUg:T+q56utgpPF8u/7g

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012118-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015f96-10.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016009-12.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001613e-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016334-33.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001659b-51.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000164db-49.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001686c-62.dat	cobalt_reflective_dll
behavioral1/files/0x0038000000015dc0-46.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de8-74.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016edb-80.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f3-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018696-130.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a6-131.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e1-188.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-193.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001904c-183.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f65-178.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c44-173.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c34-168.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a2-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-159.dat	cobalt_reflective_dll
behavioral1/files/0x0015000000018676-157.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174c3-155.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017488-152.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017403-151.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001757f-138.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016eb8-90.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016de4-88.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001746a-113.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017400-112.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001707c-104.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2688-0-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012118-3.dat	xmrig
behavioral1/memory/2648-9-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2688-8-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015f96-10.dat	xmrig
behavioral1/memory/2716-15-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2688-13-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016009-12.dat	xmrig
behavioral1/files/0x000800000001613e-23.dat	xmrig
behavioral1/memory/2688-24-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/memory/2348-22-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2688-19-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016334-33.dat	xmrig
behavioral1/files/0x000700000001659b-51.dat	xmrig
behavioral1/memory/3016-55-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2680-50-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/files/0x00070000000164db-49.dat	xmrig
behavioral1/memory/2524-63-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/files/0x000900000001686c-62.dat	xmrig
behavioral1/memory/2716-58-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2992-48-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2688-47-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/files/0x0038000000015dc0-46.dat	xmrig
behavioral1/memory/2736-45-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2688-42-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2884-39-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2348-67-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2884-68-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2992-69-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/files/0x0006000000016de8-74.dat	xmrig
behavioral1/files/0x0006000000016edb-80.dat	xmrig
behavioral1/files/0x00060000000173f3-86.dat	xmrig
behavioral1/files/0x0005000000018696-130.dat	xmrig
behavioral1/files/0x00060000000174a6-131.dat	xmrig
behavioral1/memory/2816-125-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/files/0x00060000000190e1-188.dat	xmrig
behavioral1/memory/2524-244-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/files/0x00050000000191d2-193.dat	xmrig
behavioral1/files/0x000600000001904c-183.dat	xmrig
behavioral1/files/0x0006000000018f65-178.dat	xmrig
behavioral1/files/0x0006000000018c44-173.dat	xmrig
behavioral1/files/0x0006000000018c34-168.dat	xmrig
behavioral1/files/0x00050000000187a2-163.dat	xmrig
behavioral1/files/0x0005000000018697-159.dat	xmrig
behavioral1/files/0x0015000000018676-157.dat	xmrig
behavioral1/files/0x00060000000174c3-155.dat	xmrig
behavioral1/files/0x0006000000017488-152.dat	xmrig
behavioral1/files/0x0006000000017403-151.dat	xmrig
behavioral1/memory/2688-150-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2852-143-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/files/0x000600000001757f-138.dat	xmrig
behavioral1/memory/2868-129-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/3016-100-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/files/0x0006000000016eb8-90.dat	xmrig
behavioral1/files/0x0007000000016de4-88.dat	xmrig
behavioral1/memory/2688-114-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/files/0x000600000001746a-113.dat	xmrig
behavioral1/files/0x0006000000017400-112.dat	xmrig
behavioral1/files/0x000600000001707c-104.dat	xmrig
behavioral1/memory/2680-73-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2648-3126-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2716-3157-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2348-3164-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2884-3175-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2648	JdeuYJx.exe
2716	UsUiUqq.exe
2348	uwEUuQH.exe
2884	iABCEzb.exe
2736	euCKaYc.exe
2992	vGTseqa.exe
2680	jrLSGOq.exe
3016	qdfvhQA.exe
2524	isvQJOJ.exe
2816	VliAYMH.exe
2868	DRRDWhG.exe
2852	dRuFsjp.exe
1700	tArppha.exe
2036	XuUEEIe.exe
2400	SpSnLic.exe
1684	yYdICBJ.exe
1152	NCHjORL.exe
2492	nLdjLdn.exe
1532	BFmrYVf.exe
1560	RzerWgo.exe
1916	XiSlYVP.exe
1628	qNsTovR.exe
1416	JVTmBDl.exe
2128	xvUxXeq.exe
2104	Tiqzjgn.exe
3024	bgcuyvW.exe
2116	SpynHvq.exe
1420	sREBEBp.exe
1096	ddguwyi.exe
1688	XoNRNWW.exe
932	OINnPJZ.exe
2472	xmmnLfk.exe
1044	rtyZRuZ.exe
2324	Mrekgzh.exe
2428	NWZFrsF.exe
1816	AEViCau.exe
1592	zTPBtoc.exe
2892	hUEeuJP.exe
1528	lnrlxFY.exe
1640	tRHGNuq.exe
2432	BrKdOXE.exe
2264	fnbxruT.exe
1204	SNvyQkk.exe
1928	ZXeSJGw.exe
1932	pCNNnxZ.exe
2124	MLcAPbT.exe
2340	exMaWzw.exe
1544	eBEREca.exe
1004	bdxTCyW.exe
1508	CblLpae.exe
848	GLgqDHp.exe
2120	obZYcUc.exe
2208	xnWKceQ.exe
3036	TMlNyVY.exe
2712	LxNiaun.exe
2376	LSuHhar.exe
2536	jcbniUf.exe
3048	IJpsFVG.exe
2504	ehUeWEe.exe
2756	LLysKOA.exe
3060	FsJNUFG.exe
2556	dICJUde.exe
2676	WNqZXjT.exe
2496	DDsiEva.exe

Loads dropped DLL 64 IoCs

pid	Process
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2688-0-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/files/0x0007000000012118-3.dat	upx
behavioral1/memory/2648-9-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/files/0x0008000000015f96-10.dat	upx
behavioral1/memory/2716-15-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/files/0x0009000000016009-12.dat	upx
behavioral1/files/0x000800000001613e-23.dat	upx
behavioral1/memory/2348-22-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/files/0x0007000000016334-33.dat	upx
behavioral1/files/0x000700000001659b-51.dat	upx
behavioral1/memory/3016-55-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2680-50-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/files/0x00070000000164db-49.dat	upx
behavioral1/memory/2524-63-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/files/0x000900000001686c-62.dat	upx
behavioral1/memory/2716-58-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2992-48-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2688-47-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/files/0x0038000000015dc0-46.dat	upx
behavioral1/memory/2736-45-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2884-39-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2348-67-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2884-68-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2992-69-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/files/0x0006000000016de8-74.dat	upx
behavioral1/files/0x0006000000016edb-80.dat	upx
behavioral1/files/0x00060000000173f3-86.dat	upx
behavioral1/files/0x0005000000018696-130.dat	upx
behavioral1/files/0x00060000000174a6-131.dat	upx
behavioral1/memory/2816-125-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/files/0x00060000000190e1-188.dat	upx
behavioral1/memory/2524-244-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/files/0x00050000000191d2-193.dat	upx
behavioral1/files/0x000600000001904c-183.dat	upx
behavioral1/files/0x0006000000018f65-178.dat	upx
behavioral1/files/0x0006000000018c44-173.dat	upx
behavioral1/files/0x0006000000018c34-168.dat	upx
behavioral1/files/0x00050000000187a2-163.dat	upx
behavioral1/files/0x0005000000018697-159.dat	upx
behavioral1/files/0x0015000000018676-157.dat	upx
behavioral1/files/0x00060000000174c3-155.dat	upx
behavioral1/files/0x0006000000017488-152.dat	upx
behavioral1/files/0x0006000000017403-151.dat	upx
behavioral1/memory/2852-143-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/files/0x000600000001757f-138.dat	upx
behavioral1/memory/2868-129-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/3016-100-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/files/0x0006000000016eb8-90.dat	upx
behavioral1/files/0x0007000000016de4-88.dat	upx
behavioral1/files/0x000600000001746a-113.dat	upx
behavioral1/files/0x0006000000017400-112.dat	upx
behavioral1/files/0x000600000001707c-104.dat	upx
behavioral1/memory/2680-73-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2648-3126-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2716-3157-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2348-3164-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2884-3175-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2736-3196-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/3016-3200-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2680-3209-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2524-3211-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2992-3216-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2816-3783-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2868-3781-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ZzgBoaq.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yTfqict.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PxWJIIr.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EkwMhHW.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cPDQnVw.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bCWxlub.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YMuynUC.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DyzSioP.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nqlFmRI.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ChlKFcH.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NVSkCvg.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vDiyxwO.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VaFMSWu.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bxvGkAi.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FefNjua.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OvwNsDl.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LFEvUns.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uHMmbKM.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aFEEuzg.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aDnkxdL.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BVfGIyE.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BiBRRfL.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DeVRjgX.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ljqkUVv.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YzTASdk.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WYAhARJ.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OnGtDBC.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XLhMFon.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SFBCWVO.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XuUEEIe.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mZeTmYR.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wnLByLj.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bLVhQiq.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EqAgouR.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CeNFhJy.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xehpdEh.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yjhUQYD.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YwRclqW.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BfLJksS.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xabcwCV.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uKSWkSk.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kwtCuUW.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NpCqOyu.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LYuidrY.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PTBkoFw.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BhiNczv.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rrCNCga.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WblWQSV.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oJPOSHk.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NZzLsCk.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hFNDJAY.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DziZXUK.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LUuSefW.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yhzXvsR.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sJDhHER.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LVzevbJ.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BjatzjI.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mOJBtxR.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qrWTsfL.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PiApiKR.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WsIwzXF.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nfDZWgf.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QVdUIkm.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uYknPin.exe	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 2648	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2688 wrote to memory of 2648	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2688 wrote to memory of 2648	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2688 wrote to memory of 2716	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2688 wrote to memory of 2716	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2688 wrote to memory of 2716	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2688 wrote to memory of 2348	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2688 wrote to memory of 2348	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2688 wrote to memory of 2348	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2688 wrote to memory of 2884	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2688 wrote to memory of 2884	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2688 wrote to memory of 2884	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2688 wrote to memory of 2992	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2688 wrote to memory of 2992	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2688 wrote to memory of 2992	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2688 wrote to memory of 2736	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2688 wrote to memory of 2736	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2688 wrote to memory of 2736	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2688 wrote to memory of 2680	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2688 wrote to memory of 2680	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2688 wrote to memory of 2680	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2688 wrote to memory of 3016	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2688 wrote to memory of 3016	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2688 wrote to memory of 3016	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2688 wrote to memory of 2524	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2688 wrote to memory of 2524	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2688 wrote to memory of 2524	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2688 wrote to memory of 2816	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2688 wrote to memory of 2816	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2688 wrote to memory of 2816	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2688 wrote to memory of 2852	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2688 wrote to memory of 2852	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2688 wrote to memory of 2852	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2688 wrote to memory of 2868	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2688 wrote to memory of 2868	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2688 wrote to memory of 2868	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2688 wrote to memory of 1532	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2688 wrote to memory of 1532	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2688 wrote to memory of 1532	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2688 wrote to memory of 1700	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2688 wrote to memory of 1700	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2688 wrote to memory of 1700	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2688 wrote to memory of 1560	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2688 wrote to memory of 1560	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2688 wrote to memory of 1560	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2688 wrote to memory of 2036	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2688 wrote to memory of 2036	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2688 wrote to memory of 2036	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2688 wrote to memory of 1916	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2688 wrote to memory of 1916	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2688 wrote to memory of 1916	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2688 wrote to memory of 2400	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2688 wrote to memory of 2400	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2688 wrote to memory of 2400	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2688 wrote to memory of 1628	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2688 wrote to memory of 1628	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2688 wrote to memory of 1628	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2688 wrote to memory of 1684	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2688 wrote to memory of 1684	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2688 wrote to memory of 1684	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2688 wrote to memory of 1416	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2688 wrote to memory of 1416	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2688 wrote to memory of 1416	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2688 wrote to memory of 1152	2688	2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_192820843ad50a946722f33af44b86e4_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Windows\System\JdeuYJx.exe
  C:\Windows\System\JdeuYJx.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\UsUiUqq.exe
  C:\Windows\System\UsUiUqq.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\uwEUuQH.exe
  C:\Windows\System\uwEUuQH.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\iABCEzb.exe
  C:\Windows\System\iABCEzb.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\vGTseqa.exe
  C:\Windows\System\vGTseqa.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\euCKaYc.exe
  C:\Windows\System\euCKaYc.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\jrLSGOq.exe
  C:\Windows\System\jrLSGOq.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\qdfvhQA.exe
  C:\Windows\System\qdfvhQA.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\isvQJOJ.exe
  C:\Windows\System\isvQJOJ.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\VliAYMH.exe
  C:\Windows\System\VliAYMH.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\dRuFsjp.exe
  C:\Windows\System\dRuFsjp.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\DRRDWhG.exe
  C:\Windows\System\DRRDWhG.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\BFmrYVf.exe
  C:\Windows\System\BFmrYVf.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\tArppha.exe
  C:\Windows\System\tArppha.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\RzerWgo.exe
  C:\Windows\System\RzerWgo.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\XuUEEIe.exe
  C:\Windows\System\XuUEEIe.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\XiSlYVP.exe
  C:\Windows\System\XiSlYVP.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\SpSnLic.exe
  C:\Windows\System\SpSnLic.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\qNsTovR.exe
  C:\Windows\System\qNsTovR.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\yYdICBJ.exe
  C:\Windows\System\yYdICBJ.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\JVTmBDl.exe
  C:\Windows\System\JVTmBDl.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\NCHjORL.exe
  C:\Windows\System\NCHjORL.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\xvUxXeq.exe
  C:\Windows\System\xvUxXeq.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\nLdjLdn.exe
  C:\Windows\System\nLdjLdn.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\Tiqzjgn.exe
  C:\Windows\System\Tiqzjgn.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\bgcuyvW.exe
  C:\Windows\System\bgcuyvW.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\SpynHvq.exe
  C:\Windows\System\SpynHvq.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\sREBEBp.exe
  C:\Windows\System\sREBEBp.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\ddguwyi.exe
  C:\Windows\System\ddguwyi.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\XoNRNWW.exe
  C:\Windows\System\XoNRNWW.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\OINnPJZ.exe
  C:\Windows\System\OINnPJZ.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\xmmnLfk.exe
  C:\Windows\System\xmmnLfk.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\rtyZRuZ.exe
  C:\Windows\System\rtyZRuZ.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\Mrekgzh.exe
  C:\Windows\System\Mrekgzh.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\NWZFrsF.exe
  C:\Windows\System\NWZFrsF.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\AEViCau.exe
  C:\Windows\System\AEViCau.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\zTPBtoc.exe
  C:\Windows\System\zTPBtoc.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\hUEeuJP.exe
  C:\Windows\System\hUEeuJP.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\lnrlxFY.exe
  C:\Windows\System\lnrlxFY.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\tRHGNuq.exe
  C:\Windows\System\tRHGNuq.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\BrKdOXE.exe
  C:\Windows\System\BrKdOXE.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\fnbxruT.exe
  C:\Windows\System\fnbxruT.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\SNvyQkk.exe
  C:\Windows\System\SNvyQkk.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\ZXeSJGw.exe
  C:\Windows\System\ZXeSJGw.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\pCNNnxZ.exe
  C:\Windows\System\pCNNnxZ.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\MLcAPbT.exe
  C:\Windows\System\MLcAPbT.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\exMaWzw.exe
  C:\Windows\System\exMaWzw.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\eBEREca.exe
  C:\Windows\System\eBEREca.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\bdxTCyW.exe
  C:\Windows\System\bdxTCyW.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\CblLpae.exe
  C:\Windows\System\CblLpae.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\GLgqDHp.exe
  C:\Windows\System\GLgqDHp.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\obZYcUc.exe
  C:\Windows\System\obZYcUc.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\xnWKceQ.exe
  C:\Windows\System\xnWKceQ.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\TMlNyVY.exe
  C:\Windows\System\TMlNyVY.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\LxNiaun.exe
  C:\Windows\System\LxNiaun.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\LSuHhar.exe
  C:\Windows\System\LSuHhar.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\jcbniUf.exe
  C:\Windows\System\jcbniUf.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\IJpsFVG.exe
  C:\Windows\System\IJpsFVG.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\ehUeWEe.exe
  C:\Windows\System\ehUeWEe.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\LLysKOA.exe
  C:\Windows\System\LLysKOA.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\FsJNUFG.exe
  C:\Windows\System\FsJNUFG.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\dICJUde.exe
  C:\Windows\System\dICJUde.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\WNqZXjT.exe
  C:\Windows\System\WNqZXjT.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\DDsiEva.exe
  C:\Windows\System\DDsiEva.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\cEKKQLa.exe
  C:\Windows\System\cEKKQLa.exe
  2⤵
  PID:2800
- C:\Windows\System\tNZCYLF.exe
  C:\Windows\System\tNZCYLF.exe
  2⤵
  PID:2388
- C:\Windows\System\ybMRgAH.exe
  C:\Windows\System\ybMRgAH.exe
  2⤵
  PID:2572
- C:\Windows\System\hjlgQIC.exe
  C:\Windows\System\hjlgQIC.exe
  2⤵
  PID:2812
- C:\Windows\System\fXBwCxJ.exe
  C:\Windows\System\fXBwCxJ.exe
  2⤵
  PID:264
- C:\Windows\System\ImSkTVw.exe
  C:\Windows\System\ImSkTVw.exe
  2⤵
  PID:2252
- C:\Windows\System\JaaiomL.exe
  C:\Windows\System\JaaiomL.exe
  2⤵
  PID:1500
- C:\Windows\System\YLiakGP.exe
  C:\Windows\System\YLiakGP.exe
  2⤵
  PID:1456
- C:\Windows\System\XiuJokq.exe
  C:\Windows\System\XiuJokq.exe
  2⤵
  PID:2144
- C:\Windows\System\khuCEZA.exe
  C:\Windows\System\khuCEZA.exe
  2⤵
  PID:1220
- C:\Windows\System\kwtCuUW.exe
  C:\Windows\System\kwtCuUW.exe
  2⤵
  PID:1412
- C:\Windows\System\kosDNfA.exe
  C:\Windows\System\kosDNfA.exe
  2⤵
  PID:2908
- C:\Windows\System\LGuuGoD.exe
  C:\Windows\System\LGuuGoD.exe
  2⤵
  PID:2900
- C:\Windows\System\gBOagZc.exe
  C:\Windows\System\gBOagZc.exe
  2⤵
  PID:1796
- C:\Windows\System\IjwRiov.exe
  C:\Windows\System\IjwRiov.exe
  2⤵
  PID:1136
- C:\Windows\System\WCvFQpg.exe
  C:\Windows\System\WCvFQpg.exe
  2⤵
  PID:1988
- C:\Windows\System\JRBBvAw.exe
  C:\Windows\System\JRBBvAw.exe
  2⤵
  PID:2484
- C:\Windows\System\JylPEkx.exe
  C:\Windows\System\JylPEkx.exe
  2⤵
  PID:2280
- C:\Windows\System\WqRiVqk.exe
  C:\Windows\System\WqRiVqk.exe
  2⤵
  PID:1996
- C:\Windows\System\PQHYCsK.exe
  C:\Windows\System\PQHYCsK.exe
  2⤵
  PID:1552
- C:\Windows\System\rdnFdaY.exe
  C:\Windows\System\rdnFdaY.exe
  2⤵
  PID:736
- C:\Windows\System\XWncOTl.exe
  C:\Windows\System\XWncOTl.exe
  2⤵
  PID:1028
- C:\Windows\System\BiBRRfL.exe
  C:\Windows\System\BiBRRfL.exe
  2⤵
  PID:784
- C:\Windows\System\gVyODIf.exe
  C:\Windows\System\gVyODIf.exe
  2⤵
  PID:1792
- C:\Windows\System\ApXkJLs.exe
  C:\Windows\System\ApXkJLs.exe
  2⤵
  PID:2256
- C:\Windows\System\GVrZwpC.exe
  C:\Windows\System\GVrZwpC.exe
  2⤵
  PID:1760
- C:\Windows\System\MVhEXZO.exe
  C:\Windows\System\MVhEXZO.exe
  2⤵
  PID:2308
- C:\Windows\System\KsAeawn.exe
  C:\Windows\System\KsAeawn.exe
  2⤵
  PID:2468
- C:\Windows\System\xRuFvmz.exe
  C:\Windows\System\xRuFvmz.exe
  2⤵
  PID:2076
- C:\Windows\System\mOZrEiv.exe
  C:\Windows\System\mOZrEiv.exe
  2⤵
  PID:1600
- C:\Windows\System\JwXgIqG.exe
  C:\Windows\System\JwXgIqG.exe
  2⤵
  PID:2656
- C:\Windows\System\SqPXnzb.exe
  C:\Windows\System\SqPXnzb.exe
  2⤵
  PID:2364
- C:\Windows\System\omItMTi.exe
  C:\Windows\System\omItMTi.exe
  2⤵
  PID:2228
- C:\Windows\System\TOOdoEV.exe
  C:\Windows\System\TOOdoEV.exe
  2⤵
  PID:2596
- C:\Windows\System\QLJnJQt.exe
  C:\Windows\System\QLJnJQt.exe
  2⤵
  PID:2640
- C:\Windows\System\WVTxlqh.exe
  C:\Windows\System\WVTxlqh.exe
  2⤵
  PID:2696
- C:\Windows\System\ENPBOxB.exe
  C:\Windows\System\ENPBOxB.exe
  2⤵
  PID:2040
- C:\Windows\System\NGnRqZW.exe
  C:\Windows\System\NGnRqZW.exe
  2⤵
  PID:2776
- C:\Windows\System\baIDshz.exe
  C:\Windows\System\baIDshz.exe
  2⤵
  PID:2808
- C:\Windows\System\bCEXATt.exe
  C:\Windows\System\bCEXATt.exe
  2⤵
  PID:1964
- C:\Windows\System\NUCMuFu.exe
  C:\Windows\System\NUCMuFu.exe
  2⤵
  PID:1652
- C:\Windows\System\LsknaZX.exe
  C:\Windows\System\LsknaZX.exe
  2⤵
  PID:2216
- C:\Windows\System\ONQvoSM.exe
  C:\Windows\System\ONQvoSM.exe
  2⤵
  PID:532
- C:\Windows\System\SmJBVxk.exe
  C:\Windows\System\SmJBVxk.exe
  2⤵
  PID:2232
- C:\Windows\System\OhMyevB.exe
  C:\Windows\System\OhMyevB.exe
  2⤵
  PID:2344
- C:\Windows\System\PQTLgXO.exe
  C:\Windows\System\PQTLgXO.exe
  2⤵
  PID:1580
- C:\Windows\System\uGVUBPW.exe
  C:\Windows\System\uGVUBPW.exe
  2⤵
  PID:620
- C:\Windows\System\qHxpiyD.exe
  C:\Windows\System\qHxpiyD.exe
  2⤵
  PID:2204
- C:\Windows\System\IWPOokN.exe
  C:\Windows\System\IWPOokN.exe
  2⤵
  PID:1556
- C:\Windows\System\THsIygP.exe
  C:\Windows\System\THsIygP.exe
  2⤵
  PID:1036
- C:\Windows\System\iDBKRKd.exe
  C:\Windows\System\iDBKRKd.exe
  2⤵
  PID:1608
- C:\Windows\System\sGGMoOz.exe
  C:\Windows\System\sGGMoOz.exe
  2⤵
  PID:1372
- C:\Windows\System\oUrMeLG.exe
  C:\Windows\System\oUrMeLG.exe
  2⤵
  PID:2464
- C:\Windows\System\rpTfdCZ.exe
  C:\Windows\System\rpTfdCZ.exe
  2⤵
  PID:888
- C:\Windows\System\rcWvRYq.exe
  C:\Windows\System\rcWvRYq.exe
  2⤵
  PID:1780
- C:\Windows\System\zHrHZlL.exe
  C:\Windows\System\zHrHZlL.exe
  2⤵
  PID:688
- C:\Windows\System\oTdCCAx.exe
  C:\Windows\System\oTdCCAx.exe
  2⤵
  PID:2564
- C:\Windows\System\sfSvWhx.exe
  C:\Windows\System\sfSvWhx.exe
  2⤵
  PID:2668
- C:\Windows\System\RapSEow.exe
  C:\Windows\System\RapSEow.exe
  2⤵
  PID:2056
- C:\Windows\System\duTHZeE.exe
  C:\Windows\System\duTHZeE.exe
  2⤵
  PID:2440
- C:\Windows\System\dYvFIJj.exe
  C:\Windows\System\dYvFIJj.exe
  2⤵
  PID:2576
- C:\Windows\System\JuHFYeh.exe
  C:\Windows\System\JuHFYeh.exe
  2⤵
  PID:2568
- C:\Windows\System\SSraYnU.exe
  C:\Windows\System\SSraYnU.exe
  2⤵
  PID:2272
- C:\Windows\System\NLKtydz.exe
  C:\Windows\System\NLKtydz.exe
  2⤵
  PID:832
- C:\Windows\System\HjWzmDb.exe
  C:\Windows\System\HjWzmDb.exe
  2⤵
  PID:2368
- C:\Windows\System\DHpcwoC.exe
  C:\Windows\System\DHpcwoC.exe
  2⤵
  PID:1240
- C:\Windows\System\QTsIWYH.exe
  C:\Windows\System\QTsIWYH.exe
  2⤵
  PID:1856
- C:\Windows\System\tdCzDDV.exe
  C:\Windows\System\tdCzDDV.exe
  2⤵
  PID:2444
- C:\Windows\System\mZeTmYR.exe
  C:\Windows\System\mZeTmYR.exe
  2⤵
  PID:1576
- C:\Windows\System\yNrHjka.exe
  C:\Windows\System\yNrHjka.exe
  2⤵
  PID:2724
- C:\Windows\System\sQDmJjw.exe
  C:\Windows\System\sQDmJjw.exe
  2⤵
  PID:2644
- C:\Windows\System\diDEHfi.exe
  C:\Windows\System\diDEHfi.exe
  2⤵
  PID:2700
- C:\Windows\System\njriGfC.exe
  C:\Windows\System\njriGfC.exe
  2⤵
  PID:2864
- C:\Windows\System\hGBXtdn.exe
  C:\Windows\System\hGBXtdn.exe
  2⤵
  PID:2108
- C:\Windows\System\UJzFgYh.exe
  C:\Windows\System\UJzFgYh.exe
  2⤵
  PID:1272
- C:\Windows\System\xONQSux.exe
  C:\Windows\System\xONQSux.exe
  2⤵
  PID:1920
- C:\Windows\System\PfJUBHc.exe
  C:\Windows\System\PfJUBHc.exe
  2⤵
  PID:992
- C:\Windows\System\rOhIGWM.exe
  C:\Windows\System\rOhIGWM.exe
  2⤵
  PID:612
- C:\Windows\System\GKPTXbV.exe
  C:\Windows\System\GKPTXbV.exe
  2⤵
  PID:2788
- C:\Windows\System\QUhRlds.exe
  C:\Windows\System\QUhRlds.exe
  2⤵
  PID:808
- C:\Windows\System\IIGUwMb.exe
  C:\Windows\System\IIGUwMb.exe
  2⤵
  PID:2580
- C:\Windows\System\SloldWn.exe
  C:\Windows\System\SloldWn.exe
  2⤵
  PID:2836
- C:\Windows\System\BxxTqAQ.exe
  C:\Windows\System\BxxTqAQ.exe
  2⤵
  PID:3084
- C:\Windows\System\hkCYJCt.exe
  C:\Windows\System\hkCYJCt.exe
  2⤵
  PID:3100
- C:\Windows\System\YjuHZBN.exe
  C:\Windows\System\YjuHZBN.exe
  2⤵
  PID:3124
- C:\Windows\System\lysGwGu.exe
  C:\Windows\System\lysGwGu.exe
  2⤵
  PID:3140
- C:\Windows\System\IGERBuD.exe
  C:\Windows\System\IGERBuD.exe
  2⤵
  PID:3164
- C:\Windows\System\HtifHiE.exe
  C:\Windows\System\HtifHiE.exe
  2⤵
  PID:3184
- C:\Windows\System\ybJdSXQ.exe
  C:\Windows\System\ybJdSXQ.exe
  2⤵
  PID:3204
- C:\Windows\System\jcWKPcT.exe
  C:\Windows\System\jcWKPcT.exe
  2⤵
  PID:3224
- C:\Windows\System\QnTMnQz.exe
  C:\Windows\System\QnTMnQz.exe
  2⤵
  PID:3248
- C:\Windows\System\MMOfiZA.exe
  C:\Windows\System\MMOfiZA.exe
  2⤵
  PID:3264
- C:\Windows\System\AQYyrhm.exe
  C:\Windows\System\AQYyrhm.exe
  2⤵
  PID:3284
- C:\Windows\System\OEOVFdH.exe
  C:\Windows\System\OEOVFdH.exe
  2⤵
  PID:3304
- C:\Windows\System\LHymAUn.exe
  C:\Windows\System\LHymAUn.exe
  2⤵
  PID:3324
- C:\Windows\System\cTCNsrL.exe
  C:\Windows\System\cTCNsrL.exe
  2⤵
  PID:3344
- C:\Windows\System\QLMGhGy.exe
  C:\Windows\System\QLMGhGy.exe
  2⤵
  PID:3368
- C:\Windows\System\UEBBllu.exe
  C:\Windows\System\UEBBllu.exe
  2⤵
  PID:3388
- C:\Windows\System\tOJIYca.exe
  C:\Windows\System\tOJIYca.exe
  2⤵
  PID:3408
- C:\Windows\System\ANbQqYH.exe
  C:\Windows\System\ANbQqYH.exe
  2⤵
  PID:3428
- C:\Windows\System\QMiDIGQ.exe
  C:\Windows\System\QMiDIGQ.exe
  2⤵
  PID:3448
- C:\Windows\System\dDuQpbM.exe
  C:\Windows\System\dDuQpbM.exe
  2⤵
  PID:3468
- C:\Windows\System\eUxlqcu.exe
  C:\Windows\System\eUxlqcu.exe
  2⤵
  PID:3488
- C:\Windows\System\TQhRLMS.exe
  C:\Windows\System\TQhRLMS.exe
  2⤵
  PID:3508
- C:\Windows\System\tJbrklo.exe
  C:\Windows\System\tJbrklo.exe
  2⤵
  PID:3528
- C:\Windows\System\Widbwrk.exe
  C:\Windows\System\Widbwrk.exe
  2⤵
  PID:3548
- C:\Windows\System\XDjZsVu.exe
  C:\Windows\System\XDjZsVu.exe
  2⤵
  PID:3568
- C:\Windows\System\HoqwXhL.exe
  C:\Windows\System\HoqwXhL.exe
  2⤵
  PID:3588
- C:\Windows\System\SRDdsiL.exe
  C:\Windows\System\SRDdsiL.exe
  2⤵
  PID:3608
- C:\Windows\System\OhUgupR.exe
  C:\Windows\System\OhUgupR.exe
  2⤵
  PID:3624
- C:\Windows\System\XjKSpsj.exe
  C:\Windows\System\XjKSpsj.exe
  2⤵
  PID:3644
- C:\Windows\System\MtQYhsO.exe
  C:\Windows\System\MtQYhsO.exe
  2⤵
  PID:3668
- C:\Windows\System\tebzvPw.exe
  C:\Windows\System\tebzvPw.exe
  2⤵
  PID:3688
- C:\Windows\System\PdOvfGN.exe
  C:\Windows\System\PdOvfGN.exe
  2⤵
  PID:3708
- C:\Windows\System\QYpwWBa.exe
  C:\Windows\System\QYpwWBa.exe
  2⤵
  PID:3728
- C:\Windows\System\MATMaeW.exe
  C:\Windows\System\MATMaeW.exe
  2⤵
  PID:3748
- C:\Windows\System\CSwxEkh.exe
  C:\Windows\System\CSwxEkh.exe
  2⤵
  PID:3768
- C:\Windows\System\DvPJaUW.exe
  C:\Windows\System\DvPJaUW.exe
  2⤵
  PID:3784
- C:\Windows\System\SbVKuEU.exe
  C:\Windows\System\SbVKuEU.exe
  2⤵
  PID:3804
- C:\Windows\System\tSHSFfl.exe
  C:\Windows\System\tSHSFfl.exe
  2⤵
  PID:3824
- C:\Windows\System\GNLijZv.exe
  C:\Windows\System\GNLijZv.exe
  2⤵
  PID:3848
- C:\Windows\System\OTWgWFE.exe
  C:\Windows\System\OTWgWFE.exe
  2⤵
  PID:3864
- C:\Windows\System\qVcGiJE.exe
  C:\Windows\System\qVcGiJE.exe
  2⤵
  PID:3888
- C:\Windows\System\PlFSKkn.exe
  C:\Windows\System\PlFSKkn.exe
  2⤵
  PID:3908
- C:\Windows\System\fVsEkUe.exe
  C:\Windows\System\fVsEkUe.exe
  2⤵
  PID:3928
- C:\Windows\System\FoAubSv.exe
  C:\Windows\System\FoAubSv.exe
  2⤵
  PID:3956
- C:\Windows\System\nPMIrxU.exe
  C:\Windows\System\nPMIrxU.exe
  2⤵
  PID:3976
- C:\Windows\System\AJrbBTS.exe
  C:\Windows\System\AJrbBTS.exe
  2⤵
  PID:3996
- C:\Windows\System\VRgIyNn.exe
  C:\Windows\System\VRgIyNn.exe
  2⤵
  PID:4016
- C:\Windows\System\foQppJL.exe
  C:\Windows\System\foQppJL.exe
  2⤵
  PID:4036
- C:\Windows\System\UtTiVwt.exe
  C:\Windows\System\UtTiVwt.exe
  2⤵
  PID:4056
- C:\Windows\System\BzvXrsb.exe
  C:\Windows\System\BzvXrsb.exe
  2⤵
  PID:4076
- C:\Windows\System\vNmlejm.exe
  C:\Windows\System\vNmlejm.exe
  2⤵
  PID:580
- C:\Windows\System\QcFaURD.exe
  C:\Windows\System\QcFaURD.exe
  2⤵
  PID:1360
- C:\Windows\System\falKTCI.exe
  C:\Windows\System\falKTCI.exe
  2⤵
  PID:2168
- C:\Windows\System\ArrIJEr.exe
  C:\Windows\System\ArrIJEr.exe
  2⤵
  PID:336
- C:\Windows\System\Acgnhbt.exe
  C:\Windows\System\Acgnhbt.exe
  2⤵
  PID:2752
- C:\Windows\System\lijvJBD.exe
  C:\Windows\System\lijvJBD.exe
  2⤵
  PID:3116
- C:\Windows\System\fDFPOcZ.exe
  C:\Windows\System\fDFPOcZ.exe
  2⤵
  PID:3152
- C:\Windows\System\SMOKEXu.exe
  C:\Windows\System\SMOKEXu.exe
  2⤵
  PID:3196
- C:\Windows\System\yPzpoBG.exe
  C:\Windows\System\yPzpoBG.exe
  2⤵
  PID:3244
- C:\Windows\System\pLSDFoA.exe
  C:\Windows\System\pLSDFoA.exe
  2⤵
  PID:3212
- C:\Windows\System\ldqqnGi.exe
  C:\Windows\System\ldqqnGi.exe
  2⤵
  PID:3276
- C:\Windows\System\jrCTyYd.exe
  C:\Windows\System\jrCTyYd.exe
  2⤵
  PID:3296
- C:\Windows\System\zegRzOy.exe
  C:\Windows\System\zegRzOy.exe
  2⤵
  PID:3356
- C:\Windows\System\dWVazUS.exe
  C:\Windows\System\dWVazUS.exe
  2⤵
  PID:3340
- C:\Windows\System\yFRTYnV.exe
  C:\Windows\System\yFRTYnV.exe
  2⤵
  PID:3384
- C:\Windows\System\XYyhydI.exe
  C:\Windows\System\XYyhydI.exe
  2⤵
  PID:3416
- C:\Windows\System\qSgXRba.exe
  C:\Windows\System\qSgXRba.exe
  2⤵
  PID:3484
- C:\Windows\System\vRbcgLq.exe
  C:\Windows\System\vRbcgLq.exe
  2⤵
  PID:3524
- C:\Windows\System\EVfCfqb.exe
  C:\Windows\System\EVfCfqb.exe
  2⤵
  PID:3564
- C:\Windows\System\capPDgy.exe
  C:\Windows\System\capPDgy.exe
  2⤵
  PID:3544
- C:\Windows\System\zRkblte.exe
  C:\Windows\System\zRkblte.exe
  2⤵
  PID:3632
- C:\Windows\System\ewLLBph.exe
  C:\Windows\System\ewLLBph.exe
  2⤵
  PID:3584
- C:\Windows\System\OfADnyp.exe
  C:\Windows\System\OfADnyp.exe
  2⤵
  PID:3656
- C:\Windows\System\vzccRYM.exe
  C:\Windows\System\vzccRYM.exe
  2⤵
  PID:3716
- C:\Windows\System\xQNvHgZ.exe
  C:\Windows\System\xQNvHgZ.exe
  2⤵
  PID:3764
- C:\Windows\System\yOpsstH.exe
  C:\Windows\System\yOpsstH.exe
  2⤵
  PID:3744
- C:\Windows\System\eeOcqxC.exe
  C:\Windows\System\eeOcqxC.exe
  2⤵
  PID:3780
- C:\Windows\System\ZihSBGE.exe
  C:\Windows\System\ZihSBGE.exe
  2⤵
  PID:3812
- C:\Windows\System\NnQQRTF.exe
  C:\Windows\System\NnQQRTF.exe
  2⤵
  PID:3884
- C:\Windows\System\kzwoZth.exe
  C:\Windows\System\kzwoZth.exe
  2⤵
  PID:3896
- C:\Windows\System\MDPrqnt.exe
  C:\Windows\System\MDPrqnt.exe
  2⤵
  PID:3900
- C:\Windows\System\usvwpfo.exe
  C:\Windows\System\usvwpfo.exe
  2⤵
  PID:3972
- C:\Windows\System\OhYciGX.exe
  C:\Windows\System\OhYciGX.exe
  2⤵
  PID:4012
- C:\Windows\System\iQPfJLJ.exe
  C:\Windows\System\iQPfJLJ.exe
  2⤵
  PID:4052
- C:\Windows\System\ReIohrj.exe
  C:\Windows\System\ReIohrj.exe
  2⤵
  PID:4064
- C:\Windows\System\csdzGpf.exe
  C:\Windows\System\csdzGpf.exe
  2⤵
  PID:4092
- C:\Windows\System\aKZPEKs.exe
  C:\Windows\System\aKZPEKs.exe
  2⤵
  PID:1300
- C:\Windows\System\mqYyjsT.exe
  C:\Windows\System\mqYyjsT.exe
  2⤵
  PID:2620
- C:\Windows\System\fOqPMbM.exe
  C:\Windows\System\fOqPMbM.exe
  2⤵
  PID:3148
- C:\Windows\System\EaIIXLV.exe
  C:\Windows\System\EaIIXLV.exe
  2⤵
  PID:3232
- C:\Windows\System\HgEXTAF.exe
  C:\Windows\System\HgEXTAF.exe
  2⤵
  PID:3280
- C:\Windows\System\JWRZncS.exe
  C:\Windows\System\JWRZncS.exe
  2⤵
  PID:1740
- C:\Windows\System\XgoqwKA.exe
  C:\Windows\System\XgoqwKA.exe
  2⤵
  PID:3260
- C:\Windows\System\YtTizxJ.exe
  C:\Windows\System\YtTizxJ.exe
  2⤵
  PID:3336
- C:\Windows\System\WOXEZXv.exe
  C:\Windows\System\WOXEZXv.exe
  2⤵
  PID:3476
- C:\Windows\System\ZBoJMrx.exe
  C:\Windows\System\ZBoJMrx.exe
  2⤵
  PID:3480
- C:\Windows\System\DHcZXfn.exe
  C:\Windows\System\DHcZXfn.exe
  2⤵
  PID:3556
- C:\Windows\System\YxOuZsN.exe
  C:\Windows\System\YxOuZsN.exe
  2⤵
  PID:3596
- C:\Windows\System\hOvwKch.exe
  C:\Windows\System\hOvwKch.exe
  2⤵
  PID:3684
- C:\Windows\System\zEQAmkO.exe
  C:\Windows\System\zEQAmkO.exe
  2⤵
  PID:3724
- C:\Windows\System\mOJBtxR.exe
  C:\Windows\System\mOJBtxR.exe
  2⤵
  PID:3700
- C:\Windows\System\lyxzxso.exe
  C:\Windows\System\lyxzxso.exe
  2⤵
  PID:3736
- C:\Windows\System\jTOeXIn.exe
  C:\Windows\System\jTOeXIn.exe
  2⤵
  PID:3840
- C:\Windows\System\acdzfBB.exe
  C:\Windows\System\acdzfBB.exe
  2⤵
  PID:3920
- C:\Windows\System\FNPcAMA.exe
  C:\Windows\System\FNPcAMA.exe
  2⤵
  PID:3964
- C:\Windows\System\moECGHk.exe
  C:\Windows\System\moECGHk.exe
  2⤵
  PID:4032
- C:\Windows\System\jgNKArq.exe
  C:\Windows\System\jgNKArq.exe
  2⤵
  PID:884
- C:\Windows\System\pyLnbGb.exe
  C:\Windows\System\pyLnbGb.exe
  2⤵
  PID:4068
- C:\Windows\System\zcHyUgz.exe
  C:\Windows\System\zcHyUgz.exe
  2⤵
  PID:2260
- C:\Windows\System\OBQHcUJ.exe
  C:\Windows\System\OBQHcUJ.exe
  2⤵
  PID:3096
- C:\Windows\System\MXDGpIG.exe
  C:\Windows\System\MXDGpIG.exe
  2⤵
  PID:3176
- C:\Windows\System\CeNFhJy.exe
  C:\Windows\System\CeNFhJy.exe
  2⤵
  PID:3360
- C:\Windows\System\iARvDnx.exe
  C:\Windows\System\iARvDnx.exe
  2⤵
  PID:748
- C:\Windows\System\BhmnRSA.exe
  C:\Windows\System\BhmnRSA.exe
  2⤵
  PID:3520
- C:\Windows\System\eTqlyJE.exe
  C:\Windows\System\eTqlyJE.exe
  2⤵
  PID:1516
- C:\Windows\System\CjEmgnA.exe
  C:\Windows\System\CjEmgnA.exe
  2⤵
  PID:3028
- C:\Windows\System\lYgssfn.exe
  C:\Windows\System\lYgssfn.exe
  2⤵
  PID:3044
- C:\Windows\System\taDbEAN.exe
  C:\Windows\System\taDbEAN.exe
  2⤵
  PID:3680
- C:\Windows\System\IoviCRH.exe
  C:\Windows\System\IoviCRH.exe
  2⤵
  PID:3796
- C:\Windows\System\qOIZuQk.exe
  C:\Windows\System\qOIZuQk.exe
  2⤵
  PID:3860
- C:\Windows\System\ELtsUkO.exe
  C:\Windows\System\ELtsUkO.exe
  2⤵
  PID:3064
- C:\Windows\System\bykMVWJ.exe
  C:\Windows\System\bykMVWJ.exe
  2⤵
  PID:3940
- C:\Windows\System\WsIwzXF.exe
  C:\Windows\System\WsIwzXF.exe
  2⤵
  PID:3236
- C:\Windows\System\ksxqzka.exe
  C:\Windows\System\ksxqzka.exe
  2⤵
  PID:3112
- C:\Windows\System\LorWUgC.exe
  C:\Windows\System\LorWUgC.exe
  2⤵
  PID:3192
- C:\Windows\System\sASUybX.exe
  C:\Windows\System\sASUybX.exe
  2⤵
  PID:3052
- C:\Windows\System\uETegaD.exe
  C:\Windows\System\uETegaD.exe
  2⤵
  PID:2476
- C:\Windows\System\isWNwti.exe
  C:\Windows\System\isWNwti.exe
  2⤵
  PID:3620
- C:\Windows\System\trgZhhg.exe
  C:\Windows\System\trgZhhg.exe
  2⤵
  PID:2856
- C:\Windows\System\NXoadRR.exe
  C:\Windows\System\NXoadRR.exe
  2⤵
  PID:4008
- C:\Windows\System\zrOqtZY.exe
  C:\Windows\System\zrOqtZY.exe
  2⤵
  PID:3160
- C:\Windows\System\tnWDrau.exe
  C:\Windows\System\tnWDrau.exe
  2⤵
  PID:3316
- C:\Windows\System\wkzPTge.exe
  C:\Windows\System\wkzPTge.exe
  2⤵
  PID:1808
- C:\Windows\System\gVrmfJG.exe
  C:\Windows\System\gVrmfJG.exe
  2⤵
  PID:2332
- C:\Windows\System\BakyOBA.exe
  C:\Windows\System\BakyOBA.exe
  2⤵
  PID:4108
- C:\Windows\System\HXECYLt.exe
  C:\Windows\System\HXECYLt.exe
  2⤵
  PID:4128
- C:\Windows\System\PQFtnsl.exe
  C:\Windows\System\PQFtnsl.exe
  2⤵
  PID:4152
- C:\Windows\System\BlcLNAH.exe
  C:\Windows\System\BlcLNAH.exe
  2⤵
  PID:4168
- C:\Windows\System\IJMJjTh.exe
  C:\Windows\System\IJMJjTh.exe
  2⤵
  PID:4192
- C:\Windows\System\yMErWKR.exe
  C:\Windows\System\yMErWKR.exe
  2⤵
  PID:4212
- C:\Windows\System\UUnbbeN.exe
  C:\Windows\System\UUnbbeN.exe
  2⤵
  PID:4232
- C:\Windows\System\oKPNhBK.exe
  C:\Windows\System\oKPNhBK.exe
  2⤵
  PID:4252
- C:\Windows\System\eStyGBE.exe
  C:\Windows\System\eStyGBE.exe
  2⤵
  PID:4272
- C:\Windows\System\ZkBJxhU.exe
  C:\Windows\System\ZkBJxhU.exe
  2⤵
  PID:4292
- C:\Windows\System\SFExtOR.exe
  C:\Windows\System\SFExtOR.exe
  2⤵
  PID:4312
- C:\Windows\System\IUhtbgV.exe
  C:\Windows\System\IUhtbgV.exe
  2⤵
  PID:4332
- C:\Windows\System\OTNDpyo.exe
  C:\Windows\System\OTNDpyo.exe
  2⤵
  PID:4352
- C:\Windows\System\ypJzEEd.exe
  C:\Windows\System\ypJzEEd.exe
  2⤵
  PID:4376
- C:\Windows\System\wMPgPJD.exe
  C:\Windows\System\wMPgPJD.exe
  2⤵
  PID:4396
- C:\Windows\System\opMDpZK.exe
  C:\Windows\System\opMDpZK.exe
  2⤵
  PID:4416
- C:\Windows\System\jrZsvdc.exe
  C:\Windows\System\jrZsvdc.exe
  2⤵
  PID:4436
- C:\Windows\System\ZHTYKWL.exe
  C:\Windows\System\ZHTYKWL.exe
  2⤵
  PID:4456
- C:\Windows\System\JHtrQZQ.exe
  C:\Windows\System\JHtrQZQ.exe
  2⤵
  PID:4476
- C:\Windows\System\BoDZZfC.exe
  C:\Windows\System\BoDZZfC.exe
  2⤵
  PID:4496
- C:\Windows\System\PAxnupx.exe
  C:\Windows\System\PAxnupx.exe
  2⤵
  PID:4516
- C:\Windows\System\kWICKtC.exe
  C:\Windows\System\kWICKtC.exe
  2⤵
  PID:4536
- C:\Windows\System\sgomEPH.exe
  C:\Windows\System\sgomEPH.exe
  2⤵
  PID:4556
- C:\Windows\System\bLUSSqh.exe
  C:\Windows\System\bLUSSqh.exe
  2⤵
  PID:4576
- C:\Windows\System\TWxhVOE.exe
  C:\Windows\System\TWxhVOE.exe
  2⤵
  PID:4596
- C:\Windows\System\GaYKOkt.exe
  C:\Windows\System\GaYKOkt.exe
  2⤵
  PID:4616
- C:\Windows\System\dAzxFtO.exe
  C:\Windows\System\dAzxFtO.exe
  2⤵
  PID:4636
- C:\Windows\System\MPCLnkO.exe
  C:\Windows\System\MPCLnkO.exe
  2⤵
  PID:4656
- C:\Windows\System\TsqKooG.exe
  C:\Windows\System\TsqKooG.exe
  2⤵
  PID:4676
- C:\Windows\System\wUqbbJF.exe
  C:\Windows\System\wUqbbJF.exe
  2⤵
  PID:4696
- C:\Windows\System\OBSlDIV.exe
  C:\Windows\System\OBSlDIV.exe
  2⤵
  PID:4716
- C:\Windows\System\UIbbZxQ.exe
  C:\Windows\System\UIbbZxQ.exe
  2⤵
  PID:4736
- C:\Windows\System\FkTXFAq.exe
  C:\Windows\System\FkTXFAq.exe
  2⤵
  PID:4756
- C:\Windows\System\gvUdcUD.exe
  C:\Windows\System\gvUdcUD.exe
  2⤵
  PID:4776
- C:\Windows\System\PUJpXoq.exe
  C:\Windows\System\PUJpXoq.exe
  2⤵
  PID:4800
- C:\Windows\System\waoTDAZ.exe
  C:\Windows\System\waoTDAZ.exe
  2⤵
  PID:4820
- C:\Windows\System\pIUiEZP.exe
  C:\Windows\System\pIUiEZP.exe
  2⤵
  PID:4840
- C:\Windows\System\NfDkhlI.exe
  C:\Windows\System\NfDkhlI.exe
  2⤵
  PID:4856
- C:\Windows\System\cMfxvcp.exe
  C:\Windows\System\cMfxvcp.exe
  2⤵
  PID:4880
- C:\Windows\System\yWzOiBS.exe
  C:\Windows\System\yWzOiBS.exe
  2⤵
  PID:4900
- C:\Windows\System\vZnFxpM.exe
  C:\Windows\System\vZnFxpM.exe
  2⤵
  PID:4920
- C:\Windows\System\vhzDOBa.exe
  C:\Windows\System\vhzDOBa.exe
  2⤵
  PID:4936
- C:\Windows\System\DuqayuZ.exe
  C:\Windows\System\DuqayuZ.exe
  2⤵
  PID:4956
- C:\Windows\System\dOXkqiY.exe
  C:\Windows\System\dOXkqiY.exe
  2⤵
  PID:4976
- C:\Windows\System\vmszaTr.exe
  C:\Windows\System\vmszaTr.exe
  2⤵
  PID:4996
- C:\Windows\System\xdQjyHQ.exe
  C:\Windows\System\xdQjyHQ.exe
  2⤵
  PID:5020
- C:\Windows\System\pOcGHxd.exe
  C:\Windows\System\pOcGHxd.exe
  2⤵
  PID:5040
- C:\Windows\System\MCWooIB.exe
  C:\Windows\System\MCWooIB.exe
  2⤵
  PID:5060
- C:\Windows\System\RpzhiZc.exe
  C:\Windows\System\RpzhiZc.exe
  2⤵
  PID:5080
- C:\Windows\System\CJImPkz.exe
  C:\Windows\System\CJImPkz.exe
  2⤵
  PID:5100
- C:\Windows\System\bhNPzEU.exe
  C:\Windows\System\bhNPzEU.exe
  2⤵
  PID:3156
- C:\Windows\System\lzIvUqY.exe
  C:\Windows\System\lzIvUqY.exe
  2⤵
  PID:1828
- C:\Windows\System\xvwmekl.exe
  C:\Windows\System\xvwmekl.exe
  2⤵
  PID:3856
- C:\Windows\System\oAsWbKw.exe
  C:\Windows\System\oAsWbKw.exe
  2⤵
  PID:1164
- C:\Windows\System\uSNmoHl.exe
  C:\Windows\System\uSNmoHl.exe
  2⤵
  PID:3496
- C:\Windows\System\AHmMPSa.exe
  C:\Windows\System\AHmMPSa.exe
  2⤵
  PID:4120
- C:\Windows\System\tloUPrM.exe
  C:\Windows\System\tloUPrM.exe
  2⤵
  PID:4180
- C:\Windows\System\hMaHCGP.exe
  C:\Windows\System\hMaHCGP.exe
  2⤵
  PID:4164
- C:\Windows\System\SHKePvv.exe
  C:\Windows\System\SHKePvv.exe
  2⤵
  PID:4204
- C:\Windows\System\bHihKzK.exe
  C:\Windows\System\bHihKzK.exe
  2⤵
  PID:4240
- C:\Windows\System\taSfRXo.exe
  C:\Windows\System\taSfRXo.exe
  2⤵
  PID:4288
- C:\Windows\System\TqXjbGo.exe
  C:\Windows\System\TqXjbGo.exe
  2⤵
  PID:4344
- C:\Windows\System\sGxBtUz.exe
  C:\Windows\System\sGxBtUz.exe
  2⤵
  PID:4384
- C:\Windows\System\OqhfLqq.exe
  C:\Windows\System\OqhfLqq.exe
  2⤵
  PID:4404
- C:\Windows\System\TfVNdSd.exe
  C:\Windows\System\TfVNdSd.exe
  2⤵
  PID:4408
- C:\Windows\System\SHcjjAd.exe
  C:\Windows\System\SHcjjAd.exe
  2⤵
  PID:4448
- C:\Windows\System\xbMJLVh.exe
  C:\Windows\System\xbMJLVh.exe
  2⤵
  PID:4512
- C:\Windows\System\LnxGEhq.exe
  C:\Windows\System\LnxGEhq.exe
  2⤵
  PID:4544
- C:\Windows\System\BknPneb.exe
  C:\Windows\System\BknPneb.exe
  2⤵
  PID:4572
- C:\Windows\System\GlMrdmb.exe
  C:\Windows\System\GlMrdmb.exe
  2⤵
  PID:4604
- C:\Windows\System\vuZqBar.exe
  C:\Windows\System\vuZqBar.exe
  2⤵
  PID:4608
- C:\Windows\System\RlgwaIl.exe
  C:\Windows\System\RlgwaIl.exe
  2⤵
  PID:4652
- C:\Windows\System\bGgpaEG.exe
  C:\Windows\System\bGgpaEG.exe
  2⤵
  PID:4692
- C:\Windows\System\hqagqJY.exe
  C:\Windows\System\hqagqJY.exe
  2⤵
  PID:4752
- C:\Windows\System\VBJCjBx.exe
  C:\Windows\System\VBJCjBx.exe
  2⤵
  PID:4784
- C:\Windows\System\ObgCzPU.exe
  C:\Windows\System\ObgCzPU.exe
  2⤵
  PID:4788
- C:\Windows\System\wcxhTiK.exe
  C:\Windows\System\wcxhTiK.exe
  2⤵
  PID:2956
- C:\Windows\System\CVEUpCQ.exe
  C:\Windows\System\CVEUpCQ.exe
  2⤵
  PID:4876
- C:\Windows\System\fhMsTAj.exe
  C:\Windows\System\fhMsTAj.exe
  2⤵
  PID:1724
- C:\Windows\System\DozaYlC.exe
  C:\Windows\System\DozaYlC.exe
  2⤵
  PID:4888
- C:\Windows\System\rzlRERj.exe
  C:\Windows\System\rzlRERj.exe
  2⤵
  PID:4952
- C:\Windows\System\GHUwZOM.exe
  C:\Windows\System\GHUwZOM.exe
  2⤵
  PID:4928
- C:\Windows\System\hpSKkqg.exe
  C:\Windows\System\hpSKkqg.exe
  2⤵
  PID:4964
- C:\Windows\System\vNnWNES.exe
  C:\Windows\System\vNnWNES.exe
  2⤵
  PID:5012
- C:\Windows\System\glJatzS.exe
  C:\Windows\System\glJatzS.exe
  2⤵
  PID:5056
- C:\Windows\System\nuogXgB.exe
  C:\Windows\System\nuogXgB.exe
  2⤵
  PID:596
- C:\Windows\System\pcMKTBa.exe
  C:\Windows\System\pcMKTBa.exe
  2⤵
  PID:5088
- C:\Windows\System\cXFxVPX.exe
  C:\Windows\System\cXFxVPX.exe
  2⤵
  PID:5112
- C:\Windows\System\gJcvjSo.exe
  C:\Windows\System\gJcvjSo.exe
  2⤵
  PID:3664
- C:\Windows\System\QoDJHNP.exe
  C:\Windows\System\QoDJHNP.exe
  2⤵
  PID:3636
- C:\Windows\System\VnAnjiz.exe
  C:\Windows\System\VnAnjiz.exe
  2⤵
  PID:4796
- C:\Windows\System\YLLOgVm.exe
  C:\Windows\System\YLLOgVm.exe
  2⤵
  PID:4140
- C:\Windows\System\GgUzrzk.exe
  C:\Windows\System\GgUzrzk.exe
  2⤵
  PID:4224
- C:\Windows\System\McVHmoj.exe
  C:\Windows\System\McVHmoj.exe
  2⤵
  PID:4280
- C:\Windows\System\ibkZmwV.exe
  C:\Windows\System\ibkZmwV.exe
  2⤵
  PID:4328
- C:\Windows\System\BcspZiJ.exe
  C:\Windows\System\BcspZiJ.exe
  2⤵
  PID:1048
- C:\Windows\System\vZZAKWN.exe
  C:\Windows\System\vZZAKWN.exe
  2⤵
  PID:4348
- C:\Windows\System\BktSJHO.exe
  C:\Windows\System\BktSJHO.exe
  2⤵
  PID:4364
- C:\Windows\System\STeUtnd.exe
  C:\Windows\System\STeUtnd.exe
  2⤵
  PID:4504
- C:\Windows\System\LwqojHJ.exe
  C:\Windows\System\LwqojHJ.exe
  2⤵
  PID:4548
- C:\Windows\System\NubNMUd.exe
  C:\Windows\System\NubNMUd.exe
  2⤵
  PID:4524
- C:\Windows\System\BUkryFr.exe
  C:\Windows\System\BUkryFr.exe
  2⤵
  PID:4632
- C:\Windows\System\VkYhkzL.exe
  C:\Windows\System\VkYhkzL.exe
  2⤵
  PID:2000
- C:\Windows\System\ldWLVOI.exe
  C:\Windows\System\ldWLVOI.exe
  2⤵
  PID:4684
- C:\Windows\System\iWsUgXV.exe
  C:\Windows\System\iWsUgXV.exe
  2⤵
  PID:4672
- C:\Windows\System\JyPAuYD.exe
  C:\Windows\System\JyPAuYD.exe
  2⤵
  PID:1656
- C:\Windows\System\NQWEdkC.exe
  C:\Windows\System\NQWEdkC.exe
  2⤵
  PID:4808
- C:\Windows\System\FaoyxbD.exe
  C:\Windows\System\FaoyxbD.exe
  2⤵
  PID:2068
- C:\Windows\System\anKFPok.exe
  C:\Windows\System\anKFPok.exe
  2⤵
  PID:1312
- C:\Windows\System\nsiweJr.exe
  C:\Windows\System\nsiweJr.exe
  2⤵
  PID:4864
- C:\Windows\System\ArewgtC.exe
  C:\Windows\System\ArewgtC.exe
  2⤵
  PID:2912
- C:\Windows\System\dYzQHEd.exe
  C:\Windows\System\dYzQHEd.exe
  2⤵
  PID:4852
- C:\Windows\System\CBYwAGY.exe
  C:\Windows\System\CBYwAGY.exe
  2⤵
  PID:444
- C:\Windows\System\UVgdAOe.exe
  C:\Windows\System\UVgdAOe.exe
  2⤵
  PID:2452
- C:\Windows\System\ogclRnM.exe
  C:\Windows\System\ogclRnM.exe
  2⤵
  PID:3844
- C:\Windows\System\Ssxiaca.exe
  C:\Windows\System\Ssxiaca.exe
  2⤵
  PID:4892
- C:\Windows\System\dDryldb.exe
  C:\Windows\System\dDryldb.exe
  2⤵
  PID:4984
- C:\Windows\System\vkEalqt.exe
  C:\Windows\System\vkEalqt.exe
  2⤵
  PID:5068
- C:\Windows\System\hAJDScr.exe
  C:\Windows\System\hAJDScr.exe
  2⤵
  PID:5092
- C:\Windows\System\WLMycBG.exe
  C:\Windows\System\WLMycBG.exe
  2⤵
  PID:5108
- C:\Windows\System\QeRWEOs.exe
  C:\Windows\System\QeRWEOs.exe
  2⤵
  PID:3916
- C:\Windows\System\GCBYzOp.exe
  C:\Windows\System\GCBYzOp.exe
  2⤵
  PID:4100
- C:\Windows\System\BEiBgAk.exe
  C:\Windows\System\BEiBgAk.exe
  2⤵
  PID:4428
- C:\Windows\System\SxCzBbu.exe
  C:\Windows\System\SxCzBbu.exe
  2⤵
  PID:4244
- C:\Windows\System\yaJvJoJ.exe
  C:\Windows\System\yaJvJoJ.exe
  2⤵
  PID:4116
- C:\Windows\System\eUJHFEG.exe
  C:\Windows\System\eUJHFEG.exe
  2⤵
  PID:4268
- C:\Windows\System\EkXoCJA.exe
  C:\Windows\System\EkXoCJA.exe
  2⤵
  PID:4452
- C:\Windows\System\NsiuTXY.exe
  C:\Windows\System\NsiuTXY.exe
  2⤵
  PID:912
- C:\Windows\System\FUbcOtV.exe
  C:\Windows\System\FUbcOtV.exe
  2⤵
  PID:4664
- C:\Windows\System\QkLbuoH.exe
  C:\Windows\System\QkLbuoH.exe
  2⤵
  PID:1296
- C:\Windows\System\KgnrEmn.exe
  C:\Windows\System\KgnrEmn.exe
  2⤵
  PID:5032
- C:\Windows\System\ChzhdZf.exe
  C:\Windows\System\ChzhdZf.exe
  2⤵
  PID:4988
- C:\Windows\System\QRaHDrJ.exe
  C:\Windows\System\QRaHDrJ.exe
  2⤵
  PID:5028
- C:\Windows\System\SZqMHno.exe
  C:\Windows\System\SZqMHno.exe
  2⤵
  PID:5036
- C:\Windows\System\mEZmZLw.exe
  C:\Windows\System\mEZmZLw.exe
  2⤵
  PID:1624
- C:\Windows\System\godgzmO.exe
  C:\Windows\System\godgzmO.exe
  2⤵
  PID:4388
- C:\Windows\System\gxrxANm.exe
  C:\Windows\System\gxrxANm.exe
  2⤵
  PID:4668
- C:\Windows\System\PmBLrwO.exe
  C:\Windows\System\PmBLrwO.exe
  2⤵
  PID:4744
- C:\Windows\System\rvtZSHn.exe
  C:\Windows\System\rvtZSHn.exe
  2⤵
  PID:2848
- C:\Windows\System\sZoYcDH.exe
  C:\Windows\System\sZoYcDH.exe
  2⤵
  PID:2240
- C:\Windows\System\EZoqVNl.exe
  C:\Windows\System\EZoqVNl.exe
  2⤵
  PID:4908
- C:\Windows\System\zhsGAvz.exe
  C:\Windows\System\zhsGAvz.exe
  2⤵
  PID:5004
- C:\Windows\System\GSyldEi.exe
  C:\Windows\System\GSyldEi.exe
  2⤵
  PID:3172
- C:\Windows\System\vlAvfti.exe
  C:\Windows\System\vlAvfti.exe
  2⤵
  PID:4492
- C:\Windows\System\MyfvGIh.exe
  C:\Windows\System\MyfvGIh.exe
  2⤵
  PID:4176
- C:\Windows\System\UQVngri.exe
  C:\Windows\System\UQVngri.exe
  2⤵
  PID:1800
- C:\Windows\System\LRSfdzi.exe
  C:\Windows\System\LRSfdzi.exe
  2⤵
  PID:4628
- C:\Windows\System\MlEbrSi.exe
  C:\Windows\System\MlEbrSi.exe
  2⤵
  PID:4872
- C:\Windows\System\YpwwYzc.exe
  C:\Windows\System\YpwwYzc.exe
  2⤵
  PID:1452
- C:\Windows\System\HVJPeYE.exe
  C:\Windows\System\HVJPeYE.exe
  2⤵
  PID:1660
- C:\Windows\System\agWDMIY.exe
  C:\Windows\System\agWDMIY.exe
  2⤵
  PID:1572
- C:\Windows\System\qcxuYLG.exe
  C:\Windows\System\qcxuYLG.exe
  2⤵
  PID:3032
- C:\Windows\System\VEQuEUY.exe
  C:\Windows\System\VEQuEUY.exe
  2⤵
  PID:3948
- C:\Windows\System\IVSjJxa.exe
  C:\Windows\System\IVSjJxa.exe
  2⤵
  PID:1632
- C:\Windows\System\jjNUYXk.exe
  C:\Windows\System\jjNUYXk.exe
  2⤵
  PID:4732
- C:\Windows\System\sABJebC.exe
  C:\Windows\System\sABJebC.exe
  2⤵
  PID:4708
- C:\Windows\System\cdhSBqv.exe
  C:\Windows\System\cdhSBqv.exe
  2⤵
  PID:5136
- C:\Windows\System\BQNQIVc.exe
  C:\Windows\System\BQNQIVc.exe
  2⤵
  PID:5152
- C:\Windows\System\zlnaoKT.exe
  C:\Windows\System\zlnaoKT.exe
  2⤵
  PID:5172
- C:\Windows\System\rRsCxvX.exe
  C:\Windows\System\rRsCxvX.exe
  2⤵
  PID:5188
- C:\Windows\System\tJTaAKv.exe
  C:\Windows\System\tJTaAKv.exe
  2⤵
  PID:5208
- C:\Windows\System\zumeuxX.exe
  C:\Windows\System\zumeuxX.exe
  2⤵
  PID:5236
- C:\Windows\System\IxGKMix.exe
  C:\Windows\System\IxGKMix.exe
  2⤵
  PID:5252
- C:\Windows\System\RGgKJTI.exe
  C:\Windows\System\RGgKJTI.exe
  2⤵
  PID:5268
- C:\Windows\System\viYyApM.exe
  C:\Windows\System\viYyApM.exe
  2⤵
  PID:5312
- C:\Windows\System\mIuqMnp.exe
  C:\Windows\System\mIuqMnp.exe
  2⤵
  PID:5332
- C:\Windows\System\qvOBgTD.exe
  C:\Windows\System\qvOBgTD.exe
  2⤵
  PID:5352
- C:\Windows\System\FuMXoOj.exe
  C:\Windows\System\FuMXoOj.exe
  2⤵
  PID:5368
- C:\Windows\System\yrKQtDF.exe
  C:\Windows\System\yrKQtDF.exe
  2⤵
  PID:5388
- C:\Windows\System\KZuoDQh.exe
  C:\Windows\System\KZuoDQh.exe
  2⤵
  PID:5412
- C:\Windows\System\qxtFHaN.exe
  C:\Windows\System\qxtFHaN.exe
  2⤵
  PID:5432
- C:\Windows\System\CviERqN.exe
  C:\Windows\System\CviERqN.exe
  2⤵
  PID:5452
- C:\Windows\System\DyfNDxh.exe
  C:\Windows\System\DyfNDxh.exe
  2⤵
  PID:5468
- C:\Windows\System\uFFCskJ.exe
  C:\Windows\System\uFFCskJ.exe
  2⤵
  PID:5484
- C:\Windows\System\bDErnSG.exe
  C:\Windows\System\bDErnSG.exe
  2⤵
  PID:5504
- C:\Windows\System\gXQbGIi.exe
  C:\Windows\System\gXQbGIi.exe
  2⤵
  PID:5520
- C:\Windows\System\LQaZvxg.exe
  C:\Windows\System\LQaZvxg.exe
  2⤵
  PID:5540
- C:\Windows\System\krqLFtm.exe
  C:\Windows\System\krqLFtm.exe
  2⤵
  PID:5572
- C:\Windows\System\jlGKMdw.exe
  C:\Windows\System\jlGKMdw.exe
  2⤵
  PID:5588
- C:\Windows\System\ctiWxDD.exe
  C:\Windows\System\ctiWxDD.exe
  2⤵
  PID:5608
- C:\Windows\System\MVqRkyd.exe
  C:\Windows\System\MVqRkyd.exe
  2⤵
  PID:5628
- C:\Windows\System\yXmfxbO.exe
  C:\Windows\System\yXmfxbO.exe
  2⤵
  PID:5644
- C:\Windows\System\YNNweiI.exe
  C:\Windows\System\YNNweiI.exe
  2⤵
  PID:5660
- C:\Windows\System\yFefpnP.exe
  C:\Windows\System\yFefpnP.exe
  2⤵
  PID:5676
- C:\Windows\System\vzfdXaX.exe
  C:\Windows\System\vzfdXaX.exe
  2⤵
  PID:5696
- C:\Windows\System\KBfbJOU.exe
  C:\Windows\System\KBfbJOU.exe
  2⤵
  PID:5716
- C:\Windows\System\ejbUKte.exe
  C:\Windows\System\ejbUKte.exe
  2⤵
  PID:5732
- C:\Windows\System\APOnitt.exe
  C:\Windows\System\APOnitt.exe
  2⤵
  PID:5752
- C:\Windows\System\JAASKhH.exe
  C:\Windows\System\JAASKhH.exe
  2⤵
  PID:5772
- C:\Windows\System\RtTQSMD.exe
  C:\Windows\System\RtTQSMD.exe
  2⤵
  PID:5788
- C:\Windows\System\dGHHQwk.exe
  C:\Windows\System\dGHHQwk.exe
  2⤵
  PID:5812
- C:\Windows\System\LcxxEXa.exe
  C:\Windows\System\LcxxEXa.exe
  2⤵
  PID:5832
- C:\Windows\System\DRqRSpd.exe
  C:\Windows\System\DRqRSpd.exe
  2⤵
  PID:5880
- C:\Windows\System\DfeOZhm.exe
  C:\Windows\System\DfeOZhm.exe
  2⤵
  PID:5896
- C:\Windows\System\FWkVlrB.exe
  C:\Windows\System\FWkVlrB.exe
  2⤵
  PID:5912
- C:\Windows\System\gzKybhg.exe
  C:\Windows\System\gzKybhg.exe
  2⤵
  PID:5928
- C:\Windows\System\GgDiXhh.exe
  C:\Windows\System\GgDiXhh.exe
  2⤵
  PID:5944
- C:\Windows\System\PRhJKlg.exe
  C:\Windows\System\PRhJKlg.exe
  2⤵
  PID:5964
- C:\Windows\System\txmzAuY.exe
  C:\Windows\System\txmzAuY.exe
  2⤵
  PID:5984
- C:\Windows\System\GmUMdAs.exe
  C:\Windows\System\GmUMdAs.exe
  2⤵
  PID:6008
- C:\Windows\System\ijEtEQK.exe
  C:\Windows\System\ijEtEQK.exe
  2⤵
  PID:6024
- C:\Windows\System\DvUzYnt.exe
  C:\Windows\System\DvUzYnt.exe
  2⤵
  PID:6040
- C:\Windows\System\nukztNO.exe
  C:\Windows\System\nukztNO.exe
  2⤵
  PID:6060
- C:\Windows\System\vXdicRl.exe
  C:\Windows\System\vXdicRl.exe
  2⤵
  PID:6088
- C:\Windows\System\vNTJIcp.exe
  C:\Windows\System\vNTJIcp.exe
  2⤵
  PID:6104
- C:\Windows\System\cMFwpVw.exe
  C:\Windows\System\cMFwpVw.exe
  2⤵
  PID:6132
- C:\Windows\System\SbNjNeT.exe
  C:\Windows\System\SbNjNeT.exe
  2⤵
  PID:4300
- C:\Windows\System\BrRjHoc.exe
  C:\Windows\System\BrRjHoc.exe
  2⤵
  PID:5164
- C:\Windows\System\tSZlrPy.exe
  C:\Windows\System\tSZlrPy.exe
  2⤵
  PID:5204
- C:\Windows\System\dyZcjjN.exe
  C:\Windows\System\dyZcjjN.exe
  2⤵
  PID:5284
- C:\Windows\System\IXKHyLt.exe
  C:\Windows\System\IXKHyLt.exe
  2⤵
  PID:4992
- C:\Windows\System\yazyXrk.exe
  C:\Windows\System\yazyXrk.exe
  2⤵
  PID:5264
- C:\Windows\System\aZORIUz.exe
  C:\Windows\System\aZORIUz.exe
  2⤵
  PID:5220
- C:\Windows\System\KoLDXGy.exe
  C:\Windows\System\KoLDXGy.exe
  2⤵
  PID:5260
- C:\Windows\System\DbJFLht.exe
  C:\Windows\System\DbJFLht.exe
  2⤵
  PID:5328
- C:\Windows\System\LbQbETO.exe
  C:\Windows\System\LbQbETO.exe
  2⤵
  PID:5380
- C:\Windows\System\SuxVqfX.exe
  C:\Windows\System\SuxVqfX.exe
  2⤵
  PID:5408
- C:\Windows\System\fzvYPRK.exe
  C:\Windows\System\fzvYPRK.exe
  2⤵
  PID:5460
- C:\Windows\System\EQkgOEy.exe
  C:\Windows\System\EQkgOEy.exe
  2⤵
  PID:5500
- C:\Windows\System\tgdVOAU.exe
  C:\Windows\System\tgdVOAU.exe
  2⤵
  PID:5448
- C:\Windows\System\MYtAwZM.exe
  C:\Windows\System\MYtAwZM.exe
  2⤵
  PID:5620
- C:\Windows\System\dvfxUkN.exe
  C:\Windows\System\dvfxUkN.exe
  2⤵
  PID:5656
- C:\Windows\System\TiDsDmB.exe
  C:\Windows\System\TiDsDmB.exe
  2⤵
  PID:5760
- C:\Windows\System\kncuKLi.exe
  C:\Windows\System\kncuKLi.exe
  2⤵
  PID:5552
- C:\Windows\System\vynREzn.exe
  C:\Windows\System\vynREzn.exe
  2⤵
  PID:5796
- C:\Windows\System\kmmojXk.exe
  C:\Windows\System\kmmojXk.exe
  2⤵
  PID:5640
- C:\Windows\System\QAFXKIj.exe
  C:\Windows\System\QAFXKIj.exe
  2⤵
  PID:5840
- C:\Windows\System\AjMkJpL.exe
  C:\Windows\System\AjMkJpL.exe
  2⤵
  PID:5860
- C:\Windows\System\oDBCMrA.exe
  C:\Windows\System\oDBCMrA.exe
  2⤵
  PID:5596
- C:\Windows\System\aYmNJif.exe
  C:\Windows\System\aYmNJif.exe
  2⤵
  PID:5740
- C:\Windows\System\jepCuov.exe
  C:\Windows\System\jepCuov.exe
  2⤵
  PID:5872
- C:\Windows\System\HAFCgib.exe
  C:\Windows\System\HAFCgib.exe
  2⤵
  PID:5904
- C:\Windows\System\lHZYUNZ.exe
  C:\Windows\System\lHZYUNZ.exe
  2⤵
  PID:5980
- C:\Windows\System\ltEioGE.exe
  C:\Windows\System\ltEioGE.exe
  2⤵
  PID:5924
- C:\Windows\System\BXUAqkc.exe
  C:\Windows\System\BXUAqkc.exe
  2⤵
  PID:6000
- C:\Windows\System\qrWTsfL.exe
  C:\Windows\System\qrWTsfL.exe
  2⤵
  PID:6056
- C:\Windows\System\vaDnIZE.exe
  C:\Windows\System\vaDnIZE.exe
  2⤵
  PID:6068
- C:\Windows\System\tyEYclG.exe
  C:\Windows\System\tyEYclG.exe
  2⤵
  PID:6084
- C:\Windows\System\KognUBC.exe
  C:\Windows\System\KognUBC.exe
  2⤵
  PID:4704
- C:\Windows\System\CwkcKbZ.exe
  C:\Windows\System\CwkcKbZ.exe
  2⤵
  PID:616
- C:\Windows\System\UDFFheS.exe
  C:\Windows\System\UDFFheS.exe
  2⤵
  PID:5292
- C:\Windows\System\WKYIqPg.exe
  C:\Windows\System\WKYIqPg.exe
  2⤵
  PID:5148
- C:\Windows\System\JTDpnAS.exe
  C:\Windows\System\JTDpnAS.exe
  2⤵
  PID:4160
- C:\Windows\System\OBZfmMX.exe
  C:\Windows\System\OBZfmMX.exe
  2⤵
  PID:5340
- C:\Windows\System\tZLLrWV.exe
  C:\Windows\System\tZLLrWV.exe
  2⤵
  PID:5360
- C:\Windows\System\iOAtzmZ.exe
  C:\Windows\System\iOAtzmZ.exe
  2⤵
  PID:5400
- C:\Windows\System\DSaScux.exe
  C:\Windows\System\DSaScux.exe
  2⤵
  PID:5496
- C:\Windows\System\QFiGzMq.exe
  C:\Windows\System\QFiGzMq.exe
  2⤵
  PID:5616
- C:\Windows\System\eHbxJRy.exe
  C:\Windows\System\eHbxJRy.exe
  2⤵
  PID:5684
- C:\Windows\System\LSMBnqV.exe
  C:\Windows\System\LSMBnqV.exe
  2⤵
  PID:5568
- C:\Windows\System\ljGAQZd.exe
  C:\Windows\System\ljGAQZd.exe
  2⤵
  PID:5820
- C:\Windows\System\fVQzOoz.exe
  C:\Windows\System\fVQzOoz.exe
  2⤵
  PID:5784
- C:\Windows\System\agqfHSG.exe
  C:\Windows\System\agqfHSG.exe
  2⤵
  PID:5956
- C:\Windows\System\TCryNFy.exe
  C:\Windows\System\TCryNFy.exe
  2⤵
  PID:5992
- C:\Windows\System\NTwbdEw.exe
  C:\Windows\System\NTwbdEw.exe
  2⤵
  PID:6016
- C:\Windows\System\faIygLu.exe
  C:\Windows\System\faIygLu.exe
  2⤵
  PID:5852
- C:\Windows\System\JpjCfDr.exe
  C:\Windows\System\JpjCfDr.exe
  2⤵
  PID:6100
- C:\Windows\System\BcHzgcK.exe
  C:\Windows\System\BcHzgcK.exe
  2⤵
  PID:6076
- C:\Windows\System\RKREhvd.exe
  C:\Windows\System\RKREhvd.exe
  2⤵
  PID:5196
- C:\Windows\System\TUiSEAo.exe
  C:\Windows\System\TUiSEAo.exe
  2⤵
  PID:5300
- C:\Windows\System\Rwbzguq.exe
  C:\Windows\System\Rwbzguq.exe
  2⤵
  PID:5444
- C:\Windows\System\ftBnkRv.exe
  C:\Windows\System\ftBnkRv.exe
  2⤵
  PID:5228
- C:\Windows\System\cKrApmk.exe
  C:\Windows\System\cKrApmk.exe
  2⤵
  PID:5536
- C:\Windows\System\NpCqOyu.exe
  C:\Windows\System\NpCqOyu.exe
  2⤵
  PID:5440
- C:\Windows\System\zBCqydl.exe
  C:\Windows\System\zBCqydl.exe
  2⤵
  PID:5768
- C:\Windows\System\teKDFOc.exe
  C:\Windows\System\teKDFOc.exe
  2⤵
  PID:5672
- C:\Windows\System\YLWnMKf.exe
  C:\Windows\System\YLWnMKf.exe
  2⤵
  PID:5844
- C:\Windows\System\RdvOmIS.exe
  C:\Windows\System\RdvOmIS.exe
  2⤵
  PID:5920
- C:\Windows\System\LqEDXKO.exe
  C:\Windows\System\LqEDXKO.exe
  2⤵
  PID:4184
- C:\Windows\System\MjXzgQZ.exe
  C:\Windows\System\MjXzgQZ.exe
  2⤵
  PID:6124
- C:\Windows\System\xrBhviw.exe
  C:\Windows\System\xrBhviw.exe
  2⤵
  PID:5348
- C:\Windows\System\yzAKqfM.exe
  C:\Windows\System\yzAKqfM.exe
  2⤵
  PID:5216
- C:\Windows\System\rAJtmRC.exe
  C:\Windows\System\rAJtmRC.exe
  2⤵
  PID:5480
- C:\Windows\System\RKpMKvB.exe
  C:\Windows\System\RKpMKvB.exe
  2⤵
  PID:5704
- C:\Windows\System\yKUlGrR.exe
  C:\Windows\System\yKUlGrR.exe
  2⤵
  PID:5652
- C:\Windows\System\IGqZupy.exe
  C:\Windows\System\IGqZupy.exe
  2⤵
  PID:5876
- C:\Windows\System\egLAvkn.exe
  C:\Windows\System\egLAvkn.exe
  2⤵
  PID:6080
- C:\Windows\System\SXKbeyb.exe
  C:\Windows\System\SXKbeyb.exe
  2⤵
  PID:5248
- C:\Windows\System\oSZsloJ.exe
  C:\Windows\System\oSZsloJ.exe
  2⤵
  PID:5232
- C:\Windows\System\eHTBDaz.exe
  C:\Windows\System\eHTBDaz.exe
  2⤵
  PID:5564
- C:\Windows\System\cFTNjwk.exe
  C:\Windows\System\cFTNjwk.exe
  2⤵
  PID:5636
- C:\Windows\System\PCIXlkf.exe
  C:\Windows\System\PCIXlkf.exe
  2⤵
  PID:5780
- C:\Windows\System\ezXOYkW.exe
  C:\Windows\System\ezXOYkW.exe
  2⤵
  PID:5604
- C:\Windows\System\BEBthOm.exe
  C:\Windows\System\BEBthOm.exe
  2⤵
  PID:6152
- C:\Windows\System\SoppDbJ.exe
  C:\Windows\System\SoppDbJ.exe
  2⤵
  PID:6172
- C:\Windows\System\eGZTOMM.exe
  C:\Windows\System\eGZTOMM.exe
  2⤵
  PID:6188
- C:\Windows\System\zrpKNHJ.exe
  C:\Windows\System\zrpKNHJ.exe
  2⤵
  PID:6204
- C:\Windows\System\rkSYSPX.exe
  C:\Windows\System\rkSYSPX.exe
  2⤵
  PID:6224
- C:\Windows\System\htEYXab.exe
  C:\Windows\System\htEYXab.exe
  2⤵
  PID:6244
- C:\Windows\System\mwBJcJO.exe
  C:\Windows\System\mwBJcJO.exe
  2⤵
  PID:6260
- C:\Windows\System\epEqhWR.exe
  C:\Windows\System\epEqhWR.exe
  2⤵
  PID:6276
- C:\Windows\System\HYFInUU.exe
  C:\Windows\System\HYFInUU.exe
  2⤵
  PID:6292
- C:\Windows\System\iWJlRku.exe
  C:\Windows\System\iWJlRku.exe
  2⤵
  PID:6312
- C:\Windows\System\vAmmYrj.exe
  C:\Windows\System\vAmmYrj.exe
  2⤵
  PID:6332
- C:\Windows\System\sdZkpUi.exe
  C:\Windows\System\sdZkpUi.exe
  2⤵
  PID:6348
- C:\Windows\System\gYRwXRZ.exe
  C:\Windows\System\gYRwXRZ.exe
  2⤵
  PID:6364
- C:\Windows\System\wrWGpIb.exe
  C:\Windows\System\wrWGpIb.exe
  2⤵
  PID:6384
- C:\Windows\System\qDCTRdJ.exe
  C:\Windows\System\qDCTRdJ.exe
  2⤵
  PID:6404
- C:\Windows\System\KOdGhNh.exe
  C:\Windows\System\KOdGhNh.exe
  2⤵
  PID:6424
- C:\Windows\System\TerGhpD.exe
  C:\Windows\System\TerGhpD.exe
  2⤵
  PID:6448
- C:\Windows\System\ckKhJCA.exe
  C:\Windows\System\ckKhJCA.exe
  2⤵
  PID:6464
- C:\Windows\System\zflPqXK.exe
  C:\Windows\System\zflPqXK.exe
  2⤵
  PID:6480
- C:\Windows\System\GcgLvuA.exe
  C:\Windows\System\GcgLvuA.exe
  2⤵
  PID:6496
- C:\Windows\System\xbsUxhp.exe
  C:\Windows\System\xbsUxhp.exe
  2⤵
  PID:6564
- C:\Windows\System\tCVrugg.exe
  C:\Windows\System\tCVrugg.exe
  2⤵
  PID:6584
- C:\Windows\System\SLggzgD.exe
  C:\Windows\System\SLggzgD.exe
  2⤵
  PID:6600
- C:\Windows\System\sjzHNCs.exe
  C:\Windows\System\sjzHNCs.exe
  2⤵
  PID:6616
- C:\Windows\System\YdVkyPO.exe
  C:\Windows\System\YdVkyPO.exe
  2⤵
  PID:6632
- C:\Windows\System\EGsLzqp.exe
  C:\Windows\System\EGsLzqp.exe
  2⤵
  PID:6652
- C:\Windows\System\dNQsIyv.exe
  C:\Windows\System\dNQsIyv.exe
  2⤵
  PID:6668
- C:\Windows\System\KbxNQwl.exe
  C:\Windows\System\KbxNQwl.exe
  2⤵
  PID:6684
- C:\Windows\System\gOCgUiZ.exe
  C:\Windows\System\gOCgUiZ.exe
  2⤵
  PID:6700
- C:\Windows\System\CXYhEIn.exe
  C:\Windows\System\CXYhEIn.exe
  2⤵
  PID:6720
- C:\Windows\System\nwIxJpj.exe
  C:\Windows\System\nwIxJpj.exe
  2⤵
  PID:6736
- C:\Windows\System\XpUIGhR.exe
  C:\Windows\System\XpUIGhR.exe
  2⤵
  PID:6756
- C:\Windows\System\pfDXHVd.exe
  C:\Windows\System\pfDXHVd.exe
  2⤵
  PID:6800
- C:\Windows\System\lNjvHaO.exe
  C:\Windows\System\lNjvHaO.exe
  2⤵
  PID:6824
- C:\Windows\System\SrdIaMq.exe
  C:\Windows\System\SrdIaMq.exe
  2⤵
  PID:6840
- C:\Windows\System\mkmMkeq.exe
  C:\Windows\System\mkmMkeq.exe
  2⤵
  PID:6856
- C:\Windows\System\dhKdBmf.exe
  C:\Windows\System\dhKdBmf.exe
  2⤵
  PID:6872
- C:\Windows\System\zAADjrh.exe
  C:\Windows\System\zAADjrh.exe
  2⤵
  PID:6888
- C:\Windows\System\IibMfYf.exe
  C:\Windows\System\IibMfYf.exe
  2⤵
  PID:6912
- C:\Windows\System\MwpXKbq.exe
  C:\Windows\System\MwpXKbq.exe
  2⤵
  PID:6928
- C:\Windows\System\WNYwXQz.exe
  C:\Windows\System\WNYwXQz.exe
  2⤵
  PID:6944
- C:\Windows\System\XFDbEPU.exe
  C:\Windows\System\XFDbEPU.exe
  2⤵
  PID:6960
- C:\Windows\System\UVmFYnx.exe
  C:\Windows\System\UVmFYnx.exe
  2⤵
  PID:6976
- C:\Windows\System\sbmCbYG.exe
  C:\Windows\System\sbmCbYG.exe
  2⤵
  PID:6992
- C:\Windows\System\LJUrXfy.exe
  C:\Windows\System\LJUrXfy.exe
  2⤵
  PID:7016
- C:\Windows\System\FfdjibT.exe
  C:\Windows\System\FfdjibT.exe
  2⤵
  PID:7036
- C:\Windows\System\xnzJGst.exe
  C:\Windows\System\xnzJGst.exe
  2⤵
  PID:7056
- C:\Windows\System\hdTmvXs.exe
  C:\Windows\System\hdTmvXs.exe
  2⤵
  PID:7100
- C:\Windows\System\UnqtOlq.exe
  C:\Windows\System\UnqtOlq.exe
  2⤵
  PID:7140
- C:\Windows\System\CEpsaEh.exe
  C:\Windows\System\CEpsaEh.exe
  2⤵
  PID:7156
- C:\Windows\System\ZyyeKOF.exe
  C:\Windows\System\ZyyeKOF.exe
  2⤵
  PID:5180
- C:\Windows\System\lbavcYI.exe
  C:\Windows\System\lbavcYI.exe
  2⤵
  PID:6196
- C:\Windows\System\oBvvipk.exe
  C:\Windows\System\oBvvipk.exe
  2⤵
  PID:6240
- C:\Windows\System\EXuczQh.exe
  C:\Windows\System\EXuczQh.exe
  2⤵
  PID:6344
- C:\Windows\System\aQHfRqq.exe
  C:\Windows\System\aQHfRqq.exe
  2⤵
  PID:6416
- C:\Windows\System\HzCzffy.exe
  C:\Windows\System\HzCzffy.exe
  2⤵
  PID:5996
- C:\Windows\System\ehjkTMf.exe
  C:\Windows\System\ehjkTMf.exe
  2⤵
  PID:6180
- C:\Windows\System\UwrJvwk.exe
  C:\Windows\System\UwrJvwk.exe
  2⤵
  PID:6492
- C:\Windows\System\tuKjwbP.exe
  C:\Windows\System\tuKjwbP.exe
  2⤵
  PID:6436
- C:\Windows\System\uYGvARs.exe
  C:\Windows\System\uYGvARs.exe
  2⤵
  PID:6504
- C:\Windows\System\PRATyud.exe
  C:\Windows\System\PRATyud.exe
  2⤵
  PID:6520
- C:\Windows\System\xKiKtCN.exe
  C:\Windows\System\xKiKtCN.exe
  2⤵
  PID:6396
- C:\Windows\System\yvQUzAR.exe
  C:\Windows\System\yvQUzAR.exe
  2⤵
  PID:6556
- C:\Windows\System\TgNjPkS.exe
  C:\Windows\System\TgNjPkS.exe
  2⤵
  PID:6252
- C:\Windows\System\qzKGqtH.exe
  C:\Windows\System\qzKGqtH.exe
  2⤵
  PID:6532
- C:\Windows\System\Kujgpxw.exe
  C:\Windows\System\Kujgpxw.exe
  2⤵
  PID:6608
- C:\Windows\System\PtxZlhr.exe
  C:\Windows\System\PtxZlhr.exe
  2⤵
  PID:6676
- C:\Windows\System\gkDRtCJ.exe
  C:\Windows\System\gkDRtCJ.exe
  2⤵
  PID:6660
- C:\Windows\System\hOslPOQ.exe
  C:\Windows\System\hOslPOQ.exe
  2⤵
  PID:6716
- C:\Windows\System\slvUHam.exe
  C:\Windows\System\slvUHam.exe
  2⤵
  PID:6692
- C:\Windows\System\LbXAxmO.exe
  C:\Windows\System\LbXAxmO.exe
  2⤵
  PID:6784
- C:\Windows\System\SnxUksV.exe
  C:\Windows\System\SnxUksV.exe
  2⤵
  PID:6792
- C:\Windows\System\GtvLDRh.exe
  C:\Windows\System\GtvLDRh.exe
  2⤵
  PID:6832
- C:\Windows\System\zOMiFoE.exe
  C:\Windows\System\zOMiFoE.exe
  2⤵
  PID:6920
- C:\Windows\System\jzgqVGL.exe
  C:\Windows\System\jzgqVGL.exe
  2⤵
  PID:6908
- C:\Windows\System\CbfWLgg.exe
  C:\Windows\System\CbfWLgg.exe
  2⤵
  PID:6952
- C:\Windows\System\LZIMzsb.exe
  C:\Windows\System\LZIMzsb.exe
  2⤵
  PID:6988
- C:\Windows\System\cHbXgBd.exe
  C:\Windows\System\cHbXgBd.exe
  2⤵
  PID:7064
- C:\Windows\System\CPHuafS.exe
  C:\Windows\System\CPHuafS.exe
  2⤵
  PID:7068
- C:\Windows\System\NkeOhOP.exe
  C:\Windows\System\NkeOhOP.exe
  2⤵
  PID:7008
- C:\Windows\System\sCIWFNT.exe
  C:\Windows\System\sCIWFNT.exe
  2⤵
  PID:7052
- C:\Windows\System\IXcxNaR.exe
  C:\Windows\System\IXcxNaR.exe
  2⤵
  PID:6164
- C:\Windows\System\OYLzvfh.exe
  C:\Windows\System\OYLzvfh.exe
  2⤵
  PID:6308
- C:\Windows\System\tzWkpwS.exe
  C:\Windows\System\tzWkpwS.exe
  2⤵
  PID:7108
- C:\Windows\System\jYuPBPF.exe
  C:\Windows\System\jYuPBPF.exe
  2⤵
  PID:5160
- C:\Windows\System\LEPxkYp.exe
  C:\Windows\System\LEPxkYp.exe
  2⤵
  PID:6412
- C:\Windows\System\kRouoFX.exe
  C:\Windows\System\kRouoFX.exe
  2⤵
  PID:6460
- C:\Windows\System\OpWQgzo.exe
  C:\Windows\System\OpWQgzo.exe
  2⤵
  PID:6324
- C:\Windows\System\qUXCIkc.exe
  C:\Windows\System\qUXCIkc.exe
  2⤵
  PID:5492
- C:\Windows\System\ZZgaXFr.exe
  C:\Windows\System\ZZgaXFr.exe
  2⤵
  PID:6148
- C:\Windows\System\JnpjyYt.exe
  C:\Windows\System\JnpjyYt.exe
  2⤵
  PID:6392
- C:\Windows\System\azhwDzz.exe
  C:\Windows\System\azhwDzz.exe
  2⤵
  PID:6580
- C:\Windows\System\GdRdyPG.exe
  C:\Windows\System\GdRdyPG.exe
  2⤵
  PID:6764
- C:\Windows\System\mvKWOmX.exe
  C:\Windows\System\mvKWOmX.exe
  2⤵
  PID:6548
- C:\Windows\System\xgQALwd.exe
  C:\Windows\System\xgQALwd.exe
  2⤵
  PID:6812
- C:\Windows\System\KhqmVJa.exe
  C:\Windows\System\KhqmVJa.exe
  2⤵
  PID:6284
- C:\Windows\System\UUfBHzN.exe
  C:\Windows\System\UUfBHzN.exe
  2⤵
  PID:6728
- C:\Windows\System\iYHtcaD.exe
  C:\Windows\System\iYHtcaD.exe
  2⤵
  PID:6880
- C:\Windows\System\xAvrlIk.exe
  C:\Windows\System\xAvrlIk.exe
  2⤵
  PID:7000
- C:\Windows\System\ewdRRmz.exe
  C:\Windows\System\ewdRRmz.exe
  2⤵
  PID:6444
- C:\Windows\System\daLgOht.exe
  C:\Windows\System\daLgOht.exe
  2⤵
  PID:6220
- C:\Windows\System\yXfixQp.exe
  C:\Windows\System\yXfixQp.exe
  2⤵
  PID:6472
- C:\Windows\System\iSTmDTd.exe
  C:\Windows\System\iSTmDTd.exe
  2⤵
  PID:6796
- C:\Windows\System\qLYkjeo.exe
  C:\Windows\System\qLYkjeo.exe
  2⤵
  PID:6644
- C:\Windows\System\lhaWdKB.exe
  C:\Windows\System\lhaWdKB.exe
  2⤵
  PID:7076
- C:\Windows\System\ChlKFcH.exe
  C:\Windows\System\ChlKFcH.exe
  2⤵
  PID:6836
- C:\Windows\System\VUsBCjS.exe
  C:\Windows\System\VUsBCjS.exe
  2⤵
  PID:7004
- C:\Windows\System\nniFMQo.exe
  C:\Windows\System\nniFMQo.exe
  2⤵
  PID:6432
- C:\Windows\System\roJytcT.exe
  C:\Windows\System\roJytcT.exe
  2⤵
  PID:7180
- C:\Windows\System\KdtREfx.exe
  C:\Windows\System\KdtREfx.exe
  2⤵
  PID:7196
- C:\Windows\System\AaAGTyD.exe
  C:\Windows\System\AaAGTyD.exe
  2⤵
  PID:7216
- C:\Windows\System\PtLQicm.exe
  C:\Windows\System\PtLQicm.exe
  2⤵
  PID:7236
- C:\Windows\System\rguWhIJ.exe
  C:\Windows\System\rguWhIJ.exe
  2⤵
  PID:7252
- C:\Windows\System\vtlnkKM.exe
  C:\Windows\System\vtlnkKM.exe
  2⤵
  PID:7268
- C:\Windows\System\ucDmBMM.exe
  C:\Windows\System\ucDmBMM.exe
  2⤵
  PID:7284
- C:\Windows\System\gOdHizM.exe
  C:\Windows\System\gOdHizM.exe
  2⤵
  PID:7304
- C:\Windows\System\lchrWnJ.exe
  C:\Windows\System\lchrWnJ.exe
  2⤵
  PID:7324
- C:\Windows\System\FREJzdI.exe
  C:\Windows\System\FREJzdI.exe
  2⤵
  PID:7344
- C:\Windows\System\dDoENZF.exe
  C:\Windows\System\dDoENZF.exe
  2⤵
  PID:7372
- C:\Windows\System\xOnqkqN.exe
  C:\Windows\System\xOnqkqN.exe
  2⤵
  PID:7392
- C:\Windows\System\AVJtJVv.exe
  C:\Windows\System\AVJtJVv.exe
  2⤵
  PID:7416
- C:\Windows\System\YGjZqTn.exe
  C:\Windows\System\YGjZqTn.exe
  2⤵
  PID:7440
- C:\Windows\System\FMzBnCm.exe
  C:\Windows\System\FMzBnCm.exe
  2⤵
  PID:7460
- C:\Windows\System\nikaNPz.exe
  C:\Windows\System\nikaNPz.exe
  2⤵
  PID:7484
- C:\Windows\System\LRNjKIM.exe
  C:\Windows\System\LRNjKIM.exe
  2⤵
  PID:7504
- C:\Windows\System\rQnXeaN.exe
  C:\Windows\System\rQnXeaN.exe
  2⤵
  PID:7524
- C:\Windows\System\DijFOaM.exe
  C:\Windows\System\DijFOaM.exe
  2⤵
  PID:7552
- C:\Windows\System\JLyqBEI.exe
  C:\Windows\System\JLyqBEI.exe
  2⤵
  PID:7572
- C:\Windows\System\HGtbsuT.exe
  C:\Windows\System\HGtbsuT.exe
  2⤵
  PID:7604
- C:\Windows\System\ESpaMDU.exe
  C:\Windows\System\ESpaMDU.exe
  2⤵
  PID:7632
- C:\Windows\System\sniBcME.exe
  C:\Windows\System\sniBcME.exe
  2⤵
  PID:7648
- C:\Windows\System\BkzoPuw.exe
  C:\Windows\System\BkzoPuw.exe
  2⤵
  PID:7668
- C:\Windows\System\Ixgtspf.exe
  C:\Windows\System\Ixgtspf.exe
  2⤵
  PID:7688
- C:\Windows\System\qgCdSIx.exe
  C:\Windows\System\qgCdSIx.exe
  2⤵
  PID:7708
- C:\Windows\System\iEoKzDr.exe
  C:\Windows\System\iEoKzDr.exe
  2⤵
  PID:7728
- C:\Windows\System\sHCMzlN.exe
  C:\Windows\System\sHCMzlN.exe
  2⤵
  PID:7752
- C:\Windows\System\VhiUBcM.exe
  C:\Windows\System\VhiUBcM.exe
  2⤵
  PID:7772
- C:\Windows\System\OAuuiNw.exe
  C:\Windows\System\OAuuiNw.exe
  2⤵
  PID:7812
- C:\Windows\System\IqqoYKy.exe
  C:\Windows\System\IqqoYKy.exe
  2⤵
  PID:7832
- C:\Windows\System\rBZxbHB.exe
  C:\Windows\System\rBZxbHB.exe
  2⤵
  PID:7848
- C:\Windows\System\LUuSefW.exe
  C:\Windows\System\LUuSefW.exe
  2⤵
  PID:7872
- C:\Windows\System\EyKiZYG.exe
  C:\Windows\System\EyKiZYG.exe
  2⤵
  PID:7892
- C:\Windows\System\LAPYUAR.exe
  C:\Windows\System\LAPYUAR.exe
  2⤵
  PID:7916
- C:\Windows\System\ezShYmy.exe
  C:\Windows\System\ezShYmy.exe
  2⤵
  PID:7936
- C:\Windows\System\RcnbaTG.exe
  C:\Windows\System\RcnbaTG.exe
  2⤵
  PID:7952
- C:\Windows\System\ysmXuNv.exe
  C:\Windows\System\ysmXuNv.exe
  2⤵
  PID:7968
- C:\Windows\System\xcGXKdo.exe
  C:\Windows\System\xcGXKdo.exe
  2⤵
  PID:7988
- C:\Windows\System\JGxWQIC.exe
  C:\Windows\System\JGxWQIC.exe
  2⤵
  PID:8016
- C:\Windows\System\TWvkNVD.exe
  C:\Windows\System\TWvkNVD.exe
  2⤵
  PID:8056
- C:\Windows\System\UmNcgCh.exe
  C:\Windows\System\UmNcgCh.exe
  2⤵
  PID:8072
- C:\Windows\System\tynWiaE.exe
  C:\Windows\System\tynWiaE.exe
  2⤵
  PID:8092
- C:\Windows\System\xghnHNF.exe
  C:\Windows\System\xghnHNF.exe
  2⤵
  PID:8108
- C:\Windows\System\MLVxEem.exe
  C:\Windows\System\MLVxEem.exe
  2⤵
  PID:8128
- C:\Windows\System\lJzIeNy.exe
  C:\Windows\System\lJzIeNy.exe
  2⤵
  PID:8148
- C:\Windows\System\tRfGTgp.exe
  C:\Windows\System\tRfGTgp.exe
  2⤵
  PID:8168
- C:\Windows\System\RbSAHgF.exe
  C:\Windows\System\RbSAHgF.exe
  2⤵
  PID:8184
- C:\Windows\System\aZnwjvE.exe
  C:\Windows\System\aZnwjvE.exe
  2⤵
  PID:6648
- C:\Windows\System\BaZsGFH.exe
  C:\Windows\System\BaZsGFH.exe
  2⤵
  PID:7264
- C:\Windows\System\NmqmySd.exe
  C:\Windows\System\NmqmySd.exe
  2⤵
  PID:7136
- C:\Windows\System\wmujLlc.exe
  C:\Windows\System\wmujLlc.exe
  2⤵
  PID:6356
- C:\Windows\System\LBMKVPp.exe
  C:\Windows\System\LBMKVPp.exe
  2⤵
  PID:7424
- C:\Windows\System\hEGShdB.exe
  C:\Windows\System\hEGShdB.exe
  2⤵
  PID:6780
- C:\Windows\System\MsamKOR.exe
  C:\Windows\System\MsamKOR.exe
  2⤵
  PID:7480
- C:\Windows\System\PIFzYzM.exe
  C:\Windows\System\PIFzYzM.exe
  2⤵
  PID:7520
- C:\Windows\System\oYjomUE.exe
  C:\Windows\System\oYjomUE.exe
  2⤵
  PID:7212
- C:\Windows\System\gaDxsfl.exe
  C:\Windows\System\gaDxsfl.exe
  2⤵
  PID:7616
- C:\Windows\System\OgKgKuo.exe
  C:\Windows\System\OgKgKuo.exe
  2⤵
  PID:7656
- C:\Windows\System\Fwfokhj.exe
  C:\Windows\System\Fwfokhj.exe
  2⤵
  PID:7744
- C:\Windows\System\EBulYZS.exe
  C:\Windows\System\EBulYZS.exe
  2⤵
  PID:6624
- C:\Windows\System\oOjPKgf.exe
  C:\Windows\System\oOjPKgf.exe
  2⤵
  PID:6528
- C:\Windows\System\azfIKgK.exe
  C:\Windows\System\azfIKgK.exe
  2⤵
  PID:7680
- C:\Windows\System\rHPUcZo.exe
  C:\Windows\System\rHPUcZo.exe
  2⤵
  PID:7032
- C:\Windows\System\Vkpgjlh.exe
  C:\Windows\System\Vkpgjlh.exe
  2⤵
  PID:6372
- C:\Windows\System\YmSwUoJ.exe
  C:\Windows\System\YmSwUoJ.exe
  2⤵
  PID:5712
- C:\Windows\System\IabJQbe.exe
  C:\Windows\System\IabJQbe.exe
  2⤵
  PID:7532
- C:\Windows\System\rrCNCga.exe
  C:\Windows\System\rrCNCga.exe
  2⤵
  PID:7540
- C:\Windows\System\uQIfhFE.exe
  C:\Windows\System\uQIfhFE.exe
  2⤵
  PID:7172
- C:\Windows\System\RajhAHN.exe
  C:\Windows\System\RajhAHN.exe
  2⤵
  PID:7248
- C:\Windows\System\YWkfPBW.exe
  C:\Windows\System\YWkfPBW.exe
  2⤵
  PID:7352
- C:\Windows\System\URIHnEe.exe
  C:\Windows\System\URIHnEe.exe
  2⤵
  PID:7368
- C:\Windows\System\ARmCOVk.exe
  C:\Windows\System\ARmCOVk.exe
  2⤵
  PID:7676
- C:\Windows\System\vnjCkfR.exe
  C:\Windows\System\vnjCkfR.exe
  2⤵
  PID:7760
- C:\Windows\System\HQJQkgY.exe
  C:\Windows\System\HQJQkgY.exe
  2⤵
  PID:7768
- C:\Windows\System\SmLdexk.exe
  C:\Windows\System\SmLdexk.exe
  2⤵
  PID:7844
- C:\Windows\System\mEUqWwC.exe
  C:\Windows\System\mEUqWwC.exe
  2⤵
  PID:7880
- C:\Windows\System\DthEiye.exe
  C:\Windows\System\DthEiye.exe
  2⤵
  PID:7888
- C:\Windows\System\ppODZeY.exe
  C:\Windows\System\ppODZeY.exe
  2⤵
  PID:7924
- C:\Windows\System\dIgHVyE.exe
  C:\Windows\System\dIgHVyE.exe
  2⤵
  PID:8000
- C:\Windows\System\kyAZObA.exe
  C:\Windows\System\kyAZObA.exe
  2⤵
  PID:7944
- C:\Windows\System\BtUttEF.exe
  C:\Windows\System\BtUttEF.exe
  2⤵
  PID:8036
- C:\Windows\System\CXNIsBl.exe
  C:\Windows\System\CXNIsBl.exe
  2⤵
  PID:8100
- C:\Windows\System\qrykrLv.exe
  C:\Windows\System\qrykrLv.exe
  2⤵
  PID:5892
- C:\Windows\System\IAhWhpC.exe
  C:\Windows\System\IAhWhpC.exe
  2⤵
  PID:8176
- C:\Windows\System\BPNHnYl.exe
  C:\Windows\System\BPNHnYl.exe
  2⤵
  PID:8124
- C:\Windows\System\ONUkUJF.exe
  C:\Windows\System\ONUkUJF.exe
  2⤵
  PID:7192
- C:\Windows\System\KAgJzsS.exe
  C:\Windows\System\KAgJzsS.exe
  2⤵
  PID:7996
- C:\Windows\System\ZrofdvS.exe
  C:\Windows\System\ZrofdvS.exe
  2⤵
  PID:7332
- C:\Windows\System\BzSKjsa.exe
  C:\Windows\System\BzSKjsa.exe
  2⤵
  PID:6540
- C:\Windows\System\nKgjBPh.exe
  C:\Windows\System\nKgjBPh.exe
  2⤵
  PID:7436
- C:\Windows\System\UFCXXqz.exe
  C:\Windows\System\UFCXXqz.exe
  2⤵
  PID:7696
- C:\Windows\System\UpKVSQH.exe
  C:\Windows\System\UpKVSQH.exe
  2⤵
  PID:7736
- C:\Windows\System\DYQBTVJ.exe
  C:\Windows\System\DYQBTVJ.exe
  2⤵
  PID:7624
- C:\Windows\System\tVyetoY.exe
  C:\Windows\System\tVyetoY.exe
  2⤵
  PID:7700
- C:\Windows\System\dPJkRnV.exe
  C:\Windows\System\dPJkRnV.exe
  2⤵
  PID:7496
- C:\Windows\System\aJYTaBD.exe
  C:\Windows\System\aJYTaBD.exe
  2⤵
  PID:6536
- C:\Windows\System\IpathgC.exe
  C:\Windows\System\IpathgC.exe
  2⤵
  PID:7500
- C:\Windows\System\bnZFRaY.exe
  C:\Windows\System\bnZFRaY.exe
  2⤵
  PID:6420
- C:\Windows\System\lTxLnGa.exe
  C:\Windows\System\lTxLnGa.exe
  2⤵
  PID:7800
- C:\Windows\System\SnfFxCA.exe
  C:\Windows\System\SnfFxCA.exe
  2⤵
  PID:7316
- C:\Windows\System\afyIEAa.exe
  C:\Windows\System\afyIEAa.exe
  2⤵
  PID:7548
- C:\Windows\System\psmUaMm.exe
  C:\Windows\System\psmUaMm.exe
  2⤵
  PID:7588
- C:\Windows\System\VdVcmOu.exe
  C:\Windows\System\VdVcmOu.exe
  2⤵
  PID:7864
- C:\Windows\System\JdwgNjC.exe
  C:\Windows\System\JdwgNjC.exe
  2⤵
  PID:7932
- C:\Windows\System\aoRTHFw.exe
  C:\Windows\System\aoRTHFw.exe
  2⤵
  PID:7912
- C:\Windows\System\rTpucDG.exe
  C:\Windows\System\rTpucDG.exe
  2⤵
  PID:7980
- C:\Windows\System\DtCpPxD.exe
  C:\Windows\System\DtCpPxD.exe
  2⤵
  PID:6508
- C:\Windows\System\ymIIVBa.exe
  C:\Windows\System\ymIIVBa.exe
  2⤵
  PID:8088
- C:\Windows\System\uIBMWrW.exe
  C:\Windows\System\uIBMWrW.exe
  2⤵
  PID:8160
- C:\Windows\System\lmiShJJ.exe
  C:\Windows\System\lmiShJJ.exe
  2⤵
  PID:7384
- C:\Windows\System\pKgBymq.exe
  C:\Windows\System\pKgBymq.exe
  2⤵
  PID:7660
- C:\Windows\System\BMYqBDz.exe
  C:\Windows\System\BMYqBDz.exe
  2⤵
  PID:6712
- C:\Windows\System\VJVuMdW.exe
  C:\Windows\System\VJVuMdW.exe
  2⤵
  PID:7024
- C:\Windows\System\fFEqEZq.exe
  C:\Windows\System\fFEqEZq.exe
  2⤵
  PID:7360
- C:\Windows\System\sFuCOYs.exe
  C:\Windows\System\sFuCOYs.exe
  2⤵
  PID:6884
- C:\Windows\System\epDRZZz.exe
  C:\Windows\System\epDRZZz.exe
  2⤵
  PID:7364
- C:\Windows\System\jyIeXkh.exe
  C:\Windows\System\jyIeXkh.exe
  2⤵
  PID:7596
- C:\Windows\System\sPjShaR.exe
  C:\Windows\System\sPjShaR.exe
  2⤵
  PID:7048
- C:\Windows\System\UgyFJiw.exe
  C:\Windows\System\UgyFJiw.exe
  2⤵
  PID:7792
- C:\Windows\System\sAnsXTJ.exe
  C:\Windows\System\sAnsXTJ.exe
  2⤵
  PID:7948
- C:\Windows\System\PlIEqsg.exe
  C:\Windows\System\PlIEqsg.exe
  2⤵
  PID:7828
- C:\Windows\System\obEneko.exe
  C:\Windows\System\obEneko.exe
  2⤵
  PID:8012
- C:\Windows\System\CaQeqAA.exe
  C:\Windows\System\CaQeqAA.exe
  2⤵
  PID:8156
- C:\Windows\System\YNuYqPf.exe
  C:\Windows\System\YNuYqPf.exe
  2⤵
  PID:7516
- C:\Windows\System\gwUTXHx.exe
  C:\Windows\System\gwUTXHx.exe
  2⤵
  PID:7716
- C:\Windows\System\DJzRoWm.exe
  C:\Windows\System\DJzRoWm.exe
  2⤵
  PID:7340
- C:\Windows\System\yuintMw.exe
  C:\Windows\System\yuintMw.exe
  2⤵
  PID:7432
- C:\Windows\System\hNAVIRY.exe
  C:\Windows\System\hNAVIRY.exe
  2⤵
  PID:6868
- C:\Windows\System\ynFgLDB.exe
  C:\Windows\System\ynFgLDB.exe
  2⤵
  PID:7724
- C:\Windows\System\fbWHWkH.exe
  C:\Windows\System\fbWHWkH.exe
  2⤵
  PID:7492
- C:\Windows\System\NmJYVEP.exe
  C:\Windows\System\NmJYVEP.exe
  2⤵
  PID:6732
- C:\Windows\System\tpmEnPF.exe
  C:\Windows\System\tpmEnPF.exe
  2⤵
  PID:6456
- C:\Windows\System\mCZZfIv.exe
  C:\Windows\System\mCZZfIv.exe
  2⤵
  PID:6924
- C:\Windows\System\VQvkPPL.exe
  C:\Windows\System\VQvkPPL.exe
  2⤵
  PID:7408
- C:\Windows\System\wopjxWz.exe
  C:\Windows\System\wopjxWz.exe
  2⤵
  PID:7280
- C:\Windows\System\VXqHCeH.exe
  C:\Windows\System\VXqHCeH.exe
  2⤵
  PID:7908
- C:\Windows\System\pIzHMjy.exe
  C:\Windows\System\pIzHMjy.exe
  2⤵
  PID:7704
- C:\Windows\System\OzQPgOJ.exe
  C:\Windows\System\OzQPgOJ.exe
  2⤵
  PID:7296
- C:\Windows\System\dUqqzkF.exe
  C:\Windows\System\dUqqzkF.exe
  2⤵
  PID:7884
- C:\Windows\System\smwTNps.exe
  C:\Windows\System\smwTNps.exe
  2⤵
  PID:7404
- C:\Windows\System\jSzSihz.exe
  C:\Windows\System\jSzSihz.exe
  2⤵
  PID:6776
- C:\Windows\System\BfuxZMN.exe
  C:\Windows\System\BfuxZMN.exe
  2⤵
  PID:8208
- C:\Windows\System\GdcbTUB.exe
  C:\Windows\System\GdcbTUB.exe
  2⤵
  PID:8232
- C:\Windows\System\AVzuNxa.exe
  C:\Windows\System\AVzuNxa.exe
  2⤵
  PID:8256
- C:\Windows\System\HVTHuof.exe
  C:\Windows\System\HVTHuof.exe
  2⤵
  PID:8276
- C:\Windows\System\HJPuSLK.exe
  C:\Windows\System\HJPuSLK.exe
  2⤵
  PID:8300
- C:\Windows\System\FJJBSin.exe
  C:\Windows\System\FJJBSin.exe
  2⤵
  PID:8316
- C:\Windows\System\xDGwoVg.exe
  C:\Windows\System\xDGwoVg.exe
  2⤵
  PID:8336
- C:\Windows\System\jmJeHFj.exe
  C:\Windows\System\jmJeHFj.exe
  2⤵
  PID:8364
- C:\Windows\System\finNqol.exe
  C:\Windows\System\finNqol.exe
  2⤵
  PID:8380
- C:\Windows\System\LEilFUA.exe
  C:\Windows\System\LEilFUA.exe
  2⤵
  PID:8396
- C:\Windows\System\dqfgOmn.exe
  C:\Windows\System\dqfgOmn.exe
  2⤵
  PID:8412
- C:\Windows\System\flEkypi.exe
  C:\Windows\System\flEkypi.exe
  2⤵
  PID:8428
- C:\Windows\System\qGUSWsQ.exe
  C:\Windows\System\qGUSWsQ.exe
  2⤵
  PID:8452
- C:\Windows\System\zUtxezm.exe
  C:\Windows\System\zUtxezm.exe
  2⤵
  PID:8472
- C:\Windows\System\DsLSwqZ.exe
  C:\Windows\System\DsLSwqZ.exe
  2⤵
  PID:8488
- C:\Windows\System\exASAAr.exe
  C:\Windows\System\exASAAr.exe
  2⤵
  PID:8504
- C:\Windows\System\CzrhcLx.exe
  C:\Windows\System\CzrhcLx.exe
  2⤵
  PID:8520
- C:\Windows\System\nkiFShp.exe
  C:\Windows\System\nkiFShp.exe
  2⤵
  PID:8540
- C:\Windows\System\nfkfqft.exe
  C:\Windows\System\nfkfqft.exe
  2⤵
  PID:8564
- C:\Windows\System\QrrkKCB.exe
  C:\Windows\System\QrrkKCB.exe
  2⤵
  PID:8580
- C:\Windows\System\sTQsLSF.exe
  C:\Windows\System\sTQsLSF.exe
  2⤵
  PID:8612
- C:\Windows\System\jdTTXOz.exe
  C:\Windows\System\jdTTXOz.exe
  2⤵
  PID:8628
- C:\Windows\System\jhlzPXV.exe
  C:\Windows\System\jhlzPXV.exe
  2⤵
  PID:8648
- C:\Windows\System\QTWIhLT.exe
  C:\Windows\System\QTWIhLT.exe
  2⤵
  PID:8664
- C:\Windows\System\wLEudBW.exe
  C:\Windows\System\wLEudBW.exe
  2⤵
  PID:8684
- C:\Windows\System\JQiXyxx.exe
  C:\Windows\System\JQiXyxx.exe
  2⤵
  PID:8700
- C:\Windows\System\pvAOlET.exe
  C:\Windows\System\pvAOlET.exe
  2⤵
  PID:8732
- C:\Windows\System\kZePnCm.exe
  C:\Windows\System\kZePnCm.exe
  2⤵
  PID:8752
- C:\Windows\System\wjaTivp.exe
  C:\Windows\System\wjaTivp.exe
  2⤵
  PID:8768
- C:\Windows\System\DYbtGSO.exe
  C:\Windows\System\DYbtGSO.exe
  2⤵
  PID:8812
- C:\Windows\System\ZcNvazC.exe
  C:\Windows\System\ZcNvazC.exe
  2⤵
  PID:8828
- C:\Windows\System\SvenaOM.exe
  C:\Windows\System\SvenaOM.exe
  2⤵
  PID:8844
- C:\Windows\System\BDmzaMc.exe
  C:\Windows\System\BDmzaMc.exe
  2⤵
  PID:8868
- C:\Windows\System\RqPmTOD.exe
  C:\Windows\System\RqPmTOD.exe
  2⤵
  PID:8884
- C:\Windows\System\Bntrzzv.exe
  C:\Windows\System\Bntrzzv.exe
  2⤵
  PID:8912
- C:\Windows\System\xTOVAzo.exe
  C:\Windows\System\xTOVAzo.exe
  2⤵
  PID:8928
- C:\Windows\System\vuBZfmU.exe
  C:\Windows\System\vuBZfmU.exe
  2⤵
  PID:8948
- C:\Windows\System\aGxYUCQ.exe
  C:\Windows\System\aGxYUCQ.exe
  2⤵
  PID:8964
- C:\Windows\System\BlCIbEF.exe
  C:\Windows\System\BlCIbEF.exe
  2⤵
  PID:8984
- C:\Windows\System\OCdhwLG.exe
  C:\Windows\System\OCdhwLG.exe
  2⤵
  PID:9000
- C:\Windows\System\XLgfzDp.exe
  C:\Windows\System\XLgfzDp.exe
  2⤵
  PID:9028
- C:\Windows\System\pTpcEne.exe
  C:\Windows\System\pTpcEne.exe
  2⤵
  PID:9048
- C:\Windows\System\jWtqhpS.exe
  C:\Windows\System\jWtqhpS.exe
  2⤵
  PID:9068
- C:\Windows\System\KLSkjmm.exe
  C:\Windows\System\KLSkjmm.exe
  2⤵
  PID:9092
- C:\Windows\System\swRquyK.exe
  C:\Windows\System\swRquyK.exe
  2⤵
  PID:9108
- C:\Windows\System\aSYDLCt.exe
  C:\Windows\System\aSYDLCt.exe
  2⤵
  PID:9124
- C:\Windows\System\LMQIRBu.exe
  C:\Windows\System\LMQIRBu.exe
  2⤵
  PID:9140
- C:\Windows\System\CIkRoLj.exe
  C:\Windows\System\CIkRoLj.exe
  2⤵
  PID:9160
- C:\Windows\System\kzBupKx.exe
  C:\Windows\System\kzBupKx.exe
  2⤵
  PID:9180
- C:\Windows\System\KVJAwZP.exe
  C:\Windows\System\KVJAwZP.exe
  2⤵
  PID:9200
- C:\Windows\System\DkuAawN.exe
  C:\Windows\System\DkuAawN.exe
  2⤵
  PID:8220
- C:\Windows\System\kDQXvkn.exe
  C:\Windows\System\kDQXvkn.exe
  2⤵
  PID:8140
- C:\Windows\System\cPDQnVw.exe
  C:\Windows\System\cPDQnVw.exe
  2⤵
  PID:8204
- C:\Windows\System\eHXVhoM.exe
  C:\Windows\System\eHXVhoM.exe
  2⤵
  PID:8272
- C:\Windows\System\kEaLMWe.exe
  C:\Windows\System\kEaLMWe.exe
  2⤵
  PID:8292
- C:\Windows\System\aHrMORC.exe
  C:\Windows\System\aHrMORC.exe
  2⤵
  PID:8332
- C:\Windows\System\aRfSNbP.exe
  C:\Windows\System\aRfSNbP.exe
  2⤵
  PID:8352
- C:\Windows\System\cyKAqes.exe
  C:\Windows\System\cyKAqes.exe
  2⤵
  PID:8420
- C:\Windows\System\sfxXCXE.exe
  C:\Windows\System\sfxXCXE.exe
  2⤵
  PID:8528
- C:\Windows\System\GdpeNFa.exe
  C:\Windows\System\GdpeNFa.exe
  2⤵
  PID:8576
- C:\Windows\System\kPPYcAX.exe
  C:\Windows\System\kPPYcAX.exe
  2⤵
  PID:8592
- C:\Windows\System\GfteQqD.exe
  C:\Windows\System\GfteQqD.exe
  2⤵
  PID:8480
- C:\Windows\System\vANBObJ.exe
  C:\Windows\System\vANBObJ.exe
  2⤵
  PID:8408
- C:\Windows\System\OAIKiDJ.exe
  C:\Windows\System\OAIKiDJ.exe
  2⤵
  PID:8484
- C:\Windows\System\hYOEnoi.exe
  C:\Windows\System\hYOEnoi.exe
  2⤵
  PID:8552
- C:\Windows\System\caSBHjg.exe
  C:\Windows\System\caSBHjg.exe
  2⤵
  PID:8640
- C:\Windows\System\JGhuFad.exe
  C:\Windows\System\JGhuFad.exe
  2⤵
  PID:8672
- C:\Windows\System\lSHvNFQ.exe
  C:\Windows\System\lSHvNFQ.exe
  2⤵
  PID:8712
- C:\Windows\System\ecDWBAt.exe
  C:\Windows\System\ecDWBAt.exe
  2⤵
  PID:8728
- C:\Windows\System\WsYQpYM.exe
  C:\Windows\System\WsYQpYM.exe
  2⤵
  PID:8356
- C:\Windows\System\KdgAxsu.exe
  C:\Windows\System\KdgAxsu.exe
  2⤵
  PID:8840
- C:\Windows\System\wnMHOhy.exe
  C:\Windows\System\wnMHOhy.exe
  2⤵
  PID:8876
- C:\Windows\System\gYzqXso.exe
  C:\Windows\System\gYzqXso.exe
  2⤵
  PID:8908
- C:\Windows\System\knhnmSc.exe
  C:\Windows\System\knhnmSc.exe
  2⤵
  PID:8960
- C:\Windows\System\GuBjLDl.exe
  C:\Windows\System\GuBjLDl.exe
  2⤵
  PID:8940
- C:\Windows\System\uzvubAi.exe
  C:\Windows\System\uzvubAi.exe
  2⤵
  PID:8944
- C:\Windows\System\XQWkULY.exe
  C:\Windows\System\XQWkULY.exe
  2⤵
  PID:9076
- C:\Windows\System\jJzRFPK.exe
  C:\Windows\System\jJzRFPK.exe
  2⤵
  PID:9084
- C:\Windows\System\jnyhRNm.exe
  C:\Windows\System\jnyhRNm.exe
  2⤵
  PID:9152
- C:\Windows\System\nEstxzS.exe
  C:\Windows\System\nEstxzS.exe
  2⤵
  PID:8228
- C:\Windows\System\sJpgiEd.exe
  C:\Windows\System\sJpgiEd.exe
  2⤵
  PID:9208
- C:\Windows\System\ZRkNMgP.exe
  C:\Windows\System\ZRkNMgP.exe
  2⤵
  PID:8388
- C:\Windows\System\jvkWupU.exe
  C:\Windows\System\jvkWupU.exe
  2⤵
  PID:9136
- C:\Windows\System\sZxFGhP.exe
  C:\Windows\System\sZxFGhP.exe
  2⤵
  PID:8200
- C:\Windows\System\sxhyIPD.exe
  C:\Windows\System\sxhyIPD.exe
  2⤵
  PID:8288
- C:\Windows\System\mhAyPZm.exe
  C:\Windows\System\mhAyPZm.exe
  2⤵
  PID:8460
- C:\Windows\System\sfvhXFt.exe
  C:\Windows\System\sfvhXFt.exe
  2⤵
  PID:9168
- C:\Windows\System\gpYSWBU.exe
  C:\Windows\System\gpYSWBU.exe
  2⤵
  PID:7808
- C:\Windows\System\YaSYekq.exe
  C:\Windows\System\YaSYekq.exe
  2⤵
  PID:8604
- C:\Windows\System\RKdrzlg.exe
  C:\Windows\System\RKdrzlg.exe
  2⤵
  PID:8636
- C:\Windows\System\vaiXppM.exe
  C:\Windows\System\vaiXppM.exe
  2⤵
  PID:8764
- C:\Windows\System\VGcAqMM.exe
  C:\Windows\System\VGcAqMM.exe
  2⤵
  PID:8644
- C:\Windows\System\nAnwjOd.exe
  C:\Windows\System\nAnwjOd.exe
  2⤵
  PID:8800
- C:\Windows\System\dwXQuOC.exe
  C:\Windows\System\dwXQuOC.exe
  2⤵
  PID:8824
- C:\Windows\System\HyLokWt.exe
  C:\Windows\System\HyLokWt.exe
  2⤵
  PID:8896
- C:\Windows\System\MBXMCUO.exe
  C:\Windows\System\MBXMCUO.exe
  2⤵
  PID:8804
- C:\Windows\System\ZMbtBkO.exe
  C:\Windows\System\ZMbtBkO.exe
  2⤵
  PID:8972
- C:\Windows\System\xgbcSYC.exe
  C:\Windows\System\xgbcSYC.exe
  2⤵
  PID:9060
- C:\Windows\System\gtwGtrA.exe
  C:\Windows\System\gtwGtrA.exe
  2⤵
  PID:9188
- C:\Windows\System\hxkQmnp.exe
  C:\Windows\System\hxkQmnp.exe
  2⤵
  PID:8264
- C:\Windows\System\JYxrhEM.exe
  C:\Windows\System\JYxrhEM.exe
  2⤵
  PID:8312
- C:\Windows\System\uwDVnle.exe
  C:\Windows\System\uwDVnle.exe
  2⤵
  PID:8536
- C:\Windows\System\cJrgPti.exe
  C:\Windows\System\cJrgPti.exe
  2⤵
  PID:8464
- C:\Windows\System\YnuKhdf.exe
  C:\Windows\System\YnuKhdf.exe
  2⤵
  PID:8660
- C:\Windows\System\fBnJamY.exe
  C:\Windows\System\fBnJamY.exe
  2⤵
  PID:8624
- C:\Windows\System\qaZoSNU.exe
  C:\Windows\System\qaZoSNU.exe
  2⤵
  PID:8708
- C:\Windows\System\MRXTyiV.exe
  C:\Windows\System\MRXTyiV.exe
  2⤵
  PID:8748
- C:\Windows\System\BRplhCz.exe
  C:\Windows\System\BRplhCz.exe
  2⤵
  PID:8864
- C:\Windows\System\DWxTOUt.exe
  C:\Windows\System\DWxTOUt.exe
  2⤵
  PID:8956
- C:\Windows\System\zoQzFMk.exe
  C:\Windows\System\zoQzFMk.exe
  2⤵
  PID:8992
- C:\Windows\System\zffVTtl.exe
  C:\Windows\System\zffVTtl.exe
  2⤵
  PID:9192
- C:\Windows\System\DiDiFuj.exe
  C:\Windows\System\DiDiFuj.exe
  2⤵
  PID:8248
- C:\Windows\System\NNQHrYq.exe
  C:\Windows\System\NNQHrYq.exe
  2⤵
  PID:8344
- C:\Windows\System\aohhhzN.exe
  C:\Windows\System\aohhhzN.exe
  2⤵
  PID:8500
- C:\Windows\System\bxvGkAi.exe
  C:\Windows\System\bxvGkAi.exe
  2⤵
  PID:8516
- C:\Windows\System\GLxcWyl.exe
  C:\Windows\System\GLxcWyl.exe
  2⤵
  PID:8788
- C:\Windows\System\mEEjthn.exe
  C:\Windows\System\mEEjthn.exe
  2⤵
  PID:8900
- C:\Windows\System\cavlRnH.exe
  C:\Windows\System\cavlRnH.exe
  2⤵
  PID:9056
- C:\Windows\System\bEXWbvG.exe
  C:\Windows\System\bEXWbvG.exe
  2⤵
  PID:7300
- C:\Windows\System\jeHSyRm.exe
  C:\Windows\System\jeHSyRm.exe
  2⤵
  PID:8444
- C:\Windows\System\ECUQhMP.exe
  C:\Windows\System\ECUQhMP.exe
  2⤵
  PID:8216
- C:\Windows\System\EcpmFDk.exe
  C:\Windows\System\EcpmFDk.exe
  2⤵
  PID:9024
- C:\Windows\System\xhftrQG.exe
  C:\Windows\System\xhftrQG.exe
  2⤵
  PID:9132
- C:\Windows\System\ECDxlss.exe
  C:\Windows\System\ECDxlss.exe
  2⤵
  PID:9212
- C:\Windows\System\EttkQOm.exe
  C:\Windows\System\EttkQOm.exe
  2⤵
  PID:9064
- C:\Windows\System\JEaQqkF.exe
  C:\Windows\System\JEaQqkF.exe
  2⤵
  PID:9100
- C:\Windows\System\xmjUSnl.exe
  C:\Windows\System\xmjUSnl.exe
  2⤵
  PID:9176
- C:\Windows\System\DxUpvFg.exe
  C:\Windows\System\DxUpvFg.exe
  2⤵
  PID:9016
- C:\Windows\System\CUoQPFR.exe
  C:\Windows\System\CUoQPFR.exe
  2⤵
  PID:8404
- C:\Windows\System\GfRTxbb.exe
  C:\Windows\System\GfRTxbb.exe
  2⤵
  PID:9240
- C:\Windows\System\ZsSZBQo.exe
  C:\Windows\System\ZsSZBQo.exe
  2⤵
  PID:9256
- C:\Windows\System\bNzurrZ.exe
  C:\Windows\System\bNzurrZ.exe
  2⤵
  PID:9272
- C:\Windows\System\MafNUhN.exe
  C:\Windows\System\MafNUhN.exe
  2⤵
  PID:9288
- C:\Windows\System\NNZObDm.exe
  C:\Windows\System\NNZObDm.exe
  2⤵
  PID:9328
- C:\Windows\System\kiXshjq.exe
  C:\Windows\System\kiXshjq.exe
  2⤵
  PID:9344
- C:\Windows\System\fFSsqpK.exe
  C:\Windows\System\fFSsqpK.exe
  2⤵
  PID:9364
- C:\Windows\System\KogvFOv.exe
  C:\Windows\System\KogvFOv.exe
  2⤵
  PID:9380
- C:\Windows\System\xmRRgdP.exe
  C:\Windows\System\xmRRgdP.exe
  2⤵
  PID:9408
- C:\Windows\System\qwKFppF.exe
  C:\Windows\System\qwKFppF.exe
  2⤵
  PID:9428
- C:\Windows\System\VQuxDJN.exe
  C:\Windows\System\VQuxDJN.exe
  2⤵
  PID:9448
- C:\Windows\System\XzMYKLp.exe
  C:\Windows\System\XzMYKLp.exe
  2⤵
  PID:9468
- C:\Windows\System\WvMUJHn.exe
  C:\Windows\System\WvMUJHn.exe
  2⤵
  PID:9488
- C:\Windows\System\LSFMAyC.exe
  C:\Windows\System\LSFMAyC.exe
  2⤵
  PID:9508
- C:\Windows\System\ipuMqCW.exe
  C:\Windows\System\ipuMqCW.exe
  2⤵
  PID:9528
- C:\Windows\System\FCsQtPh.exe
  C:\Windows\System\FCsQtPh.exe
  2⤵
  PID:9548
- C:\Windows\System\vNDPhdd.exe
  C:\Windows\System\vNDPhdd.exe
  2⤵
  PID:9572
- C:\Windows\System\oZrDSOg.exe
  C:\Windows\System\oZrDSOg.exe
  2⤵
  PID:9588
- C:\Windows\System\AvwOcWd.exe
  C:\Windows\System\AvwOcWd.exe
  2⤵
  PID:9608
- C:\Windows\System\CZxryHm.exe
  C:\Windows\System\CZxryHm.exe
  2⤵
  PID:9628
- C:\Windows\System\AGgbHYt.exe
  C:\Windows\System\AGgbHYt.exe
  2⤵
  PID:9648
- C:\Windows\System\RMCswpg.exe
  C:\Windows\System\RMCswpg.exe
  2⤵
  PID:9668
- C:\Windows\System\SRqvQbb.exe
  C:\Windows\System\SRqvQbb.exe
  2⤵
  PID:9684
- C:\Windows\System\XFSntId.exe
  C:\Windows\System\XFSntId.exe
  2⤵
  PID:9708
- C:\Windows\System\eTUXTsl.exe
  C:\Windows\System\eTUXTsl.exe
  2⤵
  PID:9728
- C:\Windows\System\TOsPCVq.exe
  C:\Windows\System\TOsPCVq.exe
  2⤵
  PID:9748
- C:\Windows\System\rmfxLIA.exe
  C:\Windows\System\rmfxLIA.exe
  2⤵
  PID:9768
- C:\Windows\System\UzujaKn.exe
  C:\Windows\System\UzujaKn.exe
  2⤵
  PID:9788
- C:\Windows\System\xmWyVqY.exe
  C:\Windows\System\xmWyVqY.exe
  2⤵
  PID:9804
- C:\Windows\System\ycNlAmr.exe
  C:\Windows\System\ycNlAmr.exe
  2⤵
  PID:9828
- C:\Windows\System\TgWgfKN.exe
  C:\Windows\System\TgWgfKN.exe
  2⤵
  PID:9848
- C:\Windows\System\KsuHaKL.exe
  C:\Windows\System\KsuHaKL.exe
  2⤵
  PID:9868
- C:\Windows\System\VXwfzgg.exe
  C:\Windows\System\VXwfzgg.exe
  2⤵
  PID:9884
- C:\Windows\System\doPvTmS.exe
  C:\Windows\System\doPvTmS.exe
  2⤵
  PID:9900
- C:\Windows\System\eHAUaBp.exe
  C:\Windows\System\eHAUaBp.exe
  2⤵
  PID:9916
- C:\Windows\System\ykUTsZY.exe
  C:\Windows\System\ykUTsZY.exe
  2⤵
  PID:9936
- C:\Windows\System\QQYQGOB.exe
  C:\Windows\System\QQYQGOB.exe
  2⤵
  PID:9972
- C:\Windows\System\cQkwyHu.exe
  C:\Windows\System\cQkwyHu.exe
  2⤵
  PID:9988
- C:\Windows\System\YqxpfrK.exe
  C:\Windows\System\YqxpfrK.exe
  2⤵
  PID:10004
- C:\Windows\System\mwnGEfR.exe
  C:\Windows\System\mwnGEfR.exe
  2⤵
  PID:10020
- C:\Windows\System\QptYBBZ.exe
  C:\Windows\System\QptYBBZ.exe
  2⤵
  PID:10036
- C:\Windows\System\CODOTPN.exe
  C:\Windows\System\CODOTPN.exe
  2⤵
  PID:10052
- C:\Windows\System\AyqadLX.exe
  C:\Windows\System\AyqadLX.exe
  2⤵
  PID:10072
- C:\Windows\System\buIvipQ.exe
  C:\Windows\System\buIvipQ.exe
  2⤵
  PID:10088
- C:\Windows\System\zHzhmSD.exe
  C:\Windows\System\zHzhmSD.exe
  2⤵
  PID:10104
- C:\Windows\System\yJDGjvK.exe
  C:\Windows\System\yJDGjvK.exe
  2⤵
  PID:10124
- C:\Windows\System\ZltCSAI.exe
  C:\Windows\System\ZltCSAI.exe
  2⤵
  PID:10140
- C:\Windows\System\fafaMQr.exe
  C:\Windows\System\fafaMQr.exe
  2⤵
  PID:10164
- C:\Windows\System\qmHOZbi.exe
  C:\Windows\System\qmHOZbi.exe
  2⤵
  PID:10192
- C:\Windows\System\VrzCWbZ.exe
  C:\Windows\System\VrzCWbZ.exe
  2⤵
  PID:10232
- C:\Windows\System\FefNjua.exe
  C:\Windows\System\FefNjua.exe
  2⤵
  PID:9228
- C:\Windows\System\DOQVPtG.exe
  C:\Windows\System\DOQVPtG.exe
  2⤵
  PID:9280
- C:\Windows\System\xmDAFuw.exe
  C:\Windows\System\xmDAFuw.exe
  2⤵
  PID:9304
- C:\Windows\System\HHxpkKc.exe
  C:\Windows\System\HHxpkKc.exe
  2⤵
  PID:9316
- C:\Windows\System\aOySFYj.exe
  C:\Windows\System\aOySFYj.exe
  2⤵
  PID:9356
- C:\Windows\System\SqqvnPh.exe
  C:\Windows\System\SqqvnPh.exe
  2⤵
  PID:9376
- C:\Windows\System\RNFFGHT.exe
  C:\Windows\System\RNFFGHT.exe
  2⤵
  PID:9420
- C:\Windows\System\RsliTMx.exe
  C:\Windows\System\RsliTMx.exe
  2⤵
  PID:9444
- C:\Windows\System\CKPMzBC.exe
  C:\Windows\System\CKPMzBC.exe
  2⤵
  PID:9480
- C:\Windows\System\eFCGEfW.exe
  C:\Windows\System\eFCGEfW.exe
  2⤵
  PID:9516
- C:\Windows\System\CDytfaZ.exe
  C:\Windows\System\CDytfaZ.exe
  2⤵
  PID:9556
- C:\Windows\System\MHqrDoB.exe
  C:\Windows\System\MHqrDoB.exe
  2⤵
  PID:9560
- C:\Windows\System\qKzqnuk.exe
  C:\Windows\System\qKzqnuk.exe
  2⤵
  PID:9604
- C:\Windows\System\yoftBkY.exe
  C:\Windows\System\yoftBkY.exe
  2⤵
  PID:9624
- C:\Windows\System\APdOlhx.exe
  C:\Windows\System\APdOlhx.exe
  2⤵
  PID:9660
- C:\Windows\System\jsmWqsd.exe
  C:\Windows\System\jsmWqsd.exe
  2⤵
  PID:9680
- C:\Windows\System\ptVLCgZ.exe
  C:\Windows\System\ptVLCgZ.exe
  2⤵
  PID:9700
- C:\Windows\System\LVVKHmy.exe
  C:\Windows\System\LVVKHmy.exe
  2⤵
  PID:9724
- C:\Windows\System\vsCGWIN.exe
  C:\Windows\System\vsCGWIN.exe
  2⤵
  PID:9776
- C:\Windows\System\xPvtKEm.exe
  C:\Windows\System\xPvtKEm.exe
  2⤵
  PID:9796
- C:\Windows\System\wQDXZto.exe
  C:\Windows\System\wQDXZto.exe
  2⤵
  PID:9912
- C:\Windows\System\kRbmatk.exe
  C:\Windows\System\kRbmatk.exe
  2⤵
  PID:9960
- C:\Windows\System\KICXpBm.exe
  C:\Windows\System\KICXpBm.exe
  2⤵
  PID:9964
- C:\Windows\System\EUmWCih.exe
  C:\Windows\System\EUmWCih.exe
  2⤵
  PID:10000
- C:\Windows\System\YiPRsja.exe
  C:\Windows\System\YiPRsja.exe
  2⤵
  PID:10064
- C:\Windows\System\QsZrxiL.exe
  C:\Windows\System\QsZrxiL.exe
  2⤵
  PID:10132
- C:\Windows\System\fXkeFOd.exe
  C:\Windows\System\fXkeFOd.exe
  2⤵
  PID:10176
- C:\Windows\System\OgmHINN.exe
  C:\Windows\System\OgmHINN.exe
  2⤵
  PID:10112
- C:\Windows\System\MfAJMsj.exe
  C:\Windows\System\MfAJMsj.exe
  2⤵
  PID:10116
- C:\Windows\System\uEtVHDn.exe
  C:\Windows\System\uEtVHDn.exe
  2⤵
  PID:10156
- C:\Windows\System\lWPJjIa.exe
  C:\Windows\System\lWPJjIa.exe
  2⤵
  PID:9264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DRRDWhG.exe

Filesize
6.0MB

MD5
1a9d9bc8e8cc9fc2524f3fe99dceba84

SHA1
6a96a7773bab884ebae8241f4520f4afeac9ffa4

SHA256
6d20e7db90295532db511f0135d6dfc07e1ec4a2256dc9a0824392863c4e2b9b

SHA512
a1cf6e76f4cd6cade92e9836c254aa92a9a512cf0479613757b3152a5d01c68abbc271be54f0b4557d6e3f649c0701097f64f121c759d3cc54837f7cfc65f1aa

Download Submit
C:\Windows\system\IIEyVsU.exe

Filesize
8B

MD5
5f2a961acf27f98734426395ca459b13

SHA1
f4361fda9d6f0d257eb8b16f437b07fbcb5e70c7

SHA256
c0db544382d067ad8a84933742200215bd469f54e265de50d613eb85cae73416

SHA512
4b21f11bb3269f293a187974763ea724dd38ecc4a235b8e070aeff271fc11b158c960ca3d3ad113eee01310ae3b8779e47211cb90d49f14faf1f751afa218701

Download Submit
C:\Windows\system\JVTmBDl.exe

Filesize
6.0MB

MD5
49cec030e23b289dc875b78776a45c10

SHA1
5ca64d965adb7d7d8ca141dfc9b900d30a0ca67c

SHA256
4deb2d1753a0f9e7f9b56c1a04873798c87be1ea830175a1d8fcffab11762254

SHA512
869184991552cd8926eb14193fe0db8966d2642971b3c6842cf314816487c9461f9f05f0f08bd70dd9e8ebdbc8ca5f2fe9c23d0940face92c0777e7a858d0510

Download Submit
C:\Windows\system\NCHjORL.exe

Filesize
6.0MB

MD5
3494159a3497cbae0179ed1013afd7f9

SHA1
03f10aa0ba0f812e646a7fcf1654c0417dfbe1ac

SHA256
5ab9d85421b79059dab8ebbc3164fb87a50ada7052ba2d25c74df27b1f421dcc

SHA512
7c4aa1215ed41fb30810d1ec5f64fef76b9083fa4031fa8f511e3410899cb6a72d4aebd622e9fd0ffd9e4cf7eb5e06c79ad5473526fbebe7ebde2e7a60d2cc0e

Download Submit
C:\Windows\system\OINnPJZ.exe

Filesize
6.0MB

MD5
d10bad395050a7c79d7ab66bf9ac259c

SHA1
fa2d08188ec854782fa5118bca1d906618cd0387

SHA256
c0a7b53e5204354e64b3932368712ecdb5016070b40e4fc2348991275dd29dcf

SHA512
8035009dbbf47c9196450496f5db1ed51aa86c75c8c54cb6ba4a3b6161fc4ec86d4cc3cdba239ea83854adcbddf14caa627c31fb7dc14cb2225b71feac34a50e

Download Submit
C:\Windows\system\SpSnLic.exe

Filesize
6.0MB

MD5
41644053398d3b804ba7e447e9083784

SHA1
c2157d25f78eac020ac2975ecaa0cc73a45ceb87

SHA256
6ad4ef87e4d01f978d2e7efdd6d95448ef4a8ce17f8523e294929e98aeb62eb1

SHA512
6c61055745e0db4ed285d36a8817602e6ca8f03dc29c7a0be9fae3b64156d0ba52a06b0a578575d5b39198f815cc469aaf3cc16efbba2e045a4c2a3368019879

Download Submit
C:\Windows\system\SpynHvq.exe

Filesize
6.0MB

MD5
a7cc4b3fd7796469cdf42dc9c1c9f951

SHA1
76c07ab5259713f7e6f7ca0ed341b1ceeba72946

SHA256
39f3badd16bbac42eb5811d21f175e7d762d011ef11489947698710eae2c4e21

SHA512
d447c9f0034ab4da2c397083b02c5b9449520c7ef5a8a739c00fa46893388aec89defc2b3c872ec970d4c6a085ef9765d9d916ad6a8e292fb96b99c8a7820d4e

Download Submit
C:\Windows\system\Tiqzjgn.exe

Filesize
6.0MB

MD5
17a6b6a41743d909399726ea6a2ad165

SHA1
5110c7c4885764c120abe5d86464c90c6b945a61

SHA256
cff870ceef4a03776689a108b054be28f77a928af4622a9b643bac0ef1aff641

SHA512
c778ceb5fdb4e2aee72a88d064b9f6e9f04214dc4fc251cac94a4a1f3866ca9ce87110e3cb343642846c433a3dd10cb3307edf838347ecd56956be4ecc7324fb

Download Submit
C:\Windows\system\VliAYMH.exe

Filesize
6.0MB

MD5
4dfd6dfe895ab0a98f60f5b70224cb50

SHA1
52164bada532a9cc34eb7cc6c740c34ac674f2ce

SHA256
782ed782a3efa858261e1692b3cb1afea1c12a4458986f8c1b88df387f69d7e3

SHA512
8d2f70e73a7afb315754040f1fa21803e2f3910ebb983f2e8063a1e656af4038f90d5c27ea645512afb81cb22a6b9106d8b6d68c836b9e9c79c95c55bf699be7

Download Submit
C:\Windows\system\XiSlYVP.exe

Filesize
6.0MB

MD5
09605a9ddcfe17d7026dd6e8522453cd

SHA1
c907bbedf011af2d07958923455442d7ac3e5217

SHA256
34885f265ed6c29f85f45feb7a973512da1676bcfe21a709631bc9bc302e9ee4

SHA512
ac223127b15fceffb5a5113e9b10668a6d80b7aa0dc7a08526173608c2deffe21a6459081e85f871972904a70776d19187feeb006f81fe857e2502f48a8b2ba4

Download Submit
C:\Windows\system\XoNRNWW.exe

Filesize
6.0MB

MD5
a1cc4093a14842cab18a4f7f2fde31c5

SHA1
4a86c8ba4072769e8605773111c4841cb8c0be19

SHA256
a5925ed373a9a7cd32c188060c6b142a8d439ca89d71680b06b58a97d1628d58

SHA512
9854bbc87872e3589cd4058f43865a167d7ad6057a8f624516a1248d6fd2622c967c270f83569184a7797e0ae013ec8cb2394696eb130284bed6100c81129c57

Download Submit
C:\Windows\system\XuUEEIe.exe

Filesize
6.0MB

MD5
9129b55455ed8ed3379f8990453b1fdf

SHA1
392a7a647c61e42b8df97f76c9019c0d8dd04246

SHA256
912306bf6d26b653ed7045630553caf31b60ff036923cf1f97442ed65a70aaa0

SHA512
e1f291ed60ca880ad9eccf7cef573201b907fab32a7dfa4a9fd3c6b0304fcc68601ddb266401dadb72248529230cc674192e69088a69bc7da4ae59ce8f42362f

Download Submit
C:\Windows\system\bgcuyvW.exe

Filesize
6.0MB

MD5
0b9d3fd902d4339f53d9158e93123f35

SHA1
70cde66a093eefb8f5fea9dbe0e4f60df55c6926

SHA256
280c75cac6ed7625f3d89683529350c371ab135de74534d26f2624f4d291af86

SHA512
e246e029cd54f7d32774f8df7fbd57cf8cd9fbabc5f0ba6e692482faf46aa54c8270d0efbfd46433bf95c03427728bc4cc24c484ef7e6a79e3fae09ac87cc89a

Download Submit
C:\Windows\system\ddguwyi.exe

Filesize
6.0MB

MD5
50410806ffb2b2c0610f8e3b610052e8

SHA1
d9fd1d4c06f702bde4a4b4fd26eea44d3437de10

SHA256
7b7046f64ff00469e54bbdb037d38b58f3be2217849bb8f4ef082c7c1aacbee7

SHA512
84809b2b98e5efcffbab0d92aec6934e7ad9192f35be5c24baae4b54752e44c1a6f6638b5b33ba2bca83aaa94bf2b2b96403b9c8b3c89b472f4470afd4938d63

Download Submit
C:\Windows\system\isvQJOJ.exe

Filesize
6.0MB

MD5
1a44aaa2a102f8469d29aabdc2e94055

SHA1
78e97941a026bf2ec8512f9f3d5a985df132e1a5

SHA256
75828d6bb3a8f1a9f27268f35f9fcc19e2aaf5632ef1c555dd4ca07850a7bfe6

SHA512
2befc1dfb820ece33c5f975320e659f6591a177f56c7f07b2ab0c23df6259b4f55eab1828d9414bd3fa32259e06e4f18d202268f2f06a8c31f3bfc8903f40ed7

Download Submit
C:\Windows\system\jrLSGOq.exe

Filesize
6.0MB

MD5
f4626facff18fb7948dcfc0332e3bbfd

SHA1
276e4bac67e6d49d1baf6d56107af25e9b7ad338

SHA256
e8d87286ad95d9cd3c860a04103a2f756a40f55c55c3244ec05732e434c6bd88

SHA512
515b7193e4a8844bb6a78981cbf25283faba535ecf8bd1de952b33fa19e2a4a5afa996c203b80024bf74ebf87436a0ad466856893f6e3286a12db1c474df05f1

Download Submit
C:\Windows\system\qNsTovR.exe

Filesize
6.0MB

MD5
e5de3d672d93702bc8e5531bc9487d02

SHA1
de443b93172db5cef5653a0c01d5d9401235f3a2

SHA256
140144f0a338ba0675b12f4e79f29af6b041f4014de61507ef8e26a50ff43a5d

SHA512
c5e80af49ffc862df6cf43ab23c3a6417b5eb976a6c88d9aa04da21d2b2c045378bacb472b866384258359d7b03becb3b40281daa718384f52e7c4786bb5061d

Download Submit
C:\Windows\system\sREBEBp.exe

Filesize
6.0MB

MD5
24e05ca7dcde39d5b9f01edc9f77a822

SHA1
2175ff3890699501020500e9901cb78b1b680f3a

SHA256
c10a3fe195ba21a68805060dc56933f84a3716ca35af0caf7ae13f064116aeb4

SHA512
417bbfea1f99e49d2a9473bf816694333036fb8086b15c912fdd28d3d89b8ea92787812811f9dcd5c2217ec807c6b607a6579eb9574f9594cb426b5ff2ec5349

Download Submit
C:\Windows\system\tArppha.exe

Filesize
6.0MB

MD5
db3acbf78dba7f93be126e75b74e24ed

SHA1
31e3875df5d52e3b516465044a2754a5e6f728be

SHA256
96dd883bd728a169926e3996ffeaa605b8671902ec5129ef471488308a63b17b

SHA512
20301e562050707065a33e628774ac85cb649e8117b30d381c6c9cb1f9dd8a6cf64c404c6712ccda35f48278f496bee8082829f4932c93b06c208c6ffe3b6dee

Download Submit
C:\Windows\system\uwEUuQH.exe

Filesize
6.0MB

MD5
d4627cf779aeb10324d1a9827d942e97

SHA1
6cea194f37d5dfd5881587729ca8a9fedb474836

SHA256
bbcf0d3a94b5b27cd8f32cacaf956f0ffc31ee1a62b91d70196fa3d6b34557b3

SHA512
701d16f16f0985aca9bd7fbe36aa20b6b10c83c799b0998565b186449783d2511022637238783e106a02478d6aea65a30fbd94e61c559803e50d684b08cc3427

Download Submit
C:\Windows\system\vGTseqa.exe

Filesize
6.0MB

MD5
a28c84439ec287e1eee105edbcbdd85c

SHA1
fc9a38f52055b23be68e1d7b9a8787cf89482106

SHA256
16c0f4d35b4c540ed979c6c95a12197728a04d0100cd7d625a2d41d886734f59

SHA512
f720b9c674eca3da0c52313f296306fd693bda2f8bdeeed9f443cf0160df87ec3d090a075f9ca2f743c93d8c54e223e103a62e6f612b49a7142a2868fabdb345

Download Submit
C:\Windows\system\xmmnLfk.exe

Filesize
6.0MB

MD5
9d8d0f87f7149cc039edf7d2cecc78a7

SHA1
8aebf1e8e0d067b07436528939121823f3580906

SHA256
058d06a12b3d365f859c97c13f4596318cf070a517013e36d90158ce7b199acc

SHA512
634dec3a63ffc6979a4147b0267854390750b6345cd366724d5f094598fc3c4ac4b531fa2fc9caeb357e84b4d48d4f04709b744bec035c956984f441550a1624

Download Submit
C:\Windows\system\xvUxXeq.exe

Filesize
6.0MB

MD5
ea302622513d6a4584bb6c000b9793b9

SHA1
80cc2fa1c50563eb78650684b62c3218b312975f

SHA256
729700b45fce2becc42aff0cb490350d64e03fa8207ccc36308084a27f072bc3

SHA512
f3db2078367051e3a711a481f0955da1d212139c5661dda2584504e99fb389c621ad6d42574d8d8d9ef7e160c82d88189e3d939c7d59f7fd0515ce053f5ac9ab

Download Submit
C:\Windows\system\yYdICBJ.exe

Filesize
6.0MB

MD5
16a42e01737653dfe5fc73c33834d265

SHA1
6e49eba5873a046ef082b8170931c99be9da3636

SHA256
25838cffa7bb403dff4ccb43e088cca815679c20c51cd2293ae93a0ec47c8cbd

SHA512
88158180462c2e3d303bde9427fe2d302bd44fb27f32ff0300ec72896cc00a0c382fd6832d73d56b4fbc8079d1fa58073239aeb5fa65fd88fd02021c67f1cea1

Download Submit
\Windows\system\BFmrYVf.exe

Filesize
6.0MB

MD5
89eeff02fda8602a8370f8cff4bc9e48

SHA1
388121fc9c7656d5a1355e91e649a7e63e54764b

SHA256
a31c268aa2786593a985e451a923b93eec7faf9a313d7726098518e5d15acf72

SHA512
7dd6d149566b1e207825455d207cd88d0f62055acb23076305d4a68c32007b9028efd392c5830160b38a61e07cd4a04db3834c5d79f0c4e99555c5021ab51495

Download Submit
\Windows\system\JdeuYJx.exe

Filesize
6.0MB

MD5
894ab8e9c964d724b35764eef7f8bcb2

SHA1
f2e3ba66f02add92bc85782ac896a4351e5ac5de

SHA256
8ac98b3f0897308ec7b01da1aeedd76b5c368fb9174a1dae74352e335ddbc64c

SHA512
255163e0e898f60e71d21a57713f154825af7cdf83e38307faf69bf1b6db9d8126af51fb8d14a8a66a6cd45ab516f4c7f07c43e4ac401774bb7579737191dae9

Download Submit
\Windows\system\RzerWgo.exe

Filesize
6.0MB

MD5
addeef287155e3bce460ce5798bf6ece

SHA1
1bab4535681a139e2edbe7725a4e74260c69943c

SHA256
fbb45dee5725b438b9a58a3bf2c517f1eadb4f576e4fdc0c5d838eea1516c0ef

SHA512
b8ef6fdaafbf7d17f6152655677630d5b54613107e5d5c88e984b5cd5279bd35dbdf196310691fe81d932d02c7f963a5727b7ac86266e561e24d889c0ca6ba68

Download Submit
\Windows\system\UsUiUqq.exe

Filesize
6.0MB

MD5
a178f087e4c4dadcd67f21dddb65667a

SHA1
23fb6ad4930538db627cfc5a309bcf39abb9e2b3

SHA256
db1e7f132ae84966b5d4c0f7470d1c66d5a294d667557799d7aa48cdd2e508fb

SHA512
9d2626c95b97ddcff737ebf7135cee492becd6545c3843d04b64f766729033eb059be587dbd6bf4ce9020fc903b8eea1d3e8ca5be321d066f3258cba85f711cc

Download Submit
\Windows\system\dRuFsjp.exe

Filesize
6.0MB

MD5
88a6c22b31d6f304c85c157e9a7789b2

SHA1
11def9ad5f1e4e80a5ac27510a6a38eef7bfd48b

SHA256
296c59c2b82a640ed9f24bfbffeb27c48ba66660f5a3b85b9e79f789eb7443a3

SHA512
edcf8b136a061b50c75f88584f20e8c9e80996ed1f8c9425bbe5affb565d18abe88a14ccd158f0d7a3c310e0bf251cd1d9589036492a1da1710f5e8c4abb66ce

Download Submit
\Windows\system\euCKaYc.exe

Filesize
6.0MB

MD5
fe9f6a42c96fbae9edafd085b907ddff

SHA1
20ea787ecd2b13af525ca86e27a96d74a90322f1

SHA256
1a02a1cb3164b38f880f94d272eb04dd651ae4c8ef9a348e573134a8022d31ca

SHA512
2030ba9dd84b9004adf30e456a296bdc817c2ccfbbe50a4ef4a8c0954af6feaa541e8ca9c3b2f8fb76fd43d6541544038a84958a2b10363f07f71c4b5f73438b

Download Submit
\Windows\system\iABCEzb.exe

Filesize
6.0MB

MD5
2ce8614ca9fbeaf9f5e21bd2f69412d7

SHA1
a8706a21b92e8b57c61bdcb909b2bd0c2332399b

SHA256
49b20a276e31ae62e871f65dbb4b77c74c753d934592d78af540edc42a5e301f

SHA512
9f51b96492f42e94501b31e414f67d7d67eadea8cd7197e3272e981154d3a0660b18478804011ae406d343f83deb0278d486e06b06435e1d69913299ef7edf8c

Download Submit
\Windows\system\nLdjLdn.exe

Filesize
6.0MB

MD5
a0c1e4d9f944c3eb0980b94914503b0e

SHA1
8befabe5d8d29055d7ecab767bb1be4299d77666

SHA256
f4f1dfe7fd131d02c89cbf9446c0bc9391e34baab337f8bef34a07fa98988139

SHA512
9af3381f0677c907369c776d83eb9acace43755ca8f5bfbea37cdeb5118d0d31208b42d869802b46a9fdca848e4f0ef0fb3294227e0cfac536f0070f87da4715

Download Submit
\Windows\system\qdfvhQA.exe

Filesize
6.0MB

MD5
153a57e45ba8b2c567d80b07363e3f99

SHA1
aa9098c69eaf079ac1904a931f83bc73058cf4ef

SHA256
2059fd12e315aa028a03b6bb702019d850c833c491fa2b935013f9f230d13f8a

SHA512
3c2881a407400b078da2083ac1a575b66e539d5314791d5e5f94f5af712453c0a2998eca593b6b119158ce68a671dff20f4c34dd4fbc2e12edc50465ed630805

Download Submit
memory/2348-67-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2348-22-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2348-3164-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2524-63-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2524-244-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2524-3211-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2648-3126-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2648-9-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2680-3209-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2680-50-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2680-73-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2688-61-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2688-24-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-895-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-980-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-0-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-121-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2688-47-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-19-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-44-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-667-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2688-42-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2688-13-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-150-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2688-148-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-146-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2688-8-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-140-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-32-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-114-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2716-58-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-15-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-3157-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3196-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-45-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-125-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3783-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2852-143-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2852-3839-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2868-129-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-3781-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-39-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2884-3175-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2884-68-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2992-69-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2992-3216-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2992-48-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/3016-55-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/3016-3200-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/3016-100-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download