cobaltstrike | 2128968d1e5066f6beae8c192be933cff2e1bd3ba0ef169340587c2f8e18f53a

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 06:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

c0870b04e367443970c41abb5c9d3e3b
SHA1

2bfd55edc492de8e7ff5debabd91db13024e391e
SHA256

2128968d1e5066f6beae8c192be933cff2e1bd3ba0ef169340587c2f8e18f53a
SHA512

f8926b3e669a7ef6044a8bd5829be2246ba7cb3123f9863ff4e0b2711d474f246f41f44266ce004126f74118402837570856eda93c02e9d87eb360277e780e56
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUd:T+q56utgpPF8u/7d

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015cc9-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015cd1-18.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ce5-23.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d3f-130.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d24-164.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015b6e-187.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001739a-184.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9f-178.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d47-175.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016e74-172.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d13-161.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cfe-152.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ca2-149.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c4e-139.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016a47-138.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d0b-117.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d36-115.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001739c-192.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cd3-96.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016f9c-181.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dc8-168.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dad-156.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d50-143.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d2a-53.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d2e-124.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d1b-122.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c58-91.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c3d-79.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000167dc-61.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d0e-47.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d04-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015cf2-32.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2420-0-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x0008000000015cc9-9.dat	xmrig
behavioral1/memory/3036-8-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/1728-14-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/files/0x0008000000015cd1-18.dat	xmrig
behavioral1/memory/2108-22-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/files/0x0007000000015ce5-23.dat	xmrig
behavioral1/memory/2344-35-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2420-36-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d3f-130.dat	xmrig
behavioral1/files/0x0006000000016d24-164.dat	xmrig
behavioral1/files/0x0009000000015b6e-187.dat	xmrig
behavioral1/memory/2420-1217-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2764-593-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/files/0x000600000001739a-184.dat	xmrig
behavioral1/files/0x0006000000016d9f-178.dat	xmrig
behavioral1/files/0x0006000000016d47-175.dat	xmrig
behavioral1/files/0x0006000000016e74-172.dat	xmrig
behavioral1/files/0x0006000000016d13-161.dat	xmrig
behavioral1/files/0x0006000000016cfe-152.dat	xmrig
behavioral1/files/0x0006000000016ca2-149.dat	xmrig
behavioral1/files/0x0006000000016c4e-139.dat	xmrig
behavioral1/files/0x0006000000016a47-138.dat	xmrig
behavioral1/files/0x0006000000016d0b-117.dat	xmrig
behavioral1/files/0x0006000000016d36-115.dat	xmrig
behavioral1/memory/2896-111-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/files/0x000600000001739c-192.dat	xmrig
behavioral1/files/0x0006000000016cd3-96.dat	xmrig
behavioral1/files/0x0006000000016f9c-181.dat	xmrig
behavioral1/memory/2420-85-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2088-74-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/files/0x0006000000016dc8-168.dat	xmrig
behavioral1/files/0x0006000000016dad-156.dat	xmrig
behavioral1/memory/2872-68-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d50-143.dat	xmrig
behavioral1/memory/2632-134-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/files/0x0009000000015d2a-53.dat	xmrig
behavioral1/files/0x0006000000016d2e-124.dat	xmrig
behavioral1/files/0x0006000000016d1b-122.dat	xmrig
behavioral1/files/0x0006000000016c58-91.dat	xmrig
behavioral1/memory/2420-90-0x0000000002250000-0x00000000025A4000-memory.dmp	xmrig
behavioral1/memory/2780-89-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c3d-79.dat	xmrig
behavioral1/memory/2420-64-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2740-63-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x00080000000167dc-61.dat	xmrig
behavioral1/memory/2868-52-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2764-41-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/1728-50-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/files/0x0007000000015d0e-47.dat	xmrig
behavioral1/files/0x0007000000015d04-39.dat	xmrig
behavioral1/files/0x0007000000015cf2-32.dat	xmrig
behavioral1/memory/2088-28-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/3036-4011-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2108-4012-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2344-4014-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/1728-4013-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2868-4015-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2088-4016-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2740-4020-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2896-4021-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2632-4019-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2872-4018-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3036	DnBOgxP.exe
1728	XBOMtHe.exe
2108	JvQWHDt.exe
2088	VzroObl.exe
2344	qdKurug.exe
2764	vbdqSxt.exe
2868	jpAbblI.exe
2740	eDpYlbI.exe
2872	qazrpVt.exe
2780	ypgtchL.exe
2632	DSWFlzO.exe
2896	jPBKNQs.exe
852	rTLWGxk.exe
1800	agIvPQa.exe
2372	HvdIZNF.exe
1820	iATjLzB.exe
2640	Kknqhcv.exe
2728	NrWdoCA.exe
556	eCIFnLH.exe
1744	ZCkEqCO.exe
1536	nDzwoUE.exe
2508	GVbhEji.exe
1760	QcZjLNM.exe
2360	KkQFyUr.exe
292	nxIggNK.exe
2524	vgjfXyy.exe
336	sdUnFOD.exe
2468	uqwSvce.exe
620	JOQCXYP.exe
1892	tMQVHSc.exe
1280	zfFOFGD.exe
764	kqjipXG.exe
1812	ZgYihcG.exe
836	ZduKUeJ.exe
1668	buhXIXm.exe
1344	iyjHZSs.exe
2016	imGtVSI.exe
2208	zrVtuET.exe
2532	PYgjYAk.exe
896	EsowQyJ.exe
308	xzGAdHU.exe
1688	TNDWqxX.exe
872	ICwsJlk.exe
2000	kyDSghf.exe
1608	UoBciSU.exe
3028	SPhyXhd.exe
2336	yCdOshz.exe
2952	wgpMWpR.exe
2192	mCBzLPw.exe
2844	rdmOgKn.exe
1776	eenMfiU.exe
2176	HfIyUqL.exe
2204	mBXiFgv.exe
2260	iFYDPIw.exe
744	AbKdpRy.exe
1012	WxwinQE.exe
2576	RkmtVwh.exe
2500	sdBeBra.exe
2164	sKIOLws.exe
1680	YmFeGTr.exe
1312	WmArFcz.exe
860	oTypdoH.exe
2912	zvZiFRe.exe
756	yJjhJAp.exe

Loads dropped DLL 64 IoCs

pid	Process
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2420-0-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x0008000000015cc9-9.dat	upx
behavioral1/memory/3036-8-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/1728-14-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/files/0x0008000000015cd1-18.dat	upx
behavioral1/memory/2108-22-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/files/0x0007000000015ce5-23.dat	upx
behavioral1/memory/2344-35-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2420-36-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/files/0x0006000000016d3f-130.dat	upx
behavioral1/files/0x0006000000016d24-164.dat	upx
behavioral1/files/0x0009000000015b6e-187.dat	upx
behavioral1/memory/2764-593-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/files/0x000600000001739a-184.dat	upx
behavioral1/files/0x0006000000016d9f-178.dat	upx
behavioral1/files/0x0006000000016d47-175.dat	upx
behavioral1/files/0x0006000000016e74-172.dat	upx
behavioral1/files/0x0006000000016d13-161.dat	upx
behavioral1/files/0x0006000000016cfe-152.dat	upx
behavioral1/files/0x0006000000016ca2-149.dat	upx
behavioral1/files/0x0006000000016c4e-139.dat	upx
behavioral1/files/0x0006000000016a47-138.dat	upx
behavioral1/files/0x0006000000016d0b-117.dat	upx
behavioral1/files/0x0006000000016d36-115.dat	upx
behavioral1/memory/2896-111-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/files/0x000600000001739c-192.dat	upx
behavioral1/files/0x0006000000016cd3-96.dat	upx
behavioral1/files/0x0006000000016f9c-181.dat	upx
behavioral1/memory/2088-74-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/files/0x0006000000016dc8-168.dat	upx
behavioral1/files/0x0006000000016dad-156.dat	upx
behavioral1/memory/2872-68-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/files/0x0006000000016d50-143.dat	upx
behavioral1/memory/2632-134-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/files/0x0009000000015d2a-53.dat	upx
behavioral1/files/0x0006000000016d2e-124.dat	upx
behavioral1/files/0x0006000000016d1b-122.dat	upx
behavioral1/files/0x0006000000016c58-91.dat	upx
behavioral1/memory/2780-89-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/files/0x0006000000016c3d-79.dat	upx
behavioral1/memory/2740-63-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x00080000000167dc-61.dat	upx
behavioral1/memory/2868-52-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2764-41-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/1728-50-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/files/0x0007000000015d0e-47.dat	upx
behavioral1/files/0x0007000000015d04-39.dat	upx
behavioral1/files/0x0007000000015cf2-32.dat	upx
behavioral1/memory/2088-28-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/3036-4011-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2108-4012-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2344-4014-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/1728-4013-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2868-4015-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2088-4016-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2740-4020-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2896-4021-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2632-4019-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2872-4018-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2780-4017-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2764-4022-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\wIzjvhH.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\URnejKv.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vzckyDK.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uKPpeMG.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wiXidNB.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PwtiEgP.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MxapqCz.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UIgUsbA.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hSUPzrc.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PYgjYAk.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eodSHlp.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yCJhXJs.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Nlvxfvk.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DoXcaPH.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sQiwAnG.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rZNyVqw.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hNCvohl.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kKNhyJf.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xsafNUs.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KYruCWt.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oMkiIqL.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qqvFgMd.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wLRuJhm.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qazrpVt.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ICwsJlk.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mBXiFgv.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wtqnNvK.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DliagDS.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qGBnSTR.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GahxgBG.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BEVWrcP.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AVNKEKE.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\djefcMf.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WevdfdR.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MrgBMUk.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LCbckzJ.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sKqnmzr.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LAoKdny.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\srIiuFQ.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZyaBRFD.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tQTEpXp.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ResbsSu.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QuaOSKs.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KddMdvj.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZwTQhQw.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJJNrWD.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rrkgjfg.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OoIkiuw.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gBwArlp.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xwtWGCN.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KNvZQhU.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GBSAjvy.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OUMPVfB.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eYsUuFW.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GAdXfYh.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RiIpdHA.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RdkctGY.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dvLjslv.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nUuwluB.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VMTacAI.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MDAAcKn.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pWYsxgD.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JcVFDmd.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QaCEvab.exe	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 3036	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2420 wrote to memory of 3036	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2420 wrote to memory of 3036	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2420 wrote to memory of 1728	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2420 wrote to memory of 1728	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2420 wrote to memory of 1728	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2420 wrote to memory of 2108	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2420 wrote to memory of 2108	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2420 wrote to memory of 2108	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2420 wrote to memory of 2088	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2420 wrote to memory of 2088	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2420 wrote to memory of 2088	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2420 wrote to memory of 2344	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2420 wrote to memory of 2344	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2420 wrote to memory of 2344	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2420 wrote to memory of 2764	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2420 wrote to memory of 2764	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2420 wrote to memory of 2764	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2420 wrote to memory of 2868	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2420 wrote to memory of 2868	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2420 wrote to memory of 2868	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2420 wrote to memory of 2740	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2420 wrote to memory of 2740	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2420 wrote to memory of 2740	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2420 wrote to memory of 2872	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2420 wrote to memory of 2872	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2420 wrote to memory of 2872	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2420 wrote to memory of 2640	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2420 wrote to memory of 2640	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2420 wrote to memory of 2640	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2420 wrote to memory of 2780	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2420 wrote to memory of 2780	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2420 wrote to memory of 2780	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2420 wrote to memory of 2728	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2420 wrote to memory of 2728	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2420 wrote to memory of 2728	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2420 wrote to memory of 2632	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2420 wrote to memory of 2632	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2420 wrote to memory of 2632	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2420 wrote to memory of 1744	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2420 wrote to memory of 1744	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2420 wrote to memory of 1744	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2420 wrote to memory of 2896	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2420 wrote to memory of 2896	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2420 wrote to memory of 2896	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2420 wrote to memory of 1536	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2420 wrote to memory of 1536	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2420 wrote to memory of 1536	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2420 wrote to memory of 852	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2420 wrote to memory of 852	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2420 wrote to memory of 852	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2420 wrote to memory of 1760	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2420 wrote to memory of 1760	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2420 wrote to memory of 1760	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2420 wrote to memory of 1800	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2420 wrote to memory of 1800	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2420 wrote to memory of 1800	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2420 wrote to memory of 2360	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2420 wrote to memory of 2360	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2420 wrote to memory of 2360	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2420 wrote to memory of 2372	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2420 wrote to memory of 2372	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2420 wrote to memory of 2372	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2420 wrote to memory of 2524	2420	2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_c0870b04e367443970c41abb5c9d3e3b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Windows\System\DnBOgxP.exe
  C:\Windows\System\DnBOgxP.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\XBOMtHe.exe
  C:\Windows\System\XBOMtHe.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\JvQWHDt.exe
  C:\Windows\System\JvQWHDt.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\VzroObl.exe
  C:\Windows\System\VzroObl.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\qdKurug.exe
  C:\Windows\System\qdKurug.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\vbdqSxt.exe
  C:\Windows\System\vbdqSxt.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\jpAbblI.exe
  C:\Windows\System\jpAbblI.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\eDpYlbI.exe
  C:\Windows\System\eDpYlbI.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\qazrpVt.exe
  C:\Windows\System\qazrpVt.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\Kknqhcv.exe
  C:\Windows\System\Kknqhcv.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\ypgtchL.exe
  C:\Windows\System\ypgtchL.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\NrWdoCA.exe
  C:\Windows\System\NrWdoCA.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\DSWFlzO.exe
  C:\Windows\System\DSWFlzO.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\ZCkEqCO.exe
  C:\Windows\System\ZCkEqCO.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\jPBKNQs.exe
  C:\Windows\System\jPBKNQs.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\nDzwoUE.exe
  C:\Windows\System\nDzwoUE.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\rTLWGxk.exe
  C:\Windows\System\rTLWGxk.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\QcZjLNM.exe
  C:\Windows\System\QcZjLNM.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\agIvPQa.exe
  C:\Windows\System\agIvPQa.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\KkQFyUr.exe
  C:\Windows\System\KkQFyUr.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\HvdIZNF.exe
  C:\Windows\System\HvdIZNF.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\vgjfXyy.exe
  C:\Windows\System\vgjfXyy.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\iATjLzB.exe
  C:\Windows\System\iATjLzB.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\sdUnFOD.exe
  C:\Windows\System\sdUnFOD.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\eCIFnLH.exe
  C:\Windows\System\eCIFnLH.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\uqwSvce.exe
  C:\Windows\System\uqwSvce.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\GVbhEji.exe
  C:\Windows\System\GVbhEji.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\tMQVHSc.exe
  C:\Windows\System\tMQVHSc.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\nxIggNK.exe
  C:\Windows\System\nxIggNK.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\kqjipXG.exe
  C:\Windows\System\kqjipXG.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\JOQCXYP.exe
  C:\Windows\System\JOQCXYP.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\ZgYihcG.exe
  C:\Windows\System\ZgYihcG.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\zfFOFGD.exe
  C:\Windows\System\zfFOFGD.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\ZduKUeJ.exe
  C:\Windows\System\ZduKUeJ.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\buhXIXm.exe
  C:\Windows\System\buhXIXm.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\TNDWqxX.exe
  C:\Windows\System\TNDWqxX.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\iyjHZSs.exe
  C:\Windows\System\iyjHZSs.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\WxwinQE.exe
  C:\Windows\System\WxwinQE.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\imGtVSI.exe
  C:\Windows\System\imGtVSI.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\RkmtVwh.exe
  C:\Windows\System\RkmtVwh.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\zrVtuET.exe
  C:\Windows\System\zrVtuET.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\sdBeBra.exe
  C:\Windows\System\sdBeBra.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\PYgjYAk.exe
  C:\Windows\System\PYgjYAk.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\sKIOLws.exe
  C:\Windows\System\sKIOLws.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\EsowQyJ.exe
  C:\Windows\System\EsowQyJ.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\YmFeGTr.exe
  C:\Windows\System\YmFeGTr.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\xzGAdHU.exe
  C:\Windows\System\xzGAdHU.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\WmArFcz.exe
  C:\Windows\System\WmArFcz.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\ICwsJlk.exe
  C:\Windows\System\ICwsJlk.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\oTypdoH.exe
  C:\Windows\System\oTypdoH.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\kyDSghf.exe
  C:\Windows\System\kyDSghf.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\zvZiFRe.exe
  C:\Windows\System\zvZiFRe.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\UoBciSU.exe
  C:\Windows\System\UoBciSU.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\yJjhJAp.exe
  C:\Windows\System\yJjhJAp.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\SPhyXhd.exe
  C:\Windows\System\SPhyXhd.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\utBdsas.exe
  C:\Windows\System\utBdsas.exe
  2⤵
  PID:2544
- C:\Windows\System\yCdOshz.exe
  C:\Windows\System\yCdOshz.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\ResbsSu.exe
  C:\Windows\System\ResbsSu.exe
  2⤵
  PID:2824
- C:\Windows\System\wgpMWpR.exe
  C:\Windows\System\wgpMWpR.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\CiiwqTv.exe
  C:\Windows\System\CiiwqTv.exe
  2⤵
  PID:2664
- C:\Windows\System\mCBzLPw.exe
  C:\Windows\System\mCBzLPw.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\cvlpbiG.exe
  C:\Windows\System\cvlpbiG.exe
  2⤵
  PID:2856
- C:\Windows\System\rdmOgKn.exe
  C:\Windows\System\rdmOgKn.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\FfsbQFc.exe
  C:\Windows\System\FfsbQFc.exe
  2⤵
  PID:2440
- C:\Windows\System\eenMfiU.exe
  C:\Windows\System\eenMfiU.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\FoMtGdj.exe
  C:\Windows\System\FoMtGdj.exe
  2⤵
  PID:2948
- C:\Windows\System\HfIyUqL.exe
  C:\Windows\System\HfIyUqL.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\MqxVDxh.exe
  C:\Windows\System\MqxVDxh.exe
  2⤵
  PID:1624
- C:\Windows\System\mBXiFgv.exe
  C:\Windows\System\mBXiFgv.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\SpSzMPL.exe
  C:\Windows\System\SpSzMPL.exe
  2⤵
  PID:1036
- C:\Windows\System\iFYDPIw.exe
  C:\Windows\System\iFYDPIw.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\vSirzBw.exe
  C:\Windows\System\vSirzBw.exe
  2⤵
  PID:672
- C:\Windows\System\AbKdpRy.exe
  C:\Windows\System\AbKdpRy.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\ImZNARh.exe
  C:\Windows\System\ImZNARh.exe
  2⤵
  PID:2056
- C:\Windows\System\QJMxqxY.exe
  C:\Windows\System\QJMxqxY.exe
  2⤵
  PID:1620
- C:\Windows\System\HycYdkh.exe
  C:\Windows\System\HycYdkh.exe
  2⤵
  PID:1844
- C:\Windows\System\qlaTvoL.exe
  C:\Windows\System\qlaTvoL.exe
  2⤵
  PID:1984
- C:\Windows\System\yBSXntg.exe
  C:\Windows\System\yBSXntg.exe
  2⤵
  PID:2444
- C:\Windows\System\gAEcjPv.exe
  C:\Windows\System\gAEcjPv.exe
  2⤵
  PID:1540
- C:\Windows\System\GvKJSNK.exe
  C:\Windows\System\GvKJSNK.exe
  2⤵
  PID:2492
- C:\Windows\System\VdgqLFL.exe
  C:\Windows\System\VdgqLFL.exe
  2⤵
  PID:1516
- C:\Windows\System\zTlPczC.exe
  C:\Windows\System\zTlPczC.exe
  2⤵
  PID:2252
- C:\Windows\System\wJIoyap.exe
  C:\Windows\System\wJIoyap.exe
  2⤵
  PID:1096
- C:\Windows\System\LtbCnPY.exe
  C:\Windows\System\LtbCnPY.exe
  2⤵
  PID:1756
- C:\Windows\System\XVvmWyv.exe
  C:\Windows\System\XVvmWyv.exe
  2⤵
  PID:3080
- C:\Windows\System\pBMCVDy.exe
  C:\Windows\System\pBMCVDy.exe
  2⤵
  PID:3100
- C:\Windows\System\psDPJeY.exe
  C:\Windows\System\psDPJeY.exe
  2⤵
  PID:3116
- C:\Windows\System\DTDRDhY.exe
  C:\Windows\System\DTDRDhY.exe
  2⤵
  PID:3140
- C:\Windows\System\EHzCpwP.exe
  C:\Windows\System\EHzCpwP.exe
  2⤵
  PID:3164
- C:\Windows\System\jANwrmd.exe
  C:\Windows\System\jANwrmd.exe
  2⤵
  PID:3180
- C:\Windows\System\PilATss.exe
  C:\Windows\System\PilATss.exe
  2⤵
  PID:3200
- C:\Windows\System\rrjanso.exe
  C:\Windows\System\rrjanso.exe
  2⤵
  PID:3216
- C:\Windows\System\LkpZWGL.exe
  C:\Windows\System\LkpZWGL.exe
  2⤵
  PID:3236
- C:\Windows\System\pBRVsXT.exe
  C:\Windows\System\pBRVsXT.exe
  2⤵
  PID:3252
- C:\Windows\System\QuaOSKs.exe
  C:\Windows\System\QuaOSKs.exe
  2⤵
  PID:3272
- C:\Windows\System\MvAoCbr.exe
  C:\Windows\System\MvAoCbr.exe
  2⤵
  PID:3288
- C:\Windows\System\OObCtlB.exe
  C:\Windows\System\OObCtlB.exe
  2⤵
  PID:3308
- C:\Windows\System\xhqqPmB.exe
  C:\Windows\System\xhqqPmB.exe
  2⤵
  PID:3324
- C:\Windows\System\XLnWXVO.exe
  C:\Windows\System\XLnWXVO.exe
  2⤵
  PID:3344
- C:\Windows\System\vERBAYF.exe
  C:\Windows\System\vERBAYF.exe
  2⤵
  PID:3360
- C:\Windows\System\pxvwbcf.exe
  C:\Windows\System\pxvwbcf.exe
  2⤵
  PID:3380
- C:\Windows\System\oeXpFTc.exe
  C:\Windows\System\oeXpFTc.exe
  2⤵
  PID:3404
- C:\Windows\System\MpfJsfL.exe
  C:\Windows\System\MpfJsfL.exe
  2⤵
  PID:3444
- C:\Windows\System\PTBgeUM.exe
  C:\Windows\System\PTBgeUM.exe
  2⤵
  PID:3464
- C:\Windows\System\jFOTxyb.exe
  C:\Windows\System\jFOTxyb.exe
  2⤵
  PID:3484
- C:\Windows\System\aWzfsrs.exe
  C:\Windows\System\aWzfsrs.exe
  2⤵
  PID:3504
- C:\Windows\System\ALscSri.exe
  C:\Windows\System\ALscSri.exe
  2⤵
  PID:3524
- C:\Windows\System\IfxlXRx.exe
  C:\Windows\System\IfxlXRx.exe
  2⤵
  PID:3544
- C:\Windows\System\UARNQFQ.exe
  C:\Windows\System\UARNQFQ.exe
  2⤵
  PID:3564
- C:\Windows\System\rLWeOVU.exe
  C:\Windows\System\rLWeOVU.exe
  2⤵
  PID:3584
- C:\Windows\System\mIWAQbE.exe
  C:\Windows\System\mIWAQbE.exe
  2⤵
  PID:3604
- C:\Windows\System\ktCVexF.exe
  C:\Windows\System\ktCVexF.exe
  2⤵
  PID:3624
- C:\Windows\System\OnRDPyc.exe
  C:\Windows\System\OnRDPyc.exe
  2⤵
  PID:3644
- C:\Windows\System\NHzwQMr.exe
  C:\Windows\System\NHzwQMr.exe
  2⤵
  PID:3664
- C:\Windows\System\SJoihMJ.exe
  C:\Windows\System\SJoihMJ.exe
  2⤵
  PID:3684
- C:\Windows\System\bvEVLyc.exe
  C:\Windows\System\bvEVLyc.exe
  2⤵
  PID:3704
- C:\Windows\System\LtLeWaG.exe
  C:\Windows\System\LtLeWaG.exe
  2⤵
  PID:3724
- C:\Windows\System\PJteJqq.exe
  C:\Windows\System\PJteJqq.exe
  2⤵
  PID:3744
- C:\Windows\System\TFYqxjk.exe
  C:\Windows\System\TFYqxjk.exe
  2⤵
  PID:3764
- C:\Windows\System\BfJKhqH.exe
  C:\Windows\System\BfJKhqH.exe
  2⤵
  PID:3784
- C:\Windows\System\OwrPtQb.exe
  C:\Windows\System\OwrPtQb.exe
  2⤵
  PID:3804
- C:\Windows\System\tfJmQIa.exe
  C:\Windows\System\tfJmQIa.exe
  2⤵
  PID:3824
- C:\Windows\System\YDbsVSQ.exe
  C:\Windows\System\YDbsVSQ.exe
  2⤵
  PID:3844
- C:\Windows\System\GrfKRRq.exe
  C:\Windows\System\GrfKRRq.exe
  2⤵
  PID:3864
- C:\Windows\System\DBtrTeU.exe
  C:\Windows\System\DBtrTeU.exe
  2⤵
  PID:3884
- C:\Windows\System\TEmUhZr.exe
  C:\Windows\System\TEmUhZr.exe
  2⤵
  PID:3904
- C:\Windows\System\zQsUxNd.exe
  C:\Windows\System\zQsUxNd.exe
  2⤵
  PID:3924
- C:\Windows\System\jcXWJYF.exe
  C:\Windows\System\jcXWJYF.exe
  2⤵
  PID:3944
- C:\Windows\System\xfSWUpj.exe
  C:\Windows\System\xfSWUpj.exe
  2⤵
  PID:3964
- C:\Windows\System\FpgcTuu.exe
  C:\Windows\System\FpgcTuu.exe
  2⤵
  PID:3984
- C:\Windows\System\ntSgxiR.exe
  C:\Windows\System\ntSgxiR.exe
  2⤵
  PID:4004
- C:\Windows\System\jNoCaFJ.exe
  C:\Windows\System\jNoCaFJ.exe
  2⤵
  PID:4020
- C:\Windows\System\PSrUjKS.exe
  C:\Windows\System\PSrUjKS.exe
  2⤵
  PID:4044
- C:\Windows\System\dOdMPWB.exe
  C:\Windows\System\dOdMPWB.exe
  2⤵
  PID:4064
- C:\Windows\System\apUshsj.exe
  C:\Windows\System\apUshsj.exe
  2⤵
  PID:4084
- C:\Windows\System\GKqYKXq.exe
  C:\Windows\System\GKqYKXq.exe
  2⤵
  PID:2480
- C:\Windows\System\KPePSTW.exe
  C:\Windows\System\KPePSTW.exe
  2⤵
  PID:2884
- C:\Windows\System\RtXrHNL.exe
  C:\Windows\System\RtXrHNL.exe
  2⤵
  PID:2152
- C:\Windows\System\IffXcoa.exe
  C:\Windows\System\IffXcoa.exe
  2⤵
  PID:324
- C:\Windows\System\CRYiQok.exe
  C:\Windows\System\CRYiQok.exe
  2⤵
  PID:2600
- C:\Windows\System\DJhEBBB.exe
  C:\Windows\System\DJhEBBB.exe
  2⤵
  PID:2464
- C:\Windows\System\nMJvqOZ.exe
  C:\Windows\System\nMJvqOZ.exe
  2⤵
  PID:1832
- C:\Windows\System\xsgbsIY.exe
  C:\Windows\System\xsgbsIY.exe
  2⤵
  PID:2552
- C:\Windows\System\gBwArlp.exe
  C:\Windows\System\gBwArlp.exe
  2⤵
  PID:1792
- C:\Windows\System\PZKPhEU.exe
  C:\Windows\System\PZKPhEU.exe
  2⤵
  PID:1848
- C:\Windows\System\NbTRpZp.exe
  C:\Windows\System\NbTRpZp.exe
  2⤵
  PID:1124
- C:\Windows\System\wtqnNvK.exe
  C:\Windows\System\wtqnNvK.exe
  2⤵
  PID:1980
- C:\Windows\System\jQzUBFj.exe
  C:\Windows\System\jQzUBFj.exe
  2⤵
  PID:2244
- C:\Windows\System\xBoqWvG.exe
  C:\Windows\System\xBoqWvG.exe
  2⤵
  PID:596
- C:\Windows\System\KCOZmyp.exe
  C:\Windows\System\KCOZmyp.exe
  2⤵
  PID:2292
- C:\Windows\System\RMMfOPu.exe
  C:\Windows\System\RMMfOPu.exe
  2⤵
  PID:2568
- C:\Windows\System\UapVqmm.exe
  C:\Windows\System\UapVqmm.exe
  2⤵
  PID:3096
- C:\Windows\System\aDAElJy.exe
  C:\Windows\System\aDAElJy.exe
  2⤵
  PID:1704
- C:\Windows\System\moVxnLd.exe
  C:\Windows\System\moVxnLd.exe
  2⤵
  PID:2880
- C:\Windows\System\OwPensk.exe
  C:\Windows\System\OwPensk.exe
  2⤵
  PID:1548
- C:\Windows\System\hCXERcD.exe
  C:\Windows\System\hCXERcD.exe
  2⤵
  PID:3148
- C:\Windows\System\FsuJozK.exe
  C:\Windows\System\FsuJozK.exe
  2⤵
  PID:3152
- C:\Windows\System\OUdcugP.exe
  C:\Windows\System\OUdcugP.exe
  2⤵
  PID:3280
- C:\Windows\System\MpZPRDL.exe
  C:\Windows\System\MpZPRDL.exe
  2⤵
  PID:3356
- C:\Windows\System\SDipLSa.exe
  C:\Windows\System\SDipLSa.exe
  2⤵
  PID:3232
- C:\Windows\System\hLSbjoi.exe
  C:\Windows\System\hLSbjoi.exe
  2⤵
  PID:3372
- C:\Windows\System\WDccOJi.exe
  C:\Windows\System\WDccOJi.exe
  2⤵
  PID:3332
- C:\Windows\System\oSHkGSw.exe
  C:\Windows\System\oSHkGSw.exe
  2⤵
  PID:3228
- C:\Windows\System\uLggMNO.exe
  C:\Windows\System\uLggMNO.exe
  2⤵
  PID:3416
- C:\Windows\System\ihDYwdn.exe
  C:\Windows\System\ihDYwdn.exe
  2⤵
  PID:3440
- C:\Windows\System\jMKBdfD.exe
  C:\Windows\System\jMKBdfD.exe
  2⤵
  PID:3472
- C:\Windows\System\hybmpOm.exe
  C:\Windows\System\hybmpOm.exe
  2⤵
  PID:3512
- C:\Windows\System\IsOBiPF.exe
  C:\Windows\System\IsOBiPF.exe
  2⤵
  PID:3552
- C:\Windows\System\PzdWBaj.exe
  C:\Windows\System\PzdWBaj.exe
  2⤵
  PID:3576
- C:\Windows\System\GIEhTPH.exe
  C:\Windows\System\GIEhTPH.exe
  2⤵
  PID:3620
- C:\Windows\System\oMCvsTA.exe
  C:\Windows\System\oMCvsTA.exe
  2⤵
  PID:3636
- C:\Windows\System\EHrEtoc.exe
  C:\Windows\System\EHrEtoc.exe
  2⤵
  PID:3676
- C:\Windows\System\CpCNskV.exe
  C:\Windows\System\CpCNskV.exe
  2⤵
  PID:3712
- C:\Windows\System\WczjoVd.exe
  C:\Windows\System\WczjoVd.exe
  2⤵
  PID:3772
- C:\Windows\System\bsitCJT.exe
  C:\Windows\System\bsitCJT.exe
  2⤵
  PID:3792
- C:\Windows\System\khABwNN.exe
  C:\Windows\System\khABwNN.exe
  2⤵
  PID:3816
- C:\Windows\System\AAHubCz.exe
  C:\Windows\System\AAHubCz.exe
  2⤵
  PID:3836
- C:\Windows\System\UYThXfd.exe
  C:\Windows\System\UYThXfd.exe
  2⤵
  PID:3892
- C:\Windows\System\LJMoeLt.exe
  C:\Windows\System\LJMoeLt.exe
  2⤵
  PID:3920
- C:\Windows\System\kiZlPQJ.exe
  C:\Windows\System\kiZlPQJ.exe
  2⤵
  PID:3952
- C:\Windows\System\cMncbDa.exe
  C:\Windows\System\cMncbDa.exe
  2⤵
  PID:3992
- C:\Windows\System\hCPsfmT.exe
  C:\Windows\System\hCPsfmT.exe
  2⤵
  PID:4032
- C:\Windows\System\BjXqMSN.exe
  C:\Windows\System\BjXqMSN.exe
  2⤵
  PID:4060
- C:\Windows\System\HnZmZeg.exe
  C:\Windows\System\HnZmZeg.exe
  2⤵
  PID:2616
- C:\Windows\System\HuGVcsN.exe
  C:\Windows\System\HuGVcsN.exe
  2⤵
  PID:4076
- C:\Windows\System\vyBNARq.exe
  C:\Windows\System\vyBNARq.exe
  2⤵
  PID:1652
- C:\Windows\System\ZMorEyI.exe
  C:\Windows\System\ZMorEyI.exe
  2⤵
  PID:2072
- C:\Windows\System\DndAaIx.exe
  C:\Windows\System\DndAaIx.exe
  2⤵
  PID:1272
- C:\Windows\System\yivaPcR.exe
  C:\Windows\System\yivaPcR.exe
  2⤵
  PID:1604
- C:\Windows\System\eYsUuFW.exe
  C:\Windows\System\eYsUuFW.exe
  2⤵
  PID:784
- C:\Windows\System\TLYrMmS.exe
  C:\Windows\System\TLYrMmS.exe
  2⤵
  PID:1732
- C:\Windows\System\YvyhWPA.exe
  C:\Windows\System\YvyhWPA.exe
  2⤵
  PID:1748
- C:\Windows\System\AhaBLKe.exe
  C:\Windows\System\AhaBLKe.exe
  2⤵
  PID:3092
- C:\Windows\System\LAoKdny.exe
  C:\Windows\System\LAoKdny.exe
  2⤵
  PID:1384
- C:\Windows\System\ZxgBylN.exe
  C:\Windows\System\ZxgBylN.exe
  2⤵
  PID:2024
- C:\Windows\System\rrkgjfg.exe
  C:\Windows\System\rrkgjfg.exe
  2⤵
  PID:3112
- C:\Windows\System\bVnNMzb.exe
  C:\Windows\System\bVnNMzb.exe
  2⤵
  PID:3156
- C:\Windows\System\TnhKUvF.exe
  C:\Windows\System\TnhKUvF.exe
  2⤵
  PID:3388
- C:\Windows\System\SlWJpqZ.exe
  C:\Windows\System\SlWJpqZ.exe
  2⤵
  PID:3368
- C:\Windows\System\UjZNIRR.exe
  C:\Windows\System\UjZNIRR.exe
  2⤵
  PID:3296
- C:\Windows\System\ITveeqK.exe
  C:\Windows\System\ITveeqK.exe
  2⤵
  PID:3396
- C:\Windows\System\gmfHyVj.exe
  C:\Windows\System\gmfHyVj.exe
  2⤵
  PID:3432
- C:\Windows\System\vrlUbPJ.exe
  C:\Windows\System\vrlUbPJ.exe
  2⤵
  PID:3476
- C:\Windows\System\srIiuFQ.exe
  C:\Windows\System\srIiuFQ.exe
  2⤵
  PID:3580
- C:\Windows\System\tLMQvxY.exe
  C:\Windows\System\tLMQvxY.exe
  2⤵
  PID:3640
- C:\Windows\System\YeBsvEi.exe
  C:\Windows\System\YeBsvEi.exe
  2⤵
  PID:3700
- C:\Windows\System\xwtWGCN.exe
  C:\Windows\System\xwtWGCN.exe
  2⤵
  PID:3740
- C:\Windows\System\TFliVJp.exe
  C:\Windows\System\TFliVJp.exe
  2⤵
  PID:4116
- C:\Windows\System\NGdwqYQ.exe
  C:\Windows\System\NGdwqYQ.exe
  2⤵
  PID:4136
- C:\Windows\System\lRNqXOq.exe
  C:\Windows\System\lRNqXOq.exe
  2⤵
  PID:4156
- C:\Windows\System\duwZQUY.exe
  C:\Windows\System\duwZQUY.exe
  2⤵
  PID:4176
- C:\Windows\System\EUommcC.exe
  C:\Windows\System\EUommcC.exe
  2⤵
  PID:4196
- C:\Windows\System\BWokrbC.exe
  C:\Windows\System\BWokrbC.exe
  2⤵
  PID:4216
- C:\Windows\System\oOZxBGM.exe
  C:\Windows\System\oOZxBGM.exe
  2⤵
  PID:4236
- C:\Windows\System\YAifYFf.exe
  C:\Windows\System\YAifYFf.exe
  2⤵
  PID:4256
- C:\Windows\System\DzyMAwV.exe
  C:\Windows\System\DzyMAwV.exe
  2⤵
  PID:4276
- C:\Windows\System\YvFmPNg.exe
  C:\Windows\System\YvFmPNg.exe
  2⤵
  PID:4296
- C:\Windows\System\AVAFHkm.exe
  C:\Windows\System\AVAFHkm.exe
  2⤵
  PID:4316
- C:\Windows\System\PszWiwI.exe
  C:\Windows\System\PszWiwI.exe
  2⤵
  PID:4336
- C:\Windows\System\UsomVus.exe
  C:\Windows\System\UsomVus.exe
  2⤵
  PID:4356
- C:\Windows\System\CZXLybB.exe
  C:\Windows\System\CZXLybB.exe
  2⤵
  PID:4376
- C:\Windows\System\ratkdLR.exe
  C:\Windows\System\ratkdLR.exe
  2⤵
  PID:4396
- C:\Windows\System\QQmZBcK.exe
  C:\Windows\System\QQmZBcK.exe
  2⤵
  PID:4416
- C:\Windows\System\SRcFvxh.exe
  C:\Windows\System\SRcFvxh.exe
  2⤵
  PID:4436
- C:\Windows\System\MBHIgOW.exe
  C:\Windows\System\MBHIgOW.exe
  2⤵
  PID:4456
- C:\Windows\System\JWxWqcB.exe
  C:\Windows\System\JWxWqcB.exe
  2⤵
  PID:4476
- C:\Windows\System\bKaoyDy.exe
  C:\Windows\System\bKaoyDy.exe
  2⤵
  PID:4500
- C:\Windows\System\mhRJrXD.exe
  C:\Windows\System\mhRJrXD.exe
  2⤵
  PID:4520
- C:\Windows\System\EbCOKuR.exe
  C:\Windows\System\EbCOKuR.exe
  2⤵
  PID:4540
- C:\Windows\System\WNiRAhd.exe
  C:\Windows\System\WNiRAhd.exe
  2⤵
  PID:4560
- C:\Windows\System\vwjYETo.exe
  C:\Windows\System\vwjYETo.exe
  2⤵
  PID:4580
- C:\Windows\System\qWXwvja.exe
  C:\Windows\System\qWXwvja.exe
  2⤵
  PID:4600
- C:\Windows\System\IBxhkge.exe
  C:\Windows\System\IBxhkge.exe
  2⤵
  PID:4620
- C:\Windows\System\rAwviLf.exe
  C:\Windows\System\rAwviLf.exe
  2⤵
  PID:4640
- C:\Windows\System\dmHZDOQ.exe
  C:\Windows\System\dmHZDOQ.exe
  2⤵
  PID:4660
- C:\Windows\System\FQXwGsf.exe
  C:\Windows\System\FQXwGsf.exe
  2⤵
  PID:4680
- C:\Windows\System\SQCUQyG.exe
  C:\Windows\System\SQCUQyG.exe
  2⤵
  PID:4700
- C:\Windows\System\VkukQKw.exe
  C:\Windows\System\VkukQKw.exe
  2⤵
  PID:4720
- C:\Windows\System\MzUXhQe.exe
  C:\Windows\System\MzUXhQe.exe
  2⤵
  PID:4740
- C:\Windows\System\PfFFCkK.exe
  C:\Windows\System\PfFFCkK.exe
  2⤵
  PID:4760
- C:\Windows\System\OAjNECJ.exe
  C:\Windows\System\OAjNECJ.exe
  2⤵
  PID:4780
- C:\Windows\System\FTWtTew.exe
  C:\Windows\System\FTWtTew.exe
  2⤵
  PID:4800
- C:\Windows\System\CTDNbuR.exe
  C:\Windows\System\CTDNbuR.exe
  2⤵
  PID:4820
- C:\Windows\System\UGnSQQh.exe
  C:\Windows\System\UGnSQQh.exe
  2⤵
  PID:4840
- C:\Windows\System\YAjTsTO.exe
  C:\Windows\System\YAjTsTO.exe
  2⤵
  PID:4860
- C:\Windows\System\TaPSfXX.exe
  C:\Windows\System\TaPSfXX.exe
  2⤵
  PID:4880
- C:\Windows\System\ToPPWUC.exe
  C:\Windows\System\ToPPWUC.exe
  2⤵
  PID:4900
- C:\Windows\System\bBvQOxJ.exe
  C:\Windows\System\bBvQOxJ.exe
  2⤵
  PID:4920
- C:\Windows\System\jcybWHb.exe
  C:\Windows\System\jcybWHb.exe
  2⤵
  PID:4940
- C:\Windows\System\oufmkNc.exe
  C:\Windows\System\oufmkNc.exe
  2⤵
  PID:4960
- C:\Windows\System\ZnUNEOd.exe
  C:\Windows\System\ZnUNEOd.exe
  2⤵
  PID:4980
- C:\Windows\System\nzhLZom.exe
  C:\Windows\System\nzhLZom.exe
  2⤵
  PID:5000
- C:\Windows\System\ccxIHTD.exe
  C:\Windows\System\ccxIHTD.exe
  2⤵
  PID:5020
- C:\Windows\System\dozQUXV.exe
  C:\Windows\System\dozQUXV.exe
  2⤵
  PID:5040
- C:\Windows\System\zOhLuFq.exe
  C:\Windows\System\zOhLuFq.exe
  2⤵
  PID:5056
- C:\Windows\System\zETJLdo.exe
  C:\Windows\System\zETJLdo.exe
  2⤵
  PID:5080
- C:\Windows\System\TiKhtYY.exe
  C:\Windows\System\TiKhtYY.exe
  2⤵
  PID:5100
- C:\Windows\System\ksbfScH.exe
  C:\Windows\System\ksbfScH.exe
  2⤵
  PID:3812
- C:\Windows\System\aGZpwvm.exe
  C:\Windows\System\aGZpwvm.exe
  2⤵
  PID:3820
- C:\Windows\System\LSULnei.exe
  C:\Windows\System\LSULnei.exe
  2⤵
  PID:3860
- C:\Windows\System\VyZgCAt.exe
  C:\Windows\System\VyZgCAt.exe
  2⤵
  PID:3932
- C:\Windows\System\mgiVUih.exe
  C:\Windows\System\mgiVUih.exe
  2⤵
  PID:4000
- C:\Windows\System\VkZPTSe.exe
  C:\Windows\System\VkZPTSe.exe
  2⤵
  PID:4036
- C:\Windows\System\HKDfzaZ.exe
  C:\Windows\System\HKDfzaZ.exe
  2⤵
  PID:2624
- C:\Windows\System\WGpOYaI.exe
  C:\Windows\System\WGpOYaI.exe
  2⤵
  PID:2656
- C:\Windows\System\lBLJCRo.exe
  C:\Windows\System\lBLJCRo.exe
  2⤵
  PID:820
- C:\Windows\System\nUGPROt.exe
  C:\Windows\System\nUGPROt.exe
  2⤵
  PID:2768
- C:\Windows\System\nZCiRga.exe
  C:\Windows\System\nZCiRga.exe
  2⤵
  PID:1764
- C:\Windows\System\qHtGxxo.exe
  C:\Windows\System\qHtGxxo.exe
  2⤵
  PID:532
- C:\Windows\System\pknGKAR.exe
  C:\Windows\System\pknGKAR.exe
  2⤵
  PID:3132
- C:\Windows\System\ajTazPh.exe
  C:\Windows\System\ajTazPh.exe
  2⤵
  PID:2004
- C:\Windows\System\MqCuvEf.exe
  C:\Windows\System\MqCuvEf.exe
  2⤵
  PID:3316
- C:\Windows\System\bqtaZdc.exe
  C:\Windows\System\bqtaZdc.exe
  2⤵
  PID:3188
- C:\Windows\System\PJSNwTX.exe
  C:\Windows\System\PJSNwTX.exe
  2⤵
  PID:3460
- C:\Windows\System\pIUlXUY.exe
  C:\Windows\System\pIUlXUY.exe
  2⤵
  PID:3500
- C:\Windows\System\xfythMQ.exe
  C:\Windows\System\xfythMQ.exe
  2⤵
  PID:3652
- C:\Windows\System\wxHlMvD.exe
  C:\Windows\System\wxHlMvD.exe
  2⤵
  PID:3696
- C:\Windows\System\CJZCPkp.exe
  C:\Windows\System\CJZCPkp.exe
  2⤵
  PID:4108
- C:\Windows\System\QrNFJlj.exe
  C:\Windows\System\QrNFJlj.exe
  2⤵
  PID:4148
- C:\Windows\System\QVKejZh.exe
  C:\Windows\System\QVKejZh.exe
  2⤵
  PID:4168
- C:\Windows\System\HGwIUee.exe
  C:\Windows\System\HGwIUee.exe
  2⤵
  PID:4224
- C:\Windows\System\PQLLLMY.exe
  C:\Windows\System\PQLLLMY.exe
  2⤵
  PID:4264
- C:\Windows\System\uKPpeMG.exe
  C:\Windows\System\uKPpeMG.exe
  2⤵
  PID:4292
- C:\Windows\System\KiumnuZ.exe
  C:\Windows\System\KiumnuZ.exe
  2⤵
  PID:4324
- C:\Windows\System\sQiwAnG.exe
  C:\Windows\System\sQiwAnG.exe
  2⤵
  PID:4348
- C:\Windows\System\cAndjHH.exe
  C:\Windows\System\cAndjHH.exe
  2⤵
  PID:4392
- C:\Windows\System\AmnHbgU.exe
  C:\Windows\System\AmnHbgU.exe
  2⤵
  PID:4408
- C:\Windows\System\wEKDVTe.exe
  C:\Windows\System\wEKDVTe.exe
  2⤵
  PID:4448
- C:\Windows\System\XOseSFa.exe
  C:\Windows\System\XOseSFa.exe
  2⤵
  PID:4516
- C:\Windows\System\fXeOZHc.exe
  C:\Windows\System\fXeOZHc.exe
  2⤵
  PID:4528
- C:\Windows\System\xQhDpfd.exe
  C:\Windows\System\xQhDpfd.exe
  2⤵
  PID:4552
- C:\Windows\System\eDGKPfS.exe
  C:\Windows\System\eDGKPfS.exe
  2⤵
  PID:4572
- C:\Windows\System\pSUnYnL.exe
  C:\Windows\System\pSUnYnL.exe
  2⤵
  PID:4628
- C:\Windows\System\lWEqpQW.exe
  C:\Windows\System\lWEqpQW.exe
  2⤵
  PID:4652
- C:\Windows\System\xVEnOKB.exe
  C:\Windows\System\xVEnOKB.exe
  2⤵
  PID:4708
- C:\Windows\System\rmrKsaR.exe
  C:\Windows\System\rmrKsaR.exe
  2⤵
  PID:4728
- C:\Windows\System\IqpFVgA.exe
  C:\Windows\System\IqpFVgA.exe
  2⤵
  PID:4752
- C:\Windows\System\PhLbdyJ.exe
  C:\Windows\System\PhLbdyJ.exe
  2⤵
  PID:4772
- C:\Windows\System\JeQqtcR.exe
  C:\Windows\System\JeQqtcR.exe
  2⤵
  PID:4816
- C:\Windows\System\lDLccOJ.exe
  C:\Windows\System\lDLccOJ.exe
  2⤵
  PID:4848
- C:\Windows\System\QkxtEot.exe
  C:\Windows\System\QkxtEot.exe
  2⤵
  PID:4896
- C:\Windows\System\IECqaRv.exe
  C:\Windows\System\IECqaRv.exe
  2⤵
  PID:4948
- C:\Windows\System\JbXJftD.exe
  C:\Windows\System\JbXJftD.exe
  2⤵
  PID:4952
- C:\Windows\System\nnsmkbM.exe
  C:\Windows\System\nnsmkbM.exe
  2⤵
  PID:2220
- C:\Windows\System\oMUVARO.exe
  C:\Windows\System\oMUVARO.exe
  2⤵
  PID:5008
- C:\Windows\System\gfIMuoT.exe
  C:\Windows\System\gfIMuoT.exe
  2⤵
  PID:5068
- C:\Windows\System\TOlhQYD.exe
  C:\Windows\System\TOlhQYD.exe
  2⤵
  PID:5088
- C:\Windows\System\hcpbxpx.exe
  C:\Windows\System\hcpbxpx.exe
  2⤵
  PID:3840
- C:\Windows\System\RalyFms.exe
  C:\Windows\System\RalyFms.exe
  2⤵
  PID:3780
- C:\Windows\System\xlQllua.exe
  C:\Windows\System\xlQllua.exe
  2⤵
  PID:3956
- C:\Windows\System\ttRZSfW.exe
  C:\Windows\System\ttRZSfW.exe
  2⤵
  PID:3980
- C:\Windows\System\JoVJrsk.exe
  C:\Windows\System\JoVJrsk.exe
  2⤵
  PID:2648
- C:\Windows\System\PBDeRjw.exe
  C:\Windows\System\PBDeRjw.exe
  2⤵
  PID:2736
- C:\Windows\System\KwBugFf.exe
  C:\Windows\System\KwBugFf.exe
  2⤵
  PID:2716
- C:\Windows\System\TYIJAxv.exe
  C:\Windows\System\TYIJAxv.exe
  2⤵
  PID:1356
- C:\Windows\System\ovOGSzj.exe
  C:\Windows\System\ovOGSzj.exe
  2⤵
  PID:3244
- C:\Windows\System\zIisXAa.exe
  C:\Windows\System\zIisXAa.exe
  2⤵
  PID:3264
- C:\Windows\System\wcTBtua.exe
  C:\Windows\System\wcTBtua.exe
  2⤵
  PID:3392
- C:\Windows\System\vwfUhJy.exe
  C:\Windows\System\vwfUhJy.exe
  2⤵
  PID:3672
- C:\Windows\System\geEJMna.exe
  C:\Windows\System\geEJMna.exe
  2⤵
  PID:3716
- C:\Windows\System\eDJBMwV.exe
  C:\Windows\System\eDJBMwV.exe
  2⤵
  PID:4132
- C:\Windows\System\KyxSYlp.exe
  C:\Windows\System\KyxSYlp.exe
  2⤵
  PID:4212
- C:\Windows\System\IpFTVFs.exe
  C:\Windows\System\IpFTVFs.exe
  2⤵
  PID:4308
- C:\Windows\System\fvPqYHf.exe
  C:\Windows\System\fvPqYHf.exe
  2⤵
  PID:4368
- C:\Windows\System\RwqeQMw.exe
  C:\Windows\System\RwqeQMw.exe
  2⤵
  PID:4424
- C:\Windows\System\FhcIuCM.exe
  C:\Windows\System\FhcIuCM.exe
  2⤵
  PID:4492
- C:\Windows\System\pzpKcfj.exe
  C:\Windows\System\pzpKcfj.exe
  2⤵
  PID:4556
- C:\Windows\System\NnRJuPK.exe
  C:\Windows\System\NnRJuPK.exe
  2⤵
  PID:4596
- C:\Windows\System\ZtBiMNG.exe
  C:\Windows\System\ZtBiMNG.exe
  2⤵
  PID:4656
- C:\Windows\System\IJuHJgy.exe
  C:\Windows\System\IJuHJgy.exe
  2⤵
  PID:4672
- C:\Windows\System\meedscD.exe
  C:\Windows\System\meedscD.exe
  2⤵
  PID:4796
- C:\Windows\System\RqpCjpv.exe
  C:\Windows\System\RqpCjpv.exe
  2⤵
  PID:4812
- C:\Windows\System\hAqrjtW.exe
  C:\Windows\System\hAqrjtW.exe
  2⤵
  PID:4852
- C:\Windows\System\rCxgDWv.exe
  C:\Windows\System\rCxgDWv.exe
  2⤵
  PID:4916
- C:\Windows\System\kKGfecE.exe
  C:\Windows\System\kKGfecE.exe
  2⤵
  PID:4972
- C:\Windows\System\MYNdJvp.exe
  C:\Windows\System\MYNdJvp.exe
  2⤵
  PID:5012
- C:\Windows\System\VOPsKxz.exe
  C:\Windows\System\VOPsKxz.exe
  2⤵
  PID:5052
- C:\Windows\System\LSJbSzh.exe
  C:\Windows\System\LSJbSzh.exe
  2⤵
  PID:3896
- C:\Windows\System\Qpoofhk.exe
  C:\Windows\System\Qpoofhk.exe
  2⤵
  PID:3912
- C:\Windows\System\OCZICml.exe
  C:\Windows\System\OCZICml.exe
  2⤵
  PID:3940
- C:\Windows\System\sCBppGJ.exe
  C:\Windows\System\sCBppGJ.exe
  2⤵
  PID:1524
- C:\Windows\System\cNDQmsC.exe
  C:\Windows\System\cNDQmsC.exe
  2⤵
  PID:3136
- C:\Windows\System\kydvQja.exe
  C:\Windows\System\kydvQja.exe
  2⤵
  PID:3412
- C:\Windows\System\LudWKir.exe
  C:\Windows\System\LudWKir.exe
  2⤵
  PID:3596
- C:\Windows\System\FVvkuBy.exe
  C:\Windows\System\FVvkuBy.exe
  2⤵
  PID:4172
- C:\Windows\System\ZRUcMcT.exe
  C:\Windows\System\ZRUcMcT.exe
  2⤵
  PID:5140
- C:\Windows\System\DdunejQ.exe
  C:\Windows\System\DdunejQ.exe
  2⤵
  PID:5160
- C:\Windows\System\RbhdDfe.exe
  C:\Windows\System\RbhdDfe.exe
  2⤵
  PID:5180
- C:\Windows\System\lZcffPL.exe
  C:\Windows\System\lZcffPL.exe
  2⤵
  PID:5200
- C:\Windows\System\BhRebap.exe
  C:\Windows\System\BhRebap.exe
  2⤵
  PID:5220
- C:\Windows\System\IUypHtR.exe
  C:\Windows\System\IUypHtR.exe
  2⤵
  PID:5240
- C:\Windows\System\QBCkOJc.exe
  C:\Windows\System\QBCkOJc.exe
  2⤵
  PID:5260
- C:\Windows\System\zOLBbyk.exe
  C:\Windows\System\zOLBbyk.exe
  2⤵
  PID:5280
- C:\Windows\System\aWJYVVF.exe
  C:\Windows\System\aWJYVVF.exe
  2⤵
  PID:5300
- C:\Windows\System\wgaFYPi.exe
  C:\Windows\System\wgaFYPi.exe
  2⤵
  PID:5320
- C:\Windows\System\axNjyxF.exe
  C:\Windows\System\axNjyxF.exe
  2⤵
  PID:5340
- C:\Windows\System\hMdTKMH.exe
  C:\Windows\System\hMdTKMH.exe
  2⤵
  PID:5360
- C:\Windows\System\giiAcyi.exe
  C:\Windows\System\giiAcyi.exe
  2⤵
  PID:5380
- C:\Windows\System\blbKxmR.exe
  C:\Windows\System\blbKxmR.exe
  2⤵
  PID:5400
- C:\Windows\System\xsafNUs.exe
  C:\Windows\System\xsafNUs.exe
  2⤵
  PID:5420
- C:\Windows\System\ZjzZtZt.exe
  C:\Windows\System\ZjzZtZt.exe
  2⤵
  PID:5440
- C:\Windows\System\mRiZFNj.exe
  C:\Windows\System\mRiZFNj.exe
  2⤵
  PID:5460
- C:\Windows\System\qkoVImT.exe
  C:\Windows\System\qkoVImT.exe
  2⤵
  PID:5480
- C:\Windows\System\GTxlZyt.exe
  C:\Windows\System\GTxlZyt.exe
  2⤵
  PID:5500
- C:\Windows\System\wiXidNB.exe
  C:\Windows\System\wiXidNB.exe
  2⤵
  PID:5520
- C:\Windows\System\YTHMaKR.exe
  C:\Windows\System\YTHMaKR.exe
  2⤵
  PID:5540
- C:\Windows\System\StygXgw.exe
  C:\Windows\System\StygXgw.exe
  2⤵
  PID:5560
- C:\Windows\System\ilMrrOH.exe
  C:\Windows\System\ilMrrOH.exe
  2⤵
  PID:5580
- C:\Windows\System\WrOKLFe.exe
  C:\Windows\System\WrOKLFe.exe
  2⤵
  PID:5600
- C:\Windows\System\BlhZSmQ.exe
  C:\Windows\System\BlhZSmQ.exe
  2⤵
  PID:5620
- C:\Windows\System\uzeHyiK.exe
  C:\Windows\System\uzeHyiK.exe
  2⤵
  PID:5640
- C:\Windows\System\urlhjQn.exe
  C:\Windows\System\urlhjQn.exe
  2⤵
  PID:5660
- C:\Windows\System\FifvKir.exe
  C:\Windows\System\FifvKir.exe
  2⤵
  PID:5684
- C:\Windows\System\LYeVBHg.exe
  C:\Windows\System\LYeVBHg.exe
  2⤵
  PID:5704
- C:\Windows\System\TVIjcTo.exe
  C:\Windows\System\TVIjcTo.exe
  2⤵
  PID:5724
- C:\Windows\System\NJZNkKg.exe
  C:\Windows\System\NJZNkKg.exe
  2⤵
  PID:5748
- C:\Windows\System\IupVroQ.exe
  C:\Windows\System\IupVroQ.exe
  2⤵
  PID:5768
- C:\Windows\System\XjOwZNW.exe
  C:\Windows\System\XjOwZNW.exe
  2⤵
  PID:5788
- C:\Windows\System\MpacDYq.exe
  C:\Windows\System\MpacDYq.exe
  2⤵
  PID:5808
- C:\Windows\System\lynTVfC.exe
  C:\Windows\System\lynTVfC.exe
  2⤵
  PID:5828
- C:\Windows\System\xCSaTWy.exe
  C:\Windows\System\xCSaTWy.exe
  2⤵
  PID:5848
- C:\Windows\System\IIlfULP.exe
  C:\Windows\System\IIlfULP.exe
  2⤵
  PID:5868
- C:\Windows\System\DKKFKrM.exe
  C:\Windows\System\DKKFKrM.exe
  2⤵
  PID:5888
- C:\Windows\System\vWoXRhc.exe
  C:\Windows\System\vWoXRhc.exe
  2⤵
  PID:5908
- C:\Windows\System\xnweaVR.exe
  C:\Windows\System\xnweaVR.exe
  2⤵
  PID:5928
- C:\Windows\System\DRaMSRM.exe
  C:\Windows\System\DRaMSRM.exe
  2⤵
  PID:5948
- C:\Windows\System\dhYwTvz.exe
  C:\Windows\System\dhYwTvz.exe
  2⤵
  PID:5968
- C:\Windows\System\LFeWkBQ.exe
  C:\Windows\System\LFeWkBQ.exe
  2⤵
  PID:5988
- C:\Windows\System\zsnPGRs.exe
  C:\Windows\System\zsnPGRs.exe
  2⤵
  PID:6008
- C:\Windows\System\sdzkaIq.exe
  C:\Windows\System\sdzkaIq.exe
  2⤵
  PID:6028
- C:\Windows\System\hNKpSeD.exe
  C:\Windows\System\hNKpSeD.exe
  2⤵
  PID:6048
- C:\Windows\System\sRhRxfg.exe
  C:\Windows\System\sRhRxfg.exe
  2⤵
  PID:6068
- C:\Windows\System\sgdjehi.exe
  C:\Windows\System\sgdjehi.exe
  2⤵
  PID:6088
- C:\Windows\System\dXnjVbx.exe
  C:\Windows\System\dXnjVbx.exe
  2⤵
  PID:6108
- C:\Windows\System\GjFtful.exe
  C:\Windows\System\GjFtful.exe
  2⤵
  PID:6128
- C:\Windows\System\YgpUbQQ.exe
  C:\Windows\System\YgpUbQQ.exe
  2⤵
  PID:4208
- C:\Windows\System\PDCqBAg.exe
  C:\Windows\System\PDCqBAg.exe
  2⤵
  PID:4344
- C:\Windows\System\IDNCftN.exe
  C:\Windows\System\IDNCftN.exe
  2⤵
  PID:4328
- C:\Windows\System\xpngHsv.exe
  C:\Windows\System\xpngHsv.exe
  2⤵
  PID:4444
- C:\Windows\System\SdcTEWh.exe
  C:\Windows\System\SdcTEWh.exe
  2⤵
  PID:4576
- C:\Windows\System\AFprFql.exe
  C:\Windows\System\AFprFql.exe
  2⤵
  PID:4692
- C:\Windows\System\BpcHEjt.exe
  C:\Windows\System\BpcHEjt.exe
  2⤵
  PID:4756
- C:\Windows\System\EKfqyUp.exe
  C:\Windows\System\EKfqyUp.exe
  2⤵
  PID:4888
- C:\Windows\System\nAGIuGt.exe
  C:\Windows\System\nAGIuGt.exe
  2⤵
  PID:4956
- C:\Windows\System\forciBQ.exe
  C:\Windows\System\forciBQ.exe
  2⤵
  PID:5036
- C:\Windows\System\eodSHlp.exe
  C:\Windows\System\eodSHlp.exe
  2⤵
  PID:5092
- C:\Windows\System\QMOhBLh.exe
  C:\Windows\System\QMOhBLh.exe
  2⤵
  PID:3776
- C:\Windows\System\kPbZVap.exe
  C:\Windows\System\kPbZVap.exe
  2⤵
  PID:1976
- C:\Windows\System\wPcEDxF.exe
  C:\Windows\System\wPcEDxF.exe
  2⤵
  PID:3192
- C:\Windows\System\tzpgAMY.exe
  C:\Windows\System\tzpgAMY.exe
  2⤵
  PID:3516
- C:\Windows\System\GekvBWM.exe
  C:\Windows\System\GekvBWM.exe
  2⤵
  PID:5132
- C:\Windows\System\gQNyhix.exe
  C:\Windows\System\gQNyhix.exe
  2⤵
  PID:5156
- C:\Windows\System\PHChdCu.exe
  C:\Windows\System\PHChdCu.exe
  2⤵
  PID:5196
- C:\Windows\System\zXlYFJp.exe
  C:\Windows\System\zXlYFJp.exe
  2⤵
  PID:5248
- C:\Windows\System\QGRJecV.exe
  C:\Windows\System\QGRJecV.exe
  2⤵
  PID:5288
- C:\Windows\System\CYZHPja.exe
  C:\Windows\System\CYZHPja.exe
  2⤵
  PID:5308
- C:\Windows\System\eXXAyca.exe
  C:\Windows\System\eXXAyca.exe
  2⤵
  PID:5332
- C:\Windows\System\UmouFDn.exe
  C:\Windows\System\UmouFDn.exe
  2⤵
  PID:5376
- C:\Windows\System\uJzxISI.exe
  C:\Windows\System\uJzxISI.exe
  2⤵
  PID:5396
- C:\Windows\System\SuxqvoL.exe
  C:\Windows\System\SuxqvoL.exe
  2⤵
  PID:5452
- C:\Windows\System\qqpNUXz.exe
  C:\Windows\System\qqpNUXz.exe
  2⤵
  PID:5488
- C:\Windows\System\fmGqMUG.exe
  C:\Windows\System\fmGqMUG.exe
  2⤵
  PID:5508
- C:\Windows\System\JSmBzkA.exe
  C:\Windows\System\JSmBzkA.exe
  2⤵
  PID:5532
- C:\Windows\System\yzQfaHZ.exe
  C:\Windows\System\yzQfaHZ.exe
  2⤵
  PID:5552
- C:\Windows\System\lHXiCQh.exe
  C:\Windows\System\lHXiCQh.exe
  2⤵
  PID:5596
- C:\Windows\System\SdbjdIb.exe
  C:\Windows\System\SdbjdIb.exe
  2⤵
  PID:5628
- C:\Windows\System\mnfbfsG.exe
  C:\Windows\System\mnfbfsG.exe
  2⤵
  PID:5652
- C:\Windows\System\bqnCQTR.exe
  C:\Windows\System\bqnCQTR.exe
  2⤵
  PID:5696
- C:\Windows\System\CqRQpfa.exe
  C:\Windows\System\CqRQpfa.exe
  2⤵
  PID:5744
- C:\Windows\System\fiJXBIC.exe
  C:\Windows\System\fiJXBIC.exe
  2⤵
  PID:5760
- C:\Windows\System\sUXDNYs.exe
  C:\Windows\System\sUXDNYs.exe
  2⤵
  PID:5804
- C:\Windows\System\zEuOJNv.exe
  C:\Windows\System\zEuOJNv.exe
  2⤵
  PID:5856
- C:\Windows\System\hvRXbrq.exe
  C:\Windows\System\hvRXbrq.exe
  2⤵
  PID:5876
- C:\Windows\System\gJKFCor.exe
  C:\Windows\System\gJKFCor.exe
  2⤵
  PID:5900
- C:\Windows\System\oCfAgbO.exe
  C:\Windows\System\oCfAgbO.exe
  2⤵
  PID:5920
- C:\Windows\System\HtybrRF.exe
  C:\Windows\System\HtybrRF.exe
  2⤵
  PID:5984
- C:\Windows\System\rjErTsv.exe
  C:\Windows\System\rjErTsv.exe
  2⤵
  PID:6000
- C:\Windows\System\VfRlkFl.exe
  C:\Windows\System\VfRlkFl.exe
  2⤵
  PID:6044
- C:\Windows\System\FmkyoxG.exe
  C:\Windows\System\FmkyoxG.exe
  2⤵
  PID:6076
- C:\Windows\System\gsFjVlp.exe
  C:\Windows\System\gsFjVlp.exe
  2⤵
  PID:6100
- C:\Windows\System\RulCnXr.exe
  C:\Windows\System\RulCnXr.exe
  2⤵
  PID:4204
- C:\Windows\System\ukvdGlv.exe
  C:\Windows\System\ukvdGlv.exe
  2⤵
  PID:4304
- C:\Windows\System\WJIFzLO.exe
  C:\Windows\System\WJIFzLO.exe
  2⤵
  PID:4412
- C:\Windows\System\qtWHOAl.exe
  C:\Windows\System\qtWHOAl.exe
  2⤵
  PID:4676
- C:\Windows\System\ZdNQYTD.exe
  C:\Windows\System\ZdNQYTD.exe
  2⤵
  PID:4868
- C:\Windows\System\fHzBVJP.exe
  C:\Windows\System\fHzBVJP.exe
  2⤵
  PID:4876
- C:\Windows\System\QDnmWnW.exe
  C:\Windows\System\QDnmWnW.exe
  2⤵
  PID:5048
- C:\Windows\System\xwTcLPb.exe
  C:\Windows\System\xwTcLPb.exe
  2⤵
  PID:900
- C:\Windows\System\losImlY.exe
  C:\Windows\System\losImlY.exe
  2⤵
  PID:788
- C:\Windows\System\WevdfdR.exe
  C:\Windows\System\WevdfdR.exe
  2⤵
  PID:5136
- C:\Windows\System\UvzggBr.exe
  C:\Windows\System\UvzggBr.exe
  2⤵
  PID:5212
- C:\Windows\System\jyqbudP.exe
  C:\Windows\System\jyqbudP.exe
  2⤵
  PID:5228
- C:\Windows\System\oOLXkIl.exe
  C:\Windows\System\oOLXkIl.exe
  2⤵
  PID:5252
- C:\Windows\System\cJARwnf.exe
  C:\Windows\System\cJARwnf.exe
  2⤵
  PID:5368
- C:\Windows\System\ZfkhnzB.exe
  C:\Windows\System\ZfkhnzB.exe
  2⤵
  PID:5412
- C:\Windows\System\alRIUTD.exe
  C:\Windows\System\alRIUTD.exe
  2⤵
  PID:5436
- C:\Windows\System\iOLUHie.exe
  C:\Windows\System\iOLUHie.exe
  2⤵
  PID:1160
- C:\Windows\System\MHExYZp.exe
  C:\Windows\System\MHExYZp.exe
  2⤵
  PID:5548
- C:\Windows\System\NxcZmkF.exe
  C:\Windows\System\NxcZmkF.exe
  2⤵
  PID:5588
- C:\Windows\System\nAOqUTH.exe
  C:\Windows\System\nAOqUTH.exe
  2⤵
  PID:5656
- C:\Windows\System\asYAMHc.exe
  C:\Windows\System\asYAMHc.exe
  2⤵
  PID:5720
- C:\Windows\System\pMtugWh.exe
  C:\Windows\System\pMtugWh.exe
  2⤵
  PID:5780
- C:\Windows\System\GnkWmtQ.exe
  C:\Windows\System\GnkWmtQ.exe
  2⤵
  PID:5840
- C:\Windows\System\GHxvGAd.exe
  C:\Windows\System\GHxvGAd.exe
  2⤵
  PID:5884
- C:\Windows\System\GAdXfYh.exe
  C:\Windows\System\GAdXfYh.exe
  2⤵
  PID:5976
- C:\Windows\System\uRmbibZ.exe
  C:\Windows\System\uRmbibZ.exe
  2⤵
  PID:6004
- C:\Windows\System\OSJGyEM.exe
  C:\Windows\System\OSJGyEM.exe
  2⤵
  PID:6104
- C:\Windows\System\EaPJzjU.exe
  C:\Windows\System\EaPJzjU.exe
  2⤵
  PID:4192
- C:\Windows\System\McbNkgR.exe
  C:\Windows\System\McbNkgR.exe
  2⤵
  PID:4248
- C:\Windows\System\QuNUTss.exe
  C:\Windows\System\QuNUTss.exe
  2⤵
  PID:6164
- C:\Windows\System\MelcsAS.exe
  C:\Windows\System\MelcsAS.exe
  2⤵
  PID:6184
- C:\Windows\System\bbsSkuh.exe
  C:\Windows\System\bbsSkuh.exe
  2⤵
  PID:6204
- C:\Windows\System\LxykiHA.exe
  C:\Windows\System\LxykiHA.exe
  2⤵
  PID:6224
- C:\Windows\System\CjMitrN.exe
  C:\Windows\System\CjMitrN.exe
  2⤵
  PID:6244
- C:\Windows\System\jMJSZwV.exe
  C:\Windows\System\jMJSZwV.exe
  2⤵
  PID:6264
- C:\Windows\System\rBzLBKn.exe
  C:\Windows\System\rBzLBKn.exe
  2⤵
  PID:6284
- C:\Windows\System\gTqiQxO.exe
  C:\Windows\System\gTqiQxO.exe
  2⤵
  PID:6304
- C:\Windows\System\wzyKJrA.exe
  C:\Windows\System\wzyKJrA.exe
  2⤵
  PID:6332
- C:\Windows\System\NnSZvxo.exe
  C:\Windows\System\NnSZvxo.exe
  2⤵
  PID:6348
- C:\Windows\System\vAARwse.exe
  C:\Windows\System\vAARwse.exe
  2⤵
  PID:6364
- C:\Windows\System\NaMMiIP.exe
  C:\Windows\System\NaMMiIP.exe
  2⤵
  PID:6384
- C:\Windows\System\kMKdVlq.exe
  C:\Windows\System\kMKdVlq.exe
  2⤵
  PID:6412
- C:\Windows\System\qorsYqm.exe
  C:\Windows\System\qorsYqm.exe
  2⤵
  PID:6432
- C:\Windows\System\CXWJWFQ.exe
  C:\Windows\System\CXWJWFQ.exe
  2⤵
  PID:6452
- C:\Windows\System\lrUpvHJ.exe
  C:\Windows\System\lrUpvHJ.exe
  2⤵
  PID:6472
- C:\Windows\System\KNvZQhU.exe
  C:\Windows\System\KNvZQhU.exe
  2⤵
  PID:6492
- C:\Windows\System\XezeuLq.exe
  C:\Windows\System\XezeuLq.exe
  2⤵
  PID:6508
- C:\Windows\System\xsBlbFL.exe
  C:\Windows\System\xsBlbFL.exe
  2⤵
  PID:6532
- C:\Windows\System\mHrwRUp.exe
  C:\Windows\System\mHrwRUp.exe
  2⤵
  PID:6548
- C:\Windows\System\AIHnkSo.exe
  C:\Windows\System\AIHnkSo.exe
  2⤵
  PID:6572
- C:\Windows\System\wMFTqqq.exe
  C:\Windows\System\wMFTqqq.exe
  2⤵
  PID:6592
- C:\Windows\System\oczFtSJ.exe
  C:\Windows\System\oczFtSJ.exe
  2⤵
  PID:6612
- C:\Windows\System\SEpGKrs.exe
  C:\Windows\System\SEpGKrs.exe
  2⤵
  PID:6628
- C:\Windows\System\HRRDxYa.exe
  C:\Windows\System\HRRDxYa.exe
  2⤵
  PID:6652
- C:\Windows\System\NqqfhKz.exe
  C:\Windows\System\NqqfhKz.exe
  2⤵
  PID:6672
- C:\Windows\System\OFPkDfs.exe
  C:\Windows\System\OFPkDfs.exe
  2⤵
  PID:6692
- C:\Windows\System\rZNyVqw.exe
  C:\Windows\System\rZNyVqw.exe
  2⤵
  PID:6712
- C:\Windows\System\GSyUCGK.exe
  C:\Windows\System\GSyUCGK.exe
  2⤵
  PID:6728
- C:\Windows\System\PCDQRpD.exe
  C:\Windows\System\PCDQRpD.exe
  2⤵
  PID:6748
- C:\Windows\System\dPJaxPS.exe
  C:\Windows\System\dPJaxPS.exe
  2⤵
  PID:6772
- C:\Windows\System\OqMNUnw.exe
  C:\Windows\System\OqMNUnw.exe
  2⤵
  PID:6792
- C:\Windows\System\IONOkcS.exe
  C:\Windows\System\IONOkcS.exe
  2⤵
  PID:6812
- C:\Windows\System\rNRBitY.exe
  C:\Windows\System\rNRBitY.exe
  2⤵
  PID:6832
- C:\Windows\System\ocgrKKL.exe
  C:\Windows\System\ocgrKKL.exe
  2⤵
  PID:6852
- C:\Windows\System\qadnBMZ.exe
  C:\Windows\System\qadnBMZ.exe
  2⤵
  PID:6872
- C:\Windows\System\TPqlyUG.exe
  C:\Windows\System\TPqlyUG.exe
  2⤵
  PID:6892
- C:\Windows\System\yCJhXJs.exe
  C:\Windows\System\yCJhXJs.exe
  2⤵
  PID:6912
- C:\Windows\System\TImlqrr.exe
  C:\Windows\System\TImlqrr.exe
  2⤵
  PID:6932
- C:\Windows\System\KujgMci.exe
  C:\Windows\System\KujgMci.exe
  2⤵
  PID:6952
- C:\Windows\System\LdrogVS.exe
  C:\Windows\System\LdrogVS.exe
  2⤵
  PID:6972
- C:\Windows\System\sMkowgv.exe
  C:\Windows\System\sMkowgv.exe
  2⤵
  PID:6992
- C:\Windows\System\orlLEck.exe
  C:\Windows\System\orlLEck.exe
  2⤵
  PID:7012
- C:\Windows\System\InRWgdO.exe
  C:\Windows\System\InRWgdO.exe
  2⤵
  PID:7032
- C:\Windows\System\DdioKIG.exe
  C:\Windows\System\DdioKIG.exe
  2⤵
  PID:7052
- C:\Windows\System\pHEmmmB.exe
  C:\Windows\System\pHEmmmB.exe
  2⤵
  PID:7072
- C:\Windows\System\LjfAezO.exe
  C:\Windows\System\LjfAezO.exe
  2⤵
  PID:7092
- C:\Windows\System\CZdFzQb.exe
  C:\Windows\System\CZdFzQb.exe
  2⤵
  PID:7112
- C:\Windows\System\PwtiEgP.exe
  C:\Windows\System\PwtiEgP.exe
  2⤵
  PID:7132
- C:\Windows\System\GdvimZb.exe
  C:\Windows\System\GdvimZb.exe
  2⤵
  PID:7152
- C:\Windows\System\KbgNjHc.exe
  C:\Windows\System\KbgNjHc.exe
  2⤵
  PID:4372
- C:\Windows\System\JoqClNt.exe
  C:\Windows\System\JoqClNt.exe
  2⤵
  PID:4616
- C:\Windows\System\OQgbIfH.exe
  C:\Windows\System\OQgbIfH.exe
  2⤵
  PID:3796
- C:\Windows\System\aRpOtdO.exe
  C:\Windows\System\aRpOtdO.exe
  2⤵
  PID:3936
- C:\Windows\System\mtZEwRK.exe
  C:\Windows\System\mtZEwRK.exe
  2⤵
  PID:4112
- C:\Windows\System\DiWtbCE.exe
  C:\Windows\System\DiWtbCE.exe
  2⤵
  PID:5188
- C:\Windows\System\rVLiQZl.exe
  C:\Windows\System\rVLiQZl.exe
  2⤵
  PID:5456
- C:\Windows\System\YlLYLzN.exe
  C:\Windows\System\YlLYLzN.exe
  2⤵
  PID:5176
- C:\Windows\System\EmSalST.exe
  C:\Windows\System\EmSalST.exe
  2⤵
  PID:5536
- C:\Windows\System\trxfaYe.exe
  C:\Windows\System\trxfaYe.exe
  2⤵
  PID:5492
- C:\Windows\System\MDAAcKn.exe
  C:\Windows\System\MDAAcKn.exe
  2⤵
  PID:5616
- C:\Windows\System\jTjdmqL.exe
  C:\Windows\System\jTjdmqL.exe
  2⤵
  PID:5764
- C:\Windows\System\RgqaOXu.exe
  C:\Windows\System\RgqaOXu.exe
  2⤵
  PID:5796
- C:\Windows\System\TunAlaz.exe
  C:\Windows\System\TunAlaz.exe
  2⤵
  PID:5980
- C:\Windows\System\rZOgENi.exe
  C:\Windows\System\rZOgENi.exe
  2⤵
  PID:6040
- C:\Windows\System\QUQMuqr.exe
  C:\Windows\System\QUQMuqr.exe
  2⤵
  PID:5944
- C:\Windows\System\JkdSQiR.exe
  C:\Windows\System\JkdSQiR.exe
  2⤵
  PID:6064
- C:\Windows\System\CbZxnXK.exe
  C:\Windows\System\CbZxnXK.exe
  2⤵
  PID:6136
- C:\Windows\System\OgXDOqk.exe
  C:\Windows\System\OgXDOqk.exe
  2⤵
  PID:6240
- C:\Windows\System\zQCcOuv.exe
  C:\Windows\System\zQCcOuv.exe
  2⤵
  PID:6252
- C:\Windows\System\iNBpMYB.exe
  C:\Windows\System\iNBpMYB.exe
  2⤵
  PID:6256
- C:\Windows\System\LxSFarf.exe
  C:\Windows\System\LxSFarf.exe
  2⤵
  PID:6360
- C:\Windows\System\KQgRbCX.exe
  C:\Windows\System\KQgRbCX.exe
  2⤵
  PID:6372
- C:\Windows\System\hIgNmrm.exe
  C:\Windows\System\hIgNmrm.exe
  2⤵
  PID:6404
- C:\Windows\System\FehuihQ.exe
  C:\Windows\System\FehuihQ.exe
  2⤵
  PID:6440
- C:\Windows\System\ZyaBRFD.exe
  C:\Windows\System\ZyaBRFD.exe
  2⤵
  PID:6460
- C:\Windows\System\SQDwZeW.exe
  C:\Windows\System\SQDwZeW.exe
  2⤵
  PID:6520
- C:\Windows\System\AIiuoVG.exe
  C:\Windows\System\AIiuoVG.exe
  2⤵
  PID:6504
- C:\Windows\System\ycgAXjk.exe
  C:\Windows\System\ycgAXjk.exe
  2⤵
  PID:6540
- C:\Windows\System\ntWZdKI.exe
  C:\Windows\System\ntWZdKI.exe
  2⤵
  PID:6584
- C:\Windows\System\ykRoZKO.exe
  C:\Windows\System\ykRoZKO.exe
  2⤵
  PID:6644
- C:\Windows\System\pdxeYcc.exe
  C:\Windows\System\pdxeYcc.exe
  2⤵
  PID:6640
- C:\Windows\System\SmJKpqG.exe
  C:\Windows\System\SmJKpqG.exe
  2⤵
  PID:6684
- C:\Windows\System\rzwufun.exe
  C:\Windows\System\rzwufun.exe
  2⤵
  PID:6704
- C:\Windows\System\BfDVgQW.exe
  C:\Windows\System\BfDVgQW.exe
  2⤵
  PID:6760
- C:\Windows\System\MqyKNff.exe
  C:\Windows\System\MqyKNff.exe
  2⤵
  PID:6800
- C:\Windows\System\FioUEGj.exe
  C:\Windows\System\FioUEGj.exe
  2⤵
  PID:6804
- C:\Windows\System\djYNKwU.exe
  C:\Windows\System\djYNKwU.exe
  2⤵
  PID:6824
- C:\Windows\System\yPZLgBa.exe
  C:\Windows\System\yPZLgBa.exe
  2⤵
  PID:6920
- C:\Windows\System\XAdMYxx.exe
  C:\Windows\System\XAdMYxx.exe
  2⤵
  PID:6864
- C:\Windows\System\DPrEqVq.exe
  C:\Windows\System\DPrEqVq.exe
  2⤵
  PID:6940
- C:\Windows\System\OQuQWXa.exe
  C:\Windows\System\OQuQWXa.exe
  2⤵
  PID:6964
- C:\Windows\System\ddshevO.exe
  C:\Windows\System\ddshevO.exe
  2⤵
  PID:7008
- C:\Windows\System\VchGvBl.exe
  C:\Windows\System\VchGvBl.exe
  2⤵
  PID:7028
- C:\Windows\System\qwoCuXC.exe
  C:\Windows\System\qwoCuXC.exe
  2⤵
  PID:7080
- C:\Windows\System\MCjOKtO.exe
  C:\Windows\System\MCjOKtO.exe
  2⤵
  PID:7124
- C:\Windows\System\WYiozWp.exe
  C:\Windows\System\WYiozWp.exe
  2⤵
  PID:7100
- C:\Windows\System\Nlvxfvk.exe
  C:\Windows\System\Nlvxfvk.exe
  2⤵
  PID:7148
- C:\Windows\System\XSKrgsX.exe
  C:\Windows\System\XSKrgsX.exe
  2⤵
  PID:4872
- C:\Windows\System\DOvQRmG.exe
  C:\Windows\System\DOvQRmG.exe
  2⤵
  PID:2044
- C:\Windows\System\SjYnjHZ.exe
  C:\Windows\System\SjYnjHZ.exe
  2⤵
  PID:5208
- C:\Windows\System\JhBowfy.exe
  C:\Windows\System\JhBowfy.exe
  2⤵
  PID:2756
- C:\Windows\System\YGcvnEM.exe
  C:\Windows\System\YGcvnEM.exe
  2⤵
  PID:5272
- C:\Windows\System\nAcSFYZ.exe
  C:\Windows\System\nAcSFYZ.exe
  2⤵
  PID:5432
- C:\Windows\System\XTrrNbE.exe
  C:\Windows\System\XTrrNbE.exe
  2⤵
  PID:5716
- C:\Windows\System\pdrXkzv.exe
  C:\Windows\System\pdrXkzv.exe
  2⤵
  PID:5864
- C:\Windows\System\ScOpawa.exe
  C:\Windows\System\ScOpawa.exe
  2⤵
  PID:6160
- C:\Windows\System\MrgBMUk.exe
  C:\Windows\System\MrgBMUk.exe
  2⤵
  PID:6156
- C:\Windows\System\SVFugzV.exe
  C:\Windows\System\SVFugzV.exe
  2⤵
  PID:6272
- C:\Windows\System\MMFzIWb.exe
  C:\Windows\System\MMFzIWb.exe
  2⤵
  PID:6196
- C:\Windows\System\kDCqUSf.exe
  C:\Windows\System\kDCqUSf.exe
  2⤵
  PID:6328
- C:\Windows\System\vqflVPL.exe
  C:\Windows\System\vqflVPL.exe
  2⤵
  PID:6420
- C:\Windows\System\GXMkWbC.exe
  C:\Windows\System\GXMkWbC.exe
  2⤵
  PID:6488
- C:\Windows\System\ymYLixo.exe
  C:\Windows\System\ymYLixo.exe
  2⤵
  PID:6424
- C:\Windows\System\IOhBvmJ.exe
  C:\Windows\System\IOhBvmJ.exe
  2⤵
  PID:6500
- C:\Windows\System\MxapqCz.exe
  C:\Windows\System\MxapqCz.exe
  2⤵
  PID:6604
- C:\Windows\System\trkuABh.exe
  C:\Windows\System\trkuABh.exe
  2⤵
  PID:6580
- C:\Windows\System\FqCboew.exe
  C:\Windows\System\FqCboew.exe
  2⤵
  PID:6720
- C:\Windows\System\dFQriQY.exe
  C:\Windows\System\dFQriQY.exe
  2⤵
  PID:6808
- C:\Windows\System\XiLEZEG.exe
  C:\Windows\System\XiLEZEG.exe
  2⤵
  PID:6764
- C:\Windows\System\ttOiGhU.exe
  C:\Windows\System\ttOiGhU.exe
  2⤵
  PID:6828
- C:\Windows\System\lbrXPoc.exe
  C:\Windows\System\lbrXPoc.exe
  2⤵
  PID:6904
- C:\Windows\System\gnikLHK.exe
  C:\Windows\System\gnikLHK.exe
  2⤵
  PID:6984
- C:\Windows\System\vBzMECx.exe
  C:\Windows\System\vBzMECx.exe
  2⤵
  PID:7064
- C:\Windows\System\dTcluBG.exe
  C:\Windows\System\dTcluBG.exe
  2⤵
  PID:7048
- C:\Windows\System\JCXHeds.exe
  C:\Windows\System\JCXHeds.exe
  2⤵
  PID:4612
- C:\Windows\System\LpyoAXA.exe
  C:\Windows\System\LpyoAXA.exe
  2⤵
  PID:2064
- C:\Windows\System\wxRffIx.exe
  C:\Windows\System\wxRffIx.exe
  2⤵
  PID:7104
- C:\Windows\System\JbvDoPX.exe
  C:\Windows\System\JbvDoPX.exe
  2⤵
  PID:5472
- C:\Windows\System\lVJwFCH.exe
  C:\Windows\System\lVJwFCH.exe
  2⤵
  PID:5268
- C:\Windows\System\VykJXdT.exe
  C:\Windows\System\VykJXdT.exe
  2⤵
  PID:2976
- C:\Windows\System\BVGziUr.exe
  C:\Windows\System\BVGziUr.exe
  2⤵
  PID:5836
- C:\Windows\System\oUhfzVo.exe
  C:\Windows\System\oUhfzVo.exe
  2⤵
  PID:6176
- C:\Windows\System\cahEqwS.exe
  C:\Windows\System\cahEqwS.exe
  2⤵
  PID:6216
- C:\Windows\System\lZZvYMN.exe
  C:\Windows\System\lZZvYMN.exe
  2⤵
  PID:6120
- C:\Windows\System\YcRTddB.exe
  C:\Windows\System\YcRTddB.exe
  2⤵
  PID:7184
- C:\Windows\System\wMAdrOt.exe
  C:\Windows\System\wMAdrOt.exe
  2⤵
  PID:7204
- C:\Windows\System\SsLemiE.exe
  C:\Windows\System\SsLemiE.exe
  2⤵
  PID:7220
- C:\Windows\System\eWOhoxm.exe
  C:\Windows\System\eWOhoxm.exe
  2⤵
  PID:7244
- C:\Windows\System\hRhyrwa.exe
  C:\Windows\System\hRhyrwa.exe
  2⤵
  PID:7264
- C:\Windows\System\uprJpzj.exe
  C:\Windows\System\uprJpzj.exe
  2⤵
  PID:7284
- C:\Windows\System\EqsiIrv.exe
  C:\Windows\System\EqsiIrv.exe
  2⤵
  PID:7300
- C:\Windows\System\DoXcaPH.exe
  C:\Windows\System\DoXcaPH.exe
  2⤵
  PID:7324
- C:\Windows\System\yVwfMVI.exe
  C:\Windows\System\yVwfMVI.exe
  2⤵
  PID:7348
- C:\Windows\System\BTYgoiH.exe
  C:\Windows\System\BTYgoiH.exe
  2⤵
  PID:7368
- C:\Windows\System\UIgUsbA.exe
  C:\Windows\System\UIgUsbA.exe
  2⤵
  PID:7388
- C:\Windows\System\hGUZKXK.exe
  C:\Windows\System\hGUZKXK.exe
  2⤵
  PID:7408
- C:\Windows\System\sKzZuud.exe
  C:\Windows\System\sKzZuud.exe
  2⤵
  PID:7428
- C:\Windows\System\jFCCAdB.exe
  C:\Windows\System\jFCCAdB.exe
  2⤵
  PID:7448
- C:\Windows\System\ebywRrS.exe
  C:\Windows\System\ebywRrS.exe
  2⤵
  PID:7468
- C:\Windows\System\CoqDxQA.exe
  C:\Windows\System\CoqDxQA.exe
  2⤵
  PID:7488
- C:\Windows\System\BzHEDkY.exe
  C:\Windows\System\BzHEDkY.exe
  2⤵
  PID:7508
- C:\Windows\System\mpnklEU.exe
  C:\Windows\System\mpnklEU.exe
  2⤵
  PID:7528
- C:\Windows\System\oNNJgSS.exe
  C:\Windows\System\oNNJgSS.exe
  2⤵
  PID:7548
- C:\Windows\System\WbbbBmG.exe
  C:\Windows\System\WbbbBmG.exe
  2⤵
  PID:7568
- C:\Windows\System\NKxnIZD.exe
  C:\Windows\System\NKxnIZD.exe
  2⤵
  PID:7588
- C:\Windows\System\fBqsTvA.exe
  C:\Windows\System\fBqsTvA.exe
  2⤵
  PID:7608
- C:\Windows\System\QkfLJiw.exe
  C:\Windows\System\QkfLJiw.exe
  2⤵
  PID:7628
- C:\Windows\System\vBMKBkl.exe
  C:\Windows\System\vBMKBkl.exe
  2⤵
  PID:7648
- C:\Windows\System\JsZaTLF.exe
  C:\Windows\System\JsZaTLF.exe
  2⤵
  PID:7668
- C:\Windows\System\pJBaABM.exe
  C:\Windows\System\pJBaABM.exe
  2⤵
  PID:7688
- C:\Windows\System\oUWGZOn.exe
  C:\Windows\System\oUWGZOn.exe
  2⤵
  PID:7704
- C:\Windows\System\zFLxdNX.exe
  C:\Windows\System\zFLxdNX.exe
  2⤵
  PID:7728
- C:\Windows\System\EFayPGP.exe
  C:\Windows\System\EFayPGP.exe
  2⤵
  PID:7744
- C:\Windows\System\PBWQYlB.exe
  C:\Windows\System\PBWQYlB.exe
  2⤵
  PID:7768
- C:\Windows\System\hikyAZq.exe
  C:\Windows\System\hikyAZq.exe
  2⤵
  PID:7788
- C:\Windows\System\FLytbHo.exe
  C:\Windows\System\FLytbHo.exe
  2⤵
  PID:7808
- C:\Windows\System\VksjOQy.exe
  C:\Windows\System\VksjOQy.exe
  2⤵
  PID:7828
- C:\Windows\System\qpFThrF.exe
  C:\Windows\System\qpFThrF.exe
  2⤵
  PID:7848
- C:\Windows\System\GVavewd.exe
  C:\Windows\System\GVavewd.exe
  2⤵
  PID:7868
- C:\Windows\System\eOehkwA.exe
  C:\Windows\System\eOehkwA.exe
  2⤵
  PID:7888
- C:\Windows\System\oxgkqcA.exe
  C:\Windows\System\oxgkqcA.exe
  2⤵
  PID:7908
- C:\Windows\System\jjSKWxI.exe
  C:\Windows\System\jjSKWxI.exe
  2⤵
  PID:7928
- C:\Windows\System\ZXELSHn.exe
  C:\Windows\System\ZXELSHn.exe
  2⤵
  PID:7948
- C:\Windows\System\QDKgUbk.exe
  C:\Windows\System\QDKgUbk.exe
  2⤵
  PID:7968
- C:\Windows\System\NIcBoFX.exe
  C:\Windows\System\NIcBoFX.exe
  2⤵
  PID:7988
- C:\Windows\System\WmXKynI.exe
  C:\Windows\System\WmXKynI.exe
  2⤵
  PID:8012
- C:\Windows\System\mTdhhWQ.exe
  C:\Windows\System\mTdhhWQ.exe
  2⤵
  PID:8032
- C:\Windows\System\EjKsSRk.exe
  C:\Windows\System\EjKsSRk.exe
  2⤵
  PID:8052
- C:\Windows\System\vKPYYJM.exe
  C:\Windows\System\vKPYYJM.exe
  2⤵
  PID:8068
- C:\Windows\System\Dfqhcil.exe
  C:\Windows\System\Dfqhcil.exe
  2⤵
  PID:8092
- C:\Windows\System\mtGGrLv.exe
  C:\Windows\System\mtGGrLv.exe
  2⤵
  PID:8112
- C:\Windows\System\YABPXdV.exe
  C:\Windows\System\YABPXdV.exe
  2⤵
  PID:8132
- C:\Windows\System\FnkmwOV.exe
  C:\Windows\System\FnkmwOV.exe
  2⤵
  PID:8152
- C:\Windows\System\LRKIpHu.exe
  C:\Windows\System\LRKIpHu.exe
  2⤵
  PID:8172
- C:\Windows\System\fYUTkeL.exe
  C:\Windows\System\fYUTkeL.exe
  2⤵
  PID:6400
- C:\Windows\System\GadUmIy.exe
  C:\Windows\System\GadUmIy.exe
  2⤵
  PID:3024
- C:\Windows\System\uvCmApb.exe
  C:\Windows\System\uvCmApb.exe
  2⤵
  PID:6556
- C:\Windows\System\TAkkwTO.exe
  C:\Windows\System\TAkkwTO.exe
  2⤵
  PID:6608
- C:\Windows\System\KKObyPO.exe
  C:\Windows\System\KKObyPO.exe
  2⤵
  PID:6624
- C:\Windows\System\gCDbwak.exe
  C:\Windows\System\gCDbwak.exe
  2⤵
  PID:6880
- C:\Windows\System\DKDYsxd.exe
  C:\Windows\System\DKDYsxd.exe
  2⤵
  PID:6944
- C:\Windows\System\Esqoujn.exe
  C:\Windows\System\Esqoujn.exe
  2⤵
  PID:6988
- C:\Windows\System\BuLhbYZ.exe
  C:\Windows\System\BuLhbYZ.exe
  2⤵
  PID:7044
- C:\Windows\System\aPbmTEO.exe
  C:\Windows\System\aPbmTEO.exe
  2⤵
  PID:7084
- C:\Windows\System\wKbpPnH.exe
  C:\Windows\System\wKbpPnH.exe
  2⤵
  PID:4040
- C:\Windows\System\dUqJUfR.exe
  C:\Windows\System\dUqJUfR.exe
  2⤵
  PID:5636
- C:\Windows\System\wFYGCee.exe
  C:\Windows\System\wFYGCee.exe
  2⤵
  PID:6124
- C:\Windows\System\UVyifhZ.exe
  C:\Windows\System\UVyifhZ.exe
  2⤵
  PID:6220
- C:\Windows\System\wBvcUfQ.exe
  C:\Windows\System\wBvcUfQ.exe
  2⤵
  PID:6020
- C:\Windows\System\awExKAB.exe
  C:\Windows\System\awExKAB.exe
  2⤵
  PID:7192
- C:\Windows\System\zcksaYs.exe
  C:\Windows\System\zcksaYs.exe
  2⤵
  PID:7232
- C:\Windows\System\xLGrehF.exe
  C:\Windows\System\xLGrehF.exe
  2⤵
  PID:7252
- C:\Windows\System\JclzaNk.exe
  C:\Windows\System\JclzaNk.exe
  2⤵
  PID:7308
- C:\Windows\System\sQKNezR.exe
  C:\Windows\System\sQKNezR.exe
  2⤵
  PID:7292
- C:\Windows\System\GahxgBG.exe
  C:\Windows\System\GahxgBG.exe
  2⤵
  PID:7344
- C:\Windows\System\Tcjhjxa.exe
  C:\Windows\System\Tcjhjxa.exe
  2⤵
  PID:7384
- C:\Windows\System\IipjOAh.exe
  C:\Windows\System\IipjOAh.exe
  2⤵
  PID:7436
- C:\Windows\System\lmVZtjj.exe
  C:\Windows\System\lmVZtjj.exe
  2⤵
  PID:7420
- C:\Windows\System\WTQeeTg.exe
  C:\Windows\System\WTQeeTg.exe
  2⤵
  PID:7464
- C:\Windows\System\OoDPEQT.exe
  C:\Windows\System\OoDPEQT.exe
  2⤵
  PID:7500
- C:\Windows\System\ptmNoHS.exe
  C:\Windows\System\ptmNoHS.exe
  2⤵
  PID:7564
- C:\Windows\System\wIEKUfR.exe
  C:\Windows\System\wIEKUfR.exe
  2⤵
  PID:7576
- C:\Windows\System\msdQEMN.exe
  C:\Windows\System\msdQEMN.exe
  2⤵
  PID:7636
- C:\Windows\System\MCNfwwh.exe
  C:\Windows\System\MCNfwwh.exe
  2⤵
  PID:7684
- C:\Windows\System\ARNVMzG.exe
  C:\Windows\System\ARNVMzG.exe
  2⤵
  PID:7660
- C:\Windows\System\qfRBIFW.exe
  C:\Windows\System\qfRBIFW.exe
  2⤵
  PID:7724
- C:\Windows\System\uWDzDlf.exe
  C:\Windows\System\uWDzDlf.exe
  2⤵
  PID:7764
- C:\Windows\System\DFugUPr.exe
  C:\Windows\System\DFugUPr.exe
  2⤵
  PID:7796
- C:\Windows\System\snozlOP.exe
  C:\Windows\System\snozlOP.exe
  2⤵
  PID:7780
- C:\Windows\System\fYrDTIy.exe
  C:\Windows\System\fYrDTIy.exe
  2⤵
  PID:7840
- C:\Windows\System\mlEKsyp.exe
  C:\Windows\System\mlEKsyp.exe
  2⤵
  PID:7856
- C:\Windows\System\NumbtbX.exe
  C:\Windows\System\NumbtbX.exe
  2⤵
  PID:7924
- C:\Windows\System\bcjYVEC.exe
  C:\Windows\System\bcjYVEC.exe
  2⤵
  PID:7944
- C:\Windows\System\zrEJnpO.exe
  C:\Windows\System\zrEJnpO.exe
  2⤵
  PID:1796
- C:\Windows\System\OzTPqmu.exe
  C:\Windows\System\OzTPqmu.exe
  2⤵
  PID:8000
- C:\Windows\System\yaslHRR.exe
  C:\Windows\System\yaslHRR.exe
  2⤵
  PID:8024
- C:\Windows\System\JYGxXoi.exe
  C:\Windows\System\JYGxXoi.exe
  2⤵
  PID:8076
- C:\Windows\System\GVnXubz.exe
  C:\Windows\System\GVnXubz.exe
  2⤵
  PID:8060
- C:\Windows\System\YQGSoeL.exe
  C:\Windows\System\YQGSoeL.exe
  2⤵
  PID:8128
- C:\Windows\System\KddMdvj.exe
  C:\Windows\System\KddMdvj.exe
  2⤵
  PID:8160
- C:\Windows\System\hSUPzrc.exe
  C:\Windows\System\hSUPzrc.exe
  2⤵
  PID:8188
- C:\Windows\System\ePYoCoi.exe
  C:\Windows\System\ePYoCoi.exe
  2⤵
  PID:6668
- C:\Windows\System\SRfTSqM.exe
  C:\Windows\System\SRfTSqM.exe
  2⤵
  PID:6568
- C:\Windows\System\DCGJmQE.exe
  C:\Windows\System\DCGJmQE.exe
  2⤵
  PID:6620
- C:\Windows\System\kIdkGZs.exe
  C:\Windows\System\kIdkGZs.exe
  2⤵
  PID:6900
- C:\Windows\System\KjrdEQR.exe
  C:\Windows\System\KjrdEQR.exe
  2⤵
  PID:7020
- C:\Windows\System\gMHNULg.exe
  C:\Windows\System\gMHNULg.exe
  2⤵
  PID:876
- C:\Windows\System\pOTfmao.exe
  C:\Windows\System\pOTfmao.exe
  2⤵
  PID:2760
- C:\Windows\System\SplLjcB.exe
  C:\Windows\System\SplLjcB.exe
  2⤵
  PID:6024
- C:\Windows\System\aMotpxe.exe
  C:\Windows\System\aMotpxe.exe
  2⤵
  PID:2248
- C:\Windows\System\bMwHjhQ.exe
  C:\Windows\System\bMwHjhQ.exe
  2⤵
  PID:7196
- C:\Windows\System\LdOJiUE.exe
  C:\Windows\System\LdOJiUE.exe
  2⤵
  PID:7320
- C:\Windows\System\nPtAJlR.exe
  C:\Windows\System\nPtAJlR.exe
  2⤵
  PID:7256
- C:\Windows\System\jJfqoDy.exe
  C:\Windows\System\jJfqoDy.exe
  2⤵
  PID:7364
- C:\Windows\System\WZFsnLr.exe
  C:\Windows\System\WZFsnLr.exe
  2⤵
  PID:7404
- C:\Windows\System\gQCPpct.exe
  C:\Windows\System\gQCPpct.exe
  2⤵
  PID:7460
- C:\Windows\System\ICXOfYh.exe
  C:\Windows\System\ICXOfYh.exe
  2⤵
  PID:7560
- C:\Windows\System\FogNveL.exe
  C:\Windows\System\FogNveL.exe
  2⤵
  PID:7596
- C:\Windows\System\hNCvohl.exe
  C:\Windows\System\hNCvohl.exe
  2⤵
  PID:2256
- C:\Windows\System\iXcnRtL.exe
  C:\Windows\System\iXcnRtL.exe
  2⤵
  PID:7656
- C:\Windows\System\JAiwBeZ.exe
  C:\Windows\System\JAiwBeZ.exe
  2⤵
  PID:7776
- C:\Windows\System\wTGuXtP.exe
  C:\Windows\System\wTGuXtP.exe
  2⤵
  PID:7844
- C:\Windows\System\lYJdOpJ.exe
  C:\Windows\System\lYJdOpJ.exe
  2⤵
  PID:7784
- C:\Windows\System\GeNyWFY.exe
  C:\Windows\System\GeNyWFY.exe
  2⤵
  PID:7960
- C:\Windows\System\UdQjCPC.exe
  C:\Windows\System\UdQjCPC.exe
  2⤵
  PID:7956
- C:\Windows\System\DBCZqof.exe
  C:\Windows\System\DBCZqof.exe
  2⤵
  PID:7984
- C:\Windows\System\uOePCAP.exe
  C:\Windows\System\uOePCAP.exe
  2⤵
  PID:1896
- C:\Windows\System\qkxSieq.exe
  C:\Windows\System\qkxSieq.exe
  2⤵
  PID:1724
- C:\Windows\System\vumRzjy.exe
  C:\Windows\System\vumRzjy.exe
  2⤵
  PID:6396
- C:\Windows\System\nDHmRZH.exe
  C:\Windows\System\nDHmRZH.exe
  2⤵
  PID:2692
- C:\Windows\System\maKADrc.exe
  C:\Windows\System\maKADrc.exe
  2⤵
  PID:6444
- C:\Windows\System\AEUtcEw.exe
  C:\Windows\System\AEUtcEw.exe
  2⤵
  PID:7128
- C:\Windows\System\hjYfTdh.exe
  C:\Windows\System\hjYfTdh.exe
  2⤵
  PID:7040
- C:\Windows\System\kvqSSUZ.exe
  C:\Windows\System\kvqSSUZ.exe
  2⤵
  PID:4512
- C:\Windows\System\kYBbHbo.exe
  C:\Windows\System\kYBbHbo.exe
  2⤵
  PID:5672
- C:\Windows\System\GGlLwNu.exe
  C:\Windows\System\GGlLwNu.exe
  2⤵
  PID:7180
- C:\Windows\System\JCKaDcR.exe
  C:\Windows\System\JCKaDcR.exe
  2⤵
  PID:7332
- C:\Windows\System\dcFvufN.exe
  C:\Windows\System\dcFvufN.exe
  2⤵
  PID:7400
- C:\Windows\System\LEaiQLN.exe
  C:\Windows\System\LEaiQLN.exe
  2⤵
  PID:7484
- C:\Windows\System\ULoOKkL.exe
  C:\Windows\System\ULoOKkL.exe
  2⤵
  PID:7520
- C:\Windows\System\UtcTVaT.exe
  C:\Windows\System\UtcTVaT.exe
  2⤵
  PID:7720
- C:\Windows\System\xgqOlSe.exe
  C:\Windows\System\xgqOlSe.exe
  2⤵
  PID:7716
- C:\Windows\System\lmxteZr.exe
  C:\Windows\System\lmxteZr.exe
  2⤵
  PID:7820
- C:\Windows\System\WvZrJQC.exe
  C:\Windows\System\WvZrJQC.exe
  2⤵
  PID:7904
- C:\Windows\System\vgzBQaG.exe
  C:\Windows\System\vgzBQaG.exe
  2⤵
  PID:8064
- C:\Windows\System\PpBFVfG.exe
  C:\Windows\System\PpBFVfG.exe
  2⤵
  PID:8044
- C:\Windows\System\FcgPjEy.exe
  C:\Windows\System\FcgPjEy.exe
  2⤵
  PID:8208
- C:\Windows\System\JzpwdJM.exe
  C:\Windows\System\JzpwdJM.exe
  2⤵
  PID:8228
- C:\Windows\System\BtmRJHc.exe
  C:\Windows\System\BtmRJHc.exe
  2⤵
  PID:8248
- C:\Windows\System\WQNsdrf.exe
  C:\Windows\System\WQNsdrf.exe
  2⤵
  PID:8268
- C:\Windows\System\wbNWYCK.exe
  C:\Windows\System\wbNWYCK.exe
  2⤵
  PID:8288
- C:\Windows\System\fofdTvU.exe
  C:\Windows\System\fofdTvU.exe
  2⤵
  PID:8308
- C:\Windows\System\nRhsUzO.exe
  C:\Windows\System\nRhsUzO.exe
  2⤵
  PID:8328
- C:\Windows\System\UDIEMMu.exe
  C:\Windows\System\UDIEMMu.exe
  2⤵
  PID:8348
- C:\Windows\System\ioEkSJO.exe
  C:\Windows\System\ioEkSJO.exe
  2⤵
  PID:8368
- C:\Windows\System\jyMVcQY.exe
  C:\Windows\System\jyMVcQY.exe
  2⤵
  PID:8388
- C:\Windows\System\fZPdnND.exe
  C:\Windows\System\fZPdnND.exe
  2⤵
  PID:8408
- C:\Windows\System\uEFgQDG.exe
  C:\Windows\System\uEFgQDG.exe
  2⤵
  PID:8432
- C:\Windows\System\pJglUFD.exe
  C:\Windows\System\pJglUFD.exe
  2⤵
  PID:8452
- C:\Windows\System\XJzNNqv.exe
  C:\Windows\System\XJzNNqv.exe
  2⤵
  PID:8472
- C:\Windows\System\CKbUOfZ.exe
  C:\Windows\System\CKbUOfZ.exe
  2⤵
  PID:8492
- C:\Windows\System\cSmpXRx.exe
  C:\Windows\System\cSmpXRx.exe
  2⤵
  PID:8512
- C:\Windows\System\tQTEpXp.exe
  C:\Windows\System\tQTEpXp.exe
  2⤵
  PID:8532
- C:\Windows\System\QuKoFUq.exe
  C:\Windows\System\QuKoFUq.exe
  2⤵
  PID:8552
- C:\Windows\System\XBjGIrP.exe
  C:\Windows\System\XBjGIrP.exe
  2⤵
  PID:8572
- C:\Windows\System\vwgZOSF.exe
  C:\Windows\System\vwgZOSF.exe
  2⤵
  PID:8592
- C:\Windows\System\XtpUYuZ.exe
  C:\Windows\System\XtpUYuZ.exe
  2⤵
  PID:8612
- C:\Windows\System\XAoKcsp.exe
  C:\Windows\System\XAoKcsp.exe
  2⤵
  PID:8632
- C:\Windows\System\cKudVET.exe
  C:\Windows\System\cKudVET.exe
  2⤵
  PID:8652
- C:\Windows\System\wIzjvhH.exe
  C:\Windows\System\wIzjvhH.exe
  2⤵
  PID:8672
- C:\Windows\System\aGFRbaF.exe
  C:\Windows\System\aGFRbaF.exe
  2⤵
  PID:8692
- C:\Windows\System\uOIvTCv.exe
  C:\Windows\System\uOIvTCv.exe
  2⤵
  PID:8712
- C:\Windows\System\hKYnWKQ.exe
  C:\Windows\System\hKYnWKQ.exe
  2⤵
  PID:8732
- C:\Windows\System\aqCBSVb.exe
  C:\Windows\System\aqCBSVb.exe
  2⤵
  PID:8752
- C:\Windows\System\gwUKWiC.exe
  C:\Windows\System\gwUKWiC.exe
  2⤵
  PID:8772
- C:\Windows\System\flitGGd.exe
  C:\Windows\System\flitGGd.exe
  2⤵
  PID:8792
- C:\Windows\System\aUEQAeU.exe
  C:\Windows\System\aUEQAeU.exe
  2⤵
  PID:8812
- C:\Windows\System\RRkyRQM.exe
  C:\Windows\System\RRkyRQM.exe
  2⤵
  PID:8832
- C:\Windows\System\vzPQSes.exe
  C:\Windows\System\vzPQSes.exe
  2⤵
  PID:8852
- C:\Windows\System\vLJkVcs.exe
  C:\Windows\System\vLJkVcs.exe
  2⤵
  PID:8868
- C:\Windows\System\qDddyVG.exe
  C:\Windows\System\qDddyVG.exe
  2⤵
  PID:8884
- C:\Windows\System\XnmwknM.exe
  C:\Windows\System\XnmwknM.exe
  2⤵
  PID:8900
- C:\Windows\System\fllwKCi.exe
  C:\Windows\System\fllwKCi.exe
  2⤵
  PID:8920
- C:\Windows\System\RZFhMie.exe
  C:\Windows\System\RZFhMie.exe
  2⤵
  PID:8936
- C:\Windows\System\NFwjlZF.exe
  C:\Windows\System\NFwjlZF.exe
  2⤵
  PID:8952
- C:\Windows\System\LooCVPq.exe
  C:\Windows\System\LooCVPq.exe
  2⤵
  PID:8968
- C:\Windows\System\mMrbnfh.exe
  C:\Windows\System\mMrbnfh.exe
  2⤵
  PID:8984
- C:\Windows\System\ACcGazH.exe
  C:\Windows\System\ACcGazH.exe
  2⤵
  PID:9036
- C:\Windows\System\MFUZUPs.exe
  C:\Windows\System\MFUZUPs.exe
  2⤵
  PID:9052
- C:\Windows\System\KeAvgjN.exe
  C:\Windows\System\KeAvgjN.exe
  2⤵
  PID:9068
- C:\Windows\System\HbqtIFd.exe
  C:\Windows\System\HbqtIFd.exe
  2⤵
  PID:9084
- C:\Windows\System\YoClOYD.exe
  C:\Windows\System\YoClOYD.exe
  2⤵
  PID:9100
- C:\Windows\System\mLVYAtc.exe
  C:\Windows\System\mLVYAtc.exe
  2⤵
  PID:9116
- C:\Windows\System\ArSlbCa.exe
  C:\Windows\System\ArSlbCa.exe
  2⤵
  PID:9132
- C:\Windows\System\GBSAjvy.exe
  C:\Windows\System\GBSAjvy.exe
  2⤵
  PID:9148
- C:\Windows\System\nzTlzYO.exe
  C:\Windows\System\nzTlzYO.exe
  2⤵
  PID:9164
- C:\Windows\System\sHAcOiO.exe
  C:\Windows\System\sHAcOiO.exe
  2⤵
  PID:9180
- C:\Windows\System\auMUReo.exe
  C:\Windows\System\auMUReo.exe
  2⤵
  PID:7000
- C:\Windows\System\RrDyGzT.exe
  C:\Windows\System\RrDyGzT.exe
  2⤵
  PID:6664
- C:\Windows\System\Nnriqwf.exe
  C:\Windows\System\Nnriqwf.exe
  2⤵
  PID:2832
- C:\Windows\System\pkRRXQZ.exe
  C:\Windows\System\pkRRXQZ.exe
  2⤵
  PID:7216
- C:\Windows\System\XGyMfnp.exe
  C:\Windows\System\XGyMfnp.exe
  2⤵
  PID:7212
- C:\Windows\System\ZXNydsV.exe
  C:\Windows\System\ZXNydsV.exe
  2⤵
  PID:7376
- C:\Windows\System\RGLEsRQ.exe
  C:\Windows\System\RGLEsRQ.exe
  2⤵
  PID:7556
- C:\Windows\System\WBrwkLb.exe
  C:\Windows\System\WBrwkLb.exe
  2⤵
  PID:7756
- C:\Windows\System\hJssXKY.exe
  C:\Windows\System\hJssXKY.exe
  2⤵
  PID:2608
- C:\Windows\System\UEgsBxx.exe
  C:\Windows\System\UEgsBxx.exe
  2⤵
  PID:7896
- C:\Windows\System\LMlnTUx.exe
  C:\Windows\System\LMlnTUx.exe
  2⤵
  PID:7884
- C:\Windows\System\YyJqeid.exe
  C:\Windows\System\YyJqeid.exe
  2⤵
  PID:8204
- C:\Windows\System\IEpqZYh.exe
  C:\Windows\System\IEpqZYh.exe
  2⤵
  PID:8220
- C:\Windows\System\JxKJPDI.exe
  C:\Windows\System\JxKJPDI.exe
  2⤵
  PID:8236
- C:\Windows\System\bLzphsr.exe
  C:\Windows\System\bLzphsr.exe
  2⤵
  PID:8240
- C:\Windows\System\kLGXimo.exe
  C:\Windows\System\kLGXimo.exe
  2⤵
  PID:8280
- C:\Windows\System\DliagDS.exe
  C:\Windows\System\DliagDS.exe
  2⤵
  PID:8320
- C:\Windows\System\GDhBSPJ.exe
  C:\Windows\System\GDhBSPJ.exe
  2⤵
  PID:8364
- C:\Windows\System\Uhobiwn.exe
  C:\Windows\System\Uhobiwn.exe
  2⤵
  PID:8360
- C:\Windows\System\CWvhxvU.exe
  C:\Windows\System\CWvhxvU.exe
  2⤵
  PID:8396
- C:\Windows\System\ANbncrP.exe
  C:\Windows\System\ANbncrP.exe
  2⤵
  PID:8468
- C:\Windows\System\MgkJAhV.exe
  C:\Windows\System\MgkJAhV.exe
  2⤵
  PID:8564
- C:\Windows\System\FKwPdGd.exe
  C:\Windows\System\FKwPdGd.exe
  2⤵
  PID:8620
- C:\Windows\System\moDNlyq.exe
  C:\Windows\System\moDNlyq.exe
  2⤵
  PID:8604
- C:\Windows\System\RgnVXHS.exe
  C:\Windows\System\RgnVXHS.exe
  2⤵
  PID:8664
- C:\Windows\System\kjXrRxY.exe
  C:\Windows\System\kjXrRxY.exe
  2⤵
  PID:8700
- C:\Windows\System\aViHaCz.exe
  C:\Windows\System\aViHaCz.exe
  2⤵
  PID:8760
- C:\Windows\System\kcRYywP.exe
  C:\Windows\System\kcRYywP.exe
  2⤵
  PID:8788
- C:\Windows\System\DxdygKx.exe
  C:\Windows\System\DxdygKx.exe
  2⤵
  PID:8828
- C:\Windows\System\sNAamAs.exe
  C:\Windows\System\sNAamAs.exe
  2⤵
  PID:8840
- C:\Windows\System\SaclPYT.exe
  C:\Windows\System\SaclPYT.exe
  2⤵
  PID:8864
- C:\Windows\System\IeZflhj.exe
  C:\Windows\System\IeZflhj.exe
  2⤵
  PID:8896
- C:\Windows\System\vBBfTnY.exe
  C:\Windows\System\vBBfTnY.exe
  2⤵
  PID:8928
- C:\Windows\System\dokBQDV.exe
  C:\Windows\System\dokBQDV.exe
  2⤵
  PID:8960
- C:\Windows\System\RvunKLr.exe
  C:\Windows\System\RvunKLr.exe
  2⤵
  PID:8992
- C:\Windows\System\wkeGxtl.exe
  C:\Windows\System\wkeGxtl.exe
  2⤵
  PID:9008
- C:\Windows\System\nPGTqLH.exe
  C:\Windows\System\nPGTqLH.exe
  2⤵
  PID:9024
- C:\Windows\System\xyiJdhE.exe
  C:\Windows\System\xyiJdhE.exe
  2⤵
  PID:9044
- C:\Windows\System\OUMPVfB.exe
  C:\Windows\System\OUMPVfB.exe
  2⤵
  PID:9064
- C:\Windows\System\CmaaRHo.exe
  C:\Windows\System\CmaaRHo.exe
  2⤵
  PID:9096
- C:\Windows\System\iflBoyS.exe
  C:\Windows\System\iflBoyS.exe
  2⤵
  PID:9112
- C:\Windows\System\BEVWrcP.exe
  C:\Windows\System\BEVWrcP.exe
  2⤵
  PID:9160
- C:\Windows\System\afcICoz.exe
  C:\Windows\System\afcICoz.exe
  2⤵
  PID:9208
- C:\Windows\System\dkRapqH.exe
  C:\Windows\System\dkRapqH.exe
  2⤵
  PID:8120
- C:\Windows\System\pWYsxgD.exe
  C:\Windows\System\pWYsxgD.exe
  2⤵
  PID:5824
- C:\Windows\System\rvkzOOq.exe
  C:\Windows\System\rvkzOOq.exe
  2⤵
  PID:7236
- C:\Windows\System\LJtyMhK.exe
  C:\Windows\System\LJtyMhK.exe
  2⤵
  PID:7760
- C:\Windows\System\SpjrStN.exe
  C:\Windows\System\SpjrStN.exe
  2⤵
  PID:7676
- C:\Windows\System\Fqpreyj.exe
  C:\Windows\System\Fqpreyj.exe
  2⤵
  PID:7800
- C:\Windows\System\ZdBZudW.exe
  C:\Windows\System\ZdBZudW.exe
  2⤵
  PID:8324
- C:\Windows\System\JcVFDmd.exe
  C:\Windows\System\JcVFDmd.exe
  2⤵
  PID:8384
- C:\Windows\System\QiKubNd.exe
  C:\Windows\System\QiKubNd.exe
  2⤵
  PID:8460
- C:\Windows\System\cOFpkwp.exe
  C:\Windows\System\cOFpkwp.exe
  2⤵
  PID:264
- C:\Windows\System\lFrvLYy.exe
  C:\Windows\System\lFrvLYy.exe
  2⤵
  PID:8504
- C:\Windows\System\ieoXUmt.exe
  C:\Windows\System\ieoXUmt.exe
  2⤵
  PID:2636
- C:\Windows\System\VTkuOQE.exe
  C:\Windows\System\VTkuOQE.exe
  2⤵
  PID:8548
- C:\Windows\System\RCihRgL.exe
  C:\Windows\System\RCihRgL.exe
  2⤵
  PID:2684
- C:\Windows\System\surAkcl.exe
  C:\Windows\System\surAkcl.exe
  2⤵
  PID:984
- C:\Windows\System\YZWCGuK.exe
  C:\Windows\System\YZWCGuK.exe
  2⤵
  PID:8608
- C:\Windows\System\Onqocxx.exe
  C:\Windows\System\Onqocxx.exe
  2⤵
  PID:1432
- C:\Windows\System\CpFvcDO.exe
  C:\Windows\System\CpFvcDO.exe
  2⤵
  PID:8684
- C:\Windows\System\YleGgsu.exe
  C:\Windows\System\YleGgsu.exe
  2⤵
  PID:1628
- C:\Windows\System\jxbacHf.exe
  C:\Windows\System\jxbacHf.exe
  2⤵
  PID:6324
- C:\Windows\System\iRoRKON.exe
  C:\Windows\System\iRoRKON.exe
  2⤵
  PID:1364
- C:\Windows\System\YVweSVD.exe
  C:\Windows\System\YVweSVD.exe
  2⤵
  PID:8744
- C:\Windows\System\iunZblN.exe
  C:\Windows\System\iunZblN.exe
  2⤵
  PID:8892
- C:\Windows\System\ydsswfW.exe
  C:\Windows\System\ydsswfW.exe
  2⤵
  PID:2836
- C:\Windows\System\xOUYIRV.exe
  C:\Windows\System\xOUYIRV.exe
  2⤵
  PID:8916
- C:\Windows\System\IObcsGv.exe
  C:\Windows\System\IObcsGv.exe
  2⤵
  PID:9092
- C:\Windows\System\qzIRdRf.exe
  C:\Windows\System\qzIRdRf.exe
  2⤵
  PID:9140
- C:\Windows\System\CVezcsf.exe
  C:\Windows\System\CVezcsf.exe
  2⤵
  PID:9192
- C:\Windows\System\eHJFTRj.exe
  C:\Windows\System\eHJFTRj.exe
  2⤵
  PID:9188
- C:\Windows\System\xPkzntF.exe
  C:\Windows\System\xPkzntF.exe
  2⤵
  PID:1284
- C:\Windows\System\zprEliK.exe
  C:\Windows\System\zprEliK.exe
  2⤵
  PID:6464
- C:\Windows\System\jnxtFMa.exe
  C:\Windows\System\jnxtFMa.exe
  2⤵
  PID:2036
- C:\Windows\System\GIwLSwj.exe
  C:\Windows\System\GIwLSwj.exe
  2⤵
  PID:7276
- C:\Windows\System\rscVdcF.exe
  C:\Windows\System\rscVdcF.exe
  2⤵
  PID:2140
- C:\Windows\System\AfudbKT.exe
  C:\Windows\System\AfudbKT.exe
  2⤵
  PID:1804
- C:\Windows\System\QwRLDoN.exe
  C:\Windows\System\QwRLDoN.exe
  2⤵
  PID:2236
- C:\Windows\System\VeRhkAN.exe
  C:\Windows\System\VeRhkAN.exe
  2⤵
  PID:7580
- C:\Windows\System\bGIKdER.exe
  C:\Windows\System\bGIKdER.exe
  2⤵
  PID:7976
- C:\Windows\System\MveNTbq.exe
  C:\Windows\System\MveNTbq.exe
  2⤵
  PID:7980
- C:\Windows\System\MvwRxvv.exe
  C:\Windows\System\MvwRxvv.exe
  2⤵
  PID:8224
- C:\Windows\System\FyazcQd.exe
  C:\Windows\System\FyazcQd.exe
  2⤵
  PID:2808
- C:\Windows\System\vwFidWZ.exe
  C:\Windows\System\vwFidWZ.exe
  2⤵
  PID:8420
- C:\Windows\System\MOawLwN.exe
  C:\Windows\System\MOawLwN.exe
  2⤵
  PID:8584
- C:\Windows\System\TaZSdWw.exe
  C:\Windows\System\TaZSdWw.exe
  2⤵
  PID:8644
- C:\Windows\System\CVmbfWi.exe
  C:\Windows\System\CVmbfWi.exe
  2⤵
  PID:7544
- C:\Windows\System\wcCJJth.exe
  C:\Windows\System\wcCJJth.exe
  2⤵
  PID:2676
- C:\Windows\System\DtbfEmU.exe
  C:\Windows\System\DtbfEmU.exe
  2⤵
  PID:1964
- C:\Windows\System\LnPncRU.exe
  C:\Windows\System\LnPncRU.exe
  2⤵
  PID:904
- C:\Windows\System\RiIpdHA.exe
  C:\Windows\System\RiIpdHA.exe
  2⤵
  PID:444
- C:\Windows\System\tdzVCXa.exe
  C:\Windows\System\tdzVCXa.exe
  2⤵
  PID:2820
- C:\Windows\System\VsbVmYE.exe
  C:\Windows\System\VsbVmYE.exe
  2⤵
  PID:8724
- C:\Windows\System\jzquLlg.exe
  C:\Windows\System\jzquLlg.exe
  2⤵
  PID:8804
- C:\Windows\System\XYJXfsY.exe
  C:\Windows\System\XYJXfsY.exe
  2⤵
  PID:9080
- C:\Windows\System\TBIqTpB.exe
  C:\Windows\System\TBIqTpB.exe
  2⤵
  PID:9032
- C:\Windows\System\SXErHGd.exe
  C:\Windows\System\SXErHGd.exe
  2⤵
  PID:1264
- C:\Windows\System\msTuIGr.exe
  C:\Windows\System\msTuIGr.exe
  2⤵
  PID:2892
- C:\Windows\System\FRCksIC.exe
  C:\Windows\System\FRCksIC.exe
  2⤵
  PID:2724
- C:\Windows\System\hzoKBQH.exe
  C:\Windows\System\hzoKBQH.exe
  2⤵
  PID:8164
- C:\Windows\System\HzmrUYJ.exe
  C:\Windows\System\HzmrUYJ.exe
  2⤵
  PID:8284
- C:\Windows\System\PPkkSnC.exe
  C:\Windows\System\PPkkSnC.exe
  2⤵
  PID:8680
- C:\Windows\System\BTwAcUZ.exe
  C:\Windows\System\BTwAcUZ.exe
  2⤵
  PID:8764
- C:\Windows\System\uQxCRxN.exe
  C:\Windows\System\uQxCRxN.exe
  2⤵
  PID:9004
- C:\Windows\System\qAXqLMA.exe
  C:\Windows\System\qAXqLMA.exe
  2⤵
  PID:8980
- C:\Windows\System\retpWBW.exe
  C:\Windows\System\retpWBW.exe
  2⤵
  PID:8500
- C:\Windows\System\dPzbYnN.exe
  C:\Windows\System\dPzbYnN.exe
  2⤵
  PID:1580
- C:\Windows\System\PpzVmXD.exe
  C:\Windows\System\PpzVmXD.exe
  2⤵
  PID:2144
- C:\Windows\System\kVMQGxi.exe
  C:\Windows\System\kVMQGxi.exe
  2⤵
  PID:2752
- C:\Windows\System\PvusFho.exe
  C:\Windows\System\PvusFho.exe
  2⤵
  PID:2652
- C:\Windows\System\RdkctGY.exe
  C:\Windows\System\RdkctGY.exe
  2⤵
  PID:1164
- C:\Windows\System\wQiveiJ.exe
  C:\Windows\System\wQiveiJ.exe
  2⤵
  PID:2876
- C:\Windows\System\sZjYQFV.exe
  C:\Windows\System\sZjYQFV.exe
  2⤵
  PID:652
- C:\Windows\System\sitXeNi.exe
  C:\Windows\System\sitXeNi.exe
  2⤵
  PID:8380
- C:\Windows\System\bCNKkvs.exe
  C:\Windows\System\bCNKkvs.exe
  2⤵
  PID:3480
- C:\Windows\System\TKFundS.exe
  C:\Windows\System\TKFundS.exe
  2⤵
  PID:8660
- C:\Windows\System\uAbxAgB.exe
  C:\Windows\System\uAbxAgB.exe
  2⤵
  PID:8144
- C:\Windows\System\UdiUELK.exe
  C:\Windows\System\UdiUELK.exe
  2⤵
  PID:5860
- C:\Windows\System\VaSeooc.exe
  C:\Windows\System\VaSeooc.exe
  2⤵
  PID:576
- C:\Windows\System\QaCEvab.exe
  C:\Windows\System\QaCEvab.exe
  2⤵
  PID:8264
- C:\Windows\System\RuFLuoU.exe
  C:\Windows\System\RuFLuoU.exe
  2⤵
  PID:7964
- C:\Windows\System\rAJqazd.exe
  C:\Windows\System\rAJqazd.exe
  2⤵
  PID:3056
- C:\Windows\System\yigFlSe.exe
  C:\Windows\System\yigFlSe.exe
  2⤵
  PID:8912
- C:\Windows\System\XEKgKEc.exe
  C:\Windows\System\XEKgKEc.exe
  2⤵
  PID:8196
- C:\Windows\System\kXuvhbT.exe
  C:\Windows\System\kXuvhbT.exe
  2⤵
  PID:2928
- C:\Windows\System\jDJQfWH.exe
  C:\Windows\System\jDJQfWH.exe
  2⤵
  PID:9232
- C:\Windows\System\igOMdOc.exe
  C:\Windows\System\igOMdOc.exe
  2⤵
  PID:9260
- C:\Windows\System\brldJug.exe
  C:\Windows\System\brldJug.exe
  2⤵
  PID:9276
- C:\Windows\System\zlsuzVu.exe
  C:\Windows\System\zlsuzVu.exe
  2⤵
  PID:9292
- C:\Windows\System\VwdNGCG.exe
  C:\Windows\System\VwdNGCG.exe
  2⤵
  PID:9308
- C:\Windows\System\ajJNsNs.exe
  C:\Windows\System\ajJNsNs.exe
  2⤵
  PID:9324
- C:\Windows\System\LfzewZm.exe
  C:\Windows\System\LfzewZm.exe
  2⤵
  PID:9340
- C:\Windows\System\xJpuWaa.exe
  C:\Windows\System\xJpuWaa.exe
  2⤵
  PID:9356
- C:\Windows\System\fHDKtoq.exe
  C:\Windows\System\fHDKtoq.exe
  2⤵
  PID:9376
- C:\Windows\System\gruoiml.exe
  C:\Windows\System\gruoiml.exe
  2⤵
  PID:9396
- C:\Windows\System\xgVackW.exe
  C:\Windows\System\xgVackW.exe
  2⤵
  PID:9424
- C:\Windows\System\WPYlgsi.exe
  C:\Windows\System\WPYlgsi.exe
  2⤵
  PID:9460
- C:\Windows\System\pnodTjr.exe
  C:\Windows\System\pnodTjr.exe
  2⤵
  PID:9476
- C:\Windows\System\rxkJkws.exe
  C:\Windows\System\rxkJkws.exe
  2⤵
  PID:9500
- C:\Windows\System\ZtPcSTx.exe
  C:\Windows\System\ZtPcSTx.exe
  2⤵
  PID:9520
- C:\Windows\System\RXWoHdL.exe
  C:\Windows\System\RXWoHdL.exe
  2⤵
  PID:9536
- C:\Windows\System\uoFCGrC.exe
  C:\Windows\System\uoFCGrC.exe
  2⤵
  PID:9560
- C:\Windows\System\wbvEdSz.exe
  C:\Windows\System\wbvEdSz.exe
  2⤵
  PID:9580
- C:\Windows\System\DqbOtLX.exe
  C:\Windows\System\DqbOtLX.exe
  2⤵
  PID:9596
- C:\Windows\System\nWgRaUv.exe
  C:\Windows\System\nWgRaUv.exe
  2⤵
  PID:9624
- C:\Windows\System\mXzxwHY.exe
  C:\Windows\System\mXzxwHY.exe
  2⤵
  PID:9640
- C:\Windows\System\tWiNinl.exe
  C:\Windows\System\tWiNinl.exe
  2⤵
  PID:9656
- C:\Windows\System\rYXHyNY.exe
  C:\Windows\System\rYXHyNY.exe
  2⤵
  PID:9672
- C:\Windows\System\uSUOBKG.exe
  C:\Windows\System\uSUOBKG.exe
  2⤵
  PID:9688
- C:\Windows\System\xBfhuoD.exe
  C:\Windows\System\xBfhuoD.exe
  2⤵
  PID:9704
- C:\Windows\System\NTkfNqC.exe
  C:\Windows\System\NTkfNqC.exe
  2⤵
  PID:9720
- C:\Windows\System\QEODcUI.exe
  C:\Windows\System\QEODcUI.exe
  2⤵
  PID:9736
- C:\Windows\System\mycOZxn.exe
  C:\Windows\System\mycOZxn.exe
  2⤵
  PID:9752
- C:\Windows\System\SXoqHIO.exe
  C:\Windows\System\SXoqHIO.exe
  2⤵
  PID:9768
- C:\Windows\System\zjBOGXs.exe
  C:\Windows\System\zjBOGXs.exe
  2⤵
  PID:9784
- C:\Windows\System\VspXYzM.exe
  C:\Windows\System\VspXYzM.exe
  2⤵
  PID:9800
- C:\Windows\System\JdmcXHW.exe
  C:\Windows\System\JdmcXHW.exe
  2⤵
  PID:9816
- C:\Windows\System\huWItng.exe
  C:\Windows\System\huWItng.exe
  2⤵
  PID:9836
- C:\Windows\System\HBytUWa.exe
  C:\Windows\System\HBytUWa.exe
  2⤵
  PID:9864
- C:\Windows\System\UVLRRQO.exe
  C:\Windows\System\UVLRRQO.exe
  2⤵
  PID:9920
- C:\Windows\System\vpCOMjf.exe
  C:\Windows\System\vpCOMjf.exe
  2⤵
  PID:9944
- C:\Windows\System\EuDEKkH.exe
  C:\Windows\System\EuDEKkH.exe
  2⤵
  PID:9960
- C:\Windows\System\ZbnvFMK.exe
  C:\Windows\System\ZbnvFMK.exe
  2⤵
  PID:9984
- C:\Windows\System\FxejTBo.exe
  C:\Windows\System\FxejTBo.exe
  2⤵
  PID:10000
- C:\Windows\System\zChjveq.exe
  C:\Windows\System\zChjveq.exe
  2⤵
  PID:10016
- C:\Windows\System\ZptpBkn.exe
  C:\Windows\System\ZptpBkn.exe
  2⤵
  PID:10032
- C:\Windows\System\DBdlvZf.exe
  C:\Windows\System\DBdlvZf.exe
  2⤵
  PID:10052
- C:\Windows\System\KZHPoCL.exe
  C:\Windows\System\KZHPoCL.exe
  2⤵
  PID:10068
- C:\Windows\System\XHuPcis.exe
  C:\Windows\System\XHuPcis.exe
  2⤵
  PID:10088
- C:\Windows\System\RDehOCW.exe
  C:\Windows\System\RDehOCW.exe
  2⤵
  PID:10104
- C:\Windows\System\dSdWuRF.exe
  C:\Windows\System\dSdWuRF.exe
  2⤵
  PID:10120
- C:\Windows\System\bhldaTU.exe
  C:\Windows\System\bhldaTU.exe
  2⤵
  PID:10136
- C:\Windows\System\ocspGvi.exe
  C:\Windows\System\ocspGvi.exe
  2⤵
  PID:10152
- C:\Windows\System\jpFPYyw.exe
  C:\Windows\System\jpFPYyw.exe
  2⤵
  PID:10168
- C:\Windows\System\dzojsid.exe
  C:\Windows\System\dzojsid.exe
  2⤵
  PID:10184
- C:\Windows\System\aiQbhAz.exe
  C:\Windows\System\aiQbhAz.exe
  2⤵
  PID:10200
- C:\Windows\System\ecSeQYY.exe
  C:\Windows\System\ecSeQYY.exe
  2⤵
  PID:10216
- C:\Windows\System\FZYlOUv.exe
  C:\Windows\System\FZYlOUv.exe
  2⤵
  PID:10232
- C:\Windows\System\riSrijy.exe
  C:\Windows\System\riSrijy.exe
  2⤵
  PID:9220
- C:\Windows\System\FHsaCuT.exe
  C:\Windows\System\FHsaCuT.exe
  2⤵
  PID:9336
- C:\Windows\System\JUnncVs.exe
  C:\Windows\System\JUnncVs.exe
  2⤵
  PID:9368
- C:\Windows\System\GgJJSFy.exe
  C:\Windows\System\GgJJSFy.exe
  2⤵
  PID:9248
- C:\Windows\System\nrHgqwJ.exe
  C:\Windows\System\nrHgqwJ.exe
  2⤵
  PID:9320
- C:\Windows\System\DSekIOn.exe
  C:\Windows\System\DSekIOn.exe
  2⤵
  PID:9448
- C:\Windows\System\uptQCqj.exe
  C:\Windows\System\uptQCqj.exe
  2⤵
  PID:9484
- C:\Windows\System\LEQkuUu.exe
  C:\Windows\System\LEQkuUu.exe
  2⤵
  PID:9492
- C:\Windows\System\JpvXVpJ.exe
  C:\Windows\System\JpvXVpJ.exe
  2⤵
  PID:9532
- C:\Windows\System\mZDzjce.exe
  C:\Windows\System\mZDzjce.exe
  2⤵
  PID:9576
- C:\Windows\System\rWobCjR.exe
  C:\Windows\System\rWobCjR.exe
  2⤵
  PID:9608
- C:\Windows\System\nNXChgG.exe
  C:\Windows\System\nNXChgG.exe
  2⤵
  PID:9664
- C:\Windows\System\wtQOAyt.exe
  C:\Windows\System\wtQOAyt.exe
  2⤵
  PID:9732
- C:\Windows\System\xVfNycc.exe
  C:\Windows\System\xVfNycc.exe
  2⤵
  PID:9796
- C:\Windows\System\JDmXxvK.exe
  C:\Windows\System\JDmXxvK.exe
  2⤵
  PID:9876
- C:\Windows\System\uekQxgz.exe
  C:\Windows\System\uekQxgz.exe
  2⤵
  PID:9900
- C:\Windows\System\KYruCWt.exe
  C:\Windows\System\KYruCWt.exe
  2⤵
  PID:9776
- C:\Windows\System\ICybhDa.exe
  C:\Windows\System\ICybhDa.exe
  2⤵
  PID:9852
- C:\Windows\System\ZdCyqeB.exe
  C:\Windows\System\ZdCyqeB.exe
  2⤵
  PID:9880
- C:\Windows\System\cxpWpeg.exe
  C:\Windows\System\cxpWpeg.exe
  2⤵
  PID:9932
- C:\Windows\System\tBLOaaE.exe
  C:\Windows\System\tBLOaaE.exe
  2⤵
  PID:9956
- C:\Windows\System\dsDuJRF.exe
  C:\Windows\System\dsDuJRF.exe
  2⤵
  PID:9992
- C:\Windows\System\lwqGJBB.exe
  C:\Windows\System\lwqGJBB.exe
  2⤵
  PID:10100
- C:\Windows\System\FJKgBCS.exe
  C:\Windows\System\FJKgBCS.exe
  2⤵
  PID:10160
- C:\Windows\System\NChwxtg.exe
  C:\Windows\System\NChwxtg.exe
  2⤵
  PID:10228
- C:\Windows\System\stoMLuv.exe
  C:\Windows\System\stoMLuv.exe
  2⤵
  PID:9404
- C:\Windows\System\ftJGbQc.exe
  C:\Windows\System\ftJGbQc.exe
  2⤵
  PID:9440
- C:\Windows\System\AjaVEee.exe
  C:\Windows\System\AjaVEee.exe
  2⤵
  PID:9556
- C:\Windows\System\utRXXYO.exe
  C:\Windows\System\utRXXYO.exe
  2⤵
  PID:9764
- C:\Windows\System\INPWioN.exe
  C:\Windows\System\INPWioN.exe
  2⤵
  PID:10044
- C:\Windows\System\BufeQXT.exe
  C:\Windows\System\BufeQXT.exe
  2⤵
  PID:10116
- C:\Windows\System\adKDIyH.exe
  C:\Windows\System\adKDIyH.exe
  2⤵
  PID:9884
- C:\Windows\System\USHcNXp.exe
  C:\Windows\System\USHcNXp.exe
  2⤵
  PID:10148
- C:\Windows\System\JLYmXgg.exe
  C:\Windows\System\JLYmXgg.exe
  2⤵
  PID:8488
- C:\Windows\System\fbkTQEs.exe
  C:\Windows\System\fbkTQEs.exe
  2⤵
  PID:9904
- C:\Windows\System\bAyVtbl.exe
  C:\Windows\System\bAyVtbl.exe
  2⤵
  PID:9284
- C:\Windows\System\SPdXjNd.exe
  C:\Windows\System\SPdXjNd.exe
  2⤵
  PID:9516
- C:\Windows\System\jYTliVh.exe
  C:\Windows\System\jYTliVh.exe
  2⤵
  PID:9604
- C:\Windows\System\dTOjpmx.exe
  C:\Windows\System\dTOjpmx.exe
  2⤵
  PID:9828
- C:\Windows\System\kQUQNXR.exe
  C:\Windows\System\kQUQNXR.exe
  2⤵
  PID:9680
- C:\Windows\System\tsKQgJn.exe
  C:\Windows\System\tsKQgJn.exe
  2⤵
  PID:9936
- C:\Windows\System\ezxcVzX.exe
  C:\Windows\System\ezxcVzX.exe
  2⤵
  PID:10128
- C:\Windows\System\CXgloPI.exe
  C:\Windows\System\CXgloPI.exe
  2⤵
  PID:9860
- C:\Windows\System\fmfGuzP.exe
  C:\Windows\System\fmfGuzP.exe
  2⤵
  PID:10064
- C:\Windows\System\GOJCeAu.exe
  C:\Windows\System\GOJCeAu.exe
  2⤵
  PID:980
- C:\Windows\System\QRglRtW.exe
  C:\Windows\System\QRglRtW.exe
  2⤵
  PID:9384
- C:\Windows\System\dfEteht.exe
  C:\Windows\System\dfEteht.exe
  2⤵
  PID:9488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DSWFlzO.exe

Filesize
6.0MB

MD5
6d01e05516c9ca718c56c0f229b4c838

SHA1
95c91c2e41da98a98c391755a8509ae2c75e7b8c

SHA256
fcfb34a64d8559d69192c42a94393bebd471bfea80a2217d164d3eb68b6c0bed

SHA512
d6e668dfb49aaef63c7bfd26970f0cb2dca5bfee8c301f27e26c1fb8d9d53fd31f2135ac0816f556895a7ee1641b2fee26decd8dbf3eea71c4e43da9b1e99023

Download Submit
C:\Windows\system\DnBOgxP.exe

Filesize
6.0MB

MD5
6225c007ee9999fd24a341b426756160

SHA1
7d3a4abaff1b98b6a81aab88770dee310d9ade8b

SHA256
9e09f974100eaa86fafc510662461e5a839541b4860debd8bdabcf32d315631a

SHA512
b2cf3d54662a43996ff34b6ea95988d4a566505dcc0878e1b7d71143554f6465385f372b727cd87a604fc2d6d012bcfb3eb149acc0ab4e111f587381305d4596

Download Submit
C:\Windows\system\GVbhEji.exe

Filesize
6.0MB

MD5
049b324899118bc42cae9e5921a7ce50

SHA1
97e2a5f628af8bb5adb0d08b91441082a6d4acc6

SHA256
fe86af6d82d42d0a907eab1a1c2916636525017edaeeef1c35a9b687d8a81fda

SHA512
4e52257dbac0c991cb416f9223b545b7dfbc8516a64e6792f8c80176ad990362df98ff7b20f844b0991c7e2aea2c417d384e841636d96b1ac5fedc466af4c76f

Download Submit
C:\Windows\system\HvdIZNF.exe

Filesize
6.0MB

MD5
39ef6476735401d26853a2a6a1325301

SHA1
a3a9fa312841ac25264c5f0d168e01c7bd08123a

SHA256
4d1ece1e93e2df0d3d842bb11de346dc24c531a2d868c17dfc9c1f0933921c38

SHA512
f0285614b84fa4f35fb7243b78124d05893565d1b2a7d098aeb968350e1f3510e4bf34fb537411e54301f0f137abe43e73e61a9773a0435749effcd007227ddc

Download Submit
C:\Windows\system\JOQCXYP.exe

Filesize
6.0MB

MD5
da6eed1b8733a31523308a771830fb69

SHA1
e978534577340d4cd9205400a458773712793319

SHA256
a685b8eed4e82f157ca1f02307a7a1261711dde4cbef4b6900f14a2eeef68489

SHA512
aaf5b7705c1a24b5dac94b5d50e0e271075b876c10c713ca8caf66a096c896ded942bb1e2d019d379976f756a06b4771a950746510d02e643eb7be8334bb74bc

Download Submit
C:\Windows\system\JvQWHDt.exe

Filesize
6.0MB

MD5
a0c7dbe92fec9c11817932d3711ac237

SHA1
892fbbd4d430f658e3fbed0ee493bbdb0f932552

SHA256
406ff87abe23877ef3b9ee2f42c9e584beb797bcc7d17429a5ed9b3f830bb938

SHA512
acdcbf29d7697adb28527e6732cc6c3fdb9d1a6c56d20a33e3caf0d8d3b4693b4b2970fa962ecf71a88b557916ac6e606d0a3ffe303534b0059103f9db123f70

Download Submit
C:\Windows\system\KkQFyUr.exe

Filesize
6.0MB

MD5
17f5f70cd09a77dfa0b43841e7e288a0

SHA1
6891983a42231170cd7bc3cdcca9dac857ac8196

SHA256
3c682450ca0308bbb190ccfbe75a6feb0141b2eb812b0659994059b84039852f

SHA512
53489be8248594fd89012cffb2d76a1002cf1a61ed8a446be6902441f99569ae2dbf37ef0c2079bcc8b02592057e774f142ad0615f9938ff54d8dbd2c976b0fe

Download Submit
C:\Windows\system\Kknqhcv.exe

Filesize
6.0MB

MD5
8497663b266f09504f662cf2ddd9ca7c

SHA1
62f5e472a77493c45feddb301ebf289bc62de1da

SHA256
14d2a3cff2cb4f26fe35965c2d0351af59bae2213a9808e65481ee2c4182dc9b

SHA512
2f64e750f90737a25a9971253b478afc9d0f95dd154285ae6ad90adfd171b5834ad40241ebe653346ef6328ad282ebcef7650cf0e29a35b7b5cad48fdf025800

Download Submit
C:\Windows\system\NrWdoCA.exe

Filesize
6.0MB

MD5
6400eec4cdbf58bf8a8f7687763b2d9c

SHA1
3c745019f694570df5982f8d800b4ab8fe738170

SHA256
c58cb3d48269fb6a6d460e54593c08b98742fa191166c0aad65028f967e4e1d0

SHA512
8fbbe697dc26535efb5fcb8a28316d7d56ee45f93bd673ee87f7fcc730fa46da5bc568d4cb4d805ad5c29aac4eafb6f472473709fa5eca1ff793b6c9e392bb44

Download Submit
C:\Windows\system\QcZjLNM.exe

Filesize
6.0MB

MD5
77ee9df68fc07883895e8edd7e315116

SHA1
6578e87b0956565c69ee94c4619e083d128f4f60

SHA256
f5d4a320ad3153294a67c8f23ffd4fa4b85016d49e9d8f4404b69b1f6c8e335e

SHA512
3ab767261e2d43ca651a550c82aae0241f4f2e6962042ec30e2e70610977c1b2dd0735241cfde7dbf59eba3482a1edd4f570fd133717c5c7a3a3967ceda68702

Download Submit
C:\Windows\system\ZCkEqCO.exe

Filesize
6.0MB

MD5
b28d84fed942351e1fc642ff88cb5300

SHA1
5070b2d112b521de9a396b43b1cc6717dd8f078f

SHA256
db4a58d05bc06a9b23c536961bf8fcaf0aa99a9ea6de9e544febe809baf48e5a

SHA512
fed1d51c29adcd3ca15896c67024f0ff0bdc0c5d34d0f1b57d754bb1bb3a258aac1305c434575e989be32a27bc2e80797f76d8dc80876da22485e7a4d5772c8a

Download Submit
C:\Windows\system\agIvPQa.exe

Filesize
6.0MB

MD5
f41a6ed612da5219ecd7a93af895c3ee

SHA1
4486f3eec48dbe1c0b87eb3bba79ca324038ec7a

SHA256
32099e9554ae54cd1c11d95f8559f21f0e6deb12f48829fe0eaab86c49b1f479

SHA512
61a6631b02850356131bb4ac70a019a6286afe1b1403a3682b5e67e42e53e932f7a74ed4ee9b462fa65b2aa0a09232c9adb420ce557fde91a6431789c6688f49

Download Submit
C:\Windows\system\eCIFnLH.exe

Filesize
6.0MB

MD5
1da4ca3451049a5339d72d45e280bbbc

SHA1
fac795392bc94de3bb7cbf452c98c4aec0a84320

SHA256
2ca6479a00d941050d59b0892b01fa3b403d1ebf4c4510edb8855cdec6cecca0

SHA512
0719a289a4a2ae7d5291d186ebdb411dd5f874bd97a4eeb9987438dc1e6b55f8b43d1235a8bf5068dcfa586e3bb6e01b1a0347652f34a7f6586edbbd05a22a2c

Download Submit
C:\Windows\system\iATjLzB.exe

Filesize
6.0MB

MD5
a2e654c6e4422f60e41ea68d181bb6ff

SHA1
274a9e04f63d3cedc25cec2a2923d8531ae853e4

SHA256
b738dd04e137e9526526a042cb8429c76e1301660ddadc863d6bf4349009c9c1

SHA512
0c823421fcef1b84a3d68547760eb2aaf56bbf4be2248309252a46d84452381c9da1be3409c2a479a395e1f4e8e03084a702125c3a0e42c9af53a80165339e41

Download Submit
C:\Windows\system\jPBKNQs.exe

Filesize
6.0MB

MD5
0ca646dc78ae2bab6e48e39c46731ce7

SHA1
eba3dc80a58d87a5d1505ee3c067ea98f0a0f4b0

SHA256
97d7c60a702c990198beb66dd77705020f71bdddb2938798949414cc71fdde5f

SHA512
143a01022bd3f0302fb5b0c6557cad860f6a88149ea821e8a8313d563b848badd783a2d21814167e41183b070ddf4c78bf9981ab436d023f99c267bdc0a10d71

Download Submit
C:\Windows\system\jpAbblI.exe

Filesize
6.0MB

MD5
a192ac9809e1822485e3372d0dc5b03e

SHA1
116550956748cb563f69799ef8bf2f5583f1b383

SHA256
c13b1dc8f967d426e7415a5c78ecc14dc08d27ce960605f149ea9ae7351e93d4

SHA512
46afc5eeb0f89c2d277ec32e5ba023710c31c2a7368349a912b9bcfb23f083a2696cc35238ffb9dafcb7552832179fea2d93833f75b9e5b741a0bf78cd0f0ab9

Download Submit
C:\Windows\system\nDzwoUE.exe

Filesize
6.0MB

MD5
ed0dbf42ef535e38c6ff246868d50384

SHA1
afe0cb95cc86e3790713f42b49ab28b310ff9ca5

SHA256
a1cefde99de0730524d343ffc0c42c94ff1f872080158161431bd4fe61c807d7

SHA512
e68de2bbf042806c2939fafa9bc7f55fd0de3990ac316c0d9c8aa6cbd1c86505d24452774aac01172e837d521d198682c5b623cb8c41b7cf8101656fd37f6029

Download Submit
C:\Windows\system\nxIggNK.exe

Filesize
6.0MB

MD5
97c4f320d3acd10c33934f706a0b5ed2

SHA1
f04fdf4d0d729ec4ccc7454accb5323d5cc89246

SHA256
48438f3964299fe10d79b9f11dcd0cbaab638a3ad5d4058fb35d8e8e060dfd4a

SHA512
a6a0f5010744c3fb6ca503e1501bdfab451c186c08b4f47ec6e1766feef1d8e97465bea127f985fb37a7c4badd12e059f92dfea23c44fb5e587355d619270ec0

Download Submit
C:\Windows\system\qazrpVt.exe

Filesize
6.0MB

MD5
f6358ad5c63c7d2bfa4204e213dd0f4f

SHA1
c287643f8eb2edfba1bd8c1b36ac11a32fcbeaf4

SHA256
51b2103ed3c82627332080bd3209172239117ad3c012856af4e255d652ba1c19

SHA512
22e4bcfddfa3954a8b06df7733a0ef88999f6d8c7f5013dcf1028db5446b4d24700340202f6551ddca97865906ae24057ae9077fe9abcd2800b75b541390d06c

Download Submit
C:\Windows\system\qdKurug.exe

Filesize
6.0MB

MD5
9bde24b6288c650ea3f8f6e614098b56

SHA1
c4098c17dbf1c818150b7018941d90031855709c

SHA256
51cae66abe34f2f9ce2b799b73841d277f44a678f12e55baaad54fb39e362e78

SHA512
5a031314faaea268ba496af03e9fdfaeb0e6b39bd03b067c4eb060d53c0d1fb55dd284882970cdde75aece0bce810585f0b8b6f5b1fefcd1062cd555bca85cee

Download Submit
C:\Windows\system\rTLWGxk.exe

Filesize
6.0MB

MD5
a6289b82b2d38b3f3b9accac7ff7f888

SHA1
a6932420d6df16a232798c2f001ec2f86184f625

SHA256
b528643020ac654e7ad7617ab4f089edcb89639f0674a604999870eea694896d

SHA512
a157de9676fb46fbb0632753da56b8fe9d43d97bbea4aafc46809096bd15fe79306d36f1675e4075b3e40c6c1a058098a1404b2a96ddb12a56f9af919775f87b

Download Submit
C:\Windows\system\sdUnFOD.exe

Filesize
6.0MB

MD5
949012598a61df19da9c949e6d749bab

SHA1
77e5ed6302c75f4f63f5767d8d124a9ed1ad999d

SHA256
5be9ba373c586c238d8feff10f3ebf0ea8057b30ee1003e2229156a4c6aaf795

SHA512
e0c9da9fded351985ea3d8ee1349883ab946fbc795ca74fb34e938e7bb269c1e9d51d9a17b54df4e1d4e06934c2ce92fdd110eefdf566fa49ff33cabd6426c0e

Download Submit
C:\Windows\system\tMQVHSc.exe

Filesize
6.0MB

MD5
8f3652b1f8f7c73790525e9e5a97191a

SHA1
4b06f848be9d98d4f478cde611a7bcda8e6207b2

SHA256
386de585f7de9845b9320e81d92a7a79997857a6795735ae5b283e6e270dae66

SHA512
46f82c7e099e0442fd44c947a8b37124df27ad04aa7a637301eb0c61d565f73ee99c4b63a8df1f1e870d8fc1d9fee630704980f056f727fd5d636f138320e6a7

Download Submit
C:\Windows\system\uqwSvce.exe

Filesize
6.0MB

MD5
ac9072ca8b84cb100dd7d6b879c68bca

SHA1
2f473cfa9939b1c487561180829c2f5258919e61

SHA256
105d8ac36eb1596b48a4d58bf4a7c0b01ecc4420457bb39ffe565071c3b1a332

SHA512
1ac6db0824a7d2b534bb9f09fa7f54024543dc9d8766c8aff44dd9f6002b9bfeb62e5ff033107c221e7e0e39168352bb10c997141ccf5c4807230aa205806585

Download Submit
C:\Windows\system\vbdqSxt.exe

Filesize
6.0MB

MD5
d698eae286968318ca753ad3b2b81f59

SHA1
3ed9fd2d211614b4d8793d6ba40e047a5902b24b

SHA256
7305cb346779c885fcab35e57e3fef1c50b23fa1f1029c8c097a28d84c3c4cac

SHA512
80db5b1678f4accd5174e35e914a9b87535acac9b4c42068b4ae1957357b07bb51341d32a10328e0adaeb16739e180a420f75e8fec06f0598bf4ede8e4e39929

Download Submit
C:\Windows\system\ypgtchL.exe

Filesize
6.0MB

MD5
b5b34d45ee6d6c9c7cf793046c75202d

SHA1
25efcf3caf4f6255c07239eb8c88b21e55f07c5f

SHA256
69fa0e3ecda2848b3b2d571281d73b9ecdb0101380996405480dbdf971754f21

SHA512
ee1e791fe9600fdab146716cf51be62e2aa9a8321e1b5d601dfd0caa61bb02b211354c14d7d4bf3dfc6498bc13d4b688a2ad3da7cbe64ea645ed10e5fc06301d

Download Submit
C:\Windows\system\zfFOFGD.exe

Filesize
6.0MB

MD5
2ea376b532f4e3749dd34eb58ea56c56

SHA1
fa8ef46e6af7fd17a768b6891dee10c3e43c0b88

SHA256
2b3c6e082784269ae5c5bd5d8c076aa79eda51b9e320755e4e73b24b521f6421

SHA512
5908fb36f3571a8da9467af104b517c3f9aded4a45e1c32417123cc6769bf1970087c0b0c820dcb11c200d42cd5c6464d06a1c3cc499042617110cf0dbafbc78

Download Submit
\Windows\system\VzroObl.exe

Filesize
6.0MB

MD5
a4f7eb844c87a4a242235eca750a842f

SHA1
bb1469e6eaadadef13d950b650297214598d1805

SHA256
a1d1562a972d7aa33eba10098cd72a2184f4109cdf79d2cf5cd16ae1874c75d6

SHA512
626a652399bfddf794f7cdedb7319d89d07589d208e66fceb16ea248e4bd84b1c285997204ce20523f54e233a2eb30706572ab4c7b305b303202ec958e17ac37

Download Submit
\Windows\system\XBOMtHe.exe

Filesize
6.0MB

MD5
334b8f87c6bf8878d4823e7c67cdfeab

SHA1
6a4098115843f289dae545c52d59f62021f775dd

SHA256
4c1fc9f2d155144ba6854c6074fa22a2ed8e163346b763d5fc145e7609dca936

SHA512
9fa2a21a48799e589083fe8fe5f4d4d40684a0c15a3887ef9c6798b0d3136debf0fed5756a7a02cc096e7616093353dbc2c4c12d6d8a336ab8a260e80cfaae3d

Download Submit
\Windows\system\ZgYihcG.exe

Filesize
6.0MB

MD5
d1ab1404dd2a472c675caad0b24068bc

SHA1
651c8857e09f0084b3819a3eb763b51a76ec2aae

SHA256
3a06f3670099f3c5cf4dcf95aa5915774f66ccaba5b15dc97c08894512db4b5a

SHA512
793b7b806dc66c7bb82df46809dc6a1685dc69f01754f7e899aaa92e020458fb6bcd9c3fb330f11dbf8299fde078d1efd5e005afe21ac0df859a79d09815eb98

Download Submit
\Windows\system\eDpYlbI.exe

Filesize
6.0MB

MD5
b4b59989d40bde2903d473602f9c322d

SHA1
f692c8243d6c47786f4030c1e61c6ecd4e192ca6

SHA256
470e90bfc442d029c98f604b77d9af5e1faffc3f324186d84759e00ebac0c009

SHA512
222d9a4c9df9212f4ca250d4c45e1e653d07d3f32ca92ed4e31b458145a977a84e05cb278adafdb2a27c9b1666e60be21500df1ba9349260f976883c814c12f7

Download Submit
\Windows\system\kqjipXG.exe

Filesize
6.0MB

MD5
2595890cbc3e35fd656a55f9557092cc

SHA1
55faf42786297e4fa70f5b4d95ec94bde5df24cb

SHA256
b857cbd29bc15468a44bfb687c670129cd90428a4075dedf3b4c594527c71272

SHA512
702f0213ba0b84ed80787aa888716d40b12b762676ec2e96f4d7254054f45f4809a0ac0b48c6cf57e7f22baa07f5489cb2cd1e1cb0e3a5fe4e9874f1139f2796

Download Submit
\Windows\system\vgjfXyy.exe

Filesize
6.0MB

MD5
30ff97e857f68dcab80cfd37c66585bd

SHA1
23d6c6c3bf77eb2c8d302fac07a6663dde86bb12

SHA256
2fa42457ff98e7e653611eb02ce0febdb5a4d3ede315464906d33ff4e36451b4

SHA512
8c02daee26e64a446dcbaa344c6452cbe3067ba962c611bbcce1810f9ddbe5ed7b1968251e597269707654a210f2dc6156ea578fa43b26d98cb5c5c7185e852e

Download Submit
memory/1728-14-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/1728-50-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/1728-4013-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2088-28-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2088-74-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2088-4016-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2108-22-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2108-4012-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2344-4014-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-35-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-591-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-1217-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2420-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2420-133-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-132-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-85-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2420-129-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2420-128-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-127-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-104-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-13-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2420-0-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2420-90-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-36-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2420-21-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-64-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2420-27-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2420-1069-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-51-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-912-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-40-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-34-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-49-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2420-1532-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-1687-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-134-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2632-4019-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2740-4020-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-63-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-41-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-593-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-4022-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-89-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2780-4017-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2868-4015-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-52-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-4018-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2872-68-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2896-4021-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-111-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-8-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-4011-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download