cobaltstrike | 1743594e70183682b24b6583731581d7635858289b4de5766acbc1bb795ab989

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 18:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

e8f514f83954903b95af9eb965da0eff
SHA1

b9d25f6e8c93aab10ae5776c41cccf72c257271e
SHA256

1743594e70183682b24b6583731581d7635858289b4de5766acbc1bb795ab989
SHA512

da10bdfae09743889da717014d10a090c5f74b0fe4d8e570a2315f3538b721b944159d1ec5fb07b581458a806958a6ace3ef29de5f074f472d5ea97cd78d5ddd
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUJ:eOl56utgpPF8u/7J

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0003000000011c28-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c89-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ca0-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cab-22.dat	cobalt_reflective_dll
behavioral1/files/0x0030000000016689-40.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cf0-34.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d73-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018706-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d83-121.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018fdf-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019237-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-196.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939f-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019358-181.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019299-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001927a-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924f-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019203-136.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019056-131.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018be7-111.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d7b-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871c-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018745-103.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870c-85.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d68-63.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d4c-55.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d22-48.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1088-0-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/files/0x0003000000011c28-3.dat	xmrig
behavioral1/files/0x0008000000016c89-12.dat	xmrig
behavioral1/memory/2964-14-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2796-13-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x0007000000016ca0-9.dat	xmrig
behavioral1/memory/2848-20-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/1088-17-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x0008000000016cab-22.dat	xmrig
behavioral1/memory/2288-27-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x0030000000016689-40.dat	xmrig
behavioral1/memory/2752-43-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2612-35-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cf0-34.dat	xmrig
behavioral1/memory/1088-37-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2964-49-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2848-56-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/1532-57-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d73-70.dat	xmrig
behavioral1/memory/1716-65-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/files/0x0005000000018706-75.dat	xmrig
behavioral1/memory/2032-105-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x0006000000018d83-121.dat	xmrig
behavioral1/files/0x0006000000018fdf-126.dat	xmrig
behavioral1/files/0x0005000000019237-141.dat	xmrig
behavioral1/files/0x0005000000019261-151.dat	xmrig
behavioral1/memory/2032-927-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2460-776-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2472-586-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2976-367-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2480-193-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/files/0x00050000000193cc-196.dat	xmrig
behavioral1/files/0x000500000001939f-191.dat	xmrig
behavioral1/files/0x000500000001938e-186.dat	xmrig
behavioral1/files/0x0005000000019358-181.dat	xmrig
behavioral1/files/0x00050000000192a1-171.dat	xmrig
behavioral1/files/0x0005000000019354-176.dat	xmrig
behavioral1/files/0x0005000000019299-165.dat	xmrig
behavioral1/files/0x000500000001927a-161.dat	xmrig
behavioral1/files/0x0005000000019274-156.dat	xmrig
behavioral1/files/0x000500000001924f-146.dat	xmrig
behavioral1/files/0x0005000000019203-136.dat	xmrig
behavioral1/files/0x0006000000019056-131.dat	xmrig
behavioral1/files/0x0006000000018be7-111.dat	xmrig
behavioral1/files/0x0006000000018d7b-116.dat	xmrig
behavioral1/memory/2460-96-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/1532-95-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/files/0x000500000001871c-94.dat	xmrig
behavioral1/memory/1716-104-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/files/0x0005000000018745-103.dat	xmrig
behavioral1/memory/2976-79-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2472-87-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2600-86-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001870c-85.dat	xmrig
behavioral1/memory/2288-64-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d68-63.dat	xmrig
behavioral1/memory/2480-72-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2612-71-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d4c-55.dat	xmrig
behavioral1/files/0x0007000000016d22-48.dat	xmrig
behavioral1/memory/2796-3656-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2964-3653-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2752-3688-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2288-3684-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2796	uWQzDMO.exe
2964	JjnRiCF.exe
2848	bwdLssz.exe
2288	usJjhmo.exe
2612	fpQRUSp.exe
2752	TmudWIs.exe
2600	rTrWTqe.exe
1532	rJHTKFi.exe
1716	BsrZViM.exe
2480	nXMsmwz.exe
2976	wVkKAvU.exe
2472	gzgccji.exe
2460	lAdOVLq.exe
2032	MxBBISO.exe
1184	nFouTXc.exe
1304	gnqtYmQ.exe
1488	tfAPSfI.exe
2828	vgfqOze.exe
1524	bNEfgAH.exe
568	tPPlHZu.exe
1344	QWERAOh.exe
2336	xTzLQJX.exe
2424	asnTjEq.exe
2348	masYOlm.exe
1456	NfdGipn.exe
2404	rzoEizy.exe
2428	oVQTMkw.exe
952	VeRcTRI.exe
2528	DTiKBeu.exe
896	TQnvVzl.exe
3064	EqkxiCI.exe
2944	fYEnsOG.exe
548	xXsjGSm.exe
1376	tYDAADS.exe
2852	mgnwAOx.exe
2896	AgjvJGu.exe
2372	mhPLuvD.exe
1656	SlbUmUB.exe
1348	FJAAUTU.exe
2300	yGIzNLG.exe
2052	ZcdwLKX.exe
2384	yOXjCDB.exe
808	mVEPndS.exe
3012	bTqIEWS.exe
2464	OTRRMte.exe
2444	mcyhJmq.exe
2956	AooicnQ.exe
1636	IJmOkZs.exe
1068	tFVNiwB.exe
872	wncrkEe.exe
2064	QIxYYru.exe
2208	VHXxhEO.exe
1580	oJjnthK.exe
1576	tWEMYsy.exe
2708	GFgmSaS.exe
2844	uCnvlfB.exe
2580	JYuFDLy.exe
2640	AFUDILG.exe
2104	tExrJjP.exe
2952	HuzzKbc.exe
2028	BxPrQgV.exe
292	HGWMvrU.exe
2080	aRFoEZB.exe
1628	ndyFHHd.exe

Loads dropped DLL 64 IoCs

pid	Process
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1088-0-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/files/0x0003000000011c28-3.dat	upx
behavioral1/files/0x0008000000016c89-12.dat	upx
behavioral1/memory/2964-14-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2796-13-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x0007000000016ca0-9.dat	upx
behavioral1/memory/2848-20-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x0008000000016cab-22.dat	upx
behavioral1/memory/2288-27-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x0030000000016689-40.dat	upx
behavioral1/memory/2752-43-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2612-35-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/files/0x0007000000016cf0-34.dat	upx
behavioral1/memory/1088-37-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2964-49-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2848-56-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/1532-57-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/files/0x0008000000016d73-70.dat	upx
behavioral1/memory/1716-65-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/files/0x0005000000018706-75.dat	upx
behavioral1/memory/2032-105-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x0006000000018d83-121.dat	upx
behavioral1/files/0x0006000000018fdf-126.dat	upx
behavioral1/files/0x0005000000019237-141.dat	upx
behavioral1/files/0x0005000000019261-151.dat	upx
behavioral1/memory/2032-927-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2460-776-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2472-586-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2976-367-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2480-193-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/files/0x00050000000193cc-196.dat	upx
behavioral1/files/0x000500000001939f-191.dat	upx
behavioral1/files/0x000500000001938e-186.dat	upx
behavioral1/files/0x0005000000019358-181.dat	upx
behavioral1/files/0x00050000000192a1-171.dat	upx
behavioral1/files/0x0005000000019354-176.dat	upx
behavioral1/files/0x0005000000019299-165.dat	upx
behavioral1/files/0x000500000001927a-161.dat	upx
behavioral1/files/0x0005000000019274-156.dat	upx
behavioral1/files/0x000500000001924f-146.dat	upx
behavioral1/files/0x0005000000019203-136.dat	upx
behavioral1/files/0x0006000000019056-131.dat	upx
behavioral1/files/0x0006000000018be7-111.dat	upx
behavioral1/files/0x0006000000018d7b-116.dat	upx
behavioral1/memory/2460-96-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/1532-95-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/files/0x000500000001871c-94.dat	upx
behavioral1/memory/1716-104-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/files/0x0005000000018745-103.dat	upx
behavioral1/memory/2976-79-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2472-87-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2600-86-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x000500000001870c-85.dat	upx
behavioral1/memory/2288-64-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x0007000000016d68-63.dat	upx
behavioral1/memory/2480-72-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2612-71-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/files/0x0007000000016d4c-55.dat	upx
behavioral1/files/0x0007000000016d22-48.dat	upx
behavioral1/memory/2796-3656-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2964-3653-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2752-3688-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2288-3684-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2848-3718-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\llZrBOp.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fimvBBV.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TkhPEAv.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lIUivzu.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\duSXvQx.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zZjKOFo.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lKEiqxu.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pjSgWcu.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qLWpuAb.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qsjACgo.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ttHPMRz.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CrdhoTf.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XoSyzyA.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tEYieNj.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WMdbtzA.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uLTakBK.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BgkIlUd.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ByDjvpe.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bjPMZHP.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GJrflYz.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UGyBcqP.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nuLqSIq.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jnJGsZY.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EOjSzbM.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\virnOCI.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WtSgkBV.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yRnbxMd.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IqXSZUY.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BRhvDrv.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mYrIAFI.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oCxFCJP.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZQhPzHP.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uPRdlQX.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xUgLELY.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TySVGfw.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HYSwcVY.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aPOENyD.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zUYjDjC.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aOwNEZQ.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZbHVTCj.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KlUVafz.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QLzQJxa.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ElwyPZt.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\COrCZBT.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dlbxUeu.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tlENYbf.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TaiLJuJ.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pSNdwId.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\redyAnD.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SSZtpRy.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cmDdHxO.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bIzksqw.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cBJtzuu.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GGrtFkw.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WvbKeZS.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yIbxGoT.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NtgmEWO.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aTxZJis.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xPqUVLy.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HyMdPNs.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xNzqTzW.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cCnAfxI.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uIKweeP.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lwgdBPG.exe	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1088 wrote to memory of 2796	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1088 wrote to memory of 2796	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1088 wrote to memory of 2796	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1088 wrote to memory of 2964	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1088 wrote to memory of 2964	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1088 wrote to memory of 2964	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1088 wrote to memory of 2848	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1088 wrote to memory of 2848	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1088 wrote to memory of 2848	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1088 wrote to memory of 2288	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1088 wrote to memory of 2288	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1088 wrote to memory of 2288	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1088 wrote to memory of 2612	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1088 wrote to memory of 2612	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1088 wrote to memory of 2612	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1088 wrote to memory of 2752	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1088 wrote to memory of 2752	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1088 wrote to memory of 2752	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1088 wrote to memory of 2600	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1088 wrote to memory of 2600	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1088 wrote to memory of 2600	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1088 wrote to memory of 1532	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1088 wrote to memory of 1532	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1088 wrote to memory of 1532	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1088 wrote to memory of 1716	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1088 wrote to memory of 1716	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1088 wrote to memory of 1716	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1088 wrote to memory of 2480	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1088 wrote to memory of 2480	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1088 wrote to memory of 2480	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1088 wrote to memory of 2976	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1088 wrote to memory of 2976	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1088 wrote to memory of 2976	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1088 wrote to memory of 2472	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1088 wrote to memory of 2472	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1088 wrote to memory of 2472	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1088 wrote to memory of 2460	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1088 wrote to memory of 2460	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1088 wrote to memory of 2460	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1088 wrote to memory of 2032	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1088 wrote to memory of 2032	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1088 wrote to memory of 2032	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1088 wrote to memory of 1184	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1088 wrote to memory of 1184	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1088 wrote to memory of 1184	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1088 wrote to memory of 1304	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1088 wrote to memory of 1304	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1088 wrote to memory of 1304	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1088 wrote to memory of 1488	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1088 wrote to memory of 1488	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1088 wrote to memory of 1488	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1088 wrote to memory of 2828	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1088 wrote to memory of 2828	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1088 wrote to memory of 2828	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1088 wrote to memory of 1524	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1088 wrote to memory of 1524	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1088 wrote to memory of 1524	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1088 wrote to memory of 568	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1088 wrote to memory of 568	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1088 wrote to memory of 568	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1088 wrote to memory of 1344	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1088 wrote to memory of 1344	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1088 wrote to memory of 1344	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1088 wrote to memory of 2336	1088	2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_e8f514f83954903b95af9eb965da0eff_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1088
- C:\Windows\System\uWQzDMO.exe
  C:\Windows\System\uWQzDMO.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\JjnRiCF.exe
  C:\Windows\System\JjnRiCF.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\bwdLssz.exe
  C:\Windows\System\bwdLssz.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\usJjhmo.exe
  C:\Windows\System\usJjhmo.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\fpQRUSp.exe
  C:\Windows\System\fpQRUSp.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\TmudWIs.exe
  C:\Windows\System\TmudWIs.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\rTrWTqe.exe
  C:\Windows\System\rTrWTqe.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\rJHTKFi.exe
  C:\Windows\System\rJHTKFi.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\BsrZViM.exe
  C:\Windows\System\BsrZViM.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\nXMsmwz.exe
  C:\Windows\System\nXMsmwz.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\wVkKAvU.exe
  C:\Windows\System\wVkKAvU.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\gzgccji.exe
  C:\Windows\System\gzgccji.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\lAdOVLq.exe
  C:\Windows\System\lAdOVLq.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\MxBBISO.exe
  C:\Windows\System\MxBBISO.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\nFouTXc.exe
  C:\Windows\System\nFouTXc.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\gnqtYmQ.exe
  C:\Windows\System\gnqtYmQ.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\tfAPSfI.exe
  C:\Windows\System\tfAPSfI.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\vgfqOze.exe
  C:\Windows\System\vgfqOze.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\bNEfgAH.exe
  C:\Windows\System\bNEfgAH.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\tPPlHZu.exe
  C:\Windows\System\tPPlHZu.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\QWERAOh.exe
  C:\Windows\System\QWERAOh.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\xTzLQJX.exe
  C:\Windows\System\xTzLQJX.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\asnTjEq.exe
  C:\Windows\System\asnTjEq.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\masYOlm.exe
  C:\Windows\System\masYOlm.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\NfdGipn.exe
  C:\Windows\System\NfdGipn.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\rzoEizy.exe
  C:\Windows\System\rzoEizy.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\oVQTMkw.exe
  C:\Windows\System\oVQTMkw.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\VeRcTRI.exe
  C:\Windows\System\VeRcTRI.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\DTiKBeu.exe
  C:\Windows\System\DTiKBeu.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\TQnvVzl.exe
  C:\Windows\System\TQnvVzl.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\EqkxiCI.exe
  C:\Windows\System\EqkxiCI.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\fYEnsOG.exe
  C:\Windows\System\fYEnsOG.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\xXsjGSm.exe
  C:\Windows\System\xXsjGSm.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\tYDAADS.exe
  C:\Windows\System\tYDAADS.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\mgnwAOx.exe
  C:\Windows\System\mgnwAOx.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\AgjvJGu.exe
  C:\Windows\System\AgjvJGu.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\mhPLuvD.exe
  C:\Windows\System\mhPLuvD.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\SlbUmUB.exe
  C:\Windows\System\SlbUmUB.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\FJAAUTU.exe
  C:\Windows\System\FJAAUTU.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\yGIzNLG.exe
  C:\Windows\System\yGIzNLG.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\ZcdwLKX.exe
  C:\Windows\System\ZcdwLKX.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\yOXjCDB.exe
  C:\Windows\System\yOXjCDB.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\mVEPndS.exe
  C:\Windows\System\mVEPndS.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\bTqIEWS.exe
  C:\Windows\System\bTqIEWS.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\OTRRMte.exe
  C:\Windows\System\OTRRMte.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\mcyhJmq.exe
  C:\Windows\System\mcyhJmq.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\AooicnQ.exe
  C:\Windows\System\AooicnQ.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\IJmOkZs.exe
  C:\Windows\System\IJmOkZs.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\tFVNiwB.exe
  C:\Windows\System\tFVNiwB.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\wncrkEe.exe
  C:\Windows\System\wncrkEe.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\QIxYYru.exe
  C:\Windows\System\QIxYYru.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\VHXxhEO.exe
  C:\Windows\System\VHXxhEO.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\oJjnthK.exe
  C:\Windows\System\oJjnthK.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\tWEMYsy.exe
  C:\Windows\System\tWEMYsy.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\GFgmSaS.exe
  C:\Windows\System\GFgmSaS.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\uCnvlfB.exe
  C:\Windows\System\uCnvlfB.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\JYuFDLy.exe
  C:\Windows\System\JYuFDLy.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\AFUDILG.exe
  C:\Windows\System\AFUDILG.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\tExrJjP.exe
  C:\Windows\System\tExrJjP.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\HuzzKbc.exe
  C:\Windows\System\HuzzKbc.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\BxPrQgV.exe
  C:\Windows\System\BxPrQgV.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\HGWMvrU.exe
  C:\Windows\System\HGWMvrU.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\aRFoEZB.exe
  C:\Windows\System\aRFoEZB.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\ndyFHHd.exe
  C:\Windows\System\ndyFHHd.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\oKHsDeK.exe
  C:\Windows\System\oKHsDeK.exe
  2⤵
  PID:268
- C:\Windows\System\QTeRrxr.exe
  C:\Windows\System\QTeRrxr.exe
  2⤵
  PID:1212
- C:\Windows\System\nyiMsSD.exe
  C:\Windows\System\nyiMsSD.exe
  2⤵
  PID:1904
- C:\Windows\System\JgwEXzp.exe
  C:\Windows\System\JgwEXzp.exe
  2⤵
  PID:1960
- C:\Windows\System\XpVKUFv.exe
  C:\Windows\System\XpVKUFv.exe
  2⤵
  PID:2376
- C:\Windows\System\kiyQLTn.exe
  C:\Windows\System\kiyQLTn.exe
  2⤵
  PID:2088
- C:\Windows\System\uclqrQJ.exe
  C:\Windows\System\uclqrQJ.exe
  2⤵
  PID:1596
- C:\Windows\System\WfDjMIE.exe
  C:\Windows\System\WfDjMIE.exe
  2⤵
  PID:1496
- C:\Windows\System\tuSzznw.exe
  C:\Windows\System\tuSzznw.exe
  2⤵
  PID:1560
- C:\Windows\System\gLIygpz.exe
  C:\Windows\System\gLIygpz.exe
  2⤵
  PID:276
- C:\Windows\System\xJlelwF.exe
  C:\Windows\System\xJlelwF.exe
  2⤵
  PID:1516
- C:\Windows\System\BWuZAhe.exe
  C:\Windows\System\BWuZAhe.exe
  2⤵
  PID:1760
- C:\Windows\System\CgVOMhN.exe
  C:\Windows\System\CgVOMhN.exe
  2⤵
  PID:2004
- C:\Windows\System\VFLBRoI.exe
  C:\Windows\System\VFLBRoI.exe
  2⤵
  PID:1672
- C:\Windows\System\bFEuKDq.exe
  C:\Windows\System\bFEuKDq.exe
  2⤵
  PID:2668
- C:\Windows\System\zFsPlvE.exe
  C:\Windows\System\zFsPlvE.exe
  2⤵
  PID:2500
- C:\Windows\System\YxOqCfN.exe
  C:\Windows\System\YxOqCfN.exe
  2⤵
  PID:2132
- C:\Windows\System\lezJtpc.exe
  C:\Windows\System\lezJtpc.exe
  2⤵
  PID:2664
- C:\Windows\System\wLBxYOt.exe
  C:\Windows\System\wLBxYOt.exe
  2⤵
  PID:1224
- C:\Windows\System\rfqILup.exe
  C:\Windows\System\rfqILup.exe
  2⤵
  PID:1076
- C:\Windows\System\TTdZJLf.exe
  C:\Windows\System\TTdZJLf.exe
  2⤵
  PID:876
- C:\Windows\System\KwRgJOb.exe
  C:\Windows\System\KwRgJOb.exe
  2⤵
  PID:1556
- C:\Windows\System\TkhrsSX.exe
  C:\Windows\System\TkhrsSX.exe
  2⤵
  PID:1584
- C:\Windows\System\hbuEKPP.exe
  C:\Windows\System\hbuEKPP.exe
  2⤵
  PID:2696
- C:\Windows\System\LUEMIpR.exe
  C:\Windows\System\LUEMIpR.exe
  2⤵
  PID:2628
- C:\Windows\System\XePziPj.exe
  C:\Windows\System\XePziPj.exe
  2⤵
  PID:2196
- C:\Windows\System\dNHrLAm.exe
  C:\Windows\System\dNHrLAm.exe
  2⤵
  PID:1188
- C:\Windows\System\TYfNTnz.exe
  C:\Windows\System\TYfNTnz.exe
  2⤵
  PID:1936
- C:\Windows\System\bmDWmnV.exe
  C:\Windows\System\bmDWmnV.exe
  2⤵
  PID:2084
- C:\Windows\System\mDlWWYu.exe
  C:\Windows\System\mDlWWYu.exe
  2⤵
  PID:1504
- C:\Windows\System\osbcZMv.exe
  C:\Windows\System\osbcZMv.exe
  2⤵
  PID:1980
- C:\Windows\System\QLzQJxa.exe
  C:\Windows\System\QLzQJxa.exe
  2⤵
  PID:2716
- C:\Windows\System\mlIaDGP.exe
  C:\Windows\System\mlIaDGP.exe
  2⤵
  PID:2116
- C:\Windows\System\FjXUelH.exe
  C:\Windows\System\FjXUelH.exe
  2⤵
  PID:3036
- C:\Windows\System\bRBtCTv.exe
  C:\Windows\System\bRBtCTv.exe
  2⤵
  PID:1776
- C:\Windows\System\OtOAcSg.exe
  C:\Windows\System\OtOAcSg.exe
  2⤵
  PID:2380
- C:\Windows\System\OtWvZES.exe
  C:\Windows\System\OtWvZES.exe
  2⤵
  PID:1544
- C:\Windows\System\WvKWPGp.exe
  C:\Windows\System\WvKWPGp.exe
  2⤵
  PID:2272
- C:\Windows\System\quYpbRe.exe
  C:\Windows\System\quYpbRe.exe
  2⤵
  PID:988
- C:\Windows\System\TbxslWW.exe
  C:\Windows\System\TbxslWW.exe
  2⤵
  PID:3016
- C:\Windows\System\nVSoLDD.exe
  C:\Windows\System\nVSoLDD.exe
  2⤵
  PID:3080
- C:\Windows\System\hiCoHpC.exe
  C:\Windows\System\hiCoHpC.exe
  2⤵
  PID:3100
- C:\Windows\System\dNMSfoj.exe
  C:\Windows\System\dNMSfoj.exe
  2⤵
  PID:3120
- C:\Windows\System\pBCfaBJ.exe
  C:\Windows\System\pBCfaBJ.exe
  2⤵
  PID:3140
- C:\Windows\System\DKBqEOn.exe
  C:\Windows\System\DKBqEOn.exe
  2⤵
  PID:3160
- C:\Windows\System\xEzLpov.exe
  C:\Windows\System\xEzLpov.exe
  2⤵
  PID:3180
- C:\Windows\System\TZnmhBe.exe
  C:\Windows\System\TZnmhBe.exe
  2⤵
  PID:3200
- C:\Windows\System\xPcQvzF.exe
  C:\Windows\System\xPcQvzF.exe
  2⤵
  PID:3220
- C:\Windows\System\EIknGmg.exe
  C:\Windows\System\EIknGmg.exe
  2⤵
  PID:3240
- C:\Windows\System\zcGbwVH.exe
  C:\Windows\System\zcGbwVH.exe
  2⤵
  PID:3260
- C:\Windows\System\NRvmyhB.exe
  C:\Windows\System\NRvmyhB.exe
  2⤵
  PID:3280
- C:\Windows\System\HBCXyDL.exe
  C:\Windows\System\HBCXyDL.exe
  2⤵
  PID:3296
- C:\Windows\System\SDnOpQf.exe
  C:\Windows\System\SDnOpQf.exe
  2⤵
  PID:3320
- C:\Windows\System\Ohjxtjz.exe
  C:\Windows\System\Ohjxtjz.exe
  2⤵
  PID:3340
- C:\Windows\System\YUMQRDW.exe
  C:\Windows\System\YUMQRDW.exe
  2⤵
  PID:3360
- C:\Windows\System\GtyvnMx.exe
  C:\Windows\System\GtyvnMx.exe
  2⤵
  PID:3380
- C:\Windows\System\MQrRTYw.exe
  C:\Windows\System\MQrRTYw.exe
  2⤵
  PID:3400
- C:\Windows\System\oMJkoZX.exe
  C:\Windows\System\oMJkoZX.exe
  2⤵
  PID:3420
- C:\Windows\System\IXDefRV.exe
  C:\Windows\System\IXDefRV.exe
  2⤵
  PID:3440
- C:\Windows\System\XISOYJC.exe
  C:\Windows\System\XISOYJC.exe
  2⤵
  PID:3460
- C:\Windows\System\JuBMqYR.exe
  C:\Windows\System\JuBMqYR.exe
  2⤵
  PID:3480
- C:\Windows\System\MQSaHgn.exe
  C:\Windows\System\MQSaHgn.exe
  2⤵
  PID:3500
- C:\Windows\System\CUbrkBp.exe
  C:\Windows\System\CUbrkBp.exe
  2⤵
  PID:3520
- C:\Windows\System\OwYdULl.exe
  C:\Windows\System\OwYdULl.exe
  2⤵
  PID:3544
- C:\Windows\System\VJnrYsA.exe
  C:\Windows\System\VJnrYsA.exe
  2⤵
  PID:3564
- C:\Windows\System\UIkKfve.exe
  C:\Windows\System\UIkKfve.exe
  2⤵
  PID:3584
- C:\Windows\System\YhhVUqf.exe
  C:\Windows\System\YhhVUqf.exe
  2⤵
  PID:3604
- C:\Windows\System\PnbCLpj.exe
  C:\Windows\System\PnbCLpj.exe
  2⤵
  PID:3620
- C:\Windows\System\xNzqTzW.exe
  C:\Windows\System\xNzqTzW.exe
  2⤵
  PID:3644
- C:\Windows\System\oYhSVyM.exe
  C:\Windows\System\oYhSVyM.exe
  2⤵
  PID:3664
- C:\Windows\System\EXYuILK.exe
  C:\Windows\System\EXYuILK.exe
  2⤵
  PID:3684
- C:\Windows\System\vaChFix.exe
  C:\Windows\System\vaChFix.exe
  2⤵
  PID:3704
- C:\Windows\System\dyptSBP.exe
  C:\Windows\System\dyptSBP.exe
  2⤵
  PID:3724
- C:\Windows\System\xnSSoUE.exe
  C:\Windows\System\xnSSoUE.exe
  2⤵
  PID:3744
- C:\Windows\System\vpUHIkK.exe
  C:\Windows\System\vpUHIkK.exe
  2⤵
  PID:3764
- C:\Windows\System\lczGhwI.exe
  C:\Windows\System\lczGhwI.exe
  2⤵
  PID:3780
- C:\Windows\System\rNSsatY.exe
  C:\Windows\System\rNSsatY.exe
  2⤵
  PID:3804
- C:\Windows\System\uhBoTaQ.exe
  C:\Windows\System\uhBoTaQ.exe
  2⤵
  PID:3824
- C:\Windows\System\BMzKLDJ.exe
  C:\Windows\System\BMzKLDJ.exe
  2⤵
  PID:3844
- C:\Windows\System\KPdDIeV.exe
  C:\Windows\System\KPdDIeV.exe
  2⤵
  PID:3864
- C:\Windows\System\yqJRqjB.exe
  C:\Windows\System\yqJRqjB.exe
  2⤵
  PID:3884
- C:\Windows\System\ZBOhGJz.exe
  C:\Windows\System\ZBOhGJz.exe
  2⤵
  PID:3904
- C:\Windows\System\HbbkXbP.exe
  C:\Windows\System\HbbkXbP.exe
  2⤵
  PID:3924
- C:\Windows\System\AVaStML.exe
  C:\Windows\System\AVaStML.exe
  2⤵
  PID:3944
- C:\Windows\System\fBTzALs.exe
  C:\Windows\System\fBTzALs.exe
  2⤵
  PID:3964
- C:\Windows\System\rkENaop.exe
  C:\Windows\System\rkENaop.exe
  2⤵
  PID:3984
- C:\Windows\System\XCXvdLu.exe
  C:\Windows\System\XCXvdLu.exe
  2⤵
  PID:4004
- C:\Windows\System\hYSlFPd.exe
  C:\Windows\System\hYSlFPd.exe
  2⤵
  PID:4024
- C:\Windows\System\gXryjSy.exe
  C:\Windows\System\gXryjSy.exe
  2⤵
  PID:4044
- C:\Windows\System\xmbvprh.exe
  C:\Windows\System\xmbvprh.exe
  2⤵
  PID:4064
- C:\Windows\System\TYVJJUg.exe
  C:\Windows\System\TYVJJUg.exe
  2⤵
  PID:4084
- C:\Windows\System\NVQWEhE.exe
  C:\Windows\System\NVQWEhE.exe
  2⤵
  PID:2520
- C:\Windows\System\EZqHdan.exe
  C:\Windows\System\EZqHdan.exe
  2⤵
  PID:2432
- C:\Windows\System\hlbtBhg.exe
  C:\Windows\System\hlbtBhg.exe
  2⤵
  PID:2732
- C:\Windows\System\nVRTRno.exe
  C:\Windows\System\nVRTRno.exe
  2⤵
  PID:308
- C:\Windows\System\iaYHSSy.exe
  C:\Windows\System\iaYHSSy.exe
  2⤵
  PID:2564
- C:\Windows\System\ztDKNnm.exe
  C:\Windows\System\ztDKNnm.exe
  2⤵
  PID:2836
- C:\Windows\System\mGdSYGn.exe
  C:\Windows\System\mGdSYGn.exe
  2⤵
  PID:1064
- C:\Windows\System\UjJwvyp.exe
  C:\Windows\System\UjJwvyp.exe
  2⤵
  PID:2392
- C:\Windows\System\Atxldar.exe
  C:\Windows\System\Atxldar.exe
  2⤵
  PID:2124
- C:\Windows\System\Cinxgnc.exe
  C:\Windows\System\Cinxgnc.exe
  2⤵
  PID:2044
- C:\Windows\System\RqePWkr.exe
  C:\Windows\System\RqePWkr.exe
  2⤵
  PID:2684
- C:\Windows\System\BMYfzEx.exe
  C:\Windows\System\BMYfzEx.exe
  2⤵
  PID:2292
- C:\Windows\System\EgRzgrO.exe
  C:\Windows\System\EgRzgrO.exe
  2⤵
  PID:2076
- C:\Windows\System\nRnQcGU.exe
  C:\Windows\System\nRnQcGU.exe
  2⤵
  PID:3116
- C:\Windows\System\hvPSvaS.exe
  C:\Windows\System\hvPSvaS.exe
  2⤵
  PID:3148
- C:\Windows\System\WyaKyJM.exe
  C:\Windows\System\WyaKyJM.exe
  2⤵
  PID:3188
- C:\Windows\System\TXVChEn.exe
  C:\Windows\System\TXVChEn.exe
  2⤵
  PID:3168
- C:\Windows\System\uRIVUiX.exe
  C:\Windows\System\uRIVUiX.exe
  2⤵
  PID:3232
- C:\Windows\System\IfznqmG.exe
  C:\Windows\System\IfznqmG.exe
  2⤵
  PID:3276
- C:\Windows\System\ReTKuYm.exe
  C:\Windows\System\ReTKuYm.exe
  2⤵
  PID:3316
- C:\Windows\System\rRHyGQS.exe
  C:\Windows\System\rRHyGQS.exe
  2⤵
  PID:3292
- C:\Windows\System\xqaaLQM.exe
  C:\Windows\System\xqaaLQM.exe
  2⤵
  PID:3368
- C:\Windows\System\XNOIcxE.exe
  C:\Windows\System\XNOIcxE.exe
  2⤵
  PID:3372
- C:\Windows\System\wPOyTZd.exe
  C:\Windows\System\wPOyTZd.exe
  2⤵
  PID:3416
- C:\Windows\System\HFaBgja.exe
  C:\Windows\System\HFaBgja.exe
  2⤵
  PID:3448
- C:\Windows\System\QhpLltt.exe
  C:\Windows\System\QhpLltt.exe
  2⤵
  PID:3492
- C:\Windows\System\qPmdPbm.exe
  C:\Windows\System\qPmdPbm.exe
  2⤵
  PID:3560
- C:\Windows\System\CxtFpFk.exe
  C:\Windows\System\CxtFpFk.exe
  2⤵
  PID:3592
- C:\Windows\System\GgreTUd.exe
  C:\Windows\System\GgreTUd.exe
  2⤵
  PID:3580
- C:\Windows\System\bKEttlg.exe
  C:\Windows\System\bKEttlg.exe
  2⤵
  PID:3612
- C:\Windows\System\oodvjNs.exe
  C:\Windows\System\oodvjNs.exe
  2⤵
  PID:3656
- C:\Windows\System\ZzAPtuf.exe
  C:\Windows\System\ZzAPtuf.exe
  2⤵
  PID:3720
- C:\Windows\System\LImtgfS.exe
  C:\Windows\System\LImtgfS.exe
  2⤵
  PID:3732
- C:\Windows\System\THdPATa.exe
  C:\Windows\System\THdPATa.exe
  2⤵
  PID:3788
- C:\Windows\System\IVWKouJ.exe
  C:\Windows\System\IVWKouJ.exe
  2⤵
  PID:3776
- C:\Windows\System\UGyBcqP.exe
  C:\Windows\System\UGyBcqP.exe
  2⤵
  PID:3840
- C:\Windows\System\PsEiPpW.exe
  C:\Windows\System\PsEiPpW.exe
  2⤵
  PID:3852
- C:\Windows\System\VPCbDzI.exe
  C:\Windows\System\VPCbDzI.exe
  2⤵
  PID:3916
- C:\Windows\System\iNDxCng.exe
  C:\Windows\System\iNDxCng.exe
  2⤵
  PID:3956
- C:\Windows\System\CleFCFr.exe
  C:\Windows\System\CleFCFr.exe
  2⤵
  PID:4000
- C:\Windows\System\lUhycHQ.exe
  C:\Windows\System\lUhycHQ.exe
  2⤵
  PID:4032
- C:\Windows\System\ofXTpMo.exe
  C:\Windows\System\ofXTpMo.exe
  2⤵
  PID:4020
- C:\Windows\System\eNNzcaa.exe
  C:\Windows\System\eNNzcaa.exe
  2⤵
  PID:4060
- C:\Windows\System\ydyVnmN.exe
  C:\Windows\System\ydyVnmN.exe
  2⤵
  PID:2436
- C:\Windows\System\FKmFZTn.exe
  C:\Windows\System\FKmFZTn.exe
  2⤵
  PID:2060
- C:\Windows\System\zBQeCEX.exe
  C:\Windows\System\zBQeCEX.exe
  2⤵
  PID:2544
- C:\Windows\System\coGzQHE.exe
  C:\Windows\System\coGzQHE.exe
  2⤵
  PID:2744
- C:\Windows\System\qedeHHc.exe
  C:\Windows\System\qedeHHc.exe
  2⤵
  PID:2988
- C:\Windows\System\sZxzDMp.exe
  C:\Windows\System\sZxzDMp.exe
  2⤵
  PID:620
- C:\Windows\System\CPmwzNC.exe
  C:\Windows\System\CPmwzNC.exe
  2⤵
  PID:832
- C:\Windows\System\eWjyDBu.exe
  C:\Windows\System\eWjyDBu.exe
  2⤵
  PID:1476
- C:\Windows\System\fGDqdAy.exe
  C:\Windows\System\fGDqdAy.exe
  2⤵
  PID:3076
- C:\Windows\System\HiHRWNr.exe
  C:\Windows\System\HiHRWNr.exe
  2⤵
  PID:3096
- C:\Windows\System\LhcToku.exe
  C:\Windows\System\LhcToku.exe
  2⤵
  PID:3228
- C:\Windows\System\KAHvvEG.exe
  C:\Windows\System\KAHvvEG.exe
  2⤵
  PID:3268
- C:\Windows\System\SvYZBPJ.exe
  C:\Windows\System\SvYZBPJ.exe
  2⤵
  PID:3356
- C:\Windows\System\AvusDur.exe
  C:\Windows\System\AvusDur.exe
  2⤵
  PID:3428
- C:\Windows\System\NjBeDpy.exe
  C:\Windows\System\NjBeDpy.exe
  2⤵
  PID:3432
- C:\Windows\System\aPnhUuG.exe
  C:\Windows\System\aPnhUuG.exe
  2⤵
  PID:3488
- C:\Windows\System\CPpKcaE.exe
  C:\Windows\System\CPpKcaE.exe
  2⤵
  PID:3556
- C:\Windows\System\GOMYfvX.exe
  C:\Windows\System\GOMYfvX.exe
  2⤵
  PID:3640
- C:\Windows\System\AJiYMEy.exe
  C:\Windows\System\AJiYMEy.exe
  2⤵
  PID:3652
- C:\Windows\System\YeiFwZq.exe
  C:\Windows\System\YeiFwZq.exe
  2⤵
  PID:3700
- C:\Windows\System\HscpzOi.exe
  C:\Windows\System\HscpzOi.exe
  2⤵
  PID:3740
- C:\Windows\System\RAiOOMj.exe
  C:\Windows\System\RAiOOMj.exe
  2⤵
  PID:3796
- C:\Windows\System\uRXGgIm.exe
  C:\Windows\System\uRXGgIm.exe
  2⤵
  PID:3892
- C:\Windows\System\vKqwZbV.exe
  C:\Windows\System\vKqwZbV.exe
  2⤵
  PID:3992
- C:\Windows\System\yQIqCCa.exe
  C:\Windows\System\yQIqCCa.exe
  2⤵
  PID:4036
- C:\Windows\System\Zefbtyr.exe
  C:\Windows\System\Zefbtyr.exe
  2⤵
  PID:4076
- C:\Windows\System\TwzBgon.exe
  C:\Windows\System\TwzBgon.exe
  2⤵
  PID:1768
- C:\Windows\System\YBWelCY.exe
  C:\Windows\System\YBWelCY.exe
  2⤵
  PID:1588
- C:\Windows\System\DZfwLBf.exe
  C:\Windows\System\DZfwLBf.exe
  2⤵
  PID:2760
- C:\Windows\System\dcAGOmF.exe
  C:\Windows\System\dcAGOmF.exe
  2⤵
  PID:2468
- C:\Windows\System\MILdxdD.exe
  C:\Windows\System\MILdxdD.exe
  2⤵
  PID:2416
- C:\Windows\System\IJmRpCL.exe
  C:\Windows\System\IJmRpCL.exe
  2⤵
  PID:2420
- C:\Windows\System\heZocYH.exe
  C:\Windows\System\heZocYH.exe
  2⤵
  PID:3088
- C:\Windows\System\iemgWbW.exe
  C:\Windows\System\iemgWbW.exe
  2⤵
  PID:3252
- C:\Windows\System\fDIzrJE.exe
  C:\Windows\System\fDIzrJE.exe
  2⤵
  PID:3348
- C:\Windows\System\ewOnCWW.exe
  C:\Windows\System\ewOnCWW.exe
  2⤵
  PID:3532
- C:\Windows\System\jveAcdB.exe
  C:\Windows\System\jveAcdB.exe
  2⤵
  PID:3516
- C:\Windows\System\LnJsSMf.exe
  C:\Windows\System\LnJsSMf.exe
  2⤵
  PID:3752
- C:\Windows\System\JlwmnpQ.exe
  C:\Windows\System\JlwmnpQ.exe
  2⤵
  PID:3696
- C:\Windows\System\NMvwEOw.exe
  C:\Windows\System\NMvwEOw.exe
  2⤵
  PID:3912
- C:\Windows\System\eZndoHp.exe
  C:\Windows\System\eZndoHp.exe
  2⤵
  PID:3960
- C:\Windows\System\OxpTQYf.exe
  C:\Windows\System\OxpTQYf.exe
  2⤵
  PID:3936
- C:\Windows\System\WHdYSAD.exe
  C:\Windows\System\WHdYSAD.exe
  2⤵
  PID:4056
- C:\Windows\System\YrAjejk.exe
  C:\Windows\System\YrAjejk.exe
  2⤵
  PID:2112
- C:\Windows\System\ApEsjsh.exe
  C:\Windows\System\ApEsjsh.exe
  2⤵
  PID:1848
- C:\Windows\System\zniKCYD.exe
  C:\Windows\System\zniKCYD.exe
  2⤵
  PID:4100
- C:\Windows\System\wINJjdW.exe
  C:\Windows\System\wINJjdW.exe
  2⤵
  PID:4120
- C:\Windows\System\FfVpqsY.exe
  C:\Windows\System\FfVpqsY.exe
  2⤵
  PID:4144
- C:\Windows\System\feJqyst.exe
  C:\Windows\System\feJqyst.exe
  2⤵
  PID:4164
- C:\Windows\System\cYeSrrp.exe
  C:\Windows\System\cYeSrrp.exe
  2⤵
  PID:4184
- C:\Windows\System\ljJMYzS.exe
  C:\Windows\System\ljJMYzS.exe
  2⤵
  PID:4204
- C:\Windows\System\eZmbRRa.exe
  C:\Windows\System\eZmbRRa.exe
  2⤵
  PID:4224
- C:\Windows\System\fMGiWZF.exe
  C:\Windows\System\fMGiWZF.exe
  2⤵
  PID:4244
- C:\Windows\System\tyGTRut.exe
  C:\Windows\System\tyGTRut.exe
  2⤵
  PID:4264
- C:\Windows\System\yxETUUr.exe
  C:\Windows\System\yxETUUr.exe
  2⤵
  PID:4284
- C:\Windows\System\wBOHiFt.exe
  C:\Windows\System\wBOHiFt.exe
  2⤵
  PID:4304
- C:\Windows\System\mzAEyrb.exe
  C:\Windows\System\mzAEyrb.exe
  2⤵
  PID:4324
- C:\Windows\System\pBeVOKm.exe
  C:\Windows\System\pBeVOKm.exe
  2⤵
  PID:4344
- C:\Windows\System\lvmFfqC.exe
  C:\Windows\System\lvmFfqC.exe
  2⤵
  PID:4364
- C:\Windows\System\MDtpMKP.exe
  C:\Windows\System\MDtpMKP.exe
  2⤵
  PID:4384
- C:\Windows\System\yuJZImH.exe
  C:\Windows\System\yuJZImH.exe
  2⤵
  PID:4404
- C:\Windows\System\BBEfTKu.exe
  C:\Windows\System\BBEfTKu.exe
  2⤵
  PID:4424
- C:\Windows\System\NBWNmXf.exe
  C:\Windows\System\NBWNmXf.exe
  2⤵
  PID:4444
- C:\Windows\System\sBGMYPD.exe
  C:\Windows\System\sBGMYPD.exe
  2⤵
  PID:4464
- C:\Windows\System\yKtImue.exe
  C:\Windows\System\yKtImue.exe
  2⤵
  PID:4484
- C:\Windows\System\wKFiRGx.exe
  C:\Windows\System\wKFiRGx.exe
  2⤵
  PID:4504
- C:\Windows\System\FHLPvzi.exe
  C:\Windows\System\FHLPvzi.exe
  2⤵
  PID:4524
- C:\Windows\System\UGoKbUh.exe
  C:\Windows\System\UGoKbUh.exe
  2⤵
  PID:4544
- C:\Windows\System\eQITNAx.exe
  C:\Windows\System\eQITNAx.exe
  2⤵
  PID:4564
- C:\Windows\System\OkzPKMQ.exe
  C:\Windows\System\OkzPKMQ.exe
  2⤵
  PID:4584
- C:\Windows\System\aRbKveZ.exe
  C:\Windows\System\aRbKveZ.exe
  2⤵
  PID:4604
- C:\Windows\System\RLOZQFr.exe
  C:\Windows\System\RLOZQFr.exe
  2⤵
  PID:4624
- C:\Windows\System\YSvVAum.exe
  C:\Windows\System\YSvVAum.exe
  2⤵
  PID:4644
- C:\Windows\System\dekIodw.exe
  C:\Windows\System\dekIodw.exe
  2⤵
  PID:4664
- C:\Windows\System\LfTtfqm.exe
  C:\Windows\System\LfTtfqm.exe
  2⤵
  PID:4684
- C:\Windows\System\vIXzPNo.exe
  C:\Windows\System\vIXzPNo.exe
  2⤵
  PID:4704
- C:\Windows\System\vPzjXFL.exe
  C:\Windows\System\vPzjXFL.exe
  2⤵
  PID:4728
- C:\Windows\System\PaWxqla.exe
  C:\Windows\System\PaWxqla.exe
  2⤵
  PID:4748
- C:\Windows\System\PagjhuP.exe
  C:\Windows\System\PagjhuP.exe
  2⤵
  PID:4768
- C:\Windows\System\VdHRMtE.exe
  C:\Windows\System\VdHRMtE.exe
  2⤵
  PID:4788
- C:\Windows\System\oWUZoBn.exe
  C:\Windows\System\oWUZoBn.exe
  2⤵
  PID:4808
- C:\Windows\System\oYslwwt.exe
  C:\Windows\System\oYslwwt.exe
  2⤵
  PID:4828
- C:\Windows\System\wdhpJDD.exe
  C:\Windows\System\wdhpJDD.exe
  2⤵
  PID:4848
- C:\Windows\System\drHIxdM.exe
  C:\Windows\System\drHIxdM.exe
  2⤵
  PID:4868
- C:\Windows\System\XtCqHrk.exe
  C:\Windows\System\XtCqHrk.exe
  2⤵
  PID:4888
- C:\Windows\System\xSsGezQ.exe
  C:\Windows\System\xSsGezQ.exe
  2⤵
  PID:4908
- C:\Windows\System\KJmbKMV.exe
  C:\Windows\System\KJmbKMV.exe
  2⤵
  PID:4928
- C:\Windows\System\UhkGRWE.exe
  C:\Windows\System\UhkGRWE.exe
  2⤵
  PID:4948
- C:\Windows\System\HKrwwiA.exe
  C:\Windows\System\HKrwwiA.exe
  2⤵
  PID:4968
- C:\Windows\System\FvlETov.exe
  C:\Windows\System\FvlETov.exe
  2⤵
  PID:4988
- C:\Windows\System\mqnkomG.exe
  C:\Windows\System\mqnkomG.exe
  2⤵
  PID:5008
- C:\Windows\System\DihbYMF.exe
  C:\Windows\System\DihbYMF.exe
  2⤵
  PID:5028
- C:\Windows\System\DMISipp.exe
  C:\Windows\System\DMISipp.exe
  2⤵
  PID:5048
- C:\Windows\System\Zujitjt.exe
  C:\Windows\System\Zujitjt.exe
  2⤵
  PID:5068
- C:\Windows\System\XSdmyqN.exe
  C:\Windows\System\XSdmyqN.exe
  2⤵
  PID:5088
- C:\Windows\System\pOfaWto.exe
  C:\Windows\System\pOfaWto.exe
  2⤵
  PID:5108
- C:\Windows\System\nOxJWEo.exe
  C:\Windows\System\nOxJWEo.exe
  2⤵
  PID:3128
- C:\Windows\System\ORCWLNC.exe
  C:\Windows\System\ORCWLNC.exe
  2⤵
  PID:3376
- C:\Windows\System\LQVSyMi.exe
  C:\Windows\System\LQVSyMi.exe
  2⤵
  PID:3288
- C:\Windows\System\BazARon.exe
  C:\Windows\System\BazARon.exe
  2⤵
  PID:2856
- C:\Windows\System\WhBsVbD.exe
  C:\Windows\System\WhBsVbD.exe
  2⤵
  PID:3600
- C:\Windows\System\TdxqPlI.exe
  C:\Windows\System\TdxqPlI.exe
  2⤵
  PID:3856
- C:\Windows\System\KifMAOh.exe
  C:\Windows\System\KifMAOh.exe
  2⤵
  PID:4012
- C:\Windows\System\GbUQnmP.exe
  C:\Windows\System\GbUQnmP.exe
  2⤵
  PID:2108
- C:\Windows\System\XuPsEPx.exe
  C:\Windows\System\XuPsEPx.exe
  2⤵
  PID:4080
- C:\Windows\System\TtVFlqB.exe
  C:\Windows\System\TtVFlqB.exe
  2⤵
  PID:4128
- C:\Windows\System\yqoRloI.exe
  C:\Windows\System\yqoRloI.exe
  2⤵
  PID:4132
- C:\Windows\System\DBIwzQp.exe
  C:\Windows\System\DBIwzQp.exe
  2⤵
  PID:4180
- C:\Windows\System\mIgnqRt.exe
  C:\Windows\System\mIgnqRt.exe
  2⤵
  PID:4212
- C:\Windows\System\KkmjrmX.exe
  C:\Windows\System\KkmjrmX.exe
  2⤵
  PID:4280
- C:\Windows\System\pLQkUrg.exe
  C:\Windows\System\pLQkUrg.exe
  2⤵
  PID:4300
- C:\Windows\System\TdEBOdf.exe
  C:\Windows\System\TdEBOdf.exe
  2⤵
  PID:4320
- C:\Windows\System\fguHpfH.exe
  C:\Windows\System\fguHpfH.exe
  2⤵
  PID:4336
- C:\Windows\System\vNPziAV.exe
  C:\Windows\System\vNPziAV.exe
  2⤵
  PID:4372
- C:\Windows\System\CfGjYOT.exe
  C:\Windows\System\CfGjYOT.exe
  2⤵
  PID:4412
- C:\Windows\System\NWeSeXT.exe
  C:\Windows\System\NWeSeXT.exe
  2⤵
  PID:4480
- C:\Windows\System\qVPWWHD.exe
  C:\Windows\System\qVPWWHD.exe
  2⤵
  PID:4456
- C:\Windows\System\mTxpGGV.exe
  C:\Windows\System\mTxpGGV.exe
  2⤵
  PID:4520
- C:\Windows\System\eEsQfkM.exe
  C:\Windows\System\eEsQfkM.exe
  2⤵
  PID:4556
- C:\Windows\System\ikXnOAf.exe
  C:\Windows\System\ikXnOAf.exe
  2⤵
  PID:4596
- C:\Windows\System\MKHuNmZ.exe
  C:\Windows\System\MKHuNmZ.exe
  2⤵
  PID:4612
- C:\Windows\System\jiHVIGO.exe
  C:\Windows\System\jiHVIGO.exe
  2⤵
  PID:4672
- C:\Windows\System\LuOwjKj.exe
  C:\Windows\System\LuOwjKj.exe
  2⤵
  PID:4660
- C:\Windows\System\kaBoBDi.exe
  C:\Windows\System\kaBoBDi.exe
  2⤵
  PID:4700
- C:\Windows\System\aPOENyD.exe
  C:\Windows\System\aPOENyD.exe
  2⤵
  PID:4744
- C:\Windows\System\lLcPiuP.exe
  C:\Windows\System\lLcPiuP.exe
  2⤵
  PID:4796
- C:\Windows\System\WzbpSZu.exe
  C:\Windows\System\WzbpSZu.exe
  2⤵
  PID:4780
- C:\Windows\System\BkOxKtu.exe
  C:\Windows\System\BkOxKtu.exe
  2⤵
  PID:4840
- C:\Windows\System\yxzXXuV.exe
  C:\Windows\System\yxzXXuV.exe
  2⤵
  PID:4880
- C:\Windows\System\onKxrAr.exe
  C:\Windows\System\onKxrAr.exe
  2⤵
  PID:4924
- C:\Windows\System\xAKUhrv.exe
  C:\Windows\System\xAKUhrv.exe
  2⤵
  PID:4944
- C:\Windows\System\BoEipvR.exe
  C:\Windows\System\BoEipvR.exe
  2⤵
  PID:4996
- C:\Windows\System\rHpuSfC.exe
  C:\Windows\System\rHpuSfC.exe
  2⤵
  PID:4980
- C:\Windows\System\jihTalZ.exe
  C:\Windows\System\jihTalZ.exe
  2⤵
  PID:5024
- C:\Windows\System\kUvZeHM.exe
  C:\Windows\System\kUvZeHM.exe
  2⤵
  PID:5080
- C:\Windows\System\begrRld.exe
  C:\Windows\System\begrRld.exe
  2⤵
  PID:3212
- C:\Windows\System\rNicYob.exe
  C:\Windows\System\rNicYob.exe
  2⤵
  PID:2136
- C:\Windows\System\IOPhhRh.exe
  C:\Windows\System\IOPhhRh.exe
  2⤵
  PID:3136
- C:\Windows\System\SvKGDQs.exe
  C:\Windows\System\SvKGDQs.exe
  2⤵
  PID:3712
- C:\Windows\System\yFQNeab.exe
  C:\Windows\System\yFQNeab.exe
  2⤵
  PID:3812
- C:\Windows\System\psjnfZN.exe
  C:\Windows\System\psjnfZN.exe
  2⤵
  PID:3900
- C:\Windows\System\SBayzBm.exe
  C:\Windows\System\SBayzBm.exe
  2⤵
  PID:2800
- C:\Windows\System\jeZZyix.exe
  C:\Windows\System\jeZZyix.exe
  2⤵
  PID:4160
- C:\Windows\System\zxKtAZJ.exe
  C:\Windows\System\zxKtAZJ.exe
  2⤵
  PID:4200
- C:\Windows\System\uMPMtkZ.exe
  C:\Windows\System\uMPMtkZ.exe
  2⤵
  PID:4272
- C:\Windows\System\kfDgkhf.exe
  C:\Windows\System\kfDgkhf.exe
  2⤵
  PID:4332
- C:\Windows\System\mQIJLiq.exe
  C:\Windows\System\mQIJLiq.exe
  2⤵
  PID:4380
- C:\Windows\System\qJBBatB.exe
  C:\Windows\System\qJBBatB.exe
  2⤵
  PID:4396
- C:\Windows\System\JriZzmX.exe
  C:\Windows\System\JriZzmX.exe
  2⤵
  PID:4472
- C:\Windows\System\ciCqWTX.exe
  C:\Windows\System\ciCqWTX.exe
  2⤵
  PID:4496
- C:\Windows\System\aSEmTzc.exe
  C:\Windows\System\aSEmTzc.exe
  2⤵
  PID:4576
- C:\Windows\System\kqnAjKJ.exe
  C:\Windows\System\kqnAjKJ.exe
  2⤵
  PID:4620
- C:\Windows\System\IDyxXev.exe
  C:\Windows\System\IDyxXev.exe
  2⤵
  PID:4692
- C:\Windows\System\vQEQlZv.exe
  C:\Windows\System\vQEQlZv.exe
  2⤵
  PID:4716
- C:\Windows\System\gOfORok.exe
  C:\Windows\System\gOfORok.exe
  2⤵
  PID:2144
- C:\Windows\System\rDGWvRi.exe
  C:\Windows\System\rDGWvRi.exe
  2⤵
  PID:4856
- C:\Windows\System\AnqtgZo.exe
  C:\Windows\System\AnqtgZo.exe
  2⤵
  PID:2616
- C:\Windows\System\ImqKpFS.exe
  C:\Windows\System\ImqKpFS.exe
  2⤵
  PID:4916
- C:\Windows\System\TRNZKJU.exe
  C:\Windows\System\TRNZKJU.exe
  2⤵
  PID:4984
- C:\Windows\System\yiHaoVd.exe
  C:\Windows\System\yiHaoVd.exe
  2⤵
  PID:5056
- C:\Windows\System\sgGRtJK.exe
  C:\Windows\System\sgGRtJK.exe
  2⤵
  PID:5060
- C:\Windows\System\zoUNHuO.exe
  C:\Windows\System\zoUNHuO.exe
  2⤵
  PID:5096
- C:\Windows\System\JYWpPEV.exe
  C:\Windows\System\JYWpPEV.exe
  2⤵
  PID:1784
- C:\Windows\System\INPAKZc.exe
  C:\Windows\System\INPAKZc.exe
  2⤵
  PID:2596
- C:\Windows\System\iUxVKcw.exe
  C:\Windows\System\iUxVKcw.exe
  2⤵
  PID:3452
- C:\Windows\System\KiFMuCk.exe
  C:\Windows\System\KiFMuCk.exe
  2⤵
  PID:4192
- C:\Windows\System\ojwIFOu.exe
  C:\Windows\System\ojwIFOu.exe
  2⤵
  PID:4316
- C:\Windows\System\VKwcfOR.exe
  C:\Windows\System\VKwcfOR.exe
  2⤵
  PID:4256
- C:\Windows\System\aGmfIcs.exe
  C:\Windows\System\aGmfIcs.exe
  2⤵
  PID:4492
- C:\Windows\System\VRvBmyy.exe
  C:\Windows\System\VRvBmyy.exe
  2⤵
  PID:4536
- C:\Windows\System\RIrDWcT.exe
  C:\Windows\System\RIrDWcT.exe
  2⤵
  PID:4676
- C:\Windows\System\WASaobm.exe
  C:\Windows\System\WASaobm.exe
  2⤵
  PID:2456
- C:\Windows\System\sIqEUFK.exe
  C:\Windows\System\sIqEUFK.exe
  2⤵
  PID:4760
- C:\Windows\System\sEHwMgU.exe
  C:\Windows\System\sEHwMgU.exe
  2⤵
  PID:4784
- C:\Windows\System\QjEipkW.exe
  C:\Windows\System\QjEipkW.exe
  2⤵
  PID:4900
- C:\Windows\System\gfspbrR.exe
  C:\Windows\System\gfspbrR.exe
  2⤵
  PID:4936
- C:\Windows\System\edvPEns.exe
  C:\Windows\System\edvPEns.exe
  2⤵
  PID:5084
- C:\Windows\System\bmDWwwB.exe
  C:\Windows\System\bmDWwwB.exe
  2⤵
  PID:3192
- C:\Windows\System\mFQpZRp.exe
  C:\Windows\System\mFQpZRp.exe
  2⤵
  PID:3496
- C:\Windows\System\VwEBivN.exe
  C:\Windows\System\VwEBivN.exe
  2⤵
  PID:3820
- C:\Windows\System\rviIGka.exe
  C:\Windows\System\rviIGka.exe
  2⤵
  PID:1472
- C:\Windows\System\HLpqWqT.exe
  C:\Windows\System\HLpqWqT.exe
  2⤵
  PID:2808
- C:\Windows\System\PbeQKGh.exe
  C:\Windows\System\PbeQKGh.exe
  2⤵
  PID:2036
- C:\Windows\System\AcPSKwT.exe
  C:\Windows\System\AcPSKwT.exe
  2⤵
  PID:4592
- C:\Windows\System\QwmjIQF.exe
  C:\Windows\System\QwmjIQF.exe
  2⤵
  PID:2876
- C:\Windows\System\rLJwJor.exe
  C:\Windows\System\rLJwJor.exe
  2⤵
  PID:2096
- C:\Windows\System\VbCqFPd.exe
  C:\Windows\System\VbCqFPd.exe
  2⤵
  PID:4756
- C:\Windows\System\EpPnywp.exe
  C:\Windows\System\EpPnywp.exe
  2⤵
  PID:4904
- C:\Windows\System\gwSgxJn.exe
  C:\Windows\System\gwSgxJn.exe
  2⤵
  PID:5136
- C:\Windows\System\vVXTuOO.exe
  C:\Windows\System\vVXTuOO.exe
  2⤵
  PID:5152
- C:\Windows\System\YSKPdep.exe
  C:\Windows\System\YSKPdep.exe
  2⤵
  PID:5172
- C:\Windows\System\uxixgTb.exe
  C:\Windows\System\uxixgTb.exe
  2⤵
  PID:5192
- C:\Windows\System\RLOtZXC.exe
  C:\Windows\System\RLOtZXC.exe
  2⤵
  PID:5216
- C:\Windows\System\eBFSpwO.exe
  C:\Windows\System\eBFSpwO.exe
  2⤵
  PID:5236
- C:\Windows\System\BPdxYYy.exe
  C:\Windows\System\BPdxYYy.exe
  2⤵
  PID:5256
- C:\Windows\System\Dzfcaqm.exe
  C:\Windows\System\Dzfcaqm.exe
  2⤵
  PID:5272
- C:\Windows\System\ealWaWQ.exe
  C:\Windows\System\ealWaWQ.exe
  2⤵
  PID:5296
- C:\Windows\System\nWrKYPQ.exe
  C:\Windows\System\nWrKYPQ.exe
  2⤵
  PID:5312
- C:\Windows\System\WjtFNaP.exe
  C:\Windows\System\WjtFNaP.exe
  2⤵
  PID:5336
- C:\Windows\System\ZDfMQSG.exe
  C:\Windows\System\ZDfMQSG.exe
  2⤵
  PID:5356
- C:\Windows\System\WemuJTr.exe
  C:\Windows\System\WemuJTr.exe
  2⤵
  PID:5376
- C:\Windows\System\cLcYMPf.exe
  C:\Windows\System\cLcYMPf.exe
  2⤵
  PID:5396
- C:\Windows\System\RjtjdPY.exe
  C:\Windows\System\RjtjdPY.exe
  2⤵
  PID:5416
- C:\Windows\System\SOjshUG.exe
  C:\Windows\System\SOjshUG.exe
  2⤵
  PID:5436
- C:\Windows\System\LCSxzdH.exe
  C:\Windows\System\LCSxzdH.exe
  2⤵
  PID:5456
- C:\Windows\System\PyPOddF.exe
  C:\Windows\System\PyPOddF.exe
  2⤵
  PID:5476
- C:\Windows\System\EiZRSoP.exe
  C:\Windows\System\EiZRSoP.exe
  2⤵
  PID:5496
- C:\Windows\System\AHxQeNv.exe
  C:\Windows\System\AHxQeNv.exe
  2⤵
  PID:5516
- C:\Windows\System\XtFuXoZ.exe
  C:\Windows\System\XtFuXoZ.exe
  2⤵
  PID:5536
- C:\Windows\System\cXHIAIG.exe
  C:\Windows\System\cXHIAIG.exe
  2⤵
  PID:5556
- C:\Windows\System\UCIifls.exe
  C:\Windows\System\UCIifls.exe
  2⤵
  PID:5576
- C:\Windows\System\UHejWrP.exe
  C:\Windows\System\UHejWrP.exe
  2⤵
  PID:5596
- C:\Windows\System\kBEqqQR.exe
  C:\Windows\System\kBEqqQR.exe
  2⤵
  PID:5616
- C:\Windows\System\qaslQAp.exe
  C:\Windows\System\qaslQAp.exe
  2⤵
  PID:5636
- C:\Windows\System\wkDyklD.exe
  C:\Windows\System\wkDyklD.exe
  2⤵
  PID:5656
- C:\Windows\System\fWtqjOI.exe
  C:\Windows\System\fWtqjOI.exe
  2⤵
  PID:5676
- C:\Windows\System\cKJzkDc.exe
  C:\Windows\System\cKJzkDc.exe
  2⤵
  PID:5696
- C:\Windows\System\RCJdBdc.exe
  C:\Windows\System\RCJdBdc.exe
  2⤵
  PID:5716
- C:\Windows\System\tBLcwTv.exe
  C:\Windows\System\tBLcwTv.exe
  2⤵
  PID:5736
- C:\Windows\System\gAFvpEf.exe
  C:\Windows\System\gAFvpEf.exe
  2⤵
  PID:5756
- C:\Windows\System\unKGejO.exe
  C:\Windows\System\unKGejO.exe
  2⤵
  PID:5776
- C:\Windows\System\qNaFKUv.exe
  C:\Windows\System\qNaFKUv.exe
  2⤵
  PID:5792
- C:\Windows\System\YcvWxfb.exe
  C:\Windows\System\YcvWxfb.exe
  2⤵
  PID:5816
- C:\Windows\System\ZIfKfuP.exe
  C:\Windows\System\ZIfKfuP.exe
  2⤵
  PID:5836
- C:\Windows\System\INDZBKa.exe
  C:\Windows\System\INDZBKa.exe
  2⤵
  PID:5856
- C:\Windows\System\pwonqiG.exe
  C:\Windows\System\pwonqiG.exe
  2⤵
  PID:5876
- C:\Windows\System\ObMvNRv.exe
  C:\Windows\System\ObMvNRv.exe
  2⤵
  PID:5896
- C:\Windows\System\ZoYRbhB.exe
  C:\Windows\System\ZoYRbhB.exe
  2⤵
  PID:5916
- C:\Windows\System\DbcQmEm.exe
  C:\Windows\System\DbcQmEm.exe
  2⤵
  PID:5936
- C:\Windows\System\cWZhSMi.exe
  C:\Windows\System\cWZhSMi.exe
  2⤵
  PID:5956
- C:\Windows\System\PJztVkL.exe
  C:\Windows\System\PJztVkL.exe
  2⤵
  PID:5976
- C:\Windows\System\wXNvMIZ.exe
  C:\Windows\System\wXNvMIZ.exe
  2⤵
  PID:5996
- C:\Windows\System\ddXRWFh.exe
  C:\Windows\System\ddXRWFh.exe
  2⤵
  PID:6016
- C:\Windows\System\HmvaFWY.exe
  C:\Windows\System\HmvaFWY.exe
  2⤵
  PID:6036
- C:\Windows\System\HYSwcVY.exe
  C:\Windows\System\HYSwcVY.exe
  2⤵
  PID:6056
- C:\Windows\System\vcLqglv.exe
  C:\Windows\System\vcLqglv.exe
  2⤵
  PID:6076
- C:\Windows\System\vweudYO.exe
  C:\Windows\System\vweudYO.exe
  2⤵
  PID:6096
- C:\Windows\System\ZCnFiSQ.exe
  C:\Windows\System\ZCnFiSQ.exe
  2⤵
  PID:6116
- C:\Windows\System\fEfJEbI.exe
  C:\Windows\System\fEfJEbI.exe
  2⤵
  PID:6136
- C:\Windows\System\dLrABWk.exe
  C:\Windows\System\dLrABWk.exe
  2⤵
  PID:5044
- C:\Windows\System\EhLrdAz.exe
  C:\Windows\System\EhLrdAz.exe
  2⤵
  PID:4232
- C:\Windows\System\gcYLtaF.exe
  C:\Windows\System\gcYLtaF.exe
  2⤵
  PID:2688
- C:\Windows\System\BGdPzFm.exe
  C:\Windows\System\BGdPzFm.exe
  2⤵
  PID:2672
- C:\Windows\System\mesvCCv.exe
  C:\Windows\System\mesvCCv.exe
  2⤵
  PID:756
- C:\Windows\System\MxjXEPB.exe
  C:\Windows\System\MxjXEPB.exe
  2⤵
  PID:1480
- C:\Windows\System\nCyTeXY.exe
  C:\Windows\System\nCyTeXY.exe
  2⤵
  PID:2764
- C:\Windows\System\djHwIwi.exe
  C:\Windows\System\djHwIwi.exe
  2⤵
  PID:1128
- C:\Windows\System\ssQecgd.exe
  C:\Windows\System\ssQecgd.exe
  2⤵
  PID:5160
- C:\Windows\System\LEJUpwr.exe
  C:\Windows\System\LEJUpwr.exe
  2⤵
  PID:5200
- C:\Windows\System\sCCHBZP.exe
  C:\Windows\System\sCCHBZP.exe
  2⤵
  PID:5248
- C:\Windows\System\mPLAQAW.exe
  C:\Windows\System\mPLAQAW.exe
  2⤵
  PID:5224
- C:\Windows\System\mdTIxGc.exe
  C:\Windows\System\mdTIxGc.exe
  2⤵
  PID:5292
- C:\Windows\System\Tbzyses.exe
  C:\Windows\System\Tbzyses.exe
  2⤵
  PID:5320
- C:\Windows\System\xxKyUfT.exe
  C:\Windows\System\xxKyUfT.exe
  2⤵
  PID:5308
- C:\Windows\System\IKDKwZg.exe
  C:\Windows\System\IKDKwZg.exe
  2⤵
  PID:5352
- C:\Windows\System\hUPFUuX.exe
  C:\Windows\System\hUPFUuX.exe
  2⤵
  PID:5392
- C:\Windows\System\jgZnDZB.exe
  C:\Windows\System\jgZnDZB.exe
  2⤵
  PID:5424
- C:\Windows\System\UjWMWfM.exe
  C:\Windows\System\UjWMWfM.exe
  2⤵
  PID:5472
- C:\Windows\System\EIdNptj.exe
  C:\Windows\System\EIdNptj.exe
  2⤵
  PID:5524
- C:\Windows\System\yfbwqyD.exe
  C:\Windows\System\yfbwqyD.exe
  2⤵
  PID:5528
- C:\Windows\System\KNWEZnG.exe
  C:\Windows\System\KNWEZnG.exe
  2⤵
  PID:5572
- C:\Windows\System\vuFBKtN.exe
  C:\Windows\System\vuFBKtN.exe
  2⤵
  PID:5588
- C:\Windows\System\tAxsecz.exe
  C:\Windows\System\tAxsecz.exe
  2⤵
  PID:5648
- C:\Windows\System\pAyNwkl.exe
  C:\Windows\System\pAyNwkl.exe
  2⤵
  PID:2620
- C:\Windows\System\VvDsHfR.exe
  C:\Windows\System\VvDsHfR.exe
  2⤵
  PID:5688
- C:\Windows\System\yELYfHd.exe
  C:\Windows\System\yELYfHd.exe
  2⤵
  PID:5712
- C:\Windows\System\qcggjzK.exe
  C:\Windows\System\qcggjzK.exe
  2⤵
  PID:5764
- C:\Windows\System\PsRViGK.exe
  C:\Windows\System\PsRViGK.exe
  2⤵
  PID:5784
- C:\Windows\System\bBTUyby.exe
  C:\Windows\System\bBTUyby.exe
  2⤵
  PID:5804
- C:\Windows\System\YmzbwWh.exe
  C:\Windows\System\YmzbwWh.exe
  2⤵
  PID:5848
- C:\Windows\System\NneTdJF.exe
  C:\Windows\System\NneTdJF.exe
  2⤵
  PID:5872
- C:\Windows\System\kRtvtSc.exe
  C:\Windows\System\kRtvtSc.exe
  2⤵
  PID:5912
- C:\Windows\System\OokomJT.exe
  C:\Windows\System\OokomJT.exe
  2⤵
  PID:5952
- C:\Windows\System\yraNiik.exe
  C:\Windows\System\yraNiik.exe
  2⤵
  PID:5984
- C:\Windows\System\FirmsWj.exe
  C:\Windows\System\FirmsWj.exe
  2⤵
  PID:6008
- C:\Windows\System\AOaTxXF.exe
  C:\Windows\System\AOaTxXF.exe
  2⤵
  PID:6028
- C:\Windows\System\gYkUAxQ.exe
  C:\Windows\System\gYkUAxQ.exe
  2⤵
  PID:6068
- C:\Windows\System\EHWQTFY.exe
  C:\Windows\System\EHWQTFY.exe
  2⤵
  PID:6132
- C:\Windows\System\yGZvDOP.exe
  C:\Windows\System\yGZvDOP.exe
  2⤵
  PID:804
- C:\Windows\System\tFEDPna.exe
  C:\Windows\System\tFEDPna.exe
  2⤵
  PID:3896
- C:\Windows\System\WAAoBxT.exe
  C:\Windows\System\WAAoBxT.exe
  2⤵
  PID:2412
- C:\Windows\System\JlBblHZ.exe
  C:\Windows\System\JlBblHZ.exe
  2⤵
  PID:2592
- C:\Windows\System\eWMCzXR.exe
  C:\Windows\System\eWMCzXR.exe
  2⤵
  PID:4824
- C:\Windows\System\beytCas.exe
  C:\Windows\System\beytCas.exe
  2⤵
  PID:5076
- C:\Windows\System\NEFJaTQ.exe
  C:\Windows\System\NEFJaTQ.exe
  2⤵
  PID:5244
- C:\Windows\System\UadsULV.exe
  C:\Windows\System\UadsULV.exe
  2⤵
  PID:5232
- C:\Windows\System\GsrYXMe.exe
  C:\Windows\System\GsrYXMe.exe
  2⤵
  PID:5268
- C:\Windows\System\sREOzDf.exe
  C:\Windows\System\sREOzDf.exe
  2⤵
  PID:5348
- C:\Windows\System\wZwtDUQ.exe
  C:\Windows\System\wZwtDUQ.exe
  2⤵
  PID:5412
- C:\Windows\System\gImSEQf.exe
  C:\Windows\System\gImSEQf.exe
  2⤵
  PID:5488
- C:\Windows\System\HMNNATI.exe
  C:\Windows\System\HMNNATI.exe
  2⤵
  PID:5512
- C:\Windows\System\zUYjDjC.exe
  C:\Windows\System\zUYjDjC.exe
  2⤵
  PID:5604
- C:\Windows\System\dzsVMGk.exe
  C:\Windows\System\dzsVMGk.exe
  2⤵
  PID:5628
- C:\Windows\System\pdRqDej.exe
  C:\Windows\System\pdRqDej.exe
  2⤵
  PID:5632
- C:\Windows\System\PPUUUZZ.exe
  C:\Windows\System\PPUUUZZ.exe
  2⤵
  PID:5732
- C:\Windows\System\yqaWTSm.exe
  C:\Windows\System\yqaWTSm.exe
  2⤵
  PID:5800
- C:\Windows\System\qTnHtHs.exe
  C:\Windows\System\qTnHtHs.exe
  2⤵
  PID:5824
- C:\Windows\System\fcJBUMl.exe
  C:\Windows\System\fcJBUMl.exe
  2⤵
  PID:2776
- C:\Windows\System\kreoqfH.exe
  C:\Windows\System\kreoqfH.exe
  2⤵
  PID:5904
- C:\Windows\System\hgOYPWR.exe
  C:\Windows\System\hgOYPWR.exe
  2⤵
  PID:5968
- C:\Windows\System\QZYWVdj.exe
  C:\Windows\System\QZYWVdj.exe
  2⤵
  PID:6072
- C:\Windows\System\lrzlpuR.exe
  C:\Windows\System\lrzlpuR.exe
  2⤵
  PID:6088
- C:\Windows\System\nBblDxa.exe
  C:\Windows\System\nBblDxa.exe
  2⤵
  PID:6128
- C:\Windows\System\gZnCVBq.exe
  C:\Windows\System\gZnCVBq.exe
  2⤵
  PID:4108
- C:\Windows\System\pAkrrVw.exe
  C:\Windows\System\pAkrrVw.exe
  2⤵
  PID:4532
- C:\Windows\System\KLYCNTO.exe
  C:\Windows\System\KLYCNTO.exe
  2⤵
  PID:5148
- C:\Windows\System\jWHdyGs.exe
  C:\Windows\System\jWHdyGs.exe
  2⤵
  PID:5188
- C:\Windows\System\YliacIB.exe
  C:\Windows\System\YliacIB.exe
  2⤵
  PID:5372
- C:\Windows\System\ihWMqJT.exe
  C:\Windows\System\ihWMqJT.exe
  2⤵
  PID:5408
- C:\Windows\System\tPqgjBX.exe
  C:\Windows\System\tPqgjBX.exe
  2⤵
  PID:5432
- C:\Windows\System\QQRzBTg.exe
  C:\Windows\System\QQRzBTg.exe
  2⤵
  PID:5508
- C:\Windows\System\YWhUbhy.exe
  C:\Windows\System\YWhUbhy.exe
  2⤵
  PID:2632
- C:\Windows\System\KjZpsEU.exe
  C:\Windows\System\KjZpsEU.exe
  2⤵
  PID:5768
- C:\Windows\System\XBkxRNs.exe
  C:\Windows\System\XBkxRNs.exe
  2⤵
  PID:5864
- C:\Windows\System\ZOPxZyA.exe
  C:\Windows\System\ZOPxZyA.exe
  2⤵
  PID:5944
- C:\Windows\System\ZlxvAMn.exe
  C:\Windows\System\ZlxvAMn.exe
  2⤵
  PID:6156
- C:\Windows\System\mmPJSGE.exe
  C:\Windows\System\mmPJSGE.exe
  2⤵
  PID:6176
- C:\Windows\System\isyJzAL.exe
  C:\Windows\System\isyJzAL.exe
  2⤵
  PID:6196
- C:\Windows\System\ZzWvRLv.exe
  C:\Windows\System\ZzWvRLv.exe
  2⤵
  PID:6216
- C:\Windows\System\bmjhBVg.exe
  C:\Windows\System\bmjhBVg.exe
  2⤵
  PID:6236
- C:\Windows\System\AbgMYbf.exe
  C:\Windows\System\AbgMYbf.exe
  2⤵
  PID:6256
- C:\Windows\System\spFgCdn.exe
  C:\Windows\System\spFgCdn.exe
  2⤵
  PID:6276
- C:\Windows\System\WdYcqra.exe
  C:\Windows\System\WdYcqra.exe
  2⤵
  PID:6296
- C:\Windows\System\zbKOduY.exe
  C:\Windows\System\zbKOduY.exe
  2⤵
  PID:6316
- C:\Windows\System\GtOrzmz.exe
  C:\Windows\System\GtOrzmz.exe
  2⤵
  PID:6336
- C:\Windows\System\hTnQuPs.exe
  C:\Windows\System\hTnQuPs.exe
  2⤵
  PID:6356
- C:\Windows\System\WgrYrgO.exe
  C:\Windows\System\WgrYrgO.exe
  2⤵
  PID:6376
- C:\Windows\System\MmtixSq.exe
  C:\Windows\System\MmtixSq.exe
  2⤵
  PID:6396
- C:\Windows\System\KxvqbHN.exe
  C:\Windows\System\KxvqbHN.exe
  2⤵
  PID:6416
- C:\Windows\System\syoOiHy.exe
  C:\Windows\System\syoOiHy.exe
  2⤵
  PID:6436
- C:\Windows\System\ntHUaDi.exe
  C:\Windows\System\ntHUaDi.exe
  2⤵
  PID:6456
- C:\Windows\System\OHhvPGh.exe
  C:\Windows\System\OHhvPGh.exe
  2⤵
  PID:6476
- C:\Windows\System\BEPBgQI.exe
  C:\Windows\System\BEPBgQI.exe
  2⤵
  PID:6496
- C:\Windows\System\cYIGvsE.exe
  C:\Windows\System\cYIGvsE.exe
  2⤵
  PID:6516
- C:\Windows\System\oNaTfYH.exe
  C:\Windows\System\oNaTfYH.exe
  2⤵
  PID:6536
- C:\Windows\System\ntlehzT.exe
  C:\Windows\System\ntlehzT.exe
  2⤵
  PID:6556
- C:\Windows\System\laXBXzz.exe
  C:\Windows\System\laXBXzz.exe
  2⤵
  PID:6576
- C:\Windows\System\hYztoKz.exe
  C:\Windows\System\hYztoKz.exe
  2⤵
  PID:6596
- C:\Windows\System\oNrZuLh.exe
  C:\Windows\System\oNrZuLh.exe
  2⤵
  PID:6620
- C:\Windows\System\NpnhjKz.exe
  C:\Windows\System\NpnhjKz.exe
  2⤵
  PID:6640
- C:\Windows\System\pHqMJYP.exe
  C:\Windows\System\pHqMJYP.exe
  2⤵
  PID:6660
- C:\Windows\System\IEUXnbu.exe
  C:\Windows\System\IEUXnbu.exe
  2⤵
  PID:6680
- C:\Windows\System\GFFnCty.exe
  C:\Windows\System\GFFnCty.exe
  2⤵
  PID:6700
- C:\Windows\System\aLTrQwV.exe
  C:\Windows\System\aLTrQwV.exe
  2⤵
  PID:6720
- C:\Windows\System\gEjMAHp.exe
  C:\Windows\System\gEjMAHp.exe
  2⤵
  PID:6740
- C:\Windows\System\mYnwwwG.exe
  C:\Windows\System\mYnwwwG.exe
  2⤵
  PID:6760
- C:\Windows\System\NqQPcLF.exe
  C:\Windows\System\NqQPcLF.exe
  2⤵
  PID:6780
- C:\Windows\System\iNBZTLa.exe
  C:\Windows\System\iNBZTLa.exe
  2⤵
  PID:6800
- C:\Windows\System\mNuZqXn.exe
  C:\Windows\System\mNuZqXn.exe
  2⤵
  PID:6820
- C:\Windows\System\EWhfLXB.exe
  C:\Windows\System\EWhfLXB.exe
  2⤵
  PID:6840
- C:\Windows\System\ZZJAkDR.exe
  C:\Windows\System\ZZJAkDR.exe
  2⤵
  PID:6860
- C:\Windows\System\ildFYQB.exe
  C:\Windows\System\ildFYQB.exe
  2⤵
  PID:6880
- C:\Windows\System\zENkdnJ.exe
  C:\Windows\System\zENkdnJ.exe
  2⤵
  PID:6900
- C:\Windows\System\AOyXmBT.exe
  C:\Windows\System\AOyXmBT.exe
  2⤵
  PID:6920
- C:\Windows\System\uLTakBK.exe
  C:\Windows\System\uLTakBK.exe
  2⤵
  PID:6940
- C:\Windows\System\eVajeUn.exe
  C:\Windows\System\eVajeUn.exe
  2⤵
  PID:6960
- C:\Windows\System\hkzzarh.exe
  C:\Windows\System\hkzzarh.exe
  2⤵
  PID:6980
- C:\Windows\System\JuaCFdB.exe
  C:\Windows\System\JuaCFdB.exe
  2⤵
  PID:7000
- C:\Windows\System\kuftXZy.exe
  C:\Windows\System\kuftXZy.exe
  2⤵
  PID:7020
- C:\Windows\System\DErVTwa.exe
  C:\Windows\System\DErVTwa.exe
  2⤵
  PID:7040
- C:\Windows\System\zPncpuN.exe
  C:\Windows\System\zPncpuN.exe
  2⤵
  PID:7060
- C:\Windows\System\UWButgX.exe
  C:\Windows\System\UWButgX.exe
  2⤵
  PID:7080
- C:\Windows\System\QRxkvFs.exe
  C:\Windows\System\QRxkvFs.exe
  2⤵
  PID:7100
- C:\Windows\System\jdmTxdG.exe
  C:\Windows\System\jdmTxdG.exe
  2⤵
  PID:7120
- C:\Windows\System\qGQQlFT.exe
  C:\Windows\System\qGQQlFT.exe
  2⤵
  PID:7140
- C:\Windows\System\wbQkCCd.exe
  C:\Windows\System\wbQkCCd.exe
  2⤵
  PID:7160
- C:\Windows\System\xjeDhGQ.exe
  C:\Windows\System\xjeDhGQ.exe
  2⤵
  PID:5988
- C:\Windows\System\nzadBVi.exe
  C:\Windows\System\nzadBVi.exe
  2⤵
  PID:6104
- C:\Windows\System\KdFaarz.exe
  C:\Windows\System\KdFaarz.exe
  2⤵
  PID:4572
- C:\Windows\System\KGaSYbS.exe
  C:\Windows\System\KGaSYbS.exe
  2⤵
  PID:4940
- C:\Windows\System\pccCfvF.exe
  C:\Windows\System\pccCfvF.exe
  2⤵
  PID:5452
- C:\Windows\System\LhvqmNr.exe
  C:\Windows\System\LhvqmNr.exe
  2⤵
  PID:5448
- C:\Windows\System\icszSRG.exe
  C:\Windows\System\icszSRG.exe
  2⤵
  PID:5564
- C:\Windows\System\DeSMFXz.exe
  C:\Windows\System\DeSMFXz.exe
  2⤵
  PID:5744
- C:\Windows\System\ddmzhaN.exe
  C:\Windows\System\ddmzhaN.exe
  2⤵
  PID:5808
- C:\Windows\System\jTKzHvs.exe
  C:\Windows\System\jTKzHvs.exe
  2⤵
  PID:6164
- C:\Windows\System\DJohHwz.exe
  C:\Windows\System\DJohHwz.exe
  2⤵
  PID:6184
- C:\Windows\System\uwJQvHx.exe
  C:\Windows\System\uwJQvHx.exe
  2⤵
  PID:6208
- C:\Windows\System\JbrjmBZ.exe
  C:\Windows\System\JbrjmBZ.exe
  2⤵
  PID:6252
- C:\Windows\System\emJUyQD.exe
  C:\Windows\System\emJUyQD.exe
  2⤵
  PID:6284
- C:\Windows\System\HFpjjtl.exe
  C:\Windows\System\HFpjjtl.exe
  2⤵
  PID:6312
- C:\Windows\System\CVpDqSI.exe
  C:\Windows\System\CVpDqSI.exe
  2⤵
  PID:6364
- C:\Windows\System\CAPqKHi.exe
  C:\Windows\System\CAPqKHi.exe
  2⤵
  PID:6392
- C:\Windows\System\lHoMKln.exe
  C:\Windows\System\lHoMKln.exe
  2⤵
  PID:6424
- C:\Windows\System\AMnZhCT.exe
  C:\Windows\System\AMnZhCT.exe
  2⤵
  PID:6448
- C:\Windows\System\sJeqVdZ.exe
  C:\Windows\System\sJeqVdZ.exe
  2⤵
  PID:6492
- C:\Windows\System\bDEDZpr.exe
  C:\Windows\System\bDEDZpr.exe
  2⤵
  PID:6508
- C:\Windows\System\IQnBsIN.exe
  C:\Windows\System\IQnBsIN.exe
  2⤵
  PID:6552
- C:\Windows\System\UmUodch.exe
  C:\Windows\System\UmUodch.exe
  2⤵
  PID:6584
- C:\Windows\System\LcRKqHN.exe
  C:\Windows\System\LcRKqHN.exe
  2⤵
  PID:6612
- C:\Windows\System\MqUhbjt.exe
  C:\Windows\System\MqUhbjt.exe
  2⤵
  PID:6632
- C:\Windows\System\TQIyPVd.exe
  C:\Windows\System\TQIyPVd.exe
  2⤵
  PID:6696
- C:\Windows\System\eHjrXHv.exe
  C:\Windows\System\eHjrXHv.exe
  2⤵
  PID:6728
- C:\Windows\System\IZsRLcs.exe
  C:\Windows\System\IZsRLcs.exe
  2⤵
  PID:6756
- C:\Windows\System\joTsbTI.exe
  C:\Windows\System\joTsbTI.exe
  2⤵
  PID:6808
- C:\Windows\System\NWfHSdQ.exe
  C:\Windows\System\NWfHSdQ.exe
  2⤵
  PID:6812
- C:\Windows\System\nEUrNzX.exe
  C:\Windows\System\nEUrNzX.exe
  2⤵
  PID:6836
- C:\Windows\System\ihAKhqB.exe
  C:\Windows\System\ihAKhqB.exe
  2⤵
  PID:6888
- C:\Windows\System\wDwMNCZ.exe
  C:\Windows\System\wDwMNCZ.exe
  2⤵
  PID:6916
- C:\Windows\System\BnscGSM.exe
  C:\Windows\System\BnscGSM.exe
  2⤵
  PID:6948
- C:\Windows\System\LiraMRt.exe
  C:\Windows\System\LiraMRt.exe
  2⤵
  PID:6972
- C:\Windows\System\txGRJVx.exe
  C:\Windows\System\txGRJVx.exe
  2⤵
  PID:7012
- C:\Windows\System\LjDMpQp.exe
  C:\Windows\System\LjDMpQp.exe
  2⤵
  PID:7028
- C:\Windows\System\fxGNYEq.exe
  C:\Windows\System\fxGNYEq.exe
  2⤵
  PID:7096
- C:\Windows\System\fvvxhOq.exe
  C:\Windows\System\fvvxhOq.exe
  2⤵
  PID:7128
- C:\Windows\System\gvHZYGC.exe
  C:\Windows\System\gvHZYGC.exe
  2⤵
  PID:7148
- C:\Windows\System\vhKEDyN.exe
  C:\Windows\System\vhKEDyN.exe
  2⤵
  PID:7152
- C:\Windows\System\DDSEjmj.exe
  C:\Windows\System\DDSEjmj.exe
  2⤵
  PID:6084
- C:\Windows\System\uTbtwSd.exe
  C:\Windows\System\uTbtwSd.exe
  2⤵
  PID:5252
- C:\Windows\System\oUDJera.exe
  C:\Windows\System\oUDJera.exe
  2⤵
  PID:5204
- C:\Windows\System\ApxguMW.exe
  C:\Windows\System\ApxguMW.exe
  2⤵
  PID:2012
- C:\Windows\System\LYOayCL.exe
  C:\Windows\System\LYOayCL.exe
  2⤵
  PID:6148
- C:\Windows\System\frNHFtK.exe
  C:\Windows\System\frNHFtK.exe
  2⤵
  PID:6212
- C:\Windows\System\UcEmkbb.exe
  C:\Windows\System\UcEmkbb.exe
  2⤵
  PID:6304
- C:\Windows\System\pSNdwId.exe
  C:\Windows\System\pSNdwId.exe
  2⤵
  PID:6352
- C:\Windows\System\zLWELzq.exe
  C:\Windows\System\zLWELzq.exe
  2⤵
  PID:6444
- C:\Windows\System\QVGvhKQ.exe
  C:\Windows\System\QVGvhKQ.exe
  2⤵
  PID:6452
- C:\Windows\System\tbBNOJI.exe
  C:\Windows\System\tbBNOJI.exe
  2⤵
  PID:6504
- C:\Windows\System\BdtPRzu.exe
  C:\Windows\System\BdtPRzu.exe
  2⤵
  PID:6572
- C:\Windows\System\KyxlgLY.exe
  C:\Windows\System\KyxlgLY.exe
  2⤵
  PID:6588
- C:\Windows\System\pVYPTSX.exe
  C:\Windows\System\pVYPTSX.exe
  2⤵
  PID:6636
- C:\Windows\System\wBmLdlR.exe
  C:\Windows\System\wBmLdlR.exe
  2⤵
  PID:6708
- C:\Windows\System\CKNosDM.exe
  C:\Windows\System\CKNosDM.exe
  2⤵
  PID:6736
- C:\Windows\System\QpYrbXM.exe
  C:\Windows\System\QpYrbXM.exe
  2⤵
  PID:6848
- C:\Windows\System\LhgiyBI.exe
  C:\Windows\System\LhgiyBI.exe
  2⤵
  PID:6856
- C:\Windows\System\DpwIyXd.exe
  C:\Windows\System\DpwIyXd.exe
  2⤵
  PID:6928
- C:\Windows\System\AZdIcEz.exe
  C:\Windows\System\AZdIcEz.exe
  2⤵
  PID:3980
- C:\Windows\System\jLprWTM.exe
  C:\Windows\System\jLprWTM.exe
  2⤵
  PID:6992
- C:\Windows\System\MkOvYMQ.exe
  C:\Windows\System\MkOvYMQ.exe
  2⤵
  PID:7056
- C:\Windows\System\fZxEoiP.exe
  C:\Windows\System\fZxEoiP.exe
  2⤵
  PID:7076
- C:\Windows\System\fWXnWVW.exe
  C:\Windows\System\fWXnWVW.exe
  2⤵
  PID:7112
- C:\Windows\System\BPefHFg.exe
  C:\Windows\System\BPefHFg.exe
  2⤵
  PID:4636
- C:\Windows\System\JRnhqtY.exe
  C:\Windows\System\JRnhqtY.exe
  2⤵
  PID:5164
- C:\Windows\System\eeKnbJr.exe
  C:\Windows\System\eeKnbJr.exe
  2⤵
  PID:5324
- C:\Windows\System\xJWDkhA.exe
  C:\Windows\System\xJWDkhA.exe
  2⤵
  PID:1612
- C:\Windows\System\rZFMDQy.exe
  C:\Windows\System\rZFMDQy.exe
  2⤵
  PID:2448
- C:\Windows\System\PpvfyAh.exe
  C:\Windows\System\PpvfyAh.exe
  2⤵
  PID:4696
- C:\Windows\System\ABjQZye.exe
  C:\Windows\System\ABjQZye.exe
  2⤵
  PID:1592
- C:\Windows\System\CrdhoTf.exe
  C:\Windows\System\CrdhoTf.exe
  2⤵
  PID:2644
- C:\Windows\System\ZTDRUpZ.exe
  C:\Windows\System\ZTDRUpZ.exe
  2⤵
  PID:2396
- C:\Windows\System\sdrVzuL.exe
  C:\Windows\System\sdrVzuL.exe
  2⤵
  PID:1968
- C:\Windows\System\eoIsxou.exe
  C:\Windows\System\eoIsxou.exe
  2⤵
  PID:1324
- C:\Windows\System\XDEbUsA.exe
  C:\Windows\System\XDEbUsA.exe
  2⤵
  PID:2120
- C:\Windows\System\PMkmnOu.exe
  C:\Windows\System\PMkmnOu.exe
  2⤵
  PID:1788
- C:\Windows\System\itJJQeO.exe
  C:\Windows\System\itJJQeO.exe
  2⤵
  PID:6172
- C:\Windows\System\yNtSXdT.exe
  C:\Windows\System\yNtSXdT.exe
  2⤵
  PID:6228
- C:\Windows\System\VRjuqKN.exe
  C:\Windows\System\VRjuqKN.exe
  2⤵
  PID:6408
- C:\Windows\System\JzdHFih.exe
  C:\Windows\System\JzdHFih.exe
  2⤵
  PID:6604
- C:\Windows\System\AlqKnes.exe
  C:\Windows\System\AlqKnes.exe
  2⤵
  PID:6676
- C:\Windows\System\eRKdroA.exe
  C:\Windows\System\eRKdroA.exe
  2⤵
  PID:6796
- C:\Windows\System\cVUGlIP.exe
  C:\Windows\System\cVUGlIP.exe
  2⤵
  PID:348
- C:\Windows\System\zCyZVVD.exe
  C:\Windows\System\zCyZVVD.exe
  2⤵
  PID:6968
- C:\Windows\System\bscPptc.exe
  C:\Windows\System\bscPptc.exe
  2⤵
  PID:6932
- C:\Windows\System\sjsEcrJ.exe
  C:\Windows\System\sjsEcrJ.exe
  2⤵
  PID:6908
- C:\Windows\System\aYiwWVx.exe
  C:\Windows\System\aYiwWVx.exe
  2⤵
  PID:6996
- C:\Windows\System\dgnjLQS.exe
  C:\Windows\System\dgnjLQS.exe
  2⤵
  PID:2748
- C:\Windows\System\yvosJRY.exe
  C:\Windows\System\yvosJRY.exe
  2⤵
  PID:7088
- C:\Windows\System\JYVuvlq.exe
  C:\Windows\System\JYVuvlq.exe
  2⤵
  PID:6064
- C:\Windows\System\SBjwJVR.exe
  C:\Windows\System\SBjwJVR.exe
  2⤵
  PID:3056
- C:\Windows\System\qOLYNWo.exe
  C:\Windows\System\qOLYNWo.exe
  2⤵
  PID:4140
- C:\Windows\System\asrXlJS.exe
  C:\Windows\System\asrXlJS.exe
  2⤵
  PID:1964
- C:\Windows\System\UsFFXZA.exe
  C:\Windows\System\UsFFXZA.exe
  2⤵
  PID:716
- C:\Windows\System\ySUqJPY.exe
  C:\Windows\System\ySUqJPY.exe
  2⤵
  PID:2248
- C:\Windows\System\rwcFAQL.exe
  C:\Windows\System\rwcFAQL.exe
  2⤵
  PID:2912
- C:\Windows\System\cZGTXgZ.exe
  C:\Windows\System\cZGTXgZ.exe
  2⤵
  PID:828
- C:\Windows\System\mgHUZWg.exe
  C:\Windows\System\mgHUZWg.exe
  2⤵
  PID:904
- C:\Windows\System\KXrbZqX.exe
  C:\Windows\System\KXrbZqX.exe
  2⤵
  PID:6188
- C:\Windows\System\lqEeBgs.exe
  C:\Windows\System\lqEeBgs.exe
  2⤵
  PID:6348
- C:\Windows\System\yYdoFul.exe
  C:\Windows\System\yYdoFul.exe
  2⤵
  PID:1412
- C:\Windows\System\OsNLaJs.exe
  C:\Windows\System\OsNLaJs.exe
  2⤵
  PID:7180
- C:\Windows\System\RpOikfZ.exe
  C:\Windows\System\RpOikfZ.exe
  2⤵
  PID:7196
- C:\Windows\System\yuhcmRe.exe
  C:\Windows\System\yuhcmRe.exe
  2⤵
  PID:7212
- C:\Windows\System\eBSMFKz.exe
  C:\Windows\System\eBSMFKz.exe
  2⤵
  PID:7232
- C:\Windows\System\HVxxrtM.exe
  C:\Windows\System\HVxxrtM.exe
  2⤵
  PID:7312
- C:\Windows\System\tOZQtZa.exe
  C:\Windows\System\tOZQtZa.exe
  2⤵
  PID:7352
- C:\Windows\System\NsqxhIt.exe
  C:\Windows\System\NsqxhIt.exe
  2⤵
  PID:7368
- C:\Windows\System\eBCyTRN.exe
  C:\Windows\System\eBCyTRN.exe
  2⤵
  PID:7388
- C:\Windows\System\TmcsREg.exe
  C:\Windows\System\TmcsREg.exe
  2⤵
  PID:7408
- C:\Windows\System\DAwQjts.exe
  C:\Windows\System\DAwQjts.exe
  2⤵
  PID:7432
- C:\Windows\System\LcuPKGd.exe
  C:\Windows\System\LcuPKGd.exe
  2⤵
  PID:7452
- C:\Windows\System\VNzWieR.exe
  C:\Windows\System\VNzWieR.exe
  2⤵
  PID:7472
- C:\Windows\System\gKFpCjZ.exe
  C:\Windows\System\gKFpCjZ.exe
  2⤵
  PID:7488
- C:\Windows\System\byyYovB.exe
  C:\Windows\System\byyYovB.exe
  2⤵
  PID:7516
- C:\Windows\System\jEzxlZN.exe
  C:\Windows\System\jEzxlZN.exe
  2⤵
  PID:7532
- C:\Windows\System\XDPgLVu.exe
  C:\Windows\System\XDPgLVu.exe
  2⤵
  PID:7548
- C:\Windows\System\HonKBxQ.exe
  C:\Windows\System\HonKBxQ.exe
  2⤵
  PID:7564
- C:\Windows\System\pjoQVIx.exe
  C:\Windows\System\pjoQVIx.exe
  2⤵
  PID:7584
- C:\Windows\System\jdRVJjV.exe
  C:\Windows\System\jdRVJjV.exe
  2⤵
  PID:7600
- C:\Windows\System\qvASQYy.exe
  C:\Windows\System\qvASQYy.exe
  2⤵
  PID:7616
- C:\Windows\System\SFAEalX.exe
  C:\Windows\System\SFAEalX.exe
  2⤵
  PID:7632
- C:\Windows\System\mYczSQt.exe
  C:\Windows\System\mYczSQt.exe
  2⤵
  PID:7652
- C:\Windows\System\wduyiEV.exe
  C:\Windows\System\wduyiEV.exe
  2⤵
  PID:7668
- C:\Windows\System\IDHMJZx.exe
  C:\Windows\System\IDHMJZx.exe
  2⤵
  PID:7688
- C:\Windows\System\guuiSDP.exe
  C:\Windows\System\guuiSDP.exe
  2⤵
  PID:7704
- C:\Windows\System\vJaRKfF.exe
  C:\Windows\System\vJaRKfF.exe
  2⤵
  PID:7756
- C:\Windows\System\yhiomWY.exe
  C:\Windows\System\yhiomWY.exe
  2⤵
  PID:7772
- C:\Windows\System\cDgHzEg.exe
  C:\Windows\System\cDgHzEg.exe
  2⤵
  PID:7792
- C:\Windows\System\AWsvgyc.exe
  C:\Windows\System\AWsvgyc.exe
  2⤵
  PID:7808
- C:\Windows\System\xhYsPwJ.exe
  C:\Windows\System\xhYsPwJ.exe
  2⤵
  PID:7828
- C:\Windows\System\lGWYiRU.exe
  C:\Windows\System\lGWYiRU.exe
  2⤵
  PID:7848
- C:\Windows\System\JyZFZeV.exe
  C:\Windows\System\JyZFZeV.exe
  2⤵
  PID:7864
- C:\Windows\System\NqfAuyn.exe
  C:\Windows\System\NqfAuyn.exe
  2⤵
  PID:7884
- C:\Windows\System\ZKKoemp.exe
  C:\Windows\System\ZKKoemp.exe
  2⤵
  PID:7900
- C:\Windows\System\SBEHugv.exe
  C:\Windows\System\SBEHugv.exe
  2⤵
  PID:7920
- C:\Windows\System\IAXltny.exe
  C:\Windows\System\IAXltny.exe
  2⤵
  PID:7936
- C:\Windows\System\sNZbFHj.exe
  C:\Windows\System\sNZbFHj.exe
  2⤵
  PID:7980
- C:\Windows\System\oulIIYV.exe
  C:\Windows\System\oulIIYV.exe
  2⤵
  PID:7996
- C:\Windows\System\ZSMajMi.exe
  C:\Windows\System\ZSMajMi.exe
  2⤵
  PID:8016
- C:\Windows\System\VWfqfun.exe
  C:\Windows\System\VWfqfun.exe
  2⤵
  PID:8032
- C:\Windows\System\wfpbtUF.exe
  C:\Windows\System\wfpbtUF.exe
  2⤵
  PID:8048
- C:\Windows\System\BgkIlUd.exe
  C:\Windows\System\BgkIlUd.exe
  2⤵
  PID:8068
- C:\Windows\System\lVCVBrV.exe
  C:\Windows\System\lVCVBrV.exe
  2⤵
  PID:8096
- C:\Windows\System\mEqSWOg.exe
  C:\Windows\System\mEqSWOg.exe
  2⤵
  PID:8112
- C:\Windows\System\xhbpwmr.exe
  C:\Windows\System\xhbpwmr.exe
  2⤵
  PID:8136
- C:\Windows\System\XNIdWgw.exe
  C:\Windows\System\XNIdWgw.exe
  2⤵
  PID:8156
- C:\Windows\System\rYvHqgw.exe
  C:\Windows\System\rYvHqgw.exe
  2⤵
  PID:8176
- C:\Windows\System\XuqXtlO.exe
  C:\Windows\System\XuqXtlO.exe
  2⤵
  PID:6876
- C:\Windows\System\IsjdLAO.exe
  C:\Windows\System\IsjdLAO.exe
  2⤵
  PID:6952
- C:\Windows\System\yCvhEZd.exe
  C:\Windows\System\yCvhEZd.exe
  2⤵
  PID:6936
- C:\Windows\System\yjGqDAp.exe
  C:\Windows\System\yjGqDAp.exe
  2⤵
  PID:2700
- C:\Windows\System\kRIFory.exe
  C:\Windows\System\kRIFory.exe
  2⤵
  PID:700
- C:\Windows\System\iIxZXck.exe
  C:\Windows\System\iIxZXck.exe
  2⤵
  PID:1104
- C:\Windows\System\AuiTMDz.exe
  C:\Windows\System\AuiTMDz.exe
  2⤵
  PID:7192
- C:\Windows\System\TrFUfeY.exe
  C:\Windows\System\TrFUfeY.exe
  2⤵
  PID:1312
- C:\Windows\System\XNddEZt.exe
  C:\Windows\System\XNddEZt.exe
  2⤵
  PID:7172
- C:\Windows\System\WLukmRR.exe
  C:\Windows\System\WLukmRR.exe
  2⤵
  PID:1652
- C:\Windows\System\IaGadqi.exe
  C:\Windows\System\IaGadqi.exe
  2⤵
  PID:7204
- C:\Windows\System\DUETggw.exe
  C:\Windows\System\DUETggw.exe
  2⤵
  PID:5752
- C:\Windows\System\FHVHyjI.exe
  C:\Windows\System\FHVHyjI.exe
  2⤵
  PID:6776
- C:\Windows\System\kyeQMTz.exe
  C:\Windows\System\kyeQMTz.exe
  2⤵
  PID:6528
- C:\Windows\System\zSDmmVL.exe
  C:\Windows\System\zSDmmVL.exe
  2⤵
  PID:7272
- C:\Windows\System\eHrMwHu.exe
  C:\Windows\System\eHrMwHu.exe
  2⤵
  PID:7280
- C:\Windows\System\uZSRHVY.exe
  C:\Windows\System\uZSRHVY.exe
  2⤵
  PID:7300
- C:\Windows\System\UZsodZI.exe
  C:\Windows\System\UZsodZI.exe
  2⤵
  PID:7336
- C:\Windows\System\pKgnwxZ.exe
  C:\Windows\System\pKgnwxZ.exe
  2⤵
  PID:7376
- C:\Windows\System\lzxHTYs.exe
  C:\Windows\System\lzxHTYs.exe
  2⤵
  PID:7400
- C:\Windows\System\VxWkPCe.exe
  C:\Windows\System\VxWkPCe.exe
  2⤵
  PID:7420
- C:\Windows\System\HixWHCt.exe
  C:\Windows\System\HixWHCt.exe
  2⤵
  PID:7464
- C:\Windows\System\iKGhhXE.exe
  C:\Windows\System\iKGhhXE.exe
  2⤵
  PID:7448
- C:\Windows\System\UlkFSdv.exe
  C:\Windows\System\UlkFSdv.exe
  2⤵
  PID:7676
- C:\Windows\System\OwdvYUI.exe
  C:\Windows\System\OwdvYUI.exe
  2⤵
  PID:7720
- C:\Windows\System\ZGENAim.exe
  C:\Windows\System\ZGENAim.exe
  2⤵
  PID:7736
- C:\Windows\System\BPAluAk.exe
  C:\Windows\System\BPAluAk.exe
  2⤵
  PID:7556
- C:\Windows\System\LXINDty.exe
  C:\Windows\System\LXINDty.exe
  2⤵
  PID:7660
- C:\Windows\System\JzdAYiE.exe
  C:\Windows\System\JzdAYiE.exe
  2⤵
  PID:7716
- C:\Windows\System\TZoSFcm.exe
  C:\Windows\System\TZoSFcm.exe
  2⤵
  PID:7816
- C:\Windows\System\cWBdjbV.exe
  C:\Windows\System\cWBdjbV.exe
  2⤵
  PID:7860
- C:\Windows\System\WmYeBiT.exe
  C:\Windows\System\WmYeBiT.exe
  2⤵
  PID:7928
- C:\Windows\System\lFoDrhU.exe
  C:\Windows\System\lFoDrhU.exe
  2⤵
  PID:7880
- C:\Windows\System\kBzaWWk.exe
  C:\Windows\System\kBzaWWk.exe
  2⤵
  PID:7840
- C:\Windows\System\SPCdUor.exe
  C:\Windows\System\SPCdUor.exe
  2⤵
  PID:7976
- C:\Windows\System\aPWGMzD.exe
  C:\Windows\System\aPWGMzD.exe
  2⤵
  PID:8028
- C:\Windows\System\cnBPMxd.exe
  C:\Windows\System\cnBPMxd.exe
  2⤵
  PID:8044
- C:\Windows\System\KJfZlSC.exe
  C:\Windows\System\KJfZlSC.exe
  2⤵
  PID:8060
- C:\Windows\System\cekPRUl.exe
  C:\Windows\System\cekPRUl.exe
  2⤵
  PID:8088
- C:\Windows\System\rQaWGHT.exe
  C:\Windows\System\rQaWGHT.exe
  2⤵
  PID:8132
- C:\Windows\System\JmqaaVq.exe
  C:\Windows\System\JmqaaVq.exe
  2⤵
  PID:8184
- C:\Windows\System\RCLNeRV.exe
  C:\Windows\System\RCLNeRV.exe
  2⤵
  PID:6412
- C:\Windows\System\INHgysA.exe
  C:\Windows\System\INHgysA.exe
  2⤵
  PID:8172
- C:\Windows\System\WaGtygr.exe
  C:\Windows\System\WaGtygr.exe
  2⤵
  PID:7264
- C:\Windows\System\qIaxJoJ.exe
  C:\Windows\System\qIaxJoJ.exe
  2⤵
  PID:5484
- C:\Windows\System\zLYYpBZ.exe
  C:\Windows\System\zLYYpBZ.exe
  2⤵
  PID:7364
- C:\Windows\System\ETGIDjs.exe
  C:\Windows\System\ETGIDjs.exe
  2⤵
  PID:7468
- C:\Windows\System\nkAeyuT.exe
  C:\Windows\System\nkAeyuT.exe
  2⤵
  PID:7228
- C:\Windows\System\zbsMvHU.exe
  C:\Windows\System\zbsMvHU.exe
  2⤵
  PID:6548
- C:\Windows\System\QhwPvWj.exe
  C:\Windows\System\QhwPvWj.exe
  2⤵
  PID:6868
- C:\Windows\System\hpBBUYy.exe
  C:\Windows\System\hpBBUYy.exe
  2⤵
  PID:2184
- C:\Windows\System\CtiwlgY.exe
  C:\Windows\System\CtiwlgY.exe
  2⤵
  PID:5684
- C:\Windows\System\nCXkIaX.exe
  C:\Windows\System\nCXkIaX.exe
  2⤵
  PID:7396
- C:\Windows\System\fzkTVaQ.exe
  C:\Windows\System\fzkTVaQ.exe
  2⤵
  PID:7508
- C:\Windows\System\cPSbBgs.exe
  C:\Windows\System\cPSbBgs.exe
  2⤵
  PID:7524
- C:\Windows\System\ldTbWEu.exe
  C:\Windows\System\ldTbWEu.exe
  2⤵
  PID:7608
- C:\Windows\System\FsrHGUg.exe
  C:\Windows\System\FsrHGUg.exe
  2⤵
  PID:7648
- C:\Windows\System\ZcVdRER.exe
  C:\Windows\System\ZcVdRER.exe
  2⤵
  PID:7872
- C:\Windows\System\HHEbvMg.exe
  C:\Windows\System\HHEbvMg.exe
  2⤵
  PID:7964
- C:\Windows\System\UKrPDZf.exe
  C:\Windows\System\UKrPDZf.exe
  2⤵
  PID:7780
- C:\Windows\System\QyxiXTy.exe
  C:\Windows\System\QyxiXTy.exe
  2⤵
  PID:7804
- C:\Windows\System\pfXwVKC.exe
  C:\Windows\System\pfXwVKC.exe
  2⤵
  PID:7972
- C:\Windows\System\OgwPMAw.exe
  C:\Windows\System\OgwPMAw.exe
  2⤵
  PID:7992
- C:\Windows\System\wbybWWO.exe
  C:\Windows\System\wbybWWO.exe
  2⤵
  PID:8076
- C:\Windows\System\BNuZAfw.exe
  C:\Windows\System\BNuZAfw.exe
  2⤵
  PID:8128
- C:\Windows\System\bYZrLlq.exe
  C:\Windows\System\bYZrLlq.exe
  2⤵
  PID:1364
- C:\Windows\System\UyhMpsl.exe
  C:\Windows\System\UyhMpsl.exe
  2⤵
  PID:6468
- C:\Windows\System\CEyBRRC.exe
  C:\Windows\System\CEyBRRC.exe
  2⤵
  PID:5124
- C:\Windows\System\yflBwmL.exe
  C:\Windows\System\yflBwmL.exe
  2⤵
  PID:7208
- C:\Windows\System\RZPpFGb.exe
  C:\Windows\System\RZPpFGb.exe
  2⤵
  PID:7540
- C:\Windows\System\NAmCbNg.exe
  C:\Windows\System\NAmCbNg.exe
  2⤵
  PID:7644
- C:\Windows\System\OYtVcAs.exe
  C:\Windows\System\OYtVcAs.exe
  2⤵
  PID:7700
- C:\Windows\System\Eqhgrkg.exe
  C:\Windows\System\Eqhgrkg.exe
  2⤵
  PID:7592
- C:\Windows\System\OTDGHNE.exe
  C:\Windows\System\OTDGHNE.exe
  2⤵
  PID:7384
- C:\Windows\System\fWaoEIV.exe
  C:\Windows\System\fWaoEIV.exe
  2⤵
  PID:7544
- C:\Windows\System\jnYYEAU.exe
  C:\Windows\System\jnYYEAU.exe
  2⤵
  PID:7596
- C:\Windows\System\UjpjfPw.exe
  C:\Windows\System\UjpjfPw.exe
  2⤵
  PID:7896
- C:\Windows\System\cyTeuFC.exe
  C:\Windows\System\cyTeuFC.exe
  2⤵
  PID:664
- C:\Windows\System\LrfAIFF.exe
  C:\Windows\System\LrfAIFF.exe
  2⤵
  PID:7240
- C:\Windows\System\XtNZDtt.exe
  C:\Windows\System\XtNZDtt.exe
  2⤵
  PID:7428
- C:\Windows\System\ETgjFvU.exe
  C:\Windows\System\ETgjFvU.exe
  2⤵
  PID:7444
- C:\Windows\System\ZwTVRxm.exe
  C:\Windows\System\ZwTVRxm.exe
  2⤵
  PID:7960
- C:\Windows\System\NjVAHrd.exe
  C:\Windows\System\NjVAHrd.exe
  2⤵
  PID:6544
- C:\Windows\System\bHQaVkU.exe
  C:\Windows\System\bHQaVkU.exe
  2⤵
  PID:8168
- C:\Windows\System\cASbCTY.exe
  C:\Windows\System\cASbCTY.exe
  2⤵
  PID:7360
- C:\Windows\System\gjXBbGq.exe
  C:\Windows\System\gjXBbGq.exe
  2⤵
  PID:6272
- C:\Windows\System\OdnQmmB.exe
  C:\Windows\System\OdnQmmB.exe
  2⤵
  PID:8108
- C:\Windows\System\YCHsjow.exe
  C:\Windows\System\YCHsjow.exe
  2⤵
  PID:7956
- C:\Windows\System\PwuqseP.exe
  C:\Windows\System\PwuqseP.exe
  2⤵
  PID:8040
- C:\Windows\System\KYIKwQX.exe
  C:\Windows\System\KYIKwQX.exe
  2⤵
  PID:7348
- C:\Windows\System\laTTEFL.exe
  C:\Windows\System\laTTEFL.exe
  2⤵
  PID:7628
- C:\Windows\System\FJtXBBU.exe
  C:\Windows\System\FJtXBBU.exe
  2⤵
  PID:8152
- C:\Windows\System\BoCGDsx.exe
  C:\Windows\System\BoCGDsx.exe
  2⤵
  PID:7752
- C:\Windows\System\kcxVvXP.exe
  C:\Windows\System\kcxVvXP.exe
  2⤵
  PID:7988
- C:\Windows\System\EEDIoDU.exe
  C:\Windows\System\EEDIoDU.exe
  2⤵
  PID:8208
- C:\Windows\System\JhWgBdR.exe
  C:\Windows\System\JhWgBdR.exe
  2⤵
  PID:8228
- C:\Windows\System\psbgZhi.exe
  C:\Windows\System\psbgZhi.exe
  2⤵
  PID:8272
- C:\Windows\System\dgspNQf.exe
  C:\Windows\System\dgspNQf.exe
  2⤵
  PID:8288
- C:\Windows\System\zZacXeN.exe
  C:\Windows\System\zZacXeN.exe
  2⤵
  PID:8304
- C:\Windows\System\TfILxAH.exe
  C:\Windows\System\TfILxAH.exe
  2⤵
  PID:8332
- C:\Windows\System\ipObkCf.exe
  C:\Windows\System\ipObkCf.exe
  2⤵
  PID:8352
- C:\Windows\System\MmUEXZM.exe
  C:\Windows\System\MmUEXZM.exe
  2⤵
  PID:8372
- C:\Windows\System\MWAhqtS.exe
  C:\Windows\System\MWAhqtS.exe
  2⤵
  PID:8392
- C:\Windows\System\qHjAQhp.exe
  C:\Windows\System\qHjAQhp.exe
  2⤵
  PID:8412
- C:\Windows\System\oOafubP.exe
  C:\Windows\System\oOafubP.exe
  2⤵
  PID:8428
- C:\Windows\System\RcwHjDN.exe
  C:\Windows\System\RcwHjDN.exe
  2⤵
  PID:8444
- C:\Windows\System\uBWMgrS.exe
  C:\Windows\System\uBWMgrS.exe
  2⤵
  PID:8464
- C:\Windows\System\lGHCfyv.exe
  C:\Windows\System\lGHCfyv.exe
  2⤵
  PID:8488
- C:\Windows\System\zcHTdYR.exe
  C:\Windows\System\zcHTdYR.exe
  2⤵
  PID:8508
- C:\Windows\System\rNaqxfK.exe
  C:\Windows\System\rNaqxfK.exe
  2⤵
  PID:8532
- C:\Windows\System\pQYIbyR.exe
  C:\Windows\System\pQYIbyR.exe
  2⤵
  PID:8556
- C:\Windows\System\repNsZx.exe
  C:\Windows\System\repNsZx.exe
  2⤵
  PID:8576
- C:\Windows\System\spGlsmj.exe
  C:\Windows\System\spGlsmj.exe
  2⤵
  PID:8592
- C:\Windows\System\WsJWuic.exe
  C:\Windows\System\WsJWuic.exe
  2⤵
  PID:8612
- C:\Windows\System\mYrIAFI.exe
  C:\Windows\System\mYrIAFI.exe
  2⤵
  PID:8632
- C:\Windows\System\yVjlywj.exe
  C:\Windows\System\yVjlywj.exe
  2⤵
  PID:8648
- C:\Windows\System\ByDjvpe.exe
  C:\Windows\System\ByDjvpe.exe
  2⤵
  PID:8672
- C:\Windows\System\iFKMEeq.exe
  C:\Windows\System\iFKMEeq.exe
  2⤵
  PID:8700
- C:\Windows\System\oTTLaFm.exe
  C:\Windows\System\oTTLaFm.exe
  2⤵
  PID:8716
- C:\Windows\System\NtgmEWO.exe
  C:\Windows\System\NtgmEWO.exe
  2⤵
  PID:8732
- C:\Windows\System\jSpPQVh.exe
  C:\Windows\System\jSpPQVh.exe
  2⤵
  PID:8760
- C:\Windows\System\KEReZhq.exe
  C:\Windows\System\KEReZhq.exe
  2⤵
  PID:8776
- C:\Windows\System\BGagYjA.exe
  C:\Windows\System\BGagYjA.exe
  2⤵
  PID:8792
- C:\Windows\System\WZUdFTP.exe
  C:\Windows\System\WZUdFTP.exe
  2⤵
  PID:8808
- C:\Windows\System\wSRaZkC.exe
  C:\Windows\System\wSRaZkC.exe
  2⤵
  PID:8828
- C:\Windows\System\nRNwAZR.exe
  C:\Windows\System\nRNwAZR.exe
  2⤵
  PID:8852
- C:\Windows\System\zFYpnhK.exe
  C:\Windows\System\zFYpnhK.exe
  2⤵
  PID:8868
- C:\Windows\System\eyPFJbD.exe
  C:\Windows\System\eyPFJbD.exe
  2⤵
  PID:8884
- C:\Windows\System\DIQBGDn.exe
  C:\Windows\System\DIQBGDn.exe
  2⤵
  PID:8916
- C:\Windows\System\VLUTMDY.exe
  C:\Windows\System\VLUTMDY.exe
  2⤵
  PID:8932
- C:\Windows\System\eOaoqZZ.exe
  C:\Windows\System\eOaoqZZ.exe
  2⤵
  PID:8948
- C:\Windows\System\lkZoASq.exe
  C:\Windows\System\lkZoASq.exe
  2⤵
  PID:8968
- C:\Windows\System\DWaUZBJ.exe
  C:\Windows\System\DWaUZBJ.exe
  2⤵
  PID:8992
- C:\Windows\System\FGWHXGF.exe
  C:\Windows\System\FGWHXGF.exe
  2⤵
  PID:9016
- C:\Windows\System\uOKAddn.exe
  C:\Windows\System\uOKAddn.exe
  2⤵
  PID:9036
- C:\Windows\System\uJLTgWz.exe
  C:\Windows\System\uJLTgWz.exe
  2⤵
  PID:9056
- C:\Windows\System\DFnJwqT.exe
  C:\Windows\System\DFnJwqT.exe
  2⤵
  PID:9076
- C:\Windows\System\RToskhd.exe
  C:\Windows\System\RToskhd.exe
  2⤵
  PID:9092
- C:\Windows\System\AWoMCts.exe
  C:\Windows\System\AWoMCts.exe
  2⤵
  PID:9112
- C:\Windows\System\CcpASAh.exe
  C:\Windows\System\CcpASAh.exe
  2⤵
  PID:9128
- C:\Windows\System\fOUSBIv.exe
  C:\Windows\System\fOUSBIv.exe
  2⤵
  PID:9144
- C:\Windows\System\MumFsjR.exe
  C:\Windows\System\MumFsjR.exe
  2⤵
  PID:9168
- C:\Windows\System\LIDJMhl.exe
  C:\Windows\System\LIDJMhl.exe
  2⤵
  PID:9188
- C:\Windows\System\JotXNZI.exe
  C:\Windows\System\JotXNZI.exe
  2⤵
  PID:7696
- C:\Windows\System\PaNHxfj.exe
  C:\Windows\System\PaNHxfj.exe
  2⤵
  PID:8236
- C:\Windows\System\hJmKLWH.exe
  C:\Windows\System\hJmKLWH.exe
  2⤵
  PID:6772
- C:\Windows\System\SpPgBDV.exe
  C:\Windows\System\SpPgBDV.exe
  2⤵
  PID:8224
- C:\Windows\System\gCUNYgS.exe
  C:\Windows\System\gCUNYgS.exe
  2⤵
  PID:8248
- C:\Windows\System\GpyunMx.exe
  C:\Windows\System\GpyunMx.exe
  2⤵
  PID:7968
- C:\Windows\System\uGAVFkb.exe
  C:\Windows\System\uGAVFkb.exe
  2⤵
  PID:8300
- C:\Windows\System\JKkctWv.exe
  C:\Windows\System\JKkctWv.exe
  2⤵
  PID:8380
- C:\Windows\System\tARYLaC.exe
  C:\Windows\System\tARYLaC.exe
  2⤵
  PID:8360
- C:\Windows\System\JoxysPy.exe
  C:\Windows\System\JoxysPy.exe
  2⤵
  PID:8456
- C:\Windows\System\qdcnpTC.exe
  C:\Windows\System\qdcnpTC.exe
  2⤵
  PID:8436
- C:\Windows\System\WOcjkSn.exe
  C:\Windows\System\WOcjkSn.exe
  2⤵
  PID:8476
- C:\Windows\System\TCyNYWi.exe
  C:\Windows\System\TCyNYWi.exe
  2⤵
  PID:8540
- C:\Windows\System\PAoTvlU.exe
  C:\Windows\System\PAoTvlU.exe
  2⤵
  PID:8516
- C:\Windows\System\WwcCUJE.exe
  C:\Windows\System\WwcCUJE.exe
  2⤵
  PID:8564
- C:\Windows\System\btxwWoh.exe
  C:\Windows\System\btxwWoh.exe
  2⤵
  PID:8604
- C:\Windows\System\GZqtfbG.exe
  C:\Windows\System\GZqtfbG.exe
  2⤵
  PID:8660
- C:\Windows\System\mohCfDp.exe
  C:\Windows\System\mohCfDp.exe
  2⤵
  PID:8680
- C:\Windows\System\YOpXFCg.exe
  C:\Windows\System\YOpXFCg.exe
  2⤵
  PID:8688
- C:\Windows\System\irrNNLX.exe
  C:\Windows\System\irrNNLX.exe
  2⤵
  PID:8744
- C:\Windows\System\MPVUiqq.exe
  C:\Windows\System\MPVUiqq.exe
  2⤵
  PID:8756
- C:\Windows\System\iWHauze.exe
  C:\Windows\System\iWHauze.exe
  2⤵
  PID:8824
- C:\Windows\System\SMbZYGq.exe
  C:\Windows\System\SMbZYGq.exe
  2⤵
  PID:8772
- C:\Windows\System\MNwLEPm.exe
  C:\Windows\System\MNwLEPm.exe
  2⤵
  PID:8864
- C:\Windows\System\TfGbauj.exe
  C:\Windows\System\TfGbauj.exe
  2⤵
  PID:8908
- C:\Windows\System\HLFMlEl.exe
  C:\Windows\System\HLFMlEl.exe
  2⤵
  PID:8940
- C:\Windows\System\vZhRVGU.exe
  C:\Windows\System\vZhRVGU.exe
  2⤵
  PID:8976
- C:\Windows\System\VeYzmhV.exe
  C:\Windows\System\VeYzmhV.exe
  2⤵
  PID:9032
- C:\Windows\System\gIjndNq.exe
  C:\Windows\System\gIjndNq.exe
  2⤵
  PID:9100
- C:\Windows\System\DOFsdJX.exe
  C:\Windows\System\DOFsdJX.exe
  2⤵
  PID:9140
- C:\Windows\System\MsjWoob.exe
  C:\Windows\System\MsjWoob.exe
  2⤵
  PID:8204
- C:\Windows\System\ObrMNbt.exe
  C:\Windows\System\ObrMNbt.exe
  2⤵
  PID:9044
- C:\Windows\System\YpsGRqk.exe
  C:\Windows\System\YpsGRqk.exe
  2⤵
  PID:9124
- C:\Windows\System\ZMKAxXb.exe
  C:\Windows\System\ZMKAxXb.exe
  2⤵
  PID:9164
- C:\Windows\System\kkqdmYT.exe
  C:\Windows\System\kkqdmYT.exe
  2⤵
  PID:9204
- C:\Windows\System\MBqUgNu.exe
  C:\Windows\System\MBqUgNu.exe
  2⤵
  PID:7328
- C:\Windows\System\YjZePZg.exe
  C:\Windows\System\YjZePZg.exe
  2⤵
  PID:8260
- C:\Windows\System\alviIVE.exe
  C:\Windows\System\alviIVE.exe
  2⤵
  PID:8216
- C:\Windows\System\zPZHymr.exe
  C:\Windows\System\zPZHymr.exe
  2⤵
  PID:8344
- C:\Windows\System\zBUyRHB.exe
  C:\Windows\System\zBUyRHB.exe
  2⤵
  PID:8440
- C:\Windows\System\PNzPOnO.exe
  C:\Windows\System\PNzPOnO.exe
  2⤵
  PID:8484
- C:\Windows\System\NceMtVe.exe
  C:\Windows\System\NceMtVe.exe
  2⤵
  PID:8520
- C:\Windows\System\GbyHeme.exe
  C:\Windows\System\GbyHeme.exe
  2⤵
  PID:8708
- C:\Windows\System\oaaHMBg.exe
  C:\Windows\System\oaaHMBg.exe
  2⤵
  PID:8620
- C:\Windows\System\jDWGAOh.exe
  C:\Windows\System\jDWGAOh.exe
  2⤵
  PID:8752
- C:\Windows\System\YlEdwSF.exe
  C:\Windows\System\YlEdwSF.exe
  2⤵
  PID:8748
- C:\Windows\System\RLpxzOQ.exe
  C:\Windows\System\RLpxzOQ.exe
  2⤵
  PID:8836
- C:\Windows\System\IZlKQOe.exe
  C:\Windows\System\IZlKQOe.exe
  2⤵
  PID:8896
- C:\Windows\System\hWnMfuR.exe
  C:\Windows\System\hWnMfuR.exe
  2⤵
  PID:8904
- C:\Windows\System\SIlGbbd.exe
  C:\Windows\System\SIlGbbd.exe
  2⤵
  PID:8956
- C:\Windows\System\XFnAjBI.exe
  C:\Windows\System\XFnAjBI.exe
  2⤵
  PID:9024
- C:\Windows\System\BOdZVGN.exe
  C:\Windows\System\BOdZVGN.exe
  2⤵
  PID:9184
- C:\Windows\System\vjRbzok.exe
  C:\Windows\System\vjRbzok.exe
  2⤵
  PID:9004
- C:\Windows\System\fBHsDhG.exe
  C:\Windows\System\fBHsDhG.exe
  2⤵
  PID:9088
- C:\Windows\System\LgEHQNA.exe
  C:\Windows\System\LgEHQNA.exe
  2⤵
  PID:7640
- C:\Windows\System\RqyKPEk.exe
  C:\Windows\System\RqyKPEk.exe
  2⤵
  PID:8244
- C:\Windows\System\zEcbPBI.exe
  C:\Windows\System\zEcbPBI.exe
  2⤵
  PID:8424
- C:\Windows\System\rQfMZWL.exe
  C:\Windows\System\rQfMZWL.exe
  2⤵
  PID:8404
- C:\Windows\System\kJOqTDl.exe
  C:\Windows\System\kJOqTDl.exe
  2⤵
  PID:8524
- C:\Windows\System\OUlpLUP.exe
  C:\Windows\System\OUlpLUP.exe
  2⤵
  PID:8316
- C:\Windows\System\QUpRgOh.exe
  C:\Windows\System\QUpRgOh.exe
  2⤵
  PID:8640
- C:\Windows\System\AcYdoJM.exe
  C:\Windows\System\AcYdoJM.exe
  2⤵
  PID:8552
- C:\Windows\System\eeYywfN.exe
  C:\Windows\System\eeYywfN.exe
  2⤵
  PID:8988
- C:\Windows\System\FiPjcZw.exe
  C:\Windows\System\FiPjcZw.exe
  2⤵
  PID:9072
- C:\Windows\System\IPPKNcf.exe
  C:\Windows\System\IPPKNcf.exe
  2⤵
  PID:9104
- C:\Windows\System\iFsZZOf.exe
  C:\Windows\System\iFsZZOf.exe
  2⤵
  PID:9160
- C:\Windows\System\EJxGlQp.exe
  C:\Windows\System\EJxGlQp.exe
  2⤵
  PID:9200
- C:\Windows\System\NIflaSl.exe
  C:\Windows\System\NIflaSl.exe
  2⤵
  PID:8384
- C:\Windows\System\sfzUYhm.exe
  C:\Windows\System\sfzUYhm.exe
  2⤵
  PID:8348
- C:\Windows\System\KtqoUqr.exe
  C:\Windows\System\KtqoUqr.exe
  2⤵
  PID:8572
- C:\Windows\System\KVyvnQp.exe
  C:\Windows\System\KVyvnQp.exe
  2⤵
  PID:8724
- C:\Windows\System\QdVjcCg.exe
  C:\Windows\System\QdVjcCg.exe
  2⤵
  PID:8860
- C:\Windows\System\LXVJGWx.exe
  C:\Windows\System\LXVJGWx.exe
  2⤵
  PID:8312
- C:\Windows\System\ANPwGmB.exe
  C:\Windows\System\ANPwGmB.exe
  2⤵
  PID:8240
- C:\Windows\System\hFNMjin.exe
  C:\Windows\System\hFNMjin.exe
  2⤵
  PID:8400
- C:\Windows\System\kjvBIAX.exe
  C:\Windows\System\kjvBIAX.exe
  2⤵
  PID:8684
- C:\Windows\System\MNEyEsV.exe
  C:\Windows\System\MNEyEsV.exe
  2⤵
  PID:8804
- C:\Windows\System\AieENkd.exe
  C:\Windows\System\AieENkd.exe
  2⤵
  PID:8944
- C:\Windows\System\gBppUSS.exe
  C:\Windows\System\gBppUSS.exe
  2⤵
  PID:7188
- C:\Windows\System\ucXvJyI.exe
  C:\Windows\System\ucXvJyI.exe
  2⤵
  PID:8624
- C:\Windows\System\fpBPlLM.exe
  C:\Windows\System\fpBPlLM.exe
  2⤵
  PID:8964
- C:\Windows\System\IsYCvHL.exe
  C:\Windows\System\IsYCvHL.exe
  2⤵
  PID:9236
- C:\Windows\System\nXmpGdj.exe
  C:\Windows\System\nXmpGdj.exe
  2⤵
  PID:9252
- C:\Windows\System\aKDAWGi.exe
  C:\Windows\System\aKDAWGi.exe
  2⤵
  PID:9284
- C:\Windows\System\YQTBUcn.exe
  C:\Windows\System\YQTBUcn.exe
  2⤵
  PID:9300
- C:\Windows\System\WqIuVVg.exe
  C:\Windows\System\WqIuVVg.exe
  2⤵
  PID:9316
- C:\Windows\System\WqkgRLV.exe
  C:\Windows\System\WqkgRLV.exe
  2⤵
  PID:9332
- C:\Windows\System\DWRNyxs.exe
  C:\Windows\System\DWRNyxs.exe
  2⤵
  PID:9352
- C:\Windows\System\AEcIHhx.exe
  C:\Windows\System\AEcIHhx.exe
  2⤵
  PID:9368
- C:\Windows\System\TomQoYK.exe
  C:\Windows\System\TomQoYK.exe
  2⤵
  PID:9384
- C:\Windows\System\OcKmVSM.exe
  C:\Windows\System\OcKmVSM.exe
  2⤵
  PID:9400
- C:\Windows\System\yMXnuOw.exe
  C:\Windows\System\yMXnuOw.exe
  2⤵
  PID:9416
- C:\Windows\System\ttHPMRz.exe
  C:\Windows\System\ttHPMRz.exe
  2⤵
  PID:9432
- C:\Windows\System\ijvBPre.exe
  C:\Windows\System\ijvBPre.exe
  2⤵
  PID:9452
- C:\Windows\System\KLxYuTt.exe
  C:\Windows\System\KLxYuTt.exe
  2⤵
  PID:9468
- C:\Windows\System\jBFXRIO.exe
  C:\Windows\System\jBFXRIO.exe
  2⤵
  PID:9488
- C:\Windows\System\Wddcxyn.exe
  C:\Windows\System\Wddcxyn.exe
  2⤵
  PID:9508
- C:\Windows\System\vAggkwP.exe
  C:\Windows\System\vAggkwP.exe
  2⤵
  PID:9572
- C:\Windows\System\RQTzYex.exe
  C:\Windows\System\RQTzYex.exe
  2⤵
  PID:9588
- C:\Windows\System\LuYOnLt.exe
  C:\Windows\System\LuYOnLt.exe
  2⤵
  PID:9604
- C:\Windows\System\eHPuuOo.exe
  C:\Windows\System\eHPuuOo.exe
  2⤵
  PID:9620
- C:\Windows\System\KXzoCtn.exe
  C:\Windows\System\KXzoCtn.exe
  2⤵
  PID:9640
- C:\Windows\System\VTbMzAp.exe
  C:\Windows\System\VTbMzAp.exe
  2⤵
  PID:9668
- C:\Windows\System\kyhxtdr.exe
  C:\Windows\System\kyhxtdr.exe
  2⤵
  PID:9692
- C:\Windows\System\KeEZjja.exe
  C:\Windows\System\KeEZjja.exe
  2⤵
  PID:9712
- C:\Windows\System\BUInRUQ.exe
  C:\Windows\System\BUInRUQ.exe
  2⤵
  PID:9736
- C:\Windows\System\YImHlQw.exe
  C:\Windows\System\YImHlQw.exe
  2⤵
  PID:9752
- C:\Windows\System\FXYgAFc.exe
  C:\Windows\System\FXYgAFc.exe
  2⤵
  PID:9772
- C:\Windows\System\IQPXhiZ.exe
  C:\Windows\System\IQPXhiZ.exe
  2⤵
  PID:9788
- C:\Windows\System\LWowvtB.exe
  C:\Windows\System\LWowvtB.exe
  2⤵
  PID:9804
- C:\Windows\System\AmvQxaU.exe
  C:\Windows\System\AmvQxaU.exe
  2⤵
  PID:9828
- C:\Windows\System\QIVXJIk.exe
  C:\Windows\System\QIVXJIk.exe
  2⤵
  PID:9852
- C:\Windows\System\ZLMNcUr.exe
  C:\Windows\System\ZLMNcUr.exe
  2⤵
  PID:9872
- C:\Windows\System\LRTwnJk.exe
  C:\Windows\System\LRTwnJk.exe
  2⤵
  PID:9892
- C:\Windows\System\TlaAuoe.exe
  C:\Windows\System\TlaAuoe.exe
  2⤵
  PID:9912
- C:\Windows\System\OrmpUYF.exe
  C:\Windows\System\OrmpUYF.exe
  2⤵
  PID:9932
- C:\Windows\System\JkIVcDH.exe
  C:\Windows\System\JkIVcDH.exe
  2⤵
  PID:9956
- C:\Windows\System\qyYjXNx.exe
  C:\Windows\System\qyYjXNx.exe
  2⤵
  PID:9976
- C:\Windows\System\VuMkEHK.exe
  C:\Windows\System\VuMkEHK.exe
  2⤵
  PID:9996
- C:\Windows\System\MVLYWlj.exe
  C:\Windows\System\MVLYWlj.exe
  2⤵
  PID:10016
- C:\Windows\System\BbqtJcQ.exe
  C:\Windows\System\BbqtJcQ.exe
  2⤵
  PID:10036
- C:\Windows\System\orpAFdq.exe
  C:\Windows\System\orpAFdq.exe
  2⤵
  PID:10056
- C:\Windows\System\lWjbfhT.exe
  C:\Windows\System\lWjbfhT.exe
  2⤵
  PID:10076
- C:\Windows\System\xCbcvuW.exe
  C:\Windows\System\xCbcvuW.exe
  2⤵
  PID:10092
- C:\Windows\System\RiKVYsD.exe
  C:\Windows\System\RiKVYsD.exe
  2⤵
  PID:10112
- C:\Windows\System\VIMsIXX.exe
  C:\Windows\System\VIMsIXX.exe
  2⤵
  PID:10128
- C:\Windows\System\FAXJcig.exe
  C:\Windows\System\FAXJcig.exe
  2⤵
  PID:10148
- C:\Windows\System\vMgEGvk.exe
  C:\Windows\System\vMgEGvk.exe
  2⤵
  PID:10164
- C:\Windows\System\dvPnNya.exe
  C:\Windows\System\dvPnNya.exe
  2⤵
  PID:10180
- C:\Windows\System\vNtcAkr.exe
  C:\Windows\System\vNtcAkr.exe
  2⤵
  PID:10196
- C:\Windows\System\eAguxKG.exe
  C:\Windows\System\eAguxKG.exe
  2⤵
  PID:10212
- C:\Windows\System\NvmEWXJ.exe
  C:\Windows\System\NvmEWXJ.exe
  2⤵
  PID:10232
- C:\Windows\System\LTLaZDQ.exe
  C:\Windows\System\LTLaZDQ.exe
  2⤵
  PID:9232
- C:\Windows\System\CkSCPBD.exe
  C:\Windows\System\CkSCPBD.exe
  2⤵
  PID:9260
- C:\Windows\System\aEPHQLL.exe
  C:\Windows\System\aEPHQLL.exe
  2⤵
  PID:9312
- C:\Windows\System\hYvhJWG.exe
  C:\Windows\System\hYvhJWG.exe
  2⤵
  PID:9052
- C:\Windows\System\jSrQEpz.exe
  C:\Windows\System\jSrQEpz.exe
  2⤵
  PID:9328
- C:\Windows\System\EPnQgzd.exe
  C:\Windows\System\EPnQgzd.exe
  2⤵
  PID:9440
- C:\Windows\System\bXJIiGe.exe
  C:\Windows\System\bXJIiGe.exe
  2⤵
  PID:9484
- C:\Windows\System\HosUXSH.exe
  C:\Windows\System\HosUXSH.exe
  2⤵
  PID:9500
- C:\Windows\System\nztbBiK.exe
  C:\Windows\System\nztbBiK.exe
  2⤵
  PID:9396
- C:\Windows\System\hTAdznt.exe
  C:\Windows\System\hTAdznt.exe
  2⤵
  PID:9532
- C:\Windows\System\QzABkaz.exe
  C:\Windows\System\QzABkaz.exe
  2⤵
  PID:9560
- C:\Windows\System\bieSFZJ.exe
  C:\Windows\System\bieSFZJ.exe
  2⤵
  PID:9584
- C:\Windows\System\WGlKRTW.exe
  C:\Windows\System\WGlKRTW.exe
  2⤵
  PID:9616
- C:\Windows\System\DVuUvHq.exe
  C:\Windows\System\DVuUvHq.exe
  2⤵
  PID:9676
- C:\Windows\System\tekzoME.exe
  C:\Windows\System\tekzoME.exe
  2⤵
  PID:9656
- C:\Windows\System\POusaAE.exe
  C:\Windows\System\POusaAE.exe
  2⤵
  PID:9720
- C:\Windows\System\nZlJoXu.exe
  C:\Windows\System\nZlJoXu.exe
  2⤵
  PID:9728
- C:\Windows\System\ERpgBMA.exe
  C:\Windows\System\ERpgBMA.exe
  2⤵
  PID:9760
- C:\Windows\System\btPUgJg.exe
  C:\Windows\System\btPUgJg.exe
  2⤵
  PID:9784
- C:\Windows\System\OyRTSIA.exe
  C:\Windows\System\OyRTSIA.exe
  2⤵
  PID:9840
- C:\Windows\System\bpDeTDL.exe
  C:\Windows\System\bpDeTDL.exe
  2⤵
  PID:9880
- C:\Windows\System\ZJmNpej.exe
  C:\Windows\System\ZJmNpej.exe
  2⤵
  PID:9908
- C:\Windows\System\TOwjNmD.exe
  C:\Windows\System\TOwjNmD.exe
  2⤵
  PID:9940
- C:\Windows\System\jqtUadH.exe
  C:\Windows\System\jqtUadH.exe
  2⤵
  PID:9964
- C:\Windows\System\KxIiZNx.exe
  C:\Windows\System\KxIiZNx.exe
  2⤵
  PID:9988
- C:\Windows\System\sqBmOlw.exe
  C:\Windows\System\sqBmOlw.exe
  2⤵
  PID:10024
- C:\Windows\System\pyCsjNe.exe
  C:\Windows\System\pyCsjNe.exe
  2⤵
  PID:10048
- C:\Windows\System\GaYFNZi.exe
  C:\Windows\System\GaYFNZi.exe
  2⤵
  PID:10100
- C:\Windows\System\BNEApRO.exe
  C:\Windows\System\BNEApRO.exe
  2⤵
  PID:10120
- C:\Windows\System\LEUmSCq.exe
  C:\Windows\System\LEUmSCq.exe
  2⤵
  PID:10176
- C:\Windows\System\wusgKcN.exe
  C:\Windows\System\wusgKcN.exe
  2⤵
  PID:10160
- C:\Windows\System\rvrqVDn.exe
  C:\Windows\System\rvrqVDn.exe
  2⤵
  PID:10220
- C:\Windows\System\nmQCCEx.exe
  C:\Windows\System\nmQCCEx.exe
  2⤵
  PID:9220
- C:\Windows\System\evrWtiE.exe
  C:\Windows\System\evrWtiE.exe
  2⤵
  PID:9244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BsrZViM.exe

Filesize
6.0MB

MD5
00a677c3114a808552b6f1ae114e9c3a

SHA1
afdf7049b84638d7bba63cfdfe68484e494a8e48

SHA256
17ced551d5947501c8505796d41857581edcf326531a2da5cfbe647ac13281fd

SHA512
c394a81dfa8ce4a9df8afd49f4782ab950a8dab8044a34ebff382a5d56804da138b6ab4fcd7513b8c4f10492dc810cc3f966d32dfb803299c74a3067432ec3ad

Download Submit
C:\Windows\system\DTiKBeu.exe

Filesize
6.0MB

MD5
ee0d37e5d5e6ff7ca496bd9c5a0fd8f5

SHA1
f37f54d2642de0156f32d513e42054339e4ed087

SHA256
d48ace1e4469d79bf559e65af05bd867fa52151c344ad5ac67daaeffc6bd7e4d

SHA512
fcbf9285ac46f0ce15034d76a7be2c03cc88f7129ea47b35dcea78832c6965fe0f5abd66eb10f9cef27f0c0af0c5bd2e308f4ad2aeff85569608cebff926ce5b

Download Submit
C:\Windows\system\EqkxiCI.exe

Filesize
6.0MB

MD5
6b9bd7fd5161ea2fc7c8b49ee1dacdd1

SHA1
f6108d5e0db9d2393ff01b9338d1b42d00aa4a08

SHA256
de21320ea6cc89899dacaa413bcc96ae62d82cccd315be7f85104d5f9a8f9f3a

SHA512
f7c4c1e8c72a962386b8877766266c3542b32904a0cd5d84952d0a1f54bd695d473a356df7a4ca39555f4bd4261656b13822c83783e1350f91ea22024b2af48c

Download Submit
C:\Windows\system\JjnRiCF.exe

Filesize
6.0MB

MD5
468f3a8d63efd58c33ff251f5a4619b0

SHA1
56038386621b0c1e32b3ba4e63c121cff2918527

SHA256
37c8b763c6bd389392ddba2d3ee14611ed803cbb94331d74c144dba7ba13f201

SHA512
79d2e38a26dfc5d15a1e1cef4d376fbd0d1c4b06352ef25f9e67afada1ab3d76daa2cb49625d2358feb01a796e87da43aeb5f67afa7964d10c94ae95a5607e53

Download Submit
C:\Windows\system\MxBBISO.exe

Filesize
6.0MB

MD5
4aaf10f8281e86b62a3b51047574f02e

SHA1
9b8f2527cf69f8b07b05a4ff214445fe86005c97

SHA256
5fd4b9fc965ad353cbe73f76c201fbf22dd1bc4d26625fa92e5c02aa9f665906

SHA512
943c2dbc133d1b6b3280aee2358fe275b52b16666550e61bb9066f7e64fb5aaae6369ce26343ae285daf1ca58d46765a8c85839583f4e25797a787407b507943

Download Submit
C:\Windows\system\NfdGipn.exe

Filesize
6.0MB

MD5
b08974913ddde0fab959520854fbec65

SHA1
bed10977ac35c946b972d06a5cefd7ed85bb16bf

SHA256
96acd344a50e0c257cb8ee5fdec661c9122c9491f1d0d0b33d93c9af671c1714

SHA512
5c787cd708dfb871758c0847c134699ce86b26783493efe2781a7c5e089b74e2fc0d442d7978f6206c4da3727da58ec0be49dc5877d997ed0e4731b57117c58c

Download Submit
C:\Windows\system\QWERAOh.exe

Filesize
6.0MB

MD5
7d4d4e9946198cc4bb95cd0c866947a8

SHA1
c04c1239747728c575a8f92ea69c9fc5371c80fc

SHA256
595926ae64cb031de56f08a4a8907fe1490f19e4cd1cf99efd65b9a0eefbe041

SHA512
a3abb9465df0279496a51b6f04541fecd6f2202a356dd863ca42013fb967f43a4bdf80d9eaaafef8c1234ac4f496af459f201017e2e4923ff0dbeec07fdc0920

Download Submit
C:\Windows\system\TQnvVzl.exe

Filesize
6.0MB

MD5
d9af02ac8148f0cae56922b6875a3946

SHA1
66f3a478abb073fab9a962c5a34a27171b703518

SHA256
1fe6aac7d1db487135c1d1a7aa5db2a52fb3d50f185e9ee41dd4dfe2a3242127

SHA512
2330ef81b01290d05c52009421f4a5a491a25da6db61920fbd206a00e09a5a07184e902caaf238c0850f685af51f278f578c89993d6e62b360d6810938e4f999

Download Submit
C:\Windows\system\TmudWIs.exe

Filesize
6.0MB

MD5
7d2adf71fb2ba1e14cc14af18f6beb45

SHA1
0a0e6c98b0916b406fde64220345876d125b075e

SHA256
f9380b37e5a3969d0b48a7aa66aa5af4bb34cab3efa592079787555db492c8ff

SHA512
f5f7e3fdd2da3167de7dad4feff4f7d95341869d6f039f3c4101b1263df5038d17b812d3395a29d190e76785d38d50e1561df3b0cea3bcf75d61b7f599e7cdad

Download Submit
C:\Windows\system\VeRcTRI.exe

Filesize
6.0MB

MD5
aa794c7632161f96b4674a8e312f31d7

SHA1
8d3dce80c8484517982e8c2da0cb39f6bb20cd32

SHA256
84d95f07627a94f49acf93cca4390762ff46a46c9450f4d8dec2112b37b745e3

SHA512
41841faa93ce2c748bc17102b463db9622c17abdbd94d4ac8796fab73326a7737f426886fc41ae53f73f09b04a8f67eeae41a455f922ccf231a0426e7b2d85ab

Download Submit
C:\Windows\system\asnTjEq.exe

Filesize
6.0MB

MD5
da8d3e473a07aadd804c0cd400cd10ed

SHA1
27f25a9fa4081e066f51e18e1b5d011f78c43cab

SHA256
4d2324a89edff2828e2d62e72987a1a59ab7e3df0cced16bf1e7768ed5fb8a31

SHA512
8fa42722d76e092484f51d7130eb86819d11cd12070d76f62498909949a6e7b9f0aaa497153f9d12d7b6b25fd128233e8f3e97dc258b25b87ba71ba56ac4ee6b

Download Submit
C:\Windows\system\bNEfgAH.exe

Filesize
6.0MB

MD5
c79f80943cdedcfab2b307d48eabb054

SHA1
40cdf22212066f01af225ab369208e67f5861b58

SHA256
d4b93f2c33e6401184a1c02ebf9d5664ec39c235d6db67e170d276972fa6dbf5

SHA512
21c2a5c528c2375bd545657a000b8e02bb1e6084e1e6754954e55700f52d41b6664a8c803cc40390215b27f8d623128ba6a0fd1ff6a24d89d36e5a27d7c36fd0

Download Submit
C:\Windows\system\bwdLssz.exe

Filesize
6.0MB

MD5
cd168eecd96ee76193f0d5fde6db094e

SHA1
421f8ed2cef40992bd897507ac6ed618c37a628e

SHA256
a01112dddd52813ae70961f2fde7bbd4053b743d578ba4fdd1c7a5f7f59fa075

SHA512
0d18784e1b43ca04654132f0543b260e18ac1fa480ce4e8c2c655ba6857f86957b4813ab48afa57cdf3fd6d218c2f0d57db4c15afd8faadf255d2ef9a8253985

Download Submit
C:\Windows\system\fYEnsOG.exe

Filesize
6.0MB

MD5
c95f3d223101105ec3dae080c3c966ee

SHA1
75dc11d2dfce95f76bc7a17467586d6ecc712c48

SHA256
48393ab04f12048259186ac090d4f57df58a6411a0c8bd05701611c754b9bd09

SHA512
b08e134bd45e1895802742e3b5f4afc911283e3ab102c79a5b161ef7d7700c2d6ada6380fb64a58508120bb9a78c01e65353494d1943010296aab6802690f77d

Download Submit
C:\Windows\system\fpQRUSp.exe

Filesize
6.0MB

MD5
47b6ab0d735af9c065149ed15e9dfe8c

SHA1
eec1b8c55007052e0f69e66a56005b0d26013893

SHA256
9a7d05479d619ad803565c99ffc2ab9689d7474c4b89a574a6e6ad0088b10cda

SHA512
57915a3353ea8fa2210e6e220104a56fdb24bded7cd8fc4a07d68dffbdc82255938574cb425bcf8bc67f1b0d6b5c33e9edecd59587cdea0099fdac7459dfb503

Download Submit
C:\Windows\system\gnqtYmQ.exe

Filesize
6.0MB

MD5
57d43fd9448c0a128c1f9d4898b7b500

SHA1
a4094e98d7a718888e591b9b6a6e4ed67f79d0cf

SHA256
0b1655056bf105aedce09a21802288c1201e91c4c864408af7375781829ee377

SHA512
be6be525eaf7dc5418c70f00506cb36298b1c9a0ac5ff5025721d57d1ae19371f7311be550a2c0a51d8d97ef72e48655d90f3b4904b7d0ef7adca1d6574e7ae5

Download Submit
C:\Windows\system\gzgccji.exe

Filesize
6.0MB

MD5
9227c405ab2e8437ad4f477d69168192

SHA1
0179d22028a68ea233eea7ad8625b67476bbb498

SHA256
8b344d7d88ae7a95e73bbd52e505caf034f861145cbf86214c33c05942e03084

SHA512
457ea702d8ff54376c36e38a5e6783658227bef8fca8f5cbc25ffade06d1a7fefb9574ea3f67c4ae7b327e3257758c816427ee772509d6eca1d75ef7d1e76346

Download Submit
C:\Windows\system\lAdOVLq.exe

Filesize
6.0MB

MD5
ccc540391a532df2f0d55018fc830bd3

SHA1
f5822cf9be7019766f4deb97a589ab2cee6e59b2

SHA256
a3437b3673aad08d72072bd02f02dd1fd766e1f706eb9742936c867669825f54

SHA512
fd31de9b3bbfde06457d2c928f1c3a67992b15c9f359692a5fb3f550b2705ae4a17a832e9b01894fe547c5619a3f2dbf6db604ed4efe8d39c6431b4b16b1ad1b

Download Submit
C:\Windows\system\masYOlm.exe

Filesize
6.0MB

MD5
a85e01c0e8df52345027748a955a7749

SHA1
cd1be2abfe71309a80f4850871a42a23be95782f

SHA256
8e8f7d997b3244933cbb4bfa9d10fcea555a9fe18ac57d7fc1483c4d96cf6369

SHA512
b9867ca378f631063931a4ac524c5da53be1ff15fbf0dbdeaac433bf4151bdd656e9701120bffb24af8b62ab7c1c9b35f838580dd94b99ac4d8b65576388f4b4

Download Submit
C:\Windows\system\nFouTXc.exe

Filesize
6.0MB

MD5
0d3c3710975a1340a3e59cad1a987a4c

SHA1
4cb07081eb2807e93a40209bd6c7b1669cdd2aa9

SHA256
d97eb723d670cb737c9706f283c3fce254a4137c3857908ceac7a365566dce25

SHA512
026a365048785d35ac341630f0a57175461dae18e540cab3769c60969ab71091fa945c4310a2fb825576b81c4b3dc5f30aaeee25e5098bcfe226e92117ecf41d

Download Submit
C:\Windows\system\nXMsmwz.exe

Filesize
6.0MB

MD5
9ac409f6b79e145a4b11c3f891fa7b14

SHA1
6647c84bf34e633b9107eedc3ed999557f7190fc

SHA256
abab4c5c33284c8a8167a820893ee5387a5083a92a586512b32b02def6efeeba

SHA512
768fb0e263ba1177ec6b96cb09c1ef894ff3600a3a73f7ba3e4c61188067bdd39477b05dcbf1a91f1214fc14b5dde400421de5bf67c0a19c7d6c68af5ba8d0d4

Download Submit
C:\Windows\system\oVQTMkw.exe

Filesize
6.0MB

MD5
ac2df3483682815e5adc58277ae45574

SHA1
063bdafd46585254e1ff8bf55a4c1adee94cdcea

SHA256
2ed089b0e0a5140004de2664c16eab8035d318658fd264b9f52c44ee7a80bcb9

SHA512
8b3df1818d9065b803c8e7f2cdee56403b0dc44fab6301c35e22246cf8a4632e89c291c6b2612c299459e73e58f6a2493e8e7c66eaf18440febdeb00ecaeed6a

Download Submit
C:\Windows\system\qwazXte.exe

Filesize
8B

MD5
0e2f112759ace4dc2318b56e106c368a

SHA1
d11cacad615d3989e684fd093f05620ad28d9421

SHA256
cc5e7ac355e449615582009b5d0f076e53530d843c17eb48880569ae6a08a27c

SHA512
ba1c3525391686e8333aaae9eaed655da2973438501764f5adbdd8c71065d824a7a76da37cc8f91bb4aba3687c50ffd7e3041b3c6737139bf48f6719a66d0dea

Download Submit
C:\Windows\system\rJHTKFi.exe

Filesize
6.0MB

MD5
48d32337b0b4b1cd6184734de935c1e0

SHA1
6a4e4455823bf141dfc2d889faf0417cc699d2cd

SHA256
a213ddde8e5681d1675b7422bb8ccbdfce826d16548e3b17c58add4c904cb6b9

SHA512
930cf7bd36ec7385b3786b1113fdf3072aa7f591181183e94b956c88f7ce11ddb40becd234f4665bac2381a73deb5706566bd212589d1f468c2f03222d2f3911

Download Submit
C:\Windows\system\rTrWTqe.exe

Filesize
6.0MB

MD5
8abee6ec6727338e9c8b59cc14673286

SHA1
735fd7def3d4c6dcdf5436d148871fad6d4142fc

SHA256
8fe0faaa5f1b87a4cbf34fd9e421514554e3a498cfc24f187dc1cd1cd72169aa

SHA512
a04d71c5130b3c33fc761818a15375bd79319c56f9553f44b7a803ae2010308e767f0ce14a9ff7335f2262d0714a43c3482f5e706be862dba60fbe88e9d2c958

Download Submit
C:\Windows\system\rzoEizy.exe

Filesize
6.0MB

MD5
94167cf79c7f4e5482213f5ff297dc2d

SHA1
dd94268b8bb848e285ac142cb95415b7a622dc40

SHA256
101b472352bb016714038e5f18115508bd1cc38f433ae7e54db458c8322c712b

SHA512
3f8597538c39b3648b777e236af0111a5d5657c02b8e66ff0e4fd04719b870473668d0e186a63c80e93e5613fab9d9deadbaaa5e80b5aecc1a18e89651f58255

Download Submit
C:\Windows\system\tPPlHZu.exe

Filesize
6.0MB

MD5
e7bbfd5425aee53c7adeaf401b0a12cb

SHA1
61c88fa1aeea2a193455c2e516fff6fe6a17e1d5

SHA256
29baa6d7f3c32b373c0cb50049ebb3eee75f17f8da4b82e8331cec23defe6a11

SHA512
3144b7467e9f1ab85722dced1ad7b02564e3ec9d0b4f5c5d620682085e6fce2a55190e2e0476353f7550b69d0c46ee74f67a4d8f9665697c6bcc50aea414f350

Download Submit
C:\Windows\system\tfAPSfI.exe

Filesize
6.0MB

MD5
32ffa4409a7b8b4f3464cb805607dd71

SHA1
64496121daab9c69a725dc20eb9ca992aa31feb7

SHA256
eb6a9b7dd8c41390e35538313d1ffbb56a729ba99343742575a1d71095213fde

SHA512
295ccc80ba1645381736fc906b1ea802816e276c97dce907ef9b442b3ff6806def0acda773e88fe3eb7c987bac4bce4b3df5d68a1fae053a2ac91b23f491b03b

Download Submit
C:\Windows\system\vgfqOze.exe

Filesize
6.0MB

MD5
02662be3ae3e0e6a0a4c4ea2ce4e60b0

SHA1
a5a92567c028766c4764369ce69dcde3943f262d

SHA256
f0189f5a31cd1d9025269fd7b2460bce12d7a82801088318eabf30ee72fbe1e4

SHA512
7cd8a875119329786aa8e0aaba4dadda1bc941341344bcb7ba36d8e2310f42a547c12fb4b0633ef46fd4bd4fe69ee6c3d5e3daeb9e0fe9a1371b7084e7ffbe4f

Download Submit
C:\Windows\system\xTzLQJX.exe

Filesize
6.0MB

MD5
4205e792196d4d631be50415121ed666

SHA1
5ee66f829d2fa41510ec128a2e3c9cae103f178c

SHA256
e96dc75d4f95fb6d04ec1b0d72e95dc4f3a71fc39c6c88dd00925b090e76dc16

SHA512
9ac3bbc03d71607e540d50a100b53081d3af60bf935fb867b7e4bfe9cdd368c837d26edac56dca4c3a820d99614444e6ecf4719115c7d1f4113f7e9b5ac58aa9

Download Submit
\Windows\system\uWQzDMO.exe

Filesize
6.0MB

MD5
41bcf5df0add555bcf7bb426e4fd3057

SHA1
902f2b8ae2dc2380624222238ffdb58994a3f333

SHA256
8d5557e07d71baff76522dcda5b4374e19034f6821fa57cb6567c4bdfc9c5668

SHA512
b7207a8fe6a451bb03cf1ea4f0674addd31a72ca8bf6a726f5ffeb6846a07465a064a73122e5c59cd231480b3af76bf7f0bacbe50f06e8edb0046211c8666700

Download Submit
\Windows\system\usJjhmo.exe

Filesize
6.0MB

MD5
eaf24dabfbf3313d0b9d14ea2d850c24

SHA1
d4c62e93e46db85cacfb5e290e484a3331564946

SHA256
19130676f7749c0862340d9f34a0666ba6e7ef628022c26bfc2e3613eaf88e84

SHA512
5b3a8cc2dc8600b69e5222c4e51d0062617c5886b2294c02bfb96dbf5013e27e784ad9d66f232f55d206f2765f1ea87433e71240bd3fc07e3d4fa4ab6f92e92b

Download Submit
\Windows\system\wVkKAvU.exe

Filesize
6.0MB

MD5
8b07f0c7b857311f24021def0a7cb4a5

SHA1
452aca49e2d4dc36b53e76ee74a9f36951f5b2d2

SHA256
e0a28906b41c030fca61a6c9a8fcea813a9017be83ce0ac480b133fbe3bb531a

SHA512
bb272db538a289ff8383000798a3cc8251928a124c13182fab691064e720c8345abcf0f4674ed3637dfe5f30fa8caf65ecbb553af201755e571d28717a2fea05

Download Submit
memory/1088-29-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/1088-1-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/1088-92-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1088-486-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1088-10-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/1088-68-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/1088-844-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/1088-83-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1088-1019-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/1088-60-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/1088-0-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/1088-45-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1088-52-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1088-683-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1088-17-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/1088-37-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/1088-76-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/1088-100-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/1088-91-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1088-109-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/1088-23-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1088-101-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/1532-95-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1532-3744-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1532-57-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1716-65-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/1716-104-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/1716-3768-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2032-3766-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2032-927-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2032-105-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2288-27-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-3684-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-64-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-3773-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2460-96-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2460-776-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2472-3756-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2472-586-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2472-87-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2480-3749-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2480-72-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2480-193-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2600-86-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-3730-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-35-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2612-3722-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2612-71-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2752-43-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3688-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3656-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2796-13-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2848-56-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2848-3718-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2848-20-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2964-14-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-49-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-3653-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-79-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-3778-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-367-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download