cobaltstrike | fc2f7cbd55a9e5b320dba7b66e183891b38e59d612d0661e0ae91a944fae2e31

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26-12-2024 00:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

266a24d4f5ef2a6bdc711333e036317a
SHA1

e0509e57be648b4efb4b52cb2d13d7e316b78393
SHA256

fc2f7cbd55a9e5b320dba7b66e183891b38e59d612d0661e0ae91a944fae2e31
SHA512

ee5c8c6c759d16f412f1312f2d3fdc2ffe6c8e9e22e27723988644a51563819eb3c6b506ec3505c605e7afe9c8efd4ba3e9387a662faea75388af4574d3d3fd3
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUU:T+q56utgpPF8u/7U

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000016d36-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d47-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d63-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d69-27.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dd9-39.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019227-62.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925e-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d0-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019496-166.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194fc-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ad-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019467-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019438-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019456-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942c-133.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-102.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019379-94.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193ac-106.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939d-98.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a9-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019279-82.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926a-78.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-74.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-66.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018bf3-58.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878c-54.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018781-50.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018742-46.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018731-42.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000016d72-35.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d6d-30.dat	cobalt_reflective_dll
behavioral1/files/0x000b000000012266-6.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2372-0-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d36-8.dat	xmrig
behavioral1/memory/3044-14-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2412-15-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d47-10.dat	xmrig
behavioral1/files/0x0007000000016d63-23.dat	xmrig
behavioral1/files/0x0007000000016d69-27.dat	xmrig
behavioral1/files/0x0008000000016dd9-39.dat	xmrig
behavioral1/files/0x0005000000019227-62.dat	xmrig
behavioral1/files/0x000500000001925e-70.dat	xmrig
behavioral1/files/0x00050000000194d0-167.dat	xmrig
behavioral1/files/0x0005000000019496-166.dat	xmrig
behavioral1/files/0x00050000000194fc-164.dat	xmrig
behavioral1/files/0x000500000001945c-145.dat	xmrig
behavioral1/memory/2892-281-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/1708-402-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2748-400-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2608-398-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2916-396-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2700-394-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2716-392-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2732-279-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2372-1157-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2256-275-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2416-264-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194ef-160.dat	xmrig
behavioral1/files/0x00050000000194ad-154.dat	xmrig
behavioral1/files/0x0005000000019467-148.dat	xmrig
behavioral1/files/0x0005000000019438-142.dat	xmrig
behavioral1/memory/2840-297-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019456-139.dat	xmrig
behavioral1/files/0x000500000001942c-133.dat	xmrig
behavioral1/memory/2780-132-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a4-102.dat	xmrig
behavioral1/files/0x0005000000019379-94.dat	xmrig
behavioral1/files/0x00050000000193ac-106.dat	xmrig
behavioral1/files/0x000500000001939d-98.dat	xmrig
behavioral1/files/0x00050000000192a9-90.dat	xmrig
behavioral1/files/0x0005000000019284-86.dat	xmrig
behavioral1/files/0x0005000000019279-82.dat	xmrig
behavioral1/files/0x000500000001926a-78.dat	xmrig
behavioral1/files/0x0005000000019261-74.dat	xmrig
behavioral1/files/0x000500000001922c-66.dat	xmrig
behavioral1/files/0x0006000000018bf3-58.dat	xmrig
behavioral1/files/0x000500000001878c-54.dat	xmrig
behavioral1/files/0x0005000000018781-50.dat	xmrig
behavioral1/files/0x0005000000018742-46.dat	xmrig
behavioral1/files/0x0007000000018731-42.dat	xmrig
behavioral1/files/0x000a000000016d72-35.dat	xmrig
behavioral1/files/0x0007000000016d6d-30.dat	xmrig
behavioral1/files/0x000b000000012266-6.dat	xmrig
behavioral1/memory/3044-4042-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2412-4041-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2716-4054-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2916-4053-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2892-4052-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2256-4051-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2780-4050-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2608-4049-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2700-4048-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2732-4047-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2748-4046-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2840-4045-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/1708-4044-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2412	yqIengl.exe
3044	GDiDJBf.exe
1708	ZBaLOaO.exe
2780	jskcrcM.exe
2416	xpfvMSH.exe
2256	NODmyXD.exe
2732	hcdHrPA.exe
2892	SMGjMrp.exe
2840	LVJpXVi.exe
2716	wZcbxtb.exe
2700	TrmwqGd.exe
2916	LoLLGYv.exe
2608	uyPTsLs.exe
2748	aHCzFjO.exe
1916	PwQrwbP.exe
2600	lePzszx.exe
2660	FYnWNxy.exe
2340	TXyinvh.exe
2756	oRAkZOH.exe
1084	wnNvCHP.exe
1676	hptxszw.exe
1028	YcPnWXn.exe
2644	PCMapon.exe
2944	kikZAwW.exe
2572	oJZqVmi.exe
2484	bpzfLeD.exe
1716	bPYyLCe.exe
1720	QuxqjlF.exe
1488	hyJNmNP.exe
2288	qnaFRNV.exe
1352	pBqRktF.exe
1408	TxSGizZ.exe
376	ZKXICQl.exe
1212	UdjwTIL.exe
1776	IiqvVts.exe
2436	aMYMgPT.exe
2500	PuFnPmV.exe
584	JMTtPoK.exe
2216	cVmCyod.exe
1036	FDtpsqO.exe
2452	cECnlOW.exe
2236	RUQSUCn.exe
1988	JqdcVKG.exe
1780	XrFsGoD.exe
2836	ruUswrt.exe
2620	OCDwCsX.exe
2596	TPeKkWi.exe
672	DgPcnKN.exe
620	BklpQVu.exe
1924	XaQBtuj.exe
2984	qohJWaL.exe
2680	RpvXyJz.exe
1688	iyCUPYz.exe
1052	reoTqYe.exe
2448	zNPuGtL.exe
2264	jBedlge.exe
1952	CKKFCnX.exe
2828	QUqpyEz.exe
3084	DZdUnol.exe
3116	UHQuAUL.exe
3148	vaRpLIC.exe
3180	WAETYra.exe
3212	uFmwVAw.exe
3244	YkWkYcA.exe

Loads dropped DLL 64 IoCs

pid	Process
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2372-0-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/files/0x0008000000016d36-8.dat	upx
behavioral1/memory/3044-14-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2412-15-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/files/0x0008000000016d47-10.dat	upx
behavioral1/files/0x0007000000016d63-23.dat	upx
behavioral1/files/0x0007000000016d69-27.dat	upx
behavioral1/files/0x0008000000016dd9-39.dat	upx
behavioral1/files/0x0005000000019227-62.dat	upx
behavioral1/files/0x000500000001925e-70.dat	upx
behavioral1/files/0x00050000000194d0-167.dat	upx
behavioral1/files/0x0005000000019496-166.dat	upx
behavioral1/files/0x00050000000194fc-164.dat	upx
behavioral1/files/0x000500000001945c-145.dat	upx
behavioral1/memory/2892-281-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/1708-402-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2748-400-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2608-398-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2916-396-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2700-394-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2716-392-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2732-279-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2372-1157-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2256-275-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2416-264-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/files/0x00050000000194ef-160.dat	upx
behavioral1/files/0x00050000000194ad-154.dat	upx
behavioral1/files/0x0005000000019467-148.dat	upx
behavioral1/files/0x0005000000019438-142.dat	upx
behavioral1/memory/2840-297-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/files/0x0005000000019456-139.dat	upx
behavioral1/files/0x000500000001942c-133.dat	upx
behavioral1/memory/2780-132-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/files/0x00050000000193a4-102.dat	upx
behavioral1/files/0x0005000000019379-94.dat	upx
behavioral1/files/0x00050000000193ac-106.dat	upx
behavioral1/files/0x000500000001939d-98.dat	upx
behavioral1/files/0x00050000000192a9-90.dat	upx
behavioral1/files/0x0005000000019284-86.dat	upx
behavioral1/files/0x0005000000019279-82.dat	upx
behavioral1/files/0x000500000001926a-78.dat	upx
behavioral1/files/0x0005000000019261-74.dat	upx
behavioral1/files/0x000500000001922c-66.dat	upx
behavioral1/files/0x0006000000018bf3-58.dat	upx
behavioral1/files/0x000500000001878c-54.dat	upx
behavioral1/files/0x0005000000018781-50.dat	upx
behavioral1/files/0x0005000000018742-46.dat	upx
behavioral1/files/0x0007000000018731-42.dat	upx
behavioral1/files/0x000a000000016d72-35.dat	upx
behavioral1/files/0x0007000000016d6d-30.dat	upx
behavioral1/files/0x000b000000012266-6.dat	upx
behavioral1/memory/3044-4042-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2412-4041-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2716-4054-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2916-4053-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2892-4052-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2256-4051-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2780-4050-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2608-4049-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2700-4048-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2732-4047-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2748-4046-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2840-4045-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/1708-4044-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\fcSCHJI.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iVHQwit.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kPiMEzg.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZKXICQl.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IyvuaNg.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EWtibHY.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iWDEfPD.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wAbaRVL.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SePuAyn.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oxbZdjJ.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MVZtxEb.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\INHdOAU.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tYsLsCL.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nsrLtdh.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xTLgOEa.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YTmvaZG.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HrJRVcU.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IRyOMQo.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BZzPmxa.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hFOFrbz.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ajnPbsB.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\STkgJHm.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZHYURZS.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KHWPUhX.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sbfRYXt.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MxcEaGS.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YQXUNKL.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vPSCHyG.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rISCHmz.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IMbiVTJ.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tQfZyDB.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oqiXGUE.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zclhoIY.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YkcrrNI.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jwavcaS.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QQhkyNE.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KUYQDhD.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kJtqQBm.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qVpqIFI.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lyHHCtu.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aRSwNpR.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pGlkPqe.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WJcZKXK.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UAXsHgK.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cGKaUQG.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hyJNmNP.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vUJwqAm.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VwpEpGn.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HBOqlQW.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PLfuEGv.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EgWigIi.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hPIfjQi.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\groezTc.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gRPSKUA.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qMRnZkd.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iKUaBid.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MBdOkba.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WmzeCwG.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZyrtOJE.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DPAuQKB.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hEyuxbv.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OCDwCsX.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fETvFvY.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\orOguOI.exe	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 2412	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2372 wrote to memory of 2412	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2372 wrote to memory of 2412	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2372 wrote to memory of 3044	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2372 wrote to memory of 3044	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2372 wrote to memory of 3044	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2372 wrote to memory of 1708	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2372 wrote to memory of 1708	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2372 wrote to memory of 1708	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2372 wrote to memory of 2780	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2372 wrote to memory of 2780	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2372 wrote to memory of 2780	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2372 wrote to memory of 2416	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2372 wrote to memory of 2416	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2372 wrote to memory of 2416	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2372 wrote to memory of 2256	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2372 wrote to memory of 2256	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2372 wrote to memory of 2256	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2372 wrote to memory of 2732	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2372 wrote to memory of 2732	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2372 wrote to memory of 2732	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2372 wrote to memory of 2892	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2372 wrote to memory of 2892	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2372 wrote to memory of 2892	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2372 wrote to memory of 2840	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2372 wrote to memory of 2840	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2372 wrote to memory of 2840	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2372 wrote to memory of 2716	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2372 wrote to memory of 2716	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2372 wrote to memory of 2716	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2372 wrote to memory of 2700	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2372 wrote to memory of 2700	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2372 wrote to memory of 2700	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2372 wrote to memory of 2916	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2372 wrote to memory of 2916	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2372 wrote to memory of 2916	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2372 wrote to memory of 2608	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2372 wrote to memory of 2608	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2372 wrote to memory of 2608	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2372 wrote to memory of 2748	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2372 wrote to memory of 2748	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2372 wrote to memory of 2748	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2372 wrote to memory of 1916	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2372 wrote to memory of 1916	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2372 wrote to memory of 1916	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2372 wrote to memory of 2600	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2372 wrote to memory of 2600	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2372 wrote to memory of 2600	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2372 wrote to memory of 2660	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2372 wrote to memory of 2660	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2372 wrote to memory of 2660	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2372 wrote to memory of 2340	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2372 wrote to memory of 2340	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2372 wrote to memory of 2340	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2372 wrote to memory of 2756	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2372 wrote to memory of 2756	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2372 wrote to memory of 2756	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2372 wrote to memory of 1084	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2372 wrote to memory of 1084	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2372 wrote to memory of 1084	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2372 wrote to memory of 1676	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2372 wrote to memory of 1676	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2372 wrote to memory of 1676	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2372 wrote to memory of 1028	2372	2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-26_266a24d4f5ef2a6bdc711333e036317a_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\System\yqIengl.exe
  C:\Windows\System\yqIengl.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\GDiDJBf.exe
  C:\Windows\System\GDiDJBf.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\ZBaLOaO.exe
  C:\Windows\System\ZBaLOaO.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\jskcrcM.exe
  C:\Windows\System\jskcrcM.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\xpfvMSH.exe
  C:\Windows\System\xpfvMSH.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\NODmyXD.exe
  C:\Windows\System\NODmyXD.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\hcdHrPA.exe
  C:\Windows\System\hcdHrPA.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\SMGjMrp.exe
  C:\Windows\System\SMGjMrp.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\LVJpXVi.exe
  C:\Windows\System\LVJpXVi.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\wZcbxtb.exe
  C:\Windows\System\wZcbxtb.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\TrmwqGd.exe
  C:\Windows\System\TrmwqGd.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\LoLLGYv.exe
  C:\Windows\System\LoLLGYv.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\uyPTsLs.exe
  C:\Windows\System\uyPTsLs.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\aHCzFjO.exe
  C:\Windows\System\aHCzFjO.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\PwQrwbP.exe
  C:\Windows\System\PwQrwbP.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\lePzszx.exe
  C:\Windows\System\lePzszx.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\FYnWNxy.exe
  C:\Windows\System\FYnWNxy.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\TXyinvh.exe
  C:\Windows\System\TXyinvh.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\oRAkZOH.exe
  C:\Windows\System\oRAkZOH.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\wnNvCHP.exe
  C:\Windows\System\wnNvCHP.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\hptxszw.exe
  C:\Windows\System\hptxszw.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\YcPnWXn.exe
  C:\Windows\System\YcPnWXn.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\PCMapon.exe
  C:\Windows\System\PCMapon.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\kikZAwW.exe
  C:\Windows\System\kikZAwW.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\oJZqVmi.exe
  C:\Windows\System\oJZqVmi.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\qohJWaL.exe
  C:\Windows\System\qohJWaL.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\bpzfLeD.exe
  C:\Windows\System\bpzfLeD.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\RpvXyJz.exe
  C:\Windows\System\RpvXyJz.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\bPYyLCe.exe
  C:\Windows\System\bPYyLCe.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\YWqDfav.exe
  C:\Windows\System\YWqDfav.exe
  2⤵
  PID:2956
- C:\Windows\System\QuxqjlF.exe
  C:\Windows\System\QuxqjlF.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\oqiXGUE.exe
  C:\Windows\System\oqiXGUE.exe
  2⤵
  PID:2948
- C:\Windows\System\hyJNmNP.exe
  C:\Windows\System\hyJNmNP.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\AtLvYvt.exe
  C:\Windows\System\AtLvYvt.exe
  2⤵
  PID:836
- C:\Windows\System\qnaFRNV.exe
  C:\Windows\System\qnaFRNV.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\KwnbnHV.exe
  C:\Windows\System\KwnbnHV.exe
  2⤵
  PID:1628
- C:\Windows\System\pBqRktF.exe
  C:\Windows\System\pBqRktF.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\IssNlEz.exe
  C:\Windows\System\IssNlEz.exe
  2⤵
  PID:1108
- C:\Windows\System\TxSGizZ.exe
  C:\Windows\System\TxSGizZ.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\vZkMdti.exe
  C:\Windows\System\vZkMdti.exe
  2⤵
  PID:604
- C:\Windows\System\ZKXICQl.exe
  C:\Windows\System\ZKXICQl.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\qZQZhYt.exe
  C:\Windows\System\qZQZhYt.exe
  2⤵
  PID:2212
- C:\Windows\System\UdjwTIL.exe
  C:\Windows\System\UdjwTIL.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\mnllzLk.exe
  C:\Windows\System\mnllzLk.exe
  2⤵
  PID:1992
- C:\Windows\System\IiqvVts.exe
  C:\Windows\System\IiqvVts.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\onZEnjN.exe
  C:\Windows\System\onZEnjN.exe
  2⤵
  PID:840
- C:\Windows\System\aMYMgPT.exe
  C:\Windows\System\aMYMgPT.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\jUWrYwH.exe
  C:\Windows\System\jUWrYwH.exe
  2⤵
  PID:1652
- C:\Windows\System\PuFnPmV.exe
  C:\Windows\System\PuFnPmV.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\toGEsij.exe
  C:\Windows\System\toGEsij.exe
  2⤵
  PID:1932
- C:\Windows\System\JMTtPoK.exe
  C:\Windows\System\JMTtPoK.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\AZCQOWr.exe
  C:\Windows\System\AZCQOWr.exe
  2⤵
  PID:1772
- C:\Windows\System\cVmCyod.exe
  C:\Windows\System\cVmCyod.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\mbusEnK.exe
  C:\Windows\System\mbusEnK.exe
  2⤵
  PID:1804
- C:\Windows\System\FDtpsqO.exe
  C:\Windows\System\FDtpsqO.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\wirjgYK.exe
  C:\Windows\System\wirjgYK.exe
  2⤵
  PID:1268
- C:\Windows\System\cECnlOW.exe
  C:\Windows\System\cECnlOW.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\OEVpvLD.exe
  C:\Windows\System\OEVpvLD.exe
  2⤵
  PID:1504
- C:\Windows\System\RUQSUCn.exe
  C:\Windows\System\RUQSUCn.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\HRJLwnd.exe
  C:\Windows\System\HRJLwnd.exe
  2⤵
  PID:1592
- C:\Windows\System\JqdcVKG.exe
  C:\Windows\System\JqdcVKG.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\mmKwsVP.exe
  C:\Windows\System\mmKwsVP.exe
  2⤵
  PID:2360
- C:\Windows\System\XrFsGoD.exe
  C:\Windows\System\XrFsGoD.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\JBjCbgP.exe
  C:\Windows\System\JBjCbgP.exe
  2⤵
  PID:2480
- C:\Windows\System\ruUswrt.exe
  C:\Windows\System\ruUswrt.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\KHWPUhX.exe
  C:\Windows\System\KHWPUhX.exe
  2⤵
  PID:3060
- C:\Windows\System\OCDwCsX.exe
  C:\Windows\System\OCDwCsX.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\xzIWPmH.exe
  C:\Windows\System\xzIWPmH.exe
  2⤵
  PID:2720
- C:\Windows\System\TPeKkWi.exe
  C:\Windows\System\TPeKkWi.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\jKVNfgh.exe
  C:\Windows\System\jKVNfgh.exe
  2⤵
  PID:1836
- C:\Windows\System\DgPcnKN.exe
  C:\Windows\System\DgPcnKN.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\BglLJFA.exe
  C:\Windows\System\BglLJFA.exe
  2⤵
  PID:2928
- C:\Windows\System\BklpQVu.exe
  C:\Windows\System\BklpQVu.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\xiiwXMM.exe
  C:\Windows\System\xiiwXMM.exe
  2⤵
  PID:1012
- C:\Windows\System\XaQBtuj.exe
  C:\Windows\System\XaQBtuj.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\BnKrtku.exe
  C:\Windows\System\BnKrtku.exe
  2⤵
  PID:1632
- C:\Windows\System\iyCUPYz.exe
  C:\Windows\System\iyCUPYz.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\LDPrdsp.exe
  C:\Windows\System\LDPrdsp.exe
  2⤵
  PID:2004
- C:\Windows\System\reoTqYe.exe
  C:\Windows\System\reoTqYe.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\JbcFKvM.exe
  C:\Windows\System\JbcFKvM.exe
  2⤵
  PID:1700
- C:\Windows\System\zNPuGtL.exe
  C:\Windows\System\zNPuGtL.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\EjNYsMd.exe
  C:\Windows\System\EjNYsMd.exe
  2⤵
  PID:2520
- C:\Windows\System\jBedlge.exe
  C:\Windows\System\jBedlge.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\ifvEzXV.exe
  C:\Windows\System\ifvEzXV.exe
  2⤵
  PID:2548
- C:\Windows\System\CKKFCnX.exe
  C:\Windows\System\CKKFCnX.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\vIhoDFs.exe
  C:\Windows\System\vIhoDFs.exe
  2⤵
  PID:2324
- C:\Windows\System\QUqpyEz.exe
  C:\Windows\System\QUqpyEz.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\faEjcbG.exe
  C:\Windows\System\faEjcbG.exe
  2⤵
  PID:308
- C:\Windows\System\DZdUnol.exe
  C:\Windows\System\DZdUnol.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\jjRVnza.exe
  C:\Windows\System\jjRVnza.exe
  2⤵
  PID:3100
- C:\Windows\System\UHQuAUL.exe
  C:\Windows\System\UHQuAUL.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System\ddHxKjl.exe
  C:\Windows\System\ddHxKjl.exe
  2⤵
  PID:3132
- C:\Windows\System\vaRpLIC.exe
  C:\Windows\System\vaRpLIC.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\AkLdgOg.exe
  C:\Windows\System\AkLdgOg.exe
  2⤵
  PID:3164
- C:\Windows\System\WAETYra.exe
  C:\Windows\System\WAETYra.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\XulFhsq.exe
  C:\Windows\System\XulFhsq.exe
  2⤵
  PID:3196
- C:\Windows\System\uFmwVAw.exe
  C:\Windows\System\uFmwVAw.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\jkOBFkQ.exe
  C:\Windows\System\jkOBFkQ.exe
  2⤵
  PID:3228
- C:\Windows\System\YkWkYcA.exe
  C:\Windows\System\YkWkYcA.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\pNARhYa.exe
  C:\Windows\System\pNARhYa.exe
  2⤵
  PID:3260
- C:\Windows\System\Lkvzdvq.exe
  C:\Windows\System\Lkvzdvq.exe
  2⤵
  PID:3276
- C:\Windows\System\iSUxAps.exe
  C:\Windows\System\iSUxAps.exe
  2⤵
  PID:3296
- C:\Windows\System\XyjdmrR.exe
  C:\Windows\System\XyjdmrR.exe
  2⤵
  PID:3312
- C:\Windows\System\TRZGNqg.exe
  C:\Windows\System\TRZGNqg.exe
  2⤵
  PID:3328
- C:\Windows\System\FFmnKWh.exe
  C:\Windows\System\FFmnKWh.exe
  2⤵
  PID:3356
- C:\Windows\System\KrtOseM.exe
  C:\Windows\System\KrtOseM.exe
  2⤵
  PID:3372
- C:\Windows\System\DatNeam.exe
  C:\Windows\System\DatNeam.exe
  2⤵
  PID:3388
- C:\Windows\System\bSIoykP.exe
  C:\Windows\System\bSIoykP.exe
  2⤵
  PID:3404
- C:\Windows\System\mNPylya.exe
  C:\Windows\System\mNPylya.exe
  2⤵
  PID:3420
- C:\Windows\System\kYIDDSb.exe
  C:\Windows\System\kYIDDSb.exe
  2⤵
  PID:3436
- C:\Windows\System\rUwMQQN.exe
  C:\Windows\System\rUwMQQN.exe
  2⤵
  PID:3452
- C:\Windows\System\HKvsKbG.exe
  C:\Windows\System\HKvsKbG.exe
  2⤵
  PID:3468
- C:\Windows\System\hcxEFlc.exe
  C:\Windows\System\hcxEFlc.exe
  2⤵
  PID:3484
- C:\Windows\System\rQuIYwS.exe
  C:\Windows\System\rQuIYwS.exe
  2⤵
  PID:3520
- C:\Windows\System\NfzwWic.exe
  C:\Windows\System\NfzwWic.exe
  2⤵
  PID:3536
- C:\Windows\System\WUUSKiH.exe
  C:\Windows\System\WUUSKiH.exe
  2⤵
  PID:3552
- C:\Windows\System\cADOMfV.exe
  C:\Windows\System\cADOMfV.exe
  2⤵
  PID:3576
- C:\Windows\System\qpoejRJ.exe
  C:\Windows\System\qpoejRJ.exe
  2⤵
  PID:3620
- C:\Windows\System\EVPeQDu.exe
  C:\Windows\System\EVPeQDu.exe
  2⤵
  PID:3912
- C:\Windows\System\EuDkCDN.exe
  C:\Windows\System\EuDkCDN.exe
  2⤵
  PID:3936
- C:\Windows\System\yAVMyth.exe
  C:\Windows\System\yAVMyth.exe
  2⤵
  PID:3952
- C:\Windows\System\KcyBNzD.exe
  C:\Windows\System\KcyBNzD.exe
  2⤵
  PID:3972
- C:\Windows\System\hqRRyaE.exe
  C:\Windows\System\hqRRyaE.exe
  2⤵
  PID:3988
- C:\Windows\System\KhsNsbL.exe
  C:\Windows\System\KhsNsbL.exe
  2⤵
  PID:4004
- C:\Windows\System\SJsQIPl.exe
  C:\Windows\System\SJsQIPl.exe
  2⤵
  PID:4020
- C:\Windows\System\FESRBdN.exe
  C:\Windows\System\FESRBdN.exe
  2⤵
  PID:4040
- C:\Windows\System\xPyGdCv.exe
  C:\Windows\System\xPyGdCv.exe
  2⤵
  PID:4060
- C:\Windows\System\XDyhTfv.exe
  C:\Windows\System\XDyhTfv.exe
  2⤵
  PID:4076
- C:\Windows\System\VTecoks.exe
  C:\Windows\System\VTecoks.exe
  2⤵
  PID:4092
- C:\Windows\System\GBLvsyg.exe
  C:\Windows\System\GBLvsyg.exe
  2⤵
  PID:1276
- C:\Windows\System\RlxpPUR.exe
  C:\Windows\System\RlxpPUR.exe
  2⤵
  PID:1480
- C:\Windows\System\ZuHgSSe.exe
  C:\Windows\System\ZuHgSSe.exe
  2⤵
  PID:2888
- C:\Windows\System\sXzcWnX.exe
  C:\Windows\System\sXzcWnX.exe
  2⤵
  PID:2064
- C:\Windows\System\qVlGbBQ.exe
  C:\Windows\System\qVlGbBQ.exe
  2⤵
  PID:3128
- C:\Windows\System\qKkpaXa.exe
  C:\Windows\System\qKkpaXa.exe
  2⤵
  PID:3192
- C:\Windows\System\nTwUwTp.exe
  C:\Windows\System\nTwUwTp.exe
  2⤵
  PID:2192
- C:\Windows\System\HTjTQcO.exe
  C:\Windows\System\HTjTQcO.exe
  2⤵
  PID:3252
- C:\Windows\System\gRPSKUA.exe
  C:\Windows\System\gRPSKUA.exe
  2⤵
  PID:3292
- C:\Windows\System\GcKpsyX.exe
  C:\Windows\System\GcKpsyX.exe
  2⤵
  PID:3368
- C:\Windows\System\sbfRYXt.exe
  C:\Windows\System\sbfRYXt.exe
  2⤵
  PID:3432
- C:\Windows\System\FrqNmVt.exe
  C:\Windows\System\FrqNmVt.exe
  2⤵
  PID:3496
- C:\Windows\System\KpSEEFn.exe
  C:\Windows\System\KpSEEFn.exe
  2⤵
  PID:3592
- C:\Windows\System\Vsloite.exe
  C:\Windows\System\Vsloite.exe
  2⤵
  PID:3608
- C:\Windows\System\JbZKBYp.exe
  C:\Windows\System\JbZKBYp.exe
  2⤵
  PID:2964
- C:\Windows\System\SWYwWbx.exe
  C:\Windows\System\SWYwWbx.exe
  2⤵
  PID:3140
- C:\Windows\System\DebCjac.exe
  C:\Windows\System\DebCjac.exe
  2⤵
  PID:3204
- C:\Windows\System\AbQayCs.exe
  C:\Windows\System\AbQayCs.exe
  2⤵
  PID:3268
- C:\Windows\System\FNaGICQ.exe
  C:\Windows\System\FNaGICQ.exe
  2⤵
  PID:3336
- C:\Windows\System\JaLUhgA.exe
  C:\Windows\System\JaLUhgA.exe
  2⤵
  PID:3352
- C:\Windows\System\QsoqASp.exe
  C:\Windows\System\QsoqASp.exe
  2⤵
  PID:3444
- C:\Windows\System\NbzNybj.exe
  C:\Windows\System\NbzNybj.exe
  2⤵
  PID:2292
- C:\Windows\System\duGVdiv.exe
  C:\Windows\System\duGVdiv.exe
  2⤵
  PID:976
- C:\Windows\System\UNnUEYd.exe
  C:\Windows\System\UNnUEYd.exe
  2⤵
  PID:932
- C:\Windows\System\XoueehT.exe
  C:\Windows\System\XoueehT.exe
  2⤵
  PID:352
- C:\Windows\System\niBKHSR.exe
  C:\Windows\System\niBKHSR.exe
  2⤵
  PID:1884
- C:\Windows\System\fRJaNDv.exe
  C:\Windows\System\fRJaNDv.exe
  2⤵
  PID:2284
- C:\Windows\System\tBmzBmR.exe
  C:\Windows\System\tBmzBmR.exe
  2⤵
  PID:2088
- C:\Windows\System\hrqtnkO.exe
  C:\Windows\System\hrqtnkO.exe
  2⤵
  PID:1552
- C:\Windows\System\QGlWBks.exe
  C:\Windows\System\QGlWBks.exe
  2⤵
  PID:3568
- C:\Windows\System\RmrUVxW.exe
  C:\Windows\System\RmrUVxW.exe
  2⤵
  PID:1980
- C:\Windows\System\AMltmZu.exe
  C:\Windows\System\AMltmZu.exe
  2⤵
  PID:356
- C:\Windows\System\oqlOkNk.exe
  C:\Windows\System\oqlOkNk.exe
  2⤵
  PID:1484
- C:\Windows\System\xuWjYse.exe
  C:\Windows\System\xuWjYse.exe
  2⤵
  PID:300
- C:\Windows\System\hCDMhXz.exe
  C:\Windows\System\hCDMhXz.exe
  2⤵
  PID:2504
- C:\Windows\System\TRzdfTs.exe
  C:\Windows\System\TRzdfTs.exe
  2⤵
  PID:3752
- C:\Windows\System\acRbCUZ.exe
  C:\Windows\System\acRbCUZ.exe
  2⤵
  PID:3772
- C:\Windows\System\ZUqRAma.exe
  C:\Windows\System\ZUqRAma.exe
  2⤵
  PID:3792
- C:\Windows\System\jbyoSZA.exe
  C:\Windows\System\jbyoSZA.exe
  2⤵
  PID:3828
- C:\Windows\System\SdnkGeF.exe
  C:\Windows\System\SdnkGeF.exe
  2⤵
  PID:3848
- C:\Windows\System\BATbPcI.exe
  C:\Windows\System\BATbPcI.exe
  2⤵
  PID:3864
- C:\Windows\System\ayPJCkn.exe
  C:\Windows\System\ayPJCkn.exe
  2⤵
  PID:3884
- C:\Windows\System\hSwtnom.exe
  C:\Windows\System\hSwtnom.exe
  2⤵
  PID:3896
- C:\Windows\System\WGxgXzz.exe
  C:\Windows\System\WGxgXzz.exe
  2⤵
  PID:3924
- C:\Windows\System\JyeXZwe.exe
  C:\Windows\System\JyeXZwe.exe
  2⤵
  PID:4016
- C:\Windows\System\ppzWGbW.exe
  C:\Windows\System\ppzWGbW.exe
  2⤵
  PID:4032
- C:\Windows\System\qLlOuWk.exe
  C:\Windows\System\qLlOuWk.exe
  2⤵
  PID:1232
- C:\Windows\System\NMkyvvk.exe
  C:\Windows\System\NMkyvvk.exe
  2⤵
  PID:3288
- C:\Windows\System\YyvvViT.exe
  C:\Windows\System\YyvvViT.exe
  2⤵
  PID:3516
- C:\Windows\System\MJzfCtF.exe
  C:\Windows\System\MJzfCtF.exe
  2⤵
  PID:3588
- C:\Windows\System\VztdYYs.exe
  C:\Windows\System\VztdYYs.exe
  2⤵
  PID:3612
- C:\Windows\System\zZIdofL.exe
  C:\Windows\System\zZIdofL.exe
  2⤵
  PID:3308
- C:\Windows\System\XflBtJQ.exe
  C:\Windows\System\XflBtJQ.exe
  2⤵
  PID:1740
- C:\Windows\System\HIfJDPi.exe
  C:\Windows\System\HIfJDPi.exe
  2⤵
  PID:4048
- C:\Windows\System\ABiIxqK.exe
  C:\Windows\System\ABiIxqK.exe
  2⤵
  PID:2312
- C:\Windows\System\xVWDXfJ.exe
  C:\Windows\System\xVWDXfJ.exe
  2⤵
  PID:4084
- C:\Windows\System\qyOawDF.exe
  C:\Windows\System\qyOawDF.exe
  2⤵
  PID:2272
- C:\Windows\System\ZneUCnO.exe
  C:\Windows\System\ZneUCnO.exe
  2⤵
  PID:3604
- C:\Windows\System\OypomQh.exe
  C:\Windows\System\OypomQh.exe
  2⤵
  PID:3160
- C:\Windows\System\SmcsoCG.exe
  C:\Windows\System\SmcsoCG.exe
  2⤵
  PID:3476
- C:\Windows\System\ELYswFG.exe
  C:\Windows\System\ELYswFG.exe
  2⤵
  PID:1588
- C:\Windows\System\YgsKniD.exe
  C:\Windows\System\YgsKniD.exe
  2⤵
  PID:3560
- C:\Windows\System\ZjsXkOw.exe
  C:\Windows\System\ZjsXkOw.exe
  2⤵
  PID:860
- C:\Windows\System\EsGKotg.exe
  C:\Windows\System\EsGKotg.exe
  2⤵
  PID:2880
- C:\Windows\System\NODmajM.exe
  C:\Windows\System\NODmajM.exe
  2⤵
  PID:2132
- C:\Windows\System\YLzORgG.exe
  C:\Windows\System\YLzORgG.exe
  2⤵
  PID:3764
- C:\Windows\System\BBbdURd.exe
  C:\Windows\System\BBbdURd.exe
  2⤵
  PID:2044
- C:\Windows\System\YaDahhf.exe
  C:\Windows\System\YaDahhf.exe
  2⤵
  PID:2140
- C:\Windows\System\GqntHIj.exe
  C:\Windows\System\GqntHIj.exe
  2⤵
  PID:1304
- C:\Windows\System\eMeRcPH.exe
  C:\Windows\System\eMeRcPH.exe
  2⤵
  PID:3804
- C:\Windows\System\ksnQDZl.exe
  C:\Windows\System\ksnQDZl.exe
  2⤵
  PID:3824
- C:\Windows\System\ijaWrxX.exe
  C:\Windows\System\ijaWrxX.exe
  2⤵
  PID:3888
- C:\Windows\System\GTgPDFh.exe
  C:\Windows\System\GTgPDFh.exe
  2⤵
  PID:3780
- C:\Windows\System\LFVhhyG.exe
  C:\Windows\System\LFVhhyG.exe
  2⤵
  PID:4012
- C:\Windows\System\dPawxwA.exe
  C:\Windows\System\dPawxwA.exe
  2⤵
  PID:4072
- C:\Windows\System\TApNWKd.exe
  C:\Windows\System\TApNWKd.exe
  2⤵
  PID:3964
- C:\Windows\System\tribCci.exe
  C:\Windows\System\tribCci.exe
  2⤵
  PID:4028
- C:\Windows\System\jrxLSYy.exe
  C:\Windows\System\jrxLSYy.exe
  2⤵
  PID:3840
- C:\Windows\System\btzHFVw.exe
  C:\Windows\System\btzHFVw.exe
  2⤵
  PID:3504
- C:\Windows\System\mLIXpUe.exe
  C:\Windows\System\mLIXpUe.exe
  2⤵
  PID:3508
- C:\Windows\System\KoGXXIE.exe
  C:\Windows\System\KoGXXIE.exe
  2⤵
  PID:3616
- C:\Windows\System\xAKrxxv.exe
  C:\Windows\System\xAKrxxv.exe
  2⤵
  PID:3176
- C:\Windows\System\wjMeMvP.exe
  C:\Windows\System\wjMeMvP.exe
  2⤵
  PID:1360
- C:\Windows\System\wEsPROG.exe
  C:\Windows\System\wEsPROG.exe
  2⤵
  PID:2556
- C:\Windows\System\JEyqjhi.exe
  C:\Windows\System\JEyqjhi.exe
  2⤵
  PID:3544
- C:\Windows\System\zmSbpML.exe
  C:\Windows\System\zmSbpML.exe
  2⤵
  PID:3236
- C:\Windows\System\iIDfjub.exe
  C:\Windows\System\iIDfjub.exe
  2⤵
  PID:3004
- C:\Windows\System\SDbiPzc.exe
  C:\Windows\System\SDbiPzc.exe
  2⤵
  PID:4108
- C:\Windows\System\LYGGKIO.exe
  C:\Windows\System\LYGGKIO.exe
  2⤵
  PID:4128
- C:\Windows\System\OFCFvRt.exe
  C:\Windows\System\OFCFvRt.exe
  2⤵
  PID:4144
- C:\Windows\System\qKwLHyV.exe
  C:\Windows\System\qKwLHyV.exe
  2⤵
  PID:4160
- C:\Windows\System\DuMZPQZ.exe
  C:\Windows\System\DuMZPQZ.exe
  2⤵
  PID:4176
- C:\Windows\System\TWrOOcn.exe
  C:\Windows\System\TWrOOcn.exe
  2⤵
  PID:4192
- C:\Windows\System\clxKMsG.exe
  C:\Windows\System\clxKMsG.exe
  2⤵
  PID:4296
- C:\Windows\System\bvhuyXN.exe
  C:\Windows\System\bvhuyXN.exe
  2⤵
  PID:4312
- C:\Windows\System\EnurPMM.exe
  C:\Windows\System\EnurPMM.exe
  2⤵
  PID:4332
- C:\Windows\System\kirPcyH.exe
  C:\Windows\System\kirPcyH.exe
  2⤵
  PID:4348
- C:\Windows\System\eoOqsAG.exe
  C:\Windows\System\eoOqsAG.exe
  2⤵
  PID:4364
- C:\Windows\System\KoVupyI.exe
  C:\Windows\System\KoVupyI.exe
  2⤵
  PID:4380
- C:\Windows\System\etrzrrI.exe
  C:\Windows\System\etrzrrI.exe
  2⤵
  PID:4396
- C:\Windows\System\zrQXXDW.exe
  C:\Windows\System\zrQXXDW.exe
  2⤵
  PID:4412
- C:\Windows\System\biUsiHv.exe
  C:\Windows\System\biUsiHv.exe
  2⤵
  PID:4428
- C:\Windows\System\mDrisUX.exe
  C:\Windows\System\mDrisUX.exe
  2⤵
  PID:4444
- C:\Windows\System\ESqpAtq.exe
  C:\Windows\System\ESqpAtq.exe
  2⤵
  PID:4460
- C:\Windows\System\LHcAUTf.exe
  C:\Windows\System\LHcAUTf.exe
  2⤵
  PID:4476
- C:\Windows\System\XwqZXXv.exe
  C:\Windows\System\XwqZXXv.exe
  2⤵
  PID:4492
- C:\Windows\System\kSmHIrt.exe
  C:\Windows\System\kSmHIrt.exe
  2⤵
  PID:4512
- C:\Windows\System\mdyCCxe.exe
  C:\Windows\System\mdyCCxe.exe
  2⤵
  PID:4528
- C:\Windows\System\nFytngU.exe
  C:\Windows\System\nFytngU.exe
  2⤵
  PID:4548
- C:\Windows\System\UCguruk.exe
  C:\Windows\System\UCguruk.exe
  2⤵
  PID:4568
- C:\Windows\System\EPOPmCc.exe
  C:\Windows\System\EPOPmCc.exe
  2⤵
  PID:4584
- C:\Windows\System\aQNeMHw.exe
  C:\Windows\System\aQNeMHw.exe
  2⤵
  PID:4600
- C:\Windows\System\YXsebQG.exe
  C:\Windows\System\YXsebQG.exe
  2⤵
  PID:4672
- C:\Windows\System\ylfRfgr.exe
  C:\Windows\System\ylfRfgr.exe
  2⤵
  PID:4688
- C:\Windows\System\yXQBKpl.exe
  C:\Windows\System\yXQBKpl.exe
  2⤵
  PID:4708
- C:\Windows\System\NxSnlbT.exe
  C:\Windows\System\NxSnlbT.exe
  2⤵
  PID:4732
- C:\Windows\System\qOgmawH.exe
  C:\Windows\System\qOgmawH.exe
  2⤵
  PID:4748
- C:\Windows\System\kgdSOCG.exe
  C:\Windows\System\kgdSOCG.exe
  2⤵
  PID:4772
- C:\Windows\System\TKhIhOJ.exe
  C:\Windows\System\TKhIhOJ.exe
  2⤵
  PID:4792
- C:\Windows\System\ZnuUOnY.exe
  C:\Windows\System\ZnuUOnY.exe
  2⤵
  PID:4812
- C:\Windows\System\pfLRgMB.exe
  C:\Windows\System\pfLRgMB.exe
  2⤵
  PID:4828
- C:\Windows\System\jnYbWcM.exe
  C:\Windows\System\jnYbWcM.exe
  2⤵
  PID:4852
- C:\Windows\System\PnEMgVo.exe
  C:\Windows\System\PnEMgVo.exe
  2⤵
  PID:4872
- C:\Windows\System\VbzUBFB.exe
  C:\Windows\System\VbzUBFB.exe
  2⤵
  PID:4892
- C:\Windows\System\VzsgbPM.exe
  C:\Windows\System\VzsgbPM.exe
  2⤵
  PID:4912
- C:\Windows\System\UhkDAZG.exe
  C:\Windows\System\UhkDAZG.exe
  2⤵
  PID:4932
- C:\Windows\System\uCvRZCs.exe
  C:\Windows\System\uCvRZCs.exe
  2⤵
  PID:4948
- C:\Windows\System\Ympxavs.exe
  C:\Windows\System\Ympxavs.exe
  2⤵
  PID:4972
- C:\Windows\System\LOAJkZi.exe
  C:\Windows\System\LOAJkZi.exe
  2⤵
  PID:4992
- C:\Windows\System\qMRnZkd.exe
  C:\Windows\System\qMRnZkd.exe
  2⤵
  PID:5012
- C:\Windows\System\vuhLRec.exe
  C:\Windows\System\vuhLRec.exe
  2⤵
  PID:5036
- C:\Windows\System\vLjoZoI.exe
  C:\Windows\System\vLjoZoI.exe
  2⤵
  PID:5052
- C:\Windows\System\orstOhC.exe
  C:\Windows\System\orstOhC.exe
  2⤵
  PID:5068
- C:\Windows\System\IyvuaNg.exe
  C:\Windows\System\IyvuaNg.exe
  2⤵
  PID:5092
- C:\Windows\System\xkmDIRG.exe
  C:\Windows\System\xkmDIRG.exe
  2⤵
  PID:5112
- C:\Windows\System\TQQXhtX.exe
  C:\Windows\System\TQQXhtX.exe
  2⤵
  PID:1104
- C:\Windows\System\kgOEwyt.exe
  C:\Windows\System\kgOEwyt.exe
  2⤵
  PID:828
- C:\Windows\System\RJXBHci.exe
  C:\Windows\System\RJXBHci.exe
  2⤵
  PID:3748
- C:\Windows\System\jHopxlH.exe
  C:\Windows\System\jHopxlH.exe
  2⤵
  PID:3220
- C:\Windows\System\cbVIbsr.exe
  C:\Windows\System\cbVIbsr.exe
  2⤵
  PID:3080
- C:\Windows\System\eCxoYpt.exe
  C:\Windows\System\eCxoYpt.exe
  2⤵
  PID:3348
- C:\Windows\System\TaXjtZW.exe
  C:\Windows\System\TaXjtZW.exe
  2⤵
  PID:2012
- C:\Windows\System\RxMgegJ.exe
  C:\Windows\System\RxMgegJ.exe
  2⤵
  PID:916
- C:\Windows\System\cRGAjUc.exe
  C:\Windows\System\cRGAjUc.exe
  2⤵
  PID:4124
- C:\Windows\System\cUhUvvC.exe
  C:\Windows\System\cUhUvvC.exe
  2⤵
  PID:4188
- C:\Windows\System\kPcPNlh.exe
  C:\Windows\System\kPcPNlh.exe
  2⤵
  PID:2904
- C:\Windows\System\RJQnLMu.exe
  C:\Windows\System\RJQnLMu.exe
  2⤵
  PID:3900
- C:\Windows\System\aJJJDVT.exe
  C:\Windows\System\aJJJDVT.exe
  2⤵
  PID:912
- C:\Windows\System\kJigBLX.exe
  C:\Windows\System\kJigBLX.exe
  2⤵
  PID:3304
- C:\Windows\System\PaXCnQz.exe
  C:\Windows\System\PaXCnQz.exe
  2⤵
  PID:4136
- C:\Windows\System\exwhurR.exe
  C:\Windows\System\exwhurR.exe
  2⤵
  PID:3892
- C:\Windows\System\sdaVmpA.exe
  C:\Windows\System\sdaVmpA.exe
  2⤵
  PID:3800
- C:\Windows\System\xGLlqLf.exe
  C:\Windows\System\xGLlqLf.exe
  2⤵
  PID:4212
- C:\Windows\System\UyvPcsv.exe
  C:\Windows\System\UyvPcsv.exe
  2⤵
  PID:4228
- C:\Windows\System\mUyDYgA.exe
  C:\Windows\System\mUyDYgA.exe
  2⤵
  PID:4244
- C:\Windows\System\QRZaTIX.exe
  C:\Windows\System\QRZaTIX.exe
  2⤵
  PID:4268
- C:\Windows\System\ySvFEQh.exe
  C:\Windows\System\ySvFEQh.exe
  2⤵
  PID:4288
- C:\Windows\System\ZBCYLOk.exe
  C:\Windows\System\ZBCYLOk.exe
  2⤵
  PID:4308
- C:\Windows\System\rPQANtd.exe
  C:\Windows\System\rPQANtd.exe
  2⤵
  PID:4324
- C:\Windows\System\tgeIYGN.exe
  C:\Windows\System\tgeIYGN.exe
  2⤵
  PID:4456
- C:\Windows\System\oteoJMI.exe
  C:\Windows\System\oteoJMI.exe
  2⤵
  PID:4344
- C:\Windows\System\BoioOlk.exe
  C:\Windows\System\BoioOlk.exe
  2⤵
  PID:4408
- C:\Windows\System\wTENwOF.exe
  C:\Windows\System\wTENwOF.exe
  2⤵
  PID:4504
- C:\Windows\System\FgbAUvz.exe
  C:\Windows\System\FgbAUvz.exe
  2⤵
  PID:4544
- C:\Windows\System\tKCIHjf.exe
  C:\Windows\System\tKCIHjf.exe
  2⤵
  PID:4620
- C:\Windows\System\PZnHvHB.exe
  C:\Windows\System\PZnHvHB.exe
  2⤵
  PID:4632
- C:\Windows\System\wjgrTwL.exe
  C:\Windows\System\wjgrTwL.exe
  2⤵
  PID:4652
- C:\Windows\System\HvDBqCj.exe
  C:\Windows\System\HvDBqCj.exe
  2⤵
  PID:4560
- C:\Windows\System\opudmOg.exe
  C:\Windows\System\opudmOg.exe
  2⤵
  PID:4700
- C:\Windows\System\EMUsWPM.exe
  C:\Windows\System\EMUsWPM.exe
  2⤵
  PID:4788
- C:\Windows\System\sbfLMdh.exe
  C:\Windows\System\sbfLMdh.exe
  2⤵
  PID:4556
- C:\Windows\System\ZQYPCEH.exe
  C:\Windows\System\ZQYPCEH.exe
  2⤵
  PID:4864
- C:\Windows\System\HYoFsnD.exe
  C:\Windows\System\HYoFsnD.exe
  2⤵
  PID:4940
- C:\Windows\System\gkzbIaK.exe
  C:\Windows\System\gkzbIaK.exe
  2⤵
  PID:5020
- C:\Windows\System\xoErMGS.exe
  C:\Windows\System\xoErMGS.exe
  2⤵
  PID:5032
- C:\Windows\System\ooEgYGE.exe
  C:\Windows\System\ooEgYGE.exe
  2⤵
  PID:4760
- C:\Windows\System\gjdhLYM.exe
  C:\Windows\System\gjdhLYM.exe
  2⤵
  PID:4808
- C:\Windows\System\jQDkhYE.exe
  C:\Windows\System\jQDkhYE.exe
  2⤵
  PID:5060
- C:\Windows\System\vUJwqAm.exe
  C:\Windows\System\vUJwqAm.exe
  2⤵
  PID:5108
- C:\Windows\System\izPJXkd.exe
  C:\Windows\System\izPJXkd.exe
  2⤵
  PID:2568
- C:\Windows\System\tCZomdW.exe
  C:\Windows\System\tCZomdW.exe
  2⤵
  PID:3344
- C:\Windows\System\HspkMnu.exe
  C:\Windows\System\HspkMnu.exe
  2⤵
  PID:1612
- C:\Windows\System\IiQbLni.exe
  C:\Windows\System\IiQbLni.exe
  2⤵
  PID:4884
- C:\Windows\System\zxrSNOk.exe
  C:\Windows\System\zxrSNOk.exe
  2⤵
  PID:4960
- C:\Windows\System\DrLRNyQ.exe
  C:\Windows\System\DrLRNyQ.exe
  2⤵
  PID:5000
- C:\Windows\System\kZhZUaD.exe
  C:\Windows\System\kZhZUaD.exe
  2⤵
  PID:4056
- C:\Windows\System\WplbFsu.exe
  C:\Windows\System\WplbFsu.exe
  2⤵
  PID:4168
- C:\Windows\System\kKDIoxf.exe
  C:\Windows\System\kKDIoxf.exe
  2⤵
  PID:4204
- C:\Windows\System\DMXiQrG.exe
  C:\Windows\System\DMXiQrG.exe
  2⤵
  PID:4280
- C:\Windows\System\ezTdZGy.exe
  C:\Windows\System\ezTdZGy.exe
  2⤵
  PID:4388
- C:\Windows\System\SAJeIbp.exe
  C:\Windows\System\SAJeIbp.exe
  2⤵
  PID:5080
- C:\Windows\System\qVpqIFI.exe
  C:\Windows\System\qVpqIFI.exe
  2⤵
  PID:4524
- C:\Windows\System\gUlEIgW.exe
  C:\Windows\System\gUlEIgW.exe
  2⤵
  PID:3820
- C:\Windows\System\fonLxRH.exe
  C:\Windows\System\fonLxRH.exe
  2⤵
  PID:4472
- C:\Windows\System\ejqXqqL.exe
  C:\Windows\System\ejqXqqL.exe
  2⤵
  PID:4360
- C:\Windows\System\pfApCvM.exe
  C:\Windows\System\pfApCvM.exe
  2⤵
  PID:4648
- C:\Windows\System\rsSTDBN.exe
  C:\Windows\System\rsSTDBN.exe
  2⤵
  PID:3492
- C:\Windows\System\qOxkeHN.exe
  C:\Windows\System\qOxkeHN.exe
  2⤵
  PID:4624
- C:\Windows\System\YTmvaZG.exe
  C:\Windows\System\YTmvaZG.exe
  2⤵
  PID:4668
- C:\Windows\System\AyMFrTI.exe
  C:\Windows\System\AyMFrTI.exe
  2⤵
  PID:4740
- C:\Windows\System\NnQoPgX.exe
  C:\Windows\System\NnQoPgX.exe
  2⤵
  PID:4248
- C:\Windows\System\BnpspWd.exe
  C:\Windows\System\BnpspWd.exe
  2⤵
  PID:2864
- C:\Windows\System\VNQgVfH.exe
  C:\Windows\System\VNQgVfH.exe
  2⤵
  PID:4868
- C:\Windows\System\YcMoyHf.exe
  C:\Windows\System\YcMoyHf.exe
  2⤵
  PID:1736
- C:\Windows\System\cSWmIlY.exe
  C:\Windows\System\cSWmIlY.exe
  2⤵
  PID:5104
- C:\Windows\System\EyXCzle.exe
  C:\Windows\System\EyXCzle.exe
  2⤵
  PID:2316
- C:\Windows\System\ykKMMuM.exe
  C:\Windows\System\ykKMMuM.exe
  2⤵
  PID:4848
- C:\Windows\System\qEmyNuO.exe
  C:\Windows\System\qEmyNuO.exe
  2⤵
  PID:2144
- C:\Windows\System\lDQYFvD.exe
  C:\Windows\System\lDQYFvD.exe
  2⤵
  PID:1840
- C:\Windows\System\vxynZdg.exe
  C:\Windows\System\vxynZdg.exe
  2⤵
  PID:4000
- C:\Windows\System\AUXHGeN.exe
  C:\Windows\System\AUXHGeN.exe
  2⤵
  PID:3584
- C:\Windows\System\fNzHZgW.exe
  C:\Windows\System\fNzHZgW.exe
  2⤵
  PID:4340
- C:\Windows\System\IXsrXMc.exe
  C:\Windows\System\IXsrXMc.exe
  2⤵
  PID:4644
- C:\Windows\System\oSiYYfz.exe
  C:\Windows\System\oSiYYfz.exe
  2⤵
  PID:4640
- C:\Windows\System\ywCaiEV.exe
  C:\Windows\System\ywCaiEV.exe
  2⤵
  PID:4968
- C:\Windows\System\kgqGsxY.exe
  C:\Windows\System\kgqGsxY.exe
  2⤵
  PID:1820
- C:\Windows\System\TzgccTf.exe
  C:\Windows\System\TzgccTf.exe
  2⤵
  PID:4696
- C:\Windows\System\RihFGgz.exe
  C:\Windows\System\RihFGgz.exe
  2⤵
  PID:4908
- C:\Windows\System\vDfwNUC.exe
  C:\Windows\System\vDfwNUC.exe
  2⤵
  PID:3108
- C:\Windows\System\EMngIUI.exe
  C:\Windows\System\EMngIUI.exe
  2⤵
  PID:2772
- C:\Windows\System\qTBSKVX.exe
  C:\Windows\System\qTBSKVX.exe
  2⤵
  PID:4540
- C:\Windows\System\HJmzpLu.exe
  C:\Windows\System\HJmzpLu.exe
  2⤵
  PID:4664
- C:\Windows\System\aGPxgwU.exe
  C:\Windows\System\aGPxgwU.exe
  2⤵
  PID:1272
- C:\Windows\System\XxLRXfn.exe
  C:\Windows\System\XxLRXfn.exe
  2⤵
  PID:3240
- C:\Windows\System\zfJBMnf.exe
  C:\Windows\System\zfJBMnf.exe
  2⤵
  PID:4616
- C:\Windows\System\crGKtiE.exe
  C:\Windows\System\crGKtiE.exe
  2⤵
  PID:4608
- C:\Windows\System\suWtmKq.exe
  C:\Windows\System\suWtmKq.exe
  2⤵
  PID:4768
- C:\Windows\System\vNsZxBL.exe
  C:\Windows\System\vNsZxBL.exe
  2⤵
  PID:1508
- C:\Windows\System\EWtibHY.exe
  C:\Windows\System\EWtibHY.exe
  2⤵
  PID:4252
- C:\Windows\System\YBJBztK.exe
  C:\Windows\System\YBJBztK.exe
  2⤵
  PID:5136
- C:\Windows\System\lxKtwki.exe
  C:\Windows\System\lxKtwki.exe
  2⤵
  PID:5156
- C:\Windows\System\LhiiPiv.exe
  C:\Windows\System\LhiiPiv.exe
  2⤵
  PID:5176
- C:\Windows\System\xhgpxzD.exe
  C:\Windows\System\xhgpxzD.exe
  2⤵
  PID:5192
- C:\Windows\System\fETvFvY.exe
  C:\Windows\System\fETvFvY.exe
  2⤵
  PID:5208
- C:\Windows\System\mFmAYxk.exe
  C:\Windows\System\mFmAYxk.exe
  2⤵
  PID:5224
- C:\Windows\System\jUSZDPK.exe
  C:\Windows\System\jUSZDPK.exe
  2⤵
  PID:5244
- C:\Windows\System\nIseEMS.exe
  C:\Windows\System\nIseEMS.exe
  2⤵
  PID:5264
- C:\Windows\System\OusyXKQ.exe
  C:\Windows\System\OusyXKQ.exe
  2⤵
  PID:5284
- C:\Windows\System\qJyYnAi.exe
  C:\Windows\System\qJyYnAi.exe
  2⤵
  PID:5304
- C:\Windows\System\HFxzjfw.exe
  C:\Windows\System\HFxzjfw.exe
  2⤵
  PID:5324
- C:\Windows\System\CRazDMr.exe
  C:\Windows\System\CRazDMr.exe
  2⤵
  PID:5340
- C:\Windows\System\cVbFFJO.exe
  C:\Windows\System\cVbFFJO.exe
  2⤵
  PID:5360
- C:\Windows\System\yVkMeqc.exe
  C:\Windows\System\yVkMeqc.exe
  2⤵
  PID:5380
- C:\Windows\System\vEBfyZB.exe
  C:\Windows\System\vEBfyZB.exe
  2⤵
  PID:5396
- C:\Windows\System\VCAVBdR.exe
  C:\Windows\System\VCAVBdR.exe
  2⤵
  PID:5412
- C:\Windows\System\etPUIky.exe
  C:\Windows\System\etPUIky.exe
  2⤵
  PID:5432
- C:\Windows\System\pBcGqFp.exe
  C:\Windows\System\pBcGqFp.exe
  2⤵
  PID:5448
- C:\Windows\System\VMfBSDY.exe
  C:\Windows\System\VMfBSDY.exe
  2⤵
  PID:5464
- C:\Windows\System\odwgnkU.exe
  C:\Windows\System\odwgnkU.exe
  2⤵
  PID:5484
- C:\Windows\System\BCGXKEc.exe
  C:\Windows\System\BCGXKEc.exe
  2⤵
  PID:5500
- C:\Windows\System\FsgyBJg.exe
  C:\Windows\System\FsgyBJg.exe
  2⤵
  PID:5516
- C:\Windows\System\ObrrflT.exe
  C:\Windows\System\ObrrflT.exe
  2⤵
  PID:5584
- C:\Windows\System\JIAWZuk.exe
  C:\Windows\System\JIAWZuk.exe
  2⤵
  PID:5608
- C:\Windows\System\JSMeMHy.exe
  C:\Windows\System\JSMeMHy.exe
  2⤵
  PID:5628
- C:\Windows\System\BIwAkch.exe
  C:\Windows\System\BIwAkch.exe
  2⤵
  PID:5644
- C:\Windows\System\UAYJtpw.exe
  C:\Windows\System\UAYJtpw.exe
  2⤵
  PID:5664
- C:\Windows\System\stiKlXs.exe
  C:\Windows\System\stiKlXs.exe
  2⤵
  PID:5684
- C:\Windows\System\fSKmrva.exe
  C:\Windows\System\fSKmrva.exe
  2⤵
  PID:5700
- C:\Windows\System\CotQttu.exe
  C:\Windows\System\CotQttu.exe
  2⤵
  PID:5716
- C:\Windows\System\iKUaBid.exe
  C:\Windows\System\iKUaBid.exe
  2⤵
  PID:5740
- C:\Windows\System\SbTmAgU.exe
  C:\Windows\System\SbTmAgU.exe
  2⤵
  PID:5760
- C:\Windows\System\yeWdKWH.exe
  C:\Windows\System\yeWdKWH.exe
  2⤵
  PID:5780
- C:\Windows\System\DExJRdE.exe
  C:\Windows\System\DExJRdE.exe
  2⤵
  PID:5796
- C:\Windows\System\vMKZHZp.exe
  C:\Windows\System\vMKZHZp.exe
  2⤵
  PID:5812
- C:\Windows\System\pZycGSz.exe
  C:\Windows\System\pZycGSz.exe
  2⤵
  PID:5840
- C:\Windows\System\QTEPhwW.exe
  C:\Windows\System\QTEPhwW.exe
  2⤵
  PID:5856
- C:\Windows\System\RPRogxa.exe
  C:\Windows\System\RPRogxa.exe
  2⤵
  PID:5876
- C:\Windows\System\wEcfmbp.exe
  C:\Windows\System\wEcfmbp.exe
  2⤵
  PID:5892
- C:\Windows\System\zudmggn.exe
  C:\Windows\System\zudmggn.exe
  2⤵
  PID:5912
- C:\Windows\System\efCpQEm.exe
  C:\Windows\System\efCpQEm.exe
  2⤵
  PID:5936
- C:\Windows\System\KWUpvuZ.exe
  C:\Windows\System\KWUpvuZ.exe
  2⤵
  PID:5952
- C:\Windows\System\ywgyZPs.exe
  C:\Windows\System\ywgyZPs.exe
  2⤵
  PID:5972
- C:\Windows\System\dhjNcjV.exe
  C:\Windows\System\dhjNcjV.exe
  2⤵
  PID:5988
- C:\Windows\System\BykWDOq.exe
  C:\Windows\System\BykWDOq.exe
  2⤵
  PID:6012
- C:\Windows\System\fUjvXoZ.exe
  C:\Windows\System\fUjvXoZ.exe
  2⤵
  PID:6028
- C:\Windows\System\HrJRVcU.exe
  C:\Windows\System\HrJRVcU.exe
  2⤵
  PID:6048
- C:\Windows\System\heoYYoB.exe
  C:\Windows\System\heoYYoB.exe
  2⤵
  PID:6064
- C:\Windows\System\ZvXuAtE.exe
  C:\Windows\System\ZvXuAtE.exe
  2⤵
  PID:6096
- C:\Windows\System\QqLLTts.exe
  C:\Windows\System\QqLLTts.exe
  2⤵
  PID:6112
- C:\Windows\System\Jrpoyco.exe
  C:\Windows\System\Jrpoyco.exe
  2⤵
  PID:6136
- C:\Windows\System\bqNzbAU.exe
  C:\Windows\System\bqNzbAU.exe
  2⤵
  PID:3872
- C:\Windows\System\JMSfZtp.exe
  C:\Windows\System\JMSfZtp.exe
  2⤵
  PID:4276
- C:\Windows\System\VKRagPt.exe
  C:\Windows\System\VKRagPt.exe
  2⤵
  PID:2708
- C:\Windows\System\wEdxGAL.exe
  C:\Windows\System\wEdxGAL.exe
  2⤵
  PID:4240
- C:\Windows\System\IAUJeuh.exe
  C:\Windows\System\IAUJeuh.exe
  2⤵
  PID:4564
- C:\Windows\System\yyMViaA.exe
  C:\Windows\System\yyMViaA.exe
  2⤵
  PID:5024
- C:\Windows\System\NAOmdEc.exe
  C:\Windows\System\NAOmdEc.exe
  2⤵
  PID:2908
- C:\Windows\System\GerRJXC.exe
  C:\Windows\System\GerRJXC.exe
  2⤵
  PID:4844
- C:\Windows\System\kzANPfo.exe
  C:\Windows\System\kzANPfo.exe
  2⤵
  PID:4104
- C:\Windows\System\VkynJUr.exe
  C:\Windows\System\VkynJUr.exe
  2⤵
  PID:5184
- C:\Windows\System\MSaTLgD.exe
  C:\Windows\System\MSaTLgD.exe
  2⤵
  PID:5256
- C:\Windows\System\MBdOkba.exe
  C:\Windows\System\MBdOkba.exe
  2⤵
  PID:5300
- C:\Windows\System\BbfPNRe.exe
  C:\Windows\System\BbfPNRe.exe
  2⤵
  PID:5408
- C:\Windows\System\aZxMWWj.exe
  C:\Windows\System\aZxMWWj.exe
  2⤵
  PID:5476
- C:\Windows\System\KJnNNlf.exe
  C:\Windows\System\KJnNNlf.exe
  2⤵
  PID:5600
- C:\Windows\System\dvPVLsI.exe
  C:\Windows\System\dvPVLsI.exe
  2⤵
  PID:5676
- C:\Windows\System\wNOFGjo.exe
  C:\Windows\System\wNOFGjo.exe
  2⤵
  PID:5680
- C:\Windows\System\qqpKKkW.exe
  C:\Windows\System\qqpKKkW.exe
  2⤵
  PID:5712
- C:\Windows\System\gHODOfk.exe
  C:\Windows\System\gHODOfk.exe
  2⤵
  PID:5788
- C:\Windows\System\cIUFRef.exe
  C:\Windows\System\cIUFRef.exe
  2⤵
  PID:5832
- C:\Windows\System\xgGxvMN.exe
  C:\Windows\System\xgGxvMN.exe
  2⤵
  PID:5236
- C:\Windows\System\EBkHCgG.exe
  C:\Windows\System\EBkHCgG.exe
  2⤵
  PID:5280
- C:\Windows\System\hYMPXtt.exe
  C:\Windows\System\hYMPXtt.exe
  2⤵
  PID:5320
- C:\Windows\System\HvsApMA.exe
  C:\Windows\System\HvsApMA.exe
  2⤵
  PID:5900
- C:\Windows\System\gSzZNQB.exe
  C:\Windows\System\gSzZNQB.exe
  2⤵
  PID:5948
- C:\Windows\System\TpAbNyr.exe
  C:\Windows\System\TpAbNyr.exe
  2⤵
  PID:6060
- C:\Windows\System\qwSBpbZ.exe
  C:\Windows\System\qwSBpbZ.exe
  2⤵
  PID:5492
- C:\Windows\System\rQCpizz.exe
  C:\Windows\System\rQCpizz.exe
  2⤵
  PID:3932
- C:\Windows\System\TKNqHQc.exe
  C:\Windows\System\TKNqHQc.exe
  2⤵
  PID:5624
- C:\Windows\System\SePuAyn.exe
  C:\Windows\System\SePuAyn.exe
  2⤵
  PID:5656
- C:\Windows\System\xOPUCze.exe
  C:\Windows\System\xOPUCze.exe
  2⤵
  PID:5728
- C:\Windows\System\tQdKDcY.exe
  C:\Windows\System\tQdKDcY.exe
  2⤵
  PID:4780
- C:\Windows\System\gudbrfj.exe
  C:\Windows\System\gudbrfj.exe
  2⤵
  PID:4468
- C:\Windows\System\QqUBunX.exe
  C:\Windows\System\QqUBunX.exe
  2⤵
  PID:5480
- C:\Windows\System\aXZUUuH.exe
  C:\Windows\System\aXZUUuH.exe
  2⤵
  PID:5636
- C:\Windows\System\qjjtEGI.exe
  C:\Windows\System\qjjtEGI.exe
  2⤵
  PID:5808
- C:\Windows\System\VqiXBke.exe
  C:\Windows\System\VqiXBke.exe
  2⤵
  PID:5888
- C:\Windows\System\gtKYLxn.exe
  C:\Windows\System\gtKYLxn.exe
  2⤵
  PID:5964
- C:\Windows\System\HHDYuib.exe
  C:\Windows\System\HHDYuib.exe
  2⤵
  PID:5352
- C:\Windows\System\zclhoIY.exe
  C:\Windows\System\zclhoIY.exe
  2⤵
  PID:6008
- C:\Windows\System\rwgMHDU.exe
  C:\Windows\System\rwgMHDU.exe
  2⤵
  PID:5820
- C:\Windows\System\yisaxpv.exe
  C:\Windows\System\yisaxpv.exe
  2⤵
  PID:4292
- C:\Windows\System\XDOPkux.exe
  C:\Windows\System\XDOPkux.exe
  2⤵
  PID:5984
- C:\Windows\System\zfliImx.exe
  C:\Windows\System\zfliImx.exe
  2⤵
  PID:5660
- C:\Windows\System\vmSoQZo.exe
  C:\Windows\System\vmSoQZo.exe
  2⤵
  PID:5076
- C:\Windows\System\qudDQZA.exe
  C:\Windows\System\qudDQZA.exe
  2⤵
  PID:5532
- C:\Windows\System\VwpEpGn.exe
  C:\Windows\System\VwpEpGn.exe
  2⤵
  PID:5552
- C:\Windows\System\rnDvCAC.exe
  C:\Windows\System\rnDvCAC.exe
  2⤵
  PID:5568
- C:\Windows\System\AJwPrZm.exe
  C:\Windows\System\AJwPrZm.exe
  2⤵
  PID:5580
- C:\Windows\System\mDLVubJ.exe
  C:\Windows\System\mDLVubJ.exe
  2⤵
  PID:6036
- C:\Windows\System\SJpmSQG.exe
  C:\Windows\System\SJpmSQG.exe
  2⤵
  PID:6076
- C:\Windows\System\evoZPrl.exe
  C:\Windows\System\evoZPrl.exe
  2⤵
  PID:6124
- C:\Windows\System\wzLMuKO.exe
  C:\Windows\System\wzLMuKO.exe
  2⤵
  PID:4956
- C:\Windows\System\xJCbVuO.exe
  C:\Windows\System\xJCbVuO.exe
  2⤵
  PID:5368
- C:\Windows\System\drWQwmQ.exe
  C:\Windows\System\drWQwmQ.exe
  2⤵
  PID:5512
- C:\Windows\System\DoBAlmX.exe
  C:\Windows\System\DoBAlmX.exe
  2⤵
  PID:5164
- C:\Windows\System\gVeAtwa.exe
  C:\Windows\System\gVeAtwa.exe
  2⤵
  PID:5824
- C:\Windows\System\WmzeCwG.exe
  C:\Windows\System\WmzeCwG.exe
  2⤵
  PID:5884
- C:\Windows\System\jctCwYk.exe
  C:\Windows\System\jctCwYk.exe
  2⤵
  PID:5460
- C:\Windows\System\aIKeBUf.exe
  C:\Windows\System\aIKeBUf.exe
  2⤵
  PID:5524
- C:\Windows\System\LJLbLiC.exe
  C:\Windows\System\LJLbLiC.exe
  2⤵
  PID:6088
- C:\Windows\System\QdrbwpY.exe
  C:\Windows\System\QdrbwpY.exe
  2⤵
  PID:5388
- C:\Windows\System\ODJbZgk.exe
  C:\Windows\System\ODJbZgk.exe
  2⤵
  PID:2332
- C:\Windows\System\orOguOI.exe
  C:\Windows\System\orOguOI.exe
  2⤵
  PID:4440
- C:\Windows\System\fcSCHJI.exe
  C:\Windows\System\fcSCHJI.exe
  2⤵
  PID:6040
- C:\Windows\System\MxcEaGS.exe
  C:\Windows\System\MxcEaGS.exe
  2⤵
  PID:2808
- C:\Windows\System\gdRTPhj.exe
  C:\Windows\System\gdRTPhj.exe
  2⤵
  PID:4804
- C:\Windows\System\WIHZBxM.exe
  C:\Windows\System\WIHZBxM.exe
  2⤵
  PID:4264
- C:\Windows\System\qmqFmZj.exe
  C:\Windows\System\qmqFmZj.exe
  2⤵
  PID:1996
- C:\Windows\System\fTAXWUW.exe
  C:\Windows\System\fTAXWUW.exe
  2⤵
  PID:5596
- C:\Windows\System\jMdbfYL.exe
  C:\Windows\System\jMdbfYL.exe
  2⤵
  PID:5944
- C:\Windows\System\aBdWvVc.exe
  C:\Windows\System\aBdWvVc.exe
  2⤵
  PID:6104
- C:\Windows\System\VtUYfjf.exe
  C:\Windows\System\VtUYfjf.exe
  2⤵
  PID:5620
- C:\Windows\System\acjhzPv.exe
  C:\Windows\System\acjhzPv.exe
  2⤵
  PID:5752
- C:\Windows\System\yWQDXxl.exe
  C:\Windows\System\yWQDXxl.exe
  2⤵
  PID:5696
- C:\Windows\System\oUNaAln.exe
  C:\Windows\System\oUNaAln.exe
  2⤵
  PID:2860
- C:\Windows\System\aovlbpP.exe
  C:\Windows\System\aovlbpP.exe
  2⤵
  PID:5772
- C:\Windows\System\CumVUip.exe
  C:\Windows\System\CumVUip.exe
  2⤵
  PID:4928
- C:\Windows\System\pxlZoKC.exe
  C:\Windows\System\pxlZoKC.exe
  2⤵
  PID:316
- C:\Windows\System\jeyiKhZ.exe
  C:\Windows\System\jeyiKhZ.exe
  2⤵
  PID:3000
- C:\Windows\System\nqkoXhL.exe
  C:\Windows\System\nqkoXhL.exe
  2⤵
  PID:3680
- C:\Windows\System\sOoIXuG.exe
  C:\Windows\System\sOoIXuG.exe
  2⤵
  PID:2016
- C:\Windows\System\UiBgzQs.exe
  C:\Windows\System\UiBgzQs.exe
  2⤵
  PID:5996
- C:\Windows\System\MWKSBbu.exe
  C:\Windows\System\MWKSBbu.exe
  2⤵
  PID:2552
- C:\Windows\System\oxbZdjJ.exe
  C:\Windows\System\oxbZdjJ.exe
  2⤵
  PID:5560
- C:\Windows\System\YphRMVh.exe
  C:\Windows\System\YphRMVh.exe
  2⤵
  PID:2580
- C:\Windows\System\MCebMAZ.exe
  C:\Windows\System\MCebMAZ.exe
  2⤵
  PID:2128
- C:\Windows\System\NNeKCKw.exe
  C:\Windows\System\NNeKCKw.exe
  2⤵
  PID:3532
- C:\Windows\System\EhULYyJ.exe
  C:\Windows\System\EhULYyJ.exe
  2⤵
  PID:4236
- C:\Windows\System\ewUMzgq.exe
  C:\Windows\System\ewUMzgq.exe
  2⤵
  PID:2776
- C:\Windows\System\jeRoveS.exe
  C:\Windows\System\jeRoveS.exe
  2⤵
  PID:5312
- C:\Windows\System\hewGLSr.exe
  C:\Windows\System\hewGLSr.exe
  2⤵
  PID:5456
- C:\Windows\System\GcdqINA.exe
  C:\Windows\System\GcdqINA.exe
  2⤵
  PID:3768
- C:\Windows\System\MAGBnsA.exe
  C:\Windows\System\MAGBnsA.exe
  2⤵
  PID:3676
- C:\Windows\System\lyHHCtu.exe
  C:\Windows\System\lyHHCtu.exe
  2⤵
  PID:3692
- C:\Windows\System\uAUlDqA.exe
  C:\Windows\System\uAUlDqA.exe
  2⤵
  PID:3688
- C:\Windows\System\kmatkHM.exe
  C:\Windows\System\kmatkHM.exe
  2⤵
  PID:5316
- C:\Windows\System\LkSejbJ.exe
  C:\Windows\System\LkSejbJ.exe
  2⤵
  PID:6020
- C:\Windows\System\oXFnKFu.exe
  C:\Windows\System\oXFnKFu.exe
  2⤵
  PID:1248
- C:\Windows\System\WSzgZfM.exe
  C:\Windows\System\WSzgZfM.exe
  2⤵
  PID:1664
- C:\Windows\System\zErecdI.exe
  C:\Windows\System\zErecdI.exe
  2⤵
  PID:5216
- C:\Windows\System\txXvMrf.exe
  C:\Windows\System\txXvMrf.exe
  2⤵
  PID:2728
- C:\Windows\System\sYaVUZz.exe
  C:\Windows\System\sYaVUZz.exe
  2⤵
  PID:2076
- C:\Windows\System\EwjLfJJ.exe
  C:\Windows\System\EwjLfJJ.exe
  2⤵
  PID:5376
- C:\Windows\System\CKxiCjq.exe
  C:\Windows\System\CKxiCjq.exe
  2⤵
  PID:5804
- C:\Windows\System\VyfMJkj.exe
  C:\Windows\System\VyfMJkj.exe
  2⤵
  PID:3652
- C:\Windows\System\ppVTCSd.exe
  C:\Windows\System\ppVTCSd.exe
  2⤵
  PID:5544
- C:\Windows\System\GziqRDz.exe
  C:\Windows\System\GziqRDz.exe
  2⤵
  PID:5572
- C:\Windows\System\hxqSExD.exe
  C:\Windows\System\hxqSExD.exe
  2⤵
  PID:5556
- C:\Windows\System\MbiyGiK.exe
  C:\Windows\System\MbiyGiK.exe
  2⤵
  PID:2080
- C:\Windows\System\GDhuqEF.exe
  C:\Windows\System\GDhuqEF.exe
  2⤵
  PID:2672
- C:\Windows\System\oelSJXj.exe
  C:\Windows\System\oelSJXj.exe
  2⤵
  PID:5736
- C:\Windows\System\awKnlRK.exe
  C:\Windows\System\awKnlRK.exe
  2⤵
  PID:5272
- C:\Windows\System\wAlnBLS.exe
  C:\Windows\System\wAlnBLS.exe
  2⤵
  PID:5616
- C:\Windows\System\cUnRfru.exe
  C:\Windows\System\cUnRfru.exe
  2⤵
  PID:1748
- C:\Windows\System\whkPYPr.exe
  C:\Windows\System\whkPYPr.exe
  2⤵
  PID:6156
- C:\Windows\System\RQWbwed.exe
  C:\Windows\System\RQWbwed.exe
  2⤵
  PID:6172
- C:\Windows\System\dTJuoKW.exe
  C:\Windows\System\dTJuoKW.exe
  2⤵
  PID:6188
- C:\Windows\System\DGMLGHy.exe
  C:\Windows\System\DGMLGHy.exe
  2⤵
  PID:6204
- C:\Windows\System\tkLXYUp.exe
  C:\Windows\System\tkLXYUp.exe
  2⤵
  PID:6220
- C:\Windows\System\aLCQKJl.exe
  C:\Windows\System\aLCQKJl.exe
  2⤵
  PID:6288
- C:\Windows\System\mYpouWc.exe
  C:\Windows\System\mYpouWc.exe
  2⤵
  PID:6304
- C:\Windows\System\hlSinuk.exe
  C:\Windows\System\hlSinuk.exe
  2⤵
  PID:6324
- C:\Windows\System\YkcrrNI.exe
  C:\Windows\System\YkcrrNI.exe
  2⤵
  PID:6340
- C:\Windows\System\PQHruqI.exe
  C:\Windows\System\PQHruqI.exe
  2⤵
  PID:6356
- C:\Windows\System\ofAZDrZ.exe
  C:\Windows\System\ofAZDrZ.exe
  2⤵
  PID:6372
- C:\Windows\System\CynDFXn.exe
  C:\Windows\System\CynDFXn.exe
  2⤵
  PID:6388
- C:\Windows\System\nHdOxOY.exe
  C:\Windows\System\nHdOxOY.exe
  2⤵
  PID:6408
- C:\Windows\System\eNnEgHS.exe
  C:\Windows\System\eNnEgHS.exe
  2⤵
  PID:6424
- C:\Windows\System\CsWhDIU.exe
  C:\Windows\System\CsWhDIU.exe
  2⤵
  PID:6444
- C:\Windows\System\JykNNlq.exe
  C:\Windows\System\JykNNlq.exe
  2⤵
  PID:6460
- C:\Windows\System\TWdRdrb.exe
  C:\Windows\System\TWdRdrb.exe
  2⤵
  PID:6476
- C:\Windows\System\OpWOUXi.exe
  C:\Windows\System\OpWOUXi.exe
  2⤵
  PID:6532
- C:\Windows\System\MBuQtNp.exe
  C:\Windows\System\MBuQtNp.exe
  2⤵
  PID:6548
- C:\Windows\System\IvcvmZo.exe
  C:\Windows\System\IvcvmZo.exe
  2⤵
  PID:6564
- C:\Windows\System\DHNYLRG.exe
  C:\Windows\System\DHNYLRG.exe
  2⤵
  PID:6580
- C:\Windows\System\NXHodLt.exe
  C:\Windows\System\NXHodLt.exe
  2⤵
  PID:6600
- C:\Windows\System\CzHRdeK.exe
  C:\Windows\System\CzHRdeK.exe
  2⤵
  PID:6616
- C:\Windows\System\BggYHIS.exe
  C:\Windows\System\BggYHIS.exe
  2⤵
  PID:6632
- C:\Windows\System\HBOqlQW.exe
  C:\Windows\System\HBOqlQW.exe
  2⤵
  PID:6648
- C:\Windows\System\lKZwnBx.exe
  C:\Windows\System\lKZwnBx.exe
  2⤵
  PID:6668
- C:\Windows\System\qXzPSAj.exe
  C:\Windows\System\qXzPSAj.exe
  2⤵
  PID:6688
- C:\Windows\System\QHzlEEr.exe
  C:\Windows\System\QHzlEEr.exe
  2⤵
  PID:6712
- C:\Windows\System\rGMschv.exe
  C:\Windows\System\rGMschv.exe
  2⤵
  PID:6732
- C:\Windows\System\wvKLOvt.exe
  C:\Windows\System\wvKLOvt.exe
  2⤵
  PID:6748
- C:\Windows\System\NBzuKUY.exe
  C:\Windows\System\NBzuKUY.exe
  2⤵
  PID:6764
- C:\Windows\System\IRyOMQo.exe
  C:\Windows\System\IRyOMQo.exe
  2⤵
  PID:6808
- C:\Windows\System\jXcKBAY.exe
  C:\Windows\System\jXcKBAY.exe
  2⤵
  PID:6824
- C:\Windows\System\gPlLPFs.exe
  C:\Windows\System\gPlLPFs.exe
  2⤵
  PID:6840
- C:\Windows\System\MVZtxEb.exe
  C:\Windows\System\MVZtxEb.exe
  2⤵
  PID:6860
- C:\Windows\System\NrkCyLQ.exe
  C:\Windows\System\NrkCyLQ.exe
  2⤵
  PID:6880
- C:\Windows\System\jcpiKEx.exe
  C:\Windows\System\jcpiKEx.exe
  2⤵
  PID:6900
- C:\Windows\System\wHysIAj.exe
  C:\Windows\System\wHysIAj.exe
  2⤵
  PID:6916
- C:\Windows\System\YxZIJmL.exe
  C:\Windows\System\YxZIJmL.exe
  2⤵
  PID:6936
- C:\Windows\System\FGbRcwM.exe
  C:\Windows\System\FGbRcwM.exe
  2⤵
  PID:6952
- C:\Windows\System\TDCWVNa.exe
  C:\Windows\System\TDCWVNa.exe
  2⤵
  PID:6972
- C:\Windows\System\SqeHFpz.exe
  C:\Windows\System\SqeHFpz.exe
  2⤵
  PID:6988
- C:\Windows\System\OXKyGPs.exe
  C:\Windows\System\OXKyGPs.exe
  2⤵
  PID:7008
- C:\Windows\System\flvMJpb.exe
  C:\Windows\System\flvMJpb.exe
  2⤵
  PID:7024
- C:\Windows\System\cpLyiwg.exe
  C:\Windows\System\cpLyiwg.exe
  2⤵
  PID:7040
- C:\Windows\System\ekXHxHL.exe
  C:\Windows\System\ekXHxHL.exe
  2⤵
  PID:7060
- C:\Windows\System\ZhwnRbV.exe
  C:\Windows\System\ZhwnRbV.exe
  2⤵
  PID:7088
- C:\Windows\System\nsqQzmV.exe
  C:\Windows\System\nsqQzmV.exe
  2⤵
  PID:7104
- C:\Windows\System\pYbyMhG.exe
  C:\Windows\System\pYbyMhG.exe
  2⤵
  PID:7124
- C:\Windows\System\FjyiOEz.exe
  C:\Windows\System\FjyiOEz.exe
  2⤵
  PID:7140
- C:\Windows\System\PtTJBDn.exe
  C:\Windows\System\PtTJBDn.exe
  2⤵
  PID:7156
- C:\Windows\System\FUtpzIl.exe
  C:\Windows\System\FUtpzIl.exe
  2⤵
  PID:3684
- C:\Windows\System\qGQOSZt.exe
  C:\Windows\System\qGQOSZt.exe
  2⤵
  PID:6056
- C:\Windows\System\HfuHqMT.exe
  C:\Windows\System\HfuHqMT.exe
  2⤵
  PID:6168
- C:\Windows\System\ioVbOcE.exe
  C:\Windows\System\ioVbOcE.exe
  2⤵
  PID:6228
- C:\Windows\System\xZeaLZh.exe
  C:\Windows\System\xZeaLZh.exe
  2⤵
  PID:6240
- C:\Windows\System\xCPxidH.exe
  C:\Windows\System\xCPxidH.exe
  2⤵
  PID:6276
- C:\Windows\System\kptXygj.exe
  C:\Windows\System\kptXygj.exe
  2⤵
  PID:6280
- C:\Windows\System\jBlfDFL.exe
  C:\Windows\System\jBlfDFL.exe
  2⤵
  PID:6300
- C:\Windows\System\eIdMNvC.exe
  C:\Windows\System\eIdMNvC.exe
  2⤵
  PID:6404
- C:\Windows\System\CGevHcM.exe
  C:\Windows\System\CGevHcM.exe
  2⤵
  PID:6380
- C:\Windows\System\vGUZwmM.exe
  C:\Windows\System\vGUZwmM.exe
  2⤵
  PID:6416
- C:\Windows\System\ZpQFIIp.exe
  C:\Windows\System\ZpQFIIp.exe
  2⤵
  PID:6484
- C:\Windows\System\HgjrrAa.exe
  C:\Windows\System\HgjrrAa.exe
  2⤵
  PID:6456
- C:\Windows\System\RFxhgVo.exe
  C:\Windows\System\RFxhgVo.exe
  2⤵
  PID:6656
- C:\Windows\System\kiIglAh.exe
  C:\Windows\System\kiIglAh.exe
  2⤵
  PID:6700
- C:\Windows\System\WJJGXsL.exe
  C:\Windows\System\WJJGXsL.exe
  2⤵
  PID:6772
- C:\Windows\System\EgWigIi.exe
  C:\Windows\System\EgWigIi.exe
  2⤵
  PID:6540
- C:\Windows\System\QeQwmBo.exe
  C:\Windows\System\QeQwmBo.exe
  2⤵
  PID:6612
- C:\Windows\System\LpxHEAm.exe
  C:\Windows\System\LpxHEAm.exe
  2⤵
  PID:6684
- C:\Windows\System\ecQfPVo.exe
  C:\Windows\System\ecQfPVo.exe
  2⤵
  PID:6760
- C:\Windows\System\bDoHScP.exe
  C:\Windows\System\bDoHScP.exe
  2⤵
  PID:6804
- C:\Windows\System\OOicCns.exe
  C:\Windows\System\OOicCns.exe
  2⤵
  PID:6780
- C:\Windows\System\HRqNcqe.exe
  C:\Windows\System\HRqNcqe.exe
  2⤵
  PID:6872
- C:\Windows\System\aqwoUcy.exe
  C:\Windows\System\aqwoUcy.exe
  2⤵
  PID:6948
- C:\Windows\System\iwRTRCf.exe
  C:\Windows\System\iwRTRCf.exe
  2⤵
  PID:7052
- C:\Windows\System\HACBksg.exe
  C:\Windows\System\HACBksg.exe
  2⤵
  PID:7132
- C:\Windows\System\UNQiHyK.exe
  C:\Windows\System\UNQiHyK.exe
  2⤵
  PID:2204
- C:\Windows\System\svUGSbl.exe
  C:\Windows\System\svUGSbl.exe
  2⤵
  PID:6216
- C:\Windows\System\OnNIKwJ.exe
  C:\Windows\System\OnNIKwJ.exe
  2⤵
  PID:6396
- C:\Windows\System\MvoViac.exe
  C:\Windows\System\MvoViac.exe
  2⤵
  PID:6384
- C:\Windows\System\rYoxiTY.exe
  C:\Windows\System\rYoxiTY.exe
  2⤵
  PID:6492
- C:\Windows\System\HYyeEsT.exe
  C:\Windows\System\HYyeEsT.exe
  2⤵
  PID:6820
- C:\Windows\System\QoLrCCw.exe
  C:\Windows\System\QoLrCCw.exe
  2⤵
  PID:6892
- C:\Windows\System\xTvdDpF.exe
  C:\Windows\System\xTvdDpF.exe
  2⤵
  PID:684
- C:\Windows\System\gTbHIBw.exe
  C:\Windows\System\gTbHIBw.exe
  2⤵
  PID:6964
- C:\Windows\System\pAwehaf.exe
  C:\Windows\System\pAwehaf.exe
  2⤵
  PID:7004
- C:\Windows\System\NpOTZOM.exe
  C:\Windows\System\NpOTZOM.exe
  2⤵
  PID:7076
- C:\Windows\System\BRDVDkr.exe
  C:\Windows\System\BRDVDkr.exe
  2⤵
  PID:7116
- C:\Windows\System\MoxhDTK.exe
  C:\Windows\System\MoxhDTK.exe
  2⤵
  PID:3020
- C:\Windows\System\bdxDCZE.exe
  C:\Windows\System\bdxDCZE.exe
  2⤵
  PID:6184
- C:\Windows\System\lDpJNLi.exe
  C:\Windows\System\lDpJNLi.exe
  2⤵
  PID:6272
- C:\Windows\System\DGfjmwo.exe
  C:\Windows\System\DGfjmwo.exe
  2⤵
  PID:6440
- C:\Windows\System\dWUeFdE.exe
  C:\Windows\System\dWUeFdE.exe
  2⤵
  PID:6624
- C:\Windows\System\qzOkGXM.exe
  C:\Windows\System\qzOkGXM.exe
  2⤵
  PID:6696
- C:\Windows\System\qxmujPc.exe
  C:\Windows\System\qxmujPc.exe
  2⤵
  PID:6680
- C:\Windows\System\lSudTKc.exe
  C:\Windows\System\lSudTKc.exe
  2⤵
  PID:6832
- C:\Windows\System\BdGXLNf.exe
  C:\Windows\System\BdGXLNf.exe
  2⤵
  PID:6660
- C:\Windows\System\GmyKdqu.exe
  C:\Windows\System\GmyKdqu.exe
  2⤵
  PID:6724
- C:\Windows\System\aiWhlik.exe
  C:\Windows\System\aiWhlik.exe
  2⤵
  PID:6576
- C:\Windows\System\vozAukR.exe
  C:\Windows\System\vozAukR.exe
  2⤵
  PID:6796
- C:\Windows\System\HYjtpaj.exe
  C:\Windows\System\HYjtpaj.exe
  2⤵
  PID:7096
- C:\Windows\System\IRqIRNL.exe
  C:\Windows\System\IRqIRNL.exe
  2⤵
  PID:2612
- C:\Windows\System\IFywkpe.exe
  C:\Windows\System\IFywkpe.exe
  2⤵
  PID:6148
- C:\Windows\System\gWwvphm.exe
  C:\Windows\System\gWwvphm.exe
  2⤵
  PID:6268
- C:\Windows\System\TkedZoL.exe
  C:\Windows\System\TkedZoL.exe
  2⤵
  PID:2724
- C:\Windows\System\CmhkbqB.exe
  C:\Windows\System\CmhkbqB.exe
  2⤵
  PID:2368
- C:\Windows\System\UqHWwML.exe
  C:\Windows\System\UqHWwML.exe
  2⤵
  PID:2884
- C:\Windows\System\LejccYQ.exe
  C:\Windows\System\LejccYQ.exe
  2⤵
  PID:6932
- C:\Windows\System\sMBUwgg.exe
  C:\Windows\System\sMBUwgg.exe
  2⤵
  PID:7072
- C:\Windows\System\idqvdwO.exe
  C:\Windows\System\idqvdwO.exe
  2⤵
  PID:6296
- C:\Windows\System\PVOGgCI.exe
  C:\Windows\System\PVOGgCI.exe
  2⤵
  PID:6472
- C:\Windows\System\LYLPQgu.exe
  C:\Windows\System\LYLPQgu.exe
  2⤵
  PID:7084
- C:\Windows\System\gTjEXVR.exe
  C:\Windows\System\gTjEXVR.exe
  2⤵
  PID:6352
- C:\Windows\System\eWIXBdQ.exe
  C:\Windows\System\eWIXBdQ.exe
  2⤵
  PID:6592
- C:\Windows\System\kLxgMMV.exe
  C:\Windows\System\kLxgMMV.exe
  2⤵
  PID:2652
- C:\Windows\System\hPIfjQi.exe
  C:\Windows\System\hPIfjQi.exe
  2⤵
  PID:6908
- C:\Windows\System\MCYrbKt.exe
  C:\Windows\System\MCYrbKt.exe
  2⤵
  PID:6400
- C:\Windows\System\vAExkcw.exe
  C:\Windows\System\vAExkcw.exe
  2⤵
  PID:6944
- C:\Windows\System\NJtdLiQ.exe
  C:\Windows\System\NJtdLiQ.exe
  2⤵
  PID:3032
- C:\Windows\System\rbAFtnl.exe
  C:\Windows\System\rbAFtnl.exe
  2⤵
  PID:6504
- C:\Windows\System\AOzZzZv.exe
  C:\Windows\System\AOzZzZv.exe
  2⤵
  PID:7184
- C:\Windows\System\XUyWbnl.exe
  C:\Windows\System\XUyWbnl.exe
  2⤵
  PID:7200
- C:\Windows\System\NIRRseA.exe
  C:\Windows\System\NIRRseA.exe
  2⤵
  PID:7216
- C:\Windows\System\qbMJwcC.exe
  C:\Windows\System\qbMJwcC.exe
  2⤵
  PID:7232
- C:\Windows\System\fqGMsiJ.exe
  C:\Windows\System\fqGMsiJ.exe
  2⤵
  PID:7248
- C:\Windows\System\YoHGdJa.exe
  C:\Windows\System\YoHGdJa.exe
  2⤵
  PID:7272
- C:\Windows\System\YFaxuUm.exe
  C:\Windows\System\YFaxuUm.exe
  2⤵
  PID:7292
- C:\Windows\System\xTZXMPj.exe
  C:\Windows\System\xTZXMPj.exe
  2⤵
  PID:7308
- C:\Windows\System\vwLjpag.exe
  C:\Windows\System\vwLjpag.exe
  2⤵
  PID:7328
- C:\Windows\System\tIcRBiY.exe
  C:\Windows\System\tIcRBiY.exe
  2⤵
  PID:7352
- C:\Windows\System\gAohkqH.exe
  C:\Windows\System\gAohkqH.exe
  2⤵
  PID:7472
- C:\Windows\System\sMOmLAG.exe
  C:\Windows\System\sMOmLAG.exe
  2⤵
  PID:7488
- C:\Windows\System\IxNdgWB.exe
  C:\Windows\System\IxNdgWB.exe
  2⤵
  PID:7504
- C:\Windows\System\ILHRaIP.exe
  C:\Windows\System\ILHRaIP.exe
  2⤵
  PID:7520
- C:\Windows\System\nJZmwkH.exe
  C:\Windows\System\nJZmwkH.exe
  2⤵
  PID:7540
- C:\Windows\System\CPkUiFe.exe
  C:\Windows\System\CPkUiFe.exe
  2⤵
  PID:7556
- C:\Windows\System\gOOIGMg.exe
  C:\Windows\System\gOOIGMg.exe
  2⤵
  PID:7572
- C:\Windows\System\EaWFtoH.exe
  C:\Windows\System\EaWFtoH.exe
  2⤵
  PID:7588
- C:\Windows\System\JsfGHrK.exe
  C:\Windows\System\JsfGHrK.exe
  2⤵
  PID:7608
- C:\Windows\System\NWByGqI.exe
  C:\Windows\System\NWByGqI.exe
  2⤵
  PID:7632
- C:\Windows\System\pPZbaVE.exe
  C:\Windows\System\pPZbaVE.exe
  2⤵
  PID:7648
- C:\Windows\System\wbyGSic.exe
  C:\Windows\System\wbyGSic.exe
  2⤵
  PID:7672
- C:\Windows\System\doDhaRg.exe
  C:\Windows\System\doDhaRg.exe
  2⤵
  PID:7692
- C:\Windows\System\wKaEtZP.exe
  C:\Windows\System\wKaEtZP.exe
  2⤵
  PID:7712
- C:\Windows\System\lbYibSX.exe
  C:\Windows\System\lbYibSX.exe
  2⤵
  PID:7728
- C:\Windows\System\OQIFVeW.exe
  C:\Windows\System\OQIFVeW.exe
  2⤵
  PID:7748
- C:\Windows\System\TQGqTIB.exe
  C:\Windows\System\TQGqTIB.exe
  2⤵
  PID:7768
- C:\Windows\System\RDvyuDA.exe
  C:\Windows\System\RDvyuDA.exe
  2⤵
  PID:7784
- C:\Windows\System\PJGJcry.exe
  C:\Windows\System\PJGJcry.exe
  2⤵
  PID:7808
- C:\Windows\System\XENlxyt.exe
  C:\Windows\System\XENlxyt.exe
  2⤵
  PID:7844
- C:\Windows\System\CweMfCy.exe
  C:\Windows\System\CweMfCy.exe
  2⤵
  PID:7868
- C:\Windows\System\CvokXRW.exe
  C:\Windows\System\CvokXRW.exe
  2⤵
  PID:7884
- C:\Windows\System\lDPcSHo.exe
  C:\Windows\System\lDPcSHo.exe
  2⤵
  PID:7904
- C:\Windows\System\uQhJmUy.exe
  C:\Windows\System\uQhJmUy.exe
  2⤵
  PID:7920
- C:\Windows\System\iWDEfPD.exe
  C:\Windows\System\iWDEfPD.exe
  2⤵
  PID:7960
- C:\Windows\System\RbZlutp.exe
  C:\Windows\System\RbZlutp.exe
  2⤵
  PID:7976
- C:\Windows\System\xQKguVG.exe
  C:\Windows\System\xQKguVG.exe
  2⤵
  PID:7992
- C:\Windows\System\xsFRPqz.exe
  C:\Windows\System\xsFRPqz.exe
  2⤵
  PID:8012
- C:\Windows\System\tGzAiwY.exe
  C:\Windows\System\tGzAiwY.exe
  2⤵
  PID:8028
- C:\Windows\System\HYNVygR.exe
  C:\Windows\System\HYNVygR.exe
  2⤵
  PID:8044
- C:\Windows\System\HQZsDbr.exe
  C:\Windows\System\HQZsDbr.exe
  2⤵
  PID:8060
- C:\Windows\System\tMORRrA.exe
  C:\Windows\System\tMORRrA.exe
  2⤵
  PID:8076
- C:\Windows\System\SLQztyX.exe
  C:\Windows\System\SLQztyX.exe
  2⤵
  PID:8092
- C:\Windows\System\jwavcaS.exe
  C:\Windows\System\jwavcaS.exe
  2⤵
  PID:8108
- C:\Windows\System\ZTdxDtZ.exe
  C:\Windows\System\ZTdxDtZ.exe
  2⤵
  PID:8124
- C:\Windows\System\wvDAWRM.exe
  C:\Windows\System\wvDAWRM.exe
  2⤵
  PID:8140
- C:\Windows\System\ESUQkkI.exe
  C:\Windows\System\ESUQkkI.exe
  2⤵
  PID:8156
- C:\Windows\System\EYSrGOR.exe
  C:\Windows\System\EYSrGOR.exe
  2⤵
  PID:8172
- C:\Windows\System\ZUrevFn.exe
  C:\Windows\System\ZUrevFn.exe
  2⤵
  PID:6868
- C:\Windows\System\TKKovbO.exe
  C:\Windows\System\TKKovbO.exe
  2⤵
  PID:2900
- C:\Windows\System\hiDTwJZ.exe
  C:\Windows\System\hiDTwJZ.exe
  2⤵
  PID:7020
- C:\Windows\System\bIdwFTZ.exe
  C:\Windows\System\bIdwFTZ.exe
  2⤵
  PID:3028
- C:\Windows\System\sASFkVD.exe
  C:\Windows\System\sASFkVD.exe
  2⤵
  PID:2624
- C:\Windows\System\iDsDBWO.exe
  C:\Windows\System\iDsDBWO.exe
  2⤵
  PID:6512
- C:\Windows\System\MncKPVb.exe
  C:\Windows\System\MncKPVb.exe
  2⤵
  PID:7136
- C:\Windows\System\NKAIxox.exe
  C:\Windows\System\NKAIxox.exe
  2⤵
  PID:6856
- C:\Windows\System\tLLUwCw.exe
  C:\Windows\System\tLLUwCw.exe
  2⤵
  PID:2516
- C:\Windows\System\XgrAAbF.exe
  C:\Windows\System\XgrAAbF.exe
  2⤵
  PID:5172
- C:\Windows\System\XwIUOYP.exe
  C:\Windows\System\XwIUOYP.exe
  2⤵
  PID:6888
- C:\Windows\System\VixSrta.exe
  C:\Windows\System\VixSrta.exe
  2⤵
  PID:7196
- C:\Windows\System\osysxgK.exe
  C:\Windows\System\osysxgK.exe
  2⤵
  PID:7300
- C:\Windows\System\zvDDAZG.exe
  C:\Windows\System\zvDDAZG.exe
  2⤵
  PID:7240
- C:\Windows\System\fyOPaWM.exe
  C:\Windows\System\fyOPaWM.exe
  2⤵
  PID:7464
- C:\Windows\System\YutAFCB.exe
  C:\Windows\System\YutAFCB.exe
  2⤵
  PID:7404
- C:\Windows\System\aHyEoJv.exe
  C:\Windows\System\aHyEoJv.exe
  2⤵
  PID:7424
- C:\Windows\System\YztXXoz.exe
  C:\Windows\System\YztXXoz.exe
  2⤵
  PID:7440
- C:\Windows\System\UaBeRCY.exe
  C:\Windows\System\UaBeRCY.exe
  2⤵
  PID:7568
- C:\Windows\System\mgxJkyf.exe
  C:\Windows\System\mgxJkyf.exe
  2⤵
  PID:7640
- C:\Windows\System\rxhOGsg.exe
  C:\Windows\System\rxhOGsg.exe
  2⤵
  PID:7480
- C:\Windows\System\PuqHqOO.exe
  C:\Windows\System\PuqHqOO.exe
  2⤵
  PID:7548
- C:\Windows\System\dyKewWG.exe
  C:\Windows\System\dyKewWG.exe
  2⤵
  PID:7756
- C:\Windows\System\INxERtU.exe
  C:\Windows\System\INxERtU.exe
  2⤵
  PID:2648
- C:\Windows\System\UYBTwyY.exe
  C:\Windows\System\UYBTwyY.exe
  2⤵
  PID:7624
- C:\Windows\System\QQhkyNE.exe
  C:\Windows\System\QQhkyNE.exe
  2⤵
  PID:7664
- C:\Windows\System\obfvRMb.exe
  C:\Windows\System\obfvRMb.exe
  2⤵
  PID:7740
- C:\Windows\System\NOnOHeV.exe
  C:\Windows\System\NOnOHeV.exe
  2⤵
  PID:7864
- C:\Windows\System\UDIYxeC.exe
  C:\Windows\System\UDIYxeC.exe
  2⤵
  PID:7928
- C:\Windows\System\udCvFYr.exe
  C:\Windows\System\udCvFYr.exe
  2⤵
  PID:7944
- C:\Windows\System\UAcfdOn.exe
  C:\Windows\System\UAcfdOn.exe
  2⤵
  PID:7776
- C:\Windows\System\KSjvnsx.exe
  C:\Windows\System\KSjvnsx.exe
  2⤵
  PID:7832
- C:\Windows\System\rzlNOQF.exe
  C:\Windows\System\rzlNOQF.exe
  2⤵
  PID:7916
- C:\Windows\System\POtINDg.exe
  C:\Windows\System\POtINDg.exe
  2⤵
  PID:8004
- C:\Windows\System\nnpRSMj.exe
  C:\Windows\System\nnpRSMj.exe
  2⤵
  PID:8072
- C:\Windows\System\otOJnSd.exe
  C:\Windows\System\otOJnSd.exe
  2⤵
  PID:8164
- C:\Windows\System\JrLcjMc.exe
  C:\Windows\System\JrLcjMc.exe
  2⤵
  PID:8120
- C:\Windows\System\AjYaial.exe
  C:\Windows\System\AjYaial.exe
  2⤵
  PID:8188
- C:\Windows\System\gKcYlyo.exe
  C:\Windows\System\gKcYlyo.exe
  2⤵
  PID:6784
- C:\Windows\System\GEcbgFE.exe
  C:\Windows\System\GEcbgFE.exe
  2⤵
  PID:7324
- C:\Windows\System\IIrxbsx.exe
  C:\Windows\System\IIrxbsx.exe
  2⤵
  PID:2428
- C:\Windows\System\zwJvmDJ.exe
  C:\Windows\System\zwJvmDJ.exe
  2⤵
  PID:7192
- C:\Windows\System\ZnSVpTg.exe
  C:\Windows\System\ZnSVpTg.exe
  2⤵
  PID:6816
- C:\Windows\System\JUFmIny.exe
  C:\Windows\System\JUFmIny.exe
  2⤵
  PID:7208
- C:\Windows\System\cXqXZFq.exe
  C:\Windows\System\cXqXZFq.exe
  2⤵
  PID:7260
- C:\Windows\System\VmWZHEO.exe
  C:\Windows\System\VmWZHEO.exe
  2⤵
  PID:2444
- C:\Windows\System\wjFecGo.exe
  C:\Windows\System\wjFecGo.exe
  2⤵
  PID:7452
- C:\Windows\System\HgWLvKT.exe
  C:\Windows\System\HgWLvKT.exe
  2⤵
  PID:6756
- C:\Windows\System\jDTtgWq.exe
  C:\Windows\System\jDTtgWq.exe
  2⤵
  PID:6516
- C:\Windows\System\uDXYpzA.exe
  C:\Windows\System\uDXYpzA.exe
  2⤵
  PID:7500
- C:\Windows\System\yYdrCDf.exe
  C:\Windows\System\yYdrCDf.exe
  2⤵
  PID:7456
- C:\Windows\System\klVMCIf.exe
  C:\Windows\System\klVMCIf.exe
  2⤵
  PID:7552
- C:\Windows\System\ogJSUJy.exe
  C:\Windows\System\ogJSUJy.exe
  2⤵
  PID:7516
- C:\Windows\System\DTEhJOL.exe
  C:\Windows\System\DTEhJOL.exe
  2⤵
  PID:6248
- C:\Windows\System\JDuTsAI.exe
  C:\Windows\System\JDuTsAI.exe
  2⤵
  PID:7400
- C:\Windows\System\PtDTSTp.exe
  C:\Windows\System\PtDTSTp.exe
  2⤵
  PID:7512
- C:\Windows\System\WQhXlVX.exe
  C:\Windows\System\WQhXlVX.exe
  2⤵
  PID:2380
- C:\Windows\System\FeQWbOf.exe
  C:\Windows\System\FeQWbOf.exe
  2⤵
  PID:7700
- C:\Windows\System\NQfpDnQ.exe
  C:\Windows\System\NQfpDnQ.exe
  2⤵
  PID:7952
- C:\Windows\System\Zhsgqzr.exe
  C:\Windows\System\Zhsgqzr.exe
  2⤵
  PID:7660
- C:\Windows\System\fRLFeBB.exe
  C:\Windows\System\fRLFeBB.exe
  2⤵
  PID:7988
- C:\Windows\System\UlMMkdU.exe
  C:\Windows\System\UlMMkdU.exe
  2⤵
  PID:7816
- C:\Windows\System\qncJSqy.exe
  C:\Windows\System\qncJSqy.exe
  2⤵
  PID:8068
- C:\Windows\System\chlGnbC.exe
  C:\Windows\System\chlGnbC.exe
  2⤵
  PID:8116
- C:\Windows\System\gkTntxD.exe
  C:\Windows\System\gkTntxD.exe
  2⤵
  PID:7280
- C:\Windows\System\VKJuTfn.exe
  C:\Windows\System\VKJuTfn.exe
  2⤵
  PID:7036
- C:\Windows\System\ZYwcVmd.exe
  C:\Windows\System\ZYwcVmd.exe
  2⤵
  PID:2824
- C:\Windows\System\ULFJSAp.exe
  C:\Windows\System\ULFJSAp.exe
  2⤵
  PID:7416
- C:\Windows\System\wWsSJLY.exe
  C:\Windows\System\wWsSJLY.exe
  2⤵
  PID:1188
- C:\Windows\System\VfiXSkQ.exe
  C:\Windows\System\VfiXSkQ.exe
  2⤵
  PID:7616
- C:\Windows\System\yWoMeri.exe
  C:\Windows\System\yWoMeri.exe
  2⤵
  PID:7388
- C:\Windows\System\JYQtrEJ.exe
  C:\Windows\System\JYQtrEJ.exe
  2⤵
  PID:7796
- C:\Windows\System\OzYhrhP.exe
  C:\Windows\System\OzYhrhP.exe
  2⤵
  PID:7880
- C:\Windows\System\gKNenby.exe
  C:\Windows\System\gKNenby.exe
  2⤵
  PID:7932
- C:\Windows\System\tgkHhJg.exe
  C:\Windows\System\tgkHhJg.exe
  2⤵
  PID:7268
- C:\Windows\System\yJMKjJv.exe
  C:\Windows\System\yJMKjJv.exe
  2⤵
  PID:6556
- C:\Windows\System\fhzYZrZ.exe
  C:\Windows\System\fhzYZrZ.exe
  2⤵
  PID:7680
- C:\Windows\System\yVuAMWa.exe
  C:\Windows\System\yVuAMWa.exe
  2⤵
  PID:7496
- C:\Windows\System\JrmKgxE.exe
  C:\Windows\System\JrmKgxE.exe
  2⤵
  PID:7656
- C:\Windows\System\gdGWOBE.exe
  C:\Windows\System\gdGWOBE.exe
  2⤵
  PID:7708
- C:\Windows\System\cyvmEUv.exe
  C:\Windows\System\cyvmEUv.exe
  2⤵
  PID:8104
- C:\Windows\System\WqXxpwt.exe
  C:\Windows\System\WqXxpwt.exe
  2⤵
  PID:8184
- C:\Windows\System\pvFrGuD.exe
  C:\Windows\System\pvFrGuD.exe
  2⤵
  PID:7284
- C:\Windows\System\sKAHfzx.exe
  C:\Windows\System\sKAHfzx.exe
  2⤵
  PID:7164
- C:\Windows\System\lPfIAyh.exe
  C:\Windows\System\lPfIAyh.exe
  2⤵
  PID:2996
- C:\Windows\System\xSGUVBz.exe
  C:\Windows\System\xSGUVBz.exe
  2⤵
  PID:7000
- C:\Windows\System\ojsEiQy.exe
  C:\Windows\System\ojsEiQy.exe
  2⤵
  PID:7896
- C:\Windows\System\idSwPEC.exe
  C:\Windows\System\idSwPEC.exe
  2⤵
  PID:7604
- C:\Windows\System\agRcfME.exe
  C:\Windows\System\agRcfME.exe
  2⤵
  PID:7744
- C:\Windows\System\BlkCiId.exe
  C:\Windows\System\BlkCiId.exe
  2⤵
  PID:7720
- C:\Windows\System\CxRdnDV.exe
  C:\Windows\System\CxRdnDV.exe
  2⤵
  PID:6912
- C:\Windows\System\kJeYCfw.exe
  C:\Windows\System\kJeYCfw.exe
  2⤵
  PID:7536
- C:\Windows\System\mccemim.exe
  C:\Windows\System\mccemim.exe
  2⤵
  PID:7344
- C:\Windows\System\uKdgqZa.exe
  C:\Windows\System\uKdgqZa.exe
  2⤵
  PID:2364
- C:\Windows\System\CgNWJLX.exe
  C:\Windows\System\CgNWJLX.exe
  2⤵
  PID:7620
- C:\Windows\System\dQlHKQn.exe
  C:\Windows\System\dQlHKQn.exe
  2⤵
  PID:7912
- C:\Windows\System\bVaotjA.exe
  C:\Windows\System\bVaotjA.exe
  2⤵
  PID:7736
- C:\Windows\System\AzTZoMV.exe
  C:\Windows\System\AzTZoMV.exe
  2⤵
  PID:6520
- C:\Windows\System\BZzPmxa.exe
  C:\Windows\System\BZzPmxa.exe
  2⤵
  PID:7176
- C:\Windows\System\cwyZzsS.exe
  C:\Windows\System\cwyZzsS.exe
  2⤵
  PID:7804
- C:\Windows\System\NvUAEFD.exe
  C:\Windows\System\NvUAEFD.exe
  2⤵
  PID:7968
- C:\Windows\System\PpSmMrw.exe
  C:\Windows\System\PpSmMrw.exe
  2⤵
  PID:6232
- C:\Windows\System\FRfFDgP.exe
  C:\Windows\System\FRfFDgP.exe
  2⤵
  PID:7340
- C:\Windows\System\oVbeBZg.exe
  C:\Windows\System\oVbeBZg.exe
  2⤵
  PID:8208
- C:\Windows\System\AFTtGYE.exe
  C:\Windows\System\AFTtGYE.exe
  2⤵
  PID:8224
- C:\Windows\System\dQbOiKo.exe
  C:\Windows\System\dQbOiKo.exe
  2⤵
  PID:8240
- C:\Windows\System\fIdwkuq.exe
  C:\Windows\System\fIdwkuq.exe
  2⤵
  PID:8256
- C:\Windows\System\TZmvRiV.exe
  C:\Windows\System\TZmvRiV.exe
  2⤵
  PID:8272
- C:\Windows\System\haOlnZM.exe
  C:\Windows\System\haOlnZM.exe
  2⤵
  PID:8288
- C:\Windows\System\dQvomNi.exe
  C:\Windows\System\dQvomNi.exe
  2⤵
  PID:8304
- C:\Windows\System\XuFSMza.exe
  C:\Windows\System\XuFSMza.exe
  2⤵
  PID:8320
- C:\Windows\System\usHFlbb.exe
  C:\Windows\System\usHFlbb.exe
  2⤵
  PID:8336
- C:\Windows\System\qzqzeUg.exe
  C:\Windows\System\qzqzeUg.exe
  2⤵
  PID:8352
- C:\Windows\System\PPANLbf.exe
  C:\Windows\System\PPANLbf.exe
  2⤵
  PID:8368
- C:\Windows\System\FQolejY.exe
  C:\Windows\System\FQolejY.exe
  2⤵
  PID:8384
- C:\Windows\System\ojHcYzA.exe
  C:\Windows\System\ojHcYzA.exe
  2⤵
  PID:8400
- C:\Windows\System\GzsTPRw.exe
  C:\Windows\System\GzsTPRw.exe
  2⤵
  PID:8416
- C:\Windows\System\VoPeZXO.exe
  C:\Windows\System\VoPeZXO.exe
  2⤵
  PID:8432
- C:\Windows\System\GZskNqg.exe
  C:\Windows\System\GZskNqg.exe
  2⤵
  PID:8448
- C:\Windows\System\rISCHmz.exe
  C:\Windows\System\rISCHmz.exe
  2⤵
  PID:8464
- C:\Windows\System\rEQvzEn.exe
  C:\Windows\System\rEQvzEn.exe
  2⤵
  PID:8480
- C:\Windows\System\LFIIRMm.exe
  C:\Windows\System\LFIIRMm.exe
  2⤵
  PID:8496
- C:\Windows\System\XDZLqlL.exe
  C:\Windows\System\XDZLqlL.exe
  2⤵
  PID:8512
- C:\Windows\System\groezTc.exe
  C:\Windows\System\groezTc.exe
  2⤵
  PID:8528
- C:\Windows\System\XhllGBc.exe
  C:\Windows\System\XhllGBc.exe
  2⤵
  PID:8544
- C:\Windows\System\icFPXGd.exe
  C:\Windows\System\icFPXGd.exe
  2⤵
  PID:8560
- C:\Windows\System\wtqUkWw.exe
  C:\Windows\System\wtqUkWw.exe
  2⤵
  PID:8580
- C:\Windows\System\KgnJmpR.exe
  C:\Windows\System\KgnJmpR.exe
  2⤵
  PID:8612
- C:\Windows\System\IYVHmnz.exe
  C:\Windows\System\IYVHmnz.exe
  2⤵
  PID:8628
- C:\Windows\System\ogydOtQ.exe
  C:\Windows\System\ogydOtQ.exe
  2⤵
  PID:8644
- C:\Windows\System\QNwUMQz.exe
  C:\Windows\System\QNwUMQz.exe
  2⤵
  PID:8660
- C:\Windows\System\eeoURMS.exe
  C:\Windows\System\eeoURMS.exe
  2⤵
  PID:8676
- C:\Windows\System\LadrUeM.exe
  C:\Windows\System\LadrUeM.exe
  2⤵
  PID:8692
- C:\Windows\System\QrdClXQ.exe
  C:\Windows\System\QrdClXQ.exe
  2⤵
  PID:8708
- C:\Windows\System\uxCzcni.exe
  C:\Windows\System\uxCzcni.exe
  2⤵
  PID:8724
- C:\Windows\System\NIpVmcU.exe
  C:\Windows\System\NIpVmcU.exe
  2⤵
  PID:8740
- C:\Windows\System\hpwMiiu.exe
  C:\Windows\System\hpwMiiu.exe
  2⤵
  PID:8756
- C:\Windows\System\vtYOENr.exe
  C:\Windows\System\vtYOENr.exe
  2⤵
  PID:8772
- C:\Windows\System\eDzFJDe.exe
  C:\Windows\System\eDzFJDe.exe
  2⤵
  PID:8788
- C:\Windows\System\YYKoGwU.exe
  C:\Windows\System\YYKoGwU.exe
  2⤵
  PID:8804
- C:\Windows\System\FkZPiOq.exe
  C:\Windows\System\FkZPiOq.exe
  2⤵
  PID:8820
- C:\Windows\System\AGxBtto.exe
  C:\Windows\System\AGxBtto.exe
  2⤵
  PID:8840
- C:\Windows\System\dpDvmqR.exe
  C:\Windows\System\dpDvmqR.exe
  2⤵
  PID:8868
- C:\Windows\System\zmUoklA.exe
  C:\Windows\System\zmUoklA.exe
  2⤵
  PID:8888
- C:\Windows\System\QIndGdb.exe
  C:\Windows\System\QIndGdb.exe
  2⤵
  PID:8908
- C:\Windows\System\ejDoeeI.exe
  C:\Windows\System\ejDoeeI.exe
  2⤵
  PID:8932
- C:\Windows\System\mfRLZzn.exe
  C:\Windows\System\mfRLZzn.exe
  2⤵
  PID:8948
- C:\Windows\System\iIZrZfG.exe
  C:\Windows\System\iIZrZfG.exe
  2⤵
  PID:8964
- C:\Windows\System\Pfulodn.exe
  C:\Windows\System\Pfulodn.exe
  2⤵
  PID:9000
- C:\Windows\System\OxVIVEn.exe
  C:\Windows\System\OxVIVEn.exe
  2⤵
  PID:9020
- C:\Windows\System\cuBTuLa.exe
  C:\Windows\System\cuBTuLa.exe
  2⤵
  PID:9036
- C:\Windows\System\jjjJzwb.exe
  C:\Windows\System\jjjJzwb.exe
  2⤵
  PID:9068
- C:\Windows\System\dwHwAFQ.exe
  C:\Windows\System\dwHwAFQ.exe
  2⤵
  PID:9084
- C:\Windows\System\DKBNhtm.exe
  C:\Windows\System\DKBNhtm.exe
  2⤵
  PID:9100
- C:\Windows\System\UxIqaDd.exe
  C:\Windows\System\UxIqaDd.exe
  2⤵
  PID:9124
- C:\Windows\System\fRbfJSL.exe
  C:\Windows\System\fRbfJSL.exe
  2⤵
  PID:9148
- C:\Windows\System\EwcfFXX.exe
  C:\Windows\System\EwcfFXX.exe
  2⤵
  PID:9164
- C:\Windows\System\uBMNAKi.exe
  C:\Windows\System\uBMNAKi.exe
  2⤵
  PID:9180
- C:\Windows\System\pAcOUbX.exe
  C:\Windows\System\pAcOUbX.exe
  2⤵
  PID:8236
- C:\Windows\System\vlriVIX.exe
  C:\Windows\System\vlriVIX.exe
  2⤵
  PID:8264
- C:\Windows\System\UMdwENu.exe
  C:\Windows\System\UMdwENu.exe
  2⤵
  PID:8332
- C:\Windows\System\mUwXPUu.exe
  C:\Windows\System\mUwXPUu.exe
  2⤵
  PID:8460
- C:\Windows\System\hFOFrbz.exe
  C:\Windows\System\hFOFrbz.exe
  2⤵
  PID:8624
- C:\Windows\System\NbrnSSq.exe
  C:\Windows\System\NbrnSSq.exe
  2⤵
  PID:8688
- C:\Windows\System\Ppmhnen.exe
  C:\Windows\System\Ppmhnen.exe
  2⤵
  PID:8752
- C:\Windows\System\VCNJgEx.exe
  C:\Windows\System\VCNJgEx.exe
  2⤵
  PID:8668
- C:\Windows\System\PxYvgGq.exe
  C:\Windows\System\PxYvgGq.exe
  2⤵
  PID:8704
- C:\Windows\System\VECIbCt.exe
  C:\Windows\System\VECIbCt.exe
  2⤵
  PID:8796
- C:\Windows\System\FDKbwbz.exe
  C:\Windows\System\FDKbwbz.exe
  2⤵
  PID:8800
- C:\Windows\System\MmseZYn.exe
  C:\Windows\System\MmseZYn.exe
  2⤵
  PID:8896
- C:\Windows\System\rktateZ.exe
  C:\Windows\System\rktateZ.exe
  2⤵
  PID:8904
- C:\Windows\System\mPIOlQA.exe
  C:\Windows\System\mPIOlQA.exe
  2⤵
  PID:8976
- C:\Windows\System\opaLKUA.exe
  C:\Windows\System\opaLKUA.exe
  2⤵
  PID:8992
- C:\Windows\System\pPYzGQH.exe
  C:\Windows\System\pPYzGQH.exe
  2⤵
  PID:9016
- C:\Windows\System\jvAHXMc.exe
  C:\Windows\System\jvAHXMc.exe
  2⤵
  PID:9080
- C:\Windows\System\VSZHgGs.exe
  C:\Windows\System\VSZHgGs.exe
  2⤵
  PID:9172
- C:\Windows\System\ykCPipO.exe
  C:\Windows\System\ykCPipO.exe
  2⤵
  PID:9196
- C:\Windows\System\lUHbQPZ.exe
  C:\Windows\System\lUHbQPZ.exe
  2⤵
  PID:7600
- C:\Windows\System\XHWDItw.exe
  C:\Windows\System\XHWDItw.exe
  2⤵
  PID:8216
- C:\Windows\System\KWDuenS.exe
  C:\Windows\System\KWDuenS.exe
  2⤵
  PID:7448
- C:\Windows\System\YAicbSQ.exe
  C:\Windows\System\YAicbSQ.exe
  2⤵
  PID:8344
- C:\Windows\System\OlPiVwf.exe
  C:\Windows\System\OlPiVwf.exe
  2⤵
  PID:8440
- C:\Windows\System\EEIqNnh.exe
  C:\Windows\System\EEIqNnh.exe
  2⤵
  PID:8376
- C:\Windows\System\yaxkdmT.exe
  C:\Windows\System\yaxkdmT.exe
  2⤵
  PID:8508
- C:\Windows\System\UFFqMnP.exe
  C:\Windows\System\UFFqMnP.exe
  2⤵
  PID:8360
- C:\Windows\System\dQiUhUB.exe
  C:\Windows\System\dQiUhUB.exe
  2⤵
  PID:5932
- C:\Windows\System\FQUsGvQ.exe
  C:\Windows\System\FQUsGvQ.exe
  2⤵
  PID:8396
- C:\Windows\System\MBezDuZ.exe
  C:\Windows\System\MBezDuZ.exe
  2⤵
  PID:8524
- C:\Windows\System\OZHEEaE.exe
  C:\Windows\System\OZHEEaE.exe
  2⤵
  PID:8588
- C:\Windows\System\zPWesAx.exe
  C:\Windows\System\zPWesAx.exe
  2⤵
  PID:8576
- C:\Windows\System\cjiNVZu.exe
  C:\Windows\System\cjiNVZu.exe
  2⤵
  PID:8732
- C:\Windows\System\UaWUebi.exe
  C:\Windows\System\UaWUebi.exe
  2⤵
  PID:8848
- C:\Windows\System\aNVIuUf.exe
  C:\Windows\System\aNVIuUf.exe
  2⤵
  PID:8900
- C:\Windows\System\cpRCfSC.exe
  C:\Windows\System\cpRCfSC.exe
  2⤵
  PID:8640
- C:\Windows\System\FlBAoGr.exe
  C:\Windows\System\FlBAoGr.exe
  2⤵
  PID:8636
- C:\Windows\System\meElguj.exe
  C:\Windows\System\meElguj.exe
  2⤵
  PID:8884
- C:\Windows\System\xWLfztt.exe
  C:\Windows\System\xWLfztt.exe
  2⤵
  PID:8988
- C:\Windows\System\tBnhhCH.exe
  C:\Windows\System\tBnhhCH.exe
  2⤵
  PID:8920
- C:\Windows\System\aRSwNpR.exe
  C:\Windows\System\aRSwNpR.exe
  2⤵
  PID:9116
- C:\Windows\System\PqCtTOQ.exe
  C:\Windows\System\PqCtTOQ.exe
  2⤵
  PID:9120
- C:\Windows\System\ZnFxIal.exe
  C:\Windows\System\ZnFxIal.exe
  2⤵
  PID:9136
- C:\Windows\System\KNqbUSA.exe
  C:\Windows\System\KNqbUSA.exe
  2⤵
  PID:8252
- C:\Windows\System\iwLzGBH.exe
  C:\Windows\System\iwLzGBH.exe
  2⤵
  PID:8316
- C:\Windows\System\YRJcbBl.exe
  C:\Windows\System\YRJcbBl.exe
  2⤵
  PID:8476
- C:\Windows\System\mKIbvPN.exe
  C:\Windows\System\mKIbvPN.exe
  2⤵
  PID:8568
- C:\Windows\System\xpMOgbF.exe
  C:\Windows\System\xpMOgbF.exe
  2⤵
  PID:8300
- C:\Windows\System\iIndShZ.exe
  C:\Windows\System\iIndShZ.exe
  2⤵
  PID:8720
- C:\Windows\System\Btduzaj.exe
  C:\Windows\System\Btduzaj.exe
  2⤵
  PID:8768
- C:\Windows\System\pHBlQon.exe
  C:\Windows\System\pHBlQon.exe
  2⤵
  PID:8672
- C:\Windows\System\SMQyXaW.exe
  C:\Windows\System\SMQyXaW.exe
  2⤵
  PID:8956
- C:\Windows\System\ttSTtsu.exe
  C:\Windows\System\ttSTtsu.exe
  2⤵
  PID:8836
- C:\Windows\System\uDUULdQ.exe
  C:\Windows\System\uDUULdQ.exe
  2⤵
  PID:9140
- C:\Windows\System\gSpKYBd.exe
  C:\Windows\System\gSpKYBd.exe
  2⤵
  PID:9200
- C:\Windows\System\TfNUCrd.exe
  C:\Windows\System\TfNUCrd.exe
  2⤵
  PID:9144
- C:\Windows\System\JoYhuOD.exe
  C:\Windows\System\JoYhuOD.exe
  2⤵
  PID:9176
- C:\Windows\System\oVoFIxb.exe
  C:\Windows\System\oVoFIxb.exe
  2⤵
  PID:8220
- C:\Windows\System\lZHtlxU.exe
  C:\Windows\System\lZHtlxU.exe
  2⤵
  PID:8556
- C:\Windows\System\VUYGnVr.exe
  C:\Windows\System\VUYGnVr.exe
  2⤵
  PID:8428
- C:\Windows\System\RwDTbEI.exe
  C:\Windows\System\RwDTbEI.exe
  2⤵
  PID:8972
- C:\Windows\System\QOiMeXG.exe
  C:\Windows\System\QOiMeXG.exe
  2⤵
  PID:8924
- C:\Windows\System\JHYARkn.exe
  C:\Windows\System\JHYARkn.exe
  2⤵
  PID:6180
- C:\Windows\System\FjLZPwR.exe
  C:\Windows\System\FjLZPwR.exe
  2⤵
  PID:8380
- C:\Windows\System\FANfHlE.exe
  C:\Windows\System\FANfHlE.exe
  2⤵
  PID:8520
- C:\Windows\System\EQWxWwK.exe
  C:\Windows\System\EQWxWwK.exe
  2⤵
  PID:8608
- C:\Windows\System\yDKyqJo.exe
  C:\Windows\System\yDKyqJo.exe
  2⤵
  PID:9052
- C:\Windows\System\geCewuj.exe
  C:\Windows\System\geCewuj.exe
  2⤵
  PID:7392
- C:\Windows\System\NgkjxOG.exe
  C:\Windows\System\NgkjxOG.exe
  2⤵
  PID:9092
- C:\Windows\System\PLfuEGv.exe
  C:\Windows\System\PLfuEGv.exe
  2⤵
  PID:9248
- C:\Windows\System\hZMNvrm.exe
  C:\Windows\System\hZMNvrm.exe
  2⤵
  PID:9264
- C:\Windows\System\StrzAlV.exe
  C:\Windows\System\StrzAlV.exe
  2⤵
  PID:9284
- C:\Windows\System\TVgyhKm.exe
  C:\Windows\System\TVgyhKm.exe
  2⤵
  PID:9300
- C:\Windows\System\amNKKcV.exe
  C:\Windows\System\amNKKcV.exe
  2⤵
  PID:9320
- C:\Windows\System\MZeyJYS.exe
  C:\Windows\System\MZeyJYS.exe
  2⤵
  PID:9336
- C:\Windows\System\UAXsHgK.exe
  C:\Windows\System\UAXsHgK.exe
  2⤵
  PID:9352
- C:\Windows\System\rDJUrfv.exe
  C:\Windows\System\rDJUrfv.exe
  2⤵
  PID:9368
- C:\Windows\System\qmZiINz.exe
  C:\Windows\System\qmZiINz.exe
  2⤵
  PID:9416
- C:\Windows\System\HSWEuta.exe
  C:\Windows\System\HSWEuta.exe
  2⤵
  PID:9440
- C:\Windows\System\fOCuXru.exe
  C:\Windows\System\fOCuXru.exe
  2⤵
  PID:9460
- C:\Windows\System\lIhrpzP.exe
  C:\Windows\System\lIhrpzP.exe
  2⤵
  PID:9476
- C:\Windows\System\TPWFjFU.exe
  C:\Windows\System\TPWFjFU.exe
  2⤵
  PID:9500
- C:\Windows\System\fqhkhQl.exe
  C:\Windows\System\fqhkhQl.exe
  2⤵
  PID:9516
- C:\Windows\System\cZTjkFj.exe
  C:\Windows\System\cZTjkFj.exe
  2⤵
  PID:9532
- C:\Windows\System\QttZOiu.exe
  C:\Windows\System\QttZOiu.exe
  2⤵
  PID:9548
- C:\Windows\System\MVpKTXI.exe
  C:\Windows\System\MVpKTXI.exe
  2⤵
  PID:9564
- C:\Windows\System\gJpBAsS.exe
  C:\Windows\System\gJpBAsS.exe
  2⤵
  PID:9580
- C:\Windows\System\SwvSPCG.exe
  C:\Windows\System\SwvSPCG.exe
  2⤵
  PID:9596
- C:\Windows\System\QPlKdLl.exe
  C:\Windows\System\QPlKdLl.exe
  2⤵
  PID:9612
- C:\Windows\System\APkqMHC.exe
  C:\Windows\System\APkqMHC.exe
  2⤵
  PID:9636
- C:\Windows\System\jWRZAIP.exe
  C:\Windows\System\jWRZAIP.exe
  2⤵
  PID:9656
- C:\Windows\System\IMbiVTJ.exe
  C:\Windows\System\IMbiVTJ.exe
  2⤵
  PID:9680
- C:\Windows\System\NADpaGT.exe
  C:\Windows\System\NADpaGT.exe
  2⤵
  PID:9704
- C:\Windows\System\aoDsSby.exe
  C:\Windows\System\aoDsSby.exe
  2⤵
  PID:9720
- C:\Windows\System\dGJrqUH.exe
  C:\Windows\System\dGJrqUH.exe
  2⤵
  PID:9736
- C:\Windows\System\YQXUNKL.exe
  C:\Windows\System\YQXUNKL.exe
  2⤵
  PID:9752
- C:\Windows\System\xLhMJvJ.exe
  C:\Windows\System\xLhMJvJ.exe
  2⤵
  PID:9768
- C:\Windows\System\YfIvzfB.exe
  C:\Windows\System\YfIvzfB.exe
  2⤵
  PID:9788
- C:\Windows\System\ofcrCAk.exe
  C:\Windows\System\ofcrCAk.exe
  2⤵
  PID:9816
- C:\Windows\System\GgmkkWL.exe
  C:\Windows\System\GgmkkWL.exe
  2⤵
  PID:9832
- C:\Windows\System\HDFnlKB.exe
  C:\Windows\System\HDFnlKB.exe
  2⤵
  PID:9848
- C:\Windows\System\PrnrOoc.exe
  C:\Windows\System\PrnrOoc.exe
  2⤵
  PID:9880
- C:\Windows\System\mHNKwZl.exe
  C:\Windows\System\mHNKwZl.exe
  2⤵
  PID:9940
- C:\Windows\System\eRiwBuf.exe
  C:\Windows\System\eRiwBuf.exe
  2⤵
  PID:9956
- C:\Windows\System\EBZWxvh.exe
  C:\Windows\System\EBZWxvh.exe
  2⤵
  PID:9972
- C:\Windows\System\VjDZQUf.exe
  C:\Windows\System\VjDZQUf.exe
  2⤵
  PID:9988
- C:\Windows\System\SxxzlRQ.exe
  C:\Windows\System\SxxzlRQ.exe
  2⤵
  PID:10004
- C:\Windows\System\DVGOIKJ.exe
  C:\Windows\System\DVGOIKJ.exe
  2⤵
  PID:10020
- C:\Windows\System\doDpIcK.exe
  C:\Windows\System\doDpIcK.exe
  2⤵
  PID:10036
- C:\Windows\System\QGTJkMy.exe
  C:\Windows\System\QGTJkMy.exe
  2⤵
  PID:10052
- C:\Windows\System\bGSeGzC.exe
  C:\Windows\System\bGSeGzC.exe
  2⤵
  PID:10068
- C:\Windows\System\JKUqsnT.exe
  C:\Windows\System\JKUqsnT.exe
  2⤵
  PID:10084
- C:\Windows\System\krZdKAt.exe
  C:\Windows\System\krZdKAt.exe
  2⤵
  PID:10100
- C:\Windows\System\WkPnIHg.exe
  C:\Windows\System\WkPnIHg.exe
  2⤵
  PID:10116
- C:\Windows\System\fDUThbH.exe
  C:\Windows\System\fDUThbH.exe
  2⤵
  PID:10132
- C:\Windows\System\EVctHGE.exe
  C:\Windows\System\EVctHGE.exe
  2⤵
  PID:10148
- C:\Windows\System\suHKKrP.exe
  C:\Windows\System\suHKKrP.exe
  2⤵
  PID:10168
- C:\Windows\System\vPSCHyG.exe
  C:\Windows\System\vPSCHyG.exe
  2⤵
  PID:10184
- C:\Windows\System\IAEWWlQ.exe
  C:\Windows\System\IAEWWlQ.exe
  2⤵
  PID:10200
- C:\Windows\System\avoDIbN.exe
  C:\Windows\System\avoDIbN.exe
  2⤵
  PID:10216
- C:\Windows\System\rodLZHk.exe
  C:\Windows\System\rodLZHk.exe
  2⤵
  PID:10232
- C:\Windows\System\jcRghmc.exe
  C:\Windows\System\jcRghmc.exe
  2⤵
  PID:9112
- C:\Windows\System\uzOvUME.exe
  C:\Windows\System\uzOvUME.exe
  2⤵
  PID:8984
- C:\Windows\System\GyxEIHJ.exe
  C:\Windows\System\GyxEIHJ.exe
  2⤵
  PID:8492
- C:\Windows\System\RaCkQJw.exe
  C:\Windows\System\RaCkQJw.exe
  2⤵
  PID:8856
- C:\Windows\System\ajnPbsB.exe
  C:\Windows\System\ajnPbsB.exe
  2⤵
  PID:8248
- C:\Windows\System\ZUVRPKE.exe
  C:\Windows\System\ZUVRPKE.exe
  2⤵
  PID:9292
- C:\Windows\System\HnzFjai.exe
  C:\Windows\System\HnzFjai.exe
  2⤵
  PID:9244
- C:\Windows\System\fGBHseE.exe
  C:\Windows\System\fGBHseE.exe
  2⤵
  PID:9280
- C:\Windows\System\sGJbTGG.exe
  C:\Windows\System\sGJbTGG.exe
  2⤵
  PID:9344
- C:\Windows\System\lIOyrMm.exe
  C:\Windows\System\lIOyrMm.exe
  2⤵
  PID:9360
- C:\Windows\System\YRqsAjx.exe
  C:\Windows\System\YRqsAjx.exe
  2⤵
  PID:9400
- C:\Windows\System\LuvlhZw.exe
  C:\Windows\System\LuvlhZw.exe
  2⤵
  PID:9412
- C:\Windows\System\CstDFwE.exe
  C:\Windows\System\CstDFwE.exe
  2⤵
  PID:9452
- C:\Windows\System\SsuMsKL.exe
  C:\Windows\System\SsuMsKL.exe
  2⤵
  PID:9508
- C:\Windows\System\KXSeBwS.exe
  C:\Windows\System\KXSeBwS.exe
  2⤵
  PID:9692
- C:\Windows\System\nNNgtEC.exe
  C:\Windows\System\nNNgtEC.exe
  2⤵
  PID:9700
- C:\Windows\System\VSQnuGv.exe
  C:\Windows\System\VSQnuGv.exe
  2⤵
  PID:9496
- C:\Windows\System\HwVrWAV.exe
  C:\Windows\System\HwVrWAV.exe
  2⤵
  PID:9796
- C:\Windows\System\WCbQQbd.exe
  C:\Windows\System\WCbQQbd.exe
  2⤵
  PID:9812
- C:\Windows\System\GQVadkj.exe
  C:\Windows\System\GQVadkj.exe
  2⤵
  PID:9560
- C:\Windows\System\PZEYjov.exe
  C:\Windows\System\PZEYjov.exe
  2⤵
  PID:9744
- C:\Windows\System\NGqUoCW.exe
  C:\Windows\System\NGqUoCW.exe
  2⤵
  PID:9624
- C:\Windows\System\xnXctPA.exe
  C:\Windows\System\xnXctPA.exe
  2⤵
  PID:9668
- C:\Windows\System\otMPmdp.exe
  C:\Windows\System\otMPmdp.exe
  2⤵
  PID:9780
- C:\Windows\System\kvUSEka.exe
  C:\Windows\System\kvUSEka.exe
  2⤵
  PID:9856
- C:\Windows\System\aIaPglD.exe
  C:\Windows\System\aIaPglD.exe
  2⤵
  PID:9888
- C:\Windows\System\Yjidfte.exe
  C:\Windows\System\Yjidfte.exe
  2⤵
  PID:9908
- C:\Windows\System\hFUaeVW.exe
  C:\Windows\System\hFUaeVW.exe
  2⤵
  PID:9924
- C:\Windows\System\jlVYTNm.exe
  C:\Windows\System\jlVYTNm.exe
  2⤵
  PID:9900
- C:\Windows\System\kDISWqO.exe
  C:\Windows\System\kDISWqO.exe
  2⤵
  PID:10016
- C:\Windows\System\tJGtVwn.exe
  C:\Windows\System\tJGtVwn.exe
  2⤵
  PID:9948
- C:\Windows\System\kvdYbtS.exe
  C:\Windows\System\kvdYbtS.exe
  2⤵
  PID:10048
- C:\Windows\System\tGPfEcG.exe
  C:\Windows\System\tGPfEcG.exe
  2⤵
  PID:10060
- C:\Windows\System\jUSTYYD.exe
  C:\Windows\System\jUSTYYD.exe
  2⤵
  PID:10128
- C:\Windows\System\RxJhABc.exe
  C:\Windows\System\RxJhABc.exe
  2⤵
  PID:10192
- C:\Windows\System\hPeNkBV.exe
  C:\Windows\System\hPeNkBV.exe
  2⤵
  PID:9208
- C:\Windows\System\ULBAsPr.exe
  C:\Windows\System\ULBAsPr.exe
  2⤵
  PID:8816
- C:\Windows\System\XXzyiOc.exe
  C:\Windows\System\XXzyiOc.exe
  2⤵
  PID:8136
- C:\Windows\System\DItaYtr.exe
  C:\Windows\System\DItaYtr.exe
  2⤵
  PID:8784
- C:\Windows\System\nSdcMTP.exe
  C:\Windows\System\nSdcMTP.exe
  2⤵
  PID:10108
- C:\Windows\System\YmfJCSv.exe
  C:\Windows\System\YmfJCSv.exe
  2⤵
  PID:10212
- C:\Windows\System\QlAzgGE.exe
  C:\Windows\System\QlAzgGE.exe
  2⤵
  PID:9312
- C:\Windows\System\IrmgIEl.exe
  C:\Windows\System\IrmgIEl.exe
  2⤵
  PID:9364
- C:\Windows\System\vYyTqZa.exe
  C:\Windows\System\vYyTqZa.exe
  2⤵
  PID:8456
- C:\Windows\System\UMIjLPR.exe
  C:\Windows\System\UMIjLPR.exe
  2⤵
  PID:9392
- C:\Windows\System\ncjWRaD.exe
  C:\Windows\System\ncjWRaD.exe
  2⤵
  PID:9468
- C:\Windows\System\WpFSvLK.exe
  C:\Windows\System\WpFSvLK.exe
  2⤵
  PID:9512
- C:\Windows\System\TqxuMmF.exe
  C:\Windows\System\TqxuMmF.exe
  2⤵
  PID:9528
- C:\Windows\System\WbAYjCs.exe
  C:\Windows\System\WbAYjCs.exe
  2⤵
  PID:9688
- C:\Windows\System\UwDzBCP.exe
  C:\Windows\System\UwDzBCP.exe
  2⤵
  PID:9808
- C:\Windows\System\hyYjrEW.exe
  C:\Windows\System\hyYjrEW.exe
  2⤵
  PID:9712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\FYnWNxy.exe

Filesize
6.0MB

MD5
757baf7f395aada099b1557ca97ef43e

SHA1
21d45fa87a0d9946c63a397c9d731c66988e6960

SHA256
fe411105a53cf6136eb53fc4bfca9abcb073227d3acb174e256bf7675bdfac42

SHA512
75deff12c400a3abe102a4dfc7b1a19977cec4e4afdb298ad5c569db4af4e10114cbfbdfd7e2473becf197ae0b258b335733d6b13276601abd3dfb32f0c08bd8

Download Submit
C:\Windows\system\LVJpXVi.exe

Filesize
6.0MB

MD5
0c56a362302c2fb5aad12a78a033a5a3

SHA1
9b14bcc5bd8f16136271c00fcc5afabf3913802c

SHA256
3adf7fe7de577923b124184015d2358beb7f8eb3b99bedeb0c6d68a894c62883

SHA512
a62c38060ee2a5cd3ffaae16c7b222eba907de9f834836598a879bf4d57fd506b9215eeef6f2cc23c28d267620caa050ef7114f0145839c6e9d7dbbd09346a8a

Download Submit
C:\Windows\system\LoLLGYv.exe

Filesize
6.0MB

MD5
72303ac0aa8871ffb66c1ce9f957fcee

SHA1
f2ffc160334def31a4ec6d41a17c49884c16c5ae

SHA256
a1c833d41bcfa5b2437a81527d2823daead0e911fbd707426ae3c89c5ae7e01f

SHA512
ff054e6d144caf5328603d2d5c6c3a198d4e51e8e3910f6285282e159221288f4c879324ffb7e7ae919aa787d816df89f46c8225bd847f095788aefa7ba438ee

Download Submit
C:\Windows\system\NODmyXD.exe

Filesize
6.0MB

MD5
520fee81a3f47f9e910924a3297cef54

SHA1
0d908790bf773cd118c4585808294d52e18e9a51

SHA256
d49f0f7f74c748ef478fa4c82e295299af5efaeb388085147016d6ec7847e26a

SHA512
c1800b3268db1c70e17ea6ad9982a89ce62c35602a63e50e83a2baa61b79715fbdfc6d85888b2ec25caf8a377b5b3282c3423f3477cc1c567954ce37256647e2

Download Submit
C:\Windows\system\PCMapon.exe

Filesize
6.0MB

MD5
f09e7a5ee1999a866619270f8a8bfe15

SHA1
9602dda0f2c0ae17787a9622ac85f21f0fe3b6d5

SHA256
6d4a1dd256a60bbedd997f2ddd2ab7517fdac93e37a0e57b65ac1021048d9022

SHA512
c788afe12801121ced9e7f99f53605cba29ee4f628a910d15422ec23d408459094c965b252adc9a726da5c50c29ec19a9e83bd1c521f819a9e517a00b6b45e61

Download Submit
C:\Windows\system\PwQrwbP.exe

Filesize
6.0MB

MD5
7e0a3001d65f394a8c74f3ae372f008e

SHA1
d4090e34f7b311ff9610d352ac5052032cd3ed1f

SHA256
f2ceb9d5cf4f5e9c629c468ff19a2dce793b10a209517265eb5fe237156a0f67

SHA512
5c17dde38dccd861fafece2ff5cb5f2798843d95340d74dced9e20d9cbfe661b92c8d339866e5226694132f3ba46094847d8ae1321c6454df5fdbc9b435c25f8

Download Submit
C:\Windows\system\QuxqjlF.exe

Filesize
6.0MB

MD5
b6e33211a8cab6461c53f4f062f61fd3

SHA1
bd457b36115fe8376019da69bb89d299225479ff

SHA256
75c1ac3aebfd30e2492d4e22091c17f8fa8808a23d6eb3eaf28ae09696b5ecfa

SHA512
44ae72637aa815b89b383032e799028a88a73db710f0c6680cfb02c2bc5bed80b280abab2eebf1014baf0c4755fecdf1a47e0f7a24c56bc0427e5c602330e70a

Download Submit
C:\Windows\system\SMGjMrp.exe

Filesize
6.0MB

MD5
f45146bdecbb0b8387fb236c1a92b97c

SHA1
7f9b628ae206a63256948cc6241df993965ac598

SHA256
1d0227eaea22bf0c5b7fba723ada870869a83967f9e0f2a81596157459bb268e

SHA512
be32cbbe16a0fa19924c282c2446ef1d7bcc619cae3ff3d6050a7ea40b5b751f4dd7b291fef8b0637e3cac5131c1af864bd1fa11e537d227d0f0e83792da0f61

Download Submit
C:\Windows\system\TXyinvh.exe

Filesize
6.0MB

MD5
5dc259475d5a368246f13bf7d549d382

SHA1
e6dbd3e0a3d8ff8b931077e6dad68b0ca47b717d

SHA256
d934acc2d8ecc4429535879410140986021778919e5585834973ac182bc7d6d0

SHA512
d8a2aea939af341becd940a49560522c2b3369491d2001ab11be4610e791418bac1fd6d91c4774c61b1371e1d0cf432725792c6567ef6fb45dfde505a1b90241

Download Submit
C:\Windows\system\TrmwqGd.exe

Filesize
6.0MB

MD5
2843d664c90e8fc4a94ba52a16fae3aa

SHA1
3ac6250a55986ca932cdc6d1646bb2376f5f867c

SHA256
1437e0ab1f6d1512044770f35252c3e925c766b9377ade3c36ced5b0c02e8fc4

SHA512
4d7ac267df2c4957146697b0ceecc156fed99f25f50acc99b516e168671732573a625ffeb3541c24f2ec0d45aa80f299389c75f3908276a7558c7008123c3541

Download Submit
C:\Windows\system\YcPnWXn.exe

Filesize
6.0MB

MD5
5283ed0eec9e9bdf22335a72ed21f172

SHA1
21e57c1bf3429bb2a0e750ff3bd089ec196e3aae

SHA256
f2d6ea2d9fc2236599e1f7389c146c94914625b3f3d59d511e25103cf4562063

SHA512
3d3011e8498b7885de3925f5ec850ff302c96c2d944a3386f231e7fae641c869af12ad976f0cbad8c252883fef0b705cdcec0a29f12199bb9f8453934df7e664

Download Submit
C:\Windows\system\ZBaLOaO.exe

Filesize
6.0MB

MD5
a317461eb7eda4ecf2a829dfbedfc0ae

SHA1
0a75741e82a38c183129a9a143e91c3682650f99

SHA256
0b6f1eb85e6583b6bf63288a510c690032540adbf3c38bd99a66978fb630f10b

SHA512
fabfab6e3036e06b03a5eb5908b3c5ecb9383a893f1868f1dd5fd837fd76eca09a4f2bcd682c7b7581c096355413e3992be3fd8961ac8dfd3edc9815813d893c

Download Submit
C:\Windows\system\aHCzFjO.exe

Filesize
6.0MB

MD5
d3d988481ad3953934b1c1b0eeaf6f07

SHA1
44584df7d58528b155176b7d78d7e4654a0bb3de

SHA256
7d013bbe0b6bc36b058ae7e1337e0178ca9baf40ba5c2ba0a2cc4793e6a3f289

SHA512
b6daf29d8be9acecdd46807aadc8e8c27a31597fdd3503f224521696873ede2c292861893243e474527cac5444ec431b132c8f16a7d117d0352554adc3d2f535

Download Submit
C:\Windows\system\bPYyLCe.exe

Filesize
6.0MB

MD5
a11f6a1a08eb3677c006a33119ad8214

SHA1
007a3517228f75ed20f5df57b514720f30a6e846

SHA256
646df43b01d121b44731e90c2d2d55ddd7a9b75eae96e354c6b455ffe1b248c5

SHA512
bccf656a091fa523edbba6e9e56a0a44a6e959de6a06b780c0df7693381476ea3cdb443d7f139d4cb0c9769a29b8c7d9dd3e1db89f476fa3111ea3729729381e

Download Submit
C:\Windows\system\bpzfLeD.exe

Filesize
6.0MB

MD5
2ae5015a179ae89e5b4fea084e028078

SHA1
c85fe272a9794f13fbd4b39d7af1816ecdc623b7

SHA256
fa7b7b037487da91f9fbc9b714472a830452b2fd2049425f23e6593108bc5ab1

SHA512
d87dd56720466a180fe54a0572c6b1d43b7cac92f0e0f56ac4ba98d43224698449f2ab0cbffa7f8021035c868eb2ab97d622fc38cd2697cec739af83741ebfa3

Download Submit
C:\Windows\system\hcdHrPA.exe

Filesize
6.0MB

MD5
b0ad5946eb935ad8be9186e7cb270379

SHA1
3254c80ca16e2b07284399f612992f65a23697e9

SHA256
1cbbaa069d3329b5c574de66b342f6a59ee85e9a2d9be429c8d1daeb226f81a2

SHA512
2a39214a26b88eeb90fc9d5918d4fe53ad3fd51ce40c6497ad0d041d22005908206aa5e5235cbaa139e071e20c52d7fe8482004d6c324f82cd08a3c868ea043f

Download Submit
C:\Windows\system\hptxszw.exe

Filesize
6.0MB

MD5
6a43c78ae38af4cb114304b06fb8ee1c

SHA1
8c349fee2da2d148a4fa405efa84758bc53f473e

SHA256
1232d4d90fc15b4244fa6e8a9e28249e3bbae24d4f87ef012adcb81e4753f257

SHA512
8a14f2558593d7c946efef414e759e78e5bf27f64e7aef7a24b2728faf64c8b2fb51f441c70cc399998329ce262104e581f0df60a2ee0a6a3f1414aa778b7588

Download Submit
C:\Windows\system\hyJNmNP.exe

Filesize
6.0MB

MD5
1bf985eab6e5d5cec8bde675003b6676

SHA1
e942722f677ecbfdd82030860bd754d45844b137

SHA256
2749cb18f3707c56a809fcd447d58e198a0ac12828dd8646e8d2e9ed471952a4

SHA512
29546351616610899a92c72031654d16b72a95e5a2d9dba9aa927dd903883dc05eb50cc8c5ca8aad0d1fa380316808c6d32a8303073c6143ba7137adf639412b

Download Submit
C:\Windows\system\jskcrcM.exe

Filesize
6.0MB

MD5
1d7c2c09896a913769af32ce813db645

SHA1
0da1c6ef8affc6e1026e090257156ab001f12910

SHA256
cc4932636ee788418382409f5d61b02d4c78cf939a11f2b7f15406b245387ef2

SHA512
d4a6b273a6f2aab4418340b7a8281449653231995b4b87022b9b3ef906e35b56948dd2772508905e524a91701ee32000c5a32d0dff51c332bfecc8defa341b6a

Download Submit
C:\Windows\system\kikZAwW.exe

Filesize
6.0MB

MD5
e61325ade0081917dad275028340c3e2

SHA1
623fb8d3624abedb5115d03327ffae8abff62ac5

SHA256
a64938eaf2418c5583915d95646c462cc1c6136e3e873f539a8b47845014e050

SHA512
d9d8ffe1be5941a41c832a0b0cb294a3ce30c0af1012cb61c6bc40b84da6bedb2274570d5113ca0dea16b0eb65852e3a16532b4b1362e2af1a790f791ef2d132

Download Submit
C:\Windows\system\lePzszx.exe

Filesize
6.0MB

MD5
e5f1e012e6b3e01d2e3e7503abc5356d

SHA1
5921100b3741100a459ae7958db1642fedc2c32a

SHA256
8bb42d7247e1d98a6d9995f3eeefbb57d43d2c8bc7d29ec7ae0afcc78f94afbc

SHA512
cd88683cc5356fea64ad3c76464daca0132ea37a6264b58fc8cc89251fded68f6d1c50139c231ca8192938ef25982761af20a36c35945603faed668967364906

Download Submit
C:\Windows\system\oJZqVmi.exe

Filesize
6.0MB

MD5
7f011e79e40c060105b9747643f6d49a

SHA1
ecb201a38c9443c1ee95e883b798cc83e0a62767

SHA256
0e11b5ac85d195319d90e977a3ceb7d3d20cbfa6d812e8fc1b430a810897372a

SHA512
fc4854e71ddaf43b05963dffd010254ad887d41625a0d59a0aa77d0cdd4541a435be60c775f27e8e5614d501c1feacb235328358dc2aaeef1c5c40100155bc3b

Download Submit
C:\Windows\system\oRAkZOH.exe

Filesize
6.0MB

MD5
3ef50a5600e7a3c7f0247acbcd79b2e4

SHA1
0625f90bde1ee5a5bf0c9a0b599dfc5e4a66c01c

SHA256
25658fbd47c3484a86335dcd44ae8d2598ac35ef64bb8c9d6b77e43b46273bc2

SHA512
d07514ae9285af8c471e22490cefecd403ee38be7b762d51ef85b4215b1a85817cb79f184ee58daf061e5d44c4b2c50d258f1333ec3162fd70c1b0f8b5afaad6

Download Submit
C:\Windows\system\uyPTsLs.exe

Filesize
6.0MB

MD5
10bd8e5021277b2453a976d389e8a689

SHA1
23b7bc525ec044737aacdd0af7ab04839e028888

SHA256
8f45fcadc0bb110120fe364f498cdd70508b9b98f3b0f52f9e9cc42e67799a29

SHA512
a5b510687e9422ba4c36cef96ef382047ec203da182e349695306be8456025c50d1e38c3402dbad4ad08c604d922bc4b64daa0015e0c6a2e3e9f8cc47b0d7e91

Download Submit
C:\Windows\system\wZcbxtb.exe

Filesize
6.0MB

MD5
41c9e7e8ae23b0463768f917446e9490

SHA1
c42d2d58cd183092e163e4a9f0748c463e696b7d

SHA256
4cfdabd58963784c833f50868b8c678335a79b54621fc9d91140dd9c2d9b4623

SHA512
742b75267d72c68ccea29e2fdaba485dc43faa41ac27cea8489da6008daf0870fa5fdfe5c1fd7efc34e5bd05b443cfb53cadc8fb6b86313c2ff356e1a1746555

Download Submit
C:\Windows\system\wnNvCHP.exe

Filesize
6.0MB

MD5
41184ac7b9930a2fca7ec7c47afcb040

SHA1
2ee46a2e7b7be7c1353b5e63ff65b0f570b683ca

SHA256
8fcf4c28a6222bc8c8182af6311764faca9361e75675fecdc906532adbc6c489

SHA512
151fb5ddc42ae788a7002fb6d0a93bc565f6f5c81e2e8d3f18dfedaf871b5d9279a6f7cb790b96cdc6f462982fdc4ddb76c144029cd515ad10a50924917cb7bd

Download Submit
C:\Windows\system\xpfvMSH.exe

Filesize
6.0MB

MD5
a63cdfecb970c734026b0094758093fa

SHA1
4af17c0aa743a0a849dacebef2a5088bff490b59

SHA256
d4e7c0ae5eec7b72afb1fc1a5c084bfe64522ca8f550603d14e74a3f011f12d9

SHA512
fb365b8bb10a4c82c7a2f2b532c027aab7270a0452d719c2824328c1c330d9dc9d07eed15b6449208ca6f97d4a8cb17bb6e3385b91e36e3cf523200fcf22060f

Download Submit
C:\Windows\system\yqIengl.exe

Filesize
6.0MB

MD5
fd96d6965194df808fb08a0baf093650

SHA1
d901bdbeb69a225e673f79e76fcb737995853d46

SHA256
68725c9050de8af231d6aafb39efef35af53cfb6f7229f1b9b91d3194e184863

SHA512
b45a2fbf50755921fca3dd9f43c0d14d10431b068a6c97229ff6694fc100ae05e36efd2f2ca5004f0f36a025443ef8a1296eb020095c649ff41793997e3a60a8

Download Submit
\Windows\system\AtLvYvt.exe

Filesize
6.0MB

MD5
8afd5686aa0a09852f11f13fd93ecd12

SHA1
970026c6a2937a72efa7487c4a86b20f17e44e72

SHA256
4cb2fdc5960455fc741bb040c4c46e81f941ab0b0afd326c869ef5bf81249dc1

SHA512
f04e40fb0be83201f7a5600b11142bf29b56b8b36be327d46bc03bcc1d7a79d11ec225b564ad3099e4215be91b632a06784d3c6eae915cb029edb449275af37b

Download Submit
\Windows\system\GDiDJBf.exe

Filesize
6.0MB

MD5
6b32a9b4a3071fb0e086dee6da7114fd

SHA1
4d8440db56ef51cc84c026d5ac0b2387b95dfca3

SHA256
d8f6552c880a63a86e7058875bb6c10f482cd189b28e9998507265227ac31596

SHA512
2ae9572135cbf33b9a9252fe72ad809d5872e12f1b29b3966816b8d7fac2170bc9ebffec333ba8736a8296b31d0f5f3c0c02c18f1d213ffb5fd85dc3d54947f5

Download Submit
\Windows\system\RpvXyJz.exe

Filesize
6.0MB

MD5
cfc7a360d7f0756bb31d3ca04f6682e1

SHA1
228380161c2e3721b64b0fb38576c54ad2b42128

SHA256
c7a45d633c8bf12bd14cafccaf34de1ae16cae20946091019761a67cadecdcda

SHA512
41d2ff3285751ff73bebd1ecbe730f0fd1f664dc1fdafc542573496ff2925677cfe160f54371ae4fbf45407c6188380caf4183610c584035d25d3eed2e8bd6f0

Download Submit
\Windows\system\YWqDfav.exe

Filesize
6.0MB

MD5
a5bd85d1fd3ee8148f8ffed98f05c936

SHA1
800baec62093f2999a178e97ef3eefe1d74ac076

SHA256
7a90a0e350e1cfe0c3927c52c8c2f65fcc2ff9ddb7dd84fe883ea45e975568af

SHA512
72e159b95fbd682e135b86c15601814607dcaebd0e063346bb41c14896d94db44809be557c614e79c8359b7f6cf4aeffeec8345d8d12954daa9da6d1da46035a

Download Submit
\Windows\system\oqiXGUE.exe

Filesize
6.0MB

MD5
deca8bf2829052699f1f5fbf381c968b

SHA1
c5581ce700d682a1cf74936561dd59c5f29d157c

SHA256
07850c9e4cf65d2a10333617975a25f3cb3949ba3b65bc9445eaf4504b11021c

SHA512
548250cb22520a70b77b78c5204f62c05f3e2ce9159561c8d4ca06f1efbea1d379deccc54a16a3f1ea4c95ed1f2ebc216ed92664440b3768ae14fa883f59b1e6

Download Submit
\Windows\system\qnaFRNV.exe

Filesize
6.0MB

MD5
d44971e52d750064efb4099d292750dd

SHA1
b9306741ebeb86693f077891b2dda629032eba69

SHA256
cd284c495029488a0e709e990a4da76ad860eaff684936c067b1d3d8e7b01b5e

SHA512
a8874578f7d4e888a233308af9ea8c50d7232917ac11cbd5b46078bea5b914518c1b3d263fa6c6207a867659cfe31b05dbb62d5acf977fa6c582f0060d02cba4

Download Submit
\Windows\system\qohJWaL.exe

Filesize
6.0MB

MD5
388c98bc00e2751dca9247c03242287c

SHA1
63b4e60678640a2cff3068262f119fc62bd6d860

SHA256
80c0cae1dc3dcc2413f3e884107de2817b8a0599cdf137e44c0977b745fe2ed8

SHA512
947a3c185ef25ae705dd5207320b27a676c7ab4f0155edeb0027f2a8f60283dbebcd1cc88ab04102941ae5688739aea3072f00205d4be20da5d2f5134834a0f6

Download Submit
memory/1708-4044-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/1708-402-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2256-4051-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2256-275-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2372-395-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-2017-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-1996-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-1989-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2372-1963-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2372-1490-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2372-1157-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2372-2048-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2372-265-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2372-12-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2372-263-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2372-1970-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2372-2064-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-2069-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2372-2078-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2372-397-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2372-289-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-2086-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2372-2282-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2372-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2372-118-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2372-2041-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2372-276-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2372-403-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2372-280-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-391-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2372-401-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2372-393-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2372-399-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2372-0-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2412-4041-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2412-15-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2416-4043-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-264-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-398-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-4049-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-394-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2700-4048-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2716-4054-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2716-392-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2732-279-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2732-4047-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2748-400-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2748-4046-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2780-4050-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2780-132-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2840-297-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-4045-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-4052-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-281-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-396-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-4053-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-14-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/3044-4042-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download