cobaltstrike | 0fc5b731da2c49317e2cd83b156792d8a02f2ca5fc683a2c2417b07b511ede7b

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-12-2024 02:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

7105d5626656f40a8d2cb37ea347aa78
SHA1

7631f5aac4348349f0ec8b77fb84e4bf8413f634
SHA256

0fc5b731da2c49317e2cd83b156792d8a02f2ca5fc683a2c2417b07b511ede7b
SHA512

dba87f5f595f5d17857efeadff4e6a8dfdd570aee7bbab6da073c787f3db6aa0e8091ae320d7e84a69298ac41b6b905f5aec4eaf3f1a3c537747d6df0f2cde14
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUw:T+q56utgpPF8u/7w

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d31-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d4a-22.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d3a-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d68-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d6d-37.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878f-58.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019023-73.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019282-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c2-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019431-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019609-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960b-188.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019582-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950c-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019461-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944f-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019427-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941e-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e1-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b4-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019350-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019334-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-106.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925e-86.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d18-79.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a5-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018784-55.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016fdf-49.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d89-44.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2100-0-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/files/0x0008000000016d31-10.dat	xmrig
behavioral1/memory/2436-16-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2284-15-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d4a-22.dat	xmrig
behavioral1/memory/2624-27-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d3a-21.dat	xmrig
behavioral1/memory/2660-33-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d68-32.dat	xmrig
behavioral1/memory/2100-35-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d6d-37.dat	xmrig
behavioral1/memory/2656-45-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2540-50-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/files/0x000500000001878f-58.dat	xmrig
behavioral1/files/0x0006000000019023-73.dat	xmrig
behavioral1/memory/2536-74-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/1524-81-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/1904-87-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/files/0x0005000000019282-110.dat	xmrig
behavioral1/files/0x00050000000193c2-130.dat	xmrig
behavioral1/files/0x0005000000019431-150.dat	xmrig
behavioral1/memory/1904-946-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/1524-770-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2536-561-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2100-466-0x0000000002400000-0x0000000002754000-memory.dmp	xmrig
behavioral1/memory/2696-385-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/files/0x0005000000019609-183.dat	xmrig
behavioral1/files/0x000500000001960b-188.dat	xmrig
behavioral1/files/0x00050000000195c5-180.dat	xmrig
behavioral1/files/0x0005000000019582-175.dat	xmrig
behavioral1/files/0x000500000001950c-170.dat	xmrig
behavioral1/files/0x0005000000019461-165.dat	xmrig
behavioral1/files/0x000500000001944f-160.dat	xmrig
behavioral1/files/0x0005000000019441-155.dat	xmrig
behavioral1/files/0x0005000000019427-145.dat	xmrig
behavioral1/files/0x000500000001941e-140.dat	xmrig
behavioral1/files/0x00050000000193e1-135.dat	xmrig
behavioral1/files/0x00050000000193b4-125.dat	xmrig
behavioral1/files/0x0005000000019350-120.dat	xmrig
behavioral1/files/0x0005000000019334-115.dat	xmrig
behavioral1/files/0x0005000000019261-106.dat	xmrig
behavioral1/files/0x000500000001925e-86.dat	xmrig
behavioral1/files/0x0008000000016d18-79.dat	xmrig
behavioral1/memory/2100-70-0x0000000002400000-0x0000000002754000-memory.dmp	xmrig
behavioral1/memory/2100-69-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2696-66-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/files/0x00050000000187a5-65.dat	xmrig
behavioral1/memory/2624-56-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/files/0x0005000000018784-55.dat	xmrig
behavioral1/files/0x0008000000016fdf-49.dat	xmrig
behavioral1/memory/2100-47-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d89-44.dat	xmrig
behavioral1/memory/2840-38-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2100-20-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2100-8-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2436-3611-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2284-3618-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2840-3699-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2624-3704-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2696-3708-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2656-3707-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2500-3703-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2540-3702-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2436	tWfeZKu.exe
2284	wrpkFHH.exe
2500	noEcLkf.exe
2624	ewzWMlh.exe
2660	aysTmCM.exe
2840	Rjnruhf.exe
2656	nJPPJMJ.exe
2540	fLNGUBA.exe
2692	fGqnZxo.exe
2916	TtkHZnE.exe
2696	rYoREgO.exe
2536	cXgmeCf.exe
1524	avaThiI.exe
1904	fMXfXcP.exe
2800	WBIbgrp.exe
2592	dBUmLoS.exe
1980	eERLudw.exe
1036	YquvocU.exe
1612	XWzpFSp.exe
2740	mxheomB.exe
1852	VhDkMwC.exe
2876	CPWuKBD.exe
2772	JGahdjJ.exe
2224	Qoseorm.exe
2168	TAwzdUI.exe
2900	cHnSnlZ.exe
616	MGzAkFQ.exe
296	ydBZcjT.exe
2516	RPTyPkd.exe
2028	ZGEPzqe.exe
2172	cOPTQWM.exe
1484	tbLWqRe.exe
2264	IenBoWt.exe
1984	aCBpUYi.exe
1748	KTxagsh.exe
1764	kJPMEZJ.exe
1880	cBMNsUN.exe
1432	fWOgoQs.exe
1796	VnZUPeq.exe
1376	VqbbUMi.exe
2996	CRqxsuz.exe
2992	IETDMDf.exe
2260	BOoGaGo.exe
2380	JGbobVK.exe
1720	WoeOklO.exe
2192	yjapfNG.exe
2448	OSfHIVN.exe
1636	ZtCfdzx.exe
884	FtrAIII.exe
2000	XHyUdWF.exe
2944	hnXWOat.exe
2304	zZBtkgA.exe
1688	IhvkqlO.exe
2064	PuNnepK.exe
2088	UWraLSf.exe
2156	NoQoGqs.exe
2824	oDgsTgL.exe
2700	UBQtiTN.exe
2352	lDVcYqP.exe
1728	NYdDvRR.exe
2004	rZxbZfg.exe
1408	kSCWolq.exe
2504	XyuukTh.exe
1660	kSYYaZJ.exe

Loads dropped DLL 64 IoCs

pid	Process
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2100-0-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/files/0x0008000000016d31-10.dat	upx
behavioral1/memory/2436-16-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2284-15-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/files/0x0008000000016d4a-22.dat	upx
behavioral1/memory/2624-27-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/files/0x0008000000016d3a-21.dat	upx
behavioral1/memory/2660-33-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/files/0x0007000000016d68-32.dat	upx
behavioral1/memory/2100-35-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/files/0x0007000000016d6d-37.dat	upx
behavioral1/memory/2656-45-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2540-50-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/files/0x000500000001878f-58.dat	upx
behavioral1/files/0x0006000000019023-73.dat	upx
behavioral1/memory/2536-74-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/1524-81-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/1904-87-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/files/0x0005000000019282-110.dat	upx
behavioral1/files/0x00050000000193c2-130.dat	upx
behavioral1/files/0x0005000000019431-150.dat	upx
behavioral1/memory/1904-946-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/1524-770-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2536-561-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2696-385-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/files/0x0005000000019609-183.dat	upx
behavioral1/files/0x000500000001960b-188.dat	upx
behavioral1/files/0x00050000000195c5-180.dat	upx
behavioral1/files/0x0005000000019582-175.dat	upx
behavioral1/files/0x000500000001950c-170.dat	upx
behavioral1/files/0x0005000000019461-165.dat	upx
behavioral1/files/0x000500000001944f-160.dat	upx
behavioral1/files/0x0005000000019441-155.dat	upx
behavioral1/files/0x0005000000019427-145.dat	upx
behavioral1/files/0x000500000001941e-140.dat	upx
behavioral1/files/0x00050000000193e1-135.dat	upx
behavioral1/files/0x00050000000193b4-125.dat	upx
behavioral1/files/0x0005000000019350-120.dat	upx
behavioral1/files/0x0005000000019334-115.dat	upx
behavioral1/files/0x0005000000019261-106.dat	upx
behavioral1/files/0x000500000001925e-86.dat	upx
behavioral1/files/0x0008000000016d18-79.dat	upx
behavioral1/memory/2696-66-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/files/0x00050000000187a5-65.dat	upx
behavioral1/memory/2624-56-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/files/0x0005000000018784-55.dat	upx
behavioral1/files/0x0008000000016fdf-49.dat	upx
behavioral1/files/0x0008000000016d89-44.dat	upx
behavioral1/memory/2840-38-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2100-20-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2100-8-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/2436-3611-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2284-3618-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/2840-3699-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2624-3704-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2696-3708-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2656-3707-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2500-3703-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2540-3702-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2536-3701-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2916-3698-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/1904-3696-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2692-3747-0x000000013F520000-0x000000013F874000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\MGzAkFQ.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JULXXgd.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lIRRDAK.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PltBgka.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TXSLpua.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tgIpUEb.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OUfWaFO.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wPvGDIi.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hmscWqB.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UpyrDTV.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eHGEgnI.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OjVirku.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pNRGMww.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VlWKywf.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PeytuIh.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lDVcYqP.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gSoTYCb.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lUYEoWz.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rDsbjhV.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WhwgONT.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tUwPEnt.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TjOjYVl.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IoCtXoj.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TAwzdUI.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MjAPZWK.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WHxzfVF.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bVQvbpn.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MjgbPcb.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LASAkdr.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oADEelC.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PoKHWlP.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gIyVykg.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kWNHwkz.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HfRweJB.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VCeueyn.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PpSquey.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LDjCluH.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eFRkRGX.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QklHlrk.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RkHaaGk.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CbfFjDF.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UlcjZEY.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BoJZRAF.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BOjKqmT.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yCEwHGj.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wIegEYM.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SjgeLbt.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gIGkTDZ.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TqTOcPu.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eGlirCR.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WwuLudn.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tGHYLDE.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zAqtMol.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bdIkypx.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zeScibv.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SbwqKmD.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LHSoTIE.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NfYHAxQ.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MyFlRwl.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uuTMkxG.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TXxAnmJ.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KyUpCcf.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYRJnlz.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cKbrITh.exe	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 2284	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2100 wrote to memory of 2284	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2100 wrote to memory of 2284	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2100 wrote to memory of 2436	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2100 wrote to memory of 2436	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2100 wrote to memory of 2436	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2100 wrote to memory of 2500	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2100 wrote to memory of 2500	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2100 wrote to memory of 2500	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2100 wrote to memory of 2624	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2100 wrote to memory of 2624	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2100 wrote to memory of 2624	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2100 wrote to memory of 2660	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2100 wrote to memory of 2660	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2100 wrote to memory of 2660	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2100 wrote to memory of 2840	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2100 wrote to memory of 2840	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2100 wrote to memory of 2840	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2100 wrote to memory of 2656	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2100 wrote to memory of 2656	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2100 wrote to memory of 2656	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2100 wrote to memory of 2540	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2100 wrote to memory of 2540	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2100 wrote to memory of 2540	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2100 wrote to memory of 2692	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2100 wrote to memory of 2692	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2100 wrote to memory of 2692	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2100 wrote to memory of 2916	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2100 wrote to memory of 2916	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2100 wrote to memory of 2916	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2100 wrote to memory of 2696	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2100 wrote to memory of 2696	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2100 wrote to memory of 2696	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2100 wrote to memory of 2536	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2100 wrote to memory of 2536	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2100 wrote to memory of 2536	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2100 wrote to memory of 1524	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2100 wrote to memory of 1524	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2100 wrote to memory of 1524	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2100 wrote to memory of 1904	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2100 wrote to memory of 1904	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2100 wrote to memory of 1904	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2100 wrote to memory of 2800	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2100 wrote to memory of 2800	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2100 wrote to memory of 2800	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2100 wrote to memory of 2592	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2100 wrote to memory of 2592	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2100 wrote to memory of 2592	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2100 wrote to memory of 1980	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2100 wrote to memory of 1980	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2100 wrote to memory of 1980	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2100 wrote to memory of 1036	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2100 wrote to memory of 1036	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2100 wrote to memory of 1036	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2100 wrote to memory of 1612	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2100 wrote to memory of 1612	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2100 wrote to memory of 1612	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2100 wrote to memory of 2740	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2100 wrote to memory of 2740	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2100 wrote to memory of 2740	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2100 wrote to memory of 1852	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2100 wrote to memory of 1852	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2100 wrote to memory of 1852	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2100 wrote to memory of 2876	2100	2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-27_7105d5626656f40a8d2cb37ea347aa78_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Windows\System\wrpkFHH.exe
  C:\Windows\System\wrpkFHH.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\tWfeZKu.exe
  C:\Windows\System\tWfeZKu.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\noEcLkf.exe
  C:\Windows\System\noEcLkf.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\ewzWMlh.exe
  C:\Windows\System\ewzWMlh.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\aysTmCM.exe
  C:\Windows\System\aysTmCM.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\Rjnruhf.exe
  C:\Windows\System\Rjnruhf.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\nJPPJMJ.exe
  C:\Windows\System\nJPPJMJ.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\fLNGUBA.exe
  C:\Windows\System\fLNGUBA.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\fGqnZxo.exe
  C:\Windows\System\fGqnZxo.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\TtkHZnE.exe
  C:\Windows\System\TtkHZnE.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\rYoREgO.exe
  C:\Windows\System\rYoREgO.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\cXgmeCf.exe
  C:\Windows\System\cXgmeCf.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\avaThiI.exe
  C:\Windows\System\avaThiI.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\fMXfXcP.exe
  C:\Windows\System\fMXfXcP.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\WBIbgrp.exe
  C:\Windows\System\WBIbgrp.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\dBUmLoS.exe
  C:\Windows\System\dBUmLoS.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\eERLudw.exe
  C:\Windows\System\eERLudw.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\YquvocU.exe
  C:\Windows\System\YquvocU.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\XWzpFSp.exe
  C:\Windows\System\XWzpFSp.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\mxheomB.exe
  C:\Windows\System\mxheomB.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\VhDkMwC.exe
  C:\Windows\System\VhDkMwC.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\CPWuKBD.exe
  C:\Windows\System\CPWuKBD.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\JGahdjJ.exe
  C:\Windows\System\JGahdjJ.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\Qoseorm.exe
  C:\Windows\System\Qoseorm.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\TAwzdUI.exe
  C:\Windows\System\TAwzdUI.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\cHnSnlZ.exe
  C:\Windows\System\cHnSnlZ.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\MGzAkFQ.exe
  C:\Windows\System\MGzAkFQ.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\ydBZcjT.exe
  C:\Windows\System\ydBZcjT.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\RPTyPkd.exe
  C:\Windows\System\RPTyPkd.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\ZGEPzqe.exe
  C:\Windows\System\ZGEPzqe.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\tbLWqRe.exe
  C:\Windows\System\tbLWqRe.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\cOPTQWM.exe
  C:\Windows\System\cOPTQWM.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\IenBoWt.exe
  C:\Windows\System\IenBoWt.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\aCBpUYi.exe
  C:\Windows\System\aCBpUYi.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\KTxagsh.exe
  C:\Windows\System\KTxagsh.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\kJPMEZJ.exe
  C:\Windows\System\kJPMEZJ.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\cBMNsUN.exe
  C:\Windows\System\cBMNsUN.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\fWOgoQs.exe
  C:\Windows\System\fWOgoQs.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\VnZUPeq.exe
  C:\Windows\System\VnZUPeq.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\VqbbUMi.exe
  C:\Windows\System\VqbbUMi.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\CRqxsuz.exe
  C:\Windows\System\CRqxsuz.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\IETDMDf.exe
  C:\Windows\System\IETDMDf.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\BOoGaGo.exe
  C:\Windows\System\BOoGaGo.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\JGbobVK.exe
  C:\Windows\System\JGbobVK.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\WoeOklO.exe
  C:\Windows\System\WoeOklO.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\yjapfNG.exe
  C:\Windows\System\yjapfNG.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\OSfHIVN.exe
  C:\Windows\System\OSfHIVN.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\ZtCfdzx.exe
  C:\Windows\System\ZtCfdzx.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\FtrAIII.exe
  C:\Windows\System\FtrAIII.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\XHyUdWF.exe
  C:\Windows\System\XHyUdWF.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\hnXWOat.exe
  C:\Windows\System\hnXWOat.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\zZBtkgA.exe
  C:\Windows\System\zZBtkgA.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\IhvkqlO.exe
  C:\Windows\System\IhvkqlO.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\PuNnepK.exe
  C:\Windows\System\PuNnepK.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\UWraLSf.exe
  C:\Windows\System\UWraLSf.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\NoQoGqs.exe
  C:\Windows\System\NoQoGqs.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\oDgsTgL.exe
  C:\Windows\System\oDgsTgL.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\UBQtiTN.exe
  C:\Windows\System\UBQtiTN.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\lDVcYqP.exe
  C:\Windows\System\lDVcYqP.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\NYdDvRR.exe
  C:\Windows\System\NYdDvRR.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\rZxbZfg.exe
  C:\Windows\System\rZxbZfg.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\kSCWolq.exe
  C:\Windows\System\kSCWolq.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\XyuukTh.exe
  C:\Windows\System\XyuukTh.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\kSYYaZJ.exe
  C:\Windows\System\kSYYaZJ.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\SRiEZHc.exe
  C:\Windows\System\SRiEZHc.exe
  2⤵
  PID:1988
- C:\Windows\System\gpTlxLp.exe
  C:\Windows\System\gpTlxLp.exe
  2⤵
  PID:768
- C:\Windows\System\SIHxndZ.exe
  C:\Windows\System\SIHxndZ.exe
  2⤵
  PID:2768
- C:\Windows\System\UPwFOUC.exe
  C:\Windows\System\UPwFOUC.exe
  2⤵
  PID:2888
- C:\Windows\System\QyczziQ.exe
  C:\Windows\System\QyczziQ.exe
  2⤵
  PID:1272
- C:\Windows\System\PQHbYWi.exe
  C:\Windows\System\PQHbYWi.exe
  2⤵
  PID:2312
- C:\Windows\System\BkkGVwn.exe
  C:\Windows\System\BkkGVwn.exe
  2⤵
  PID:916
- C:\Windows\System\wGHXpLI.exe
  C:\Windows\System\wGHXpLI.exe
  2⤵
  PID:1316
- C:\Windows\System\YKgGfOJ.exe
  C:\Windows\System\YKgGfOJ.exe
  2⤵
  PID:2164
- C:\Windows\System\ICozTdF.exe
  C:\Windows\System\ICozTdF.exe
  2⤵
  PID:1784
- C:\Windows\System\lxQiAoT.exe
  C:\Windows\System\lxQiAoT.exe
  2⤵
  PID:912
- C:\Windows\System\xLfooqR.exe
  C:\Windows\System\xLfooqR.exe
  2⤵
  PID:852
- C:\Windows\System\HDSyipy.exe
  C:\Windows\System\HDSyipy.exe
  2⤵
  PID:1424
- C:\Windows\System\zWjhOdU.exe
  C:\Windows\System\zWjhOdU.exe
  2⤵
  PID:2208
- C:\Windows\System\oAEDcrV.exe
  C:\Windows\System\oAEDcrV.exe
  2⤵
  PID:3064
- C:\Windows\System\UHGRewX.exe
  C:\Windows\System\UHGRewX.exe
  2⤵
  PID:2984
- C:\Windows\System\fHvNVUo.exe
  C:\Windows\System\fHvNVUo.exe
  2⤵
  PID:1616
- C:\Windows\System\tYcIjvW.exe
  C:\Windows\System\tYcIjvW.exe
  2⤵
  PID:1060
- C:\Windows\System\jPmlLik.exe
  C:\Windows\System\jPmlLik.exe
  2⤵
  PID:1740
- C:\Windows\System\ArUNPGT.exe
  C:\Windows\System\ArUNPGT.exe
  2⤵
  PID:1744
- C:\Windows\System\qUUZoko.exe
  C:\Windows\System\qUUZoko.exe
  2⤵
  PID:1552
- C:\Windows\System\fsnxvRo.exe
  C:\Windows\System\fsnxvRo.exe
  2⤵
  PID:2300
- C:\Windows\System\uLqfVYS.exe
  C:\Windows\System\uLqfVYS.exe
  2⤵
  PID:2140
- C:\Windows\System\UXVscjo.exe
  C:\Windows\System\UXVscjo.exe
  2⤵
  PID:2792
- C:\Windows\System\eGlirCR.exe
  C:\Windows\System\eGlirCR.exe
  2⤵
  PID:2796
- C:\Windows\System\gYKUepO.exe
  C:\Windows\System\gYKUepO.exe
  2⤵
  PID:2532
- C:\Windows\System\eDGvkUB.exe
  C:\Windows\System\eDGvkUB.exe
  2⤵
  PID:596
- C:\Windows\System\nsjrtbU.exe
  C:\Windows\System\nsjrtbU.exe
  2⤵
  PID:776
- C:\Windows\System\ZnerfhK.exe
  C:\Windows\System\ZnerfhK.exe
  2⤵
  PID:764
- C:\Windows\System\jVXNCMf.exe
  C:\Windows\System\jVXNCMf.exe
  2⤵
  PID:548
- C:\Windows\System\dQpkpfk.exe
  C:\Windows\System\dQpkpfk.exe
  2⤵
  PID:2712
- C:\Windows\System\pHGOhTX.exe
  C:\Windows\System\pHGOhTX.exe
  2⤵
  PID:3004
- C:\Windows\System\FsdRMHN.exe
  C:\Windows\System\FsdRMHN.exe
  2⤵
  PID:2960
- C:\Windows\System\IermUnp.exe
  C:\Windows\System\IermUnp.exe
  2⤵
  PID:1292
- C:\Windows\System\wMSYVOW.exe
  C:\Windows\System\wMSYVOW.exe
  2⤵
  PID:1532
- C:\Windows\System\JURLtZw.exe
  C:\Windows\System\JURLtZw.exe
  2⤵
  PID:752
- C:\Windows\System\phcYwfS.exe
  C:\Windows\System\phcYwfS.exe
  2⤵
  PID:2276
- C:\Windows\System\giLEmiy.exe
  C:\Windows\System\giLEmiy.exe
  2⤵
  PID:2148
- C:\Windows\System\IoBEBkU.exe
  C:\Windows\System\IoBEBkU.exe
  2⤵
  PID:1628
- C:\Windows\System\mHDFacd.exe
  C:\Windows\System\mHDFacd.exe
  2⤵
  PID:1964
- C:\Windows\System\fbECVWl.exe
  C:\Windows\System\fbECVWl.exe
  2⤵
  PID:2972
- C:\Windows\System\PzXpNwG.exe
  C:\Windows\System\PzXpNwG.exe
  2⤵
  PID:1684
- C:\Windows\System\GZwqxOi.exe
  C:\Windows\System\GZwqxOi.exe
  2⤵
  PID:1948
- C:\Windows\System\aYSMGvM.exe
  C:\Windows\System\aYSMGvM.exe
  2⤵
  PID:1708
- C:\Windows\System\HBIzKtj.exe
  C:\Windows\System\HBIzKtj.exe
  2⤵
  PID:1868
- C:\Windows\System\aumFEgd.exe
  C:\Windows\System\aumFEgd.exe
  2⤵
  PID:2084
- C:\Windows\System\yhAjEND.exe
  C:\Windows\System\yhAjEND.exe
  2⤵
  PID:1132
- C:\Windows\System\SCMQarA.exe
  C:\Windows\System\SCMQarA.exe
  2⤵
  PID:2908
- C:\Windows\System\MTmbvkS.exe
  C:\Windows\System\MTmbvkS.exe
  2⤵
  PID:1124
- C:\Windows\System\UyGKpOy.exe
  C:\Windows\System\UyGKpOy.exe
  2⤵
  PID:2212
- C:\Windows\System\oFEXQYm.exe
  C:\Windows\System\oFEXQYm.exe
  2⤵
  PID:2928
- C:\Windows\System\oyqpaAg.exe
  C:\Windows\System\oyqpaAg.exe
  2⤵
  PID:1632
- C:\Windows\System\OrsQlFI.exe
  C:\Windows\System\OrsQlFI.exe
  2⤵
  PID:2324
- C:\Windows\System\zfcSjOJ.exe
  C:\Windows\System\zfcSjOJ.exe
  2⤵
  PID:3080
- C:\Windows\System\atKjNlg.exe
  C:\Windows\System\atKjNlg.exe
  2⤵
  PID:3100
- C:\Windows\System\JULXXgd.exe
  C:\Windows\System\JULXXgd.exe
  2⤵
  PID:3120
- C:\Windows\System\tzMNrtH.exe
  C:\Windows\System\tzMNrtH.exe
  2⤵
  PID:3140
- C:\Windows\System\SczfLnf.exe
  C:\Windows\System\SczfLnf.exe
  2⤵
  PID:3160
- C:\Windows\System\WHxzfVF.exe
  C:\Windows\System\WHxzfVF.exe
  2⤵
  PID:3180
- C:\Windows\System\moKiCDG.exe
  C:\Windows\System\moKiCDG.exe
  2⤵
  PID:3204
- C:\Windows\System\blWxGRk.exe
  C:\Windows\System\blWxGRk.exe
  2⤵
  PID:3224
- C:\Windows\System\PLQiZFr.exe
  C:\Windows\System\PLQiZFr.exe
  2⤵
  PID:3244
- C:\Windows\System\yVpMvKh.exe
  C:\Windows\System\yVpMvKh.exe
  2⤵
  PID:3264
- C:\Windows\System\fpYaBSF.exe
  C:\Windows\System\fpYaBSF.exe
  2⤵
  PID:3284
- C:\Windows\System\myhAAxz.exe
  C:\Windows\System\myhAAxz.exe
  2⤵
  PID:3304
- C:\Windows\System\bFQnWbi.exe
  C:\Windows\System\bFQnWbi.exe
  2⤵
  PID:3324
- C:\Windows\System\plKkhYV.exe
  C:\Windows\System\plKkhYV.exe
  2⤵
  PID:3344
- C:\Windows\System\rJXLzcw.exe
  C:\Windows\System\rJXLzcw.exe
  2⤵
  PID:3364
- C:\Windows\System\OYhJyFe.exe
  C:\Windows\System\OYhJyFe.exe
  2⤵
  PID:3384
- C:\Windows\System\nTRPaQC.exe
  C:\Windows\System\nTRPaQC.exe
  2⤵
  PID:3404
- C:\Windows\System\svvURuq.exe
  C:\Windows\System\svvURuq.exe
  2⤵
  PID:3424
- C:\Windows\System\tXudzoG.exe
  C:\Windows\System\tXudzoG.exe
  2⤵
  PID:3444
- C:\Windows\System\RplQFpr.exe
  C:\Windows\System\RplQFpr.exe
  2⤵
  PID:3464
- C:\Windows\System\lbdlqZF.exe
  C:\Windows\System\lbdlqZF.exe
  2⤵
  PID:3484
- C:\Windows\System\zLhNGMX.exe
  C:\Windows\System\zLhNGMX.exe
  2⤵
  PID:3504
- C:\Windows\System\IzZVhOQ.exe
  C:\Windows\System\IzZVhOQ.exe
  2⤵
  PID:3524
- C:\Windows\System\cNPYULb.exe
  C:\Windows\System\cNPYULb.exe
  2⤵
  PID:3544
- C:\Windows\System\ofavtHL.exe
  C:\Windows\System\ofavtHL.exe
  2⤵
  PID:3564
- C:\Windows\System\HHbyoch.exe
  C:\Windows\System\HHbyoch.exe
  2⤵
  PID:3584
- C:\Windows\System\fjoJOsX.exe
  C:\Windows\System\fjoJOsX.exe
  2⤵
  PID:3604
- C:\Windows\System\tpMkMto.exe
  C:\Windows\System\tpMkMto.exe
  2⤵
  PID:3624
- C:\Windows\System\LwDDzhG.exe
  C:\Windows\System\LwDDzhG.exe
  2⤵
  PID:3644
- C:\Windows\System\SqBsmxZ.exe
  C:\Windows\System\SqBsmxZ.exe
  2⤵
  PID:3664
- C:\Windows\System\rgnllXd.exe
  C:\Windows\System\rgnllXd.exe
  2⤵
  PID:3684
- C:\Windows\System\KAaUhsX.exe
  C:\Windows\System\KAaUhsX.exe
  2⤵
  PID:3704
- C:\Windows\System\SYDIzbx.exe
  C:\Windows\System\SYDIzbx.exe
  2⤵
  PID:3724
- C:\Windows\System\RLsNsRE.exe
  C:\Windows\System\RLsNsRE.exe
  2⤵
  PID:3744
- C:\Windows\System\ovyAZKR.exe
  C:\Windows\System\ovyAZKR.exe
  2⤵
  PID:3764
- C:\Windows\System\wLIJsVy.exe
  C:\Windows\System\wLIJsVy.exe
  2⤵
  PID:3780
- C:\Windows\System\RadpWcZ.exe
  C:\Windows\System\RadpWcZ.exe
  2⤵
  PID:3804
- C:\Windows\System\oVCAeTA.exe
  C:\Windows\System\oVCAeTA.exe
  2⤵
  PID:3824
- C:\Windows\System\NdfEqYj.exe
  C:\Windows\System\NdfEqYj.exe
  2⤵
  PID:3848
- C:\Windows\System\dIdidUh.exe
  C:\Windows\System\dIdidUh.exe
  2⤵
  PID:3868
- C:\Windows\System\EwhjBfk.exe
  C:\Windows\System\EwhjBfk.exe
  2⤵
  PID:3888
- C:\Windows\System\XvqWAnL.exe
  C:\Windows\System\XvqWAnL.exe
  2⤵
  PID:3908
- C:\Windows\System\ZRdjbsI.exe
  C:\Windows\System\ZRdjbsI.exe
  2⤵
  PID:3928
- C:\Windows\System\kwRsjZl.exe
  C:\Windows\System\kwRsjZl.exe
  2⤵
  PID:3948
- C:\Windows\System\jLyIGAm.exe
  C:\Windows\System\jLyIGAm.exe
  2⤵
  PID:3968
- C:\Windows\System\vdPoITG.exe
  C:\Windows\System\vdPoITG.exe
  2⤵
  PID:3988
- C:\Windows\System\jeBmOps.exe
  C:\Windows\System\jeBmOps.exe
  2⤵
  PID:4008
- C:\Windows\System\lJhaSuC.exe
  C:\Windows\System\lJhaSuC.exe
  2⤵
  PID:4028
- C:\Windows\System\HVPAkEs.exe
  C:\Windows\System\HVPAkEs.exe
  2⤵
  PID:4048
- C:\Windows\System\IsQoesz.exe
  C:\Windows\System\IsQoesz.exe
  2⤵
  PID:4068
- C:\Windows\System\DglsBHm.exe
  C:\Windows\System\DglsBHm.exe
  2⤵
  PID:4088
- C:\Windows\System\yQYSosj.exe
  C:\Windows\System\yQYSosj.exe
  2⤵
  PID:2680
- C:\Windows\System\lvgqnQr.exe
  C:\Windows\System\lvgqnQr.exe
  2⤵
  PID:2752
- C:\Windows\System\eWtcRZA.exe
  C:\Windows\System\eWtcRZA.exe
  2⤵
  PID:3012
- C:\Windows\System\epzPsrc.exe
  C:\Windows\System\epzPsrc.exe
  2⤵
  PID:1352
- C:\Windows\System\XIQtFtr.exe
  C:\Windows\System\XIQtFtr.exe
  2⤵
  PID:3044
- C:\Windows\System\kgBtlxH.exe
  C:\Windows\System\kgBtlxH.exe
  2⤵
  PID:2316
- C:\Windows\System\ILtWUHW.exe
  C:\Windows\System\ILtWUHW.exe
  2⤵
  PID:2308
- C:\Windows\System\KIHYVKE.exe
  C:\Windows\System\KIHYVKE.exe
  2⤵
  PID:3116
- C:\Windows\System\JFItlWd.exe
  C:\Windows\System\JFItlWd.exe
  2⤵
  PID:3148
- C:\Windows\System\JeXSOCW.exe
  C:\Windows\System\JeXSOCW.exe
  2⤵
  PID:3172
- C:\Windows\System\gjerQtm.exe
  C:\Windows\System\gjerQtm.exe
  2⤵
  PID:3216
- C:\Windows\System\mXKRMOg.exe
  C:\Windows\System\mXKRMOg.exe
  2⤵
  PID:3236
- C:\Windows\System\UpWiBBB.exe
  C:\Windows\System\UpWiBBB.exe
  2⤵
  PID:3272
- C:\Windows\System\UrZJsQN.exe
  C:\Windows\System\UrZJsQN.exe
  2⤵
  PID:3332
- C:\Windows\System\KTvHbVC.exe
  C:\Windows\System\KTvHbVC.exe
  2⤵
  PID:3352
- C:\Windows\System\FYyUdkl.exe
  C:\Windows\System\FYyUdkl.exe
  2⤵
  PID:3376
- C:\Windows\System\LxzefGB.exe
  C:\Windows\System\LxzefGB.exe
  2⤵
  PID:3420
- C:\Windows\System\RkHaaGk.exe
  C:\Windows\System\RkHaaGk.exe
  2⤵
  PID:3452
- C:\Windows\System\hwdrsSm.exe
  C:\Windows\System\hwdrsSm.exe
  2⤵
  PID:3480
- C:\Windows\System\FLqCRTp.exe
  C:\Windows\System\FLqCRTp.exe
  2⤵
  PID:3540
- C:\Windows\System\PbPxUGm.exe
  C:\Windows\System\PbPxUGm.exe
  2⤵
  PID:3560
- C:\Windows\System\sfdqqWV.exe
  C:\Windows\System\sfdqqWV.exe
  2⤵
  PID:3612
- C:\Windows\System\qUfvmHG.exe
  C:\Windows\System\qUfvmHG.exe
  2⤵
  PID:3616
- C:\Windows\System\JWDODVn.exe
  C:\Windows\System\JWDODVn.exe
  2⤵
  PID:3640
- C:\Windows\System\TryLcXZ.exe
  C:\Windows\System\TryLcXZ.exe
  2⤵
  PID:3696
- C:\Windows\System\BHhiFKb.exe
  C:\Windows\System\BHhiFKb.exe
  2⤵
  PID:3740
- C:\Windows\System\LkWRIDE.exe
  C:\Windows\System\LkWRIDE.exe
  2⤵
  PID:3772
- C:\Windows\System\gucikFe.exe
  C:\Windows\System\gucikFe.exe
  2⤵
  PID:3812
- C:\Windows\System\ozyevbW.exe
  C:\Windows\System\ozyevbW.exe
  2⤵
  PID:3800
- C:\Windows\System\EmenPbe.exe
  C:\Windows\System\EmenPbe.exe
  2⤵
  PID:3864
- C:\Windows\System\BgdCtEd.exe
  C:\Windows\System\BgdCtEd.exe
  2⤵
  PID:3904
- C:\Windows\System\VJaurkK.exe
  C:\Windows\System\VJaurkK.exe
  2⤵
  PID:3936
- C:\Windows\System\FksvehS.exe
  C:\Windows\System\FksvehS.exe
  2⤵
  PID:3924
- C:\Windows\System\xqChcRX.exe
  C:\Windows\System\xqChcRX.exe
  2⤵
  PID:3984
- C:\Windows\System\VqaOFuN.exe
  C:\Windows\System\VqaOFuN.exe
  2⤵
  PID:4016
- C:\Windows\System\UeOblMc.exe
  C:\Windows\System\UeOblMc.exe
  2⤵
  PID:4056
- C:\Windows\System\VctroUW.exe
  C:\Windows\System\VctroUW.exe
  2⤵
  PID:4060
- C:\Windows\System\GjkiUvu.exe
  C:\Windows\System\GjkiUvu.exe
  2⤵
  PID:4080
- C:\Windows\System\wIhaQOC.exe
  C:\Windows\System\wIhaQOC.exe
  2⤵
  PID:1864
- C:\Windows\System\hgbcoGR.exe
  C:\Windows\System\hgbcoGR.exe
  2⤵
  PID:1520
- C:\Windows\System\ReXDebx.exe
  C:\Windows\System\ReXDebx.exe
  2⤵
  PID:2372
- C:\Windows\System\IlLIxWV.exe
  C:\Windows\System\IlLIxWV.exe
  2⤵
  PID:3128
- C:\Windows\System\dlhBPTI.exe
  C:\Windows\System\dlhBPTI.exe
  2⤵
  PID:3132
- C:\Windows\System\RwAZXJP.exe
  C:\Windows\System\RwAZXJP.exe
  2⤵
  PID:3212
- C:\Windows\System\Veldpny.exe
  C:\Windows\System\Veldpny.exe
  2⤵
  PID:3232
- C:\Windows\System\hkenIFk.exe
  C:\Windows\System\hkenIFk.exe
  2⤵
  PID:3336
- C:\Windows\System\JXtwkIX.exe
  C:\Windows\System\JXtwkIX.exe
  2⤵
  PID:3372
- C:\Windows\System\AEYKcAk.exe
  C:\Windows\System\AEYKcAk.exe
  2⤵
  PID:3432
- C:\Windows\System\uzSUaRA.exe
  C:\Windows\System\uzSUaRA.exe
  2⤵
  PID:3492
- C:\Windows\System\BNekjrv.exe
  C:\Windows\System\BNekjrv.exe
  2⤵
  PID:3520
- C:\Windows\System\uVKQmse.exe
  C:\Windows\System\uVKQmse.exe
  2⤵
  PID:3600
- C:\Windows\System\MKPmWeB.exe
  C:\Windows\System\MKPmWeB.exe
  2⤵
  PID:3700
- C:\Windows\System\NSdzoLD.exe
  C:\Windows\System\NSdzoLD.exe
  2⤵
  PID:3732
- C:\Windows\System\NZtSfiO.exe
  C:\Windows\System\NZtSfiO.exe
  2⤵
  PID:3760
- C:\Windows\System\vVNFyIu.exe
  C:\Windows\System\vVNFyIu.exe
  2⤵
  PID:3792
- C:\Windows\System\VcBKHTY.exe
  C:\Windows\System\VcBKHTY.exe
  2⤵
  PID:3844
- C:\Windows\System\MsMsOkb.exe
  C:\Windows\System\MsMsOkb.exe
  2⤵
  PID:1896
- C:\Windows\System\pRixGJN.exe
  C:\Windows\System\pRixGJN.exe
  2⤵
  PID:3960
- C:\Windows\System\tcFGAfI.exe
  C:\Windows\System\tcFGAfI.exe
  2⤵
  PID:4004
- C:\Windows\System\mPwVbTF.exe
  C:\Windows\System\mPwVbTF.exe
  2⤵
  PID:2096
- C:\Windows\System\ojbNivE.exe
  C:\Windows\System\ojbNivE.exe
  2⤵
  PID:2364
- C:\Windows\System\ffmQxYm.exe
  C:\Windows\System\ffmQxYm.exe
  2⤵
  PID:1192
- C:\Windows\System\SziVAhH.exe
  C:\Windows\System\SziVAhH.exe
  2⤵
  PID:3108
- C:\Windows\System\bazOBIW.exe
  C:\Windows\System\bazOBIW.exe
  2⤵
  PID:3192
- C:\Windows\System\eYuIQCm.exe
  C:\Windows\System\eYuIQCm.exe
  2⤵
  PID:3356
- C:\Windows\System\DQiaTgq.exe
  C:\Windows\System\DQiaTgq.exe
  2⤵
  PID:3400
- C:\Windows\System\dYXcrfL.exe
  C:\Windows\System\dYXcrfL.exe
  2⤵
  PID:3412
- C:\Windows\System\bGnTzzQ.exe
  C:\Windows\System\bGnTzzQ.exe
  2⤵
  PID:3512
- C:\Windows\System\MHgClnG.exe
  C:\Windows\System\MHgClnG.exe
  2⤵
  PID:3652
- C:\Windows\System\bqqJFDT.exe
  C:\Windows\System\bqqJFDT.exe
  2⤵
  PID:3720
- C:\Windows\System\sogewJx.exe
  C:\Windows\System\sogewJx.exe
  2⤵
  PID:3840
- C:\Windows\System\eTyGuUE.exe
  C:\Windows\System\eTyGuUE.exe
  2⤵
  PID:3880
- C:\Windows\System\UxYUDkw.exe
  C:\Windows\System\UxYUDkw.exe
  2⤵
  PID:4104
- C:\Windows\System\GflchwI.exe
  C:\Windows\System\GflchwI.exe
  2⤵
  PID:4124
- C:\Windows\System\qUkFOtZ.exe
  C:\Windows\System\qUkFOtZ.exe
  2⤵
  PID:4144
- C:\Windows\System\iWFRtBJ.exe
  C:\Windows\System\iWFRtBJ.exe
  2⤵
  PID:4164
- C:\Windows\System\WNJKjjF.exe
  C:\Windows\System\WNJKjjF.exe
  2⤵
  PID:4184
- C:\Windows\System\rSKEwOu.exe
  C:\Windows\System\rSKEwOu.exe
  2⤵
  PID:4204
- C:\Windows\System\jLvDACV.exe
  C:\Windows\System\jLvDACV.exe
  2⤵
  PID:4224
- C:\Windows\System\sqKrpIU.exe
  C:\Windows\System\sqKrpIU.exe
  2⤵
  PID:4244
- C:\Windows\System\iLUTStz.exe
  C:\Windows\System\iLUTStz.exe
  2⤵
  PID:4264
- C:\Windows\System\LassKoH.exe
  C:\Windows\System\LassKoH.exe
  2⤵
  PID:4284
- C:\Windows\System\lJFivXZ.exe
  C:\Windows\System\lJFivXZ.exe
  2⤵
  PID:4304
- C:\Windows\System\SNJtjoM.exe
  C:\Windows\System\SNJtjoM.exe
  2⤵
  PID:4324
- C:\Windows\System\qOFbszH.exe
  C:\Windows\System\qOFbszH.exe
  2⤵
  PID:4344
- C:\Windows\System\zadDakA.exe
  C:\Windows\System\zadDakA.exe
  2⤵
  PID:4364
- C:\Windows\System\smoyUIn.exe
  C:\Windows\System\smoyUIn.exe
  2⤵
  PID:4384
- C:\Windows\System\HEIVCER.exe
  C:\Windows\System\HEIVCER.exe
  2⤵
  PID:4404
- C:\Windows\System\GauXHnp.exe
  C:\Windows\System\GauXHnp.exe
  2⤵
  PID:4424
- C:\Windows\System\SBvotAR.exe
  C:\Windows\System\SBvotAR.exe
  2⤵
  PID:4444
- C:\Windows\System\sjyEdoS.exe
  C:\Windows\System\sjyEdoS.exe
  2⤵
  PID:4464
- C:\Windows\System\qLkBMbJ.exe
  C:\Windows\System\qLkBMbJ.exe
  2⤵
  PID:4484
- C:\Windows\System\ycQFiAS.exe
  C:\Windows\System\ycQFiAS.exe
  2⤵
  PID:4508
- C:\Windows\System\sUCvlLX.exe
  C:\Windows\System\sUCvlLX.exe
  2⤵
  PID:4528
- C:\Windows\System\QtqloEJ.exe
  C:\Windows\System\QtqloEJ.exe
  2⤵
  PID:4548
- C:\Windows\System\tEigwQV.exe
  C:\Windows\System\tEigwQV.exe
  2⤵
  PID:4568
- C:\Windows\System\ixOrUKp.exe
  C:\Windows\System\ixOrUKp.exe
  2⤵
  PID:4588
- C:\Windows\System\BCEEzcM.exe
  C:\Windows\System\BCEEzcM.exe
  2⤵
  PID:4608
- C:\Windows\System\SGMBeUe.exe
  C:\Windows\System\SGMBeUe.exe
  2⤵
  PID:4628
- C:\Windows\System\eINJVfk.exe
  C:\Windows\System\eINJVfk.exe
  2⤵
  PID:4648
- C:\Windows\System\tYbVZkU.exe
  C:\Windows\System\tYbVZkU.exe
  2⤵
  PID:4668
- C:\Windows\System\KSFwCvK.exe
  C:\Windows\System\KSFwCvK.exe
  2⤵
  PID:4688
- C:\Windows\System\vBZWzhY.exe
  C:\Windows\System\vBZWzhY.exe
  2⤵
  PID:4708
- C:\Windows\System\nmLhrIG.exe
  C:\Windows\System\nmLhrIG.exe
  2⤵
  PID:4728
- C:\Windows\System\qqBicOH.exe
  C:\Windows\System\qqBicOH.exe
  2⤵
  PID:4748
- C:\Windows\System\ELfPBaL.exe
  C:\Windows\System\ELfPBaL.exe
  2⤵
  PID:4768
- C:\Windows\System\AqKTdRq.exe
  C:\Windows\System\AqKTdRq.exe
  2⤵
  PID:4788
- C:\Windows\System\DDQJEBO.exe
  C:\Windows\System\DDQJEBO.exe
  2⤵
  PID:4808
- C:\Windows\System\ZEQYVtD.exe
  C:\Windows\System\ZEQYVtD.exe
  2⤵
  PID:4828
- C:\Windows\System\vrsigIj.exe
  C:\Windows\System\vrsigIj.exe
  2⤵
  PID:4848
- C:\Windows\System\TZkWjoG.exe
  C:\Windows\System\TZkWjoG.exe
  2⤵
  PID:4868
- C:\Windows\System\DWemVRe.exe
  C:\Windows\System\DWemVRe.exe
  2⤵
  PID:4884
- C:\Windows\System\HyyTXSK.exe
  C:\Windows\System\HyyTXSK.exe
  2⤵
  PID:4908
- C:\Windows\System\BxLkzks.exe
  C:\Windows\System\BxLkzks.exe
  2⤵
  PID:4932
- C:\Windows\System\fhDmfFv.exe
  C:\Windows\System\fhDmfFv.exe
  2⤵
  PID:4952
- C:\Windows\System\ZuxkLZh.exe
  C:\Windows\System\ZuxkLZh.exe
  2⤵
  PID:4972
- C:\Windows\System\ompmlxz.exe
  C:\Windows\System\ompmlxz.exe
  2⤵
  PID:4992
- C:\Windows\System\tyIEabV.exe
  C:\Windows\System\tyIEabV.exe
  2⤵
  PID:5012
- C:\Windows\System\kfvwoXi.exe
  C:\Windows\System\kfvwoXi.exe
  2⤵
  PID:5032
- C:\Windows\System\pEqPxdC.exe
  C:\Windows\System\pEqPxdC.exe
  2⤵
  PID:5052
- C:\Windows\System\qXugBUY.exe
  C:\Windows\System\qXugBUY.exe
  2⤵
  PID:5072
- C:\Windows\System\KAWkzdP.exe
  C:\Windows\System\KAWkzdP.exe
  2⤵
  PID:5092
- C:\Windows\System\SUoCVaJ.exe
  C:\Windows\System\SUoCVaJ.exe
  2⤵
  PID:5112
- C:\Windows\System\HDNIDay.exe
  C:\Windows\System\HDNIDay.exe
  2⤵
  PID:4040
- C:\Windows\System\EuRbTQg.exe
  C:\Windows\System\EuRbTQg.exe
  2⤵
  PID:4084
- C:\Windows\System\JRHwShR.exe
  C:\Windows\System\JRHwShR.exe
  2⤵
  PID:2776
- C:\Windows\System\RBexgPf.exe
  C:\Windows\System\RBexgPf.exe
  2⤵
  PID:3292
- C:\Windows\System\nGVKTlM.exe
  C:\Windows\System\nGVKTlM.exe
  2⤵
  PID:3312
- C:\Windows\System\AvvdriC.exe
  C:\Windows\System\AvvdriC.exe
  2⤵
  PID:3532
- C:\Windows\System\tvQLtmR.exe
  C:\Windows\System\tvQLtmR.exe
  2⤵
  PID:3680
- C:\Windows\System\BSlaTdW.exe
  C:\Windows\System\BSlaTdW.exe
  2⤵
  PID:3816
- C:\Windows\System\dFGLdpQ.exe
  C:\Windows\System\dFGLdpQ.exe
  2⤵
  PID:4100
- C:\Windows\System\ockkkNr.exe
  C:\Windows\System\ockkkNr.exe
  2⤵
  PID:4120
- C:\Windows\System\QWJiuWf.exe
  C:\Windows\System\QWJiuWf.exe
  2⤵
  PID:4176
- C:\Windows\System\BYFabYR.exe
  C:\Windows\System\BYFabYR.exe
  2⤵
  PID:4212
- C:\Windows\System\ywCZAJa.exe
  C:\Windows\System\ywCZAJa.exe
  2⤵
  PID:4232
- C:\Windows\System\UlcjZEY.exe
  C:\Windows\System\UlcjZEY.exe
  2⤵
  PID:4256
- C:\Windows\System\eucxCmt.exe
  C:\Windows\System\eucxCmt.exe
  2⤵
  PID:4296
- C:\Windows\System\dVvsFUX.exe
  C:\Windows\System\dVvsFUX.exe
  2⤵
  PID:4316
- C:\Windows\System\AJSdrpG.exe
  C:\Windows\System\AJSdrpG.exe
  2⤵
  PID:4380
- C:\Windows\System\facovor.exe
  C:\Windows\System\facovor.exe
  2⤵
  PID:4400
- C:\Windows\System\ftonAnz.exe
  C:\Windows\System\ftonAnz.exe
  2⤵
  PID:2864
- C:\Windows\System\CTWIwJA.exe
  C:\Windows\System\CTWIwJA.exe
  2⤵
  PID:4436
- C:\Windows\System\fZPtvrB.exe
  C:\Windows\System\fZPtvrB.exe
  2⤵
  PID:4476
- C:\Windows\System\DYQgZlS.exe
  C:\Windows\System\DYQgZlS.exe
  2⤵
  PID:4516
- C:\Windows\System\UldQVll.exe
  C:\Windows\System\UldQVll.exe
  2⤵
  PID:2812
- C:\Windows\System\AFjzbUb.exe
  C:\Windows\System\AFjzbUb.exe
  2⤵
  PID:4584
- C:\Windows\System\UDapNqs.exe
  C:\Windows\System\UDapNqs.exe
  2⤵
  PID:4616
- C:\Windows\System\hmIrKSv.exe
  C:\Windows\System\hmIrKSv.exe
  2⤵
  PID:4640
- C:\Windows\System\XxjbuUj.exe
  C:\Windows\System\XxjbuUj.exe
  2⤵
  PID:4676
- C:\Windows\System\wvLcyfi.exe
  C:\Windows\System\wvLcyfi.exe
  2⤵
  PID:4700
- C:\Windows\System\EqxReag.exe
  C:\Windows\System\EqxReag.exe
  2⤵
  PID:4744
- C:\Windows\System\vFVHxIl.exe
  C:\Windows\System\vFVHxIl.exe
  2⤵
  PID:4776
- C:\Windows\System\sZCkvOb.exe
  C:\Windows\System\sZCkvOb.exe
  2⤵
  PID:4800
- C:\Windows\System\ejHxIBO.exe
  C:\Windows\System\ejHxIBO.exe
  2⤵
  PID:4844
- C:\Windows\System\KWjBAGQ.exe
  C:\Windows\System\KWjBAGQ.exe
  2⤵
  PID:4876
- C:\Windows\System\rZWRusP.exe
  C:\Windows\System\rZWRusP.exe
  2⤵
  PID:2828
- C:\Windows\System\EZYHlUR.exe
  C:\Windows\System\EZYHlUR.exe
  2⤵
  PID:4948
- C:\Windows\System\sxFLSQd.exe
  C:\Windows\System\sxFLSQd.exe
  2⤵
  PID:4980
- C:\Windows\System\tsPlneH.exe
  C:\Windows\System\tsPlneH.exe
  2⤵
  PID:5000
- C:\Windows\System\YaSOcJN.exe
  C:\Windows\System\YaSOcJN.exe
  2⤵
  PID:5028
- C:\Windows\System\sXSwjac.exe
  C:\Windows\System\sXSwjac.exe
  2⤵
  PID:5044
- C:\Windows\System\ngOXxVu.exe
  C:\Windows\System\ngOXxVu.exe
  2⤵
  PID:5088
- C:\Windows\System\dVTKJkN.exe
  C:\Windows\System\dVTKJkN.exe
  2⤵
  PID:4020
- C:\Windows\System\UyOJMPg.exe
  C:\Windows\System\UyOJMPg.exe
  2⤵
  PID:3136
- C:\Windows\System\QIIvkVG.exe
  C:\Windows\System\QIIvkVG.exe
  2⤵
  PID:2936
- C:\Windows\System\zxwualy.exe
  C:\Windows\System\zxwualy.exe
  2⤵
  PID:3572
- C:\Windows\System\QdvLkVV.exe
  C:\Windows\System\QdvLkVV.exe
  2⤵
  PID:3596
- C:\Windows\System\tuBlVaF.exe
  C:\Windows\System\tuBlVaF.exe
  2⤵
  PID:3884
- C:\Windows\System\clshXBz.exe
  C:\Windows\System\clshXBz.exe
  2⤵
  PID:4132
- C:\Windows\System\eozUllP.exe
  C:\Windows\System\eozUllP.exe
  2⤵
  PID:4192
- C:\Windows\System\Ehutpxy.exe
  C:\Windows\System\Ehutpxy.exe
  2⤵
  PID:4236
- C:\Windows\System\coLOEWu.exe
  C:\Windows\System\coLOEWu.exe
  2⤵
  PID:4280
- C:\Windows\System\SIQBvdT.exe
  C:\Windows\System\SIQBvdT.exe
  2⤵
  PID:4340
- C:\Windows\System\zPetNxB.exe
  C:\Windows\System\zPetNxB.exe
  2⤵
  PID:4352
- C:\Windows\System\VWlovZK.exe
  C:\Windows\System\VWlovZK.exe
  2⤵
  PID:4396
- C:\Windows\System\FVZiYBV.exe
  C:\Windows\System\FVZiYBV.exe
  2⤵
  PID:4504
- C:\Windows\System\MaAfMpL.exe
  C:\Windows\System\MaAfMpL.exe
  2⤵
  PID:4540
- C:\Windows\System\kzEuGsq.exe
  C:\Windows\System\kzEuGsq.exe
  2⤵
  PID:2552
- C:\Windows\System\AFZOGax.exe
  C:\Windows\System\AFZOGax.exe
  2⤵
  PID:4600
- C:\Windows\System\WqezXqr.exe
  C:\Windows\System\WqezXqr.exe
  2⤵
  PID:4704
- C:\Windows\System\SiWnTlR.exe
  C:\Windows\System\SiWnTlR.exe
  2⤵
  PID:4756
- C:\Windows\System\mzgzqCG.exe
  C:\Windows\System\mzgzqCG.exe
  2⤵
  PID:2608
- C:\Windows\System\JioWkzX.exe
  C:\Windows\System\JioWkzX.exe
  2⤵
  PID:4836
- C:\Windows\System\RNaojCn.exe
  C:\Windows\System\RNaojCn.exe
  2⤵
  PID:4864
- C:\Windows\System\bkvQGHY.exe
  C:\Windows\System\bkvQGHY.exe
  2⤵
  PID:4920
- C:\Windows\System\rlXtFZQ.exe
  C:\Windows\System\rlXtFZQ.exe
  2⤵
  PID:4944
- C:\Windows\System\KGSHnZc.exe
  C:\Windows\System\KGSHnZc.exe
  2⤵
  PID:4988
- C:\Windows\System\XZsnygL.exe
  C:\Windows\System\XZsnygL.exe
  2⤵
  PID:5040
- C:\Windows\System\JNnkvLd.exe
  C:\Windows\System\JNnkvLd.exe
  2⤵
  PID:5104
- C:\Windows\System\fDEqJLw.exe
  C:\Windows\System\fDEqJLw.exe
  2⤵
  PID:3296
- C:\Windows\System\rTgvDyJ.exe
  C:\Windows\System\rTgvDyJ.exe
  2⤵
  PID:572
- C:\Windows\System\PVvaVHC.exe
  C:\Windows\System\PVvaVHC.exe
  2⤵
  PID:1608
- C:\Windows\System\OnSGFAW.exe
  C:\Windows\System\OnSGFAW.exe
  2⤵
  PID:4172
- C:\Windows\System\LWTfwFf.exe
  C:\Windows\System\LWTfwFf.exe
  2⤵
  PID:2560
- C:\Windows\System\iorvewV.exe
  C:\Windows\System\iorvewV.exe
  2⤵
  PID:4356
- C:\Windows\System\jSFpMyz.exe
  C:\Windows\System\jSFpMyz.exe
  2⤵
  PID:4392
- C:\Windows\System\vSIGZTH.exe
  C:\Windows\System\vSIGZTH.exe
  2⤵
  PID:2856
- C:\Windows\System\cwZGdxm.exe
  C:\Windows\System\cwZGdxm.exe
  2⤵
  PID:4520
- C:\Windows\System\FyuLPWr.exe
  C:\Windows\System\FyuLPWr.exe
  2⤵
  PID:4644
- C:\Windows\System\WsBOuQN.exe
  C:\Windows\System\WsBOuQN.exe
  2⤵
  PID:4620
- C:\Windows\System\CRbrgmN.exe
  C:\Windows\System\CRbrgmN.exe
  2⤵
  PID:4696
- C:\Windows\System\vLqmhCn.exe
  C:\Windows\System\vLqmhCn.exe
  2⤵
  PID:4860
- C:\Windows\System\zTOBjew.exe
  C:\Windows\System\zTOBjew.exe
  2⤵
  PID:4904
- C:\Windows\System\YEctkxc.exe
  C:\Windows\System\YEctkxc.exe
  2⤵
  PID:4940
- C:\Windows\System\leazfkt.exe
  C:\Windows\System\leazfkt.exe
  2⤵
  PID:4984
- C:\Windows\System\KvntBQw.exe
  C:\Windows\System\KvntBQw.exe
  2⤵
  PID:1556
- C:\Windows\System\pFYUGRR.exe
  C:\Windows\System\pFYUGRR.exe
  2⤵
  PID:3176
- C:\Windows\System\SgClHOV.exe
  C:\Windows\System\SgClHOV.exe
  2⤵
  PID:5136
- C:\Windows\System\ZxDKYBm.exe
  C:\Windows\System\ZxDKYBm.exe
  2⤵
  PID:5156
- C:\Windows\System\jRoONjc.exe
  C:\Windows\System\jRoONjc.exe
  2⤵
  PID:5176
- C:\Windows\System\PvKZWJI.exe
  C:\Windows\System\PvKZWJI.exe
  2⤵
  PID:5196
- C:\Windows\System\UzoCtZu.exe
  C:\Windows\System\UzoCtZu.exe
  2⤵
  PID:5216
- C:\Windows\System\daEQeoP.exe
  C:\Windows\System\daEQeoP.exe
  2⤵
  PID:5236
- C:\Windows\System\CTVTkTI.exe
  C:\Windows\System\CTVTkTI.exe
  2⤵
  PID:5256
- C:\Windows\System\aSnTYXf.exe
  C:\Windows\System\aSnTYXf.exe
  2⤵
  PID:5276
- C:\Windows\System\Zubjzee.exe
  C:\Windows\System\Zubjzee.exe
  2⤵
  PID:5296
- C:\Windows\System\EWxazKv.exe
  C:\Windows\System\EWxazKv.exe
  2⤵
  PID:5316
- C:\Windows\System\XNZdslU.exe
  C:\Windows\System\XNZdslU.exe
  2⤵
  PID:5336
- C:\Windows\System\YBdwQTV.exe
  C:\Windows\System\YBdwQTV.exe
  2⤵
  PID:5356
- C:\Windows\System\HzuwErU.exe
  C:\Windows\System\HzuwErU.exe
  2⤵
  PID:5376
- C:\Windows\System\DplLSrL.exe
  C:\Windows\System\DplLSrL.exe
  2⤵
  PID:5396
- C:\Windows\System\WgPaMmu.exe
  C:\Windows\System\WgPaMmu.exe
  2⤵
  PID:5416
- C:\Windows\System\xytEssj.exe
  C:\Windows\System\xytEssj.exe
  2⤵
  PID:5436
- C:\Windows\System\MyFlRwl.exe
  C:\Windows\System\MyFlRwl.exe
  2⤵
  PID:5456
- C:\Windows\System\rNdOxPO.exe
  C:\Windows\System\rNdOxPO.exe
  2⤵
  PID:5476
- C:\Windows\System\cGxuZJY.exe
  C:\Windows\System\cGxuZJY.exe
  2⤵
  PID:5496
- C:\Windows\System\uuTMkxG.exe
  C:\Windows\System\uuTMkxG.exe
  2⤵
  PID:5516
- C:\Windows\System\gcSzhWn.exe
  C:\Windows\System\gcSzhWn.exe
  2⤵
  PID:5536
- C:\Windows\System\HNdplMP.exe
  C:\Windows\System\HNdplMP.exe
  2⤵
  PID:5556
- C:\Windows\System\xwtOUmV.exe
  C:\Windows\System\xwtOUmV.exe
  2⤵
  PID:5576
- C:\Windows\System\RlgECwH.exe
  C:\Windows\System\RlgECwH.exe
  2⤵
  PID:5596
- C:\Windows\System\OgkUmPg.exe
  C:\Windows\System\OgkUmPg.exe
  2⤵
  PID:5616
- C:\Windows\System\YFVECzi.exe
  C:\Windows\System\YFVECzi.exe
  2⤵
  PID:5636
- C:\Windows\System\kjhHGta.exe
  C:\Windows\System\kjhHGta.exe
  2⤵
  PID:5656
- C:\Windows\System\Orsuiry.exe
  C:\Windows\System\Orsuiry.exe
  2⤵
  PID:5676
- C:\Windows\System\SAMpwWQ.exe
  C:\Windows\System\SAMpwWQ.exe
  2⤵
  PID:5696
- C:\Windows\System\DhiVXnP.exe
  C:\Windows\System\DhiVXnP.exe
  2⤵
  PID:5716
- C:\Windows\System\gTKsvPd.exe
  C:\Windows\System\gTKsvPd.exe
  2⤵
  PID:5736
- C:\Windows\System\kKZBTtt.exe
  C:\Windows\System\kKZBTtt.exe
  2⤵
  PID:5756
- C:\Windows\System\QSvmkkB.exe
  C:\Windows\System\QSvmkkB.exe
  2⤵
  PID:5776
- C:\Windows\System\rFioWpR.exe
  C:\Windows\System\rFioWpR.exe
  2⤵
  PID:5796
- C:\Windows\System\tiPYXHQ.exe
  C:\Windows\System\tiPYXHQ.exe
  2⤵
  PID:5816
- C:\Windows\System\trwMNDm.exe
  C:\Windows\System\trwMNDm.exe
  2⤵
  PID:5836
- C:\Windows\System\VcYbLjk.exe
  C:\Windows\System\VcYbLjk.exe
  2⤵
  PID:5856
- C:\Windows\System\ZhCxREh.exe
  C:\Windows\System\ZhCxREh.exe
  2⤵
  PID:5876
- C:\Windows\System\yfjmjvD.exe
  C:\Windows\System\yfjmjvD.exe
  2⤵
  PID:5896
- C:\Windows\System\UMOwZLX.exe
  C:\Windows\System\UMOwZLX.exe
  2⤵
  PID:5916
- C:\Windows\System\zzIYJUi.exe
  C:\Windows\System\zzIYJUi.exe
  2⤵
  PID:5936
- C:\Windows\System\IxIvrtM.exe
  C:\Windows\System\IxIvrtM.exe
  2⤵
  PID:5956
- C:\Windows\System\cjjBaGu.exe
  C:\Windows\System\cjjBaGu.exe
  2⤵
  PID:5976
- C:\Windows\System\PsQOqiC.exe
  C:\Windows\System\PsQOqiC.exe
  2⤵
  PID:5996
- C:\Windows\System\NqrduzF.exe
  C:\Windows\System\NqrduzF.exe
  2⤵
  PID:6016
- C:\Windows\System\WFBRHyG.exe
  C:\Windows\System\WFBRHyG.exe
  2⤵
  PID:6036
- C:\Windows\System\NjFDlbF.exe
  C:\Windows\System\NjFDlbF.exe
  2⤵
  PID:6056
- C:\Windows\System\yVgzNhR.exe
  C:\Windows\System\yVgzNhR.exe
  2⤵
  PID:6076
- C:\Windows\System\EnBbjgr.exe
  C:\Windows\System\EnBbjgr.exe
  2⤵
  PID:6096
- C:\Windows\System\TXOkxMt.exe
  C:\Windows\System\TXOkxMt.exe
  2⤵
  PID:6116
- C:\Windows\System\aTTFzFS.exe
  C:\Windows\System\aTTFzFS.exe
  2⤵
  PID:6136
- C:\Windows\System\wSPfngX.exe
  C:\Windows\System\wSPfngX.exe
  2⤵
  PID:3692
- C:\Windows\System\uYvElex.exe
  C:\Windows\System\uYvElex.exe
  2⤵
  PID:4220
- C:\Windows\System\PlobVwF.exe
  C:\Windows\System\PlobVwF.exe
  2⤵
  PID:4200
- C:\Windows\System\FCQWnHj.exe
  C:\Windows\System\FCQWnHj.exe
  2⤵
  PID:4420
- C:\Windows\System\gUvLZdS.exe
  C:\Windows\System\gUvLZdS.exe
  2⤵
  PID:4636
- C:\Windows\System\FyuxfaC.exe
  C:\Windows\System\FyuxfaC.exe
  2⤵
  PID:4660
- C:\Windows\System\emGIMSr.exe
  C:\Windows\System\emGIMSr.exe
  2⤵
  PID:4736
- C:\Windows\System\Jreykjt.exe
  C:\Windows\System\Jreykjt.exe
  2⤵
  PID:4916
- C:\Windows\System\soAKgMb.exe
  C:\Windows\System\soAKgMb.exe
  2⤵
  PID:2732
- C:\Windows\System\sAVHLAH.exe
  C:\Windows\System\sAVHLAH.exe
  2⤵
  PID:4076
- C:\Windows\System\JjuCyWI.exe
  C:\Windows\System\JjuCyWI.exe
  2⤵
  PID:5164
- C:\Windows\System\whfqZRJ.exe
  C:\Windows\System\whfqZRJ.exe
  2⤵
  PID:5184
- C:\Windows\System\kmmSjKj.exe
  C:\Windows\System\kmmSjKj.exe
  2⤵
  PID:5208
- C:\Windows\System\bvLjZsV.exe
  C:\Windows\System\bvLjZsV.exe
  2⤵
  PID:5252
- C:\Windows\System\uCyyuRh.exe
  C:\Windows\System\uCyyuRh.exe
  2⤵
  PID:5268
- C:\Windows\System\hqbjcFj.exe
  C:\Windows\System\hqbjcFj.exe
  2⤵
  PID:5324
- C:\Windows\System\grEFQxR.exe
  C:\Windows\System\grEFQxR.exe
  2⤵
  PID:5344
- C:\Windows\System\SRAaKrP.exe
  C:\Windows\System\SRAaKrP.exe
  2⤵
  PID:5368
- C:\Windows\System\pPAstOn.exe
  C:\Windows\System\pPAstOn.exe
  2⤵
  PID:5412
- C:\Windows\System\dLFjZUw.exe
  C:\Windows\System\dLFjZUw.exe
  2⤵
  PID:5428
- C:\Windows\System\uXlsUvA.exe
  C:\Windows\System\uXlsUvA.exe
  2⤵
  PID:5472
- C:\Windows\System\VTHTZJz.exe
  C:\Windows\System\VTHTZJz.exe
  2⤵
  PID:5504
- C:\Windows\System\NYdmomm.exe
  C:\Windows\System\NYdmomm.exe
  2⤵
  PID:5564
- C:\Windows\System\zsrKiAq.exe
  C:\Windows\System\zsrKiAq.exe
  2⤵
  PID:5568
- C:\Windows\System\HrBXHUZ.exe
  C:\Windows\System\HrBXHUZ.exe
  2⤵
  PID:5588
- C:\Windows\System\srBRHqT.exe
  C:\Windows\System\srBRHqT.exe
  2⤵
  PID:5652
- C:\Windows\System\TlVIyPK.exe
  C:\Windows\System\TlVIyPK.exe
  2⤵
  PID:5692
- C:\Windows\System\JNjZeFg.exe
  C:\Windows\System\JNjZeFg.exe
  2⤵
  PID:5724
- C:\Windows\System\QovhmRS.exe
  C:\Windows\System\QovhmRS.exe
  2⤵
  PID:5744
- C:\Windows\System\CxjVtkK.exe
  C:\Windows\System\CxjVtkK.exe
  2⤵
  PID:5768
- C:\Windows\System\uJxztbT.exe
  C:\Windows\System\uJxztbT.exe
  2⤵
  PID:5808
- C:\Windows\System\IuNwHQh.exe
  C:\Windows\System\IuNwHQh.exe
  2⤵
  PID:5852
- C:\Windows\System\ZFyzLjM.exe
  C:\Windows\System\ZFyzLjM.exe
  2⤵
  PID:5872
- C:\Windows\System\vbijzvp.exe
  C:\Windows\System\vbijzvp.exe
  2⤵
  PID:2280
- C:\Windows\System\kWZkLcV.exe
  C:\Windows\System\kWZkLcV.exe
  2⤵
  PID:5944
- C:\Windows\System\cqCiucc.exe
  C:\Windows\System\cqCiucc.exe
  2⤵
  PID:5968
- C:\Windows\System\ifZAnnr.exe
  C:\Windows\System\ifZAnnr.exe
  2⤵
  PID:5988
- C:\Windows\System\QGefXVv.exe
  C:\Windows\System\QGefXVv.exe
  2⤵
  PID:6028
- C:\Windows\System\UffWDYL.exe
  C:\Windows\System\UffWDYL.exe
  2⤵
  PID:6084
- C:\Windows\System\xXPsyQk.exe
  C:\Windows\System\xXPsyQk.exe
  2⤵
  PID:6088
- C:\Windows\System\VfrWuST.exe
  C:\Windows\System\VfrWuST.exe
  2⤵
  PID:6108
- C:\Windows\System\JeZDyFF.exe
  C:\Windows\System\JeZDyFF.exe
  2⤵
  PID:3396
- C:\Windows\System\iRMsGCg.exe
  C:\Windows\System\iRMsGCg.exe
  2⤵
  PID:4260
- C:\Windows\System\TXSLpua.exe
  C:\Windows\System\TXSLpua.exe
  2⤵
  PID:4576
- C:\Windows\System\xEJHNXf.exe
  C:\Windows\System\xEJHNXf.exe
  2⤵
  PID:4724
- C:\Windows\System\uvXVkpZ.exe
  C:\Windows\System\uvXVkpZ.exe
  2⤵
  PID:4824
- C:\Windows\System\WMVDiER.exe
  C:\Windows\System\WMVDiER.exe
  2⤵
  PID:5124
- C:\Windows\System\VGxAJZN.exe
  C:\Windows\System\VGxAJZN.exe
  2⤵
  PID:5148
- C:\Windows\System\rEGeEaD.exe
  C:\Windows\System\rEGeEaD.exe
  2⤵
  PID:5232
- C:\Windows\System\nWiMBGZ.exe
  C:\Windows\System\nWiMBGZ.exe
  2⤵
  PID:5272
- C:\Windows\System\FrxAmpW.exe
  C:\Windows\System\FrxAmpW.exe
  2⤵
  PID:5308
- C:\Windows\System\kWolgch.exe
  C:\Windows\System\kWolgch.exe
  2⤵
  PID:5372
- C:\Windows\System\uEogATJ.exe
  C:\Windows\System\uEogATJ.exe
  2⤵
  PID:5432
- C:\Windows\System\NrCJDoF.exe
  C:\Windows\System\NrCJDoF.exe
  2⤵
  PID:5492
- C:\Windows\System\UkzJJbu.exe
  C:\Windows\System\UkzJJbu.exe
  2⤵
  PID:5532
- C:\Windows\System\ojYQIPD.exe
  C:\Windows\System\ojYQIPD.exe
  2⤵
  PID:5612
- C:\Windows\System\hJyWCRK.exe
  C:\Windows\System\hJyWCRK.exe
  2⤵
  PID:5668
- C:\Windows\System\zNHNxpe.exe
  C:\Windows\System\zNHNxpe.exe
  2⤵
  PID:5688
- C:\Windows\System\xYeNuqP.exe
  C:\Windows\System\xYeNuqP.exe
  2⤵
  PID:5708
- C:\Windows\System\qXxspNb.exe
  C:\Windows\System\qXxspNb.exe
  2⤵
  PID:5844
- C:\Windows\System\tIxesnX.exe
  C:\Windows\System\tIxesnX.exe
  2⤵
  PID:5888
- C:\Windows\System\vLulZnY.exe
  C:\Windows\System\vLulZnY.exe
  2⤵
  PID:5948
- C:\Windows\System\YtSjAcf.exe
  C:\Windows\System\YtSjAcf.exe
  2⤵
  PID:5992
- C:\Windows\System\AFnqEgB.exe
  C:\Windows\System\AFnqEgB.exe
  2⤵
  PID:6044
- C:\Windows\System\nTRLkNm.exe
  C:\Windows\System\nTRLkNm.exe
  2⤵
  PID:2920
- C:\Windows\System\poeRAlK.exe
  C:\Windows\System\poeRAlK.exe
  2⤵
  PID:3456
- C:\Windows\System\JfgogTf.exe
  C:\Windows\System\JfgogTf.exe
  2⤵
  PID:4332
- C:\Windows\System\DwWGJSJ.exe
  C:\Windows\System\DwWGJSJ.exe
  2⤵
  PID:2072
- C:\Windows\System\LENxcIg.exe
  C:\Windows\System\LENxcIg.exe
  2⤵
  PID:5020
- C:\Windows\System\HblFXdc.exe
  C:\Windows\System\HblFXdc.exe
  2⤵
  PID:5144
- C:\Windows\System\JoTOJRs.exe
  C:\Windows\System\JoTOJRs.exe
  2⤵
  PID:5264
- C:\Windows\System\GXTwokr.exe
  C:\Windows\System\GXTwokr.exe
  2⤵
  PID:5284
- C:\Windows\System\eoZmQIO.exe
  C:\Windows\System\eoZmQIO.exe
  2⤵
  PID:5404
- C:\Windows\System\MYCYozW.exe
  C:\Windows\System\MYCYozW.exe
  2⤵
  PID:5528
- C:\Windows\System\ymIqJlj.exe
  C:\Windows\System\ymIqJlj.exe
  2⤵
  PID:5552
- C:\Windows\System\AOiTkii.exe
  C:\Windows\System\AOiTkii.exe
  2⤵
  PID:5704
- C:\Windows\System\JcNZdKM.exe
  C:\Windows\System\JcNZdKM.exe
  2⤵
  PID:5772
- C:\Windows\System\dODNfYm.exe
  C:\Windows\System\dODNfYm.exe
  2⤵
  PID:5864
- C:\Windows\System\nEVUBXX.exe
  C:\Windows\System\nEVUBXX.exe
  2⤵
  PID:6152
- C:\Windows\System\vlyWhjZ.exe
  C:\Windows\System\vlyWhjZ.exe
  2⤵
  PID:6176
- C:\Windows\System\viZCASj.exe
  C:\Windows\System\viZCASj.exe
  2⤵
  PID:6196
- C:\Windows\System\XkwNFYe.exe
  C:\Windows\System\XkwNFYe.exe
  2⤵
  PID:6216
- C:\Windows\System\ObWBwFw.exe
  C:\Windows\System\ObWBwFw.exe
  2⤵
  PID:6236
- C:\Windows\System\RpQWyaQ.exe
  C:\Windows\System\RpQWyaQ.exe
  2⤵
  PID:6256
- C:\Windows\System\TqEntbT.exe
  C:\Windows\System\TqEntbT.exe
  2⤵
  PID:6276
- C:\Windows\System\vHuQvdB.exe
  C:\Windows\System\vHuQvdB.exe
  2⤵
  PID:6296
- C:\Windows\System\FzZwvIb.exe
  C:\Windows\System\FzZwvIb.exe
  2⤵
  PID:6316
- C:\Windows\System\roCORme.exe
  C:\Windows\System\roCORme.exe
  2⤵
  PID:6336
- C:\Windows\System\cIDXuLn.exe
  C:\Windows\System\cIDXuLn.exe
  2⤵
  PID:6356
- C:\Windows\System\YkalALN.exe
  C:\Windows\System\YkalALN.exe
  2⤵
  PID:6376
- C:\Windows\System\NXnZNHN.exe
  C:\Windows\System\NXnZNHN.exe
  2⤵
  PID:6396
- C:\Windows\System\GXjskFe.exe
  C:\Windows\System\GXjskFe.exe
  2⤵
  PID:6416
- C:\Windows\System\ywqIGRU.exe
  C:\Windows\System\ywqIGRU.exe
  2⤵
  PID:6436
- C:\Windows\System\avjgkmI.exe
  C:\Windows\System\avjgkmI.exe
  2⤵
  PID:6456
- C:\Windows\System\VBBuunW.exe
  C:\Windows\System\VBBuunW.exe
  2⤵
  PID:6476
- C:\Windows\System\kqRUKjl.exe
  C:\Windows\System\kqRUKjl.exe
  2⤵
  PID:6496
- C:\Windows\System\ZgAtiDH.exe
  C:\Windows\System\ZgAtiDH.exe
  2⤵
  PID:6516
- C:\Windows\System\pITpbAF.exe
  C:\Windows\System\pITpbAF.exe
  2⤵
  PID:6536
- C:\Windows\System\bVQvbpn.exe
  C:\Windows\System\bVQvbpn.exe
  2⤵
  PID:6556
- C:\Windows\System\ODICcQF.exe
  C:\Windows\System\ODICcQF.exe
  2⤵
  PID:6576
- C:\Windows\System\KZfdMxf.exe
  C:\Windows\System\KZfdMxf.exe
  2⤵
  PID:6596
- C:\Windows\System\UvySPpj.exe
  C:\Windows\System\UvySPpj.exe
  2⤵
  PID:6616
- C:\Windows\System\fpdJBNP.exe
  C:\Windows\System\fpdJBNP.exe
  2⤵
  PID:6636
- C:\Windows\System\eoGLHyx.exe
  C:\Windows\System\eoGLHyx.exe
  2⤵
  PID:6656
- C:\Windows\System\bHuLSmd.exe
  C:\Windows\System\bHuLSmd.exe
  2⤵
  PID:6676
- C:\Windows\System\aJSmFHt.exe
  C:\Windows\System\aJSmFHt.exe
  2⤵
  PID:6696
- C:\Windows\System\SFMkIal.exe
  C:\Windows\System\SFMkIal.exe
  2⤵
  PID:6716
- C:\Windows\System\kabSKWw.exe
  C:\Windows\System\kabSKWw.exe
  2⤵
  PID:6736
- C:\Windows\System\vnCIwtX.exe
  C:\Windows\System\vnCIwtX.exe
  2⤵
  PID:6756
- C:\Windows\System\wHCtTTO.exe
  C:\Windows\System\wHCtTTO.exe
  2⤵
  PID:6776
- C:\Windows\System\sloQgGV.exe
  C:\Windows\System\sloQgGV.exe
  2⤵
  PID:6796
- C:\Windows\System\ljFaRSA.exe
  C:\Windows\System\ljFaRSA.exe
  2⤵
  PID:6816
- C:\Windows\System\Ckionyp.exe
  C:\Windows\System\Ckionyp.exe
  2⤵
  PID:6836
- C:\Windows\System\cGhgtkc.exe
  C:\Windows\System\cGhgtkc.exe
  2⤵
  PID:6856
- C:\Windows\System\kpTfjWH.exe
  C:\Windows\System\kpTfjWH.exe
  2⤵
  PID:6876
- C:\Windows\System\cwFANTn.exe
  C:\Windows\System\cwFANTn.exe
  2⤵
  PID:6896
- C:\Windows\System\IBXxMeK.exe
  C:\Windows\System\IBXxMeK.exe
  2⤵
  PID:6916
- C:\Windows\System\yLqlsRS.exe
  C:\Windows\System\yLqlsRS.exe
  2⤵
  PID:6936
- C:\Windows\System\QjFMIvm.exe
  C:\Windows\System\QjFMIvm.exe
  2⤵
  PID:6956
- C:\Windows\System\gfJExaq.exe
  C:\Windows\System\gfJExaq.exe
  2⤵
  PID:6976
- C:\Windows\System\cCaCUIp.exe
  C:\Windows\System\cCaCUIp.exe
  2⤵
  PID:6996
- C:\Windows\System\NMsHgCJ.exe
  C:\Windows\System\NMsHgCJ.exe
  2⤵
  PID:7016
- C:\Windows\System\eqmyWXo.exe
  C:\Windows\System\eqmyWXo.exe
  2⤵
  PID:7036
- C:\Windows\System\EBEtQHS.exe
  C:\Windows\System\EBEtQHS.exe
  2⤵
  PID:7056
- C:\Windows\System\jAKuwhs.exe
  C:\Windows\System\jAKuwhs.exe
  2⤵
  PID:7076
- C:\Windows\System\PXGXLUi.exe
  C:\Windows\System\PXGXLUi.exe
  2⤵
  PID:7096
- C:\Windows\System\QMCRkLw.exe
  C:\Windows\System\QMCRkLw.exe
  2⤵
  PID:7116
- C:\Windows\System\uxfFyVN.exe
  C:\Windows\System\uxfFyVN.exe
  2⤵
  PID:7136
- C:\Windows\System\ELiwBnB.exe
  C:\Windows\System\ELiwBnB.exe
  2⤵
  PID:7156
- C:\Windows\System\UKxJVQu.exe
  C:\Windows\System\UKxJVQu.exe
  2⤵
  PID:5972
- C:\Windows\System\EoelWaV.exe
  C:\Windows\System\EoelWaV.exe
  2⤵
  PID:6092
- C:\Windows\System\HduyTeX.exe
  C:\Windows\System\HduyTeX.exe
  2⤵
  PID:4180
- C:\Windows\System\lpwCUhc.exe
  C:\Windows\System\lpwCUhc.exe
  2⤵
  PID:4480
- C:\Windows\System\tkvsTFO.exe
  C:\Windows\System\tkvsTFO.exe
  2⤵
  PID:5048
- C:\Windows\System\gzcXlzj.exe
  C:\Windows\System\gzcXlzj.exe
  2⤵
  PID:5188
- C:\Windows\System\XdRRKrX.exe
  C:\Windows\System\XdRRKrX.exe
  2⤵
  PID:5388
- C:\Windows\System\KAxrLsm.exe
  C:\Windows\System\KAxrLsm.exe
  2⤵
  PID:5548
- C:\Windows\System\MaYiedi.exe
  C:\Windows\System\MaYiedi.exe
  2⤵
  PID:5644
- C:\Windows\System\pVeuzqD.exe
  C:\Windows\System\pVeuzqD.exe
  2⤵
  PID:5804
- C:\Windows\System\tOHYXFU.exe
  C:\Windows\System\tOHYXFU.exe
  2⤵
  PID:6160
- C:\Windows\System\HYEXxdQ.exe
  C:\Windows\System\HYEXxdQ.exe
  2⤵
  PID:6192
- C:\Windows\System\UfheNUv.exe
  C:\Windows\System\UfheNUv.exe
  2⤵
  PID:6232
- C:\Windows\System\XrksJpf.exe
  C:\Windows\System\XrksJpf.exe
  2⤵
  PID:6264
- C:\Windows\System\FAunkwa.exe
  C:\Windows\System\FAunkwa.exe
  2⤵
  PID:6288
- C:\Windows\System\EMJOFhF.exe
  C:\Windows\System\EMJOFhF.exe
  2⤵
  PID:6332
- C:\Windows\System\VNdiFch.exe
  C:\Windows\System\VNdiFch.exe
  2⤵
  PID:6352
- C:\Windows\System\JuPauFO.exe
  C:\Windows\System\JuPauFO.exe
  2⤵
  PID:6404
- C:\Windows\System\orihCeg.exe
  C:\Windows\System\orihCeg.exe
  2⤵
  PID:6432
- C:\Windows\System\ndfEExx.exe
  C:\Windows\System\ndfEExx.exe
  2⤵
  PID:6464
- C:\Windows\System\uKHgMmL.exe
  C:\Windows\System\uKHgMmL.exe
  2⤵
  PID:6488
- C:\Windows\System\BbicouT.exe
  C:\Windows\System\BbicouT.exe
  2⤵
  PID:6532
- C:\Windows\System\rVSAWrg.exe
  C:\Windows\System\rVSAWrg.exe
  2⤵
  PID:6548
- C:\Windows\System\yklORrR.exe
  C:\Windows\System\yklORrR.exe
  2⤵
  PID:6584
- C:\Windows\System\jhzSKod.exe
  C:\Windows\System\jhzSKod.exe
  2⤵
  PID:2852
- C:\Windows\System\IscFoVR.exe
  C:\Windows\System\IscFoVR.exe
  2⤵
  PID:6628
- C:\Windows\System\VrcrlWF.exe
  C:\Windows\System\VrcrlWF.exe
  2⤵
  PID:6684
- C:\Windows\System\MIlGXoc.exe
  C:\Windows\System\MIlGXoc.exe
  2⤵
  PID:6724
- C:\Windows\System\fIKQoNb.exe
  C:\Windows\System\fIKQoNb.exe
  2⤵
  PID:6764
- C:\Windows\System\rnCOZBE.exe
  C:\Windows\System\rnCOZBE.exe
  2⤵
  PID:6784
- C:\Windows\System\IoCtXoj.exe
  C:\Windows\System\IoCtXoj.exe
  2⤵
  PID:6808
- C:\Windows\System\fagPcMj.exe
  C:\Windows\System\fagPcMj.exe
  2⤵
  PID:6852
- C:\Windows\System\QusBhEQ.exe
  C:\Windows\System\QusBhEQ.exe
  2⤵
  PID:2868
- C:\Windows\System\PgCGgDm.exe
  C:\Windows\System\PgCGgDm.exe
  2⤵
  PID:6888
- C:\Windows\System\UgaGNYR.exe
  C:\Windows\System\UgaGNYR.exe
  2⤵
  PID:6932
- C:\Windows\System\mhWEQTJ.exe
  C:\Windows\System\mhWEQTJ.exe
  2⤵
  PID:6972
- C:\Windows\System\eKBOrBw.exe
  C:\Windows\System\eKBOrBw.exe
  2⤵
  PID:6992
- C:\Windows\System\hkhDlIm.exe
  C:\Windows\System\hkhDlIm.exe
  2⤵
  PID:7024
- C:\Windows\System\DCyNZPI.exe
  C:\Windows\System\DCyNZPI.exe
  2⤵
  PID:7028
- C:\Windows\System\FOXHdrT.exe
  C:\Windows\System\FOXHdrT.exe
  2⤵
  PID:7068
- C:\Windows\System\EFYcOZH.exe
  C:\Windows\System\EFYcOZH.exe
  2⤵
  PID:7112
- C:\Windows\System\XfigSTf.exe
  C:\Windows\System\XfigSTf.exe
  2⤵
  PID:6004
- C:\Windows\System\CQEtzoG.exe
  C:\Windows\System\CQEtzoG.exe
  2⤵
  PID:3008
- C:\Windows\System\MjAPZWK.exe
  C:\Windows\System\MjAPZWK.exe
  2⤵
  PID:6132
- C:\Windows\System\RicRLaQ.exe
  C:\Windows\System\RicRLaQ.exe
  2⤵
  PID:4796
- C:\Windows\System\eztIwDq.exe
  C:\Windows\System\eztIwDq.exe
  2⤵
  PID:5364
- C:\Windows\System\EdNeSLO.exe
  C:\Windows\System\EdNeSLO.exe
  2⤵
  PID:5444
- C:\Windows\System\oURbRXv.exe
  C:\Windows\System\oURbRXv.exe
  2⤵
  PID:5792
- C:\Windows\System\JzFOJKJ.exe
  C:\Windows\System\JzFOJKJ.exe
  2⤵
  PID:2012
- C:\Windows\System\LRniTEt.exe
  C:\Windows\System\LRniTEt.exe
  2⤵
  PID:6224
- C:\Windows\System\xJkMJrq.exe
  C:\Windows\System\xJkMJrq.exe
  2⤵
  PID:6252
- C:\Windows\System\OObZaEV.exe
  C:\Windows\System\OObZaEV.exe
  2⤵
  PID:6344
- C:\Windows\System\kJNOtSC.exe
  C:\Windows\System\kJNOtSC.exe
  2⤵
  PID:6368
- C:\Windows\System\MgBNuGG.exe
  C:\Windows\System\MgBNuGG.exe
  2⤵
  PID:6408
- C:\Windows\System\wZLDLVA.exe
  C:\Windows\System\wZLDLVA.exe
  2⤵
  PID:6492
- C:\Windows\System\eRQpzIa.exe
  C:\Windows\System\eRQpzIa.exe
  2⤵
  PID:6552
- C:\Windows\System\qcmMiqH.exe
  C:\Windows\System\qcmMiqH.exe
  2⤵
  PID:6612
- C:\Windows\System\kTMrNtn.exe
  C:\Windows\System\kTMrNtn.exe
  2⤵
  PID:6604
- C:\Windows\System\LnJuTHR.exe
  C:\Windows\System\LnJuTHR.exe
  2⤵
  PID:6652
- C:\Windows\System\lBbovFo.exe
  C:\Windows\System\lBbovFo.exe
  2⤵
  PID:6728
- C:\Windows\System\dewIghV.exe
  C:\Windows\System\dewIghV.exe
  2⤵
  PID:6812
- C:\Windows\System\gATBeNf.exe
  C:\Windows\System\gATBeNf.exe
  2⤵
  PID:2784
- C:\Windows\System\rdkKmaV.exe
  C:\Windows\System\rdkKmaV.exe
  2⤵
  PID:6864
- C:\Windows\System\LHCQNKN.exe
  C:\Windows\System\LHCQNKN.exe
  2⤵
  PID:6908
- C:\Windows\System\aEwubxM.exe
  C:\Windows\System\aEwubxM.exe
  2⤵
  PID:6964
- C:\Windows\System\lwDesLU.exe
  C:\Windows\System\lwDesLU.exe
  2⤵
  PID:7044
- C:\Windows\System\dhsPMfT.exe
  C:\Windows\System\dhsPMfT.exe
  2⤵
  PID:7052
- C:\Windows\System\rDHojOH.exe
  C:\Windows\System\rDHojOH.exe
  2⤵
  PID:7132
- C:\Windows\System\qfzgzul.exe
  C:\Windows\System\qfzgzul.exe
  2⤵
  PID:7144
- C:\Windows\System\DjZqpIN.exe
  C:\Windows\System\DjZqpIN.exe
  2⤵
  PID:2568
- C:\Windows\System\vYPnZGd.exe
  C:\Windows\System\vYPnZGd.exe
  2⤵
  PID:1464
- C:\Windows\System\giDsren.exe
  C:\Windows\System\giDsren.exe
  2⤵
  PID:5348
- C:\Windows\System\vsLPemG.exe
  C:\Windows\System\vsLPemG.exe
  2⤵
  PID:3832
- C:\Windows\System\JnCBZEr.exe
  C:\Windows\System\JnCBZEr.exe
  2⤵
  PID:6228
- C:\Windows\System\AODdGli.exe
  C:\Windows\System\AODdGli.exe
  2⤵
  PID:6248
- C:\Windows\System\kQcbXYy.exe
  C:\Windows\System\kQcbXYy.exe
  2⤵
  PID:6364
- C:\Windows\System\SsGsWhN.exe
  C:\Windows\System\SsGsWhN.exe
  2⤵
  PID:6452
- C:\Windows\System\qIBDXyq.exe
  C:\Windows\System\qIBDXyq.exe
  2⤵
  PID:6544
- C:\Windows\System\uZKDofF.exe
  C:\Windows\System\uZKDofF.exe
  2⤵
  PID:6632
- C:\Windows\System\yNvnpcc.exe
  C:\Windows\System\yNvnpcc.exe
  2⤵
  PID:6608
- C:\Windows\System\emXVnzi.exe
  C:\Windows\System\emXVnzi.exe
  2⤵
  PID:6692
- C:\Windows\System\acPfheQ.exe
  C:\Windows\System\acPfheQ.exe
  2⤵
  PID:6884
- C:\Windows\System\vgydSmy.exe
  C:\Windows\System\vgydSmy.exe
  2⤵
  PID:1104
- C:\Windows\System\jNHihja.exe
  C:\Windows\System\jNHihja.exe
  2⤵
  PID:6944
- C:\Windows\System\vknFslH.exe
  C:\Windows\System\vknFslH.exe
  2⤵
  PID:7048
- C:\Windows\System\oMMvyHa.exe
  C:\Windows\System\oMMvyHa.exe
  2⤵
  PID:7092
- C:\Windows\System\zjOMdom.exe
  C:\Windows\System\zjOMdom.exe
  2⤵
  PID:7148
- C:\Windows\System\iPsyPwc.exe
  C:\Windows\System\iPsyPwc.exe
  2⤵
  PID:6024
- C:\Windows\System\iwBNfoE.exe
  C:\Windows\System\iwBNfoE.exe
  2⤵
  PID:5304
- C:\Windows\System\tVsCfoO.exe
  C:\Windows\System\tVsCfoO.exe
  2⤵
  PID:1724
- C:\Windows\System\BuNaSVt.exe
  C:\Windows\System\BuNaSVt.exe
  2⤵
  PID:6268
- C:\Windows\System\mqhpSyH.exe
  C:\Windows\System\mqhpSyH.exe
  2⤵
  PID:6324
- C:\Windows\System\WAYIjsK.exe
  C:\Windows\System\WAYIjsK.exe
  2⤵
  PID:6468
- C:\Windows\System\EZDxqPh.exe
  C:\Windows\System\EZDxqPh.exe
  2⤵
  PID:6568
- C:\Windows\System\PHvBeFU.exe
  C:\Windows\System\PHvBeFU.exe
  2⤵
  PID:2844
- C:\Windows\System\XyfOeuP.exe
  C:\Windows\System\XyfOeuP.exe
  2⤵
  PID:1088
- C:\Windows\System\eYuoIDW.exe
  C:\Windows\System\eYuoIDW.exe
  2⤵
  PID:284
- C:\Windows\System\VemNUOh.exe
  C:\Windows\System\VemNUOh.exe
  2⤵
  PID:6988
- C:\Windows\System\FjSzOyr.exe
  C:\Windows\System\FjSzOyr.exe
  2⤵
  PID:2816
- C:\Windows\System\aBxutfV.exe
  C:\Windows\System\aBxutfV.exe
  2⤵
  PID:7072
- C:\Windows\System\JxjCHfx.exe
  C:\Windows\System\JxjCHfx.exe
  2⤵
  PID:5132
- C:\Windows\System\klZTqXz.exe
  C:\Windows\System\klZTqXz.exe
  2⤵
  PID:5908
- C:\Windows\System\IBiMpzy.exe
  C:\Windows\System\IBiMpzy.exe
  2⤵
  PID:992
- C:\Windows\System\ikOwgVy.exe
  C:\Windows\System\ikOwgVy.exe
  2⤵
  PID:6308
- C:\Windows\System\RXHAJZH.exe
  C:\Windows\System\RXHAJZH.exe
  2⤵
  PID:896
- C:\Windows\System\nYfbgJK.exe
  C:\Windows\System\nYfbgJK.exe
  2⤵
  PID:1900
- C:\Windows\System\uhboQSR.exe
  C:\Windows\System\uhboQSR.exe
  2⤵
  PID:6772
- C:\Windows\System\NwSMwOk.exe
  C:\Windows\System\NwSMwOk.exe
  2⤵
  PID:6892
- C:\Windows\System\HMgplyq.exe
  C:\Windows\System\HMgplyq.exe
  2⤵
  PID:6968
- C:\Windows\System\IetRVIH.exe
  C:\Windows\System\IetRVIH.exe
  2⤵
  PID:1676
- C:\Windows\System\PceBpeW.exe
  C:\Windows\System\PceBpeW.exe
  2⤵
  PID:6184
- C:\Windows\System\vrTNvpW.exe
  C:\Windows\System\vrTNvpW.exe
  2⤵
  PID:6148
- C:\Windows\System\iRVawjW.exe
  C:\Windows\System\iRVawjW.exe
  2⤵
  PID:2808
- C:\Windows\System\dpShXII.exe
  C:\Windows\System\dpShXII.exe
  2⤵
  PID:1600
- C:\Windows\System\weuDBEm.exe
  C:\Windows\System\weuDBEm.exe
  2⤵
  PID:2288
- C:\Windows\System\gNoLWdI.exe
  C:\Windows\System\gNoLWdI.exe
  2⤵
  PID:2748
- C:\Windows\System\jzOSOdE.exe
  C:\Windows\System\jzOSOdE.exe
  2⤵
  PID:2292
- C:\Windows\System\veJBtNs.exe
  C:\Windows\System\veJBtNs.exe
  2⤵
  PID:6748
- C:\Windows\System\XzGwqzZ.exe
  C:\Windows\System\XzGwqzZ.exe
  2⤵
  PID:1548
- C:\Windows\System\FsVJtKv.exe
  C:\Windows\System\FsVJtKv.exe
  2⤵
  PID:2572
- C:\Windows\System\Dioilpv.exe
  C:\Windows\System\Dioilpv.exe
  2⤵
  PID:2268
- C:\Windows\System\IThogFO.exe
  C:\Windows\System\IThogFO.exe
  2⤵
  PID:1752
- C:\Windows\System\wotktoZ.exe
  C:\Windows\System\wotktoZ.exe
  2⤵
  PID:2160
- C:\Windows\System\DQiRuRy.exe
  C:\Windows\System\DQiRuRy.exe
  2⤵
  PID:2252
- C:\Windows\System\lntOcLQ.exe
  C:\Windows\System\lntOcLQ.exe
  2⤵
  PID:2144
- C:\Windows\System\PRZnqmx.exe
  C:\Windows\System\PRZnqmx.exe
  2⤵
  PID:3036
- C:\Windows\System\sLqVbPP.exe
  C:\Windows\System\sLqVbPP.exe
  2⤵
  PID:7172
- C:\Windows\System\jBwFgSx.exe
  C:\Windows\System\jBwFgSx.exe
  2⤵
  PID:7192
- C:\Windows\System\nDRGHWJ.exe
  C:\Windows\System\nDRGHWJ.exe
  2⤵
  PID:7232
- C:\Windows\System\YwiHWNI.exe
  C:\Windows\System\YwiHWNI.exe
  2⤵
  PID:7256
- C:\Windows\System\cwqvtZi.exe
  C:\Windows\System\cwqvtZi.exe
  2⤵
  PID:7272
- C:\Windows\System\YTSZfKF.exe
  C:\Windows\System\YTSZfKF.exe
  2⤵
  PID:7288
- C:\Windows\System\ENqTzEZ.exe
  C:\Windows\System\ENqTzEZ.exe
  2⤵
  PID:7316
- C:\Windows\System\pQTjkZi.exe
  C:\Windows\System\pQTjkZi.exe
  2⤵
  PID:7332
- C:\Windows\System\wUxUivD.exe
  C:\Windows\System\wUxUivD.exe
  2⤵
  PID:7360
- C:\Windows\System\HEcpatg.exe
  C:\Windows\System\HEcpatg.exe
  2⤵
  PID:7380
- C:\Windows\System\aECeXek.exe
  C:\Windows\System\aECeXek.exe
  2⤵
  PID:7396
- C:\Windows\System\kQopPSQ.exe
  C:\Windows\System\kQopPSQ.exe
  2⤵
  PID:7412
- C:\Windows\System\tZtSJDR.exe
  C:\Windows\System\tZtSJDR.exe
  2⤵
  PID:7432
- C:\Windows\System\IuhJGFr.exe
  C:\Windows\System\IuhJGFr.exe
  2⤵
  PID:7464
- C:\Windows\System\VPRCaoT.exe
  C:\Windows\System\VPRCaoT.exe
  2⤵
  PID:7480
- C:\Windows\System\yVajryE.exe
  C:\Windows\System\yVajryE.exe
  2⤵
  PID:7500
- C:\Windows\System\vnTguur.exe
  C:\Windows\System\vnTguur.exe
  2⤵
  PID:7516
- C:\Windows\System\GFEfUBj.exe
  C:\Windows\System\GFEfUBj.exe
  2⤵
  PID:7532
- C:\Windows\System\OtaWKZN.exe
  C:\Windows\System\OtaWKZN.exe
  2⤵
  PID:7548
- C:\Windows\System\EpBhysb.exe
  C:\Windows\System\EpBhysb.exe
  2⤵
  PID:7564
- C:\Windows\System\BPdYCgX.exe
  C:\Windows\System\BPdYCgX.exe
  2⤵
  PID:7604
- C:\Windows\System\WDUEXvu.exe
  C:\Windows\System\WDUEXvu.exe
  2⤵
  PID:7620
- C:\Windows\System\ZhleNgK.exe
  C:\Windows\System\ZhleNgK.exe
  2⤵
  PID:7636
- C:\Windows\System\fOqDWLb.exe
  C:\Windows\System\fOqDWLb.exe
  2⤵
  PID:7652
- C:\Windows\System\imLOFDZ.exe
  C:\Windows\System\imLOFDZ.exe
  2⤵
  PID:7672
- C:\Windows\System\chfGRSf.exe
  C:\Windows\System\chfGRSf.exe
  2⤵
  PID:7688
- C:\Windows\System\BADPZfq.exe
  C:\Windows\System\BADPZfq.exe
  2⤵
  PID:7704
- C:\Windows\System\klqPGsT.exe
  C:\Windows\System\klqPGsT.exe
  2⤵
  PID:7720
- C:\Windows\System\jVEeeQt.exe
  C:\Windows\System\jVEeeQt.exe
  2⤵
  PID:7736
- C:\Windows\System\UpyrDTV.exe
  C:\Windows\System\UpyrDTV.exe
  2⤵
  PID:7760
- C:\Windows\System\eQQMphB.exe
  C:\Windows\System\eQQMphB.exe
  2⤵
  PID:7788
- C:\Windows\System\hxtGYDc.exe
  C:\Windows\System\hxtGYDc.exe
  2⤵
  PID:7816
- C:\Windows\System\yrxDKob.exe
  C:\Windows\System\yrxDKob.exe
  2⤵
  PID:7836
- C:\Windows\System\gydJUBP.exe
  C:\Windows\System\gydJUBP.exe
  2⤵
  PID:7852
- C:\Windows\System\ToxMNRy.exe
  C:\Windows\System\ToxMNRy.exe
  2⤵
  PID:7872
- C:\Windows\System\NPNgoXV.exe
  C:\Windows\System\NPNgoXV.exe
  2⤵
  PID:7896
- C:\Windows\System\ryEwTtl.exe
  C:\Windows\System\ryEwTtl.exe
  2⤵
  PID:7916
- C:\Windows\System\ZXNFYCk.exe
  C:\Windows\System\ZXNFYCk.exe
  2⤵
  PID:7932
- C:\Windows\System\mLHFyyj.exe
  C:\Windows\System\mLHFyyj.exe
  2⤵
  PID:7956
- C:\Windows\System\qXFVatf.exe
  C:\Windows\System\qXFVatf.exe
  2⤵
  PID:7972
- C:\Windows\System\ImLOvPH.exe
  C:\Windows\System\ImLOvPH.exe
  2⤵
  PID:7988
- C:\Windows\System\YxYJjJp.exe
  C:\Windows\System\YxYJjJp.exe
  2⤵
  PID:8012
- C:\Windows\System\mhvSZpT.exe
  C:\Windows\System\mhvSZpT.exe
  2⤵
  PID:8028
- C:\Windows\System\cJvLVUK.exe
  C:\Windows\System\cJvLVUK.exe
  2⤵
  PID:8044
- C:\Windows\System\TltXkiU.exe
  C:\Windows\System\TltXkiU.exe
  2⤵
  PID:8064
- C:\Windows\System\diRvMNQ.exe
  C:\Windows\System\diRvMNQ.exe
  2⤵
  PID:8084
- C:\Windows\System\rZvRQbh.exe
  C:\Windows\System\rZvRQbh.exe
  2⤵
  PID:8100
- C:\Windows\System\lWXxDPS.exe
  C:\Windows\System\lWXxDPS.exe
  2⤵
  PID:8116
- C:\Windows\System\ipPByMe.exe
  C:\Windows\System\ipPByMe.exe
  2⤵
  PID:8168
- C:\Windows\System\fUHEIsW.exe
  C:\Windows\System\fUHEIsW.exe
  2⤵
  PID:8184
- C:\Windows\System\WNCgYfZ.exe
  C:\Windows\System\WNCgYfZ.exe
  2⤵
  PID:7204
- C:\Windows\System\TwHNjJL.exe
  C:\Windows\System\TwHNjJL.exe
  2⤵
  PID:1624
- C:\Windows\System\opWnEKu.exe
  C:\Windows\System\opWnEKu.exe
  2⤵
  PID:2412
- C:\Windows\System\JmZbDxo.exe
  C:\Windows\System\JmZbDxo.exe
  2⤵
  PID:7180
- C:\Windows\System\QUGHWOu.exe
  C:\Windows\System\QUGHWOu.exe
  2⤵
  PID:7268
- C:\Windows\System\KJtmBqo.exe
  C:\Windows\System\KJtmBqo.exe
  2⤵
  PID:7248
- C:\Windows\System\CvFXjog.exe
  C:\Windows\System\CvFXjog.exe
  2⤵
  PID:7300
- C:\Windows\System\NKpNKgM.exe
  C:\Windows\System\NKpNKgM.exe
  2⤵
  PID:7308
- C:\Windows\System\sASzmoK.exe
  C:\Windows\System\sASzmoK.exe
  2⤵
  PID:7348
- C:\Windows\System\JqcFmCh.exe
  C:\Windows\System\JqcFmCh.exe
  2⤵
  PID:7392
- C:\Windows\System\DAjpXmV.exe
  C:\Windows\System\DAjpXmV.exe
  2⤵
  PID:7428
- C:\Windows\System\oXRvokn.exe
  C:\Windows\System\oXRvokn.exe
  2⤵
  PID:7448
- C:\Windows\System\OIwoVzA.exe
  C:\Windows\System\OIwoVzA.exe
  2⤵
  PID:7476
- C:\Windows\System\mgErfOG.exe
  C:\Windows\System\mgErfOG.exe
  2⤵
  PID:7496
- C:\Windows\System\ZJNmmaY.exe
  C:\Windows\System\ZJNmmaY.exe
  2⤵
  PID:7572
- C:\Windows\System\lHdlIIy.exe
  C:\Windows\System\lHdlIIy.exe
  2⤵
  PID:7556
- C:\Windows\System\FUGrxtt.exe
  C:\Windows\System\FUGrxtt.exe
  2⤵
  PID:7588
- C:\Windows\System\UuhkQMM.exe
  C:\Windows\System\UuhkQMM.exe
  2⤵
  PID:7628
- C:\Windows\System\JueoBgL.exe
  C:\Windows\System\JueoBgL.exe
  2⤵
  PID:7728
- C:\Windows\System\VLnHIRa.exe
  C:\Windows\System\VLnHIRa.exe
  2⤵
  PID:7668
- C:\Windows\System\DbrvmYJ.exe
  C:\Windows\System\DbrvmYJ.exe
  2⤵
  PID:7744
- C:\Windows\System\SyuqEkp.exe
  C:\Windows\System\SyuqEkp.exe
  2⤵
  PID:7680
- C:\Windows\System\DFReoAO.exe
  C:\Windows\System\DFReoAO.exe
  2⤵
  PID:7768
- C:\Windows\System\wszugRW.exe
  C:\Windows\System\wszugRW.exe
  2⤵
  PID:7784
- C:\Windows\System\AFGLayU.exe
  C:\Windows\System\AFGLayU.exe
  2⤵
  PID:7864
- C:\Windows\System\rMxOAGu.exe
  C:\Windows\System\rMxOAGu.exe
  2⤵
  PID:7908
- C:\Windows\System\PHOwbpl.exe
  C:\Windows\System\PHOwbpl.exe
  2⤵
  PID:7808
- C:\Windows\System\QdedDSK.exe
  C:\Windows\System\QdedDSK.exe
  2⤵
  PID:7844
- C:\Windows\System\hewQGom.exe
  C:\Windows\System\hewQGom.exe
  2⤵
  PID:8020
- C:\Windows\System\NUjaFRw.exe
  C:\Windows\System\NUjaFRw.exe
  2⤵
  PID:8060
- C:\Windows\System\ciRghgf.exe
  C:\Windows\System\ciRghgf.exe
  2⤵
  PID:8124
- C:\Windows\System\XYkYfjb.exe
  C:\Windows\System\XYkYfjb.exe
  2⤵
  PID:7812
- C:\Windows\System\rNBNvjQ.exe
  C:\Windows\System\rNBNvjQ.exe
  2⤵
  PID:8040
- C:\Windows\System\YlJqgrz.exe
  C:\Windows\System\YlJqgrz.exe
  2⤵
  PID:7880
- C:\Windows\System\IGjUlWC.exe
  C:\Windows\System\IGjUlWC.exe
  2⤵
  PID:7892
- C:\Windows\System\xuyHfzY.exe
  C:\Windows\System\xuyHfzY.exe
  2⤵
  PID:8148
- C:\Windows\System\VubidBn.exe
  C:\Windows\System\VubidBn.exe
  2⤵
  PID:8160
- C:\Windows\System\qmVWPib.exe
  C:\Windows\System\qmVWPib.exe
  2⤵
  PID:8008
- C:\Windows\System\BWEmbOc.exe
  C:\Windows\System\BWEmbOc.exe
  2⤵
  PID:7220
- C:\Windows\System\nHIeKhn.exe
  C:\Windows\System\nHIeKhn.exe
  2⤵
  PID:7212
- C:\Windows\System\cWeOQVW.exe
  C:\Windows\System\cWeOQVW.exe
  2⤵
  PID:7352
- C:\Windows\System\wcTYEdJ.exe
  C:\Windows\System\wcTYEdJ.exe
  2⤵
  PID:2356
- C:\Windows\System\vGadydK.exe
  C:\Windows\System\vGadydK.exe
  2⤵
  PID:7284
- C:\Windows\System\tpzLpsV.exe
  C:\Windows\System\tpzLpsV.exe
  2⤵
  PID:7340
- C:\Windows\System\MSvwbDC.exe
  C:\Windows\System\MSvwbDC.exe
  2⤵
  PID:7388
- C:\Windows\System\OScCIfq.exe
  C:\Windows\System\OScCIfq.exe
  2⤵
  PID:7424
- C:\Windows\System\otMMALx.exe
  C:\Windows\System\otMMALx.exe
  2⤵
  PID:7544
- C:\Windows\System\rVJjFJw.exe
  C:\Windows\System\rVJjFJw.exe
  2⤵
  PID:7632
- C:\Windows\System\oBUbLSt.exe
  C:\Windows\System\oBUbLSt.exe
  2⤵
  PID:7644
- C:\Windows\System\uTSMLVC.exe
  C:\Windows\System\uTSMLVC.exe
  2⤵
  PID:7596
- C:\Windows\System\OImYfBE.exe
  C:\Windows\System\OImYfBE.exe
  2⤵
  PID:7904
- C:\Windows\System\cuOnEZi.exe
  C:\Windows\System\cuOnEZi.exe
  2⤵
  PID:7716
- C:\Windows\System\YpqtBWC.exe
  C:\Windows\System\YpqtBWC.exe
  2⤵
  PID:7796
- C:\Windows\System\rBCGWee.exe
  C:\Windows\System\rBCGWee.exe
  2⤵
  PID:7980
- C:\Windows\System\bsBFyhO.exe
  C:\Windows\System\bsBFyhO.exe
  2⤵
  PID:7848
- C:\Windows\System\ElVOVlx.exe
  C:\Windows\System\ElVOVlx.exe
  2⤵
  PID:8140
- C:\Windows\System\KgbGbwp.exe
  C:\Windows\System\KgbGbwp.exe
  2⤵
  PID:7684
- C:\Windows\System\OxKESBa.exe
  C:\Windows\System\OxKESBa.exe
  2⤵
  PID:7800
- C:\Windows\System\iVRrsnM.exe
  C:\Windows\System\iVRrsnM.exe
  2⤵
  PID:2760
- C:\Windows\System\NGIsBrr.exe
  C:\Windows\System\NGIsBrr.exe
  2⤵
  PID:1800
- C:\Windows\System\UmsxyGw.exe
  C:\Windows\System\UmsxyGw.exe
  2⤵
  PID:7264
- C:\Windows\System\pzgjgSz.exe
  C:\Windows\System\pzgjgSz.exe
  2⤵
  PID:7404
- C:\Windows\System\oqFIEaD.exe
  C:\Windows\System\oqFIEaD.exe
  2⤵
  PID:7452
- C:\Windows\System\WZiXxJr.exe
  C:\Windows\System\WZiXxJr.exe
  2⤵
  PID:7488
- C:\Windows\System\rdzgKuO.exe
  C:\Windows\System\rdzgKuO.exe
  2⤵
  PID:7912
- C:\Windows\System\kZDcqXX.exe
  C:\Windows\System\kZDcqXX.exe
  2⤵
  PID:7664
- C:\Windows\System\SkJDjNX.exe
  C:\Windows\System\SkJDjNX.exe
  2⤵
  PID:7712
- C:\Windows\System\yLnOppc.exe
  C:\Windows\System\yLnOppc.exe
  2⤵
  PID:8076
- C:\Windows\System\nIQkFrN.exe
  C:\Windows\System\nIQkFrN.exe
  2⤵
  PID:8052
- C:\Windows\System\kVPqojo.exe
  C:\Windows\System\kVPqojo.exe
  2⤵
  PID:7312
- C:\Windows\System\JkxNady.exe
  C:\Windows\System\JkxNady.exe
  2⤵
  PID:7472
- C:\Windows\System\DjMZEIv.exe
  C:\Windows\System\DjMZEIv.exe
  2⤵
  PID:8096
- C:\Windows\System\IgOSIOc.exe
  C:\Windows\System\IgOSIOc.exe
  2⤵
  PID:7296
- C:\Windows\System\AlaaMfZ.exe
  C:\Windows\System\AlaaMfZ.exe
  2⤵
  PID:7964
- C:\Windows\System\ArgPtJb.exe
  C:\Windows\System\ArgPtJb.exe
  2⤵
  PID:7600
- C:\Windows\System\dkAoXSr.exe
  C:\Windows\System\dkAoXSr.exe
  2⤵
  PID:8204
- C:\Windows\System\lZXDNXd.exe
  C:\Windows\System\lZXDNXd.exe
  2⤵
  PID:8220
- C:\Windows\System\VXHupCN.exe
  C:\Windows\System\VXHupCN.exe
  2⤵
  PID:8236
- C:\Windows\System\dZgFDQn.exe
  C:\Windows\System\dZgFDQn.exe
  2⤵
  PID:8252
- C:\Windows\System\ZvheHvP.exe
  C:\Windows\System\ZvheHvP.exe
  2⤵
  PID:8268
- C:\Windows\System\mZTLQwr.exe
  C:\Windows\System\mZTLQwr.exe
  2⤵
  PID:8284
- C:\Windows\System\mgxalUx.exe
  C:\Windows\System\mgxalUx.exe
  2⤵
  PID:8300
- C:\Windows\System\LngRZtQ.exe
  C:\Windows\System\LngRZtQ.exe
  2⤵
  PID:8316
- C:\Windows\System\uZboLbh.exe
  C:\Windows\System\uZboLbh.exe
  2⤵
  PID:8332
- C:\Windows\System\UMALksa.exe
  C:\Windows\System\UMALksa.exe
  2⤵
  PID:8352
- C:\Windows\System\UldQlTP.exe
  C:\Windows\System\UldQlTP.exe
  2⤵
  PID:8368
- C:\Windows\System\fngXskx.exe
  C:\Windows\System\fngXskx.exe
  2⤵
  PID:8384
- C:\Windows\System\ngtzCSE.exe
  C:\Windows\System\ngtzCSE.exe
  2⤵
  PID:8400
- C:\Windows\System\fPOHnww.exe
  C:\Windows\System\fPOHnww.exe
  2⤵
  PID:8416
- C:\Windows\System\dbFKFrc.exe
  C:\Windows\System\dbFKFrc.exe
  2⤵
  PID:8432
- C:\Windows\System\fUClhUJ.exe
  C:\Windows\System\fUClhUJ.exe
  2⤵
  PID:8448
- C:\Windows\System\cpHsGOQ.exe
  C:\Windows\System\cpHsGOQ.exe
  2⤵
  PID:8464
- C:\Windows\System\cIwCmJC.exe
  C:\Windows\System\cIwCmJC.exe
  2⤵
  PID:8480
- C:\Windows\System\fvmzErD.exe
  C:\Windows\System\fvmzErD.exe
  2⤵
  PID:8500
- C:\Windows\System\wODGula.exe
  C:\Windows\System\wODGula.exe
  2⤵
  PID:8520
- C:\Windows\System\OXetiGM.exe
  C:\Windows\System\OXetiGM.exe
  2⤵
  PID:8540
- C:\Windows\System\OOdqaLY.exe
  C:\Windows\System\OOdqaLY.exe
  2⤵
  PID:8556
- C:\Windows\System\ZMNDFEr.exe
  C:\Windows\System\ZMNDFEr.exe
  2⤵
  PID:8576
- C:\Windows\System\VAvcUWN.exe
  C:\Windows\System\VAvcUWN.exe
  2⤵
  PID:8592
- C:\Windows\System\ntIwpGs.exe
  C:\Windows\System\ntIwpGs.exe
  2⤵
  PID:8612
- C:\Windows\System\jNuvQvk.exe
  C:\Windows\System\jNuvQvk.exe
  2⤵
  PID:8640
- C:\Windows\System\YTJTitO.exe
  C:\Windows\System\YTJTitO.exe
  2⤵
  PID:8664
- C:\Windows\System\zcGUfcZ.exe
  C:\Windows\System\zcGUfcZ.exe
  2⤵
  PID:8684
- C:\Windows\System\sPUyTBr.exe
  C:\Windows\System\sPUyTBr.exe
  2⤵
  PID:8704
- C:\Windows\System\WAhwRGl.exe
  C:\Windows\System\WAhwRGl.exe
  2⤵
  PID:8724
- C:\Windows\System\ueaCmIP.exe
  C:\Windows\System\ueaCmIP.exe
  2⤵
  PID:8740
- C:\Windows\System\UniVKKH.exe
  C:\Windows\System\UniVKKH.exe
  2⤵
  PID:8756
- C:\Windows\System\eWtwVHY.exe
  C:\Windows\System\eWtwVHY.exe
  2⤵
  PID:8772
- C:\Windows\System\okkkJna.exe
  C:\Windows\System\okkkJna.exe
  2⤵
  PID:8788
- C:\Windows\System\zAkjCqf.exe
  C:\Windows\System\zAkjCqf.exe
  2⤵
  PID:8804
- C:\Windows\System\GDYiPRC.exe
  C:\Windows\System\GDYiPRC.exe
  2⤵
  PID:8828
- C:\Windows\System\zEsmOCe.exe
  C:\Windows\System\zEsmOCe.exe
  2⤵
  PID:8848
- C:\Windows\System\JYYsPSP.exe
  C:\Windows\System\JYYsPSP.exe
  2⤵
  PID:8868
- C:\Windows\System\VeeHKXX.exe
  C:\Windows\System\VeeHKXX.exe
  2⤵
  PID:8884
- C:\Windows\System\XtRJPOD.exe
  C:\Windows\System\XtRJPOD.exe
  2⤵
  PID:8900
- C:\Windows\System\yqjzuzO.exe
  C:\Windows\System\yqjzuzO.exe
  2⤵
  PID:8916
- C:\Windows\System\kNshcHt.exe
  C:\Windows\System\kNshcHt.exe
  2⤵
  PID:8936
- C:\Windows\System\sBAsZqX.exe
  C:\Windows\System\sBAsZqX.exe
  2⤵
  PID:9040
- C:\Windows\System\Oqfnbnb.exe
  C:\Windows\System\Oqfnbnb.exe
  2⤵
  PID:9056
- C:\Windows\System\NNNjvzi.exe
  C:\Windows\System\NNNjvzi.exe
  2⤵
  PID:9072
- C:\Windows\System\GNgNnuh.exe
  C:\Windows\System\GNgNnuh.exe
  2⤵
  PID:9088
- C:\Windows\System\HHPonGi.exe
  C:\Windows\System\HHPonGi.exe
  2⤵
  PID:9104
- C:\Windows\System\nTwvQJV.exe
  C:\Windows\System\nTwvQJV.exe
  2⤵
  PID:9120
- C:\Windows\System\dyIkFNU.exe
  C:\Windows\System\dyIkFNU.exe
  2⤵
  PID:9144
- C:\Windows\System\vVsFrts.exe
  C:\Windows\System\vVsFrts.exe
  2⤵
  PID:9160
- C:\Windows\System\GNvbuAg.exe
  C:\Windows\System\GNvbuAg.exe
  2⤵
  PID:9176
- C:\Windows\System\adLVQLk.exe
  C:\Windows\System\adLVQLk.exe
  2⤵
  PID:9192
- C:\Windows\System\NZUOmGI.exe
  C:\Windows\System\NZUOmGI.exe
  2⤵
  PID:9208
- C:\Windows\System\KahiOka.exe
  C:\Windows\System\KahiOka.exe
  2⤵
  PID:8244
- C:\Windows\System\eKyIROX.exe
  C:\Windows\System\eKyIROX.exe
  2⤵
  PID:7888
- C:\Windows\System\atubqxo.exe
  C:\Windows\System\atubqxo.exe
  2⤵
  PID:8196
- C:\Windows\System\WJxaiju.exe
  C:\Windows\System\WJxaiju.exe
  2⤵
  PID:8876
- C:\Windows\System\ADBBRFE.exe
  C:\Windows\System\ADBBRFE.exe
  2⤵
  PID:8924
- C:\Windows\System\GaUEUXZ.exe
  C:\Windows\System\GaUEUXZ.exe
  2⤵
  PID:9048
- C:\Windows\System\TCBUugC.exe
  C:\Windows\System\TCBUugC.exe
  2⤵
  PID:9020
- C:\Windows\System\nnhhsJB.exe
  C:\Windows\System\nnhhsJB.exe
  2⤵
  PID:9004
- C:\Windows\System\YxZyMuM.exe
  C:\Windows\System\YxZyMuM.exe
  2⤵
  PID:9024
- C:\Windows\System\tqjDRSi.exe
  C:\Windows\System\tqjDRSi.exe
  2⤵
  PID:9068
- C:\Windows\System\eqDgXdc.exe
  C:\Windows\System\eqDgXdc.exe
  2⤵
  PID:9112
- C:\Windows\System\GBMjsLx.exe
  C:\Windows\System\GBMjsLx.exe
  2⤵
  PID:9140
- C:\Windows\System\JczhEJi.exe
  C:\Windows\System\JczhEJi.exe
  2⤵
  PID:8000
- C:\Windows\System\bISyawb.exe
  C:\Windows\System\bISyawb.exe
  2⤵
  PID:8280
- C:\Windows\System\BSMOVGV.exe
  C:\Windows\System\BSMOVGV.exe
  2⤵
  PID:8308
- C:\Windows\System\yXzzRSu.exe
  C:\Windows\System\yXzzRSu.exe
  2⤵
  PID:7420
- C:\Windows\System\KQBNdes.exe
  C:\Windows\System\KQBNdes.exe
  2⤵
  PID:8260
- C:\Windows\System\etsYSOj.exe
  C:\Windows\System\etsYSOj.exe
  2⤵
  PID:8312
- C:\Windows\System\nEZOtbZ.exe
  C:\Windows\System\nEZOtbZ.exe
  2⤵
  PID:8328
- C:\Windows\System\ejRLEkS.exe
  C:\Windows\System\ejRLEkS.exe
  2⤵
  PID:8472
- C:\Windows\System\LwCnves.exe
  C:\Windows\System\LwCnves.exe
  2⤵
  PID:8460
- C:\Windows\System\FWpbJkn.exe
  C:\Windows\System\FWpbJkn.exe
  2⤵
  PID:8456
- C:\Windows\System\aCdqiUG.exe
  C:\Windows\System\aCdqiUG.exe
  2⤵
  PID:8532
- C:\Windows\System\bbWkocz.exe
  C:\Windows\System\bbWkocz.exe
  2⤵
  PID:8584
- C:\Windows\System\kqPUVuR.exe
  C:\Windows\System\kqPUVuR.exe
  2⤵
  PID:8624
- C:\Windows\System\ExnWlWb.exe
  C:\Windows\System\ExnWlWb.exe
  2⤵
  PID:8636
- C:\Windows\System\pEMnGRm.exe
  C:\Windows\System\pEMnGRm.exe
  2⤵
  PID:8660
- C:\Windows\System\MOKAOUp.exe
  C:\Windows\System\MOKAOUp.exe
  2⤵
  PID:8712
- C:\Windows\System\DBYNeLj.exe
  C:\Windows\System\DBYNeLj.exe
  2⤵
  PID:8692
- C:\Windows\System\dksSNgt.exe
  C:\Windows\System\dksSNgt.exe
  2⤵
  PID:8696
- C:\Windows\System\QLCCFao.exe
  C:\Windows\System\QLCCFao.exe
  2⤵
  PID:8812
- C:\Windows\System\zMbOByV.exe
  C:\Windows\System\zMbOByV.exe
  2⤵
  PID:8840
- C:\Windows\System\mMJBSfM.exe
  C:\Windows\System\mMJBSfM.exe
  2⤵
  PID:8864
- C:\Windows\System\cDHlxFQ.exe
  C:\Windows\System\cDHlxFQ.exe
  2⤵
  PID:8988
- C:\Windows\System\LyKkSXt.exe
  C:\Windows\System\LyKkSXt.exe
  2⤵
  PID:9016
- C:\Windows\System\eiaIIAM.exe
  C:\Windows\System\eiaIIAM.exe
  2⤵
  PID:8976
- C:\Windows\System\qANpPie.exe
  C:\Windows\System\qANpPie.exe
  2⤵
  PID:9052
- C:\Windows\System\WANKLyL.exe
  C:\Windows\System\WANKLyL.exe
  2⤵
  PID:9136
- C:\Windows\System\daxhoBR.exe
  C:\Windows\System\daxhoBR.exe
  2⤵
  PID:9168
- C:\Windows\System\fbeqEDl.exe
  C:\Windows\System\fbeqEDl.exe
  2⤵
  PID:8248
- C:\Windows\System\bHKogmH.exe
  C:\Windows\System\bHKogmH.exe
  2⤵
  PID:7584
- C:\Windows\System\lLsrrHi.exe
  C:\Windows\System\lLsrrHi.exe
  2⤵
  PID:8408
- C:\Windows\System\TrlFZxR.exe
  C:\Windows\System\TrlFZxR.exe
  2⤵
  PID:8492
- C:\Windows\System\yVzADSx.exe
  C:\Windows\System\yVzADSx.exe
  2⤵
  PID:8496
- C:\Windows\System\pJgNmHw.exe
  C:\Windows\System\pJgNmHw.exe
  2⤵
  PID:8572
- C:\Windows\System\TnwKhcu.exe
  C:\Windows\System\TnwKhcu.exe
  2⤵
  PID:8648
- C:\Windows\System\YDsaROJ.exe
  C:\Windows\System\YDsaROJ.exe
  2⤵
  PID:8628
- C:\Windows\System\ldCJasx.exe
  C:\Windows\System\ldCJasx.exe
  2⤵
  PID:8796
- C:\Windows\System\VrQrdSn.exe
  C:\Windows\System\VrQrdSn.exe
  2⤵
  PID:8824
- C:\Windows\System\tAVzYbR.exe
  C:\Windows\System\tAVzYbR.exe
  2⤵
  PID:8984
- C:\Windows\System\KlgKCEX.exe
  C:\Windows\System\KlgKCEX.exe
  2⤵
  PID:9200
- C:\Windows\System\BoJZRAF.exe
  C:\Windows\System\BoJZRAF.exe
  2⤵
  PID:8912
- C:\Windows\System\OUMRWNl.exe
  C:\Windows\System\OUMRWNl.exe
  2⤵
  PID:9032
- C:\Windows\System\dKSItZD.exe
  C:\Windows\System\dKSItZD.exe
  2⤵
  PID:8892
- C:\Windows\System\BOKnuHM.exe
  C:\Windows\System\BOKnuHM.exe
  2⤵
  PID:8364
- C:\Windows\System\QnHZZBf.exe
  C:\Windows\System\QnHZZBf.exe
  2⤵
  PID:8508
- C:\Windows\System\aPVpEnU.exe
  C:\Windows\System\aPVpEnU.exe
  2⤵
  PID:8516
- C:\Windows\System\xpSYDpA.exe
  C:\Windows\System\xpSYDpA.exe
  2⤵
  PID:8720
- C:\Windows\System\ZNOKfgq.exe
  C:\Windows\System\ZNOKfgq.exe
  2⤵
  PID:8736
- C:\Windows\System\QItpqZU.exe
  C:\Windows\System\QItpqZU.exe
  2⤵
  PID:8800
- C:\Windows\System\IUHZJWR.exe
  C:\Windows\System\IUHZJWR.exe
  2⤵
  PID:9184
- C:\Windows\System\uBCgFBm.exe
  C:\Windows\System\uBCgFBm.exe
  2⤵
  PID:8908
- C:\Windows\System\QBuEeHT.exe
  C:\Windows\System\QBuEeHT.exe
  2⤵
  PID:8856
- C:\Windows\System\XIwVyVN.exe
  C:\Windows\System\XIwVyVN.exe
  2⤵
  PID:8296
- C:\Windows\System\pZgXzhB.exe
  C:\Windows\System\pZgXzhB.exe
  2⤵
  PID:8428
- C:\Windows\System\mWnnjew.exe
  C:\Windows\System\mWnnjew.exe
  2⤵
  PID:8656
- C:\Windows\System\DOyrgHu.exe
  C:\Windows\System\DOyrgHu.exe
  2⤵
  PID:8476
- C:\Windows\System\idwhoBa.exe
  C:\Windows\System\idwhoBa.exe
  2⤵
  PID:9064
- C:\Windows\System\yVduoZw.exe
  C:\Windows\System\yVduoZw.exe
  2⤵
  PID:8700
- C:\Windows\System\wVDsVOa.exe
  C:\Windows\System\wVDsVOa.exe
  2⤵
  PID:9152
- C:\Windows\System\pBqWMix.exe
  C:\Windows\System\pBqWMix.exe
  2⤵
  PID:8392
- C:\Windows\System\oXVudnh.exe
  C:\Windows\System\oXVudnh.exe
  2⤵
  PID:8608
- C:\Windows\System\cbmdZuX.exe
  C:\Windows\System\cbmdZuX.exe
  2⤵
  PID:8768
- C:\Windows\System\rveFiqw.exe
  C:\Windows\System\rveFiqw.exe
  2⤵
  PID:8412
- C:\Windows\System\lDCygzn.exe
  C:\Windows\System\lDCygzn.exe
  2⤵
  PID:9220
- C:\Windows\System\CcNkSHV.exe
  C:\Windows\System\CcNkSHV.exe
  2⤵
  PID:9236
- C:\Windows\System\DCrnPkI.exe
  C:\Windows\System\DCrnPkI.exe
  2⤵
  PID:9252
- C:\Windows\System\NyzQUCg.exe
  C:\Windows\System\NyzQUCg.exe
  2⤵
  PID:9268
- C:\Windows\System\sUUGZqq.exe
  C:\Windows\System\sUUGZqq.exe
  2⤵
  PID:9288
- C:\Windows\System\FuoQcjI.exe
  C:\Windows\System\FuoQcjI.exe
  2⤵
  PID:9312
- C:\Windows\System\jkwpzHL.exe
  C:\Windows\System\jkwpzHL.exe
  2⤵
  PID:9332
- C:\Windows\System\bASlWAd.exe
  C:\Windows\System\bASlWAd.exe
  2⤵
  PID:9348
- C:\Windows\System\NzJzgBL.exe
  C:\Windows\System\NzJzgBL.exe
  2⤵
  PID:9368
- C:\Windows\System\STXIiVn.exe
  C:\Windows\System\STXIiVn.exe
  2⤵
  PID:9408
- C:\Windows\System\EPkTlha.exe
  C:\Windows\System\EPkTlha.exe
  2⤵
  PID:9428
- C:\Windows\System\ZvWQKJq.exe
  C:\Windows\System\ZvWQKJq.exe
  2⤵
  PID:9444
- C:\Windows\System\BnKrCOK.exe
  C:\Windows\System\BnKrCOK.exe
  2⤵
  PID:9460
- C:\Windows\System\FlClCjH.exe
  C:\Windows\System\FlClCjH.exe
  2⤵
  PID:9480
- C:\Windows\System\WCZENmq.exe
  C:\Windows\System\WCZENmq.exe
  2⤵
  PID:9496
- C:\Windows\System\ZXQDRVT.exe
  C:\Windows\System\ZXQDRVT.exe
  2⤵
  PID:9516
- C:\Windows\System\UzRxHiY.exe
  C:\Windows\System\UzRxHiY.exe
  2⤵
  PID:9540
- C:\Windows\System\TkFvQSN.exe
  C:\Windows\System\TkFvQSN.exe
  2⤵
  PID:9560
- C:\Windows\System\hhKPdeg.exe
  C:\Windows\System\hhKPdeg.exe
  2⤵
  PID:9580
- C:\Windows\System\XSoHHNt.exe
  C:\Windows\System\XSoHHNt.exe
  2⤵
  PID:9612
- C:\Windows\System\jZVwpZs.exe
  C:\Windows\System\jZVwpZs.exe
  2⤵
  PID:9628
- C:\Windows\System\pxGLjLH.exe
  C:\Windows\System\pxGLjLH.exe
  2⤵
  PID:9644
- C:\Windows\System\lTKjACm.exe
  C:\Windows\System\lTKjACm.exe
  2⤵
  PID:9664
- C:\Windows\System\BJPzWwx.exe
  C:\Windows\System\BJPzWwx.exe
  2⤵
  PID:9684
- C:\Windows\System\biTcQpd.exe
  C:\Windows\System\biTcQpd.exe
  2⤵
  PID:9712
- C:\Windows\System\TEqBtlG.exe
  C:\Windows\System\TEqBtlG.exe
  2⤵
  PID:9728
- C:\Windows\System\fyqSiqo.exe
  C:\Windows\System\fyqSiqo.exe
  2⤵
  PID:9748
- C:\Windows\System\wLSTtzj.exe
  C:\Windows\System\wLSTtzj.exe
  2⤵
  PID:9768
- C:\Windows\System\aKgHjxL.exe
  C:\Windows\System\aKgHjxL.exe
  2⤵
  PID:9784
- C:\Windows\System\PmLPMpy.exe
  C:\Windows\System\PmLPMpy.exe
  2⤵
  PID:9812
- C:\Windows\System\lkaKICL.exe
  C:\Windows\System\lkaKICL.exe
  2⤵
  PID:9832
- C:\Windows\System\GvNwsUW.exe
  C:\Windows\System\GvNwsUW.exe
  2⤵
  PID:9848
- C:\Windows\System\UqaZUpg.exe
  C:\Windows\System\UqaZUpg.exe
  2⤵
  PID:9864
- C:\Windows\System\SIyWaEF.exe
  C:\Windows\System\SIyWaEF.exe
  2⤵
  PID:9892
- C:\Windows\System\gRndPki.exe
  C:\Windows\System\gRndPki.exe
  2⤵
  PID:9908
- C:\Windows\System\HjkUGRc.exe
  C:\Windows\System\HjkUGRc.exe
  2⤵
  PID:9924
- C:\Windows\System\tHYNTmv.exe
  C:\Windows\System\tHYNTmv.exe
  2⤵
  PID:9940
- C:\Windows\System\lZCYOAA.exe
  C:\Windows\System\lZCYOAA.exe
  2⤵
  PID:9956
- C:\Windows\System\pTpckdJ.exe
  C:\Windows\System\pTpckdJ.exe
  2⤵
  PID:9980
- C:\Windows\System\DJSXDcQ.exe
  C:\Windows\System\DJSXDcQ.exe
  2⤵
  PID:10012
- C:\Windows\System\voRUZLv.exe
  C:\Windows\System\voRUZLv.exe
  2⤵
  PID:10028
- C:\Windows\System\eSTpjIn.exe
  C:\Windows\System\eSTpjIn.exe
  2⤵
  PID:10048
- C:\Windows\System\dTuGjZC.exe
  C:\Windows\System\dTuGjZC.exe
  2⤵
  PID:10064
- C:\Windows\System\OtZLfwR.exe
  C:\Windows\System\OtZLfwR.exe
  2⤵
  PID:10080
- C:\Windows\System\AXRdGHj.exe
  C:\Windows\System\AXRdGHj.exe
  2⤵
  PID:10108
- C:\Windows\System\pZjiyJh.exe
  C:\Windows\System\pZjiyJh.exe
  2⤵
  PID:10124
- C:\Windows\System\JWPkCrK.exe
  C:\Windows\System\JWPkCrK.exe
  2⤵
  PID:10140
- C:\Windows\System\suxRPlu.exe
  C:\Windows\System\suxRPlu.exe
  2⤵
  PID:10160
- C:\Windows\System\liCqqMk.exe
  C:\Windows\System\liCqqMk.exe
  2⤵
  PID:10176
- C:\Windows\System\bDaZspf.exe
  C:\Windows\System\bDaZspf.exe
  2⤵
  PID:10192
- C:\Windows\System\qFceOwe.exe
  C:\Windows\System\qFceOwe.exe
  2⤵
  PID:10216
- C:\Windows\System\qBSpGlg.exe
  C:\Windows\System\qBSpGlg.exe
  2⤵
  PID:10236
- C:\Windows\System\lBKxtts.exe
  C:\Windows\System\lBKxtts.exe
  2⤵
  PID:9280
- C:\Windows\System\inLwCFQ.exe
  C:\Windows\System\inLwCFQ.exe
  2⤵
  PID:9328
- C:\Windows\System\YdvyNdO.exe
  C:\Windows\System\YdvyNdO.exe
  2⤵
  PID:9264
- C:\Windows\System\bijntnm.exe
  C:\Windows\System\bijntnm.exe
  2⤵
  PID:9228
- C:\Windows\System\eqtfyVl.exe
  C:\Windows\System\eqtfyVl.exe
  2⤵
  PID:9388
- C:\Windows\System\upUBfNi.exe
  C:\Windows\System\upUBfNi.exe
  2⤵
  PID:9420
- C:\Windows\System\VycHKRp.exe
  C:\Windows\System\VycHKRp.exe
  2⤵
  PID:9492
- C:\Windows\System\JoOmskB.exe
  C:\Windows\System\JoOmskB.exe
  2⤵
  PID:9532
- C:\Windows\System\qpERsQv.exe
  C:\Windows\System\qpERsQv.exe
  2⤵
  PID:9512
- C:\Windows\System\PJTqlGZ.exe
  C:\Windows\System\PJTqlGZ.exe
  2⤵
  PID:9548
- C:\Windows\System\fqfTwdU.exe
  C:\Windows\System\fqfTwdU.exe
  2⤵
  PID:9588
- C:\Windows\System\bToWrHq.exe
  C:\Windows\System\bToWrHq.exe
  2⤵
  PID:9624
- C:\Windows\System\rgXMkZG.exe
  C:\Windows\System\rgXMkZG.exe
  2⤵
  PID:9692
- C:\Windows\System\ywDXaDF.exe
  C:\Windows\System\ywDXaDF.exe
  2⤵
  PID:9680
- C:\Windows\System\XcBqGwS.exe
  C:\Windows\System\XcBqGwS.exe
  2⤵
  PID:9740
- C:\Windows\System\rwkFDTL.exe
  C:\Windows\System\rwkFDTL.exe
  2⤵
  PID:9780
- C:\Windows\System\TXxAnmJ.exe
  C:\Windows\System\TXxAnmJ.exe
  2⤵
  PID:9800
- C:\Windows\System\hAvOdJs.exe
  C:\Windows\System\hAvOdJs.exe
  2⤵
  PID:9824
- C:\Windows\System\WtYbkHh.exe
  C:\Windows\System\WtYbkHh.exe
  2⤵
  PID:9860
- C:\Windows\System\ivDzSfk.exe
  C:\Windows\System\ivDzSfk.exe
  2⤵
  PID:9884
- C:\Windows\System\YSEwDRW.exe
  C:\Windows\System\YSEwDRW.exe
  2⤵
  PID:9932
- C:\Windows\System\poGXKwG.exe
  C:\Windows\System\poGXKwG.exe
  2⤵
  PID:9972
- C:\Windows\System\uVoMmlx.exe
  C:\Windows\System\uVoMmlx.exe
  2⤵
  PID:9992
- C:\Windows\System\qqLAAhg.exe
  C:\Windows\System\qqLAAhg.exe
  2⤵
  PID:10092
- C:\Windows\System\zAoqXTM.exe
  C:\Windows\System\zAoqXTM.exe
  2⤵
  PID:10000
- C:\Windows\System\kScbzUj.exe
  C:\Windows\System\kScbzUj.exe
  2⤵
  PID:10136
- C:\Windows\System\zArFreB.exe
  C:\Windows\System\zArFreB.exe
  2⤵
  PID:10040
- C:\Windows\System\bkQjxRz.exe
  C:\Windows\System\bkQjxRz.exe
  2⤵
  PID:10168
- C:\Windows\System\MBULHhS.exe
  C:\Windows\System\MBULHhS.exe
  2⤵
  PID:10152
- C:\Windows\System\GfoDjkn.exe
  C:\Windows\System\GfoDjkn.exe
  2⤵
  PID:9364
- C:\Windows\System\kkGmAKJ.exe
  C:\Windows\System\kkGmAKJ.exe
  2⤵
  PID:9308
- C:\Windows\System\RRsKLgA.exe
  C:\Windows\System\RRsKLgA.exe
  2⤵
  PID:9296
- C:\Windows\System\qRRoHEj.exe
  C:\Windows\System\qRRoHEj.exe
  2⤵
  PID:10184
- C:\Windows\System\tZpslRq.exe
  C:\Windows\System\tZpslRq.exe
  2⤵
  PID:9400
- C:\Windows\System\MjgbPcb.exe
  C:\Windows\System\MjgbPcb.exe
  2⤵
  PID:9416
- C:\Windows\System\zlaFmAb.exe
  C:\Windows\System\zlaFmAb.exe
  2⤵
  PID:9568
- C:\Windows\System\xmkwOoa.exe
  C:\Windows\System\xmkwOoa.exe
  2⤵
  PID:9472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CPWuKBD.exe

Filesize
6.0MB

MD5
243436fa4f8ed02e7e7a171422962298

SHA1
31b641d94a60c7f77c5b4c29ff780800ecda9f66

SHA256
5b13e7761801b6cd635d7b8bf79a794ff8eeecc56ba5c4909c714604308a0196

SHA512
208f9ab087f5310766b8de393cec722674aabfd257842e18b04b158f0a169b9a2d2af10609975de33507ec171b878b1f5eb87110cff303c68fd4f31ab6733a61

Download Submit
C:\Windows\system\JGahdjJ.exe

Filesize
6.0MB

MD5
a3d0c8cdd421bad191b8752c59856caa

SHA1
ed67b862fab2a9354b6160ea46ddd17de87e30ea

SHA256
a28b40c0c0ec11cce0022a44c72d14d6fbe8a88ed9cbc1bd41bb81f8f84e7f5e

SHA512
8a65417eb2e943dc07ba790a07ce749e6b43310b9f1182e72b947bfe03fed1d044398c065a94a8b418d401a4806d5572d16d2cef58b9be221d05342bea23e836

Download Submit
C:\Windows\system\MGzAkFQ.exe

Filesize
6.0MB

MD5
220bd5dea8f052215e0eff53953bf6d4

SHA1
eaf672d2a0c5679f937c0f3ed0ecf930112056b3

SHA256
ba406f5919911667cc2a6bf191c0657cbe58681e4b911ed9a89845d5ffe651c9

SHA512
42485721c2b0cc452c609365cd9bbe31a19748fcdf973bbbd6ae75c1a28daa6b66633f592123685badc815a7a502259c0260be4af82c9def2c6df39f2ef78a47

Download Submit
C:\Windows\system\Qoseorm.exe

Filesize
6.0MB

MD5
e4e38db802d57bbf156aeb6f201b191c

SHA1
cad28438a24ba6cde73cc3082ba44344ac56651d

SHA256
f0fc51b4ad7725cc7fa7ad0e2ffadee531a24bc388456618f5611fe49a748a3d

SHA512
813d69ffdf632dd3a65148480f63955b81f93d01226d13ed0f404a596e5cbd6dbe0074665fbda0a3258660d1c6ae701e5a524511ec88dd90def5e393de6823ec

Download Submit
C:\Windows\system\RPTyPkd.exe

Filesize
6.0MB

MD5
292bf369fab4131e291d46c2d29bfacf

SHA1
02441083f99376dbe7e9468baa89bc45a4fe8d22

SHA256
318c287b0ada32c60a7bad02d8cb9552364107470b223beb9a8a5adf3a674cbb

SHA512
9e3b840947c0f1bcb2c4d6e62a27155f854c102aaac04fe01fe12204c0ac46eb5d9938be0ddf64cb0346e95775c309d7bf43bac5b20e2a9dd72e1775e2ff6697

Download Submit
C:\Windows\system\Rjnruhf.exe

Filesize
6.0MB

MD5
75ef8531e8bd804c4ee01bd98557133c

SHA1
8b102e87ca122c620dc07e702ef8757b52c97ee9

SHA256
64e5c473d73861a1340aad784b4677f074775f0388627d908b7c121e75231442

SHA512
6c55ffe8cb8a7784730b81df72215100348e6478e8aeb291ed35c42f7a1006349d96c3050ccb9dc310529617a3245821ad72a928f99054bb1e6e9786954b737e

Download Submit
C:\Windows\system\TAwzdUI.exe

Filesize
6.0MB

MD5
d28379df6b00433182460a16397b1b61

SHA1
e22fd399cf89a093150ecb064bf593da29dd161e

SHA256
78dcb1b8f426015793cce86015a52e6358989407155fcad3afbc8a24e46b3d9b

SHA512
a01b2f978c0e6fbf2293d573aef6ce5ca8f894d0630b8fcd2836f08f572500dbe907dc6e3d8cfb207b1a7aa1125351bf1fc9e4b501be1e3c7ea68b8941eeafbd

Download Submit
C:\Windows\system\VhDkMwC.exe

Filesize
6.0MB

MD5
55fc01c073ec95efe546fd708eda12f5

SHA1
7108a7faa59ff64c3552b20dbd082af84d2ab76f

SHA256
80e9a3a19337c731ff35635a86fcd072a64f9b1d5c6fcafa09a8252d75ecb25f

SHA512
317f7e80a30348a4f4aa5aeb2e4ba93faaf07934c817be008d3fdf1afa72d627f325261857e120c6b105b5ca3664414d622010fe78e13e9ca169900530091840

Download Submit
C:\Windows\system\WBIbgrp.exe

Filesize
6.0MB

MD5
4b31b5b878bf5763f3ead39ff43b882d

SHA1
a9a95cc97bafb25053228aeccf4ef22bb198b742

SHA256
61f384c1871285e96849f5e7951210611a4c0571b09f86ae6ca469892c9c0079

SHA512
a0aa9b058396228d68bb1aba94cc3957f4044af3d0e89ad0b85d7b21be09666f9fe2d0ccc6cfa8ced3cc768e1483e68ddb40ec18901518b4f218af6789b3718f

Download Submit
C:\Windows\system\XWzpFSp.exe

Filesize
6.0MB

MD5
df5c119e588ba76c3191300de944ee86

SHA1
79c567da6425a725d6bd8ba7a8f645943dfd563f

SHA256
76cb4b821a31b8796cb2d0ebee814d58eb0471a42f02db8359a46f32d0eb7016

SHA512
66876f7b1a5b6d1a11d29b6a20d1bcf976041e803cddaf39472d2dd06f387a335c6b13247e2f3e47da23da4457c5377b259f1f2512b64c6fe84fb7d5328074c5

Download Submit
C:\Windows\system\YquvocU.exe

Filesize
6.0MB

MD5
cf030689733802e4399b99052068928c

SHA1
95acea5b1d8c4257f284b18b3bb8673edf09a7ae

SHA256
09a699da9d211868f7c6c60802e16943e675ca155b3387bae7a39f45c83dee64

SHA512
70d7b57d8f79e7fb6129ae85ed2c95768b3d998892c90e81c44967550d90cb7a186dd7043ca03653c58fb88d7fbad168165eceb54d80a61d7b51e2a6b39959d7

Download Submit
C:\Windows\system\ZGEPzqe.exe

Filesize
6.0MB

MD5
3b06757c4d252ead684e1fd72b2f54c4

SHA1
6a389b23389ad32ea87f2717f6a9061e5766b7eb

SHA256
a1834f3a97d44c476d2a4e7571a1424cb87e9be84a450ead0cb6f2abe5aaa391

SHA512
9e3176550c2eafab5602f7678e10234dac82b7ab1e15f2fc013d27d2e036d2ec615ef8e4b3467b0dbc72646d66555e79e90caae5b696d8e70402fd312caf444a

Download Submit
C:\Windows\system\aAHhgES.exe

Filesize
8B

MD5
9920045222b50c89d75563658bf0f266

SHA1
1f2cb8a9a32725254cd9765d731ea91ac586fcd7

SHA256
d238157f2403a3ef3612de235537440e1c579ba34b4b8a85d0e36dd232f16cee

SHA512
acbfe5412b69f5c5dbe7c8f9f14122eeaa64cee2dec2fddfc64c1745ca8ac7063bc07ff2e2d7845bbca813e637b54b41ccc8bf0e20179937b5d993c7dbfaa092

Download Submit
C:\Windows\system\avaThiI.exe

Filesize
6.0MB

MD5
3dc4d35c396920737b5e650fc311f88a

SHA1
9404cc6dc78b069dc888d4285b1a71dd1524dca8

SHA256
6b4169574d16a7c052f5a09c5cfae528b81f752555d524c69d28001e2885a630

SHA512
bf8470dd8f1e47c7e3b880c4d50fa3fcc4d41d6b94b444c4491685abbc2d825ca88e19b875108fdb66d513d7e1cd76971ce849d89e37d500845471ea0c540714

Download Submit
C:\Windows\system\aysTmCM.exe

Filesize
6.0MB

MD5
8780e62773eef06ca88dd0f4aca9cb78

SHA1
fbc5ccb8829f0e39adb7f65f68c0a2b06460c7fa

SHA256
a60c1b004ebcf56be97d3b51fa993353bfdede4b1f0e8bed1cc6f7bb60410d56

SHA512
0317926c23251ac351236fdbea50717d128179b28f10596d6e57ece34a5988abfc60251fede78bb08bc581c26cf21ed9e84dc72a4bb400a044cb9b65496891b4

Download Submit
C:\Windows\system\cHnSnlZ.exe

Filesize
6.0MB

MD5
3e8da9e92d633c3560cf9aed740e148b

SHA1
20c0acd866a0a006d91bfbe2b1f16375b7228787

SHA256
a2fd244bcd2b5ae214a2205a93de4e830935effb440b7310cf65de5818f0bc4c

SHA512
16974834076b324f9e03b7d07b88312b97e6a6f581dc69fbcd4e7bcf896b336099f47aa15aad88bbc0d6f02265ce40ed6de861af9ac966c0ee0192415e877084

Download Submit
C:\Windows\system\cOPTQWM.exe

Filesize
6.0MB

MD5
5af1fabe10520ce077bbe4edb8987868

SHA1
c6064caea7af1495b2ff78d9f6822ec34828d50a

SHA256
b08e5e43d335fceea338a11ac3b3c063d3cf6b8033baf8df78ece24b4c060161

SHA512
b5e99f270fc0eb80dfe85246e1e6f28522b3a50e34c6cb83bb946aa10ce91af38c509f01474ccbdf52659ca1eec873bb12905b28f57738d88144ffadf3dac707

Download Submit
C:\Windows\system\cXgmeCf.exe

Filesize
6.0MB

MD5
ff39d3dcc5658c2076cf56a95ffae467

SHA1
d67352e0dad390108138fafcfeff76b900d02e7c

SHA256
e9e4b2f5ba762106d21899f73568e376704378061a8bd94d6798cf8bfbc539c9

SHA512
e82b29814b4ce6cebdcc1e553ba1b5049c83fdac74060ab6cef698c955ae378b8ddd8e5ff4d9c96b161a8a77e4737848b321e9a9c99eb3032d87e030ad2d87e6

Download Submit
C:\Windows\system\dBUmLoS.exe

Filesize
6.0MB

MD5
ec7f5820ffcb6368405e11e65481eca0

SHA1
6565eb551ab6227cf9b7f4727715f35e67ce8919

SHA256
7732dbcb7f0183c84a6f6f9301da07bcb562a99b53cd46b710e237b84b83c51b

SHA512
6d642b789347a4fb3b9ddc132e0da311b0fd8a25c4edb9ed4b8fcffdf15b70f399c69cc971a2cbf0500704d06160ace068270abe05568e11611a942f11ccb4a9

Download Submit
C:\Windows\system\eERLudw.exe

Filesize
6.0MB

MD5
e1661ce6892ce85b81c94a651c75b2b2

SHA1
b9e5926ab70fdaaa5da9468265aab4796b82a480

SHA256
fa867208e0d9e195f9c7eb41f44f76bde0d928e17dbfb7ce9715b06313263674

SHA512
e7b645c9568d920eedc1122119df35c22f0bd75353dc8b4a36c3fe33c950f161ee9f389618348cd55ecbf4126d33853867e9da24f1c8ac78abc853c48ee7b476

Download Submit
C:\Windows\system\fGqnZxo.exe

Filesize
6.0MB

MD5
1600030930190ce74cb6d8741ec77e99

SHA1
0d8d6cfb9fd3dd165ed55565397423bc3bc1ef1f

SHA256
d72f3010e421f0f437f5666b07d2ec03dc46ebc2ce02f6878a272de3fa37ac34

SHA512
228f37ecff2b681a8c356a95e0affb1ec9bdb39636950263fffcf55cb40d1f9db969e4c922792adeef13b2358b501e298306ea52b7a921946c50a063a204d29e

Download Submit
C:\Windows\system\fLNGUBA.exe

Filesize
6.0MB

MD5
56433d1fcde31f34a281f60de4e49620

SHA1
b1496545c2c20e497c066332124f5f577d6b113d

SHA256
3d0bc0bd468ffc61bfa06127c2cfffccb1545ab1f2dd3073e82cb704dfaece7c

SHA512
8df18946e6db618fded793c2aa02547560d528b96c6f8133984ed38bf2acb503719aff67b733945d130878dc57ec65d52cf2462ef7a4a2cf58c3bd9ae446cb5a

Download Submit
C:\Windows\system\fMXfXcP.exe

Filesize
6.0MB

MD5
267a19423eba28f710abd92dcc6e6b52

SHA1
68a13b9bc333d42039500bc99506f620241fd96e

SHA256
e096de7f4cc679a69fb5fdbaf9044f13cf4b1509a3a45b027b8ce3bebdd4c169

SHA512
c3d685fe75611d7c840c75a0bcd4934d089c099389f40be955868e547fcb162d5d65a866be9913523757009e53be810fe01c0a6667d34ec4307087502bbbfdba

Download Submit
C:\Windows\system\mxheomB.exe

Filesize
6.0MB

MD5
3b5b291921bdca89ec51ec9001211988

SHA1
1d9501c776f37cdb8bb35f328ed5b1427cece939

SHA256
54f95d96773523c6e5045117532b3166ad77913bc015df9cc4749ec60411d36d

SHA512
ee8d2624f7c1ccb149bdc1e0577e1543ebc05e1b5c9c3a40b90c5aa08c1a38e3042bde5a0e188a2ba576618f267ab73e9ca697f6fe36ab10ed61862b08d91590

Download Submit
C:\Windows\system\nJPPJMJ.exe

Filesize
6.0MB

MD5
0a12f9603a9325d852c4be7ae903f905

SHA1
308e860fdae381d7933af5c695bd6f85b7aa31cc

SHA256
2402625bccc5952acf54f9b0255bba84dbcc8292444fd601c962c043ffb7b6f4

SHA512
60caa2bae0eaca60a6a4b3c4d4c5d36bf9927ca7cd7973400c4e9014bc4b08b3edee8b1e08f18691152262f065adad63232780498039af6956ab2fc9bda5e83f

Download Submit
C:\Windows\system\noEcLkf.exe

Filesize
6.0MB

MD5
5bf1fa0e685307ec4642cad3d456070c

SHA1
741c3a8e300c91a7aa4cb1c654998717d018641e

SHA256
a200458d035493d8d6bc543732ed92ba70e29b796f06833ee664baa7e2481fbd

SHA512
8ed2d2447390f19f11bb1311592520d814b6f773d47d731d359fb3c497cc72be6fad9cc277437266c8525f022b9bcfaedf6d742f20b541ec37c5910b57191571

Download Submit
C:\Windows\system\rYoREgO.exe

Filesize
6.0MB

MD5
119b14a034ba900ea393e4f1ce3cc481

SHA1
aeb25590f9b3291da10da4fcea8694b727fde392

SHA256
a45fdedf35614d5805398c918e64a7426ca9507de2c183d04c415e135e29c37c

SHA512
2a5eeadef7bbf7458b8d38f2a82bb96b39b24373e587c67008e05fecf7e96091259a55d695ae086ed0eebc5c6c794d6e84dc7d649929c4ea4d68bbdbd993f4dc

Download Submit
C:\Windows\system\tWfeZKu.exe

Filesize
6.0MB

MD5
85a25acd5cae9825b2fff6359cb2194f

SHA1
6695a46b242149f5c4eecf87e394ab2a582e1789

SHA256
e2f3ff0a3af1569f0b6e54aec9f7dcd9b3e9badc4d3a30174cbaccedea5457ef

SHA512
633966b9f21537d3802d4933a439dd0e57ec5e7eef028f55413b963a541778eac96543f561d65e0d1be7d8dfc9b87e0a424dd4130d25d4d139e9fce4ef743bb4

Download Submit
C:\Windows\system\ydBZcjT.exe

Filesize
6.0MB

MD5
28349e5e06b21c2cce7195d1e4294a83

SHA1
0031c7281caa6a269d5645b8505d58e816995203

SHA256
39bbce735ff63f60375657d1ba44f97f9d17d1c14b78595227baa648d6e22ca9

SHA512
b0ee9ceb7102431de7aa7bd7516b159b5ca2f58ef98698aeb4cb9fc3aa67c640835f050b2054924b077f24bba9a1489a0086f16fa450e63ef9db50f3e9651552

Download Submit
\Windows\system\TtkHZnE.exe

Filesize
6.0MB

MD5
6ff6200cdd2d2d6e36a67a10dfec77f2

SHA1
10878bc5696557defe7bca32c720861570f9b61b

SHA256
58cf7dc11cfd168162a5fcf57e1d14ad36be6918d6c9f37e51610fae3bb48dd2

SHA512
b84c0561853b3f99562abbf6708b0cf476f64e8c05745b3f4ace854ac82247f079775d860de07fb247ed127c89a07b7f87060250bab8323fcbabbec85266e515

Download Submit
\Windows\system\ewzWMlh.exe

Filesize
6.0MB

MD5
8a57696c88f5315754495d1539fb673c

SHA1
91beeb29c934153bda7fc839e9102b5fa042c154

SHA256
86b903977a0c390efc8e1ce16fc902cbad87c7c82e443c3089b7af996b304098

SHA512
f58b78952deed9f38cae0197923fb836b5f3b1dde91c653e1aa3380d937188e83eb6476552c9623a47c434719f0aebf88bcdb855a1adba41eefab83fe7f89224

Download Submit
\Windows\system\tbLWqRe.exe

Filesize
6.0MB

MD5
fafcc54476eb13fdaae0518535c59cd2

SHA1
305e17b8e46d294e1cd9ffb26138444a1af6d77d

SHA256
cb004870bfbe06ec51f6c2def82b31d97d37d3755891761597c75bf7547e8caf

SHA512
25ef99576cd158500e9865900eedd9b1876eaca2c5900d4c35c88f5a0d6446cd1cb96acc0e8d6d547f816c36a87920a5a8a1748eb294d891288ea52534a9e605

Download Submit
\Windows\system\wrpkFHH.exe

Filesize
6.0MB

MD5
d55fd7ed926f55ebe19b1645ef827cbc

SHA1
ae47a1b90679475a20c55716f07351fd9f4c6c48

SHA256
992ca65c50d1dc3a9414f39de8062ad538a2af59d6aa1f97072b78e6b50ce128

SHA512
8f8ccd7eb8b4846099858bb9e2b43d021e5ab0cbf687260bb8fd699a66e1544eca4cd5bdacf7c3aa746aaa6b3c68441c1c234b44a2db3d8b2ff987ee1a773dc8

Download Submit
memory/1524-770-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/1524-81-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/1524-3758-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/1904-87-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/1904-3696-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/1904-946-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2100-20-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-53-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2100-35-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2100-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2100-1048-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2100-879-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2100-8-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-13-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2100-91-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2100-90-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-25-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2100-84-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2100-83-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2100-664-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2100-77-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2100-76-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2100-70-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2100-69-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-29-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-0-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2100-59-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-41-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-47-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2100-466-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2284-3618-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-15-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-16-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2436-3611-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2500-3703-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-561-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-3701-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-74-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-50-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2540-3702-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3704-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2624-56-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2624-27-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2656-3707-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-45-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-3783-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-33-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-3747-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2696-66-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3708-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2696-385-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2840-3699-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-38-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-3698-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download